Apologize for the long post, majority of it are config files that need to be shown.
I've been creating my own SNMP agent. For creating my MIB and snmpd.conf file I've just searched the web for answers. For actually implementing the handlers I've used the example.c/.h found at http://www.net-snmp.org/dev/agent/example_8c_source.html
I'm using another PC (all Linux) to test my implementation and so far I've only been able to get snmpwalk/snmpget commands to work.
I've setup the WriteMethod function inside my source file for my setable objects. Problem is, I do not think this code is getting executed when trying to set the object.
Below is an example of trying to set the object:
root#jt:/usr/share/snmp/mibs# snmpset -v 2c -c communityNameHere -m MIB-NAME-HERE.txt 10.20.30.40 1.3.6.1.4.1.12345.1 s "0"
MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
Cannot find module (MIB-NAME-HERE.txt): At line 0 in (none)
Error in packet.
Reason: notWritable (That object does not support modification)
Failed object: iso.3.6.1.4.1.12345.1
I've also tried to use snmpset without the -m option. I've tried using -m +MIB-NAME-HERE.txt as well.
Question - I have snmp.conf commented out. How can it not find the module when the MIB I specify is in /usr/share/snmp/mibs ?
Below is my MIB :
MIB-NAME-HERE DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Integer32, enterprises,
NOTIFICATION-TYPE FROM SNMPv2-SMI
OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF
;
testSnmp MODULE-IDENTITY
LAST-UPDATED "201505200000Z"
ORGANIZATION "www.example.com"
CONTACT-INFO
"email: support#example.com"
DESCRIPTION
"MIB Example."
REVISION "201505200000Z"
DESCRIPTION
"version 1.0"
::= { enterprises 12345 }
--
-- top level structure
--
testSnmpValues OBJECT IDENTIFIER ::= { testSnmp 1 }
testSnmpValuesGroup OBJECT-GROUP
OBJECTS { testObject
}
STATUS current
DESCRIPTION
"Group of all test variables."
::= { testSnmp 4 }
--
-- Values
--
testObject OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..4096))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Test Example"
::= { testSnmpValues 1 }
Question - What is the purpose of :
testSnmpValues OBJECT IDENTIFIER ::= { testSnmp 1 }
testSnmpValuesGroup OBJECT-GROUP
OBJECTS { testObject
}
STATUS current
DESCRIPTION
"Group of all test variables."
::= { testSnmp 4 }
Now for my snmpd.conf file :
###############################################################################
#
# snmpd.conf:
# Test snmpd configuration file. (See EXAMPLE.conf as a reference)
#
###############################################################################
# By default snmp looks here:
# /etc/snmp/snmpd.conf.
# Use '-C -c <configfile>' to override.
#
###############################################################################
# Access Control
###############################################################################
# sec.name source community
com2sec testall default communityNameHere
#---- Community 'communityNameHere' uses security name 'testall'. 'source' selects which IPs can connect.
####
# Second, map the security names into group names:
# sec.model sec.name
group TestGroup v1 testall
group TestGroup v2c testall
group TestGroup usm testall
####
# Third, create a view for us to let the groups have rights to:
# incl/excl subtree mask
#view all included .1 80
view testview included .1.3.6.1.4.1.12345
#---- testview - A view which only allows access to Test OIDs.
####
# Finally, grant the groups access to the 1 view with different
# write permissions:
# context sec.model sec.level match read write notif
#---- Grant read access to TEST group for all security models.
access TestGroup "" any noauth exact testview testview testview
# -----------------------------------------------------------------------------
# load the testsnmp module
dlmod testsnmp /usr/local/testsnmp.so
Question - Is there something I am missing to make an object writeable? I've seen other snmpd.conf files with different formats but I assume that shouldn't matter?
You generally don't need a MIB for net-snmp to work. It is enough when you have the OID specified in the .c file.
Are you trying the snmpset/get/walk on a remote PC or on the same one.
I had to specifie in my snmpd.conf the
-> agentAddress udp:161
Without it i didn't had access.
Your MIB file missing "END" at the end, you can validate it here: simpleweb mib validation
I named my community "public" and had to add this in /etc/snmp/snmpd.conf
com2sec ConfigUser default public
com2sec AllUser default public
group ConfigGroup v1 ConfigUser
group AllGroup v2c AllUser
Now you shall be able to do your tests with v1.
I had to do export MIBS="MY-MIB", whereas MY-MIB.txt is my MIB file, which I put info /usr/local/share/snmp/mibs/. I don't remember exactly whether it was required for mib2c tool or if you can skip defining MIBS variable.
Then you could start snmpd with -d switch to see debug output, start your agent and can do testing. I had to enable ports used by snmpd in my firewall, which were blocked by default. I can test read/write on my dummy value with:
snmpget -v1 -c public localhost:10161 MY-MIB::test2.0
MY-MIB::test2.0 = INTEGER: 43 tests
snmpset -v1 -c public localhost:10161 MY-MIB::test2.0 = 123
MY-MIB::test2.0 = INTEGER: 123 tests
As long as you have a working agent, this shall work, you can use also mib2c to create simple sub-agent for your test-MIB and test it with it, just to make sure your config+agent is all right.
Related
When I run puppet agent --test I have no errors output but the user did not create.
My puppet hira.yaml configuration is:
---
version: 5
datadir: "/etc/puppetlabs/code/environments"
data_hash: yaml_data
hierarchy:
- name: "Per-node data (yaml version)"
path: "%{::environment}/nodes/%{::trusted.certname}.yaml"
- name: "Common YAML hierarchy levels"
paths:
- "defaults/common.yaml"
- "defaults/users.yaml"
users.yaml is:
accounts::user:
joed:
locked: false
comment: System Operator
uid: '1700'
gid: '1700'
groups:
- admin
- sudonopw
sshkeys:
- ssh-rsa ...Hw== sysop+moduledevkey#puppetlabs.com
I use this module
Nothing in Hiera data itself causes anything to be applied to target nodes. Some kind of declaration is required in a manifest somewhere or in the output of an external node classifier script. Moreover, the puppetlabs/accounts module provides only defined types, not classes. You can store defined-type data in Hiera and read it back, but automated parameter binding via Hiera applies only to classes, not defined types.
In short, then, no user is created (and no error is reported) because no relevant resources are declared into the target node's catalog. You haven't given Puppet anything to do.
If you want to apply the stored user data presented to your nodes, you would want something along these lines:
$user_data = lookup('accounts::user', Hash[String,Hash], 'hash', {})
$user_data.each |$user,$props| {
accounts::user { $user: * => $props }
}
That would go into the node block matched to your target node, or, better, into a class that is declared by that node block or an equivalent. It's fairly complicated for so few lines, but in brief:
the lookup function looks up key 'accounts::user' in your Hiera data
performing a hash merge of results appearing at different levels of the hierarchy
expecting the result to be a hash with string keys and hash values
and defaulting to an empty hash if no results are found;
the mappings in the result hash are iterated, and for each one, an instance of the accounts::user defined type is declared
using the (outer) hash key as the user name,
and the value associated with that key as a mapping from parameter names to parameter values.
There are a few problems here.
