Setting up RRDCached

• Github: Oetiker RRDCached
• RRDCached

This document will explain how to set up RRDCached for LibreNMS.

Since version 1.5, rrdtool / rrdcached now supports creating rrd files over rrdcached. If you have rrdcached 1.5.5 or above, you can also tune over rrdcached. To enable this set the following config:

lnms config:set rrdtool_version '1.5.5'

This setting has to be the exact version of rrdtool you are running.

NOTE: This feature requires your client version of rrdtool to be 1.5.5 or newer, in addition to your rrdcached version.

Distributed Poller Support Matrix

Shared FS: Is a shared filesystem required?

Features: Supported features in the version indicated.

G = Graphs.
C = Create RRD files.
U = Update RRD files.
T = Tune RRD files.

It is recommended that you monitor your LibreNMS server with LibreNMS so you can view the disk I/O usage delta.

Installation

Ubuntu and Debian are very similar, the main difference is the location of the PIDFILE.

rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

vi /etc/yum.repos.d/rpmforge.repo

yum update rrdtool

vi /etc/yum.repos.d/rpmforge.repo

# Settings for rrdcached
OPTIONS="-w 1800 -z 1800 -f 3600 -s librenms -U librenms -G librenms -B -R -j /var/tmp -l unix:/run/rrdcached.sock -t 4 -F -b /opt/librenms/rrd/"
RRDC_USER=librenms

mkdir /var/run/rrdcached
chown librenms:librenms /var/run/rrdcached/
chown librenms:librenms /var/rrdtool/
chown librenms:librenms /var/rrdtool/rrdcached/

chkconfig rrdcached on

service rrdcached start

Network RRDCached

For remote RRDCached server make sure you have network option -L in /var/default/rrdcached or rrdcached.unit

NETWORK_OPTIONS="-L"

LibreNMS config

Edit your LibreNMS config by running the following:

lnms config:set rrdcached "unix:/run/rrdcached.sock"

lnms config:set rrdcached "${IPADDRESS}:42217"

Verify

Check to see if the graphs are being drawn in LibreNMS. This might take a few minutes. After at least one poll cycle (5 mins), check the LibreNMS disk I/O performance delta. Disk I/O can be found under the menu Devices>All Devices>[localhost_hostname]>Health>Disk I/O.

Depending on many factors, you should see the Ops/sec drop by ~30-40%.

Verify SELINUX

If you are using SELinux, and you have issue you can verify the policy module is installed by running the following command:

semodule -l | grep rrdcached_librenms

Test Functionality: Ensure LibreNMS can successfully interact with RRDcached without SELinux denials. Check SELinux logs for any denials:

ausearch -m avc -ts recent

If there are no denials, the policy module has been successfully installed and Librenms can interact with RRDcached.

Securing RRCached

According to the man page, under "SECURITY CONSIDERATIONS", rrdcached has no authentication or security except for running under a unix socket. If you choose to use a network socket instead of a unix socket, you will need to secure your rrdcached installation. To do so you can proxy rrdcached using nginx to allow only specific IPs to connect.

Using the same setup above, using nginx version 1.9.0 or later, you can follow this setup to proxy the default rrdcached port to the local unix socket.

(You can use ./conf.d for your configuration as well)

mkdir /etc/nginx/streams-{available,enabled}

add the following to your nginx.conf file:

#/etc/nginx/nginx.conf
...u
stream {
    include /etc/nginx/streams-enabled/*;
}

Add this to /etc/nginx/streams-available/rrd

server {
    listen 42217;

    error_log  /var/log/nginx/rrd.stream.error.log;

    allow $LibreNMS_IP;
    deny all;

    proxy_pass unix:/run/rrdcached.sock;
}

Replace $LibreNMS_IP with the ip of the server that will be using rrdcached. You can specify more than one allow statement. This will bind nginx to TCP 42217 (the default rrdcached port), allow the specified IPs to connect, and deny all others.

next, we'll symlink the config to streams-enabled: ln -s /etc/nginx/streams-{available,enabled}/rrd

and reload nginx service nginx reload