Status: Resolved (View Workflow)
Affects Version/s: 25.0.0
Fix Version/s: 25.0.0
Security Level: Default (Default Security Scheme)
Sprint:Horizon 2019 - July 24th, Horizon 2019 - July 31st, Horizon 2019 - August 7th, Horizon 2019 - August 14th, Horizon 2019 - August 21st
Werner operates a large IP network in which multiple "profiles" are in use for addressing nodes via SNMP. These profiles are known, but the rules for which IP addresses they apply to involve a decision tree of sorts.
Werner knows that the majority of nodes in the network will respond to one of four profiles:
- Profile "Copenhagen": SNMPv2c / read community copenhagen / Timeout 1800ms / Retry 1
- Profile "Vienna": SNMPv1 / read community vienna / Timeout 2500ms / Retry 2
- Profile "Princeton": SNMPv3 / user princeton / security level authNoPriv / auth proto SHA1 / auth passphrase newjersey
- Profile "Chapel Hill": SNMPv3 / user chapelhill / security level authPriv / auth proto MD5 / auth passphrase northcarolina / privacy protocol AES / privacy passphrase tarheels
Werner would like each of these four profiles to be "fitted", in turn, to every IP address that is added to OpenNMS. As soon as a profile is successfully fitted, the profile's details should be stored in the system-wide SNMP configuration for future use, and the fitting of further profiles should not occur.
Apart from the four common profiles identified above, Werner knows of several dozen more obscure profiles that should be tried in case none of the city-name profiles is found to be a fit. These obscure profiles should be "fitted" only to IP addresses whose reverse DNS hostnames match some pattern:
- Profile "Niels": SNMPv2c / read community niels / Timeout 1000ms / Retry 1 / applies only on hostnames that contain the substring .carlsberg.dk
- Profile "Erwin": SNMPv3 / user erwin / security level authNoPriv / auth protocol MD5 / auth passphrase thecatisimaginary / applies only on hostnames that match the regular expression .(vienna|graz)\.at
- Profile "Albert": SNMPv3 / user albert / security level authPriv / auth protocol SHA / auth passphrase emc2 / privacy protocol AES / privacy passphrase nodice / Timeout 3000ms / Retry 0 / applies only on hostnames that match the regular expression \.(general|special)\.
As with the universally-fitted (city) profiles, the personal-name profiles should be fitted in turn, and the first successful fit should result in the storage of that profile's details and the end of evaluation.
I have made separate stories for Werner's UI interaction for translating these profiles into configuration (
NMS-12168), and for the provisioning subsystem's behavior as guided by the resulting configuration ( NMS-12169).