diff --git a/manifests/site.pp b/manifests/site.pp index e0439362d8..be629a7d08 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -7,8 +7,13 @@ import "doc_server" # TODO: refactor out of module # class openstack_base { include ssh + include snmpd include exim + class { 'iptables': + public_tcp_ports => $iptables_public_tcp_ports, + } + package { "ntp": ensure => installed } @@ -63,6 +68,7 @@ node default { # Long lived servers: # node "gerrit.openstack.org" { + $iptables_public_tcp_ports = [80, 443, 29418] include openstack_server class { 'gerrit': canonicalweburl => "https://review.openstack.org/", @@ -90,13 +96,10 @@ node "gerrit.openstack.org" { close_pull => 'true' } ] } - - class { 'iptables': - public_tcp_ports => [80, 443, 29418] - } } node "gerrit-dev.openstack.org" { + $iptables_public_tcp_ports = [80, 443, 29418] include openstack_server class { 'gerrit': canonicalweburl => "https://review-dev.openstack.org/", @@ -106,17 +109,11 @@ node "gerrit-dev.openstack.org" { close_pull => 'true' } ] } - - class { 'iptables': - public_tcp_ports => [80, 443, 29418] - } } node "community.openstack.org" { + $iptables_public_tcp_ports = [80, 443, 29418] include openstack_server - class { 'iptables': - public_tcp_ports => [80, 443] - } group { 'smaffulli': ensure => 'present' diff --git a/modules/snmpd/files/snmpd.conf b/modules/snmpd/files/snmpd.conf new file mode 100644 index 0000000000..14226dc86d --- /dev/null +++ b/modules/snmpd/files/snmpd.conf @@ -0,0 +1,195 @@ +# This file is managed by puppet. + +############################################################################### +# +# EXAMPLE.conf: +# An example configuration file for configuring the Net-SNMP agent ('snmpd') +# See the 'snmpd.conf(5)' man page for details +# +# Some entries are deliberately commented out, and will need to be explicitly activated +# +############################################################################### +# +# AGENT BEHAVIOUR +# + +# Listen for connections from the local system only +#agentAddress udp:127.0.0.1:161 +# Listen for connections on all interfaces (both IPv4 *and* IPv6) +#agentAddress udp:161,udp6:[::1]:161 + + + +############################################################################### +# +# SNMPv3 AUTHENTICATION +# +# Note that these particular settings don't actually belong here. +# They should be copied to the file /var/lib/snmp/snmpd.conf +# and the passwords changed, before being uncommented in that file *only*. +# Then restart the agent + +# createUser authOnlyUser MD5 "remember to change this password" +# createUser authPrivUser SHA "remember to change this one too" DES +# createUser internalUser MD5 "this is only ever used internally, but still change the password" + +# If you also change the usernames (which might be sensible), +# then remember to update the other occurances in this example config file to match. + + + +############################################################################### +# +# ACCESS CONTROL +# + + # system + hrSystem groups only +view systemonly included .1.3.6.1.2.1.1 +view systemonly included .1.3.6.1.2.1.25.1 + + # Full access from the local host +#rocommunity public localhost + # Default access to basic system info +rocommunity public default + + # Full access from an example network + # Adjust this network address to match your local + # settings, change the community string, + # and check the 'agentAddress' setting above +#rocommunity secret 10.0.0.0/16 + + # Full read-only access for SNMPv3 +# rouser authOnlyUser + # Full write access for encrypted requests + # Remember to activate the 'createUser' lines above +#rwuser authPrivUser priv + +# It's no longer typically necessary to use the full 'com2sec/group/access' configuration +# r[ou]user and r[ow]community, together with suitable views, should cover most requirements + + + +############################################################################### +# +# SYSTEM INFORMATION +# + +# Note that setting these values here, results in the corresponding MIB objects being 'read-only' +# See snmpd.conf(5) for more details +sysLocation Sitting on the Dock of the Bay +sysContact Me + # Application + End-to-End layers +sysServices 72 + + +# +# Process Monitoring +# + # At least one 'mountd' process +proc mountd + # No more than 4 'ntalkd' processes - 0 is OK +proc ntalkd 4 + # At least one 'sendmail' process, but no more than 10 +proc sendmail 10 1 + +# Walk the UCD-SNMP-MIB::prTable to see the resulting output +# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file + + +# +# Disk Monitoring +# + # 10MBs required on root disk, 5% free on /var, 10% free on all other disks +disk / 10000 +disk /var 5% +includeAllDisks 10% + +# Walk the UCD-SNMP-MIB::dskTable to see the resulting output +# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file + + +# +# System Load +# + # Unacceptable 1-, 5-, and 15-minute load averages +load 12 10 5 + +# Walk the UCD-SNMP-MIB::laTable to see the resulting output +# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file + + + +############################################################################### +# +# ACTIVE MONITORING +# + + # send SNMPv1 traps +# trapsink localhost public + # send SNMPv2c traps +#trap2sink localhost public + # send SNMPv2c INFORMs +#informsink localhost public + +# Note that you typically only want *one* of these three lines +# Uncommenting two (or all three) will result in multiple copies of each notification. + + +# +# Event MIB - automatically generate alerts +# + # Remember to activate the 'createUser' lines above +#iquerySecName internalUser +#rouser internalUser + # generate traps on UCD error conditions +#defaultMonitors yes + # generate traps on linkUp/Down +#linkUpDownNotifications yes + + + +############################################################################### +# +# EXTENDING THE AGENT +# + +# +# Arbitrary extension commands +# +# extend test1 /bin/echo Hello, world! +# extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35 +#extend-sh test3 /bin/sh /tmp/shtest + +# Note that this last entry requires the script '/tmp/shtest' to be created first, +# containing the same three shell commands, before the line is uncommented + +# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table +# and nsExtendOutput2Table) to see the resulting output + +# Note that the "extend" directive supercedes the previous "exec" and "sh" directives +# However, walking the UCD-SNMP-MIB::extTable should still returns the same output, +# as well as the fuller results in the above tables. + + +# +# "Pass-through" MIB extension command +# +#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest +#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl + +# Note that this requires one of the two 'passtest' scripts to be installed first, +# before the appropriate line is uncommented. +# These scripts can be found in the 'local' directory of the source distribution, +# and are not installed automatically. + +# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output + + +# +# AgentX Sub-agents +# + # Run as an AgentX master agent +# master agentx + # Listen for network connections (from localhost) + # rather than the default named socket /var/agentx/master +#agentXSocket tcp:localhost:705 diff --git a/modules/snmpd/manifests/init.pp b/modules/snmpd/manifests/init.pp new file mode 100644 index 0000000000..a2a1777f0d --- /dev/null +++ b/modules/snmpd/manifests/init.pp @@ -0,0 +1,15 @@ +class snmpd { + package { snmpd: ensure => present } + service { snmpd: + ensure => running, + hasrestart => true, + } + file { "/etc/snmp/snmpd.conf": + owner => 'root', + group => 'root', + mode => 444, + ensure => 'present', + source => 'puppet:///modules/snmpd/snmpd.conf', + replace => 'true', + } +}