The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
You can configure the system policies for all of Cisco UCS Central, or at the domain group level. To configure system policies at the domain group, see Domain Group System Policies.
UCS Central system policies include the following:
Length of time between Cisco UCS Central raising the fault and clearing the condition.
Length of time Cisco UCS Central retains a fault in the system.
Syslog—Determines the type of log files that you want to collect, and where you want to view or store them.
Core Dump—Uses the Core File Exporter to export core files as they occur.
From the UCS Central System Policies Manage dialog box, you can configure the properties and settings for faults, syslog, and core dump export.
Step 1 | Click the System Configuration icon and choose System Policies. |
Step 2 | In the
UCS Central System Policies
dialog box, click the icon for the section that you want
to configure.
|
Step 3 | Complete the fields as required for each section. |
Step 4 | Click Save. |
Step 1 | In the
Actions bar, type
Manage
UCS Central Syslog and press Enter.
|
Step 2 | In the UCS Central Syslog dialog box, click Syslog Sources and choose Enabled for each source for which you want to collect log files: |
Step 3 | In
Local
Destination, specify where
Cisco UCS Central can add and display the syslog messages:
|
Step 4 | In
Remote
Destination, specify whether to store the syslog messages in a
primary, secondary, or tertiary server.
Specify the following information for each remote destination:
|
Step 5 | Click Save. |
Cisco UCS uses the Core File Exporter to export core files, through TFTP, to a specified location on the network. This exports the core file in tar format.
Step 1 | In the
Actions bar, type
Manage
UCS Central Core Dump Export and press Enter.
|
Step 2 | In the UCS Central Core Dump Export dialog box, click Enable to export core files. |
Step 3 | (Optional)Enter a description for the remote server used to store the core file. |
Step 4 | The Frequency, Maximum No. of Files, Remote Copy, and Protocol fields are set by default. |
Step 5 | (Optional) In Absolute Remote Path, enter the path to use when exporting the core file to the remote server. |
Step 6 | In Remote Server Host Name/IP Address, enter a hostname or IP address to connect with through TFTP |
Step 7 | (Optional)In TFTP Port, enter the port number to use when exporting the core file through TFTP. The default port number is 69. |
Step 8 | Click Save. |
The system profile allows you to configure the system information such as the interfaces, date and time, DNS, remote access, trusted points, and certificate information for all of Cisco UCS Central.
To configure the domain group system profile, see Domain Group System Profile.
Step 1 | Click the System Configuration icon and choose System Profile. |
Step 2 | In the
UCS
Central section, you can view the
Cisco UCS Central
system name, mode, and virtual IPv4 and IPv6 addresses.
These values are populated when you first configure Cisco UCS Central. You cannot modify the system name and mode. |
Step 3 | In Interfaces, review or change the following management nodes: |
Step 4 | In Date & Time, choose the time zone and add an NTP server. |
Step 5 | In DNS, type the Cisco UCS Central domain name and add a DNS server. |
Step 6 | In Remote Access, choose a Key Ring. |
Step 7 | In Trusted Points, click Add to add a new trusted point and certificate chain. |
Step 8 | In Certificates, you can view the existing, or create a new key ring and certificate request. |
Step 9 | Click Save. |
Step 1 | In the Actions
bar, type
Manage
UCS Central Management Node and press
Enter.
This launches the UCS Central Management Node Manage dialog box. |
Step 2 | In Management Node, click the name of the node that you want to configure. |
Step 3 | Enter values for the IP Address, Subnet Mask, and Default Gateway. |
Step 4 | Click Save. |
Step 1 | In the Actions
bar, type
Manage
UCS Central NTP Servers and press
Enter.
This launches the UCS Central NTP Servers Manage dialog box. |
Step 2 | In Time Zone, select the time zone for the domain. |
Step 3 | In NTP Servers, click Add to add a new NTP server, or Delete to remove an existing one. |
Step 4 | Click Save. |
Step 1 | In the Actions
bar, type
Manage
UCS Central DNS Servers and press
Enter.
This launches the UCS Central DNS Servers Manage dialog box. |
Step 2 | In UCS Central Domain Name, type the name of the Cisco UCS Central domain. |
Step 3 | In DNS Servers, click Add to add a new DNS server, or Delete to remove an existing one. |
Step 4 | Click Save. |
You can configure the system policies at the domain group level, or for all of Cisco UCS Central. To configure system policies for UCS Central, see System Policies.
Domain group system policies include the following:
Equipment—Sets policies for the equipment in your domain group, including discovery and power policies.
