Sentinel.la Agent: opensource leverages security
The best way to show off our commitment with the opensource community is using it into every day activities. Sentinel.la agent is based on tourbillon. We’ve forked this project and begun to customize to our purpose.
You have access to the agent’s code to verify that it’s absolutely safe to install and run. Most of the monitoring tool’s agents work over a binary file no bringing enough information of what exactly is doing on your system (or your information). Also this agent run with a user named sentinella (group sentinella) with limited access to your system and files.
Agent installation
Get the agent from out site and get this up using “sentinella init” command. It will be available via debian (.deb) or centos (.rpm) package. Install it as local for now. We’ve got into a repo soon. You will need to identify your account ID (get that key number directly from the console as the next picture shows).Run this agent at any OpenStack node located in any of your instances or datacenters.
root@sf-openstack01:/tmp# sentinella init Configure Sentinel.la agent Enter your Account Key []: 32j4u23iy4u23i
Later you will be asked what OpenStack services you will monitor as the following:
OpenStack configuration Monitor nova-api? [yes]: Name of the nova-api process [nova-api]: nova-api log file [/var/log/nova/nova-api.log]: Monitor nova-scheduler? [yes]: Name of the nova-scheduler process [nova-scheduler]: nova-scheduler log file [/var/log/nova/nova-scheduler.log]: Monitor nova-compute? [yes]: Name of the nova-compute process [nova-compute]: nova-compute log file [/var/log/nova/nova-compute.log]: Monitor nova-cert? [yes]: n Monitor nova-conductor? [yes]: n Monitor nova-novncproxy? [yes]: n Monitor neutron-server? [yes]: Name of the neutron-server process [neutron-server]: neutron-server log file [/var/log/neutron/server.log]: Monitor neutron-dhcp-agent? [yes]: Name of the neutron-dhcp-agent process [neutron-dhcp-agent]: neutron-dhcp-agent log file [/var/log/neutron/dhcp-agent.log]: Monitor neutron-openvswitch-agent? [yes]: Name of the neutron-openvswitch-agent process [neutron-openvswitch-agent]: neutron-openvswitch-agent log file [/var/log/neutron/openvswitch-agent.log]: Monitor neutron-l3-agent? [yes]: Name of the neutron-openvswitch-agent process [neutron-openvswitch-agent]: neutron-l3-agent log file [/var/log/neutron/l3-agent.log]: Monitor neutron-metadata-agent? [yes]: Name of the neutron-metadata-agent process [neutron-metadata-agent]: neutron-metadata-agent log file [/var/log/neutron/metadata-agent.log ]: configuration file generated
We have plans to make this agent detect services automatically, and ask only for what you are actually running on the server.
Setinel.la agent will create a configuration file in JSN format with the information you’ve just chosen.
root@sf-openstack01:/etc/sentinella# cat sentinella.conf { "nova-novncproxy": false, "log_level": "INFO", "neutron-metadata-agent": { "process": "neutron-metadata-agent", "log": "/var/log/neutron/metadata-agent.log " }, "nova-compute": { "process": "nova-compute", "log": "/var/log/nova/nova-compute.log" }, "nova-conductor": false, "nova-api": { "process": "nova-api", "log": "/var/log/nova/nova-api.log" }, "neutron-openvswitch-agent": { "process": "neutron-openvswitch-agent", "log": "/var/log/neutron/openvswitch-agent.log" }, "account_key": "32j4u23iy4u23i", "neutron-l3-agent": { "process": "neutron-openvswitch-agent", "log": "/var/log/neutron/l3-agent.log" }, "neutron-dhcp-agent": { "process": "neutron-dhcp-agent", "log": "/var/log/neutron/dhcp-agent.log" }, "nova-scheduler": { "process": "nova-scheduler", "log": "/var/log/nova/nova-scheduler.log" }, "neutron-server": { "process": "neutron-server", "log": "/var/log/neutron/server.log" }, "nova-cert": false, "log_format": "", "log_file": "/var/log/sentinella/sentinella1.log", "plugins_conf_dir": "/etc/sentinella" }
Configuration file can be copy out other nodes with no issues related to use a different server name or system settings. It would speed up its roll out among geographically dispersed instances.
The agent counts on different options to get a better experience. Sentinel.la will add more features and service through the plug-in concept adopted from tourbillon project. That will be easier to add or remove future services or even develop services on your own for other apps.
root@sf-openstack01:~# sentinella Usage: sentinella [OPTIONS] COMMAND [ARGS]... sentinella: send metrics to API Options: --version Show the version and exit. -c, --config <config_file> specify a different config file -p, --pidfile <pidfile_file> specify a different pidfile file --help Show this message and exit. Commands: clear remove all plugins from configuration disable disable one or more plugins enable enable one or more plugins init initialize the tourbillon configuration install install tourbillon plugin list list available tourbillon plugins reinstall reinstall tourbillon plugin run run the agent show show the list of enabled plugins upgrade upgrade tourbillon plugin root@sf-openstack01:~# sentinella show no enabled plugins
Don’t forget to collaborate.