Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@i_bushclover

【ProxmoxVE】snmpdの導入と設定

Last updated at Posted at 2024-09-16

前回のrsyslog導入(【ProxmoxVE】rsyslogの導入と設定)に続き、snmpdの導入をしてみようと思います。

前提

rsyslogと同じですが、ProxmoxVEバージョンは8.2-1、非インターネット環境を想定して、apt-get以外の方法で導入してみます。

環境

以下のような環境にて試しています。
PVE検証イメージ図v2.png
監視ソフトとしてZabbixを利用しました。

debパッケージの入手

snmpdの導入にあたり、下記パッケージをダウンロードし、Proxmoxへscpで配置しました。
・libc6_2.36-9+deb12u8_amd64.deb
・lsb-base_11.6_all.deb
・libsnmp-base_5.9.3+dfsg-2_all.deb
・libsensors-config_3.6.0-7.1_all.deb
・libssl3_3.0.14-1~deb12u2_amd64.deb
・libsensors5_3.6.0-7.1_amd64.deb
・libsnmp40_5.9.3+dfsg-2_amd64.deb
・snmpd_5.9.3+dfsg-2_amd64.deb

依存関係やバージョンの調べ方は以前の記事(【ProxmoxVE】apt-get出来ない環境での追加パッケージ確認方法)を参考にどうぞ。

パッケージのインストール

dpkg -iにて一つずつ導入しました。
インストール順は上で書いたパッケージの順序です。

dpkg -iでのsnmpd導入・コマンドと結果 
root@pve103:/var/tmp/20240910_install_snmpd# dpkg -i libc6_2.36-9+deb12u8_amd64.deb
(Reading database ... 47863 files and directories currently installed.)
Preparing to unpack libc6_2.36-9+deb12u8_amd64.deb ...
Unpacking libc6:amd64 (2.36-9+deb12u8) over (2.36-9+deb12u6) ...
Setting up libc6:amd64 (2.36-9+deb12u8) ...
Processing triggers for libc-bin (2.36-9+deb12u6) ...
root@pve103:/var/tmp/20240910_install_snmpd#

root@pve103:/var/tmp/20240910_install_snmpd# dpkg -i lsb-base_11.6_all.deb
Selecting previously unselected package lsb-base.
(Reading database ... 47863 files and directories currently installed.)
Preparing to unpack lsb-base_11.6_all.deb ...
Unpacking lsb-base (11.6) ...
Setting up lsb-base (11.6) ...
root@pve103:/var/tmp/20240910_install_snmpd#

root@pve103:/var/tmp/20240910_install_snmpd# dpkg -i libsnmp-base_5.9.3+dfsg-2_all.deb
Selecting previously unselected package libsnmp-base.
(Reading database ... 47867 files and directories currently installed.)
Preparing to unpack libsnmp-base_5.9.3+dfsg-2_all.deb ...
Unpacking libsnmp-base (5.9.3+dfsg-2) ...
Setting up libsnmp-base (5.9.3+dfsg-2) ...
Processing triggers for man-db (2.11.2-2) ...
root@pve103:/var/tmp/20240910_install_snmpd#

root@pve103:/var/tmp/20240910_install_snmpd# dpkg -i libsensors-config_3.6.0-7.1_all.deb
Selecting previously unselected package libsensors-config.
(Reading database ... 47969 files and directories currently installed.)
Preparing to unpack libsensors-config_3.6.0-7.1_all.deb ...
Unpacking libsensors-config (1:3.6.0-7.1) ...
Setting up libsensors-config (1:3.6.0-7.1) ...
root@pve103:/var/tmp/20240910_install_snmpd#

