Skip to main content

Centreon-HA

Connector dependencies​

The following monitoring connectors will be installed when you install the Centreon-HA connector through the Configuration > Connectors > Monitoring Connectors menu:

Pack assets​

Templates​

The Monitoring Connector Centreon-HA brings a host template:

  • App-Monitoring-Centreon-HA-Cluster-Node-custom

The connector brings the following service templates (sorted by the host template they are attached to):

Service AliasService TemplateService Description
PCS-Constraint-cbd_rrdApp-Monitoring-Centreon-HA-PCS-Constraint-cbd_rrd-customEnsures cbd_rrd adheres to Pacemaker cluster constraints via SSH
PCS-Constraint-centreonApp-Monitoring-Centreon-HA-PCS-Constraint-centreon-customMonitoring specific constraints applied to the centreon resource in a Pacemaker cluster via SSH
PCS-Constraint-ms_mysql-masterApp-Monitoring-Centreon-HA-PCS-Constraint-ms_mysql-master-customMonitoring specific constraints applied to the ms_mysql-master resource in a Pacemaker cluster via SSH
PCS-Constraint-php7App-Monitoring-Centreon-HA-PCS-Constraint-php7-customMonitoring specific constraints applied to the php7 resource in a Pacemaker cluster via SSH
PCS-StatusApp-Monitoring-Centreon-HA-PCS-Status-customMonitoring the Pacemaker cluster status using the pcs status command via SSH
proc-corosyncApp-Monitoring-Centreon-HA-Process-corosync-customMonitoring the corosync service to ensure high availability for clusters via SNMP
proc-pacemakerdApp-Monitoring-Centreon-HA-Process-pacemakerd-customMonitoring the pacemakerd service to ensure high availability for Pacemaker clusters via SNMP
proc-pcsdApp-Monitoring-Centreon-HA-Process-pcsd-customCheck the Pacemaker Configuration and Synchronization Daemon service on a Linux server via SNMP

The services listed above are created automatically when the App-Monitoring-Centreon-HA-Cluster-Node-custom host template is used.

Collected metrics & status​

Here is the list of services for this connector, detailing all metrics and statuses linked to each service.

NameUnit
statusN/A

Prerequisites​

Device Configuration​

The configuration of SNMP on a Linux server is detailed in the Linux SNMP Monitoring Connector's documentation page.

Network flows​

The Centreon Poller must be able to reach the UDP/161 (SNMP) and TCP/22 (SSH) ports of the central nodes.

SSH keys exchange​

NB: It is strongly recommended to monitor the cluster from an external poller rather than from the cluster's active node.

Open a root command-line session on:

  • the poller that will monitor the cluster
  • both of the cluster nodes.

Then switch to centreon-engine's bash environment on both nodes:

su - centreon-engine

Then run these commands on both nodes:

ssh-keygen -t ed25519 -a 100

We have generated a pair of keys on each server, and the ~/.ssh directory.

Run this command on the poller to display the user's public key:

cat ~/.ssh/id_ed25519.pub

Once done, copy the content of the public key file displayed by cat and paste it to ~/.ssh/authorized_keys (must be created) on both of the cluster's nodes and apply the correct file permissions (still as the centreon-engine user):

chmod 600 ~/.ssh/authorized_keys

The key exchange must be validated by an initial connection from each node to the other in order to accept and register the peer node's SSH fingerprint (still as centreon-engine user):

ssh <cluster-node-ip-address>

Then exit the centreon-engine session typing exit or Ctrl-D.

The centreon-engine user is now able to log in via SSH to both central nodes.

Now add the centreon-engine user to the haclient group to allow it to run the cluster management commands.

usermod -a -G haclient centreon-engine

Installing the monitoring connector​

Pack​

  1. If the platform uses an online license, you can skip the package installation instruction below as it is not required to have the connector displayed within the Configuration > Connectors > Monitoring Connectors menu. If the platform uses an offline license, install the package on the central server with the command corresponding to the operating system's package manager:
dnf install centreon-pack-applications-monitoring-centreon-ha centreon-pack-applications-pacemaker-ssh centreon-pack-operatingsystems-linux-snmp
  1. Whatever the license type (online or offline), install the Centreon-HA connector through the Configuration > Connectors > Monitoring Connectors menu.

