Solved: Re: ilo snmp traps

BradV · ‎11-28-2022

We have snmp v1 disabled in iLO. Yet when I check in the log of the trap receiver, I see:

Community_infosec_Context = TRAP, SNMP v1, community something

I'm trying to get snmp v3 traps to work, but it does not seem to want to. Does anyone know of good documentation on setting up iLO for sending SNMP v3 traps?

support_s · ‎11-28-2022

System recommended content:

1. Advisory: HPE Agentless Management Service (AMSD) - SNMP Traps Are Not Sent From the Host to HPE Integrated Lights-Out 5 (iLO 5) Following an iLO Reset

2. Advisory: HP Integrated Lights-Out 3 - iLO 3 May Send SNMP Traps to Random IP Addresses

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

Thank you for being a HPE valuable community member.

BradV · ‎11-29-2022

Neither of those are relevant.

prajwal_ds · ‎11-29-2022

Hi @BradV

Please refer to the below video link to find the information regarding enabling SNMP v3..
https://support.hpe.com/hpesc/public/videoDisplay?videoId=vtc00000697en_us

I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

BradV · ‎11-29-2022

No, sorry. That also is useless. I have hundreds of DL servers. I do not want to point and click on each and every one to set up SNMP v3 trap destinations. I want to do it programmatically via the iLO Redfish API. I have the code to create the SNMP v3 user: Create SNMP v3 User with Redfish API . I just need to figure out how to add the trap destination.

ManBha · ‎11-30-2022

Hello,

Please refer the below guide.

https://hewlettpackard.github.io/ilo-rest-api-docs/ilo5/#bios-redfish-changes-gen-10-to-gen-10-plus

Thanks.

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo

BradV · ‎12-02-2022

All of our servers are Gen10. No gen10plus. I have been extensively reviewing the Redfish API Reference , but there is no concrete examples, or paths to accomplish this. I think the steps are:

Create a SNMPv3 user
Create a trap destination
Create an association between a SNMPv3 user and a destination

but there is nothing stating the is the case, nor is there any examples of how to accomplish each. I have step one working. Need to verify my path is correct and how to accomplish steps 2 and 3.

ManBha · ‎12-05-2022

Hello,

Please do log a case using https://support.hpe.com/connect/s/?language=en_US.

Thanks.

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo

BradV · ‎12-06-2022

I did, but someone at HPE dispatched it to the local hardware techs. They called me unsure what to do. They said they would return it to the dispatcher. I'm still waiting on it to get assigned.

BradV · ‎12-08-2022

FYI, it finally has been assigned. Working on it. I'll report back what I find.

ManBha · ‎12-08-2022

Great, thanks for the update Brad.

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo

BradV · ‎12-15-2022

Just FYI, I'm close. I'm getting back

"MessageId": "Base.1.4.PropertyValueNotInList"

So, just need to figure out the correct DATA JSON to send.

BradV · ‎12-19-2022

Finally got it worked out.

