이 섹션에서는 SNMP 통합을 구성하는 방법을 설명합니다.
SNMP 구성에 대한 자세한 내용은 Net-SNMP 설명서를 참조하십시오. SNMP 통합을 구성하려면 다음을 수행합니다.
- /etc/snmp/snmpd.conf를 편집합니다.
- SNMP 서비스에 연결할 시스템의 소스 IP 주소를 사용하여 다음 줄을 구성 파일에 추가합니다. SNMPv2c 또는 SNMPv3를 사용하여 구성할 수 있습니다.
- 다음 예에서는 커뮤니티 문자열 vc-vcg를 통해 localhost에서, SNMPv2c 버전을 사용하여 커뮤니티 문자열
myentprisecommunity를 사용하여 10.0.0.0/8에서 모든 카운터에 대한 액세스를 구성합니다.agentAddress udp:161 # com2sec sec.name source community com2sec local localhost vc-vcg com2sec myenterprise 10.0.0.0/8 myentprisecommunity# group access.name sec.model sec.name group rogroup v2c local group rogroup v2c myenterpriseview all included .1 80 # access access.name context sec.model sec.level match read write notif access rogroup "" any noauth exact all none none#sysLocation Sitting on the Dock of the Bay #sysContact Me <[email protected]>sysServices 72master agentx# # Process Monitoring ## At least one 'gwd' process proc gwd # At least one 'mgd' process proc mgd# # Disk Monitoring # # 100MBs required on root disk, 5% free on /var, 10% free on all other disks disk / 100000 disk /var 5% includeAllDisks 10%# # System Load # # Unacceptable 1-, 5-, and 15-minute load averages load 12 10 5 # "Pass-through" MIB extension command pass_persist .1.3.6.1.4.1.45346 /opt/vc/bin/snmpagent.py veloGateway
참고: 위의 예에서 프로세스 gwd는 게이트웨이의 전체 데이터 및 제어부로 구성됩니다. mgd(관리부 데몬)는 Orchestrator와의 통신을 담당합니다. 이 프로세스는 Orchestrator가 gwd 프로세스의 총 장애 사고에서 해당 장애를 해결하는 데 필요한 구성 변경 사항 또는 소프트웨어 업데이트에 계속 연결할 수 있도록 gwd에서 분리된 상태로 유지됩니다. - 다음 예에서는 SNMPv3 버전을 사용하는 구성을 보여 줍니다.
vcadmin:~$ cat /etc/snmp/snmpd.conf ############################################################################### # # EXAMPLE.conf: # An example configuration file for configuring the Net-SNMP agent ('snmpd') # See the 'snmpd.conf(5)' man page for details # # Some entries are deliberately commented out, and will need to be explicitly activated # ############################################################################### # # AGENT BEHAVIOUR # # Listen for connections from the local system only # agentAddress udp:127.0.0.1:161 # Listen for connections on all interfaces (both IPv4 *and* IPv6) agentAddress udp:161 ############################################################################### # # SNMPv3 AUTHENTICATION # # Note that these particular settings don't actually belong here. # They should be copied to the file /var/lib/snmp/snmpd.conf # and the passwords changed, before being uncommented in that file *only*. # Then restart the agent # createUser authOnlyUser MD5 "remember to change this password" # createUser authPrivUser SHA "remember to change this one too" DES # createUser internalUser MD5 "this is only ever used internally, but still change the password" # If you also change the usernames (which might be sensible), # then remember to update the other occurances in this example config file to match. ############################################################################### # # ACCESS CONTROL # # system + hrSystem groups only view systemonly included .1.3.6.1.4.1.45346 # Full access from the local host # rocommunity public localhost # Default access to basic system info rocommunity public default -V systemonly # Full access from an example network # Adjust this network address to match your local settings, change the community string, # and check the 'agentAddress' setting above rocommunity secret 10.0.0.0/16 # Full read-only access for SNMPv3 rouser authOnlyUser # Full write access for encrypted requests # Remember to activate the 'createUser' lines above rwuser authPrivUser priv # It's no longer typically necessary to use the full 'com2sec/group/access' configuration # r[ow]user and r[ow]community, together with suitable views, should cover most requirements ############################################################################### # # SYSTEM INFORMATION # # Note that setting these values here, results in the corresponding MIB objects being 'read-only' # See snmpd.conf(5) for more details sysLocation Bay sysContact [email protected] # Application + End-to-End layers sysServices 72 # # Process Monitoring # # At least one 'mountd' process proc mountd # No more than 4 'ntalkd' processes - 0 is OK proc ntalkd 4 # At least one 'sendmail' process, but no more than 10 proc sendmail 10 1 # Walk the UCD-SNMP-MIB::prTable to see the resulting output # Note that this table will be empty if there are no "proc" entries in the snmpd.conf file # # Disk Monitoring # # 10MBs required on root disk, 5% free on /var, 10% free on all other disks disk / 10000 disk /var 5% includeAllDisks 10% # Walk the UCD-SNMP-MIB::dskTable to see the resulting output # Note that this table will be empty if there are no "disk" entries in the snmpd.conf file # # System Load # # Unacceptable 1-, 5-, and 15-minute load averages load 12 10 5 # Walk the UCD-SNMP-MIB::laTable to see the resulting output # Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file ############################################################################### # # ACTIVE MONITORING # # send SNMPv1 traps trapsink localhost public # send SNMPv2c traps trap2sink localhost public # send SNMPv2c INFORMs informsink localhost public # Note that you typically only want *one* of these three lines # Uncommenting two (or all three) will result in multiple copies of each notification. # # Event MIB - automatically generate alerts # # Remember to activate the 'createUser' lines above iquerySecName internalUser rouser internalUser # generate traps on UCD error conditions defaultMonitors yes # generate traps on linkUp/Down linkUpDownNotifications yes ############################################################################### # # EXTENDING THE AGENT # # Arbitrary extension commands # extend test1 /bin/echo Hello, world! extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35 #extend-sh test3 /bin/sh /tmp/shtest # Note that this last entry requires the script '/tmp/shtest' to be created first, # containing the same three shell commands, before the line is uncommented # Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table # and nsExtendOutput2Table) to see the resulting output # Note that the "extend" directive supercedes the previous "exec" and "sh" directives # However, walking the UCD-SNMP-MIB::extTable should still returns the same output, # as well as the fuller results in the above tables. # # "Pass-through" MIB extension command # #pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest #pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl rocommunity velocloud localhost #pass .1.3.6.1.4.1.45346 /opt/vc/bin/snmpagent.py veloGateway pass_persist .1.3.6.1.4.1.45346 /opt/vc/bin/snmpagent.py veloGateway # Note that this requires one of the two 'passtest' scripts to be installed first, # before the appropriate line is uncommented. # These scripts can be found in the 'local' directory of the source distribution, # and are not installed automatically. # Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output # # AgentX Sub-agents # # Run as an AgentX master agent master agentx # Listen for network connections (from localhost) # rather than the default named socket /var/agentx/master
- 다음 예에서는 커뮤니티 문자열 vc-vcg를 통해 localhost에서, SNMPv2c 버전을 사용하여 커뮤니티 문자열
- /etc/iptables/rules.v4를 편집합니다. SNMP 서비스에 연결할 시스템의 소스 IP를 사용하여 다음 줄을 구성에 추가합니다.
# WARNING: only add targeted rules for addresses and ports # do not add blanket drop or accept rules since Gateway will append its own rules # and that may prevent it from functioning properly *filter :INPUT ACCEPT [0:0] -A INPUT -p udp -m udp --source 127.0.0.1 --dport 161 -m comment --comment "allow SNMP port" -j ACCEPT -A INPUT -p udp -m udp --source 10.0.0.0/8 --dport 161 -m comment --comment "allow SNMP port" -j ACCEPT :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT
- snmp 및 iptables 서비스를 다시 시작합니다.
service snmpd restart service iptables-persistent restart service vc_process_monitor restart
