Skip navigation
Currently Being Moderated

3.2 Deploying Hubs

VERSION 5  Click to view document history
Created on: Dec 23, 2011 1:54 PM by Zenoss API - Last Modified:  Dec 23, 2011 1:55 PM by Zenoss API

 2. Deploying Hubs

The following sections offer information and procedures for:

  • Installing prerequisites

  • Deploying remote hubs

 2.1. Installing Prerequisites

  1. Install the Zenoss DataStore. Depending on your architecture, use one of these commands:

    • 32-bit:

      rpm -ivh zends-5.5.15-1.Version.el5.i386.rpm
    • 64-bit:

      rpm -ivh zends-5.5.15-1.Version.el5.x86_64.rpm
  2. Install these packages on the RHEL 5 or CentOS 5 server that will become the hub. Use the following command:

    yum -y install mysql-client net-snmp net-snmp-utils gmp libgomp libgcj liberation-fonts

 2.2. Deploying Remote Hubs

The following sections provide detailed information needed to deploy hubs:

  • Requirements

  • Limitations

  • Configuring Zenoss DataStore

  • Deployment

 2.2.1. Requirements

Hub deployments must meet these requirements:

  • The  Resource Manager server hostname must be a resolvable, fully qualified domain name or IP address.

  • Any server hosting a remote hub must have the Zenoss DataStore installed (but not running). The Zenoss DataStore is needed for a client library that allows MySQL connections.

  • Remote hubs need to communicate on these default  Resource Manager ports:

    • Port 13306 - Zenoss DataStore

    • Port 8084 -  Resource Manager events system

    • Port 5672 -  Resource Manager queuing system

  • You must update all hubs after you:

    • Update your version of  Resource Manager

    • Install patches

    • Install, update, or remove ZenPacks

 2.2.2. Limitations

The system is not compatible with Security-Enhanced Linux (SELinux) in enforcing mode. You must disable enforcing mode for all platforms running the  Resource Manager daemons ( Resource Manager master, remote hubs, and remote collectors).

To disable enforcing mode:

  1. Edit the /etc/selinux/config file.

  2. Set the following line:

    SELINUX=disabled

Note

You also can disable enforcing mode temporarily (avoiding the need to reboot) with the command:

echo 0 > /selinux/enforce

For more information about SELinux, browse to http://en.wikipedia.org/wiki/SELinux, or to the SELinux home page at http://www.nsa.gov/research/selinux/index.shtml.

 2.2.3. Configuring Zenoss DataStore for Remote Hubs

Hubs on remote servers need access to the Zenoss DataStore. By default this is set to localhost, but will not work for remote hubs. Distributed collector attempts to set this field to the fully qualified domain name of the  Resource Manager server when it is installed. If remote hubs appear to be having trouble connecting to the Zenoss DataStore, then check the host value in $ZENHOME/etc/global.conf to make sure it can be reached from the server the hub is on.

Another aspect of remote hubs connecting to the Zenoss DataStore is privileges. For a hub to connect to the database, the user specified in the $ZENHOME/etc/global.conf file for mysqluser must be granted privileges to connect to the Zenoss DataStore from the remote server. If a remote hub is logging error messages that indicate it is not allowed to connect from the given host, then these privileges are likely not set up correctly. Granting of these privileges requires a fully qualified domain name for the remote server.

Before adding a hub, ensure grants and permissions are set correctly. For your Resource Manager master, run these commands:

GRANT SELECT on mysql.user to zenoss@'%' IDENTIFIED BY "zenoss";
GRANT ALL PRIVILEGES ON zenoss_zep.* to zenoss@'%' IDENTIFIED BY "zenoss"; 
GRANT ALL PRIVILEGES ON zodb.* to zenoss@'%' IDENTIFIED BY "zenoss"; 
FLUSH PRIVILEGES;

For every remote Zenhub server, run these commands in the Zenoss DataStore, replacing RemoteHubFQDN with the appropriate hostname for each server:

GRANT SELECT on mysql.user to zenoss@'RemoteHubFQDN' IDENTIFIED BY "zenoss";
GRANT ALL PRIVILEGES ON zenoss_zep.* to zenoss@'RemoteHubFQDN' IDENTIFIED BY "zenoss";
GRANT ALL PRIVILEGES ON zodb.* to zenoss@'RemoteHubFQDN' IDENTIFIED BY "zenoss";
FLUSH PRIVILEGES;

 2.2.4. Deployment

When deploying a remote hub, you can select one of several options, using:

  • Root password to the remote host

  • Pre-existing root SSH keys

  •  Resource Manager SSH keys (use only for RPM installations)

To add a hub, from the main Collectors page, select Add Hub from the Action menu.

The Add Hub page appears.

 2.2.4.1. Install Remotely (Root Password)

Follow these steps to install a remote hub, using a root password for access to the remote host.

