diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
| commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
| tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/snmp | |
| download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip | |
initial commit
Diffstat (limited to 'roles/snmp')
| -rw-r--r-- | roles/snmp/defaults/main.yml | 9 | ||||
| -rw-r--r-- | roles/snmp/handlers/main.yml | 4 | ||||
| -rw-r--r-- | roles/snmp/tasks/main.yml | 51 | ||||
| -rw-r--r-- | roles/snmp/templates/etc/snmp/snmpd.conf.j2 | 8 | ||||
| -rw-r--r-- | roles/snmp/vars/main.yml | 2 |
5 files changed, 74 insertions, 0 deletions
diff --git a/roles/snmp/defaults/main.yml b/roles/snmp/defaults/main.yml new file mode 100644 index 0000000..0569c3f --- /dev/null +++ b/roles/snmp/defaults/main.yml @@ -0,0 +1,9 @@ +snmp_location: unknown +snmp_contact: '{{ organization }} Sysadmins <root@{{ email_domain }}>' + +snmp_force_users: no + +snmp_v3_users: + - name: '{{ nagios_snmp_user }}' + auth_pass: '{{ nagios_snmp_auth_pass }}' + priv_pass: '{{ nagios_snmp_priv_pass }}' diff --git a/roles/snmp/handlers/main.yml b/roles/snmp/handlers/main.yml new file mode 100644 index 0000000..9c1d345 --- /dev/null +++ b/roles/snmp/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart snmpd + systemd: + name: snmpd + state: restarted diff --git a/roles/snmp/tasks/main.yml b/roles/snmp/tasks/main.yml new file mode 100644 index 0000000..e2ca90c --- /dev/null +++ b/roles/snmp/tasks/main.yml @@ -0,0 +1,51 @@ +- name: install packages + dnf: + name: '{{ snmp_packages }}' + state: present + +- name: generate config file + template: + src: etc/snmp/snmpd.conf.j2 + dest: /etc/snmp/snmpd.conf + mode: 0600 + notify: restart snmpd + +- name: open firewall ports + firewalld: + permanent: yes + immediate: yes + service: snmp + state: enabled + tags: firewalld + +- name: check if snmp users are defined + command: grep -q usmUser /var/lib/net-snmp/snmpd.conf + failed_when: no + changed_when: no + register: snmp_users_exist + +- name: add snmp users + block: + - name: stop snmpd + systemd: + name: snmpd + state: stopped + + - name: add snmpv3 users + lineinfile: + path: /var/lib/net-snmp/snmpd.conf + line: 'createUser {{ item.name }} SHA "{{ item.auth_pass }}" AES "{{ item.priv_pass }}"' + insertafter: EOF + create: yes + mode: 0600 + loop: '{{ snmp_v3_users }}' + loop_control: + label: '{{ item.name }}' + + - name: enable and start snmpd + systemd: + name: snmpd + enabled: yes + state: started + + when: snmp_users_exist.rc != 0 or snmp_force_users diff --git a/roles/snmp/templates/etc/snmp/snmpd.conf.j2 b/roles/snmp/templates/etc/snmp/snmpd.conf.j2 new file mode 100644 index 0000000..337e1c2 --- /dev/null +++ b/roles/snmp/templates/etc/snmp/snmpd.conf.j2 @@ -0,0 +1,8 @@ +syslocation {{ snmp_location }} +syscontact {{ snmp_contact }} + +dontLogTCPWrappersConnects yes + +{% for user in snmp_v3_users %} +rouser {{ user.name }} +{% endfor %} diff --git a/roles/snmp/vars/main.yml b/roles/snmp/vars/main.yml new file mode 100644 index 0000000..0f03433 --- /dev/null +++ b/roles/snmp/vars/main.yml @@ -0,0 +1,2 @@ +snmp_packages: + - net-snmp |