With the UCS module System Diagnostic you can easily analyze the system for existing or potential problems in your UCS instances. Initially, the module contained six different verification options. Today, there are already 54 available to help you ensure the smooth operation of your IT system by identifying disruptions and providing corrective solutions.
Below we give you a brief understanding of the benefits and operation of this tool. At the same time we would like to invite you to give us feedback. Our wish is to continuously optimize and extend the system diagnostic for you. So let’s get started.
Who Needs System Diagnostic and Why?
Since the diagnosis of Linux systems and especially complex Linux server systems such as UCS can be an extensive task, the UMC module “System Diagnostic” abstracts the complexity of this process and is of valuable support to administrators in ensuring a smooth flow of all IT processes.
On the one hand problems on the UCS side are identified, on the other side possible solutions and additionally helpful information are presented. It may also happen that corrections, for example, in Samba databases, are made automatically, but most often the module indicates errors and proposes solutions.
Many of the checks examine the accessibility of individual network services, e.g. DNS, gateway or proxy, but also, for examle, DNS names of network devices are checked for correctness under RFC-1123 (Requirements for Internet Hosts — Application and Support).
The system diagnostic is fully familiar with the special features of UCS and can therefore find and suggest the best solutions in the event of a problem. Special features of UCS that are checked by the module are, for example, the Notifier. Here, a message will be displayed if the Notifier IDs between master and slave/member do not match. Another example concerns the UCS templates. As soon as these are changed by the ‘Administrator’, which may be useful in certain scenarios, the module points it out.
In addition, the system diagnostic can in some cases provide an error forecast, which can also be very useful.
Access via UMC
The system diagnostic module is natively integrated in the UMC and directly accessible from the UMC system tab. By opening the module “System Diagnostic”, system checks related to frequently occurring problems such as discussed on help.univention.com/ and covered by the Univention Product Support are performed directly.
After the first diagnostic run, you can repeat a diagnosis as often as you like by clicking on the “TEST AGAIN” button, for example, to check the system again for correctness after first troubleshooting.
The results are presented to you in a compact and comprehensive manner, allowing you to gain deeper insights into possible problems, thus allowing you to do further, error-solving actions if necessary.
Examples of a System Diagnosis Check
Let’s assume that the validity of your UCS SSL certificates is outdated. The UCS system diagnostic module will give a brief indication of the problem and provides further logging information as well as adequate Univention Support Database entries to resolve the problem.
Another example for the failure prediction and automatic fixing capabilities of the system diagnostic module is shown in the following screenshot where the internal database of Samba, the software providing Microsoft Active Directory like services, shows some inconsistencies.
In most cases these inconsistencies do not harm the behavior for the end user, but as they can be the root cause of future problems, the UMC module reports them and allows an easy fix.
Outlook
We plan to add even more functionality to the system diagnostic module in order to ease the process of system administration even further.
If you haven’t used the UMC system diagnostic yet, check it out. And we like to encourage you to contribute to its further development with your feedback and ideas via the comment field or our feedback form, so that we are able to integrate our users’ most needed functionalities in UCS.
Thank you!
Comments
Moritz Bunkus
For me as a Univention partner supporting a multitude of clients, the system diagnosis is a God-sent. What I’d like to see in the future:
• Being able to run the same checks from the CLI (e.g. for easier access during remote upgrades, but also for integrating into monitoring solutions such as Nagios)
• DNS checks for server name resolution discrepancies: in the forum i often stumble across user setups where the UCS servers resolve e.g. the DC Master’s host name correctly, but a client machine doesn’t, and where it turns out that the external resolver (e.g. a FritzBox) resolves that name to the public, external IP address. Verifying that all nameservers configured via UCR and the ones handed out via DHCP serve the same addresses for at least the DC Master would be nice.
• Samba Kerberos vs. network interfaces: I had a couple of clients who had configured Samba to only listen on certain network interfaces (e.g. eth0 but not lo). This can lead to the Kerberos KDC not being reachable, especially when /etc/krb5.conf is configured to use 127.0.0.1. While there is a check for that already, its error messages are somewhat misleading. This could be vastly improved.
• Regarding a CLI mode & integration into monitoring solutions: it would be nice to be able to deactivate or skip certain checks. For example, we have one customer with host names with underscores, and he’s perfectly fine with them — but the check always emits a warning.
Anyway, I’m really happy with the system diagnosis and looking forward to all the checks still to come. Thanks!
Ray
This sounds like a great tool.one feature id like to see is a check of services and apps meant to start at boot and repairs to fix things when they dont. After some updates for example Kopano fails to start and needs manual intervention to get it going.
Johannes Kenkel
Dear Moritz and Ray,
we appreciate your feedback.
Regarding the suggestions from Moritz I created a feature request see: Bug 46365 (https://forge.univention.org/bugzilla/show_bug.cgi?id=46365).
Regarding Rays comment related to not started autostart services the UMC system services module is mentionable where one gets an overview of the (boot) status of system services.
Rays Kopano example indicates that there is a more complicated cause for the described problem. Such (not generic) problems may be better addressed by a monitoring solution such as Nagios (https://www.univention.de/produkte/univention-app-center/app-katalog/nagios/) which as well checks the status of services and furthermore provide administrators with problem analyze functions which is more appropriate for the described behavior.
Best regards
Johannes