[openstack-dev] [ceilometer] Exposing Ceilometer alarms as SNMP traps

Eric Brown browne at vmware.com
Thu Apr 24 17:02:34 UTC 2014 

I'm pretty familiar with SNMP as I have worked with it for a number years.
I know Telcos like it, but I feel its a protocol that is near end of life.  It hasn't
kept up on security guidelines.  SNMPv1 and v2c are totally insecure and
SNMPv3 is barely usable.  But even SNMPv3 still uses MD5 and SHA1.

That being said, the Alarm MIB would be my choice of MIB.  A custom MIB
would be a mess and a nightmare to maintain.  

Can pysnmp do v3 notifications?  You might want to also consider informs
rather than traps since they are acknowledged.


On Apr 24, 2014, at 7:48 AM, Florian Haas <florian at hastexo.com> wrote:

> On Thu, Apr 24, 2014 at 4:20 PM, Julien Danjou <julien at danjou.info> wrote:
>> On Thu, Apr 24 2014, Florian Haas wrote:
>> 
>>> So for any inheriting subclass, the notify method signature is defined
>>> such that action needs to be a URL. That doesn't make a whole lot of
>>> sense for anything other than a ReSTful service. If we want to map
>>> those to SNMP URIs, then there's RFC 4088 that describes that. But
>>> those URIs, to the best of my knowledge, can't be used for traps.
>> 
>> Actually you can use anything with URL, we could use something like:
>> 
>> snmptrap://destination/oid?community=public&urgency=high
>> 
>> And that would do it.
>> (not sure about the parameters and all, I'm no SNMP trap connoiseur, you
>> get the idea)
> 
> But that would be another case of wheel reinvention. To me the idea to
> express an SNMP trap as a URI sounds rather ludicrous to begin with;
> it doesn't get any more reasonable by *not* using the scheme that
> someone else has already invented, and instead inventing one's own.
> 
> What does seem stranger to me in the first place is to require a
> generic event action to be a URL.
> 
> What do others think?
> 
> Cheers,
> Florian
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=2CQc966BQ6s3Cdd6nQ79uvWP17nF9g%2FX4m3XppGg1xQ%3D%0A&m=V0NZf%2BbZTj22q3MpwBLku0eGaY9eOszAvPpch4xmjgs%3D%0A&s=3675ee624a6a24b0bad28a9027e19c458ba7422e38afb5e3fae71049259135cc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140424/815f51e7/attachment.html>

More information about the OpenStack-dev mailing list