Hitachi

Job Management Partner 1 Version 10 Job Management Partner 1/Performance Management - Remote Monitor for Virtual Machine Description, User's Guide and Reference

2.5.3 For KVM

If the virtual environment of a monitoring-target host uses KVM, PFM - RM for Virtual Machine uses SSH to collect performance data from that host. Before SSH can be used, PuTTY must be installed on the PFM - RM host. If SSH connection settings are not specified, PFM - RM for Virtual Machine will not be able to collect performance data. The settings for public key authentication must also be specified because public key authentication is used to authenticate the SSH server. In addition, because performance data is collected by using OS commands, necessary software and RPM packages might need to be installed on the PFM - RM host and the monitoring-target host.

Notes on installing PuTTY:

  • Perform installation as a member of the Administrators group.

  • Make sure that the name of the installation folder does not include multi-byte characters.

Organization of this subsection

(1) User account settings

To use SSH, accounts of both the PFM - RM host and the monitoring-target host are required.

To Page Top

(2) Installing necessary software and RPM packages

(a) Software required on the PFM - RM host

The table below lists the software that is required for PFM - RM for Virtual Machine to acquire KVM information. For details, see the Release Notes.

Table 2‒16: Software required to acquire KVM information

Software name

OS

Version

Default

PuTTY

Windows Server

2003 (x86)

- Plink 0.60 or later

- PuTTYgen 0.60 or later

- Pscp 0.60 or later

N

Windows Server

2003 (x64)

- Plink 0.60 or later

- PuTTYgen 0.60 or later

- Pscp 0.60 or later

N

Windows Server

2008 (x86)

- Plink 0.60 or later

- PuTTYgen 0.60 or later

- Pscp 0.60 or later

N

Windows Server

2008 (x64)

- Plink 0.60 or later

- PuTTYgen 0.60 or later

- Pscp 0.60 or later

N

Windows Server

2012

- Plink 0.62 or later

- PuTTYgen 0.62 or later

- Pscp 0.62 or later

N
Legend:

N: Not installed by default.

(b) RPM packages required on the monitoring-target host

In order for PFM - RM for Virtual Machine to acquire KVM information, the RPM packages listed below are required.

Software name

OS

RPM package name

Default

OpenSSH

Red Hat Enterprise Linux 6 (64-bit x86_64)

openssh-5.3p1-20.el6 or later

openssh-server-5.3p1-20.el6 or later

Y
Legend:

Y: Installed by default.

(c) Packages and commands required on the monitoring-target host

The command required for record collection differs depending on the record to be collected, and the required RPM package also differs depending on the command. To check the required package for a command, execute the following: 

/bin/rpm -qf full-path-name-of-the-prerequisite-command

(d) Records and the commands required for collecting the records

The following table lists records and the commands that are required for collecting the records.

Table 2‒17: Records and the commands required for collecting the records

No.

Record

Command

1

Host CPU Status

(PI_HCI)

/bin/date

/bin/cat

2

Host Logical Disk Status

(PI_HLDI)

/bin/date

/bin/df

3

Host Memory Status

(PI_HMI)

/bin/date

/bin/ps

/usr/bin/free

/usr/bin/getconf

/usr/bin/vmstat

4

Host Network Status

(PI_HNI)

/bin/date

/sbin/ifconfig

/usr/bin/virsh

5

Host Physical Disk Status

(PI_HPDI)

/bin/date

/usr/bin/iostat

6

Host Status Detail

(PD)

/usr/bin/virsh

7

Host Status

(PI)

/bin/date

/bin/cat

/bin/ps

/usr/bin/top

8

VM CPU Status

(PI_VCI)

/bin/date

/usr/bin/virsh

9

VM Logical Disk Status

(PI_VLDI)

--

10

VM Memory Status

(PI_VMI)

/bin/date

/usr/bin/pmap

/usr/bin/virsh

11

VM Network Status

(PI_VNI)

/bin/date

/sbin/ifconfig

/usr/bin/virsh

12

VM Physical Disk Status

(PI_VPDI)

/bin/date

/usr/bin/virsh

13

VM Status Detail

(PD_VM)

/usr/bin/virsh

14

VM Status

(PI_VI)

/bin/date

/usr/bin/virsh

/bin/ps

/usr/bin/top

The following lists the RPM packages required by the commands that are required for record collection.

Table 2‒18: RPM packages required by the commands that are required for record collection

No.

Command name

Package name

Default

1

/bin/cat

coreutils-8.4-13.el6 or later

Y

2

/bin/date

coreutils-8.4-13.el6 or later

Y

3

/bin/df

coreutils-8.4-13.el6 or later

Y

4

/bin/ps

procps-3.2.8-17.el6 or later

Y

5

/usr/bin/free

procps-3.2.8-17.el6 or later

Y

6

/usr/bin/getconf

glibc-common-2.12-1.25.el6 or later

Y

7

/usr/bin/iostat

sysstat-9.0.4-18.el6 or later

N

8

/usr/bin/pmap

procps-3.2.8-17.el6 or later

Y

9

/usr/bin/top

procps-3.2.8-17.el6 or later

Y

10

/usr/bin/virsh

libvirt-client-0.8.7-18.el6 or later

N

11

/usr/bin/vmstat

procps-3.2.8-17.el6 or later

Y

12

/sbin/ifconfig

net-tools-1.60-105.el6 or later

Y
Legend:

Y: Installed by default.

N: Not installed by default.

To Page Top

(3) Settings related to SSH connection

The settings that enable SSH connection must be specified on both the PFM - RM host and the monitoring-target host. The following describe the procedures for specifying these settings.

(a) Enabling public key authentication of the SSH server

To enable public key authentication:

  1. Log in to the monitoring-target host as the superuser.

  2. Open the /etc/ssh/sshd_config file.

  3. Change the value of PubkeyAuthentication to yes.

  4. Change the value of PermitRootLogin to yes.

  5. Save and close the /etc/ssh/sshd_config file.

  6. Restart the sshd service by executing the command shown below.

    Note that the command below assumes that the host named targethost1 is set as a monitoring target. 

    [root@targethost1.ssh]$ /etc/rc.d/init.d/sshd restart
    Important note

    To allow the superuser to collect information, open the /etc/ssh/sshd_config file, and change the value of PermitRootLogin to yes. Then, restart the sshd service.

(b) Creating keys

The procedure for creating keys is described below.

Keys can be created by logging on to the PFM - RM host, and then by executing PuTTY. Either of two types of keys (for RSA encryption and DSA encryption) can be selected. Because the only difference between two key types is the encryption algorithm, key usage is the same, whichever type is selected. In this subsection, the procedure for creating RSA keys is described. To create RSA keys:

  1. From the Windows Start menu, select Programs, PuTTY, and then PuTTYgen.

    PuTTYgen starts, and the PuTTY Key Generator window appears.

  2. Under Parameters, confirm that Type of key to generate is SSH-2 RSA, and then click the Generate button.

    The key generation progress bar appears in Key.

    Because PuTTY uses the version 2 of the SSH protocol by default, SSH-2 RSA is selected. However, you might want to change the protocol version to 1. For details about how to change the protocol version to 1, see the PuTTY documentation.

  3. Irregularly move the mouse pointer in the dialog box until the progress reaches 100%.

    When the progress reaches 100%, the created random number is displayed in Key, and keys are created.

  4. Click the Save private key button to save a private key.

    If no values are entered in Key passphrase and Confirm passphrase, a dialog box appears. In this dialog box, click the Yes button without entering anything in Key passphrase and Confirm passphrase.

  5. Click the Save public key button to save a public key.

(c) Deploying the public key (PFM - RM host)

If there are multiple monitoring-target hosts, perform the following procedure on all of the hosts.

■ Transfer the public key

Transfer the public key to the .ssh directory under the home directory on a monitoring-target host. To do this:

  1. Log in to the monitoring-target host as the superuser (account specified for UserID during setup of the monitoring target).

  2. Use the cd command to move to the .ssh directory under the home directory.

    If the .ssh directory does not exist under the home directory, create the .ssh directory. For the access permission attribute of the .ssh directory, set 700 or 755. For the owner and group, set values that are appropriate for the user specified during setup of the monitoring-target host.

    If the home directory, .ssh directory attribute, owner, and group settings are not correct, SSH connection might fail.

    For details about how to set the directory attribute, see the OS documentation.

  3. On the PFM - RM host, open the Command Prompt window, and then move to the folder in which PuTTY is installed.

  4. Execute the pscp command (provided by PuTTY).

    An example of executing the command is shown below. This example assumes that the public key is located in the PuTTY installation directory and a host named targethost1 is set as a monitoring target. 

