From ec67513994299828c7d59ba6697026c0a328dd8f Mon Sep 17 00:00:00 2001 From: Garrett Honeycutt Date: Tue, 12 Feb 2019 16:20:49 -0500 Subject: [PATCH 1/2] Convert from params to data in module --- data/os/Debian.yaml | 19 +++ data/os/Debian/14.04.yaml | 3 + data/os/Debian/18.04.yaml | 4 + data/os/Debian/9.yaml | 4 + data/os/FreeBSD.yaml | 20 +++ data/os/OpenBSD.yaml | 20 +++ data/os/RedHat.yaml | 19 +++ data/os/RedHat/6.yaml | 8 ++ data/os/Suse.yaml | 18 +++ hiera.yaml | 10 ++ manifests/client.pp | 47 ++++--- manifests/init.pp | 234 ++++++++++++++++++++------------- manifests/params.pp | 215 ------------------------------ manifests/snmpv3_user.pp | 3 +- spec/classes/snmp_init_spec.rb | 6 +- templates/snmpd.conf.erb | 20 ++- templates/snmptrapd.conf.erb | 12 +- 17 files changed, 326 insertions(+), 336 deletions(-) create mode 100644 data/os/Debian.yaml create mode 100644 data/os/Debian/14.04.yaml create mode 100644 data/os/Debian/18.04.yaml create mode 100644 data/os/Debian/9.yaml create mode 100644 data/os/FreeBSD.yaml create mode 100644 data/os/OpenBSD.yaml create mode 100644 data/os/RedHat.yaml create mode 100644 data/os/RedHat/6.yaml create mode 100644 data/os/Suse.yaml create mode 100644 hiera.yaml delete mode 100644 manifests/params.pp diff --git a/data/os/Debian.yaml b/data/os/Debian.yaml new file mode 100644 index 00000000..7be559fc --- /dev/null +++ b/data/os/Debian.yaml @@ -0,0 +1,19 @@ +--- +snmp::client::client_config: '/etc/snmp/snmp.conf' +snmp::client::package_name: 'snmp' +snmp::package_name: 'snmpd' +snmp::service_config: '/etc/snmp/snmpd.conf' +snmp::service_config_dir_group: 'root' +snmp::service_config_perms: '0600' +snmp::service_name: 'snmpd' +snmp::snmpd_options: "-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid" +snmp::snmptrapd_options: '-Lsd -p /var/run/snmptrapd.pid' +snmp::snmptrapd_package_name: 'snmptrapd' +snmp::sysconfig: '/etc/default/snmpd' +snmp::trap_service_config: '/etc/snmp/snmptrapd.conf' +snmp::trap_service_name: 'snmptrapd' +snmp::trap_sysconfig: '/etc/default/snmptrapd' +snmp::var_net_snmp: '/var/lib/snmp' +snmp::varnetsnmp_group: 'snmp' +snmp::varnetsnmp_owner: 'snmp' +snmp::varnetsnmp_perms: '0755' diff --git a/data/os/Debian/14.04.yaml b/data/os/Debian/14.04.yaml new file mode 100644 index 00000000..e9fb098c --- /dev/null +++ b/data/os/Debian/14.04.yaml @@ -0,0 +1,3 @@ +--- +snmp::snmptrapd_package_name: ~ +snmp::trap_service_name: ~ diff --git a/data/os/Debian/18.04.yaml b/data/os/Debian/18.04.yaml new file mode 100644 index 00000000..a6c12c9a --- /dev/null +++ b/data/os/Debian/18.04.yaml @@ -0,0 +1,4 @@ +--- +snmp::snmpd_options: "-Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux -p /var/run/snmpd.pid" +snmp::varnetsnmp_group: 'Debian-snmp' +snmp::varnetsnmp_owner: 'Debian-snmp' diff --git a/data/os/Debian/9.yaml b/data/os/Debian/9.yaml new file mode 100644 index 00000000..a6c12c9a --- /dev/null +++ b/data/os/Debian/9.yaml @@ -0,0 +1,4 @@ +--- +snmp::snmpd_options: "-Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux -p /var/run/snmpd.pid" +snmp::varnetsnmp_group: 'Debian-snmp' +snmp::varnetsnmp_owner: 'Debian-snmp' diff --git a/data/os/FreeBSD.yaml b/data/os/FreeBSD.yaml new file mode 100644 index 00000000..8836ffee --- /dev/null +++ b/data/os/FreeBSD.yaml @@ -0,0 +1,20 @@ +--- +snmp::client::client_config: '/usr/local/etc/snmp/snmp.conf' +snmp::client::package_name: 'net-mgmt/net-snmp' +snmp::package_name: 'net-mgmt/net-snmp' +snmp::service_config: '/usr/local/etc/snmp/snmpd.conf' +snmp::service_config_dir_group: 'wheel' +snmp::service_config_dir_owner: 'root' +snmp::service_config_dir_path: '/usr/local/etc/snmp' +snmp::service_config_dir_perms: '0755' +snmp::service_config_perms: '0755' +snmp::service_name: 'snmpd' +snmp::snmpd_options: 'd' +snmp::snmptrapd_options: ~ +snmp::snmptrapd_package_name: ~ +snmp::trap_service_config: '/usr/local/etc/snmp/snmptrapd.conf' +snmp::trap_service_name: 'snmptrapd' +snmp::var_net_snmp: '/var/net-snmp' +snmp::varnetsnmp_group: 'wheel' +snmp::varnetsnmp_owner: 'root' +snmp::varnetsnmp_perms: '0600' diff --git a/data/os/OpenBSD.yaml b/data/os/OpenBSD.yaml new file mode 100644 index 00000000..d50faf18 --- /dev/null +++ b/data/os/OpenBSD.yaml @@ -0,0 +1,20 @@ +--- +snmp::client::client_config: '/etc/snmp/snmp.conf' +snmp::client::package_name: 'net-snmp' +snmp::package_name: 'net-snmp' +snmp::service_config: '/etc/snmp/snmpd.conf' +snmp::service_config_dir_group: 'wheel' +snmp::service_config_dir_owner: 'root' +snmp::service_config_dir_path: '/etc/snmp' +snmp::service_config_dir_perms: '0755' +snmp::service_config_perms: '0755' +snmp::service_name: 'netsnmpd' +snmp::snmpd_options: ~ +snmp::snmptrapd_options: ~ +snmp::snmptrapd_package_name: ~ +snmp::trap_service_config: '/etc/snmp/snmptrapd.conf' +snmp::trap_service_name: 'netsnmptrapd' +snmp::var_net_snmp: '/var/net-snmp' +snmp::varnetsnmp_group: 'wheel' +snmp::varnetsnmp_owner: '_netsnmp' +snmp::varnetsnmp_perms: '0600' diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml new file mode 100644 index 00000000..728fc318 --- /dev/null +++ b/data/os/RedHat.yaml @@ -0,0 +1,19 @@ +--- +snmp::client::client_config: '/etc/snmp/snmp.conf' +snmp::client::package_name: 'net-snmp-utils' +snmp::package_name: 'net-snmp' +snmp::service_config: '/etc/snmp/snmpd.conf' +snmp::service_config_dir_group: 'root' +snmp::service_config_perms: '0600' +snmp::service_name: 'snmpd' +snmp::snmpd_options: '-LS0-6d' +snmp::snmptrapd_options: '-Lsd' +snmp::snmptrapd_package_name: ~ +snmp::sysconfig: '/etc/sysconfig/snmpd' +snmp::trap_service_config: '/etc/snmp/snmptrapd.conf' +snmp::trap_service_name: 'snmptrapd' +snmp::trap_sysconfig: '/etc/sysconfig/snmptrapd' +snmp::var_net_snmp: '/var/lib/net-snmp' +snmp::varnetsnmp_group: 'root' +snmp::varnetsnmp_owner: 'root' +snmp::varnetsnmp_perms: '0755' diff --git a/data/os/RedHat/6.yaml b/data/os/RedHat/6.yaml new file mode 100644 index 00000000..21cbf2a4 --- /dev/null +++ b/data/os/RedHat/6.yaml @@ -0,0 +1,8 @@ +--- +snmp::service_config_perms: '0600' +snmp::snmpd_options: '-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid' +snmp::snmptrapd_options: '-Lsd -p /var/run/snmptrapd.pid' +snmp::sysconfig: '/etc/sysconfig/snmpd' +snmp::trap_sysconfig: '/etc/sysconfig/snmptrapd' +snmp::var_net_snmp: '/var/lib/net-snmp' +snmp::varnetsnmp_perms: '0755' diff --git a/data/os/Suse.yaml b/data/os/Suse.yaml new file mode 