Troubleshooting

Central platform

To view the KeySafe 5 application service logs, see Obtaining Logs.

If a Kubernetes resource is not working as expected, use kubectl describe to display any errors with that resource.

$ kubectl describe -n nshieldkeysafe5 pod nshield-keysafe5-0
[. . .]
Warning  FailedMount  6s (x8 over 70s)  kubelet            MountVolume.SetUp failed for volume "keysafe5-messagebus-tls-volume" : secret "ks5-amqptls" not found

You can also use kubectl get events to detect errors.

kubectl get events --all-namespaces

For more information on debugging Kubernetes applications, see the Kubernetes documentation here.

KeySafe 5 agent

If the agent fails to start, ensure that the configuration file is present at %NFAST_DATA_HOME%/keysafe5/conf/config.yaml.

If the configuration file is present but the agent still fails to start, see the Logging: KeySafe 5 agent section for instructions on accessing the log.

Ensure that the message_bus type is set appropriately.

If you are using AMQP, ensure that both the port number and vhost is set.

If you are using TLS, ensure that the private key and certificate files are present in %NFAST_DATA_HOME%/keysafe5/conf/messagebus/tls.

If you are using TLS authentication with AMQP, ensure that the username is specified in the X509 field expected by RabbitMQ, and the level of indirection configured on the RabbitMQ server is correct (see RabbitMQ: Certificate Chains and Verification Depth).