mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
87 lines
4.0 KiB
XML
87 lines
4.0 KiB
XML
<?xml version='1.0' encoding='utf-8' ?>
|
|
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
|
|
%BOOK_ENTITIES;
|
|
]>
|
|
<!-- Licensed to the Apache Software Foundation (ASF) under one
|
|
or more contributor license agreements. See the NOTICE file
|
|
distributed with this work for additional information
|
|
regarding copyright ownership. The ASF licenses this file
|
|
to you under the Apache License, Version 2.0 (the
|
|
"License"); you may not use this file except in compliance
|
|
with the License. You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing,
|
|
software distributed under the License is distributed on an
|
|
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
KIND, either express or implied. See the License for the
|
|
specific language governing permissions and limitations
|
|
under the License.
|
|
-->
|
|
<section id="configure-snmp-rhel">
|
|
<title>Configuring SNMP Community String on a RHEL Server</title>
|
|
<para>The SNMP Community string is similar to a user id or password that provides access to a
|
|
network device, such as router. This string is sent along with all SNMP requests. If the
|
|
community string is correct, the device responds with the requested information. If the
|
|
community string is incorrect, the device discards the request and does not respond.</para>
|
|
<para>The NetScaler device uses SNMP to communicate with the VMs. You must install SNMP and
|
|
configure SNMP Community string for a secure communication between the NetScaler device and the
|
|
RHEL machine.</para>
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>Ensure that you installed SNMP on RedHat. If not, run the following command:</para>
|
|
<screen>yum install net-snmp-utils</screen>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Edit the /etc/snmp/snmpd.conf file to allow the SNMP polling from the NetScaler
|
|
device.</para>
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>Map the community name into a security name (local and mynetwork, depending on where
|
|
the request is coming from):</para>
|
|
<note>
|
|
<para>Use a strong password instead of public when you edit the following table.</para>
|
|
</note>
|
|
<screen># sec.name source community
|
|
com2sec local localhost public
|
|
com2sec mynetwork 0.0.0.0 public</screen>
|
|
<note>
|
|
<para>Setting to 0.0.0.0 allows all IPs to poll the NetScaler server.</para>
|
|
</note>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Map the security names into group names: </para>
|
|
<screen># group.name sec.model sec.name
|
|
group MyRWGroup v1 local
|
|
group MyRWGroup v2c local
|
|
group MyROGroup v1 mynetwork
|
|
group MyROGroup v2c mynetwork</screen>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Create a view to allow the groups to have the permission to:</para>
|
|
<screen>incl/excl subtree mask view all included .1 </screen>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Grant access with different write permissions to the two groups to the view you
|
|
created.</para>
|
|
<screen># context sec.model sec.level prefix read write notif
|
|
access MyROGroup "" any noauth exact all none none
|
|
access MyRWGroup "" any noauth exact all all all </screen>
|
|
</listitem>
|
|
</orderedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Unblock SNMP in iptables.</para>
|
|
<screen>iptables -A INPUT -p udp --dport 161 -j ACCEPT</screen>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Start the SNMP service:</para>
|
|
<screen>service snmpd start</screen>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Ensure that the SNMP service is started automatically during the system startup:</para>
|
|
<screen>chkconfig snmpd on</screen>
|
|
</listitem>
|
|
</orderedlist>
|
|
</section>
|