Cacti / rrdproxy

RRDTool Proxy
GNU General Public License v2.0
26 stars 9 forks source link

rrdproxy does not run on Freebsd #1

Closed tfagart closed 5 years ago

tfagart commented 8 years ago

Hello,

When I run rrdproxy, It can't bind on configurated interface. I guess this is OS specific.

root@vm-freebsd-1:/home/tom/rrdproxy # php -q rrdtool-proxy.php

_RRDtool Proxy Server Startup___

[0.00039] test: operation system supported [OK] [0.00633] test: no proxy instance running [OK] [0.00637] test: php module 'sockets' [OK] [0.00638] test: php module 'posix' [OK] [0.00638] test: php module 'pcntl' [OK] [0.00639] test: php module 'gmp' [OK] [0.00639] test: php module 'openssl' [OK] [0.00640] test: php module 'zlib' [OK]pidof: not found ls: /proc//fd/: No such file or directory

[0.01206] test: max. number of concurrent streams [OK] [0.01390] init: detach master process [OK] [0.03016] init: RSA public key [OK] [0.03024] init: RSA private key [OK] [0.03067] test: ipv6 supported [OK] Unable to bind socket to '192.168.3.254:40303' root@vm-freebsd-1:/home/tom/rrdproxy #

Thanks

Thomas

browniebraun commented 8 years ago

Hi Thomas, I believe it should be enough to command those lines out and set $max_concurrent_streams to 1024 for some testing. In the meanwhile I have written a new version which is pretty close to its final. I still have some stuff to do on the data replication between two proxies - Will commit all changes soon.

-Andi

tfagart commented 8 years ago

Hello Andi,

I've set : $rrdp_config['max_cnn'] = 1024;

But still same issue, actually I've got no way to make it listen on the correct ip address.

If i set $rrdp_config['address'] = '192.168.3.254';

I've got : root@vm-freebsd-1:/home/tom/rrdproxy # php -q rrdtool-proxy.php

_RRDtool Proxy Server Startup___

[0.00034] test: operation system supported [OK] [0.00670] test: no proxy instance running [OK] [0.00673] test: php module 'sockets' [OK] [0.00673] test: php module 'posix' [OK] [0.00674] test: php module 'pcntl' [OK] [0.00674] test: php module 'gmp' [OK] [0.00675] test: php module 'openssl' [OK] [0.00675] test: php module 'zlib' [OK]pidof: not found ls: /proc//fd/: No such file or directory

[0.01551] test: max. number of concurrent streams [OK] [0.01787] init: detach master process [OK] [0.03449] init: RSA public key [OK] [0.03461] init: RSA private key [OK] [0.03500] test: ipv6 supported [OK] Unable to bind socket to '192.168.3.254:40303' root@vm-freebsd-1:/home/tom/rrdproxy #

If i set :

$rrdp_config['address'] = 192.168.3.254;

I've got it running, but it does not listen on any interface

root@vm-freebsd-1:/home/tom/rrdproxy # php -q rrdtool-proxy.php

_RRDtool Proxy Server Startup___

[0.00034] test: operation system supported [OK] [0.00635] test: no proxy instance running [OK] [0.00638] test: php module 'sockets' [OK] [0.00639] test: php module 'posix' [OK] [0.00640] test: php module 'pcntl' [OK] [0.00640] test: php module 'gmp' [OK] [0.00641] test: php module 'openssl' [OK] [0.00641] test: php module 'zlib' [OK]pidof: not found ls: /proc//fd/: No such file or directory

[0.01203] test: max. number of concurrent streams [OK] [0.01480] init: detach master process [OK]PHP Parse error: syntax error, unexpected '.3' (T_DNUMBER) in /usr/home/tom/rrdproxy/rrdtool-proxy.cfg.php on line 27

Anyway I'll wait for you new commit.

Many thanks

Thomas

browniebraun commented 8 years ago

OK, give me time until Friday evening. I will commit all changes for the new release.

tfagart commented 8 years ago

Many thanks, I'll test it at that time.

Thomas

Le 18/10/2016 à 10:34, Browniebraun a écrit :

OK, give me time until Friday evening. I will commit all changes for the new release.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Cacti/rrdproxy/issues/1#issuecomment-254442639, or mute the thread https://github.com/notifications/unsubscribe-auth/ALBniEVnYNq621Lj_95rGd6cIaqKa-4Fks5q1ISmgaJpZM4KYSTn.

browniebraun commented 8 years ago

Hi Thomas, as promised I've updated the repository to the lasted state I was working on. Directly found some issues while executing it on a different platform. :) Once you have gone through the wizard and started the proxy successfully, connect to it locally using the admin port you've defined. (default 40303). Discover all sub-commands with "?" and turn it into debug mode with "debug proxy on".

