Plugin openshift.

Plugin to monitor openshift.

Introduction

Ver. 10-02-2022

With this plug-in we will be able to view data and monitor our openshift nodes and pods.

Type: Server plug-in

Compatibility

Systems where tested

CentOS 7, Fedora
Systems where it should work

Any linux system

 

Pre requisites

- Have openshift CLI(oc) installed.

Information about cli installation can be found in the official documentation:

https://docs.openshift.com/container-platform/4.9/cli_reference/openshift_cli/getting-started-cli.html


- Have a project created in openshift.

- The openshift user account must have cluster-reader permissions.

The cli commands to add permissions are as follows (these must be given from a privileged account)

Add a role to a user :

oc adm policy add-role-to-user <role> <user_name>

Remove a role from a user :

oc adm policy remove-role-from-user <role> <user_name>

Add a role to a user for all projects:

oc adm policy add-cluster-role-to-user <role> <user_name>

Remove a user role for all projects:

oc adm policy remove-cluster-role-from-user <role> <user_name>

Example :

image-1644427009267.png

./crc config set enable-cluster-monitoring true

Example:

openshiftmonitoing.png

To be able to have enabled a minimum of 14 gb is requested, so if we have configured the environment with less, and we activate the cluster-monitoring option we will have to add more to the machine, the minimum is 14336 in mb.

The command to specify the memory is :

./crc config set memory 14336

Example:

change memory.png

- Have the perl tools plugin in a folder called PandoraFMS.

- Have installed the Pandora software agent

 

Parameters

The plugin makes use of the following parameters:

cli Path of the openshift oc binary
user Your user name
password Your password
ip Ip of your environment (complete route with port)
project openshift project
mode xml sending mode (leave tentacle as default)
tentacle ip Ip of pandora to send data to
tentacle port Tentacle port number (default: 41121)
agent_openshift To enable this agent, it creates modules with the number of deployments, services...etc. Leave it to 1 to enable it.
agent_node To enable one agent per node. Leave on 1 to enable it.
agent_pod To enable one agent per pod. Leave on 1 to enable it.
agent_pod_stats To enable an agent with the metrics of each pod. Leave on 1 to enable it.
agent_deployment To enable one agent per deployment. Leave on 1 to enable it.
agent_imagestreams To enable an agent with modules for each imagestreams, the number of imagestreams is determined with top_imagestreams_count. Set to 1 to enable it.
agent_csv
 To enable an agent to create a module to monitor cluster service version.
agent_component_status To enable an agent to create a module to monitor component status.
agent_operators To enable an agent to create a module to monitor operators.
agent_replication_controller To enable an agent that will create a module for each replication controller in our environment. Leave to 1 to enable it.
agent_apiservice To enable an agent that will create a module for each service of our API. Leave to 1 to enable it.
agent_services To enable an agent that will create a module for each service in our environment. Leave to 1 to enable it.
top_imagestream_count Number of imagestreams to monitor in your environment. Default 11.
prefix Customized name for the created agents
as_server_plugin If it is to be used as a server plugin, set it to 1 to activate it, if it is used as an agent plugin, set it to 0.

You will have to edit the conf by setting the required value.

Example:

# oc cli config
cli=/home/alejandro/Descargas/cli/oc
user=developer
password=developer
ip=https://<ip>:6443/
project=prueba
# transfer configuratios
mode=tentacle
tentacle_ip=192.168.1.200
tentacle_port=41121
# enabled metrics block
agent_openshift=1
agent_node=1
agent_pod=1
agent_pod_stats=1
agent_deployment=1
agent_imagestreams=1
agent_apiservice=1
agent_services=1
agent_replication_controller=1
agent_component_status=1
agent_csv=0
agent_operators=1
top_imagestreams_count=11
# define 
as_server_plugin=1
prefix=prueba

Manual execution

The plugin can be executed manually by calling the perl plugin and the conf file:

<path pandora_openshift.pl> <pandora_openshift.conf>

If the conf option, as_server_plugin is set to 1 it will show a number on the screen, specifically a 9 if everything is correct.

image-1645117674078.png

If it is executed with as_server_plugin at 0 it will not return anything by terminal, unless there is some error that will paint a module in xml with the part that fails in the description.

Configuration in Pandora FMS

As agent plugin

To be able to monitor from Pandora FMS with the plugin, we must call it from the conf of the software agent that is in the following path :

/etc/pandora/pandora_agent.conf

we will call it in the last line of the conf with the command module_plugin , followed by the path of the perl plugin and the path of the conf file.

module_plugin perl <path .pl> <path .conf>

This can also be done from the console if remote configuration is enabled.

As a server plugin

Installation from console

To register the plugin, from the console, go to the "register plugin" section.

