Pandora: Metaconsole: Documentation en: Synchronization and propagation

From Pandora FMS Wiki
Jump to: navigation, search

Contents

1 Synchronization tools

The Metaconsole has tools for the synchronization of elements, which are fundamental for the correct management of the Instances. The synchronization is based on passing all the information created in the metaconsole to the different Instances to manage all possible information of each of them from the Metaconsole.

For example, if we have 20 different instances(nodes) in our company, and we want the same user to have the same access permissions in those 20, we can create a user with the desired profiles and synchronize that user to have it in the 20 instances(nodes) and thus not have to create it individually in each instance.

Another example, we have to monitor different clients that are distributed throughout our instances, so that some clients are also repeated in different instances. We will be able to create the different groups to which the agents of the different instances will belong, and then synchronize each corresponding group with its instance.

Next, we are going to see in detail the different synchronizations that the Metaconsole allows us to make.

1.1 User Synchronization

This option allows the user to synchronize the users of the Metaconsole and their profiles in the instances.

Within this synchronization we can find two different options:

  • Copy the configured profiles to the user

Sync usuarioscopia.png

  • Give new profiles to the created user

Sync usuariosnuevos.png

In both cases we have the option to create the groups associated to the profiles in case they do not exist in the instance(node).

Before using this synchronization, it is recommended to take into account the users that are going to create new ones in the instances, due to possible conflicts with the user ID. It is recommended not to have users created in the instances and to create them all from the meta console in order to have the same users both in there as in the instances.

Info.png

In both cases, profiles that do not exist in the instance will be created.

 


Template warning.png

When in doubt about which option is best to use, user profiles must be copied.

 


1.2 Group Synchronization

This option allows the user to synchronize the Metaconsole groups with the instances.

Sync grupos.png

It is recommended not to have groups created in the instances and to create them all from the meta console in order to have the same groups both in there and in the instances.

Template warning.png

Once the groups have been synchronized, their names should not be modified either in the meta console or in the node. If it is done, it will be necessary to modify them in both places so that it does not give problems since the synchronization is based on the ID, but some operations use the name. The synchronization in the current version synchronizes the name the first time, but if there are later changes of names in the groups they will not be synchronized.

 


1.3 Alert Synchronization

This option allows the user to synchronize the Metaconsole alerts with the instances.

Sync alertas.png

It is recommended not to have alerts created in the instances and to create them all from the console in order to have the same alerts both in there and in the instances.

1.4 Component Synchronization

This option allows the user to synchronize the components of the Metaconsole with the instances.

Sync componentes.png

It is recommended not to have components created in the instances and to create them all from the Metaconsole in order to have the same components both in there and in the instances.

1.5 Tag Synchronization

This option allows the user to synchronize the tags of the Metaconsole with the instances.

Sync tagsnew.png

It is recommended not to have tags created in the instances and to create them all from the Metaconsole in order to have the same tags both in there and in the instances.

1.6 OS Synchronization=

This option allows the user to synchronize the OS of the Metaconsole with the instances.

Sync OS.png

It is recommended not to have OS created in the instances and to create them all from the Metaconsole in order to have the same OS both in there and in the instances.

1.7 Module Groups Synchronization

This option allows the user to synchronize the module groups operating in the Metaconsole with the instances.

Sync modulegroups.png

It is recommended not to have the groups of modules created in the instances and to create them all from the Metaconsole in order to have the same groups of modules both in there and in the instances.

2 Propagation tools

The MetaConsole has tools for the propagation of elements. Unlike synchronization, it is not a fundamental tool for the optimal functioning of the Metaconsole, it only facilitates the availability of data in the Instances, something that is necessary if, for example, we use policies that are applied in different instances (or nodes).

Info.png

It is recommended to synchronize the instances with the meta console after the creation of the different elements in the propagation tool.

 


Next, we are going to see in detail the different propagations or data management that allows us to make the meta console.

2.1 User Management

The following actions can be performed in this section:

  • User management
  • Profile management
  • Edit my user

For example, we have 10 instances inside our meta console, where we want a user with special permissions to operate inside 3 of them. First, we would go to profile management where we would create a special profile with the permissions we want. Then we create the user we want to manage the three instances, assigning the permission we have created to it. Finally, we will synchronize this user and profiles with the instances to have it in all three. After a while the user has become obsolete, but instead of deleting the user we deactivate it in case we want to use it again in the future, we go to user management and use the bulb icon to deactivate it until further notice.

