Skip to main content

Documentation Portal

Post-Installation Configuration

Opening Additional Firewall Ports

TrendMiner controls the packet filtering rules of the Linux kernel using iptables. By default, only icmp, ssh (tcp/22) and http(s) (tcp/80, tcp/443) are allowed.

Additional ports can be opened by creating a configuration file, owned by root: /etc/ansible/facts.d/iptables.fact

This file contains JSON in the following format:

{ 
    "allow_icmp": true,
    "open_tcp": [
         5666,                    
         10050 
    ] 
} 

In this example, ports 5666 and 10050 are opened on the TrendMiner instance to allow respectively NRPE and Zabbix connectivity on the system.

Validate the JSON syntax by running:

# python -m json.tool < /etc/ansible/facts.d/iptables.fact 

This will echo the configuration on success. In case of errors, it will print the location:

Expecting , delimiter: line 5 column 9 (char 65) 

To apply the new firewall configuration without downtime, execute:

# cd /mnt/data/ansible-playbooks 
# ansible-playbook agent/configure-tm-agent.yml \     
    -i /var/www/dsquare-appliance/hosts 

The updated configuration will be applied on subsequent reboots and preserved across future TrendMiner updates.

Monitor TrendMiner

TrendMiner collects metrics into a Prometheus instance that is running on every TrendMiner system. Prometheus metrics exporters included in TrendMiner include:

  • Node Exporter exports OS level metrics

  • Postgres Exporter exports database metrics

  • Each TrendMiner service exports JVM metrics

  • Several TrendMiner services export application specific metrics

All metrics are available for external systems through Prometheus federation. Alerts based on these metrics can then be created in an external monitoring stack.

By default the metrics are not exposed. To access them, first allow port 9100 as described in the ‘Opening Additional Firewall Ports’ section. Then scrape the /federate endpoint of the Prometheus instance.

When using a monitoring stack based on Prometheus and AlertManager, Prometheus could be configured as:

scrape_configs:   
  - job_name: federated-trendminer
     honor_labels: true 
     honor_timestamps: true 
     scrape_interval: 15s
     scrape_timeout: 10s
     metrics_path: /federate
     static_configs:
       - targets:              
           - <my-trendminer>:9100 

AlertManager can then handle alerts:

groups:
  - name: TrendMiner rules 
    rules: 
     - alert: instance_down_2m
       expr: up{job="federated-trendminer"} == 0 
       for: 2m
       labels:          
         severity: Critical
       annotations:          
         description: TrendMiner DOWN for 2 minutes          
         summary: TrendMiner DOWN 
In this section: