Troubleshooting

Central platform

To view the KeySafe 5 application service logs, see Obtaining Logs.

If a Kubernetes resource is not working as expected, use kubectl describe to display any errors with that resource:

$ kubectl describe pod nshield-keysafe5-0
...
81s         Warning   FailedMount        pod/nshield-keysafe5-0         MountVolume.SetUp failed for volume "keysafe5-amqp-basicauth-volume" : secret "amqp-credentials" not found

You can also use kubectl get events to detect errors:

$ kubectl get events --all-namespaces

For more information on debugging Kubernetes applications, see the Kubernetes documentation here.

KeySafe 5 agent

If the agent fails to start, ensure that the configuration file is present at %NFAST_DATA_HOME%/keysafe5/conf/config.yaml.

If the configuration file is present but the agent still fails to start, see the Logging: KeySafe 5 agent section for instructions on accessing the log.

If you are using TLS, ensure that the private key and certificate files are present in %NFAST_DATA_HOME%/keysafe5/conf/amqp/tls.

If you are using TLS authentication, ensure that the username is specified in the X509 field expected by RabbitMQ, and the level of indirection configured on the RabbitMQ server is correct (see RabbitMQ: Certificate Chains and Verification Depth).