2.1.1 User Management

In this section we can see the list of users already created, modify their configuration, delete them, deactivate them or create new users.

Gestion usuarios.png

2.1.1.1 Create a new user

To add a user click on the "Create User" button, where we will see the following form which must be filled:

Gestion creacionusuarios.png

Gestion creacionusuarios2.2.png

The parameters that require explanation are:

  • Interactive charts: It allows the user to choose if they prefer to see the interactive graphics, or on the contrary, to use the general configuration of the Metaconsole.
  • Metaconsole access: It sets the user permissions to access the console. These permissions can be:
    • Basic: With this access the user will be able to use in the Wizard only the components whose Wizard level is Basic, as long as the user has ACL permissions on the group they belong to.
    • Advanced: With this access the user will be able to use any of the components in the Wizard regardless of their Wizard level, as long as the user has ACL permissions on the group they belong to.
  • Search custom field view: Seleccionamos el filtro por defecto para la vista de "Campos personalizados"
  • Not Login: If this option os selected, the user will be able to access the API.
  • Enable agents management: This option is used to enable the agent management in the Wizard. If it is deactivated, only the Wizards of modules and alerts will be available.
  • Enable node access: This option is used to enable access to the instances. If it is activated, it will be possible to access the consoles of the instances through the name of agents and modules in many places; for example, from the network map or the events view.

2.1.1.2 Modify/Deactivate/Delete a user

In the user list the following options are available:

  • Activate/Deactivate the user
  • Edit the user
  • Delete the user form the Metaconsole
  • Delete the user form the Metaconsole and all Instances

Gestion modificacionusuarios.png

A user's editing form is the same as the creation form, but including the profile editor.

Gestion modificacionusuarios2.png

In the profile editor the user can be assigned profiles in certain groups besides limiting those privileges to the selected Tags. If Tags are not selected, the user will have access to all modules, whether they have associated Tags or not.

2.1.2 Profile Management

In this section we can see the list of profiles already created, modify their configuration, delete them or create new profiles.

Gestion perfiles.png

There are a series of ACL flags that will give access to the different Pandora FMS functionalities. To know which function enables each ACL flag of the profiles, visit section Perfiles en Pandora FMS in the user manual.

2.1.2.1 Create a new profile

To add a profile click on the "Create" button to see the following form, where we must fill in those permissions that we want to give with the new profile:

Gestion creacionperfil.png

Gestion creacionperfil2.png

Info.png

Some of these bits don't make sense in the Metaconsole. However, we may want to use the Metaconsole to synchronize profiles to Instances, where they could be useful.

 


2.1.2.2 Modify/Delete a profile

In the list of profiles you have options to:

  • Edit the profile
  • Delete a profile from Metaconsole

Dac2.1.png

2.1.3 Edit my user

In this section we can configure the user who is authenticated in the Metaconsole. The profiles assigned to the user will be merely informative. If the authenticated user is not an administrator, this will be the only section you can see.

Gestion editmyuser.png

Template wip.png

We are working on the translation of the Pandora FMS documentation. Sorry for any inconvenience.

 


2.2 Agent management

The following actions can be performed in this section:

  • Migration of agents between instances
  • Self-provisioning of agents
  • Group management

For example, we are planning to manage 15 instances in the metaconsole, and we want the distribution of the agents to be organized according to the load of each instance, creating the agents so that they are always generated in the instance with the lowest load. To do this, we will go to auto-provisioning and activate the option indicated for it. Once done, if for example, we realize that certain agents should go together in the same instance, we will go to the migration of agents between instances, where we will choose which agents move to which other instances so that we don't have to delete and create the agents manually.

2.2.1 Agent Migration

Template warning.png

This feature requires a running Metaconsole server to work.

 


In this section we can migrate agents between the instances connected to our Metaconsole.

Gestion migagentes.png

In order for the historical data of the agents to be transferred, the "Discard history data" checkbox must be activated. Once we have everything selected and we press the "move" button, it will start to perform the following checks to be able to perform the migration.

The agents do not exist in the destination server
There must not exist any agent to migrate with the same agent name in the target server.


