You are correct, Keith. For switch objects, xCAT only supports SNMPv3 security level authNoPriv. For pdu objects, xCAT supports SNMPv3 security levels of noAuthNoPriv, authNoPriv, or authPriv.
________________________________ From: Hannum, Keith <keith.han...@lmco.com> Sent: Thursday, April 28, 2022 2:08 PM To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net> Subject: [EXTERNAL] Re: [xcat-user] switch discovery with snmpv3 Nathan, I think what I am saying is, if you are using v3 for the switches, with different auth and priv “keys”, there is no where to store them in the switch table. The fields of the switch table: ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Nathan, I think what I am saying is, if you are using v3 for the switches, with different auth and priv “keys”, there is no where to store them in the switch table. The fields of the switch table: #switch,snmpversion,username,password,privacy,auth,linkports,sshusername,sshpassword,protocol,switchtype,comments,disable The fields of the PDU table: #node,nodetype,pdutype,outlet,username,password,snmpversion,community,snmpuser,authtype,authkey,privtype,privkey,seclevel,comments,disable See how the pdu table has authtype and authkey, privtpe and privkey? The switch table only has auth and priv. How do you store the keys? From: Nathan A Besaw <bes...@us.ibm.com> Sent: Thursday, April 28, 2022 1:58 PM To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net> Subject: EXTERNAL: Re: [xcat-user] switch discovery with snmpv3 There is some additional discussion here that is relevant to this topic: https://xcat-docs.readthedocs.io/en/stable/advanced/networks/ethernet_switches/ethernet_switches.html<https://xcat-docs.readthedocs.io/en/stable/advanced/networks/ethernet_switches/ethernet_switches.html> During switch discovery, xCAT is using SNMPv1 only because it has not yet discovered the switches yet. It only has a list of IP addresses that it is trying to match to switch object definitions and it attempts to do the mapping by reading the vendor info, mac address, and hostname using SNMPv1. After xCAT is able to discover the switch, SNMPv3 can be used for future SNMP communication with known switch and PDU objects. In the PDU example you provided, xCAT will use the SNMPv3 settings from the pdu table, but this is after the PDU has already been discovered. Are you having a specific problem or looking for clarification about how xCAT uses SNMP for switch and PDU communication? ________________________________ From: Hannum, Keith <keith.han...@lmco.com<mailto:keith.han...@lmco.com>> Sent: Thursday, April 28, 2022 10:06 AM To: xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net> <xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net>> Subject: [EXTERNAL] [xcat-user] switch discovery with snmpv3 switchdiscovery (switchdiscovery.pm) appears to only support snmpv1. All snmpwalk commands are hard coded to -v1. The documentation mentions snmpv3 support. https://xcat-docs.readthedocs.io/en/stable/advanced/networks/switchdiscover/switch_based_switch_discovery.html?highlight=switch%20discovery<https://xcat-docs.readthedocs.io/en/stable/advanced/networks/switchdiscover/switch_based_switch_discovery.html?highlight=switch%20discovery> ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd switchdiscovery (switchdiscovery.pm) appears to only support snmpv1. All snmpwalk commands are hard coded to -v1. The documentation mentions snmpv3 support. https://xcat-docs.readthedocs.io/en/stable/advanced/networks/switchdiscover/switch_based_switch_discovery.html?highlight=switch%20discovery<https://xcat-docs.readthedocs.io/en/stable/advanced/networks/switchdiscover/switch_based_switch_discovery.html?highlight=switch%20discovery> The switches table supports snmpversion=3, and setting the privacy and auth protocols, but not the privacy and auth keys which are required for snmp v3 privAuth. The v3 setup seems to be incomplete, and not implemented into switchdiscovery. switches.5 — xCAT 2.16.3 documentation (xcat-docs.readthedocs.io)<https://xcat-docs.readthedocs.io/en/stable/guides/admin-guides/references/man5/switches.5.html?highlight=switches> For reference, the pdu.pm has v3 support that matches the info that comes from the pdu table … } elsif ($seclevel eq "authPriv") { $snmpcmd = "snmpwalk -v3 -u $snmpuser -a $authtype -A $authkey -l $seclevel -x $privtype -X $privkey"; Is this an oversight/gap in functionality or am I missing something?
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
