用于解决PE-PC连接问题的有用命令

  • 2020年7月1日
  • 0回答
  • 4027的浏览量
AnishWalia20
排名
Userlevel 6
徽章 +5

解决pe-pc连接问题的有用命令

我们有很多场景,你可能会看到与PE-PC连接失败相关的警报。这通常发生在PE和PC集群之间的网络连接由于任何原因中断时,例如PC虚拟机重启,PC集群升级,网络问题,HTTP代理问题(不正确的代理白名单)和端口问题等。

第一,PE什么时候发出PE- pc连通性告警:

1)在AOS 5.10中,当PE-PC连接中断至少6分钟时,警报就会被触发。(Prios to AOS 5.10 alert在2分钟的单个实例中产生)

有时,如果连通性良好且不存在上述原因,PE-PC连通性检查Prism上甚至会出现红心。

在这种情况下,如果你确认没有潜在的PE-PC连接问题,手动重置检查.如下面所示,在“运行状况”页面单击此检查,将该检查关闭并将其重新打开。

为了解决一些PE-PC连接问题,下面是一组常见的场景和有用的命令,应该在受影响的PE集群的CVM和PC集群的PC- vm上运行:

1)港口问题:为了验证端口连接是否良好,请检查PC上的9440端口是否打开:

nutanix@CVM$ nc  9440 -v

Ncat: 7.50版本(https://nmap.org/ncat)
连接到x.x.x.x:9440。

输出应该类似于上面的内容。如果端口问题仍然存在,您应该打开端口9440在个人电脑上。

2) HTTP代理问题在很多场景中,当PE或PC集群的环境中配置了http代理,但是PE和PC集群上没有正确添加代理白名单,这可能会导致PE和PC之间的连接问题。

当PE和PC上设置了代理时,必须完成以下操作:

  1. 在PE代理白名单中添加Prism Central IP
  2. 在“PC代理白名单”中添加“Prism Element IP”和所有cvm IP。

代理设置可以从Prism仪表板配置,也可以从nCLI像下面的

nutanix@cvm$ ncli http-proxy ls
nutanix@cvm$ ncli http-proxy get-白名单
nutanix@cvm$ ncli http-proxy add-to-白名单

3)远程连接问题:在PC上注册PE集群时,PE集群和PE集群之间会建立远程连接。有时,由于上述原因,我们可以观察远程连接问题,这可能导致PC被标记为“断开”在PE仪表盘和其他问题。

用于故障诊断的有用命令:

a)列出所有远程连接:

> PE CVM:

< >核remote_connection.list
名字UUID

>电脑CVM:

< >核remote_connection.list_all
名字UUID

b)获取多集群状态:PE集群和PC集群都需要执行此命令:

CVM$ ncli multicluster get-cluster-state

集群Id: 00056528-ea71-f155-60a7-6805ca7bf746
集群名称:IN-BLR-VDICLS1
Multicluster: false
控制器虚拟机IP地址…:[10.51.148.153、10.51.148.154 10.51.148.155、10.51.148.156 10.51.148.157,10.51.148.158,10.51.148.159,10.51.148.160,10.51.148.161,10.51.148.162,10.51.148.163,10.51.148.164,10.51.148.165,10.51.148.166,10.51.148.167,10.51.148.168,10.51.148.169,10.51.148.170,10.51.148.171,10.51.148.172,10.51.148.173]
外部IP地址:10.51.148.174
标记为移除:false
远程连接存在:true <---------应该是"true"

3) health_check远程连接:通过在PE和PC上可用的RCs上运行以下命令检查nucleus RC健康状态,以完全排除它是API v3连接问题:

< >核remote_connection。health_check < rc_name >



< >核remote_connection.health_check_all

以上也应该从PE和PC集群运行。

4)检查API响应:如果上述RC运行状况检查失败,那么我们应该检查API响应。一旦我们登录到PE,从相同的浏览器运行以下:

https:// < pe_ip >: 9440 / PrismGateway /服务/ rest / v1 / multicluster / cluster_external_state

如果API连接成功,响应将包含"可及”:真正的

[{“clusterUuid”:“7 aca431c - 9 - bc8 4 bd0 - 803 - 9——b49e550e942”、“clusterDetails”:{“clusterName”:“无名”、“ipaddress”:“10.5.222.90”,“multicluster”:真的,“用户名”:“00055 de7 - 3 - cc7 - 05 - fb - 0000 - 000000004433”,“密码”:“41119365494582941674608439812739”,“prcCluster”:假的,“可以”:真正的},“configDetails”:{" externalIp ": " "},“过滤器”:[],“clusterTimestampUsecs”: 0,“nosVersion”:空,“nosFullVersion”:空,“markedForRemoval”:假的,“remoteConnectionExists”:真正的}

如果API响应是"可及”:假那么PE和PC之间就会出现API连接问题。下一步是检查是否为PC配置了代理白名单可能需要

[{“clusterUuid”:“4 b7b1a77 c591 - 477 - 9501 - 37 - a39a4f8dfc”、“clusterDetails”:{“clusterName”:“无名”、“ipaddress”:“10.246.73.47”,“multicluster”:真的,“用户名”:“00056528 - ea71 f155 - 60 - a7 - 6805 ca7bf746”,“密码”:“65157945596046308979116553149711”,“prcCluster”:假的,“可以”:假},“configDetails”:{“externalIp ": " "},“过滤器”:[],”clusterTimestampUsecnosVersion“s”:0:空,“nosFullVersion”:空,“markedForRemoval remoteConnectionExists“:假的,真}):

为了进一步解决REST API问题,并查看需要检查哪些日志,这里有一篇关于此问题的文章https://next.nutanix.com/api-31/logs-to-check-for-rest-apis-and-apache-http-issues-37761

另一个关于PE-PC连接警报的惊人帖子https://next.nutanix.com/how-it-works-22/what-to-do-with-prism-element-prism-central-connectivity-alerts-37401

接下来是什么?

如果以上任何一种情况都不能解决这个问题,我们可能需要重新设置PE-PC的远程连接,或者在进行深入的故障排除和检查日志后,重新将PE注销并重新注册到PC上。对于这种情况,最好是使用Nutanix支持,并让技术专家从那里接管。

同KBs

1)6970-PE-PC连接失败告警

2)3379-cluster_connectivity_status检查

3)5356—代理白名单错误导致PC在PE dashboard上连接断开

西班牙辛格生活
USEFUL COMMANDS TO TROUBLESHOOT PE-PC CONNECTIVITY ISSUES<\/strong>

We have lots of scenarios where you might see alerts related related to PE-PC connection failure. This generally happens when network connectivity between PE and PC clusters are disrupted due to any reasons such as PC VM being rebooted, upgrading PC cluster , network issues, HTTP proxy issues(incorrect proxy whitelists) and port issues <\/em>etc.<\/p>

\u00a0<\/p>

Firstly, when does PE-PC connectivity alert is raised on PE:<\/h3>

\u00a0<\/p>

1)The alert is raised when PE-PC connectivity was disrupted for at least 6 minutes as of AOS\u00a05.10.(Prios to AOS 5.10 alert is generated at a single instance of 2 minutes)<\/p>

Sometimes, PE-PC connectivity checks shows red\u00a0heart on Prism even,\u00a0if the connectivity is fine and none of the above reasons are present.<\/p>

In this case i.e if you verify there are\u00a0no underlying PE-PC connectivity issue present, manually reset the check<\/strong>.\u00a0Turn the check OFF and Turn it back ON from the Health page by clicking on this check like this below.\u00a0<\/p>

\"//www.jhbzcj.com/next/prism-for-infra-and-it-ops-26/\"<\/figure>

\u00a0<\/p>

To troubleshoot some of the PE-PC connectivity issues below are a set of common scenarios and useful commands which should be run from CVM on affected PE cluster and PC-VM of the PC cluster:<\/p>

\u00a0<\/p>

1)Port issues<\/strong>: To verify port connection is fine check if port\u00a09440 is\u00a0open on PC:<\/p> 

nutanix@CVM$ nc <prism_central_ip_address> 9440 -v

Ncat: Version 7.50 ( https:\/\/nmap.org\/ncat )
Ncat: Connected to x.x.x.x:9440.<\/code><\/pre>  
The output should be\u00a0something like the above. If port issues persists you should open the port 9440<\/strong> on the PC.<\/p>  
\u00a0<\/p>  
2) HTTP proxy issues<\/strong>: In lots of scenarios we see this issue when http proxy is configured in the environment on PE or PC cluster but proxy whitelists are not added correctly on PE and PC clusters which could cause connection issues between PE and PC.<\/p>  
\u00a0<\/p>  
The following must be done when proxy setting is in place in PE and PC:<\/p>  
  1. Add Prism Central IP in PE proxy whitelist<\/li> \t
  2. Add Prism Element IP and all the CVMs IPs in PC Proxy whitelist.<\/li> <\/ol>
    The proxy settings can be configured from Prism dashboard or also from nCLI <\/strong>like below:<\/strong><\/p>  
    nutanix@cvm$ ncli http-proxy ls
    nutanix@cvm$ ncli http-proxy get-whitelist
    nutanix@cvm$ ncli http-proxy add-to-whitelist <\/code><\/pre>  
    \u00a0<\/p>  
    3)Remote connections issues<\/strong>: Whenever you register your PE cluster on PC, a remote connections is created between both of them. Sometimes, we can observer remote connections issues due to the above mentioned reasons which could lead to PC being marked \u201cdisconnected\u201d on PE dashboard and other issues.<\/p>  
    Useful commands to troubleshoot:<\/p>  
    a)List all remote connections:<\/strong><\/p>  
    > PE CVM:

    <nuclei> remote_connection.list
    Name UUID

    > PC CVM:

    <nuclei> remote_connection.list_all
    Name UUID<\/code><\/pre>  
    b) Get multicluster status:<\/strong> This command should be run from both PE cluster and PC cluster:<\/p>  
    CVM$ ncli multicluster get-cluster-state

