How to Install SNMP on ESX Host v4.x


VMware ESX v4.x includes an SNMP agent that is embedded in hostd service. This VMware SNMP agent supports VMware Management Information Base (MIB) files and extends SNMP functionality.

Before version 4, VMware ESX used Net-SNMP as SNMP agent. Now it has its own agent which can be used with or without Net-SNMP. Usually, Net-SNMP is required by monitoring software. In this case it can be set up to pass any incoming requests, related to VMware, to VMware SNMP agent to get access to VMware MIBs.

This article describes how to configure both agents. If you do not need to use VMware SNMP agent, configure Net‐SNMP as you would do on a typical Linux host. If you do not need to use Net-SNMP agent, configure VMware SNMP agent to use UDP port 161 instead of 171, shown in this document

Some information can be also found here: http://www.vmware.com/pdf/vsp_4_snmp_config.pdf

Net-SNMP Configuration

Log on to the service console on the ESX host

Stop the snmpd service

service snmpd stop

Go to /etc/snmp and make a copy of the original configuration file to create a backup

cd /etc/snmp
cp -p snmpd.conf orig-snmpd.conf

Modify the snmpd.conf file and add the following:

rocommunity <community name> <ip address of trap destination 1>
rocommunity <community name> <ip address of trap destination 2>

Remove these lines:

#       sec.name  source          community
com2sec notConfigUser  default       public

####
# Second, map the security name into a group name:
#       groupName      securityModel securityName
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

Locate the system contact information section. Update the syslocation and syscontact fields:

syslocation Toronto, ON, CA
syscontact  esxgroup@esx.ca

Add the following line at the end of the file.

proxy -v 1 -c <community name> udp:127.0.0.1:171 .1.3.6.1.4.1.6876

Here -v 1 reports the Net-SNMP version, -c specifies the community string for Net-SNMP, udp:127.0.0.1:171 specifies the local host IP address and the UDP port number for the VMware SNMP agent.  This port number can be any unused UDP port. The port number must be the same as the one for the VMware SNMP agent. 1.3.6.1.4.1.6876 is the object identifier of the VMware MIBs. Net-SNMP will pass all the requests under this OID to the agent listening on the specified port and on the specified host. In our case it is a local host on UDP port 171.

Add another line

trapsink < ip address of trap destination> <community name>

The trapsink specification is required to send traps defined in the proprietary MIBs (such as VMware)

Save the file and exit

To start the Net-SNMP service when the ESX host boots, use these commands

chkconfig snmpd on
chkconfig –list snmpd
snmpd           0:on   1:on    2:on    3:on    4:on   5:on    6:on

Start the Net-SNMP service

service snmpd start

Note: If any Net-SNMP has any dependant services (such as the DELL Server Administrator (OMSA)), they should be also restarted

Check the status of the snmpd service

service snmpd status

snmpd (pid  13728) is running…

Now you should be able to use snmpwalk off of any machine to check out the SNMP communication

VMware SNMP Agent Configuration

VMware SNMP agent can be configured with three ways: by using VMware Perl scripts (vicfg-snmp.pl), by using VMware PowerCLI (PowerShell extension for VMware) or by editing manually the agent configuration file via the service console. We will do all three, using UDP 171 that we configured for Net-SNMP proxy

Note: VMware recommends using the vicfg-snmp.pl or PowerCLI commands to change the configuration instead of editing the file itself

Perl Script

If you have installed VMware vSphere CLI, you can find the scripts in this location:

C:\Program Files\VMware\VMware vSphere CLI\bin

Run

vicfg-snmp.pl –help

…to see all the parameters

Running this Perl script you will be asked to enter user name and password to connect to the service console, unless you use –username and –password parameters

vicfg-snmp.pl –server <ESX host ip address> –username root –password <password> –show
Current SNMP agent settings:
Enabled  : 0
UDP port : 161
Communities :
Notification targets :

Add community

vicfg-snmp.pl –server <ESX host ip address> –username root –password <password> –communities <community string>
Changing community list to: …
Complete.

Change port number

vicfg-snmp.pl –server <ESX host ip address> –username root –password <password> –port 171
Changing port to: 171…
Complete.

Add trap destinations

vicfg-snmp.pl –server <ESX host ip address> –username root –password <password> –targets <ip address of trap destination>@162/<community string>
Changing notification(trap) targets list to:…
Complete.

Enable agent and check the configuration

vicfg-snmp.pl –server <ESX host ip address> –username root –password <password> –enable
Enabling agent…
Complete.
vicfg-snmp.pl –server <ESX host ip address> –username root –password <password> –show
Current SNMP agent settings:
Enabled  : 1
UDP port : 171
Communities :
<community string>
Notification targets :
<ip address of trap destination>@162/<community string>

VMware PowerCLI

It is very similar to the VMware vSphere CLI Perl script

Connect to ESX host

Connect-VIServer <host ip address>
WARNING: There were one or more problems with the server certificate:
* The X509 chain could not be built up to the root certificate.
* The certificate’s CN name does not match the passed value.

Name                           Port  User
—-                           —-  —-
<host ip address>                  443   root

Check configuration and get it to the $SNMPConf variable

Get-VMHostSNMP
Enabled   Port ReadOnly Communities
——-   —- ——————–
False      161 {}

$SNMPConf = Get-VMHostSNMP

Clear communities if you have any

Set-VMHostSnmp -HostSnmp $SNMPConf -ReadOnlyCommunity @()
Enabled   Port ReadOnly Communities
——-   —- ——————–
False      161 {}

If you try to enable it now, you will get an error message, because UDP 161 is already in use by Net-SNMP

Set-VMHostSnmp -HostSnmp $SNMPConf -Enabled:$True
Set-VMHostSnmp : 17/08/2011 2:32:56 PM    Set-VMHostSnmp        A general system error occurred: Bind socket(af=2) failed, reason: 98, Address already in use

Add community

Set-VMHostSnmp -HostSnmp $SNMPConf -ReadOnlyCommunity <community name>
Enabled   Port ReadOnly Communities
——-   —- ——————–
False      161 {<community name>}

Change port number

Set-VMHostSnmp -HostSnmp $SNMPConf –Port 171
Enabled   Port ReadOnly Communities
——-   —- ——————–
False      171 {<community name>}

Add trap destinations

Set-VMHostSnmp -HostSnmp $SNMPConf -AddTarget -TargetCommunity <community name> -TargetHost <ip address of trap destination>
Enabled   Port ReadOnly Communities
——-   —- ——————–
False      171 {<community name>}

Enable agent

Set-VMHostSnmp -HostSnmp $SNMPConf -Enabled:$True
Enabled   Port ReadOnly Communities
——-   —- ——————–
True       171 {<community name>}

Test the configuration

Test-VMHostSnmp -HostSnmp $SNMPConf
Test-VMHostSnmp : 19/08/2011 4:22:29 PM    Test-VMHostSnmp        A general system error occurred: Connection refused
At line:1 char:16
+ Test-VMHostSnmp <<<<  -HostSnmp $SNMPConf
+ CategoryInfo          : NotSpecified: (:) [Test-VMHostSnmp], SystemError
+ FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_TestVmHostSnmp_ViError,
VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.TestVmHostSnmp

Connection refused? It happened because the current machine has not been added as a trap destination

Add it and test again

Service Console

VMware SNMP agent configuration is stored in the snmp.xml file.

Log on to the service console on the ESX host

Stop the snmpd service

service snmpd stop

Go to /etc/vmware and make a copy of the original configuration file to create a backup

cd /etc/vmware
cp -p snmp.xml orig-snmp.xml

Modify the snmp.xml file:

<config>
<snmpSettings>
<enable>true</enable>
<communities>public</communities>
<targets>127.0.0.1@162/public</targets>
<port>171</port>
</snmpSettings>
</config>

As you can see the file contains the parameters accessible via PowerCLI or vSphere CLI.

Restart mgmt-vmware service

service mgmt-vmware restart

Start the Net-SNMP service

service snmpd start

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: