In diesem Abschnitt wird beschrieben, wie die SNMP-Integration konfiguriert wird.

Weitere Informationen zur SNMP-Konfiguration finden Sie in der Net-SNMP-Dokumentation. So konfigurieren Sie die SNMP-Integration:

  1. Bearbeiten Sie die Datei /etc/snmp/snmpd.conf.
  2. Fügen Sie die folgenden Zeilen zur Konfigurationsdatei mit der Quell-IP-Adresse der Systeme hinzu, die eine Verbindung zum SNMP-Dienst herstellen. Sie können für die Konfiguration entweder SNMPv2c oder SNMPv3 verwenden.
    • Im folgenden Beispiel wird der Zugriff auf alle Zähler von localhost über den Community-String vc-vcg und von 10.0.0.0/8 mit dem Community-String myentprisecommunity unter Verwendung der SNMPv2c-Version konfiguriert.
      agentAddress udp:161
      # com2sec sec.name source community
      com2sec local localhost vc-vcg
       com2sec myenterprise 10.0.0.0/8 myentprisecommunity# group access.name sec.model sec.name 
      group rogroup v2c local
       group rogroup v2c myenterpriseview all included .1 80 
      # access access.name context sec.model sec.level match read write notif
      access rogroup "" any noauth exact all none none#sysLocation Sitting on the Dock of the Bay
      #sysContact Me <[email protected]>sysServices 72master agentx#
      # Process Monitoring
      ## At least one 'gwd' process
      proc gwd
      # At least one 'mgd' process
      proc mgd#
      # Disk Monitoring
      #
      # 100MBs required on root disk, 5% free on /var, 10% free on all other disks
      disk / 100000
      disk /var 5%
      includeAllDisks 10%#
      # System Load
      #
      # Unacceptable 1-, 5-, and 15-minute load averages
      load 12 10 5
      #  "Pass-through" MIB extension command
      pass_persist  .1.3.6.1.4.1.45346 /opt/vc/bin/snmpagent.py veloGateway
      Hinweis: Im obigen Beispiel umfasst der gwd-Prozess die gesamte Daten- und Steuerungsebene des Gateways. Der Management Plane Daemon (mgd) ist für die Kommunikation mit dem Orchestrator verantwortlich. Dieser Prozess wird von gwd isoliert gehalten, so dass bei einem Totalausfall des gwd-Prozesses der Orchestrator immer noch für Konfigurationsänderungen oder Software-Updates erreichbar ist, die zur Behebung des Fehlers erforderlich sind.
    • Das folgende Beispiel zeigt die Konfiguration mithilfe der SNMPv3-Version.
      vcadmin:~$ cat /etc/snmp/snmpd.conf 
      ###############################################################################
      #
      # EXAMPLE.conf:
      #  An example configuration file for configuring the Net-SNMP agent ('snmpd')
      #  See the 'snmpd.conf(5)' man page for details
      #
      #  Some entries are deliberately commented out, and will need to be explicitly activated
      #
      ###############################################################################
      #
      #  AGENT BEHAVIOUR
      #
      
      #  Listen for connections from the local system only
      # agentAddress  udp:127.0.0.1:161
      #  Listen for connections on all interfaces (both IPv4 *and* IPv6)
      agentAddress udp:161
      
      ###############################################################################
      #
      #  SNMPv3 AUTHENTICATION
      #
      #  Note that these particular settings don't actually belong here.
      #  They should be copied to the file /var/lib/snmp/snmpd.conf
      #     and the passwords changed, before being uncommented in that file *only*.
      #  Then restart the agent
      #  createUser authOnlyUser  MD5 "remember to change this password"
      #  createUser authPrivUser  SHA "remember to change this one too"  DES
      #  createUser internalUser  MD5 "this is only ever used internally, but still change the password"
      
      #  If you also change the usernames (which might be sensible),
      #  then remember to update the other occurances in this example config file to match.
      
      
      
      ###############################################################################
      #
      #  ACCESS CONTROL
      #
      
      #  system + hrSystem groups only
         view   systemonly  included   .1.3.6.1.4.1.45346
      
      #  Full access from the local host
      #  rocommunity public  localhost
      #  Default access to basic system info
         rocommunity public  default    -V systemonly
      
      #  Full access from an example network
      #  Adjust this network address to match your local settings, change the community string,
      #  and check the 'agentAddress' setting above
         rocommunity secret  10.0.0.0/16
      
      #  Full read-only access for SNMPv3
         rouser   authOnlyUser
      #  Full write access for encrypted requests 
      #  Remember to activate the 'createUser' lines above
         rwuser   authPrivUser   priv
      