Plugin​

Since Centreon 22.04, you can benefit from the 'Automatic plugin installation' feature. When this feature is enabled, you can skip the installation part below.

You still have to manually install the plugin on the poller(s) when:

  • Automatic plugin installation is turned off
  • You want to run a discovery job from a poller that doesn't monitor any resource of this kind yet

More information in the Installing the plugin section.

Use the commands below according to your operating system's package manager:

dnf install centreon-pack-applications-pacemaker-ssh centreon-pack-operatingsystems-linux-snmp

Using the monitoring connector​

Using a host template provided by the connector​

  1. Log into Centreon and add a new host through Configuration > Hosts.
  2. Fill in the Name, Alias & IP Address/DNS fields according to your resource's settings.
  3. Apply the App-Monitoring-Centreon-HA-Cluster-Node-custom template to the host. A list of macros appears. Macros allow you to define how the connector will connect to the resource, and to customize the connector's behavior.
  4. Fill in the macros you want. Some macros are mandatory.
MacroDescriptionDefault valueMandatory
SSHUSERNAMEDefine the user name to log in to the host
SSHPASSWORDDefine the password associated with the user name. Cannot be used with the sshcli backend. Warning: using a password is not recommended. Use --ssh-priv-key instead
SSHPORTDefine the TCP port on which SSH is listening
SSHBACKENDDefine the backend you want to use. It can be: sshcli (default), plink and libssh
SSHPRIVKEYDefine the path to the private key file for user authentication.
SSHEXTRAOPTIONSAny extra option you may want to add to every command (a --verbose flag for example). All options are listed here.
  1. Deploy the configuration. The host appears in the list of hosts, and on the Resources Status page. The command that is sent by the connector is displayed in the details panel of the host: it shows the values of the macros.

Using a service template provided by the connector​

  1. If you have used a host template and checked Create Services linked to the Template too, the services linked to the template have been created automatically, using the corresponding service templates. Otherwise, create manually the services you want and apply a service template to them.
  2. Fill in the macros you want (e.g. to change the thresholds for the alerts). Some macros are mandatory (see the table below).
MacroDescriptionDefault valueMandatory
RESOURCENAMESet the resource name you want to checkcbd_rrd
EXTRAOPTIONSAny extra option you may want to add to the command (a --verbose flag for example). All options are listed here.
  1. Deploy the configuration. The service appears in the list of services, and on the Resources Status page. The command that is sent by the connector is displayed in the details panel of the service: it shows the values of the macros.

How to check in the CLI that the configuration is OK and what are the main options for?​

Once the plugin is installed, log into your Centreon poller's CLI using the centreon-engine user account (su - centreon-engine). Test that the connector is able to monitor a resource using a command like this one (replace the sample values by yours):

/usr/lib/centreon/plugins/centreon_pacemaker_ssh.pl \
--plugin=apps::pacemaker::local::plugin \
--mode=crm \
--hostname='10.0.0.1' \
--ssh-backend='' \
--ssh-username='' \
--ssh-password='' \
--ssh-port='' \
--ssh-priv-key='' \
--filter-resource-name='' \
--warning-nodes-online='' \
--critical-nodes-online='' \
--warning-nodes-offline='' \
--critical-nodes-offline='' \
--warning-nodes-standby='' \
--critical-nodes-standby='' \
--warning-clone-resource-status='' \
--critical-clone-resource-status='' \
--warning-clone-resource-actions-failed='' \
--critical-clone-resource-actions-failed='' \
--warning-clone-resource-migration-failed='' \
--critical-clone-resource-migration-failed='' \
--warning-connection-status='' \
--critical-connection-status='' \
--warning-cluster-actions-failed='' \
--critical-cluster-actions-failed='' \
--warning-resource-status='' \
--critical-resource-status='' \
--warning-resource-actions-failed='' \
--critical-resource-actions-failed='' \
--warning-resource-migration-failed='' \
--critical-resource-migration-failed='' \
--warning-quorum-status='' \
--critical-quorum-status='' \
--command='pcs' \
--command-options='status --full' \
--verbose

The expected command output is shown below:

OK: Cluster is OK |
Resource 'php' is started on node 'central-primary'
Resource 'php' is started on node 'central-secondary'
Resource 'cbd_rrd' is started on node 'central-primary'
Resource 'cbd_rrd' is started on node 'central-secondary'
Resource 'vip' is started on node 'central-secondary'
Resource 'http' is started on node 'central-secondary'
Resource 'gorgone' is started on node 'central-secondary'
Resource 'centreon_central_sync' is started on node 'central-secondary'
Resource 'cbd_central_broker' is started on node 'central-secondary'
Resource 'centengine' is started on node 'central-secondary'
Resource 'centreontrapd' is started on node 'central-secondary'
Resource 'snmptrapd' is started on node 'central-secondary'

Troubleshooting​

Please find the troubleshooting documentation for Centreon Plugins typical issues.

The authenticity of host 'x.x.x.x (x.x.x.x)' can't be established​

Warning: all the SSH and monitoring commands must be executed as centreon-engine on the poller.

The full message looks like:

The authenticity of host 'x.x.x.x (x.x.x.x)' can't be established.
ECDSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
ECDSA key fingerprint is MD5:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)? UNKNOWN: Command too long to execute (timeout)...

If you are getting this error message, this means that you have not yet accepted the server's fingerprint.

To fix that issue, run:

ssh x.x.x.x

Then type 'yes' (without quotes) at this prompt:

The authenticity of host 'x.x.x.x (x.x.x.x)' can't be established.
ECDSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
ECDSA key fingerprint is MD5:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)?

UNKNOWN: Command error: Permission denied, please try again​

The full message looks like:

UNKNOWN: Command error: Permission denied, please try again. - Permission denied, please try again. - Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

If the Plugin returns this message, it means that centreon-engine's public key has not correctly been added to the list of authorized keys on the server that we are trying to monitor.

First we have to make sure that this key (stored in /var/lib/centreon-engine/.ssh/id_ed25519.pub) is present in the file /var/lib/centreon-engine/.ssh/authorized_keys.

If the check point above is valid, then make sure that the authorized_keys file and .ssh directory permissions are correct. You can check the permissions with this command:

ls -al /var/lib/centreon-engine/.ssh

The permissions (first part of the line) should be the same as:

total 20
drwx------ 2 centreon-engine centreon-engine 4096 Sep 4 14:44 .
drwxr-xr-x. 5 centreon-engine centreon-engine 4096 Sep 4 14:44 ..
-rw------- 1 centreon-engine centreon-engine 0 Sep 4 14:44 authorized_keys

To fix any read/write/execute permission difference, just run:

chmod 700 /var/lib/centreon-engine/.ssh
chmod 600 /var/lib/centreon-engine/.ssh/authorized_keys

Available modes​

In most cases, a mode corresponds to a service template. The mode appears in the execution command for the connector. In the Centreon interface, you don't need to specify a mode explicitly: its use is implied when you apply a service template. However, you will need to specify the correct mode for the template if you want to test the execution command for the connector in your terminal.

All available modes can be displayed by adding the --list-mode parameter to the command:

/usr/lib/centreon/plugins/centreon_pacemaker_ssh.pl \
--plugin=apps::pacemaker::local::plugin \
--list-mode

The plugin brings the following modes:

ModeLinked service template
arp [code]Not used in this Monitoring Connector
clustat [code]Not used in this Monitoring Connector
constraints [code]App-Monitoring-Centreon-HA-PCS-Constraint-cbd_rrd-custom
App-Monitoring-Centreon-HA-PCS-Constraint-centreon-custom
App-Monitoring-Centreon-HA-PCS-Constraint-ms_mysql-master-custom
App-Monitoring-Centreon-HA-PCS-Constraint-php7-custom
cpu [code]Not used in this Monitoring Connector
cpu-detailed [code]Not used in this Monitoring Connector
crm [code]App-Monitoring-Centreon-HA-PCS-Status-custom
disk-usage [code]Not used in this Monitoring Connector
diskio [code]Not used in this Monitoring Connector
inodes [code]Not used in this Monitoring Connector
interfaces [code]Not used in this Monitoring Connector
list-diskio [code]Not used in this Monitoring Connector
list-diskspath [code]Not used in this Monitoring Connector
list-interfaces [code]Not used in this Monitoring Connector
list-processes [code]Not used in this Monitoring Connector
list-storages [code]Not used in this Monitoring Connector
load [code]Not used in this Monitoring Connector
memory [code]Not used in this Monitoring Connector
processcount [code]App-Monitoring-Centreon-HA-Process-corosync-custom
App-Monitoring-Centreon-HA-Process-corosync-qnetd-custom
App-Monitoring-Centreon-HA-Process-pacemakerd-custom
App-Monitoring-Centreon-HA-Process-pcsd-custom
storage [code]Not used in this Monitoring Connector
swap [code]Not used in this Monitoring Connector
tcpcon [code]Not used in this Monitoring Connector
time [code]Not used in this Monitoring Connector
udpcon [code]Not used in this Monitoring Connector
uptime [code]Not used in this Monitoring Connector

Available options​

Generic options​

All generic options are listed here:

OptionDescription
--modeDefine the mode in which you want the plugin to be executed (see--list-mode).
--dyn-modeSpecify a mode with the module's path (advanced).
--list-modeList all available modes.
--mode-versionCheck minimal version of mode. If not, unknown error.
--versionReturn the version of the plugin.
--pass-managerDefine the password manager you want to use. Supported managers are: environment, file, keepass, hashicorpvault and teampass.
--verboseDisplay extended status information (long output).
--debugDisplay debug messages.
--filter-perfdataFilter perfdata that match the regexp. Example: adding --filter-perfdata='avg' will remove all metrics that do not contain 'avg' from performance data.
--filter-perfdata-advFilter perfdata based on a "if" condition using the following variables: label, value, unit, warning, critical, min, max. Variables must be written either %{variable} or %(variable). Example: adding --filter-perfdata-adv='not (%(value) == 0 and %(max) eq "")' will remove all metrics whose value equals 0 and that don't have a maximum value.
--explode-perfdata-maxCreate a new metric for each metric that comes with a maximum limit. The new metric will be named identically with a '_max' suffix). Example: it will split 'used_prct'=26.93%;0:80;0:90;0;100 into 'used_prct'=26.93%;0:80;0:90;0;100 'used_prct_max'=100%;;;;
--change-perfdata --extend-perfdataChange or extend perfdata. Syntax: --extend-perfdata=searchlabel,newlabel,target[,[newuom],[min],[m ax]] Common examples: Convert storage free perfdata into used: --change-perfdata='free,used,invert()' Convert storage free perfdata into used: --change-perfdata='used,free,invert()' Scale traffic values automatically: --change-perfdata='traffic,,scale(auto)' Scale traffic values in Mbps: --change-perfdata='traffic_in,,scale(Mbps),mbps' Change traffic values in percent: --change-perfdata='traffic_in,,percent()'
--extend-perfdata-groupAdd new aggregated metrics (min, max, average or sum) for groups of metrics defined by a regex match on the metrics' names. Syntax: --extend-perfdata-group=regex,namesofnewmetrics,calculation[,[ne wuom],[min],[max]] regex: regular expression namesofnewmetrics: how the new metrics' names are composed (can use $1, $2... for groups defined by () in regex). calculation: how the values of the new metrics should be calculated newuom (optional): unit of measure for the new metrics min (optional): lowest value the metrics can reach max (optional): highest value the metrics can reach Common examples: Sum wrong packets from all interfaces (with interface need --units-errors=absolute): --extend-perfdata-group=',packets_wrong,sum(packets_(discard |error)_(in|out))' Sum traffic by interface: --extend-perfdata-group='traffic_in_(.*),traffic_$1,sum(traf fic_(in|out)_$1)'
--change-short-output --change-long-outputModify the short/long output that is returned by the plugin. Syntax: --change-short-output=patternreplacementmodifier Most commonly used modifiers are i (case insensitive) and g (replace all occurrences). Example: adding --change-short-output='OKUpgi' will replace all occurrences of 'OK', 'ok', 'Ok' or 'oK' with 'Up'
--change-exitReplace an exit code with one of your choice. Example: adding --change-exit=unknown=critical will result in a CRITICAL state instead of an UNKNOWN state.
--range-perfdataRewrite the ranges displayed in the perfdata. Accepted values: 0: nothing is changed. 1: if the lower value of the range is equal to 0, it is removed. 2: remove the thresholds from the perfdata.
--filter-uomMask the units when they don't match the given regular expression.
--opt-exitReplace the exit code in case of an execution error (i.e. wrong option provided, SSH connection refused, timeout, etc). Default: unknown.
--output-ignore-perfdataRemove all the metrics from the service. The service will still have a status and an output.
--output-ignore-labelRemove the status label ("OK:", "WARNING:", "UNKNOWN:", CRITICAL:") from the beginning of the output. Example: 'OK: Ram Total:...' will become 'Ram Total:...'
--output-xmlReturn the output in XML format (to send to an XML API).
--output-jsonReturn the output in JSON format (to send to a JSON API).
--output-openmetricsReturn the output in OpenMetrics format (to send to a tool expecting this format).
--output-fileWrite output in file (can be combined with json, xml and openmetrics options). E.g.: --output-file=/tmp/output.txt will write the output in /tmp/output.txt.
--disco-formatApplies only to modes beginning with 'list-'. Returns the list of available macros to configure a service discovery rule (formatted in XML).
--disco-showApplies only to modes beginning with 'list-'. Returns the list of discovered objects (formatted in XML) for service discovery.
--float-precisionDefine the float precision for thresholds (default: 8).
--source-encodingDefine the character encoding of the response sent by the monitored resource Default: 'UTF-8'.
--hostnameHostname to query in ssh.

Modes options​

All available options for each service template are listed below:

OptionDescription
--custommodeWhen a plugin offers several ways (CLI, library, etc.) to get information the desired one must be defined with this option.
--list-custommodeList all available custom modes.
--multipleMultiple custom mode objects. This may be required by some specific modes (advanced).
--timeoutTimeout in seconds for the command (default: 45). Default value can be override by the mode.
--commandCommand to get information. Used it you have output in a file.
--command-pathCommand path.
--command-optionsCommand options.
--sudosudo command.
--ssh-backendDefine the backend you want to use. It can be: sshcli (default), plink and libssh.
--ssh-usernameDefine the user name to log in to the host.
--ssh-passwordDefine the password associated with the user name. Cannot be used with the sshcli backend. Warning: using a password is not recommended. Use --ssh-priv-key instead.
--ssh-portDefine the TCP port on which SSH is listening.
--ssh-priv-keyDefine the private key file to use for user authentication.
--sshcli-commandssh command (default: 'ssh').
--sshcli-pathssh command path (default: none)
--sshcli-optionSpecify ssh cli options (example: --sshcli-option='-o=StrictHostKeyChecking=no').
--plink-commandplink command (default: 'plink').
--plink-pathplink command path (default: none)
--plink-optionSpecify plink options (example: --plink-option='-T').
--libssh-strict-connectConnection won't be OK even if there is a problem (server known changed or server found other) with the ssh server.
--resourceSet the resource name you want to check
--warningReturn a warning instead of a critical

All available options for a given mode can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins/centreon_pacemaker_ssh.pl \
--plugin=apps::pacemaker::local::plugin \
--mode=crm \
--help