Re: [Ganglia-developers] Thoughts on host spoofing

[Brad Nicholes]

>>> On 2/5/2009 at 11:36 PM, in message
, Spike Spiegel
 wrote:
> Hi,
> 
> thanks for the clarification,
> 
> On Thu, Feb 5, 2009 at 11:44 PM, Brad Nicholes  wrote:
> 
>> Anything else the spoofing module needs to do beyond this
>> it completely up to the module developer.  Any or all of what you
>> described below should just be module implementation details.
> 
> Ok, so given that's the way forward as far as coding something goes,
> how does upstream folks feel about a patch to all the C modules to use
> spoofing based on a config parameter? Because that's what I need in
> order to solve my PTR problems and I wouldn't want to have to redo all
> of them in python, but on the other side if a patch wouldn't be

The main problem with doing what you described above isn't with creating the 
spoofing metric definition.  That part would be easy.  The real problem is with 
gathering the metric data.  Gathering CPU utilization metrics from a local box, 
for example,  is completely different than gather the cpu_util from a remote 
box and even different than gathering it from a virtual machine.  That is the 
main reason why special spoofing modules are necessary rather than simply 
tweaking the modules that we have already.  

> accepted I might consider it. On a side note, has anybody done an
> estimation of the performance hit between a python and C module?
> 

I have done a little testing in this area.  Since gather metrics is on the 
order of seconds, speed performance between a C module and a python module 
isn't an issue.  Memory footprint is really the main difference between the 
two.  Obviously loading mod_python and running python modules is going to 
increase the memory footprint of gmond.  If I run gmond with just the C modules 
installed, the memory footprint of gmond is somewhere under 1 mb.  If I load 
mod_python and start to run some of the python metric modules, the memory 
footprint jumps between 1.5 and 3 mb.  Obviously the more metric modules you 
run, whether they are C or python, is going to increase the memory footprint 
also.

Brad


--
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
___
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

Re: [Ganglia-developers] Thoughts on host spoofing

[Brad Nicholes]

>>> On 2/5/2009 at 11:52 PM, in message , 
>>> Rick
Cobb  wrote:
> I'm finding this discussion a bit ironic; in my environment, we're strongly 
> considering pulling all of the naming out of gmond & gmetad, and only doing 
> the hostname lookups in the PHP front-end.  That way there's no need to deal 
> with DNS or host naming issues in most of the cluster(s) we monitor at all.  
> I suppose there's some risk in situations where the same virtual IP is bound 
> on many machines, but mcast_if should take care of that.   My thought is that 
> the fewer underlying services a monitoring system needs to work, the more 
> likely it is to work.
> 

This sounds like an interesting idea.  It would be very easy to set a 
configuration flag for gmond to just turn off all DNS look ups.  The lookups 
could then happen in either gmetad or the front end.

Brad


--
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
___
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

Re: [Ganglia-developers] Thoughts on host spoofing

[Spike Spiegel]

On Fri, Feb 6, 2009 at 2:52 PM, Rick Cobb  wrote:
> My thought
> is that the fewer underlying services a monitoring system needs to work, the
> more likely it is to work.

Absolutely, but dns itself is actually a good example of how
introducing a dependency was necessary to make "a service" usable. The
problem here is that if you don't have context most information are
meaningless or possibly misleading and an ip imho doesn't qualify as
context. When you do the lookup from the frontend the ip might have
moved and this is actually not so far off depending on your
infrastructure and the timeline you retain data for. Obviously if you
maintain these associations elsewhere you're good, but otherwise being
able to store "webXX" is pretty useful (and the reason I want more
control over it).

-- 
"Behind every great man there's a great backpack" - B.

--
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
___
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

Re: [Ganglia-developers] Thoughts on host spoofing

[Rick Cobb]

I'm finding this discussion a bit ironic; in my environment, we're strongly 
considering pulling all of the naming out of gmond & gmetad, and only doing the 
hostname lookups in the PHP front-end.  That way there's no need to deal with 
DNS or host naming issues in most of the cluster(s) we monitor at all.  I 
suppose there's some risk in situations where the same virtual IP is bound on 
many machines, but mcast_if should take care of that.   My thought is that the 
fewer underlying services a monitoring system needs to work, the more likely it 
is to work.

-- ReC


On 2/5/09 10:36 PM, "Spike Spiegel"  wrote:

Hi,

thanks for the clarification,

On Thu, Feb 5, 2009 at 11:44 PM, Brad Nicholes  wrote:

> Anything else the spoofing module needs to do beyond this
> it completely up to the module developer.  Any or all of what you
> described below should just be module implementation details.

Ok, so given that's the way forward as far as coding something goes,
how does upstream folks feel about a patch to all the C modules to use
spoofing based on a config parameter? Because that's what I need in
order to solve my PTR problems and I wouldn't want to have to redo all
of them in python, but on the other side if a patch wouldn't be
accepted I might consider it. On a side note, has anybody done an
estimation of the performance hit between a python and C module?

In practice I'm thinking of a new global parameter in gmond.conf
called "use_local_hostname = yes/no" which would then trigger a call
to gethostname() etc... and then add the SPOOF extra data. You could
also allow arbitrary strings but urm, might end up being too confusing
and I'm not sure I see the use of it.

--
"Behind every great man there's a great backpack" - B.

--
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
___
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

--
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com___
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

Re: [Ganglia-developers] Thoughts on host spoofing

[Spike Spiegel]

Hi,

thanks for the clarification,

On Thu, Feb 5, 2009 at 11:44 PM, Brad Nicholes  wrote:

> Anything else the spoofing module needs to do beyond this
> it completely up to the module developer.  Any or all of what you
> described below should just be module implementation details.

Ok, so given that's the way forward as far as coding something goes,
how does upstream folks feel about a patch to all the C modules to use
spoofing based on a config parameter? Because that's what I need in
order to solve my PTR problems and I wouldn't want to have to redo all
of them in python, but on the other side if a patch wouldn't be
accepted I might consider it. On a side note, has anybody done an
estimation of the performance hit between a python and C module?

In practice I'm thinking of a new global parameter in gmond.conf
called "use_local_hostname = yes/no" which would then trigger a call
to gethostname() etc... and then add the SPOOF extra data. You could
also allow arbitrary strings but urm, might end up being too confusing
and I'm not sure I see the use of it.

-- 
"Behind every great man there's a great backpack" - B.

--
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
___
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

Re: [Ganglia-developers] Thoughts on host spoofing

[Brad Nicholes]

A couple of clarifications.  

1). Spoofing is achieved by creating a spoofing module and having that module 
discover the hosts that should be spoofed, in any way the module wants.  The 
discovery could be done by querying the network for a specific type of device 
or appliance or by simply reading a .conf file that contains information about 
a spoofed host similar to what you suggested below.  Once the spoofing module 
knows who it is spoofing for, it creates metric definitions which associate the 
spoofed metric with the spoofed host.  An example of how this is done as a 
python module is in the spfexample.py module that is included in the python 
modules source code.  Basically the only requirement is that a metric 
definition be returned to gmond that includes all of the basic metric 
information along with the special tags SPOOF_HOST and SPOOF_NAME.  Anything 
else the spoofing module needs to do beyond this, it completely up to the 
module developer.  Any or all of what you described below should just be module 
implementation details.

2). In reality there is only one module interface that gmond understands and 
that is the C interface.  The python module interface is nothing more than 
implementing a C module (ie. mod_python.c) that is capable of acting as a proxy 
between the C interface and the python interface.  The bottom line is that 
gmond can be expanded to understand any language interface by simply 
implementing a C module that does the translation between the C interface and 
the  language interface.  In fact if the community believes that the 
current python module interface could be much more efficient or easier to use 
if it did , is simply a matter of implementing an alternative to the current 
mod_python.c that does  and loading the alternative module as well.  The 
whole idea is that the C module interface was introduced as a way to extend 
gmond.  What that extension is, is completely up to the imaginations of the 
Ganglia community.  And since the C module interface is really the only module 
interface that gmond knows about, anything that can be done with the python 
interface has to be done through the C interface meaning that the C interface 
has all of the same functionality and much more.  

