salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add and enable snmpd

Browse Source
This commit is contained in:
Salt 2020-07-24 03:25:23 -05:00
parent c6195d3def
commit 703ee97e91
5 changed files with 220 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
inventory/group_vars/9iron.yml
View File

@ -91,3 +91,27 @@ nextcloud_mysql_password: !vault |
3332313764623133630a393731613236373837316437653265636663666261383135636662373566
61373135303632336237333836353764646639633735323566346366623766646266
nextcloud_url: "nc.9iron.club"
# snmpd
snmp_location: "us-east-2"
snmp_contact: "Salt <rehashedsalt@cock.li>"
snmp_auth_user_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
36373662333533616331623933343364663532326261653636363732323138633836356633623934
6561333833343432353561366438313165383163366131630a653163666463356462633966666330
38323965303639356635613565633030373836643132336332373730303137376165616163646538
3162616233366236350a626130643230323264343938373134653034636232303130623134393531
61366330316330646137336161623166343835316432363433373333323232383166
snmp_priv_user_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
61316538316630333662633665646364356138613730633334653761626636633836363335383965
6332303265323236383130383366336662626331613866340a636139366135313134303538613833
61383662306163663634333538343733663836633834373462616265366365626533366334383031
6265643764656461320a313137326430386532653538346462323463386538303966303830343037
63333632656534333334383666666138353435383938623934663766623735656533
snmp_int_user_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
31616561323762653439346630653231646137626638383930346437323139666163316131333534
6463313537316230363735346236323033386562373032330a326261393039663539353738643465
36666136663930663463373731663534316232643637623732346331383737643233626235613439
3733366462613133620a386336303434303130313636356339633939623638366236346234376566
65386530663137393830636134653632623366333837616364396161666464613166

8
roles/snmpd/handlers/main.yml Normal file
View File

@ -0,0 +1,8 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: restart snmpd
systemd:
name: snmpd
state: restarted
become: yes

21
roles/snmpd/tasks/main.yml Normal file
View File

@ -0,0 +1,21 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Install snmpd
block:
- name: Install snmpd
apt:
name:
- snmpd
- name: Template out config
template:
src: snmpd.conf
dest: /etc/snmp/snmpd.conf
mode: "0600"
notify: restart snmpd
- name: Enable snmpd
systemd:
name: snmpd
enabled: yes
state: started
become: yes

165
roles/snmpd/templates/snmpd.conf Normal file
View File

@ -0,0 +1,165 @@
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161
# Create users
createUser authOnlyUser SHA {{ snmp_auth_user_pass }}
createUser authPrivUser SHA {{ snmp_priv_user_pass }}
createUser internalUser SHA {{ snmp_int_user_pass }}
###############################################################################
#
# ACCESS CONTROL
#
# system + hrSystem groups only
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
# Full access from the local host
#rocommunity public localhost
# Default access to basic system info
rocommunity public default -V systemonly
# rocommunity6 is for IPv6
rocommunity6 public default -V systemonly
# Full access from an example network
# Adjust this network address to match your local
# settings, change the community string,
# and check the 'agentAddress' setting above
#rocommunity secret 10.0.0.0/16
# Full read-only access for SNMPv3
rouser authOnlyUser
# Full write access for encrypted requests
# Remember to activate the 'createUser' lines above
#rwuser authPrivUser priv
# It's no longer typically necessary to use the full 'com2sec/group/access' configuration
# r[ow]user and r[ow]community, together with suitable views, should cover most requirements
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
# See snmpd.conf(5) for more details
sysLocation {{ snmp_location }}
sysContact {{ snmp_contact }}
# Application + End-to-End layers
sysServices 72
#
# Process Monitoring
#
# At least one 'mountd' process
proc mountd
# No more than 4 'ntalkd' processes - 0 is OK
proc ntalkd 4
# At least one 'sendmail' process, but no more than 10
proc sendmail 10 1
# Walk the UCD-SNMP-MIB::prTable to see the resulting output
# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
#
# Disk Monitoring
#
# 10MBs required on root disk, 5% free on /var, 10% free on all other disks
disk / 10000
disk /var 5%
includeAllDisks 10%
# Walk the UCD-SNMP-MIB::dskTable to see the resulting output
# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
#
# System Load
#
# Unacceptable 1-, 5-, and 15-minute load averages
load 12 10 5
# Walk the UCD-SNMP-MIB::laTable to see the resulting output
# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
###############################################################################
#
# ACTIVE MONITORING
#
# send SNMPv1 traps
trapsink localhost public
# send SNMPv2c traps
#trap2sink localhost public
# send SNMPv2c INFORMs
#informsink localhost public
# Note that you typically only want *one* of these three lines
# Uncommenting two (or all three) will result in multiple copies of each notification.
#
# Event MIB - automatically generate alerts
#
# Remember to activate the 'createUser' lines above
iquerySecName internalUser
rouser internalUser
# generate traps on UCD error conditions
defaultMonitors yes
# generate traps on linkUp/Down
linkUpDownNotifications yes
###############################################################################
#
# EXTENDING THE AGENT
#
#
# Arbitrary extension commands
#
extend test1 /bin/echo Hello, world!
extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35
#extend-sh test3 /bin/sh /tmp/shtest
# Note that this last entry requires the script '/tmp/shtest' to be created first,
# containing the same three shell commands, before the line is uncommented
# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
# and nsExtendOutput2Table) to see the resulting output
# Note that the "extend" directive supercedes the previous "exec" and "sh" directives
# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
# as well as the fuller results in the above tables.
#
# "Pass-through" MIB extension command
#
#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest
#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl
# Note that this requires one of the two 'passtest' scripts to be installed first,
# before the appropriate line is uncommented.
# These scripts can be found in the 'local' directory of the source distribution,
# and are not installed automatically.
# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
#
# AgentX Sub-agents
#
# Run as an AgentX master agent
master agentx
# Listen for network connections (from localhost)
# rather than the default named socket /var/agentx/master
#agentXSocket tcp:localhost:705

2
site.yml
View File

@ -25,6 +25,8 @@
roles:
- role: dns
tags: [ common, dns ]
- role: snmpd
tags: [ common, snmpd ]
- import_playbook: playbooks/webservers.yml
- import_playbook: playbooks/gameservers.yml
- import_playbook: playbooks/home.yml