Rack Discovery—Determines what action is taken when a rack-mount server is discovered, and assign a scrub policy.
Length of time between Cisco UCS Central raising the fault and clearing the condition.
Length of time Cisco UCS Central retains a fault in the system.
Syslog—Determines the type of log files that you want to collect, and where you want to view them or store.
Core Dump—Uses the Core File Exporter to export core files as they occur.
Interfaces—Sets criteria for monitoring your domain group interfaces.
System Events—Sets the criteria for domain group system event logs.
Note | If you are setting the system policies for a subdomain, enable each policy before you can set it. |
Step 1 | Click the Domain Group Navigation icon and choose a domain group. |
Step 2 | Click the Settings icon. |
Step 3 | Click Launch for System Policies. |
Step 4 | In
Equipment, complete the necessary fields.
For more information, see Managing Equipment Policies. |
Step 5 | In
Rack
Discovery, complete the necessary fields.
For more information, see Managing Rack Discovery Policies. |
Step 6 | In
Fault, complete the necessary fields.
For more information, see Managing a UCS Central Fault Policy. |
Step 7 | In
Syslog, complete the necessary fields.
For more information, see Managing UCS Central Syslog. |
Step 8 | In
Core
Dump, complete the necessary fields.
For more information, see Managing UCS Central Core Dump Export. |
Step 9 | In Interfaces, choose whether to enable Interface Monitoring Policy. |
Step 10 | If you select Enabled, complete the interface monitoring information as required. |
Step 11 | In System Events, complete the necessary fields to determine how the system event logs are collected. |
Step 12 | Click Save. |
The domain group system profile allows you to configure the date and time, DNS settings, remote access, and trusted points for each domain group.
Step 1 | Click the Domain Group Navigation icon and choose root. | ||
Step 2 | Click the Settings icon. | ||
Step 3 | Click Launch for System Policies. | ||
Step 4 | In Date & Time, choose the time zone and add an NTP server. | ||
Step 5 | In DNS, type the UCS Central domain name and add a DNS server. | ||
Step 6 | In
Remote
Access, type the HTTPS, HTTPS port, and change the default values
for web and shell sessions, if needed.
| ||
Step 7 | In Trusted Points, click Add to create a trusted point and add a certificate chain. | ||
Step 8 | Click Save. |
Use schedules to determine when certain activities will occur. After you create a schedule in Cisco UCS Central, you can use that schedule in:
Note | Simple schedules, whether recurring or a one time occurrence, do not have the option to require user acknowledgment. If you want to require user acknowledgment, you must choose an advanced schedule. |
Note | Simple schedules, whether recurring or single occurrence, do not require user acknowledgment. If you want to require user acknowledgment, choose an advanced schedule. |
Step 1 | In the
Actions bar, type
Create
Schedule and press Enter.
|
Step 2 | In Basic, enter a Name and optional Description. |
Step 3 | Select
Recurring,
One
Time, or
Advanced for the schedule.
If Advanced, select to enable or disable user acknowledgment. |
Step 4 | Click Schedules. |
Step 5 | Click
Add to add a schedule.
|
Step 6 | Click Create. |
When you change a service profile that is associated with servers in the registered domains, the change may require a server reboot. The maintenance policy determines how Cisco UCS Central reacts to the reboot request.
You can create a maintenance policy, and specify the reboot requirements, to make sure the server does not automatically reboot when changes to the service profiles occur. You can specify one of the following options for a maintenance policy:
On Save: When you change a service profile, Cisco UCS Central applies the changes immediately.
User Acknowledgment: Applies the changes after an admin acknowledges the changes.
Schedule: Applies the changes based on the day and time you specify in the schedule.
When you create the maintenance policy, if you specify a schedule, the schedule deploys the changes in the first available maintenance window.
Note | A maintenance policy only prevents an immediate server reboot when a configuration change is made to an associated service profile. However, a maintenance policy does not prevent the following actions from taking place right away:
|
To watch a video on creating a server maintenance policy and associating it with a service profile, see Video: Creating a Global Maintenance Policy and Associating the Policy with a Service Profile.
Step 1 |
In the
Actions bar, type
Create
Maintenance Policy and press Enter.
|
Step 2 | In the
Maintenance Policy Create
dialog box, choose
Server.
For more information on creating a chassis maintenance policy, see the Cisco UCS Central Storage Management Guide. |
Step 3 | Choose the
Organization where you want to create the policy,
and enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | For a server
maintenance policy, complete the following:
|
Step 5 | Click Evaluate to view the impact of the policy. |
Step 6 | Click Create. |
Cisco UCS Central allows creation of key rings as a third-party certificate for stronger authentication. HTTPS uses components of the Public Key Infrastructure (PKI) to establish secure communications between two devices.
Each PKI device holds a pair of asymmetric Rivest-Shamir-Adleman (RSA) encryption keys, one kept private and one made public, stored in an internal key ring. You can decrypt a message encrypted with either key with the other key. To send an encrypted message, the sender encrypts the message with the receiver's public key, and the receiver decrypts the message using its own private key. A sender can also prove its ownership of a public key by encrypting (also called 'signing') a known message with its own private key. If a receiver can successfully decrypt the message using the public key in question, the sender's possession of the corresponding private key is proven. Encryption keys can vary in length, with typical lengths from 2048 to 4096 bits. In general, a longer key is more secure than a shorter key. Cisco UCS Central provides a default key ring with an initial 2048-bit key pair, and allows for you to create extra key rings.
Note | After you regenerate the default key ring, logging in to Cisco UCS Central can take a few minutes. |
Manually regenerate the default key ring certificate if the cluster name changes or the certificate expires.
Note | When you create a key ring and certificate request, Cisco UCS Central generates the certificate request with required key usages set. The key usages on a certificate signed from a CA server must include SSL Client Authentication, and SSL Server Authentication. If you use Microsoft Windows Enterprise Certification Authority Server as an internal CA, use the Computer template to generate the certificate. It must contain both of the key usages sets. If this template is not available in your setup, use an appropriate template which has both SSL Client Authentication, and SSL Server Authentication key usages set. |
Step 1 | Click the System Configuration icon and choose System Profile. |
Step 2 | Click Certificates. |
Step 3 | Click Add to add a Key Ring. |
Step 4 | In the Basic tab, leave the Modulus at its default value, or change if necessary. |
Step 5 | Enter a Trusted Point. |
Step 6 | Paste in the certificate chain from your generated key ring. |
Step 7 | Click Certificate Request. |
Step 8 | Fill in the fields with valid information for your organization. |
Step 9 | Click Save. |
Note | The root CA must contain a primary and self-signed certificate. |
Cisco UCS Central allows you to view fault logs, audit logs, sessions, and other events.
Note | If the screen or widget that you are viewing is not current, click Refresh to see the latest data. |
Cisco UCS Central collects and displays all of the Cisco UCS Central system faults on the Fault Logs page. To view these system fault logs, click the System Alerts icon and choose System Faults. The Faults Logs page displays information on the type and severity level of the fault. It also allows you to monitor and acknowledge the system faults, and filter the faults that are displayed.
The faults table includes the following information for each fault:
Code—ID associated with the fault
Timestamp—Date and time at which the fault occurred
Type—Origin of the fault
Cause—Cause of the fault
Affected Object—Component affected by this fault
Fault Details—Details of the fault.
Severity—Severity of the fault
Action—Action required by the fault
To manage the information collected, see Configuring UCS Central System Policies.
Cisco UCS Central collects and displays faults from registered Cisco UCS domains in the Domain Faults page. It also displays Inventory faults. Cisco UCS Central categorizes and displays domain faults as follows:
Fault Level—The fault level that triggers the profile:
Critical—Critical problems exist with one or more components. Research and fix these issues immediately.
Major—Serious problems exist with one or more components. Research and fix these issues immediately.
Minor—Problems exist with one or more components that may adversely affect the system performance. Research and fix these issues as soon as possible before they become major or critical issues.
Warning—Potential problems exist with one or more components that may adversely affect the system performance if they are allowed to continue. Research and fix these issues as soon as possible before they become major or critical issues.
Cleared—Condition that caused the fault is resolved, and the fault is cleared.
Info—Notification or informational message.
Condition—Informational message about a condition.
Filter—Filter the data in the table.
Code—Unique identifier associated with the fault.
Timestamp—Day and time at which the fault occurred.
Type—Information on where the fault originated.
Cause—Brief description of what caused the fault.
Affected Object—The name and location of the component that this issue affects, and the domain name where it is found.
Fault Details—More information about the log message.
Severity—Displays an icon denoting the fault severity. The icon key displays below the table.
Action—Whether user acknowledgment is required.
Cisco UCS Central collects and displays the events that occurred in the system, such as when a user logs in or when the system encounters an error. When such events occur, the system records the event and displays it in the Event Logs. To view these event logs, click the System Alerts icon and choose Events. The event logs record the following information:
You can view a comprehensive list of configuration changes in Cisco UCS Central in the Audit Logs. When you perform configuration changes involving creating, editing or deleting tasks in the Cisco UCS Central GUI or the Cisco UCS Central CLI, Cisco UCS Central generates an audit log. In addition to the information related to configuration, the audit logs record information on the following:
Resources that were accessed.
Date and time at which the event occurred.
Unique identifier associated with the log message.
The user who triggered an action to generate the audit log. This can be an internal session or an external user who made a modification using the Cisco UCS Central GUI or the Cisco UCS Central CLI.
The source that triggered the action.
The component that is affected.
If an error occurs that causes the system to crash, then a core dump file is created. This core dump file includes information on the state of the system before the error occurred, and the time at which the system crashed. To view the core dump files, click the System Alerts icon and choose Core Dumps. In the Core Dumps log table you can view the following information:
You can view active sessions for remote and local users in Cisco UCS Central and choose to terminate those sessions from the server. To view the active sessions, click the System Alerts icon and choose Active Sessions. In the log table you can view the following information:
ID—Type of terminal from which the user logged in.
Timestamp—Date and time at which the user logged in.
User—User name.
Type—Type of terminal from which the user logged in.
Host—IP address from which the user logged in.
Status—If session is currently active.
Actions—Click Terminate to end the selected session.
Internal service logs provide information on various providers and the version of the Cisco UCS Central associated with the provider. To view the internal services, click the System Alerts icon and choose Internal Services.
In the Services section, you can view the following information:
Name—Type of the provider.
Last Poll—Day and time on which Cisco UCS Central last polled the provider.
IP Address—IP address associated with the provider.
Version—Version of Cisco UCS Central associated with the provider.
Status—Operational state of the provider.
In the Lost Domains section, you can view the following information:
Use a terminal emulator to access the CLI.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC # scope monitoring |
Enters monitoring mode. |
Step 2 | UCSC /monitoring # scope sysdebug |
Enters sysdebug mode. |
Step 3 | UCSC /monitoring/sysdebug # scope mgmt-logging |
Enters management logging mode. |
Step 4 | UCSC /monitoring/sysdebug/mgmt-logging # set module tomcat_config [crit | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn] |
Sets the logging level. |
Step 5 | UCSC /monitoring/sysdebug/mgmt-logging # commit-buffer | Commits the change. |
UCSC # scope monitoring UCSC /monitoring # scope sysdebug UCSC /monitoring/sysdebug # scope mgmt-logging UCSC /monitoring/sysdebug/mgmt-logging # set module tomcat_config debug4 UCSC /monitoring/sysdebug/mgmt-logging # commit-buffer
Cisco UCS Central enables you to generate reports on active API communication between the GUI and back-end from the Cisco UCS Central GUI. You can collect these communications for use in third-party automation. You can start and stop collecting this report at any time during an active communication.
Step 1 | On the menu bar, click the System Tools icon and choose Start Logging Session. The system starts logging the active API communication between Cisco UCS Central GUI and the back-end. |
Step 2 | On the menu bar, click the System Tools icon and choose Stop Logging Session. The API report text file saves to your system. |
When you encounter an issue that requires troubleshooting or a request for assistance to the Cisco Technical Assistance Center (Cisco TAC), collect as much information as possible about Cisco UCS Central or the affected Cisco UCS domain. Cisco UCS Central outputs this information into a tech support file that you can send to Cisco TAC.
You can create a tech support file for all of Cisco UCS Central, or for the following components of a Cisco UCS domain:
Entire Domain—Contains technical support data for the entire Cisco UCS domain.
FEX—Contains technical support data for the given FEX.
Domain Management Services—Contains technical support data for the Cisco UCS Central management services, excluding Fabric Interconnects.
Rack Server—Contains technical support data for the given rack server and adapter.
Chassis—Contains technical support data for the I/O module or the CIMCs on the blade servers in a given chassis only.
Server Memory—Contains server memory technical support data for the given rack-mount servers and blade servers.
Before contacting Cisco TAC, see the following:
You can generate a tech support file for Cisco UCS Central or for a supported component of a Cisco UCS domain.
Step 1 | Click the System Tools icon and choose Tech Support. |
Step 2 | Under Domains, select UCS Central or the domain for which you want to generate tech support files. |
Step 3 | Click the Generate Tech Support icon. |
Step 4 | If you selected
UCS Central, do the following:
|
Step 5 | If you selected a domain, do the following:
|
Step 1 | Click the System Tools icon and choose Tech Support. |
Step 2 | Under Domains, select UCS Central or the domain for which you want to view tech support files. The right pane displays the list of available tech support files for the selected system. |
Step 3 | Choose the file that you want to download. |
Step 4 | Click Download. |