Contents
Connecting nodes into a hierarchical structure
Prior to connecting nodes, you should make sure that they have hierarchy mode enabled, their node profiles have been configured, and certificates have been created for the nodes. Parent and child nodes must exchange their certificates over encrypted communication channels.
Connection of nodes in a hierarchy consists of the following steps:
- The child node connects to the parent node.
- The parent node connects the child node.
Prior to connecting nodes, make sure that the system time on the machines is synchronized with the NTP server. For more details, please refer to the appropriate documentation for Oracle Linux and for Astra Linux Special Edition.
When a connection is established, the parent node polls its child nodes for their available hierarchy data every 5 minutes, and thereby identify the structure of their available branch of the hierarchical tree. This data is displayed in the KUMA web interface under Settings → Hierarchy → Structure after the web page is refreshed.
Information about the hierarchical structure can be manually refreshed by using the Update structure button. To display the updated data, you must refresh the page of your web browser.
Connecting to a parent node
To connect to a parent node:
- In the KUMA web interface, open Settings → Hierarchy and click the Add parent node button.
The Connect to parent node window opens.
- Use the Upload certificate button to upload the certificate to KUMA.
The window will display a description of the certificate and indicate the organization that issued it and its FQDN.
- If necessary, use the Port field to specify the port used for accessing the parent node.
- Click Save.
You are now connected to the parent node. It can now add your node as a child node so that it will receive data on your child nodes and view your incidents.
Page topConnecting a child node
If you connected a parent node, you will be able to add child nodes only after your parent node adds you as a child node. Prior to connecting a child node, make sure that it has added your node as the parent node.
To connect a child node:
- In the KUMA web interface, open Settings → Hierarchy and click the Add child node button.
The Connect to child node window opens.
- Use the Upload certificate button to upload the certificate of the child node to KUMA.
The window will display a description of the certificate and indicate the organization that issued it and its FQDN.
- If necessary, use the Port field to specify the port used for accessing the child node.
- Click Save.
The child node is added and displayed on the Settings → Hierarchy → Structure tab. This tab also displays the descendants of the child node. You can view the incidents of your child nodes and their descendants.
Page topDisconnecting a node
You can disconnect from a parent node or child node. However, it is impossible to disconnect from nodes that are descendants of your child nodes.
To disconnect from a node:
- In the KUMA web interface, open Settings → Hierarchy and select the Structure tab.
The hierarchical structure will be displayed.
- Select the node that you want to disconnect from.
The right side of the window will display the details area containing information about this node.
- Click Disconnect.
You have disconnected from the node. If you have disconnected from a parent node, it will no longer receive information about your child nodes and incidents. If you have disconnected from a child node, you will no longer receive information about its child nodes and its incidents.
Page topChanging a node
If the name and/or FQDN of a node has changed, this node must reissue a certificate. Then the procedure for connecting the nodes must be repeated. Outdated nodes must be disconnected.
The port for connecting to nodes can be changed in the details area of the node without reissuing a certificate.
To change the settings for connecting to a node:
- In the KUMA web interface, open the Structure tab under Settings → Hierarchy and select the relevant node.
The right side of the window will display the details area of the node.
- In the Port field, enter the required port.
- Change the settings for email notifications regarding incidents on the child node:
- If you need to disable notifications, clear the Monitoring incidents check box.
- If you need to enable notifications, select the Monitoring incidents check box and use the input field to add the necessary email addresses.
To send email notifications, you need to configure a connection to the SMTP server.
- Click Save.
The node connection settings have been changed.
Page topErrors when connecting nodes
Errors that occur when connecting nodes may be incompletely displayed in the KUMA web interface. You can use the developer's console of your browser to view the full server report.
The table below lists the errors that may arise when connecting KUMA nodes into a hierarchy, and includes recommendations on resolving those errors.
Errors that occur when establishing a connection to a node are displayed in pop-up windows in the lower part of the screen. Errors in already connected nodes can be viewed in the KUMA web interface under Settings → Hierarchy → Structure. The error text is displayed when you move your mouse cursor over the red triangle icon next to the node that encountered the error.
Error message |
Possible cause of the error |
Recommended remediation |
|
Connection refused. There was an attempt to add a child node that did not add the certificate of the parent node. |
|
|
You cannot generate a cyclical structure out of KUMA nodes. |
Make sure that the hierarchical structure you are creating is a tree structure. |
|
Invalid certificate. |
You must check the certificate file. |
|
Connection could not be established due to exceeded response timeout. |
Verify that the child node machine is running. |
|
Connection refused due to invalid certificate. |
|
|
Connection refused due to invalid certificate. |
Make sure that the parent node certificate is valid. |
|
Child node certificate contains a non-existent FQDN. |
Make sure that the child node certificate is valid. |
|
This node already exists within the structure. |
Check the hierarchical structure that you are trying to build. |
|
|
Do not connect a parent node that is already a child node within this hierarchy. |
|
Child node deleted the parent. |
The child node must connect the parent node. |
|
Invalid ports are indicated in node connection settings. |
Make sure that the correct port is indicated in the node settings and that a valid certificate is being used. |
|
Connecting to a node using wrong proxy server settings. |
Make sure correct proxy server settings are used. |