This procedure is intended for customers and distributors who want to create a fdmon Proxy from scratch, running under Centos 9, able to monitor and automate any Unix System (including AIX and VIO Server), Windows System, PostgreSQL Database, Microsoft SQL/Server Database, Oracle Instance (including ASM), KVM Server, VMware ESXi Hypervisor, vCenter Server, SNMP equipment and any Storage Solution that provide a SSH or REST API based management interface.
Note : to become a customer or a distributor, we invite you to contact us at :
contact@ncor-labs.ch
or contact directly our partner in Switzerland.
Here are requirements for building manually a standalone fdmon Proxy Server running under Centos 9 :
- A Centos 9 linux server (minimal installation) with 4 cores and 4 GB RAM per 1000 CI to monitor
- Your cliend ID, provided by the fdmon support
- 2 Front-End IP addresses, provided by the fdmon Support
- The download.sh file, provided by the fdmon support
- 1 physical IP Address
- 1 virtual IP Address (required for HA only)
- 1 unique virtual Router ID (required for HA only)
Log as root.
Disable SELinux and firewall :
In the /etc/selinux/config file, replace :
SELINUX=enforcing by SELINUX=disabled
systemctl disable firewalld
sync ; rebootInstall required common packages :
yum -y install keepalived
yum -y install epel-release
yum -y install xdelta
yum -y install net-snmp-utils
yum -y install python3-pip
yum -y install postgresql-client
yum -y install freetds
yum -y install openldap-clients
pip3 install ssh2-python
pip3 install aiowmiNote : The DES (Data Encryption Standard) algorithm is no longer supported by net-snmp under Centos 9.
Install required packages for VMware Monitoring :
mkdir -p /install/esxcli
mkdir -p /install/resxtop
Copy esxcli-7.0.0-15866526-lin64.sh provided by Broadcom to /install/esxcli
Copy resxtop-7.0.0-15992393-lin64.tgz provided by Broadcom to /install/resxtopcd /install/esxcli
chmod u+x esxcli-7.0.0-15866526-lin64.sh
./esxcli-7.0.0-15866526-lin64.sh
...
Accept the EULA
...
Checking :
esxcli --version
cd /usr/lib64
ln -s /usr/lib64/libncurses.so.6 ./libncurses.so.5
cd /intall/resxtop
tar -xzf resxtop-7.0.0-15992393-lin64.tgz
./install.sh
...
Accept the EULA
...
Checking :
export LD_LIBRARY_PATH=/usr/lib/vmware/resxtop
resxtop
export LD_LIBRARY_PATH=If you intend to monitor Oracle Instances, you must Oracle Instant Client for Linux x86-64 on the fdmon Proxy, according to the procedure provided by Oracle.
Install the fdmon environment :
useradd -d /home/fdmon -m fdmon
passwd fdmon
mkdir /fdmon
chown fdmon:fdmon /fdmon
su - fdmon
mkdir -p /fdmon/proxy/bin
mkdir -p /fdmon/proxy/tmp/ci
mkdir -p /fdmon/proxy/tmp/ip
cd /fdmon/proxy
Copy the file download.sh to /fdmon/proxy
cd /fdmon/proxy
chmod u+x download.sh
./download.sh fdmon_proxyNote : If you don’t want to activate fdmon automation :
rm -rf /fdmon/proxy/bin/technoCreate the /fdmon/proxy/bin/fdmon.ini file as following :
FRONT_END front-end-ip1
FRONT_END front-end-ip2
CONCURRENT_COLLECTS 32Get your public IP Address :
curl -s checkip.dyndns.org | sed 's#.*Address: \(.*\)</b.*#\1#'Repeat the command in case of load balancing between several addresses.
Request to the fdmon Support a signature from your Client ID and all the IP addresses.
fdmon Support will provide you 1 signature for each address and activate the appropriate firewall rules on our client zone.
How to get a customer signature (for partners only) :
/fdmon/web/bin/signature.sh client-id ip-address, from any Front-End NodeIn the /fdmon/proxy/bin/header.sh file, add the following lines :
export CLIENT_ID=your-id
export PROXIES="proxy-name" Create the signature file :
echo "SIGNATURE signature1
SIGNATURE signature2
..." > /fdmon/proxy/bin/signature.txtActivate the fdmon user crontab :
crontab /fdmon/proxy/bin/crontab.txt
checking :
crontab -lWait 1 minute, then check the connectivity with fdmon Cloud :
/fdmon/proxy/bin/check_signature.sh --> should return "OK"Configure the File based identity management (the LDAP based identity management will be described in a separate Post) :
echo -n password | sha256sum
xxx -
echo "user xxx FDMON_ADMIN" > /fdmon/proxy/bin/users.txtCreating private/public Keys protected by a Passphrase (only for the first Proxy, if there is already a fdmon Proxy, public and private keys must be copied from this Proxy) :
cd /fdmon/proxy/bin
openssl genrsa -aes128 -passout stdin -out private.pem 1024
openssl rsa -in private.pem -passin stdin -pubout -out public.pem
./passphrase.sh
./send_pubkey.sh --> should return OKActivating Proxy fdmon Services :
As root user :
cp /fdmon/proxy/bin/auth.service /etc/systemd/system
cp /fdmon/proxy/bin/collect.service /etc/systemd/system
cp /fdmon/proxy/bin/resolv.service /etc/systemd/system
systemctl start auth.service
systemctl status auth.service
systemctl start resolv.service
systemctl status resolv.service
systemctl start collect.service
systemctl status collect.serviceEnabling the Proxy High Availability :
Create a keepalived configuration enabling Virtual IP of each fdmon Proxy.
Authorize a bidirectional SSH communication between all Proxies for the fdmon user (in order to enable the Passphrase copy when a node has restarted)
The PROXY parameter of each CI must be a Proxy Virtual IP
The destination server of the RSYSLOG client of a given CI must be the virtual IP specified by the PROXY parameter.
Leave a Reply