Skip to content

Latest commit

 

History

History
816 lines (479 loc) · 23.3 KB

REFERENCE.md

File metadata and controls

816 lines (479 loc) · 23.3 KB
Raw

Reference

Table of Contents

Classes

Functions

  • simp_snmpd::accesslist: parse the access hash and return strings that for access entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD d
  • simp_snmpd::firewall_list: function to return a list of protocol and ports to open in iptables for snmpd to work.
  • simp_snmpd::grouplist: parse the group hash and return strings for group entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describe
  • simp_snmpd::viewlist: parse the view hash and return strings that for view entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD descr

Data types

  • Simp_snmpd::Seclevel: The default authentication level for the client to use in snmp.conf
  • Simp_snmpd::Secmodel: type Simp_snmpd::Secmodel = Enum['usm','v1','v2c','tsm','ksm'] Right now usm is the only type suppoerted by this module. If you want to use a
  • Simp_snmpd::Vacmlevel: The default type to use in VACM access directives

Classes

simp_snmpd

  • This module does not configure the snmptrap service.

Trap service parameters SNMPD Agent Parameters Settings for rsync USM/VACM parameters snmp.conf access configuration default items. These are also used to set up view and access directives if specific settings are not used in the hash. snmpd.conf system info parameters If the system parameters are set in the snmpd.conf files net-snmp sets them as not writeable and they can not be changed by an 'set' call from an snmpd client or manager. If you want to set them this way the change simp_snmpd::system_info to false. SIMP parameters used

  • See also
    • man
      • snmpd for options.
    • man
      • snmpd in the LISTENING ADDRESSES section for more details. An array of listening addresses for the snmpd to listen on. This array is also used by the config/firewall.pp to open ports if iptables is being used.
    • man
      • snmpd.conf AGENT BEHAVIOR section for more information on the This setting disables the log messages for accepted connections. Denied connections will still be logged.
    • man
      • snmpd.conf AGENT BEHAVIOR section for more information on the
    • man
      • snmpd.conf AGENT BEHAVIOR section for more information on the
    • man
      • snmpd.conf SNMPv3 with the User-based Security Model (USM) section A hash of users to create for usm access. Also see README for details

Parameters

The following parameters are available in the simp_snmpd class:

ensure

Data type: Enum['present','absent']

present (default) will install files and packages absent make sure they are not installed.

Default value: 'present'

manage_client

Data type: Boolean

tell puppet snmp to manage client. install the net-simp-utils. These are command line utilities.

Default value: false

package_ensure

Data type: String

If set to "latest" snmp will try to update to the latest version of the package available, otherwise it will just check it is installed

Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })

version

Data type: Integer

The version of snmp protocol to use. At this time the simp_snmpd profile only manages v3, to configure older versions use the snmp module directly.

Default value: 3

snmp_basedir

Data type: StdLib::AbsolutePath

Base directory for snmp configuration files

Default value: '/etc/snmp'

logfile

Data type: StdLib::AbsolutePath

Full path to local log file for snmpd

Default value: '/var/log/snmpd.log'

service_config

Data type: StdLib::AbsolutePath

Location of the snmpd daemon configuration file

Default value: "${simp_snmpd::snmp_basedir}/snmpd.conf"

simp_snmpd_dir

Data type: StdLib::AbsolutePath

Directory of *.conf files which include snmpd directives. Files in this directory are managed by puppet.

Default value: "${simp_snmpd::snmp_basedir}/simp_snmpd.d"

include_userdir

Data type: Boolean

If set to true the user_snmpd_dir will be created and an include directive for it put in the service_config file. This will allow users to override values in the service config file or add values that are not included by the interface.

Default value: false

user_snmpd_dir

Data type: StdLib::AbsolutePath

Directory where users can include *.conf files with snmpd configuration items that will be included. This directory is not managed by simp. Users can put additional configurations files in this directory. This directory is only included if include_userdir is set to true.

Default value: "${simp_snmpd::snmp_basedir}/snmpd.d"

snmpd_service_ensure

Data type: Enum['stopped', 'running']

Set the snmpd daemon service to stopped or running

Default value: 'running'

snmpd_service_startatboot

Data type: Boolean

Start the snmpd service at boot

Default value: true

trap_service_ensure

Data type: Enum['stopped', 'running']

Set the snmptrap daemon service to stopped or running

Default value: 'stopped'

trap_service_startatboot

Data type: Boolean

Start the snmptrap service at boot

Default value: false

trap_service_config

Data type: StdLib::AbsolutePath

Location of the trap configuration file

Default value: "${simp_snmpd::snmp_basedir}/snmptrapd.conf"

user_trapd_dir

Data type: StdLib::AbsolutePath

Directory where users can place snmptrap configuration files. This profile does not configure snmptrap but buts down a configuration file that tells the snmptrap daemon to look in this directory for configuration files. This directory is only created if trap_service_ensure is set to running.

Default value: "${simp_snmpd::snmp_basedir}/snmptrapd.d"

snmptrapd_options

Data type: Optional[String]

Options to pass to the trap daemon on start up.

Default value: undef

snmpd_options

Data type: String

The options passed to the snmpd daemon at start up. The default sends info through critical to local6.

agentaddress

Data type: Array[String]

Default value: ['udp:127.0.0.1:161']

do_not_log_tcpwrappers

Data type: Enum['yes','no']

Default value: 'no'

maxgetbulkrepeats

Data type: Integer

Sets the maximum number of responses allowed for a single variable in a getbulk request

Default value: 100

maxgetbulkresponses

Data type: Integer

Sets the maximum number of responses allowed for a getbulk request.

Default value: 100

leave_pidfile

Data type: Enum['yes','no']

Leave the pid file when snmpd exits

Default value: 'no'

service_config_perms

Data type: Stdlib::Filemode

permissions on the configuration files

Default value: '0600'

service_config_dir_perms

Data type: Stdlib::Filemode

permissions on the configuration directories

Default value: '0750'

service_config_dir_owner

Data type: String

owner of configuration files/dirs

Default value: 'root'

service_config_dir_group

Data type: String

group of configuration files/dirs

Default value: 'root'

manage_snmpd_user

Data type: Boolean

Set to true if you want puppet to create the user for config files

Default value: false

manage_snmpd_group

Data type: Boolean

Set to true if you want puppet to create the group for config files

Default value: false

snmpd_uid

Data type: Optional[Integer]

The uid used when creating the service_config_dir_owner

Default value: undef

snmpd_gid

Data type: Optional[Integer]

The gid used when creating the service_config_dir_group

Default value: undef

rsync_server

Data type: Simplib::Host

The rsync server from which to pull the files.

Default value: simplib::lookup('simp_options::rsync::server', { 'default_value' => '127.0.0.1' })

rsync_source

Data type: String

The source of the content to be rsync' as defined in the rsyncd.conf file on the rsync server.

Default value: "snmp_${environment}_${facts['os']['name']}"

rsync_timeout

Data type: Integer

The timeout when connecting to the rsync server.

Default value: simplib::lookup('simp_options::rsync::timeout', { 'default_value' => 2 })

rsync_dlmod

Data type: Boolean

Whether to enable rsync to copy dlmod modules to the dlmod directory

Default value: false

rsync_dlmod_dir

Data type: StdLib::AbsolutePath

The full path for the directory to use for dlmod rsync.

Default value: '/usr/lib64/snmp'

dlmods

Data type: Optional[Array[String]]

List of modules to load into snmpd from the rsync_dlmod directory

Default value: undef

rsync_mibs

Data type: Boolean

Whether to enable rsync for MIBS

Default value: false

rsync_mibs_dir

Data type: StdLib::AbsolutePath

The full path for the directory to rsync mibs too. It does not remove what is already there.

Default value: '/usr/share/snmp'

v3_users_hash

Data type: Hash

v3_users_hash

hash of users to create for USM.

view_hash

Data type: Hash

Hash of views to create for VACM

group_hash

Data type: Hash

Hash of groups to create for VACM

access_hash

Data type: Hash

Hash of access entrys to create for VACM.

defauthtype

Data type: Enum['SHA','MD5']

The default authentication type used for clients.

Default value: 'SHA'

defprivtype

Data type: Enum['DES', 'AES']

The default privacy type used for encrypting communication when using usm.

Default value: 'AES'

defsecuritymodel

Data type: Simp_snmpd::Secmodel

currently simp_snmpd only supports the usm security model.

Default value: 'usm'

defsecuritylevel

Data type: Simp_snmpd::Seclevel

The default security level used by the client

Default value: 'authPriv'

defvacmlevel

Data type: Simp_snmpd::Vacmlevel

The default security level for the VACM access directives.

Default value: 'priv'

system_info

Data type: Boolean

Deprecated (puppet-snmp does not allow you to not set these).

Default value: true

location

Data type: String

sets sysLocation in snmp

Default value: 'Unknown'

sysname

Data type: String

sets sysName in snmp

Default value: $facts['networking']['fqdn']

contact

Data type: String

sets sysContact in snmp

Default value: "root@${facts['networking']['fqdn']}"

services

Data type: Integer

sets sysServices in snmp

Default value: 72

fips

Data type: Boolean

If FIPS should be enabled or not. FIPS mode does not allow MD5 or DES macs/ciphers.

