Multicast packets are udp, and gmond sends them by default to a multicast udp address on the 239.2.11.x network with destination port 8649 so that all the gmonds are kept up to date. You can't forward these udp packets with ssh. But some of your gmonds will receive tcp connections on port 8649, so that they can spit out xml summaries, and this is the port that you want to couple with ssh and make available to your gmetad service running on your web machine.
Lets say you have 10 machines running gmond, and they are all on the same network and plugged into the same switch. You can set most of these with ``deaf on'' in the /etc/gmond.conf file, and so for example 8 of them will just send udp packets out on the network all day long. The two remaining gmonds will have all the defaults in the gmond.conf, so they will be listening to all this multicast traffic. You'll be able to make a tcp connection to port 8649 of these remaining two gmonds to get xml summary data. The gmetad web server needs to be able to reach tcp port 8649 of those two gmonds. So /etc/gmetad.conf on that machine has a line that is configured to reach those two machines. It sounds like you'll need to get through an ssh tunnel to get there. Is there an ssh daemon listening on the web server, and can each of those two gmond machines I described reach it? On each gmond machine you would have to leave this running: ssh -vgNp 22 -R "18649:localhost:8649" [EMAIL PROTECTED] The other gmond machine would use: ssh -vgNp 22 -R "28649:localhost:8649" [EMAIL PROTECTED] And finally, the gmetad.conf on the webserver would have a line like this: data_source "cluster_name" 127.0.0.1:18649 127.0.0.1:28649 You would then have good reliability of reaching the cluster, since only one of those two gmond machines has to be up to get data for all 10 machines in the cluster. A good way to leave the ssh commands running is to use the daemontools package, described at http://cr.yp.to/daemontools.html Lester -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Somerville, Michael S Sent: Friday, March 12, 2004 11:05 AM To: [email protected] Subject: [Ganglia-general] SSH port forwarding of Ganglia gmond multicast traffic allowed? Hey -- newbie question here! Do Ganglia gmond daemons simply broadcast TCP traffic across the designated multicast port? If so, in a federated system is it possible to set up an SSH tunnel through a firewall and direct the multicast traffic across the tunnel? Example: If broadcast traffic is going across port 8649 (default): ssh -n gmetadmachine -L 8649:localhost:22 - where gmetadmachine is the central machine DNS name - where 8649 is the port SSH listens to - where localhost is the node running gmond - where 22 is the port for the SSH tunnel that gmetadmachine listens to Has anyone tried this sort of thing? It seems like it might be a pretty standard configuration and a "no-brainer". Thanks! -mike. Michael S. Somerville LOCKHEED MARTIN IEC Software Architecture Integrated Systems & Solutions email: [EMAIL PROTECTED] phone: 301-240-4718 address: 700 N. Frederick Ave., Gaithersburg, MD 20879 "If you can't beat your computer at chess, try kickboxing." "Try not to become a man of success... ... but rather try to become a man of value." -Albert Einstein "Above all, if what you've done is stupid, but it works, then it isn't stupid." ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Ganglia-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ganglia-general
