TrapDirector : HA feature


I’m currently setting up HA and zones for TrapDirector, and moving discussions about it into this forum rather than GitHub issue 32 to have more inputs/suggestions.

Target architecture (3 sept 2020) :

Test environment : two masters in HA and two satellites in HA.

Traps can be received by :

  • master ( if there is a HA master using VRRP (keealived) IP)
  • satellite (if there is a HA sat, using VRRP too).

Satellite receives and process traps using configuration provided by masters and :

  • update database using a simple API provided by trapdirector module on masters.
  • Send passive service check results to satellites (or to master, this isn’t decided yet).

For now, there is no zone for trap rules : they are global.

I assume :

  • satellites can have access to master (and masterHA) on :
    Icinga API port (5665 by default)
    Icingaweb2 HTTP port (443)
    (Satellites will use a specific Icingaweb2 user)

  • Master and master HA both have access to the trapdirector database.

  • Latency between master(s) and sat(s) is low (<500ms)

Problems to be solved

( Copis) One of the problems that i see is in some scenarios cannot have VRRP for example in Active-Passive or Active-Active CPD with no extended vlans. In that case there are no posible implementation

Alternative scenario from manfredw
HA nodes share the same software (net-snmp, webserver with icingaweb2 and trapdirector) and configuration, but only the node with the virtual ip will receive the traps.
This concept will also work with satellite nodes by forwarding the traps (note : using forwarding capabilities from snmptrapd) to your central cluster from each satellite.

Ideas and suggestions are welcome !

1 Like