1. Home
  2. Knowledge Base
  3. Articles (EN/ES/FR)
  4. Tentacle configuration, manual testing and debugging

Tentacle configuration, manual testing and debugging

The Tentacle protocol is used by Pandora FMS for the transmission of information. It is a lightweight file transport protocol that Pandora FMS uses mainly to send information from agents and satellite servers to Pandora FMS’ main server. It is versatile, secure, multi platform and easy to use, designed to be used from the command line and without the need for additional configuration files.

The operation consists of a client-server system, in which the client is always the one that initiates the communication.

The communication can be secured by using a password, SSL certificates, or even both.

Let’s see the different possibilities of use that Tentacle offers, and examples of manual testing from the command line.

Later we will explain how to configure the server with the options that we want to automate its operation, and how to modify these parameters in the client side so that the Pandora agents use the desired options when they use the tentacle_client to send files to the server.

Command line usage

We assume that we have the necessary components installed, and the binaries in /usr/bin.

For security reasons tentacle_server cannot be executed with the root user, we can use the pandora user or create one to make the tests.

First we run tentacle_server indicating the input directory where the received files will be stored. It is important to take into account the permissions on the directory indicated for the user that executes tentacle_server.

tentacle_server -s /tmp

We will have already raised the tentacle server in its default port, 41121. We can check it by launching nmap -p 41121 127.0.0.1 to check that port 41121 is listening.

If we need to modify the tentacle listening port, for example to pick up several instances at once, we can use the -p parameter.

We can display the help of tentacle_server with perldoc -F /usr/bin/tentacle_server for extended information about its use and parameters.

tentacle_server -s /tmp -p 41122

And again we can check if it works correctly by launching nmap against the desired IP and port, in this case:

nmap -p 41122 127.0.0.1

Once tentacle_server is up and listening, we can send a file from the client. To do this, just launch the following command:

tentacle_client -a 192.168.1.10 -v /tmp/test.txt

With -a parameter we indicate the IP address of the server to which we will send the file, with -v we activate the verbosity so that it shows us messages of the steps carried out, and finally we indicate the file to be sent.

We can display the help of tentacle_client with perldoc -F /usr/bin/tentacle_client for extended information about its use and parameters.

Possible failures in sending:

  • tentacle_server is up in another port. Check with nmap, and use the -p option from client to choose the correct port.
  • Connectivity through required ports limited by firewall.
  • The file to be sent is already on the server machine.
  • The file to be sent is too heavy. Change the maximum weight in tentacle_server with -m.

Next we see the different options that tentacle presents for its use with security options, and examples of use.

  • Using tentacle as a proxy for file forwarding. Options -b and -g.
tentacle_server -b ip_server -g 41121
  • Simple transfer of a file limited to a maximum size of 1 MByte and deposited on /tmp.
tentacle_server -m 1048576 -s /tmp -v
tentacle_client -a 192.168.1.1 -v /home/user/myfile.dat
  • Simple transfer on port 65000 with overwrite mode enabled.
tentacle_server -o -p 65000 -s /tmp -v
tentacle_client -a 192.168.1.1 -p 65000 -v /home/user/myfile.dat
  •  Simple transfer with password-based authentication
tentacle_server -x password -s /tmp -v
tentacle_client -a 192.168.1.1 -x password -v /home/user/myfile.dat
  • Secure transfer, no client certificate.
tentacle_server -e cert.pem -k key.pem -w -s /tmp -v
tentacle_client -a 192.168.1.1 -c -v /home/user/myfile.dat
  • Secure transfer with customer certificate.
tentacle_server -e cert.pem -k key.pem -f cacert.pem -w -s /tmp -v
tentacle_client -a 192.168.1.1 -e cert.pem -k key.pem -v /home/user/myfile.dat
  • Secure transfer with customer certificate and additional password authentication.
tentacle_server -x password -e cert.pem -k key.pem -f cacert.pem -w -s /tmp -v
tentacle_client -a 192.168.1.1 -x password -e cert.pem -k key.pem -v /home/user/myfile.dat

Server configuration

Once the manual operation tests have been successful, we can automate the parameters used so that they start automatically with the tentacle service.

These configuration modifications must be done in the tentacle_serverd startup script, usually located in /etc/init.d/tentacle_serverd, and the important parameters are

  • PANDORA_SERVER_PATH, the input directory. Equivalent to the -s option.
  • TENTACLE_PORT, by default 41121, equivalent to the -p option. Very important if we want to raise more than one instance of tentacle_server, since we will have to indicate a different port to 41121 if it is already in use.
  • TENTACLE_EXT_OPTS, for all the additional options that we want to use. The security options such as password, certificates or maximum file weight will go in this line.

It is recommended to make manual tests before making permanent changes to the Tentacle configuration to see if they work correctly. For example, in a secure configuration with certificates and a proxy agent (note that you must always write the full path of the certificates for it to work):

  • The service is lifted manually.
sudo -u user tentacle_server -x password -e /path/tentaclecert.pem -k /path/tentaclekey.pem -f cacert.pem -s /tmp -v
  • The proxy is lifted manually (this step is only necessary if one is to be used).
sudo -u user tentacle_server -b ip_server -g 41124
  • Finally, tentacle_client is launched manually:
sudo -u user tentacle_client -a ip_proxy/ip_server -x password -e /path/tentaclecert.pem -k /path/tentaclekey.pem -v /bin/ls #(or any file you want))

If the file is sent correctly, we can proceed to permanently configure the tentacle_server and clients.

Client configuration

To automate the communication with specific options from the client, it is necessary to make the changes in the configuration file of the Pandora agents, pandora_agent.conf. We should locate the line server_opts, decomment it and then use the necessary parameters. Example:

server_opts -p 41122 -x password

Some of the parameters will be used automatically based on the agent configuration (specified in the pandora_agent.conf file). These are the IP address of the server, equivalent to -a, or the file to be sent, which will be the .data generated by the agent with the information collected from the monitoring.

Whenever our configuration and use of tentacle with Pandora FMS is not the default one, we should previously make all the manual tests by command line to make sure that we are doing a correct use of the options and discard possible failures. In the same way if something fails we should make manual tests to see where the failure can be found.

See also:

https://pandorafms.com/manual/en/documentation/08_technical_reference/09_tentacle

Was this article helpful?

Related Articles