1

Ganglia architecture

Context: I am a student and I am trying to prepare a proof of concept for quick network-monitoring.

our imaginary context is that we have multiple clusters which are on different subnets. I have read numerous documentations regarding ganglia and what I really want to find out is during node polling, assuming that gmetad is on a different subnet as the node as well, is there any security measure that is utilised to protect sending the XML data over TCP.

laycat
  • 5,381
  • 7
  • 31
  • 46

1 Answers1

1

It's not entirely clear whether you mean to ask about TCP or UDP transport here, but I assume TCP since that's how gmetad-gmetad and gmetad-gmond communication is done.

The only security measures are the trusted_hosts configuration attribute for gmetad and the access control lists that can be specified for gmond's tcp_accept_channel configuration.

You could perhaps consider a secure tunneled route between the hosts if you're looking to avoid eavesdropping?

mmajis
  • 545
  • 4
  • 10
  • yes you are right, I am concerned about the TCP transport. I recognise that information is transferred via XML. what kind of security do the trusted_hosts and access control lists provide? secured tunnel is a good way however I am interested if ganglia provides any encryption by default. in a scenario that it doesn't, I am interested to write a plug-in module for ganglia users to encrypt the XML when transferring over TCP. – laycat Feb 04 '13 at 01:31
  • 1
    @laycat I don't think there's any encryption option provided by Ganglia. You could try the [mailing lists](http://ganglia.info/?page_id=68) for more info. Also it seems gzip support for XML has recently been added (see [this commit](https://github.com/ganglia/monitor-core/commit/23b6f573aa01ebdca2b167cafc7e685cd4d5ca28)). Looks like those are the files you'd need to touch as well. Doesn't look like there's a pluggable interface at that point in the code though. – mmajis Feb 04 '13 at 05:35