From dceb09d8862d09503cb778e6d01b1aa2acc7cf30 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Mon, 20 Aug 2018 15:31:55 -0700 Subject: [PATCH] Add snmpd role and add it to base Change-Id: I00bf872e8504efb26d20832f1da82da8cfe87258 --- modules/openstack_project/manifests/server.pp | 2 - playbooks/base.yaml | 1 + playbooks/roles/snmpd/README.rst | 1 + playbooks/roles/snmpd/handlers/main.yaml | 4 + playbooks/roles/snmpd/tasks/main.yaml | 28 +++ playbooks/roles/snmpd/templates/snmpd.conf | 195 ++++++++++++++++++ playbooks/roles/snmpd/vars/Debian.yaml | 2 + playbooks/roles/snmpd/vars/RedHat.yaml | 2 + testinfra/test_base.py | 6 + 9 files changed, 239 insertions(+), 2 deletions(-) create mode 100644 playbooks/roles/snmpd/README.rst create mode 100644 playbooks/roles/snmpd/handlers/main.yaml create mode 100644 playbooks/roles/snmpd/tasks/main.yaml create mode 100644 playbooks/roles/snmpd/templates/snmpd.conf create mode 100644 playbooks/roles/snmpd/vars/Debian.yaml create mode 100644 playbooks/roles/snmpd/vars/RedHat.yaml diff --git a/modules/openstack_project/manifests/server.pp b/modules/openstack_project/manifests/server.pp index 1cff766ce7..1d4c438725 100644 --- a/modules/openstack_project/manifests/server.pp +++ b/modules/openstack_project/manifests/server.pp @@ -41,6 +41,4 @@ class openstack_project::server ( origins => ["Puppetlabs:${lsbdistcodename}"], } - include snmpd - } diff --git a/playbooks/base.yaml b/playbooks/base.yaml index dba4d2ffcb..d8504ea21c 100644 --- a/playbooks/base.yaml +++ b/playbooks/base.yaml @@ -18,3 +18,4 @@ roles: - exim - iptables + - snmpd diff --git a/playbooks/roles/snmpd/README.rst b/playbooks/roles/snmpd/README.rst new file mode 100644 index 0000000000..c9c625c27b --- /dev/null +++ b/playbooks/roles/snmpd/README.rst @@ -0,0 +1 @@ +Installs and configures the net-snmp daemon diff --git a/playbooks/roles/snmpd/handlers/main.yaml b/playbooks/roles/snmpd/handlers/main.yaml new file mode 100644 index 0000000000..5fa7c5a253 --- /dev/null +++ b/playbooks/roles/snmpd/handlers/main.yaml @@ -0,0 +1,4 @@ +- name: Restart snmpd + service: + name: "{{ service_name }}" + state: restarted diff --git a/playbooks/roles/snmpd/tasks/main.yaml b/playbooks/roles/snmpd/tasks/main.yaml new file mode 100644 index 0000000000..10dc4ac425 --- /dev/null +++ b/playbooks/roles/snmpd/tasks/main.yaml @@ -0,0 +1,28 @@ +- name: Include OS-specific variables + include_vars: "{{ lookup('first_found', params) }}" + vars: + params: + files: "{{ distro_lookup_path }}" + paths: + - 'vars' + +- name: Install snmpd + package: + state: present + name: '{{ package }}' + +- name: Write snmpd config file + template: + src: snmpd.conf + dest: /etc/snmp/snmpd.conf + mode: 0444 + notify: + - Restart snmpd + +# We don't usually ensure services are running, but snmp is generally +# not public facing and is easy to overlook. +- name: Enable snmpd + service: + name: "{{ service_name }}" + enabled: true + state: started diff --git a/playbooks/roles/snmpd/templates/snmpd.conf b/playbooks/roles/snmpd/templates/snmpd.conf new file mode 100644 index 0000000000..c791ed54c2 --- /dev/null +++ b/playbooks/roles/snmpd/templates/snmpd.conf @@ -0,0 +1,195 @@ +############################################################################### +# +# EXAMPLE.conf: +# An example configuration file for configuring the Net-SNMP agent ('snmpd') +# See the 'snmpd.conf(5)' man page for details +# +# Some entries are deliberately commented out, and will need to be explicitly activated +# +############################################################################### +# +# AGENT BEHAVIOUR +# + +# Listen for connections from the local system only +#agentAddress udp:127.0.0.1:161 +# Listen for connections on all interfaces (both IPv4 *and* IPv6) +#agentAddress udp:161,udp6:[::1]:161 +agentAddress udp:161,udp6:161 + + + +############################################################################### +# +# SNMPv3 AUTHENTICATION +# +# Note that these particular settings don't actually belong here. +# They should be copied to the file /var/lib/snmp/snmpd.conf +# and the passwords changed, before being uncommented in that file *only*. +# Then restart the agent + +# createUser authOnlyUser MD5 "remember to change this password" +# createUser authPrivUser SHA "remember to change this one too" DES +# createUser internalUser MD5 "this is only ever used internally, but still change the password" + +# If you also change the usernames (which might be sensible), +# then remember to update the other occurances in this example config file to match. + + + +############################################################################### +# +# ACCESS CONTROL +# + + # system + hrSystem groups only +view systemonly included .1.3.6.1.2.1.1 +view systemonly included .1.3.6.1.2.1.25.1 + + # Full access from the local host +#rocommunity public localhost + # Default access to basic system info +rocommunity public default +rocommunity6 public default + + # Full access from an example network + # Adjust this network address to match your local + # settings, change the community string, + # and check the 'agentAddress' setting above +#rocommunity secret 10.0.0.0/16 + + # Full read-only access for SNMPv3 +# rouser authOnlyUser + # Full write access for encrypted requests + # Remember to activate the 'createUser' lines above +#rwuser authPrivUser priv + +# It's no longer typically necessary to use the full 'com2sec/group/access' configuration +# r[ou]user and r[ow]community, together with suitable views, should cover most requirements + + + +############################################################################### +# +# SYSTEM INFORMATION +# + +# Note that setting these values here, results in the corresponding MIB objects being 'read-only' +# See snmpd.conf(5) for more details +sysLocation Sitting on the Dock of the Bay +sysContact Me + # Application + End-to-End layers +sysServices 72 + + +# +# Process Monitoring +# + # At least one 'mountd' process +proc mountd + # No more than 4 'ntalkd' processes - 0 is OK +proc ntalkd 4 + # At least one 'sendmail' process, but no more than 10 +proc sendmail 10 1 + +# Walk the UCD-SNMP-MIB::prTable to see the resulting output +# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file + + +# +# Disk Monitoring +# + # 10MBs required on root disk, 5% free on /var, 10% free on all other disks +disk / 10000 +disk /var 5% +includeAllDisks 10% + +# Walk the UCD-SNMP-MIB::dskTable to see the resulting output +# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file + + +# +# System Load +# + # Unacceptable 1-, 5-, and 15-minute load averages +load 12 10 5 + +# Walk the UCD-SNMP-MIB::laTable to see the resulting output +# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file + + + +############################################################################### +# +# ACTIVE MONITORING +# + + # send SNMPv1 traps +# trapsink localhost public + # send SNMPv2c traps +#trap2sink localhost public + # send SNMPv2c INFORMs +#informsink localhost public + +# Note that you typically only want *one* of these three lines +# Uncommenting two (or all three) will result in multiple copies of each notification. + + +# +# Event MIB - automatically generate alerts +# + # Remember to activate the 'createUser' lines above +#iquerySecName internalUser +#rouser internalUser + # generate traps on UCD error conditions +#defaultMonitors yes + # generate traps on linkUp/Down +#linkUpDownNotifications yes + + + +############################################################################### +# +# EXTENDING THE AGENT +# + +# +# Arbitrary extension commands +# +# extend test1 /bin/echo Hello, world! +# extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35 +#extend-sh test3 /bin/sh /tmp/shtest + +# Note that this last entry requires the script '/tmp/shtest' to be created first, +# containing the same three shell commands, before the line is uncommented + +# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table +# and nsExtendOutput2Table) to see the resulting output + +# Note that the "extend" directive supercedes the previous "exec" and "sh" directives +# However, walking the UCD-SNMP-MIB::extTable should still returns the same output, +# as well as the fuller results in the above tables. + + +# +# "Pass-through" MIB extension command +# +#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest +#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl + +# Note that this requires one of the two 'passtest' scripts to be installed first, +# before the appropriate line is uncommented. +# These scripts can be found in the 'local' directory of the source distribution, +# and are not installed automatically. + +# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output + + +# +# AgentX Sub-agents +# + # Run as an AgentX master agent +# master agentx + # Listen for network connections (from localhost) + # rather than the default named socket /var/agentx/master +#agentXSocket tcp:localhost:705 diff --git a/playbooks/roles/snmpd/vars/Debian.yaml b/playbooks/roles/snmpd/vars/Debian.yaml new file mode 100644 index 0000000000..4b7e2fa623 --- /dev/null +++ b/playbooks/roles/snmpd/vars/Debian.yaml @@ -0,0 +1,2 @@ +package: snmpd +service_name: snmpd diff --git a/playbooks/roles/snmpd/vars/RedHat.yaml b/playbooks/roles/snmpd/vars/RedHat.yaml new file mode 100644 index 0000000000..e4fd4ebc31 --- /dev/null +++ b/playbooks/roles/snmpd/vars/RedHat.yaml @@ -0,0 +1,2 @@ +package: net-snmp +service_name: snmpd diff --git a/testinfra/test_base.py b/testinfra/test_base.py index d56d07e95e..ed4380f56f 100644 --- a/testinfra/test_base.py +++ b/testinfra/test_base.py @@ -80,3 +80,9 @@ def test_ntp(host): service = host.service("ntpd") assert service.is_running assert service.is_enabled + + +def test_snmp(host): + service = host.service("snmpd") + assert service.is_running + assert service.is_enabled