e7c7f79f91
Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes NetCidrMapValue a list of ip networks. Iterate over the list of cidr' from the SnmpdNetwork entry in the cidr map and create firewall rules for each ip network. Partial: blueprint tripleo-routed-networks-templates Change-Id: I52080771f5ed0763f0d6a799c0c98a6dae94eafe
95 lines
3.1 KiB
YAML
95 lines
3.1 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
SNMP client configured with Puppet, to facilitate Ceilometer Hardware
|
|
monitoring in the undercloud. This service is required to enable hardware
|
|
monitoring.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
SnmpdReadonlyUserName:
|
|
default: ro_snmp_user
|
|
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
|
|
type: string
|
|
SnmpdReadonlyUserPassword:
|
|
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
|
|
type: string
|
|
hidden: true
|
|
SnmpdBindHost:
|
|
description: An array of bind host addresses on which SNMP daemon will listen.
|
|
type: comma_delimited_list
|
|
default: ['udp:161','udp6:[::1]:161']
|
|
SnmpdOptions:
|
|
description: A string containing the commandline options passed to snmpd
|
|
type: string
|
|
default: '-LS0-5d'
|
|
SnmpdIpSubnet:
|
|
default: ''
|
|
description: IP address/subnet on the snmpd network. If empty (default), SnmpdNetwork
|
|
will be taken.
|
|
type: string
|
|
conditions:
|
|
snmpd_network_unset: {equals : [{get_param: SnmpdIpSubnet}, '']}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the SNMP services
|
|
value:
|
|
service_name: snmp
|
|
config_settings:
|
|
tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
|
|
tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
|
|
snmp::agentaddress: {get_param: SnmpdBindHost}
|
|
snmp::snmpd_options: {get_param: SnmpdOptions}
|
|
tripleo::snmp::firewall_rules:
|
|
if:
|
|
- snmpd_network_unset
|
|
- map_merge:
|
|
repeat:
|
|
for_each:
|
|
<%net_cidr%>:
|
|
get_param:
|
|
- ServiceData
|
|
- net_cidr_map
|
|
- {get_param: [ServiceNetMap, SnmpdNetwork]}
|
|
template:
|
|
'124 snmp <%net_cidr%>':
|
|
dport: 161
|
|
proto: 'udp'
|
|
source: <%net_cidr%>
|
|
- '124 snmp':
|
|
dport: 161
|
|
proto: 'udp'
|
|
source: {get_param: SnmpdIpSubnet}
|
|
step_config: |
|
|
include ::tripleo::profile::base::snmp
|
|
upgrade_tasks:
|
|
- name: Stop snmp service
|
|
when: step|int == 1
|
|
service: name=snmpd state=stopped
|