Appliances can operate as one or more functions, such as a Controller. This list contains all the appliances you have configured in the Collective. You can switch between the Stats table layout view for all appliances (mainly focused on health and statistics) and the Default table view.
The stats view includes the Version you are using and you will be advised via an admin message when there is a newer version available (ZTP connected Collectives only).
Filtering and sorting
The search box can be used to filter the view; so you could just do a text search for Controllers with health = unhealthy. The columns are sortable - just click on a column heading and sort arrow(s) will appear.
NOTE
If a customization has been installed then this will be shown in the Version column with the addition of a (c).
Before you start
Information you will need:
details of network interfaces and routing
details of any log servers which will be receiving logs from the appliances in the Collective
details of the NTP servers to be used by the appliances, including key information if using secure NTP
Pre-configure the following elements:
Set up DNS: the hostname of the new Appliance MUST be resolvable by the Controller and verse visa
Trusted certificates: if forwarding logs using a LogForwarder (using mTLS), the destination's certificate should be added to Trusted Certificates
Sites: if configuring a Gateway, you should configure the Site first. Refer to the Sites
Background reading:
General background on appliance types, refer to About appliances
Learn about peer-to-peer connectivity, refer to the section System Connections
Understand how tunneled connections work, refer to Tunnel architectures
Learn about typical appliance topology, refer to the Interface Schematic.
Use the Appliances form to:
Add new appliances. Refer to The first Controller or Configuring a new appliance if you have not done this before. The topics in this section are organized one for each tab. Remember to complete the information on each tab before you save.
Edit an existing appliance (click the name) e.g. add Gateway functionality to a Controller.
NOTE
for any activated appliance, you will not need to re-export the configuration file after making changes. The changes will be pushed to the appliance automatically.
Monitor the appliance health status.
Perform bulk actions
Perform actions using the action buttons provided (See below).
Appliance Health Status
The different types of appliance health status are:
Busy: appliances that are connected performing some action such as starting up.
Error: appliances that are connected but are not healthy.
Healthy: correctly configured and working.
Not Active: the appliance has not yet been activated.
Offline: appliances that have been activated but are currently not connected to any Controller.
Warning: appliances that are connected but are not healthy.
Click on any highlighted <Status> to access Appliance Health Details which provides more details about the specific health status of any on-line appliance.
|
Appliance Troubleshooting lists details of the majority of the warnings or errors you are likely to encounter - and also provides some suggested actions that might help to ameliorate the system health. |
Actions
The Admin UI tools page provides more information about the bulk actions that can be performed on multiple Appliances at one time.
Action Buttons
Action buttons are accessed by clicking the 3 dots to the right of each line item in the table or from the <Actions> button within the item. They are contextual, changing depending on the type of item and the state of the item.
Reboot. Reboots the appliance.
Renew Certificate. You will need to renew the appliance certificate if:
You have changed appliance settings such as Interfaces or Hosts File
You have changed the Client Hostname/IP
NOTE
The appliance will be deactivated temporarily until the certificate has been successfully renewed. Active Client connections will be dropped but they will be automatically reconnected.
Changing the appliance Hostname/IP will trigger the appliance certificate to be renewed automatically to ensure appliance communications are not impacted. The appliance will be shown as Non active for a short period - you do not need to take any action. When the certificate has been successfully renewed, the appliance will be active again.
Download Logs. Downloads a zip archive of all the appliance daemon logs.
Deactivate. Deactivate can be used when any given appliance is to be removed from the Collective but will be re-added at some future point. Deactivation does three things:
Deletes all configurations from the appliance if it is still available.
Sets the appliance status to Not active.
Re-enables the Export seed file/ISO button.
The Deactivate option is useful if a cloud instance had been deleted/damaged by accident and needed to be reestablished.
NOTE
A functioning Controller cannot be deactivated. First you must disable the Controller function on the appliance and then wait for it to become healthy.
NOTE
To delete an appliance, use the Delete button on the specific appliance form.
Suspend/Resume. On Gateways, you can suspend (and resume) new connections. This allows a Gateway to be gently unloaded before performing some sort of maintenance. The Gateway may also perform auto-suspend. It will auto-resume when this happens.
Run Commands. Run Commands will open the Remote Commands window. There are eight limited remote commands available which can be run on this appliance, thus avoiding any immediate requirement to SSH to remote machines to perform basic diagnostics.
addresshow
dig
ip route show
netcat
nptq
ping
tcpdump
traceroute
Most of the commands have a Timeout field that accepts a value in seconds.
NOTE
The max number of concurrently running commands allowed is five.
Export seed file/ISO. To configure a new appliance, you will first need to create a new appliance and then apply this seed file.
Export Seed. Refer to Configuring a new appliance for more details.
Upgrade to latest version. If checked, the Controller will generate a configuration that is compatible with the current API version of the Controller. If unchecked the Controller will generate a configuration that is compatible with the API version of the appliance record. Versioning of seed files has changed in v5.5 - refer to Configuring a new appliance for more details.
Seed Lifetime. Seeds contain temporary keys which allow access to the Controllers. The seed lifetime should therefore be kept to a minimum.
NOTE
After the seed expires it will no longer work. You will need to re-export the seed file.
Allow appliance customizations. Appliance customizations are disabled by default. These can be enabled later using a cz-config command if required. Refer to cz-config for details.
Use SSH key provided by the cloud instance. With Cloud based appliances, you should specify a key when launching the instance.
Use SSH public key. Begins with ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 or ecdsa-sha2-nistp521.
Use password. Use a password instead of an SSH key pair. Use a strong password as this gives root access to the appliance. You can swap to Public Key later on; see SSH Command line administration.
Seed Type. Export as JSON file, ISO file or RAW JSON to seed the appliance.
JSON is the typical file format you might use if seeding an appliance in the Cloud. You can change the JSON name but it must still end in
-seed.JSONISO format can be used in virtualized environments such as VMWare.
RAW copies the JSON to the clipboard which makes for a quick and easy way to copy/paste the seed straight into the appliance using SSH and then
nano /home/cz/seed.JSONand paste.
After successful seeding, the new appliance will be listed in the appliances console. If this does not happen then please refer to Registering a new appliance where there are some troubleshooting suggestions.
NOTE
The Export seed action button is only visible in Not active appliances.