Creating a secret with SNMP v3 users data
This section shows how to create a secret with the sample SNMP V3 user settings (specified in
JSON) below. This setting contains two users netcoolTrap and netcoolInform, which is the same as the
example in SNMP V3 Security User
Configuration.
- name: netcoolTrap
authEncryptionMethod: MD5
authEncryptionPassword: tr4psMD5
privacyEncryptionMethod: DES
privacyEncryptionPassword: tr4psDES
authEngineIdentifier: '0x0102030405'
- name: netcoolInform
authEncryptionMethod: MD5
authEncryptionPassword: 1nformsMD5
privacyEncryptionMethod: DES
privacyEncryptionPassword: 1nformsDES
authEngineIdentifier: ''- For the user setting above, the entries that needs to be used are shown below. Save these
entries in a file.
- Save the above entries into a file called
users.txt.
$ cat <<EOF >> users.txt > createUser -e 0x0102030405 netcoolTrap MD5 tr4psMD5 DES tr4psDES > createUser netcoolInform MD5 1nformsMD5 DES 1nformsDES > EOF $ cat users.txt createUser -e 0x0102030405 netcoolTrap MD5 tr4psMD5 DES tr4psDES createUser netcoolInform MD5 1nformsMD5 DES 1nformsDES - Encode the contents of users.txt using Base64 encoding. Note: When using the base64 utility on
Darwin/macOS users should avoid using the -b option to split long lines. Conversely Linux users
should add the option -w 0 to base64 commands or the pipeline base64 | tr -d '\n' if -w option is
not
available.
$ base64 users.txt Y3JlYXRlVXNlciAtZSAweDAxMDIwMzA0MDUgbmV0Y29vbFRyYXAgTUQ1IHRyNHBzTUQ1IERFUyB0cjRwc0RFUwpjcmVhdGVVc2Vy IG5ldGNvb2xJbmZvcm0gTUQ1IDFuZm9ybXNNRDUgREVTIDFuZm9ybXNERVMK - Then insert the base64 encoded string into a secret.yaml file with mttrapd.conf as the key as
shown below. This file will create a new Kubernetes secret with the called
my-snmp-probe-snmpv3-users
# Secrets created separately from the release apiVersion: v1 kind: Secret metadata: name: my-snmp-probe-snmpv3-users type: Opaque data: mttrapd.conf : Y3JlYXRlVXNlciAtZSAweDAxMDIwMzA0MDUgbmV0Y29vbFRyYXAgTUQ1IHRyNHBzTUQ1IERFUyB0cjRwc0R FUwpjcmVhdGVVc2VyIG5ldGNvb2xJbmZvcm0gTUQ1IDFuZm9ybXNNRDUgREVTIDFuZm9ybXNERVMK - Use the following command to create the secret on Kubernetes in the default namespace and to
verify that the secret is created
correctly.
$ kubectl -n default apply -f secret.yaml secret "my-snmp-probe-snmpv3-users" created $ kubectl get secrets my-snmp-probe-snmpv3-users --namespace default -o yaml apiVersion: v1 data: mttrapd.conf: Y3JlYXRlVXNlciAtZSAweDAxMDIwMzA0MDUgbmV0Y29vbFRyYXAgTUQ1IHRyNHBzTUQ1IERFUyB0cjRwc0RF UwpjcmVhdGVVc2VyIG5ldGNvb2xJbmZvcm0gTUQ1IDFuZm9ybXNNRDUgREVTIDFuZm9ybXNERVMK kind: Secret metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","data":{"mttrapd.conf":"Y3JlYXRlVXNlciAtZSAweDAxMDIwMzA0MDUgbmV0Y29vbFRyYXA gTUQ1IHRyNHBzTUQ1IERFUyB0cjRwc0RFUwpjcmVhdGVVc2VyIG5ldGNvb2xJbmZvcm0gTUQ1IDFuZm9ybXNNRDUgREVTIDFuZm9 ybXNERVMK"},"kind":"Secret","metadata":{"annotations":{},"name":"my-snmp-probe-snmpv3-users", "namespace":"default"},"type":"Opaque"} creationTimestamp: 2018-07-20T03:54:14Z name: my-snmp-probe-snmpv3-users namespace: default resourceVersion: "2520884" selfLink: /api/v1/namespaces/default/secrets/my-snmp-probe-snmpv3-users uid: 91a034ec-8bd0-11e8-983d-005056a0a011 type: Opaque - With the secret above created, set the SNMP Probe probe.snmpv3.secretName
to
my-snmp-probe-snmpv3-usersto use the pre-created secret.