| Summary: | disabling snmpd v1 and v2c on overcloud | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | PURANDHAR SAIRAM MANNIDI <pmannidi> |
| Component: | rhosp-director | Assignee: | Pradeep Kilambi <pkilambi> |
| Status: | CLOSED WONTFIX | QA Contact: | Omri Hochman <ohochman> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 8.0 (Liberty) | CC: | adhingra, athomas, dbecker, dtantsur, eglynn, fbaudin, jcoufal, jdanjou, mburns, mcornea, morazi, pkilambi, rhel-osp-director-maint, sputhenp, ssmolyak |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-10-13 05:45:37 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Hi All, We suspect that ceilometer collects data from snmp on the overcloud nodes. Using ceilometer api, this data may be retrieved. Undercloud may be getting these data from overcloud ceilometer for some purpose. It's possible that ceilometer is configured to use public rocommunity string to retrieve these details. We need a confirmation from Engineering. Is there any impact by changing this string "public" to something else? If it's expected that ceilometer may fail to get the details because its configured to query using public community, how do we change this in ceilometer? Can we have any update on the info requested? |
Description of problem: Disabled snmp v1 and v2c on both the overcloud and undercloud. Only v3 is used. Director deploys and used v3 by default but it leaves default community strings and v1 and v2c open. Need to understand the implications for ceilometer and any other cloud services. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. With director the following setting are enabled from templates: snmp::ro_community: 'xxxx' snmp::ro_community6: 'xxxx' snmp::com2sec: [] snmp::com2sec6: [] snmp::groups: [] snmp::accesses: [] snmp::views: [] 2.snmpwalk -v1 -c public x.x.x.x Timeout: No Response from x.x.x.x 3.snmpwalk -v2c -c public x.x.x.x Timeout: No Response from x.x.x.x Actual results: default community strings and v1 and v2c open. Expected results: Should not see anything related to v1 and v2c information in SNMPD Additional info: