Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow alternative agentx socket configuration #92

Merged
merged 12 commits into from
Nov 21, 2018

Conversation

MichelMoriniaux
Copy link
Contributor

The point of this commit is to open up the snmp container to other agentx implementations in other containers.
By default the snmp agentx implementation uses '/var/agentx/master' unix domain socket as per RFC.
If we want other containers to be able to connect to the snmp container we need to expose this unix socket outside the container. To do this the unix socket needs to be instantiated on the host then exposed via a mount or volume to the containers that wish to use it including the snmp container. This is a good option which allows securing the socket via Unix file system permissions but in reality these permissions end up being too wide and a LOT of files need to be touched in a lot of repos to get this to work. additionally this breaks backwards compatibility. We believe there is a better way.

In this implementation we chose to use the snmp provisions to override the default socket via a configuration directive in the /etc/snmp/snmpd.conf file:
agentxsocket tcp:localhost:705
we modify the ax_implementation so that this directive is read and the client connects to the defined tcp port, modifies unix socket or the default socket if the directive is not present. Thus we do not break behavior for existing configs and we allow the use of the facility in case it is configured.

The main real-world direct application of this is to allow the docker-fpm-frr container to feed bgp metrics to the snmp-container so that they can be polled.
Once the frr container is built with snmp support, the addition of a /etc/snmp/frr.conf with a single line containing "agenXSocket tcp:localhost:705" does the trick and BGP information can be polled from the switch via the BGPv4 MIB.

- What I did

- How I did it

- How to verify it

- Description for the changelog

MichelMoriniaux and others added 8 commits August 2, 2018 13:51
* ifSpeed now reports speed under 2^32 bps
* ifSpeed returns 2^32 is speed is above
* ifHighSpeed reports the interface speed in Mbps
* ifHighSpeed defaults to 40000 if speed not available in APPL_DB
* unit tests for rfc1213 and rfc2863
* appl_db.json modified to provide variety of speeds

  Signed-off-by: michel.moriniaux@gmail.com
* ifSpeed now reports speed under 2^32 bps
* ifSpeed returns 2^32 is speed is above
* ifHighSpeed reports the interface speed in Mbps
* ifHighSpeed defaults to 40000 if speed not available in APPL_DB
* unit tests for rfc1213 and rfc2863
* appl_db.json modified to provide variety of speeds

  Signed-off-by: michel.moriniaux@gmail.com
* ifSpeed now reports speed under 2^32 bps
* ifSpeed returns 2^32 is speed is above
* ifHighSpeed reports the interface speed in Mbps
* ifHighSpeed defaults to 40000 if speed not available in APPL_DB
* unit tests for rfc1213 and rfc2863
* appl_db.json modified to provide variety of speeds

  Signed-off-by: michel.moriniaux@gmail.com
* ifAlias should retrun the interface description not the
  SONiC name
* unit tests

  Signed-off-by: michel.moriniaux@gmail.com
* missing self. keyword

  Signed-off-by: michel.moriniaux@gmail.com
* added code to read the snmpd.conf file for alternate agentx socket
* added code to open the connection according to the type of socket

This will allow external containers to use agentx to communicate with
the snmp container. This is done by changing the default unix socket
/var/agentx/master to a tcp socket via the /etc/snmp/snmpd.conf file.
The agentx implementation reads the config directive from this file
and adapts accordingly
This allows export of SNMP metrics by the FRR container for eg.

  signed-off-by: Michel Moriniaux <michel.moriniaux@gmail.com>
Copy link
Contributor

@qiluo-msft qiluo-msft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As comments.

@qiluo-msft
Copy link
Contributor

qiluo-msft commented Nov 19, 2018

Could you refine the PR title, with at least one verb? #Closed

@qiluo-msft
Copy link
Contributor

qiluo-msft commented Nov 19, 2018

May I ask if vanilla quagga also has the capability? Not limited to FRR? #Closed

@MichelMoriniaux
Copy link
Contributor Author

MichelMoriniaux commented Nov 20, 2018

May I ask if vanilla quagga also has the capability? Not limited to FRR?

I wasn't able to make it work on Quagga, even though documentation says it should work. I was not able to compile a working snmp version of Quagga. #Resolved

@MichelMoriniaux MichelMoriniaux changed the title agentx TCP connection Allow alternative agentx socket configuration Nov 20, 2018
@MichelMoriniaux
Copy link
Contributor Author

MichelMoriniaux commented Nov 20, 2018

Could you refine the PR title, with at least one verb?

Changed #Resolved

* added code to read the snmpd.conf file for alternate agentx socket
* added code to open the connection according to the type of socket
* corrections and coments from Qi Luo

This will allow external containers to use agentx to communicate with
the snmp container. This is done by changing the default unix socket
/var/agentx/master to a tcp socket via the /etc/snmp/snmpd.conf file.
The agentx implementation reads the config directive from this file
and adapts accordingly
This allows export of SNMP metrics by the FRR container for eg.

  signed-off-by: Michel Moriniaux <michel.moriniaux@gmail.com>
@MichelMoriniaux
Copy link
Contributor Author

changes addressed and commits done

Copy link
Contributor

@qiluo-msft qiluo-msft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One issue added

* added code to read the snmpd.conf file for alternate agentx socket
* added code to open the connection according to the type of socket
* corrections and coments from Qi Luo

This will allow external containers to use agentx to communicate with
the snmp container. This is done by changing the default unix socket
/var/agentx/master to a tcp socket via the /etc/snmp/snmpd.conf file.
The agentx implementation reads the config directive from this file
and adapts accordingly
This allows export of SNMP metrics by the FRR container for eg.

  signed-off-by: Michel Moriniaux <michel.moriniaux@gmail.com>
* added code to read the snmpd.conf file for alternate agentx socket
* added code to open the connection according to the type of socket
* corrections and coments from Qi Luo

This will allow external containers to use agentx to communicate with
the snmp container. This is done by changing the default unix socket
/var/agentx/master to a tcp socket via the /etc/snmp/snmpd.conf file.
The agentx implementation reads the config directive from this file
and adapts accordingly
This allows export of SNMP metrics by the FRR container for eg.

  signed-off-by: Michel Moriniaux <michel.moriniaux@gmail.com>
Copy link
Contributor

@qiluo-msft qiluo-msft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! It looks good to me.

@qiluo-msft qiluo-msft merged commit 660a752 into sonic-net:master Nov 21, 2018
@qiluo-msft
Copy link
Contributor

Once the frr container is built with snmp support, the addition of a /etc/snmp/frr.conf with a single line containing "agenXSocket tcp:localhost:705" does the trick and BGP information can be polled from the switch via the BGPv4 MIB.

@MichelMoriniaux Since FRR is the default routing stack on master branch, would you like continue the integration?

@MichelMoriniaux
Copy link
Contributor Author

MichelMoriniaux commented May 9, 2019 via email

@pavel-shirshov
Copy link
Contributor

Hi Michel,

Can you please elaborate on the licensing issues here?
Is there a special license for frr - snmp integration?

Thanks

@MichelMoriniaux
Copy link
Contributor Author

MichelMoriniaux commented May 13, 2019 via email

@pavel-shirshov
Copy link
Contributor

Hi Michel,

Thank you for the valuable information.

Thanks

@MichelMoriniaux
Copy link
Contributor Author

MichelMoriniaux commented May 13, 2019 via email

@qiluo-msft
Copy link
Contributor

Thanks @MichelMoriniaux!
I notice that https://github.com/FRRouting/frr/releases/tag/frr-6.0.2 isolated frr-snmp from frr. This is also the case of debian packages:
https://packages.debian.org/buster/frr
https://packages.debian.org/buster/frr-snmp

Seems a workable solution we could follow.

@MichelMoriniaux
Copy link
Contributor Author

MichelMoriniaux commented May 14, 2019 via email

@qiluo-msft
Copy link
Contributor

Just to clarify, the master branch of sonic-buildimage is building frr 6.0.2-0 into a stretch docker image. I do see frr-snmp_6.0.2-0_amd64.deb in Jenkins workspace, but I have never tested it.

@MichelMoriniaux
Copy link
Contributor Author

MichelMoriniaux commented May 14, 2019 via email

@pavel-shirshov
Copy link
Contributor

Now we have frr-7.0 in sonic-master

@MichelMoriniaux
Copy link
Contributor Author

MichelMoriniaux commented May 16, 2019 via email

@MichelMoriniaux
Copy link
Contributor Author

please see sonic-buildimage PR 2981

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants