SNMP Agent Setup
SNMP Agent Configuration
The QuantaStor SNMP agent provides the ability to collect SNMP traps and to browse the objects within a QuantaStor grid via SNMP GET operations. Note that the SNMP agent has no SNMP SET operations and does not allow one to change the configuration of a QuantaStor appliance or grid via SNMP. To make automated configuration changes please see the REST APIs in the QuantaStor Developer Guide.
qs-util SNMP Utility Commands
The qs-util command line utility has a number of helper commands to make enabling SNMP and verifying the configuration easier. Here's a list of those commands, you can also run 'qs-util' at the console to see a full list of these commands. Note that you must run many of these commands as root so be sure to do a 'sudo -i' before running them.
SNMP Commands qs-util snmpenable : Configures the SNMP agent to startup automatically at system startup. qs-util snmpdisable : Configures the SNMP agent to not start automatically at system startup (default). qs-util snmpactivate : Turns on the SNMP agent qs-util snmprestart : Restarts the SNMP service and agent qs-util snmpwalkall : Walks the entire SNMP mib qs-util snmpwalkvolumes : Walks the volumes via the SNMP mib qs-util snmpwalkalerts : Walks the alerts via the SNMP mib qs-util snmpmib : Displays the contents of the SNMP mib
Enabling the SNMP Agent
By default the QuantaStor SNMP agent is turned off but you can enable it at the console with a couple of commands:
sudo qs-util snmpenable sudo qs-util snmpactivate
The snmpenable command sets up the appliance so that the SNMP agent will start automatically when the appliance boots up. The snmpactivate command will startup the snmpd and qs_snmpagent services. You must also install the snmp package which contains the snmpwalk and snmpget utilities you can use for testing the agent.
sudo apt-get install snmp
Configuring the SNMP Agent user account
You must edit the /etc/snmp/snmpd.conf configuration file to contain the plain text username and password for the account that will be used for communication between the SNMP agent and the QuantaStor core services. We recommend creating a 'snmpuser' account with the 'System Monitor' role so that even if someone gets the plain text password for the SNMP agent they still cannot make configuration changes to the appliance. If you are not logged into the web management interface you can create a new management user account at the command line like so:
qs user-add snmpuser snmppass "System Monitor" server=localhost,admin,password
In the /etc/snmp/snmpd.conf file you will see lines in there that look like this:
createUser snmpuser MD5 snmppass DES group nmsGroup usm snmpuser
Edit 'nano /etc/snmp/snmpd.conf' those to match the new user account username and password you gave in the previous step. For example, replace 'snmpuser' with the username of the account you created via the QuantaStor manager web interface, and replace 'snmppass' with the password you gave to that account. When the SNMP agent starts up, it will use the credentials for the first createUser entry in the snmpd.conf file for all communication with the QuantaStor service. So even if you have multiple createUser entries in the snmpd.conf file like "admin" but the first createUser entry is "snmpuser" then "snmpuser" credentials are used for all the SNMP agent to qs_service communication.
Now it is time to restart the SNMP daemon and agent like so:
sudo qs-util snmprestart
Testing the SNMP Agent
Now that you have the SNMP agent enabled with an account associated with it, now it's time to test it to make sure it is working. To do this, use the qs-util commands for doing an SNMP walk, for example:
qs-util snmpwalkvolumes snmpuser snmppass qs-util snmpwalkalerts snmpuser snmppass qs-util snmpwalkall snmpuser snmppass
Alternatively you can run a snmpwalk like so:
snmpwalk -v 3 -u snmpuser -a MD5 -A snmppass -x DES -X "snmppass" -l authPriv localhost QUANTASTOR-SYS-STATS::storageVolume
Be sure to replace snmpuser and snmppass with the user account you setup and specified in the /etc/snmp/snmpd.conf configuration file. If you're not able to get any data from the snmpwalk commands, try running a simple qs command to verify that the credentials are correct for the account like so:
qs alert-list server=localhost,snmpuser,snmppass
If that doesn't work then either the quantastor service is not running (service quantastor start) or the user account username or password isn't correct.
Configuring SNMP Agent Trap Settings
The alerts within QuantaStor have a severity of error, warning or informational and via the /etc/qs_snmptrapd.conf configuration file you can turn off these categories of alerts to fit your needs. In general you should not ever ignore error messages but it may be handy to disable informational alerts in some cases. Here's the default contents of the /etc/qs_snmptrapd.conf file. Note that if you delete it, the SNMP agent will automatically re-create it for you with the defaults:
poll-interval=120 ignore-error-alerts=false ignore-warn-alerts=false ignore-info-alerts=false
If you make any changes to this file, be sure to restart the agent like so.
service snmpagent restart
Or you can restart both the agent and SNMP service like so:
Testing SNMP Trap Settings
By default the SNMP agent only pushes out traps every 120 seconds so you will have to wait awhile for the trap to be generated after you raise a test alert. QuantaStor only raises traps for Alert objects, so anything that you see in the Alert status bar in the web interface or see in 'qs alert-list' will be sent out as traps. Traps are only sent a single time and the agent keeps track of what alerts have been sent by writing the alert UUIDs to '/var/log/qs_snmpraisedtraps.dat'. If you delete that file then all the alerts will be raised again after the agent restarts. To generate a test alert which will be converted into an SNMP trap use this command:
qs alert-raise --title="Test" --message="snmp test message" --alert-severity=warning --server=localhost,admin,password
After you create the test alert you can then look in the log to see if it has been raised:
An easier way to do that is to leave the log open with a 'tail -f /var/log/qs_snmpagent.log' then hit Ctrl-C to stop monitoring the log once you see the trap generated. By default the /etc/snmp/snmpd.conf file is configure to only raise traps to the local host. To raise traps outside of the local host you'll need to add additional lines to the snmpd.conf file like this:
trap2sink 127.0.0.1 public trap2sink 192.168.10.123 public trap2sink 10.10.50.134 public
You can also monitor traps using the snmptrapd utility like so:
snmptrapd -P -F "%02.2h:%02.2j TRAP%w.%q from %A %v %W\n"