If your environment support IPv6 as well as IPv4, requests from IPv4 clients will automatically have an IPv6 address of format ::ffff:x.x.x.x where x.x.x.x is the IPv4 part. You have to use that IPv6 format in this case to register and allow clients to connect to your proxy. keep in mind, all external connections are encrypted. RSA fingerprint for Cacti 1.0 can be found under "Console->System Utilities->Technical Support"

Regards -Andi

tfagart commented 8 years ago

Hello Andi,

I've got the new commit with the nice wizard. But even with this I've got the same type of error when trying to start the server

RRDtool Proxy Server Startup

[0.00052] test: operation system supported [OK] [0.00718] test: no proxy instance running [OK] [0.00722] test: php module 'sockets' [OK] [0.00723] test: php module 'posix' [OK] [0.00724] test: php module 'pcntl' [OK] [0.00724] test: php module 'gmp' [OK] [0.00725] test: php module 'openssl' [OK] [0.00725] test: php module 'zlib' [OK]ls: /proc/61454/fd/: No such file or directory

[0.01144] test: max. number of concurrent streams [117171] [OK] [0.01324] init: detach master process [OK] [0.02856] init: RSA public key [OK] [0.02865] init: RSA private key [OK] [0.02906] test: ipv6 supported [OK] Unable to bind socket to '192.168.3.254:40303' root@vm-freebsd-1:/home/tom/rrdproxy #

Config file is

root@vm-freebsd-1:/home/tom/rrdproxy # cat include/config <?php $rrdp_config = array ( 'name' => 'rrdp', 'address' => '192.168.3.254', 'port_client' => 40301, 'port_server' => 40302, 'port_admin' => 40303, 'max_cnn' => 10, 'max_admin_cnn' => 5, 'backlog' => 10000, 'remote_cnn_timeout' => 5, 'logging_buffer' => 10000, 'path_rra' => '/usr/home/tom/rrdproxy/rra', 'path_rrdtool' => '/usr/local/bin/rrdtool', ); root@vm-freebsd-1:/home/tom/rrdproxy #

I don't know if this could help, but it might be related to the fact this is BSD system instead of Linux.

Let me know how I could help Regards

Thomas

browniebraun commented 8 years ago

Hi Thomas, Could you update and execute rrdtool-proxy.php again and post the error message you will receive, please? Additionally rerun the wizard or edit include/config directly and set address to '0.0.0.0' and try again. This will bind the socket to all interfaces.

Regards -Andi

tfagart commented 8 years ago

Hello,

Here it is :

[0.00048] test: operation system supported [OK] [0.00606] test: no proxy instance running [OK] [0.00612] test: php module 'sockets' [OK] [0.00613] test: php module 'posix' [OK] [0.00614] test: php module 'pcntl' [OK] [0.00615] test: php module 'gmp' [OK] [0.00615] test: php module 'openssl' [OK] [0.00616] test: php module 'zlib' [OK]ls: /proc/67299/fd/: No such file or directory

[0.00970] test: max. number of concurrent streams [117171] [OK] [0.01127] init: detach master process [OK] [0.02615] init: RSA public key [OK] [0.02624] init: RSA private key [OK] [0.02663] test: ipv6 supported [OK] Unable to bind socket to '0.0.0.0:40303' Error: Can't assign requested address

Regards

Thomas

browniebraun commented 8 years ago

Weird. And if you set it to '0'?

tfagart commented 8 years ago

Same behaviour

RRDtool Proxy Server Startup

[0.00054] test: operation system supported [OK] [0.01429] test: no proxy instance running [OK] [0.01434] test: php module 'sockets' [OK] [0.01435] test: php module 'posix' [OK] [0.01435] test: php module 'pcntl' [OK] [0.01436] test: php module 'gmp' [OK] [0.01437] test: php module 'openssl' [OK] [0.01437] test: php module 'zlib' [OK]ls: /proc/81563/fd/: No such file or directory

[0.02097] test: max. number of concurrent streams [117171] [OK] [0.02434] init: detach master process [OK] [0.04176] init: RSA public key [OK] [0.04186] init: RSA private key [OK] [0.04224] test: ipv6 supported [OK] Unable to bind socket to '0:40303' Error: Can't assign requested address root@vm-freebsd-1:/home/tom/rrdproxy #

tfagart commented 8 years ago

Hello,

I'm going to try on debian to see if same things happen.

I'll let you know

Regards

Thomas

browniebraun commented 8 years ago

Ok. Sounds good. I currently have it running under Suse Enterprise 11 as well as Ubuntu 16. Will try to find some time on Wednesday evening to test it on Raspian, too.

Regards Andi

browniebraun commented 8 years ago

Found some time to test it on Raspian this evening where it runs without issues, too.

Regards -Andi

hel2o commented 7 years ago

WEBLOG CACTI2RRDP ERROR: Mismatch RSA Fingerprint. Who can tell me how to use this rrdproxy, how to manage, use web or other? how to fill fingerprint in the rrdproxy cacti and web

browniebraun commented 7 years ago

Once you've completed its wizard and started the proxy it automatically returns the IP and all (3) ports it is listening to - as well as its fingerprint. You need those settings to setup the use of a RRDproxy within the settings of Cacti. Cacti 1.0 automatically creates its own RSA fingerprint during the installation / upgrade routine, which can be found at the top of the technical support page under system utilities. This one and the IP of the Cacti server have to be registered at the other, the RRDproxy, side. The proxy does not have provide a GUI, but from my point of view it offers an extensive command line interface. Do a local telnet and use that port you've defined for administration. The "?" will return all commands (as well as related parameters) it supports.

Regards -Andi

tfagart commented 7 years ago

Hello

Sorry for late answer.

Rrdproxy can run with Ubuntu like a charm. Dameon runs but when Cacti 1.0 try to send data, rrdproxy does not write rrd as it should ?

Can we look at some logs ? (either with Cacti or with rrdproxy)

Also under freebsd I guess the method use to bind a port to an IP is different that with Linux, so that server does not start.

Thanks

Thomas

browniebraun commented 7 years ago

Hi Thomas! :)

Does reading data fail as well? Have you rebuilt the poller cache after switching to the RRDproxy as data storage? (Paths of the RRDfiles will be updated in that case) Cacti will log all commands being sent to the proxy as well as the responses after increasing the logging level to "debug". I'm not sure if the debugger of the RRDtool server will work in the current state as it did before, because I had to stop in the middle of my development work. Normally you have to open a telnet session to the proxy, switch to privileged mode (ena) and execute "debug proxy on".

Currently I'm struggling with the setup of my new development server (Fedora 24). :( :( :(

Regards -Andi

browniebraun commented 7 years ago

I still have to setup Cacti, but the proxy itself also works on Fedora 24. :)

browniebraun commented 7 years ago

image

tfagart commented 7 years ago

Hello BrownieBraun

Whaouh, with your advise this is working properly with ubuntu :-).

There might be a mix up between IPv6 and IPv4.

Actually I had my clients file configured like that :

<?php $rrdp_remote_clients = array ( '192.168.3.252' => 'fingerprint', );

Then I had the following log

ACL] Default connection request #23[IP: ::ffff:192.168.3.252] rejected.

I've modified the clients like that

<?php $rrdp_remote_clients = array ( '::ffff:192.168.3.252' => 'fingerprint', );

And now everything is working :-).

I'm eager to see it working with FreeBSD.

Also another "bug?", when you specify a listen adress other than 0.0.0.0, you can't acccess to prompt in admin mode .... Server IP [127.0.1.1] Administration: ['localhost' :40303] Replication: ['192.168.3.70' :40302] Clients: ['192.168.3.70' :40301]


Signal #1 défini par l'usager root@vm-ubuntu:/home/tom/rrdproxy# telnet localhost 40303 Trying ::1... Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused root@vm-ubuntu:/home/tom/rrdproxy#

root@vm-ubuntu:/home/tom/rrdproxy# telnet 192.168.3.70 40303 Trying 192.168.3.70... Connected to 192.168.3.70. Escape character is '^]'. ERROR: Access denied. Connection closed by foreign host. root@vm-ubuntu:/home/tom/rrdproxy#

Anyway this will permit us to decorralate the polling from the rrd writing, which is a feature we've hope for many years :-).

Do you think this daemon will be scalable ? (I'm talking about writing 200k RRD each 5 minutes).

Anyway many thanks

Thomas

tfagart commented 7 years ago

Sorry for the bad text formating. if it's not clear don't hesitate to ask for more.

Regards

Thomas

browniebraun commented 7 years ago

Hi Thomas, Yep, that's definitely a bug. As you also can see in my screenshot above the proxy rejects the IPv6 request to localhost although the interface supports IPv4 and IPv6.

Regards -Andi

hel2o commented 7 years ago

Where is the logfile ?

browniebraun commented 7 years ago

Depends on what you mean with logfile. The internal logging is currently not really in use although it has already been implemented and it is functional. In privileged mode execute "show logging". It has been defined as a round robin buffer hold in memory limited to a few thousand entries. But I tried to focus on other more important functions and that's the reason why I did not place some log commands within the code. So the internal log will only hold specific events in memory. An external log itself does not exist. I'm not sure if there's really a need to have one.

Regards -Andi

hel2o commented 7 years ago

Because I found that RRDPROXY running after a few hours the CACTI will not connect to PROXY, and then I restart RRDPROXY connect is ok, now i can not find the reason, so I want to see the log

browniebraun commented 7 years ago

Oh, that's unacceptable and we have figure out what the reason for this behavior is. Did you notice any log entries within the Cacti log? If not and it is occurring again then please increase Cacti's logging level. Did you have a change to connect using telnet via admin port? Or was the complete daemon unresponsive and you had to kill the process?

Regards -Andi

hel2o commented 7 years ago

yes,i telnet admin port, debug proxy on,but when it's happen,RRDPROXY is no log print ,but proxy process is ok and telnet 40303 is OK

browniebraun commented 7 years ago

You mean debug did not return the incoming request from the Cacti server?

browniebraun commented 7 years ago

Did you probably notice a high CPU utilization for a RRDtool proxy process running?

hel2o commented 7 years ago

I found that when the number of my switch at around 10 units, polling time in 5 seconds, but when the number of my switch in 300 and DataSources in about 6000, the polling time is 3 minutes, but I use the local storage as long as 13 seconds, RRDPROXY is the 8 core CPU and 32GB memory.

browniebraun commented 7 years ago

Keep in mind that the RRDproxy itself does not solve I/O issues that may occur with every system using thousands of RRDs as data backend. Especially if you're trying to poll all items with a frequency of 5s. It does not make BOOST superfluous! (only the Boost Server script that allowed to update files without assigning write permissions to your httpd process).

The proxy allows to relocate all of your RRDs without NFS and to split big Cacti environments into many logical units. But due to security reasons (we are performing file transactions) everything needs to be heavily encrypted. And it is using a combination of RSA 2048BIT+192BIT AES and uses a new key for every transaction. That will cause a remarkable, but necessary overhead. I'll commit a few updates over the next days to avoid that the service port becomes unavailable. Please note, that every streams needs system related two files. That means you have to ensure that the user executing RRDproxy is allowed to run a high number of open files (ulimit -a) . My system for example is limited to 1024 open files per default - this is much too low. Additional I noticed that PHP does not overwrite the backlog parameter as expected. It automatically uses only the system default detected during its compilation (default 128). Means only 128 connections requests can be hold in a queue if the socket is utilized. Once a socket gets overloaded it becomes unresponsive.

Regards -Andi

browniebraun commented 7 years ago

Reviewing latest changes to RRDtool 1.5 / 1.6 it seems to me that the template option for RRD updates will be supported now. If I remember correctly this was the main show stopper to support Tobi's RRDcache. I will prove an implementation of RRDCache being controlled by the RRDproxy. This would dramatically reduce RRDcache's security issues and be an alternative for systems not running Boost as well as remote proxies. For a remote poller Boost is a must have. Additionally I'm re-thinking the design by splitting off the admin connection handling ...

netniV commented 6 years ago

Is this issue still active? Can it be closed?

tfagart commented 6 years ago

Hello,

If we're talking about rrdproxy running on freebsd, according to me, this issue is still active. I've done another test today, and the demon can't start when trying to open the socket

[0.00063] test: operation system supported [OK] [0.00959] test: no proxy instance running [OK] [0.01954] test: no cache instance running [OK] [0.01958] test: php module 'sockets' [OK] [0.01959] test: php module 'posix' [OK] [0.01960] test: php module 'pcntl' [OK] [0.01961] test: php module 'gmp' [OK] [0.01962] test: php module 'openssl' [OK] [0.01962] test: php module 'zlib' [OK]ls: /proc/44439/fd/: No such file or directory

[0.02395] test: max. number of open files [116937] [OK] [0.02398] test: max. number of connections in backlog [128] [OK] [0.02697] init: detach master process [OK] [0.04306] init: RSA public key [OK] [0.04315] init: RSA private key [OK] [0.04361] test: ipv6 supported [OK] [0.04383] init: tcp admin socket [OK] Unable to bind socket to '192.168.3.252:40301' Error: Can't assign requested address

root@vm-freebsd-2:/home/tom/rrdproxy # uname -a FreeBSD vm-freebsd-2.brozs.net 11.1-RELEASE-p1 FreeBSD 11.1-RELEASE-p1 #0: Wed Aug 9 11:55:48 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 root@vm-freebsd-2:/home/tom/rrdproxy #

Regards

Thomas

browniebraun commented 6 years ago

I just had the same issue on a new server. Please replace AF_INET6 with AF_INET within rrdtool-proxy.php as well as /lib/replicator.php This is not a fix - only a workaround. The main issue is that the proxy does not make a decision between the type of IP address you have defined.

Regards -Andi

browniebraun commented 5 years ago

Fixed in 1.2.7