Smart quotes are not so smart: net-snmp-config –create-snmpv3-user for LibreNMS

4 Comments / FreeBSD, LibreNMS, snmp / By

NOTE: If you are looking to configure net-mgmt/net-snmp for the first time, the latest article is Configuration of net-mgmt/net-snmp on FreeBSD.

I wasted a few hours today trying to figure out why special characters in passwords were causing problems. I was chasing the wrong problem.

Conclusion: smart quotes are dumb.

Full disclosure: I should have seen the problem. The problem is not with LibreNMS.

Here is my procedure for creating an snmp read-only user, as provided by zi:

# net-snmp-config --create-snmpv3-user -ro -A "AuthPass" -X "PrivPass" -a SHA -x AES MyROCommunity
adding the following line to /var/net-snmp/snmpd.conf:
   createUser MyROCommunity SHA "AuthPass" AES PrivPass
adding the following line to /usr/local/share/snmp/snmpd.conf:
   rouser MyROCommunity

However, that’s not what I was getting/seeing/doing. I had copied pasted the above into a document which was using smart quotes. Instead of getting the above, I was getting this:

# net-snmp-config --create-snmpv3-user -ro  -A “AuthPass” -X “PrivPass” -a SHA -x AES MyROCommunity
adding the following line to /var/net-snmp/snmpd.conf:
   createUser MyROCommunity SHA "“AuthPass”" AES “PrivPass”
adding the following line to /usr/local/share/snmp/snmpd.conf:
   rouser MyROCommunity

The subtle differences are:

  1. AuthPass is enclosed in a double set of quotes, but PrivPass is not.
  2. PrivPass is stored as shown.
  3. AuthPass is stored with the “simple quotes”.

That is, the two statements do not results in the same passwords being stored. This issue led to me suspecting that LibreNMS was not correctly handling special characters (because my first attempts involved password such as PeDptM6!).

After I solved that problem, I was able to get the device added to LibreNMS.

One last problem

I did notice one problem: I am unable to update the SNMP panel for a device which is using snmp v3. See detail in this Google Groups post.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

4 thoughts on “Smart quotes are not so smart: net-snmp-config –create-snmpv3-user for LibreNMS”

  1. Ray

    Hello Dan,

    are you able to run librenms in a jail? I am not sure because there is not much doku and It does not discover anything … Do you know if you need something special in regard to jail configuration?

    thanks
    R.

  2. RealisticDesk3796

    Hi Dan,
    I too am trying to make LibreNMS fully working inside a Truneas 13 jail, by fully I mean that I’ve installed pkg version 24… but let me share my validate.php output:

    ===========================================
    Component | Version
    ——— | ——-
    LibreNMS | 24.12.0 (2024-12-18T00:55:13+01:00)
    DB Schema | 2024_11_22_135845_alert_log_refactor_indexes (310)
    PHP | 8.3.15
    Python | 3.11.11
    Database | MySQL 8.0.39
    RRDTool | 1.9.0
    SNMP | 5.9.4.pre2
    ===========================================

    [OK] Installed from package; no Composer required
    [OK] Database connection successful
    [OK] Database connection successful
    [OK] Database Schema is current
    [OK] SQL Server meets minimum requirements
    [OK] lower_case_table_names is enabled
    [OK] MySQL engine is optimal
    [OK] Database and column collations are correct
    [OK] Database schema correct
    [OK] MySQL and PHP time match
    [FAIL] Poller is not running. No poller has run within the last 300 seconds.
    [WARN] Dispatcher Service has been used, but not recently
    [OK] Locks are functional
    [FAIL] No active python wrapper pollers found
    [OK] Redis is unavailable
    [OK] rrd_dir is writable
    [OK] rrdtool version ok
    [FAIL] Scheduler is not running
    [FIX]:
    sudo sh -c ‘sed “s#/opt/librenms#/usr/local/www/librenms#” /usr/local/www/librenms/dist/librenms-scheduler.cron > /etc/cron.d/librenms-scheduler.cron’

    what I cannot work out is how to properly start librenms service ; if I run the command inside a librenms user shell the dispatcher starts and I can see the correct output and devices get polled; if I start with “service librenms start” I have no errors but the service doesn not start, the pidfile get created but it is empty. Permissions seems file: librenms is the owner of the /var/run/librenms directory where the pidfile get created and I’m really out of ideas.

    Hope you can somehow point me in the right direction..

    Thank you anyway for your really remarkable job in the FreeBSD community!

  3. Dan Langille

    I’m just going to dump everything I can find here because I don’t see the problem. Don’t make a bunch of changes and see if it works. Make them one by one and restart the service until you find a change. See if we can track down which one fixes it.

    First, do not do their suggested FIX – that is Linux-specific.
    The port was updated to 25.2.0 yesterday – the package is not built yet: https://www.freshports.org/net-mgmt/librenms/#packages
    What do you mean by a “librenms user shell”?
    Here is everything running as www in my jail (apart from Apache):

    [12:21 besser dvl ~] % ps auwwx | grep www | grep -v http
www      22847  0.0  0.0  12828  2304  -  SsJ  22:44    0:01.63 daemon: /usr/local/bin/python3.11[22848] (daemon)
www      22848  0.0  0.0 433236 54152  -  SJ   22:44    8:06.60 /usr/local/bin/python3.11 /usr/local/www/librenms/librenms-service.py
dvl      66939  0.0  0.0  12808  2384  3  S+J  12:22    0:00.00 grep www
[12:22 besser dvl ~] %

    The daemon is what is launched by the script, when then starts/watched over the librenms-service.py process – this is the Poller mentioned above.

    Here is my validate:

    [12:24 besser dvl /usr/local/www/librenms] % echo ./validate.php | sudo su -fm www
===========================================
Component | Version
--------- | -------
LibreNMS  | 25.2.0 (2025-02-20T10:55:43+00:00)
DB Schema | 2025_01_30_000121_add_ifindex_index_to_ports_table (315)
PHP       | 8.3.17
Python    | 3.11.11
Database  | MySQL 8.0.39
RRDTool   | 1.9.0
SNMP      | 5.9.4.pre2
===========================================

[OK]    Installed from package; no Composer required
[OK]    Database connection successful
[OK]    Database connection successful
[OK]    Database Schema is current
[OK]    SQL Server meets minimum requirements
[OK]    lower_case_table_names is enabled
[OK]    MySQL engine is optimal
[OK]    Database and column collations are correct
[OK]    Database schema correct
[OK]    MySQL and PHP time match
[OK]    Active pollers found
[OK]    Dispatcher Service is enabled
[OK]    Locks are functional
[OK]    No active python wrapper pollers found
[OK]    Redis is unavailable
[OK]    rrd_dir is writable
[OK]    rrdtool version ok

    This is my configuration:

    [12:25 besser dvl /usr/local/etc/rc.d] % grep librenms /etc/rc.conf
librenms_enable="NO"
librenms_daemonflags="-T librenms -s info -l local3"

    It says no because I can’t get my libernms to start and stay running when the jail restarts. Instead, I do it this way:

    [12:33 besser dvl /usr/local/etc/cron.d] % ls -l
total 14
-rw-r--r--  1 root wheel 309 2024.05.21 14:15 anvil
-rw-r--r--  1 root wheel  68 2023.02.20 01:08 dma
-rw-r--r--  1 root wheel 193 2025.02.20 22:23 librenms
-rw-r--r--  1 root wheel 185 2024.12.18 14:44 librenms-reboot
[12:33 besser dvl /usr/local/etc/cron.d] % cat librenms-reboot 
#minute	hour	mday	month	wday	who	command
# because librenms is not playing nicely on start of jail
@reboot                                 root    sleep 10 && service librenms onestart

    That local3 above comes into effect here:

    [12:26 besser dvl /usr/local/etc/rc.d] % cat /usr/local/etc/syslog.d/librenms.conf 
local3.*                                       /var/log/librenms/librenms-service.log

    These are the log files:

    [12:26 besser dvl /usr/local/etc/rc.d] % ls -l /var/log/librenms/*.log
-rw-r--r--  1 www www     388 2025.02.21 00:00 /var/log/librenms/daily.log
-rw-r--r--  1 www www 2104417 2025.02.21 12:26 /var/log/librenms/librenms-service.log
-rw-r--r--  1 www www 1060821 2025.02.21 12:26 /var/log/librenms/librenms.log
-rw-r--r--  1 www www       0 2025.02.21 00:00 /var/log/librenms/maintenance.log

    This is the log rotation:

    [12:34 besser dvl /usr/local/etc/newsyslog.conf.d] % cat librenms.conf
# configuration file for newsyslog for librenms
#
# see newsyslog.conf(5) for details
#
# logfilename                  [owner:group]    mode count size when  flags [/pid_file]        [sig_num]
/var/log/librenms/*.log         www:www		644  14	   *	$D0    GB   

    /var/log/librenms/librenms.log is specified in /usr/local/etc/librenms.env like this:
APP_LOG=/var/log/librenms/librenms.log

    I hope something in there helps.

Leave a Comment

Scroll to Top