salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: salt:e3c5c00272ab7b72833a4da8679cd7f0a1d20566
Branches Tags
salt:master
salt:kopia
salt:cleanup
salt:rewrite
...
compare: salt:be7fa959ea751f7f7d5a8c8d05c4d3f141b96289
Branches Tags
salt:master
salt:kopia
salt:cleanup
salt:rewrite

6 Commits
e3c5c00272 ... be7fa959ea

Author SHA1 Message Date
Salt
be7fa959ea Switch to a regex match for that SNMP check 2021-08-08 15:34:11 -05:00
Salt
da432c0dcc Make our Nagios SNMP user, apply some changes to its container, and spin up some barebones checks 2021-08-08 14:46:58 -05:00
Salt
a254910cdc Testing some SNMP stuff 2021-08-08 13:36:52 -05:00
Salt
39d2f932cf Add snmpd role 2021-08-08 13:26:39 -05:00
Salt
caadf375f2 Add basic site checks 2021-08-08 12:35:35 -05:00
Salt
be7d1a24d6 Auto-restart nagios when its config changes 2021-08-08 12:15:10 -05:00
33 changed files with 726 additions and 8 deletions
Show Stats Expand all files Collapse all files

37
inventory/group_vars/all.yml
View File

@ -223,6 +223,43 @@ secret_pleroma_signing_salt: !vault |
3563396435643363620a646337346561393863366361643536356363626334343264343861663131 3563396435643363620a646337346561393863366361643536356363626334343264343861663131
3466 3466
# For SNMP
secret_snmp_internal_username: !vault |
$ANSIBLE_VAULT;1.1;AES256
65663937306665636134326138643230383632363465363764306131633565323963393532626131
3338356435396531626530653665383630366538303036310a326338623135613834636364353936
38643836373138633537666436656666623830363166303666366337333935313530373730353431
6166636634373062380a346636363234636131333539333232353364656563346438663663303734
39636263376635313631383262323538316434623065366332363762636562643064
secret_snmp_internal_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
32393365616165636263376636643035316431663334656135623832366265616230343665663362
3564313266373931363265393465373138373230323030660a633436303339616134643532346533
31643730353866366231623134356435613231353739383035623162653962323931656465656162
6135326562313065330a353763396564646238616337313033616639383431633834383831653536
32353130333634653831316464373465343233336266636561363334333832333036
secret_snmp_rouser_username: !vault |
$ANSIBLE_VAULT;1.1;AES256
62393936313166323437663639376433303131316664613965323031373439633335313331626238
6265303766663931396438396535623035376531343637630a336138373561396437353331303938
35623462306638363765363032366365363938633564386162633761623261346661313531373764
3534613836343738310a613163656139326662373535393935323465393833363861306534386234
64396130366463323133303566383233356239316362383866336230333037643133
secret_snmp_rouser_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
36343461313133376563383563616562613338613463376535656339636335636336663839323033
3665656533623938326132646133653431616438373138630a393033373330316236366365633162
39346663356364356330386562623532343330343133386331356366376366636665366366323833
3664316436363262390a663530633430303039366465306533363531356231396130316462373365
33396330393231383833653134396137383436623535636165366664366137626464
secret_snmp_rouser_privacy_passphrase: !vault |
$ANSIBLE_VAULT;1.1;AES256
31616564303237653131393133633232326535333566303538306232613031373536616463306439
3431633838663261636461393833373961376265343163330a383336333432623136623731386461
39373436313635353932353963313931646465366538393738623735383635356238313066386533
3764363538636232630a383730323433343239663461373030383132626532306130363965316661
64353932376139613765303764313463353366663535653135393637633835353566
# For Steam games # For Steam games
steam_username: !vault | steam_username: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256

