From dceb09d8862d09503cb778e6d01b1aa2acc7cf30 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Mon, 20 Aug 2018 15:31:55 -0700
Subject: [PATCH] Add snmpd role and add it to base
Change-Id: I00bf872e8504efb26d20832f1da82da8cfe87258
---
modules/openstack_project/manifests/server.pp | 2 -
playbooks/base.yaml | 1 +
playbooks/roles/snmpd/README.rst | 1 +
playbooks/roles/snmpd/handlers/main.yaml | 4 +
playbooks/roles/snmpd/tasks/main.yaml | 28 +++
playbooks/roles/snmpd/templates/snmpd.conf | 195 ++++++++++++++++++
playbooks/roles/snmpd/vars/Debian.yaml | 2 +
playbooks/roles/snmpd/vars/RedHat.yaml | 2 +
testinfra/test_base.py | 6 +
9 files changed, 239 insertions(+), 2 deletions(-)
create mode 100644 playbooks/roles/snmpd/README.rst
create mode 100644 playbooks/roles/snmpd/handlers/main.yaml
create mode 100644 playbooks/roles/snmpd/tasks/main.yaml
create mode 100644 playbooks/roles/snmpd/templates/snmpd.conf
create mode 100644 playbooks/roles/snmpd/vars/Debian.yaml
create mode 100644 playbooks/roles/snmpd/vars/RedHat.yaml
diff --git a/modules/openstack_project/manifests/server.pp b/modules/openstack_project/manifests/server.pp
index 1cff766ce7..1d4c438725 100644
--- a/modules/openstack_project/manifests/server.pp
+++ b/modules/openstack_project/manifests/server.pp
@@ -41,6 +41,4 @@ class openstack_project::server (
origins => ["Puppetlabs:${lsbdistcodename}"],
}
- include snmpd
-
}
diff --git a/playbooks/base.yaml b/playbooks/base.yaml
index dba4d2ffcb..d8504ea21c 100644
--- a/playbooks/base.yaml
+++ b/playbooks/base.yaml
@@ -18,3 +18,4 @@
roles:
- exim
- iptables
+ - snmpd
diff --git a/playbooks/roles/snmpd/README.rst b/playbooks/roles/snmpd/README.rst
new file mode 100644
index 0000000000..c9c625c27b
--- /dev/null
+++ b/playbooks/roles/snmpd/README.rst
@@ -0,0 +1 @@
+Installs and configures the net-snmp daemon
diff --git a/playbooks/roles/snmpd/handlers/main.yaml b/playbooks/roles/snmpd/handlers/main.yaml
new file mode 100644
index 0000000000..5fa7c5a253
--- /dev/null
+++ b/playbooks/roles/snmpd/handlers/main.yaml
@@ -0,0 +1,4 @@
+- name: Restart snmpd
+ service:
+ name: "{{ service_name }}"
+ state: restarted
diff --git a/playbooks/roles/snmpd/tasks/main.yaml b/playbooks/roles/snmpd/tasks/main.yaml
new file mode 100644
index 0000000000..10dc4ac425
--- /dev/null
+++ b/playbooks/roles/snmpd/tasks/main.yaml
@@ -0,0 +1,28 @@
+- name: Include OS-specific variables
+ include_vars: "{{ lookup('first_found', params) }}"
+ vars:
+ params:
+ files: "{{ distro_lookup_path }}"
+ paths:
+ - 'vars'
+
+- name: Install snmpd
+ package:
+ state: present
+ name: '{{ package }}'
+
+- name: Write snmpd config file
+ template:
+ src: snmpd.conf
+ dest: /etc/snmp/snmpd.conf
+ mode: 0444
+ notify:
+ - Restart snmpd
+
+# We don't usually ensure services are running, but snmp is generally
+# not public facing and is easy to overlook.
+- name: Enable snmpd
+ service:
+ name: "{{ service_name }}"
+ enabled: true
+ state: started
diff --git a/playbooks/roles/snmpd/templates/snmpd.conf b/playbooks/roles/snmpd/templates/snmpd.conf
new file mode 100644
index 0000000000..c791ed54c2
--- /dev/null
+++ b/playbooks/roles/snmpd/templates/snmpd.conf
@@ -0,0 +1,195 @@
+###############################################################################
+#
+# EXAMPLE.conf:
+# An example configuration file for configuring the Net-SNMP agent ('snmpd')
+# See the 'snmpd.conf(5)' man page for details
+#
+# Some entries are deliberately commented out, and will need to be explicitly activated
+#
+###############################################################################
+#
+# AGENT BEHAVIOUR
+#
+
+# Listen for connections from the local system only
+#agentAddress udp:127.0.0.1:161
+# Listen for connections on all interfaces (both IPv4 *and* IPv6)
+#agentAddress udp:161,udp6:[::1]:161
+agentAddress udp:161,udp6:161
+
+
+
+###############################################################################
+#
+# SNMPv3 AUTHENTICATION
+#
+# Note that these particular settings don't actually belong here.
+# They should be copied to the file /var/lib/snmp/snmpd.conf
+# and the passwords changed, before being uncommented in that file *only*.
+# Then restart the agent
+
+# createUser authOnlyUser MD5 "remember to change this password"
+# createUser authPrivUser SHA "remember to change this one too" DES
+# createUser internalUser MD5 "this is only ever used internally, but still change the password"
+
+# If you also change the usernames (which might be sensible),
+# then remember to update the other occurances in this example config file to match.
+
+
+
+###############################################################################
+#
+# ACCESS CONTROL
+#
+
+ # system + hrSystem groups only
+view systemonly included .1.3.6.1.2.1.1
+view systemonly included .1.3.6.1.2.1.25.1
+
+ # Full access from the local host
+#rocommunity public localhost
+ # Default access to basic system info
+rocommunity public default
+rocommunity6 public default
+
+ # Full access from an example network
+ # Adjust this network address to match your local
+ # settings, change the community string,
+ # and check the 'agentAddress' setting above
+#rocommunity secret 10.0.0.0/16
+
+ # Full read-only access for SNMPv3
+# rouser authOnlyUser
+ # Full write access for encrypted requests
+ # Remember to activate the 'createUser' lines above
+#rwuser authPrivUser priv
+
+# It's no longer typically necessary to use the full 'com2sec/group/access' configuration
+# r[ou]user and r[ow]community, together with suitable views, should cover most requirements
+
+
+
+###############################################################################
+#
+# SYSTEM INFORMATION
+#
+
+# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
+# See snmpd.conf(5) for more details
+sysLocation Sitting on the Dock of the Bay
+sysContact Me <me@example.org>
+ # Application + End-to-End layers
+sysServices 72
+
+
+#
+# Process Monitoring
+#
+ # At least one 'mountd' process
+proc mountd
+ # No more than 4 'ntalkd' processes - 0 is OK
+proc ntalkd 4
+ # At least one 'sendmail' process, but no more than 10
+proc sendmail 10 1
+
+# Walk the UCD-SNMP-MIB::prTable to see the resulting output
+# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
+
+
+#
+# Disk Monitoring
+#
+ # 10MBs required on root disk, 5% free on /var, 10% free on all other disks
+disk / 10000
+disk /var 5%
+includeAllDisks 10%
+
+# Walk the UCD-SNMP-MIB::dskTable to see the resulting output
+# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
+
+
+#
+# System Load
+#
+ # Unacceptable 1-, 5-, and 15-minute load averages
+load 12 10 5
+
+# Walk the UCD-SNMP-MIB::laTable to see the resulting output
+# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
+
+
+
+###############################################################################
+#
+# ACTIVE MONITORING
+#
+
+ # send SNMPv1 traps
+# trapsink localhost public
+ # send SNMPv2c traps
+#trap2sink localhost public
+ # send SNMPv2c INFORMs
+#informsink localhost public
+
+# Note that you typically only want *one* of these three lines
+# Uncommenting two (or all three) will result in multiple copies of each notification.
+
+
+#
+# Event MIB - automatically generate alerts
+#
+ # Remember to activate the 'createUser' lines above
+#iquerySecName internalUser
+#rouser internalUser
+ # generate traps on UCD error conditions
+#defaultMonitors yes
+ # generate traps on linkUp/Down
+#linkUpDownNotifications yes
+
+
+
+###############################################################################
+#
+# EXTENDING THE AGENT
+#
+
+#
+# Arbitrary extension commands
+#
+# extend test1 /bin/echo Hello, world!
+# extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35
+#extend-sh test3 /bin/sh /tmp/shtest
+
+# Note that this last entry requires the script '/tmp/shtest' to be created first,
+# containing the same three shell commands, before the line is uncommented
+
+# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
+# and nsExtendOutput2Table) to see the resulting output
+
+# Note that the "extend" directive supercedes the previous "exec" and "sh" directives
+# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
+# as well as the fuller results in the above tables.
+
+
+#
+# "Pass-through" MIB extension command
+#
+#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest
+#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl
+
+# Note that this requires one of the two 'passtest' scripts to be installed first,
+# before the appropriate line is uncommented.
+# These scripts can be found in the 'local' directory of the source distribution,
+# and are not installed automatically.
+
+# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
+
+
+#
+# AgentX Sub-agents
+#
+ # Run as an AgentX master agent
+# master agentx
+ # Listen for network connections (from localhost)
+ # rather than the default named socket /var/agentx/master
+#agentXSocket tcp:localhost:705
diff --git a/playbooks/roles/snmpd/vars/Debian.yaml b/playbooks/roles/snmpd/vars/Debian.yaml
new file mode 100644
index 0000000000..4b7e2fa623
--- /dev/null
+++ b/playbooks/roles/snmpd/vars/Debian.yaml
@@ -0,0 +1,2 @@
+package: snmpd
+service_name: snmpd
diff --git a/playbooks/roles/snmpd/vars/RedHat.yaml b/playbooks/roles/snmpd/vars/RedHat.yaml
new file mode 100644
index 0000000000..e4fd4ebc31
--- /dev/null
+++ b/playbooks/roles/snmpd/vars/RedHat.yaml
@@ -0,0 +1,2 @@
+package: net-snmp
+service_name: snmpd
diff --git a/testinfra/test_base.py b/testinfra/test_base.py
index d56d07e95e..ed4380f56f 100644
--- a/testinfra/test_base.py
+++ b/testinfra/test_base.py
@@ -80,3 +80,9 @@ def test_ntp(host):
service = host.service("ntpd")
assert service.is_running
assert service.is_enabled
+
+
+def test_snmp(host):
+ service = host.service("snmpd")
+ assert service.is_running
+ assert service.is_enabled