      #  It's no longer typically necessary to use the full 'com2sec/group/access' configuration
      #  r[ow]user and r[ow]community, together with suitable views, should cover most requirements
      
      ###############################################################################
      #
      #  SYSTEM INFORMATION
      #
      #  Note that setting these values here, results in the corresponding MIB objects being 'read-only'
      #  See snmpd.conf(5) for more details
      sysLocation    Bay
      sysContact     [email protected]
      # Application + End-to-End layers
      sysServices    72
      
      
      #
      #  Process Monitoring
      #
      # At least one  'mountd' process
      proc  mountd
      
      # No more than 4 'ntalkd' processes - 0 is OK
      proc  ntalkd    4
      
      # At least one 'sendmail' process, but no more than 10
      proc  sendmail 10 1
      
      #  Walk the UCD-SNMP-MIB::prTable to see the resulting output
      #  Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
      
      #
      #  Disk Monitoring
      #
      # 10MBs required on root disk, 5% free on /var, 10% free on all other disks
      disk       /     10000
      disk       /var  5%
      includeAllDisks  10%
      
      #  Walk the UCD-SNMP-MIB::dskTable to see the resulting output
      #  Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
      
      
      #
      #  System Load
      #
      # Unacceptable 1-, 5-, and 15-minute load averages
      load   12 10 5
      
      #  Walk the UCD-SNMP-MIB::laTable to see the resulting output
      #  Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
      
      ###############################################################################
      #
      #  ACTIVE MONITORING
      #
      #   send SNMPv1  traps
        trapsink     localhost public
      #   send SNMPv2c traps
        trap2sink    localhost public
      #   send SNMPv2c INFORMs
        informsink   localhost public
      
      #  Note that you typically only want *one* of these three lines
      #  Uncommenting two (or all three) will result in multiple copies of each notification.
      
      #
      #  Event MIB - automatically generate alerts
      #
      # Remember to activate the 'createUser' lines above
      iquerySecName   internalUser
      rouser          internalUser
      # generate traps on UCD error conditions
      defaultMonitors          yes
      # generate traps on linkUp/Down
      linkUpDownNotifications  yes
      
      ###############################################################################
      #
      #  EXTENDING THE AGENT
      
      #
      #  Arbitrary extension commands
      #
       extend    test1   /bin/echo  Hello, world!
       extend-sh test2   echo Hello, world! ; echo Hi there ; exit 35
      #extend-sh test3   /bin/sh /tmp/shtest
      
      #  Note that this last entry requires the script '/tmp/shtest' to be created first,
      #    containing the same three shell commands, before the line is uncommented
      
      #  Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
      #     and nsExtendOutput2Table) to see the resulting output
      
      #  Note that the "extend" directive supercedes the previous "exec" and "sh" directives
      #  However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
      #     as well as the fuller results in the above tables.
      
      
      #
      #  "Pass-through" MIB extension command
      #
      #pass .1.3.6.1.4.1.8072.2.255  /bin/sh       PREFIX/local/passtest
      #pass .1.3.6.1.4.1.8072.2.255  /usr/bin/perl PREFIX/local/passtest.pl
      
      rocommunity velocloud localhost
      #pass  .1.3.6.1.4.1.45346 /opt/vc/bin/snmpagent.py veloGateway
      pass_persist  .1.3.6.1.4.1.45346 /opt/vc/bin/snmpagent.py veloGateway
      
      # Note that this requires one of the two 'passtest' scripts to be installed first,
      #    before the appropriate line is uncommented.
      # These scripts can be found in the 'local' directory of the source distribution,
      #     and are not installed automatically.
      
      #  Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
      
      #
      #  AgentX Sub-agents
      #
      #  Run as an AgentX master agent
       master          agentx
      #  Listen for network connections (from localhost)
      #    rather than the default named socket /var/agentx/master
  3. Bearbeiten Sie /etc/iptables/rules.v4. Fügen Sie die folgenden Zeilen zur Konfiguration mit der Quell-IP der Systeme hinzu, die eine Verbindung zum SNMP-Dienst herstellen:
    # WARNING: only add targeted rules for addresses and ports
    # do not add blanket drop or accept rules since Gateway will append its own rules
    # and that may prevent it from functioning properly
    *filter
    :INPUT ACCEPT [0:0]
    -A INPUT -p udp -m udp --source 127.0.0.1 --dport 161 -m comment --comment "allow SNMP port" -j ACCEPT
    -A INPUT -p udp -m udp --source 10.0.0.0/8 --dport 161 -m comment --comment "allow SNMP port" -j ACCEPT
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT
  4. Starten Sie den SNMP- und iptables-Dienst neu:
    /etc/init.d/snmpd restart
    /etc/init.d/firewall restart
    service vc_process_monitor restart