Zenoss Community Edition (Core) Configurtion Guide Relese 6.2.0 Zenoss, Inc. www.zenoss.com
Zenoss Community Edition (Core) Configurtion Guide Copyright 2018 Zenoss, Inc. All rights reserved. Zenoss, Own IT, nd the Zenoss logo re trdemrks or registered trdemrks of Zenoss, Inc., in the United Sttes nd other countries. All other trdemrks, logos, nd service mrks re the property of Zenoss or other third prties. Use of these mrks is prohiited without the express written consent of Zenoss, Inc., or the third-prty owner. Amzon We Services, AWS, nd EC2 re trdemrks of Amzon.com, Inc. or its ffilites in the United Sttes nd/or other countries. Flsh is registered trdemrk of Adoe Systems Incorported. Orcle, the Orcle logo, Jv, nd MySQL re registered trdemrks of the Orcle Corportion nd/or its ffilites. Linux is registered trdemrk of Linus Torvlds. RitMQ is trdemrk of Pivotl Softwre, Inc. SNMP Informnt is trdemrk of Grth K. Willims (Informnt Systems, Inc.). Syse is registered trdemrk of Syse, Inc. Tomct is trdemrk of the Apche Softwre Foundtion. VMwre is registered trdemrk or trdemrk of VMwre, Inc. in the United Sttes nd/or other jurisdictions. Windows is registered trdemrk of Microsoft Corportion in the United Sttes nd other countries. All other compnies nd products mentioned re trdemrks nd property of their respective owners. Prt Numer: 1641.18.162.37 Zenoss, Inc. 11305 Four Points Drive Bldg 1 - Suite 300 Austin, Texs 78726 2
Contents Aout this guide...4 Chpter 1: Enling ccess to rowser interfces...5 Creting nd chnging pulic endpoints...5 Configuring nme resolution for virtul hosts... 12 Chpter 2: Configuring Zenoss Core...14 Strting Zenoss Core... 14 Defult server psswords...15 Deleting the RitMQ guest user ccount... 18 MriDB dtse utilities... 18 Optionl: Assigning virtul IP ddress to resource pool... 20 Optionl: Replcing the defult digitl certificte... 20 Optionl: Customiztion mngement... 21 Optionl: Configuring OpenTSDB compction...22 Chpter 3: Prepring for monitoring... 24 Extending monitoring with ZenPcks... 24 Prepring network devices...25 Prepring storge devices... 26 Prepring server devices...28 Prepring hypervisor devices...29 Vlidting configurtion using Inspector tool...30 Optionl: Enling monitoring on IPv6 networks... 30 Chpter 4: Modeling devices...32 Configuring Windows devices to provide dt through SNMP... 32 Configuring Linux devices to provide dt through SNMP... 33 Modeling devices using SSH/COMMAND... 33 Using device clss to monitor devices using SSH...34 Using the /Server/Scn device clss to monitor with port scn...34 Modeling devices using port scn...34 Aout modeler plugins... 35 Deugging the modeling process... 36 Next steps...36 Appendix A: Externl HBse configurtion...38 Configuring OpenTSDB for n externl HBse cluster... 38 Configuring the OpenTSDB service strtup commnd... 39 Disling the Zenoss Core HBse cluster...39 3
Zenoss Community Edition (Core) Configurtion Guide Aout this guide Zenoss Community Edition (Core) Configurtion Guide descries how to set up Zenoss Community Edition (Core) (Zenoss Core) nd to prepre your environment for monitoring. Use this guide fter completing ll of the steps required for your deployment in Zenoss Community Edition (Core) Instlltion Guide. Relted Zenoss Core pulictions Title Zenoss Community Edition (Core) Administrtion Guide Zenoss Community Edition (Core) Configurtion Guide Zenoss Community Edition (Core) Instlltion Guide Zenoss Community Edition (Core) Plnning Guide Zenoss Community Edition (Core) Relese Notes Zenoss Community Edition (Core) Upgrde Guide Description Provides n overview of Zenoss Core rchitecture nd fetures, s well s procedures nd exmples to help use the system. Provides required nd optionl configurtion procedures for Zenoss Core, to prepre your deployment for monitoring in your environment. Provides detiled informtion nd procedures for creting deployments of Control Center nd Zenoss Core. Provides oth generl nd specific informtion for prepring to deploy Zenoss Core. Descries known issues, fixed issues, nd ltereking informtion not lredy provided in the pulished documenttion set. Provides detiled informtion nd procedures for upgrding deployments of Zenoss Core. Additionl informtion nd comments Zenoss welcomes your comments nd suggestions regrding our documenttion. To shre your comments, plese send n emil to docs@zenoss.com. In the emil, include the document title nd prt numer. The prt numer ppers t the end of the list of trdemrks, t the front of this guide. 4
Enling ccess to rowser interfces Enling ccess to rowser interfces 1 Control Center nd Zenoss Core hve independent rowser interfces tht re served y independent we servers. Both we servers re configured to use SSL/TLS communictions. The Control Center we server listens t the hostnme of the Control Center mster host nd port 443. For Control Center mster host with the fully qulified domin nme (FQDN) cc-mster.exmple.com, the hostnme URL is https://cc-mster. You cn sustitute n IP ddress for the hostnme portion of the URL. The Zenoss Core we server cn listen t port pulic endpoints nd virtul host pulic endpoints. A port pulic endpoint is comintion of the IP ddress or hostnme of the Control Center mster host nd port numer. The defult configurtion of Zenoss Core does not include ny port pulic endpoints. If the Control Center mster host hs more thn one interfce, you cn configure port pulic endpoints with different hostnmes. Also, you cn disle TLS communictions for port pulic endpoint. To use port pulic endpoint to gin ccess to the Zenoss Core rowser interfce, no dditionl network nme resolution entries re required. The defult entries for the network interfces of the Control Center mster host re sufficient. The defult virtul host pulic endpoint is the text zenoss5 prefixed to the hostnme of the Control Center mster host nd port 443. For the FQDN cc-mster.exmple.com, the URL of the defult virtul host pulic endpoint is https://zenoss5.cc-mster:443. You cn chnge the nme of the defult virtul host nd configure dditionl virtul host pulic endpoints. To use virtul host pulic endpoint to gin ccess to the Zenoss Core rowser interfce, you must dd nme resolution entries for the virtul host to the DNS servers in your environment or to the hosts files of individul client systems. The following sections provide dditionl informtion out pulic endpoints, nd instructions for creting pulic endpoints nd configuring virtul hostnme resolution. Creting nd chnging pulic endpoints This section provides instructions for creting nd chnging port pulic endpoints nd virtul host pulic endpoints. 5
Zenoss Community Edition (Core) Configurtion Guide Creting pulic endpoints overview The following tle lists communiction requirements nd outlines the process for creting pulic endpoints. Step-y-step instructions follow this overview. Port pulic endpoint Port pulic endpoints cn communicte with or without SSL/TLS. 1 Crete the endpoint. 2 Configure the Zope service. Virtul host pulic endpoint Virtul host pulic endpoints must use SSL/TLS communictions. 1 Crete the endpoint. 2 Configure the Zope service. 3 Configure virtul hostnme resolution. Chnging pulic endpoints To chnge n existing pulic endpoint, crete new endpoint nd then delete the existing endpoint. Creting port pulic endpoint Use this procedure to crete new port pulic endpoint. Port pulic endpoints cn communicte with or without SSL/TLS. 1 Log in to the Control Center rowser interfce. 2 In the Appliction column of the Applictions tle, click the ppliction nme (Zenoss.core). 3 On the right, ove the Pulic Endpoints tle, click Add Pulic Endpoints. The defult view of the Add Pulic Endpoint dilog ox displys the fields for creting port pulic endpoint. 4 Define new port pulic endpoint. c d In the Type re, click Port. From the Service - Endpoint list, select Zenoss.core - zproxy. In the Host field, enter hostnme or IP ddress tht is ssigned to network interfce on the Control Center mster host. The defult vlue is the hostnme tht ws dded with the Deployment Wizrd when Zenoss Core ws initilly deployed. If the Control Center mster host hs more thn one network interfce, you cn dd the hostnme or IP ddress tht is ssigned to nother interfce. In the Port field, enter sfe, unused port numer tht is greter thn or equl to 1024 nd less thn or equl to 65535. 6
Enling ccess to rowser interfces e f For list of ports tht re considered unsfe, see Unsfe ports on Chrome. For the list of ports tht the Control Center mster host uses, refer to the Zenoss Community Edition (Core) Plnning Guide. In the Protocol field, select HTTPS or HTTP. Optionlly, you cn set up secure proxy server to hndle HTTP requests tht re sent to port pulic endpoint. Click Add. Next step: Configure the Zope service to use the new port pulic endpoint. Choose one of the configurtion options in the following tle. Zope configurtion HTTPS nd the defult secure proxy server HTTP nd no proxy server Note tht when you configure Zope for HTTP protocol nd no proxy server, you cn only gin ccess to the Zenoss Core rowser interfce through port pulic endpoints tht re configured for HTTP. Becuse virtul host pulic endpoints must use HTTPS protocol, ny existing virtul host pulic endpoints stop working. HTTP nd secure proxy server other thn the defult Procedure Configuring Zope for HTTPS nd the defult secure proxy server on pge 7 Configuring Zope for HTTP nd no proxy server on pge 8 Configuring Zope for HTTP nd secure proxy server on pge 9 Configuring Zope for HTTPS nd the defult secure proxy server Before performing this procedure, crete port pulic endpoint or virtul host pulic endpoint to use the HTTPS protocol. Use this procedure to configure the Zope service for SSL/TLS communictions nd the secure proxy server tht is included in Zenoss Core. 1 Log in to the Control Center rowser interfce. 2 In the Appliction column of the Applictions tle, click the ppliction nme (Zenoss.core). 3 In the Services tle, expnd Zenoss > User Interfce, nd then click Zope. The Zope service detils pge ppers. 4 In the Configurtion Files tle, locte pth /opt/zenoss/etc/zope.conf, nd in the Actions column, click Edit. The Edit Configurtion window ppers. 7
Zenoss Community Edition (Core) Configurtion Guide 5 Configure Zope for secure communictions with the proxy server. Locte the cgi-environment directive. The directive is out one-third of the wy down from the top of the file, on or ner line 380. Configure the proxy server for SSL/TLS communictions: <cgi-environment> HTTPS ON </cgi-environment> 6 Configure the Beker dd-on product to use secure communictions. Locte the product-config directive. The directive is t the ottom the file, on or ner line 1122. Set the vlue of the session.secure key to True. 7 Click Sve. Next steps: If you creted port pulic endpoint efore performing this procedure, the endpoint is redy to use. If you creted virtul host pulic endpoint efore performing this procedure, proceed to Configuring nme resolution for virtul hosts on pge 12. Configuring Zope for HTTP nd no proxy server Before performing this procedure, crete port pulic endpoint to use the HTTP protocol. For more informtion, see Creting port pulic endpoint on pge 6. Use this procedure to configure the Zope service for insecure communictions with Zenoss Core rowser interfce clients. Note When you configure Zope for insecure communictions, existing virtul host pulic endpoints stop working. 1 Log in to the Control Center rowser interfce. 2 In the Appliction column of the Applictions tle, click the ppliction nme (Zenoss.core). 3 In the Services tle, expnd Zenoss > User Interfce, nd then click Zope. The Zope service detils pge ppers. 8
Enling ccess to rowser interfces 4 In the Configurtion Files tle, locte pth /opt/zenoss/etc/zope.conf, nd in the Actions column, click Edit. The Edit Configurtion window ppers. 5 Configure Zope for insecure communictions with the proxy server. Locte the cgi-environment directive. The directive is out one-third of the wy down from the top of the file, on or ner line 380. Configure the proxy server for insecure communictions: <cgi-environment> HTTPS OFF </cgi-environment> 6 Configure the Beker dd-on product to use insecure communictions. Locte the product-config directive. The directive is t the ottom the file, on or ner line 1122. Set the vlue of the session.secure key to Flse. 7 Click Sve. Configuring Zope for HTTP nd secure proxy server Before performing this procedure, crete port pulic endpoint to use the HTTP protocol. For more informtion, see Creting port pulic endpoint on pge 6. Use this procedure to configure the Zope service for SSL/TLS communictions nd secure proxy server tht is ville on your network. 1 Log in to the Control Center rowser interfce. 2 In the Appliction column of the Applictions tle, click the ppliction nme (Zenoss.core). 3 In the Services tle, expnd Zenoss > User Interfce nd then click Zope. The Zope service detils pge ppers. 4 In the Configurtion Files tle, locte pth /opt/zenoss/etc/zope.conf, nd in the Actions column, click Edit. The Edit Configurtion window ppers. 9
Zenoss Community Edition (Core) Configurtion Guide 5 Configure Zope for secure communictions with your proxy server. Locte the cgi-environment directive. The directive is out one-third of the wy down from the top of the file, on or ner line 380. Configure the proxy server for SSL/TLS communictions: <cgi-environment> HTTPS ON </cgi-environment> 6 Configure the Beker dd-on product to use secure communictions. Locte the product-config directive. The directive is t the ottom the file, on or ner line 1122. Set the vlue of the session.secure key to True. 7 Click Sve. Creting virtul host pulic endpoint Use this procedure to crete new virtul host pulic endpoint. Virtul host pulic endpoints must use SSL/TLS communictions. 1 Log in to the Control Center rowser interfce. 2 In the Appliction column of the Applictions tle, click the ppliction nme (Zenoss.core). 3 On the right, ove the Pulic Endpoints tle, click Add Pulic Endpoints. 4 Define new virtul host pulic endpoint. In the Type re, click VHost. 10
Enling ccess to rowser interfces c From the Service - Endpoint list, select Zenoss.core - zproxy. In the VHost Hostnme field, enter virtul hostnme. The hostnme must e different from the Control Center hostnme. For exmple, if the Control Center host is https://zenoss.123, then the virtul hostnme cnnot e zenoss-123. The following strings of text re vlid in this field: d A fully qulified domin nme (FQDN). Any string of text tht includes one or more full stop chrcters (.) is treted s n FQDN. A string of text tht contins only letters nd one or more hyphen chrcters (-). The string is prepended to the hostnme of the Control Center mster host, with full stop chrcter (.) seprting the string nd the hostnme. Click Add. Configuring Zope for HTTPS nd the defult secure proxy server Before performing this procedure, crete port pulic endpoint or virtul host pulic endpoint to use the HTTPS protocol. Use this procedure to configure the Zope service for SSL/TLS communictions nd the secure proxy server tht is included in Zenoss Core. 1 Log in to the Control Center rowser interfce. 2 In the Appliction column of the Applictions tle, click the ppliction nme (Zenoss.core). 3 In the Services tle, expnd Zenoss > User Interfce, nd then click Zope. The Zope service detils pge ppers. 4 In the Configurtion Files tle, locte pth /opt/zenoss/etc/zope.conf, nd in the Actions column, click Edit. The Edit Configurtion window ppers. 11
Zenoss Community Edition (Core) Configurtion Guide 5 Configure Zope for secure communictions with the proxy server. Locte the cgi-environment directive. The directive is out one-third of the wy down from the top of the file, on or ner line 380. Configure the proxy server for SSL/TLS communictions: <cgi-environment> HTTPS ON </cgi-environment> 6 Configure the Beker dd-on product to use secure communictions. Locte the product-config directive. The directive is t the ottom the file, on or ner line 1122. Set the vlue of the session.secure key to True. 7 Click Sve. Next steps: If you creted port pulic endpoint efore performing this procedure, the endpoint is redy to use. If you creted virtul host pulic endpoint efore performing this procedure, proceed to Configuring nme resolution for virtul hosts on pge 12. Configuring nme resolution for virtul hosts To enle ccess to rowser interfces y virtul hosts, dd nme resolution entries to the DNS servers in your environment or to the hosts files of individul client systems. On Windows client systems, the hosts file is C:\Windows\System32\drivers\etc\hosts. On Linux nd OS/X client systems, the hosts file is /etc/hosts. Nme resolution syntx The following line shows the syntx of the entry to dd to nme resolution file: IP-Address FQDN Hostnme zenoss5.hostnme 12
Enling ccess to rowser interfces For exmple, the following entry identifies Control Center mster host t IP ddress 192.0.2.12, hostnme cc-mster, in the exmple.com domin. 192.0.2.12 cc-mster.exmple.com cc-mster zenoss5.cc-mster Configuring nme resolution on Windows 7 system To perform this procedure, you need Windows Administrtor privileges. 1 Log in to the Windows 7 system s user with Administrtor privileges. 2 Click Strt > All Progrms > Accessories > Notepd. 3 Right click Notepd nd then select Run s dministrtor. 4 Click File > Open, nd then enter the following file pth: C:\Windows\System32\drivers\etc\hosts 5 At the end of the file, dd nme resolution entry. For more informtion, see Nme resolution syntx on pge 12. 6 Sve the file, nd then exit Notepd. Configuring nme resolution on Linux or OS/X system To perform this procedure, you need superuser privileges on the client system. 1 Log in to the client system s root or s user with sudo privileges. 2 In text editor, Open the /etc/hosts file. 3 At the end of the file, dd nme resolution entry. For more informtion, see Nme resolution syntx on pge 12. 4 Sve the file, nd then close the editor. 13
Zenoss Community Edition (Core) Configurtion Guide Configuring Zenoss Core 2 This chpter contins configurtion procedures tht you perform fter Zenoss Core is instlled. Some of the procedures re optionl, nd indicted s such in the section title. For instlltion nd deployment instructions, refer to the Zenoss Community Edition (Core) Instlltion Guide. Strting Zenoss Core You cn strt Zenoss Core from the Control Center rowser interfce or from the commnd-line interfce. Using the Control Center rowser interfce to strt Zenoss Core To perform this procedure, you need: A tested client system nd rowser A user ccount on the Control Center mster host with ccess privileges for the Control Center rowser interfce For more informtion, refer to the Zenoss Community Edition (Core) Instlltion Guide. 1 Log in to the Control Center rowser interfce. 2 In the Actions column of the Applictions tle, click Strt for Zenoss.core. 3 In the Strt Service dilog ox, click Strt Service nd x Children. 4 Optionl: Monitor the strtup. In the Applictions tle, click Zenoss.core. Scroll down to the Services tle nd review the Helth icon for ech service. As services strt, the Helth icon chnges to check mrk. Using the commnd line to strt Zenoss Core To perform this procedure, you need serviced CLI privileges. For more informtion, refer to the Zenoss Community Edition (Core) Instlltion Guide. 1 Log in to the Control Center mster host s user with serviced CLI privileges. 2 Strt Zenoss Core: serviced service strt Zenoss.core 14
Configuring Zenoss Core 3 Optionl: Monitor the strtup: serviced service sttus Zenoss.core Defult server psswords Zenoss Core dds glol configurtion prmeters to the run-time environments (Docker continers) of every service. The prmeters include the defult psswords of MriDB dtse server nd RitMQ server. The defult psswords re the sme in ll Zenoss Core distriutions. To void security issues, Zenoss recommends chnging the defult psswords of the preceding servers. Note Chnges to glol configurtion prmeters persist cross upgrdes. The following list ssocites the ffected servers, their Zenoss Core services, nd their ccount informtion. Note The list includes oth ccount nmes nd psswords. Zenoss recommends chnging the psswords of ech ccount nd strongly discourges chnging the ccount nmes. MriDB server for event nd model dtses Administrtor ccount:glol.conf.zep-dmin-user Administrtor pssword:glol.conf.zep-dmin-pssword Event dtse user ccount:glol.conf.zep-user Event dtse user pssword:glol.conf.zep-pssword Administrtor ccount:glol.conf.zod-dmin-user Administrtor pssword:glol.conf.zod-dmin-pssword Model dtse user ccount:glol.conf.zod-user Model dtse user pssword:glol.conf.zod-pssword RitMQ server Service: RitMQ User ccount: glol.conf.mqpuser User pssword: glol.conf.mqppssword Chnging MriDB psswords Use this procedure to chnge the psswords of the MriDB dtses for event nd model dt. To perform this procedure, the MriDB child service of Zenoss Core must e running. 1 Log in to the Control Center mster host s root, or s user with superuser privileges. 2 Log in to the Docker continer of the MriDB service s zenoss. serviced service ttch mrid su - zenoss 3 Chnge the psswords. Strt n interctive session. export TERM=dum; mysql -u root 15
Zenoss Community Edition (Core) Configurtion Guide c Access the dministrtion dtse. USE mysql Set the pssword of the root user. Replce New-Pssword with new pssword: SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('New-Pssword'); SET PASSWORD FOR 'root'@'loclhost' = PASSWORD('New-Pssword'); d Record the pssword for use in susequent step. Updte the pssword of the zenoss user. Replce New-Pssword with new pssword: SET PASSWORD FOR 'zenoss'@'127.0.0.1' = PASSWORD('New-Pssword'); SET PASSWORD FOR 'zenoss'@'%' = PASSWORD('New-Pssword'); e Record the pssword for use in susequent step. Exit the interctive session. QUIT The MriDB server lods the grnt tles into memory immeditely when ccount mngement sttements like SET PASSWORD re used, so the FLUSH PRIVILEGES sttement is not necessry. 4 Log in to the Control Center rowser interfce. 5 In the Applictions tle, click Zenoss.core. 6 In the ppliction title line, click Edit Vriles. Initilly, the ppliction title line ppers immeditely elow the Control Center nner t the top of the pge. When you scroll down the pge, the ppliction title line persists t the top of the pge. Figure 1: Edit Vriles dilog 7 Updte the psswords of the event nd model dtses. c In the Edit Vriles dilog, locte the glol.conf.zep-pssword nd glol.conf.zod-pssword vriles. These vriles use the pssword of the zenoss user. Replce their vlues with the new pssword specified previously. Locte the glol.conf.zep-dmin-pssword nd glol.conf.zod-dminpssword vriles. 16
Configuring Zenoss Core These vriles use the pssword of the root user. d Replce their vlues with the new pssword specified previously. e At the ottom of the Edit Vriles dilog, click Sve Chnges. 8 Restrt Zenoss Core. Scroll down to the Services tle, nd then locte the MriDB service. In the ppliction title line, click the Restrt control. Chnging the RitMQ server pssword Use this procedure to chnge the pssword of the RitMQ server. To perform this procedure, the mrid-model child services of Zenoss Core must e running. 1 Log in to the Control Center mster host s root, or s user with superuser privileges. 2 Chnge the pssword of the zenoss user. Log in to the Docker continer of the RitMQ service s root. serviced service ttch ritmq Chnge the pssword. Replce New-Pssword with new pssword: ritmqctl chnge_pssword zenoss New-Pssword c Record the pssword for use in susequent step. Log out of the Docker continer. exit 3 Log in to the Control Center rowser interfce. 4 In the Applictions tle, click Zenoss.core. 5 In the ppliction title line, click Edit Vriles. Initilly, the ppliction title line ppers immeditely elow the Control Center nner t the top of the pge. When you scroll down the pge, the ppliction title line persists t the top of the pge. Figure 2: Edit Vriles dilog 6 Chnge the pssword of the RitMQ server. In the Edit Vriles dilog, locte the glol.conf.mqppssword vrile. 17
Zenoss Community Edition (Core) Configurtion Guide Replce its vlue with the new pssword specified previously. c At the ottom of the Edit Vriles dilog, click Sve Chnges. 7 Restrt the RitMQ service. Scroll down to the Services tle, nd then locte the RitMQ service. In the Actions column of the service, click the Restrt control. Deleting the RitMQ guest user ccount By defult, RitMQ distriutions include the guest user ccount. To prevent security issues, Zenoss recommends deleting the ccount. 1 Log in to the Control Center mster host s user with serviced CLI privileges. 2 Attch to the RitMQ continer. serviced service ttch ritmq 3 Delete the guest user ccount. ritmqctl delete_user guest 4 Exit the continer session. exit 5 Restrt the RitMQ service. serviced service restrt ritmq MriDB dtse utilities The Percon Toolkit is collection of helpful utilities for MySQL nd MriDB dtses. For licensing resons, Zenoss cn not distriute it. Zenoss strongly recommends tht ll instlltions of Zenoss Core instll the Percon Toolkit. Instlling the Percon Toolkit with internet ccess To perform this procedure, you need one of the following: login ccount on the mster host tht is memer of the docker group the pssword of the root user ccount For more informtion, refer to the Zenoss Community Edition (Core) Instlltion Guide. 1 Log in to the Control Center mster host. 2 Instll the pckge. serviced service run zope instll-percon At the end of the instlltion process, the messge Continer not commited ppers. This is norml. The tools re instlled in the distriuted file system, not in n imge. 18
