Add snmpd role

This commit is contained in:
Salt 2021-08-08 13:26:39 -05:00
parent caadf375f2
commit 39d2f932cf
28 changed files with 619 additions and 0 deletions

View File

@ -53,3 +53,7 @@ roles:
- name: factorio
src: bplower.factorio
version: master
# Upstream: https://github.com/Oefenweb/ansible-snmpd
- name: snmpd
src: oefenweb.snmpd
version: master

View File

@ -0,0 +1,3 @@
---
warn_list:
- '106'

80
roles/snmpd/.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,80 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: '30 1 * * 3'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v2
- name: Set up Python 3
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies
run: pip install ansible-lint[community,yamllint]
- name: Lint code
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
defaults:
run:
working-directory: "${{ github.repository }}"
needs:
- lint
strategy:
fail-fast: false
matrix:
include:
- distro: debian8
- distro: debian9
- distro: debian10
- distro: ubuntu1604
ansible-version: '>=2.8, <2.9'
- distro: ubuntu1604
ansible-version: '>=2.9, <2.10'
- distro: ubuntu1604
ansible-version: '>=2.10, <2.11'
- distro: ubuntu1604
- distro: ubuntu1804
- distro: ubuntu2004
steps:
- name: Check out the codebase
uses: actions/checkout@v2
with:
path: "${{ github.repository }}"
- name: Set up Python 3
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies
run: pip install 'ansible${{ matrix.ansible-version }}' molecule[docker] docker
- name: Run Molecule tests
run: |
molecule test
env:
ANSIBLE_FORCE_COLOR: '1'
ANSIBLE_VERBOSITY: '2'
MOLECULE_DEBUG: '1'
MOLECULE_DISTRO: "${{ matrix.distro }}"
PY_COLORS: '1'

View File

@ -0,0 +1,20 @@
---
name: Release
'on':
push:
tags:
- '*'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v2
- name: Publish to Galaxy
uses: robertdebock/galaxy-action@1.1.0
with:
galaxy_api_key: ${{ secrets.GALAXY_API_KEY }}

30
roles/snmpd/.gitignore vendored Normal file
View File

@ -0,0 +1,30 @@
# OS generated files #
######################
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
Icon?
ehthumbs.db
Thumbs.db
# IDE files #
#################
/.settings
/.buildpath
/.project
/nbproject
*.komodoproject
*.kpf
/.idea
# Vagrant files #
.virtualbox/
.vagrant/
vagrant_ansible_inventory_*
ansible.cfg
# Other files #
###############
!empty

15
roles/snmpd/.yamllint Normal file
View File

@ -0,0 +1,15 @@
---
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
truthy: disable
ignore: |
.tox/

20
roles/snmpd/Dockerfile Normal file
View File

@ -0,0 +1,20 @@
FROM ubuntu:16.04
MAINTAINER Mischa ter Smitten <mtersmitten@oefenweb.nl>
# python
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
apt-get clean
RUN curl -sL https://bootstrap.pypa.io/pip/2.7/get-pip.py | python -
RUN rm -rf $HOME/.cache
# ansible
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev net-tools iproute2 ethtool && \
apt-get clean
RUN pip install ansible==2.9.15
RUN rm -rf $HOME/.cache
# provision
COPY . /etc/ansible/roles/ansible-role
WORKDIR /etc/ansible/roles/ansible-role
RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local

19
roles/snmpd/LICENSE.txt Normal file
View File

@ -0,0 +1,19 @@
Copyright (c) Oefenweb.nl <https://github.com/Oefenweb>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

