Working with Message Bus
The Message Bus node in Venafi Configuration Console shows the status of communications between servers in the cluster. As you hover over the nodes in your cluster, you can see detailed information about the servers and their connectivity to the bus.
Click a tab to see specific information about working with each mode.
Icon | Status | Description |
---|---|---|
Blocked |
The server is in the cluster, but cannot communicate with any other servers. For example, the designated port is not open, or the Venafi Platform service might not be running on the server, or the server might be offline. |
|
Cant Reach All | The server is participating in the bus, but it is not able to reach one or more other servers in the cluster. | |
Connected | The server is participating in the bus and can communicate with all servers in the cluster. |
If you are experiencing connectivity issues, make sure that the firewall settings allow communication over the specified port. In mesh mode, all servers need to be able to reach all other servers in the cluster over the assigned port.
As you hover over servers in the cluster, you will be able to see details about any connectivity issues the servers are encountering. For example, if you hover over a server with a yellow warning symbol, you can see details about which servers it can connect to and which ones it cannot connect to.
Icon | Status | Description |
---|---|---|
Not Connected |
The server is not participating on the bus. This may be because the server is offline, or because it is on an older version of Venafi Platform that doesn't support Message Bus, or because the firewall doesn't allow connection to the central broker over the specified port. |
|
Connected | The server is participating in the bus and can communicate with the central MQTT broker. |
If you are connected to the server that is not able to communicate with the central MQTT broker, all other servers in the cluster will appear to be disconnected, since this server cannot get information from the broker about the other servers in the bus. If this applies to you, try logging in to another server in the cluster to check its connectivity to help you determine whether the problem is with this server's configuration, or with the central broker.
If you are experiencing connectivity issues, make sure the firewall settings allow communication over the specified port. In central broker mode, each server needs to be able to reach the central MQTT broker over the specified port.
Troubleshooting communication issues
Message Bus is designed to require very little maintenance, so most issues boil down to the following connectivity issues:
-
Firewall / Port issues. If the specified ports are not open, the bus nodes won't be able to connect.
-
Server status. If the server is powered off, or if the Venafi Platform service isn't running, then the bus clearly can't get updates from the server.
If you need to send a network administrator information to help troubleshoot network connectivity issues, you can click the Copy health information link in the Actions panel. Connectivity information will be copied to the clipboard so you can send it to the network administrator.
You can quickly see what applications and services are running on each node by clicking the node or click on the server in the graph. Copy status information link in the Actions panel.
All status information can be copied to the clip board by clicking Copy Status Information.
The information from these two links can help you and your network administrators troubleshoot any connectivity issues in the cluster.
Individual engine nodes
If you expand the Message Bus node, the list expands to show all nodes in the cluster. Click on any node to see detailed information about that server.
You see a detailed Engine Status table. It shows services, applications, and service modules running on that server, as well as how long they are have been running and their process identity.
In the Actions panel you can see a description of the selected engine, as well as the measured database latency for that server.
You can specify the hostname used in the mesh by clicking Set mesh hostname in the Actions panel.
A hostname is one way a computer is uniquely identified on a network. In mesh mode, servers need to be able to communicate with each other, and they identify each server by its hostname.
The default hostname that Venafi Configuration Console detects for a server might not resolve to the correct address for all servers. An example of this is when using a load balancer, where multiple servers self-identify with the hostname of the load balancer, not the server itself.
To address this, you can use the Override Hostname option, which allows you to enter a fully-qualified domain name (FQDN) that resolves to this server. If you are using TLS, you cannot use an IP address in this field.
-
Review the Detected name. This is the name that Venafi Configuration Console detected for this host. You can't edit this field.
-
Enter a fully-qualified domain name to use to connect to this server in the Override with field.
-
Click Save.
Root Node
On the root node of the Venafi Configuration Console there is a panel that shows the configuration status of the Message Bus. There you can see:
-
The operating mode (self-hosted mesh or central MQTT broker)
-
The port
-
Encryption status (TLS yes/no)
-
The hostname of the current server
TIP If you are on the root node and you change the port, you are changing the port for all servers in the cluster. If you are in child node and you change the port, you are only changing it for that specific server.
Health Check
Message Bus periodically checks to verify that the bus is working as expected. These checks occur five minutes after the VPlatform service starts, and then again every hour. If there is an issue, Venafi Platform will wait fifteen minutes and check again. If there is still an issue, Venafi Platform sends an e-mail notification indicating that there is a health issue with the bus1.
IMPORTANT If your first installation of Venafi Platform was version 23.1 or older, these e-mail notifications are not enabled by default. For information on enabling specific notification rules, see Customizing email notifications. Note that there is one default email notification rule for central configuration, and a different default email notification rule for mesh configuration. Make sure you enable the correct one for your setup.