This section explains how to install, start and stop, and configure Qumulo Alerts.
Prerequisites
This section lists the prerequisites for Qumulo Alerts.
Firewall Ports
Qumulo Alerts requires the following firewall ports to be open from the Qumulo Alerts instance
Port | Target |
---|---|
25 , 587 , or 465 |
Email server |
3000 |
Any client that queries or views Grafana dashboards |
8000 |
Qumulo cluster |
System Requirements
We recommend the following system requirements for Qumulo Alerts.
- 4-core processor
- 16 GB memory
- 500 GB disk space
Tools
Before you install Qumulo Alerts, make sure you have the following tools:
- Git (You can also browse the QumuloAlerts GitHub repository.)
- Docker
-
Important
Qumulo Alerts requires the Docker Compose Plugin to operate correctly.
Configuration Details
Before you connect Qumulo Alerts to a Qumulo cluster, collect the information that can help you configure Qumulo Alerts to monitor your cluster.
- Cluster Address: Use a fully qualified domain name (FQDN) rather than an IP address.
- Traffic Distribution: Will your Qumulo Alerts installation use a network load balancer or a floating IP address?
- Default Plugin Frequency: What should be the default frequency for plugin execution? (You can specify the frequency in minutes or seconds.)
- Alarm and Alert Types: Which alarms and alerts will Qumulo Alerts will collect from your Qumulo cluster?
Installing Qumulo Alerts
This section explains how to install Qumulo Alerts on your machine.
Step 1: Clone the Qumulo Alerts Repository
Navigate to the directory where you want Git to download files and run the following command.
git clone https://github.com/Qumulo/QumuloAlerts.git
Git creates a directory called QumuloAlerts
and places the necessary files in it.
Step 2: Create a Local User for Qumulo Alerts
To be able to generate access tokens, you must create a local user for Qumulo Alerts.
-
To connect to a node in your cluster as the
root
user, use SSH and then run thesudo -s
command. -
To create a local user, run the
qq auth_add_user
command and specify a name and password.qq auth_add_user --name QumuloAlerts \ --password HTEj0kGIOsNOAA0
-
You need the user ID that appears in the command output to create a role for Qumulo Alerts.
In the following example, the user ID is
1234
.{ "can_change_password": true, "home_directory": null, "id": "1234", "name": "QumuloAlerts", "primary_group": "999", "sid": "S-1-5-21-1234567890-345678912-1234567890-1234", "uid": "" }
Step 3: Create a Qumulo Core Role for Qumulo Alerts
-
Log in to the Qumulo Core Web UI and then click Cluster > Role Management.
-
On the Role Management page, click Create Role.
-
On the Create Role page:
-
Enter
QumuloAlerts
.Important
Because Qumulo Alerts verifies that it has sufficient role permissions before starting, this name is required. -
Enter a description, for example
This account lets an administrator restrict the privileges of the QumuloAlerts user.
-
-
For Privileges, click all of the following:
ACCESS_TOKENS_READ
: View any access tokens present in the systemAD_READ
: Read Qumulo Active Directory SettingsANALYTICS_READ
: Read cluster analyticsAUDIT_READ
: Read audit settingsCHECKSUMMING_READ
: View the status of checksummingCLUSTER_READ
: View nodes, disks, protection status, and SSL certificateDNS_READ
: Read DNS settingENCRYPTION_READ
: View the status of at rest encryptionFILE_READ_ACCESS
: Provides read access to all files regardless of permissionsFS_ATTRIBUTES_READ
: Read file system statisticsFS_DELETE_TREE_READ
: View the status of directory tree delete operationsFS_KEY_MANAGEMENT_READ
: Read and list public keys for various FS security featuresFS_LOCK_READ
: View NLM and SMB locks and waitersFS_SETTINGS_READ
: View file system permissions settingsFTP_READ
: View FTP status and settingsIDENTITY_MAPPING_READ
: Get AD/LDAP User Defined MappingsIDENTITY_READ
: Use Qumulo's identity lookup and translation APIsKERBEROS_KEYTAB_READ
: View Kerberos keytabKERBEROS_SETTINGS_READ
: Read Kerberos settingsLDAP_READ
: View LDAP settingsLOCAL_GROUP_READ
: View local groups and membersLOCAL_USER_READ
: Get information about local usersMETRICS_READ
: Get all metricsNETWORK_IP_ALLOCATION_READ
: View network IP address allocationsNETWORK_READ
: Read network status and settingsNFS_EXPORT_READ
: Read network status and settingsNFS_SETTINGS_READ
: Internal-Only</code>: View NFS server settingsQUOTA_READ
: View all file system quotasREBOOT_READ
: View Reboot StatusRECONCILER_READ
: View reconciler status and metricsREPLICATION_OBJECT_READ
: View object store relationship settings and statusREPLICATION_SOURCE_READ
: View source relationship settings and statusREPLICATION_TARGET_READ
: View target relationship settings and statusROLE_READ
: View roles and assignmentsS3_BUCKETS_READ
: View all S3 buckets present in the systemS3_CREDENTIALS_READ
: View any S3 access key present in the systemS3_SETTINGS_READ
: View S3 server settingsS3_UPLOADS_READ
: View all S3 uploads present in the system.SAML_SETTINGS_READ
: View SAML integration settingsSMB_FILE_HANDLE_READ
: List open SMB file handlesSMB_SESSION_READ
: List logged on SMB sessionsSMB_SHARE_READ
: View configuration of SMB shares and SMB server settingsSNAPSHOT_CALCULATE_USED_CAPACITY_READ
: Recalculate capacity usage of snapshotsSNAPSHOT_DIFFERENCE_READ
: View the changes between snapshotsSNAPSHOT_POLICY_READ
: View snapshot policies and statusSNAPSHOT_READ
: List snapshots and view their status and cached capacity.SUPPORT_READ
: View support configuration and statusTENANT_READ
: View any tenant informationTIME_READ
: View time and time settingsUNCONFIGURED_NODE_READ
: List unconfigured Qumulo nodesUPGRADE_READ
: View upgrade configuration and status
-
Click Save.
Step 4: Assign the Qumulo Alerts Role to Your Local Qumulo Core User
-
In the Qumulo Core Web UI, click Cluster > Role Management.
-
On the Role Management page, in the QumuloAlerts section, click Add Member.
-
In the Add Member to Administrators dialog box, for Trustee, enter the local username you have created earlier (for example,
QumuloAlerts
) and then click Yes, Add Member.
Step 5: Create a Long-Lived Access Token
Run the auth_create_access_token
command and specify the ID of the local user. For example:
qq auth_create_access_token auth_id:1234
The auth_create_access_token
command returns a JSON response that contains the bearer token body and the access token ID, which you can use to manage the access token.
{
"bearer_token": "access-v1:abAcde...==",
"id": "12345678901234567890123"
}
As soon as you receive your bearer token, record it in a safe place. If you misplace the bearer token, you can't retrieve it at a later time. You must create a new access token.
For more information, see Using Qumulo Core Access Tokens in the Qumulo On-Premises Administrator Guide.
Starting and Stopping Qumulo Alerts
-
To start Qumulo Alerts, run the
./start-docker-qumulo-alerts.sh
command from the Qumulo Alerts directory. -
To stop Qumulo Alerts, run the
./stop-docker-qumulo-alerts.sh
command from the Qumulo Alerts directory.
Configuring Qumulo Alerts
This section explains how to use the alerts
CLI and how to configure Qumulo Alerts
Step 1: Configure the alerts CLI for Your Operating System
Qumulo Alerts comes with the following binaries for Linux, macOS, and Windows.
alerts.macos-latest
alerts.redhat-8
alerts.ubuntu-20.04
alerts.ubuntu-latest
alerts.windows-latest.exe
To Configure the alerts CLI for Linux
-
Link the binary for your operating system to the
alerts
CLI. For example:ln -s alerts.ubuntu-20.04 alerts
-
Make the binary file executable. For example:
chmod a+x alerts.ubuntu-20.04
To Configure the alerts CLI for Windows
-
Copy
alerts.windows-latest.exe
to your Windows machine. -
Rename the file to
alerts.exe
Step 2: Log in to Qumulo Alerts
-
To log in to Qumulo Alerts, run the
./alerts login -u admin
command. -
When prompted, enter the following:
-
Login:
admin
-
Password:
Admin123
-