From 39b8cde190ff4d4487dcbed5fabf3e7f73021635 Mon Sep 17 00:00:00 2001 From: Casandra Qiu Date: Tue, 4 Oct 2016 08:59:56 -0400 Subject: [PATCH 1/5] Configure SNMPv3 for Mellanox IB switch --- xCAT-server/share/xcat/scripts/configMellanox | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/xCAT-server/share/xcat/scripts/configMellanox b/xCAT-server/share/xcat/scripts/configMellanox index ca5d80e25..ac6b79ebc 100755 --- a/xCAT-server/share/xcat/scripts/configMellanox +++ b/xCAT-server/share/xcat/scripts/configMellanox @@ -42,6 +42,10 @@ if ( 'config' => \$::CONFIG, 'ip' => \$::IP, 'name' => \$::NAME, + 'snmp' => \$::SNMP, + 'user=s' => \$::USER, + 'password=s' => \$::PASSWORD, + 'auth=s' => \$::AUTH, 'all' => \$::ALL, ) ) @@ -98,6 +102,10 @@ if (($::NAME) || ($::ALL)) { config_hostname(); } +if (($::SNMP) || ($::ALL)) +{ + config_snmp(); +} if (($::CONFIG) || ($::ALL)) { run_rspconfig(); @@ -224,6 +232,57 @@ sub config_hostname { } } +#setup secure SNMP v3 +sub config_snmp { + my $snmp_user; + my $snmp_passwd; + my $snmp_auth; + my @config_switches; + + if ($::USER) { + $snmp_user = $::USER; + } else { + $snmp_user = "xcatadmin\r"; + } + if ($::PASSWORD) { + $snmp_passwd = $::PASSWORD; + } else { + # Need a special character + $snmp_passwd = "passw0rd\r"; + } + if ($::AUTH) { + $snmp_auth = $::AUTH; + } else { + $snmp_auth = "sha\r"; + } + + my $switchtab = xCAT::Table->new('switches'); + my $switchhash = $switchtab->getNodesAttribs(\@nodes,['sshusername','username','password','auth']); + foreach my $switch (@nodes) { + my $user = $switchhash->{$switch}->[0]->{sshusername}; + #NOTES: should replace here? + if ($switchhash->{$switch}->[0]->{username}) { + $snmp_user = $switchhash->{$switch}->[0]->{username}; + } + if ($switchhash->{$switch}->[0]->{password}) { + $snmp_passwd = $switchhash->{$switch}->[0]->{password}; + } + if ($switchhash->{$switch}->[0]->{auth}) { + $snmp_auth = $switchhash->{$switch}->[0]->{auth}; + } + $cmd = `xdsh $switch -l $user --devicetype IBSwitch::Mellanox "enable;configure terminal;snmp-server user $snmp_user v3 enable;snmp-server user $snmp_user v3 auth $snmp_auth $snmp_passwd;no snmp-server user $snmp_user v3 require-privacy;configuration write;exit;exit" `; + push (@config_switches, $switch); + } + if (@config_switches) { + #update switch status + my $csw = join(",",@config_switches); + $cmd = "chdef $csw status=snmp_configed snmpversion=3 snmpauth=$snmp_auth snmpusername=$snmp_user snmppassword=$snmp_passwd"; + $rc= xCAT::Utils->runcmd($cmd, 0); + } + + +} + sub run_rspconfig { my @config_switches; my $switchtab = xCAT::Table->new('switches'); @@ -274,6 +333,7 @@ sub usage configMellanox [--switches switchnames] [--all] configMellanox [--switches switchnames] [--ip] configMellanox [--switches switchnames] [--name] + configMellanox [--switches switchnames] [--snmp] [--user snmp_user] [--password snmp_password] [--auth snmp_auth] configMellanox [--switches switchnames] [--config] \n"; } From 381cc0c968e77725d3b2ac6632edc1225664797d Mon Sep 17 00:00:00 2001 From: Casandra Qiu Date: Wed, 12 Oct 2016 20:48:37 -0400 Subject: [PATCH 2/5] config snmpv3 for mellanox switch --- xCAT-server/share/xcat/scripts/configMellanox | 50 ++++++++----------- 1 file changed, 20 insertions(+), 30 deletions(-) diff --git a/xCAT-server/share/xcat/scripts/configMellanox b/xCAT-server/share/xcat/scripts/configMellanox index ac6b79ebc..4b5f35634 100755 --- a/xCAT-server/share/xcat/scripts/configMellanox +++ b/xCAT-server/share/xcat/scripts/configMellanox @@ -183,6 +183,7 @@ sub config_ip { $cmd="xdsh $dswitch -t 10 -l admin --devicetype IBSwitch::Mellanox 'enable;configure terminal;no interface mgmt0 dhcp;interface mgmt0 ip address $static_ip $mask;configuration write;exit;exit' "; $rc= xCAT::Utils->runcmd($cmd, 0); + push (@discover_switches, $dswitch); push (@config_switches, $switch); } @@ -237,50 +238,39 @@ sub config_snmp { my $snmp_user; my $snmp_passwd; my $snmp_auth; - my @config_switches; - - if ($::USER) { - $snmp_user = $::USER; - } else { - $snmp_user = "xcatadmin\r"; - } - if ($::PASSWORD) { - $snmp_passwd = $::PASSWORD; - } else { - # Need a special character - $snmp_passwd = "passw0rd\r"; - } - if ($::AUTH) { - $snmp_auth = $::AUTH; - } else { - $snmp_auth = "sha\r"; - } my $switchtab = xCAT::Table->new('switches'); my $switchhash = $switchtab->getNodesAttribs(\@nodes,['sshusername','username','password','auth']); foreach my $switch (@nodes) { my $user = $switchhash->{$switch}->[0]->{sshusername}; - #NOTES: should replace here? - if ($switchhash->{$switch}->[0]->{username}) { + if ($::USER) { + $snmp_user = $::USER; + } elsif ($switchhash->{$switch}->[0]->{username}) { $snmp_user = $switchhash->{$switch}->[0]->{username}; + } else { + $snmp_user = "xcatadmin\r"; } - if ($switchhash->{$switch}->[0]->{password}) { + if ($::PASSWORD) { + $snmp_passwd = $::PASSWORD; + } elsif ($switchhash->{$switch}->[0]->{password}) { $snmp_passwd = $switchhash->{$switch}->[0]->{password}; + } else { + # Need a special character + $snmp_passwd = "passw0rd\r"; } - if ($switchhash->{$switch}->[0]->{auth}) { + if ($::AUTH) { + $snmp_auth = $::AUTH; + } elsif ($switchhash->{$switch}->[0]->{auth}) { $snmp_auth = $switchhash->{$switch}->[0]->{auth}; + } else { + $snmp_auth = "sha\r"; } + $cmd = `xdsh $switch -l $user --devicetype IBSwitch::Mellanox "enable;configure terminal;snmp-server user $snmp_user v3 enable;snmp-server user $snmp_user v3 auth $snmp_auth $snmp_passwd;no snmp-server user $snmp_user v3 require-privacy;configuration write;exit;exit" `; - push (@config_switches, $switch); - } - if (@config_switches) { - #update switch status - my $csw = join(",",@config_switches); - $cmd = "chdef $csw status=snmp_configed snmpversion=3 snmpauth=$snmp_auth snmpusername=$snmp_user snmppassword=$snmp_passwd"; + + $cmd = "chdef $switch status=snmp_configed snmpversion=3 snmpauth=$snmp_auth snmpusername=$snmp_user snmppassword=$snmp_passwd"; $rc= xCAT::Utils->runcmd($cmd, 0); } - - } sub run_rspconfig { From 677be49c7e3ee0b561b86ff58aea9ed6c4a9edee Mon Sep 17 00:00:00 2001 From: Casandra Qiu Date: Tue, 18 Oct 2016 10:19:37 -0400 Subject: [PATCH 3/5] checking return code for xdsh --- xCAT-server/share/xcat/scripts/configMellanox | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/xCAT-server/share/xcat/scripts/configMellanox b/xCAT-server/share/xcat/scripts/configMellanox index 4b5f35634..c15cdb8f6 100755 --- a/xCAT-server/share/xcat/scripts/configMellanox +++ b/xCAT-server/share/xcat/scripts/configMellanox @@ -267,9 +267,12 @@ sub config_snmp { } $cmd = `xdsh $switch -l $user --devicetype IBSwitch::Mellanox "enable;configure terminal;snmp-server user $snmp_user v3 enable;snmp-server user $snmp_user v3 auth $snmp_auth $snmp_passwd;no snmp-server user $snmp_user v3 require-privacy;configuration write;exit;exit" `; - - $cmd = "chdef $switch status=snmp_configed snmpversion=3 snmpauth=$snmp_auth snmpusername=$snmp_user snmppassword=$snmp_passwd"; - $rc= xCAT::Utils->runcmd($cmd, 0); + if ($::RUNCMD_RC != 0) { + xCAT::MsgUtils->message("E","Failed to set snmpv3 for $switch"); + } else { + $cmd = "chdef $switch status=snmp_configed snmpversion=3 snmpauth=$snmp_auth snmpusername=$snmp_user snmppassword=$snmp_passwd"; + $rc= xCAT::Utils->runcmd($cmd, 0); + } } } From e0ddd7cb961f650d73750b364270596d72c99c78 Mon Sep 17 00:00:00 2001 From: Casandra Qiu Date: Tue, 18 Oct 2016 22:17:36 -0400 Subject: [PATCH 4/5] add default sshusername if not exists for config_snmp --- xCAT-server/share/xcat/scripts/configMellanox | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/xCAT-server/share/xcat/scripts/configMellanox b/xCAT-server/share/xcat/scripts/configMellanox index c15cdb8f6..ee6d0e227 100755 --- a/xCAT-server/share/xcat/scripts/configMellanox +++ b/xCAT-server/share/xcat/scripts/configMellanox @@ -243,6 +243,12 @@ sub config_snmp { my $switchhash = $switchtab->getNodesAttribs(\@nodes,['sshusername','username','password','auth']); foreach my $switch (@nodes) { my $user = $switchhash->{$switch}->[0]->{sshusername}; + if (!$user) { + print "switch ssh username is not defined, add default one\n"; + $cmd = "chdef $switch username=admin"; + $rc= xCAT::Utils->runcmd($cmd, 0); + $user="admin"; + } if ($::USER) { $snmp_user = $::USER; } elsif ($switchhash->{$switch}->[0]->{username}) { From 7725909ed52e0b339dfa483ab4a21cb2d0fcb1d0 Mon Sep 17 00:00:00 2001 From: Casandra Qiu Date: Wed, 19 Oct 2016 09:41:45 -0400 Subject: [PATCH 5/5] handle bad return code --- xCAT-server/share/xcat/scripts/configMellanox | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xCAT-server/share/xcat/scripts/configMellanox b/xCAT-server/share/xcat/scripts/configMellanox index ee6d0e227..f0a771488 100755 --- a/xCAT-server/share/xcat/scripts/configMellanox +++ b/xCAT-server/share/xcat/scripts/configMellanox @@ -272,7 +272,8 @@ sub config_snmp { $snmp_auth = "sha\r"; } - $cmd = `xdsh $switch -l $user --devicetype IBSwitch::Mellanox "enable;configure terminal;snmp-server user $snmp_user v3 enable;snmp-server user $snmp_user v3 auth $snmp_auth $snmp_passwd;no snmp-server user $snmp_user v3 require-privacy;configuration write;exit;exit" `; + $cmd = "xdsh $switch -l $user --devicetype IBSwitch::Mellanox 'enable;configure terminal;snmp-server user $snmp_user v3 enable;snmp-server user $snmp_user v3 auth $snmp_auth $snmp_passwd;no snmp-server user $snmp_user v3 require-privacy;configuration write;exit' "; + $rc= xCAT::Utils->runcmd($cmd, 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message("E","Failed to set snmpv3 for $switch"); } else {