Add an SNMP Community String Using the CLI

To enable SNMP services you need to define one or more SNMP community strings using the command line interface.

About this task

No default community strings are defined on StarlingX after the initial commissioning of the cluster. This means that no SNMP operations are enabled by default.

The following exercise illustrates the system commands available to manage and query SNMP community strings. It uses the string commstr1 as an example.

Caution

For security, do not use the string public, or other community strings that could easily be guessed.

Prerequisites

All commands must be executed on the active controller’s console, which can be accessed using the OAM floating IP address. You must acquire Keystone admin credentials in order to execute the commands.

Procedure

  1. Add the SNMP community string commstr1 to the system.

    ~(keystone_admin)$ system snmp-comm-add -c commstr1
    +-----------+--------------------------------------+
    | Property  | Value                                |
    +-----------+--------------------------------------+
    | access    | ro                                   |
    | uuid      | eccf5729-e400-4305-82e2-bdf344eb868d |
    | community | commstr1                             |
    | view      | .1                                   |
    +-----------+--------------------------------------+
    

    The following are attributes associated with the new community string:

    access

    The SNMP access type. In StarlingX all community strings provide read-only access.

    uuid

    The UUID associated with the community string.

    community

    The community string value.

    view

    The is always the full MIB tree.

  2. List available community strings.

    ~(keystone_admin)$ system snmp-comm-list
    +----------------+--------------------+--------+
    | SNMP community | View               | Access |
    +----------------+--------------------+--------+
    | commstr1       | .1                 | ro     |
    +----------------+--------------------+--------+
    
  3. Query details of a specific community string.

    ~(keystone_admin)$ system snmp-comm-show commstr1
    +------------+--------------------------------------+
    | Property   | Value                                |
    +------------+--------------------------------------+
    | access     | ro                                   |
    | created_at | 2014-08-14T21:12:10.037637+00:00     |
    | uuid       | eccf5729-e400-4305-82e2-bdf344eb868d |
    | community  | commstr1                             |
    | view       | .1                                   |
    +------------+--------------------------------------+
    
  4. Delete a community string.

    ~(keystone_admin)$ system snmp-comm-delete commstr1
    Deleted community commstr1
    

Results

Community strings in StarlingX provide query access to any SNMP monitor workstation that can reach the controller’s OAM address on UDP port 161.

You can verify SNMP access using any monitor tool. For example, the freely available command snmpwalk can be issued from any host to list the state of all SNMP Object Identifiers (OID):

$ snmpwalk -v 2c -c commstr1 10.10.10.100 > oids.txt

In this example, 10.10.10.100 is the StarlingX OAM floating IP address. The output, which is a large file, is redirected to the file oids.txt.