Receiving SNMP traps in a dockered ONMS

troubleshooting
how-to

#1

I use OpenNMS 23.0.1 in a Docker container. I already exposed the udp port 162 in my docker-compose.yml file.

For example:
"162:162/udp"

Within the container the port is open:

[09:51]root@onms:/etc/docker/compose/opennms# docker-compose exec horizon ss -ln | grep 162
udp    UNCONN     0      0         *:162                   *:*                  

The Docker host has udp6 port open:

[09:51]root@fdmon001-n1:/etc/docker/compose/opennms-config-ful# netstat -tulpn | grep 162
udp6       0      0 :::162                  :::*                                28997/docker-proxy

But I don’t get traps into OpenNMS.


#2

I also faced this issue :smile:

You are most certainly missing the following config file in your Minion setup:

/opt/minion/etc/org.opennms.netmgt.trapd.cfg
trapd.listen.port=162
trapd.listen.interface=0.0.0.0
trapd.queue.size=100000
trapd.includeRawMessag=true

Regards hope this helps,
Seb


#3

I don’t have a Minion in this setup. Some network devices like switches send traps to OpenNMS. It was working before I dockered my OpenNMS.


#4

Another issue I had with traps and docker was the permissions, try adding the below settings to your docker-compose (specially the last one)

sysctls:
  net.ipv4.ping_group_range: "0 429496729"
  net.ipv4.ip_unprivileged_port_start: 0

#6

@syepes Unfortunately it didn’t work.

docker-compose is complaining:

ERROR: for horizon  Cannot start service horizon: oci runtime error: container_linux.go:262: starting container process caused "process_linux.go:339: container init caused \"open /proc/sys/net/ipv4/ip_unprivileged_port_start: no such file or directory\""

There is no variable you mentioned in Ubuntu 18:

[14:03]root@onms # sudo sysctl -a | grep net.ipv4.ip.
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_dynaddr = 0
net.ipv4.ip_early_demux = 1
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv4.ip_local_port_range = 32768	60999
net.ipv4.ip_local_reserved_ports = 
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 0
net.ipv4.ipfrag_time = 30

#7

In the meantime I get traps into the container using the config I posted originally. :+1:


#8

Just as a thought. It is possible to use unprivileged ports inside the container for SNMP Traps like 1162/UDP and publish with 162:1162/udp in the docker-compose file. That way you don’t need extended privileges inside the container.