 |
 |
|---|
This document is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/4.0/
The Collector module is part of X-Road Metrics, which includes the following modules:
- Database module
- Collector module
- Corrector module
- Reports module
- Anonymizer module
- Opendata module
- Networking/Visualizer module
- Opendata Collector module
The Collector module is responsible to retrieve data from X-Road Security Servers and insert into the database module. The execution of the collector module is performed automatically via a cron job task.
Overall system, its users and rights, processes and directories are designed in a way, that all modules can reside in one server, but also in separate servers. Opmon modules are controlled by unix user 'opmon' in group 'opmon'.
Overall system is also designed in a way, that allows to monitor data from different X-Road instances (e.g. in Estonia there are three instances: ee-dev, ee-test and EE.)
Overall system is also designed in a way, that can be used by X-Road Centre for all X-Road members as well as for Member own monitoring (includes possibilities to monitor also members data exchange partners).
- The collector module needs HTTP-access to the X-Road Central Server to get from global configuration list of members Security Servers.
- The collector module needs HTTP-access to an X-Road Security Server that acts as an Operational Monitoring Client to get the data is collected.
- The collector module needs access to the Database Module (see ==> Database_Module <==).
No incoming connection is needed in the collector module.
This sections describes the necessary steps to install the collector module on a Ubuntu 20.04 or Ubuntu 22.04 Linux host. For a complete overview of different modules and machines, please refer to the ==> System Architecture <== documentation.
wget -qO - https://artifactory.niis.org/api/gpg/key/public | sudo apt-key add -
sudo add-apt-repository 'https://artifactory.niis.org/xroad-extensions-release-deb main'The following information can be used to verify the key:
- key hash: 935CC5E7FA5397B171749F80D6E3973B
- key fingerprint: A01B FE41 B9D8 EAF4 872F A3F1 FB0D 532C 10F6 EC5B
- 3rd party key server: Ubuntu key server
To install xroad-metrics-collector and all dependencies execute the commands below:
sudo apt-get update
sudo apt-get install xroad-metrics-collectorThe installation package automatically installs following items:
xroad-metrics-collectorcommand to run the collector manually- Linux user named xroad-metrics and group xroad-metrics
- settings file /etc/xroad-metrics/collector/settings.yaml
- cronjob in /etc/cron.d/xroad-metrics-collector-cron to run collector automatically every three hours
- log folders to /var/log/xroad-metrics/collector/
Only xroad-metrics user can access the settings files and run xroad-metrics-collector command.
To use collector you need to fill in your X-Road and MongoDB configuration into the settings file. Refer to section Collector Configuration
Before using the Collector module, make sure you have installed and configured the Database_Module and created the MongoDB credentials.
To use collector you need to fill in your X-Road and MongoDB configuration into the settings file. (here, vi is used):
sudo vi /etc/xroad-metrics/collector/settings.yamlTip
For a complete list of available settings, please refer to this settings.yaml template file.
Settings that the user must fill in:
- X-Road instance name
- Central and Security Server hosts
- X-Road client used to collect the monitoring data
- username and password for the collector module MongoDB user
To run collector for multiple X-Road instances, a settings profile for each instance can be created.
- To have profiles
DEV,TEST, andPROD, create three copies ofsetting.yamlfile namedsettings_DEV.yaml,settings_TEST.yamlandsettings_PROD.yamlrespectively. - Fill the profile specific settings to each file.
- Use the
--profileflag when runningxroad-metrics-collector.
For example, to run using theTESTprofile:xroad-metrics-collector --profile TEST collect
Important
xroad-metrics-collector command searches the settings file first in current working directory, then in
/etc/xroad-metrics/collector/
Mutual TLS (mTLS) allows a client and a server to identify and authenticate each other by using X.509 certificates. TLS cryptographic protocol provides secure and integral communication between parties.
To use mTLS in collector you need to fill security-server section in your X-Road settings.yaml file.
Example of configuration:
security-server:
protocol: https://
host: example.host
timeout: 60.0
tls-client-certificate: /path/to/client.crt # path to client's certificate
tls-client-key: /path/to/client.key # path to client's private key
tls-server-certificate: /path/to/server.crt # path to server's certificateNote
- Client's certificate has to be sent to security server administrator.
- Server certificate has to be sent by server's administrator and save in client's location.
tls-server-certificatecan be set toFalseto disable server certificate verification.
All collector module actions can be executed by calling the xroad-metrics-collector command.
Command should be executed as user xroad-metrics so change to that user:
sudo su xroad-metricsSome example commands:
xroad-metrics-collector list # Print available Security Servers to stdout.
xroad-metrics-collector update # Update Security Server list to MongoDB.
xroad-metrics-collector collect # Collect monitoring data from Security Server.
xroad-metrics-collector settings get mongodb.host # Read a value from settings file and print to stdoutAbove examples use the default settings file. To use another settings profile, you can use --profile flag:
xroad-metrics-collector --profile TEST list
xroad-metrics-collector --profile TEST update
xroad-metrics-collector --profile TEST collectDefault installation includes a cronjob in /etc/cron.d/xroad-metrics-collector-cron that runs collector every three hours. This job runs collector using default settings profile (/etc/xroad-metrics/collector/settings.yaml)
If you want to change the collector cronjob scheduling or settings profiles, edit the file e.g. with vi
vi /etc/cron.d/xroad-metrics-collector-cronand make your changes. For example to run collector every six hours using settings profiles PROD and TEST:
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# m h dom mon dow user command
15 */6 * * * xroad-metrics xroad-metrics-collector --profile PROD update && xroad-metrics-collector --profile PROD collect
30 */6 * * * xroad-metrics xroad-metrics-collector --profile TEST update && xroad-metrics-collector --profile TEST collect
If collector is to be run only manually, comment out the default cron task:
# 20 */3 * * * xroad-metrics xroad-metrics-collector update && xroad-metrics-collector collectIndex build (see Database module, Index Creation might affect availability of cursor for long-running queries. Please review the need of active Collector module while running long-running queries in other modules.
The settings for the log file in the settings file are the following:
xroad:
instance: EXAMPLE
# ...
logger:
name: collector
module: collector
# Possible logging levels from least to most verbose are:
# CRITICAL, FATAL, ERROR, WARNING, INFO, DEBUG
level: INFO
# Logs and heartbeat files are stored under these paths.
# Also configure external log rotation and app monitoring accordingly.
log-path: /var/log/xroad-metrics/collector/logs
The log file is written to log-path and log file name contains the X-Road instance name.
The above example configuration would write logs to /var/log/xroad-metrics/collector/logs/log_collector_EXAMPLE.json.
Every log line includes:
- "timestamp": timestamp in Unix format (epoch)
- "local_timestamp": timestamp in local format '%Y-%m-%d %H:%M:%S %z'
- "module": "collector"
- "version": in form of "v${MINOR}.${MAJOR}"
- "activity": possible values "collector_start", "collector_worker", "collector_end"
- level: possible values "INFO", "WARNING", "ERROR"
- msg: message
In case of "activity": "collector_end", the "msg" includes values separated by comma:
- Total collected: number of Member's Security server from where the logs were collected successfully
- Total error: number of Member's Security server from where the logs were not collected due to error
- Total time: durations in the collection process in time format HH:MM:SS
The collector module log handler is compatible with the logrotate utility. To configure log rotation for the example setup above, create the file:
sudo vi /etc/logrotate.d/xroad-metrics-collectorand add the following content :
/var/log/xroad-metrics/collector/logs/log_collector_EXAMPLE.json {
rotate 10
size 2M
}
For further log rotation options, please refer to logrotate manual:
man logrotateThe settings for the heartbeat file in the settings file are the following:
xroad:
instance: EXAMPLE
# ...
logger:
# ...
heartbeat-path: /var/log/xroad-metrics/collector/heartbeat
The heartbeat file is written to heartbeat-path and heartbeat file name contains the X-Road instance name.
The above example configuration would write logs to /var/log/xroad-metrics/collector/heartbeat/heartbeat_collector_EXAMPLE.json.
The heartbeat file consists last message of log file and status
- status: possible values "FAILED", "SUCCEEDED"