You are missing a line in your hiera.yaml namely the defaults key. It should be:
---
version: 5
defaults: ## add this line
datadir: "/etc/puppetlabs/code/environments"
data_hash: yaml_data
hierarchy:
- name: "Per-node data (yaml version)"
path: "%{::environment}/nodes/%{::trusted.certname}.yaml"
- name: "Common YAML hierarchy levels"
paths:
- "defaults/common.yaml"
- "defaults/users.yaml"
I detected that using the puppet-syntax gem (included if you use PDK, which is recommended):
▶ bundle exec rake validate
Syntax OK
---> syntax:manifests
---> syntax:templates
---> syntax:hiera:yaml
ERROR: Failed to parse hiera.yaml: (hiera.yaml): mapping values are not allowed in this context at line 3 column 10
Also, in addition to what John mentioned, the simplest class to read in your data would be this:
class test (Hash[String,Hash] $users) {
create_resources(accounts::user, $users)
}
Or if you want to avoid using create_resources*:
class test (Hash[String,Hash] $users) {
$users.each |$user,$props| {
accounts::user { $user: * => $props }
}
}
Note that I have relied on the Automatic Parameter Lookup feature for that. See the link below.
Then, in your Hiera data, you would have a key named test::users to correspond (class name "test", key name "users"):
---
test::users: ## Note that this line changed.
joed:
locked: false
comment: System Operator
uid: '1700'
gid: '1700'
groups:
- admin
- sudonopw
sshkeys:
- ssh-rsa ...Hw== sysop+moduledevkey#puppetlabs.com
Use of automatic parameter lookup is generally the more idiomatic way of writing Puppet code compared to calling the lookup function explicitly.
For more info:
PDK
Automatic Parameter Lookup
create_resources
(*Note that create_resources is "controversial". Many in the Puppet community prefer not to use it.)
I am trying to use the mib files supplied by Cisco to make sense the info obtainend by polling my switch via SNMP. It's a SG300-52P, the files can be found here.
After I placed the files in one of netsnmp's default mib directories, there were multiple errors when I tried to decode one of the description to its numeric value to verify that the mib files work. I thought about resolving the issues, but they were too numerous, so I decided to just try and get the simplest of these files to work with netsnmp. I placed only the SNMPv2-SMI file in one of netsnmp's default mib directories (because that came up in the errors and is a short file with no dependencies; I've appended the content for easy reference) and ran the following command:
snmptranslate -m SNMPv2-SMI zeroDotZero
However, this returns the following two erros:
Expected LAST-UPDATED (SMI): At line 35 in /home/buildmanager/.snmp/mibs/SNMPv2-SMI.my
zeroDotZero: Unknown Object Identifier (Sub-id not found: (top) -> zeroDotZero)
After some googling and guessing, I went ahead and checked the file with this online mib file validator here, which objected that
Line 34:
2 `SMI' should start with a lower case letter
1 syntax error, unexpected MODULE_IDENTITY, expecting OBJECT
I have no Idea what to make of these messages, googling them revealed nothing I could make sense of. Does this mean my file actually has errors? It's a file officially supplied by Cisco, and it's very basic - I can't imagine that would be the case.
I've made sure that there is no interfering SNMPv2-SMI anywhere else on my system, so I'm sure that this is the file netsnmp is using. I suspect there is something here that I did not understand about SNMP and these mib files in general, so please point me at the right direction or tell me where and how to look for answers. Thanks!
Contents of SNMPv2-SMI:
-- file: SNMPv2-SMI.my
-- Changes:
-- Converted to SMIC format.
-- dperkins#scruznet.com
SNMPv2-SMI DEFINITIONS ::= BEGIN
org OBJECT IDENTIFIER ::= { iso 3 }
dod OBJECT IDENTIFIER ::= { org 6 }
internet OBJECT IDENTIFIER ::= { dod 1 }
directory OBJECT IDENTIFIER ::= { internet 1 }
mgmt OBJECT IDENTIFIER ::= { internet 2 }
mib-2 OBJECT IDENTIFIER ::= { mgmt 1 }
transmission OBJECT IDENTIFIER ::= { mib-2 10 }
experimental OBJECT IDENTIFIER ::= { internet 3 }
private OBJECT IDENTIFIER ::= { internet 4 }
enterprises OBJECT IDENTIFIER ::= { private 1 }
security OBJECT IDENTIFIER ::= { internet 5 }
snmpV2 OBJECT IDENTIFIER ::= { internet 6 }
-- transport domains
snmpDomains OBJECT IDENTIFIER ::= { snmpV2 1 }
-- transport proxies
snmpProxys OBJECT IDENTIFIER ::= { snmpV2 2 }
-- module identities
snmpModules OBJECT IDENTIFIER ::= { snmpV2 3 }
-- macros
SMI MODULE-IDENTITY
SMI OBJECT-IDENTITY
SMI OBJECT-TYPE
SMI NOTIFICATION-TYPE
-- types
SMI Counter32
SMI Counter64
SMI Gauge32
SMI Integer32
SMI IpAddress
SMI Opaque
SMI TimeTicks
SMI BITS
SMI Unsigned32
zeroDotZero OBJECT-IDENTITY
STATUS current
DESCRIPTION
"A value used for null identifiers."
::= { 0 0 }
END
That SNMPv2-SMI file you quoted has been modified from the original/standard to use special syntax that is specific to the SMIC compiler (those "SMI" keywords like "SMI Counter32"), per the comments at the beginning:
-- Converted to SMIC format.
This is broken syntax (no longer valid SMIv1 or SMIv2) according to any other parser/compiler, hence the errors. You should only add MIBs to net-snmp that you need that are not already provided by it (as SNMPv2-SMI should be), and should use standard syntax, not compiler-specific extensions (unless they are implemented in comments).
I am trying to add my own MIB-Module into a snmp agent, following this tutorial: http://www.net-snmp.org/wiki/index.php/TUT:Writing_a_MIB_Module
Now, I followed the tutorial step by step and doubled checked everything, searched a really long time but nothing helped me fixing my problem!
I am using net-snmp version 5.7.3
I implemented the following code into the net-snmp/agent/mibgroup directory:
#include <net-snmp/net-snmp-config.h>
#include <net-snmp/net-snmp-includes.h>
#include <net-snmp/agent/net-snmp-agent-includes.h>
#include "nstAgentModuleObject.h"
/*
* the variable we want to tie an OID to. The agent will handle all
** GET and SET requests to this variable changing it's value as needed.
*/
static long nstAgentModuleObject = 42;
/*
* our initialization routine, automatically called by the agent
* (to get called, the function name must match init_FILENAME())
*/
void
init_nstAgentModuleObject(void)
{
static oid nstAgentModuleObject_oid[] =
{ 1, 3, 6, 1, 4, 1, 8072, 2, 4, 1, 1, 1, 0 };
/*
* a debugging statement. Run the agent with -DnstAgentModuleObject to see
* the output of this debugging statement.
*/
DEBUGMSGTL(("nstAgentModuleObject",
"Initializing the nstAgentModuleObject module\n"));
/*
* the line below registers our variables defined above as
* accessible and makes it writable. A read only version of any
* of these registration would merely call
* register_read_only_int_instance() instead. The functions
* called below should be consistent with your MIB, however.
*/
DEBUGMSGTL(("nstAgentModuleObject",
"Initalizing nstAgentModuleObject scalar integer. Default value = %d\n",
nstAgentModuleObject));
netsnmp_register_long_instance("nstAgentModuleObject",
nstAgentModuleObject_oid,
OID_LENGTH(nstAgentModuleObject_oid),
&nstAgentModuleObject, NULL);
DEBUGMSGTL(("nstAgentModuleObject",
"Done initalizing nstAgentModuleObject module\n"));
}
I ran ./configure --with-mib-modules="nstAgentModuleObject", followed by make and make install. So the nstAgentModuleObject should be integrated in the snmpd agent.
The associated MIB NET-SNMP-TUTORIAL-MIB is saved in /usr/local/snmp/mbis, as well as /~/.snmp/mibs.
I added mibs +ALL in the snmpd.conf to make sure the MIB is loaded correctly. Also I used export MIBS=+all, just in case another .conf is read which should not be the case.