root@pve103:/var/tmp/20240910_install_snmpd# dpkg -i libssl3_3.0.14-1~deb12u2_amd64.deb
(Reading database ... 47976 files and directories currently installed.)
Preparing to unpack libssl3_3.0.14-1~deb12u2_amd64.deb ...
Unpacking libssl3:amd64 (3.0.14-1~deb12u2) over (3.0.11-1~deb12u2) ...
Setting up libssl3:amd64 (3.0.14-1~deb12u2) ...
Processing triggers for libc-bin (2.36-9+deb12u6) ...
root@pve103:/var/tmp/20240910_install_snmpd#

root@pve103:/var/tmp/20240910_install_snmpd# dpkg -i libsensors5_3.6.0-7.1_amd64.deb
Selecting previously unselected package libsensors5:amd64.
(Reading database ... 48000 files and directories currently installed.)
Preparing to unpack libsensors5_3.6.0-7.1_amd64.deb ...
Unpacking libsensors5:amd64 (1:3.6.0-7.1) ...
Setting up libsensors5:amd64 (1:3.6.0-7.1) ...
Processing triggers for libc-bin (2.36-9+deb12u6) ...
root@pve103:/var/tmp/20240910_install_snmpd#

root@pve103:/var/tmp/20240910_install_snmpd# dpkg -i libsnmp40_5.9.3+dfsg-2_amd64.deb
(Reading database ... 48007 files and directories currently installed.)
Preparing to unpack libsnmp40_5.9.3+dfsg-2_amd64.deb ...
Unpacking libsnmp40:amd64 (5.9.3+dfsg-2) over (5.9.3+dfsg-2) ...
Setting up libsnmp40:amd64 (5.9.3+dfsg-2) ...
Processing triggers for libc-bin (2.36-9+deb12u6) ...
root@pve103:/var/tmp/20240910_install_snmpd#

root@pve103:/var/tmp/20240910_install_snmpd# dpkg -i snmpd_5.9.3+dfsg-2_amd64.deb
Selecting previously unselected package snmpd.
(Reading database ... 48007 files and directories currently installed.)
Preparing to unpack snmpd_5.9.3+dfsg-2_amd64.deb ...
Unpacking snmpd (5.9.3+dfsg-2) ...
Setting up snmpd (5.9.3+dfsg-2) ...
adduser: Warning: The home directory `/var/lib/snmp' does not belong to the user you are currently creating.
chown: warning: '.' should be ':': ‘Debian-snmp.Debian-snmp’
Created symlink /etc/systemd/system/multi-user.target.wants/snmpd.service → /lib/systemd/system/snmpd.service.
Processing triggers for man-db (2.11.2-2) ...
root@pve103:/var/tmp/20240910_install_snmpd#

snmpエージェント設定

/etc/snmp/snmpd.confファイルの以下を修正し、snmpdサービスの再起動(systemctl restart snmpd)を実施。
・「agentaddress 127.0.0.1,[::1]」を「agentaddress udp:161」に修正
・「view systemonly included ~~」を「view systemonly included .1」に修正
・コミュニティ名を修正

修正したsnmpd.conf全量 
root@pve103:~# cat /etc/snmp/snmpd.conf
###########################################################################
#
# snmpd.conf
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See snmpd.conf(5) man page for details
#
###########################################################################
# SECTION: System Information Setup
#

# syslocation: The [typically physical] location of the system.
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysLocation.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  location_string
sysLocation    Sitting on the Dock of the Bay
sysContact     Me <me@example.org>

# sysservices: The proper value for the sysServices object.
#   arguments:  sysservices_number
sysServices    72



###########################################################################
# SECTION: Agent Operating Mode
#
#   This section defines how the agent will operate when it
#   is running.

# master: Should the agent operate as a master agent or not.
#   Currently, the only supported master agent type for this token
#   is "agentx".
#
#   arguments: (on|yes|agentx|all|off|no)

master  agentx

# agentaddress: The IP address and port number that the agent will listen on.
#   By default the agent listens to any and all traffic from any
#   interface on the default SNMP port (161).  This allows you to
#   specify which address, interface, transport type and port(s) that you
#   want the agent to listen on.  Multiple definitions of this token
#   are concatenated together (using ':'s).
#   arguments: [transport:]port[@interface/address],...

