Add auth type for snmpd readonly user

By default, the auth type for the snmpd user is MD5. This fails on a FIPS enabled system, resulting in snmpd not starting correctly. This change provides an option to specify the auth type to something that is supported ('SHA') Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/813087 Change-Id: Ie07cb10e1c6b81cff29177fb724feffc69a5dc68
2021-10-07 17:25:54 -04:00 · 2021-10-07 17:25:54 -04:00 · e2f6aec3e5
commit e2f6aec3e5
parent 20311a0a50
2 changed files with 11 additions and 0 deletions
--- a/deployment/snmp/snmp-baremetal-puppet.yaml
+++ b/deployment/snmp/snmp-baremetal-puppet.yaml
@ -29,6 +29,10 @@ parameters:
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
+  SnmpdReadonlyUserAuthType:
+    default: MD5
+    description: The user auth type for SNMPd with readonly rights running on all Overcloud nodes
+    type: string
  SnmpdReadonlyUserName:
    default: ro_snmp_user
    description: The user name for SNMPd with readonly rights running on all Overcloud nodes
@ -80,6 +84,7 @@ outputs:
                    proto: 'udp'
                    source: <%net_cidr%>
      config_settings:
+        tripleo::profile::base::snmp::snmpd_auth_type: {get_param: SnmpdReadonlyUserAuthType}
        tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
        tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
        snmp::agentaddress: {get_param: SnmpdBindHost}
--- a/releasenotes/notes/add-authtype-for-snmp-readonly-user-c90c9e5a12c92893.yaml
+++ b/releasenotes/notes/add-authtype-for-snmp-readonly-user-c90c9e5a12c92893.yaml
@ -0,0 +1,6 @@
+---
+features:
+   - |
+     Add parameter to set the auth type for the snmpd_user.  Possible options are
+     MD5 (which is what was hardcoded before and is the default now) and SHA.  This
+     should be set to SHA on FIPS environments.