Provisiond DNS importer performs SNMP scans even when SNMP is explicitly excluded from services list and foreign source
Description
Environment
Acceptance / Success Criteria
Attachments
Lucidchart Diagrams
Activity
Duncan Mackintosh October 14, 2011 at 9:25 AM
That fixes our problem.
For the DNS one, would adding a 'do not snmp scan' option to the foreign source config be a reasonable solution or does that just mess other things up?
Andy Ellsworth October 10, 2011 at 4:40 PM
This problem can also be duplicated by simple synchronization of an existing group. I tested synchronizing a group with all SNMP primary interfaces marked as 'N' and the SNMP scanning did not take place. Now to figure out how to get the DNS importer to mark discovered interfaces with 'N'...
Matt Brozowski October 10, 2011 at 11:50 AM
Ah sorry.. I see you are using DNS importing... that does make it trickier... what I meant really was don't mark the interfaces as 'P' in the import file
Don't know if that's possible with the DNS url handler
Andy Ellsworth October 10, 2011 at 11:20 AM
Matt, I'm not sure how to do that - SNMP is excluded from all foreign sources when reproducing this bug. We're not marking any interfaces as 'P'.
Matt Brozowski October 10, 2011 at 11:14 AM
Ok... I understand what is happening here... and as a result I don't think the patch provided is the appropriate one...
During the 'import' phase of a scan we collect the 'system info' for a node so we can put it into the node table so that when the collector tries to collet data for that node we know what its sysObjectId is as this is used for collection.
You should be able to avoid this if you don't mark any interfaces a 'P' for 'snmp primary'
Let me know how that works for you
Matt
Steps to reproduce:
Define a DNS import that provisions nodes with only the ICMP service into a provisioning group "Test"
Configure the provisioning group/foreign source "Test" to have only an ICMP detector
Run the DNS import
Watch as Provisiond performs an SNMP scan on every imported node every time the DNS import runs
My requisition-def expression:
dns://mycorpdns.mycorp/mycorp/Test/?expression=^test-sw-01.mycorp&services=ICMP
Highlighted log snippets (full relevant log output attached):
The import:
2011-09-29 10:27:00,018 INFO [importExecutor-1] CoreImportActivities: Loading requisition from resource URL
2011-09-29 10:27:00,320 INFO [importExecutor-1] DnsRequisitionUrlConnection: matchingRecord: checking rec: test-sw-01.mycorp. 3600 IN A 11.222.223.244 to see if it should be imported...
2011-09-29 10:27:00,320 DEBUG [importExecutor-1] DnsRequisitionUrlConnection: matchingRecord: record is an A record, continuing...
2011-09-29 10:27:00,320 INFO [importExecutor-1] DnsRequisitionUrlConnection: determineExpressionFromUrl: finding regex as parameter in query string of URL: dns://mycorpdns.mycorp/mycorp/Test/?expression=^test-sw-01.mycorp&services=ICMP
2011-09-29 10:27:00,320 DEBUG [importExecutor-1] DnsRequisitionUrlConnection: adding arg tokens expression, ^test-sw-01.mycorp
2011-09-29 10:27:00,320 DEBUG [importExecutor-1] DnsRequisitionUrlConnection: adding arg tokens services, ICMP
2011-09-29 10:27:00,320 DEBUG [importExecutor-1] DnsRequisitionUrlConnection: adding arg tokens expression, ^test-sw-01.mycorp
2011-09-29 10:27:00,320 DEBUG [importExecutor-1] DnsRequisitionUrlConnection: adding arg tokens services, ICMP
2011-09-29 10:27:00,320 DEBUG [importExecutor-1] DnsRequisitionUrlConnection: matchingRecord: attempting to match hostname: [test-sw-01.mycorp.] with expression:
2011-09-29 10:27:00,320 DEBUG [importExecutor-1] DnsRequisitionUrlConnection: matchingRecord: record matches expression: true
2011-09-29 10:27:00,320 INFO [importExecutor-1] DnsRequisitionUrlConnection: matchingRecord: record: test-sw-01.mycorp. 3600 IN A 11.222.223.244 matches: true
2011-09-29 10:27:00,320 DEBUG [importExecutor-1] DnsRequisitionUrlConnection: Default case: Generating foreignId from hash of nodelabel test-sw-01.mycorp
2011-09-29 10:27:00,321 DEBUG [importExecutor-1] DnsRequisitionUrlConnection: Adding provisioned service ICMP
Note how only the ICMP service is provisioned.
Now comes the unsolicited SNMP scan:
2011-09-29 10:27:00,373 INFO [importExecutor-2] CoreImportActivities: Scheduling nodes for phase Phase scan of lifecycle import
2011-09-29 10:27:00,376 DEBUG [importExecutor-2] DefaultLifeCycleInstance: Set up default lifecycle instance
2011-09-29 10:27:00,377 DEBUG [importExecutor-2] DefaultLifeCycleInstance: Adding phase scan to lifecycle
2011-09-29 10:27:00,377 DEBUG [importExecutor-2] DefaultLifeCycleInstance: Adding phase persist to lifecycle
2011-09-29 10:27:00,377 DEBUG [importExecutor-2] CoreImportActivities: Created lifecycle org.opennms.netmgt.provision.service.lifecycle.DefaultLifeCycleInstance@3dfcea12[name=nodeImport,containing phase=Phase scan of lifecycle import,re
2011-09-29 10:27:00,379 INFO [importExecutor-1] CoreImportActivities: Running scan phase of INSERT: Node: null: test-sw-01.mycorp
2011-09-29 10:27:00,386 INFO [importExecutor-1] SnmpWalker: Walking system/ipAddrTable/ipAddressTable for /11.222.223.244 using version SNMPv2c with config: AgentConfig[Address: 11.222.223.244, ProxyForAddress: null, Port: 161, Communi
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.1.1
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.1.2
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.1.3
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.1.4
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.1.5
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.1.6
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.4.20.1.1.11.222.223.244
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.4.20.1.2.11.222.223.244
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.4.20.1.3.11.222.223.244
2011-09-29 10:27:00,386 DEBUG [importExecutor-1] SingleInstanceTracker: Requesting oid following: .1.3.6.1.2.1.4.20.1.4.11.222.223.244
2011-09-29 10:27:00,387 DEBUG [importExecutor-1] SnmpWalker: Sending tracker pdu of size 10
2011-09-29 10:27:03,998 INFO [importExecutor-1] SnmpWalker: Walking ifTable/ifXTable for /11.222.223.244 using version SNMPv2c with config: AgentConfig[Address: 11.222.223.244, ProxyForAddress: null, Port: 161, Community: mycommunity,
2011-09-29 10:27:03,999 INFO [importExecutor-1] CoreImportActivities: Finished Running scan phase of INSERT: Node: null: test-sw-01.mycorp