Using Cacti to Monitor HACMP machines
 
Home Help Login Register
*
Welcome, Guest. Please login or register. November 22, 2008, 09:34:02 AM


Login with username, password and session length


Pages: [1] 2   Go Down
« previous next »
  Print  
Author Topic: Using Cacti to Monitor HACMP machines  (Read 4142 times)
0 Members and 1 Guest are viewing this topic.
Michael
Administrator
Hero Member
*****
Posts: 526
« Reply #15 on: February 03, 2007, 03:36:56 PM »
Well, this should be permitting a query. Have you tried a query from an another AIX partition with, and without HACMP installed (the -get version I have in my last post should work every where.)

What the smux entry does is tell the snmd daemon where to look for questions starting at the OID 1.3.6.1.4.1.2.3.1.2.1.5 == ibm.3.1.2.1.5

After this, the next steps to look for what is happening is to use syslog.conf and set daemon.debug to a seperate file, and also to be reading the log file (/var/tmp/snmpd.log by default I think. The name is also in the configfile. p.s. if the log file you find is the snmpdv3.log file, then we can be pretty sure that snmp_v3 is being used.

I'll try top get a linux box installed, and/or a partition, and see what I can duplicate there.

But, to this moment, I have not been able to duplicate a failure of snmpinfo from AIX to AIX.
Logged
HRH_H_Crab
Jr. Member
**
Posts: 9
« Reply #14 on: February 02, 2007, 04:34:46 PM »
From /etc/snmpd.conf on my

community       public
#community       private 127.0.0.1 255.255.255.255 readWrite
#community       system  127.0.0.1 255.255.255.255 readWrite 1.17.2

Its not an administrator!
The only admin on these boxes is me! ;P

Im pretty sure that its the clsmuxpd stuff I pasted before that causes the problem.

Logged
Michael
Administrator
Hero Member
*****
Posts: 526
« Reply #13 on: February 02, 2007, 04:17:54 PM »
Well, I finally got a pretty much vanilla HACMP install finished, using HACMP 5.3.

As tests, from the nim installation server I repeaded the follwoing command:
Quote
root@nim [/]:for i in 1 2 3 4
> do
> snmpinfo -m get -c public -h ha12$i -v 1.3.6.1.4.1.2.4.12.7.1.2.3
> done
ibm.4.12.7.1.2.3 = ibmAIX (1.3.6.1.4.1.2.6.191)
ibm.4.12.7.1.2.3 = ibmAIX (1.3.6.1.4.1.2.6.191)
ibm.4.12.7.1.2.3 = ibmAIX (1.3.6.1.4.1.2.6.191)
ibm.4.12.7.1.2.3 = ibmAIX (1.3.6.1.4.1.2.6.191)

This worked each time - before installing the cluster.* software; after installing the software; after running the two node configuration wizard (to be very standard); after starting one node.
Quote
# ./clfindres
-----------------------------------------------------------------------------
Group Name     State                        Node           
-----------------------------------------------------------------------------
AppB_group     ONLINE                       ha_121         
                       OFFLINE                      ha_122         

The file snmpd.conf file has been updated, by the installation of the software. So I removed the software from one node (124)
Quote
root@nim[/test]:ls -l
total 96
-rw-r-----   1 root     system        10164 Feb  2 17:02 snmpd.conf.ha121
-rw-r-----   1 root     system        10164 Feb  2 17:02 snmpd.conf.ha122
-rw-r-----   1 root     system        10164 Feb  2 17:02 snmpd.conf.ha123
-rw-r-----   1 root     system        10080 Feb  2 17:02 snmpd.conf.ha124
root@nim[//test]:diff *ha121 *ha124
207d206
< smux     1.3.6.1.4.1.2.3.1.2.1.5      clsmuxpd_password # HACMP/ES for AIX clsmuxpd
root@nim[/test]:

My conclusion is that it is not the HACMP software that is making a change, but an administrator is making changes to the community line in snmpd.conf.

The default entry when AIX is installed is:
Quote
root@nim[/test]:grep community *121 *124

snmpd.conf.ha121:community      public
snmpd.conf.ha121:#community       private 127.0.0.1 255.255.255.255 readWrite
snmpd.conf.ha121:#community       system  127.0.0.1 255.255.255.255 readWrite 1.17.2

snmpd.conf.ha124:community      public
snmpd.conf.ha124:#community       private 127.0.0.1 255.255.255.255 readWrite
snmpd.conf.ha124:#community       system  127.0.0.1 255.255.255.255 readWrite 1.17.2

Also in /etc/snmpd.conf is some documentation about the interpretation of the community statement.

Before adding it I will just say that the default statement allows the community public to read all variables from any IP address. To make it more restrictive, or even "secret" you change the community name and/or limit the acceptable ranges of IP addresses making queries (with IP_ADDRESS NETMASK pairs).

Now the documentation included inthe default file:
Quote
# 2. Set the community names and access privileges for hosts that can make
#    requests of this snmpd agent.  Define these restrictions as follows:
#
#       community  <name>  <address>  <netmask>  <permissions>  <view name>
#
#    where <name> is the community name, <address> is either a hostname or
#    an IP address in dotted notation, and <permissions> is one of:  none,
#    readOnly, writeOnly, readWrite.  The default permission is readOnly.
#    <netmask> specifies the network mask.  The default address and netmask
#    are 0.0.0.0.  If an address other than 0.0.0.0 is specified, the default
#    netmask is 255.255.255.255.  If a permission is specified, both the
#    address and netmask must also be specified.  <view name> defines a
#    portion of the MIB tree to which this community name allows access.
#    <view name> must be defined as a unique object identifier in dotted
#    numeric notation.  <view name> is further defined in the view
#    configuration entry.  If <view name> is not specified, the view for
#    this community defaults to the entire MIB tree.  Fields to the right
#    of <name> are optional, with the limitation that no fields to the
#    left of a specified field are omitted.
#

So, please post a grep of community from your /etc/snmpd.conf files - if permited Smiley
Logged
HRH_H_Crab
Jr. Member
**
Posts: 9
« Reply #12 on: February 02, 2007, 02:42:23 PM »
I found the following here: http://www.coredumps.de/doc/ibm/cluster/HAES/haes/ch19.html:

/etc/snmpd.conf

The SNMP daemon reads the /etc/snmpd.conf configuration file when it starts up and when a refresh or kill -1 signal is issued. This file specifies the community names and associated access privileges and views, hosts for trap notification, logging attributes, snmpd-specific parameter configurations, and SMUX configurations for the snmpd. The HACMP/ES installation process adds the clsmuxpd password to this file. The following entry is added to the end of the file, to include the HACMP/ES MIB managed by the clsmuxpd.

smux    1.3.6.1.4.1.2.3.1.2.1.5    "clsmuxpd_password" # HACMP clsmuxpd

/etc/snmpd.peers

The /etc/snmpd.peers file configures snmpd SMUX peers. The HACMP/ES install process adds the following entry to include the clsmuxpd.

clsmuxpd 1.3.6.1.4.1.2.3.1.2.1.5    "clsmuxpd_password" # HACMP clsmuxpd

Apparently these are the only two things which are changed when you install HACMP. It must be this which is causing me the problems.
Logged
Michael
Administrator
Hero Member
*****
Posts: 526
« Reply #11 on: February 01, 2007, 08:33:31 PM »
I'll install HACMP on some nodes tomorrow and see if I can spot the changes.
Logged
HRH_H_Crab
Jr. Member
**
Posts: 9
« Reply #10 on: February 01, 2007, 06:38:33 PM »
I think its no.1 rather than no.2 since the version of AIX is the same on all my LPARS. Its just that I can monitor the ones without HACMP, but not the ones with HACMP.

Is there anyway to remove these restrictions?

I find snmp on AIX very confusing. Im pretty sure installing HACMP just changes the configuration, not the version of the snmp server itself. I'll check the logs on non-HACMP and HACMP LPARS and see if there is a difference.
« Last Edit: February 01, 2007, 06:41:43 PM by HRH_H_Crab » Logged
Michael
Administrator
Hero Member
*****
Posts: 526
« Reply #9 on: January 22, 2007, 08:30:41 PM »
Well, it probably isnt an HACMP thing directly.

1) snmpinfo -m dump of other information isn't allowed (general access removed as part of HACMP installation/configuration)
2) different levels of AIX being monitored. From memory AIX 5.1 still has snmp_v1 as default protocol, AIX 5.2 and AIX 5.3 hav snmp_v3 as default.

Check the /var/tmp directory for the name of the snmp logfile. My vanilla install AIX 5.2+ systems have /var/tmp/snmpdv3.log as logfile, while AIX 5.1 and earlier have /var/tmp/snmpd.log.

snmp_v3 support first appeared in AIX 5.1. If a system is updated via migration or update_all the snmp protocol is not changed (i.e. only in "new and complete" installs is the default protocol activated.
Logged
HRH_H_Crab
Jr. Member
**
Posts: 9
« Reply #8 on: January 22, 2007, 02:55:43 PM »
It returns stuff, but nothing thats useful for what I want to monitor.
i.e. no cpu stuff, memory stuff, disk stuff...
just stuff about the status of the cluster.

