Cisco IdS Node would be in PARTIAL SERVICE in Island Mode

From DocWiki

Jump to: navigation, search

Cisco IdS Node would be in PARTIAL SERVICE in Island Mode

Problem Summary Cisco IdS Node would be in PARTIAL SERVICE in Island Mode due to Quorum error in Cisco IdS Administration user interface as shown in the nodes dashboard.
Error Message 2016-06-17 22:46:16.971 IST(+0530) [cached1] DEBUG com.cisco.ccbu.ids IdSStateManager.java:80 - Health event with id IDS_CLUSTER_QUORUM_ERROR has come from com.cisco.ccbu.ids.cluster.IdSClusterMonitor$1 that can potentially change the state from STATE_IN_SERVICE

2016-06-17 22:46:16.971 IST(+0530) [pool-2-thread-1] DEBUG com.cisco.ccbu.ids IdSStateProcessor.java:86 - processing the event IDS_CLUSTER_QUORUM_ERROR

2016-06-17 22:46:16.971 IST(+0530) [pool-2-thread-1] DEBUG com.cisco.ccbu.ids IdSStateProcessor.java:98 - event IDS_CLUSTER_QUORUM_ERROR is a failure event , so adding the event to the active list

2016-06-17 22:46:16.971 IST(+0530) [pool-2-thread-1] DEBUG com.cisco.ccbu.ids IdSStateProcessor.java:251 - the state corresponding to event IDS_CLUSTER_QUORUM_ERROR is STATE_PARTIAL_SERVICE

2016-06-17 22:46:16.971 IST(+0530) [pool-2-thread-1] DEBUG com.cisco.ccbu.ids IdSStateProcessor.java:139 - Move to state STATE_PARTIAL_SERVICE because the list of active events [IDS_CLUSTER_QUORUM_ERROR]

2016-06-17 22:46:16.971 IST(+0530) [pool-2-thread-1] DEBUG com.cisco.ccbu.ids IdSStateManager.java:85 - event IDS_CLUSTER_QUORUM_ERROR posted to the processor
resulted in the state: STATE_PARTIAL_SERVICE

2016-06-17 22:46:16.971 IST(+0530) [pool-2-thread-1] INFO com.cisco.ccbu.ids IdSStateManager.java:102 - changing the state as current state STATE_IN_SERVICE is different from new state STATE_PARTIAL_SERVICE as a result of IDS_CLUSTER_QUORUM_ERROR

2016-06-17 22:46:16.972 IST(+0530) [pool-1-thread-1] DEBUG com.cisco.ccbu.ids IdSAlarmManager.java:86 - Alarm IDS_CLUSTER_QUORUM_ERROR sent successfully

2016-06-17 22:46:16.972 IST(+0530) [pool-1-thread-1] DEBUG com.cisco.ccbu.ids IdSAlarmManager.java:124 - Alarm STATE_PARTIAL_SERVICE sent successfully

Status API response

URL: https://10.78.94.46:8553/ids/v1/status?details=full
JSON Response:

{
"config": {
"idp": {
"entityId": "http://adfs-sha256.yoddhasad.com/adfs/services/trust"
},

"samlSp": {
"certExpiryInDays": 1085,
"certExpired": false,
"entityId": "ccx-94-45.cisco.com",
"certExpiryUTC": 1559848673000,
"certExpiryThresholdReached": false
}
},

"cluster": [
{
"connectionStatus": "CONNECTED",
"statusRefURL": "https://ccx-94-46.cisco.com:8553/ids/v1/status",
"hostName": "ccx-94-46.cisco.com"
},
{
"connectionStatus": "DISCONNECTED",
"statusRefURL": "https://ccx-94-45.cisco.com:8553/ids/v1/status",
"hostName": "ccx-94-45.cisco.com"
}
],
"reason": "IdS Cluster Quorum is Down.", "primary": false,
"primaryHostName": "ccx-94-45.cisco.com", "selfHostName": "ccx-94-46.cisco.com",
"version": {
"configSchemaRuntimeVersion": "1.0","configLastUpdatedAt": 1466162067467,
"securityConfigVersion": "2", "configSchemaReleaseVersion": "1.0", "securityConfigLastUpdatedAt": 1465280338342
},
"state": "STATE_PARTIAL_SERVICE"
}

Possible Cause

Hazelcast cluster is broken due to network partitioning or otherwise.

Recommended Action Restore network connectivity between IdS cluster members. After restoring network, below would be the sample log smippet indicating IdS getting back to IN_SERVICE state:
2016-06-18 22:28:00.405 IST(+0530) [cached9] INFO com.cisco.ccbu.ids IdSClusterMonitor.java:108 - Quorum is satisfied; so IDS_CLUSTER_QUORUM_SUCCESS event is sent to state manager
2016-06-18 22:28:00.406 IST(+0530) [pool-2-thread-1] INFO com.cisco.ccbu.ids IdSStateManager.java:102 - changing the state as current state STATE_PARTIAL_SERVICE is different from new state STATE_IN_SERVICE as a result of IDS_CLUSTER_QUORUM_SUCCESS
Release Release 11.5(1)
Associated CDETS # None


Rating: 0.0/5 (0 votes cast)

Personal tools