SNMP Proxy on VMware

On ESX 3.5 setting up SNMP was as simple as configuring net-snmp and opening the firewall to allow traffic. With the introduction of ESX4, the VMWare SNMP information was embedded into the hostd. The SNMP embedded into the hostd only sends VMware traps and responds to requests for VMware specific requests. If you are interested in the OS vitals as well, you need to setup up net-snmp to proxy the SNMP information.

The monitoring solution we use, Zenoss, allows us to poll for VMware and Server Vitals. In fact, if we don’t poll for server vitals, Zenoss tends to throw errors. The end result was that I need to use the proxy setup to get the information I need. I read through VMware’s KB, Admin Guide and community posts while trying to understand how to set this up. Needless to say, there seems to be quite a bit of confusion and frustration around the process.

In order to set up the SNMP configuration on ESX4, you will need to download the VMware vSphere™ CLI application onto your workstation. As of today, the file can be found here: http://www.vmware.com/support/developer/vcli/

For the SNMP Proxy setup, you will need to configure net-snmp on the ESX host. You will need shell (ssh or console) access to the server and a user account with root privileges.

Stop the SNMP service on the ESX host.

service snmpd stop

Next you will need to edit the /etc/snmp/snmpd.conf file as needed according to Net‐SNMP documentation. The only settings I applied were for the host and community string. There are security options you can set in this file as well. If you are interested in more advanced capabilities of net-snmp, please refer to their documentation.

Once you have made the changes you wanted, start the Net‐SNMP service.

service snmpd start

If you want the service to start when the ESX host boots, use the command:

chkconfig snmpd on

If you received any errors on the above steps, check your snmpd.conf file and documentation to ensure you entered the right syntax.

Next we’re going to configure net-snmp to proxy the SNMP information from the hostd. Again, the first steps will require shell access to the ESX host.

Stop the snmpd service.

service snmpd stop

Add the proxy line to /etc/snmp/snmpd.conf.

proxy -v 1 -c <community> udp:127.0.0.1:171 .1.3.6.1.4.1.6876

What does it mean?

-v 1 sets the SNMP version Net‐SNMP to proxy as 1
-c specifies the community string for Net‐SNMP, replace <community> with your community string
udp:127.0.0.1:171 specifies the localhost IP address and the port number for the VMware SNMP agent to proxy through.
1.3.6.1.4.1.6876 refers to the (OID) of the VMware MIBs

Now we need to switch to the VMware vSphere CLI, configure /etc/vmware/snmp.xml to bind the VMware SNMP agent to port 171 and start the service. VMware recommends you use the vicfg-snmp.pl command to change this file instead of editing the file itself.

vicfg-snmp.pl –server <hostname|IP address> –username <username> –password <password> -E -c <community> –port 171

What does it mean?

-E enables the VMware SNMP agent
-c <community> sets the community string. Replace <community> with the same community string you used for the proxy setting above.
–port 171 changes the default port of the VMware SNMP agent to 171. This is the same as the port you specified above.

When the command completes successfully, the follow entries will have been made to /etc/vmware/snmp.xml

<config>
    <snmpSettings>
        <communities>public</communities>
        <enable>true</enable>
        <port>171</port>
        <targets>IP address@162 private</targets>
    </snmpSettings>
</config>

The above snmp.xml is an example, your snmp.xml should reflect the settings you specified.

After you have confirmed the settings are in place, restart the mgmt‐vmware service (hostd) and the snmpd service.

Using the console access enter the following commands

service mgmt-vmware restart
service snmpd restart

Once these steps have completed without error, you should be up and running with SNMP information being sent to your monitoring application.

Author Note: When these changes were applied to our servers, we noticed some odd behavior. Our ESX hosts disconnected from the Virtual Center Server for a few minutes. They also became somewhat unstable and ultimately required a restart. I would suggest testing your configuration on a non-production server before jumping in and doing it on hosts that your company depends on.

References
Configuring the Net-SNMP Agent on ESX Hosts

Change Log
6/19/2010 – Article Published

Do you see an error or omission in this article? Please let the author know!

This entry was posted in System Administration, VMware. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback.

Leave a Reply

%d bloggers like this: