Configuring the Agent Manager to accept connections from the Management Server
You can configure the Foglight™ Agent Manager to accept connections from the Management Server and enable reverse data polling. This is useful in situations when the Agent Manager cannot connect to the Management Server due to its location. For example, when the Agent Manager is located in the cloud and the Management Server runs on premises, the Agent Manager has no means to connect to the Management Server and pass on the collected data. Another example is when the Agent Manager resides in a demilitarized zone (DMZ), exposed to untrusted networks, and the Management Server is behind a firewall.
You do this by performing the following steps:
|
• |
|
• |
Using the fglam.config.xml file, disable upstream connections to the Management Server. For instructions, see To prevent the Agent Manager from connecting to the Management Server:. |
|
• |
|
1 |
Open the fglam.config.xml file for editing. This file is located in the <fglam_home>/state/default/config directory. |
|
2 |
In the fglam.config.xml file, locate the <config:http-upstreams> XML element, and within that element, declare a new <config:http-upstream> element using the following lines of code: |
|
1 |
Open the fglam.config.xml file for editing. This file is located in the <fglam_home>/state/default/config directory. |
|
2 |
In the fglam.config.xml file, locate the <config:http-downstreams> XML element, and within that element, declare a new <config:http-downstream> sub-element for a non-SSL connection or <config:https-downstream> for an SSL connection. |
|
3 |
Non-SSL connections only. Within the newly created <config:http-downstream> element, provide a port number that the Agent Manager will use to listen for incoming connections, and optionally the IP address of the network interface. For example: |
|
4 |
User-provided certificates or keystores only. Within the newly created <config:https-downstream> element, provide the information about the certificate and keystore you want to use. There is a wide range of attributes that you can use. For complete instructions, review the <config:documentation> element under <config:http-downstreams>. |
|
2 |
On the Agent Properties dashboard, under Agent Type, select FglAM Adapter, and in the pane on the right, click Edit. |
|
3 |
|
4 |
|
• |
Enabled: Select this check box if you want the Management Server to connect to this Agent Manager. |
|
• |
URL: Type the URL the Agent Manager uses to communicate with the Management Server. |
|
• |
Local Address: To specify a local network address for the Management Server connection to the Agent Manager, type the IP address of a NIC (network interface card) on the machine hosting the Agent Manager required to establish connections to the Management Server. |
|
• |
Proxy URL: If you want the Agent Manager to connect to the Management Server using a proxy, type the URL of the proxy server. |
|
• |
Proxy NTLM Domain: If you are using a proxy server for communication, and the proxy uses Windows authentication, type the Windows domain. |
|
• |
Proxy User Name: If you are using a proxy server for communication, type the user name needed to access the proxy server. |
|
• |
Proxy Password: If you are using a proxy server for communication, type the password associated with the user name. |
|
• |
Allow Self Signed SSL Certificates: Select this check box if you want to enable the Agent Manager to accept self-signed certificates from the Management Server. |
|
• |
SSL Certificate Common Name: If you want to enable the Agent Manager to accept self-signed certificates from the Management Server, and the certificate has a different common (host) name than the one reported by the Management Server, type the certificate common name. |
|
• |
Compressed Connection: Select this check box if you want the Agent Manager to establish HTTP-compressed communication with the Management Server. |
|
• |
Chunked HTTP Connection: Select this check box if you want to use an HTTP connection with chunked transfer encoding enabled. |
Configuring multiple Agent Manager instances
The files related to the Agent Manager’s run-time state (for example, configuration and log files), are saved in the <fglam_home>/state/ directory tree. Under the state directory, there is a sub-directory for each available Agent Manager instance.
You can run multiple instances of the Agent Manager using a single Agent Manager bin directory.
In this type of configuration, you create multiple instances and each instance uses a different state directory but runs from a single Agent Manager bin directory. One example of this type of configuration is to test new agent settings without making changes to the agents you are currently using to monitor your production environment.
You can also configure multiple physical installations of the Agent Manager to use a corresponding state directory that exists on a single shared drive. One example use of this functionality is running the Agent Manager in cluster environments. See Example: Running multiple instances in a cluster environment for more information.
As described below, you create a new instance (and its associated state sub-directory) by including the --create-state and --location "<state_name>" (or -l "<state_name>") options with the fglam command; you then use the fglam ‑‑location "<state_name>" command to run that new instance.
If you do not create multiple instances (by following the instructions below), the Agent Manager creates an instance called default and stores the state files in the state/default directory.
|
IMPORTANT: On UNIX® platforms, the entire Agent Manager installation — including all state directories — must be owned by the same system user. |
|
1 |
Launch a command shell on the Agent Manager machine, and navigate to the <fglam_home>/bin directory. |
|
1 |
Launch a command shell on the Agent Manager machine, and navigate to the <fglam_home>/bin directory. |
When you deploy agents to the instance, files related to the run-time state for these agents (including log files) are stored under the <fglam_home>/state/<state_name>/agents directory for that instance.
Example: Running multiple instances in a cluster environment
In this type of installation, there are multiple physical installations of the Agent Manager on different failover nodes. When one node fails and shuts down, the next one starts and its Agent Manager instance accesses the latest changes stored in its state directory on a shared drive.
Begin by installing the Agent Manager on each node in your cluster. See Installing the Agent Manager for installation instructions.
In the following example, <state_dir> is a path to a state directory on a shared network server that is accessible locally from all machines. For example: on Windows clients, the <state_dir> can be f:\cluster_shared_dir\fglam_states\STATENAME_A, while on UNIX® clients, it is /mnt/cluster_shared_dir/fglam_states/STATENAME_A.
fglam --create-state --location <state_dir>
fglam --location <state_dir>
The files related to the Agent Manager instance’s run-time state—for example, configuration and log files—are stored under its remote state directory on the shared drive.
When the Agent Manager is running, you can deploy agents to it and create agent instances. Files related to the run-time state for these agents (including log files) are stored under the remote state directory for this Agent Manager instance. Using the example above, they are stored in <state_dir>.
Ensure that only one instance of the Agent Manager that uses a particular state directory is running at a time. Do not run two instances of the Agent Manager on separate machines (or separate active nodes in the cluster) and cause these instances to use the same shared state directory simultaneously.
Controlling the polling rate
The polling rate is controlled by the following properties:
|
• |
Minimum Polling Interval (seconds): The minimum polling interval, in seconds. |
|
• |
Maximum Polling Interval (seconds): The maximum polling interval, in seconds. |
|
• |
Polling Timeout (seconds): A time-out/grace period (in seconds) that the FglAMAdapter waits for a host to respond, before considering it as disconnected. This is used to account for clock skews and changes in timing typically seen on heavily loaded VMware images. |
For more information about the Agent Properties dashboard, see the Administration and Configuration Help.