Pulse configuration and connection troubleshooting.

  • 22 April 2020
  • 0 replies
  • 601 views

Userlevel 3
Badge +4

Pulse is an essential tool for maintaining uptime on a Nutanix cluster. While alert emails can directly open a case for an issue which has already happened, the data gathered and sent by Pulse enables identification of potential known issues that haven’t impacted your cluster yet.

 

Enabling this feature within a Nutanix cluster is fairly simple, but depending on your network setup and security there may be some additional steps to make sure it’s working.

 

When you first set up your cluster, right around the time you accept the EULA and change the password for ‘admin’ you are given the option to disable Pulse. So long as you don’t select to disable it, Pulse will attempt to work with the default settings. For some environments it’s just that simple. The cluster will start sending data periodically to Nutanix and our Support Portal will highlight any concerns identified based on that configuration. The configuration is once-per-cluster. If you want to check or update your Pulse configuration, the steps for this are covered in the Prism Web Console Guide, here.

 

This default configuration sends email through the SSH tunnel to nsc01.nutanix.net or nsc02.nutanix.net on either port 80 or 8443 for legacy Pulse information, and Pulse HD info is sent via HTTPS to insights.nutanix.com:443. This works on a fairly open network, but your network security settings may not allow those connections. This brings us to the next part of this discussion: making adjustments and troubleshooting the connection.

 

Let’s assume your environment doesn’t ports 80 and 8443 wide open to the outside, and port 443 is locked down on the firewall except when it’s coming through a proxy.

 

For legacy Pulse emails the best move is probably configuring SMTP to use your own email server. Configure this by going to Settings : SMTP. Full details on configuration steps are in the Prism Web Console Guide, here. This configuration affects both alert emails and Pulse emails. You can configure the sending email address, as well as password authentication if that’s needed for emails sent beyond your local domain.

 

For Pulse HD there are a few more items to consider. If your cluster is registered to Prism Central and no HTTP proxy settings are added on the cluster, Pulse HD will attempt to relay through Prism Central. If you do configure HTTP proxy settings for the cluster, Pulse will attempt to send data via the proxy. One more thing to consider here. If your web proxy or firewall is set up with SSL intercept or SSL inspection. Theses featues decrypt data in flight within the proxy or firewall so it can be inspected or logged, and then encrypts it again before sending it on to the destination. This is incompatible with the security setup for Pulse (and also for PE/PC communication) you’ll need to allow Prism Element (all CVM IPs) or Prism Central to bypass SSL intercept or inspection for connections to insights.nutanix.com:443.

 

Greater detail on troubleshooting Pulse connectivity is provided in these articles, “Pulse and Alerts Not Being Sent and SMTP Status Shows Failed” and “Troubleshooting the Legacy Pulse Email or PulseHD status columns on Installed Base page in Nutanix Support Portal”. Here are the basics.

 

First, run a full health check and see if you get a Warn or Fail for either rest_connection_checks or auto_support_check. Either of these checks can give you insights on what might not be working, and the articles linked give steps to troubleshoot those situations.

 

Next check if each CVM can get a response from insights.nutanix.com:443. Do this logging in to any CVM in the cluster via SSH, as the user Nutanix, and running “allssh curl -k https://insights.nutanix.com:443”. This should return a response of “I-AM-ALIVE” once per node. This validates whether the local CVM can directly reach the URL and get a response, but remember the routing considerations for this connection based on PC registration and HTTP proxy configuration.

 

I hope this helps to clear up any confusion around the Pulse feature and how it communicates. If you chose not to enable Pulse and you’d just like to stop seeing alerts about it, you can disable the related health checks mentioned above as described here


This topic has been closed for comments