(SIMP-8647) Update SNMP to be compatible with 6.5 (#31)

Changes: - Updated to use puppet-snmp version 5.1.2 - The user directory for snmpd configuration is not included by default. include_userdir must be set to true. - services param has been changed to an integer from a string. - default for access security level is set by defvacmlevel instead of defsecuritylevel. defsecuritylevel sets the default security level for the client. - The default configuration for this module has not changed but settings are now mostly placed in the snmpd.conf file instead of in a subdirectory. New Features: - Add settings to allow users to change owner/group and permissions on configuration files. Fixes: - Any SIMP-specific dependencies are now optional - Added a missing dependency on simp/tcpwrappers SIMP-8647 #close SIMP-8639 #close SIMP-7152 #close
simp · Nov 4, 2020 · 049434e · 049434e
1 parent a328212
commit 049434e
Show file tree

Hide file tree

Showing 37 changed files with 1,262 additions and 460 deletions.
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -1,21 +1,23 @@
 ---
 fixtures:
   repositories:
-    concat: https://github.com/simp/puppetlabs-concat
-    iptables:  https://github.com/simp/pupmod-simp-iptables
-    logrotate: https://github.com/simp/pupmod-simp-logrotate
-    pki:       https://github.com/simp/pupmod-simp-pki
-    rsync:     https://github.com/simp/pupmod-simp-rsync
-    rsyslog:   https://github.com/simp/pupmod-simp-rsyslog
+    concat:         https://github.com/simp/puppetlabs-concat
+    firewalld: 
+      repo: https://github.com/simp/pupmod-voxpupuli-firewalld
+      ref: v4.3.0
+    iptables:       https://github.com/simp/pupmod-simp-iptables
+    logrotate:      https://github.com/simp/pupmod-simp-logrotate
+    pki:            https://github.com/simp/pupmod-simp-pki
+    rsync:          https://github.com/simp/pupmod-simp-rsync
+    rsyslog:        https://github.com/simp/pupmod-simp-rsyslog
     selinux_core:
       repo: https://github.com/simp/pupmod-puppetlabs-selinux_core.git
       puppet_version: ">= 6.0.0"
-    simplib:   https://github.com/simp/pupmod-simp-simplib
-    snmp:
-      repo:  https://github.com/simp/puppet-snmp
-      ref:   v4.1.0
-    stdlib:  https://github.com/simp/puppetlabs-stdlib
-    systemd:  https://github.com/simp/puppet-systemd
-    tcpwrappers: https://github.com/simp/pupmod-simp-tcpwrappers
+    simp_firewalld: https://github.com/simp/pupmod-simp-simp_firewalld
+    simplib:        https://github.com/simp/pupmod-simp-simplib
+    snmp:           https://github.com/simp/puppet-snmp
+    stdlib:         https://github.com/simp/puppetlabs-stdlib
+    systemd:        https://github.com/simp/puppet-systemd
+    tcpwrappers:    https://github.com/simp/pupmod-simp-tcpwrappers
   symlinks:
     simp_snmpd: "#{source_dir}"
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,26 @@
+* Fri Oct 30 2020 Jeanne Greulich <[email protected]> - 1.0.0-0
+- This module was updated to use puppet-snmp v5.1.2 and work on EL8 with
+  simp 6.5.
+- The user configuration directories for snmpd are not included by default. To
+  include and create these directories set simp_snmpd::include_userdir to true.
+- Parameters to allow the user to change the owner, group and permissions
+  of the snmp configuration directories and files have been added.
+- The default security level for VACM access directives was changed to
+  simp_snmpd::defvacmlevel from simp_snmpd::defsecuritylevel.
+  simp_snmpd::defsecuritylevel was used to set
+  both the client and VACM levels but this did not work correctly because
+  the client uses different values.  Use simp_snmpd::defvacmlevel to change the
+  default security level of the VACM access statements. (The default has not changed,
+  it is still 'priv'.)
+- Added in the permission options for the configuration files and directory
+  so users could  change them.
+- simp_snmpd::services was changed from a String to and Integer to be compatible
+  with the new module.
+- The permissions on the mib and dlmod dirs are  set using basic group settings
+  instead of acls.
+- The default options for the snmpd daemon for el6 were updated to include setting
+  the pid file.  Without this restarting the daemon in el6 failed.
+
 * Thu Jul 23 2020 Jeanne Greulich <[email protected]> - 0.2.1-0
 - update the upper bound of simplib for SIMP 6.5 release
 

diff --git a/README.md b/README.md
@@ -43,6 +43,12 @@ independently.
   [`simp/simp_options`](https://github.com/simp/pupmod-simp-simp_options) for
   details.
 
+This module is a simp profile module and configures snmp using version 3
+with usm authentication.  To configure snmp in a different way use
+puppet-snmp directly.
+
+#TODO add tsm and configure snmp to use encryption
+
 ## Setup
 
 ### What simp_snmp Affects
@@ -66,9 +72,10 @@ the package manager.
 
 ## Usage
 
+
 Simp_snmpd configures the snmpd daemon to listen only on the local interface by default.
 Set the following in hieradata to configure `snmpd` to Listen on UDP port 161
-on the local interface and the the interface with the ipaddress associated
+on the local interface and tcp on the interface with the ipaddress associated
 with the hostname.  For more information, see the LISTENING ADDRESS section
   of the `snmpd` man page.
 
@@ -77,7 +84,7 @@ with the hostname.  For more information, see the LISTENING ADDRESS section
 ---
 simp_snmpd::agentaddress:
 - udp:localhost:161
-- udp:%{facts.fqdn}:161
+- tcp:%{facts.fqdn}:161
 
 classes:
   - simp_snmpd
@@ -91,9 +98,14 @@ class { simp_snmpd:
 }
 ```
 
-NOTE: The SIMP configuration files are included under `/etc/snmp/simp_snmpd.d`.
-If you wish to add configuration files to the SIMP setup, you can add them to
-the `simp_snmpd::user_snmpd_dir` directory, by default `/etc/snmp/snmpd.d`.
+See the "Access" section for details on how the access is configured.
+
+There are a few snmp options that can be configured directly from this
+module via hiera. Other changes to the configuration can be done
+by adding configuration files to the user snmpd dir. Set
+`simp_snmpd::include_userdir` to true in hiera, and add configuration files
+to the directory defined by `simp_snmpd::user_snmpd_dir`,
+by default `/etc/snmp/snmpd.d`.
 
 ### Access
 
@@ -125,7 +137,7 @@ the options sent to the snmpd daemon on start up.  By default it is logging
 to facility 6 which will be forwarded to the server if log forwarding is enabled.
 
 For more information on these options see the man page for snmpcmd,
-the Logging section.  `Snmpcmd` and its man pages are installed with the 
+the Logging section.  `Snmpcmd` and its man pages are installed with the
 `net-snmp-utils` package.
 
 ### Firewall
@@ -138,10 +150,10 @@ systems addresses.
 
 ### SNMP System Information
 
-`simp_snmpd` configures some basic system information: contact, location,
+`simp_snmpd` configures some basic system information: contact, location
 system name, and services, in the snmpd configuration directory.  These settings
 can be changed via hiera, instantiation, by creating a configuration file
-in the user directory, default `/etc/snmp/snmpd.d`.
+in the user directory.
 
 NOTE: If the system variables are set in a configuration file then `net-snmp`
 marks them as not writable and will not allow them to be changed via `snmpset`