Troubleshooting in Linux
This page provides guidance for troubleshooting USP Components running on Linux. Topics include inspecting logs, verifying file ownership and permissions, and validating runtime access to configuration files, authentication keys, and certificates.
Log Inspection
To effectively monitor and troubleshoot USP Components, you can either rely on systemd logs using journalctl or configure dedicated log files.
Option 1: Using journalctl (Systemd-based Logging)
If a USP Component is not configured to write logs to a file, systemd collects its log messages. You can inspect them using:
sudo journalctl -u <Service Name> -f
Replace <Service Name> with the appropriate systemd service name: usp-manager, usp-server, or usp-client.
Option 2: Setting Up Dedicated Log Files
If a log file path is configured in a USP Component's Configuration File or corresponding Environment File, log messages will be written to the specified file. You can access them using the following command:
cat /path/to/your/log/file
If the configured log file cannot be created or written to due to an invalid path or insufficient permissions, the USP Component continues to run without reporting an error. In this situation, log messages are discarded and no logs are written.
To resolve this issue, ensure that the configured log path is valid and that the udmg user has permission to create and write the file.
File Ownership and Permissions
USP processes run under the udmg user, so all files required at runtime must be accessible by that user. Correct ownership and permissions are critical for both functionality and security.
There are two categories of files to consider:
1. Authentication Keys
These include private keys used for SSH tunnels, mTLS connections, and inbound or outbound connection authentication. They must be accessible to the udmg user and protected from access by other users.
Recommended ownership and permissions:
udmg:udmgwith permissions600
Example commands to set ownership and permissions correctly:
chown udmg:udmg /path/to/key.pem
chmod 600 /path/to/key.pem
Authentication keys must not be readable by other users. Incorrect ownership or permissions can prevent USP Components from starting or expose sensitive data.
2. Configuration Files
Configuration files include the Configuration File (.hcl) and Environment File (.env) associated with each USP Component and distributed with the RPM and DEB packages.
The udmg user must have read access to these files, either through the file's group permissions or through permissions granted to all users.
Valid ownership and permission configurations include:
root:rootwith permissions644(default package installation)root:udmgwith permissions640udmg:udmgwith permissions640