I have the following setup: LibreNMS server with an IPSEC tunnel to a Raspberry Pi on a remote location. I can ping the Pi from the server, so connectivity is all good. I can also SSH to the Pi through the tunnel.
I need to let the remote Pi gather SNMP data from some particular devices in that remote LAN, and have my central LibreNMS server get this data from the RPi. So the RPi is a kind of SNMP relay, gathering data from the devices in the LAN en gets polled by the LibreNMS server.
How do I get this working? Any input is very welcome!
Thanks for your reply, your suggestion led me to some documents and I am now checking the pages for horizontal scaling.
However, I am not getting a clear picture of the whole thing and I am not sure what to exactly run on the Pi. I have now a Pi running a lightweight Raspbian distribution with Strongswan (for the tunnel) and some default stuff like snmpd. So I can monitor the Pi itself. But that was obviously not the main goal.
Can you please point me in a direction what to install/setup on the Pi, and how that relates to the poller_group on the LibreNMS server?
What I am up to, is to create central server with some Pi’s which we can throw on any remote location, let the Pi setup the tunnel to our main network, and add the Pi to LibreNMS. The Pi should gather data from the hosts in the LAN it is in, and I want this data to show up in the LibreNMS server.
It is in a testing and (hopefully soon) a proof of concept phase so I can play around with it, kill it, etc.
From memory of this, rrd on arm isn’t compatible with the x86 version so this might not work. I don’t recall if using rrdcached avoids this issue or not.
So your PI basically ends up running all the ‘poller.php’ processes for a given set of devices.
The overhead of setting up and maintaining this on a bunch of remote PI’s might be a bit excessive (ie how are you going to handle lifecycle … like updating versions of LibreNMS etc … rolling out new nodes, retiring nodes etc)
Is there some reason you would not just do some dynamic routing over the IPSEC tunnel to the remote network(s) you want to monitor?
If the ‘work’ is done on the PI the amount of work (ie number of devices you monitor per remote site) will be limited by the capacity of the PI … so that may (or may not) be a problem for you
Thanks for all the input! I think you have a good point here, maintaining those pi’s will be a hassle for sure. I thnk routing a unique submet to those remote pi’s and do there static nat to the end devices will be much more convenient. I can poll the devices on the static subnet and connect from the pi ro the devices with dynamic overload nat on the ethernet interface.
This way a pi is just a Nat box with a tunnel, keeping the applications on the pi very simple.
The manual translation table will need some work but I’ll figure that out.