21
playbooks/snmp.yml Executable file
View File

@ -0,0 +1,21 @@
#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
---
- hosts: tags_snmp
roles:
- role: snmpd
vars:
snmpd_internal_user:
username: "{{ secret_snmp_internal_username }}"
password: "{{ secret_snmp_internal_password }}"
auth_protocol: SHA
snmpd_users:
- username: "{{ secret_snmp_rouser_username }}"
password: "{{ secret_snmp_rouser_password }}"
type: rouser
auth_protocol: SHA
privacy_passphrase: "{{ secret_snmp_rouser_privacy_passphrase }}"
privacy_protocol: AES
snmpd_disks_include_all: yes
snmpd_disks_include_all_threshold_minpercent: "10%"
tags: [ snmp ]

39
playbooks/tasks/web/nagios-hosts.cfg.j2
View File

@ -52,7 +52,7 @@ define service {
# Commands # Commands
# Ain't nobody here but us chickens... # Ain't nobody here but us chickens...
# Services # Services for all hosts
define service { define service {
use ansible-generic-service use ansible-generic-service
service_description HTTP service_description HTTP
@ -66,6 +66,43 @@ define service {
hostgroup_name nagios-checkhttp hostgroup_name nagios-checkhttp
} }
# Services for SNMP-capable hosts
define service {
use ansible-generic-service
service_description SNMP Check Hostname
check_command check_snmp!-P 3 -a SHA -x AES -o 1.3.6.1.2.1.1.1.0 -U {{ secret_snmp_rouser_username }} -A {{ secret_snmp_rouser_password }} -X {{ secret_snmp_rouser_privacy_passphrase }} -r $HOSTNAME$ -L authPriv
hostgroup_name snmp
}
# Manually-defined services for hosts
# web1.desu.ltd
{% for site in ["9iron.club","desu.ltd","nc.desu.ltd","git.desu.ltd"] %}
define service {
use ansible-generic-service
service_description HTTPS - {{ site }}
check_command check_http!--ssl -H {{ site }}
host_name web1.desu.ltd
}
{% endfor %}
# web2.desu.ltd
{% for site in ["cowfee.moe","tube.cowfee.moe"] %}
define service {
use ansible-generic-service
service_description HTTPS - {{ site }}
check_command check_http!--ssl -H {{ site }}
host_name web2.desu.ltd
}
{% endfor %}
# web3.desu.ltd
{% for site in ["netbox.desu.ltd","nagios.desu.ltd -e 401"] %}
define service {
use ansible-generic-service
service_description HTTPS - {{ site }}
check_command check_http!--ssl -H {{ site }}
host_name web3.desu.ltd
}
{% endfor %}
# Hostgroups # Hostgroups
# Everything here is dynamically-generated based on tags from Netbox # Everything here is dynamically-generated based on tags from Netbox
{% for tag in query('netbox.netbox.nb_lookup', 'tags', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %} {% for tag in query('netbox.netbox.nb_lookup', 'tags', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %}

15
playbooks/tasks/web/nagios.yml
View File

@ -2,11 +2,9 @@
- name: assure data directory for nagios - name: assure data directory for nagios
file: path=/data/nagios state=directory mode=0755 file: path=/data/nagios state=directory mode=0755
tags: [ nagios ] tags: [ nagios ]
- name: assure ssmtp.conf file for nagios
file: path=/data/nagios/ssmtp.conf state=file mode=0640
tags: [ nagios ]
- name: template out config for nagios - name: template out config for nagios
template: src=nagios-hosts.cfg.j2 dest=/data/nagios/etc/objects/ansible.cfg owner=root group=root mode=0644 template: src=nagios-hosts.cfg.j2 dest=/data/nagios/etc/objects/ansible.cfg owner=root group=root mode=0644
register: config
tags: [ nagios, template ] tags: [ nagios, template ]
- name: assure config file is loaded - name: assure config file is loaded
lineinfile: path=/data/nagios/etc/nagios.cfg line='cfg_file=/opt/nagios/etc/objects/ansible.cfg' lineinfile: path=/data/nagios/etc/nagios.cfg line='cfg_file=/opt/nagios/etc/objects/ansible.cfg'
@ -14,11 +12,11 @@
- name: docker deploy nagios - name: docker deploy nagios
docker_container: docker_container:
name: nagios name: nagios
image: manios/nagios image: jasonrivers/nagios
env: env:
NAGIOSADMIN_USER: admin NAGIOSADMIN_USER: admin
NAGIOSADMIN_PASS: "{{ secret_nagios_admin_pass }}" NAGIOSADMIN_PASS: "{{ secret_nagios_admin_pass }}"
TZ: "America/Chicago" NAGIOS_TIMEZONE: "America/Chicago"
networks: networks:
- name: web - name: web
aliases: [ "nagios" ] aliases: [ "nagios" ]
@ -26,5 +24,10 @@
- /data/nagios/etc:/opt/nagios/etc - /data/nagios/etc:/opt/nagios/etc
- /data/nagios/var:/opt/nagios/var - /data/nagios/var:/opt/nagios/var
- /data/nagios/plugins:/opt/Custom-Nagios-Plugins - /data/nagios/plugins:/opt/Custom-Nagios-Plugins
- /data/nagios/ssmtp.conf:/etc/ssmtp/ssmtp.conf - /data/nagios/nagiosgraph/var:/opt/nagiosgraph/var
- /data/nagios/nagiosgraph/etc:/opt/nagiosgraph/etc
tags: [ docker, nagios ]
- name: restart nagios
docker_container: name=nagios state=started restart=yes
when: config and config is changed
tags: [ docker, nagios ] tags: [ docker, nagios ]

4
requirements.yml
View File

@ -53,3 +53,7 @@ roles:
- name: factorio - name: factorio
src: bplower.factorio src: bplower.factorio
version: master version: master
# Upstream: https://github.com/Oefenweb/ansible-snmpd
- name: snmpd
src: oefenweb.snmpd
version: master

3
roles/snmpd/.ansible-lint Normal file
View File

@ -0,0 +1,3 @@
---
warn_list:
- '106'

80
roles/snmpd/.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,80 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: '30 1 * * 3'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v2
- name: Set up Python 3
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies
run: pip install ansible-lint[community,yamllint]
- name: Lint code
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
defaults:
run:
working-directory: "${{ github.repository }}"
needs:
- lint
strategy:
fail-fast: false
matrix:
include:
- distro: debian8
- distro: debian9
- distro: debian10
- distro: ubuntu1604
ansible-version: '>=2.8, <2.9'
- distro: ubuntu1604
ansible-version: '>=2.9, <2.10'
- distro: ubuntu1604
ansible-version: '>=2.10, <2.11'
- distro: ubuntu1604
- distro: ubuntu1804
- distro: ubuntu2004
steps:
- name: Check out the codebase
uses: actions/checkout@v2
with:
path: "${{ github.repository }}"
- name: Set up Python 3
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies
run: pip install 'ansible${{ matrix.ansible-version }}' molecule[docker] docker
- name: Run Molecule tests
run: |
molecule test
env:
ANSIBLE_FORCE_COLOR: '1'
ANSIBLE_VERBOSITY: '2'
MOLECULE_DEBUG: '1'
MOLECULE_DISTRO: "${{ matrix.distro }}"
PY_COLORS: '1'

20
roles/snmpd/.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,20 @@
---
name: Release
'on':
push:
tags:
- '*'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v2
- name: Publish to Galaxy
uses: robertdebock/galaxy-action@1.1.0
with:
galaxy_api_key: ${{ secrets.GALAXY_API_KEY }}

30
roles/snmpd/.gitignore vendored Normal file
View File

@ -0,0 +1,30 @@
# OS generated files #
######################
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
Icon?
ehthumbs.db
Thumbs.db
# IDE files #
#################
/.settings
/.buildpath
/.project
/nbproject
*.komodoproject
*.kpf
/.idea
# Vagrant files #
.virtualbox/
.vagrant/
vagrant_ansible_inventory_*
ansible.cfg
# Other files #
###############
!empty

15
roles/snmpd/.yamllint Normal file
View File

@ -0,0 +1,15 @@
---
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
truthy: disable
ignore: |
.tox/

20
roles/snmpd/Dockerfile Normal file
View File

@ -0,0 +1,20 @@
FROM ubuntu:16.04
MAINTAINER Mischa ter Smitten <mtersmitten@oefenweb.nl>
# python
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
apt-get clean
RUN curl -sL https://bootstrap.pypa.io/pip/2.7/get-pip.py | python -
RUN rm -rf $HOME/.cache
# ansible
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev net-tools iproute2 ethtool && \
apt-get clean
RUN pip install ansible==2.9.15
RUN rm -rf $HOME/.cache
# provision
COPY . /etc/ansible/roles/ansible-role
WORKDIR /etc/ansible/roles/ansible-role
RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local

19
roles/snmpd/LICENSE.txt Normal file
View File

@ -0,0 +1,19 @@
Copyright (c) Oefenweb.nl <https://github.com/Oefenweb>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

74
roles/snmpd/README.md Normal file
View File

@ -0,0 +1,74 @@
## snmpd
[![CI](https://github.com/Oefenweb/ansible-snmpd/workflows/CI/badge.svg)](https://github.com/Oefenweb/ansible-snmpd/actions?query=workflow%3ACI)
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-snmpd-blue.svg)](https://galaxy.ansible.com/Oefenweb/snmpd)
Set up snmp(d) in Debian-like systems.
#### Requirements
On **Debian** the **non-free** repository must be enabled to download the `snmp-mibs-downloader` package,
on **Ubuntu** this package is in **multiverse**. See the *"Recommended"* section below.
#### Variables
* `snmpd_install` [default: `[lm-sensors]`]: Additional packages to install
* `snmpd_mibs` [default: `UCD-SNMP-MIB`]: MIBs to load
* `snmpd_run` [default: `true`]: Snmpd control (true means start daemon)
* `snmpd_opts` [default: `'-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'`]: Snmpd options (use syslog, close stdin/out/err)
* `snmpd_trapd_run` [default: `false`]: Snmptrapd control (true means start daemon)
* `snmpd_trapd_opts` [default: `'-Lsd -p /var/run/snmptrapd.pid'`]: Snmptrapd options (use syslog)
* `snmpd_snmpd_compat` [default: `false`]: Create symlink on Debian legacy location to official RFC path
* `snmpd_agent_address` [default: `['udp:161', 'udp6:[::1]:161']: Agent address
* `snmpd_internal_user`: [default: see defaults.yml]: Internal user. **Make sure to change!**
* `snmpd_users`: [default: see defaults.yml]: Additional users. **Make sure to change!**
* `snmpd_sys_location` [default: `''`]: System location
* `snmpd_sys_contact` [default: `Root <root@localhost>`]: System contact
* `snmpd_sys_description` [default: `{{ inventory_hostname }}`]: System description
* `snmpd_disks_include_all`: [default: `false`]: Include all disks mounted on the system in the SNMP table
* `snmpd_disks_include_all_threshold_minpercent`: [default: `10%`]: Minimum free space specified as a percentage
* `snmpd_disks`: [default: `[]`]: List of disk paths and their corresponding thresholds to be included in the SNMP table
* `snmpd_disks.{n}.path`: [required]: The disks mountpoint (e.g. `/`)
* `snmpd_disks.{n}.threshold`: [required]: The disks minimum threshold either be specified in kB (MINSPACE) or as a percentage of the total disk (MINPERCENT% with a '%' character) (e.g. `10%`)
* `snmpd_default_monitors` [default: `true`]: Configure the Event `MIB` tables to monitor the various `UCD-SNMP-MIB` tables for problems
* `snmpd_link_up_down_notifications` [default: `true`]: Configure the Event `MIB` tables to monitor the `fTable` for network interfaces being taken up or down, and triggering a `linkUp` or `linkDown` notification as appropriate
* `snmpd_extensions`: [default: `[]`]: Extension MIB declaration(s)
* `snmpd_extensions.{n}.name`: [required]: An identifying string for the extension
* `snmpd_extensions.{n}.prog`: [required]: The program to run
* `snmpd_extensions.{n}.args`: [default: `[]`]: The arguments to give the program
## Dependencies
None
## Recommended
* `ansible-apt` ([see](https://github.com/Oefenweb/ansible-apt), to manage `apt` repositories (in `/etc/apt/sources.list`)
#### Example
```yaml
---
- hosts: all
roles:
- snmpd
```
#### License
MIT
#### Author Information
Mischa ter Smitten
#### Feedback, bug-reports, requests, ...
Are [welcome](https://github.com/Oefenweb/ansible-snmpd/issues)!

