Red Hat SummitChapter 5. Configuring performance monitoring with PCP by using RHEL system roles
Performance Co-Pilot (PCP) is a system performance analysis toolkit. You can use it to record and analyze performance data from many components on a Red Hat Enterprise Linux system.
You can use the metrics RHEL system role to automate the installation and configuration of PCP, and the role can configure Grafana to visualize PCP metrics.
5.1. Configuring Performance Co-Pilot by using the metrics RHEL system role
You can use Performance Co-Pilot (PCP) to monitor many metrics, such as CPU utilization and memory usage. For example, this can help to identify resource and performance bottlenecks. By using the metrics RHEL system role, you can remotely configure PCP on multiple hosts to record metrics.
Prerequisites
- You have prepared the control node and the managed nodes
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions on them.
Procedure
Create a playbook file, for example
~/playbook.yml, with the following content:--- - name: Monitoring performance metrics hosts: managed-node-01.example.com tasks: - name: Configure Performance Co-Pilot ansible.builtin.include_role: name: redhat.rhel_system_roles.metrics vars: metrics_retention_days: 14 metrics_manage_firewall: true metrics_manage_selinux: true--- - name: Monitoring performance metrics hosts: managed-node-01.example.com tasks: - name: Configure Performance Co-Pilot ansible.builtin.include_role: name: redhat.rhel_system_roles.metrics vars: metrics_retention_days: 14 metrics_manage_firewall: true metrics_manage_selinux: trueCopy to Clipboard Copied! The settings specified in the example playbook include the following:
metrics_retention_days: <number>-
Sets the number of days after which the
pmlogger_dailysystemd timer removes old PCP archives. metrics_manage_firewall: <true|false>-
Defines whether the role should open the required ports in the
firewalldservice. If you want to remotely access PCP on the managed nodes, set this variable totrue.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.metrics/README.mdfile on the control node.Validate the playbook syntax:
ansible-playbook --syntax-check ~/playbook.yml
$ ansible-playbook --syntax-check ~/playbook.ymlCopy to Clipboard Copied! Note that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
ansible-playbook ~/playbook.yml
$ ansible-playbook ~/playbook.ymlCopy to Clipboard Copied!
Verification
Query a metric, for example:
ansible managed-node-01.example.com -m command -a 'pminfo -f kernel.all.load'
# ansible managed-node-01.example.com -m command -a 'pminfo -f kernel.all.load'Copy to Clipboard Copied!
Next step
5.2. Configuring Performance Co-Pilot with authentication by using the metrics RHEL system role
You can enable authentication in Performance Co-Pilot (PCP) so that the pmcd service and Performance Metrics Domain Agents (PDMAs) can determine whether the user running the monitoring tools is allowed to perform an action. Authenticated users have access to metrics with sensitive information. Additionally, certain agents require authentication. For example, the bpftrace agent uses authentication to identify whether a user is allowed to load bpftrace scripts into the kernel to generate metrics.
By using the metrics RHEL system role, you can remotely configure PCP with authentication on multiple hosts.
Prerequisites
- You have prepared the control node and the managed nodes
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions on them.
Procedure
Store your sensitive variables in an encrypted file:
Create the vault:
ansible-vault create ~/vault.yml
$ ansible-vault create ~/vault.yml New Vault password: <vault_password> Confirm New Vault password: <vault_password>Copy to Clipboard Copied! After the
ansible-vault createcommand opens an editor, enter the sensitive data in the<key>: <value>format:metrics_usr: <username> metrics_pwd: <password>
metrics_usr: <username> metrics_pwd: <password>Copy to Clipboard Copied! - Save the changes, and close the editor. Ansible encrypts the data in the vault.
Create a playbook file, for example
~/playbook.yml, with the following content:--- - name: Monitoring performance metrics hosts: managed-node-01.example.com vars_files: - ~/vault.yml tasks: - name: Configure Performance Co-Pilot ansible.builtin.include_role: name: redhat.rhel_system_roles.metrics vars: metrics_retention_days: 14 metrics_manage_firewall: true metrics_manage_selinux: true metrics_username: "{{ metrics_usr }}" metrics_password: "{{ metrics_pwd }}"--- - name: Monitoring performance metrics hosts: managed-node-01.example.com vars_files: - ~/vault.yml tasks: - name: Configure Performance Co-Pilot ansible.builtin.include_role: name: redhat.rhel_system_roles.metrics vars: metrics_retention_days: 14 metrics_manage_firewall: true metrics_manage_selinux: true metrics_username: "{{ metrics_usr }}" metrics_password: "{{ metrics_pwd }}"Copy to Clipboard Copied! The settings specified in the example playbook include the following:
metrics_retention_days: <number>-
Sets the number of days after which the
pmlogger_dailysystemd timer removes old PCP archives. metrics_manage_firewall: <true|false>-
Defines whether the role should open the required ports in the
firewalldservice. If you want to remotely access PCP on the managed nodes, set this variable totrue. metrics_username: <username>-
The role creates this user locally on the managed node, adds the credentials to the
/etc/pcp/passwd.dbSimple Authentication and Security Layer (SASL) database, and configures authentication in PCP. Additionally, if you setmetrics_from_bpftrace: truein the playbook, PCP uses this account to registerbpftracescripts.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.metrics/README.mdfile on the control node.Validate the playbook syntax:
ansible-playbook --ask-vault-pass --syntax-check ~/playbook.yml
$ ansible-playbook --ask-vault-pass --syntax-check ~/playbook.ymlCopy to Clipboard Copied! Note that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
ansible-playbook --ask-vault-pass ~/playbook.yml
$ ansible-playbook --ask-vault-pass ~/playbook.ymlCopy to Clipboard Copied!
Verification
On a host with the
pcppackage installed, query a metric that requires authentication:Query the metrics by using the credentials that you used in the playbook:
pminfo -fmdt -h pcp://managed-node-01.example.com?username=<user> proc.fd.count
# pminfo -fmdt -h pcp://managed-node-01.example.com?username=<user> proc.fd.count Password: <password> proc.fd.count inst [844 or "000844 /var/lib/pcp/pmdas/proc/pmdaproc"] value 5Copy to Clipboard Copied! If the command succeeds, it returns the value of the
proc.fd.countmetric.Run the command again, but omit the username to verify that the command fails for unauthenticated users:
pminfo -fmdt -h pcp://managed-node-01.example.com proc.fd.count
# pminfo -fmdt -h pcp://managed-node-01.example.com proc.fd.count proc.fd.count Error: No permission to perform requested operationCopy to Clipboard Copied!
Next step
5.3. Setting up Grafana by using the metrics RHEL system role to monitor multiple hosts with Performance Co-Pilot
If you have already configured Performance Co-Pilot (PCP) on multiple hosts, you can use an instance of Grafana to visualize the metrics for these hosts. You can display the live data and, if the PCP data is stored in a Redis database, also past data.
By using the metrics RHEL system role, you can automate the process of setting up Grafana, the PCP plug-in, the optional Redis database, and the configuration of the data sources.
If you use the metrics role to install Grafana on a host, the role also installs automatically PCP on this host.
Prerequisites
- You have prepared the control node and the managed nodes
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions on them. - PCP is configured for remote access on the hosts you want to monitor.
- The host on which you want to install Grafana can access port 44321 on the PCP nodes you plan to monitor.
Procedure
Store your sensitive variables in an encrypted file:
Create the vault:
ansible-vault create ~/vault.yml
$ ansible-vault create ~/vault.yml New Vault password: <vault_password> Confirm New Vault password: <vault_password>Copy to Clipboard Copied! After the
ansible-vault createcommand opens an editor, enter the sensitive data in the<key>: <value>format:grafana_admin_pwd: <password>
grafana_admin_pwd: <password>Copy to Clipboard Copied! - Save the changes, and close the editor. Ansible encrypts the data in the vault.
Create a playbook file, for example
~/playbook.yml, with the following content:--- - name: Monitoring performance metrics hosts: managed-node-01.example.com vars_files: - ~/vault.yml tasks: - name: Set up Grafana to monitor multiple hosts ansible.builtin.include_role: name: redhat.rhel_system_roles.metrics vars: metrics_graph_service: true metrics_query_service: true metrics_monitored_hosts: - <pcp_host_1.example.com> - <pcp_host_2.example.com> metrics_manage_firewall: true metrics_manage_selinux: true - name: Set Grafana admin password ansible.builtin.shell: cmd: grafana-cli admin reset-admin-password "{{ grafana_admin_pwd }}"--- - name: Monitoring performance metrics hosts: managed-node-01.example.com vars_files: - ~/vault.yml tasks: - name: Set up Grafana to monitor multiple hosts ansible.builtin.include_role: name: redhat.rhel_system_roles.metrics vars: metrics_graph_service: true metrics_query_service: true metrics_monitored_hosts: - <pcp_host_1.example.com> - <pcp_host_2.example.com> metrics_manage_firewall: true metrics_manage_selinux: true - name: Set Grafana admin password ansible.builtin.shell: cmd: grafana-cli admin reset-admin-password "{{ grafana_admin_pwd }}"Copy to Clipboard Copied! The settings specified in the example playbook include the following:
metrics_graph_service: true-
Installs Grafana and the PCP plug-in. Additionally, the role adds the
PCP Vector,PCP Redis, andPCP bpftracedata sources to Grafana. metrics_query_service: <true|false>- Defines whether the role should install and configure Redis for centralized metric recording. If enabled, data collected from PCP clients is stored in Redis and, as a result, you can also display historical data instead of only live data.
metrics_monitored_hosts: <list_of_hosts>- Defines the list of hosts to monitor. In Grafana, you can then display the data of these hosts and, additionally, the host that runs Grafana.
metrics_manage_firewall: <true|false>-
Defines whether the role should open the required ports in the
firewalldservice. If you set this variable totrue, you can, for example, access Grafana remotely.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.metrics/README.mdfile on the control node.Validate the playbook syntax:
ansible-playbook --ask-vault-pass --syntax-check ~/playbook.yml
$ ansible-playbook --ask-vault-pass --syntax-check ~/playbook.ymlCopy to Clipboard Copied! Note that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
ansible-playbook --ask-vault-pass ~/playbook.yml
$ ansible-playbook --ask-vault-pass ~/playbook.ymlCopy to Clipboard Copied!
Verification
-
Open
http://<grafana_server_IP_or_hostname>:3000in your browser, and log in as theadminuser with the password you set in the procedure. Display monitoring data:
To display live data:
-
Click the
Performance Co-Piloticon in the navigation bar on the left, and selectPCP Vector Checklist. -
By default, the graphs display metrics from the host that runs Grafana. To switch to a different host, enter the hostname in the
hostspecfield and press Enter.
-
Click the
-
To display historical data stored in a Redis database: Create a panel with a PCP Redis data source. This requires that you set
metrics_query_service: truein the playbook.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}