Hello,
i have one master in the public network and several slaves in the internal network and the connection is via stunnel. My problem is that if I want to connect the two sides I have to do it from the master, but for that I have to use a public address with port 443 and 6557 on the internal side again. If this function would work the other way around (connect the master from the slave) it would be easier and nicer because the master is visible for everyone anyway.
regards Fabio
Sounds like you want (or need) to switch to a “push” configuration where the slaves push their data to the master instead of the other way round.
If so, you may want to read the article about distributed monitoring and especially the section 4. Livedump and CMCDump.
Basically the slaves run cmcdump regularly (every minute, every other minute, …) and copy the resulting data to the master site where it is then “applied” (imported, so to speak).
I’ve used Wireguard, and thus a separate monitoring network/VPN, to achieve this.
…actually I’ve also used SSH reverse tunnels and autossh to achieve the same too, but I’d recommend the Wireguard solution if it is feasible to go this route.
The slave connects to the master to set up the Wireguard connection - with PersistantKeepalive to keep the connection up despite NAT etc - and then you configure the Wireguard IP of the slave in the Distributed Monitoring setup on the Master.
…it’s not exactly what you’re asking, and Dirks suggestion might be nicer depending on your setup. Regularly imported dumps are technically very easy to handle - this is the “passive” way, and you’ll just have to make sure you get alerts if data gets stale (slave is not reporting back). The Wireguard solution continues the “active monitoring” approach… 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.