Hi!
On Fri, 2015-08-28 at 10:29 -0400, Frank Ch. Eigler wrote:
> tadej.j wrote:
>
> > [...]
> > Servers under 3) only accept incoming connections on port 80 and 443.
> > For SSH access on port 22, I have to use my personal VPN credentials.
> > Outgoing connections are allowed on all ports, however.
> >
> > My question is, how can the monitoring server collect the metrics from
> > servers under 3)? Is there a way to push the metrics to some
> > intermediate gateway, which would act similar to pmcd so that pmlogger
> > and pmie can connect to it?
>
> If you can tunnel some random TCP port across an SSH tunnel, it should
> work just fine. You can configure pmmgr to refer to the this-side
> addresses, i.e.,:
>
> % ssh -f -L 6543:localhost:44321 firewalled_host sleep 9999 # or equivalent
> # echo 'localhost:6543' >> /etc/pcp/pmmgr/target-host
Thanks for the tip, it helped me steer in the right direction.
Since I don't want to give the monitoring server my personal VPN
credentials to access servers behind firewall on port 22, I can't use
ordinary SSH tunneling.
The solution is to create a reverse SSH tunnel initiated by the server
behind firewall that connects to the monitoring server. Something like:
% ssh -nNT -R 6543:localhost:44321 monitoring_server
In order to reliably keep this reverse SSH tunnel open, I'm using
autossh [1]:
autossh -M 20000 -N -R 6543:localhost:44321 monitoring_server
To automatically start autossh at boot, I'll create a Systemd service.
> That's it. pmie won't work across that tunnel, due to bugs just
> recently fixed (somewhere in the merge queue), but pmlogger will be
> fine.
Can you give me a link/pointer to the fix(es)?
I have another question regarding this setup.
Is it possible to give the machines which pmmgr will be referring to as
'localhost:6543', 'localhost:6544', ... a nicer name/alias which can be
used by pmlogger and web UI tools like Vector and Grafana?
Thanks and regards,
Tadej
[1] http://www.harding.motd.ca/autossh/
|