Skip to main content

 

vIDM appliance has no space left on device /db for audit data


Issue/Introduction

This article provides steps to add space in the vIDM appliance adding config to limit audit data.

  • vIDM appliance /db file system is almost full, for example usage exceeds about 90% and more.
  • You will see these errors:
check /db file system usage by df command as follows
Filesystem 1M-blocks Used Available Use% Mounted on
/dev/mapper/db_vg-db 10076 8318 1246 87% /db
  • Getting vIDM log-bundle fails with the error: No space left on device.

Environment

VMware Identity Manager 3.3.x

Cause

vIDM appliance uses device /db for Elasticsearch, RabbitMQ and internal DB PostgreSQL.
 /db
   |- data
   |- elasticsearch
   |- log
   |- lost+found
   |- temp
A large number of audit data for Elasticsearch uses almost all space on device /db file system.
As the default settings vIDM appliance keeps audit data forever, the vIDM file system will eventually fill up.

Resolution

To resolve this issue, add a policy to limit audit data in the /usr/local/horizon/conf/runtime-config.properties file:

  1. Login to the vIDM appliance.
  2. Edit the /usr/local/horizon/conf/runtime-config.properties file.
vi /usr/local/horizon/conf/runtime-config.properties
  1. Add these two rows to the file:
analytics.deleteOldData=true -----> The default value is false.
analytics.maxQueryDays=90 -----> The default value is 90, which indicates the number of days to keep the audit date. It is recommended to be 90 days to get 12-week statistics. 
  1. Reboot the vIDM appliance to reflect the new setting.
  2.  Remove the audit data manually which has already expired more than 90 days using the curl command for cleanup. You can use wildcards to delete the audit data:

Examples:
curl -XDELETE http://localhost:9200/v3_2016*
Explanation : Deletes everything from 2016.
curl -XDELETE http://localhost:9200/v3_2016-12* 
Explanation:Deletes everything from December 2016.

Backup : If the curl command fails, run the following commands:

rabbitmqctl list_queues | grep analytics.null       
Explanation : Lists the RabbitMQ queue
rabbitmqctl purge_queue -.analytics.null           
Explanation : Purges the queue
For versions vIDM 3.3.4 and higher, Workspace ONE Access 20.10 and higher, you will need to do the following workaround as the command above will fail on the new Photon releases. 
wget 'https://raw.githubusercontent.com/rabbitmq/rabbitmq-management/v3.7.20/bin/rabbitmqadmin'
chmod +x rabbitmqadmin
sed -i 's|#!/usr/bin/env python|#!/usr/bin/env python3|' rabbitmqadmin
mv rabbitmqadmin /usr/sbin/
rabbitmqadmin -q list queues | grep analytics
rabbitmqadmin purge queue name=-.analytics.127.0.0.1
Note:
  • * in the file name is wildcard.
  • Do not use rm commands to remove the audit data unless all nodes are stopped.

Additional Information

There is also a related KB on increasing the size of the /db file system.
* VMware Identity Manager Linux appliance disk containing Postgres database, analytics data, and support log bundle (/db) is full (2082650)
----------------------------------------
rm command is distributed, replicated data store, so removing the files when elasticsearch is running will cause problems. It is recommended to use the “curl” command to perform the removal safely.


https://knowledge.broadcom.com/external/article?articleNumber=367645

Labels:

Comments

Post a Comment

Popular posts from this blog

Quick Guide to VCF Automation for VCD Administrators

  Quick Guide to VCF Automation for VCD Administrators VMware Cloud Foundation 9 (VCF 9) has been  released  and with it comes brand new Cloud Management Platform –  VCF Automation (VCFA)  which supercedes both Aria Automation and VMware Cloud Director (VCD). This blog post is intended for those people that know VCD quite well and want to understand how is VCFA similar or different to help them quickly orient in the new direction. It should be emphasized that VCFA is a new solution and not just rebranding of an old one. However it reuses a lot of components from its predecessors. The provider part of VCFA called Tenenat Manager is based on VCD code and the UI and APIs will be familiar to VCD admins, while the tenant part inherist a lot from Aria Automation and especially for VCD end-users will look brand new. Deployment and Architecture VCFA is generaly deployed from VCF Operations Fleet Management (former Aria Suite LCM embeded in VCF Ops. Fleet Management...
Post a Comment
Read more
  Issue with Aria Automation Custom form Multi Value Picker and Data Grid https://knowledge.broadcom.com/external/article?articleNumber=345960 Products VMware Aria Suite Issue/Introduction Symptoms: Getting  error " Expected Type String but was Object ", w hen trying to use Complex Types in MultiValue Picker on the Aria for Automation Custom Form. Environment VMware vRealize Automation 8.x Cause This issue has been identified where the problem appears when a single column Multi Value Picker or Data Grid is used. Resolution This is a known issue. There is a workaround.  Workaround: As a workaround, try adding one empty column in the Multivalue picker without filling the options. So we can add one more column without filling the value which will be hidden(there is a button in the designer page that will hide the column). This way the end user will receive the same view.  
Post a Comment
Read more
  "Cloud zone insights not available yet, please check after some time" message on Aria Automation https://knowledge.broadcom.com/external/article?articleNumber=314894 Products VMware Aria Suite Issue/Introduction Symptoms: The certificate for Aria operations has been replaced since it was initially added to Aria Automation as an integration. When accessing the Insights pane under  Cloud Assembly  ->  Infrastructure  ->  Cloud Zone  ->  Insights  the following message is displayed:   "Cloud zone insights not available yet, please check after some time." The  /var/log/services-logs/prelude/hcmp-service-app/file-logs/hcmp-service-app.log  file contains ssl errors similar to:   2022-08-25T20:06:43.989Z ERROR hcmp-service [host='hcmp-service-app-xxxxxxx-xxxx' thread='Thread-56' user='' org='<org_id>' trace='<trace_id>' parent='<parent_id>' span='<span_id>'] c.v.a.h.a.common.AlertEnu...
Post a Comment
Read more