search cancel

Default may still be starting, but API is throwing unexpected exceptions (404: Not Found)

book

Article ID: 42571

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

The Layer 7 Gateway is controlled by an additional process running on the host operating system (the "Process Controller"). This parent process is responsible for monitoring the Gateway service and checking its health and restarting it as necessary. A problem may occur where the Gateway starts successfully but the Process Controller is unable to properly communicate with the Gateway service. If that occurs, the following log entries may be visible in the Process Controller log (located at /opt/SecureSpan/Contoller/var/logs/sspc_0_0.log):

2014-01-21T10:09:02.570-0700 INFO 1 com.l7tech.server.processcontroller.ProcessController: Getting API port from /opt/SecureSpan/Gateway/node/default/var/processControllerPort
2014-01-21T10:09:02.666-0700 WARNING 1 com.l7tech.server.processcontroller.p: default may still be starting, but API is throwing unexpected exceptions
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '404: Not Found' when communicating with?https://localhost:2124/ssg/services/processControllerNodeApi

Environment

Release:
Component: APIGTW

Cause

The primary cause of this issue is the Gateway service being configured to provide remote management and health checking over an invalid interface. By default, the Gateway only allows remote management over the loopback interface as localhost. This ensures that only the local system is allowed to manage the Gateway service.?The Gateway can be configured to allow remote management over one or all interfaces on the system. If you specify a particular interface then the Gateway will only allow management requests to come in through that interface. If you specify all interfaces then requests for management can originate from all interfaces. The former option is preferable as it minimizes the available surface that the remote management functions are published against. The latter option is preferable in flexible environments where the network infrastructure fluctuates (as in development or other non-production environments).

Resolution

In order to resolve this issue, the Gateway's remote management API must be configured to be published on the correct interface. This can be configured through the Gateway configuraton menu. To make the required changes for resolution, run the following procedure:

  1. Log into the Gateway appliance as the ssgconfig user.
  2. Select Option #5: Display Remote Management configuration menu.
  3. Select Option #1: Listener IP Address
  4. Configure a valid IP address or specify a wildcard ("*").
  5. Save the changes and exit.
  6. Restart the Gateway appliance.

Additional investigative items


There are other configuration items that may contribute to this issue. If your issue persists after making the changes above, please provide the following items from the privileged shell of the Layer 7 Gateway appliance:

  1. The output of the following commands:
    1. mysql ssg -e "select * from connector\G"
    2. mysql ssg -e "select * from connector_property\G"
    3. ps awx | grep java

  2. The contents of the following files:
    1. /opt/SecureSpan/Controller/etc/host.properties
    2. /opt/SecureSpan/Controller/var/logs/sspc_0_0.log
    3. /opt/SecureSpan/Gateway/node/default/var/processControllerPort
    4. /opt/SecureSpan/Gateway/node/default/var/ssg.pid