Clustered Nodes Stuck in Starting but Accessible via the Policy Manager
search cancel

Clustered Nodes Stuck in Starting but Accessible via the Policy Manager

book

Article ID: 366767

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

After a reboot, the node status is permanently stuck as "Starting" for a couple of clusters. There is confirmation that the gateways are accessible via the Policy Manager.

In the /opt/SecureSpan/Controller/var/logs/sspc.0_0.log,the following line is repeated:

2024-04-30T09:28:44.228-0400 INFO    1 com.l7tech.server.processcontroller.ProcessController: Empty API port from '/opt/SecureSpan/Gateway/node/default/var/processControllerPort' API is disabled.

Environment

API Gateway 11.x (clustered nodes)

Cause

To troubleshoot this a bit more, make sure the gateway service has stopped by running one of the following commands (preferably from one of the database nodes):

systemctl stop ssg
service ssg stop

Navigate to the /opt/SecureSpan/Gateway/runtime/bin directory. Run the following command: ./gateway.sh start -console

Within the startup messages, there was a "Unable to access private key for connector" for listen ports 9443 and 2124.

Resolution

Ports 9443 and 2124 do not have a private key selected. 

1. Log in to the Policy Manager
2. Go to Tasks > Transports > Manage Listen Port
3. Double-click on port 2124
4. Click on the SSL/TLS Settings tab
5. For the Server Private Key dropdown, select '<Default SSL Key>'
6. Click [OK]
7. Repeat steps 3-6 for port 9443

Additional Information

- Port 2124 is used for inter-node communication (including log viewing)
- Port 9443 is used for HTTPS communication without client certificate support

REF: Using Private Keys within the Gateway