Hey all,
I’ve been looking into managing snmp via ansible. Setting the /etc/snmp/snmpd.conf file is simple enough. Just a template call.
It’s setting up a snmp v3 user that has me stumped. To do so, I run “net-snmp-config --create-snmpv3-user”, then follow the prompts.
I haven’t tried it yet, but according to the help text,
–create-snmpv3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]
I can just run a command to create the user directly without the prompts. That works
But I’ve never been comfortable with running a command like that every time I run a playbook, and making some kind of init variable feels clunky to me.
So, does anyone have a better idea?
Anyone working on a module for snmp?
Not yet, but that might be something I have to do soon…
Looking at the documentation I could find it seems like that just adds two lines to two files then restarts snmpd.
OUTPUT
adding the following line to /var/lib/snmp/snmpd.conf:
createUser snmpv3user MD5 "snmpv3pass" DES
adding the following line to /usr/share/snmp/snmpd.conf:
rouser snmpv3user
If that is the case then surely there isn’t any issue with using Ansible to edit the files directly and then (if changed) restart the service?
Adam
Yeah, I’ve tried that. Didn’t work. Maybe I did it wrong… Hmm…
In the default snmpd.conf file that Ubuntu installs, it says NOT to put those lines in that file. So…
I know this is an old thread, but it came up in google, and I have a working solution now, so here it is.
The trick is to remember that /var/lib/snmp/snmpd.conf is overwritten from memory when snmpd shuts down, so it has to be off before you can write anything to it.
-
hosts: monitored
tasks:
-
name: make sure snmpd is installed
apt: name=snmpd state=present
-
name: make sure snmpd is off
service: name=snmpd state=stopped enabled=yes
-
name: make sure snmpd is configured
copy: src=snmpd.conf.etc dest=/etc/snmp/snmpd.conf
-
name: make sure snmpd has creds
lineinfile: dest=/var/lib/snmp/snmpd.conf line=‘createUser nis MD5 badpassword DES badpassword’
-
name: make sure snmpd is on
service: name=snmpd state=started
It would be nice to skip the restart if the credentials were already there, but since they are hashed there is no trivial way to check without the service restart.
on the up side, if the createUser line is redundant snmpd does not create an extra hash line, it just saves the one.
I originally tried adding the hashed credentail line before I discovered that the hash is generated with the snmpd serial#, so the hash will not validate unless generated on a machine with the same serial#
I’m glad that you wrote this down- I run snmpd on Ubuntu, and I suspect my setup only works accidentally.
Thanks. When I was initially working on my ansible role, I wasn’t stopping snmpd before editing the conf file. So, once I copied how you are doing things, it started working. 