SeaCat Gateway Troubleshooting

SeaCat Gateway running process verification

If you need to check if SeaCat Gateway is up and running, execute with root privileges:

# ps axu | grep seacatd

Sample output:

root    15553  0.0  0.1  30976  2700 ?  Ss  Jan12  0:22 /opt/seacat/bin/seacatd -c /opt/seacat/etc/seacat.conf -l /opt/seacat/var/log/seacatd.log
seacat  21366  0.0  0.3  30956  6772 ?  S   Jan13  0:08 /opt/seacat/bin/seacatd -c /opt/seacat/etc/seacat.conf -l /opt/seacat/var/log/seacatd.log
seacat  21644  0.0  0.3  30956  6788 ?  S   Jan13  0:08 /opt/seacat/bin/seacatd -c /opt/seacat/etc/seacat.conf -l /opt/seacat/var/log/seacatd.log
seacat  21761  0.0  0.0  30956   844 ?  S   Jan13  0:04 /opt/seacat/bin/seacatd -c /opt/seacat/etc/seacat.conf -l /opt/seacat/var/log/seacatd.log

The process that runs under root context is the main process of SeaCat Gateway. Every child process represents one Client Connection with de-privileged access rights.

Public Network interface availability verification

To check if SeaCat Gateway has properly configured SeaCat Gateway Certificate and Public Network interface is available, connect to SeaCat Gateway port by OpenSSL command-line tool. In this example, we choose 1.2.3.4 for the IP address and 443 for the port.

# openssl s_client -connect 1.2.3.4:443

Sample output:

SSL-Session:
Protocol  : TLSv1.2
Cipher    : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: F0109491CC5BFFFFD83136D595FA2BD04C1B41046E357DE5354FB7FA15172EB4
Session-ID-ctx:
Master-Key: 62F062270754DDB01F27029D92E19BDDBE54D9630F1C4DD27C9C138A6343A3266F8EE43D0E58C6F0F0FCDAB9E989D882
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 78 ae ee b4 a2 7c 30 25-7f 99 a4 39 b8 6b 0b dd   x....|0%...9.k..
0010 - 2d 5c 25 04 ed a0 be fc-43 4f 58 23 6e 99 23 a5   -\%.....COX#n.#.
0020 - 85 b4 7a 6b 72 25 10 4b-84 08 04 ee d0 c5 ee e6   ..zkr%.K........
0030 - 90 11 ea 5e 80 86 7c 10-1a 56 a4 f5 7b 59 83 16   ...^..|..V..{Y..
0040 - 51 38 20 6c 0e 39 ee 83-61 45 08 73 ad 84 53 b0   Q8 l.9..aE.s..S.
0050 - 75 da 0f 62 66 78 e5 3c-2b 98 17 be fe a5 22 fa   u..bfx.<+.....".
0060 - 91 a6 d7 2e 15 a5 8e e9-08 98 a4 af b1 7c 48 d9   .............|H.
0070 - 12 94 ce 7f 9b 9f 3f 5b-9d 7f 28 f7 03 83 fd f2   ......?[..(.....
0080 - 47 e2 8b ae 80 32 c8 80-d4 15 90 2b 3f e1 ad e0   G....2.....+?...
0090 - b5 7b 61 e4 00 2f cc 87-fd 47 ca 1a e4 3d c9 eb   .{a../...G...=..

Start Time: 1449820970
Timeout   : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

Start the service in the foreground

Before you execute the command, make sure that the seacatd daemon is not running. If so, please, terminate it before you continue.

To check if SeaCat Gateway daemon runs smoothly without warnings, execute with root privileges:

# /opt/seacat/bin/seacatd -c /opt/seacat/etc/seacat.conf -v

Check Discover Service configuration

Check Discover Service SeaCat Gateway Name response

To check if SeaCat Discover Service is providing correct SeaCat Gateway resolution for Application ID, execute:

$ dig @ns.s.seacat.mobi _seacat._tcp.[application ID in HEX format][PLATFORM][-SUFFIX].s.seacat.mobi SRV

where:

  • [application ID in HEX format] is similar to f11d01fbf92b922a94cec08aea9d5fd9
  • [PLATFORM] is and, ios or wmo
  • [SUFFIX] is according to Application configuration (optional)

Inside the output, you should find ANSWER SECTION similar to seacat.tcp.[application ID in HEX format][PLATFORM][-SUFFIX].s.seacat.mobi. 360 IN SRV 5 5 443 [GWNAME].

Sample output:

; <<>> DiG 9.8.3-P1 <<>> @ns.s.seacat.mobi _seacat._tcp.f11d01fbf92b922a94cec08aea9d5fd9and.s.seacat.mobi SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61733
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;_seacat._tcp.f11d01fbf92b922a94cec08aea9d5fd9and.s.seacat.mobi.    IN SRV

;; ANSWER SECTION:
_seacat._tcp.f11d01fbf92b922a94cec08aea9d5fd9and.s.seacat.mobi.    360 IN SRV 5 5 443 gw-[GWNAME].s.seacat.mobi.

;; AUTHORITY SECTION:
s.seacat.mobi.        360    IN    NS    d.ns.buddyns.com.
s.seacat.mobi.        360    IN    NS    f.ns.buddyns.com.
s.seacat.mobi.        360    IN    NS    ns1.twisted4life.com.
s.seacat.mobi.        360    IN    NS    ns.s.seacat.mobi.
s.seacat.mobi.        360    IN    NS    c.ns.buddyns.com.

;; ADDITIONAL SECTION:
gw-docs-test-01.s.seacat.mobi. 360 IN A    52.18.221.6
ns.s.seacat.mobi.    360    IN    A    107.150.18.241
ns.s.seacat.mobi.    360    IN    AAAA    2602:ffea:1:585::1

;; Query time: 148 msec
;; SERVER: 107.150.18.241#53(107.150.18.241)
;; WHEN: Mon Jan 18 16:08:33 2016
;; MSG SIZE  rcvd: 303

Check Discover Service SeaCat Gateway IP address response

If you need to check if SeaCat Discover Service is providing correct SeaCat Gateway IP address for SeaCat Gateway name, execute:

$ dig @ns.s.seacat.mobi gw-[GWNAME].s.seacat.mobi

where:

  • [GWNAME] is the name of the SeaCat Gateway from the previous request.

Inside the output you should find ANSWER SECTION similar to gw-[GWNAME].s.seacat.mobi. 360 IN A 1.2.3.4.

Sample output:

; <<>> DiG 9.8.3-P1 <<>> @ns.s.seacat.mobi gw-docs-test-01.s.seacat.mobi
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34487
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;gw-docs-test-01.s.seacat.mobi. IN    A

;; ANSWER SECTION:
gw-docs-test-01.s.seacat.mobi. 360 IN A    1.2.3.4

;; AUTHORITY SECTION:
s.seacat.mobi.        360    IN    NS    c.ns.buddyns.com.
s.seacat.mobi.        360    IN    NS    ns1.twisted4life.com.
s.seacat.mobi.        360    IN    NS    d.ns.buddyns.com.
s.seacat.mobi.        360    IN    NS    f.ns.buddyns.com.
s.seacat.mobi.        360    IN    NS    ns.s.seacat.mobi.

;; ADDITIONAL SECTION:
ns.s.seacat.mobi.    360    IN    A    107.150.18.241
ns.s.seacat.mobi.    360    IN    AAAA    2602:ffea:1:585::1

;; Query time: 147 msec
;; SERVER: 107.150.18.241#53(107.150.18.241)
;; WHEN: Mon Jan 18 16:10:13 2016
;; MSG SIZE  rcvd: 221

Enable core dumps for storing detailed memory state of running services

For memory dump of unexpectedly terminated processes for detailed investigation of failures, execute:

1. Edit file /etc/rc.local:

# vi /etc/rc.local

2. Tap i to insert text using vim text editor and insert this:

echo "/var/cores/core" > /proc/sys/kernel/core_pattern
echo "1" > /proc/sys/kernel/core_uses_pid
echo "2" > /proc/sys/fs/suid_dumpable

3. Press Esc and write :wq to save changes.

4. Edit file /etc/init.d/seacatd

 # vi /etc/init.d/seacatd

5. Tap i to insert text using vim text editor and insert this:

ulimit -c unlimited
ulimit -S -c unlimited

6. Press Esc and write :wq to save changes.

7. Create a new file /etc/init.d/ulimit.sh:

# vi /etc/init.d/ulimit.sh

8. Tap i to insert text using vim text editor and insert this:

#!/bin/bash
ulimit -c unlimited

9. Press Esc and write :wq to save changes.

10. Set access rights:

# mkdir /var/cores
# chmod 777 /var/cores
# chmod 755 /etc/init.d/ulimit.sh

11. Set limit for core dumps:

# vi /etc/security/limits.conf

12. Tap i to insert text using vim text editor and insert this:

*     soft     core     unlimited

13. Press Esc and write :wq to save changes.

Restart of the operating system is required.

Found a mistake? Please contact us.