Default value: simplib::lookup('simp_options::fips', { 'default_value' => false })

firewall

Data type: Boolean

Whether include modules that will use agentaddress array to open ports in iptables.

Default value: simplib::lookup('simp_options::firewall', { 'default_value' => false })

trusted_nets

Data type: Simplib::Netlist

Networks that will be allowed to access the snmp ports opened by the firewall.

Default value: simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1'] })

syslog

Data type: Boolean

Default value: simplib::lookup('simp_options::syslog', { 'default_value' => false })

logrotate

Data type: Boolean

If these variables are set then rules will be added to rsyslog to log snmp messages to /var/log/snmpd.log and set up log rotation.

Default value: simplib::lookup('simp_options::logrotate', { 'default_value' => false })

tcpwrappers

Data type: Boolean

Whether or not the system is using tcpwrappers to control access.

Default value: simplib::lookup('simp_options::tcpwrappers', { 'default_value' => false })

simp_snmpd::config

Configure the SNMPD service

simp_snmpd::config::agent

Set up sensible agent defaults

simp_snmpd::config::firewall

For anything in the $listenagent array, it will determine if ports on the firewall need to be opened.

  • Ignores any entries for ipx or pvc at this time
    • Firewall rules will have to be set up manually if these transport services are being used.

simp_snmpd::config::logging

Ensures that appropriate logging rules are defined

simp_snmpd::config::tcpwrappers

simp_snmpd::config::tcpwrappers

It ensures that tcpwrappers rules are defined.

simp_snmpd::install

  • Set defaults in snmp.conf
  • Disable v2 setup

simp_snmpd::install::snmpduser

Create systems users for running snmpd daemon and owning the snmpd files

simp_snmpd::install::vacmusers

Create v3 users from user hash

Parameters

The following parameters are available in the simp_snmpd::install::vacmusers class:

daemon

Data type: Enum['snmpd','snmptrapd']

The daemon that the users is meant to access.

Default value: 'snmpd'

simp_snmpd::rsync

Set up MIBs in rsync

Functions

simp_snmpd::accesslist

Type: Ruby 4.x API

parse the access hash and return strings that for access entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.

simp_snmpd::accesslist(Hash $access_hash, String $defaultmodel, String $defaultlevel)

parse the access hash and return strings that for access entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.

Returns: Any An array of strings that define VACM access lines for use in snmpd.conf files.

access_hash

Data type: Hash

The list of accesses to create.

defaultmodel

Data type: String

The default Security model to use if that entry is not defined in the hash entry

defaultlevel

Data type: String

The default Security level to use if that entry is not defined in the hash entry

simp_snmpd::firewall_list

Type: Ruby 4.x API

function to return a list of protocol and ports to open in iptables for snmpd to work.

simp_snmpd::firewall_list(Array $agent_array)

function to return a list of protocol and ports to open in iptables for snmpd to work.

Returns: Any A list of protocols and ports that must be opened.

agent_array

Data type: Array

The array of agent addresses that the snmpd will listen on.

simp_snmpd::grouplist

Type: Ruby 4.x API

parse the group hash and return strings for group entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.

simp_snmpd::grouplist(Hash $group_hash, String $defaultmodel)

parse the group hash and return strings for group entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.

Returns: Any An array of strings that define groups for use for access in snmpd.conf files.

group_hash

Data type: Hash

The list of groups to create.

defaultmodel

Data type: String

The default Security model to use if that entry is not defined in the hash entry

simp_snmpd::viewlist

Type: Ruby 4.x API

parse the view hash and return strings that for view entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.

simp_snmpd::viewlist(Hash $view_hash)

parse the view hash and return strings that for view entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.

Returns: Any An array of strings that define VACM view lines for use in snmpd.conf files.

view_hash

Data type: Hash

The list of views to create.

Data types

Simp_snmpd::Seclevel

The default authentication level for the client to use in snmp.conf

Alias of Enum['noAuthNoPriv', 'authNoPriv', 'authPriv']

Simp_snmpd::Secmodel

type Simp_snmpd::Secmodel = Enum['usm','v1','v2c','tsm','ksm'] Right now usm is the only type suppoerted by this module. If you want to use another type, use the puppet/snmp module directly

Alias of Enum['usm']

Simp_snmpd::Vacmlevel

The default type to use in VACM access directives

Alias of Enum['noauth', 'auth', 'priv']