1. Get OneView session ID
2. Retrieve list of current SNMP v3 users.  Make sure there is room to add one more.
SERVER=my-fqdn.org
ACTV=$(python -c "import urllib, sys; print urllib.quote(sys.argv[1])"'serverName' = '${SERVER}'\"")
UUID=$(curl --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --silent \
   --request GET ${OneView}/rest/server-hardware?filter=${ACTV} | jq -r '.members[] | .uuid'})
read iLOSSO iLOAuth <<< $(curl --silent --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" \
   --request GET ${OneView}/rest/server-hardware/${UUID}/remoteConsoleUrl | \
   jq -r '.remoteConsoleUrl ' | sed -e 's|hplocons|https|' -e 's|addr=||' \
   -e 's|^\(.*\)&sessionkey=\(.*\)$|\1 \2|')
curl --silent --insecure --header "X-Auth-Token: ${iLOAuth}" \
   --request GET ${iLOSSO}/redfish/v1/Managers/1/snmpservice | \
   jq --arg SERVER ${SERVER} '. | .Status as $Status | .Users[] | select(.SecurityName!="") | {"Server": $SERVER, "Status": $Status, "Users": . }' > ./${SERVER}-SNMPv3-Users
if [[ $(grep -c SecurityName ${SERVER}-SNMPv3-Users) -lt 8 ]]; then
   # There is room.  Check to see if this user is already present:
   SECNAME='newuser'
   if [[ $(grep -c '"SecurityName": "'${SECNAME}'"' ${SERVER}-SNMPv3-Users) -eq 0 ]]; then
      echo "Can add another SNMPv3 user to this iLO interface"
      AuthTp='SHA'
      PrivTp='AES'
      AuthP='somepassword'
      PrivP='someotherpassword'
      DATA='{"SecurityName": "'${SECNAME}'","AuthProtocol": "'${AuthTp}'","AuthPassphrase": ";${AuthP}'","PrivacyProtocol": "'${PrivTp}'","PrivacyPassphrase": "'${PrivP}'"}'
      echo ${DATA} | jq -r '.'
      curl --silent --insecure  --header "X-Auth-Token: ${iLOAuth}" --data "${DATA}" --header "content-type: application/json" \
         --request POST ${iLOSSO}/redfish/v1/Managers/1/SnmpService/SNMPUsers/ | jq -r '.'
   else
      echo "${SECNAME} has already been added to this iLO interface"
   fi
else
   echo "No more SNMPv3 users may be added to this iLO interface"
fi
3. Retrieve list of current trap destinations.  Make sure there is room to add one more.
curl --silent --insecure  --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/Managers/1/SnmpService | \
   jq -r '{"AlertDestinationAssociations":.AlertDestinationAssociations,"AlertsDestinations":.AlertsDestinations,"AlertsEnabled":.AlertsEnabled}' > ./${SERVER}-destinations
if [[ $(grep -vE '\[|\]|null|{|}|SNMPAlertProtocol|SecurityName' ${SERVER}-destinations | wc -l) -lt 8 ]]; then
   # See if the trap destination already exits:
   i=0
   DESTIP='1.2.3.4'
   ArrayEnd=$(jq -r '.AlertDestinationAssociations | length' ${SERVER}-destinations)
   while [[ ${i} < ${ArrayEnd} ]]; do
      if [[ $(echo "$(jq -c ".AlertDestinationAssociations[${i}]" ${SERVER}-destinations)" | grep -c '"SecurityName": "'${SECNAME}'"') -gt 0 ]]; then
         if [[ $(echo "$(jq -c ".AlertDestinations[${i}]" ${SERVER}-destinations)" | grep -c ${DESTIP}) -gt 0 ]]; then
            echo "This user/destination combination already exists on this iLO interface"
            break 3
         fi
      fi
      ((i++))
   done
   # If we reach here, we did not find a match.
   echo "Can add another trap destination to this iLO interface"
   DATA='{"SNMPAlertProtocol":"SNMPv3Trap","SecurityName":"'${SECNAME}'","AlertDestination":"'${DESTIP}'"}'
   curl --silent --insecure --header "X-API-Token: ${iLOAuth}" --header "content-type: application/json" \
      --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/Managers/v1/SnmpService/SNMPAlertDestinations | jq -r '.'
else
   ecoh "No more alert destinations may be added to this iLO interface"
fi

Hopefully this will be of use to someone else?

Sunitha_Mod · ‎12-19-2022

Hello @BradV,

Great!

We are glad to know you were able to find the solution and we appreciate you for keeping us updated.

BradV · ‎12-19-2022

Oops! I had an extra space in the line to check and see if the user/combination already existed:

if [[ $(echo "$(jq -c ".AlertDestinationAssociations[${i}]" ${SERVER}-destinations)" | grep -c '"SecurityName": "'${SECNAME}'"') -gt 0 ]]; then

it should be

if [[ $(echo "$(jq -c ".AlertDestinationAssociations[${i}]" ${SERVER}-destinations)" | grep -c '"SecurityName":"'${SECNAME}'"') -gt 0 ]]; then

ilo snmp traps

ilo snmp traps

Query: ilo snmp traps

Re: Query: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps

Re: ilo snmp traps