FND故障排除工具
简介
本文档介绍如何使用作为Field Network Director(FND)部署一部分提供的故障排除工具。FND解决方案范围广泛,包含多种不同的技术和专业化认证。因此,有许多脚本和命令行工具可帮助验证特定情况下的行为或诊断复杂问题。
作者:思科TAC工程师Ryan Bowman。
先决条件
要求
思科建议您拥有具有注册的头端路由器(HER)、现场区域路由器和互联电网终端(CGE)的完全可操作的生产或实验室环境。 要使用getStats.sh验证CoAP简单管理协议(CSMP)统计信息,您必须至少有一个CGE生成CSMP流量。
要利用/opt/cgms-tools/目录中的文件,必须在应用程序服务器上安装cgms-tools RPM软件包。
使用的组件
本文档中的信息都是使用FND 3.0.1-36版收集的,所有Linux服务器都安装在运行RHEL 6.5的虚拟机上。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
命令行工具
此部分介绍CLI实用程序,这些实用程序可作为cgms和cgms-tools包的一部分。cgms RPM的默认安装路径为/opt/cgms/,而cgms-tools的默认安装路径为/opt/cgms-tools/。
setupCgms.sh(/opt/cgms/bin/setupCgms.sh):
首次安装FND后,应运行此脚本以配置必要的应用变量。一旦开始生产,您仍可以使用此实用程序更改关键配置参数。在执行此脚本之前,必须停止cgms服务,导航到/opt/cgms/bin/目录并执行。/setupCgms命令。
[root@fnd bin]#./setupCgms.sh Are you sure you want to setup IoT-FND (y/n)? n Do you wish to configure another database server for this IoT-FND ? (y/n)? n Do you want to change the database password (y/n)? n Do you want to change the keystore password (y/n)? n Do you want to change the web application 'root' user password (y/n)? n Do you want to change the FTP settings (y/n)? n Do you want to change router CGDM protocol settings (y/n)? n Do you want to change log file settings)? (y/n)? n
getstats.sh(/opt/cgms/bin/getstats.sh):
此脚本旨在在应用程序启动并运行时执行。当您使用负载均衡集群和主用/备用数据库对分析性能时,它非常有用。每个性能指标都超出本文的范围,但以下是运行脚本时的输出示例。
排除集群中的FND部署故障时,请在每台服务器上执行此脚本,以验证负载均衡是否正常工作。如果其中一个应用服务器的CSMP处理速率比其他服务器高得多,则负载均衡可能未正确配置。此外,分析此输出时,如果看到队列大小增加,您就会知道某处存在瓶颈过程。
[root@fnd bin]# ./getstats.sh Current Time: 2017-03-08 01:06 ============ events statistics ============== ElapsedTimePrepareForRules (ms):...........................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeBatchCommit (ms):...............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Events request rate:.......................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeSendToSyslog (ms):..............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Batch Commit Size :........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ metric statistics ============== ElapsedTimePersistBatch (ms):..............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimePersistNetElementMetrics (ms):..................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeBatchCommit (ms):...............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Incoming message rate to Metric Server:....................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeFindCurrentMetric (ms):.........................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimefindCurrentMetricsForNetObject (ms):............................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] sendMetricEvents:..........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimePersistNetElementMetric (ms):...................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeAddMetricWithoutPropagation (ms):...............................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Rate of message drop at the metric server:.................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Batch Commit Size :........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeAddMetricsInBulkWithoutPropagation (ms):........................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ issues statistics ============== Issues Incoming Rate:......................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] UpdateEventAndIssues (ms):.................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeBatchCommit (ms):...............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Batch Commit Size :........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Issues Processing Rate:....................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ label statistics ============== Label drop rate:...........................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimePersistBatch (ms):..............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Label processing rate:.....................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeBatchCommit (ms):...............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Label request rate:........................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Batch Commit Size :........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ csmp statistics ============== csmpConNotificationRate:...................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpNonNotificationRate:...................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpNonQueueSize:..........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpNotificationRate:......................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpDropRate:..............................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpProcessingRate:........................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpConQueueSize:..........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ database connection pool statistics ============== dbConFlushCount:...........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ActiveCount:...............................................................[ val: 13 ] InUseCount:................................................................[ val: 7 ] AvailableCount:............................................................[ val: 243 ] CreatedCount:..............................................................[ val: 13 ] DestroyedCount:............................................................[ val: 0 ]
keytool(/opt/cgms/jre/bin/keytool):
FND安装附带Java,这一点非常重要。您需要使用keytool实用程序来创建和管理cgms_keystore,该密钥库必须在FND和隧道调配服务器(TPS)上进行适当配置。
在某些环境中,服务器已安装了Java,并且keytool命令将通过$PATH环境变量可供任何用户使用。如果使用keytool命令并发现此错误,则还有另一个解决方案可供您使用:
[root@fnd]# keytool -bash: keytool: command not found
您可以导航到/opt/cgms/jre/bin/目录并调用此目录中的keytool实用程序,例如:
[root@fnd ~]# keytool -v -list -keystore /opt/cgms/server/cgms/conf/cgms_keystore -bash: keytool: command not found [root@fnd ~]# cd /opt/cgms/jre/bin/ [root@fnd bin]# ./keytool -v -list -keystore /opt/cgms/server/cgms/conf/cgms_keystore Enter keystore password:
cgdm-client.sh(/opt/cgms-tools/bin/cgdm-client.sh):
FND使用Netconf over HTTPS以访问现场区域路由器(FAR)并与之通信。 Netconf使用XML格式的消息来提供一种服务,该服务不仅可靠可靠,而且可以很容易地分解并发送到数据库。有一个名为cgdm-client的CLI工具,它将打开到您选择的FAR的手动Connected Grid设备管理器(CGDM)会话,执行远程命令,并发送从FAR收到的XML,以响应FAR,在BASH中启动。
如果您执行脚本时没有选项,将显示使用指南:
[root@fnd bin]# ./cgdm-client ERROR: Please specify an IP address and a command usage: cgdm-client <cgr ip address> <cgdm CLI command> -c <arg> Conf and keystore directory path, default = /opt/cgms/server/cgms/conf -v Verbose mode
例如,假设您要验证在管理IP(.csv文件中的“IP”值)为192.0.2.1的路由器中,时间是否完全同步。从FND应用服务器上的终端会话,可以使用show clock命令查询CGR上的时间:
[root@fnd bin]# ./cgdm-client 192.0.2.1 show clock <?xml version="1.0" encoding="ISO-8859-1"?> <nf:rpc-reply xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="http://www.cisco.com/nxos:1.0" message-id="1"> <nf:data>15:44:58.092 CST Mon Mar 13 2017 </nf:data> </nf:rpc-reply>
或者,您可以在命令中使用“v”标志指定详细输出。请注意,详细输出来自Java和Cisco软件进程和语法。您不会在此输出中看到任何其他网络或设备信息:
[root@fnd bin]# ./cgdm-client -v 192.0.2.1 show clock < output omitted >
csmp-request.sh(/opt/cgms-tools/bin/csmp-request.sh):
除了cgdm-client FAR工具外,还有一个终端工具,称为csmp-request。与cgdm-client 脚本类似,此脚本也允许您使用CSMP从CGE查询信息。您只需指定网状终端的IPv6地址和在设备上查询的TLV(类型长度值)。TLV代码的完整列表在本文中已超出范围,但下面将显示一些众所周知的示例。脚本的语法为:
./csmp-request -r [] TLV-Value
1.在带IP 2001:db8::1/32的仪表上查询CGE固件版本
[root@fnd bin]# ./csmp-request -r [2001:db8:0:0:0:0:0:1] 75
2.使用IP 2001:db8::1/32在仪表上查询正常运行时间
[root@fnd bin]# ./csmp-request -r [2001:db8:0:0:0:0:0:1] 22
signature-tool(/opt/cgms-tools/bin/signature-tool):
签名工具是Java实用程序,它允许您加密明文密码、解密加密密码或字符串并以明文形式打印SSM_CSMP证书。此工具应用于为.csv文件生成加密密码字符串,以便它们不包含明文形式的管理员密码。
要查看命令语法,请执行不带选项的脚本:
[root@fnd bin]# ./signature-tool usage: signature-tool print signature-tool export <binary|base64> <filename> signature-tool decrypt <keystore> <filename> signature-tool encrypt <keystore> <filename>
要打印SSM_CSMP证书,请使用:
[root@fnd bin]# ./signature-tool print
要加密明文管理员密码,请执行以下操作:
- 导航至/opt/cgms-tools/bin目录:
[root@fnd ~]# cd /opt/cgms-tools/bin [root@fnd bin]# pwd /opt/cgms-tools/bin
-
创建新文本文件,该文件仅包含明文中的相关字符串/密码:
-
[root@fnd bin]# echo AdminPassword > clear-text-password.txt [root@fnd bin]# cat clear-text-password.txt AdminPassword
- 使用“encrypt”选项执行签名工具脚本,并指定cgms_keystore文件的确切路径以及您刚创建的文件中包含明文密码的文件的名称。当系统提示输入别名时,使用“cgms”作为FND应用程序使用具有“cgms”别名的cgms_keystore文件中的证书,以向CA进行身份验证:
[root@fnd bin]# ./signature-tool encrypt /opt/cgms/server/cgms/conf/cgms_keystore clear-text-password.txt Enter alias: cgms Enter password: pXHcF+YxyoJarz4YAqvFVMrLT2I//caHLddiJfrb7k65RmceIJUNlDd2dUPhGyGZTeEfz8beh8tWSGZ4lc66rhAQ9mYNaw2XSPaL8psoK+U0wzHgY068tnc7q17t05CZ5HQh8tWSGZ4lc66rhAQ9mOivj1B3XRKFmkpSXo4ZubeKRJ4NNaGAKFV8cjBJQDWsh7NAXL3x5D62/7w4Mhmftf2XiGlqeWlc66rhAQF+YxyoJarz4YAqvFVMrLT2I//caHLIDYoKoeTVB2SLQXtSZR+dwxYjQsE0hCmBpHv0lDD/l4gg==
要解密加密字符串,请执行以下操作:
- 使用加密字符串在/opt/cgms-tools/bin/目录中创建新的.txt文件:
[root@fnd bin]# echo pXHcF+YxyoJarz4YAqvFVMrLT2I//caHLddiJfrb7k65RmceIJUNlDd2dUPhGyGZTeEfz8beh8tWSGZ4lc66rhAQ9mYNaw2XSPaL8psoK+U0wzHgY068tnc7q17t05CZ5HQh8tWSGZ4lc66rhAQ9mOivj1B3XRKFmkpSXo4ZubeKRJ4NNaGAKFV8cjBJQDWsh7NAXL3x5D62/7w4Mhmftf2XiGlqeWlc66rhAQF+YxyoJarz4YAqvFVMrLT2I//caHLIDYoKoeTVB2SLQXtSZR+dwxYjQsE0hCmBpHv0lDD/l4gg== > encrypted-password.txt
2.使用decrypt选项执行签名工具,并再次指定密钥库文件的确切路径以及.txt文件的名称,该文件中存储了加密密码。
[root@fnd bin]# ./signature-tool decrypt /opt/cgms/server/cgms/conf/cgms_keystore encrypted-password.txt Enter alias: cgms Enter password: AdminPassword
数据库工具
与强健的命令行工具/实用程序集一样,FND包含一组基于GUI的工具,这些工具可以帮助您分析和诊断数据库故障。要访问数据库工具,请登录FND部署的主仪表板,然后将/pages/diag/db.seam粘贴到URL的.com部分后。
此区域有三个选项卡:数据库查询、数据库信息和日志查看器。如果单击“查询”按钮右侧的“显示所有表”,则“数据库查询”选项卡将允许您运行自定义查询,并提供所有表的列表。例如,要查看所有设备接口的第1层和第2层状态,请在SQL查询框中键入SELECT * FROM NET_INTERFACES,然后单击“查询”按钮。您将获得所有HER和FAR接口、其MAC地址、每个接口的管理层1状态和第2层链路状态的列表。
如果要验证数据库连接设置,请单击db.seam页面的“数据库信息”选项卡。在此,您将具有对许多数据库变量的只读访问权限,如连接URL、数据库用户名、Oracle版本、端口号、SID和每个表的大小。此页还列出了闪存恢复区(FRA)信息,例如存储在FRA上的每种文件类型所占用的空间以及可回收的空间。
反馈