Backing up a Gateway node fails due to "Backup for node Gateway2 failed: cannot create backup image" or "Failed component: os"
Article ID: 42974
Updated On:
Products
Issue/Introduction
Solution
Background
The CA API Gateway has a suite of utilities that facilitate backing up and restoring the Gateway database, node configuration, host operating system configuration files, and other files used or employed by the API Gateway. These utilities are documented in the Installation and Maintenance Manual (for versions 8.2.00 and older) and the CA API Gateway Documentation website. The backup suite may fail to complete successfully if certain circumstances occur. This article will prescribe the steps to troubleshoot the behavior and resolve the issue to allow backups to complete.
Presentation
The backup utility may fail and the following error logs will be printed in the Gateway log file (ssg_0_0.log) when using the browser-based backup utility:
WARNING 70822 com.l7tech.server.BackupServlet: 3609: Backup for node Gateway2 failed: cannot create backup image
WARNING 70822 com.l7tech.server.admin: Backup failed
The backup utility may fail and the following HTTP response may be printed in the browser when using the browser-based backup utility:
500 Backup failed
The backup utility may fail and the following error logs will be printed in the terminal console when using the command line backup utility:
Backup of Gateway image partially succeeded.
Failed component: os
The presence of any of these messages indicates a known defect in the API Gateway that results from host operating system files being unreadable by the backup utilities used by the Gateway.
Environment
Component: APIGTW
Resolution
Troubleshooting
It will be necessary to determine which host operating system files are unreadable. Files that cannot be read by the Gateway backup utility will need to be amended to work around this behavior. The following command can be used to print out the file permissions for the host operating system files that are being backed up:
for i in $(egrep "[\^\/]" /opt/SecureSpan/Gateway/config/backup/cfg/backup_manifest); do [ -f $i ] && ls -l $i ; done
This command should return output similar to the following:
-rw-r--r-- 1 root root 628 Mar 25 14:04 /etc/hosts
-rw-r--r-- 1 root root 722 Mar 25 14:04 /etc/ntp.conf
-rw-r--r-- 1 root root 52 Mar 25 14:04 /etc/ntp/step-tickers
-rw-r--r-- 1 root root 103 Mar 25 14:04 /etc/resolv.conf
-rw-r----- 1 root sys 19246 Mar 25 14:04 /etc/snmp/snmpd.conf
-rw-r--r-- 1 root root 566 Mar 25 14:04 /etc/sysconfig/network
-rw-r--r-- 1 root root 575 Mar 25 14:04 /etc/sysconfig/network-scripts/ifcfg-eth0
Each file should have?read?permissions for the owner, group, and other users. Each line?should have three?r?values in the permissions. Any file that does not have read permission for all entities may fail to be backed up by the Gateway backup utilities and could cause a backup failure. The example above shows that the /etc/snmp/snmpd.conf file does not have read permissions granted to users who do not own the file or are a member of the owner group. This file will cause the backup utility to fail.
Resolution
Individual files can have their permissions manually modified via the following command: chmod a+r /path/to/file
If multiple files require modification then the following command can be used to add world readability to all of the files in the backup manifest:
for i in $(egrep "[\^\/]" /opt/SecureSpan/Gateway/config/backup/cfg/backup_manifest); do [ -f $i ] && chmod a+r $i ; done
The Gateway backup utilities should run without issue once the permissions of any and all files are modified to be world readable.
Feedback
