diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/release/userguide/feature.userguide.rst | 74 |
1 files changed, 57 insertions, 17 deletions
diff --git a/docs/release/userguide/feature.userguide.rst b/docs/release/userguide/feature.userguide.rst index 30e34b99..cd4051f4 100644 --- a/docs/release/userguide/feature.userguide.rst +++ b/docs/release/userguide/feature.userguide.rst @@ -471,7 +471,7 @@ https://github.com/collectd/collectd/blob/master/src/collectd.conf.pod IPMI Plugin ^^^^^^^^^^^^ -Repo: https://github.com/maryamtahhan/collectd +Repo: https://github.com/collectd/collectd Branch: feat_ipmi_events, feat_ipmi_analog @@ -543,16 +543,13 @@ Clone and install the collectd IPMI plugin: .. code:: bash - $ git clone https://github.com/maryamtahhan/collectd + $ git clone https://github.com/collectd/collectd $ cd collectd - $ git checkout $BRANCH $ ./build.sh $ ./configure --enable-syslog --enable-logfile --enable-debug $ make $ sudo make install -Where $BRANCH is feat_ipmi_events or feat_ipmi_analog. - This will install collectd to default folder ``/opt/collectd``. The collectd configuration file (``collectd.conf``) can be found at ``/opt/collectd/etc``. To configure the IPMI plugin you need to modify the file to include: @@ -561,7 +558,9 @@ To configure the IPMI plugin you need to modify the file to include: LoadPlugin ipmi <Plugin ipmi> - SELEnabled true # only feat_ipmi_events branch supports this + <Instance "local"> + SELEnabled true # only feat_ipmi_events branch supports this + </Instance> </Plugin> .. note:: @@ -569,8 +568,7 @@ To configure the IPMI plugin you need to modify the file to include: dispatch the values to collectd and send SEL notifications. For more information on the IPMI plugin parameters and SEL feature configuration, -please see: -https://github.com/maryamtahhan/collectd/blob/feat_ipmi_events/src/collectd.conf.pod +please see: https://github.com/collectd/collectd/blob/master/src/collectd.conf.pod Extended analog sensors support doesn't require additional configuration. The usual collectd IPMI documentation can be used: @@ -660,7 +658,7 @@ Clone and install the collectd mcelog plugin: .. code:: bash - $ git clone https://github.com/maryamtahhan/collectd + $ git clone https://github.com/collectd/collectd $ cd collectd $ ./build.sh $ ./configure --enable-syslog --enable-logfile --enable-debug @@ -678,11 +676,15 @@ include: Interval 1 </LoadPlugin> <Plugin mcelog> - McelogClientSocket "/var/run/mcelog-client" + <Memory> + McelogClientSocket "/var/run/mcelog-client" + PersistentNotification false + </Memory> + #McelogLogfile "/var/log/mcelog" </Plugin> For more information on the plugin parameters, please see: -https://github.com/maryamtahhan/collectd/blob/feat_ras/src/collectd.conf.pod +https://github.com/collectd/collectd/blob/master/src/collectd.conf.pod Simulating a Machine Check Exception can be done in one of 3 ways: @@ -891,7 +893,7 @@ ovs_pmd_stat.sh calls the script for OVS PMD stats application with its argument SNMP Agent Plugin ^^^^^^^^^^^^^^^^^ -Repo: https://github.com/maryamtahhan/collectd/ +Repo: https://github.com/collectd/collectd Branch: master @@ -986,9 +988,8 @@ Clone and install the collectd snmp_agent plugin: .. code:: bash $ cd ~ - $ git clone https://github.com/maryamtahhan/collectd + $ git clone https://github.com/collectd/collectd $ cd collectd - $ git checkout feat_snmp $ ./build.sh $ ./configure --enable-syslog --enable-logfile --enable-debug --enable-snmp --with-libnetsnmp $ make @@ -1032,7 +1033,7 @@ The ``snmpwalk`` command can be used to validate the collectd configuration: retreived using standard IF-MIB tables. For more information on the plugin parameters, please see: -https://github.com/maryamtahhan/collectd/blob/feat_snmp/src/collectd.conf.pod +https://github.com/collectd/collectd/blob/master/src/collectd.conf.pod For more details on AgentX subagent, please see: http://www.net-snmp.org/tutorial/tutorial-5/toolkit/demon/ @@ -1041,7 +1042,7 @@ http://www.net-snmp.org/tutorial/tutorial-5/toolkit/demon/ virt plugin ^^^^^^^^^^^^ -Repo: https://github.com/maryamtahhan/collectd +Repo: https://github.com/collectd/collectd Branch: master @@ -1172,7 +1173,7 @@ statistics are disabled. They can be enabled with ``ExtraStats`` option. </Plugin> For more information on the plugin parameters, please see: -https://github.com/maryamtahhan/collectd/blob/feat_libvirt_upstream/src/collectd.conf.pod +https://github.com/collectd/collectd/blob/master/src/collectd.conf.pod .. _install-collectd-as-a-service: @@ -1282,6 +1283,41 @@ To see this demo in action please checkout: `Barometer OPNFV Summit demo`_ For more information on configuring and installing OpenStack plugins for collectd, check out the `collectd-ceilometer-plugin GSG`_. +Security +^^^^^^^^^ +* AAA – on top of collectd there secure agents like SNMP V3, Openstack agents + etc. with their own AAA methods. + +* Collectd runs as a daemon with root permissions. + +* The `Exec plugin`_ allows the execution of external programs but counters the security + concerns by: + + * Ensuring that only one instance of the program is executed by collectd at any time + * Forcing the plugin to check that custom programs are never executed with superuser + privileges. + +* Protection of Data in flight: + + * It's recommend to use a minimum version of 4.7 of the Network plugin which provides + the possibility to cryptographically sign or encrypt the network traffic. + * Write Redis plugin or the Write MongoDB plugin are recommended to store the data. + * For more information, please see: https://collectd.org/wiki/index.php?title=Networking_introduction + +* Known vulnerabilities include: + + * https://www.cvedetails.com/vulnerability-list/vendor_id-11242/Collectd.html + + * `CVE-2017-7401`_ fixed https://github.com/collectd/collectd/issues/2174 in Version 5.7.2. + * `CVE-2016-6254`_ fixed https://mailman.verplant.org/pipermail/collectd/2016-July/006838.html + in Version 5.4.3. + * `CVE-2010-4336`_ fixed https://mailman.verplant.org/pipermail/collectd/2010-November/004277.html + in Version 4.10.2. + + * http://www.cvedetails.com/product/20310/Collectd-Collectd.html?vendor_id=11242 + +* It's recommended to only use collectd plugins from signed packages. + References ^^^^^^^^^^^ .. [1] https://collectd.org/wiki/index.php/Naming_schema @@ -1297,3 +1333,7 @@ References .. _aodh plugin: https://github.com/openstack/collectd-ceilometer-plugin/tree/stable/ocata/ .. _collectd-ceilometer-plugin GSG: https://github.com/openstack/collectd-ceilometer-plugin/blob/master/doc/source/GSG.rst .. _grafana guide: https://wiki.opnfv.org/display/fastpath/Installing+and+configuring+InfluxDB+and+Grafana+to+display+metrics+with+collectd +.. _CVE-2017-7401: https://www.cvedetails.com/cve/CVE-2017-7401/ +.. _CVE-2016-6254: https://www.cvedetails.com/cve/CVE-2016-6254/ +.. _CVE-2010-4336: https://www.cvedetails.com/cve/CVE-2010-4336/ +.. _Exec plugin: https://collectd.org/wiki/index.php/Plugin:Exec
\ No newline at end of file |