Zabbix Psudo HA Proposal - requesting feedback
Request for feedback:
I know HA has been discussed in may threads But I found that many of the discussions were dated back to 2.x versions of Zabbix. None of the threads address all my questions using a single version of the software. Much has changed. So....
I have inherited the responsibility for the care and feeding of my company's Zabbix infrastructure/application. And as such I have been given some latitude in implanting a new more resilient and efficient architecture in our upgrade from Zabbix 1.8.3 to 3.4 (maybe 4.0 depending on when it comes out).
Simplified High level view of the network(s):
We have a few dozen sites across the country with various types of hosts/devices. Not all are monitored by Zabbix but almost all sites have at least a couple of hosts we currently monitor. My hope is to, in the near future replace some of the other monitoring tools we use with Zabbix. But that is a conversation for a different day.
We have 2 NOC sites, a Primary (PNOC) and a backup(BNOC). The backup site, for all intents, is a duplicate of the primary sites; Servers and databases infrastructure is mirrored. The BNOC is located in a different city and is activated proactively in, for instance, the preparation for a Hurricane at the primary site. Otherwise the backup site is basically idle. Except for perhaps a fire or tornado disaster, switching operation stites is very controlled and planned.
The goal is to provide a stable/resilient Zabbix environment that facilitates meeting the SLA with our customer. That means continuous monitoring and reasonably uninterrupted collection of states and performance data from the various hosts/devices across the networks. Secondarily the goal is to minimize the administrative effort to maintain such an environment, and finally to minimize the effort and complexity for an admin to move the Zabbix applications from site to site.
Our operational procedures require that the service NOT be autonomous. Any switch in location must be instigated by a human. That said, a full HA/auto failover is not required. Besides, the NOC sites are geographically separated. A full inter-site clustered HA solution would be prohibitively complicated and expensive.
After reading through the documents and thread after thread here and on other forums, I have the following draft / skeleton proposal on which I would like community feedback.
--------------------------
I would implement:
> MySQL database configured in Master/Slave using GTID row replication.
Implement partitioning for History/trend tables. Master node at PNOC and Slave node at BNOC.
> Zabbix 3.4 server/front end installed at each site. Each instance would access the local DB instance. BNOC Zabbix server would be off line until a switch-over.
> All hosts will be monitored via Proxy and will be configured with Server/ActiveServer items referencing proxies at both NOC sites.
> Initially all proxies will be located in the NOC data centers. And will be deployed in pairs, one at each site. (ideally they would move out to the regional hubs or Pops but for now they must be at NOC.)
> Proxies will be configured to use DNS to reference the active Zabbix server, a poor mans VIP. That FQDN will be provisioned in the Proxies' host files and reference the active Zabbix server's IP.
> All agent monitored items that reasonable can be will be made Active items for performance and resiliency purposes.
> All agents and proxies will use certificates for encryption/authentication.
In the event we need to move operations to BNOC I would follow this procedure:
1. Stop PNOC Zabbix Server (PServer) processes
2. Wait for the DB replication to catch up.
3. Swap DB Master to BNOC
4. Point all proxies to BServer via host file update. (No proxy restart required) This would be done using a script or puppet or maybe even Zabbix initiated script. TBD
5. Start Zabbix BServer processes.
6. Once everything is stabilized and the backlog of buffered items is processed, configure/move all hosts from PProxies to BProxies. This would be done manually or using a script/API.
Questions/Concerns
> I am not a DBA. And know very little about the implication of replication methods. Is Row the correct replication method (vs transaction) for the Zabbix application?
> I am assuming that when the agent references 2 proxies for ActiveServer, it will continue to query both proxies for active check config. The proxy that is NOT configured to monitor the hosts will log complaints that it knows nothing about that host. If that is the worst of the impact of this config, I can live with that. Are there any other concerns/impacts of multiple configured active servers?
> When the proxies connects to the BServer after switchover, will the proxies and subtending hosts see this connection as the same 'source/path' as PServer. And as such will the cached config and all host/items data it has buffered still be valid and the data reported to the server after the connection is established just as if it were talking to PServer again.
> There should be very little 'data loss' after the transition. With the understanding that Passive agent, ODBC, snmp items etc. will all have a gap in data during the front end down time. Holes in this?
> When the hosts are reconfigured (via front end) to report to the secondary proxy, will the current path / set of active items the agent knows about be cleared before the second path/items are provisioned and take affect. I understand There may be a short period of 'data loss' during this transition. But I want to avoid the same data being sent to 2 proxies and generating errors or buffered data on the inactive proxy.
> Will history and trend data associated with any given host before and after a swap from one proxy to another be maintained.
> Does implementing DB Partitioning impact the upgradability of either Zabbix or MYSQL in the future.
> Could I maintain both front ends as active as long as I point them to the active DB server instance?
>I could achieve the proxy's connection swap to the new site using Site DNS BUT my understanding is that the proxy would have to perform a DNS query each time the it needed to send data to the server. Is this correct? Putting a DNS cache on each proxy could mitigate this but would then delay the proxy seeing the new server address.
Anything major I am missing here?
This is my first post so please forgive me for any forum faux pas.
Thanks in advance....
I know HA has been discussed in may threads But I found that many of the discussions were dated back to 2.x versions of Zabbix. None of the threads address all my questions using a single version of the software. Much has changed. So....
I have inherited the responsibility for the care and feeding of my company's Zabbix infrastructure/application. And as such I have been given some latitude in implanting a new more resilient and efficient architecture in our upgrade from Zabbix 1.8.3 to 3.4 (maybe 4.0 depending on when it comes out).
Simplified High level view of the network(s):
We have a few dozen sites across the country with various types of hosts/devices. Not all are monitored by Zabbix but almost all sites have at least a couple of hosts we currently monitor. My hope is to, in the near future replace some of the other monitoring tools we use with Zabbix. But that is a conversation for a different day.
We have 2 NOC sites, a Primary (PNOC) and a backup(BNOC). The backup site, for all intents, is a duplicate of the primary sites; Servers and databases infrastructure is mirrored. The BNOC is located in a different city and is activated proactively in, for instance, the preparation for a Hurricane at the primary site. Otherwise the backup site is basically idle. Except for perhaps a fire or tornado disaster, switching operation stites is very controlled and planned.
The goal is to provide a stable/resilient Zabbix environment that facilitates meeting the SLA with our customer. That means continuous monitoring and reasonably uninterrupted collection of states and performance data from the various hosts/devices across the networks. Secondarily the goal is to minimize the administrative effort to maintain such an environment, and finally to minimize the effort and complexity for an admin to move the Zabbix applications from site to site.
Our operational procedures require that the service NOT be autonomous. Any switch in location must be instigated by a human. That said, a full HA/auto failover is not required. Besides, the NOC sites are geographically separated. A full inter-site clustered HA solution would be prohibitively complicated and expensive.
After reading through the documents and thread after thread here and on other forums, I have the following draft / skeleton proposal on which I would like community feedback.
--------------------------
I would implement:
> MySQL database configured in Master/Slave using GTID row replication.
Implement partitioning for History/trend tables. Master node at PNOC and Slave node at BNOC.
> Zabbix 3.4 server/front end installed at each site. Each instance would access the local DB instance. BNOC Zabbix server would be off line until a switch-over.
> All hosts will be monitored via Proxy and will be configured with Server/ActiveServer items referencing proxies at both NOC sites.
> Initially all proxies will be located in the NOC data centers. And will be deployed in pairs, one at each site. (ideally they would move out to the regional hubs or Pops but for now they must be at NOC.)
> Proxies will be configured to use DNS to reference the active Zabbix server, a poor mans VIP. That FQDN will be provisioned in the Proxies' host files and reference the active Zabbix server's IP.
> All agent monitored items that reasonable can be will be made Active items for performance and resiliency purposes.
> All agents and proxies will use certificates for encryption/authentication.
In the event we need to move operations to BNOC I would follow this procedure:
1. Stop PNOC Zabbix Server (PServer) processes
2. Wait for the DB replication to catch up.
3. Swap DB Master to BNOC
4. Point all proxies to BServer via host file update. (No proxy restart required) This would be done using a script or puppet or maybe even Zabbix initiated script. TBD
5. Start Zabbix BServer processes.
6. Once everything is stabilized and the backlog of buffered items is processed, configure/move all hosts from PProxies to BProxies. This would be done manually or using a script/API.
Questions/Concerns
> I am not a DBA. And know very little about the implication of replication methods. Is Row the correct replication method (vs transaction) for the Zabbix application?
> I am assuming that when the agent references 2 proxies for ActiveServer, it will continue to query both proxies for active check config. The proxy that is NOT configured to monitor the hosts will log complaints that it knows nothing about that host. If that is the worst of the impact of this config, I can live with that. Are there any other concerns/impacts of multiple configured active servers?
> When the proxies connects to the BServer after switchover, will the proxies and subtending hosts see this connection as the same 'source/path' as PServer. And as such will the cached config and all host/items data it has buffered still be valid and the data reported to the server after the connection is established just as if it were talking to PServer again.
> There should be very little 'data loss' after the transition. With the understanding that Passive agent, ODBC, snmp items etc. will all have a gap in data during the front end down time. Holes in this?
> When the hosts are reconfigured (via front end) to report to the secondary proxy, will the current path / set of active items the agent knows about be cleared before the second path/items are provisioned and take affect. I understand There may be a short period of 'data loss' during this transition. But I want to avoid the same data being sent to 2 proxies and generating errors or buffered data on the inactive proxy.
> Will history and trend data associated with any given host before and after a swap from one proxy to another be maintained.
> Does implementing DB Partitioning impact the upgradability of either Zabbix or MYSQL in the future.
> Could I maintain both front ends as active as long as I point them to the active DB server instance?
>I could achieve the proxy's connection swap to the new site using Site DNS BUT my understanding is that the proxy would have to perform a DNS query each time the it needed to send data to the server. Is this correct? Putting a DNS cache on each proxy could mitigate this but would then delay the proxy seeing the new server address.
Anything major I am missing here?
This is my first post so please forgive me for any forum faux pas.
Thanks in advance....
Comment