[Pacemaker] crm_mon SNMP support

Florian Crouzat gentoo at floriancrouzat.net
Thu Nov 29 04:06:35 EST 2012 

Le 29/11/2012 01:27, Andrew Beekhof a écrit :
> On Wed, Nov 28, 2012 at 2:34 AM, Florian Crouzat
> <gentoo at floriancrouzat.net> wrote:
>> Hi,
>>
>> I have in my current production configuration the following resource:
>>
>> primitive SNMPMonitor ocf:heartbeat:ClusterMon \
>>          params pidfile="/var/run/crm_mon.pid" extra_options="-S 192.168.2.3
>> -C public" \
>>          op monitor on-fail="restart" interval="10s"
>>
>> I was working a couple months ago, and I haven't touched it since.
>> Apparently, I missed a couple changelogs :/
>>
>> I was investigating why I wasn't receiving SNMP traps anymore during the
>> last couples of migration/changes in the cluster state.
>> I found out that my version of crm_mon is compiled without SNMP (or email)
>> supports.
>>
>> $ sudo crm_mon -$ && cat /etc/redhat-release
>> Pacemaker 1.1.6-3.el6
>> Written by Andrew Beekhof
>> CentOS release 6.2 (Final)
>>
>> I found out the following changelogs:
>>
>>          * Mon Sep 26 2011 Andrew Beekhof <andrew at beekhof.net> 1.1.6-2
>>           - Do not build in support for heartbeat, snmp, esmtp by default
>>           - Create a package for cluster unaware libraries to minimze our
>>             footprint on non-cluster nodes
>>           - Better package descriptions
>>
>> What are my options, knowing that I'm in a PCI-DSS environment that forbids
>> any compiler in production, and that I'd rather not maintain myself a
>> snmp-enabled version of the package ?
>
> I'm not familiar with the term PCI-DSS... does that allow you to
> rebuild src.rpm packages?
> If so, just run:
>     rpmbuild --with snmp --rebuild pacemaker-.....src.rpm

Yes I can (tm).
FYI, PCI-DSS defines the securities requirements that you must follow 
whenever you handle credit card data (eg: you work in the credit card 
industry). Amongst many other things, it forbids compiler in production.

Although, I could recompile in my lab, either from scratch with gcc/make 
or as you suggested. But I have so many things to keep 
up-to-date/running that I'm not sure I'll manage to keep pacemaker-cli 
up to date and PCI-DSS also requires that you update every packages 
within a month after every update/erratas.

I guess there will never be a pacemaker-cli-snmp package, so I don't 
have any options anymore except hire someone to start packaging stuff =)

Thanks for your suggestions though.

-- 
Cheers,
Florian Crouzat

More information about the Pacemaker mailing list