 

register_plugin.png

Click on select file.

register_plugin2.png

 

The .pspz2 file to be uploaded will be selected.

register1_openshift.png

A message will appear informing that you have successfully registered.

register2_openshift.png

Once the plugin is registered, we will see it in the plugins section.

serversingles.png

You can access the plugin menu by clicking on the plugin title.

register3_openshift.png

In parameters we will see the macro used by the plugin, this is not necessary to touch it

register4_openshift.png

In the Default value field, we must enter the path to our .conf file.

register5_openshift.png

 

Manual installation

Go to servers > plugins:

image-1629974405286.png

Click on add:

image-1629974430627.png

We put the name and description of your choice:

 

image-1646653196568.png

We enter as command the execution with the path of the plugin:

/path_pandora_openshift path_pandora_openshift.conf

image-1646653248949.png

 

Modules generated by the plugin

The plugin will generate :

* prefix is a conf parameter that we can customize by adding any name we want.

- One agent for each node of the environment with name : prefix_OS_Node_<node name>.

Each node agent will have the following modules :

Status
Roles
Age
Versión
cpu cores
cpu %
memory bytes
memory %

nodos_modulos.png

- One agent for each pod in the environment with name : prefix_OS_Pod_<pod name>.

Each pod agent will have the following modules:

Status
Restarts
Ready
Age

image-1645115122322.png

- An agent with name: prefix_OS_POD_Stats

It will create a cpu(cores) module and a memory module for each pod.

<nombre-pod>_Cpu (cores)
<nombre-pod>_Memory (bytes)

image-1645115401735.png

- One agent for each deployment with name :prefix_ OS_Deployment_<deployment-name>.

Each Deployment agent will have the following data :

 

Age
Avalaible
Ready
Up to date

 

image-1644837340546.png

- An agent named "prefix_OS_Imagestreams_stats" with modules for each imagestream in our environment (the number is configured in the .conf).

The agent OS_Imagestreams_stats will contain the following modules for each Imagestream:

<nombre imagestream> - storage
<nombre imagestream> - images

image-1644851092860.png

- An agent with name "prefix_OS_Api_service" with modules for each element of our api.

Elemento API

image-1645031007816.png

- An agent named "prefix_OS_Replication controllers with the following modules for each replication controller:

<Replication controller nombre> Desired
<Replication controller nombre> Current
<Replication controller nombre> Ready
<Replication controller nombre> Age

image-1645115623265.png

- An agent named "prefix_OS_Services" with a module for each service in our environment.

Servicio

image-1645031359257.png

- In addition, the plugin will generate an agent called "prefix_Openshift" with modules that will indicate the number of certain elements in our environment.

The Openshift agent will contain the following modules:

 

Services
Deployments
Namespaces
Nodes
Pods
Imagestreams
Replication controllers

image-1645031121455.png

 

Example of agent view after plugin execution

image-1645115831454.png

 

 

 

 

 

Possible problems

Error from server (ServiceUnavailable)

Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io)
Error from server (ServiceUnavailable): the server is currently unable to handle the request (get pods.metrics.k8s.io)

image-1644835302770.png

This error occurs because the commands that take the metrics from the nodes and pods cannot be invoked.

image-1644835468926.png

Most likely it is because the metric server or the monitoring option in the openshift environment is disabled, or has been disabled. Make sure the server is running, you can see more data about this error from the openshift console which will indicate if there is a problem with monitoring.

Permissions

The plugin has internal openshift CLI commands that need permissions to run from the pandora agent.

chmod 755 pandora_openshift.pl
chmod 755 pandora_openshift.conf

At the same time, the cli binary must also have the correct permissions, in this case root:root so that the pandora agent can execute it.

 

chown root:root /path_oc
chmod 755 /path_oc

Error control

The plugin works modularly, so if for some reason it fails to send the data, through terminal commands we can see where it is failing. We will be able to see that part of the environment that we are getting the data is having problems to send the data (pods, nodes, deployments, etc).

With the parameter as_server_plugin of the conf to 0

Executing the plugin by terminal, if any part fails when sending the data it will print a module and in the description we will see which agent is the one that fails.

<path pandora_openshift.pl> <path pandora_openshift.conf>

image-1645116241124.png

In this example we have painted a module in xml by terminal that tells us in the description that it has had problems with the pod_stats agent.

With the parameter as_server_plugin of the conf to 1

If we execute manually the plugin by terminal with the option as_server_plugin to 1, this will paint by terminal a number, this number indicates in which part the plugin has failed.

9 You have executed everything perfectly
8 Failed in openshift agent
7 Failed in replication controllers agent
6 Failed agent services
5 Agent api services failed
4 Failed in the imagestreams agent
3 Failed in deployments agents
2 You have failed in the agent pod stats
1 Failed in pod agents
0 Failed in node agents