REVERSED CONNECTION CONFIGURATION FOR A POLLER

In this article, the following IPs will be used to identify the poller and the Central :

By default, Centreon-Broker installed on the Centreon Central server establishes a TCP socket and listens permanently to the default port 5669 (Listen mode).

The Centreon-Engine(s) (scheduler(s)) loads at startup the cbd module of the broker. This one establishes a TCP socket and establishes a connection with the broker of the Central server.

It can be checked like this :

oroot@Poller01 ~]# netstat -an | grep 5669
tcp  0  0 10.25.5.144:49464   10.25.5.88:5669   ESTABLISHED

To resume, with the default mode, the TCP connection is initialized by the poller and sends the data to the Central.

Let’s take a concrete example.

Let's say you are a System administrator of the company Dunder Mifflin. You have a distributed architecture with a Central and a Poller.

No problem with TCP ports, they are open because you are working from inside the company.

Now, your company buys the company Breizh, you must install a remote Poller. This one will be installed outside the internal network.

You will be able to access it in incoming TCP flow but this server will not be able to access the internal network (blocked by firewall). According to this diagram, we will have a problem with the Poller.

After opening ports 5556 and 5669, on the Internal Poller, we have a problem with the TCP connection coming from the remote poller scheduler.

Indeed the connection being initiated on the Poller side will not be authorized by the firewall. This is where the "one peer retention" option of the broker comes into play.

We are going to initiate the TCP connection on the Central server side as shown in this diagram.

STEP 1 : NEW OUTPUT CREATION FOR THE MONITORING POLLER

Go to Configuration  >  Pollers  >  Broker configuration

Go in the Output tab of the Poller configuration and edit the data output stream, by deleting the IP address of Central and selecting Yes for the One peer retention option.

Connection port → 5669

Host to connect to → (delete current ip address)

One peer retention → Yes

Save

STEP 2 : NEW INPUT CREATION FOR THE CENTRAL SERVER

Go to Configuration  >  Pollers  >  Broker configuration

Let's tell the Central broker to connect to the remote poller. Select the Central-broker-master configuration. Click on the Input tab and add a TCP - IPv4 Input. Name it central-peer-retention, enter the port 5669 and the IP of the monitoring poller.

The reverse connection mode is now configured for the monitoring poller. Export your configuration and restart cbd and centengine.

oroot@CENTRAL ~]# systemctl restart cbd
]root@CENTRAL ~]# systemctl restart centengine

Check that your poller is listening on port 5669 :

oroot@Poller01 ~]# netstat -an | grep 5669
tcp        0      0 0.0.0.0:5669            0.0.0.0:*               LISTEN
tcp        0      0 10.25.5.144:5669        10.25.5.88:37750        ESTABLISHED

We can see that the Central 10.25.5.88 is connected