IBM Performance Management

Configuring the Linux KVM agent

The Monitoring Agent for Linux KVM supports connection to both the Enterprise Linux based KVM hypervisor and Red Hat Enterprise Virtualization Manager (RHEVM) environments. You can use the same configuration script to configure instances for these environments.

Before you begin

Before you run the configuration script, you must complete one of the following procedures:

For the RHEVM configuration, complete the following steps:
1. Download the security certificate by browsing to the following location:
```
https://RHEVM-HOST:RHEVM-PORT/ca.crt
```
  where RHEVM-HOST is the name of the host and RHEVM-PORT is the name of the port that you use in your RHEVM environment.
  Note: The url contains the host and port from the RHEV-M environment.
2. Import the certificate file to generate a local keystore by using the following keytool command: keytool -import -alias ALIAS -file CERTIFICATE_FILE -keystore KEYSTORE_FILE
  Note: The keytool utility is available with Java™ Runtime Environment (JRE).
3. In the agent configuration steps, specify the path for this KEYSTORE_FILE for the KEYSTORE_PATH parameter and include the file name in the path.
4. Create a user account with read-only access to the REST API of the Red Hat Enterprise Virtualization Manager (RHEV-M) to collect information about clusters, hosts, and virtual machines that RHEV-M manages. If there is no user domain, such as an LDAP or an Active Directory, configured, then use the default "admin" user and "internal" domain in the configuration steps to connect to RHEVM, or complete the following steps:
  1. Open the Red Hat Enterprise Virtualization Manager Web Administration portal.
  2. Click Configure.
  3. In the Configuration window, select Roles.
    1. To create a role, click New.
    2. In the New Role window, add the name of the role and select Admin as the account type. Then, in the Check boxes to Allow Action pane, leave the check boxes clear. Click OK.
  4. In the Configuration window, select System Permission.
    1. To grant a user permission, click Add.
    2. In the Add System Permission to User window, select the user to whom you want to grant the permission.
    3. From the Assign role to user list, select the role that you created in step 4 (c) and click OK.
For the Linux based KVM hypervisor configuration, complete the following steps:
1. For the Linux based KVM Hypervisor, the Linux KVM agent collects metrics by connecting remotely to each hypervisor by using libvirt that manages your QEMU-KVM virtual machines. The libvirt client on the agent environment uses several different remote transport protocols, as shown on this Remote support page. Choose one of the following protocols for monitoring purposes:
  - SSH protocol
  - For the SSH agent, assume that you install the Linux KVM agent on Host A and you want to monitor the hypervisor on Host B remotely. First, you must configure the SSH agent so that the SSH agent makes a connection from Host A to Host B without requesting a password.
    1. Log on to Host A with the same ID that runs the Linux KVM agent process, for example, the root user ID.
      Tip: Ensure that you know the ID on Host B that accepts the SSH connection, and the root user ID on Host A.
    2. Generate the id_rsa and id_rsa.pub keys on Host A by using the ssh-keygen utility in Linux to generate the keys.
      Note: The keys are saved in~/.ssh: $ ssh-keygen -t rsa.
    3. Copy the authorized keys from Host B so that you can add the public key for Host A to it: $ scp Id on Host B@name or IP address of Host B:~/.ssh/authorized_keys ~/.ssh/authorized_keys_from_B.
    4. Append the public key for Host A to the end of the authorized keys for Host B: cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys_from_B.
    5. Copy the authorized keys back to Host B: $ scp ~/.ssh/authorized_keys_from_B Id on Host B@name or IP address of Host B:~/.ssh/authorizede_keys
      Note:
      If you are monitoring multiple hosts, repeat steps c, d, and e for each host.
    6. Now, you can remove ~/.ssh/authorized_keys_from_B.
    7. Add the following command to the ~/.bash_ profile of the current ID on Host A: $ eval `ssh-agent`.
      Note: Ensure you use the single back quotation mark (`), located under the tilde (~) on US keyboards, rather than the single quotation mark (').
    8. Add the identity to Host A by using the $ ssh-add ~/.ssh/id_rsa command and enter the password that you used when you created the ID.
      If you receive the following message: Could not open a connection to your authentication agent you must run the exec ssh-agent bash command.
      Note: You can replace the bash with the shell that you are using and then run the following ssh-add command again: $ ssh-add ~/.ssh/id_rsa.
    9. Test the SSH agent to ensure that it connects from Host A to Host B without having to enter the SSH password.
      If you are monitoring multiple hosts, use the following command to test the connection for each host: $ ssh Id on Host B@name or IP address of Host B
  - Post-configuration verification
    1. Use the following virsh command to check your work: virsh -c qemu+ssh://Id on Host B@name or IP address of Host B:port/system.
    2. If you have not changed the default SSH port, omit the :port section of the command.
      Note: If the virsh command succeeds, the Linux KVM agent connects.
    3. You must restart Host A before you restart the Linux KVM agent on Host A. To restart, you must rerun the ssh-add command and supply the password each time.
      Note: You can use SSH keychains to avoid reentering the password.
  - TLS protocol
    1. Log in to Host B and confirm that you installed the gnutls and gnutls-utils packages.
    2. Edit /etc/libvirt/libvirtd.conf to ensure that listen_tls is enabled and that the tls_port is specified with the default 16514 port number.
    3. Open Remote support and follow the instructions to set up a certificate authority between Host A and Host B.
      Note: See the sections to Set up a certificate authority (CA), Issue server certificates, and Issue client certificates.
    4. To restart the libvirt daemon on Host B in listening mode, you either run it with the --listen flag or edit /etc/sysconfig/libvirtd and uncomment LIBVIRTD_ARGS="--listen".
    Post-configuration verification
    
    To check your configuration, use the virsh command and enter virsh -c qemu+tls://name or the IP address of the Host B:port/system. If you did not change the default TLS port, you can omit the :port section of the command. If the virsh command succeeds, the Linux KVM agent connects.

About this task

The Linux KVM agent is a multiple instance and multi-connection agent. Multi-instance means that you can create multiple instances and each instance can make multiple connections to one or more RHEV-M or KVM hypervisor environments. It is recommended to have separate instances for the KVM hypervisor and the RHEV-M environments. After you install the agent either on a physical host or VM, you must create the first instance and start the agent manually. Configure the agent instance by using the configuration steps.

RHEV-H is the hypervisor from Red Hat that enables virtualization management, and it is not related to the agent directly. You can use the RHEV-H hypervisor to configure hypervisor hosts from the RHEV-M management console, for example, KVM hypervisors from Red Hat or SUSE.

Important: The RHEVM ID or the HYPERVISOR_ID is the unique ID that distinguishes connection A from connection B. These IDs are supplied during configuration.

Procedure

You can use one of the following types of configuration procedure to configure the agent:
- RHEVM: Running the script by responding to prompts
  1. On the command line, change the path to the install_dir/bin directory.
  2. Enter the ./linux_kvm-agent.sh config RHEVM_INSTANCE_NAME command
    where:
    RHEVM_INSTANCE_NAME
    
    The name that you want to give to the instance.
  3. When prompted to Edit Monitoring Agent for Linux_KVM settings, enter 1 (Yes) to continue.
  4. When prompted for Maximum Number Of Data Provider Log Files, press Enter to accept the default value (10) or to specify a numeric value.
  5. When prompted for Maximum Size in KB of Each Data Provider Log, press Enter to accept the default value (5190) or to specify a numeric value.
  6. When prompted for Level of Detail in Data Provider Log, press Enter to accept the default value (4) or to specify one of the following numeric options: [ 1=Off, 2=Severe, 3=Warning, 4=Info, 5=Fine, 6=Finer, 7=Finest, 8=All ].
  7. When prompted to Edit Hypervisor settings, enter 5 (Next) to continue, as you are not configuring a hypervisor connection.
  8. When prompted to Edit RHEVM Connection Details settings, enter 1 (Add) to continue.
  9. When prompted for RHEVM ID, enter the ID value.
  10. When prompted for Host, specify the host name of the RHEVM server.
  11. When prompted for User, specify the user name to connect to the RHEVM server.
  12. When prompted for Password, enter the password for the user.
  13. When prompted for re-typing password, enter the password value again.
  14. When prompted for Port, specify the port number.
  15. When prompted for Domain, enter the user domain name.
  16. When prompted for KeyStorePath, specify the path of the local keystore file that has the RHEVM server security certificate that is imported already.
  17. When prompted to Edit RHEVM Connection Details settings, enter 5 (Exit) to continue.
  18. To start the agent, enter
    ./linux_kvm-agent.sh start RHEVM_INSTANCE_NAME.
- Hypervisor: Running the script by responding to prompts
  1. On the command line, change the path to the install_dir/bin directory.
  2. Enter ./linux_kvm-agent.sh config HYPERVISOR_INSTANCE_NAME command
    where:
    HYPERVISOR_INSTANCE_NAME
    
    The name that you want to give to the instance.
  3. When prompted to Edit Monitoring Agent for Linux_KVM settings, enter 1 (Yes) to continue.
  4. When prompted for Maximum Number Of Data Provider Log Files, press Enter to accept the default value (10) or to specify a numeric value.
  5. When prompted for Maximum Size in KB of Each Data Provider Log, press Enter to accept the default value (5190) or to specify a numeric value.
  6. When prompted for Level of Detail in Data Provider Log, press Enter to accept the default value (4) or to specify one of the following numeric options: [ 1=Off, 2=Severe, 3=Warning, 4=Info, 5=Fine, 6=Finer, 7=Finest, 8=All ].
  7. When prompted to Edit Hypervisor settings, enter 1 (Add) to continue.
  8. When prompted for Hypervisor ID, enter the ID value.
  9. When prompted for Host, specify the host name of the KVM host.
  10. When prompted for User, specify the user name.
  11. When prompted for Remote Transport, enter 1 for default value (SSH), or select one of the following values: 2=TLS, 3-TCP (Unencrypted-- not recommended for production use).
  12. When prompted for Port, specify the port number for the SSH and TLS ports for the transport protocol.
  13. When prompted for Connection Instance Type, enter one of the following values: 1 (System) which is the default value, or 2 for session.
    Note: After you configure the hypervisor connection, you have the option to add, edit, delete connections or to exit completely.
  14. When prompted for Edit Hypervisor settings, enter 5 (Exit) to select the default option to exit, or enter one of the following values: 1=Add, 2=Edit, 3=Del, or 4=Next.
  15. When prompted to Edit RHEVM Connection Details settings, enter 5 (Exit) to continue, or enter one of the following values: 1=Add, 2=Edit, 3=Del, or 4=Next.
  16. To start the agent, enter
    ./linux_kvm-agent.sh start HYPERVISOR_INSTANCE_NAME
Start the agent.

What to do next

Log in to the Performance Management console to view the data that is collected by the agent in the dashboards. For information about using the Performance Management console, see Starting the Performance Management console.