Closed thel1988 closed 3 weeks ago
Hello, could you attach how your group configuration and inventory looks like in yaml?
Ofcause:
Here you go
Inventory (Random ipv6):
address,port,version,community,secret,securityEngine,walk_interval,profiles,smart_profiles,delete 8c0e:9f54:bfdc:6ecd:7085:d0c0:786b:20e3,161,2c,public,,,60,,,
scheduler-config.yaml:
communities: 2c: public: communityIndex: contextEngineId: contextName: tag: securityName:
The ipv6 address for the device is ip or hostname? If it is a problem with resolving the hostname, I see that the configuration might be missing the ipv6 dns server. Below I will attach updated configuration for coredns files. You can remove the containers, and recreate them with new configuration.
In Corefile:
.:53 {
log
errors
auto
reload
forward . 8.8.8.8 2001:4860:4860::8888
}
.env
COREDNS_ADDRESS_IPv6=fd02:0:0:0:7fff:ffff:ffff:ffff
If you configured different than default ipv6 subnet for sc4snmp_network, the COREDNS_ADDRESS_IPv6 should be assigned from that range.
docker-compose-coredns.yaml
version: '3.8'
services:
coredns:
image: ${COREDNS_IMAGE}:${COREDNS_TAG:-latest}
command: ["-conf", "/Corefile"]
container_name: coredns
restart: on-failure
expose:
- '53'
- '53/udp'
volumes:
- '${COREFILE_ABS_PATH}:/Corefile'
networks:
sc4snmp_network:
ipv4_address: ${COREDNS_ADDRESS}
ipv6_address: ${COREDNS_ADDRESS_IPv6}
Let me know if this solution was helpful.
The Hostname is normally resolvable from the host, but the coredns is not asked for a AAAA record, but an : A from the worker process. I have already setup the corefile and the envs.
When traps are coming in with a IPV6 they are easily resolved to a hostname. Coredns seems to already setup correctly: Corefile: IP have been masked for privacy reasons
.:53 {
log
errors
auto
reload
forward . [2001:4860:4860::8888]:53
}
.env (IP have been masked, aka copied from your example):
COREDNS_ADDRESS=fd02:0:0:0:7fff:ffff:ffff:ffff
docker-compose-coredns.yaml:
sc4snmp_network:
ipv6_address: ${COREDNS_ADDRESS}
The method responsible for host translation is supporting only ipv4 address resolution. That probably is main cause why only A request is sent. I will update the code with new method that will support both ipv4 and ipv6 and let you know when the new version is ready.
Hello,
The fix to the issue was developed and I published it on the docker repository. Could you change these 2 values in .env
and test if the solution works in your environment?
SC4SNMP_IMAGE="ajasnosz558/sc4snmp-dev-hostname"
SC4SNMP_TAG="dns-fix"
It seems to get a little further now, but still hits a snag:
line: [2024-10-23 12:20:45,213: ERROR/ForkPoolWorker-3] Task splunk_connect_for_snmp.snmp.tasks.walk[774bc6fa-bc99-4498-9c32-9b49e5bbc036] raised unexpected: UnpickleableExceptionWrapper('pysnmp.error', 'PySnmpError', ("Bad IPv4/UDP transport address xxxx.console.xxx.xxxx@161: [Errno -5] No address associated with hostnamecaused by <class 'socket.gaierror'>: [Errno -5] No address associated with hostname",), 'PySnmpError("Bad IPv4/UDP transport address xxxxxx.console.xxx.xxxxx@161: [Errno -5] No address associated with hostnamecaused by <class \'socket.gaierror\'>: [Errno -5] No address associated with hostname")')
source: stderr
tag: eba689586118
In Coredns i see the AAAA record request now:
"AAAA IN xxxxx.console.xxxx.xxx. udp 57 false 1200" NOERROR qr,rd,ra 113 0.002093611s
Issue require release of new version with fixed DNS for IPv6. For now the quick fix is available with using the image:
image:
repository: ajasnosz558/sc4snmp-dev-hostname
tag: "dns-connection-fix"
Hello, The fix is released in version 1.12.1. You can switch to it and let us know if it works fine.
It seems to work. Could you however look into having the envs to the IP's placed sc4snmp_network setup both for ipv4 and ipv6, so we don't need to alter the compose file?
networks:
sc4snmp_network:
name: sc4snmp_network
enable_ipv6: ${IPv6_ENABLED:-false}
config:
- subnet: 172.28.0.0/16
gateway: 172.28.0.1
I will take that point into consideration for next improvements.
As the root cause of this bug is resolved I will close this issue. If you find the problems related to this fix, you can reopen it.
It run directly on DOCKER not kubernetes. It seems we have hit a bit of an error when we a host in the inventory file which only have a ipv6 host-adress, which causes the inventory container to fail during startup, as it seems to only ask for an: A-record instead of a AAAA-record:
log from inventory container
{"message": "Group exampleipv6.com doesn't exist in the configuration. Treating exampleipv6.com as a hostname", "time": "2024-10-21T10:18:23.102008", "level": "WARNING"} {"message": "Exception raised for exampleipv6.com:161: 1 validation error for InventoryRecord\naddress\n field address must be an IP or a resolvable hostname exampleipv6.com (type=value_error)", "time": "2024-10-21T10:18:23.112384", "exc_info": "Traceback (most recent call last):\n File \"/app/.venv/lib/python3.10/site-packages/splunk_connect_for_snmp/inventory/loader.py\", line 209, in load\n ir = InventoryRecord(**new_source_record)\n File \"/app/.venv/lib/python3.10/site-packages/splunk_connect_for_snmp/common/inventory_record.py\", line 53, in __init__\n super().__init__(*args, **kwargs)\n File \"pydantic/main.py\", line 341, in pydantic.main.BaseModel.__init__\npydantic.error_wrappers.ValidationError: 1 validation error for InventoryRecord\naddress\n field address must be an IP or a resolvable hostname exampleipv6.com (type=value_error)", "level": "ERROR"}
Coredns log:
[INFO] [{src_ipv6}]:51761 - 1337 "A IN exampleipv6.com. udp 57 false 1200" NOERROR qr,rd,ra 141 0.002197727s