從Cisco DNA Center生成並提取RCA檔案
簡介
本檔案介紹如何從思科數位網路架構(DNA)中心建立與擷取根本原因分析(RCA)檔案。
背景資訊
您必須具有Cisco DNA Center的CLI訪問許可權。要使用CLI登入到Cisco DNA Center,您必須透過安全套接字外殼(SSH)使用maglev作為埠2222上的使用者名稱,連線到Cisco DNA Center的管理IP地址。
請注意2.3.2.x中新增的限制殼層功能,此功能不允許您執行許多指令,直到您停用該功能為止。要在2.3.2.x或2.3.3.x中臨時停用受限制的shell,請參閱本文檔。在2.3.4.0及更高版本中,不能停用受限制的shell。
在單節點叢集中產生RCA檔案
在單節點叢集中產生RCA檔案步驟 1.登入埠2222上的Cisco DNA Center CLI。請使用maglev作為使用者名稱,除非在初始設定時修改了使用者名稱。然後運行rca命令。
[Tue Sep 11 15:08:48 UTC] maglev@10.1.1.1 (maglev-master-1) ~ $ sudo rca [sudo] password for maglev: =============================================================== Verifying ssh/sudo access =============================================================== Done =============================================================== Verifying administration access =============================================================== [administration] password for 'admin': <type your admin password> User 'admin' logged into 'kong-frontend.maglev-system.svc.cluster.local' successfully =============================================================== RCA package created on Tue Sep 11 15:32:47 UTC 2018 =============================================================== 2018-09-11 15:32:47 | INFO | Generating log for 'date'... tar: Removing leading `/' from member names /etc/cron.d/ /etc/cron.d/clean-journal-files <snip> /data/rca/maglev-x.x.x.x-rca-2018-09-11_15-32-40_UTC/docker_inspect_k8s_platform-ui_platform-ui-2963217120-rxv5d_maglev-system_1a09eb87-9f00-11e8-9d42-005d73c0c790_0.log /data/rca/maglev-x.x.x.x-rca-2018-09-11_15-32-40_UTC/sudo_ethtool_calife1d52fff20.log 2018-09-11 15:43:14 | INFO | Cleaning up RCA temp files... Created RCA package: /data/rca/maglev-x.x.x.x-rca-2018-09-11_15-32-40_UTC.tar.gz [Tue Sep 11 15:43:14 UTC] maglev@10.1.1.1 (maglev-master-1) ~在更新的Cisco DNA Center版本(2.3.4.x及更高版本)中,您可以執行$ rca copy。
$ rca --help
Help:
rca - root cause analysis collection utilities
Usage: rca [COMMAND] [ARGS]...
Commands:
clear - clear RCA files
copy - copy rca files to specified location
exec - collect RCA
view - restricted filesystem view在N節點叢集中產生RCA檔案
在N節點叢集中產生RCA檔案如果您擁有3節點集群,並且在任何裝置上運行rca命令,Cisco DNA Center會提示您輸入集群IP地址。出現提示時,輸入要從中檢索RCA的節點的群集間IP地址。
在本示例中,集群間IP地址在10.1.1.0/29範圍內。
[Wed May 30 18:24:26 UTC] maglev@10.1.1.2 (maglev-master-10) ~ $ rca =============================================================== Verifying ssh/sudo access =============================================================== Done =============================================================== Verifying administration access =============================================================== Cluster: 10.1.1.3 [administration] username for 'https://10.1.1.3:443': admin [administration] password for 'admin': <type your admin password> User 'admin' logged into '10.1.1.3' successfully =============================================================== RCA package created on Wed May 30 18:24:44 UTC 2018 =============================================================== 2018-05-30 18:24:44 | INFO | Generating log for 'date'... tar: Removing leading `/' from member names /etc/cron.d/ /etc/cron.d/run-remedyctl運行rca 命令後,您指定的集群間IP地址將快取到/home/maglev/.maglevconf中。下次運行rca命令時,Cisco DNA Center將使用同一節點以獲取RCA資訊。
[Wed May 30 18:23:37 UTC] maglev@10.1.1.2 (maglev-master-10) ~ $ rca [sudo] password for maglev: =============================================================== Verifying ssh/sudo access =============================================================== Done =============================================================== Verifying administration access =============================================================== [administration] password for 'admin': <type the admin password> User 'admin' logged into '10.1.1.3' successfully <-- it automatically logged into the cluster previously defined as the inter-cluster IP address =============================================================== RCA package created on Wed May 30 18:23:46 UTC 2018 =============================================================== 2018-05-30 18:23:46 | INFO | Generating log for 'date'... tar: Removing leading `/' from member names /etc/cron.d/ … rca continued…如果您需要在其他節點上運行rca命令,則必須刪除在Cisco DNA Center中配置的上下文,則會要求您選擇新的集群間IP地址,您可以定義另一個節點的IP地址。
[Wed May 30 18:24:10 UTC] maglev@10.1.1.2 (maglev-master-10) ~ $ sudo maglev context delete maglev-1 Removed command line context 'maglev-1' [Wed May 30 18:24:18 UTC] maglev@10.1.1.2 (maglev-master-10) ~ $ more /home/maglev/.maglevconf ;--------------------------------------------------------------------- ; Modified by Maglev: Wed, 30 May 2018 18:24:18 UTC ; maglev 73529 ;--------------------------------------------------------------------- [global] [Wed May 30 18:24:26 UTC] maglev@10.1.1.2 (maglev-master-10) ~ $ rca =============================================================== Verifying ssh/sudo access =============================================================== Done =============================================================== Verifying administration access =============================================================== Cluster: 10.1.1.2 <-- now it asks for the new cluster IP address [administration] username for 'https://10.1.1.2:443': admin [administration] password for 'admin': <type your admin password> User 'admin' logged into '10.1.1.2' successfully =============================================================== RCA package created on Wed May 30 18:24:44 UTC 2018 =============================================================== 2018-05-30 18:24:44 | INFO | Generating log for 'date'... tar: Removing leading `/' from member names /etc/cron.d/ /etc/cron.d/run-remedyctl在Windows電腦上解壓縮RCA檔案
在Windows電腦上解壓縮RCA檔案步驟 1.下載WinSCP或您最喜歡的SCP客戶端。
步驟 2.使用CLI憑證登入到Cisco DNA Center,選擇SCP作為檔案協定,然後選擇埠號2222。
步驟 3.導航到/data/rca文件夾。
步驟 4.將RCA檔案複製到您的本機電腦。
解壓縮Mac或Linux電腦上的RCA檔案
解壓縮Mac或Linux電腦上的RCA檔案步驟 1.打開終端會話,然後執行這些步驟以將儲存在Cisco DNA Center裝置上的/data/rca目錄中名為maglev-10.1.1.4-rca-2018-09-11_15-32-40_UTC.tar.gz的RCA檔案複製到您電腦上的當前工作目錄。
ALECARRA-M-P1Z8:~ alecarra$ scp -P 2222 maglev@mxc-dnac4.cisco.com:/data/rca/maglev-10.1.1.4-rca-2018-09-11_15-32-40_UTC.tar.gz ./ Welcome to the Maglev Appliance maglev@mxc-dnac4.cisco.com's password: <type your maglev password> maglev-10.1.1.4-rca-2018-09-11_15-32-40_UTC.tar.gz 100% 335MB 3.3MB/s 01:41 ALECARRA-M-P1Z8:~ alecarra$ 將RCA檔案推送到Mac或Linux電腦
將RCA檔案推送到Mac或Linux電腦在Cisco DNA Center裝置的CLI中,使用以下語法:
$ scp /data/rca/<RCA file name> <Mac/Linux username>@<Mac/Linux IP address>:<path to save the file>以下是本實驗中使用的命令示例:
$ scp /data/rca/maglev-10.1.1.4-rca-2018-09-11_15-32-40_UTC.tar.gz alecarra@10.24.133.238:/Users/alecarra/Documents/DNA The authenticity of host '10.24.133.238 (10.24.133.238)' can't be established. ECDSA key fingerprint is SHA256:u660kUomvMParNkcPIm7oXrDp84rilP5CM9wCWCFOAE. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.24.133.238' (ECDSA) to the list of known hosts. Password: <type your Linux or Mac user password> maglev-10.1.1.4-rca-2018-09-11_15-32-40_UTC.tar.gz 100% 335MB 3.7MB/s 01:32 將RCA檔案上傳到TAC SR
將RCA檔案上傳到TAC SR您可以使用案例檔案上傳工具透過瀏覽器將RCA檔案上傳到您電腦上存在的TAC服務請求(SR)。在必要時指定案件編號。
將RCA檔案推送TAC SR
將RCA檔案推送TAC SR有兩個選項可直接從思科DNA中心裝置將檔案(例如RCA)上傳到TAC SR。在這兩個選項中,使用者名稱是SR編號,密碼是每個SR唯一的權杖。使用者名稱/密碼一律會出現在SR開頭的備註中,而且也可以從SCM擷取。有關令牌的詳細資訊,請參閱客戶檔案上傳到Cisco技術支援中心。
SR的輸出示例:
Subject: 688046089: CXD Upload Credentials
You can now upload files to the case using FTP/FTPS/SCP/SFTP/HTTPS protocols and the following details:
Hostname: cxd.cisco.com
Username: 688046089
Password: gX***********P7選項 1.透過HTTPS上傳檔案(最快的選項並使用連線埠443)
選項 1.透過HTTPS上傳檔案(最快的選項並使用連線埠443)步驟 1.測試您是否具有從Cisco DNA Center裝置到透過埠443的cxd.cisco.com連線。以下是執行測試的一種方式:
$ nc -zv cxd.cisco.com 443
Connection to cxd.cisco.com 443 port [tcp/https] succeeded!
$步驟 2.如果測試成功,請使用此命令透過HTTPS上傳檔案:
$ curl -T “<filename with path>” -u <SR number> https://cxd.cisco.com/home/ (如果您要檢視更詳細的上傳檢視,請增加-v選項。例如,'curl -vT …'。)
舉例來說:
$ curl -T "./test.txt" -u 688046089 https://cxd.cisco.com/home/
Enter host password for user '688046089': <Type your CXD Upload password, unique to a Service Request, here>
[Tue Dec 10 13:35:47 UTC] maglev@10.1.1.1(maglev-master-1) ~
$受限制的外殼
受限制的外殼由於受限制的Shell阻止使用CURL,因此我們使用rca copy(利用scp)來啟用到cxd.cisco.com的安全檔案傳輸。
$ rca copy --files maglev-10.1.1.233-rca-2024-03-06_14-07-36_UTC.tar.gz 6969XXXXX@cxd.cisco.com:/
FIPS mode initialized
Warning: Permanently added the ECDSA host key for IP address '10.209.135.105' to the list of known hosts.
6969XXXXX6@cxd.cisco.com's password:
maglev-10.1.1.233-rca-2024-03-06_14-07-36_UTC.tar.gz選項 2.透過SCP上傳檔案(使用埠22)
選項 2.透過SCP上傳檔案(使用埠22)步驟 1.測試您是否具有從Cisco DNA Center裝置到透過埠22的cxd.cisco.com連線。以下是執行測試的一種方式:
$ nc -zv cxd.cisco.com 22
Connection to cxd.cisco.com 22 port [tcp/ssh] succeeded!
$步驟 2.如果測試成功,請使用此命令透過SCP上傳檔案:
$ scp <local filename with path> <SR number>@cxd.cisco.com:舉例來說:
$ scp ./test.txt 688046089@cxd.cisco.com:
The authenticity of host 'cxd.cisco.com (X.X.X.X)' can't be established.
RSA key fingerprint is SHA256:3c8Vi3Ms2AITZlNzkBccR1pvE5ie9oMs64Uh0uhRado.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'cxd.cisco.com,X.X.X.X' (RSA) to the list of known hosts.
688046089@cxd.cisco.com's password: <Type your CXD Upload password, unique to a service request, here>
test.txt 100% 39 0.0KB/s 00:00
[Tue Dec 10 13:44:27 UTC] maglev@10.1.1.1 (maglev-master-1) ~
$ 修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
2.0 |
17-Feb-2022 |
已更正產品名稱問題。 |
1.0 |
13-Aug-2021 |
初始版本 |
意見