70
roles/snmpd/Vagrantfile vendored Normal file
View File

@ -0,0 +1,70 @@
# -*- mode: ruby -*-
# vi: set ft=ruby ts=2 sw=2 tw=0 et :
role = File.basename(File.expand_path(File.dirname(__FILE__)))
boxes = [
{
:name => "ubuntu-1604",
:box => "bento/ubuntu-16.04",
:ip => '10.0.0.12',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1804",
:box => "bento/ubuntu-18.04",
:ip => '10.0.0.13',
:cpu => "50",
:ram => "384"
},
{
:name => "ubuntu-2004",
:box => "bento/ubuntu-20.04",
:ip => '10.0.0.14',
:cpu => "50",
:ram => "384"
},
{
:name => "debian-8",
:box => "bento/debian-8",
:ip => '10.0.0.16',
:cpu => "50",
:ram => "256"
},
{
:name => "debian-9",
:box => "bento/debian-9",
:ip => '10.0.0.17',
:cpu => "50",
:ram => "256"
},
{
:name => "debian-10",
:box => "bento/debian-10",
:ip => '10.0.0.18',
:cpu => "50",
:ram => "256"
},
]
Vagrant.configure("2") do |config|
boxes.each do |box|
config.vm.define box[:name] do |vms|
vms.vm.box = box[:box]
vms.vm.hostname = "ansible-#{role}-#{box[:name]}"
vms.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]]
v.customize ["modifyvm", :id, "--memory", box[:ram]]
end
vms.vm.network :private_network, ip: box[:ip]
vms.vm.provision :ansible do |ansible|
ansible.playbook = "tests/vagrant.yml"
ansible.verbose = "vv"
end
end
end
end

39
roles/snmpd/defaults/main.yml Normal file
View File

@ -0,0 +1,39 @@
# defaults file
---
snmpd_install:
- lm-sensors
snmpd_mibs: UCD-SNMP-MIB
snmpd_run: true
snmpd_opts: '-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
snmpd_trapd_run: false
snmpd_trapd_opts: '-Lsd -p /var/run/snmptrapd.pid'
snmpd_snmpd_compat: false
snmpd_agent_address:
- 'udp:161'
- 'udp6:[::1]:161'
snmpd_internal_user:
username: internalUser
password: '=9zeba&hEpr3799sE_a!'
auth_protocol: MD5
snmpd_users:
- username: john-doe
password: '!ahab#ub_uk#2uhEThu6'
type: rouser
auth_protocol: SHA
privacy_passphrase: 'zusTAqEpHacEs9eju44@'
privacy_protocol: AES
snmpd_sys_location: 'Unknown'
snmpd_sys_contact: Root <root@localhost>
snmpd_sys_description: "{{ inventory_hostname }}"
snmpd_sys_services: 72
snmpd_disks_include_all: false
snmpd_disks_include_all_threshold: '10%'
snmpd_disks: []
snmpd_default_monitors: true
snmpd_link_up_down_notifications: true

0
roles/snmpd/files/empty Normal file
View File

7
roles/snmpd/handlers/main.yml Normal file
View File

@ -0,0 +1,7 @@
# handlers file
---
- name: restart snmpd
service:
name: snmpd
state: restarted
when: service_default_state | default('started') == 'started'

2
roles/snmpd/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,2 @@
install_date: 'Sun 08 Aug 2021 06:26:26 PM '
version: master

24
roles/snmpd/meta/main.yml Normal file
View File

@ -0,0 +1,24 @@
# meta file
---
galaxy_info:
namespace: oefenweb
role_name: snmpd
author: Mischa ter Smitten
company: Oefenweb.nl B.V.
description: Set up snmp(d) in Debian-like systems
license: MIT
min_ansible_version: 2.8.0
platforms:
- name: Ubuntu
versions:
- xenial
- bionic
- focal
- name: Debian
versions:
- jessie
- stretch
- buster
galaxy_tags:
- system
dependencies: []

9
roles/snmpd/molecule/default/converge.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: include vars
include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml"
roles:
- ../../../

19
roles/snmpd/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,19 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1604}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
prepare: prepare.yml
converge: converge.yml
verify: verify.yml

9
roles/snmpd/molecule/default/prepare.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Prepare
hosts: all
become: true
pre_tasks:
- name: include vars
include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml"
- name: include tasks
include: "{{ playbook_dir }}/../../tests/tasks/pre.yml"

5
roles/snmpd/molecule/default/verify.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: Verify
hosts: all
become: true
tasks: []

57
roles/snmpd/tasks/main.yml Normal file
View File

@ -0,0 +1,57 @@
# tasks file
---
- name: install dependencies
apt:
name: "{{ snmpd_dependencies }}"
state: "{{ apt_install_state | default('latest') }}"
update_cache: true
cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}"
tags:
- configuration
- snmpd
- snmpd-dependencies
- name: install
apt:
name: "{{ snmpd_install }}"
state: "{{ apt_install_state | default('latest') }}"
tags:
- configuration
- snmpd
- snmpd-install
- name: update configuration file - /etc/default/snmpd.conf
template:
src: etc/default/snmpd.j2
dest: /etc/default/snmpd
owner: root
group: root
mode: 0644
notify: restart snmpd
tags:
- configuration
- snmpd
- snmpd-configuration
- name: update configuration file - /etc/snmp/snmpd.conf
template:
src: etc/snmp/snmpd.conf.j2
dest: /etc/snmp/snmpd.conf
owner: root
group: root
mode: 0600
notify: restart snmpd
tags:
- configuration
- snmpd
- snmpd-configuration
- name: start and enable service
service:
name: snmpd
state: "{{ service_default_state | default('started') }}"
enabled: "{{ service_default_enabled | default(true) | bool }}"
tags:
- configuration
- snmpd
- snmpd-start-enable-service

24
roles/snmpd/templates/etc/default/snmpd.j2 Normal file
View File

@ -0,0 +1,24 @@
# {{ ansible_managed }}
# This file controls the activity of snmpd and snmptrapd
# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS={{ snmpd_mibs }}
# snmpd control (yes means start daemon).
SNMPDRUN={{ 'yes' if snmpd_run else 'no' }}
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='{{ snmpd_opts }}'
# snmptrapd control (yes means start daemon). As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run. See snmpd.conf(5) for how to do this.
TRAPDRUN={{ 'yes' if snmpd_trapd_run else 'no' }}
# snmptrapd options (use syslog).
TRAPDOPTS='{{ snmpd_trapd_opts }}'
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT={{ 'yes' if snmpd_snmpd_compat else 'no' }}

42
roles/snmpd/templates/etc/snmp/snmpd.conf.j2 Normal file
View File

@ -0,0 +1,42 @@
# {{ ansible_managed }}
agentAddress {{ snmpd_agent_address | join(',') }}
createUser {{ snmpd_internal_user.username }} {{ snmpd_internal_user.auth_protocol }} "{{ snmpd_internal_user.password }}"
{% for snmpd_user in snmpd_users %}
createUser {{ snmpd_user.username }} {{ snmpd_user.auth_protocol }} "{{ snmpd_user.password }}" {{ snmpd_user.privacy_protocol }} "{{ snmpd_user.privacy_passphrase }}"
{% endfor %}
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
rouser authOnlyUser
{% for snmpd_user in snmpd_users %}
{{ snmpd_user.type }} {{ snmpd_user.username }}
{% endfor %}
sysLocation {{ snmpd_sys_location }}
sysContact {{ snmpd_sys_contact }}
{% if snmpd_sys_description %}
sysDescr {{ snmpd_sys_description }}
{% endif %}
sysServices {{ snmpd_sys_services }}
iquerySecName {{ snmpd_internal_user.username }}
rouser {{ snmpd_internal_user.username }}
{% if snmpd_disks_include_all %}
includeAllDisks {{ snmpd_disks_include_all_threshold_minpercent }}
{% endif %}
{% for snmpd_disk in snmpd_disks %}
disk {{ snmpd_disk.path }} {{ snmpd_disk.threshold }}
{% endfor %}
defaultMonitors {{ 'yes' if snmpd_default_monitors else 'no' }}
linkUpDownNotifications {{ 'yes' if snmpd_link_up_down_notifications else 'no' }}
{% for snmpd_extension in snmpd_extensions | default([]) %}
extend {{ snmpd_extension.name }} {{ snmpd_extension.prog }} {{ snmpd_extension.args | default([]) | join(' ') }}
{% endfor %}
master agentx

1
roles/snmpd/tests/inventory Normal file
View File

@ -0,0 +1 @@
localhost

14
roles/snmpd/tests/tasks/pre.yml Normal file
View File

@ -0,0 +1,14 @@
# pre test file
---
- name: enable non-free
apt_repository:
repo: "{{ item.type }} {{ item.url }} {{ item.component }}"
filename: non-free
with_items:
- type: deb
url: "http://ftp.nl.debian.org/debian/ {{ ansible_distribution_release }}"
component: contrib non-free
- type: deb-src
url: "http://ftp.nl.debian.org/debian/ {{ ansible_distribution_release }}"
component: contrib non-free
when: ansible_distribution == 'Debian'

12
roles/snmpd/tests/test.yml Normal file
View File

@ -0,0 +1,12 @@
# tests file for snmpd
---
- hosts: localhost
connection: local
become: true
pre_tasks:
- name: include vars
include_vars: "{{ playbook_dir }}/vars/main.yml"
- name: include tasks
include: "{{ playbook_dir }}/tasks/pre.yml"
roles:
- ../../

10
roles/snmpd/tests/vagrant.yml Normal file
View File

@ -0,0 +1,10 @@
# test file
---
- hosts: all
remote_user: vagrant
become: true
pre_tasks:
- name: include tasks
include: "{{ playbook_dir }}/tasks/pre.yml"
roles:
- ../../

4
roles/snmpd/tests/vars/main.yml Normal file
View File

@ -0,0 +1,4 @@
# vars file
---
snmpd_agent_address:
- "udp:{{ ansible_lo['ipv4']['address'] }}:10161"

6
roles/snmpd/vars/main.yml Normal file
View File

@ -0,0 +1,6 @@
# vars file
---
snmpd_dependencies:
- snmpd
- snmp
- snmp-mibs-downloader

3
site.yml
View File

@ -38,6 +38,8 @@
X11Forwarding: no X11Forwarding: no
tags: [ sshd, common ] tags: [ sshd, common ]
# Import specific playbooks # Import specific playbooks
- import_playbook: playbooks/zerotier.yml
- import_playbook: playbooks/snmp.yml
- import_playbook: playbooks/db.yml - import_playbook: playbooks/db.yml
- import_playbook: playbooks/web.yml - import_playbook: playbooks/web.yml
- import_playbook: playbooks/game.yml - import_playbook: playbooks/game.yml
@ -45,5 +47,4 @@
- import_playbook: playbooks/pistorage.yml - import_playbook: playbooks/pistorage.yml
- import_playbook: playbooks/pik8s.yml - import_playbook: playbooks/pik8s.yml
- import_playbook: playbooks/desktop.yml - import_playbook: playbooks/desktop.yml
- import_playbook: playbooks/zerotier.yml
- import_playbook: playbooks/ansible-pull.yml - import_playbook: playbooks/ansible-pull.yml