PrismCentral and CMSP Flashcards
What service logs do you check for AI ops/Capcity Planning/XFit? What port does it listen on
neuron_server.log, listens on port 2602
When an user gets logged out immediately after logging in to PC what could be the problem
User might be part of more than 100 groups and iam token cannot contain more than 100 groups
Explain dns resolution flow in Prism Central VM that has CMSP enabled for iam-proxy.ntnx-base
nslookup -> 127.0.0.1 (dnsmasq in PC) -> /etc/dnsmasq.conf (fail) -> External DNS fail -> Append search list to query -> dnsmaq (PC) -> master PC VM port 31000 -> resolved
What is the eth1 ip in CMSP cluster with private network and CMSP cluster with routable ip address
CMSP with private ip - eth1 is 192.168.5.x network
CMSP with routable ip - eth1 is external ip address provided during enablement
What logs contain cmsp upgrade logs
data/logs/cmsp_upgrade.out
What can happen when CMSP upgrade fails
kubectl will not work, mspctl will report “no route to host”
cmsp_post_upgrade.py script is available to re-trigger the upgrade
MSP upgrade fails with ssh handshake issue what could be the caused
msp_entity IDF object might have disable_lockdown set to true which will cause the upgrade to fail.
Where are the post upgrade scripts for CMSP are present in Prism Central
Many scripts are located in /var/nutanix directory
Describe the bootup sequence of PC and how eth1 interface is created in cmsp
multi-user.target -> nutanix-rc-local.service -> /usr/local/nutanix/start.d/rc.local -> start mount_disks script -> start /usr/local/nutanix/bin/cmsp_init_config.sh -> starts persist-vxlan-config.sh -> creates vxlan eth1 interface -> fixes resolver using fixup_resolv_conf.sh -> starts genesis
how do you trigger a ncc equivalent health check in msp
mspctl debug run
What does lb-controller-deployment-0 pod is used for in kube-system namespace
This pod monitors all services of type loadbalancer in k8s cluster, it then configures the envoy loadbalancer with the service ip and port so envoy can loadbalance the connections coming into the ports to backend kubernetes service. Loadbalancer pod also operns the firewall on PC VMs.
explain different sections of envoy config file
Envoy config file has two major sections,
Listeners section - These list all the front end ip ports on which envoy listens for client connections. This also contains the name of the cluster where the connections should be sent to backend
Clusters section - This section contains the backend k8s ip and the nodeport ports to which the connections should be sent to in the hosts parameter. This section also contains health checks section on how to monitor if the backend is healthy before we can send the connections to.
Explain different types of DNS and the domains they serve and the clients they serve
At the base k8s level we have coredns which services
svc.mspfqdn and pod.mspfqdn subdomains only. The clients for core dns will be mostly pods running in k8s cluster.
The next layer of DNS is the mspdns which serves mspfqdn domain, services running in k8s are exposed to external clients via entries in the mspfqdn domain. The clients for this DNS are external to the k8s cluster where the services are running, for example services running inside PC VM like atlas, aplos, prism etc…
The next layer of DNS is customer’s DNS. This serves all the domains except mspfqdn including any public fqdn’s. All customer applications that are not running PC VM will have to reach the services running inside CMSP k8s cluster via this external DNS.
Why MSP DNS is very important for cluster function
MSP DNS acts as the DNS server that connects services running inside a Prism Central VM to the services that are running inside CMSP k8s cluster. Some examples of entries that help CMSP k8s services are zk.mspfqdn, idf.mspfqdn, ergon.mspfqdn these entries allow services inside CMSP k8s cluster to talk to PC services
what is the use of lb-controller-map config map
This map contains the list of loadbalancers that the lb controller pod should configure when a new loadbalancer type service is created in k8s cluster. It has the authentication ssh keys to login to the envoy lb’s and configure the files.