#agentaddress  127.0.0.1,[::1]
agentaddress  udp:161



###########################################################################
# SECTION: Access Control Setup
#
#   This section defines who is allowed to talk to your running
#   snmp agent.

# Views
#   arguments viewname included [oid]

#  system + hrSystem groups only
#view   systemonly  included   .1.3.6.1.2.1.1
#view   systemonly  included   .1.3.6.1.2.1.25.1
view   systemonly  included   .1


# rocommunity: a SNMPv1/SNMPv2c read-only access community name
#   arguments:  community [default|hostname|network/bits] [oid | -V view]

# Read-only access to everyone to the systemonly view
#rocommunity  public default -V systemonly
#rocommunity6 public default -V systemonly
rocommunity  <コミュニティ名> default -V systemonly
rocommunity6 <コミュニティ名> default -V systemonly

# SNMPv3 doesn't use communities, but users with (optionally) an
# authentication and encryption string. This user needs to be created
# with what they can view with rouser/rwuser lines in this file.
#
# createUser username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase]
# e.g.
# createuser authPrivUser SHA-512 myauthphrase AES myprivphrase
#
# This should be put into /var/lib/snmp/snmpd.conf
#
# rouser: a SNMPv3 read-only access username
#    arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
rouser authPrivUser authpriv -V systemonly

# include a all *.conf files in a directory
includeDir /etc/snmp/snmpd.conf.d
root@pve103:~#

これで監視マネージャ側のSNMP監視設定を行えば、とりあえずCPU/メモリ/NWなどの情報収集が可能になりました。
ただし、ルートパーティションのディスク使用率については注意が必要そうです。

ルートパーティションのディスク使用率監視の注意点

Zabbix側で計算したディスク使用率と、dfコマンドで出力される使用率が一致しません。
dfコマンドの結果をよく見ると、「Size > Used + Avail」という状態になっており、snmpで取得できる総容量(HOST-RESOURCES-MIB::hrStorageSize)と使用量(HOST-RESOURCES-MIB::hrStorageUsed)で計算した場合に使用率が低くなってしまうようです。

以下は検証環境でのdf -h結果ですが、SizeとUsed、SizeとAvailどちらで計算しても、Use%の値と一致しませんでした。Used/Sizeが一番低く、次にUse%、Avail/Sizeが大きくなりましたので、より安全に運用するという観点ではSNMPでの監視ではなく、別途スクリプトなどを用意してAvail/Sizeを監視するのが良さそうです。(dfのUse%と一致しないので混乱するかもしれませんが・・・)

root@pve103:~# df -h
Filesystem                          Size  Used Avail Use% Mounted on
udev                                3.9G     0  3.9G   0% /dev
tmpfs                               795M  876K  794M   1% /run
/dev/mapper/pve-root                 19G  3.2G   15G  19% /
tmpfs                               3.9G   60M  3.9G   2% /dev/shm
tmpfs                               5.0M     0  5.0M   0% /run/lock
/dev/fuse                           128M   36K  128M   1% /etc/pve
tmpfs                               3.9G   28K  3.9G   1% /var/lib/ceph/osd/ceph-2
192.168.100.209:/mnt/nfs1/share     178G  2.6G  175G   2% /mnt/pve/nfs_datastore
192.168.100.209:/mnt/nfs1/iso       186G   12G  175G   6% /mnt/pve/nfs_iso
192.168.100.209:/mnt/nfs1/template  178G  2.7G  175G   2% /mnt/pve/nfs_template
tmpfs                               795M     0  795M   0% /run/user/0
root@pve103:~#

またCephを利用している場合、Cephディスクの状態や使用量なんかもSNMPでは取得できないと思いますので、こちらも別途監視スクリプト等を用意することになると思います。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?