74
roles/snmpd/README.md Normal file
View File

@ -0,0 +1,74 @@
## snmpd
[![CI](https://github.com/Oefenweb/ansible-snmpd/workflows/CI/badge.svg)](https://github.com/Oefenweb/ansible-snmpd/actions?query=workflow%3ACI)
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-snmpd-blue.svg)](https://galaxy.ansible.com/Oefenweb/snmpd)
Set up snmp(d) in Debian-like systems.
#### Requirements
On **Debian** the **non-free** repository must be enabled to download the `snmp-mibs-downloader` package,
on **Ubuntu** this package is in **multiverse**. See the *"Recommended"* section below.
#### Variables
* `snmpd_install` [default: `[lm-sensors]`]: Additional packages to install
* `snmpd_mibs` [default: `UCD-SNMP-MIB`]: MIBs to load
* `snmpd_run` [default: `true`]: Snmpd control (true means start daemon)
* `snmpd_opts` [default: `'-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'`]: Snmpd options (use syslog, close stdin/out/err)
* `snmpd_trapd_run` [default: `false`]: Snmptrapd control (true means start daemon)
* `snmpd_trapd_opts` [default: `'-Lsd -p /var/run/snmptrapd.pid'`]: Snmptrapd options (use syslog)
* `snmpd_snmpd_compat` [default: `false`]: Create symlink on Debian legacy location to official RFC path
* `snmpd_agent_address` [default: `['udp:161', 'udp6:[::1]:161']: Agent address
* `snmpd_internal_user`: [default: see defaults.yml]: Internal user. **Make sure to change!**
* `snmpd_users`: [default: see defaults.yml]: Additional users. **Make sure to change!**
* `snmpd_sys_location` [default: `''`]: System location
* `snmpd_sys_contact` [default: `Root <root@localhost>`]: System contact
* `snmpd_sys_description` [default: `{{ inventory_hostname }}`]: System description
* `snmpd_disks_include_all`: [default: `false`]: Include all disks mounted on the system in the SNMP table
* `snmpd_disks_include_all_threshold_minpercent`: [default: `10%`]: Minimum free space specified as a percentage
* `snmpd_disks`: [default: `[]`]: List of disk paths and their corresponding thresholds to be included in the SNMP table
* `snmpd_disks.{n}.path`: [required]: The disks mountpoint (e.g. `/`)
* `snmpd_disks.{n}.threshold`: [required]: The disks minimum threshold either be specified in kB (MINSPACE) or as a percentage of the total disk (MINPERCENT% with a '%' character) (e.g. `10%`)
* `snmpd_default_monitors` [default: `true`]: Configure the Event `MIB` tables to monitor the various `UCD-SNMP-MIB` tables for problems
* `snmpd_link_up_down_notifications` [default: `true`]: Configure the Event `MIB` tables to monitor the `fTable` for network interfaces being taken up or down, and triggering a `linkUp` or `linkDown` notification as appropriate
* `snmpd_extensions`: [default: `[]`]: Extension MIB declaration(s)
* `snmpd_extensions.{n}.name`: [required]: An identifying string for the extension
* `snmpd_extensions.{n}.prog`: [required]: The program to run
* `snmpd_extensions.{n}.args`: [default: `[]`]: The arguments to give the program
## Dependencies
None
## Recommended
* `ansible-apt` ([see](https://github.com/Oefenweb/ansible-apt), to manage `apt` repositories (in `/etc/apt/sources.list`)
#### Example
```yaml
---
- hosts: all
roles:
- snmpd
```
#### License
MIT
#### Author Information
Mischa ter Smitten
#### Feedback, bug-reports, requests, ...
Are [welcome](https://github.com/Oefenweb/ansible-snmpd/issues)!

70
roles/snmpd/Vagrantfile vendored Normal file
View File

@ -0,0 +1,70 @@
# -*- mode: ruby -*-
# vi: set ft=ruby ts=2 sw=2 tw=0 et :
role = File.basename(File.expand_path(File.dirname(__FILE__)))
boxes = [
{
:name => "ubuntu-1604",
:box => "bento/ubuntu-16.04",
:ip => '10.0.0.12',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1804",
:box => "bento/ubuntu-18.04",
:ip => '10.0.0.13',
:cpu => "50",
:ram => "384"
},
{
:name => "ubuntu-2004",
:box => "bento/ubuntu-20.04",
:ip => '10.0.0.14',
:cpu => "50",
:ram => "384"
},
{
:name => "debian-8",
:box => "bento/debian-8",
:ip => '10.0.0.16',
:cpu => "50",
:ram => "256"
},
{
:name => "debian-9",
:box => "bento/debian-9",
:ip => '10.0.0.17',
:cpu => "50",
:ram => "256"
},
{
:name => "debian-10",
:box => "bento/debian-10",
:ip => '10.0.0.18',
:cpu => "50",
:ram => "256"
},
]
Vagrant.configure("2") do |config|
boxes.each do |box|
config.vm.define box[:name] do |vms|
vms.vm.box = box[:box]
vms.vm.hostname = "ansible-#{role}-#{box[:name]}"
vms.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]]
v.customize ["modifyvm", :id, "--memory", box[:ram]]
end
vms.vm.network :private_network, ip: box[:ip]
vms.vm.provision :ansible do |ansible|
ansible.playbook = "tests/vagrant.yml"
ansible.verbose = "vv"
end
end
end
end

View File

@ -0,0 +1,39 @@
# defaults file
---
snmpd_install:
- lm-sensors
snmpd_mibs: UCD-SNMP-MIB
snmpd_run: true
snmpd_opts: '-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
snmpd_trapd_run: false
snmpd_trapd_opts: '-Lsd -p /var/run/snmptrapd.pid'
snmpd_snmpd_compat: false
snmpd_agent_address:
- 'udp:161'
- 'udp6:[::1]:161'
snmpd_internal_user:
username: internalUser
password: '=9zeba&hEpr3799sE_a!'
auth_protocol: MD5
snmpd_users:
- username: john-doe
password: '!ahab#ub_uk#2uhEThu6'
type: rouser
auth_protocol: SHA
privacy_passphrase: 'zusTAqEpHacEs9eju44@'
privacy_protocol: AES
snmpd_sys_location: 'Unknown'
snmpd_sys_contact: Root <root@localhost>
snmpd_sys_description: "{{ inventory_hostname }}"
snmpd_sys_services: 72
snmpd_disks_include_all: false
snmpd_disks_include_all_threshold: '10%'
snmpd_disks: []
snmpd_default_monitors: true
snmpd_link_up_down_notifications: true

0
roles/snmpd/files/empty Normal file
View File

View File

@ -0,0 +1,7 @@
# handlers file
---
- name: restart snmpd
service:
name: snmpd
state: restarted
when: service_default_state | default('started') == 'started'

View File

@ -0,0 +1,2 @@
install_date: 'Sun 08 Aug 2021 06:26:26 PM '
version: master

24
roles/snmpd/meta/main.yml Normal file
View File

@ -0,0 +1,24 @@
# meta file
---
galaxy_info:
namespace: oefenweb
role_name: snmpd
author: Mischa ter Smitten
company: Oefenweb.nl B.V.
description: Set up snmp(d) in Debian-like systems
license: MIT
min_ansible_version: 2.8.0
platforms:
- name: Ubuntu
versions:
- xenial
- bionic
- focal
- name: Debian
versions:
- jessie
- stretch
- buster
galaxy_tags:
- system
dependencies: []

View File

@ -0,0 +1,9 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: include vars
include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml"
roles:
- ../../../

View File

@ -0,0 +1,19 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1604}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
prepare: prepare.yml
converge: converge.yml
verify: verify.yml

View File

@ -0,0 +1,9 @@
---
- name: Prepare
hosts: all
become: true
pre_tasks:
- name: include vars
include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml"
- name: include tasks
include: "{{ playbook_dir }}/../../tests/tasks/pre.yml"

View File

@ -0,0 +1,5 @@
---
- name: Verify
hosts: all
become: true
tasks: []

View File

@ -0,0 +1,57 @@
# tasks file
---
- name: install dependencies
apt:
name: "{{ snmpd_dependencies }}"
state: "{{ apt_install_state | default('latest') }}"
update_cache: true
cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}"
tags:
- configuration
- snmpd
- snmpd-dependencies
- name: install
apt:
name: "{{ snmpd_install }}"
state: "{{ apt_install_state | default('latest') }}"
tags:
- configuration
- snmpd
- snmpd-install
- name: update configuration file - /etc/default/snmpd.conf
template:
src: etc/default/snmpd.j2
dest: /etc/default/snmpd
owner: root
group: root
mode: 0644
notify: restart snmpd
tags:
- configuration
- snmpd
- snmpd-configuration
- name: update configuration file - /etc/snmp/snmpd.conf
template:
src: etc/snmp/snmpd.conf.j2
dest: /etc/snmp/snmpd.conf
owner: root
group: root
mode: 0600
notify: restart snmpd
tags:
- configuration
- snmpd
- snmpd-configuration
- name: start and enable service
service:
name: snmpd
state: "{{ service_default_state | default('started') }}"
enabled: "{{ service_default_enabled | default(true) | bool }}"
tags:
- configuration
- snmpd
- snmpd-start-enable-service

View File

@ -0,0 +1,24 @@
# {{ ansible_managed }}
# This file controls the activity of snmpd and snmptrapd
# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS={{ snmpd_mibs }}
# snmpd control (yes means start daemon).
SNMPDRUN={{ 'yes' if snmpd_run else 'no' }}
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='{{ snmpd_opts }}'
# snmptrapd control (yes means start daemon). As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run. See snmpd.conf(5) for how to do this.
TRAPDRUN={{ 'yes' if snmpd_trapd_run else 'no' }}
# snmptrapd options (use syslog).
TRAPDOPTS='{{ snmpd_trapd_opts }}'
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT={{ 'yes' if snmpd_snmpd_compat else 'no' }}

View File

@ -0,0 +1,42 @@
# {{ ansible_managed }}
agentAddress {{ snmpd_agent_address | join(',') }}
createUser {{ snmpd_internal_user.username }} {{ snmpd_internal_user.auth_protocol }} "{{ snmpd_internal_user.password }}"
{% for snmpd_user in snmpd_users %}
createUser {{ snmpd_user.username }} {{ snmpd_user.auth_protocol }} "{{ snmpd_user.password }}" {{ snmpd_user.privacy_protocol }} "{{ snmpd_user.privacy_passphrase }}"
{% endfor %}
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
rouser authOnlyUser
{% for snmpd_user in snmpd_users %}
{{ snmpd_user.type }} {{ snmpd_user.username }}
{% endfor %}
sysLocation {{ snmpd_sys_location }}
sysContact {{ snmpd_sys_contact }}
{% if snmpd_sys_description %}
sysDescr {{ snmpd_sys_description }}
{% endif %}
sysServices {{ snmpd_sys_services }}
iquerySecName {{ snmpd_internal_user.username }}
rouser {{ snmpd_internal_user.username }}
{% if snmpd_disks_include_all %}
includeAllDisks {{ snmpd_disks_include_all_threshold_minpercent }}
{% endif %}
{% for snmpd_disk in snmpd_disks %}
disk {{ snmpd_disk.path }} {{ snmpd_disk.threshold }}
{% endfor %}
defaultMonitors {{ 'yes' if snmpd_default_monitors else 'no' }}
linkUpDownNotifications {{ 'yes' if snmpd_link_up_down_notifications else 'no' }}
{% for snmpd_extension in snmpd_extensions | default([]) %}
extend {{ snmpd_extension.name }} {{ snmpd_extension.prog }} {{ snmpd_extension.args | default([]) | join(' ') }}
{% endfor %}
master agentx

View File

@ -0,0 +1 @@
localhost

View File

@ -0,0 +1,14 @@
# pre test file
---
- name: enable non-free
apt_repository:
repo: "{{ item.type }} {{ item.url }} {{ item.component }}"
filename: non-free
with_items:
- type: deb
url: "http://ftp.nl.debian.org/debian/ {{ ansible_distribution_release }}"
component: contrib non-free
- type: deb-src
url: "http://ftp.nl.debian.org/debian/ {{ ansible_distribution_release }}"
component: contrib non-free
when: ansible_distribution == 'Debian'

View File

@ -0,0 +1,12 @@
# tests file for snmpd
---
- hosts: localhost
connection: local
become: true
pre_tasks:
- name: include vars
include_vars: "{{ playbook_dir }}/vars/main.yml"
- name: include tasks
include: "{{ playbook_dir }}/tasks/pre.yml"
roles:
- ../../

View File

@ -0,0 +1,10 @@
# test file
---
- hosts: all
remote_user: vagrant
become: true
pre_tasks:
- name: include tasks
include: "{{ playbook_dir }}/tasks/pre.yml"
roles:
- ../../

View File

@ -0,0 +1,4 @@
# vars file
---
snmpd_agent_address:
- "udp:{{ ansible_lo['ipv4']['address'] }}:10161"

View File

@ -0,0 +1,6 @@
# vars file
---
snmpd_dependencies:
- snmpd
- snmp
- snmp-mibs-downloader