Skip to content

Latest commit

 

History

History
879 lines (516 loc) · 21.5 KB

REFERENCE.md

File metadata and controls

879 lines (516 loc) · 21.5 KB
Raw

Reference

Table of Contents

Classes

  • snmp: Manage the Net-SNMP and Net-SNMP trap daemon package, service, and configuration.
  • snmp::client: Manage the Net-SNMP client package and configuration.

Defined types

  • snmp::snmpv3_user: Creates a SNMPv3 user with authentication and encryption paswords.

Functions

Private Functions

  • snmp::snmpv3_usm_hash: snmpv3_usm_hash.rb --- Calculate SNMPv3 USM hash for a passphrase

Classes

snmp

Manage the Net-SNMP and Net-SNMP trap daemon package, service, and configuration.

Examples

class { 'snmp':
  com2sec       => [ 'notConfigUser default PassW0rd' ],
  manage_client => true,
}

# Only configure and run the snmptrap daemon:
class { 'snmp':
  ro_community        => 'SeCrEt',
  service_ensure      => 'stopped',
  trap_service_ensure => 'running',
  trap_handlers       => [
    'default /usr/bin/perl /usr/bin/traptoemail me@somewhere.local',
    'IF-MIB::linkDown /home/nba/bin/traps down',
  ],
}

Parameters

The following parameters are available in the snmp class:

agentaddress

Data type: Array[String[1]]

An array of addresses, on which snmpd will listen for queries.

Default value: ['udp:127.0.0.1:161', 'udp6:[::1]:161']

snmptrapdaddr

Data type: Array[String[1]]

An array of addresses, on which snmptrapd will listen to receive incoming SNMP notifications.

Default value: ['udp:127.0.0.1:162', 'udp6:[::1]:162']

ro_community

Data type: Variant[Undef, String[1], Array[String[1]]]

Read-only (RO) community string or array for agent and snmptrap daemon.

Default value: 'public'

ro_community6

Data type: Variant[Undef, String[1], Array[String[1]]]

Read-only (RO) community string or array for IPv6 agent.

Default value: 'public'

rw_community

Data type: Variant[Undef, String[1], Array[String[1]]]

Read-write (RW) community string or array agent.

Default value: undef

rw_community6

Data type: Variant[Undef, String[1], Array[String[1]]]

Read-write (RW) community string or array for IPv6 agent.

Default value: undef

ro_network

Data type: Variant[Array, Stdlib::IP::Address::V4, Stdlib::IP::Address::V4::CIDR]

Network that is allowed to RO query the daemon. Can be string or array.

Default value: '127.0.0.1'

ro_network6

Data type: Variant[Array, Stdlib::IP::Address::V6, Stdlib::IP::Address::V6::CIDR]

Network that is allowed to RO query the daemon via IPv6. Can be string or array.

Default value: '::1'

rw_network

Data type: Variant[Array, Stdlib::IP::Address::V4, Stdlib::IP::Address::V4::CIDR]

Network that is allowed to RW query the daemon. Can be string or array.

Default value: '127.0.0.1'

rw_network6

Data type: Variant[Array, Stdlib::IP::Address::V6, Stdlib::IP::Address::V6::CIDR]

Network that is allowed to RW query the daemon via IPv6. Can be string or array.

Default value: '::1'

contact

Data type: String[1]

Responsible person for the SNMP system.

Default value: 'Unknown'

location

Data type: String[1]

Location of the SNMP system.

Default value: 'Unknown'

sysname

Data type: String[1]

Name of the system (hostname).

Default value: $facts['networking']['fqdn']

services

Data type: Integer

For a host system, a good value is 72 (application + end-to-end layers).

Default value: 72

com2sec

Data type: Array[String[1]]

An array of VACM com2sec mappings. Must provide SECNAME, SOURCE and COMMUNITY. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details.

Default value: ['notConfigUser default public']

com2sec6

Data type: Array[String[1]]

An array of VACM com2sec6 mappings. Must provide SECNAME, SOURCE and COMMUNITY. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details.

Default value: ['notConfigUser default public']

groups

Data type: Array[String[1]]

An array of VACM group mappings. Must provide GROUP, <v1|v2c|usm|tsm|ksm>, SECNAME. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details.

Default value:

[
    'notConfigGroup v1            notConfigUser',
    'notConfigGroup v2c           notConfigUser',
  ]
views

Data type: Array[String[1]]

An array of views that are available to query. Must provide VNAME, TYPE, OID, and [MASK]. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details.

Default value:

[
    'systemview    included   .1.3.6.1.2.1.1',
    'systemview    included   .1.3.6.1.2.1.25.1.1',
  ]
accesses

Data type: Array[String[1]]

An array of access controls that are available to query. Must provide GROUP, CONTEXT, <any|v1|v2c|usm|tsm|ksm>, LEVEL, PREFX, READ, WRITE, and NOTIFY. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details.

Default value:

[
    'notConfigGroup ""      any       noauth    exact  systemview none  none',
  ]
dlmod

Data type: Optional[Array[String[1]]]

Array of dlmod lines to add to the snmpd.conf file. Must provide NAME and PATH (ex. "cmaX /usr/lib64/libcmaX64.so"). See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbBD for details.

Default value: undef

extends

Data type: Optional[Array[String[1]]]

Array of extend lines to add to the snmpd.conf file. Must provide NAME, PROG and ARG. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbBA for details.

Default value: undef

pass

Data type: Optional[Array[String[1]]]

Array of pass lines to add to the snmpd.conf file. Must provide MIBOID and PROG. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbBB for details.

Default value: undef

pass_persist

Data type: Optional[Array[String[1]]]

Array of pass_persist lines to add to the snmpd.conf file. Must provide MIBOID and PROG. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbBB for details.

Default value: undef

snmpd_config

Data type: Optional[Array[String[1]]]

Safety valve. Array of lines to add to the snmpd.conf file. See http://www.net-snmp.org/docs/man/snmpd.conf.html for all options.

Default value: undef

disable_authorization

Data type: Enum['yes','no']

Disable all access control checks.

Default value: 'no'

do_not_log_traps

Data type: Enum['yes','no']

Disable the logging of notifications altogether.

Default value: 'no'

do_not_log_tcpwrappers

Data type: Enum['yes','no']

Disable the logging of tcpwrappers messages, e.g. "Connection from UDP: " messages in syslog.

Default value: 'no'

trap_handlers

Data type: Optional[Array[String[1]]]

An array of programs to invoke on receipt of traps. Must provide OID and PROGRAM (ex. "IF-MIB::linkDown /bin/traps down"). See http://www.net-snmp.org/docs/man/snmptrapd.conf.html#lbAI for details.

Default value: undef

trap_forwards

Data type: Optional[Array[String[1]]]

An array of destinations to send to on receipt of traps. Must provide OID and DESTINATION (ex. "IF-MIB::linkUp udp:1.2.3.5:162"). See http://www.net-snmp.org/docs/man/snmptrapd.conf.html#lbAI for details.

Default value: undef

snmptrapd_config

Data type: Optional[Array[String[1]]]

Safety valve. Array of lines to add to the snmptrapd.conf file. See http://www.net-snmp.org/docs/man/snmptrapd.conf.html for all options.

Default value: undef

manage_client

Data type: Boolean

Whether to install the Net-SNMP client package.

Default value: false

manage_snmptrapd

Data type: Boolean

Whether to install the Net-SNMP snmptrapd package. True by default, except on Darwin where there is no service available.

Default value: true

snmp_config

Data type: Optional[Array[String[1]]]

Safety valve. Array of lines to add to the client's global snmp.conf file. See http://www.net-snmp.org/docs/man/snmp.conf.html for all options.

Default value: undef

ensure

Data type: Enum['present','absent']

Ensure if present or absent.

Default value: 'present'

autoupgrade

Data type: Boolean

Upgrade package automatically, if there is a newer version.

Default value: false

manage_packages

Data type: Boolean

Controls whether module attempts to manage the packages for SNMPD. On by default, except on Darwin where it ships with the OS.

Default value: true

package_name

Data type: String[1]

Name of the package. Only set this if your platform is not supported or you know what you are doing.

Default value: 'net-snmp'

snmptrapd_package_name

Data type: Optional[String[1]]

Name of the package provinding snmptrapd. Only set this if your platform is not supported or you know what you are doing.

Default value: undef

snmpd_options

Data type: Optional[String[1]]

Commandline options passed to snmpd via init script.

Default value: undef

sysconfig

Data type: Stdlib::Absolutepath

Path to sysconfig file for snmpd.

Default value: '/etc/sysconfig/snmpd'

trap_sysconfig

Data type: Stdlib::Absolutepath

Path to sysconfig file for snmptrapd.

Default value: '/etc/sysconfig/snmptrapd'

trap_service_config

Data type: Stdlib::Absolutepath

Path to snmptrapd.conf.

Default value: '/etc/snmp/snmptrapd.conf'

service_config

Data type: Stdlib::Absolutepath

Path to snmpd.conf.

Default value: '/etc/snmp/snmpd.conf'

service_config_perms

Data type: Stdlib::Filemode

Set permissions for the service configuration file.

Default value: '0600'

service_config_dir_path

Data type: Stdlib::Absolutepath

Path to services configuration directory.

Default value: '/usr/local/etc/snmp'

service_config_dir_owner

Data type: String[1]

Owner for the service configuration directory.

