Configure Observium to Monitor XenServer

Observium is a great self-hosted monitoring tool that allows you to keep an eye on CPU/memory/storage/interface utilization of your servers. It uses SNMP to do so, so it’s also pretty lightweight and doesn’t need much configuration since SNMP comes installed by default on most distributions.

XenServer also comes with preinstalled SNMP, but the instructions on how to configure clients that you can find on the Observium website only focus on Debian and Redhat, things are a little bit different on Xenserver so here is how to get XenServer to play nicely with Observium.

  1. First of all, the SNMP options file on XenServer is /etc/sysconfig/snmpd.options, uncomment this line from it:
    OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
  2. The default SNMP config file is /etc/snmp/snmpd.conf. It should look something like this:
    com2sec readonly  default         public
    group MyROGroup v1         readonly
    group MyROGroup v2c        readonly
    group MyROGroup usm        readonly
    view all    included  .1                               80
    access MyROGroup ""      any       noauth    exact  all    none   none
    syslocation 
    syscontact 
    #This line allows Observium to detect the host OS if the distro script is installed
    extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro
  3. This steps doesn’t change, so I am taking it straight from the Observium documentation: “Get the observium ‘distro’ script from the scripts/ directory to identify your distribution via SNMP and copy it to /usr/bin/distro”
  4. Restart snmpd:
    service snmpd start
  5. Allow SNMP through the firewall: port 161 must be manually allowed in iptables. Add the following line to /etc/sysconfig/iptables:
    -A RH-Firewall-1-INPUT -p udp --dport 161 -j ACCEPT

    For reference, this is how my iptables config file is looking like so far:

    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A FORWARD -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
    # DHCP for host internal networks (CA-6996)
    -A RH-Firewall-1-INPUT -p udp -m udp --dport 67 --in-interface xenapi -j ACCEPT
    -A RH-Firewall-1-INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    # Linux HA hearbeat (CA-9394)
    -A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 694 -j ACCEPT
    -A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
    -A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
    -A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp --dport 161 -j ACCEPT
    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    COMMIT
    
  6. Restart iptables:
    service iptables restart
  7. Make sure snmpd automatically starts at boot:
    chkconfig snmpd on

At this point you can go ahead and add your XenServer host to Observium and run an initial polling:

  1. sudo ./add_device.php xenserver public v2c
  2. sudo ./discovery.php -h all
  3. sudo ./poller.php -h all

Note: in a production environment you should really change the SNMP community from the default of “public” to something else or, even better, use SNMPv3 that supports authentication and encryption.

Sources:

1 Comment

  1. this worked great – thank you so much

Leave a Reply

© 2017 Daniel's TechBlog

Theme by Anders NorénUp ↑

%d bloggers like this: