opendev/system-config
Code Issues Proposed changes

Add snmpd role and add it to base

Browse Source 
Change-Id: I00bf872e8504efb26d20832f1da82da8cfe87258
This commit is contained in:
James E. Blair 2018-08-20 15:31:55 -07:00
parent 6ec51b4d00
commit dceb09d886
9 changed files with 239 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/openstack_project/manifests/server.pp
View File

@ -41,6 +41,4 @@ class openstack_project::server (
origins => ["Puppetlabs:${lsbdistcodename}"],
}
include snmpd
}

1
playbooks/base.yaml
View File

@ -18,3 +18,4 @@
roles:
- exim
- iptables
- snmpd

1
playbooks/roles/snmpd/README.rst Normal file
View File

@ -0,0 +1 @@
Installs and configures the net-snmp daemon

4
playbooks/roles/snmpd/handlers/main.yaml Normal file
View File

@ -0,0 +1,4 @@
- name: Restart snmpd
service:
name: "{{ service_name }}"
state: restarted

28
playbooks/roles/snmpd/tasks/main.yaml Normal file
View File

@ -0,0 +1,28 @@
- name: Include OS-specific variables
include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files: "{{ distro_lookup_path }}"
paths:
- 'vars'
- name: Install snmpd
package:
state: present
name: '{{ package }}'
- name: Write snmpd config file
template:
src: snmpd.conf
dest: /etc/snmp/snmpd.conf
mode: 0444
notify:
- Restart snmpd
# We don't usually ensure services are running, but snmp is generally
# not public facing and is easy to overlook.
- name: Enable snmpd
service:
name: "{{ service_name }}"
enabled: true
state: started

195
playbooks/roles/snmpd/templates/snmpd.conf Normal file
View File

@ -0,0 +1,195 @@
###############################################################################
#
# EXAMPLE.conf:
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See the 'snmpd.conf(5)' man page for details
#
# Some entries are deliberately commented out, and will need to be explicitly activated
#
###############################################################################
#
# AGENT BEHAVIOUR
#
# Listen for connections from the local system only
#agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161
agentAddress udp:161,udp6:161
###############################################################################
#
# SNMPv3 AUTHENTICATION
#
# Note that these particular settings don't actually belong here.
# They should be copied to the file /var/lib/snmp/snmpd.conf
# and the passwords changed, before being uncommented in that file *only*.
# Then restart the agent
# createUser authOnlyUser MD5 "remember to change this password"
# createUser authPrivUser SHA "remember to change this one too" DES
# createUser internalUser MD5 "this is only ever used internally, but still change the password"
# If you also change the usernames (which might be sensible),
# then remember to update the other occurances in this example config file to match.
###############################################################################
#
# ACCESS CONTROL
#
# system + hrSystem groups only
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
# Full access from the local host
#rocommunity public localhost
# Default access to basic system info
rocommunity public default
rocommunity6 public default
# Full access from an example network
# Adjust this network address to match your local
# settings, change the community string,
# and check the 'agentAddress' setting above
#rocommunity secret 10.0.0.0/16
# Full read-only access for SNMPv3
# rouser authOnlyUser
# Full write access for encrypted requests
# Remember to activate the 'createUser' lines above
#rwuser authPrivUser priv
# It's no longer typically necessary to use the full 'com2sec/group/access' configuration
# r[ou]user and r[ow]community, together with suitable views, should cover most requirements
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
# See snmpd.conf(5) for more details
sysLocation Sitting on the Dock of the Bay
sysContact Me <me@example.org>
# Application + End-to-End layers
sysServices 72
#
# Process Monitoring
#
# At least one 'mountd' process
proc mountd
# No more than 4 'ntalkd' processes - 0 is OK
proc ntalkd 4
# At least one 'sendmail' process, but no more than 10
proc sendmail 10 1
# Walk the UCD-SNMP-MIB::prTable to see the resulting output
# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
#
# Disk Monitoring
#
# 10MBs required on root disk, 5% free on /var, 10% free on all other disks
disk / 10000
disk /var 5%
includeAllDisks 10%
# Walk the UCD-SNMP-MIB::dskTable to see the resulting output
# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
#
# System Load
#
# Unacceptable 1-, 5-, and 15-minute load averages
load 12 10 5
# Walk the UCD-SNMP-MIB::laTable to see the resulting output
# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
###############################################################################
#
# ACTIVE MONITORING
#
# send SNMPv1 traps
# trapsink localhost public
# send SNMPv2c traps
#trap2sink localhost public
# send SNMPv2c INFORMs
#informsink localhost public
# Note that you typically only want *one* of these three lines
# Uncommenting two (or all three) will result in multiple copies of each notification.
#
# Event MIB - automatically generate alerts
#
# Remember to activate the 'createUser' lines above
#iquerySecName internalUser
#rouser internalUser
# generate traps on UCD error conditions
#defaultMonitors yes
# generate traps on linkUp/Down
#linkUpDownNotifications yes
###############################################################################
#
# EXTENDING THE AGENT
#
#
# Arbitrary extension commands
#
# extend test1 /bin/echo Hello, world!
# extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35
#extend-sh test3 /bin/sh /tmp/shtest
# Note that this last entry requires the script '/tmp/shtest' to be created first,
# containing the same three shell commands, before the line is uncommented
# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
# and nsExtendOutput2Table) to see the resulting output
# Note that the "extend" directive supercedes the previous "exec" and "sh" directives
# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
# as well as the fuller results in the above tables.
#
# "Pass-through" MIB extension command
#
#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest
#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl
# Note that this requires one of the two 'passtest' scripts to be installed first,
# before the appropriate line is uncommented.
# These scripts can be found in the 'local' directory of the source distribution,
# and are not installed automatically.
# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
#
# AgentX Sub-agents
#
# Run as an AgentX master agent
# master agentx
# Listen for network connections (from localhost)
# rather than the default named socket /var/agentx/master
#agentXSocket tcp:localhost:705

2
playbooks/roles/snmpd/vars/Debian.yaml Normal file
View File

@ -0,0 +1,2 @@
package: snmpd
service_name: snmpd

2
playbooks/roles/snmpd/vars/RedHat.yaml Normal file
View File

@ -0,0 +1,2 @@
package: net-snmp
service_name: snmpd

6
testinfra/test_base.py
View File

@ -80,3 +80,9 @@ def test_ntp(host):
service = host.service("ntpd")
assert service.is_running
assert service.is_enabled
def test_snmp(host):
service = host.service("snmpd")
assert service.is_running
assert service.is_enabled