Skip to main content

Key Manager Server

Key Manager uses the user facility for logging. The log file is located at:

/var/log/user.log

The Nginx logs may provide more information about front end errors. The Nginx logs are located at:

/var/log/nginx/error.log

/var/log/nginx/access.log

Back-end related errors are usually logged in the following files:

/var/log/secure
/var/log/messages

The supervisord service log contains process-control-related messages. The supervisord log file is by default located at:

/var/log/supervisor/supervisord.log

The supervisord logs specific to the backend: service are by default located as follows:

/tmp/backend-stderr---supervisor-*.log

/tmp/backend-stdout---supervisor-*.log

And similarly for the frontend: service:

/tmp/frontend-stderr---supervisor-*.log

/tmp/frontend-stdout---supervisor-*.log

Symptom: The Key Manager system stopped working entirely

  • The Key Manager service may have stopped running.

    Make sure that the Key Manager services are running on the Key Manager Servers:

    # supervisorctl status

    Restart the services if necessary:

    # supervisorctl restart all

Symptom: Cannot access the Key Manager GUI or the API

  • Make sure that the Nginx web server is running on the Key Manager front end. You can display the status of the web server by running:

    # service nginx status

    Restart the service if necessary:

    # service nginx restart

Symptom: The Key Manager GUI shows "Unsortable column" errors or Key Manager server syslog shows "Loading current filter" warning messages

  • After upgrade, users may see "Unsortable column" errors in the GUI and "Loading current filter" warning messages in the Key Manager server syslog. Users can remediate this by selecting "Reset view" action under "More" in any affected list views and by sorting by any other column by clicking the small triangle next to the name of a column. Alternatively, you can reset all filters for all users by running the following on a Key Manager server:

    # /opt/sshmgr/bin/clear-current-filters

Symptom: Cannot start/stop/restart Key Manager services

  • This may be caused by the supervisor process-control system not running. Check whether the process- control system is running with the following command:

    # service supervisord status

    Restart the service if necessary:

    # service supervisord restart

    You should now be able to manage the Key Manager services.

  • If you are unable to start Key Manager back end services (while being able to start others), ensure that:

    • The syslog daemon is running on the machine.
    • Key Manager has a valid license.

    After these checks, try restarting the back-end services again.

  • In situations where you are unable to start some services on certain Key Manager Servers, ensure that the target service is enabled. This can be done by running the following command on the Key Manager

    # /opt/sshmgr/bin/ssh-mgr-controller --show-server-roles

    Enable the services as needed. The following commands are used for enabling the backend: and the frontend: service respectively:

    # /opt/sshmgr/bin/ssh-mgr-controller --enable-server-role=backend
    # /opt/sshmgr/bin/ssh-mgr-controller --enable-server-role=frontend

    After this, you should be able to start the backend: service and/or the frontend: service:

    # supervisorctl start backend:

    This starts both the back-end, and the host-executor services.

    # supervisorctl start frontend:

    This starts both the front-end, and the api-executor supervisor services.

    In addition, if you are using either the offline scans or script-based scans, you need to also start redis.

    # supervisorctl start redis
    note

    In situations where you attempt to start a disabled Key Manager service, the supervisorctl will falsely claim that the service was started. After starting services using supervisorctl, you may run the following command to verify that the desired services are actually running:

    # supervisorctl status