Note

You must set a password for the root user on a server before deploying a hub to it.

  1. Select the root password option.

     

    Figure 3.5. Install Remote Hub (Root Password)

    Install Remote Hub (Root Password)

  2. Enter or change setup details:

    • Hub ID - Enter a name for the new hub. The name can be any unique combination of letters, digits, and dashes.

    • Host - Enter the fully qualified domain name, IP address, or resolvable hostname of the server on which the new hub will run.

    • Root Password - Enter the root user password for the server you specified in the Host field.

    • Port - Enter the port number on which the hub should listen for collectors. The default port is 8790.

    • Hub Password - Enter the hub password that the collectors will use to log in to this hub. The default password is "zenoss."

    • XML RPC Port - Specify the port on which the hub should listen for xml-rpc requests from the collectors or other API clients.

  3. Click Add Hub.

    The system displays log output from the creation of the new hub. When fully configured (this may require several minutes), click the link at the bottom of the page to go to the overview page for the new hub.

 2.2.4.2. Install Remotely (Root SSH Keys)

To install a remote hub, using existing root SSH keys for access to the remote host:

  1. Select the root SSH keys option.

     

    Figure 3.6. Install Remote Hub (Root SSH Keys)

    Install Remote Hub (Root SSH Keys)

  2. Enter or change setup details:

    • Hub ID - Enter a name for the new hub. The name can be any unique combination of letters, digits, and dashes.

    • Host - Enter the fully qualified domain name, IP address, or resolvable hostname of the server on which the new hub will run.

    • Port - Enter the port number on which the hub should listen for collectors. The default port is 8790.

    • Hub Password - Enter the hub password that the collectors will use to log in to this hub. The default password is "zenoss."

    • XML RPC Port - Specify the port on which the hub should listen for xml-rpc requests from the collectors or other API clients.

  3. Click Add Hub.

    The system displays log output from the creation of the new hub. When fully configured (this may require several minutes), click the link at the bottom of the page to go to the overview page for the new hub.

 2.2.4.3. Install Remotely (zenoss SSH Keys)

If you choose to set up a hub using zenoss SSH keys,  Resource Manager will attempt to install by using the zenoss user. To successfully install a hub using these keys (without root access), these prerequisite conditions must be met:

  • zenoss user SSH keys must be set up between the  Resource Manager server and the target. The target must have a zenoss user.

  • ZENHOME directory must be present on the remote machine.

  • zensocket/pyraw must be present on the remote machine, and the setuid bits must be set.

  • The nmap program must be made setuid root.

Tip: The best way to meet the prerequisite conditions is to install the  Resource Manager RPM on the remote machine. After installation, do not start  Resource Manager.

Follow these steps to install a remote hub, using  Resource Manager SSH keys for access to the remote host.

Note

For detailed steps for creating SSH keys, see the section titled "Setting Up SSH Keys for Distributed Collector."

  1. Select the zenoss SSH keys option.

     

    Figure 3.7. Install Remote Hub ( Resource Manager SSH Keys)

    Install Remote Hub (Resource Manager SSH Keys)

  2. Enter or change setup details:

    • Hub ID - Enter a name for the new hub. The name can be any unique combination of letters, digits, and dashes.

    • Host - Enter the fully qualified domain name, IP address, or resolvable hostname of the server on which the new hub will run.

    • Port - Enter the port number on which the hub should listen for collectors. The default port is 8790.

    • Hub Password - Enter the hub password that the collectors will use to log in to this hub. The default password is "zenoss."

    • XML RPC Port - Specify the port on which the hub should listen for xml-rpc requests from the collectors or other API clients.

  3. Click Add Hub.

    The system displays log output from the creation of the new hub. When fully configured (this may require several minutes), click the link at the bottom of the page to go to the overview page for the new hub.

 2.3. Setting Up SSH Keys for Distributed Collector

Follow these instructions to create SSH keys for use when setting up hubs and collectors.

These instructions assume you are using openssh. For more information, refer to the ssh-keygen man pages.

  1. Use the following commands to generate an openssh RSA key pair for the zenoss user:

    mkdir $HOME/.ssh
    ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P "
  2. Lock down the key pair:

    chmod 700 $HOME/.ssh
    chmod go-rwx $HOME/.ssh/*
  3. Copy the generated public key $HOME/.ssh/id_rsa.pub file to the remote machine. On the remote machine, add the public key to the authorized_keys file in the account the user wants to log in to by using the SSH key.

    1. If $HOME/.ssh does not exist on the target machine, then create it with these commands:

      mkdir ~/.ssh
      chmod 700 ~/.ssh
    2. Add the key:

      cat id_rsa.pub >> $HOME/.ssh/authorized_keys
      chmod 600 $HOME/.ssh/authorized_keys

Note

You cannot use keys with a pass phrase with  Resource Manager.

Comments (0)