Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

an optional config file and a new HTTP query string to override walk param #601

Closed
wants to merge 3 commits into from
Closed

an optional config file and a new HTTP query string to override walk param #601

wants to merge 3 commits into from

Conversation

napw
Copy link

@napw napw commented Jan 17, 2021

No description provided.

@brian-brazil
Copy link
Contributor

Thanks for your PR. This appears to be duplicating part of the the existing module functionality, which there's no need to do as you can already have multiple modules.

@napw
Copy link
Author

napw commented Jan 19, 2021

Thanks for your PR. This appears to be duplicating part of the the existing module functionality, which there's no need to do as you can already have multiple modules.

multiple modules only are feasible when there are a small amount of devices or all devices having the same walk parameters. in my case, 97 network devices with all different community string and the size of final snmp.yml is almost 150MB, and most content of the file are repeats of metrics.

@SuperQ
Copy link
Member

SuperQ commented Jan 19, 2021

I've proposed something similar before. I was planning to completely split the auth section from the walk/get/metrics.

Then the URL params would be something like this:

  • auth an authentication module. (Defaults to default)
  • module the walk+metrics. (Defaults to if_mib)
  • target the target host. (Required)

This would provide an easier way to do per-device auth when you have a secure setup with SNMPv3.

And just to note for anyone seeing this thread. Community strings are not secrets, or passwords, or are in any way related to security. Only SNMPv3 has any security protection. You're doing nothing by having per-device v1/v2c community strings, it's window dressing. The community string is sent in plain text in every SNMP message over the wire.

@brian-brazil
Copy link
Contributor

multiple modules only are feasible when there are a small amount of devices or all devices having the same walk parameters. in my case, 97 network devices with all different community string and the size of final snmp.yml is almost 150MB, and most content of the file are repeats of metrics.

I don't see anything there that'd make it infeasible, that's not a lot of RAM.

Community strings are not secrets, or passwords, or are in any way related to security.

In Prometheus terms, community strings are secrets and are treated as such. In just the same way that basic auth passwords are.

Base automatically changed from master to main March 9, 2021 11:54
@peterhoeg
Copy link

@SuperQ , did you manage to get anywhere with splitting out the auth bit?

@dswarbrick dswarbrick mentioned this pull request Apr 15, 2023
Merged
@SuperQ
Copy link
Member

SuperQ commented Apr 15, 2023

Closing in favor of #859

@SuperQ SuperQ closed this Apr 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@napw @brian-brazil @SuperQ @peterhoeg