Troubleshooting
Problem
Navigating to the Cases application, in Cloud Pak for Security (CP4S), results in longer than usual loading times and intermittent gateway timeout errors appearing on the page.
Symptom
Cause
The error is produced due to the Cases application Postgres pod not having enough resources to properly handle the workload that it's receiving.
Diagnosing The Problem
Use the
oc
client to check the Cases Postgres CPU limit on the cluster. If the command reports the CPU limit less than 2 CPU cores, then gateway timeout errors are expected under production loads:
oc get po -lname=isc-cases-postgres -o yaml | grep -A6 -i resources
Resolving The Problem
The resolution requires the use of the pgo
client, which is used to run commands on the crunchydata
Postgres operator. It is available to be run from inside the cases-operator
but requires some parameters to be set with the long commands in steps 3 and 4.
- Check current resources on postgres pod:
oc get po -lname=isc-cases-postgres -o yaml | grep -A6 -i resources
- Edit the Cases Custom Resource (CR) with the following command. This command sets the postgres CPU limits to 4 CPU cores:
oc patch cases cases --type='json' -p='[{"op": "replace", "path": "/spec/cases/postgres/provision/crunchydata/primary/resources/limits/cpu", "value":"4"}]'
oc patch cases cases --type='json' -p='[{"op": "replace", "path": "/spec/cases/postgres/provision/crunchydata/primary/resources/requests/cpu", "value":"2"}]'
- Get the crunchy postgres version to test (note: the cases operator pod must be running):
oc exec -t $( oc get pods -l name=isc-cases-operator | grep operator | awk '{print $1;}') -- bash -c ' export PGO_DIR=/tmp/pgo export PGOUSER=$PGO_DIR/pgouser export PGO_CA_CERT="$PGO_DIR/client.crt" export PGO_CLIENT_CERT="$PGO_DIR/client.crt" export PGO_CLIENT_KEY="$PGO_DIR/client.pem" export PGO_APISERVER_URL="https://postgres-operator:8443" mkdir -p $PGO_DIR echo $(oc get secrets/pgo-user --template={{.data.username}} | base64 --decode):$(oc get secrets/pgo-user --template={{.data.password}} | base64 --decode) > $PGOUSER oc cp $(oc get pods -lname=postgres-operator -o=name | sed "s/pod\///"):/tmp/server.key $PGO_CLIENT_KEY -c apiserver oc cp $(oc get pods -lname=postgres-operator -o=name | sed "s/pod\///"):/tmp/server.crt $PGO_CLIENT_CERT -c apiserver pgo version rm -rf $PGO_DIR '
- Delete the crunchy Postgres
pgcluster
custom resource without deleting the PVC:oc exec -t $( oc get pods -l name=isc-cases-operator | grep operator | awk '{print $1;}') -- bash -c ' export PGO_DIR=/tmp/pgo export PGOUSER=$PGO_DIR/pgouser export PGO_CA_CERT="$PGO_DIR/client.crt" export PGO_CLIENT_CERT="$PGO_DIR/client.crt" export PGO_CLIENT_KEY="$PGO_DIR/client.pem" export PGO_APISERVER_URL="https://postgres-operator:8443" mkdir -p $PGO_DIR echo $(oc get secrets/pgo-user --template={{.data.username}} | base64 --decode):$(oc get secrets/pgo-user --template={{.data.password}} | base64 --decode) > $PGOUSER oc cp $(oc get pods -lname=postgres-operator -o=name | sed "s/pod\///"):/tmp/server.key $PGO_CLIENT_KEY -c apiserver oc cp $(oc get pods -lname=postgres-operator -o=name | sed "s/pod\///"):/tmp/server.crt $PGO_CLIENT_CERT -c apiserver pgo delete cluster isc-cases-postgres -n cp4s --keep-data --keep-backups --no-prompt rm -rf $PGO_DIR '
pgcluster
resource by applying the settings from the cases custom resource. - Wait for the postgres pods to restart:
oc get po -lname=isc-cases-postgres -w
- Verify that application resources are updated:
oc get po -lname=isc-cases-postgres -o yaml | grep -A6 -i resources
- Wait for cases-application to be ready (8 of 8 containers):
oc get po -lname=isc-cases-application -w
- Case management page is now available
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z0000001h8pAAA","label":"Cases"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.7.1;1.7.2;1.8.0"}]
Was this topic helpful?
Document Information
Modified date:
07 November 2022
UID
ibm16571723