Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable snmpv2 #128

Closed
wants to merge 9 commits into from
Closed

Disable snmpv2 #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
e7b950e
Add snmpv2_enable variable
hdep Aug 9, 2018
16ef80f
Fix missing comma
hdep Aug 9, 2018
74ae873
Add comments and validate bool
hdep Aug 9, 2018
34d4b10
change default value for snmpv2_enable
hdep Aug 9, 2018
38a68a2
Add if statement for snmpv2_enable
hdep Aug 9, 2018
1e4553c
Add snmpv2_enable
hdep Aug 9, 2018
1941e67
Move views block outside snmpv2_enable scope
hdep Aug 9, 2018
52d200a
Fixing trailing whitespace
hdep Aug 10, 2018
4ba2a2c
fixing trailing whitespace
hdep Aug 10, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,11 @@
# Defines the number of retries for an AgentX request.
# Default: 5
#
# [*snmpv2_enable*]
# Disable com2sec, group, and access in snmpd.conf
#
# Default: true
#
# === Actions:
#
# Installs the Net-SNMP daemon package, service, and configuration.
Expand Down Expand Up @@ -353,6 +358,7 @@
$agentx_socket = $snmp::params::agentx_socket,
$agentx_timeout = $snmp::params::agentx_timeout,
$agentx_retries = $snmp::params::agentx_retries,
$snmpv2_enable = $snmp::params::snmpv2_enable,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add a datatype to this?

) inherits snmp::params {
# Validate our booleans
validate_bool($master)
Expand All @@ -362,6 +368,7 @@
validate_bool($service_hasstatus)
validate_bool($service_hasrestart)
validate_bool($openmanage_enable)
validate_bool($snmpv2_enable)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please do not add the legacy validate_* methods. Datatypes are the new way to go \o/


# Validate our arrays
validate_array($snmptrapdaddr)
Expand Down
7 changes: 7 additions & 0 deletions manifests/params.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -404,6 +404,13 @@
$safe_trap_service_hasrestart = $trap_service_hasrestart
}

$snmp_snmpv2_enable = getvar('::snmpv2_enable')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do you use getvar() here? And should it default to false? Since SNMPv2 isn't considered to be secure and the next release will be a major one, so we can introduce breaking changes.

if $snmp_openmanage_enable {
$snmpv2_enable = $snmp_snmpv2_enable
} else {
$snmpv2_enable = true
}

$template_snmpd_conf = 'snmp/snmpd.conf.erb'
$template_snmpd_sysconfig = "snmp/snmpd.sysconfig-${::osfamily}.erb"
$template_snmptrapd = 'snmp/snmptrapd.conf.erb'
Expand Down
12 changes: 6 additions & 6 deletions templates/snmpd.conf.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ rocommunity6 <%= c %> <%= n %>
# ------------------------------------------------------------------------------
# VACM Configuration
# sec.name source community
<% if @snmpv2_enable -%>
<% @com2sec.each do |c| -%>
com2sec <%= c %>
<% end -%>
Expand All @@ -73,16 +74,15 @@ com2sec6 <%= c %>
group <%= group %>
<% end -%>

# name incl/excl subtree mask(optional)
<% @views.each do |view| -%>
view <%= view %>
<% end -%>

# group context sec.model sec.level prefix read write notif
<% @accesses.each do |access| -%>
access <%= access %>
<% end -%>

<% end -%>
# name incl/excl subtree mask(optional)
<% @views.each do |view| -%>
view <%= view %>
<% end -%>
# ------------------------------------------------------------------------------
# Typed-View Configuration

Expand Down