How to collect the SSP support bundle with cli when UI and cluster-api are down
search cancel

How to collect the SSP support bundle with cli when UI and cluster-api are down

book

Article ID: 428673

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

When the SSP UI is unavailable but the SSPI CLI is accessible, it is still possible to collect a support bundle using the CLI.

  • If the cluster-api pod is running, the standard support bundle collection procedure can be followed as documented.

  • However, when the cluster-api pod is down, collecting a full support bundle becomes challenging.

This article describes a workaround to manually collect critical logs when the cluster-api pod is unavailable.

Environment

  • SSP 5.0
  • SSP 5.1
  • SSP UI unavailable
  • cluster-api pod down
  • SSPI CLI accessible

Cause

The cluster-api pod is the primary component responsible for coordinating interactions between SSP services and pods.
When this pod is down, normal support bundle generation is not possible.

In this scenario, the fluentd pod continues to run and aggregates logs from across the cluster. These logs can be manually collected and packaged as a workaround support bundle.

 

Resolution

Step 1: Verify the fluentd pod is running

From the SSPI CLI, confirm that the fluentd pod is in a Running state:

kubectl get pods -n nsxi-platform | grep fluentd

Step 2: Attach to the fluentd pod

sysadmin@n1sspi:~$ k exec -it fluentd-0 -n nsxi-platform -- bash

Step 3: Verify log availability

Inside the fluentd pod, confirm logs are present:

td-agent@fluentd-0:/$ ls /opt/bitnami/fluentd/logs/buffers/

Example output includes:

  • audit_log.log

  • kube-system/

  • nsxi-platform/

  • n1ssp-controller-*

  • n1ssp-md-*

  • Other component-specific logs

Navigate further as needed:

td-agent@fluentd-0:/$ ls /opt/bitnami/fluentd/logs/buffers/nsxi-platform/

Step 4: Exit the fluentd pod

td-agent@fluentd-0:/$ exit

Step 5: Copy logs from fluentd pod to SSPI

Use kubectl cp to copy the buffered logs to the SSPI node:

sysadmin@n1sspi:~$ k cp nsxi-platform/fluentd-0:/opt/bitnami/fluentd/logs/buffers/ ./ssp_supportbundle

Note:
Warnings such as file changed as we read it are expected because logs are actively being written. These warnings can be safely ignored.

Step 6: Verify copied logs

 
sysadmin@n1sspi:~$ ls ./ssp_supportbundle/

Confirm that the directory structure and log files are present.

Step 7: Compress the support bundle

Compress the collected logs for easier handling and transfer:

tar -czvf ssp_supportbundle.tar.gz ./ssp_supportbundle

Step 8: Download the bundle from SSPI

Use scp or sftp from your local system to retrieve the bundle:

scp sysadmin@n1sspi:/home/sysadmin/ssp_supportbundle.tar.gz .
Powered by Wolken Software