The necessary collections are synchronized with the destination server
To prevent the agent from attempting to download non-existent collections once migrated, verify that the collections exist on both servers (source and destination).
The necessary alert definitions are synchronized with the target server
Verify that the templates, actions and commands defined on the source server are also defined on the target server. The relations are made through ID, so these values must also be identical.
The configuration files of the software agents associated to the agents do not exist in the target server
There must not be configuration files with the same name as those associated to the agents that we are going to migrate in the target server. If so, we must remove them from the destination server.
Both servers have the same version
Verify that Pandora FMS versions are identical in both servers.
The address of the destination server is configured
Verify that the IP address of your destination server (Dataserver) is configured, you can access the following screen through Servers > Manage servers of the instance to which we want to move the agents:

Configurar serverIP.png

Configurar serverIP2.png

The necessary policies are synchronized with the target server
Verify that the source server policies are available on the target server. All relations are made through ID, so these values must also be identical.
The groups are synchronized with the destination server
Verify that the groups of the source server are defined in the destination server. All relations are made through ID, so these values must also be identical.
The remote plugins are synchronized with the destination server
Verify that the server plugins are defined in the destination server. All relations are made through ID, so these values must also be identical.
Inventory plugins are synchronized with the target server
Verify that the inventory plugins are defined on the target server. All relations are made through ID, so these values must also be identical.

Once all the checks are done, click on the "Next" button to continue with the migration, where a table with the status of the migration will appear.

Info.png

In order to avoid blocking the work queue, the agent to be transferred will always be processed with lower priority, this avoids the system being blocked by transferring an agent with a lot of data, giving priority to the migration of the agent over the migration of the data.

 


Info.png

In order to optimize the process the original agent will be deactivated and the automatic disable mode will be established. By default, this configuration will eliminate the original agent in 30 days.

 


Template warning.png

Defined prediction modules may lose functionality once the agent is migrated. Review definitions after migration.

 


2.2.2 Agent Autoprovisioning

When we deploy Pandora in big and complex environments with many Pandora nodes and Metaconsole environment, we find the problem of deciding how to deploy the agents: which server is assigned to them? how to balance the workload?

For this, the concept of agents auto-provisioning appears, which allows assigning an agent to one of the multiple Pandora servers that we have in our infrastructure.

Template warning.png

This feature requires a Metaconsole server with a Provisioning Server running in order to work.

 


Template warning.png

This functionality is used to manage the assignment initial of the agents to a given server. When you install your agents for the first time, select the IP address of the Metaconsole as server_ip.

 


To be able to use this feature we will have to configure the server and the Metaconsole.

2.2.2.1 Server Configuration

For the autoprovisioning system to work we must enable the ProvisioningServer at /etc/pandora/pandora_server.conf:

# Enables auto provisioning service
provisioningserver 1

Info.png

Verify that the IP address of your destination servers (Dataserver) is configured in each node. You can access the following screen through Servers > Manage servers

 


Configurar serverIP.png

Configurar serverIP2.png

2.2.2.2 Console Configuration

In this section we can choose between three different types of autoprovisioning, activating the one we want by means of a switch:

Configurar autorprovi.png

Round Robin
It uses the Round-robin planning method to distribute, in an equitable way and in a rational order, all the new Pandora software agents that reach the Metaconsole. The distribution of the agents will be done in a circular way, assigning the corresponding server to each new agent.
Less Loaded
The new agents will be dynamically assigned to those servers with less load.
Custom
In the customized classification, we will be able to define our own classification rules, based on certain parameters retrieved from the information reported by the agent (name of the agent and its IP address).

If we choose the Custom option, we will click on the "Create a custom entry" button where the following form will appear:

Configurar autorprovicustom.png

In the configuration section we will have to put the content that will be added to the configuration file. It is a way of customization that will be used to classify the agents; an example would be:

# Text contained here will be validated and inserted in the agent configuration
server_ip 192.168.80.164

Once created we will have to introduce the rules that we want the agents to comply with by hitting the "add" button.

Configurar autorprovicustom2.png

We will be able to specify the matching conditions in the form of rules using the following fields:

  • agent alias
  • agent address

We will be able to specify the operations using the following fields:

  • OR
  • AND

2.2.3 Autoconfiguration

In this section you can edit the autoconfigurations of the agents in a centralized way from the Metaconsole. In order to make this edition, we must have activated the "Centralized management".

For more information, visit this link.

2.2.4 Group Management

In this section we can manage, delete and create new groups in the Metaconsole.

Configurar gestiongrupo.png

2.2.4.1 Create a Group

To create a new group, click on the "create group" button and the following form will appear:

Configurar creargrupo.png

The parameters that require explanation are:

  • Parent: combo where another group can be defined as the parent of the group being created.
  • Propagate ACL: allows ACLs to be propagated to child subgroups..
  • Custom ID:the groups have an ID in the Database. In this field it is possible to put another custom ID that can be used from an external program to perform an integration.

2.2.4.2 Modify/Delete a group

In the list of groups there are options for:

  • Editing the group
  • Deleting the Metaconsole group

Dac2.1.png


2.2.5 Tree group

In this section we can perform exactly the same actions as in the previous section, changing the display mode:

Tree group meta.png

2.2.6 Collections

From Pandora FMS OUM729 you can centralize the management of collections from the Metaconsole.

Mc col menu.png

The first time you access collection management, with centralized management enabled , an internal process of synchronization of the collections from the nodes to the Metaconsole will be performed:

Mc col message.png


From this moment on, you will have the collections in the Metaconsole. To avoid conflicts, you must manually copy the collection directories from the nodes to the Metaconsole:

Source location (node):


/var/www/html/pandora_console/attachment/collection/


Destination location (Metaconsole):

/var/www/html/pandora_console/attachment/collection/


Note: Remember to assign the correct permissions to the transferred files:

chmod apache. -R  /var/www/html/pandora_console/attachment/collection/*


Once the files are transferred, you can recreate the collection to force synchronization to nodes.

For more information about the collections, please visit this link.

2.3 Module Management

The following actions can be performed in this section:

  • Component Group Management
  • Local component management
  • Network Component Management
  • Plugin management

Before we start, let's explain what a component is: it is a "generic module" that can be applied repeatedly on an agent, being a kind of "master copy" of a module. This is very useful to monitor new agents with the components stored in the database.

For example, we have 12 instances where we want to create the same type of modules in each: we want to create 10 local modules, 5 network modules and 3 custom plugins. Thanks to the management in the Metaconsole we will be able to create these components, each one in its section, and then synchronize them to have them in the different instances without having to manually create them.

2.3.1 Component Group Management

In this section we can delete and create new groups of components.

Gestionar grupocompo.png

Gestionar grupocompo2.png

Gestionar grupocompo3.png

2.3.1.1 Group creation

To create a new group click on the "Create" button.

Gestionar crearcompogrupo.png

2.3.1.2 Group deletion

Gestionar borrarcompogrupo.png

2.3.2 Local component management

In this section we can delete, duplicate and create new local components. A local component is the elaboration of a module defined in the configuration of software agents, structured as "pieces" of text that can be cut and pasted in the configuration of agents.

Gestionar compolocal.png

2.3.2.1 Local component creation

In order to create a local component click on the "Create" button where the following form will appear:

Gestionar compolocalcrear.png

Gestionar compolocalcrear2.png

Gestionar compolocalcrear3.png

In order to see in detail more information about the parameters for the creation of a new local component you can visit Create user.

2.3.2.2 Duplicate/Delete a local component

In the list of local components you have options for:

  • Duplicating a local component
  • Deleting a local component of the Meta Console

Meta net component op col.png

2.3.3 Network Component Management

In this section we can delete, duplicate and create new network components. A network component groups all remote modules (wmi, tcp, snmp, icmp, plugin, web, etc).

Gestionar compored.png

2.3.3.1 Creating Network Component

There are three types of network components that can be created:

  • Network
  • Plugin
  • WMI

To create a new network component in the drop-down menu select a network component from the three possible (WMI, Network or Plugin): and click on the button Create. Next, we will see a screen to create a network component.


Gestionar comporedcrear.png

Gestionar comporedcrear2.png

Gestionar comporedcrear3.png

To see in detail more information about the parameters of creation of a new network component you can visit the section Network component.


2.3.3.2 Duplicating/Deleting a Network Component

In the list of network components you have options for:

  • Duplicating a network component
  • Deleting a network component from the Metaconsole


Meta net component op col.png

2.3.4 Plugin Management

In this section we will be able to delete, modify and create new plugins that will use plugin type network components.

Gestionar compoplugin.png

2.3.4.1 Creating a Plugin

To create a plugin click on the "Add" button and the following form will appear:

Gestionar compoplugincrear.png

Gestionar compoplugincrear2.png

The parameters that require explanation are:

  • Plug-in command: Where we will put the PATH to where the plugin is located
  • Plug-in parameters: Where we will put the parameters that we must write so that the plugin works correctly.

Gestionar compoplugincrear.png

2.3.4.2 Modifying/Deleting a Plugin

In the plugin list there are options for:

  • Modifying a plugin
  • Deleting a plugin from the Metaconsole

Certain plugins have a padlock in front of the Modify option, because these plugins cannot be modified or deleted.

