|
Hi peter,
If you want to secure access to MRTG DataSource, we can handle that point :
1. Use a separate HTTP server and run on the LVS director a secure copy to
the HTTP server. like SCP for instance.
2. We can run on the LVS director a RSYNC the MRTG stats to the HTTP server
(the same philosophy as 1.)
3. Use a NFS link (or a like) to the HTTP server. The MRTG stats are
generated dierctly into that network mount point.
4. Alternative solution : use a inetd entry into the LVS director :
4.1 : Set the inetd.conf file : Append entry :
# lvs-stats stream tcp nowait root /usr/local/bin/lvs-stats
4.2 : Set the services file : Append entry :
# lvs-stats 7777/tcp
4.3 : restart inetd : killall -HUP inetd
that way a telnet to lvs director port 7777 will display the stats, we can
even mix this method with tcpwrapper to filter IP address granted to access
the port.
=> You can delocalize access to DataSource that way.
=> This solution imply that one port is open for each lvs MRTG data
source...
There is other solutions but the 4 ennounced are the main. If you want to
use 4. a simple script is needed. If you are interrested on it I can create
it ...
Best regards,
Alexandre
>In that case I suppose I will setup MRTG on the LVS box to parse the data
>for my actual MRTG install. I'd rather avoid having to run Apache on my
>directors, for 'kiss' reasons.
>
>I suppose the most efficient method is some kind of secure copy of the LVS
>MRTG logs over to the other MRTG server? If you want I will document this
>pathetic workaround :).
>
>>Hi peter,
>>
>>If you plan to use LVSGSP you need to install, run and configure MRTG
>>directly onto the director. In fact LVSGSP is just an injector for MRTG,
>>like snmp is an injector too. LVSGSP simply parse the /proc filsystem to
>>sum connections numbers. So LVSGSP is snmp stuff independant.
>>
>>In short you need to :
>>
>>1. Install MRTG onto the director (./configure; make; make install) =>
>>will
>>put it into /usr/local/mrtg-2/
>>2. Download LVSGSP; compile it and put it the location you want
>>(/usr/local/bin for example)
>>3. before configuring MRTG stuff, try lvsgsp manually : lvsgsp
>>XXX.XXX.XXX.XXX YYYY (4(XXX) <=> VIP & 4(Y) <=> VPORT)
>>it should print 3 values to the stdout (like discribed into the lvsgsp
>>INSTALL file)
>>4. Then configure your mrtg.cfg file like discribed into the lvsgsp
>>INSTALL
>>file.
>>5. Then update your crontab with the value present into the lvsgsp
>>INSTALL
>>file => putting mrtg entry into the crontab will update the MRTG
>>database &
>>and generate graph.
>>
>>=> LVSGSP can be summerized as a MRTG injector. So LVSGSP is the MRTG
>>data
>>source.
>>=> If you have troubles setting up your lvsgsp config fill free to send
>>me
>>all your configurations steps so I will be able to help you setting up.
>>
>>I will try to find time today or tomorow to update the package to add
>>RRDTOOL support, which is the MRTG successor and can produce very nice
>>graph.
>>
>>Hope it will help you,
>>
>>regards,
>>Alexandre
|
