Anyone managing snmp on Ubuntu with Ansible?
2,208 views
Skip to first unread message
David Reagan
Jan 23, 2014, 8:25:26 PM1/23/14
to ansible...@googlegroups.com
Hey all,
I've been looking into managing snmp via ansible. Setting the /etc/snmp/snmpd.conf file is simple enough. Just a template call.
It's setting up a snmp v3 user that has me stumped. To do so, I run "net-snmp-config --create-snmpv3-user", then follow the prompts.
I haven't tried it yet, but according to the help text,
> --create-snmpv3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]
I can just run a command to create the user directly without the prompts. That works
But I've never been comfortable with running a command like that every time I run a playbook, and making some kind of init variable feels clunky to me.
So, does anyone have a better idea?
Anyone working on a module for snmp?
I've been looking into managing snmp via ansible. Setting the /etc/snmp/snmpd.conf file is simple enough. Just a template call.
It's setting up a snmp v3 user that has me stumped. To do so, I run "net-snmp-config --create-snmpv3-user", then follow the prompts.
I haven't tried it yet, but according to the help text,
> --create-snmpv3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]
I can just run a command to create the user directly without the prompts. That works
But I've never been comfortable with running a command like that every time I run a playbook, and making some kind of init variable feels clunky to me.
So, does anyone have a better idea?
Anyone working on a module for snmp?
Adam Morris
Jan 29, 2014, 1:32:07 PM1/29/14
to ansible...@googlegroups.com
Not yet, but that might be something I have to do soon...
Looking at the documentation I could find it seems like that just adds two lines to two files then restarts snmpd.
## OUTPUT ##
adding the following line to /var/lib/snmp/snmpd.conf: createUser snmpv3user MD5 "snmpv3pass" DES adding the following line to /usr/share/snmp/snmpd.conf: rouser snmpv3user
If that is the case then surely there isn't any issue with using Ansible to edit the files directly and then (if changed) restart the service?
Adam
David Reagan
Jan 29, 2014, 1:45:58 PM1/29/14
to ansible...@googlegroups.com
Yeah, I've tried that. Didn't work. Maybe I did it wrong... Hmm...
In the default snmpd.conf file that Ubuntu installs, it says NOT to put those lines in that file. So...--David Reagan
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/-hRkjQFmFsw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
dga...@iww.org
Aug 19, 2014, 11:03:37 AM8/19/14
to ansible...@googlegroups.com
I know this is an old thread, but it came up in google, and I have a working solution now, so here it is.
The trick is to remember that /var/lib/snmp/snmpd.conf is overwritten from memory when snmpd shuts down, so it has to be off before you can write anything to it.
- hosts: monitored
tasks:
- name: make sure snmpd is installed
apt: name=snmpd state=present
- name: make sure snmpd is off
service: name=snmpd state=stopped enabled=yes
- name: make sure snmpd is configured
copy: src=snmpd.conf.etc dest=/etc/snmp/snmpd.conf
- name: make sure snmpd has creds
lineinfile: dest=/var/lib/snmp/snmpd.conf line='createUser nis MD5 badpassword DES badpassword'
- name: make sure snmpd is on
service: name=snmpd state=started
It would be nice to skip the restart if the credentials were already there, but since they are hashed there is no trivial way to check without the service restart.
on the up side, if the createUser line is redundant snmpd does not create an extra hash line, it just saves the one.
I originally tried adding the hashed credentail line before I discovered that the hash is generated with the snmpd serial#, so the hash will not validate unless generated on a machine with the same serial#
Henry Finucane
Aug 23, 2014, 4:58:00 PM8/23/14
to ansible...@googlegroups.com
I'm glad that you wrote this down- I run snmpd on Ubuntu, and I suspect my setup only works accidentally.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8f7fbfe3-f709-41a9-b047-cb8f02250d3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
David Reagan
Aug 28, 2014, 6:08:03 PM8/28/14
to ansible...@googlegroups.com
Thanks. When I was initially working on my ansible role, I wasn't stopping snmpd before editing the conf file. So, once I copied how you are doing things, it started working. :)
--David Reagan
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/-hRkjQFmFsw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8f7fbfe3-f709-41a9-b047-cb8f02250d3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages