MTA — Modernize Traditional Apps with @Docker #swarm, case study 3 @pandorafms #monitoring cluster
Pandora FMS Community version can be compared with other free tools like Nagios, Zabbix or OpenNMS, although Pandora FMS Community edition is more flexible than their competitors.
After this brief introduction let see the stack for running Pandora on Docker Swarm and lets discuss later changes and decisions made over the application deployment, here docker-compose.yml file:
first file is Docker Swarm stack definition and second file is a config file propagated to above deployment using Docker config functionality either by command line or by using Portainer configs section. Deep dive into docker-compose.yml:
- There three separate services MySQL (mysql), Monitoring Server (server) and Console Server (web), except for MySQL the other two can be scale up to get more throughput, here a big picture of Pandora architecture
- Volumes where not included into stack definition above due are mapped to our NAS NFS exported directories, must be defined in productions system using NFS or Docker optimized storage such as Storidge CIO
- slab/pandorafms-mysql:v7.0NG.722.7677, slab/pandorafms-server:v7.0NG.722.7677 and slab/pandorafms-console:v7.0NG.722.7677 are Docker images build using my forked GitHub repo from the community edition basically to get separate deployments on Swarm, to build above images do:
$ git clone https://github.com/marcelo-ochoa/pandorafms.git
$ cd pandorafms
$ cd pandora_console
$ docker build -t slab/pandorafms-mysql:v7.0NG.722.7677 -f DB_Dockerfile
$ docker build -t slab/pandorafms-console:v7.0NG.722.7677 .
$ cd ../pandora_server/
$ docker build -t slab/pandorafms-server:v7.0NG.722.7677 .
- MYSQL_ROOT_PWD and MYSQL_DATABASE_PASSWORD are externally defined to not store sensitive information into stack files, MYSQL_ROOT_HOST is defined as % to prevent deny access from console or server instances when they are relocated into another private network
- db_data is a volume where MySQL store persistent data
- net is a private network used to connect only Pandora console, web and cron instances, MySQL will be not reachable from outside the stack and consequently strong secured
- web_plugin volume is persistent storage used by Pandora web console and server when upload custom plugins or actions such as Swarm monitoring agent and Slack notification script
- 41121 port is exposed using Docker service mesh, this port is used by Pandora external agents for sending monitoring information to the monitoring servers using Tentacle protocol, by exposing this port using Docker service mesh if you are running multiples replicas of Pandora server service Docker will route in a round robin way each connection from external agents to any monitoring server replica, this provides a fault tolerant deployment for the most CPU time consuming process
- cron service deployed using replicas 0 is called from outside by swarm-scheduler service, this decision is to align to Docker best practices of separate responsibility in services and do not run background process in containers, crontab configuration file look like:
# every hour, assuming that Pandora was deployed with stack name mon
0 * * * * root run-task mon_cron
- web service share web_plugin volume with Pandora server container and web_certs volume with an external stack responsibly for registering and renewing LetsEntrypt SSL certs.
- Pandora web console service is exposed outside Swarm cluster using a HAProxy Load Balancer, VIRTUAL_HOST defines that this service is reached only using SSL, SERVICE_PORTS defines that Pandora Web console is listening using SSL on port 443, HEALTH_CHECK trick tells HAProxy that the connection between Apache and the Load Balancer is made using TLS, EXTRA_SETTINGS defines some values to prevent DDOS attack to this service, Pandora web console and HAProxy are interconnected by reverse_proxy external overlay network
after first startup you will get Pandora FMS up and running as is shown in these screen shots:
finally some related stacks which interacts with Pandora FMS stack