Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rhds81 rfe - snmp counters index strings for multiple network interfaces with ip addr and tcp port pairs #205

Closed
389-ds-bot opened this issue Sep 12, 2020 · 18 comments
Closed

rhds81 rfe - snmp counters index strings for multiple network interfaces with ip addr and tcp port pairs #205

389-ds-bot opened this issue Sep 12, 2020 · 18 comments
Labels
closed: fixed Migration flag - Issue
Milestone
1.3.2 - 05/13 (May)

Comments

@389-ds-bot
Copy link

Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/205

https://bugzilla.redhat.com/show_bug.cgi?id=582443

Description of problem:

In many deployment scenario, systems have more than one network interface, bare
metal of virtual instances, and there is an increased need to improve multi
homed network support in RHDS in the silent install, in the console, so that
nsslapd-listenhost is used by default.

This RFE is for the SNMP support part, the tables with counters have indexes
built with the port number as part of their index, so there is no way to
differenciate or access counters for different network IP addresses for
instances all listening on port 389 on a system.

May be a combination string of IP address and TCP port could be used?
But then, I am not sure how we should handle IPv6

For example, if I have a test system with 3 network interfaces:

netstat -lnp|egrep "389|390|391"
tcp        0      0 10.14.52.45:389             0.0.0.0:*
LISTEN      4995/ns-slapd
tcp        0      0 10.14.54.247:389            0.0.0.0:*
LISTEN      4859/ns-slapd
tcp        0      0 10.14.54.241:389            0.0.0.0:*
LISTEN      4697/ns-slapd

TCP-MIB::tcpConnState.10.14.52.45.389.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.10.14.54.241.389.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.10.14.54.247.389.0.0.0.0.0 = INTEGER: listen(2)

And I can only access the "first" set of counters, the one on the first network
interface I set up:

SNMPv2-SMI::enterprises.2312.6.1.1.1.389 = Counter64: 0
SNMPv2-SMI::enterprises.2312.6.1.1.2.389 = Counter64: 0
SNMPv2-SMI::enterprises.2312.6.1.1.3.389 = Counter64: 0
SNMPv2-SMI::enterprises.2312.6.1.1.4.389 = Counter64: 0


if the ns-slapd instances are listening on different tcp ports:

SNMPv2-SMI::enterprises.2312.6.5.1.2.389 = STRING: "Red Hat-Directory/8.1.0"
SNMPv2-SMI::enterprises.2312.6.5.1.2.390 = STRING: "Red Hat-Directory/8.1.0"

SNMPv2-SMI::enterprises.2312.6.1.1.1.389 = Counter64: 0
SNMPv2-SMI::enterprises.2312.6.1.1.1.390 = Counter64: 0
SNMPv2-SMI::enterprises.2312.6.1.1.1.391 = Counter64: 0


Version-Release number of selected component (if applicable):

Red Hat Enterprise Linux Server release 5.4 (Tikanga)
Linux ms-test1.sjc.redhat.com 2.6.18-164.el5 1 SMP Tue Aug 18 15:51:48 EDT
2009 x86_64 x86_64 x86_64 GNU/Linux

redhat-ds-8.1.0-1.el5dsrv
net-snmp-5.3.2.2-9.el5
net-snmp-utils-5.3.2.2-9.el5


How reproducible:
always

Steps to Reproduce:
1. have el5 and redhat-ds
2. configure a virtual network interface to eth0 or use a seocnd network
interface to a virtual machine
3. prep .inf files for 2 RHSD instance, silent install, ldapmodify for
nsslapd-listenhost: xx and nsslapd-port: 389, restart ns-slapd's
4. vi /etc/snmp/snmpd.conf
master agentx
mibdirs +/usr/share/dirsrv/mibs
syscontact softw@ourdomain.com
syslocation here
rocommunity public 127.0.0.1
5. vi /etc/dirsrv/config/ldap-agent.conf
agentx-master /var/agentx/master
agent-logdir /var/log
server slapd-ms-test1
server slapd-ms-test1-2
6. /usr/bin/ldap-agent /etc/dirsrv/config/ldap-agent.conf
7. snmpwalk -v 2c localhost -c public .1.3.6.1.4.1.2312


Actual results:
one set of counters is accessible for the "first" interface


Expected results:
set of snmp counters for each network interface and tcp port configured for
active ns-slapd instances


Additional info:
@389-ds-bot 389-ds-bot added the closed: fixed Migration flag - Issue label Sep 12, 2020
@389-ds-bot 389-ds-bot added this to the 1.3.2 - 05/13 (May) milestone Sep 12, 2020
@389-ds-bot
Copy link
Author

Comment from rmeggins (@richm) at 2012-01-10 06:17:01

batch move to milestone 1.3

@389-ds-bot
Copy link
Author

Comment from rmeggins (@richm) at 2012-08-14 19:57:05

set default ticket origin to Community

@389-ds-bot
Copy link
Author

Comment from nkinder (@nkinder) at 2012-08-28 04:14:35

Added initial screened field value.

@389-ds-bot
Copy link
Author

Comment from nkinder (@nkinder) at 2013-04-05 04:03:48

The easy way to fix this is to add a new configuration setting to "cn=config". This setting would allow you to define the SNMP "index" to use for that particular DS instance. For example, if I have 2 DS instances on the same host who both use port 389 on different network interfaces, I would be able to arbitrarily assign index number "50" to the first instance, and index number "51" to the second instance. In the config for the first instance, it would look something like this:

nsslapd-snmp-index: 50

The nice thing with this approach is that it requires no changes to the MIB or how our current SNMP results are interpreted.

If the new config setting is not specified, the port number should be used as the index as we do currently.

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2013-04-16 19:08:11

'''Here is the current status'''

  • Sorry for the delay, at a first read I thought the request was to have DS listening on several interfaces (nsslapd-listenhost) and I spent some time to understand what needed to be done.

  • I implement the fix and sent a review
    '''
    Here are the next steps'''

  • Waiting for the review

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2013-04-16 19:19:30

attachment
0001-Ticket-205-snmp-counters-index-strings-for-multiple-.patch

@389-ds-bot
Copy link
Author

Comment from nkinder (@nkinder) at 2013-04-16 21:33:56

The code for the SNMP subagent looks fine, but you will have a problem if you try to add the nsslapd-snmp-index attribute to "cn=config". If you attempt to add this new attribute using ldapmodify, the server will reject it with err=53. You can manually edit dse.ldif when ns-slapd is stopped, but you will get an error about the config attribute being unknown when you start ns-slapd.

Even though ns-slapd doesn't need to do anything with the new nsslapd-snmp-index attribute, we will still need to make some code changes to prevent these errors.

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2013-04-17 20:22:24

Here is the current status

  • integrate the remarks from Nathan review. Basically the first patch did not taken into account a change online of nsslapd-snmp-index

Here are the next steps

  • waiting for the second review

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2013-04-17 20:23:04

attachment
0002-Ticket-205-snmp-counters-index-strings-for-multiple-.patch

@389-ds-bot
Copy link
Author

Comment from nkinder (@nkinder) at 2013-04-17 21:54:22

I don't think you should remove this block of code, as it is there to prevent us from processing through every line of dse.ldif after we have found everything that we were looking for in the file:

                    /* Stop processing this entry if we found the 
                     *  port and rundir settings */ 
                    if (got_port && got_rundir) {
                        break; 
                    }

Now that one may optionally specify the nsslapd-snmp-index attribute, we will have to process through the entire LDIF if the optional attribute is not set, but we can at least stop processing the dse.ldif if we have already found the optional attribute. I think you can leave this block in and change the condition as a small optimization:

                    /* Stop processing this entry if we found the 
                     *  port, rundir, and SNMP index settings */ 
                    if (got_port && got_rundir && got_snmp_index) {
                        break; 
                    }

Aside from that, the patch looks good to me.

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2013-04-17 22:01:29

Thanks for you review Nathan.

My understanding is that this accelerator test is only when parsing the entry 'dn: cn=config'. If parsing this entry and found port+rundir, it was fine to stop parsing this entry.
In case of an optional snmp-index, we need to go through the complete entry 'cn=config' to know if a snmp-index is or not defined later.

I will double check that.

@389-ds-bot
Copy link
Author

Comment from nkinder (@nkinder) at 2013-04-17 22:14:08

Replying to [comment:14 tbordaz]:

Thanks for you review Nathan.

My understanding is that this accelerator test is only when parsing the entry 'dn: cn=config'. If parsing this entry and found port+rundir, it was fine to stop parsing this entry.
In case of an optional snmp-index, we need to go through the complete entry 'cn=config' to know if a snmp-index is or not defined later.

I will double check that.

You are correct. It is only processing cn=config, not the entire dse.ldif. We can stop parsing the entry if we find port+rundir+snmp-index.

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2013-04-18 13:42:21

Hi Nathan,

thanks for the review.
I changed the fix to leave the block that stop the processing if all researched info (port/rundir/snmp_index) have been found.
I attached the new patch 0003-Ticket-205-snmp-counters-index-strings-for-multiple-.patch

thierry

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2013-04-18 13:42:40

attachment
0003-Ticket-205-snmp-counters-index-strings-for-multiple-.patch

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2013-04-18 14:07:33

git merge ticket205_review
Updating bb7a41b..2f02b0d
Fast-forward
ldap/servers/slapd/libglobs.c | 40 +++++++++++++++++++++++++++++++++++++++-
ldap/servers/slapd/proto-slap.h | 1 +
ldap/servers/slapd/slap.h | 2 ++
ldap/servers/snmp/main.c | 22 +++++++++++++++++++---
4 files changed, 61 insertions(+), 4 deletions(-)

commit 2f02b0d
Author: Thierry bordaz (tbordaz) tbordaz@redhat.com
Date: Wed Apr 17 16:06:32 2013 +0200

git push origin master
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 2.52 KiB, done.
Total 10 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
bb7a41b..2f02b0d master -> master

@389-ds-bot
Copy link
Author

Comment from mreynolds (@mreynolds389) at 2013-04-25 00:23:58

Fix compiler warning
0001-Ticket-205-Fix-compiler-warning.patch

@389-ds-bot
Copy link
Author

Comment from mreynolds (@mreynolds389) at 2013-04-25 00:24:44

Fixed compiler warning:

git merge ticket205
Updating 7c8c32e..1838c0b
Fast-forward
ldap/servers/slapd/libglobs.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

git push origin master
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 617 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
7c8c32e..1838c0b master -> master

commit 1838c0b

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2017-02-11 23:04:48

Metadata Update from @tbordaz:

  • Issue assigned to tbordaz
  • Issue set to the milestone: 1.3.2 - 05/13 (May)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed: fixed Migration flag - Issue
Projects
None yet
Milestone
1.3.2 - 05/13 (May)
Development

No branches or pull requests
1 participant
@389-ds-bot