Please login or register. June 20, 2019, 03:09:47 PM

Author Topic: Using Cacti to Monitor HACMP machines  (Read 28763 times)

0 Members and 1 Guest are viewing this topic.

HRH_H_Crab

  • Jr. Member
  • **
  • Posts: 14
  • Karma: +0/-0
Re: Using Cacti to Monitor HACMP machines
« Reply #10 on: February 01, 2007, 06:38:33 PM »
I think its no.1 rather than no.2 since the version of AIX is the same on all my LPARS. Its just that I can monitor the ones without HACMP, but not the ones with HACMP.

Is there anyway to remove these restrictions?

I find snmp on AIX very confusing. Im pretty sure installing HACMP just changes the configuration, not the version of the snmp server itself. I'll check the logs on non-HACMP and HACMP LPARS and see if there is a difference.
« Last Edit: February 01, 2007, 06:41:43 PM by HRH_H_Crab »

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1122
  • Karma: +0/-0
Re: Using Cacti to Monitor HACMP machines
« Reply #11 on: February 01, 2007, 08:33:31 PM »
I'll install HACMP on some nodes tomorrow and see if I can spot the changes.

HRH_H_Crab

  • Jr. Member
  • **
  • Posts: 14
  • Karma: +0/-0
Re: Using Cacti to Monitor HACMP machines
« Reply #12 on: February 02, 2007, 02:42:23 PM »
I found the following here: http://www.coredumps.de/doc/ibm/cluster/HAES/haes/ch19.html:

/etc/snmpd.conf

The SNMP daemon reads the /etc/snmpd.conf configuration file when it starts up and when a refresh or kill -1 signal is issued. This file specifies the community names and associated access privileges and views, hosts for trap notification, logging attributes, snmpd-specific parameter configurations, and SMUX configurations for the snmpd. The HACMP/ES installation process adds the clsmuxpd password to this file. The following entry is added to the end of the file, to include the HACMP/ES MIB managed by the clsmuxpd.

smux    1.3.6.1.4.1.2.3.1.2.1.5    "clsmuxpd_password" # HACMP clsmuxpd

/etc/snmpd.peers

The /etc/snmpd.peers file configures snmpd SMUX peers. The HACMP/ES install process adds the following entry to include the clsmuxpd.

clsmuxpd 1.3.6.1.4.1.2.3.1.2.1.5    "clsmuxpd_password" # HACMP clsmuxpd

Apparently these are the only two things which are changed when you install HACMP. It must be this which is causing me the problems.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1122
  • Karma: +0/-0
Re: Using Cacti to Monitor HACMP machines
« Reply #13 on: February 02, 2007, 04:17:54 PM »
Well, I finally got a pretty much vanilla HACMP install finished, using HACMP 5.3.

As tests, from the nim installation server I repeaded the follwoing command:
Quote
root@nim [/]:for i in 1 2 3 4
> do
> snmpinfo -m get -c public -h ha12$i -v 1.3.6.1.4.1.2.4.12.7.1.2.3
> done
ibm.4.12.7.1.2.3 = ibmAIX (1.3.6.1.4.1.2.6.191)
ibm.4.12.7.1.2.3 = ibmAIX (1.3.6.1.4.1.2.6.191)
ibm.4.12.7.1.2.3 = ibmAIX (1.3.6.1.4.1.2.6.191)
ibm.4.12.7.1.2.3 = ibmAIX (1.3.6.1.4.1.2.6.191)

This worked each time - before installing the cluster.* software; after installing the software; after running the two node configuration wizard (to be very standard); after starting one node.
Quote
# ./clfindres
-----------------------------------------------------------------------------
Group Name     State                        Node           
-----------------------------------------------------------------------------
AppB_group     ONLINE                       ha_121         
                       OFFLINE                      ha_122         

The file snmpd.conf file has been updated, by the installation of the software. So I removed the software from one node (124)
Quote
root@nim[/test]:ls -l
total 96
-rw-r-----   1 root     system        10164 Feb  2 17:02 snmpd.conf.ha121
-rw-r-----   1 root     system        10164 Feb  2 17:02 snmpd.conf.ha122
-rw-r-----   1 root     system        10164 Feb  2 17:02 snmpd.conf.ha123
-rw-r-----   1 root     system        10080 Feb  2 17:02 snmpd.conf.ha124
root@nim[//test]:diff *ha121 *ha124
207d206
< smux     1.3.6.1.4.1.2.3.1.2.1.5      clsmuxpd_password # HACMP/ES for AIX clsmuxpd
root@nim[/test]:

My conclusion is that it is not the HACMP software that is making a change, but an administrator is making changes to the community line in snmpd.conf.

The default entry when AIX is installed is:
Quote
root@nim[/test]:grep community *121 *124

snmpd.conf.ha121:community      public
snmpd.conf.ha121:#community       private 127.0.0.1 255.255.255.255 readWrite
snmpd.conf.ha121:#community       system  127.0.0.1 255.255.255.255 readWrite 1.17.2

snmpd.conf.ha124:community      public
snmpd.conf.ha124:#community       private 127.0.0.1 255.255.255.255 readWrite
snmpd.conf.ha124:#community       system  127.0.0.1 255.255.255.255 readWrite 1.17.2

Also in /etc/snmpd.conf is some documentation about the interpretation of the community statement.

Before adding it I will just say that the default statement allows the community public to read all variables from any IP address. To make it more restrictive, or even "secret" you change the community name and/or limit the acceptable ranges of IP addresses making queries (with IP_ADDRESS NETMASK pairs).

Now the documentation included inthe default file:
Quote
# 2. Set the community names and access privileges for hosts that can make
#    requests of this snmpd agent.  Define these restrictions as follows:
#
#       community  <name>  <address>  <netmask>  <permissions>  <view name>
#
#    where <name> is the community name, <address> is either a hostname or
#    an IP address in dotted notation, and <permissions> is one of:  none,
#    readOnly, writeOnly, readWrite.  The default permission is readOnly.
#    <netmask> specifies the network mask.  The default address and netmask
#    are 0.0.0.0.  If an address other than 0.0.0.0 is specified, the default
#    netmask is 255.255.255.255.  If a permission is specified, both the
#    address and netmask must also be specified.  <view name> defines a
#    portion of the MIB tree to which this community name allows access.
#    <view name> must be defined as a unique object identifier in dotted
#    numeric notation.  <view name> is further defined in the view
#    configuration entry.  If <view name> is not specified, the view for
#    this community defaults to the entire MIB tree.  Fields to the right
#    of <name> are optional, with the limitation that no fields to the
#    left of a specified field are omitted.
#

So, please post a grep of community from your /etc/snmpd.conf files - if permited :)

HRH_H_Crab

  • Jr. Member
  • **
  • Posts: 14
  • Karma: +0/-0
Re: Using Cacti to Monitor HACMP machines
« Reply #14 on: February 02, 2007, 04:34:46 PM »
From /etc/snmpd.conf on my

community       public
#community       private 127.0.0.1 255.255.255.255 readWrite
#community       system  127.0.0.1 255.255.255.255 readWrite 1.17.2

Its not an administrator!
The only admin on these boxes is me! ;P

Im pretty sure that its the clsmuxpd stuff I pasted before that causes the problem.


Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1122
  • Karma: +0/-0
Re: Using Cacti to Monitor HACMP machines
« Reply #15 on: February 03, 2007, 03:36:56 PM »
Well, this should be permitting a query. Have you tried a query from an another AIX partition with, and without HACMP installed (the -get version I have in my last post should work every where.)

What the smux entry does is tell the snmd daemon where to look for questions starting at the OID 1.3.6.1.4.1.2.3.1.2.1.5 == ibm.3.1.2.1.5

After this, the next steps to look for what is happening is to use syslog.conf and set daemon.debug to a seperate file, and also to be reading the log file (/var/tmp/snmpd.log by default I think. The name is also in the configfile. p.s. if the log file you find is the snmpdv3.log file, then we can be pretty sure that snmp_v3 is being used.

I'll try top get a linux box installed, and/or a partition, and see what I can duplicate there.

But, to this moment, I have not been able to duplicate a failure of snmpinfo from AIX to AIX.