Gestionar compopluginborrar.png

2.4 Alert Management

The following actions can be performed in this section:

  • Management of commands
  • Management of shares
  • Management of templates

Gestionar alertasgeneral.png

For example, in our meta console we have 5 instances with different clients and in all of them we need to measure in each agent the temperature of its CPU. With this information, we need an alert to be triggered when the CPU exceeds a certain temperature, and what we want is to create a command that will make the CPU eliminate certain services so as not to be used in an excessive way, causing it to rise in temperature. We would generate an alert that carries out this command and then synchronize it with all our instances so that we don't have to do it manually one by one.

In this section we will only talk about the management of templates, in particular, the differences with the management of alerts of the instances. To know more about its operation and configuration you can consult the Alert System section inside the Pandora FMS manual.

2.4.1 Template Management

The only difference with regard to the management of alerts of the instances, is in the creation of a new template. When creating a template we have an option called "Wizard level".

Gestionar alertas.png

This field will define which users will be able to use this template to create alerts from the Wizard.

  • No Wizard: This template will not be available in the Wizard.
  • Basic: Any user with access to the Wizard will be able to use this template to create alerts.
  • Advanced: Only users with advanced level of access to Metaconsole will be bale to use this template (see section Create user).

2.5 Event Alert Management

The following actions can be performed in this section:

  • Create event alert
  • Modify/Delete/Disable/Silence event alerts

Gestionar alertaseventos.png

For example, we have 4 instances where we have in one of the agents the monitoring of the apache server of each of the web pages located in the different instances. We will create an event alert that will warn us when this monitoring goes down to warn the administrator that the Apache service should be immediately fixed, so that it wouldn't be necessary to create one by one manually in the instances agents.

To find out more about its operation and configuration, please consult the section Alert System of the Pandora FMS manual.

2.6 Component Management

The following actions can be performed in this section:

  • Tag Management
  • Module group management
  • OS Management

Gestionar componentes.png

2.6.1 Manage tags

In this section we will be able to delete, modify, and create new tags.

2.6.1.1 Creating Tags

To create a new tag we click on the button “create tag” and then we will get the following form to fill in:

Gestionar tagscrear.png

2.6.1.2 Modify/Delete tags

In the list of tags we have options to:

  • Edit the tag
  • Delete the tag from the Metaconsole

Dac2.1.png

2.6.2 Module Groups Management

In this section we can delete and create new groups of modules.

Gestionar gruposmodulos.png

2.6.2.1 Group Creation

To be able to create a new module group we will click on the button “Create module group”:

Gestionar gruposmoduloscrear.png

2.6.2.2 Deletin a Module Group

Gestionar borrarcompogrupo.png

2.6.3 OS Management

In this section we can delete and create new OS.

Gestionar OS.png

Gestionar OS2.png

2.6.3.1 OS Creation

To create a new OS we click on the button “create OS” and a form will appear for us to fill in:

Gestionar OScrear.png

2.6.3.2 OS Deletion

Gestionar borrarcompogrupo.png

2.7 Policy Management

From this section we can create, modify, and delete policies.

Meta menu.png

For example, we have 7 instances in which 2 of them are going to be monitored in the same way, with the same name of agents and modules. We would create a policy that creates the modules in the agents automatically, which we will later synchronize with the different instances without having to create it one by one.

2.7.1 Policy Creation

New policies can be created by clicking on the "Create" button, where the following form is displayed:

Meta crear.png

For a better understanding of how to configure policies, please refer to the section Policy Management.

2.7.2 Modify/Delete policies

In the list of policies we have options to modify a policy and delete it. If a policy has agents, the "Delete" button will be disabled and a button to delete all its agents will appear next to it. This button will introduce the agent deletion into the queue, and as soon as it is processed, the policy deletion button will be active again.

Meta borrar.png

2.8 Category Management

In this section we can modify, delete and create new categories.

Gestionar categorias.png

2.8.1 Creating Categories

To create a new category click on the button “create category”:

Gestionar categoriascrear.png

2.8.2 Modify/Delete policies

In the list of categories we have options to:

  • Edit the category
  • Delete the category from the Metaconsole

Dac2.1.png

2.9 Server Management

In this section we will be able to delete the servers installed in the Metaconsole. In order to be able to use all the features, the Auto-provisioning and Migration servers should be activated.

Gestionar server.png

Back to Index of Documentation of Pandora FMS