-
-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs are unclear about replacement for ro_community et al #53
Comments
First off, I am definitely not an SNMP expert. I only wrote this module in order to have something for the HP hardware monitoring tools (Support Pack for Proliant) to work with. I have a bad habit of being thorough. With that said... With traditional access control, you can give a simple password and (optional) network restriction: class snmp {
ro_community => 'myPassword',
ro_network => '10.0.0.0/8',
} and it becomes this in snmpd.conf:
This says that any host on network 10.0.0.0/8 can read any SNMP value via SNMP versions 1 and 2c as long as they provide the password 'myPassword'. With VACM, you can do this (more complex thing) instead: class snmp {
com2sec => ['myUserName 10.0.0.0/8 myPassword'],
groups => ['myGroupName v1 myUserName',
'myGroupName v2c myUserName'],
views => ['everyThing included .'],
accesses => ['myGroupName "" any noauth exact everyThing none none'],
} and it becomes this in snmpd.conf:
This also says that any host on network 10.0.0.0/8 can read any SNMP value via SNMP versions 1 and 2c as long as they provide the password 'myPassword'. But it also gives you the ability to change any of those variables. Reference: Manpage of snmpd.conf - Access Control |
That goes a long way to clarify things. Would you please integrate that into the docs? Another thought I had was rather than eliminating ro_community, rw_community, ro_network, and rw_network, why not permit them but have them generate the appropriate com2sec/group/view/access statements instead? It seems like it would be less error prone to have Puppet do the transformation than to let humans do it. |
I will integrate this into the docs. I am trying to remember why I decided to eliminate ro_community, rw_community, ro_network, and rw_network. For the life of me, I have no idea. Although you can always use the safety valve, I think I will keep them around. |
I have been working on updated documentation. https://github.com/razorsedge/puppet-snmp/blob/feature/README.markdown/README.markdown |
This is a big improvement. The one aspect I would change is that it is
On Sun, Jul 5, 2015 at 3:02 AM, Mike Arnold notifications@github.com
Email: tal@whatexit.org Work: tlimoncelli@StackOverflow.com |
README.markdown has been updated with your suggestion. |
Thanks! |
The docs warn that
Could you give a brain-dead example or two of what parameters should be used instead? To use the Reddit phrase... explain it to me like I'm 12 years old. Thanks! (TBH, I think the com2sec stuff in the net-snmp package is badly documented in the first place.)
The text was updated successfully, but these errors were encountered: