Warning Disclaimer: This project is not an officially endorsed or supported Arista project, and should be treated as a best-effort initiative, without any guarantee of performance or reliability.
The goal of this project is to find a cleaner way to install snmpd packages on CVP: this will allow a remote management SNMP system to monitor basic CVP server information (CPU, memory, disk space, ...).
The following project will install snmpd version 5.9.4
in a Kubernetes pod to make a cleaner and easier-to-maintain solution.
This snmpd package does support modern cryptographic algorithms (such as SHA-512
or AES-256
).
Note Kubernetes will expose by default the port UDP
161
on each node. So this port needs to be used from the remote devices (NMS system for example).
If CloudVision has access to the internet this can be downloaded directly to the CLI of the primary node:
cd /cvpi/
wget https://github.com/arista-netdevops-community/cvp-snmp-container/archive/main.tar.gz -O cvp-snmp-container-main.tar.gz
tar -xf cvp-snmp-container-main.tar.gz
cd cvp-snmp-container-main/
Otherwise, download the package as a zip file (via the github web interface) to your computer and scp it to the CVP server.
Then:
unzip /path/to/file/on/cvp/cvp-snmp-container-main.zip -d /cvpi/
Note The repository directory on the cvp server must be exactly
/cvpi/cvp-snmp-container-main/
By default, the configuration file has the following content (using v2c "testing" community string, and v3 arista user):
# Global information
sysname "arista-cvp-server-1"
syslocation "arista-cvp-location"
syscontact "admin"
# Warning: Do not modify this port as this is the port open INSIDE the Kubernetes pod.
# If you wish to modify the host port opened, check the snmpd-monitor.yaml file.
agentAddress udp:161
agentuser root
# For SNMPv2c
rocommunity testing
# For SNMPv3:
createUser arista SHA-512 'arista1234' AES-256 'arista1234'
rouser arista
# pass_persist for kubernetes monitoring
pass_persist .1.3.6.1.3.53.8 /kubernetes.py
A complete list of examples is available in command man 5 snmpd.examples
- For CVP version
>= 2022.3.0
:
tar -xf net_snmp_image.tar.gz && nerdctl load -i net_snmp_image
# Verification:
nerdctl image ls | grep snmp
- For older CVP versions, use the following command:
tar -xf net_snmp_image.tar.gz && docker load -i net_snmp_image
# Verification:
docker image ls | grep snmp
A cronjob needs to be configured to avoid any downtime after an upgrade of CVP is performed (as during the upgrade all the container images are flushed).
This can be accomplished by installing the following cron entry.
Use the following command to edit the crontab:
crontab -e
And add the following:
@reboot /cvpi/cvp-snmp-container-main/load_image_on_boot.sh >> /cvpi/cvp-snmp-container-main/cron.log 2>&1
If in a multi-node cluster, repeat Step 1, 2, 3 and 4 on the secondary node and tertiary node.
This needs to be run only on the primary server.
kubectl apply -f snmpd-monitor.yaml
From the CVP server, we can verify the status of the pods and deployment:
kubectl get pods -l app=snmpd-monitor -o wide
kubectl get daemonset -l app=snmpd-monitor
$ kubectl get pods -l app=snmpd-monitor -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
snmpd-monitor-jg9v6 1/1 Running 0 3m46s 10.42.40.144 cva-3-cvp.ire.aristanetworks.com <none> <none>
snmpd-monitor-l66jt 1/1 Running 0 3m46s 10.42.8.190 cva-2-cvp.ire.aristanetworks.com <none> <none>
snmpd-monitor-nlxxf 1/1 Running 0 3m46s 10.42.65.128 cva-1-cvp.ire.aristanetworks.com <none> <none>
$ kubectl get daemonset -l app=snmpd-monitor
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
snmpd-monitor 3 3 3 3 3 <none> 30s
From a remote device (for example an Arista switch), do an SNMP query:
# SNMPv2c - Get sysname:
switch#bash snmpwalk -v2c -c testing 10.83.13.33:161 1.3.6.1.2.1.1.5.0
SNMPv2-MIB::sysName.0 = STRING: "arista-cvp-server-1"
# SNMPv2c - Get uptime:
switch#bash snmpwalk -v2c -c testing 10.83.13.33:161 1.3.6.1.2.1.25.1.1
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (36197997) 4 days, 4:32:59.97
# SNMPv3 - Get sysname:
switch#bash snmpwalk -v3 -u arista 10.83.13.33:161 -a SHA-512 -A arista1234 -x AES-256 -X arista1234 1.3.6.1.2.1.1.5.0
SNMPv2-MIB::sysName.0 = STRING: "arista-cvp-server-1"
In case you need to modify the SNMP configuration after installation is complete, please follow the below steps.
- Step 1 - Modify the
/cvpi/cvp-snmp-container-main/snmpd.conf
file on each node:
vi /cvpi/cvp-snmp-container-main/snmpd.conf
- Step 2 - On one node (primary for example), delete and re-apply the Kubernetes daemonset:
kubectl delete -f /cvpi/cvp-snmp-container-main/snmpd-monitor.yaml
kubectl apply -f /cvpi/cvp-snmp-container-main/snmpd-monitor.yaml
- Step 3 - Verification:
kubectl get pods -l app=snmpd-monitor -o wide
kubectl get daemonset -l app=snmpd-monitor
Some OIDs and one MIB file are also available to monitor Kubernetes resources.
The MIB file is available here ARISTA-KUBERNETES-MIB.txt
.
The 4 following OIDs are available:
nbPodsInRunningState
: Number of Kubernetes pods in Running statenbNodesInReadyState
: Number of Kubernetes nodes in Ready statek8sNodesInfo
: Kubernetes nodes info (output ofkubectl get nodes -o wide
)k8sPodsInfo
: Kubernetes pods info (output ofkubectl get pods --all-namespaces
)
Example:
# Where 'mibs' is a local directory containing the file (ARISTA-KUBERNETES-MIB.txt)
$ snmpwalk -v2c -M+mibs -c testing 10.83.13.33 ARISTA-KUBERNETES-MIB::nbNodesInReadyState
ARISTA-KUBERNETES-MIB::nbNodesInReadyState = INTEGER: 3
If you would need to monitor the CVA appliance, the above steps will not work as the CVAs are not part of a Kubernetes cluster. We would advise using the SNMP capability of the iDRAC interface. You can find more information about this on Arista Networks website