Default value: 'root'

service_config_dir_group

Data type: String[1]

Set group ownership for the service configuration directory.

Default value: 'root'

service_config_dir_perms

Data type: String[1]

Mode of the service configuration directory.

Default value: '0755'

service_ensure

Data type: Stdlib::Ensure::Service

Ensure if service is running or stopped.

Default value: 'running'

service_name

Data type: String[1]

Name of SNMP service. Only set this if your platform is not supported or you know what you are doing.

Default value: 'snmpd'

service_enable

Data type: Boolean

Start service at boot.

Default value: true

service_hasstatus

Data type: Boolean

Service has status command.

Default value: true

service_hasrestart

Data type: Boolean

Service has restart command.

Default value: true

snmptrapd_options

Data type: Optional[String[1]]

Commandline options passed to snmptrapd via init script.

Default value: undef

trap_service_ensure

Data type: Stdlib::Ensure::Service

Ensure if service is running or stopped.

Default value: 'stopped'

trap_service_name

Data type: String[1]

Name of SNMP service Only set this if your platform is not supported or you know what you are doing.

Default value: 'snmptrapd'

trap_service_enable

Data type: Boolean

Start service at boot.

Default value: false

trap_service_hasstatus

Data type: Boolean

Service has status command.

Default value: true

trap_service_hasrestart

Data type: Boolean

Service has restart command.

Default value: true

openmanage_enable

Data type: Boolean

Adds the smuxpeer directive to the snmpd.conf file to allow net-snmp to talk with Dell's OpenManage

Default value: false

master

Data type: Boolean

Include the master option to enable AgentX registrations.

Default value: false

agentx_perms

Data type: Optional[Stdlib::Filemode]

Defines the permissions and ownership of the AgentX Unix Domain socket.

Default value: undef

agentx_ping_interval

Data type: Optional[Integer]

This will make the subagent try and reconnect every NUM seconds to the master if it ever becomes (or starts) disconnected.

Default value: undef

agentx_socket

Data type: Optional[String[1]]

Defines the address the master agent listens at, or the subagent should connect to.

Default value: undef

agentx_timeout

Data type: Integer[0]

Defines the timeout period (NUM seconds) for an AgentX request.

Default value: 1

agentx_retries

Data type: Integer[0]

Defines the number of retries for an AgentX request.

Default value: 5

snmpv2_enable

Data type: Boolean

Disable com2sec, group, and access in snmpd.conf

Default value: true

var_net_snmp

Data type: Stdlib::Absolutepath

Path to snmp's var directory.

Default value: '/var/lib/net-snmp'

varnetsnmp_perms

Data type: Stdlib::Filemode

Mode of var_net_snmp directory.

Default value: '0755'

varnetsnmp_owner

Data type: String[1]

Owner of var_net_snmp directory.

Default value: 'root'

varnetsnmp_group

Data type: String[1]

Group of var_net_snmp directory.

Default value: 'root'

snmp::client

Manage the Net-SNMP client package and configuration.

Examples

class { 'snmp::client':
  snmp_config => [
    'defVersion 2c',
    'defCommunity public',
  ],
}

Parameters

The following parameters are available in the snmp::client class:

ensure

Data type: Enum['present', 'absent']

Ensure if present or absent.

Default value: 'present'

snmp_config

Data type: Optional[Array[String[1]]]

Array of lines to add to the client's global snmp.conf file. See http://www.net-snmp.org/docs/man/snmp.conf.html for all options.

Default value: undef

autoupgrade

Data type: Boolean

Upgrade package automatically, if there is a newer version.

Default value: false

package_name

Data type: Optional[String[1]]

Name of the package. Only set this if your platform is not supported or you know what you are doing.

Default value: undef

client_config

Data type: Stdlib::Absolutepath

Path to snmp.conf.

Default value: '/etc/snmp/snmp.conf'

Defined types

snmp::snmpv3_user

Creates a SNMPv3 user with authentication and encryption paswords.

Examples

snmp::snmpv3_user { 'myuser':
  authtype => 'MD5',
  authpass => '1234auth',
  privpass => '5678priv',
}

Parameters

The following parameters are available in the snmp::snmpv3_user defined type:

authpass

Data type: String[8]

Authentication password for the user.

authtype

Data type: Enum['SHA','MD5']

Authentication type for the user. SHA or MD5

Default value: 'SHA'

privpass

Data type: Optional[String[8]]

Encryption password for the user.

Default value: undef

privtype

Data type: Enum['AES','DES']

Encryption type for the user. AES or DES

Default value: 'AES'

daemon

Data type: Enum['snmpd','snmptrapd']

Which daemon file in which to write the user. snmpd or snmptrapd

Default value: 'snmpd'