        Cluster Id                : 00056528-ea71-f155-60a7-6805ca7bf746
        Cluster Name              : IN-BLR-VDICLS1
        Is Multicluster           : false
        Controller VM IP Addre... : [10.51.148.153, 10.51.148.154, 10.51.148.155, 10.51.148.156, 10.51.148.157, 10.51.148.158, 10.51.148.159, 10.51.148.160, 10.51.148.161, 10.51.148.162, 10.51.148.163, 10.51.148.164, 10.51.148.165, 10.51.148.166, 10.51.148.167, 10.51.148.168, 10.51.148.169, 10.51.148.170, 10.51.148.171, 10.51.148.172, 10.51.148.173]
        External IP Address       : 10.51.148.174
        Marked for Removal        : false
        Remote Connection Exists  : true <--------- Should be \"true\"<\/code><\/pre>  
    \u00a0<\/p>  
    3)Remote connection health_check<\/strong>:Check Nuclei RC health status by running the following command\u00a0on the available RCs in PE and PC to completely rule out it is a API v3 connectivity issues:<\/p>  
    <nuclei> remote_connection.health_check <rc_name>

    or

    <nuclei> remote_connection.health_check_all<\/code><\/pre>  
    The above should also be run from both PE and PC cluster.<\/p>  
    \u00a0<\/p>  
    4) Check API response:<\/strong> If the above RC health check fails, then we should look at checking API response. Once we have logged in to the PE, from the same browser run the following:<\/p>  
    https:\/\/<pe_ip>:9440\/PrismGateway\/services\/rest\/v1\/multicluster\/cluster_external_state

    <\/code><\/pre>  
    If the API connectivity is successful, the response will contain \"reachable\":true<\/strong><\/p>  
    [{\"clusterUuid\":\"7aca431c-9bc8-4bd0-803a-9b49e550e942\",\"clusterDetails\":{\"clusterName\":\"Unnamed\",\"ipAddresses\":[\"10.5.222.90\"],\"multicluster\":true,\"username\":\"00055de7-3cc7-05fb-0000-000000004433\",\"password\":\"41119365494582941674608439812739\",\"prcCluster\":false,\"reachable\":true},\"configDetails\":{\"externalIp\":\"//www.jhbzcj.com/next/prism-for-infra-and-it-ops-26/\"},\"filters\":[],\"clusterTimestampUsecs\":0,\"nosVersion\":null,\"nosFullVersion\":null,\"markedForRemoval\":false,\"remoteConnectionExists\":true}<\/code><\/pre>  
    If the API response is \"reachable\":false<\/strong> then there is an API connectivity issue between the PE and PC. The next step is to check if a proxy is configured\u00a0for the PC as Proxy\u00a0White listing might be needed<\/em>.\u00a0<\/p>  
    [{\"clusterUuid\":\"4b7b1a77-c591-477a-9501-37a39a4f8dfc\",\"clusterDetails\":{\"clusterName\":\"Unnamed\",\"ipAddresses\":[\"10.246.73.47\"],\"multicluster\":true,\"username\":\"00056528-ea71-f155-60a7-6805ca7bf746\",\"password\":\"65157945596046308979116553149711\",\"prcCluster\":false,\"reachable\":false},\"configDetails\":{\"externalIp\":\"//www.jhbzcj.com/next/prism-for-infra-and-it-ops-26/\"},\"filters\":[],\"clusterTimestampUsecs\":0,\"nosVersion\":null,\"nosFullVersion\":null,\"markedForRemoval\":false,\"remoteConnectionExists\":true}]<\/code><\/pre>  
    To troubleshoot further on REST API issues and to see what logs to check for here is a post on that\u00a0https:\/\/next.nutanix.com\/api-31\/logs-to-check-for-rest-apis-and-apache-http-issues-37761<\/a>\u00a0.<\/p>  
    \u00a0<\/p>  
    Another amazing post on PE-PC connectivity alerts\u00a0https:\/\/next.nutanix.com\/how-it-works-22\/what-to-do-with-prism-element-prism-central-connectivity-alerts-37401<\/a><\/p>  
    \u00a0<\/p>  
    What's Next ?<\/h3>  
    \u00a0<\/p>  
    In case none of the above scenarios help you to fix the issue, we might need to reset the PE-PC remote connection or unregister and re-register the PE on PC again after some deep troubleshooting and checking certain logs. For such scenarios it would be best to engage Nutanix support and let the\u00a0technical expert take over from there.<\/p>  
    \u00a0<\/p>  
    Relavant KBs<\/h3>  
    \u00a0<\/p>  
    1)\u00a06970<\/a> - PE-PC Connection Failure alerts\u00a0<\/span><\/span><\/p>  
    2)3379<\/a>\u00a0-\u00a0cluster_connectivity_status check<\/span><\/span><\/p>  
    3)<\/span>5356<\/a>\u00a0- PC is disconnected on PE dashboard because of incorrect proxy whitelist<\/span><\/span><\/p>  
    \u00a0 <\/p>
    1. \u00a0<\/li> <\/ol>
      <\/p>","quoteUsername":"AnishWalia20","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

0回答

做第一个回复的人!

回复


Baidu