Brad  

>>> On 2/4/2009 at 9:11 PM, in message
, Spike Spiegel
 wrote:
> Hi,
> 
> while looking at taking advantage of host spoofing a few things came
> up that I'd like to discuss. Assuming that host spoofing can be used
> for:
> 
> a) overriding host names because using PTRs can be a PITA depending on
> the infrastructure (for example if you have tun/ethX prefixes)
> b) streamlining appliances into ganglia
> 
> I see a problem of how to manage this "spoofed hosts collection" and
> would love to see some kind of standard emerging.
> /etc/ganglia/conf.d/spoofing.cfg could be added containing definitions
> like:
> 
> spoofed_host {
>hostname = spf1.example.org
>ip = 10.0.0.0
>metrics = disk_spoof, cpu_spoof
> }
> 
> At this point metrics should read that file and figure out if they
> should be doing any spoofing and if so for which hosts. Not sure about
> C, but with the current python setup each module should include some
> kind of lib to do that lookup, or maybe the approach should be changed
> entirely.
> 
> One problem I see is with a) is treating every host as a spoofed host,
> which might end up being confusing. Furthermore it's arguable that the
> concept of spoofing isn't itself misleading, take this example:
> - an host named myhost with a public and private interface
> - the public one resolves to task.domain.tld while the internal to
> int.task.domain.tld
> - monitoring traffic is kept on the internal network
> - as a result data is recorded and shows up as int.host.domain.tld
> 
> What I'm arguing here is that "int." could be considered spoofed since
> the one the user is going to be thinking of is "task" and not int.task
> or even that both are spoofed since the real host name is myhost. You
> could blame it on poor naming and DNS practices, but I believe there
> are legit examples where simply using the PTR to save data doesn't cut
> it or whose result can be confusing. Imho much better would be to
> allow the user to specify an arbitrary name, just use what hostname
> unix command returns, and/or fallback on PTR.
> 
> So I guess what I'm asking here is: should this be accomplished with
> host spoofing, maybe allowing a hostname = something in gmond.conf and
> hiding it from the user or do people feel that PTR is The Way and if
> you want otherwise you deal with it yourself using spoofing.cfg or
> something like that?
> 
> On a related note, initially I believed the spoofing functionality to
> be tied to the python modules, but then I noticed this in the STATUS
> file:
> 
>   * Allow both a C and python module to create a metric that will spoof a
> specific host.  This provides the same spoofing functionality as gmetric
> but through a metric module.  It

[Ganglia-developers] Thoughts on host spoofing

[Spike Spiegel]

Hi,

while looking at taking advantage of host spoofing a few things came
up that I'd like to discuss. Assuming that host spoofing can be used
for:

a) overriding host names because using PTRs can be a PITA depending on
the infrastructure (for example if you have tun/ethX prefixes)
b) streamlining appliances into ganglia

I see a problem of how to manage this "spoofed hosts collection" and
would love to see some kind of standard emerging.
/etc/ganglia/conf.d/spoofing.cfg could be added containing definitions
like:

spoofed_host {
   hostname = spf1.example.org
   ip = 10.0.0.0
   metrics = disk_spoof, cpu_spoof
}

At this point metrics should read that file and figure out if they
should be doing any spoofing and if so for which hosts. Not sure about
C, but with the current python setup each module should include some
kind of lib to do that lookup, or maybe the approach should be changed
entirely.

One problem I see is with a) is treating every host as a spoofed host,
which might end up being confusing. Furthermore it's arguable that the
concept of spoofing isn't itself misleading, take this example:
- an host named myhost with a public and private interface
- the public one resolves to task.domain.tld while the internal to
int.task.domain.tld
- monitoring traffic is kept on the internal network
- as a result data is recorded and shows up as int.host.domain.tld

What I'm arguing here is that "int." could be considered spoofed since
the one the user is going to be thinking of is "task" and not int.task
or even that both are spoofed since the real host name is myhost. You
could blame it on poor naming and DNS practices, but I believe there
are legit examples where simply using the PTR to save data doesn't cut
it or whose result can be confusing. Imho much better would be to
allow the user to specify an arbitrary name, just use what hostname
unix command returns, and/or fallback on PTR.

So I guess what I'm asking here is: should this be accomplished with
host spoofing, maybe allowing a hostname = something in gmond.conf and
hiding it from the user or do people feel that PTR is The Way and if
you want otherwise you deal with it yourself using spoofing.cfg or
something like that?

On a related note, initially I believed the spoofing functionality to
be tied to the python modules, but then I noticed this in the STATUS
file:

  * Allow both a C and python module to create a metric that will spoof a
specific host.  This provides the same spoofing functionality as gmetric
but through a metric module.  It is done by adding SPOOF_HOST and
SPOOF_NAME as extra metadata to the metric description

Based on that it should be possible to allow spoofing from the
standard C modules distributed with ganglia, correct? How would that
be done? I've looked at some of the existing metrics and noticed calls
to MMETRIC_ADD_METADATA, would that be it?

thanks

-- 
"Behind every great man there's a great backpack" - B.

--
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
___
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers