Add option to configure snmpd auth type
MD5 will not work under FIPS. We need a way to configure the snmpd auth type to something other than MD5 (the other supported option is SHA). Otherwise snmpd will not start up under FIPS. Change-Id: I92e6c5283f6d0ba605fa2c0bcda6bea9041a0f4f
This commit is contained in:
parent
f13a4f489d
commit
ecd7f49175
|
@ -32,6 +32,10 @@
|
||||||
# THT via SnmpdReadonlyUserName and SnmpdReadonlyUserPassword.
|
# THT via SnmpdReadonlyUserName and SnmpdReadonlyUserPassword.
|
||||||
# Defaults to undef.
|
# Defaults to undef.
|
||||||
#
|
#
|
||||||
|
# [*snmpd_auth_type*]
|
||||||
|
# The SNMP auth type
|
||||||
|
# Defaults to hiera('snmpd_readonly_user_authtype') if set else 'MD5'
|
||||||
|
#
|
||||||
# [*snmpd_password*]
|
# [*snmpd_password*]
|
||||||
# The SNMP password
|
# The SNMP password
|
||||||
# Defaults to hiera('snmpd_readonly_user_password')
|
# Defaults to hiera('snmpd_readonly_user_password')
|
||||||
|
@ -47,13 +51,14 @@
|
||||||
#
|
#
|
||||||
class tripleo::profile::base::snmp (
|
class tripleo::profile::base::snmp (
|
||||||
$snmpd_config = undef,
|
$snmpd_config = undef,
|
||||||
|
$snmpd_auth_type = hiera('snmpd_readonly_user_authtype', 'MD5'),
|
||||||
$snmpd_password = hiera('snmpd_readonly_user_password'),
|
$snmpd_password = hiera('snmpd_readonly_user_password'),
|
||||||
$snmpd_user = hiera('snmpd_readonly_user_name'),
|
$snmpd_user = hiera('snmpd_readonly_user_name'),
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
) {
|
) {
|
||||||
if $step >= 4 {
|
if $step >= 4 {
|
||||||
snmp::snmpv3_user { $snmpd_user:
|
snmp::snmpv3_user { $snmpd_user:
|
||||||
authtype => 'MD5',
|
authtype => $snmpd_auth_type,
|
||||||
authpass => $snmpd_password,
|
authpass => $snmpd_password,
|
||||||
}
|
}
|
||||||
if $snmpd_config {
|
if $snmpd_config {
|
||||||
|
@ -63,7 +68,7 @@ class tripleo::profile::base::snmp (
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
class { 'snmp':
|
class { 'snmp':
|
||||||
snmpd_config => [ join(['createUser ', $snmpd_user, ' MD5 "', $snmpd_password, '"']),
|
snmpd_config => [ join(['createUser ', $snmpd_user, ' ', $snmpd_auth_type, ' "', $snmpd_password, '"']),
|
||||||
join(['rouser ', $snmpd_user]),
|
join(['rouser ', $snmpd_user]),
|
||||||
'proc cron',
|
'proc cron',
|
||||||
'includeAllDisks 10%',
|
'includeAllDisks 10%',
|
||||||
|
|
|
@ -44,6 +44,32 @@ describe 'tripleo::profile::base::snmp' do
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
context 'with default configuration and SHA' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:snmpd_user => 'ro_snmp_user',
|
||||||
|
:snmpd_password => 'secrete',
|
||||||
|
:snmpd_auth_type => 'SHA',
|
||||||
|
:step => 4,
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should configure snmpd with SHA' do
|
||||||
|
is_expected.to contain_class('snmp').with(
|
||||||
|
:snmpd_config => [
|
||||||
|
'createUser ro_snmp_user SHA "secrete"',
|
||||||
|
'rouser ro_snmp_user',
|
||||||
|
'proc cron',
|
||||||
|
'includeAllDisks 10%',
|
||||||
|
'master agentx',
|
||||||
|
'iquerySecName internalUser',
|
||||||
|
'rouser internalUser',
|
||||||
|
'defaultMonitors yes',
|
||||||
|
'linkUpDownNotifications yes',
|
||||||
|
]
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
context 'with snmpd_config setting' do
|
context 'with snmpd_config setting' do
|
||||||
let :params do
|
let :params do
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue