Problem :
Unable to access the Analytics tab from Versa Director.
Solution :
In 16.1R2 and 20.2.x versions, the Director would access the Analytics UI on port 8080 by default, whereas in 21.1.x (and above) the Director access Analytics UI via port 8443 (ssl connection).
There are two aspects required for Director to access the Analytics UI (to be able to open Analytics UI on the Director's Dashboard)
1. The director(s) need to be registered on the Analytics
2. The director needs to access analytics over a https (8443) connection
Each of the above points needs to be validated in order to ensure successful access
The "cluster installation script" available starting 20.2.x/21.1.x and above, takes care of both the above steps, and it's recommended that cluster installation be performed using the cluster installation script.
Please refer to the documentation below
Refer to section below
Side note: Please be careful about using the --secure option, this is only needed if you want to ensure analytics hardening/security if you cluster is exposed to public domain
Ideally the Director UI should be able to access Analytics post the above installation, if you see any errors in the above installation or if the Analytics UI is not accessible via the Director UI (mostly an error "there is a problem logging into analytics" would pop up while trying to access the UI)
Troubleshooting steps are as below
Step 1: Please validate if the certificate on the Director is installed on the Analytics using the script below, this script is present in the /opt/versa/vnms/scripts directory on the Director (run this from the Master VD)
Note: You will need to run the below script using 'versa' user as below
sudo su versa
You will need to enter the Analytics cluster name (get it from the Director UI Administration/Analytics-Cluster tab)
In the above output, a successful match would return "MD5 has matches" as a result
If the above scripts informs that the MD5 sum does not match, please go to step 2
Step 2: Sync the certificate from the Director towards the Analytics as below
Note: Below script needs to be run as "versa" user
versa@Director:~$ /opt/versa/vnms/scripts/vnms-cert-sync.sh --sync
You would need to provide the cluster name as the input (the cluster name can be located on Director UI Administration/Analytics-Cluster
Step 3: Print the certificate on the Director and confirm if the CN and SAN values are being use in the /etc/hosts mapping on the Analytics.
Print the certificate on the Director as below
Check the CN and SAN on the Director certificate
Check the /etc/hosts files on the Analytic nodes (all the analytic and search nodes in your cluster). Make sure that the "names" mapped in /etc/hosts are exactly the same as the CN and SAN names present in the certifiicate and the "ip address" mapped is accurate
Step 4: Verify if 9182 and 9183 ports are accessible on the Directors from the Analytics
Login to the shell of the Analytics node and execute "nc -zvw3 <director> 9182" (also check 9183)
Note: Replace <director> with the name present in the /etc/hosts file for the directors
If you get a "connection refused" (or any other error) while executing the above, then please check and make sure there are no firewalls blocking 9182/9183 access and that routes are present to access the director (check "route -n" to confirm the routes on Analytics and Director) - try to ping the Director from Analytics to ensure routing is fine.
Important side note: If you are using a wildcard certificate, for example with CN as *.versa.com. then make sure that you use the full domain name while creating a mapping in the /etc/hosts file (for ex, director1.versa.com and director2.versa.com)
Step 5: Execute the below steps to ensure that Analytic certificates are installed on the Director
[Content taken from https://docs.versa-networks.com/Getting_Started/Release_Notes_for_Secure_SD-WAN/Release_Notes_for_Secure_SD-WAN_Release_21.1/02_Versa_Analytics_Release_Notes_for_Release_21.1 ]
In a HA Director setup, you should select "y" to post-pone the restart, and make sure that you perform "vsh stop" on the SLAVE VD before performed "vsh restart" on the MASTER VD, and after verifying that all ther services are up (using "vsh status") you can perform "vsh start" on the STANDBY VD and ensure all services are up
Step 6: After the above steps are in place try "revoking" and "re-registering" the directors below by accessing the Analytics UI directly (https://<ip-address> or http://<ip-address>:8080 ), of any one of the Analytic nodes
Ideally the register should succeed
If the register fails, please capture the below from the Analytic node on which you were trying the above registration
sudo su
cat /var/log/versa/tomcat/catalina.log
If you see the unconfigured table versa_directors error as below:
login to cassandra DB and check the table:
cqlsh -u cassandra -p cassandra
cassandra@cqlsh> select * from van_system.versa_directors;
InvalidRequest: Error from server: code=2200 [Invalid query] message="unconfigured table versa_directors"
If table not present create using below:
cassandra@cqlsh> CREATE TABLE van_system.versa_directors ( hostname text PRIMARY KEY , client_id text, client_secret text );
Now, re-register and check.
cassandra@cqlsh> select * from van_system.versa_directors;
hostname | client_id | client_secret
-------------+-----------+---------------
Director-01 | null | null
If you still continue to face issues connecting to Analytics from the Director please follow the below steps
Execute the below on the shell of the analytic node whose UI you are trying to connect and the director node (enable logging on both the putty terminals) and perform multiple attempts to connect to the analytics UI from the director (from the affected user) – as soon as you hit a failure case, execute Ctrl+C on both the terminals and attach the logs to the TAC ticket.
Shell of analytics node:
sudo su
tail -f /var/log/versa/tomcat/*.log
Shell of Director node:
sudo su
cd /var/log/vnms/spring-boot/
tail -f vnms-spring-boot.log /var/log/vnms/web/*.log
Please attach this output while opening the TAC case.
If you need to open a TAC case, please attach all the outputs collected from Step 1 to Step 6. If you have executed the "cluster installation script", please also attach the entire outputs of the script along with the outputs from Step 1 to Step 6