Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1136818

Summary: [Notification][SNMP] modify the oid schema for SNMP notification - to be usable
Product: [Retired] oVirt Reporter: Mooli Tayer <mtayer>
Component: ovirt-engine-notificiationsAssignee: Mooli Tayer <mtayer>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Belka <jbelka>
Severity: high Docs Contact:
Priority: high    
Version: 3.4CC: alonbl, bazulay, bugs, ecohen, gchakkar, gklein, iheim, jentrena, mkalinin, mtayer, oourfali, pdwyer, rbalakri, ukar, yeylon
Target Milestone: ---   
Target Release: 3.5.1   
Hardware: All   
OS: All   
Whiteboard: infra
Fixed In Version: Doc Type: Release Note
Doc Text:
A MIB file was created to describe the snmp traps sent by ovirt-engine-notifier. In order to support the new MIB the traps schema was changes - instead of dispatching a different trap for each event, we now use one generic trap for all event types containing the event data as PDU. In addition the sent PDU's list was further extended.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-21 16:06:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
sample redhat MIB
none
traps after translation using the mib
none
nagios_01
none
nagios_02
none
zabbix_01
none
trap none

Description Mooli Tayer 2014-09-03 11:41:18 UTC 
Created attachment 934049 [details]
sample redhat MIB

Benefit to ovirt:
Allow an easy integration with monitoring applications(e.g nagious).

Impact:
Configuration would not have to change although the traps would change
so monitoring triggers might have to be redefined.

Current state:
SNMP traps are being sent from ovirt-engine-notifier, see example[1].

The current OID's sent make it hard to define them under a simple MIB
as we nest all data fields under the id of a specific ALT (AuditLogType).
In order to create a MIB file we would have to parse AuditLogType at each build
and define all ALT in it and for each one define the objects that exist under
it (severity, message type, message text, etc.).

The idea is to have a simple tree MIB under 1.3.6.1.4.1.2312.13.1.1 (===baseoid)
(same as now, so configuration would not need to change)
Where we would define 2 entities:

baseoid.notification.trap[3.1]:
an OID representing trap messages by ovirt-engine-notifier, 
it will be the value of the generic key: SNMPv2-MIB::snmpTrapOID

baseoid.object[3.2]:
baseoid.object.auditlog.alt     (string e.g VDC_STOP)
baseoid.object.auditlog.id      (int e.g 2)
baseoid.object.auditlog.message 
baseoid.object.auditlog.sevirity
baseoid.object.auditlog.type
baseoid.object.auditlog.logTime
baseoid.object.auditlog.userName
baseoid.object.auditlog.vmName
baseoid.object.auditlog.vdsName
baseoid.object.auditlog.vmTemplateName
baseoid.object.auditlog.storagePoolName
baseoid.object.auditlog.storageDomainName
(If a field does not exist for a certain audit message, it will not be included)

In this manner we have the id as a value and not an OID.

A sample message after the change is provided[3].

Additional info:

* 2312 is the OID registered for redhat[2], although we would probably 
  need to distribute a REDHAT-MIB file do define notifications under it.
  A first draft for such is attached.

* We currently define 1.3.6.1.4.1.2312.13.1.1 ovirt-engine-notifier.conf as:
  iso.organization.DoD.Internet.private.enterprises.redhat.ovirt-engine.notifications.audit-log
  We would like to redefine (the same OID) as:
  iso.organization.DoD.Internet.private.enterprises.redhat.ovirt.ovirt-engine.notifications
  as this will allow us in the future to define OID for messages from different
  ovirt entities(e.g hosts).

* We currently append 0[1] after the event id to designate it as
  ENTERPRISE_SPECIFIC trap we would like to drop this as it is unneeded for
  snmpv2 support.

