cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1684
Views
0
Helpful
2
Replies

DCNM upgrade to 11.4(1) went ok , but web interface doesn't respond

lean2739
Level 1
Level 1

 

Hi, because of security advisory CVE-2020-3382 I decided to upgrade my DCNM installation to 11.4(1) 

 

I was running 11.1(1) ova version on esxi server standalone install (no ha)

 

I followed this guide , and performed the "Inline Upgrade for DCNM Virtual Appliance in Standalone Mode
"procedure , everything went ok without any errors , but the web interface doesn't start , https://dncm_ip  doesn't respond .

 

After scanning open ports , port 443 doesn't appear to be open on the server.

 

Any idea what could be the problem? Thanks

 

[root@cisco-dcnm ~]#  appmgr status all


DCNM v11 will only use HTTPS. Insecure access via HTTP is disabled.
Please use the url https://<DCNM-IP-ADDRESS> or https://<HOSTNAME> to launch the DCNM UI.

DCNM Status

 PID  USER      PR  NI  VIRT    RES     SHR  S  %CPU %MEM    TIME+  COMMAND
 ===  ====      ==  == ======= ======  ===== =  ==== ====   ======= =======
 2899 fmserver  20   0   12.2g   3.4g  15572 S   0.0 14.4 964:52.71 java

Telemetry Infra Status

 PID  USER      PR  NI  VIRT    RES     SHR  S  %CPU %MEM    TIME+  COMMAND
 ===  ====      ==  == ======= ======  ===== =  ==== ====   ======= =======
  738 root      20   0  796716   5240   3452 S   0.0  0.0   5:35.89 telemetry-infra

TFTP Status

 PID  USER      PR  NI  VIRT    RES     SHR  S  %CPU %MEM    TIME+  COMMAND
 ===  ====      ==  == ======= ======  ===== =  ==== ====   ======= =======
 1374 root      20   0   27168   1060    808 S   0.0  0.0   0:00.00 xinetd

DHCP Status

 PID  USER      PR  NI  VIRT    RES     SHR  S  %CPU %MEM    TIME+  COMMAND
 ===  ====      ==  == ======= ======  ===== =  ==== ====   ======= =======
 1401 dhcpd     20   0  103636   5780   3488 S   0.0  0.0   0:19.65 dhcpd

AMQP Status

 PID  USER      PR  NI  VIRT    RES     SHR  S  %CPU %MEM    TIME+  COMMAND
 ===  ====      ==  == ======= ======  ===== =  ==== ====   ======= =======
 1376 rabbitmq  20   0 6000172  81168   4220 S   0.0  0.3  90:03.01 beam.smp
[root@cisco-dcnm ~]# appmgr show version
Cisco Data Center Network Manager
Version: 11.4(1)
Install mode: LAN Fabric
Standalone node. HA not enabled.

 

 

2 Replies 2

lean2739
Level 1
Level 1

Hi, I found more insteresting informartion after some troubleshooting.

I connected via ssh to the dncm vm and can see the container running with the correct port redirection :

[root@cisco-dcnm ~]# docker ps
CONTAINER ID        IMAGE                                     COMMAND                  CREATED             STATUS              PORTS                                          NAMES
1449b8c16895        127.0.0.1:5001/afwapiproxy:2.2            "/bin/entry.sh"          8 days ago          Up 8 days           0.0.0.0:443->443/tcp, 0.0.0.0:9200->9200/tcp   AfwApiProxy

So the app is listening on 0.0.0.0:443   , but I can't connect to it .

Its seems theres some kind of firewall running blocking the connection to 443 in the dcnm virtual machine, not the redhat/centos one but some cisco process (vendor preset: enabled):

● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

To confirm this , I configured ssh port tunneling ( localhost:443 ---> localhost:443) with my ssh client and it works !, I can connect to dcnm web gui perfectly. 

Its seems the inline upgrade script, didnt setup correctly the firewall allowing the connection to the dcnm web gui .

 

Anyone has an idea on where to configure this?

 

Thanks

 

lean2739
Level 1
Level 1

I upgraded the same install to 11.5.1  , same problem still persist ,  can't access web gui via lan ip

 

I can access the web gui doing a ssh port tunneling ( localhost:443 ---> localhost:443)

 

Anyone knows how to fix this ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: