Sep 072015
 

NOTE: IF YOU WANT TO GET IT WORKING, skip down to The Recipe.

I want to measure more stuff. I have catci running on some machines, but I have long neglected those stats. In response to my recent post on the FreeBSD Forums, I was introduced to LibreNMS. I was granted access to a running system and I liked what I saw.

The system is built around gathering information via snmpd. I have a few nodes installed now and I’m slowing added new nodes. For now, I have some issues with snmpd I want to resolve before proceeding.

NOTE: please skip down to the bottom section where you’ll find the recipe I now use for snmp v3 clients.

Installation

What? Don’t read this. Skip to the bottom section where you get good advice. This section goes horribly wrong.

I am installing from packages and I build my own via poudriere. The pkg-message for this port is:

$ pkg info --pkg-message net-snmp
net-snmp-5.7.3_8:
**** This port installs snmpd, header files and libraries but does not
     start snmpd by default.
     If you want to auto-start snmpd and snmptrapd:, add the following to
     /etc/rc.conf:

	snmpd_enable="YES"
	snmpd_flags="-a"
	snmpd_conffile="/usr/local/share/snmp/snmpd.conf /etc/snmpd.conf"
	snmptrapd_enable="YES"
	snmptrapd_flags="-a -p /var/run/snmptrapd.pid"

**** You may also specify the following make variables:

	NET_SNMP_SYS_CONTACT="zi@FreeBSD.org"
	NET_SNMP_SYS_LOCATION="USA"
	DEFAULT_SNMP_VERSION=3
	NET_SNMP_MIB_MODULES="host smux mibII/mta_sendmail ucd-snmp/diskio"
	NET_SNMP_LOGFILE=/var/log/snmpd.log
	NET_SNMP_PERSISTENTDIR=/var/net-snmp

     to define default values (or to override the defaults).  To avoid being
     prompted during the configuration process, you should (minimally) define
     the first two variables. (NET_SNMP_SYS_*)

     You may also define the following to avoid all interactive configuration:

	BATCH="yes"

I have a few issues with the above.

Configuration file

If I install lines 8-9, the daemon does not start:

$ sudo service snmpd start
/usr/local/etc/rc.d/snmpd: ERROR: snmpd configuration file /usr/local/share/snmp/snmpd.conf not found.

I did this:

$ sudo mkdir /usr/local/etc/snmp
$ sudo cp /usr/local/share/snmp/snmpd.conf.example /usr/local/etc/snmp/snmpd.conf
$

I changed the line in /etc/rc.conf to:

snmpd_conffile="/usr/local/etc/snmp/snmpd.conf"

I changed this line in /usr/local/etc/snmp/snmpd.conf to use my local IP address:

agentAddress  udp:10.0.0.74:161

Attempts to start snmpd failed:

$ sudo service snmpd start
Starting snmpd.
/usr/local/etc/rc.d/snmpd: WARNING: failed to start snmpd

Looking in /var/log/snmpd.log I saw:

Turning on AgentX master support.
/usr/local/etc/snmp/snmpd.conf: line 87: Error: Already have an entry for this process.
/usr/local/etc/snmp/snmpd.conf: line 89: Error: Already have an entry for this process.
/usr/local/etc/snmp/snmpd.conf: line 91: Error: Already have an entry for this process.
/usr/local/etc/snmp/snmpd.conf: line 103: Error: includeAllDisks already specified.
/usr/local/etc/snmp/snmpd.conf: line 103: Error: 	ignoring: includeAllDisks 10%
error on subcontainer 'mteObjectsTable' insert (-1)
error on subcontainer 'mteObjectsTable' insert (-1)
/usr/local/etc/snmp/snmpd.conf: line 143: Error: duplicate trigger name
error on subcontainer 'mteObjectsTable' insert (-1)
error on subcontainer 'mteObjectsTable' insert (-1)
/usr/local/etc/snmp/snmpd.conf: line 143: Error: duplicate trigger name
error on subcontainer 'mteObjectsTable' insert (-1)
error on subcontainer 'mteObjectsTable' insert (-1)
/usr/local/etc/snmp/snmpd.conf: line 143: Error: duplicate trigger name
error on subcontainer 'mteObjectsTable' insert (-1)
error on subcontainer 'mteObjectsTable' insert (-1)
/usr/local/etc/snmp/snmpd.conf: line 143: Error: duplicate trigger name
error on subcontainer 'mteObjectsTable' insert (-1)
error on subcontainer 'mteObjectsTable' insert (-1)
/usr/local/etc/snmp/snmpd.conf: line 143: Error: duplicate trigger name
error on subcontainer 'mteObjectsTable' insert (-1)
error on subcontainer 'mteObjectsTable' insert (-1)
/usr/local/etc/snmp/snmpd.conf: line 143: Error: duplicate trigger name
error on subcontainer 'mteObjectsTable' insert (-1)
/usr/local/etc/snmp/snmpd.conf: line 143: Error: duplicate trigger name
/usr/local/etc/snmp/snmpd.conf: line 145: Error: duplicate trigger name
/usr/local/etc/snmp/snmpd.conf: line 145: Error: duplicate trigger name
duplicate table data attempted to be entered. row exists
Failed to register extend entry 'test1' - possibly duplicate name.
duplicate table data attempted to be entered. row exists
Failed to register extend entry 'test2' - possibly duplicate name.
Turning on AgentX master support.
Error opening specified endpoint "udp:10.0.0.74:161"
Server Exiting with code 1

I commented out each line mentioned by number, and the lines with test1 and test2 and tried again:

Turning on AgentX master support.
Turning on AgentX master support.
Error opening specified endpoint "udp:10.0.0.74:161"
Server Exiting with code 1

I commented out AgentX and tried again:

Error opening specified endpoint "udp:10.55.0.74:161"
Server Exiting with code 1

This should not be this much work…

A problem I encountered, which you probably won’t see

I had problems getting net-snmp running on one host. It would run just fine on 127.0.0.1, but not on any other host. I could not figure it out.

Then I noticed this message in /var/log/messages:

Sep  7 18:22:07 supernews snmpd: warning: /etc/hosts.allow, line 113: twist_option: dup: Bad file descriptor

BINGO!

/etc/hosts.allow

This host has been around since FreeBSD 6.1 back in 2006. I was making use of hosts.allow back then, but I never use it now.

I uncommented this line from /etc/hosts.allow and then net-snmp just ran.

ALL : ALL : allow

The recipe

I got some help from Ryan Steinmetz who suggested I use this approach.

First, we install net-snmp:

pkg install net-snmp

I added this to /etc/rc.conf:

snmpd_enable="YES"
snmpd_flags="-a"
snmpd_conffile="/usr/local/etc/snmpd.conf"

The configuration file is pretty simple. I started with the supplied example:

cp -i /usr/local/share/snmp/snmpd.conf.example /usr/local/etc/snmpd.conf

I made only this change:

$ diff -ruN /usr/local/share/snmp/snmpd.conf.example /usr/local/etc/snmpd.conf
--- /usr/local/share/snmp/snmpd.conf.example	2017-11-16 04:42:33.000000000 +0000
+++ /usr/local/etc/snmpd.conf	2017-12-07 16:08:35.380256000 +0000
@@ -12,7 +12,7 @@
 #
 
 #  Listen for connections from the local system only
-agentAddress  udp:127.0.0.1:161
+agentAddress  udp:10.0.0.1:161
 #  Listen for connections on all interfaces (both IPv4 *and* IPv6)
 #agentAddress udp:161,udp6:[::1]:161
 

Where 10.0.0.1 is the IP Address that snmpd should listen on.

Next, a wee bit of the documentation:

$ net-snmp-create-v3-user --help

Usage:
  net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass] [-a MD5|SHA] [-x DES|AES] [username]

Now for the formula:

# service snmpd stop
# net-snmp-config --create-snmpv3-user -ro -x AES -a SHA -A 'supersecretauth' -X supersecretXX dvlro
adding the following line to /var/net-snmp/snmpd.conf:
   createUser dvlro SHA "supersecretauth" AES supersecretXX
adding the following line to /usr/local/share/snmp/snmpd.conf:
   rouser dvlro
# chmod go-rwx /var/net-snmp/snmpd.conf
# service snmpd start

This should just work.

NOTE: you might want to delete the above from your shell history…. no sense leaving those passwords sitting there.

I found wonkiness if you have to put quotes around the -X parameter… observe the output of the net-snmp-config and keep that in mind.

To test that you have the correct passwords, try this:

snmpwalk -v3 -l authPriv -u dvlro -a SHA -A supersecretauth -x AES -X supersecretXX yourhost.example.org HOST-RESOURCES-MIB::hrSystemNumUsers

You should see something like this:

HOST-RESOURCES-MIB::hrSystemNumUsers.0 = Gauge32: 2
Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

  3 Responses to “Installing net-mgmt/net-snmpd and getting it running”

  1. Why use net-snmp and not bsnmpd?