Configuring Zenoss Core Instlling the Percon Toolkit without internet ccess To perform this procedure, you need one of the following: login ccount on the mster host tht is memer of the docker group the pssword of the root user ccount In ddition, you need the Percon Toolkit pckge file. This procedure includes steps for downloding it to client system, nd then copying it to the Control Center mster host. 1 On client system, use we rowser to downlod the ltest version of the Percon Toolkit pckge. 2 Log in to the Control Center mster host. 3 Prepre the pckge for instlltion. On the Control Center mster host, crete directory for the pckge, nd then chnge directory. c mkdir /tmp/percon && cd /tmp/percon Copy the pckge to the temporry loction. You my use file trnsfer utility such s WinSCP. Updte the ccess permissions of the file nd directory. chmod -R 777 /tmp/percon 4 Strt shell s the zenoss user in Zope continer. Chnge directory to the loction of the Percon Toolkit file. c cd /tmp/percon Strt n interctive shell in Zope continer nd sve snpshot nmed PerconToolkit. mysnp=instllpercontoolkit serviced service shell -i -s $mysnp zope sh Switch user to zenoss. su - zenoss 5 Instll the pckge nd exit the Zope continer. Crete directory for the pckge. PERCONADIR=/vr/zenoss/percon mkdir -p $PERCONADIR Extrct the pckge files. Replce Version with the version numer of the pckge file: c tr --strip-components=1 -C $PERCONADIR -xzvf \ /mnt/pwd/percon-toolkit-version.tr.gz Exit the zenoss shell. exit 19
Zenoss Community Edition (Core) Configurtion Guide d Exit the Zope continer. exit 6 Commit the nmed snpshot. serviced snpshot commit $mysnp 7 Restrt the zeneventserver service. serviced service restrt zeneventserver Optionl: Assigning virtul IP ddress to resource pool The zentrp nd zensyslog services re designed to receive dt from devices in your environment t specific IP ddress. Typiclly, the ddress is ssigned to specific host. However, if the host fils, then no dt is received. To void this issue, you cn ssign virtul IP ddress to resource pool, nd then Control Center cn crete virtul IP interfce on ny host in the pool. Zenoss recommends using virtul IP with resource pools tht include Zenoss Core collection services s est prctice. To perform this procedure, you need n unused IPv4 ddress in the sme sunet s the other hosts in the resource pool to modify. To void conflicts, sk your networking specilist to ssign or reserve the ddress. In ddition, ll of the hosts in the resource pool to modify must hve the sme network interfce nmes. 1 Log in to the Control Center rowser interfce. 2 At the top of the pge, click Resource Pools. 3 In the Resource Pool column of the Resource Pools tle, click the nme of the resource pool to modify. 4 At the right side of the Virtul IPs tle, click Add Virtul IP. 5 In the Add Virtul IP dilog, specify the virtul IP. c d In the IP field, enter n IPv4 ddress. The ddress must e in the sme sunet s the other hosts in the current resource pool. In the Netmsk field, enter n IPv4 sunet msk. The msk must mtch the rnge of ddresses in the current resource pool. The following tle ssocites commonly-used sunet msks with the numer of ddresses they include. Sunet msk 255.255.255.192 64 255.255.255.224 32 255.255.255.240 16 255.255.255.248 8 Addresses in sunet In the Interfce field, enter the nme of the network interfce tht is used on ll hosts in the resource pool. At the ottom of the Add Virtul IP dilog, click Add Virtul IP. When you configure devices to send syslog or SNMP trp messges, use the virtul IP ddress ssigned to resource pool. Optionl: Replcing the defult digitl certificte The defult configurtion of the Zenoss Core we server uses Zenoss self-signed certificte for SSL/TLS communictions. Use this procedure to instll your own digitl certificte. 20
Configuring Zenoss Core To perform this procedure, you need: the certificte nd key files of digitl certificte from certificte uthority or from digitl certificte creted with utility such s OpenSSL Note Certifictes tht require pssphrse re not supported. superuser privileges on the Control Center mster host 1 Log in to the Control Center mster host. 2 Copy the certificte nd key files of your digitl certificte to /etc on the mster host. You cn store the files in ny loction tht remins unchnged during operting system upgrdes. 3 Configure Control Center to use your digitl certificte. Open /etc/defult/serviced with text editor. Locte the SERVICED_CERT_FILE declrtion, nd then replce its vlue with the solute pth of your certificte file. c Remove the numer sign chrcter (#) from the eginning of the line. d Locte the SERVICED_KEY_FILE declrtion, nd then replce its vlue with the solute pth of your key file. e Remove the numer sign chrcter (#) from the eginning of the line. f Sve the file, nd then close editor. 4 Relod the Control Center service. systemctl relod serviced Optionl: Customiztion mngement Zenoss Core softwre is distriuted s Docker imges. Upgrdes often replce imges, so customiztions of Zenoss Core services re lost, unless customiztions re instlled with chnge mngement system. Quilt is utility for mnging softwre chnges, nd Zenoss recommends instlling it to mnge customiztions. Instlling Quilt with internet ccess To perform this procedure, you need superuser privileges on the Control Center mster host. Use this procedure to dd the Quilt ptch mngement system to Zenoss Core. 1 Log in to the Control Center mster host. 2 Instll the Quilt pckge. serviced service run zope instll-quilt Instlling Quilt without internet ccess To perform this procedure, you need superuser privileges on the Control Center mster host nd the Quilt pckge file. This procedure includes steps for downloding the pckge to client system, nd then copying it to the Control Center mster host. Use this procedure to dd the Quilt ptch mngement system to Zenoss Core. 1 On client system, use we rowser to downlod the ltest version of the Quilt pckge. 2 Log in to the Control Center mster host. 21
Zenoss Community Edition (Core) Configurtion Guide 3 Prepre the pckge for instlltion. On the Control Center mster host, crete directory for the pckge, nd then chnge directory. c mkdir /tmp/quilt && cd /tmp/quilt Copy the pckge to the temporry loction. You my use file trnsfer utility such s WinSCP. Updte the ccess permissions of the file nd directory. chmod -R 777 /tmp/quilt 4 Strt shell s the zenoss user in Zope continer. Chnge directory to the loction of the Quilt pckge file. c cd /tmp/quilt Strt n interctive shell in Zope continer nd sve snpshot nmed InstllQuilt. mysnp=instllquilt serviced service shell -i -s $mysnp zope sh Switch user to zenoss. su - zenoss 5 Extrct the pckge files, nd then compile nd instll Quilt. Extrct the pckge files. tr xzvf /mnt/pwd/quilt-*.tr.gz -C /tmp Compile nd instll the pckge. cd /tmp/quilt-* &&./configure --prefix=/opt/zenoss/vr/ext \ && mke && mke instll 6 Exit the continer. Exit the zenoss shell. exit Exit the Zope continer. exit 7 Commit the nmed snpshot. serviced snpshot commit $mysnp Optionl: Configuring OpenTSDB compction Zenoss Core uses OpenTSDB to store the monitoring dt it collects. When OpenTSDB compction is enled, multiple columns in n HBse row re merged into single column, to reduce disk spce. In testing, Zenoss hs oserved tht these merges result in duplicte dt points, so y defult, compction is disled. Duplicte dt points do not ffect dt integrity. 22
Configuring Zenoss Core Note Enling compction slows performnce nd is not recommended. 1 Log in to the Control Center rowser interfce. 2 In the Applictions tle, click Zenoss.core. 3 In the ppliction title line, click Edit Vriles. Initilly, the ppliction title line ppers immeditely elow the Control Center nner t the top of the pge. When you scroll down the pge, the ppliction title line persists t the top of the pge. Figure 3: Edit Vriles dilog 4 In the Edit Vriles dilog, scroll to the ottom of the list. 5 Chnge the vlue of the tsd.storge.enle_compction vrile from Flse to True. 6 Click Sve Chnges. 7 Restrt the OpenTSDB services. Scroll down the pge to the Services tle, nd then locte the opentsd service. In the Actions column of the opentsd service, click the Restrt control. 23
Zenoss Community Edition (Core) Configurtion Guide Prepring for monitoring 3 Zenoss Core uses stndrd mngement APIs to collect performnce dt, nd therefore does not instll proprietry gents on your infrstructure devices to collect monitoring dt. However, Zenoss recommends tht you review the informtion in this chpter to verify tht the devices to you wnt to monitor re redy to respond to requests for dt. Note This chpter descries how to prepre the most common IT infrstructure. If the infrstructure you wnt to monitor is not descried here, plese refer to the corresponding ZenPck documenttion in the ZenPck ctlog. When your infrstructure is redy to monitor, the Zenoss Core Setup Wizrd guides you through the process of discovering devices on your network nd dding devices y ctegory nd type. Extending monitoring with ZenPcks Dt centers typiclly contin mny different types of hrdwre, softwre, nd cloud services from long list vendors. To keep your compny's dt secure, ll devices, network infrstructure, nd services must e monitored. Zenoss Core is redy to monitor lrge numer of common devices nd network infrstructure s soon it is instlled. However, you cn monitor n even lrger numer of devices in Zenoss Core through the use of ZenPcks. A ZenPck is plug-in tht extends not only monitoring cpilities, ut lso dds new cpilities to the Zenoss Core itself. This cn e s simple s dding new device clsses or monitoring templtes, or s complex s extending the dt model nd providing new collection demons. There re hundreds of ZenPcks ville, some developed, supported, nd mintined y Zenoss, nd mny others tht re developed nd mintined y the Zenoss user community. You cn use ZenPcks to dd: Monitoring templtes Dt sources Grphs Event clsses User commnds Reports Model extensions Product definitions 24
Prepring for monitoring Simple ZenPcks cn e creted completely within the Zenoss Core. More complex ZenPcks require development of scripts or demons, using Python or nother progrmming lnguge. ZenPcks cn lso e distriuted for instlltion on other Zenoss Core systems. For informtion on how to crete new ZenPck, refer to Zenoss Community Edition (Core) Administrtion Guide. ZenPck informtion resources Zenoss Core includes link (the question mrk icon) to the documenttion for ZenPcks tht re included in your instlltion of Zenoss Core. It lso provides ccess to the ZenPck ctlog, which provides detiled descriptions of ll ZenPcks tht Zenoss developes. You cn lso crete your own ZenPcks, or downlod nd instll ZenPcks developed y others. The following list identifies ZenPck resources: ZenPck SDK Zenoss Community, which includes ZenPck development forum Pulic Zenoss repositories on GitHu Displying instlled ZenPcks in Zenoss Core To disply the pre-instlled ZenPcks on Zenoss Core: 1 In the rowser interfce, select the ADVANCED t. 2 In the left column, select ZenPcks. The following figure shows n exmple list of ZenPcks. 3 To monitor infrstructure tht does not pper in the Loded ZenPcks list, downlod the required ZenPck from the ZenPck ctlog. Once the ZenPck is instlled, you cn then dd the infrstructure to Zenoss Core. Prepring network devices This chpter provides instructions for prepring devices for monitoring. 25
