[Pacemaker] crm_mon SNMP support

Andrew Beekhof andrew at beekhof.net
Thu Nov 29 16:10:00 EST 2012 

On Thu, Nov 29, 2012 at 8:06 PM, Florian Crouzat
<gentoo at floriancrouzat.net> wrote:
> Le 29/11/2012 01:27, Andrew Beekhof a écrit :
>
>> On Wed, Nov 28, 2012 at 2:34 AM, Florian Crouzat
>> <gentoo at floriancrouzat.net> wrote:
>>>
>>> Hi,
>>>
>>> I have in my current production configuration the following resource:
>>>
>>> primitive SNMPMonitor ocf:heartbeat:ClusterMon \
>>>          params pidfile="/var/run/crm_mon.pid" extra_options="-S
>>> 192.168.2.3
>>> -C public" \
>>>          op monitor on-fail="restart" interval="10s"
>>>
>>> I was working a couple months ago, and I haven't touched it since.
>>> Apparently, I missed a couple changelogs :/
>>>
>>> I was investigating why I wasn't receiving SNMP traps anymore during the
>>> last couples of migration/changes in the cluster state.
>>> I found out that my version of crm_mon is compiled without SNMP (or
>>> email)
>>> supports.
>>>
>>> $ sudo crm_mon -$ && cat /etc/redhat-release
>>> Pacemaker 1.1.6-3.el6
>>> Written by Andrew Beekhof
>>> CentOS release 6.2 (Final)
>>>
>>> I found out the following changelogs:
>>>
>>>          * Mon Sep 26 2011 Andrew Beekhof <andrew at beekhof.net> 1.1.6-2
>>>           - Do not build in support for heartbeat, snmp, esmtp by default
>>>           - Create a package for cluster unaware libraries to minimze our
>>>             footprint on non-cluster nodes
>>>           - Better package descriptions
>>>
>>> What are my options, knowing that I'm in a PCI-DSS environment that
>>> forbids
>>> any compiler in production, and that I'd rather not maintain myself a
>>> snmp-enabled version of the package ?
>>
>>
>> I'm not familiar with the term PCI-DSS... does that allow you to
>> rebuild src.rpm packages?
>> If so, just run:
>>     rpmbuild --with snmp --rebuild pacemaker-.....src.rpm
>
>
> Yes I can (tm).
> FYI, PCI-DSS defines the securities requirements that you must follow
> whenever you handle credit card data (eg: you work in the credit card
> industry). Amongst many other things, it forbids compiler in production.
>
> Although, I could recompile in my lab, either from scratch with gcc/make or
> as you suggested. But I have so many things to keep up-to-date/running that
> I'm not sure I'll manage to keep pacemaker-cli up to date and PCI-DSS also
> requires that you update every packages within a month after every
> update/erratas.
>
> I guess there will never be a pacemaker-cli-snmp package, so I don't have
> any options anymore except hire someone to start packaging stuff =)

Not so fast :-)

crm_mon supports

       -E, --external-agent=value
              A program to run when resource operations take place.

       -e, --external-recipient=value A recipient for your program
(assuming you want the program to send something to someone).

so without recompiling, you can call a script - possibly it could call
something that sends out snmp alerts ;-)


> Thanks for your suggestions though.
>
>
> --
> Cheers,
> Florian Crouzat
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org

More information about the Pacemaker mailing list