https://bugzilla.redhat.com/show_bug.cgi?id=582443
Description of problem: In many deployment scenario, systems have more than one network interface, bare metal of virtual instances, and there is an increased need to improve multi homed network support in RHDS in the silent install, in the console, so that nsslapd-listenhost is used by default. This RFE is for the SNMP support part, the tables with counters have indexes built with the port number as part of their index, so there is no way to differenciate or access counters for different network IP addresses for instances all listening on port 389 on a system. May be a combination string of IP address and TCP port could be used? But then, I am not sure how we should handle IPv6 For example, if I have a test system with 3 network interfaces: netstat -lnp|egrep "389|390|391" tcp 0 0 10.14.52.45:389 0.0.0.0:* LISTEN 4995/ns-slapd tcp 0 0 10.14.54.247:389 0.0.0.0:* LISTEN 4859/ns-slapd tcp 0 0 10.14.54.241:389 0.0.0.0:* LISTEN 4697/ns-slapd TCP-MIB::tcpConnState.10.14.52.45.389.0.0.0.0.0 = INTEGER: listen(2) TCP-MIB::tcpConnState.10.14.54.241.389.0.0.0.0.0 = INTEGER: listen(2) TCP-MIB::tcpConnState.10.14.54.247.389.0.0.0.0.0 = INTEGER: listen(2) And I can only access the "first" set of counters, the one on the first network interface I set up: SNMPv2-SMI::enterprises.2312.6.1.1.1.389 = Counter64: 0 SNMPv2-SMI::enterprises.2312.6.1.1.2.389 = Counter64: 0 SNMPv2-SMI::enterprises.2312.6.1.1.3.389 = Counter64: 0 SNMPv2-SMI::enterprises.2312.6.1.1.4.389 = Counter64: 0 if the ns-slapd instances are listening on different tcp ports: SNMPv2-SMI::enterprises.2312.6.5.1.2.389 = STRING: "Red Hat-Directory/8.1.0" SNMPv2-SMI::enterprises.2312.6.5.1.2.390 = STRING: "Red Hat-Directory/8.1.0" SNMPv2-SMI::enterprises.2312.6.1.1.1.389 = Counter64: 0 SNMPv2-SMI::enterprises.2312.6.1.1.1.390 = Counter64: 0 SNMPv2-SMI::enterprises.2312.6.1.1.1.391 = Counter64: 0 Version-Release number of selected component (if applicable): Red Hat Enterprise Linux Server release 5.4 (Tikanga) Linux ms-test1.sjc.redhat.com 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux redhat-ds-8.1.0-1.el5dsrv net-snmp-5.3.2.2-9.el5 net-snmp-utils-5.3.2.2-9.el5 How reproducible: always Steps to Reproduce: 1. have el5 and redhat-ds 2. configure a virtual network interface to eth0 or use a seocnd network interface to a virtual machine 3. prep .inf files for 2 RHSD instance, silent install, ldapmodify for nsslapd-listenhost: xx and nsslapd-port: 389, restart ns-slapd's 4. vi /etc/snmp/snmpd.conf master agentx mibdirs +/usr/share/dirsrv/mibs syscontact softw@ourdomain.com syslocation here rocommunity public 127.0.0.1 5. vi /etc/dirsrv/config/ldap-agent.conf agentx-master /var/agentx/master agent-logdir /var/log server slapd-ms-test1 server slapd-ms-test1-2 6. /usr/bin/ldap-agent /etc/dirsrv/config/ldap-agent.conf 7. snmpwalk -v 2c localhost -c public .1.3.6.1.4.1.2312 Actual results: one set of counters is accessible for the "first" interface Expected results: set of snmp counters for each network interface and tcp port configured for active ns-slapd instances Additional info:
batch move to milestone 1.3
set default ticket origin to Community
Added initial screened field value.
The easy way to fix this is to add a new configuration setting to "cn=config". This setting would allow you to define the SNMP "index" to use for that particular DS instance. For example, if I have 2 DS instances on the same host who both use port 389 on different network interfaces, I would be able to arbitrarily assign index number "50" to the first instance, and index number "51" to the second instance. In the config for the first instance, it would look something like this:
nsslapd-snmp-index: 50
The nice thing with this approach is that it requires no changes to the MIB or how our current SNMP results are interpreted.
If the new config setting is not specified, the port number should be used as the index as we do currently.
'''Here is the current status'''
Sorry for the delay, at a first read I thought the request was to have DS listening on several interfaces (nsslapd-listenhost) and I spent some time to understand what needed to be done.
I implement the fix and sent a review ''' Here are the next steps'''
Waiting for the review
attachment 0001-Ticket-205-snmp-counters-index-strings-for-multiple-.patch
The code for the SNMP subagent looks fine, but you will have a problem if you try to add the nsslapd-snmp-index attribute to "cn=config". If you attempt to add this new attribute using ldapmodify, the server will reject it with err=53. You can manually edit dse.ldif when ns-slapd is stopped, but you will get an error about the config attribute being unknown when you start ns-slapd.
Even though ns-slapd doesn't need to do anything with the new nsslapd-snmp-index attribute, we will still need to make some code changes to prevent these errors.
Here is the current status
Here are the next steps
attachment 0002-Ticket-205-snmp-counters-index-strings-for-multiple-.patch
I don't think you should remove this block of code, as it is there to prevent us from processing through every line of dse.ldif after we have found everything that we were looking for in the file: {{{ / Stop processing this entry if we found the * port and rundir settings / if (got_port && got_rundir) { break; } }}}
Now that one may optionally specify the nsslapd-snmp-index attribute, we will have to process through the entire LDIF if the optional attribute is not set, but we can at least stop processing the dse.ldif if we have already found the optional attribute. I think you can leave this block in and change the condition as a small optimization:
{{{ / Stop processing this entry if we found the * port, rundir, and SNMP index settings / if (got_port && got_rundir && got_snmp_index) { break; } }}}
Aside from that, the patch looks good to me.
Thanks for you review Nathan.
My understanding is that this accelerator test is only when parsing the entry 'dn: cn=config'. If parsing this entry and found port+rundir, it was fine to stop parsing this entry. In case of an optional snmp-index, we need to go through the complete entry 'cn=config' to know if a snmp-index is or not defined later.
I will double check that.
Replying to [comment:14 tbordaz]:
Thanks for you review Nathan. My understanding is that this accelerator test is only when parsing the entry 'dn: cn=config'. If parsing this entry and found port+rundir, it was fine to stop parsing this entry. In case of an optional snmp-index, we need to go through the complete entry 'cn=config' to know if a snmp-index is or not defined later. I will double check that.
You are correct. It is only processing cn=config, not the entire dse.ldif. We can stop parsing the entry if we find port+rundir+snmp-index.
Hi Nathan,
thanks for the review. I changed the fix to leave the block that stop the processing if all researched info (port/rundir/snmp_index) have been found. I attached the new patch 0003-Ticket-205-snmp-counters-index-strings-for-multiple-.patch
thierry
attachment 0003-Ticket-205-snmp-counters-index-strings-for-multiple-.patch
git merge ticket205_review Updating bb7a41b..2f02b0d Fast-forward ldap/servers/slapd/libglobs.c | 40 +++++++++++++++++++++++++++++++++++++++- ldap/servers/slapd/proto-slap.h | 1 + ldap/servers/slapd/slap.h | 2 ++ ldap/servers/snmp/main.c | 22 +++++++++++++++++++--- 4 files changed, 61 insertions(+), 4 deletions(-)
commit 2f02b0d Author: Thierry bordaz (tbordaz) tbordaz@redhat.com Date: Wed Apr 17 16:06:32 2013 +0200
git push origin master Counting objects: 19, done. Delta compression using up to 4 threads. Compressing objects: 100% (10/10), done. Writing objects: 100% (10/10), 2.52 KiB, done. Total 10 (delta 8), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git bb7a41b..2f02b0d master -> master
Fix compiler warning 0001-Ticket-205-Fix-compiler-warning.patch
Fixed compiler warning:
git merge ticket205 Updating 7c8c32e..1838c0b Fast-forward ldap/servers/slapd/libglobs.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
git push origin master Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 617 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 7c8c32e..1838c0b master -> master
commit 1838c0b
Metadata Update from @tbordaz: - Issue assigned to tbordaz - Issue set to the milestone: 1.3.2 - 05/13 (May)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/205
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.