Add snmp v3 support

This create the snmp v3 user accounts. API Change : new variable for the snmp v3 user accounts: snmp_accounts: - name: user1 password: mypassword1 - name: user2 password: mypassword2 - name: user3 password: mypassword3 Signed-off-by: Florent CARLI <[email protected]>
seapath · Sep 13, 2024 · 49ae1e5 · 49ae1e5
1 parent 4cfad1c
commit 49ae1e5
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 2 deletions.
diff --git a/inventories/seapath_cluster_definition_example.yml b/inventories/seapath_cluster_definition_example.yml
@@ -358,3 +358,12 @@ all:
           IPv4_address 127.0.0.0/8
           IPv4_address 172.0.0.0/8
           IPv4_address 192.0.0.0/8
+
+        # Account to be created for SNMP v3 support. Optional.
+        #snmp_accounts:
+        #  - name: user1
+        #    password: mypassword1
+        #  - name: user2
+        #    password: mypassword2
+        #  - name: user3
+        #    password: mypassword3
diff --git a/inventories/seapath_standalone_definition_example.yml b/inventories/seapath_standalone_definition_example.yml
@@ -125,3 +125,12 @@ all:
                             # optional extra permissions to add to Debian-snmp sudoers file
                             extra_usersnmp_sudoers: |
                               {{ snmp_user_name }}     ALL = (hacluster) NOPASSWD:EXEC: /usr/local/bin/snmp_crmstatus.sh ""
+
+                            # Account to be created for SNMP v3 support. Optional.
+                            #snmp_accounts:
+                            #  - name: user1
+                            #    password: mypassword1
+                            #  - name: user2
+                            #    password: mypassword2
+                            #  - name: user3
+                            #    password: mypassword3
diff --git a/roles/snmp/tasks/main.yml b/roles/snmp/tasks/main.yml
@@ -1,4 +1,4 @@
-- name: Get distrebution variables
+- name: Get distribution variables
   include_vars: "../vars/{{ ansible_distribution | replace(' ', '_') }}_paths.yml"
 
 - name: configure snmp
@@ -77,6 +77,32 @@
       line: "After=network-online.target"
       state: present
 
+  - name: SNMP V3
+    block:
+      # restart is needed for /var/lib/snmp/snmpd.conf to exist
+      - name: restart snmpd
+        ansible.builtin.systemd:
+          name: snmpd.service
+          state: restarted
+          enabled: yes
+      - name: Stop service before snmp v3 related changed
+        ansible.builtin.service:
+          name: snmpd
+          state: stopped
+      - name: Remove usmUser lines in snmpd.conf
+        ansible.builtin.replace:
+          path: /var/lib/snmp/snmpd.conf
+          regexp: '^usmUser.*'
+          replace: ''
+      - name: Add new snmp v3 user account at the beginning of /var/lib/snmp/snmpd.conf
+        ansible.builtin.lineinfile:
+          path: /var/lib/snmp/snmpd.conf
+          line: "createUser {{ item.name }} SHA {{ item.password }} AES {{ item.password }}"
+          create: yes
+          insertbefore: BOF
+        loop: "{{ snmp_accounts }}"
+    when: snmp_accounts is defined and snmp_accounts | length > 0
+
   - name: restart snmpd
     ansible.builtin.systemd:
       name: snmpd.service
@@ -98,4 +124,3 @@
     state: stopped
     enabled: no
   when: snmp_admin_ip_addr is not defined
-