Zenoss Community Edition (Core) Configurtion Guide Prepring switches nd routers To prepre switch or router device for monitoring, verify tht n SNMP gent is instlled nd currently running on the device. Note This rest of this section descries how to prepre Zenoss network devices for monitoring. For other device types, refer to the ZenPck ctlog documenttion. Prepring Cisco UCS network devices Zenoss Core uses SNMP to provide customized or generlized support for mny Zenoss products. The following tle ssocites Zenoss products with the customized Zenoss Core device types tht support them. Device types re listed in the Network re of the Add Infrstructure wizrd, which is oth prt of the setup wizrd nd ville through the Zenoss Core rowser interfce. Note The following device considertions pply: Some supported devices, such s the Cisco Nexus 7000 nd 9000 switches, represent lrge numer of discrete monitoring endpoints. If you re unsure which Zenoss Core deployment size supports the numer of high-density devices you wish to monitor, contct your Zenoss representtive. To monitor Cisco Nexus 9000 Series devices, you must first enle NX-API with the feture mnger CLI commnd on the device. For detiled instructions on performing this tsk, refer to the Cisco documenttion for the Nexus 9000. Cisco product Cisco Ctlyst 6500 nd 3560 Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 1000v Series Switches Cisco Nexus 3000 Series Switches Cisco Nexus 9000 Series Switches Cisco Ctlyst 6500 Series Virtul Switching Systems Cisco MDS 9000 Series Multilyer Switches Device type Cisco 6500 (SNMP) Cisco Nexus 5000 (SNMP + Netconf) Cisco Nexus 7000 (SNMP + Netconf) Cisco Nexus 1000V (SNMP + Netconf) Cisco Nexus 3000 (SNMP + Netconf) Cisco Nexus 9000 (NX-API) Cisco VSS (SNMP) Cisco MDS 9000 (SNMP) In ddition, Zenoss Core provides two generlized device types. Cisco product Cisco CtOS-sed switches or routers Cisco IOS-sed switches or routers Device type Generic Switch/Router (SNMP) Cisco IOS (SNMP) Prepring storge devices This section descries how to prepre NetApp nd EMC storge devices for monitoring. For other device types, refer to the ZenPck ctlog documenttion. 26
Prepring for monitoring Legcy NetApp filers Zenoss Core uses SNMP to monitor legcy NetApp filers tht do not support the Dt ONTAP API (ZAPI). The dt gthered re pproximte ecuse the vlues for mny ojects (Aggregte, Volume, Plex, nd RAID group) re not exposed y the NetApp MIB. To prepre legcy NetApp filer for monitoring, verify tht SNMPv2 is instlled, nd then strt n SNMP gent. Recent NetApp filers Zenoss Core uses HTTP to monitor NetApp filers tht support the Dt ONTAP API (ZAPI). To prepre recent NetApp filers for monitoring, verify the following conditions: The filer is running in 7-Mode or C-Mode. A supported version of ZAPI is instlled nd enled. The minimum required version is 8.x. The user nme nd pssword of your ccount on the filer is uthorized to use ZAPI. EMC storge rrys Zenoss Core uses the We-Bsed Enterprise Mngement (WBEM) protocol to send queries to EMC Storge Mngement Inititive Specifiction (SMI-S) providers tht re ssocited with EMC VMAX nd VNX storge rrys. To prepre EMC rrys for monitoring: At lest one EMC SMI-S provider must e running for ech type of rry to monitor. (The VMAX nd VNX dt models re different.) Before dding n SMI-S provider to Zenoss Core, Zenoss recommends tht you confirm tht it is responding to requests. You need the following informtion: user nme nd pssword for n ccount tht is uthorized to collect dt on ech SMI-S provider IP ddress of ech SMI-S provider port numer t which ech SMI-S provider listens for requests whether to use SSL Note When sttistics logging is disled on the EMC device, grphs for component types of EMC rrys disply NN. The logging feture hs low defult timeout vlue nd must e set to higher vlue or turned on gin periodiclly. Verifying n SMI-S provider on EMC devices To perform this procedure, you need Linux host tht hs network pth to the SMI-S providers of the rrys to monitor. Note Do not perform this procedure on the Zenoss Core host. Perform this procedure to verify tht the SMI-S providers ssocited with EMC rrys re configured correctly, nd re responding to WBEM queries from commnd line tools. 1 Log in to Linux host s root, or s user with superuser privileges. 2 Instll WBEM commnd-line interfce pckge, such s wemcli. 27
Zenoss Community Edition (Core) Configurtion Guide 3 Verify the SMI-S provider. Replce the vriles with vlues tht re vlid in your environment. wemcli IP-Address:Port -u dmin \ -p 'Pssword' -n root/emc --no-sslei('emc_diskdrive') The expected result is list of Disk Drive clsses. Prepring server devices This section descries how to prepre Linux nd Windows servers for monitoring. Note For other device types, refer to the ZenPck ctlog documenttion. Prepring Linux servers for monitoring Zenoss Core uses SNMP or SSH to monitor Linux servers. For SNMP monitoring, instll n SNMP pckge on the server (for exmple, Net-SNMP) nd strt the gent. For SSH monitoring: Instll n SSH server pckge (for exmple, OpenSSH) nd strt the SSH demon. Monitoring Linux servers requires the ility to run the pvs, vgs, lvs, systemctl, initctl, nd service commnds remotely on your Linux server(s) using SSH. By defult, most of these commnds re only llowed to e run loclly y the root user. If you wnt the root user to remotely run these commnds, perform the following: 1 Instll the sudo pckge on your server. 2 Allow the root user to execute commnds vi SSH without TTY. c d Edit the /etc/sudoers file. Find the line contining root ALL=(ALL) ALL. Add the following line eneth it: Defults:root!requiretty Sve the chnges nd exit. Alterntely, you cn lso set up non-root user to remotely run these commnds. Perform the following: 1 Crete user nmed zenmonitor on your Linux servers for monitoring purposes. 2 Instll the sudo pckge on your server. 3 Allow the zenmonitor user to run the commnds vi SSH without TTY. Edit /etc/sudoers.d/zenoss or /etc/sudoers, if sudoers.d is not supported nd dd the following lines to the ottom of the file: Defults:zenmonitor!requiretty Cmnd_Alis ZENOSS_LVM_CMDS = /sin/pvs, /sin/vgs, /sin/lvs, \ /usr/sin/pvs, /usr/sin/vgs, /usr/sin/lvs Cmnd_Alis ZENOSS_SVC_CMDS = /in/systemctl list-units *, \ /in/systemctl sttus *, /sin/initctl list, /sin/service -- sttus-ll, \ /usr/sin/dmidecode 28
Prepring for monitoring zenmonitor ALL=(ALL) NOPASSWD: ZENOSS_LVM_CMDS, ZENOSS_SVC_CMDS Sve the chnges, ensuring ll the pths for these commnds re correct. Prepring Windows servers for monitoring Zenoss Core uses SNMP or WinRM to monitor Microsoft Windows systems s follows: Microsoft Windows Server 2106 - WinRM only. SNMP support does not exist for Windows Server 2106. Microsoft Windows Server 2012 nd 2012 R2 - WinRM only. SNMP support does not exist for Windows Server 2012. Microsoft Windows Server 2008 R2 - SNMP v1/v2 or WinRM. SNMP v3 support does not exist for Windows Server 2008 R2. To prepre Windows 2008 system for SNMP monitoring, strt the SNMP service. To prepre Windows system for WinRM monitoring, refer to the support rticle tht descries the options nd provides the procedures for configuring your systems. To prepre Windows system for WinRM monitoring, refer to the ppendix, "Prepring Windows Systems." Prepring hypervisor devices This section descries how to prepre vsphere nd Hyper-V hypervisors for monitoring. Note For other device types, refer to the ZenPck ctlog documenttion. vsphere endpoint Zenoss Core uses SOAP to monitor VMwre vsphere servers running the following versions of vsphere: 4.1 5.0 5.1 5.5 6.0 To prepre to monitor VMwre vsphere server: Verify tht you re running supported version of the softwre. Otin the user nme nd pssword of n ccount on the server tht is uthorized to use the vsphere API. Determine whether to use SSL. Hyper-V Zenoss Core uses WinRM to monitor the following Microsoft Hyper-V systems: Microsoft Hyper-V Server 2016 Microsoft Hyper-V Server 2012 nd 2012 R2 Microsoft Hyper-V Server 2008 nd 2008 R2 29
Zenoss Community Edition (Core) Configurtion Guide To prepre Hyper-V system for WinRM monitoring, refer to the support rticle tht descries the options nd provides the procedures for configuring your systems. Vlidting configurtion using Inspector tool Once you hve set up your environment, you cn vlidte your configurtion using Inspector. The Inspector tool is typiclly instlled on the Control Center mster host nd performs red-only checks on your environment nd provides dvice on resolving potentil issues. For more informtion on the Inspector tool, including downlod nd instlltion instructions see the following knowledge se rticle: Inspector: A tool to vlidte configurtion. Optionl: Enling monitoring on IPv6 networks This procedure descries how to configure Zenoss Core to enle monitoring of devices tht re locted on n IPv6 network. The network must e rechle from the IPv4 network environment in which Control Center is deployed. Use this procedure to route n IPv6 ddress lock to Control Center using Docker's virtul ridge interfce, docker0. Zenoss Core cn monitor IPv6 devices tht hve ddresses in the routed lock. To perform this procedure, ech Control Center host needs unique IPv6 prefix routed to it y n upstrem router, nd the Docker service on Control Center host needs to e configured to forwrd IPv6 pckets. For exmple, multi-host deployment with one mster host nd three delegtes could hve the IPv6 configurtion in the following tle. Control Center host IPv6 link prefix IPv6 routed prefix Mster 2001:DB8:ABCD:1000::500/64 2001:DB8:ABCD:2000::/64 Delegte 1 2001:DB8:ABCD:1000::501/64 2001:DB8:ABCD:2001::/64 Delegte 2 2001:DB8:ABCD:1000::502/64 2001:DB8:ABCD:2002::/64 Delegte 3 2001:DB8:ABCD:1000::503/64 2001:DB8:ABCD:2003::/64 The following exmple shows how to configure the sttic routes in the preceding tle on n upstrem Cisco router: ipv6 route 2001:DB8:ABCD:2000::/64 2001:DB8:ABCD:1000::500 ipv6 route 2001:DB8:ABCD:2001::/64 2001:DB8:ABCD:1000::501 ipv6 route 2001:DB8:ABCD:2002::/64 2001:DB8:ABCD:1000::502 ipv6 route 2001:DB8:ABCD:2003::/64 2001:DB8:ABCD:1000::503 Perform the following steps on ech Control Center host: 1 Log on to the Control Center host s root, or s user with superuser privileges. 2 Configure IPv6 pcket forwrding. Open /etc/sysctl.d/ipv6.conf with text editor. Add or edit the following line: c net.ipv6.conf.ll.forwrding=1 Sve the file, nd then close the text editor. 30
Prepring for monitoring 3 Enle IPv6 pcket forwrding without reooting the host. sysctl -w net.ipv6.conf.ll.forwrding=1 4 Configure Docker for IPv6 communictions. c Open /etc/sysconfig/docker with text editor. Add the following flgs to the end of the OPTIONS declrtion. Replce Sunet-Block with the IPv6 sunet to route to Control Center, in CIDR nottion: --ipv6 --fixed-cidr-v6="sunet-block" Chnge the delimiter of the OPTIONS declrtion to the postrophe chrcter ('). The defult delimiter of the OPTIONS declrtion is the quottion mrk chrcter ("), which is the sme delimiter used with the --fixed-cidr-ipv6 flg. d Sve the file, nd then close the text editor. 5 Restrt the Docker service. systemctl restrt docker After ll Control Center hosts re configured, test IPv6 y using the Docker continer of the zenping service to ping known ddress: serviced service ttch zenping ping6 -c 1 ipv6.google.com If the ping is successful, Docker is le to resolve IPv6 ddresses nd you cn monitor devices on the IPv6 network. 31
Zenoss Community Edition (Core) Configurtion Guide Modeling devices 4 To model devices, the system cn use SSH WinRM SNMP (legcy option) Note SSH nd WinRM re the recommended options. The modeling method tht you select depends on your environment nd the types of devices tht you wnt to model nd monitor. By defult the system remodels ech known device every 720 minutes (12 hours). Note You cn chnge the frequency with which devices re remodeled. Edit the vlue of the Modeler Cycle Intervl in the collector's configurtion. For lrger deployments, modeling frequency might ffect performnce. In such environments, set the strtt configurtion setting inside the zenmodeler.conf file to chnge the scheduling of the demon. The strtt vlue only dicttes the initil strt time of zenmodeler. Ech susequent run intervl is determined y the zenmodeler cycle time (numer of minutes etween runs). The cycle time is configured on the demon settings pge inside the prent's collector folder, which you cn ccess in Control Center. For more informtion, see KB rticle How To Edit The Zenmodeler File To Configure Model Scheduling In Zenoss 5.x (lso pplies to lter versions). Configuring Windows devices to provide dt through SNMP To monitor Microsoft Windows Server 2008 R2 systems, Zenoss Core uses SNMP v1/v2 or WinRM. (There is no SNMP v3 support.) For Windows 2012, there is no SNMP support. By defult, Windows my not hve SNMP instlled. To instll SNMP on your prticulr version of Windows, plese refer to the Microsoft documenttion. After setting up nd configuring the SNMP service, you must set the zsnmpcommunity string in Zenoss Core to mtch, to otin SNMP dt. If you wnt processor nd memory monitoring, instll SNMP-Informnt on the device. 32