If I run it on a non-HACMP LPAR it returns the stuff I need to monitor.
There is a huge difference. Just a few lines on HACMP, page after page of statistics on non-HACMP.
Logged
Michael
Administrator
Hero Member
*****
Posts: 526
« Reply #7 on: January 22, 2007, 02:06:58 PM »
Try this command to see what AIX specific information you can see.

btw the hacmp MIB is:

1.3.1.6.4.1.2.3.1.2.1.5

The command specifies all the available IBM info in the tree.

Quote
snmpinfo -m dump -c public -h 127.0.0.1 -v 1.3.6.1.4.1 | more
Logged
Michael
Administrator
Hero Member
*****
Posts: 526
« Reply #6 on: January 22, 2007, 12:05:48 PM »
Well, it doesnt have to be game over, as your other AIX boxes are running snmp1. The other thing to check is whether the snmp info you want is only available within the cluster, and what snmp community name is being used.

From snmpd.conf (snmp1 version)

Quote
logging         file=/usr/tmp/snmpd.log         enabled
logging         size=0                          level=0

community       public
#community       private 127.0.0.1 255.255.255.255 readWrite
#community       system  127.0.0.1 255.255.255.255 readWrite 1.17.2

view            1.17.2          system enterprises view

trap            public          127.0.0.1       1.2.3   fe      # loopback

#snmpd          maxpacket=1024 querytimeout=120 smuxtimeout=60

smux            1.3.6.1.4.1.2.3.1.2.1.2         gated_password  # gated
smux            1.3.6.1.4.1.2.3.1.2.2.1.1.2     dpid_password   #dpid

This is from an AIX 5.2 system, using snmp1. See if you can get a copy of that file for reference.
Logged
HRH_H_Crab
Jr. Member
**
Posts: 9
« Reply #5 on: January 22, 2007, 11:56:16 AM »
Aah... maybe its game over!
Cacti looks like it only supports snmp v1, and v2.
v1 returns nothing, and v2 gives me snmp errors.

This is prob. the problem then.
Logged
HRH_H_Crab
Jr. Member
**
Posts: 9
« Reply #4 on: January 22, 2007, 11:52:05 AM »
Im running cacti on a linux box.
Ill try changing the smtp version in cacti to 3 and see if it makes any difference.

The template is in xml format.
Logged
Michael
Administrator
Hero Member
*****
Posts: 526
« Reply #3 on: January 22, 2007, 11:30:52 AM »
Actually, I dont think it will be that difficult, at least for the snmpwalk part. I am working with HACMP this week, and I'll look into the differences between snmp1, snmp3 (which are the two default snmp providers on AIX, you choose one of the two).

I believe modern versions of HACMP expect you to be using snmp3.

Regarding the templates: will depend on whether they are text based or not. And, last question, are you running CACTI from a linux box (as a network monitor), or are you running the package on AIX as well?
Logged
HRH_H_Crab
Jr. Member
**
Posts: 9
« Reply #2 on: January 22, 2007, 09:28:53 AM »
Did a bit of google to find out what CACTI is, and I am guessing is a monitoring tool that used SNMP information for it's data.

This is indeed the case.

dan@ngct1:~$ snmpwalk -c public -v 1 172.29.6.9 -O fn 1.3.6.1.4.1.2.6.191
dan@ngct1:~$

The above, I think is related to my problem. For non HACMP LPARS the above returns loads of information. For HACMP, I get nothing as you can see.
I don't think it will be an easy problem to solve, as it will require someone to write a new template for cacti. I was really just posting to see if anyone had already done this. Its a last resort, because I cant find anything on the cacti forums for HACMP and AIX which is the more likely place to look!
Logged
Michael
Administrator
Hero Member
*****
Posts: 526
« Reply #1 on: January 20, 2007, 12:37:18 PM »
Did a bit of google to find out what CACTI is, and I am guessing is a monitoring tool that used SNMP information for it's data.

Please verify that, and then I'll start looking into how to explain how to get the data from a HACMP cluster (using clinfo as snmp API data supplier).

I am assuming that the AIX template you mention collects the standard MIB-2 data, plus some specific AIX (.1.3.1.6.2.4.2.* IBM private OID I hope. if so, AIX specific is .1.3.1.6.2.4.6.*) - will edit later if I am quoting this incorrectly.
Logged
Pages: [1] 2   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM
Page created in 0.653 seconds with 18 queries.

FastPath

HowTo
New in AIX6
RBAC
Security
WPAR
Service Bulletins

InfoCenters

AIX 6.1
AIX 5.3
AIX 5.2
AIX 5.1
- - - - - - -
HMC Downloads
IBM Firmware/LIC
VIOS Support
- - - - - - -
Hardware Documents
PowerHA (HACMP)
Tivoli Manuals
- - - - - - -
IBM Training



eXTReMe Tracker
Terms of Use and Privacy and Security Policies
Copyright 2001-2008 Michael Felt and ROOTVG.NET