Continuous SE_DISK_HIGH alerts for over 90%.
Example Alerts:
AviController: AVI : [Avi-se-ekwio: reason: System-high] At 2024-09-22 19:35:00+00:00 event SE_DISK_HIGH occurred on object Avi-se-ekwio in tenant admin as Disk usage over Threshold 90 % Current 90 %.
X.X.X.X AVI : [Avi-se-ekwio: reason: System-high] At 2024-09-22 19:35:00+00:00 event SE_DISK_HIGH occurred on object Avi-se-ekwio in tenant admin as Disk usage over Threshold 90 % Current 90 %.
Command used to identify disk utilization and largest directories in SE filesystem:
sudo df -kh
sudo du 2> >(grep -v '^du: cannot \(access\|read\)' >&2) -h / | sort -rh | head -n 30
The /var/lib/avi/log/pcap will be very large when this issue occurs.
In the directory (/var/lib/avi/log/pcap) you will find *keylog.text files will be in the high MiB or GiB in size with an up to date timestamp (last written).
Affects Versions: 22.1.x, 30.1.x, 30.2.x
This issue occurred after taking a Virtual Service traffic capture on a GSLB DNS Virtual Service with DEBUG_VS_HM_ONLY mode (health monitor traffic only).
Why was a keylog file created for a DNS VS with no SSL enabled?
Why did the keylog file continue to grow after the capture was disabled?
Also after deleting the keylog files the disk utilization stayed at 100%. The SE VM had to be rebooted from vCenter to recover the SE
A fix for this issue will be delivered in upcoming GA releases or patch releases of VMware Avi Load Balancer. Please look for Bug ID AV-219297 in the product release notes.
Workaround(s) to recover the Service Engine:
Manually delete the *keylog.txt files from the Service Engine directory /var/lib/avi/log/pcap and hard reboot the SE VM or Instance.
Preventative Workaround(s):