Hello,
I’m new to setting up Libre, and was looking for some input on if it will do what we are hoping it will. I work for an MSP, so we have a lot of remote clients in a lot of different networks all behind firewalls. What we are hoping to accomplish is having a master poller hosted on a Digital Ocean VM as our main hub for everything, and then put a distributed poller at each of our sites to push their clients to our DOVM so we have access to it from where ever we are.
I currently have a test server built on the client side, as well as the DOVM, both have no errors when running validate.php. The problem is I can’t seem to get them to talk.
I’ve tried altering the config in about every way I can think of, following the distributed poller guide, rrdcahced guide, and the memcached guide, as well as looking at some other examples I’ve found in the forum, to try to get them to sync up, but I have no luck, so I’m starting to question if this isn’t how Libre was intended to be used, or if I’m just missing something simple.
I’ve thought maybe I need to have VPN’s spun up between the site and the dovm, but I’m not really liking the idea of having to have a constant VPN connected to every single one of our servers 24/7.
Any thoughts or idea or feedback would be awesome. I can provide config files if needed as well.
Thanks in advanced for any input,
Jason
you probably going to need VPN setup for those sites with the servers. Never seen it work without it.
I was able to get this going actually, I had to reconfigure my mysql to point at the cloud servers database by changing the bind-address in /etc/mysql/mariadb.conf.d/50-server.cnf to my server’s IP rather than the loopback address.
I then had to configure my poller instance to connect to the remote database rather than its own.
1 Like
Keep in mind that all of the data, the SQL calls and RRD files, are sent over clear text. This may be a concern for your customers.
Here’s another solution that may work: https://blog.librenms.org/2016/12/10/remote-monitoring-using-tinc-vpn/
If you’ve got the possibility to drop some kind of device in the remote network, you can set up tinc to automatically establish a VPN back to your monitoring server. I use this to monitor remote WiFi deployments and still have the ability to add them to my LibreNMS server, which has a public IP adress.
It doesn’t even need to be the routing device. At a recent installation, they have their own router and I just dropped one of my EdgeRouter Lite as a DHCP client into their network. Its sole purpose is to connect to my monitoring server and tell it which local subnets are available over the VPN connection. After adding the correct routes, I can access all devices on the remote site via their local IP addresses.
The one caveat though is, that you’d need different subnets on all remote sites. I guess there could be a way to work around that by NATing connections via one address, but that might get very frustrating with port forwardings etc.