Solved: Re: SNMP configuration of ESX host

qc4vmware · ‎04-27-2012

I am about to go bonkers trying to figure out how to configure snmp on an esx host using Orchestrator. I see the object for it (VcHostSystem.configManager.snmpSystem) but this is set to null when I try to use it. I used the managed object browser and sure enough it shows up as "unset" . The api documentation confirms that this is where I would go to update this configuration but i can't seem to make this work. All the searches I do show people using one of the remote command line tools to set this. Can anyone assist with a way they are doing this with orchestrator? I suppose I could create a workflow that calls out to the command line utils but that seems barbaric. I also thought I could maybe manipulate the xml file directly on the host but again it seems rather caveman like. Hopefully I am just missing something obvious in my attempts to do this.

Here is my test code:

var myVcHostSnmpConfigSpec = new VcHostSnmpConfigSpec() ;

var ro = new Array;

var trap = new Array;

var destination = new VcHostSnmpDestination();

destination.community = "SNMP Community";

destination.hostName = "127.0.0.1";

destination.port = 162;

ro.push("Read Only");

trap.push(destination);

myVcHostSnmpConfigSpec.enabled = true;

myVcHostSnmpConfigSpec.readOnlyCommunities = ro;

myVcHostSnmpConfigSpec.trapTargets = trap;

System.debug("snmpSystem : " + esxHost.configManager.snmpSystem);

// System.debug("snmp Enabled? " + esxHost.configManager.snmpSystem.configuration.enabled);

// System.debug("read only communities : " + esxHost.configManager.snmpSystem.configuration.readOnlyCommunities);

// System.debug("trapTargets : " + esxHost.configManager.snmpSystem.configuration.trapTargets);

System.debug("CS : " + myVcHostSnmpConfigSpec);

System.debug("CS.enabled : " + myVcHostSnmpConfigSpec.enabled);

System.debug("CS.readOnlyCommunities : " + myVcHostSnmpConfigSpec.readOnlyCommunities);

System.debug("CS.trapTargets : " + myVcHostSnmpConfigSpec.trapTargets);

System.debug("CS.trapTargets : " + myVcHostSnmpConfigSpec.trapTargets[0].community);

System.debug("CS.trapTargets : " + myVcHostSnmpConfigSpec.trapTargets[0].hostName);

System.debug("CS.trapTargets : " + myVcHostSnmpConfigSpec.trapTargets[0].port);

esxHost.configManager.snmpSystem.reconfigureSnmpAgent(myVcHostSnmpConfigSpec);

Burke- · ‎05-07-2012

This seems to be another of those unfortunate ESXi features that cannot be managed through a vCenter. So, for each host you wish to manage, you have to import the SSL cert and add the host to vCO in order to make such changes. Based on my test script, and manually adding the SSL cert and host to my vCO server I was able to set the SNMP settings as you coded above.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

View solution in original post

Burke- · ‎04-28-2012

I haven't tried doing anything with the SNMP stuff of a host yet... if I were to try, I think the first thing I would do is setup ONYX to record the actions I perform in the vCenter client, then use the vCO Javascript it generates to try some tests... of course there is a little cleanup of the script it generates, but it should hopefully get you pretty close.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

milton123 · ‎04-28-2012

Here is a nice kb for your kind information. Have a look..

kb.vmware.com/kb/1008065

milton

qc4vmware · ‎04-29-2012

Maybe I am going crazy here but I don't see any way of configuring snmp from within the vi client. I actually was going to use ONYX for this. As far as I can tell it is only via the command line. I could create a workflow using the ssh plugin to run this but that seems really lame. Like I said the functionality is documented in the api I just can't seem to get the code to run. I listed my test code in the original post. I also tried walking the managed objec browser but no joy.

qc4vmware · ‎04-29-2012

Thanks for the link to the kb but that is just documenting the command line method of making the configuration change. I want to do this with an orchestrator workflow using the vCenter plugin.

igorstoyanov · ‎05-05-2012

Hi, please take a look at this PowerCLI thread about the same issue.

http://communities.vmware.com/message/1189281

It might be helpful.

Thanks.

Visit http://blogs.vmware.com/orchestrator for the latest in Cloud Orchestration.

Burke- · ‎05-07-2012

This seems to be another of those unfortunate ESXi features that cannot be managed through a vCenter. So, for each host you wish to manage, you have to import the SSL cert and add the host to vCO in order to make such changes. Based on my test script, and manually adding the SSL cert and host to my vCO server I was able to set the SNMP settings as you coded above.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

qc4vmware · ‎05-07-2012

Ugh... we have a huge environment and the idea of adding individual hosts to Orchestrator seems like a nightmare (and will really clutter up Orchestrator). I guess I will see if I can automate adding a host to Orchestrator, making the configuration change, then removing the host or maybe I can get this to work with the rest plugin. We have been trying to get this to work with host profiles but there are problems going that route. We have had inconsistencies in the way the profiles get applied as well as needing different SNMP configurations depending on the location/role of the particular ESX host.

So is this considered a bug in the api or is this by design? It is supremely frustrating to me that 95% of the api is available when connecting to the vCenter that is managing it. Off the top of your head what are some of the other things that are not available via vCenter?

Paul

qc4vmware · ‎06-11-2012

I figured I would post how I got this working in our environment. Sorry but some of the system calls are out to my actions. You'll need to substitute those with something of your own. If you need those I could provide for you but they are simple things like retrieving the configuration item and removing white space

1. setup a scripting host or use the vMA appliance. I am using our vMA appliance.

2. Using the SSH plugin add the host to your vCenter Orchestrator and do a key exchange.

3. I created an action to check if the host already has any SNMP settings since in our environment we only want to populate things if this is empty or we specifically tell the update action to overwrite. My action looks as follows.

var returnVal = false;

var snmpCommunities = "";

var snmpTargets = "";

var snmpEnabled = false;

try{

var keyPath = [your SSHkey path];

var keyPhrase = [your Key Phrase];

var sshHost = [Scripting host to run agains];

var sshUser = [SSH Connecting User];

var esxKey = [Depending on how you setup your script host this may not be needed];

var session = new SSHSession(sshHost,sshUser);

var cmd = "vicfg-snmp --server " + esxHost.name + " --username root --password \"" + esxKey +"\" --show";

session.connectWithPasswordOrIdentity(false,keyPhrase,keyPath);

System.log("Executing '" + cmd.replace(esxKey,"NOPASSSHOWNINLOG") + "'");

session.executeCommand(cmd,true) ;

output = session.getOutput();

error = session.getError();

exitCode = session.exitCode;

System.log("Output: '"+output+"'");

System.log("Error: '"+error+"'");

System.log("Exit code: '"+exitCode+"'");

snmpEnabled = output.indexOf("Enabled : 1") >= 0;

snmpCommunities = output.substring(output.indexOf("Communities :") + 13, output.indexOf("Notification targets :") -1);

snmpTargets = output.substring(output.indexOf("Notification targets :") + 22, output.indexOf("Options :") -1);

System.log("snmpEnabled = " + snmpEnabled);

System.log("snmpCommunities = " + snmpCommunities);

System.log("snmpTargets = " + snmpTargets);

if (snmpEnabled) {

returnVal = true;

}

if ( System.getModule("com.qualcomm.basic").QCremoveWhiteSpace(snmpCommunities).length > 0 ) {

returnVal = true;

}

if ( System.getModule("com.qualcomm.basic").QCremoveWhiteSpace(snmpTargets).length > 0 ) {

returnVal = true;

}

session.disconnect();

} catch (e) {

throw "Unable to execute command " + ereplace(esxKey,"NOPASSHOWNINLOG");

}

return returnVal;

function isBlank(str) {

return (!str || /^\s*$/.test(str));

}

4. Create an action that will do the update. I have mine set to grab the desired snmp configuration from predefined configurations. :

var returnVal = "";

var snmpCommunities = "";

var snmpTargets = "";

var keyPath = [your SSHkey path];

var keyPhrase = [your Key Phrase];

var sshHost = [Scripting host to run agains];

var sshUser = [SSH Connecting User];

var esxKey = [Depending on how you setup your script host this may not be needed];

// We keep the SNMP config type in a custom field in vCenter

var snmpConfigType =System.getModule("com.qualcomm.basic").QCgetCustomFieldValue(esxHost,"snmp_config",true);

// Checking the QCisSNMPSet action. Only want to update if this has not been tampered with by a human.

var alreadySet = System.getModule("com.qualcomm.basic").QCisSNMPSet(esxHost);

if (alreadySet && isBlank(snmpConfigType)){ // bail if no config set but host has a config

returnVal = "Aborting. Can't use default SNMP configuration. Host " + esxHost.name + " already has SNMP values set.";

System.log(returnVal);

}

else {

if (isBlank(snmpConfigType)) {

snmpConfigType = "snmpDefault";

}

var snmpConfig = System.getModule("com.qualcomm.basic").QCgetConstant("Qualcomm","SNMP",snmpConfigType);

// We keep the config in an item that is a string array. Each item is tagged with either "communites:" or "targets:"

for (i=0;i<snmpConfig.length;i++) {

if (snmpConfig[i].toLowerCase().indexOf("communities") >= 0) {

snmpCommunities = snmpConfig[i].substring(snmpConfig[i].indexOf(":") + 1);

}

if (snmpConfig[i].toLowerCase().indexOf("targets") >= 0) {

snmpTargets = snmpConfig[i].substring(snmpConfig[i].indexOf(":") + 1);

}

try{

var session = new SSHSession(sshHost,sshUser);

var cmd = "vicfg-snmp --server " + esxHost.name + " --username root --password \"" + esxKey +"\" --enable -t " + snmpTargets + " -c " + snmpCommunities;

session.connectWithPasswordOrIdentity(false,keyPhrase,keyPath);

System.log("Executing '" + cmd.replace(esxKey,"NOPASSHOWNINLOG") + "'");

session.executeCommand(cmd,true) ;

output = session.getOutput();

error = session.getError();

exitCode = session.exitCode;

System.log("Output: '"+output+"'");

System.log("Error: '"+error+"'");

System.log("Exit code: '"+exitCode+"'");

session.disconnect();

returnVal = "Updated " + esxHost.name + " with the SNMP config type: " + snmpConfigType;

} catch (e) {

throw "Unable to execute command " + e.replace(esxKey,"NOPASSHOWNINLOG");

}

return returnVal;

function isBlank(str) {

return (!str || /^\s*$/.test(str));

}