Add auth type for snmpd readonly user

By default, the auth type for the snmpd user is MD5.  This fails on
a FIPS enabled system, resulting in snmpd not starting correctly.
This change provides an option to specify the auth type to something
that is supported ('SHA')

Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/813087
Change-Id: Ie07cb10e1c6b81cff29177fb724feffc69a5dc68
This commit is contained in:
Ade Lee 2021-10-07 17:25:54 -04:00
parent 20311a0a50
commit e2f6aec3e5
2 changed files with 11 additions and 0 deletions

View File

@ -29,6 +29,10 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SnmpdReadonlyUserAuthType:
default: MD5
description: The user auth type for SNMPd with readonly rights running on all Overcloud nodes
type: string
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
@ -80,6 +84,7 @@ outputs:
proto: 'udp'
source: <%net_cidr%>
config_settings:
tripleo::profile::base::snmp::snmpd_auth_type: {get_param: SnmpdReadonlyUserAuthType}
tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
snmp::agentaddress: {get_param: SnmpdBindHost}

View File

@ -0,0 +1,6 @@
---
features:
- |
Add parameter to set the auth type for the snmpd_user. Possible options are
MD5 (which is what was hardcoded before and is the default now) and SHA. This
should be set to SHA on FIPS environments.