--------------------------------------------------------------------
[1]
Current traps as received by a snmptrapd (line breaks added):
2014-09-02 17:57:03 dhcp-1-204.tlv.redhat.com [UDP: [10.35.1.204]:46652->[10.35.215.71]:162]:
SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.2312.13.1.1.0.2
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (3794) 0:00:37.94
SNMPv2-SMI::enterprises.2312.13.1.1.0.2.0 = STRING: "Engine server is not responding."
SNMPv2-SMI::enterprises.2312.13.1.1.0.2.1 = STRING: "ERROR"
SNMPv2-SMI::enterprises.2312.13.1.1.0.2.2 = STRING: "alertMessage"
SNMPv2-SMI::enterprises.2312.13.1.1.0.2.3 = STRING: "2014-09-02 10:56:26.176
SNMPv2-SMI::enterprises.2312.13.1.1.0.2.4 = STRING: "VDC_STOP"

[2] http://www.alvestrand.no/objectid/1.3.6.1.4.1.2312.html

[3]
2014-09-02 17:57:03 dhcp-1-204.tlv.redhat.com [UDP: [10.35.1.204]:46652->[10.35.215.71]:162]:
SNMPv2-MIB::snmpTrapOID = OID: SNMPv2-SMI::enterprises.2312.13.1.1.1.1[3.1]
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (3794) 0:00:37.94
SNMPv2-SMI::enterprises.2312.13.1.1.2.1.1 = STRING: "VDC_STOP."
SNMPv2-SMI::enterprises.2312.13.1.1.0.2.1 = INTEGER: "3"
...

Given a MIB the numbers above would be translated to meaningful names:
OVIRT-ENGINE-MIB::event_name
OVIRT-ENGINE-MIB::event_id
etc.
Comment 1 Mooli Tayer 2014-09-21 10:04:46 UTC 
Created attachment 939726 [details]
traps after translation using the mib
Comment 2 Mooli Tayer 2014-09-23 12:00:41 UTC 
Created attachment 940408 [details]
nagios_01
Comment 3 Mooli Tayer 2014-09-23 12:01:09 UTC 
Created attachment 940409 [details]
nagios_02
Comment 4 Mooli Tayer 2014-09-23 16:01:03 UTC 
Created attachment 940493 [details]
zabbix_01
Comment 5 Mooli Tayer 2014-10-22 19:55:35 UTC 
*** Bug 1154352 has been marked as a duplicate of this bug. ***
Comment 6 Alon Bar-Lev 2014-12-02 18:25:46 UTC 
can we move this to on_qa?
Comment 7 Jiri Belka 2015-01-08 13:14:56 UTC 
ok, vt13.6

mibs opened with ireasoning mib browser and used that as trap receiver.

00:01:10.076396 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 542)
    10.34.61.218.54945 > 10.34.131.34.162:  { SNMPv2c { V2Trap(495) R=192234984  .1.3.6.1.2.1.1.3.0=8831 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.2312.13.1.1.0.1 .1.3.6.1.4.1.2312.13.1.1.2.1.1="6550" .1.3.6.1.4.1.2312
.13.1.1.2.1.2="VDS_ACTIVATE" .1.3.6.1.4.1.2312.13.1.1.2.1.3=16 .1.3.6.1.4.1.2312.13.1.1.2.1.4=0 .1.3.6.1.4.1.2312.13.1.1.2.1.5="Host dell-r210ii-03.rhev.lab.eng.brq.redhat.com was activated by admin." .1.3.6.1.4.
1.2312.13.1.1.2.1.6=0 .1.3.6.1.4.1.2312.13.1.1.2.1.7="2015-01-08T14:02Z" .1.3.6.1.4.1.2312.13.1.1.2.1.100="admin" .1.3.6.1.4.1.2312.13.1.1.2.1.101="fdfc627c-d875-11e0-90f0-83df133b58cc" .1.3.6.1.4.1.2312.13.1.1.2
.1.104="dell-r210ii-03.rhev.lab.eng.brq.redhat.com" .1.3.6.1.4.1.2312[|snmp] } } 
E.....@.@.c.
"=.
".".....
.[0........public.......uE.......0...0...+.......C.".0..

see screenshot
Comment 8 Jiri Belka 2015-01-08 13:15:19 UTC 
Created attachment 977801 [details]
trap
Comment 9 Sandro Bonazzola 2015-01-21 16:06:30 UTC 
oVirt 3.5.1 has been released. If problems still persist, please make note of it in this bug report.