Bug 2072626
| Summary: | RHV-M generates SNMPv3 trap with msgAuthoritativeEngineBoots: 0 despite multiple engine restarts | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Sam Wachira <swachira> |
| Component: | ovirt-engine | Assignee: | Eli Mesika <emesika> |
| Status: | CLOSED ERRATA | QA Contact: | Guilherme Santos <gdeolive> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.4.10 | CC: | apinnick, emarcus, emesika, michal.skrivanek, mperina |
| Target Milestone: | ovirt-4.5.1 | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | ovirt-engine-4.5.1 | Doc Type: | Bug Fix |
| Doc Text: |
The ovirt-engine-notifier correctly increments the SNMP EngineBoots value after restarts, which enables the ovirt-engine-notifier to work with the SNMPv3 authPriv security level.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-07-14 12:54:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Verified on: ovirt-engine-4.5.1.2-0.11.el8ev.noarch Followed steps on the description and noticed that msgAuthoritativeEngineBoots properly increments as expected Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5555 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days |
SNMPv3 traps sent by RHV-M always sets msgAuthoritative EngineBoots' to '0' value. The SNMP manager monitoring these values does not accept any traps after restarting the ovirt-engine-notifier service. Running a packet capture of the SNMP traffic originating from RHV-M confirms that 'msgAuthoritative EngineBoots' is always set to '0'. ~~~ Simple Network Management Protocol msgVersion: snmpv3 ( 3 ) msgGlobalData msgAuthoritativeEngineID: msgAuthoritative EngineBoots: 0 msgAuthoritativeEngineTime: 750 msgUserName: snmpuser msgAuthenticationParameters: d044e9583ec6895c03563c1 msgPrivacyParameters: c52182329a8194a msgData: encryptedPDU ( 1 ) ~~~ SNMP configuration in RHV-M. ~~~ $ cat /etc/ovirt-engine/notifier/notifier.conf.d/20-snmp.conf FILTER="include:*(snmp:) ${FILTER}" FILTER="include:*:WARNING(snmp:) ${FILTER}" FILTER="include:*:ERROR(snmp:) ${FILTER}" FILTER="include:*:ALERT(snmp:) ${FILTER}" SNMP_MANAGERS="x.x.x.x" SNMP_COMMUNITY=public SNMP_VERSION=3 SNMP_ENGINE_ID="80:00:00:00:04:01:03:02" SNMP_USERNAME=snmpuser SNMP_AUTH_PROTOCOL=SHA SNMP_AUTH_PASSPHRASE=securepassword SNMP_PRIVACY_PROTOCOL=AES128 SNMP_PRIVACY_PASSPHRASE=verysecurepassword SNMP_SECURITY_LEVEL=3 ~~~ Version-Release number of selected component (if applicable): rhvm-4.4.10.6-0.1.el8ev.noarch snmp4j-3.6.4-0.1.el8ev.noarch How reproducible: Reproduced by customer. Steps to Reproduce: 1. Configure RHV-M to send SNMPv3 traps. (https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/administration_guide/index#Configuring_the_Red_Hat_Enterprise_Virtualization_Manager_to_Send_SNMP_Traps) 2. Restart the ovirt-engine-notifier service # systemctl start ovirt-engine-notifier.service 3. Run packet capture on traffic originating from RHV-M and analyse SNMPv3 packets. Actual results: - The generated SNMP trap always sets 'msgAuthoritativeEngineBoots: 0' Expected results: - The generated SNMP trap should increase the value of 'msgAuthoritativeEngineBoots' with each engine restart, but it does not. Additional info: