The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco Policy Server comes with a set of utilities to actively monitor and trace policy execution. These utilities interact with the core policy server and the mongo database to trigger and store traces for specific conditions.
The policy tracing and execution analyzer is 3-tier architecture:
All commands are located on the Control Center virtual machine within /var/qps/bin/control directory. There are two main scripts which can be used for tracing: trace_ids.sh and trace.sh.
The trace_ids.sh script maintains all rules for activating and deactivating traces within the system.
The trace.sh script allows for the real time or historical retrieval of traces.
Before running trace_ids.sh and trace.sh, confirm which database you are using for traces. For more information, refer to Policy Trace Database. If no database has been configured, then by default the scripts connects to primary database member of SPR-SET1.
Running trace_ids.sh with -h arguments produces a help text describing the capabilities of the script.
/var/qps/bin/control/trace_ids.sh -h
Usage:
/var/qps/bin/control/trace_ids.sh -i <specific id> -d sessionmgr01:27719/policy_trace /var/qps/bin/control/trace_ids.sh -r <specific id> -d sessionmgr01:27719/policy_trace /var/qps/bin/control/trace_ids.sh -x -d sessionmgr01:27719/policy_trace /var/qps/bin/control/trace_ids.sh -l -d sessionmgr01:27719/policy_trace
Note | By default , if -d option is not provided then the script connects to primary database member of SPR-SET1. If you are not using the SPR database, you need to find out the which database you are using. To find out which database you are using, refer to Policy Trace Database. Make sure to update the commands mentioned in Step 1 to Step 4 accordingly. |
This script starts a selective trace and outputs it to standard out.
Usage with SPR-SET as database:
#./trace_ids.sh -l MongoDB shell version: 2.6.3 connecting to: sessionmgr01:27720/policy_trace 112345 MongoDB shell version: 2.6.3 connecting to: sessionmgr01:27720/policy_trace null
Usage with -d option:
#./trace_ids.sh -l -d sessionmgr01:27717/policy_trace MongoDB shell version: 2.6.3 connecting to: sessionmgr01:27717/policy_trace 874838 MongoDB shell version: 2.6.3 connecting to: sessionmgr01:27717/policy_trace null
The following criteria cause the system to generate a trace regardless of whether the id is present in the trace database or not:
If there is an AVP with the code: audit_id, audit-id, auditid. In this case, the traces are stored in the database with the value of the AVP.
If there is a subscriber attribute (USuM AVP) with a code of audit-policy and a value of “true”. In this case, the traces are stored using the credentials stored for the subscriber.
If an error is triggered internally.
Note | An error is defined as an internal processing error (e.g. database failure or other failure) and is not a failure message code. |
Running trace.sh with -h arguments produce a help text describing the capabilities of the script:
/var/qps/bin/control/trace.sh -h
Usage:
/var/qps/bin/control/trace.sh -i <specific id> -d sessionmgr01:27719/policy_trace /var/qps/bin/control/trace.sh -x <specific id> -d sessionmgr01:27719/policy_trace /var/qps/bin/control/trace.sh -a -d sessionmgr01:27719/policy_trace /var/qps/bin/control/trace.sh -e -d sessionmgr01:27719/policy_trace
Note | By default , if -d option is not provided then the script connects to primary database member of SPR-SET1. If you are not using the SPR database, you need to find out the which database you are using. To find out which database you are using, refer to Policy Trace Database. Make sure to update the commands mentioned in Step 1 to Step 4 accordingly. |
This script starts a selective trace and outputs it to standard out.
The default location of the policy trace database is the administrative database and can be optionally specified in the trace database fields. These fields are defined at the cluster level in the system configurations.
Note | Make sure to run all trace utility scripts from /var/qps/bin/control directory only. |
CPS supports a new network cutter utility, which keeps monitoring Policy Server (QNS) VMs failures. When any of the Policy Server VMs are down, utility cuts those unnecessary connections to avoid sending traffic to Policy Server VMs that are down, and this also results in avoiding timeouts.
This utility is started by monit on Policy Director (lb) VMs and keeps monitoring policy server VMs failures.
Utility stores log on /var/log/broadhop/network-cutter.log file.
You can verify the status of network cutter utility on lb01/02 VMs using monit summary and network-cutter status command:
monit summary | grep cutter Process 'cutter' Running
service network-cutter status network-cutter (pid 3735) is running
You can verify if network cutter utility has been started using ps -ef | grep cutter command:
ps -ef | grep cutter root 6496 1 0 Feb18 ? 00:16:22 /usr/java/default/bin/java -jar /var/broadhop/images/network-cutter.jar
The Configuration-Reporter utility processes CPS Policy Builder configuration and report any missing cross-reference files and stale files. An option has also been provided to remove the stale files and missing cross-references in the XMI files from the configuration data in the utility.
This reporting utility address the following concerns:
Reports if there are any missing PB configuration files (.xmi files) and a summary of what those files are.
Reports if there are any stale files and a summary of the same.
Stale files are Service Option files whose corresponding Use Case Template files are missing.
It also shows the missing configuration files on a per-file basis, showing the files that are referencing the missing files.
Additionally, the customer can see all the different configuration objects and their quantity to see the variety of configurations they are using.
Using -r option, utility creates a new archive file with cleaned XMI files (removes the stale files and missing cross-references from XMI files from the original configuration data).
To run the utility, perform the following steps:
Mount ISO on Cluster Manager if you unmounted the ISO after completing the CPS installation or upgrade.
Extract the release train into the temp directory:
cd /tmp
tar -zxvf /mnt/iso/app/install/release-train-xxx.tar.gz
where, release-train-xxx.tar.gz is the release train version.
Go into Configuration-Reporter directory which is present inside utility directory of extracted utility.
cd release-train-xxx/Utility/Configuration-Reporter
Execute jar using the following command:
java -jar configuration-reporter.jar <pb-configuration-xmi-files-in-archive-form> [-r]
where,
[-r] is an optional parameter and if specified will remove all the references of missing files from XMI files and stale files in the archive file and outputs the corrected archive as filename_cleaned.zip|cps (output file will have same extension as input file) on the same path where command runs.
CPS provides a CRD conversion tool which converts existing Balance and Quota templates PB configuration data to CRD Data. You can provide XMI files to the tool in the following ways:
Use Import/Export tool to export CPS configuration as an archive file (.cps extension archive) and provide the same to the tool.
Archive set of XMI files to .zip extension archive file.
Provide directory path where XMI files are present as an input to the tool.
Prerequisites:
The feature com.broadhop.balance.crdbalance.feature must be enabled so that CRD tables for Balance and Quota Template details are displayed in Policy Builder (as readonly) and Control Center. These CRD tables need to be present for importing the Balance and Quota CRD data which will be converted using the tool and Balance and Quota Templates XMIs present in Policy Builder.
To enable com.broadhop.balance.crdbalance.feature, add the feature in /var/qps/current_config/etc/broadhop/pb/features and /var/qps/current_config/etc/broadhop/pcrf/features files. For more information, refer to Customize Features in the Deployment section in CPS Installation Guide for VMware.
Mount ISO on Cluster Manager.
Extract release train into temp directory:
tar -zxvf /mnt/iso/app/install/xxx.tar.gz /tmp/
Go to CRD_generator_Utility directory which is inside the utility directory of the extracted release train:
cd /tmp/release-train-xxx/Utility/CRD_generator_Utility
Execute jar using the following command:
java –jar com.broadhop.customreferencedata.generator-<svn-revision-number>-full.jar [–a <archive-file> | -d <directory>]
Command Line Options |
Description |
---|---|
-a |
Option for passing zip archive file which contains XMI files. |
-d |
Option for passing directory path where XMI files are present. |
-e |
|
-h |
Prints help. |
-o |
Object type for which CRD conversion needs to be performed. Default value is AccountBalanceTemplate. |
-r |
|
-v |
Validates CRD data against the schema (required field constraint validation). Default value is true which means validation of schema is enabled and CRD data record with missing required field value will not be part of generated CRD data files. |
-xls |
Generates XLS format files for CRD data. Default option is CSV format CRD data files. |
The tool generates a “.crd” extension archive file containing ".exportCrdInfo" file and CRD tables data in CSV/XLS format which can be used by Import/Import All CRD functionality in CPS to import the CRD data into the system.
View-only using Excel : In Excel, you can only view the csv files present in generated “.crd” archive where non-ASCII characters are present in it. In order to view non-ASCII characters which might be present in CRD Data, perform the following steps:
Open a blank Excel file.
Go to Menu option
and import the CRD table CSV file in which non-ASCII is present.All non-ASCII characters are displayed correctly.
Note | It is not recommended to edit generated CRD Table csv files containing non-ASCII characters in excel view. |
View and edit using other editors (vi editor): You can view and edit csv files present in “.crd” archive file using editors such as vi editor even if the CRD data contains non-ASCII characters.
CPS provides a conversion tool to convert the balance references in the existing service configuration to CRD data string value to adopt the CRD table driven configuration solution. The tool can perform the following:
Mount ISO on Cluster Manager.
Extract release train into temp directory:
tar -zxvf /mnt/iso/app/install/xxx.tar.gz /tmp/
Go to PB-Configuration-Converter_Utility directory which is inside the utility directory of the extracted release train:
cd /tmp/release-train-xxx/Utility/PB-Configuration-Converter_Utility
Execute jar using the following command:
java –jar pb-configuration-converter-<svn-revision-number>-full.jar [-a <archive-file> | -d <directory> ] [-r]
You have the option to provide the XMI files input as an archive file or directory path in which all Policy Builder created XMI files are present. Select any one of the following mandatory options to run the command:
You can use "-r" option to perform cleanup operation for reducing the XMI files as follows:
The tool generates an archive file named as “<input-file-name>_updated.<input-file-extension>” if it is an archive file input or "<input-directory-name>_updated.zip" if it is a directory file input.. It contains all the XMI files in the input file along with updated Service Option XMI files with a new field “dynamicRefDataKey” if there are references to Account Balance template object type.
Note | The output archive file might not contain “.exportInfo” and “.exportRepositoryInfo” files as the tool only works on conversion of Service configuration balance reference data present in user input and copies all other input files in the output archive. |