SNMP Agent Setup

From OSNEXUS Wiki
Jump to: navigation, search

SNMP Agent Configuration

The QuantaStor SNMP agent provides the ability to collect SNMP traps and to browse the objects within a QuantaStor grid via SNMP GET operations. Note that the SNMP agent has no SNMP SET operations and does not allow one to change the configuration of a QuantaStor appliance or grid via SNMP. To make automated configuration changes please see the REST APIs in the QuantaStor Developer Guide.

SNMP MIB

The full SNMP MIB for QuantaStor can be found here but the latest version for any given release can be found by running qs-util snmpmib after logging into an appliance via SSH.

qs-util SNMP Utility Commands

The qs-util command line utility has a number of helper commands to make enabling SNMP and verifying the configuration easier. Here's a list of those commands, you can also run 'qs-util' at the console to see a full list of these commands. Note that you must run many of these commands as root so be sure to do a 'sudo -i' before running them.

  SNMP Commands
    qs-util snmpenable               : Configures the SNMP agent to startup automatically at system startup.
    qs-util snmpdisable              : Configures the SNMP agent to not start automatically at system startup (default).
    qs-util snmpactivate             : Turns on the SNMP agent
    qs-util snmprestart              : Restarts the SNMP service and agent
    qs-util snmpwalkall              : Walks the entire SNMP mib
    qs-util snmpwalkvolumes          : Walks the volumes via the SNMP mib
    qs-util snmpwalkalerts           : Walks the alerts via the SNMP mib
    qs-util snmpmib                  : Displays the contents of the SNMP mib

Enabling the SNMP Agent

By default the QuantaStor SNMP agent is turned off but you can enable it at the console with a couple of commands:

sudo qs-util snmpenable
sudo qs-util snmpactivate

The snmpenable command sets up the appliance so that the SNMP agent will start automatically when the appliance boots up. The snmpactivate command will startup the snmpd and qs_snmpagent services. You must also install the snmp package which contains the snmpwalk and snmpget utilities you can use for testing the agent.

sudo apt-get install snmp

Configuring the SNMP Agent user account

You must edit the /etc/snmp/snmpd.conf configuration file to contain the plain text username and password for the account that will be used for communication between the SNMP agent and the QuantaStor core services. We recommend creating a 'snmpuser' account with the 'System Monitor' role so that even if someone gets the plain text password for the SNMP agent they still cannot make configuration changes to the appliance. If you are not logged into the web management interface you can create a new management user account at the command line like so:

qs user-add snmpuser snmppass "System Monitor" server=localhost,admin,password

In the /etc/snmp/snmpd.conf file you will see lines in there that look like this:

createUser snmpuser MD5 snmppass DES
group nmsGroup usm snmpuser

Edit 'nano /etc/snmp/snmpd.conf' those to match the new user account username and password you gave in the previous step. For example, replace 'snmpuser' with the username of the account you created via the QuantaStor manager web interface, and replace 'snmppass' with the password you gave to that account. When the SNMP agent starts up, it will use the credentials for the first createUser entry in the snmpd.conf file for all communication with the QuantaStor service. So even if you have multiple createUser entries in the snmpd.conf file like "admin" but the first createUser entry is "snmpuser" then "snmpuser" credentials are used for all the SNMP agent to qs_service communication.

Now it is time to restart the SNMP daemon and agent like so:

sudo qs-util snmprestart

Testing the SNMP Agent

Now that you have the SNMP agent enabled with an account associated with it, now it's time to test it to make sure it is working. To do this, use the qs-util commands for doing an SNMP walk, for example:

 
qs-util snmpwalkvolumes snmpuser snmppass
qs-util snmpwalkalerts snmpuser snmppass
qs-util snmpwalkall snmpuser snmppass

Alternatively you can run a snmpwalk like so:

snmpwalk -v 3 -u snmpuser -a MD5 -A snmppass -x DES -X "snmppass" -l authPriv localhost QUANTASTOR-SYS-STATS::storageVolume

Be sure to replace snmpuser and snmppass with the user account you setup and specified in the /etc/snmp/snmpd.conf configuration file. If you're not able to get any data from the snmpwalk commands, try running a simple qs command to verify that the credentials are correct for the account like so:

qs alert-list server=localhost,snmpuser,snmppass

If that doesn't work then either the quantastor service is not running (service quantastor start) or the user account username or password isn't correct.

Configuring SNMP Agent Trap Settings

The alerts within QuantaStor have a severity of error, warning or informational and via the /etc/qs_snmptrapd.conf configuration file you can turn off these categories of alerts to fit your needs. In general you should not ever ignore error messages but it may be handy to disable informational alerts in some cases. Here's the default contents of the /etc/qs_snmptrapd.conf file. Note that if you delete it, the SNMP agent will automatically re-create it for you with the defaults:

poll-interval=120
ignore-error-alerts=false
ignore-warn-alerts=false
ignore-info-alerts=false

If you make any changes to this file, be sure to restart the agent like so.

service snmpagent restart

Or you can restart both the agent and SNMP service like so:

qs-util snmprestart

Testing SNMP Trap Settings

By default the SNMP agent only pushes out traps every 120 seconds so you will have to wait awhile for the trap to be generated after you raise a test alert. QuantaStor only raises traps for Alert objects, so anything that you see in the Alert status bar in the web interface or see in 'qs alert-list' will be sent out as traps. Traps are only sent a single time and the agent keeps track of what alerts have been sent by writing the alert UUIDs to '/var/log/qs_snmpraisedtraps.dat'. If you delete that file then all the alerts will be raised again after the agent restarts. To generate a test alert which will be converted into an SNMP trap use this command:

qs alert-raise --title="Test" --message="snmp test message" --alert-severity=warning --server=localhost,admin,password

After you create the test alert you can then look in the log to see if it has been raised:

qs-showlog -snmp

An easier way to do that is to leave the log open with a 'tail -f /var/log/qs_snmpagent.log' then hit Ctrl-C to stop monitoring the log once you see the trap generated. By default the /etc/snmp/snmpd.conf file is configure to only raise traps to the local host. To raise traps outside of the local host you'll need to add additional lines to the snmpd.conf file like this:

trap2sink 127.0.0.1 public
trap2sink 192.168.10.123 public
trap2sink 10.10.50.134 public

You can also monitor traps using the snmptrapd utility like so:

snmptrapd -P -F "%02.2h:%02.2j TRAP%w.%q from %A %v %W\n"