Re: [Pacemaker] crm_mon SNMP support

Thu, 29 Nov 2012 01:12:17 -0800 

Le 29/11/2012 01:27, Andrew Beekhof a écrit :

On Wed, Nov 28, 2012 at 2:34 AM, Florian Crouzat
<gen...@floriancrouzat.net> wrote:

Hi,

I have in my current production configuration the following resource:

primitive SNMPMonitor ocf:heartbeat:ClusterMon \
         params pidfile="/var/run/crm_mon.pid" extra_options="-S 192.168.2.3
-C public" \
         op monitor on-fail="restart" interval="10s"

I was working a couple months ago, and I haven't touched it since.
Apparently, I missed a couple changelogs :/

I was investigating why I wasn't receiving SNMP traps anymore during the
last couples of migration/changes in the cluster state.
I found out that my version of crm_mon is compiled without SNMP (or email)
supports.

$ sudo crm_mon -$ && cat /etc/redhat-release
Pacemaker 1.1.6-3.el6
Written by Andrew Beekhof
CentOS release 6.2 (Final)

I found out the following changelogs:

         * Mon Sep 26 2011 Andrew Beekhof <and...@beekhof.net> 1.1.6-2
          - Do not build in support for heartbeat, snmp, esmtp by default
          - Create a package for cluster unaware libraries to minimze our
            footprint on non-cluster nodes
          - Better package descriptions

What are my options, knowing that I'm in a PCI-DSS environment that forbids
any compiler in production, and that I'd rather not maintain myself a
snmp-enabled version of the package ?


I'm not familiar with the term PCI-DSS... does that allow you to
rebuild src.rpm packages?
If so, just run:
    rpmbuild --with snmp --rebuild pacemaker-.....src.rpm


Yes I can (tm).
FYI, PCI-DSS defines the securities requirements that you must follow whenever you handle credit card data (eg: you work in the credit card industry). Amongst many other things, it forbids compiler in production.
Although, I could recompile in my lab, either from scratch with gcc/make or as you suggested. But I have so many things to keep up-to-date/running that I'm not sure I'll manage to keep pacemaker-cli up to date and PCI-DSS also requires that you update every packages within a month after every update/erratas.
I guess there will never be a pacemaker-cli-snmp package, so I don't have any options anymore except hire someone to start packaging stuff =) 

Thanks for your suggestions though.

--
Cheers,
Florian Crouzat

_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Reply via email to