Pandora: Metaconsole: Documentation en: Synchronization and propagation

From Pandora FMS Wiki
Revision as of 14:44, 8 October 2018 by Irene (talk | contribs) (Local component creation)
Jump to: navigation, search

Contents

1 Synchronization tools

The Metaconsole has tools for the synchronization of elements, which are fundamental for the correct management of the Instances. The synchronization is based on passing all the information created in the metaconsole to the different Instances to manage all possible information of each of them from the Metaconsole.

For example, if we have 20 different instances(nodes) in our company, and we want the same user to have the same access permissions in those 20, we can create a user with the desired profiles and synchronize that user to have it in the 20 instances(nodes) and thus not have to create it individually in each instance.

Another example, we have to monitor different clients that are distributed throughout our instances, so that some clients are also repeated in different instances. We will be able to create the different groups to which the agents of the different instances will belong, and then synchronize each corresponding group with its instance.

Next, we are going to see in detail the different synchronizations that the Metaconsole allows us to make.

1.1 User Synchronization

This option allows the user to synchronize the users of the Metaconsole and their profiles in the instances.

Within this synchronization we can find two different options:

  • Copy the configured profiles to the user

Sync usuarioscopia.png

  • Give new profiles to the created user

Sync usuariosnuevos.png

In both cases we have the option to create the groups associated to the profiles in case they do not exist in the instance(node).

Before using this synchronization, it is recommended to take into account the users that are going to create new ones in the instances, due to possible conflicts with the user ID. It is recommended not to have users created in the instances and to create them all from the meta console in order to have the same users both in there as in the instances.

Info.png

In both cases, profiles that do not exist in the instance will be created.

 


Template warning.png

When in doubt about which option is best to use, user profiles must be copied.

 


1.2 Group Synchronization

This option allows the user to synchronize the Metaconsole groups with the instances.

Sync grupos.png

It is recommended not to have groups created in the instances and to create them all from the meta console in order to have the same groups both in there and in the instances.

Template warning.png

Once the groups have been synchronized, their names should not be modified either in the meta console or in the node. If it is done, it will be necessary to modify them in both places so that it does not give problems since the synchronization is based on the ID, but some operations use the name. The synchronization in the current version synchronizes the name the first time, but if there are later changes of names in the groups they will not be synchronized.

 


1.3 Alert Synchronization

This option allows the user to synchronize the Metaconsole alerts with the instances.

Sync alertas.png

It is recommended not to have alerts created in the instances and to create them all from the console in order to have the same alerts both in there and in the instances.

1.4 Component Synchronization

This option allows the user to synchronize the components of the Metaconsole with the instances.

Sync componentes.png

It is recommended not to have components created in the instances and to create them all from the Metaconsole in order to have the same components both in there and in the instances.

1.5 Tag Synchronization

This option allows the user to synchronize the tags of the Metaconsole with the instances.

Sync tagsnew.png

It is recommended not to have tags created in the instances and to create them all from the Metaconsole in order to have the same tags both in there and in the instances.

1.6 OS Synchronization=

This option allows the user to synchronize the OS of the Metaconsole with the instances.

Sync OS.png

It is recommended not to have OS created in the instances and to create them all from the Metaconsole in order to have the same OS both in there and in the instances.

1.7 Module Groups Synchronization

This option allows the user to synchronize the module groups operating in the Metaconsole with the instances.

Sync modulegroups.png

It is recommended not to have the groups of modules created in the instances and to create them all from the Metaconsole in order to have the same groups of modules both in there and in the instances.

2 Propagation tools

The MetaConsole has tools for the propagation of elements. Unlike synchronization, it is not a fundamental tool for the optimal functioning of the Metaconsole, it only facilitates the availability of data in the Instances, something that is necessary if, for example, we use policies that are applied in different instances (or nodes).

Info.png

It is recommended to synchronize the instances with the meta console after the creation of the different elements in the propagation tool.

 


Next, we are going to see in detail the different propagations or data management that allows us to make the meta console.

2.1 User Management

The following actions can be performed in this section:

  • User management
  • Profile management
  • Edit my user

For example, we have 10 instances inside our meta console, where we want a user with special permissions to operate inside 3 of them. First, we would go to profile management where we would create a special profile with the permissions we want. Then we create the user we want to manage the three instances, assigning the permission we have created to it. Finally, we will synchronize this user and profiles with the instances to have it in all three. After a while the user has become obsolete, but instead of deleting the user we deactivate it in case we want to use it again in the future, we go to user management and use the bulb icon to deactivate it until further notice.

2.1.1 User Management

In this section we can see the list of users already created, modify their configuration, delete them, deactivate them or create new users.

Gestion usuarios.png

2.1.1.1 Create a new user

To add a user click on the "Create User" button, where we will see the following form which must be filled:

Gestion creacionusuarios.png

Gestion creacionusuarios2.png

The parameters that require explanation are:

  • Interactive charts: It allows the user to choose if they prefer to see the interactive graphics, or on the contrary, to use the general configuration of the Metaconsole.
  • Metaconsole access: It sets the user permissions to access the console. These permissions can be:
    • Basic: With this access the user will be able to use in the Wizard only the components whose Wizard level is Basic, as long as the user has ACL permissions on the group they belong to.
    • Advanced: With this access the user will be able to use any of the components in the Wizard regardless of their Wizard level, as long as the user has ACL permissions on the group they belong to.
  • Not Login: If this option os selected, the user will be able to access the API.
  • Enable agents management: This option is used to enable the agent management in the Wizard. If it is deactivated, only the Wizards of modules and alerts will be available.
  • Enable node access: This option is used to enable access to the instances. If it is activated, it will be possible to access the consoles of the instances through the name of agents and modules in many places; for example, from the network map or the events view.

2.1.1.2 Modify/Deactivate/Delete a user

In the user list the following options are available:

  • Activate/Deactivate the user
  • Edit the user
  • Delete the user form the Metaconsole
  • Delete the user form the Metaconsole and all Instances

Gestion modificacionusuarios.png

A user's editing form is the same as the creation form, but including the profile editor.

Gestion modificacionusuarios2.png

In the profile editor the user can be assigned profiles in certain groups besides limiting those privileges to the selected Tags. If Tags are not selected, the user will have access to all modules, whether they have associated Tags or not.

2.1.2 Profile Management

In this section we can see the list of profiles already created, modify their configuration, delete them or create new profiles.

Gestion perfiles.png

There are a series of ACL flags that will give access to the different Pandora FMS functionalities. To know which function enables each ACL flag of the profiles, visit section Perfiles en Pandora FMS in the user manual.

2.1.2.1 Create a new profile

To add a profile click on the "Create" button to see the following form, where we must fill in those permissions that we want to give with the new profile:

Gestion creacionperfil.png

Gestion creacionperfil2.png

Info.png

Some of these bits don't make sense in the Metaconsole. However, we may want to use the Metaconsole to synchronize profiles to Instances, where they could be useful.

 


2.1.2.2 Modify/Delete a profile

In the list of profiles you have options to:

  • Edit the profile
  • Delete a profile from Metaconsole

Dac2.1.png

2.1.3 Edit my user

In this section we can configure the user who is authenticated in the Metaconsole. The profiles assigned to the user will be merely informative. If the authenticated user is not an administrator, this will be the only section you can see.

Gestion editmyuser.png

2.2 Agent management

The following actions can be performed in this section:

  • Migration of agents between instances
  • Self-provisioning of agents
  • Group management

For example, we are planning to manage 15 instances in the metaconsole, and we want the distribution of the agents to be organized according to the load of each instance, creating the agents so that they are always generated in the instance with the lowest load. To do this, we will go to auto-provisioning and activate the option indicated for it. Once done, if for example, we realize that certain agents should go together in the same instance, we will go to the migration of agents between instances, where we will choose which agents move to which other instances so that we don't have to delete and create the agents manually.

2.2.1 Agent Migration

Template warning.png

This feature requires a running Metaconsole server to work.

 


In this section we can migrate agents between the instances connected to our Metaconsole.

Gestion migagentes.png

In order for the historical data of the agents to be transferred, the "Discard history data" checkbox must be activated. Once we have everything selected and we press the "move" button, it will start to perform the following checks to be able to perform the migration.

The agents do not exist in the destination server
There must not exist any agent to migrate with the same agent name in the target server.


The necessary collections are synchronized with the destination server
To prevent the agent from attempting to download non-existent collections once migrated, verify that the collections exist on both servers (source and destination).
The necessary alert definitions are synchronized with the target server
Verify that the templates, actions and commands defined on the source server are also defined on the target server. The relations are made through ID, so these values must also be identical.
The configuration files of the software agents associated to the agents do not exist in the target server
There must not be configuration files with the same name as those associated to the agents that we are going to migrate in the target server. If so, we must remove them from the destination server.
Both servers have the same version
Verify that Pandora FMS versions are identical in both servers.
The address of the destination server is configured
Verify that the IP address of your destination server (Dataserver) is configured, you can access the following screen through Servers > Manage servers of the instance to which we want to move the agents:

Configurar serverIP.png

Configurar serverIP2.png

The necessary policies are synchronized with the target server
Verify that the source server policies are available on the target server. All relations are made through ID, so these values must also be identical.
The groups are synchronized with the destination server
Verify that the groups of the source server are defined in the destination server. All relations are made through ID, so these values must also be identical.
The remote plugins are synchronized with the destination server
Verify that the server plugins are defined in the destination server. All relations are made through ID, so these values must also be identical.
Inventory plugins are synchronized with the target server
Verify that the inventory plugins are defined on the target server. All relations are made through ID, so these values must also be identical.

Once all the checks are done, click on the "Next" button to continue with the migration, where a table with the status of the migration will appear.

Info.png

In order to avoid blocking the work queue, the agent to be transferred will always be processed with lower priority, this avoids the system being blocked by transferring an agent with a lot of data, giving priority to the migration of the agent over the migration of the data.

 


Info.png

In order to optimize the process the original agent will be deactivated and the automatic disable mode will be established. By default, this configuration will eliminate the original agent in 30 days.

 


Template warning.png

Defined prediction modules may lose functionality once the agent is migrated. Review definitions after migration.

 


2.2.2 Agent Autoprovisioning

When we deploy Pandora in big and complex environments with many Pandora nodes and Metaconsole environment, we find the problem of deciding how to deploy the agents: which server is assigned to them? how to balance the workload?

For this, the concept of agents auto-provisioning appears, which allows assigning an agent to one of the multiple Pandora servers that we have in our infrastructure.

Template warning.png

This feature requires a Metaconsole server with a Provisioning Server running in order to work.

 


Template warning.png

This functionality is used to manage the assignment initial of the agents to a given server. When you install your agents for the first time, select the IP address of the Metaconsole as server_ip.

 


To be able to use this feature we will have to configure the server and the Metaconsole.

2.2.2.1 Server Configuration

For the autoprovisioning system to work we must enable the ProvisioningServer at /etc/pandora/pandora_server.conf:

# Enables auto provisioning service
provisioningserver 1

Info.png

Verify that the IP address of your destination servers (Dataserver) is configured in each node. You can access the following screen through Servers > Manage servers

 


Configurar serverIP.png

Configurar serverIP2.png

2.2.2.2 Console Configuration

In this section we can choose between three different types of autoprovisioning, activating the one we want by means of a switch:

Configurar autorprovi.png

Round Robin
It uses the Round-robin planning method to distribute, in an equitable way and in a rational order, all the new Pandora software agents that reach the Metaconsole. The distribution of the agents will be done in a circular way, assigning the corresponding server to each new agent.
Less Loaded
The new agents will be dynamically assigned to those servers with less load.
Custom
In the customized classification, we will be able to define our own classification rules, based on certain parameters retrieved from the information reported by the agent (name of the agent and its IP address).

If we choose the Custom option, we will click on the "Create a custom entry" button where the following form will appear:

Configurar autorprovicustom.png

In the configuration section we will have to put the content that will be added to the configuration file. It is a way of customization that will be used to classify the agents; an example would be:

# Text contained here will be validated and inserted in the agent configuration
server_ip 192.168.80.164

Once created we will have to introduce the rules that we want the agents to comply with by hitting the "add" button.

Configurar autorprovicustom2.png

We will be able to specify the matching conditions in the form of rules using the following fields:

  • agent alias
  • agent address

We will be able to specify the operations using the following fields:

  • OR
  • AND

2.2.3 Group Management

In this section we can manage, delete and create new groups in the Metaconsole.

Configurar gestiongrupo.png

2.2.3.1 Create a Group

To create a new group, click on the "create group" button and the following form will appear:

Configurar creargrupo.png

The parameters that require explanation are:

  • Parent: combo where another group can be defined as the parent of the group being created.
  • Propagate ACL: allows ACLs to be propagated to child subgroups..
  • Custom ID:the groups have an ID in the Database. In this field it is possible to put another custom ID that can be used from an external program to perform an integration.

2.2.3.2 Modify/Delete a group

In the list of groups there are options for:

  • Editing the group
  • Deleting the Metaconsole group

Dac2.1.png

2.3 Module Management

The following actions can be performed in this section:

  • Component Group Management
  • Local component management
  • Network Component Management
  • Plugin management

Before we start, let's explain what a component is: it is a "generic module" that can be applied repeatedly on an agent, being a kind of "master copy" of a module. This is very useful to monitor new agents with the components stored in the database.

For example, we have 12 instances where we want to create the same type of modules in each: we want to create 10 local modules, 5 network modules and 3 custom plugins. Thanks to the management in the Metaconsole we will be able to create these components, each one in its section, and then synchronize them to have them in the different instances without having to manually create them.

2.3.1 Component Group Management

In this section we can delete and create new groups of components.

Gestionar grupocompo.png

Gestionar grupocompo2.png

Gestionar grupocompo3.png

2.3.1.1 Group creation

To create a new group click on the "Create" button.

Gestionar crearcompogrupo.png

2.3.1.2 Group deletion

Gestionar borrarcompogrupo.png

2.3.2 Local component management

En esta sección podremos borrar, duplicar y crear nuevos componentes locales. Un componente local es la definición de un módulo definido en la configuración de los agentes software, definido como "trozos" de texto que se pueden cortar y pegar en la configuración de los agentes.

Gestionar compolocal.png

2.3.2.1 Local component creation

In order to create a local component click on the "Create" button where the following form will appear:

Gestionar compolocalcrear.png

Gestionar compolocalcrear2.png

Gestionar compolocalcrear3.png

In order to see in detail more information about the parameters for the creation of a new local component you can visit Create user.

2.3.2.2 Duplicar/Borrar un componente local

In the list of local components you have options for:

  • Duplicating a local component
  • Deleting a local component of the Meta Console

Meta net component op col.png

2.3.3 Gestión de componentes de red

En esta sección podremos borrar, duplicar y crear nuevos componentes de red. Un componente de red agrupa a todos los módulos de tipo remoto (wmi, tcp, snmp, icmp, plugin, web, etc).

Gestionar compored.png

2.3.3.1 Creación componente de red

Puede crear tres tipos de componentes de red:

  • Network (de red).
  • Plugin (de complemento del servidor).
  • WMI.

Para crear un nuevo componente de red en el menú desplegable seleccione un componente de red de los tres posibles (WMI, Red o Plugin): y hagamos click en el botón Create. A continuación vemos el caso de una pantalla de creación de componente de red.

Gestionar comporedcrear.png

Gestionar comporedcrear2.png

Gestionar comporedcrear3.png

Para ver en detalle más información sobre los parámetros de creación de un nuevo componente de red podéis visitar pincha en el enlace para consultarlo. Componente de red

2.3.3.2 Duplicar/Borrar un componente de red

En la lista de componentes de red se disponen de opciones para:

  • Duplicar un componente de red
  • Borrar un componente de red de la Metaconsola

Meta net component op col.png

2.3.4 Gestión de plugins

En esta sección podremos borrar, modificar y crear nuevos plugins que usarán los componentes de red de tipo plugin.

Gestionar compoplugin.png

2.3.4.1 Creación de plugin

Para crear un plugin hagamos click en el botón “Add” y aparecerá el siguiente formulario:

Gestionar compoplugincrear.png

Gestionar compoplugincrear2.png

Los parámetros que requieren explicación son:

  • Plug-in command: Donde pondremos la PATH donde se encuentra el plugin
  • Plug-in parameters: Donde pondremos los parámetros que debemos escribir para que el plugin funcione correctamente.

Gestionar compoplugincrear.png

2.3.4.2 Modificar/Borrar un plugin

En la lista de plugin se disponen de opciones para:

  • Modificar un plugin
  • Borrar un plugin de la Metaconsola

Ciertos plugins tienen un candado delante de la opción de modificar, porque estos plugins no pueden ser modificados ni borrados.

Gestionar compopluginborrar.png

2.4 Gestión de Alertas

En esta sección se pueden realizar las siguientes acciones:

  • Gestión de comandos
  • Gestión de acciones
  • Gestión de templates

Gestionar alertasgeneral.png

Por ejemplo, en nuestra metaconsola tenemos 5 instancias con distintos clientes en el cual en todas ellas necesitamos medir en cada agente la temperatura de su CPU. Con esta información, necesitamos que una alerta salte cuando la CPU supere cierta temperatura, y lo que queremos es realizar un comando que haga que la CPU elimine ciertos servicios para no ser utilizada de una manera excesiva provocándole la subida de temperatura. Crearíamos una alerta que realice dicho comando y luego la sincronizaríamos con todas nuestras instancias para no tener que realizarla manualmente una a una.

En esta sección solo se hablará de la gestión de templates, en particular las diferencias con la gestión de alertas de las instancias. Para conocer más sobre su funcionamiento y configuración se puede consultar el apartado del manual de Pandora FMS Sistema de alertas.

2.4.1 Gestión de templates

La única diferencia con la gestión de alertas de las instancias, está en la creación de una nueva template. A la hora de crear una template nos aparece una opción llamada “Wizard level”

Gestionar alertas.png

Este campo definirá qué usuarios podrán utilizar esta plantilla para crear alertas desde el Wizard.

  • No Wizard: Esta plantilla no estará disponible en el Wizard
  • Básico: Cualquier usuario con acceso al Wizard podrá utilizar esta plantilla para crear alertas
  • Avanzado: Solamente los usuarios con nivel avanzado de acceso a metaconsola (Ver Crear usuario) podrán utilizar esta plantilla

2.5 Gestión de Alerta de Eventos

En esta sección se pueden realizar las siguientes acciones:

  • Crear alerta de evento
  • Modificar/Borrar/Deshabilitar/Silenciar alertas de eventos

Gestionar alertaseventos.png

Por ejemplo, tenemos 4 instancias donde tenemos en un agente la monitorización del servidor apache de cada una de las páginas web situadas en las distintas instancias. Crearemos una alerta de evento que nos avise cuando dicha monitorización se caiga para avisar al administrador que se debe de levantar el servicio Apache de inmediato, y así no habría que crearla manualmente una a una en los agentes de las instancias.

Para conocer más sobre su funcionamiento y configuración se puede consultar el apartado Sistema de Alertas del manual de Pandora FMS.

2.6 Gestión de componentes

En esta sección se pueden realizar las siguientes acciones:

  • Gestión de tags
  • Gestión de grupo de módulos
  • Gestión de OS

Gestionar componentes.png

2.6.1 Gestión de tags

En esta sección podremos borrar, modificar y crear nuevos tags.

2.6.1.1 Creación de tags

Para crear un nuevo tag hagamos click en el botón “créate tag” y a continuación nos saldrá el siguiente formulario que tendremos que rellenar:

Gestionar tagscrear.png

2.6.1.2 Modificar/Borrar tags

En la lista de tags se disponen de opciones para:

  • Editar el tag
  • Borrar el tag de la Metaconsola

Dac2.1.png

2.6.2 Gestión de grupos de módulo

En esta sección podemos borrar y crear nuevos grupos de módulos.

Gestionar gruposmodulos.png

2.6.2.1 Creación de un grupo

Para poder crear un nuevo grupo de módulo hagamos click en el botón “Create module group”:

Gestionar gruposmoduloscrear.png

2.6.2.2 Borrar grupo módulo

Gestionar borrarcompogrupo.png

2.6.3 Gestión OS

En esta sección podemos borrar y crear nuevos OS del sistema.

Gestionar OS.png

Gestionar OS2.png

2.6.3.1 Creación OS

Para crear un nuevo OS hagamos click en el botón “créate OS” y nos aparecerá un formulario que deberemos rellenar:

Gestionar OScrear.png

2.6.3.2 Borrar OS

Gestionar borrarcompogrupo.png

2.7 Gestión de políticas

Desde esta sección se pueden crear, modificar y borrar políticas.

Meta menu.png

Por ejemplo, tenemos 7 instancias en la cuales 2 de ellas se van a monitorizar de la misma manera, con el mismo nombre de agentes y módulos. Crearíamos una política que nos realice la creación de módulo en los agentes de manera automática, la cual posteriormente sincronizaremos con las distintas instancias sin tener que crearla de una en una.

2.7.1 Creación políticas

Se pueden crear nuevas políticas hagamos click en el botón "Create" donde se muestra el siguiente formulario:

Meta crear.png

Para una mejor comprensión de como configurar las políticas, dirigase a la gestión de políticas.

2.7.2 Modificar/Borrar políticas

En la lista de políticas se disponen de opciones para modificar una política y eliminarla. Si una política tiene agentes, el botón de eliminar estará deshabilitado y aparecerá junto a él un botón para eliminar todos sus agentes. Este botón introducirá en la cola el eliminado de los agentes, y en cuanto se procese, volverá a estar activo el botón de eliminado de la política.

Meta borrar.png

2.8 Gestión de catergorías

En esta sección podemos modificar, borrar y crear nuevas categorías.

Gestionar categorias.png

2.8.1 Creación catergorías

Para crear una nueva categoría hagamos click en el botón “créate category”:

Gestionar categoriascrear.png

2.8.2 Modificar/Borrar categorías

En la lista de categorías se disponen de opciones para:

  • Editar la categoría
  • Borrar la categoría de la Metaconsola

Dac2.1.png

2.9 Gestión de servidores

En esta sección podremos borrar los servidores que tengamos instalados en la metaconsola. Para poder realizar todas las funcionalidades deberían estar los servidores de Autoprovisionamiento y de Migración activados.

Gestionar server.png

Volver a Índice de Documentación Pandora FMS