이 섹션에서는 SNMP 통합을 구성하는 방법을 설명합니다.

SNMP 구성에 대한 자세한 내용은 Net-SNMP 설명서를 참조하십시오. SNMP 통합을 구성하려면 다음을 수행합니다.

  1. /etc/snmp/snmpd.conf를 편집합니다.
  2. SNMP 서비스에 연결할 시스템의 소스 IP 주소를 사용하여 다음 줄을 구성 파일에 추가합니다. SNMPv2c 또는 SNMPv3를 사용하여 구성할 수 있습니다.
    • 다음 예에서는 커뮤니티 문자열 vc-vcg를 통해 localhost에서, SNMPv2c 버전을 사용하여 커뮤니티 문자열 myentprisecommunity를 사용하여 10.0.0.0/8에서 모든 카운터에 대한 액세스를 구성합니다.
      agentAddress udp:161
      # com2sec sec.name source community
      com2sec local localhost vc-vcg
       com2sec myenterprise 10.0.0.0/8 myentprisecommunity# group access.name sec.model sec.name 
      group rogroup v2c local
       group rogroup v2c myenterpriseview all included .1 80 
      # access access.name context sec.model sec.level match read write notif
      access rogroup "" any noauth exact all none none#sysLocation Sitting on the Dock of the Bay
      #sysContact Me <[email protected]>sysServices 72master agentx#
      # Process Monitoring
      ## At least one 'gwd' process
      proc gwd
      # At least one 'mgd' process
      proc mgd#
      # Disk Monitoring
      #
      # 100MBs required on root disk, 5% free on /var, 10% free on all other disks
      disk / 100000
      disk /var 5%
      includeAllDisks 10%#
      # System Load
      #
      # Unacceptable 1-, 5-, and 15-minute load averages
      load 12 10 5
      참고: 위의 예에서 프로세스 gwd는 게이트웨이의 전체 데이터 및 제어부로 구성됩니다. mgd(관리부 데몬)는 Orchestrator와의 통신을 담당합니다. 이 프로세스는 Orchestrator가 gwd 프로세스의 총 장애 사고에서 해당 장애를 해결하는 데 필요한 구성 변경 사항 또는 소프트웨어 업데이트에 계속 연결할 수 있도록 gwd에서 분리된 상태로 유지됩니다.
    • 다음 예에서는 SNMPv3 버전을 사용하는 구성을 보여 줍니다.
      vcadmin:~$ cat /etc/snmp/snmpd.conf 
      ###############################################################################
      #
      # EXAMPLE.conf:
      #  An example configuration file for configuring the Net-SNMP agent ('snmpd')
      #  See the 'snmpd.conf(5)' man page for details
      #
      #  Some entries are deliberately commented out, and will need to be explicitly activated
      #
      ###############################################################################
      #
      #  AGENT BEHAVIOUR
      #
      
      #  Listen for connections from the local system only
      # agentAddress  udp:127.0.0.1:161
      #  Listen for connections on all interfaces (both IPv4 *and* IPv6)
      agentAddress udp:161
      
      ###############################################################################
      #
      #  SNMPv3 AUTHENTICATION
      #
      #  Note that these particular settings don't actually belong here.
      #  They should be copied to the file /var/lib/snmp/snmpd.conf
      #     and the passwords changed, before being uncommented in that file *only*.
      #  Then restart the agent
      #  createUser authOnlyUser  MD5 "remember to change this password"
      #  createUser authPrivUser  SHA "remember to change this one too"  DES
      #  createUser internalUser  MD5 "this is only ever used internally, but still change the password"
      
      #  If you also change the usernames (which might be sensible),
      #  then remember to update the other occurances in this example config file to match.
      
      
      
      ###############################################################################
      #
      #  ACCESS CONTROL
      #
      
      #  system + hrSystem groups only
         view   systemonly  included   .1.3.6.1.4.1.45346
      
      #  Full access from the local host
      #  rocommunity public  localhost
      #  Default access to basic system info
         rocommunity public  default    -V systemonly
      
      #  Full access from an example network
      #  Adjust this network address to match your local settings, change the community string,
      #  and check the 'agentAddress' setting above
         rocommunity secret  10.0.0.0/16
      
      #  Full read-only access for SNMPv3
         rouser   authOnlyUser
      #  Full write access for encrypted requests 
      #  Remember to activate the 'createUser' lines above
         rwuser   authPrivUser   priv
      
      #  It's no longer typically necessary to use the full 'com2sec/group/access' configuration
      #  r[ow]user and r[ow]community, together with suitable views, should cover most requirements
      
      ###############################################################################
      #
      #  SYSTEM INFORMATION
      #
      #  Note that setting these values here, results in the corresponding MIB objects being 'read-only'
      #  See snmpd.conf(5) for more details
      sysLocation    Bay
      sysContact     [email protected]
      # Application + End-to-End layers
      sysServices    72
      
      
      #
      #  Process Monitoring
      #
      # At least one  'mountd' process
      proc  mountd
      
      # No more than 4 'ntalkd' processes - 0 is OK
      proc  ntalkd    4
      
      # At least one 'sendmail' process, but no more than 10
      proc  sendmail 10 1
      
      #  Walk the UCD-SNMP-MIB::prTable to see the resulting output
      #  Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
      
      #
      #  Disk Monitoring
      #
      # 10MBs required on root disk, 5% free on /var, 10% free on all other disks
      disk       /     10000
      disk       /var  5%
      includeAllDisks  10%
      
      #  Walk the UCD-SNMP-MIB::dskTable to see the resulting output
      #  Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
      
      
      #
      #  System Load
      #
      # Unacceptable 1-, 5-, and 15-minute load averages
      load   12 10 5
      
      #  Walk the UCD-SNMP-MIB::laTable to see the resulting output
      #  Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
      
      ###############################################################################
      #
      #  ACTIVE MONITORING
      #
      #   send SNMPv1  traps
        trapsink     localhost public
      #   send SNMPv2c traps
        trap2sink    localhost public
      #   send SNMPv2c INFORMs
        informsink   localhost public
      
      #  Note that you typically only want *one* of these three lines
      #  Uncommenting two (or all three) will result in multiple copies of each notification.
      
      #
      #  Event MIB - automatically generate alerts
      #
      # Remember to activate the 'createUser' lines above
      iquerySecName   internalUser
      rouser          internalUser
      # generate traps on UCD error conditions
      defaultMonitors          yes
      # generate traps on linkUp/Down
      linkUpDownNotifications  yes
      
      ###############################################################################
      #
      #  EXTENDING THE AGENT
      
      #
      #  Arbitrary extension commands
      #
       extend    test1   /bin/echo  Hello, world!
       extend-sh test2   echo Hello, world! ; echo Hi there ; exit 35
      #extend-sh test3   /bin/sh /tmp/shtest
      
      #  Note that this last entry requires the script '/tmp/shtest' to be created first,
      #    containing the same three shell commands, before the line is uncommented
      
      #  Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
      #     and nsExtendOutput2Table) to see the resulting output
      
      #  Note that the "extend" directive supercedes the previous "exec" and "sh" directives
      #  However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
      #     as well as the fuller results in the above tables.
      
      
      #
      #  "Pass-through" MIB extension command
      #
      #pass .1.3.6.1.4.1.8072.2.255  /bin/sh       PREFIX/local/passtest
      #pass .1.3.6.1.4.1.8072.2.255  /usr/bin/perl PREFIX/local/passtest.pl
      
      rocommunity velocloud localhost
      #pass  .1.3.6.1.4.1.45346 /opt/vc/bin/snmpagent.py veloGateway
      pass_persist  .1.3.6.1.4.1.45346 /opt/vc/bin/snmpagent.py veloGateway
      
      # Note that this requires one of the two 'passtest' scripts to be installed first,
      #    before the appropriate line is uncommented.
      # These scripts can be found in the 'local' directory of the source distribution,
      #     and are not installed automatically.
      
      #  Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
      
      #
      #  AgentX Sub-agents
      #
      #  Run as an AgentX master agent
       master          agentx
      #  Listen for network connections (from localhost)
      #    rather than the default named socket /var/agentx/master
  3. /etc/iptables/rules.v4를 편집합니다. SNMP 서비스에 연결할 시스템의 소스 IP를 사용하여 다음 줄을 구성에 추가합니다.
    # WARNING: only add targeted rules for addresses and ports
    # do not add blanket drop or accept rules since Gateway will append its own rules
    # and that may prevent it from functioning properly
    *filter
    :INPUT ACCEPT [0:0]
    -A INPUT -p udp -m udp --source 127.0.0.1 --dport 161 -m comment --comment "allow SNMP port" -j ACCEPT
    -A INPUT -p udp -m udp --source 10.0.0.0/8 --dport 161 -m comment --comment "allow SNMP port" -j ACCEPT
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT
  4. snmp 및 iptables 서비스를 다시 시작합니다.
    service snmpd restart
    service iptables-persistent restart
    service vc_process_monitor restart