Monitoring Memory Metrics for EC2 Linux Instances

While Amazon CloudWatch provides CPU, network and disk usage metrics for Amazon EC2 instances, it doesn't provide memory usage metrics by default. Commander provides the ability to monitor memory usage through the use of custom CloudWatch scripts. When memory usage metrics are enabled for an instance:

Commander also detects and uses memory metrics for EC2 instances deployed in the AWS console.

This topic explains how to enable memory usage monitoring for new Amazon EC2 Linux instances deployed by Commander. See also Monitoring Memory Metrics for EC2 Windows Instances.

Supported Linux distributions

Commander supports memory metrics for the following Linux distributions:

  • Amazon Linux 2014.09.2
  • Red Hat Enterprise Linux 6.6
  • Ubuntu Server 14.04
  • SUSE Linux Enterprise Server 12

By default, Open SUSE Linux Enterprise Server 12 SP1 is supported. To support another version, you can edit the script as explained below.

Enabling memory usage monitoring for new VMs: Overview

When you enable memory usage monitoring for a new Linux VM, during provisioning, Commander runs a script as AWS user data. The script is added to any other user data configured for the new VM.

The script downloads and installs prerequisites (Perl modules) using yum, apt_get or zypper, depending on the Linux distribution. The script then downloads CloudWatch Monitoring scripts from AWS and sets up a Cron job to send VM memory usage statistics to AWS every five minutes.

The two AWS memory metrics and their Commander equivalents are:

AWS memory metric

Commander equivalent

Description

MemoryUsed

Memory Consumed (MB)

Reports only memory allocated by applications and the operating system, and excludes memory in cache and buffers.

MemoryUtilization

Memory Used (%)

Reports only memory allocated by applications and the operating system, and excludes memory in cache and buffers.

See Monitoring Memory and Disk Metrics for Amazon EC2 Linux Instances in the AWS documentation for detailed information on the memory monitoring scripts.

The script which is run by Commander as user data during provisioning is stored in the following location on the Commander server:

<Commander_install_dir>\tomcat\common\classes\aws-linux-memory-metrics.sh

To enable memory usage monitoring for new VMs, the following conditions must be met:

Enable memory usage monitoring

To configure memory usage monitoring, enable the option Monitor Memory Usage for the service catalog entry. You can find this option on the Infrastructure tab of the Component Blueprint page.

See Monitor Memory Usage(VM templates only) for more information.

Notes:

  • You can also enable memory usage monitoring during manual deployment.
  • If you're using your own custom script to enable memory usage monitoring, you must disable memory usage monitoring in the service catalog blueprint.
CloudWatch IAM Role

Assign credentials with CloudWatch permissions

The deployed VM must have credentials that allow reading and writing CloudWatch data.

Assigning an IAM role is the recommended method, to avoid the need for placing plain-text credentials in a script.

There are two ways to assign an IAM role during the Commander provisioning process:

  • Assign the IAM role to the service catalog blueprint (see the image above). See Adding AWS Services to the Catalog for more information.
  • Assign the IAM role to the deployment destination. This option makes sense if you deploy the same template (AMI) to multiple deployment destinations, or if you have a large number of catalog entries. You can find the IAM Role option on the Resources & Security page of the Automated Deployment Placement wizard:

Deployment Destination IAM

Important: Commander doesn't validate IAM role names, so ensure that role names entered in Commander match those in AWS. IAM role names are not case-sensitive.

See Optionally, enter the name of an IAM Role to assign to the deployed VM. The maximum number of characters is 255. Configuring the IAM role in the deployment destination rather than in the catalog blueprint makes sense if you deploy the same template (AMI) to multiple deployment destinations, or if you have a large number of catalog entries. If an IAM role is also configured in the catalog blueprint, the blueprint takes precedence. Administrators can override the IAM role during manual deployment. To learn more, see Managing Amazon Web Services with Commander. Important: Commander doesn't validate IAM role names, so ensure that role names entered in Commander match those in AWS. IAM role names are not case-sensitive. for more information.

If an IAM role is configured in both the deployment destination and the blueprint, the blueprint takes precedence.

Provisioning won't fail if you don't assign an IAM role through one of these methods, because it's possible to assign credentials through a script.

Verifying script execution

To verify script execution and view script output, you can view the output log in the following location on the deployed VM:

/var/log/cloud-init-output.log

Or, you can access the system log from the AWS console. Right-click the instance and choose VM Actions > Instance Settings > Get System Log.

Note for RedHat Linux: The cloud init log on RedHat is not retrieved by the system log. Instead, you can find it in the following location on the deployed VM:

/var/log/cloud-init.log

Supporting other versions of Open SUSE Linux

By default, Open SUSE Linux Enterprise Server 12 SP1 is supported. To support another version, you can edit the script as explained here.

  1. Open the following file for editing on the Commander server:

    <Commander_install_dir>\tomcat\common\classes\aws-linux-memory-metrics.sh

  2. Locate the following line in the file:

    zypper addrepo http://download.opensuse.org/repositories/home:ngncc/SUSE_SLE-12-SP1_Update_standard/home:ngncc.repo

  3. Replace the repository URL in this line with the appropriate URL for the required version of SUSE.