Pre-requisites for Monitoring a XenServer
There are several pre-requisites for an eG agent to be able to monitor a XenServer and the guest VMs hosted on it.
If an eG agent is installed on the control domain, allow the eG agent to communicate back to the eG management console: Make sure that the firewall on the XenServer is configured to allow outbound traffic from the eG agent to the eG management console. The port used for this communication is determined at the time the eG manager and agents are installed in your environment; port 7077 is the default. To configure the agent-manager communication, do the following:
- Login to the XenServer host.
- Edit the iptables file in the /etc/sysconfig/ directory.
To open the eG manager port, insert the following line anywhere in the file, but before the reject line:
-A RH-Firewall-1-INPUT -p tcp -m tcp -dport 7077 -j ACCEPT
- Save the file.
- Restart the network service by issuing the command: /sbin/service iptables restart
- Enable auto-discovery of VMs by eG Enterprise: Xentools must be installed on all guest operating systems hosted on a XenServer. Using Xentools, the eG agent determines the IP addresses of the guest VMs and the operating systems that they are configured with. If the eG Enterprise monitor shows “N/A” against the IP address field or the operating system type of any VM, this is usually a good indicator that Xentools has not been installed on that VM.
Enable the eG agent to access the XenServer API (for agentless monitoring or for agent-based monitoring):
- In order to ensure that the eG agent uses XenServer API to discover the guest operating systems executing on a target XenServer host, all the tests that the agent executes should be configured with the name and password of a registered user of the XenServer.
By default, the Xen Server is not SSL-enabled. This indicates that by default, the eG agent communicates with the XenServer using HTTP. Accordingly, the ssl flag of all tests executed by the eG agent is set to No by default.
If you configure the XenServer to use SSL, then make sure that the SSL flag is set to Yes for all tests executed by the eG agent, so that the eG agent communicates with the XenServer using HTTPS.
Note that a default SSL certificate comes bundled with every XenServer installation. If you want the eG agent to use this default certificate for communicating with an SSL-enabled XenServer, then no additional configuration is required. However, if you do not want to use the default certificate, then you can generate a self-signed certificate for use by the XenServer. In such a case, you need to explicitly follow the broad steps given below to enable the eG agent to communicate with the XenServer via HTTPS:
- Obtain the server-certificate for the XenServer
- Import the server-certificate into the local certificate store of the eG agent
For a detailed discussion on each of these steps, refer to the Troubleshooting section of this document.
Enabling the eG agent to collect “inside view” metrics from Linux guests:
To allow the eG agent to obtain the “inside view” of Linux VMs, simply ensure that SSH is enabled on all Linux guests to be monitored.
Enabling the eG agent to collect “inside view” metrics from Windows guests, with the help of the eG VM Agent:
To allow the eG agent to obtain the “inside view” of Windows VMs using the eG VM Agent, the following pre-requisites need to be fulfilled:
- Install the eG VM Agent
- Set the inside view usingflag for all the “inside view” tests to eG VM Agent (Windows).
Ensure connectivity from the eG agent to the XenServer being monitored and the VMs:
Since the same agent is used to monitor the outside view of the VMs and the inside view of the VMs, ensure that the agent has IP connectivity to the XenServer and to at least one of the network interfaces of the VMs.
If agentless monitoring is used, ensure communication between the eG remote agent (which performs the agentless monitoring) and the individual VMs.
- For monitoring a Windows VM, TCP port 139 must be accessible from the remote agent to the VM.
- To enable the remote agent (on Windows) to obtain the inside view of Windows VMs, the eGurkhaAgent service should run using domain administrator privileges.
- For monitoring a Linux VM, the SSH port (TCP port 22) must be enabled for communication between the remote agent and the VM being monitored.
Ensure that the XenServer is configured to allow remote performance monitoring:
When configuring monitoring for XenServers in the eG Enterprise administration console, you will be prompted to enter a user name which will be used by the agent to collect performance metrics from the XenServer. For monitoring XenServer 5.5 (or below), you must specify the “root” user credentials for the eG agent to be able to collect metrics. However, if you are monitoring XenServer 5.6 (or above) and you prefer not to expose the credentials of the root user, then, you have the option of configuring a user with pool-admin privileges as the xen user. If you do not want to expose the credentials of a root/pool-admin user when monitoring XenServer 5.6 (or above), then you can configure the tests with the credentials of a xen user with Read-only privileges to the XenServer. However, if this is done, then the Xen Uptime test will not run, and the Xen CPU and Xen Memory tests will not be able to report metrics for the control domain descriptor. To avoid such an outcome, do the following before attempting to configure the eG tests with a xen user who has Read-only privileges to the XenServer:
- Modify the target XenServer’s configuration in the eG Enterprise system. For this, follow the Infrastructure -> Components -> Add/Modify menu sequence, pick Citrix XenServer as the Component type, and click the Modify button corresponding to the target XenServer.
- In the modify component details page that then appears, make sure that the os is set to Xen and the Mode is set to ssh.
- Then, in the same page, proceed to provide the User and Password of a user who has the right to connect to the XenServer console via SSH.
- Then, click the Update button to save the changes.
Once this is done, you can configure the eG tests with the credentials of a xen user with Read-only privileges.