7.2. Red Hat Network Monitoring Daemon (rhnmd)

To get the most out of your Monitoring entitlement, Red Hat suggests installing the Red Hat Network Monitoring Daemon on your client systems. Based upon OpenSSH, rhnmd enables the RHN Satellite Server to communicate securely with the client system to access internal processes and retrieve probe status.

Please note that the Red Hat Network Monitoring Daemon requires that monitored systems allow connections on port 4545. You may avoid opening this port and installing the daemon altogether by using sshd instead. Refer to Section 7.2.3 Configuring SSH for details.

7.2.1. Probes requiring the daemon

An encrypted connection, either through the Red Hat Network Monitoring Daemon or sshd, is required on client systems for the following probes to run:

Note that all probes in the Linux group have this requirement.

7.2.2. Installing the Red Hat Network Monitoring Daemon

Install the Red Hat Network Monitoring Daemon to prepare systems for monitoring with the probes identified in Section 7.2.1 Probes requiring the daemon. Note that the steps in this section are optional if you intend to use sshd to allow secure connections between the RHN monitoring infrastructure and the monitored systems. Refer to Section 7.2.3 Configuring SSH for instructions.

The rhnmd package can be found in the RHN Tools channel for all Red Hat Enterprise Linux distributions. To install it:

  1. Subscribe the systems to be monitored to the RHN Tools channel associated with the system. This can be done individually through the System Details ⇒ Channels ⇒ Software subtab or for multiple systems at once through the Channel Details ⇒ Target Systems tab.

  2. Once subscribed, open the Channel Details ⇒ Packages tab and find the rhnmd package (under 'R').

  3. Click the package name to open the Package Details page. Go to the Target Systems tab, select the desired systems, and click Install Packages.

  4. Install the SSH public key on all client systems to be monitored, as described in Section 7.2.4 Installing the SSH key.

  5. Start the Red Hat Network Monitoring Daemon on all client systems using the command:

    service rhnmd start
  6. When adding probes requiring the daemon, accept the default values for RHNMD User and RHNMD Port: nocpulse and 4545, respectively.

7.2.3. Configuring SSH

If you wish to avoid installing the Red Hat Network Monitoring Daemon and opening port 4545 on client systems, you may configure sshd to provide the encrypted connection required between the systems and RHN. This may be especially desirable if you already have sshd running. To configure the daemon for monitoring use:

  1. Ensure the SSH package is installed on the systems to be monitored:

    rpm -qi ssh
  2. Identify the user to be associated with the daemon. This can be any user available on the system, as long as the required SSH key can be put in the user's ~/.ssh/authorized_keys file.

  3. Identify the port used by the daemon, as identified in its /etc/ssh/sshd_config configuration file. The default is port 22.

  4. Install the SSH public key on all client systems to be monitored, as described in Section 7.2.4 Installing the SSH key.

  5. Start the sshd on all client systems using the command:

    service sshd start
  6. When adding probes requiring the daemon, insert the values derived from steps 2 and 3 in the RHNMD User and RHNMD Port fields.

7.2.4. Installing the SSH key

Whether you use rhnmd or sshd, you must install the Red Hat Network Monitoring Daemon public SSH key on the systems to be monitored to complete the secure connection. To install it:

  1. Navigate to the Monitoring ⇒ Scout Config Push page of the RHN website and click the name of the RHN Server that will monitor the client system. The SSH id_dsa.pub key is visible on the resulting page.

  2. Copy the character string (beginning with ssh-dss and ending with the hostname of the RHN Server).

  3. On the command line of the system to be monitored, switch to the user aligned with the daemon. This is accomplished for rhnmd with the command:

    su - nocpulse
  4. Paste the key character string into the ~/.ssh/authorized_keys file for the daemon's user. For rhnmd, this is /opt/nocpulse/.ssh/authorized_keys.

    If config management is enabled on the systems to be monitored, you may deploy this file across systems using a config channel. Refer to Section 6.6.6.1 Preparing Systems for Config Management for details.

    NoteNote
     

    If valid entries already exist in authorized_keys, add the daemon key to the file rather than replacing the existing key. To do so, save the copied text to id_dsa.pub in the same .ssh/ directory and then run the following command: cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys.

  5. Finally, ensure the .ssh/ directory and authorized_keys file have the appropriate permissions set. This can be done as the daemon's user with the following commands:

    chmod 700 ~/.ssh 
    chmod 600 ~/.ssh/authorized_keys

Once the key is in place and accessible, all probes that require it should allow ssh connections between the Monitoring infrastructure and the monitored system. You may then schedule probes requiring the monitoring daemon to run against the newly configured systems.