AWS VPN
Pack Assets​
Templates​
The Centreon Monitoring Connector AWS VPN brings a host template:
- Cloud-Aws-Vpn-custom
It brings the following service templates:
| Service Alias | Service Template | Service Description | Default |
|---|---|---|---|
| Vpn-Traffic | Cloud-Aws-Vpn-Traffic-Api | Check the state and traffic of an AWS VPN link | X |
| Vpn-Traffic-Global | Cloud-Aws-Vpn-Traffic-Global-Api | Check the state and traffic of an AWS VPN link |
Discovery Rules​
The pack provides a discovery rule to automatically discover VPN resources:
More information about the Host Discovery module is available in the Centreon documentation: Host Discovery
Collected Metrics & status​
- Vpn-Traffic-*
| Metric name | Description | Unit |
|---|---|---|
| instance#vpn.tunnel.tunnelstate | The state of the tunnel. For static VPNs, 0 indicates DOWN and 1 indicates UP. For BGP VPNs, 1 indicates ESTABLISHED and 0 is used for all other states | |
| instance#vpn.tunnel.datain.bytes | The bytes received through the VPN tunnel | B |
| instance#vpn.tunnel.datain.bytes | The bytes sent through the VPN tunnel | B |
All these metrics can be calculated on a per-second time reference rather than displaying the absolute value. To do so,
simply add the setting --per-sec to the command and/or the Service Macros
Prerequisites​
AWS Privileges​
Whether using a service account or a dedicated monitoring account to monitor Cloudwatch metrics, the following rights have to be granted to the IAM role (accesskey/secretkey):
| AWS Privilege | Description |
|---|---|
| ec2:DescribeVpnConnections | Describes one or more of your VPN connections |
| cloudwatch:listMetrics | List all metrics from Cloudwatch AWS/VPN namespace |
| cloudwatch:getMetricStatistics | Get metrics values from Cloudwatch AWS/VPN namespace |
Plugin dependencies​
To interact with Amazon APIs, you can use either use the awscli binary provided by Amazon or paws, a Perl AWS SDK (recommended). You must install it on every poller expected to monitor AWS resources.
For now, it is not possible to use paws if you are using a proxy to reach AWS Cloudwatch APIs.
- perl-Paws-installation
- aws-cli-installation
yum install perl-Paws
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
Setup​
- Online License
- Offline License
- Install the package on every Centreon poller expected to monitor AWS VPN resources:
yum install centreon-plugin-Cloud-Aws-Vpn-Api
- On the Centreon web interface, on page Configuration > Monitoring Connector Manager, install the AWS VPN Centreon Monitoring Connector.
- Install the package on every Centreon poller expected to monitor AWS VPN resources:
yum install centreon-plugin-Cloud-Aws-Vpn-Api
- Install the AWS VPN Centreon Monitoring Connector RPM on the Centreon central server:
yum install centreon-pack-cloud-aws-vpn
- On the Centreon web interface, on page Configuration > Monitoring Connector Manager, install the AWS VPN Centreon Monitoring Connector.
Configuration​
Host​
- Log into Centreon and add a new host through Configuration > Hosts.
- Fill the Name, Alias & IP Address/DNS fields according to your AWS VPN server settings.
- Apply the Cloud-Aws-Vpn-custom template to the host.
- Once the template is applied, fill in the corresponding macros. Some macros are mandatory.
| Mandatory | Nom | Description |
|---|---|---|
| X | AWSSECRETKEY | AWS Secret key of your IAM role. Password checkbox must be checked |
| X | AWSACESSKEY | AWS Access key of your IAM role. Password checkbox must be checked |
| X | AWSREGION | Region where the instance is running |
| X | AWSCUSTOMMODE | Custom mode to get metrics, 'awscli' is the default, you can also use 'paws' perl library |
| PROXYURL | Configure proxy URL | |
| EXTRAOPTIONS | Any extra option you may want to add to every command_line (eg. a --verbose flag) | |
| DUMMYSTATUS | Host state. Default is OK, do not modify it unless you know what you are doing | |
| DUMMYOUTPUT | Host check output. Default is 'This is a dummy check'. Customize it with your own if needed |
FAQ​
How to check in the CLI that the configuration is OK and what are the main options for ?​
Once the Plugin installed, log into your Centreon Poller CLI using the centreon-engine user account and test the Plugin by
running the following command (Some of the parameters such as --proxyurl have to be adjusted):
/usr/lib/centreon/plugins//centreon_aws_vpn_api.pl \
--plugin=cloud::aws::vpn::plugin \
--mode=traffic \
--custommode='awscli' \
--aws-secret-key='*******************' \
--aws-access-key='**********' \
--region='eu-west-1' \
--name='vpn-123abc456def789gh' \
--proxyurl='http://myproxy.mycompany.org:8080'
--filter-metric='' \
--statistic='average' \
--timeframe='600' \
--period='60' \
--warning-tunnel-state='1:' \
--critical-tunnel-state='0.5:'
--verbose
Expected command output is shown below:
OK: 'vpn-123abc456def789gh' Statistic 'Average' Metrics Tunnel Data Out: 328.69 KB, Tunnel State: 1.00, Tunnel Data In: 715.10 KB | 'vpn-123abc456def789gh~average#vpn.tunnel.dataout.bytes'=336576.82B;;;;
'vpn-123abc456def789gh~average#vpn.tunnel.tunnelstate'=1.00;1:;0.5:;; 'vpn-123abc456def789gh~average#vpn.tunnel.datain.bytes'=732257.42B;;;;
All the available thresholds parameters can be displayed by adding the --help parameter to the command:
/usr/lib/centreon/plugins/centreon_aws_vpn_api.pl \
--plugin=cloud::aws::vpn::plugin \
--mode=traffic \
--help
All available modes can be displayed by adding the
--list-mode parameter to the command:
/usr/lib/centreon/plugins//centreon_aws_vpn_api.pl \
--plugin=cloud::aws::vpn::plugin \
--list-mode
Troubleshooting​
Please find the troubleshooting documentation for Centreon Plugins typical issues.