Skip to main content

Centreon offers the possibility to reverse the connection flow of the Gorgone process through the Gorgone Pull mode.

 

Context


Many situations can lead us to implement this feature. Consider a context in which a client has a distributed architecture with a Central server accessible from a public IP adresse (for example in a public Cloud) and many Pollers configured on different LANs. Of course, you cannot contact your remote Pollers from your Central because the Pollers' IPs are not accessible from the Internet and therefore not accessible from the Central server either. In this case, we will ask each Poller to initiate a connection to the public IP of the Central in order to recover its configuration.


Architecture


Consider the distributed architecture:

AD_4nXewSqR_II1Y-cXKHVGwqTupJas503ao2mXola9JCeVn9JGXfmoTiPv1s4o9RkYjqO0zU5bTSimqWfa7XlWFWg-VX1Ilat-ZAcP7yv4T-w9qONW6rLfYWJc8smj_LV3qU5UFB_vxWw?key=yXCwXu_dpt7iNGaoGUy2iztq

AD_4nXeCX0aG8MAktTmRR1abmQeI5LT-neqAdSGMPE-uyzEyEJkd52fgy7rg3LJVhbJpFsyTkdZhbDfuqjFAt9YhYMTjh0Xc7qop8Glz9L922KDQoUfSEFKd33fsazChxYe42_nQ2DH4?key=yXCwXu_dpt7iNGaoGUy2iztq

To identify incoming and outgoing connections between the two servers, we can run the ss command with the -pantu option:

ss -pantu | egrep '(5669|5556)'

AD_4nXf1qrwtVO8YuAnNpqSIpdF8rIWCiE-Bq58pqQvxES1JnljuCSGqmO8ANJpih8ObaBPoEZ4kLy-5gvqydIoYnnQWv7VaxYAqxV92pmtYEhBOK177CSD3dcwuun_IgFkKTPIOTy6Aow?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXf2ox_CWL4OWT0Qegg9I0XhSb9cWP35ljfIT4sJTQVN-nQDTiuN0pAgigXSaS9RRuZ5gHHgBug2_BpeVvP1QYwRXR2YJbCYyOVpo5LqIoR00HUy5YhYBvFz8nRPNwbbQf1Y7OaDTw?key=yXCwXu_dpt7iNGaoGUy2iztq

We have two important network flows between the two Centreon servers:

  • In order to transfer the collected data, the connection is made by Centreon Engine from the Poller to the Central Server on port 5669.
  • In order to export the Centreon configuration and to transfer external commands, the connection is made by Centreon Gorgone from the Central Server to the Poller on port 5556.

Let's go back to our context: the connection from the Central Server to the Poller is not possible. We have then to start the Gorgone connection from the Poller. We will have the following network flows:

From      

To 

Protocol

Port

Application

Poller

Central server

ZMQ

TCP 5556

Export of Centreon configuration

Poller

Central server

BBDO

TCP 5669

Transfer of collected data


Prerequisite


The Remote Poller is already installed and Gorgone also ( it may not be possible to perform the Register the server step, but don't worry)

In our case, we have the following configuration:

  • Central server : 192.168.0.10
  • Poller: 192.168.0.11


Configuration on Poller side

  • In the menu Configuration > Poller > Poller, edit the Poller configuration, select ZMQ as Gorgone connection protocol and define the suitable port (port 5556 is recommended).

AD_4nXd2aJG0C1-zshQy7snHVb-npuhF70j--n10IcMNFyxzyvMBglXPvnzlzkhCxmOvuUmL_zsVa2qRsybOlNGo-GdqoAbSUGal9qDhf4mWBQ1gwciJPB8xoHP--t6ran2P7ONzhYQjBw?key=yXCwXu_dpt7iNGaoGUy2iztq

  • From the Pollers listing (Configuration > Pollers), click on the Display Gorgone configuration action icon on the line corresponding to the Poller

AD_4nXcC56PZI7NL9Q7yI8_ZQr7KBUTrEakeo5r643TLyFVrx0ab0oI8pqT5GPdz1tSbV0FbhakZjWgJhYkYQ_fN5nfMyFFWhCHw-9rytH1Q5PagatYGPZNgbY0yBrAtqGTBR0TYqslO?key=yXCwXu_dpt7iNGaoGUy2iztq

A pop-in will show the configuration to copy into the Poller terminal. Click on Copy to clipboard

AD_4nXf86WZJF9-cf-qjhxlu8cZMu_MWWTr_xJ4vKljE0qWLFRHoL-sbIca8CBhjlfHTHaCOwoFdFQZPyBWYDPTzUXmIDAzZkGkIJrqNHXYkp9CpLahVkZDzgGPpVx9XVTsHXOpcWuzY?key=yXCwXu_dpt7iNGaoGUy2iztq

  • Paste the content of the clipboard directly into the Poller terminal and hit the Enter key for the command to be applied.
  • Edit the file /etc/centreon-gorgone/config.d/40-gorgoned.yaml, modify the section modules and add the pull module after replacing the IP address in the target_path column with the IP address of the Central server
name:  gorgoned-poller
description: Configuration for poller poller
gorgone:
  gorgonecore:
    id: 3
    external_com_type: tcp
    external_com_path: "*:5556"
    authorized_clients: 
      - key: 6wDaj-dbBnjfixAxN8fBOd-0pQ4dsvpZFO4y-VTN-LY
    privkey: "/var/lib/centreon-gorgone/.keys/rsakey.priv.pem"
    pubkey: "/var/lib/centreon-gorgone/.keys/rsakey.pub.pem"
  modules:
    - name: action
      package: gorgone::modules::core::action::hooks
      enable: true
      whitelist_cmds: true
      allowed_cmds:
...
    - name: engine
      package: gorgone::modules::centreon::engine::hooks
      enable: true
      command_file: "/var/lib/centreon-engine/rw/centengine.cmd"
    - name: pull
      package: "gorgone::modules::core::pull::hooks"
      enable: true
      target_type: tcp
      target_path: 192.168.0.10:5556
      ping: 1

AD_4nXcfyM4YqS7AQvvCVOj3toIdNYlkTqqBZ4omL4WdPMHCazhdKdiBUy6Y7VnPEV2V5VLdFsCjAwalNwqU1DCYTG-JVlWkDVdtG24NnW3zZ5UPUg_QQvWHr6KSONl8B0pqaT41pvIQmg?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXd_RFQoC6QT6l2nC717zau6fvNEW2fXfarpNfCCBfnMmvRojZLZh1areWlK_x9ZR6dN0h1iDWkWqvn9oZRslO4j1yRiQaW-uBCKv90pa4Hn2OdiQNHHmTybfeX7Z_PQL7jvahBM?key=yXCwXu_dpt7iNGaoGUy2iztq

  • Run the following command to restart the Gorgone service:
systemctl restart gorgoned

AD_4nXc9l4jNCW2GL2e_cM4VsNcyEmoIP9uTN0-pWfqjc1o3t-IRyscLdOaOUpejuJV407eHqSwfdoBPTzwkGN6cZR0kinDPMf8xFCSCRgpMYpuyk2OaYMgKi7VDqBDuYzwGt7pze9N3YA?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXfr5zGrChFIIAKo8gAf-onkJJDvjDkwEMBIBROqirJrxqAxRnM5i7CQa0RzIaMYTMx0s6MUeR2zbWiYCBanmLaT-si0zEZwkFUgPq4JrilaR40zJAoU-T08e829sI8Shfd8-IIeWA?key=yXCwXu_dpt7iNGaoGUy2iztq

  • Make sure it is started by running the following command:
systemctl status gorgoned

AD_4nXdjbSABVzIZxmE5MvwHuC0HN3bPC8bl4F1aNFq9zmjNoWeUBkQhh05tjevctRlRcccwnJSNEC-jMbZshebE0AL64yiYuug8UA4fFUtGzUdJilaq8V_-Rd9zwxd8yulHC3uvJ4vyaA?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXdC5D92AG6Nl-CmvNXLnUWI_1GaT3Ra0rjOlymVT0RPyM7lGwzFSnxdl4CU9WONkquGuKSwUVvaKzAJQYoUD14xiRz1vLrmM8JvQ8fkRH0BC2B-2BkiioYurxscQG8b3Zp43ETL9w?key=yXCwXu_dpt7iNGaoGUy2iztq

poller > wget https://raw.githubusercontent.com/centreon/centreon-gorgone/master/contrib/gorgone_key_thumbprint.pl

AD_4nXdBuaa0odGCMTsDm8I5hxneB1XajrcD-_9rIpSOQLspivkeBxXZCGfDeMouk6FuRCZ0jFXJrCo_KTlbo7aRqEBrpIi9hwcMzkDk2aHDel7T3hcYlsqHiOzlvXzQx2RfoZImz4quzQ?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXdNBQnca6SAYF36dTZSl945t0TmM_mjz940lbw2TTNRv9RBhbpJ7CuS89f40mi1quzkilxdkR_b6B47XCnaUPpOEFc-rSrzEQAjnloXHDislTRZ58qdWe45mw532fmREZyQrye2?key=yXCwXu_dpt7iNGaoGUy2iztq

  • Edit the file and replace /etc/pki/gorgone/pubkey.pem by  /var/lib/centreon-gorgone/.keys/rsakey.pub.pem
vi gorgone_key_thumbprint.pl

 

:%s/\/etc\/pki\/gorgone\/pubkey\.pem/\/var\/lib\/centreon-gorgone\/.keys\/rsakey\.pub\.pem/g

AD_4nXebtwVNR71Dfa6ETcz178Ma71emR3YPe-FhAKcvHB9ioSQ6YPNnP-Svgz7Ch7tzYcm1-76WjRj7R8Spgya02PMZj7yd0lUiB7BPD1HzhyTxhCR7L-IE0IzFdWOLnl_ezba8h5ZCLA?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXebqSL6-qHgfQDcMt2Q-Qheu1kRN5zZ-VLb9ZvcmzERmqrUp1Wx5oT6VdHAJGmJHpCMMsyzHTdUphd77ZrhuTCNmZWn6IuyyVbCkUaj7s7KE_tmm3JEDdea5LwuK6zbYlmSFtKByw?key=yXCwXu_dpt7iNGaoGUy2iztq

Save & quit

  • Run perl gorgone_key_thumbprint.pl

It should result something as follows:
 

poller > perl gorgone_key_thumbprint.pl

2025-03-04 10:27:02 - INFO - File '/var/lib/centreon-gorgone/.keys/rsakey.pub.pem' JWK thumbprint: -9rYIIV8U6Iuwwhh6vm0gYUsCd1waexfyFzJ0KX5exo

AD_4nXem5-b0zMr53jgSvK0wfjpob_iJfirPpJ_ir8iS_zb9eC-RN7ma3vMr2gkDlXDDiWwNfqSqfrjnIqT-UBFDBzC6oshcVWXL5ztRZoevoeZjvZ9X3YnrZzdWiVgxa3v3IlvHBqJg?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXeRnOsZ242T_cJ9U2mV8ztk4umBMqYwxx6NLQzT8LTzM19e-TZnmce01rD2m0yHJRH9XHNzzX2h3DVtCas8V1NugPsJhdDAHVDn-fmGAA3jzN3psdwVl2SIyJtqKp1o22Q5pZnePg?key=yXCwXu_dpt7iNGaoGUy2iztq

  • keep the rsa public keythumbprint: -9rYIIV8U6Iuwwhh6vm0gYUsCd1waexfyFzJ0KX5exo


Configuration on Central side 

  • Edit the Gorgone configuration file /etc/centreon-gorgone/config.d/40-gorgoned.yaml and add the following line (key refers to the rsa public keythumbprint )
...
gorgone:
  gorgonecore:
    ...
    external_com_type: tcp
    external_com_path: "*:5556"
    authorized_clients:
      - key: -9rYIIV8U6Iuwwhh6vm0gYUsCd1waexfyFzJ0KX5exo
    ...
  modules:
    ...
    - name: register
      package: "gorgone::modules::core::register::hooks"
      enable: true
      config_file: /etc/centreon-gorgone/nodes-register-override.yml
    ...

AD_4nXcqTOvKEppHReRIK7p_U6f4nL9YicdeXPfNPe9EMccr-4q7B6HOKfVFIu-goKkTS6qAqv_EnscWiV6-2FU_G1-N6Hz-aVDeoz1Fc_P68zomrhaVH9I31BHd2JWQu8fZ_x0fH4Q7?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXfPiNiCFD-Vt6Hg8YA4j0ex3cqZRnNvCmrGeDa0NyXV6xe0tWLxIKthp8Ps1h7wWVsbOJ9JGSf7TkcvBS60GnzyI97ILL5udugIuL1dBxMphZgCuKuSnqmNEcs2mRcP7NbVH5AU4A?key=yXCwXu_dpt7iNGaoGUy2iztq

  • 88ieK2Y6SaND5_n5yuTXPfUx-WB3Eq-S1-1K-8nXW9-679l_eCw_PJTOUzbsUaW8HcDalImMT-LWYqCyHv4Nma-rqk568T9b6wIC3fnn1h-nxsprBcl-u8AHv4x0LAeCaePQSvgupv3eeDguJ0N1GLrWMGO8RlvAxrqW1fXLqAY1GHNr1Bk-5oa3JwE_FLNq__1NwJJzDP254bqlqFDu_PovTFVQm6iisNFgJHAlQCLRQXrguMjW3yxkNP_Z2pkgm_HPM4kBtpjW8dBPThen create a new /etc/centreon-gorgone/nodes-register-override.yml file with the following content:
nodes:
  - id: 3
    type: pull
    prevail: 1

          The parameter ID correspond to the Poller ID retrieve in the Gorgone configuration file of the Poller:

AD_4nXc5bexbzERVoVXj5Gd6WSPiVeny7R3feWkydHMYGU2NVYbp9XNbdogbgnC8IPFgA0hW2KQXNyiOa3tN6yR2lgOnOhtnknjUctaNwAtyPYSaOU3pQ5Q8Toxw6V3pbsTbHE-Tv_0LcA?key=yXCwXu_dpt7iNGaoGUy2iztq

  •  Run the following command to restart the Gorgone service:
systemctl restart gorgoned

AD_4nXc3CYw6wP653D1nVRZBR74v4rPeq39wzFVZxpg8J27ZS4ArxXzy7RYAbvgr7B9CP1bCVBeHpbYTYXpts_g6VycMYEPBpT-1IxYfTzF1yijEuMnSALVcGxBK8CD8-bOmgvcIBiPvDA?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXeCnZWTVvNW7EEyvicqIhlIR1-vhX9m6tyYWUY6g7ISb95KZY-qGw3XLh9qPfcUP2jJfay7KAKTcvEkdCxWykmQIhi58CnLRuYxnTHDSqjWNA4ITW5kcnK4D0IScmwXpx6XVEeouw?key=yXCwXu_dpt7iNGaoGUy2iztq

  • Make sure it is started by running the following command:
systemctl status gorgoned

AD_4nXf6hJVBGDse6ONzVjS2opmVMti0pD-EGVRMCkIDLecxsE4DpF5zBAhmnu0Lq4p4TJT3ulcCT3lax7r2CPRVtTuvY4ped_RQmnCR4Flbkvl5nF10QoXxF8WQNurxgophqLl_oi9KOA?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXdg5Y1JpO6g4gVSrTHaN-wfqEf5EAbT0-sNdHfv_BwPsyN27h32lf-nMe1BQTTzw7UEUDb4EXeyxll6c5L9IAw-kFvUuteOhOz4iws3WdTqFUdry8OAxV2Ra3DRCv1z627_ik2vbw?key=yXCwXu_dpt7iNGaoGUy2iztq

  • Y-nx8-x--xPwZrbkAG1mSv0yeEZulpdJA0FxRxL_35lYEU2_Al42QO8N2-46Yb5GVkL0YapilWUPnAcb1CnXHdlyG3LqNGmcMi2hqzDkbK5Ytmn2tSW_Zkv3ZN61aUO8sXyj2MIrFrom the Pollers listing, select the Poller and click on Export configuration. Then check the four first boxes, select the Restart method and click on Export:

AD_4nXdIHvjpGcVZG0eaUpPUsa2_fuksP-h9Sj9G2KUVkbhxUPhjP_oFezwTDecqeT_c7GtdPvRBRj1AUzD0SnXL5rnnMSE4wtJNTRq48pPyfuq5PxVvGHy4aQy_CpSDTgvaqNPFejYSFw?key=yXCwXu_dpt7iNGaoGUy2iztq

The Poller's engine will then start and connect to the Central Broker.

AD_4nXdgXGEjbmJuFQV35YDgE7_TcE2-gCRdKgI9-J4BQM_qe09RS1FsyQNXH7gvvJVQXnVybY1izvqj2JbSCNIW3hjinOjFGi5Kvwz2_alv12t9K2RfcvsenMziBb0aKam-sdJywT-B?key=yXCwXu_dpt7iNGaoGUy2iztq

We got the following network flows:

ss -pantu | egrep '(5669|5556)'
tcp   LISTEN     0      4096                           0.0.0.0:5669               0.0.0.0:*     users:(("cbd",pid=631,fd=8))
tcp   LISTEN     0      100                            0.0.0.0:5556               0.0.0.0:*     users:(("gorgone-proxy",pid=899,fd=16),("gorgone-proxy",pid=897,fd=16),("gorgone-proxy",pid=892,fd=16),("gorgone-proxy",pid=891,fd=16),("gorgone-proxy",pid=886,fd=16),("gorgone-legacyc",pid=885,fd=16),("gorgone-registe",pid=882,fd=16),("gorgone-engine",pid=877,fd=16),("gorgone-autodis",pid=876,fd=16),("gorgone-httpser",pid=875,fd=16),("gorgone-cron",pid=873,fd=16),("gorgone-dbclean",pid=866,fd=16),("gorgone-anomaly",pid=864,fd=16),("gorgone-statist",pid=861,fd=16),("gorgone-nodes",pid=856,fd=16),("gorgone-action",pid=855,fd=16),("gorgone-audit",pid=854,fd=16),("perl",pid=627,fd=16))
tcp   ESTAB      0      0                            127.0.0.1:5669             127.0.0.1:36632 users:(("cbd",pid=631,fd=14))
tcp   ESTAB      0      0                            127.0.0.1:36632            127.0.0.1:5669  users:(("centengine",pid=620,fd=9))
tcp   ESTAB      0      0                          192.168.0.10:5669          192.168.0.11:57262 users:(("cbd",pid=631,fd=15))
tcp   ESTAB      0      0                          192.168.0.10:5556          192.168.0.11:46888 users:(("perl",pid=627,fd=35))

AD_4nXc0Z21z4bkqBWtka46z7NCy5-GI3hqYqnq-Y4_NUZK3dFC-nY_L8RyWLGxPOoAm0b4ZP-MO5RYClgCw_u1hKcxSpL2u4DgjsddmXvOlurWBFs6jcmKM5_7cjoeXhJkoYXbU9YY3Bw?key=yXCwXu_dpt7iNGaoGUy2iztqAD_4nXcEVNaVmMN1upE89P1D0AIX6xplneXaV8nuQL9bis58AsuOZjcy_pCpIIK4Id7WIG_P1skgd7YPaXyzi6iQrz0W3NR9ax7NvU2WSv2WnWc3xMVXaD5xZdBDm3TrnzKYa2pA4U-vcA?key=yXCwXu_dpt7iNGaoGUy2iztq

As expected, we have:

tcp   ESTAB      0      0                          192.168.0.10:5669          192.168.0.11:57262 users:(("cbd",pid=631,fd=15))

tcp   ESTAB      0      0                          192.168.0.10:5556          192.168.0.11:46888 users:(("perl",pid=627,fd=35))

Thanks for the notice, I have a question :

I use a remote server in a dmz, the ip of the server is not the public adress.

In the field ip of the poller configuration , which ip must I put ? 

Reply


Terms & ConditionsCookie settings