    C:\Program Files\PuTTY>pscp.exe agt8.pub root@targethost1:.ssh
root@targethost1's password: (Enter the superuser's password here.)
agt8.pub                  | 0 kB |   0.3 kB/s | ETA: 00:00:00 | 100%
C:\Program Files\PuTTY>

    If a message asking you whether you want to register the fingerprint appears, enter n. 

    C:\Program Files\PuTTY>pscp.exe agt8.pub root @targethost1:.ssh
The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the connection.
Store key in cache? (y/n) n
Using keyboard-interactive authentication.
Password: (Enter the superuser's password here.)
agt8.pub                  | 0 kB |   0.3 kB/s | ETA: 00:00:00 | 100%
C:\Program Files\PuTTY>

■ Registering the public key (monitoring-target host)

Log in to the monitoring-target host as the superuser that was set during setup of the monitoring target (account specified for UserID), and then register the public key. To do this:

  1. Log in to the monitoring-target host as the superuser that was set during setup of the monitoring target.

  2. Use the cd command to move to the .ssh directory.

  3. Execute the ssh-keygen command with the -i and -f options specified.

    The public key created by PuTTY is converted so that the key can be used for OpenSSH.

  4. Use the rm command to delete the public key file that was received by the procedure in Transferring the public key.

  5. Execute the chmod command to change the attribute of the key authentication file to 600.

The following shows an example of executing the commands in steps 2 through 5:

[root @targethost1 ~]$ cd .ssh
[root @targethost1 .ssh]$ ssh-keygen -i -f agt8.pub >> authorized_keys
[root @targethost1 .ssh]$ rm agt8.pub
[root @targethost1 .ssh]$ chmod 600 authorized_keys

The name of the key authentication file is set by AuthorizedKeysFile in the /etc/ssh/sshd_config file.

By default, ~/.ssh/ authorized_keys is set.

(d) Confirming connectivity and registering the fingerprint (PFM - RM host)

To confirm connectivity and register the fingerprint:

  1. Log in to the PFM - RM host.

    Make sure that you use the account that was set for HostUserID during setup of the instance environment.

  2. Open the Command Prompt window.

  3. Execute the PuTTY plink command using the private key that has been created.

    Connection is attempted.

  4. Upon achieving the initial connection, register the fingerprint.

    Enter y to register the fingerprint of the public key on the monitoring-target host.

    When y is entered, the prompt of the monitoring-target host is displayed.

  5. Log out.

    When the prompt of the monitoring-target host is displayed, enter exit to log out from the host.

  6. Execute the PuTTY plink command to reconnect to the monitoring-target host.

    If you are not prompted to enter anything and reconnection succeeds, the connection settings are completed. Enter exit to log out from the monitoring-target host.

    If an error occurs or you are prompted to enter something, check for problems with operations performed by the procedure.

The following shows an example of performing the procedure for checking connectivity:

C:\WINDOWS\system32>"C:\Program Files\PuTTY\plink.exe" -ssh -noagent -i "C:\Program Files\PuTTY\agt8.ppk" -l root -P 22 targethost1
The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the connection.
Store key in cache? (y/n) y
Using username "root".
Last login: Wed Aug  4 13:29:55 2010 from xxx.xxx.xxx.xxx
[root@targethost1]$ exit
logout
C:\WINDOWS\system32>"C:\Program Files\PuTTY\plink.exe" -ssh -noagent -i "C:\Program Files\PuTTY\agt8.ppk" -l root -P 22 targethost1
Using username "root".
Last login: Wed Aug  4 13:30:00 2010 from xxx.xxx.xxx.xxx
[root@targethost1]$ exit
logout
C:\WINDOWS\system32>
Important note

PFM - RM for Virtual Machine assumes that fingerprint authentication has already finished. If the fingerprint has not yet been registered before PFM - RM for Virtual Machine connects to the SSH client for the first time, always register the fingerprint at the initial connection.

In a cluster environment, make sure that you also check connectivity and register the fingerprint on the standby node.

To Page Top

Trademarks

Copyright (C) 2013, 2015, Hitachi, Ltd.

Copyright (C) 2013, 2015, Hitachi Solutions, Ltd.