Troubleshooting
Central platform
To view the KeySafe 5 application service logs, see Obtaining Logs.
If a Kubernetes resource is not working as expected, use kubectl describe
to display any errors with that resource.
$ kubectl describe -n nshieldkeysafe5 pod nshield-keysafe5-0
[. . .]
Warning FailedMount 6s (x8 over 70s) kubelet MountVolume.SetUp failed for volume "keysafe5-messagebus-tls-volume" : secret "ks5-amqptls" not found
You can also use kubectl get events
to detect errors.
kubectl get events --all-namespaces
For more information on debugging Kubernetes applications, see the Kubernetes documentation here.
KeySafe 5 agent
If the agent fails to start, ensure that the configuration file is present at %NFAST_DATA_HOME%/keysafe5/conf/config.yaml
.
If the configuration file is present but the agent still fails to start, see the Logging: KeySafe 5 agent section for instructions on accessing the log.
Ensure that the message_bus
type is set appropriately.
If you are using AMQP, ensure that both the port number and vhost is set.
If you are using TLS, ensure that the private key and certificate files are present in %NFAST_DATA_HOME%/keysafe5/conf/messagebus/tls
.
If you are using TLS authentication with AMQP, ensure that the username is specified in the X509 field expected by RabbitMQ, and the level of indirection configured on the RabbitMQ server is correct (see RabbitMQ: Certificate Chains and Verification Depth).