Bug 1232412 - Unable to start snmp on RHEV-H 7.1
Summary: Unable to start snmp on RHEV-H 7.1
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-node
Version: 3.5.3
Hardware: x86_64
OS: Linux
high
high
Target Milestone: ---
: ---
Assignee: Ryan Barry
QA Contact: cshao
URL:
Whiteboard: node
Keywords: Reopened
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-16 17:10 UTC by Robert McSwain
Modified: 2019-07-11 09:25 UTC (History)
15 users (show)

(edit)
Cause: A change in the way snmp changes passwords

Consequence: Changing the SNMP password in RHEV-H 7 caused SNMP to cease working.

Fix: The snmp password file is now unmounted before changing

Result: Changing the SNMP password works
Clone Of:
(edit)
Last Closed: 2015-12-18 15:07:18 UTC
mgoldboi: Triaged+


Attachments (Terms of Use)
snmp.tar.gz (100.39 KB, application/x-gzip)
2015-06-23 06:29 UTC, cshao
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 42771 master MERGED Unpersist and repersist snmpd.conf so it can be moved Never
oVirt gerrit 46242 ovirt-3.5 MERGED Unpersist and repersist snmpd.conf so it can be moved Never
Red Hat Bugzilla 1261424 None None None Never

Internal Trackers: 1261424

Description Robert McSwain 2015-06-16 17:10:08 UTC
Description of problem:

We install our rhev-h systems from RHEV-H 6.6 - 20150512.0.el6ev to the RHEV-H 7.1-20150512.1.el7ev. We install them with PXE-boot and enable it with snmp_password=<password> command in the pxe boot options. But snmp is not enabled.

If I try to enable snmp manually on RHEV-H. I get the following error:

│Command 'snmpusm -v 3 -u root -n "" -l authNoPriv -a SHA -A <password> localhost passwd <password>   │
│<password> -x AES' returned non-zero exit status 1

I use ssh to the rhev-h with the user admin. So I get the tui set the [X] and enter a password to enable snmp.

Why  I can't enable snmp on rhev-h 7.1?

Version-Release number of selected component (if applicable):
RHEV-H 7.1-20150512.1.el7e

How reproducible:
100%

Comment 1 Ryan Barry 2015-06-22 15:36:03 UTC
Robert - I can't reproduce this.

Is the customer using a weak password? SNMP requires at least 8 characters with no whitespace.

QE - can you reproduce?

Comment 2 cshao 2015-06-23 06:28:37 UTC
SNMP can enable by auto install, but the function of SNMP doesn't work.

Test version:
rhev-hypervisor7-7.1-20150609.0
ovirt-node-3.2.3-3.el7.noarch

Test steps:
1. Auto install RHEV-H with below parameters
BOOTIF=eth0 storage_init=/dev/sda adminpw=xxx snmp_password=redhat123 firstboot
2. Reboot
3. Login RHEV-H and check the status of snmp.
4. Check snmp function.
#snmpwalk -v3 -u root -l authPriv -a SHA -A redhat123 -x AES -X redhat123 $ip sysDescr
5. Set new snmp password on TUI.

Test result:
1. Auto install with "snmp" parameter can enable snmp.
2. In SNMP menu, SNMP show as enable status.
3. SNMP function doesn't work.
# snmpwalk -v3 -u root -l authPriv -a SHA -A redhat123 -x AES -X redhat123 10.66.9.251 sysDescr
snmpwalk: Unknown engine ID (Sub-id not found: (top) -> sysDescr)
4. An error occurred while applying the changes:    

│Command 'snmpusm -v 3 -u root -n "" -l authNoPriv -a SHA -A redhat123 localhost passwd redhat123 redhat123 -x AES' returned non-zero exit status 1  


# service snmpd status
Redirecting to /bin/systemctl status  snmpd.service
snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
   Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enabled)
   Active: active (running) since Tue 2015-06-23 06:06:01 UTC; 8min ago
 Main PID: 1232 (snmpd)
   CGroup: /system.slice/snmpd.service
           └─1232 /usr/sbin/snmpd -LS0-6d -f

Jun 23 06:06:01 localhost snmpd[1232]: buffer too small to read octet string (17 < 17)
Jun 23 06:06:01 localhost snmpd[1232]: Turning on AgentX master support.
Jun 23 06:06:01 localhost snmpd[1232]: Cannot rename /var/lib/net-snmp/snmpd.conf to /var/lib/net-snmp/snmpd.0.conf
Jun 23 06:06:01 localhost snmpd[1232]: Cannot unlink /var/lib/net-snmp/snmpd.conf
Jun 23 06:06:01 localhost snmpd[1232]: NET-SNMP version 5.7.2
Jun 23 06:06:01 localhost systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..

Comment 3 cshao 2015-06-23 06:29:36 UTC
Created attachment 1042104 [details]
snmp.tar.gz

/var/log/*.*
/tmp/ovirt.log

Comment 4 Ryan Barry 2015-06-23 14:13:27 UTC
I'm also not able to reproduce this report. After an autoinstall:

$ snmpwalk -v3 -u root -l authPriv -a SHA -A redhat123 -x AES -X redhat123 192.168.122.166 sysDescr
SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost 3.10.0-229.4.2.el7.x86_64 #1 SMP Fri Apr 24 15:26:38 EDT 2015 x86_64

I see that you can get the traceback by trying to set a new password, though. I'll try that as well...

Comment 5 Ryan Barry 2015-06-23 15:26:13 UTC
So:

Test steps:
1. Auto install RHEV-H with below parameters
BOOTIF=eth0 storage_init=/dev/sda adminpw=xxx snmp_password=redhat123 firstboot
2. Reboot
3. Login RHEV-H and check the status of snmp.
4. Check snmp function.
#snmpwalk -v3 -u root -l authPriv -a SHA -A redhat123 -x AES -X redhat123 $ip sysDescr
5. Set new snmp password on TUI.
6. Test again

Test result:
1. Auto install with "snmp" parameter can enable snmp.
2. In SNMP menu, SNMP show as enable status.
3. SNMP  works.
# snmpwalk -v3 -u root -l authPriv -a SHA -A redhat123 -x AES -X redhat123 10.66.9.251 sysDescr
SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost 3.10.0-229.4.2.el7.x86_64 #1 SMP Fri Apr 24 15:26:38 EDT 2015 x86_64
4. An error occurred while applying the changes
5. SNMP doesn't work
# snmpwalk -v3 -u root -l authPriv -a SHA -A redhat123 -x AES -X redhat123 10.66.9.251 sysDescr
snmpwalk: Unknown engine ID (Sub-id not found: (top) -> sysDescr)

This error appears to occur because the password cannot be changed successfully, which I'll look at. It works correctly in earlier versions of RHEV-H, so this must be a platform change.

Comment 6 Ryan Barry 2015-06-23 17:34:15 UTC
Robert -

The problem with changing the password appears to be because net-snmp now expects to be able to move the file to a backup, and so it never properly creates the user, so snmpusm can't find the object.

I wasn't able to reproduce the "snmp doesn't work with autoinstall" issue on a VM running on EL7, but I was on a VM running on F22, so it may not be a password length issue.

As a workaround (until the patch makes it into a build), they should be able to log in, press F2 to drop to a shell, and run the following commands (in order):

service snmpd stop
unpersist /var/lib/net-snmp/snmpd.conf
net-snmp-create-v3-user -A $password -a SHA -x AES root
service snmpd start
persist /var/lib/net-snmp/snmpd.conf

Comment 7 cshao 2015-07-02 08:33:24 UTC
Returning need info removed by bugzilla.

Comment 8 cshao 2015-09-08 07:09:37 UTC
Hi rmcswain,

I can't reproduce this issue, can you ask customer to help us to verify this bug?

Thanks!

Comment 9 cshao 2015-09-10 09:35:43 UTC
I report a new bug 1261424 for trace #c5's issue, but still can't reproduce the original bug.

Test version:
rhev-hypervisor7-7.1-20150827.1.el7ev
ovirt-node-3.2.3-20.el7.noarch

Thanks!


Note You need to log in before you can comment on or make changes to this bug.