Using following commands I get the results shown below:
snmptranslate -Of NET-SNMP-TUTORIAL-MIB:nstAgentModuleObject
.iso.org.dod.internet.private.enterprises.netSnmp.netSnmpExamples.netSnmpTutorialMIB.nstMIBObjects.nstAgentModulesObject
snmptranslate -On NET-SNMP-TUTORIAL-MIB:nstAgentModuleObject
.1.3.6.1.4.1.8072.2.4.1.1.1
Now, running snmpget with the specified OID gives me this error(appending a 0 on the end since its a scalar. Results in the same error without it as well).
snmpget -v2c -c public localhost .1.3.6.1.4.1.8072.2.4.1.1.1.0
NET-SNMPEXAMPLES-MIB::netSnmpExamples.4.1.1.1.0 = No Such Object availaible on this agent at this OID
It seems like the MIB-module is not properly build-in to the agent, but I can't think of a reason why.
I know the same question has been posted before here, but it didn't receive any answer.(snmpget returns "No Such Object available on this agent at this OID")
So I want to try my luck and hope someone can help me out!
I had the exact same issue,
It didn't work with 5.6.2.
How I solved it:
I've upgraded to 5.7.3 , then it started working.
you need to take care for the following:
configure the package (on build) to support agentx) with --with-mib-modules=agentx
this is my configure:
./configure --prefix=/usr --build=i386-linux --host=arm-linux --target=arm-linux --with-ar=arm-arago-linux-gnueabi-ar --with-cc=arm-arago-linux-gnueabi-gcc --with-ld=arm-arago-linux-gnueabi-ld --with-cflags="-O3 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -mfloat-abi=softfp" --with-endianness=big --with-ldflags=-Bstatic --enable-mini-agent --with-mib-modules="mibII ip-mib if-mib tcp-mib udp-mib ucd_snmp target agent_mibs notification-log-mib snmpv3mibs notification agentx" --without-openssl --without-perl-modules --disable-embedded-perl --disable-shared --with-default-snmp-version="2" --with-sys-contact="root" --with-sys-location="unknown" --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp" --disable-manuals
add agentx to snmpd.conf
This is my snmpd.config
master agentx
rocommunity public rwcommunity private
com2sec readonly default public
com2sec readwrite default private
started snmpd with debug, to give more details:
snmpd -f -Lo: -Dagentx
Then start the agentx application
The following tutorial also helped:
http://net-snmp.sourceforge.net/wiki/index.php/TUT:Writing_a_Subagent
I don't think you need to include the trailing 0 when you create your OID array. I use netsnmp_create_handler_registration in my code base instead of netsnmp_register_long_instance, but this is what I generally do.
static oid nstAgentModuleObject_oid[] = { 1, 3, 6, 1, 4, 1, 8072, 2, 4, 1, 1, 1 };
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I have been trying to understand how to create a MIB : here what I did so far :
I created a MIB, and tried to allocate values to new OID => fail
Here is the MIB :
TEST-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
OBJECT-TYPE, Integer32,MODULE-IDENTITY FROM SNMPv2-SMI;
test MODULE-IDENTITY
LAST-UPDATED "201112190200Z"
ORGANIZATION "blah"
CONTACT-INFO
"please"
DESCRIPTION
"I am stuck"
REVISION "201112190200Z"
DESCRIPTION
"initial Draft"
::= { iso org(3) dod(6) internet(1) private(4) enterprises(1) 39106 }
testResearch OBJECT IDENTIFIER ::= { test 2 }
testVar OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"just for testing"
::= { testResearch 1}
-- conformance information
testMIBConformance OBJECT IDENTIFIER ::= { test 999 }
testMIBCompliances OBJECT IDENTIFIER ::= { testMIBConformance 1 }
testMIBGroups OBJECT IDENTIFIER ::= { testMIBConformance 2 }
-- compliance statements
testMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"blah."
MODULE -- this module
MANDATORY-GROUPS { testGroup }
::= { testMIBCompliances 1 }
-- units of conformance
testGroup OBJECT-GROUP
OBJECTS { testVar }
STATUS current
DESCRIPTION
"The draft"
::= { testMIBGroups 1 }
END
I then
validated this MIB against smilint ,
put it in ~/.snmp/mibs/
have the rwcommunity string for all host, with no OID restriction
restarted the snmpd daemon (On Debian)
So far, all good.
I then tried to see if the daemon knows about this new enterprise, and I did :
snmpwalk -v2c -m +ALL localhost .1.3.6.1.4.1.39106
which outputs :
TEST-MIB::test= No Such Object available on this agent at this OID
So I guess That snmpd is telling me he can't find anything under this tree, because nothing has been set yet.
So I try to set this test variable with snmpset on a shell :
snmpset -v2c -m +ALL localhost .1.3.6.1.4.1.39106.2.1 i 111
outputs :
Error in packet.
Reason: notWritable (That object does not support modification)
Failed object: TEST-MIB::testVar
I tried as well with :
snmpset -v2c -m +ALL localhost .1.3.6.1.4.1.39106.2.1.0 i 111
and as root, but with no success
But when I do a snmptranslate, I can see that the MIB is parsed correctly :
snmptranslate -Td 1.3.6.1.4.1.39106.2.1
TEST-MIB::testVar
testVar OBJECT-TYPE
-- FROM TEST-MIB
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION "just for testing"
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) test(39106) testResearch(2) 1 }
is it a bug? A known issue?
It sounds like you're trying to build your own SNMP Agent.
By the looks of things you've created your own MIB OID's correctly but nothing is responding to the new OID when you query the SNMP host.
Have a read of this: http://docs.oracle.com/cd/E13192_01/manager/mgr20/pguide/buildag.htm and see if it addresses your problem q:)
I have inherited a MIB and example documentation, and need to re-implement the code that generates traps. (For various reason the original code is lost and gone forever, but CM is not my question.)
The MIB says:
alertObjects OBJECT IDENTIFIER ::= { corpAlert 1 }
alertEvents OBJECT IDENTIFIER ::= { corpAlert 2 }
alertDispatchTime OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Time Event Dispatched"
::= { alertObjects 3 }
testFailure OBJECT IDENTIFIER ::= { alertEvents 4 }
testFailureClearTrap NOTIFICATION-TYPE
OBJECTS
{
alertDispatchTime,
[omitted]
}
STATUS current
DESCRIPTION
"Clear prior failure"
::= { testFailure 0 }
Our documentation has the following snippet:
/usr/bin/snmptrap \
-v 1 \
-c public 192.168.0.2:162 [our-base-oid] 127.0.0.1 6 4 '' \
[our-base-oid].2.4.0.4.1.0 s "May 21 2007 10:19PM" \
[etc]
What I can't figure out is the OID used for the alert dispatch time. I would understand it if it were [our-base-oid].1.3.0, or even [our-base-oid].2.4.0.[our-base-oid].1.3. If we were generating a trap at { alertEvents 3 }, what would the suffix be for the individual objects?
It is possible that the MIB was updated after the documentation, so if this looks wrong to an expert then what should the OID be for the alertDispatchTime?
Thanks.
As defined here, alertDispatchTime is a scalar object (only one instance), so its instance subidentifier is always 0 (full OID is [corpAlert].1.3.0). The notification's OID is [corpAlert].2.4.0.
Assuming by "[our-base-oid]" you mean corpAlert, the snmptrap command shown doesn't look to be correct because [our-base-oid].2.4.0.4.1.0 would be testFailureClearTrap.4.1.0, which doesn't make sense: traps don't have instance subidentifiers. But I'm making some assumptions here about the parts of the MIB spec you've not included.
If you have a working system, maybe it'll good if you can generate a trap and see its contents.