Puppet module to manage Net-SNMP.
This Puppet module manages the installation and configuration of Net-SNMP client, server, and trap server. It also can create a SNMPv3 user with authentication and privacy passwords.
Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring the health and welfare of network and computer equipment. Net-SNMP implements SNMP v1, SNMP v2c, and SNMP v3 using both IPv4 and IPv6. This Puppet module manages the installation and configuration of the Net-SNMP client, server, and trap server. It also can create a SNMPv3 user with authentication and privacy passwords.
Only platforms that have Net-SNMP available are supported. This module will not work with AIX or Solaris SNMP.
This declaration will get you the SNMP daemon listening on the loopback IPv4 and IPv6 addresses with a v1 and v2c read-only community of 'public'.
include snmp
snmp::server
and snmp::trapd
have been merged into class snmp
. All of their class parameters available in the snmp
class.The parameter install_client
is renamed to manage_client
.
Support for Puppet < 4 is removed.
The parameters ro_community
, rw_community
, ro_network
, and rw_network
will be removed.
The snmptrapd parameter name will become authcommunity
.
Most interaction with the snmp module can be done through the main snmp class. This means you can simply toggle the parameters in ::snmp
to have most functionality of the module. Additional fuctionality can be achieved by only utilizing the ::snmp::client
class or the ::snmp::snmpv3_user
define.
To install the SNMP service listening on all IPv4 and IPv6 interfaces:
class { 'snmp':
agentaddress => [ 'udp:161', 'udp6:161' ],
}
To change the SNMP community from the default value and limit the netblocks that can use it:
class { 'snmp':
agentaddress => [ 'udp:161', ],
ro_community => 'myPassword',
ro_network => '192.168.0.0/16',
}
Or more than one community:
class { 'snmp':
agentaddress => [ 'udp:161', ],
ro_community => [ 'myPassword', 'myOtherPassword', ],
}
To set the responsible person and location of the SNMP system:
class { 'snmp':
contact => '[email protected]',
location => 'Phoenix, Arizona, U.S.A., Earth, Milky Way',
}
If you just want to install the SNMP client:
include snmp::client
To install the SNMP service and the client:
class { 'snmp':
manage_client => true,
}
To install the SNMP service but not install the snmptrapd service
class { 'snmp':
manage_snmptrapd => false,
}
If you want to pass client configuration stanzas to the snmp.conf file:
class { 'snmp':
snmp_config => [
'defVersion 2c',
'defCommunity public',
'mibdirs +/usr/local/share/snmp/mibs',
],
}
To only configure and run the snmptrap daemon:
class { 'snmp':
service_ensure => 'stopped',
trap_service_ensure => 'running',
trap_service_enable => true,
snmptrapdaddr => [ 'udp:162', ],
trap_handlers => [
'default /usr/bin/perl /usr/bin/traptoemail [email protected]', # optional
'TRAP-TEST-MIB::demo-trap /home/user/traptest.sh demo-trap', # optional
],
trap_forwards => [ 'default udp:55.55.55.55:162' ], # optional
}
To install a SNMP version 3 user for snmpd:
snmp::snmpv3_user { 'myuser':
authpass => '1234auth',
privpass => '5678priv',
}
class { 'snmp':
snmpd_config => [ 'rouser myuser authPriv' ],
}
To install a SNMP version 3 user for snmptrapd:
snmp::snmpv3_user { 'myuser':
authpass => 'SeCrEt',
privpass => 'PhRaSe',
daemon => 'snmptrapd',
}
With traditional access control, you can give a simple password and (optional) network restriction:
class { 'snmp':
ro_community => 'myPassword',
ro_network => '10.0.0.0/8',
}
and it becomes this in snmpd.conf:
rocommunity myPassword 10.0.0.0/8
This says that any host on network 10.0.0.0/8 can read any SNMP value via SNMP versions 1 and 2c as long as they provide the password 'myPassword'.
With View-based Access Control Model (VACM), you can do this (more complex) configuration instead:
class { 'snmp':
com2sec => ['mySecName 10.0.0.0/8 myPassword'],
groups => ['myGroupName v1 mySecName',
'myGroupName v2c mySecName'],
views => ['everyThing included .'],
accesses => ['myGroupName "" any noauth exact everyThing none none'],
}
where the variables have the following meanings:
and it becomes this in snmpd.conf:
com2sec mySecName 10.0.0.0/8 myPassword
group myGroupName v1 mySecName
group myGroupName v2c mySecName
view everyThing included .
access myGroupName "" any noauth exact everyThing none none
This also says that any host on network 10.0.0.0/8 can read any SNMP value via SNMP versions 1 and 2c as long as they provide the password 'myPassword'. But it also gives you the ability to change any of those variables.
Reference: Manpage of snmpd.conf - Access Control
In traditional access control, you can also pass multiple networks for the community string.
class { 'snmp':
ro_community => 'shibboleth',
ro_network => [ '192.168.0.0/16', '1.2.3.4/32', ],
}
and it becomes this in snmpd.conf:
rocommunity shibboleth 192.168.0.0/16
rocommunity shibboleth 1.2.3.4/32
See in file REFERENCE.md.
Net-SNMP module support is available with these operating systems:
agentaddress
and snmptrapdaddr
to change this
configuration.snmpwalk -v 2c -c public localhost system
will function.This module is maintained by Vox Pupuli. Voxpupuli welcomes new contributions to this module. We are happy to provide guidance if necessary.
Please see CONTRIBUTING.md for information on how to contribute.
Licensed under the Apache License, Version 2.0.