PreviousNextIndex

Appendix D: HACMP and SNMP Utilities


This appendix discusses the Simple Network Management Protocol (SNMP) and describes the relationship between the HACMP SNMP-based utilities and other SNMP-based utilities that run on the RS/6000 and SMP platforms.

This guide does not discuss the SNMP standard in depth. See the appropriate AIX 5L documentation for more detailed information about SNMP.

Overview

SNMP is a set of standards for monitoring and managing TCP/IP-based networks. SNMP includes a protocol, a database specification, and a set of data objects. A set of data objects forms a Management Information Base (MIB). SNMP provides a standard MIB that includes information such as IP addresses and the number of active TCP connections. The actual MIB definitions are encoded into the agents running on a system. The standard SNMP agent is the SNMP daemon, snmpd.

MIB-2 is the standard for defining over 100 TCP/IP specific objects, including configuration and statistical information such as:

  • Information about interfaces
  • Address translation
  • IP, ICMP (Internet-control message protocol), TCP, UDP.
  • SNMP can be extended through the use of the SNMP Multiplexing protocol (the SMUX protocol) to include enterprise-specific MIBs that contain information relating to a discrete environment or application. The Cluster Manager retrieves and maintains information about the objects defined in its MIB, and passes this information on to a specialized network monitor or network management station.

    The HACMP software, NetView for AIX 5L, and Systems Monitor for AIX 5L all include the following SMUX daemons: clstrmgr, trapgend, and sysinfod, respectively. You must be aware of possible conflicts between these daemons.

    HACMP SNMP Components

    The HACMP software provides an enterprise-specific (generic type 6) MIB. The source file is hacmp.my. The mosy command compiles hacmp.my (with other standard MIBs) to generate the hacmp.defs file.

    The HACMP MIB, is associated with and maintained by the Cluster Manager. The HACMP software also provides two cluster monitor programs, the Cluster Information Program (Clinfo) and clstat.

    Cluster Information Program (Clinfo)

    Clinfo is a cluster monitoring program. It requests information about the current cluster state from the Cluster Manager. The Cluster Manger updates data using internal, dynamically allocated data structures that are accessible to Clinfo clients—applications that use Clinfo
    API functions.

    By default, Clinfo receives information from the Cluster Manager by polling. The time between polling is set by an argument to Clinfo, which defaults to 15. Clinfo can also receive information asynchronously through traps. In response to traps, Clinfo sends a request for more information to the Cluster Manager. It does not parse the trap message data itself; instead, Clinfo employs a trap-directed polling policy.

    To enable Clinfo to receive traps, call it using the -a option. Since Clinfo is started through the System Resource Controller (SRC), the best way to do this is by entering:

    chssys -s clinfoES -a "-a" 
    

    Then use the lssrc command to ensure this change occurred. Enter:

    lssrc -Ss clinfoES | awk -F: '{print $3}'  
    

    Traps provide more timely information to Clinfo clients. The trap function is completely transparent to these clients—they simply register to receive various events. Clinfo notifies the traps via signals when those events occur. Note, however, that Clinfo's polling interval is doubled when traps are enabled.

    SNMP Community Names and Clinfo

    The default SNMP community name for Clinfo is “public.” You can override this by using the following command to force the SRC to start Clinfo with the -c switch by entering:

    chssys -s clinfoES -a "-c abcdef" 
    

    where abcdef is an SNMP community name defined as such in the snmpd.conf file.

    Then use the lssrc command to ensure this change occurred. Enter:

    lssrc -Ss clinfoES | awk -F: '{print $3}'  
    

    HACMP now supports a SNMP Community Name other than “public”. If the default SNMP Community Name has been changed in /etc/snmpd.conf to something different from the default of “public” HACMP will function correctly. The SNMP Community Name used by HACMP will be the first name found that is not “private” or “system” using the lssrc -ls snmpd command. The Clinfo service will also get the SNMP Community Name in the same manner.

    The Clinfo service still supports the -c option for specifying SNMP Community Name but its use is not required. The use of the -c option is considered a security risk because doing a ps command could find the SNMP Community Name. If it is important to keep the SNMP Community Name protected, change permissions on /tmp/hacmp.out, /etc/snmpd.conf, /smit.log and /usr/tmp/snmpd.log to not be world readable.

    Important Notes on snmpdv3.conf File

    AIX snmpdv3 has three functions or parts: One is the SNMP v3 agent, one is the SMUX server, and the last is the DPI2 agent. The DPI2 agent has to use community “public” to get a port number from DPI2 subagents (hostmibd, snmpmibd, aixmibd) to communicate with them. For this reason you should still keep community name “public” and give the “public” a view of only this dpiPortForTCP.0 (1.3.6.1.4.1.2.2.1.1.1.0) MIB variable so that the DPI2 agent can get the port number from subagents. See the example snmpdv3.conf file below. Also, refer to the documentation at:

    http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixbman/commadmn/snmp_v3architecture.htm

    Sample snmpdv3.conf File with Non-Public Community Name

    VACM_GROUP group1 SNMPv1  YourLongNameHere  - 
    VACM_GROUP group2 SNMPv1  public  - 
    VACM_VIEW defaultView        internet                   - included - 
    VACM_VIEW dpi2view        1.3.6.1.4.1.2.2.1.1.1         - included - 
    VACM_VIEW defaultView        snmpModules                - excluded - 
    VACM_VIEW defaultView        1.3.6.1.6.3.1.1.4          - included - 
    VACM_VIEW defaultView        1.3.6.1.6.3.1.1.5          - included - 
    VACM_VIEW defaultView        1.3.6.1.4.1.2.6.191        - excluded - 
    VACM_ACCESS  group1 - - noAuthNoPriv SNMPv1  defaultView - defaultView - 
    VACM_ACCESS  group2 - - noAuthNoPriv SNMPv1  dpi2view - - - 
    NOTIFY notify1 traptag trap - 
    TARGET_ADDRESS Target1 UDP 127.0.0.1       traptag trapparms1 - - - 
    TARGET_PARAMETERS trapparms1 SNMPv1  SNMPv1  YourLongNameHere  
    noAuthNoPriv - 
    COMMUNITY YourLongNameHere    YourLongNameHere     noAuthNoPriv 0.0.0.0       
    0.0.0.0         - 
    COMMUNITY public    public     noAuthNoPriv 0.0.0.0     0.0.0.0         
    - 
    DEFAULT_SECURITY no-access - - 
    logging         file=/usr/tmp/snmpdv3.log       enabled 
    logging         size=4194304                    level=0 
    smux            1.3.6.1.4.1.2.3.1.2.1.2         gated_password  # gated 
    smux 1.3.6.1.4.1.2.3.1.2.3.1.1 muxatmd_password #muxatmd 
    smux     1.3.6.1.4.1.2.3.1.2.1.5      clsmuxpd_password # HACMP/ES for 
    AIX clsmuxpd 
    
    Note: See the AIX documentation for full information on the snmpd.conf file. Version 3 (default for AIX 5.2 and up) has some differences from Version 1.

    The /usr/sbin/cluster/clstat Utility

    The /usr/sbin/cluster/clstat utility runs on both ASCII and X terminals. The display automatically corresponds to the capability of the system. However, if you want to run an ASCII display on an X-capable machine, you can do so by specifying the -a option.

    In addition, you can set up clstat to display in a web browser, if you set up a web server on a node that has clinfo running. The browser display makes it easier to view multiple clusters without having to select the clusters one at a time.

    clstat is a Clinfo client. It uses the Clinfo C API to get cluster information from the shared memory segment maintained by Clinfo. It does not register to receive events, but uses the Clinfo polling method.

    The LPP contains both executables and source code for the clstat utility. If you want to recompile clstat, run the make command in the directory /usr/sbin/cluster/samples/clstat.

    NetView for AIX 5L

    NetView for AIX 5L is a network manager that includes both a GUI and daemons that support the SNMP protocol. It can be used in IBM RS/6000 environments to provide an effective tool for monitoring and managing networks. It supports the loading and browsing of enterprise-specific MIBs, and it can be enabled to receive SNMP trap information.

    The trapgend daemon is the SMUX peer agent provided with the NetView for AIX 5L program that converts alertable errors to SNMP traps. On pSeries processors running AIX 5L, system errors are logged by the AIX 5L error logging facilities in the /dev/error special file. An object installed by the NetView for AIX 5L program in each system's Object Data Manager (ODM) directs the AIX 5L error logging daemon (errdaemon) to notify the trap-notify process when alertable errors are logged. These alertable errors are forwarded by the trap-notify process to the trapgend daemon, which converts them to SNMP traps. Using the SMUX protocol, trapgend forwards the traps to the AIX 5L SNMP agent process, snmpd. The snmpd daemon then forwards the traps to the NetView for AIX 5L program's trapd daemon.

    For more information about using this product, see the NetView for AIX 5L documentation.

    Systems Monitor for AIX 5L

    Systems Monitor for AIX 5L runs the sysinfod SMUX peer daemon that monitors the following characteristics:

  • Machine name, type, and processor ID
  • Devices installed on the machine
  • Operating system configuration
  • Status of subsystems, paging devices, and filesystems
  • Network traffic
  • Ethernet, Token-Ring, and X.25 adapter information
  • Active processes
  • Users
  • CPU and device utilization.
  • If trap filtering is enabled on this agent system, the sysinfod daemon receives SNMP traps on port 162. By default, the snmpd daemon sends all received SNMP traps to the sysinfod daemon for filtering. The traps are evaluated by the sysinfod daemon, and those traps meeting the filter criteria are forwarded to the manager system.

    For more information about using this product, see the Systems Monitor for AIX 5L documentation.

    Systems Monitor Startup Options for HACMP Compatibility

    If you are using the Systems Monitor for AIX 5L along with HACMP on your system, start the sysinfod with the -H option. This option allows the HACMP cl_swap_HW_address utility to function correctly. If the sysinfod is not started with the -H option, it keeps the adapter busy all the time it is active, and this prevents the cl_swap_HW_address utility from removing the device when it tries swapping the HW address.

    Trap Conflicts between SMUX Peer Daemons

    A single SNMP agent (snmpd daemon) can send the same trap to multiple SNMP managers; this agent is configured in the /etc/snmpd.conf file. However, only one SNMP manager (for example, NetView for AIX 5L) can run on a given network station, because only one TCP/IP program at a time can listen on a particular port. There is no way to work around this limitation.

    In the case of NetView for AIX 5L, the trapd daemon listens on port 162 and forwards traps to NetView for AIX 5L. In turn, NetView for AIX 5L can forward traps to multiple NetView for AIX 5L applications that have registered with NetView for AIX 5L. trapgend can generate traps for AIX 5L system error-log-related events. The variables in the private portion of trapgend are described in the file /usr/etc/nm/mibs/ibm-nv6ksubagent.mib.

    When the sysinfod daemon is installed on an NetView for AIX 5L manager, trap reception is disabled for filtering. This is set in the /usr/adm/sm6000/config/install.config configuration file. However, when the sysinfod daemon is installed on a node without the manager installed, trap reception is enabled using the same file. You can install NetView for AIX 5L on a node where the sysinfod daemon is already installed and trap reception is enabled. This causes the NetView for AIX 5L trapd daemon to fail to start since the sysinfod daemon is using the port.

    Both the NetView for AIX 5L manager and the sysinfod daemon cannot share this port. Disable filtering on this node by way of the /usr/adm/sm6000/config/install.config configuration file. In this way, when you start the sysinfod daemon, it has trap reception and filtering disabled.

    Similarly, Clinfo cannot be enabled to receive traps from the SNMP process (activated by the -a flag) if trapgend is also running. If the NetView for AIX 5L trap daemons are started first, Clinfo will immediately exit with a smux_connect error. If Clinfo is started first with the -a option, most of the NetView for AIX 5L daemons will not start.


    PreviousNextIndex