#26.7. Deploying Hubs
In addition to collectors, Distributed Collector allows you to set up new hubs. A hub represents an instance of the zenhub daemon, which is the daemon through which all collector daemons communicate with the object database and event database. All collectors must belong to exactly one hub; however, a hub may have many collectors associated with it. All hubs (and indirectly all collectors) refer to the same object and event databases. Typically, only very large systems with more than five collectors or more than 1,500 devices will benefit from multiple hubs.
Hubs are used to manage configuration data and pass it to the collectors. Hubs also take data from the collectors and pass it to the ZeoDB. More hubs can be a more efficient way to manage larger deployments, as they help distribute the computing resources when configuration changes are made. They further remove the potential for configuration changes to be a bottleneck to gathering and processing data.
#26.7.1. Configuring MySQL for Remote Hubs
Hubs on remote servers need access to the MySQL events database. This setting is the Hostname field in the Connection Information section of the Event Manager page. By default this is set to localhost, but will not work for remote hubs. Distributed collector attempts to set this field to the fully qualified domain name of the Zenoss server when it is installed. If remote hubs appear to be having trouble connecting to MySQL or sending events, then check the value in this field to make sure it can be reached from the server the hub is on.
Another aspect of remote hubs connecting to MySQL is privileges. For a hub to connect to the events database, the user specified in the User Name field in Event Settings must be granted privileges to connect to MySQL from the remote server. Distributed Collector attempts to grant these privileges any time a remote hub is created or updated. If a remote hub is logging error messages that indicate it is not allowed to connect to MySQL from the given host, then these privileges are likely not set up correctly. Granting of these privileges requires a fully qualified domain name for the remote server.
Before adding a hub, ensure MySQL grants and permissions are set correctly.
The zenoss user needs the following privileges set to see if a remote connection is possible:
GRANT SELECT on mysql.user to zenoss@localhost IDENTIFIED BY "zenoss";
FLUSH PRIVILEGES;
In addition, a zenoss MySQL user is needed that can access the database by using the fully qualified domain name of the zenoss installation:
GRANT ALL PRIVILEGES ON events.* to zenoss@'<FQDN>' IDENTIFIED BY "zenoss";
GRANT SELECT on mysql.user to zenoss@'<FQDN>' IDENTIFIED BY "zenoss";
FLUSH PRIVILEGES;
When you add the remote hub, you will see an error that indicates how to add a remote MySQL user for the hub to be installed. To resolve this issue, do one of the following:
Open remote privileges to the ZEO database with:
GRANT ALL PRIVILEGES ON events.* to zenoss@'%' IDENTIFIED BY "zenoss";
FLUSH PRIVILEGES;OR
Add a zenoss MySQL user for each remote hub:
GRANT ALL PRIVILEGES ON events.* to zenoss@'<ZENHUB FQDN>' IDENTIFIED BY "zenoss";
FLUSH PRIVILEGES;
#26.7.2. Add a Hub
When installing a remote hub, you can select one of several options, using:
Root password to the remote host
Pre-existing root SSH keys
Zenoss SSH keys (use only for RPM installations)
To add a hub, from the main Collectors page, select Add Hub from the table menu.
The Add Hub page appears.
#26.7.2.1. Install Remotely (Root Password)
To install a remote hub, using a root password for access to the remote host:
Select the root password option.
Enter or change setup details:
Hub ID - Enter a name for the new hub. The name can be any unique combination of letters, digits, and dashes.
Host - Enter the fully qualified domain name, IP address, or resolvable hostname of the server on which the new hub will run.
Root Password - Enter the root user password for the server you specified in the Host field.
Port - Enter the port number on which the hub should listen for collectors. The default port is 8790.
Hub Password - Enter the hub password that the collectors will use to log in to this hub. The default password is "zenoss."
XML RPC Port - Specify the port on which the hub should listen for xml-rpc requests from the collectors or other API clients.
ZEO Host - Specify the server hosting the ZEO database (the object database). In most cases, this is the IP address or hostname of the main Zenoss server.
Click Add Hub.
The system displays log output from the creation of the new hub. When fully configured (this may require several minutes), click the link at the bottom of the page to go to the overview page for the new hub.
#26.7.2.2. Install Remotely (Root SSH Keys)
To install a remote hub, using existing root SSH keys for access to the remote host:
Select the root SSH keys option.
Enter or change setup details:
Hub ID - Enter a name for the new hub. The name can be any unique combination of letters, digits, and dashes.
Host - Enter the fully qualified domain name, IP address, or resolvable hostname of the server on which the new hub will run.
Port - Enter the port number on which the hub should listen for collectors. The default port is 8790.
Hub Password - Enter the hub password that the collectors will use to log in to this hub. The default password is "zenoss."
XML RPC Port - Specify the port on which the hub should listen for xml-rpc requests from the collectors or other API clients.
ZEO Host - Specify the server hosting the ZEO database (the object database). In most cases, this is the IP address or hostname of the main Zenoss server.
Click Add Hub.
The system displays log output from the creation of the new hub. When fully configured (this may require several minutes), click the link at the bottom of the page to go to the overview page for the new hub.
#26.7.2.3. Install Remotely (Zenoss SSH Keys)
If you choose to set up a hub using Zenoss SSH keys, Zenoss will attempt to install by using the zenoss user. To successfully install a hub using these keys (without root access), these prerequisite conditions must be met:
zenoss user SSH keys must be set up between the Zenoss server and the target. The target must have a zenoss user.
ZENHOME directory must be present on the remote machine.
zensocket must be present on the remote machine, and the setuid bits must be set.
Tip: The best way to meet the prerequisite conditions is to install the Zenoss RPM on the remote machine. After installation, do not start Zenoss.
Follow these steps to install a remote hub, using Zenoss SSH keys for access to the remote host.
Note
For detailed steps for creating SSH keys, see the section titled "Setting Up SSH Keys for Distributed Collector."
Select the zenoss SSH keys option.
Enter or change setup details:
Hub ID - Enter a name for the new hub. The name can be any unique combination of letters, digits, and dashes.
Host - Enter the fully qualified domain name, IP address, or resolvable hostname of the server on which the new hub will run.
Port - Enter the port number on which the hub should listen for collectors. The default port is 8790.
Hub Password - Enter the hub password that the collectors will use to log in to this hub. The default password is "zenoss."
XML RPC Port - Specify the port on which the hub should listen for xml-rpc requests from the collectors or other API clients.
ZEO Host - Specify the server hosting the ZEO database (the object database). In most cases, this is the IP address or hostname of the main Zenoss server.
Click Add Hub.
The system displays log output from the creation of the new hub. When fully configured (this may require several minutes), click the link at the bottom of the page to go to the overview page for the new hub.
#26.7.3. Setting Up SSH Keys for Distributed Collector
Follow these instructions to create SSH keys for use when setting up hubs and collectors.
These instructions assume you are using openssh. For more information, refer to the ssh-keygen man pages.
Use the following commands to generate an openssh RSA key pair for the zenoss user:
mkdir $HOME/.ssh
ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -p "Lock down the key pair:
chmod 700 $HOME/.ssh
chmod go-rwx $HOME/.ssh/*Copy the generated public key
$HOME/.ssh/id_rsa.pub
file to the remote machine. On the remote machine, add the public key to theauthorized_keys
file in the account the user wants to log in to by using the SSH key.If
$HOME/.ssh
does not exist on the target machine, then create it with these commands:mkdir ~/.ssh
chmod 700 ~/.sshAdd the key:
cat id_rsa.pub >> $HOME/.ssh/authorized_keys
chmod 600 $HOME/.ssh/authorized_keys
Note
You cannot use keys with a pass phrase with Zenoss.