Oh SNMP, how crazy art thou!
Overall this one isn't well documented, or at least not in one place, there are bits and pieces all over. Because IdM (or IPA) is built on top of 389 Directory Server this means that the SNMP monitoring capability is there by default and once you've hit your head on the bumps it's overall pretty straight forward.
Install the packags
You'll only need to install the "net-snmp" package at a minimum, let yum handle any dependencies if needed, however if you want to be able to read the snmp variables you'll also need the "net-snmp-utils" package.Configure net-snmp
I'm going to assume you're starting with a fresh install of net-snmp from RPM, if you have a pre-existing installation adapt the following as needed. At the bottom of the /etc/snmp/snmpd.conf file I added the following:rocommunity publicThe first sets up the read only community, then we allow access to the Red Hat OIDs and finally enable the agentx protocol for the ldap agent.
view systemview included .1.3.6.1.4.1.2312
master agentx
Originally I didn't have the Red Hat OID enabled and grew a little frustrated at snmpwalk saying it had reached the end.
Configure the ldap-agent
The configuration file for the ldap-agent is found here: /etc/dirsrv/config/ldap-agent.confOpen the file and you'll find that most of the options are configured as they need to be, however you will need to add a server entry. In my case the following was used:
server slapd-EXAMPLE-COMTo find your server name get a list of the directories in the /etc/dirsrv directory, and take the directory which starts with "slapd-" and use it as shown above.
Starting it all up
I haven't dug around too deeply at this point but it appears that the ldap-agent must be started manually on RHEL7 and IDM. However that's a simple matter of the following:/usr/sbin/ldap-agent /etc/dirsrv/config/ldap-agent.confOnce the agent has started it will return.
Testing it
From another server I pointed snmpwalk at the server and wala, data![root@zabbix ~]# snmpwalk -v2c -Cp -On -c public ipa.example.com .1.3.6.1.4.1.2312It is worth noting that at this time I couldn't get the Red Hat MIB to properly load so I had to use the OID numbers, but a little sluthing of the Red Hat MIB file (default location is /usr/share/dirsrv/mibs) and you can figure out which OIDs to monitor.
.1.3.6.1.4.1.2312.6.1.1.1.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.2.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.3.389 = Counter64: 38
.1.3.6.1.4.1.2312.6.1.1.4.389 = Counter64: 2237
.1.3.6.1.4.1.2312.6.1.1.5.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.6.389 = Counter64: 28111
.1.3.6.1.4.1.2312.6.1.1.7.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.8.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.9.389 = Counter64: 2
.1.3.6.1.4.1.2312.6.1.1.10.389 = Counter64: 2
.1.3.6.1.4.1.2312.6.1.1.11.389 = Counter64: 997
.1.3.6.1.4.1.2312.6.1.1.12.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.13.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.14.389 = Counter64: 18364
.1.3.6.1.4.1.2312.6.1.1.15.389 = Counter64: 92
.1.3.6.1.4.1.2312.6.1.1.16.389 = Counter64: 9543
.1.3.6.1.4.1.2312.6.1.1.17.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.18.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.19.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.20.389 = Counter64: 5981
.1.3.6.1.4.1.2312.6.1.1.21.389 = Counter64: 21
.1.3.6.1.4.1.2312.6.1.1.22.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.1.1.23.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.2.1.1.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.2.1.2.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.2.1.3.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.2.1.4.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.2.1.5.389 = Counter64: 0
.1.3.6.1.4.1.2312.6.5.1.1.389 = ""
.1.3.6.1.4.1.2312.6.5.1.2.389 = STRING: "389-Directory/1.3.3.1"
.1.3.6.1.4.1.2312.6.5.1.3.389 = ""
.1.3.6.1.4.1.2312.6.5.1.4.389 = ""
.1.3.6.1.4.1.2312.6.5.1.5.389 = ""
.1.3.6.1.4.1.2312.6.5.1.6.389 = ""
.1.3.6.1.4.1.2312.6.5.1.6.389 = No more variables left in this MIB View (It is past the end of the MIB tree)
Now I need to play with it some more to see if there is much value in the data.
No comments:
Post a Comment