Menu
▾
▴
Re: [Netdisco] Change of snmp credentials
|
From: Jeroen v. I. <j.v...@ut...> - 2016-09-09 08:03:58
|
Hi Linwood, This looks like a minor bug. Not sure about the trigger or when it was introduced though... The last working read-only community is stored in devices.snmp_comm and devices.snmp_ver hold the SNMP version used with that community. Netdisco has done this for as long as I can remember (since 0.9x versions). The community table was introduced a lot later; afaik mostly to cache the SNMP read-write community so port control tasks (eg VLAN change, port disable/enable, port description change) run faster. I have a number of switches with an entry in the separate community table; when the "snmp_auth_tag" column contains the value "v2default", read-only access to the switch is always tried with "public" community first, no matter the value for "snmp_comm" in the devices table. At least the entries in the community table should be deleted when a device is deleted, so they don't linger. Looks like a device delete will clear the associated snmp_comm_rw, but not remove the entry. Regards, Jeroen van Ingen ICT Service Centre University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands On 07/26/2016 09:16 PM, on...@LE... wrote: > I finally tracked down what was causing some strange results, and not > sure if there is a better way to solve this. And/or if it might merit > consideration in the product. > > > > Some systems (net-snmp for example) come by default with a limited view > of snmp under "public". > > > > Some systems are stuck on "public" because you may not be able to get a > client to change them, or their admins forgot how. > > > > This led me to a problem. I had a couple of linux systems which had not > been changed to our normal snmp community string. When Netdisco saw > them it tried that and failed, then tried public and worked. A bit. No > ports for example. > > > > So I noticed, and fixed the servers to the right snmp community string. > > > And waited… no change. So discovered them again - no change. Hmmm… > Maybe (thinks I) it remembers, so I deleted the host and rediscovered. > No change. > > > > I finally found there is a "community" table that stashes an IP and the > community tags that last worked. It does not appear to go away even if > you delete that host (well, to be fair it's indexed by IP and only > indirectly then tied to the host). When I truncated that, it obviously > had to start over. > > > > Is there a "proper" way to make it start over? > > > > Yes, I know I can limit "public" to specific devices, but actually I > like that it tries that on any new items, as often it provides useful > information to identify and fix them. > > > > Should deleting a host perhaps clear out any IP's in the community table > that have been associated with that device? > > > > Was there a better approach? > > > > Linwood > > > |
