Sharing server exchange directory

Introduction

Pandora FMS dataserver uses the /var/spool/pandora/data_in directory, and all its contents to manage the information that recieves and send to the software agents.

That directory also needs to be accessible by the console of Pandora, so the instructions that it sends to the agents can reach them, being config files or collections.

If we have several servers with severs with several consoles, the default configuration, every console will be able to manage the agents of the server where it is located.

Now, let's suppose that we have several Pandora servers working in a common environment.

Each of the agents that each server manages will communicate with their assigned dataserver using the data_in folder. On a multiple-dataserver architecture with a single console, unify agent management using NFS to share this pool of common information.

Sharing the pandora_console/attachment folder between the different Consoles is also recommended as it makes collection management easier.

It's mandatory to share data_in's conf, md5, collections and netflow folders for HA environments, and we recommend to share the pandora_console/attachment folder as well. The data_in folder itself must not be shared, unless Tentacle server is configured for concurrent access to XML files.

NFS configuration

First steps

Install the nfs-utils package on all the systems that will share the directory by NFS:

yum install -y nfs-utils

Configuration of the NFS server

It's very important for the NFS server to be a separate server from those of Pandora FMS. If one of them were configured as NFS server and there were any errors prevented the client from connecting, the shared files would not be accesible, causing errors in Pandora FMS.

Edit the file /etc/export adding the following:

/var/spool/pandora/data_in/conf [IP_CLIENTE](rw,sync,no_root_squash,no_all_squash)
/var/spool/pandora/data_in/collections [IP_CLIENTE](rw,sync,no_root_squash,no_all_squash)
/var/spool/pandora/data_in/md5 [IP_CLIENTE](rw,sync,no_root_squash,no_all_squash)
/var/spool/pandora/data_in/netflow [IP_CLIENTE](rw,sync,no_root_squash,no_all_squash)
/var/www/html/pandora_console/attachment [IP_CLIENTE](rw,sync,no_root_squash,no_all_squash)

Where [client_ip] stands for the IP address of the system with which the resource is going to be shared. For example:

 /var/spool/pandora/data_in/conf 192.168.70.10(rw,sync,no_root_squash,no_all_squash)
 /var/spool/pandora/data_in/collections 192.168.70.10(rw,sync,no_root_squash,no_all_squash)
 /var/spool/pandora/data_in/md5 192.168.70.10(rw,sync,no_root_squash,no_all_squash)
 /var/spool/pandora/data_in/netflow 192.168.70.10(rw,sync,no_root_squash,no_all_squash)
 /var/www/html/pandora_console/attachment 192.168.70.10(rw,sync,no_root_squash,no_all_squash)

In case that we have the firewall enabled in our system, open the required ports:

 # CentOS
 firewall-cmd --permanent --zone = public --add-service = nfs
 firewall-cmd --reload

Once done, we start the services:

 # CentOS
 service rpcbind start
 service nfs-server start
 service nfs-lock start
 service nfs-idmap start

Configure NFS to start when the system powers on:

 chkconfig rpcbind on
 chkconfig nfs-server on
 chkconfig nfs-lock on
 chkconfig nfs-idmap on

To refresh any change in the setup of the /etc/export restart nfs-server

service nfs-server restart

Configuration of the NFS clients

First, back up the directory:

mv /var/spool/pandora/data_in /var/spool/pandora/data_in_locale

Note If that system does not have apache installed (is not necessary to install it), add to /etc/passwd and /etc/group the user apache to avoid permission conflicts:

 echo "apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin">> /etc/passwd
 echo "apache:x:48:">> /etc/group

Check the folder permissions:

 chown pandora:apache /var/spool/pandora/data_in
 chmod 770 /var/spool/pandora/data_in

Check that we can mount successfully the remote folder:

mount -t nfs [IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/conf /var/spool/pandora/data_in/conf
mount -t nfs [IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/md5 /var/spool/pandora/data_in/md5
mount -t nfs [IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/collections /var/spool/pandora/data_in/collections
mount -t nfs [IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/netflow /var/spool/pandora/data_in/netflow

Where [NFS_SERVER_IP] stands for the IP address of the server that provides the NFS service. For example:

 mount -t nfs 192.168.70.10:/var/spool/pandora/data_in/conf /var/spool/pandora/data_in/conf
 mount -t nfs 192.168.70.10:/var/spool/pandora/data_in/md5 /var/spool/pandora/data_in/md5
 mount -t nfs 192.168.70.10:/var/spool/pandora/data_in/collections /var/spool/pandora/data_in/collections
 mount -t nfs 192.168.70.10:/var/spool/pandora/data_in/netflow /var/spool/pandora/data_in/netflow

If the previous command fails, check:

  • Firewall status.
  • If you are running as root.
  • If the directory where you want to build it exists.

If everything is right up to here, configure the system to be built automatically if there is a reboot, editing the file /etc/fstab:

# Add the following lines to the configuration file /etc/fstab
[NFS_SERVER_IP]:/var/spool/pandora/data_in/conf    /var/spool/pandora/data_in/conf   nfs defaults 0 0
[NFS_SERVER_IP]:/var/spool/pandora/data_in/md5    /var/spool/pandora/data_in/md5   nfs defaults 0 0
[NFS_SERVER_IP]:/var/spool/pandora/data_in/collections    /var/spool/pandora/data_in/collections   nfs defaults 0 0
[NFS_SERVER_IP]:/var/spool/pandora/data_in/netflow    /var/spool/pandora/data_in/netflow    nfs defaults 0 0
[NFS_SERVER_IP]:/var/www/html/pandora_console/attachment    /var/www/html/pandora_console/attachment    nfs defaults 0 0

Where [NFS_SERVER_IP] stands for the IP direction of the server that provides the NFS service.

Configuring Tentacle Server for NFS concurrent access

If you want to store the agents' XML files in the same shared disk (instead of having each server handle their own locally), Tentacle servers of both computers must be configured so the XML files get distributed into separate folders. This will avoid problems when the Dataservers process the files in both Pandora FMS servers.

To that end, create two folders within the directory /var/spool/pandora/data_in:

 mkdir /var/spool/pandora/data_in/xml_srv1
 mkdir /var/spool/pandora/data_in/xml_srv2

Fix the permissions of both directories:

 chmod pandora:apache /var/spool/pandora/data_in/xml_srv1
 chmod pandora:apache /var/spool/pandora/data_in/xml_srv2

Edit the TENTACLE_EXT_OPTS value in the file /etc/init.d/tentacle_serverd to set the XML file delivery folder:

TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections"

In server number 1, it becomes:

TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections;.*\.data:xml_srv1"

In sever number 2, it becomes:

TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections;.*\.data:xml_srv2"

Finally, edit the configuration file of both Pandora FMS servers as follows:

 # Pandora FMS server number 1
 # incomingdir:  It defines directory where incoming data packets are stored
 # You could set directory relative to base path or absolute, starting with /
 incomingdir /var/spool/pandora/data_in/xml_srv1
 # Pandora FMS server number 2
 # incomingdir:  It defines directory where incoming data packets are stored
 # You could set directory relative to base path or absolute, starting with /
 incomingdir /var/spool/pandora/data_in/xml_srv2

After applying all the indicated changes, restart both the pandora_server service as well as the tentacle_serverd service in both servers.

Go back to Pandora FMS documentation index