Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SNMP-inventory error (v 1.12) only ask for an (A-record) on ipv6 only hosts #1109

Open
thel1988 opened this issue Oct 21, 2024 · 8 comments
Open
Assignees
Labels
bug Something isn't working

Comments

@thel1988
Copy link

It run directly on DOCKER not kubernetes.
It seems we have hit a bit of an error when we a host in the inventory file which only have a ipv6 host-adress, which causes the inventory container to fail during startup, as it seems to only ask for an: A-record instead of a AAAA-record:

log from inventory container
{"message": "Group exampleipv6.com doesn't exist in the configuration. Treating exampleipv6.com as a hostname", "time": "2024-10-21T10:18:23.102008", "level": "WARNING"} {"message": "Exception raised for exampleipv6.com:161: 1 validation error for InventoryRecord\naddress\n field address must be an IP or a resolvable hostname exampleipv6.com (type=value_error)", "time": "2024-10-21T10:18:23.112384", "exc_info": "Traceback (most recent call last):\n File \"/app/.venv/lib/python3.10/site-packages/splunk_connect_for_snmp/inventory/loader.py\", line 209, in load\n ir = InventoryRecord(**new_source_record)\n File \"/app/.venv/lib/python3.10/site-packages/splunk_connect_for_snmp/common/inventory_record.py\", line 53, in __init__\n super().__init__(*args, **kwargs)\n File \"pydantic/main.py\", line 341, in pydantic.main.BaseModel.__init__\npydantic.error_wrappers.ValidationError: 1 validation error for InventoryRecord\naddress\n field address must be an IP or a resolvable hostname exampleipv6.com (type=value_error)", "level": "ERROR"}

Coredns log:
[INFO] [{src_ipv6}]:51761 - 1337 "A IN exampleipv6.com. udp 57 false 1200" NOERROR qr,rd,ra 141 0.002197727s

@ajasnosz
Copy link
Collaborator

Hello, could you attach how your group configuration and inventory looks like in yaml?

@thel1988
Copy link
Author

Ofcause:
Here you go
Inventory (Random ipv6):
address,port,version,community,secret,securityEngine,walk_interval,profiles,smart_profiles,delete 8c0e:9f54:bfdc:6ecd:7085:d0c0:786b:20e3,161,2c,public,,,60,,,

scheduler-config.yaml:
communities: 2c: public: communityIndex: contextEngineId: contextName: tag: securityName:

@ajasnosz
Copy link
Collaborator

The ipv6 address for the device is ip or hostname?
If it is a problem with resolving the hostname, I see that the configuration might be missing the ipv6 dns server. Below I will attach updated configuration for coredns files. You can remove the containers, and recreate them with new configuration.

In Corefile:

.:53 {
    log
    errors
    auto
    reload
    forward . 8.8.8.8 2001:4860:4860::8888
}

.env

COREDNS_ADDRESS_IPv6=fd02:0:0:0:7fff:ffff:ffff:ffff

If you configured different than default ipv6 subnet for sc4snmp_network, the COREDNS_ADDRESS_IPv6 should be assigned from that range.

docker-compose-coredns.yaml

version: '3.8'
services:
  coredns:
    image: ${COREDNS_IMAGE}:${COREDNS_TAG:-latest}
    command: ["-conf", "/Corefile"]
    container_name: coredns
    restart: on-failure
    expose:
        - '53'
        - '53/udp'
    volumes:
        - '${COREFILE_ABS_PATH}:/Corefile'
    networks:
        sc4snmp_network:
            ipv4_address: ${COREDNS_ADDRESS}
            ipv6_address: ${COREDNS_ADDRESS_IPv6}

Let me know if this solution was helpful.

@thel1988
Copy link
Author

The Hostname is normally resolvable from the host, but the coredns is not asked for a AAAA record, but an : A from the worker process.
I have already setup the corefile and the envs.

When traps are coming in with a IPV6 they are easily resolved to a hostname.
Coredns seems to already setup correctly:
Corefile:
IP have been masked for privacy reasons

.:53 {
    log
    errors
    auto
    reload
    forward . [2001:4860:4860::8888]:53
}

.env (IP have been masked, aka copied from your example):

COREDNS_ADDRESS=fd02:0:0:0:7fff:ffff:ffff:ffff

docker-compose-coredns.yaml:

      sc4snmp_network:
        ipv6_address: ${COREDNS_ADDRESS}

@ajasnosz
Copy link
Collaborator

The method responsible for host translation is supporting only ipv4 address resolution. That probably is main cause why only A request is sent. I will update the code with new method that will support both ipv4 and ipv6 and let you know when the new version is ready.

@ajasnosz ajasnosz self-assigned this Oct 22, 2024
@ajasnosz ajasnosz added the bug Something isn't working label Oct 22, 2024
@ajasnosz
Copy link
Collaborator

Hello,
The fix to the issue was developed and I published it on the docker repository. Could you change these 2 values in .env and test if the solution works in your environment?

SC4SNMP_IMAGE="ajasnosz558/sc4snmp-dev-hostname"
SC4SNMP_TAG="dns-fix"

@thel1988
Copy link
Author

It seems to get a little further now, but still hits a snag:

  line: [2024-10-23 12:20:45,213: ERROR/ForkPoolWorker-3] Task splunk_connect_for_snmp.snmp.tasks.walk[774bc6fa-bc99-4498-9c32-9b49e5bbc036] raised unexpected: UnpickleableExceptionWrapper('pysnmp.error', 'PySnmpError', ("Bad IPv4/UDP transport address xxxx.console.xxx.xxxx@161: [Errno -5] No address associated with hostnamecaused by <class 'socket.gaierror'>: [Errno -5] No address associated with hostname",), 'PySnmpError("Bad IPv4/UDP transport address xxxxxx.console.xxx.xxxxx@161: [Errno -5] No address associated with hostnamecaused by <class \'socket.gaierror\'>: [Errno -5] No address associated with hostname")')
   source: stderr
   tag: eba689586118

In Coredns i see the AAAA record request now:

"AAAA IN xxxxx.console.xxxx.xxx. udp 57 false 1200" NOERROR qr,rd,ra 113 0.002093611s

@ajasnosz
Copy link
Collaborator

Issue require release of new version with fixed DNS for IPv6. For now the quick fix is available with using the image:

image:
  repository: ajasnosz558/sc4snmp-dev-hostname
  tag: "dns-connection-fix"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants