8.2. Red Hat Network Monitoring Daemon (rhnmd)
To get the most out of your Monitoring entitlement, Red Hat suggests installing the Red Hat Network Monitoring Daemon on your client systems. Based upon OpenSSH,
rhnmd
enables the RHN Satellite to communicate securely with the client system to access internal processes and retrieve probe status.
Please note that the Red Hat Network Monitoring Daemon requires that monitored systems allow connections on port 4545. You may avoid opening this port and installing the daemon altogether by using
sshd
instead. Refer to Section 8.2.3, “Configuring SSH” for details.
8.2.1. Probes requiring the daemon
An encrypted connection, either through the Red Hat Network Monitoring Daemon or
sshd
, is required on client systems for the following probes to run:
- Linux::CPU Usage
- Linux::Disk IO Throughput
- Linux::Disk Usage
- Linux::Inodes
- Linux::Interface Traffic
- Linux::Load
- Linux::Memory Usage
- Linux::Process Counts by State
- Linux::Process Count Total
- Linux::Process Health
- Linux::Process Running
- Linux::Swap Usage
- Linux::TCP Connections by State
- Linux::Users
- Linux::Virtual Memory
- LogAgent::Log Pattern Match
- LogAgent::Log Size
- Network Services::Remote Ping
- Oracle::Client Connectivity
- General::Remote Program
- General::Remote Program with Data
Note that all probes in the Linux group have this requirement.
8.2.2. Installing the Red Hat Network Monitoring Daemon
Install the Red Hat Network Monitoring Daemon to prepare systems for monitoring with the probes identified in Section 8.2.1, “Probes requiring the daemon”. Note that the steps in this section are optional if you intend to use
sshd
to allow secure connections between the RHN monitoring infrastructure and the monitored systems. Refer to Section 8.2.3, “Configuring SSH” for instructions.
The
rhnmd
package can be found in the RHN Tools channel for all Red Hat Enterprise Linux distributions. To install it:
- Subscribe the systems to be monitored to the RHN Tools channel associated with the system. This can be done individually through the System Details ⇒ Channels ⇒ Software subtab or for multiple systems at once through the Channel Details ⇒ Target Systems tab.
- Once subscribed, open the Channel Details ⇒ Packages tab and find the
rhnmd
package (under 'R'). - Click the package name to open the Package Details page. Go to the Target Systems tab, select the desired systems, and click .
- Install the SSH public key on all client systems to be monitored, as described in Section 8.2.4, “Installing the SSH key”.
- Start the Red Hat Network Monitoring Daemon on all client systems using the command:
service rhnmd start
- When adding probes requiring the daemon, accept the default values for RHNMD User and RHNMD Port:
nocpulse
and4545
, respectively.
8.2.3. Configuring SSH
If you wish to avoid installing the Red Hat Network Monitoring Daemon and opening port 4545 on client systems, you may configure
sshd
to provide the encrypted connection required between the systems and RHN. This may be especially desirable if you already have sshd
running. To configure the daemon for monitoring use:
- Ensure the SSH package is installed on the systems to be monitored:
rpm -qi openssh-server
- Identify the user to be associated with the daemon. This can be any user available on the system, as long as the required SSH key can be put in the user's
~/.ssh/authorized_keys
file. - Install the SSH public key on all client systems to be monitored, as described in Section 8.2.4, “Installing the SSH key”.
- Start the
sshd
on all client systems using the command:service sshd start
- When adding probes requiring the daemon, insert the values derived from steps 2 and 3 in the RHNMD User and RHNMD Port fields.
8.2.4. Installing the SSH key
Whether you use
rhnmd
or sshd
, you must install the Red Hat Network Monitoring Daemon public SSH key on the systems to be monitored to complete the secure connection. To install it:
- Copy the character string (beginning with
ssh-dss
and ending with the hostname of the RHN Server). - On the command line of the system to be monitored, switch to the user aligned with the daemon. This is accomplished for
rhnmd
with the command:su - nocpulse
- Paste the key character string into the
~/.ssh/authorized_keys
file for the daemon's user. Forrhnmd
, this is/var/lib/nocpulse/.ssh/authorized_keys
.If config management is enabled on the systems to be monitored, you may deploy this file across systems using a config channel. Refer to Section 7.7.1, “Preparing Systems for Config Management” for details.Note
If valid entries already exist inauthorized_keys
, add the daemon key to the file rather than replacing the existing key. To do so, save the copied text toid_dsa.pub
in the same.ssh/
directory and then run the following command:cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
. - Finally, ensure the
.ssh/
directory andauthorized_keys
file have the appropriate permissions set. This can be done as the daemon's user with the following commands:chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
Once the key is in place and accessible, all probes that require it should allow
ssh
connections between the Monitoring infrastructure and the monitored system. You may then schedule probes requiring the monitoring daemon to run against the newly configured systems.