排障日记：cisco ACS配置HA报错，register failed，invalid hostname

ACS Register error：invalid hostname or invalid ip address has bee entered.

故障背景：

ACS5.4  License替换。
ACS01为Primary，ACS02为Secondary

操作如下：
1.  ACS02  reset-config
2.  ACS02  替换license
3.  ACS02  注册到ACS01 同步配置，成功
4.  ACS02 promote to primary  &   log selector 更改为ACS02
5.  ACS01 reset-config
6.  ACS01 替换license
7.  ACS01 注册到ACS02 同步配置，失败，error  invalid hostname       //这个环节被难住了
8.  ACS01 promote to primary  &   log selector 更改为ACS01，完成。

排障过程：

1、抓取ACS01和ACS02的support-bundle，提交给TAC分析；

RDCA-OPM-ACS01/admin# show ver Cisco Application Deployment Engine OS Release: 2.0ADE-OS Build Version: 2.0.3.062ADE-OS System Architecture: i386Copyright (c) 2005-2011 by Cisco Systems, Inc.All rights reserved.Hostname: RDCA-OPM-ACS01Version information of installed applications---------------------------------------------Cisco ACS VERSION INFORMATION-----------------------------Version : 5.4.0.46.0aInternal Build ID : B.221

2、TAC分析发现ACS 后台log确认有许多invalid hostname等错误日志，要求抓取底层linux的/etc/hosts内容

  下载地址：http://download.csdn.net/detail/ligang636/8422289
 

cisco/admin# application install RootPatch.tar.gz  ftp cisco/admin# root_enablePassword : cisco123Password Again : cisco123 Root patch enabledisco/admin# rootEnter root patch password : cisco123Starting root bash shell ... ade# cat   /etc/hosts

 
 

可以发现ACS02的 /etc/hosts内容结构与ACS01不一致，192.168.80地址是eth0的IP，10.79.83是eth1的IP，按道理说eth0的IP hostname条目应该在eth1上面，我们现在的环境下，ACS02的eth0 IP hostname被自动记录在文件最下方，导致ACS主备注册时不正常！


经TAC确认，这是ACS5.4的bug之一，CSCuf44685
https://tools.cisco.com/bugsearch/bug/CSCuf44685/?reffering_site=dumpcr
5.4: Incorrect host entry added on adding a new interface.
CSCuf44685
Description
Symptom:
Incorrect host entry added on configuring a new interface causing the slowness in secondary GUI login.
When we add a new interface (eth1 and eth2), it was adding a host entry for that IP address above the existing entry (eth0).


Conditions:
ACS running with version 5.4. Deployed in distributed system.


Workaround:
Commenting the newly added host entry for eth1 and eth2 and restarting the ACS service.

3、经TAC建议，两台ACS都需下载并安装最新的ACS 5.4补丁7

补丁：https://software.cisco.com/download/release.htmlmdfid=283883834&flowid=73105&softwareid=282766937&release=5.4.0.46.0&relind=AVAILABLE&rellifecycle=&reltype=latest


安装方式：
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/installation/guide/csacs_book/csacs_upg.html#pgfId-1194940


#acs patch install patch-name .tar.gpg repositoryrepository-name

RDCA-OPM-ACS01/admin# show version Cisco Application Deployment Engine OS Release: 2.0ADE-OS Build Version: 2.0.3.063ADE-OS System Architecture: i386Copyright (c) 2005-2011 by Cisco Systems, Inc.All rights reserved.Hostname: RDCA-OPM-ACS01Version information of installed applications---------------------------------------------Cisco ACS VERSION INFORMATION-----------------------------Version : 5.4.0.46.7Internal Build ID : B.221Patches : 5-4-0-46-7Root Patch VERSION INFORMATION-----------------------------------Version     : 1.2.0                             Vendor: Cisco Systems, Inc.Build Date  : August 27 2010  09:34PDTRDCA-OPM-ACS01/admin# 

4、补丁打好后，验证OK。故障解决。