Tuesday, September 13, 2011

Xymon - monitoring from the cloud

I this post I'm going to deploy Xymon in amazon cloud ( AWS ) for off-site monitoring.

Running “external” monitor in the cloud is efficient alternative for third-party services ( search for "External Website Monitoring" ). Easy installation, small footprint (no database) and flexibility of xymon makes it very attractive instrument for such project.

Bellow is just a some notes for a minimal setup:

Logon to AWS and launch the smallest instance ( t1.micro ) using Basic 32-bit Amazon Linux AMI. Make sure that SSH, HTTP ( or/and HTTPs ) connections are permitted in the security group.

ssh -i YourKey.pem ec2-user@ec2-XX.compute-1.amazonaws.com [ec2-user@mon ~]$ sudo -i [root@mon ~]# yum -y update … ( reboot if needed ) ... [root@mon ~]# useradd -m xymon

Now let’s add all  packages we need for the build

[root@mon ~]# yum -y install subversion fping gcc gcc-c++ openssl-devel make \
binutils rrdtool rrdtool-devel pcre-devel httpd cyrus-sasl-devel \
ncurses-devel

Get source code from repository ( or download archive from xymon.com ).

[root@mon ~]# mkdir src [root@mon ~]# cd src [root@mon ~]# svn co https://xymon.svn.sourceforge.net/svnroot/xymon/branches/4.3.5 [root@mon ~]# cd 4.3.5 [root@mon ~]# ./configure ... I found fping in /usr/sbin/fping Do you want to use it [Y/n] ? Y … Do you want to be able to test SSL-enabled services (y) ? Y … What group-ID does your webserver use [nobody] ? apache … [root@mon ~]# make && make install

OK, application is installed and can be started, but currently it will be checking localhost only and reporting to log files.

Let's prepare front-end - Apache web server.

Create a web user and restrict access to /xymon/

[root@mon ~]# htpasswd -c /etc/httpd/xymonpasswd admin [root@mon ~]# cp ~xymon/server/etc/xymon-apache.conf /etc/httpd/conf.d/xymon-apache.conf [root@mon ~]# sed -i 's/\/home\/xymon\/server\/etc\/xymonpasswd/\/etc\/httpd\/xymonpasswd/g' /etc/httpd/conf.d/xymon-apache.conf [root@mon ~]# sed -i 's/AuthGroupFile/#AuthGroupFile/g' /etc/httpd/conf.d/xymon-apache.conf

Review /etc/httpd/conf.d/xymon-apache.conf ( and httpd.conf ) files,  and start/restart apache service;
sudo to xymon and add monitoring targets to  ~/server/etc/hosts.cfg ( read manpage )

 as an example we cat test some Google sites, in future connection to google.com could be used as a "always up" service. Adding dependency allows avoid noise form  hiccups on AWS network.


group-compress Web services 0.0.0.0 www.google.com # http://www.google.com 0.0.0.0 encrypted.google.com # https://encrypted.google.com/ group-compress DNS 8.8.8.8 google-public-dns-a.google.com # dns=A:www.google.com,MX:google.com group-compress Local 127.0.0.1 localhost # bbd http://localhost/

More sophisticated examples are available on http://xymon.com

Now start xymon server ( as user xymon )
 ~/server/xymon.sh start and  check your  page  http://ec2-XX.compute-1.amazonaws.com/xymon/




Now - tricky part.
Web interface is nice, trends, etc  …, but what about alert notifications ?
It's easy to add a record in ~xymon/server/etc/alerts.cfg, but most likely e-mails from AWS host will be delivered to a spam folder …
One solution - use amazon email service,
another - use any public e-mail provider who support smtp authorization.
For example:
 - create new mail account on mail.google.com
 - compile mutt on your virtual server ( the one from aws yum repositories won’t work ... )
    --  get recent source from http://www.mutt.org/download.html 
./configure --enable-imap --enable-smtp --with-sasl --with-ssl &&; make &&; make install

create .muttrc in ~xymon with following contents:

# SENDING MAIL set copy=yes set smtp_url="smtp://NEW.EMAIL@smtp.gmail.com:587/" set smtp_pass="EMAIL.PASS" set from="NEW.EMAIL@gmail.com" set realname="Xymon in the Cloud" # RECEIVING MAIL set imap_user = "NEW.EMAIL@gmail.com" set imap_pass = "EMAIL.PASS" set folder = "imaps://imap.gmail.com:993" set spoolfile="imaps://imap.gmail.com/INBOX" set postponed="imaps://imap.gmail.com/Drafts" set record="imaps://imap.gmail.com/Sent" set message_cachedir=~/.mutt/cache/bodies set certificate_file=~/.mutt/certificates set move = no

Verify that it really works:

date | mutt -s test you_real_address@provider.com
And create a script for alert notifications like:

[xymon@mon ~]# cat ~xymon/bin/m.sh #!/bin/bash if [ ${RECOVERED} = 1 ] then export BBCOLORLEVEL="RECOVERED" export BBCOLOR="green" else export BBCOLOR=$BBCOLORLEVEL fi S=$BBHOSTSVC:$BBCOLOR echo $BBALPHAMSG | mutt -s $S $RCPT
Finally, add alert rules ( ~xymon/server/etc/alerts.cfg )

HOST=* COLOR=red SCRIPT /home/xymon/bin/m.sh you_real_address@provider.com FORMAT=TEXT REPEAT=3h RECOVERED
DONE


 Long story, many steps, but in reality should take less then an hour to have basic monitoring running.
Operational cost of this setup will be definitely  lower then comparable services from “remote site monitoring” providers.

     PS. Before real usage, don't forget  switch to HTTPs, review all config files ...
            Subscribe to the Xymon mailing list ( http://xymon.com/xymon/help/known-issues.html ) for friendly support,  ask for help and give help to others.

1 comment:

Anonymous said...

Great post!!
We have been using nagios for monitoring our instances in cloud but now definitely I'll give a try to xymon.