Secure Application セットアップのトラブルシューティング
appdcli run secureapp タスクを使用して、展開の問題をトラブルシュートできます。
The secureapp Task
The secureapp task requires one of the following options:
| Option | Description |
|---|---|
checkAgentAuth |
Using the agent account key, verify that agent authentication is working. |
checkApi |
Checks that the Secure Application API is working. |
checkAuthToken |
Verify that the controller is able to create authentication tokens for the admin user. |
checkDeps |
Basic checks of Secure Application dependencies, useful prior to installation. |
debugReport |
Dump logs and kubernetes resources (except secrets) for offline debugging. |
getSecureApplications |
Gets the default for Application Secure Application enablement. |
health |
Run the |
insecureApplications |
Administratively sets the default for Applications to be Secure Application disabled. |
licenseCheck |
Check that the license has Secure App Units. |
numAgentReports |
Display the number of Agent Reports that have been processed. |
restartFeedProcessing |
After uploading a data feed, to see updated results sooner than up to a day, restart the feed processing and see updates after a few minutes. |
secureApplications |
Administratively sets the default for Applications to be Secure Application enabled. |
setDownloadPortalCredentials |
For automatic daily downloads of the data feed. Set the download portal username and password. Syntax:
CODE
|
setFeedKey |
For air-gapped deployments. Set the license key to allow processing of an uploaded air-gapped data feed. Syntax:
CODE
|
showConfig |
Print currently observed Secure Application configuration. |
startTestAgent |
Launch a Java application named |
stopTestAgent |
Stop the |
uploadFeed |
For air-gapped deployments. Upload an air-gapped data feed from the local filesystem. Syntax:
CODE
|
versions |
Display version data, which may be useful during troubleshooting. |
一般的な機能を確認し、Secure Application で診断を実行するには、appdcli run secureapp health を実行します。
appdcli run secureapp healthサンプル出力:
$ appdcli run secureapp health
endpoints/appd-postgres-primary condition met
endpoints/appd-mysql condition met
endpoints/controller-service condition met
endpoints/auth-service condition met
SecureApp dependencies are Ready
checking if secureapp is installed
Secureapp charts have been installed by Helm
endpoints/onprem-user-service-auth condition met
endpoints/agent-proxy condition met
endpoints/abs-headless condition met
endpoints/ui condition met
endpoints/onprem-proxy-server condition met
endpoints/api-proxy condition met
endpoints/api-service condition met
endpoints/alert-proxy condition met
SecureApp services are Ready
Signing into controller as admin for customer1
Authenticated admin for account customer1
Check if argent.enabled property is set on the account
Account properties are configured for Secure App
endpoints/onprem-proxy-server condition met
endpoints/onprem-proxy-server condition met
Tenant configured:
customer1
Account data has been configured in SecureApp
Auth service config has account dns name mappings configured
Account data has been configured in SecureApp
<ip-address> <SNI-host>
Authentication DNS entries for customer1 configured
Check if CONFIG_ARGENTO permission is set for the user
Check if VIEW_ARGENTO permission is set for the user
Permissions are set up for Secure App
SecureApp API is responding
Checking Auth for Agents in Account customer1 at IP <ip-address> with SNI host <SNI-host>
Agent Authentication succeeded
Feed Entries: 10376
Secureapp checks have passed適切に設定されたエージェントが仮想アプライアンスの Secure Application に対して認証できることを確認するには、appdcli run secureapp checkAgentAuth を実行します。
appdcli run secureapp checkAgentAuthサンプル出力:
Checking Auth for Agents in Account <account-name> at IP <ip-address> with SNI host <SNI-host>
Agent Authentication succeeded適切に構成されたエージェントが仮想アプライアンスの外部入力点を介して Secure Application にすべて報告できることを確認するには、次を実行します。
appdcli run secureapp startTestAgent:
appdcli run secureapp startTestAgentサンプル出力:
$ appdcli run secureapp startTestAgent
Building dependency release=test-agent, chart=test-agent
Upgrading release=test-agent, chart=test-agent
Release "test-agent" has been upgraded. Happy Helming!
NAME: test-agent
LAST DEPLOYED: Fri Feb 14 18:40:13 2025
NAMESPACE: cisco-secureapp
STATUS: deployed
REVISION: 2
TEST SUITE: None
Listing releases matching ^test-agent$
test-agent cisco-secureapp 2 2025-02-14 18:40:13.174379865 +0000 UTC deployed test-agent-0.1.0 0.1.0
UPDATED RELEASES:
NAME NAMESPACE CHART VERSION DURATION
test-agent cisco-secureapp ./test-agent 0.1.0 14sテストエージェントの停止を確認するには、appdcli run secureapp stopTestAgent を実行します。
appdcli run secureapp stopTestAgentサンプル出力:
$ appdcli run secureapp stopTestAgent
Listing releases matching ^test-agent$
test-agent cisco-secureapp 2 2025-02-14 18:40:13.174379865 +0000 UTC deployed test-agent-0.1.0 0.1.0
Deleting test-agent
release "test-agent" uninstalled
DELETED RELEASES:
NAME NAMESPACE DURATION
test-agent cisco-secureapp 0sバージョン情報を確認するには、appdcli run secureappversions を実行します。
appdcli run secureapp versionsサンプル出力:
$ appdcli run secureapp versions
k8s Client Version: v1.30.9 Server Version: v1.30.9
controller mysql: 8.4.3
auth-service mysql: 8.4.3
kafka: 3.8.0
controller: 25.1.0-10032-124
postgres: 15
redis: 5.2.7
taskfile: Task version: v3.39.2 (<hash>)その他の障害対応手順については、「仮想アプライアンスの問題のトラブルシューティング」を参照してください。