100644 index 00000000..323e67b0 --- /dev/null +++ b/data/os/Suse.yaml @@ -0,0 +1,18 @@ +--- +snmp::client::client_config: '/etc/snmp/snmp.conf' +snmp::client::package_name: 'net-snmp' +snmp::package_name: 'net-snmp' +snmp::service_config: '/etc/snmp/snmpd.conf' +snmp::service_config_dir_group: 'root' +snmp::service_config_perms: '0600' +snmp::service_name: 'snmpd' +snmp::snmpd_options: 'd' +snmp::snmptrapd_options: ~ +snmp::snmptrapd_package_name: ~ +snmp::sysconfig: '/etc/sysconfig/net-snmp' +snmp::trap_service_config: '/etc/snmp/snmptrapd.conf' +snmp::trap_service_name: 'snmptrapd' +snmp::var_net_snmp: '/var/lib/net-snmp' +snmp::varnetsnmp_group: 'root' +snmp::varnetsnmp_owner: 'root' +snmp::varnetsnmp_perms: '0755' diff --git a/hiera.yaml b/hiera.yaml new file mode 100644 index 00000000..32039154 --- /dev/null +++ b/hiera.yaml @@ -0,0 +1,10 @@ +--- +version: 5 +defaults: + datadir: data + data_hash: yaml_data +hierarchy: + - name: "osfamily/major_release" + path: "os/%{facts.os.family}/%{facts.os.release.major}.yaml" + - name: "osfamily" + path: "os/%{facts.os.family}.yaml" diff --git a/manifests/client.pp b/manifests/client.pp index 7e95f128..fd1edc71 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,18 +1,21 @@ -# @summary -# Installs the Net-SNMP client package and configuration. +# @summary +# Manage the Net-SNMP client package and configuration. # # @example # class { 'snmp::client': -# snmp_config => [ 'defVersion 2c', 'defCommunity public', ], +# snmp_config => [ +# 'defVersion 2c', +# 'defCommunity public', +# ], # } # +# @param ensure +# Ensure if present or absent. +# # @param snmp_config # Array of lines to add to the client's global snmp.conf file. # See http://www.net-snmp.org/docs/man/snmp.conf.html for all options. # -# @param ensure -# Ensure if present or absent. -# # @param autoupgrade # Upgrade package automatically, if there is a newer version. # @@ -21,12 +24,18 @@ # Only set this if your platform is not supported or you know what you are # doing. # +# @param client_config +# Path to `snmp.conf`. +# class snmp::client ( - $snmp_config = $snmp::params::snmp_config, - Enum['present', 'absent'] $ensure = $snmp::params::ensure, - Boolean $autoupgrade = $snmp::params::autoupgrade, - $package_name = $snmp::params::client_package_name -) inherits snmp::params { + Enum['present', 'absent'] $ensure = 'present', + Optional[Array[String[1]]] $snmp_config = undef, + Boolean $autoupgrade = false, + Optional[String[1]] $package_name = undef, + Stdlib::Absolutepath $client_config = '/etc/snmp/snmp.conf', +) { + + include snmp if $ensure == 'present' { if $autoupgrade { @@ -40,11 +49,13 @@ $file_ensure = 'absent' } - unless $facts['os']['family'] == 'Suse' { - package { 'snmp-client': - ensure => $package_ensure, - name => $package_name, - before => File['snmp.conf'], + if $facts['os']['family'] != 'Suse' { + if $package_name != undef { + package { 'snmp-client': + ensure => $package_ensure, + name => $package_name, + before => File['snmp.conf'], + } } } @@ -56,10 +67,10 @@ file { 'snmp.conf': ensure => $file_ensure, - mode => '0644', + path => $client_config, owner => 'root', group => 'root', - path => $snmp::params::client_config, + mode => '0644', content => template('snmp/snmp.conf.erb'), } } diff --git a/manifests/init.pp b/manifests/init.pp index d9e7a7cd..3f574479 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,6 @@ -# @summary -# Installs the Net-SNMP daemon package, service, and configuration. Installs the Net-SNMP trap daemon service and configuration. +# @summary +# Manage the Net-SNMP and Net-SNMP trap daemon package, service, and +# configuration. # # @example # class { 'snmp': @@ -104,7 +105,7 @@ # Disable all access control checks. # # @param do_not_log_traps -# Disable the logging of notifications altogether. +# Disable the logging of notifications altogether. # # @param do_not_log_tcpwrappers # Disable the logging of tcpwrappers messages, e.g. "Connection from UDP: " messages in syslog. @@ -145,11 +146,32 @@ # @param snmpd_options # Commandline options passed to snmpd via init script. # +# @param sysconfig +# Path to sysconfig file for snmpd. +# +# @param trap_sysconfig +# Path to sysconfig file for snmptrapd. +# +# @param trap_service_config +# Path to snmptrapd.conf. +# +# @param service_config +# Path to snmpd.conf. +# # @param service_config_perms # Set permissions for the service configuration file. # +# @param service_config_dir_path +# Path to services configuration directory. +# +# @param service_config_dir_owner +# Owner for the service configuration directory. +# # @param service_config_dir_group -# Set group ownership for the service configuration file. +# Set group ownership for the service configuration directory. +# +# @param service_config_dir_perms +# Mode of the service configuration directory. # # @param service_ensure # Ensure if service is running or stopped. @@ -210,68 +232,100 @@ # @param snmpv2_enable # Disable com2sec, group, and access in snmpd.conf # +# @param var_net_snmp +# Path to snmp's var directory. +# +# @param varnetsnmp_perms +# Mode of `var_net_snmp` directory. +# +# @param varnetsnmp_owner +# Owner of `var_net_snmp` directory. +# +# @param varnetsnmp_group +# Group of `var_net_snmp` directory. +# class snmp ( - Enum['present','absent'] $ensure = $snmp::params::ensure, - $agentaddress = $snmp::params::agentaddress, - Array[String[1]] $snmptrapdaddr = $snmp::params::snmptrapdaddr, - $ro_community = $snmp::params::ro_community, - $ro_community6 = $snmp::params::ro_community6, - $rw_community = $snmp::params::rw_community, - $rw_community6 = $snmp::params::rw_community6, - $ro_network = $snmp::params::ro_network, - $ro_network6 = $snmp::params::ro_network6, - $rw_network = $snmp::params::rw_network, - $rw_network6 = $snmp::params::rw_network6, - $contact = $snmp::params::contact, - $location = $snmp::params::location, - $sysname = $snmp::params::sysname, - $services = $snmp::params::services, - Array[String[1]] $com2sec = $snmp::params::com2sec, - Array[String[1]] $com2sec6 = $snmp::params::com2sec6, - Array[String[1]] $groups = $snmp::params::groups, - Array[String[1]] $views = $snmp::params::views, - Array[String[1]] $accesses = $snmp::params::accesses, - Array[String[1]] $dlmod = $snmp::params::dlmod, - Array[String[1]] $extends = $snmp::params::extends, - Array[String] $snmpd_config = $snmp::params::snmpd_config, - Enum['yes','no'] $disable_authorization = $snmp::params::disable_authorization, - Enum['yes','no'] $do_not_log_traps = $snmp::params::do_not_log_traps, - Enum['yes','no'] $do_not_log_tcpwrappers = $snmp::params::do_not_log_tcpwrappers, - Array[String[1]] $trap_handlers = $snmp::params::trap_handlers, - Array[String[1]] $trap_forwards = $snmp::params::trap_forwards, - Array[String] $snmptrapd_config = $snmp::params::snmptrapd_config, - Boolean $manage_client = $snmp::params::manage_client, - $snmp_config = $snmp::params::snmp_config, - Boolean $autoupgrade = $snmp::params::autoupgrade, - $package_name = $snmp::params::package_name, - $snmptrapd_package_name = $snmp::params::snmptrapd_package_name, - $snmpd_options = $snmp::params::snmpd_options, - $service_config_perms = $snmp::params::service_config_perms, - $service_config_dir_group = $snmp::params::service_config_dir_group, - Stdlib::Ensure::Service $service_ensure = $snmp::params::service_ensure, - $service_name = $snmp::params::service_name, - Boolean $service_enable = $snmp::params::service_enable, - Boolean $service_hasstatus = $snmp::params::service_hasstatus, - Boolean $service_hasrestart = $snmp::params::service_hasrestart, - $snmptrapd_options = $snmp::params::snmptrapd_options, - Stdlib::Ensure::Service $trap_service_ensure = $snmp::params::trap_service_ensure, - $trap_service_name = $snmp::params::trap_service_name, - $trap_service_enable = $snmp::params::trap_service_enable, - $trap_service_hasstatus = $snmp::params::trap_service_hasstatus, - $trap_service_hasrestart = $snmp::params::trap_service_hasrestart, - String[1] $template_snmpd_conf = $snmp::params::template_snmpd_conf, - String[1] $template_snmpd_sysconfig = $snmp::params::template_snmpd_sysconfig, - String[1] $template_snmptrapd = $snmp::params::template_snmptrapd, - String[1] $template_snmptrapd_sysconfig = $snmp::params::template_snmptrapd_sysconfig, - Boolean $openmanage_enable = $snmp::params::openmanage_enable, - Boolean $master = $snmp::params::master, - $agentx_perms = $snmp::params::agentx_perms, - $agentx_ping_interval = $snmp::params::agentx_ping_interval, - $agentx_socket = $snmp::params::agentx_socket, - Integer[0] $agentx_timeout = $snmp::params::agentx_timeout, - Integer[0] $agentx_retries = $snmp::params::agentx_retries, - Boolean $snmpv2_enable = $snmp::params::snmpv2_enable, -) inherits snmp::params { + Enum['present','absent'] $ensure = 'present', + Array[String[1]] $agentaddress = [ 'udp:127.0.0.1:161', 'udp6:[::1]:161' ], + Array[String[1]] $snmptrapdaddr = [ 'udp:127.0.0.1:162', 'udp6:[::1]:162' ], + Variant[Undef, String[1], Array[String[1]]] $ro_community = 'public', + Variant[Undef, String[1], Array[String[1]]] $ro_community6 = 'public', + Variant[Undef, String[1], Array[String[1]]] $rw_community = undef, + Variant[Undef, String[1], Array[String[1]]] $rw_community6 = undef, + Variant[Array, Stdlib::IP::Address::V4, Stdlib::IP::Address::V4::CIDR] $ro_network = '127.0.0.1', + Variant[Array, Stdlib::IP::Address::V6, Stdlib::IP::Address::V6::CIDR] $ro_network6 = '::1', + Variant[Array, Stdlib::IP::Address::V4, Stdlib::IP::Address::V4::CIDR] $rw_network = '127.0.0.1', + Variant[Array, Stdlib::IP::Address::V6, Stdlib::IP::Address::V6::CIDR] $rw_network6 = '::1', + String[1] $contact = 'Unknown', + String[1] $location = 'Unknown', + String[1] $sysname = $facts['networking']['fqdn'], + Integer $services = 72, + Array[String[1]] $com2sec = [ 'notConfigUser default public' ], + Array[String[1]] $com2sec6 = [ 'notConfigUser default public' ], + Array[String[1]] $groups = [ + 'notConfigGroup v1 notConfigUser', + 'notConfigGroup v2c notConfigUser', + ], + Array[String[1]] $views = [ + 'systemview included .1.3.6.1.2.1.1', + 'systemview included .1.3.6.1.2.1.25.1.1', + ], + Array[String[1]] $accesses = [ + 'notConfigGroup "" any noauth exact systemview none none', + ], + Optional[Array[String[1]]] $dlmod = undef, + Optional[Array[String[1]]] $extends = undef, + Optional[Array[String[1]]] $snmpd_config = undef, + Enum['yes','no'] $disable_authorization = 'no', + Enum['yes','no'] $do_not_log_traps = 'no', + Enum['yes','no'] $do_not_log_tcpwrappers = 'no', + Optional[Array[String[1]]] $trap_handlers = undef, + Optional[Array[String[1]]] $trap_forwards = undef, + Optional[Array[String[1]]] $snmptrapd_config = undef, + Boolean $manage_client = false, + Optional[Array[String[1]]] $snmp_config = undef, + Boolean $autoupgrade = false, + String[1] $package_name = 'net-snmp', + Optional[String[1]] $snmptrapd_package_name = undef, + Optional[String[1]] $snmpd_options = undef, + Stdlib::Absolutepath $sysconfig = '/etc/sysconfig/snmpd', + Stdlib::Absolutepath $trap_sysconfig = '/etc/sysconfig/snmptrapd', + Stdlib::Absolutepath $trap_service_config = '/etc/snmp/snmptrapd.conf', + Stdlib::Absolutepath $service_config = '/etc/snmp/snmpd.conf', + Stdlib::Filemode $service_config_perms = '0600', + Stdlib::Absolutepath $service_config_dir_path = '/usr/local/etc/snmp', + String[1] $service_config_dir_owner = 'root', + String[1] $service_config_dir_group = 'root', + String[1] $service_config_dir_perms = '0755', + Stdlib::Ensure::Service $service_ensure = 'running', + String[1] $service_name = 'snmpd', + Boolean $service_enable = true, + Boolean $service_hasstatus = true, + Boolean $service_hasrestart = true, + Optional[String[1]] $snmptrapd_options = undef, + Stdlib::Ensure::Service $trap_service_ensure = 'stopped', + String[1] $trap_service_name = 'snmptrapd', + Boolean $trap_service_enable = false, + Boolean $trap_service_hasstatus = true, + Boolean $trap_service_hasrestart = true, + Boolean $openmanage_enable = false, + Boolean $master = false, + Optional[Stdlib::Filemode] $agentx_perms = undef, + Optional[Integer] $agentx_ping_interval = undef, + Optional[String[1]] $agentx_socket = undef, + Integer[0] $agentx_timeout = 1, + Integer[0] $agentx_retries = 5, + Boolean $snmpv2_enable = true, + Stdlib::Absolutepath $var_net_snmp = '/var/lib/net-snmp', + String[1] $varnetsnmp_owner = 'root', + String[1] $varnetsnmp_group = 'root', + Stdlib::Filemode $varnetsnmp_perms = '0755', +) { + + $template_snmpd_conf = 'snmp/snmpd.conf.erb' + $template_snmpd_sysconfig = "snmp/snmpd.sysconfig-${facts['os']['family']}.erb" + $template_snmptrapd = 'snmp/snmptrapd.conf.erb' + $template_snmptrapd_sysconfig = "snmp/snmptrapd.sysconfig-${facts['os']['family']}.erb" if $ensure == 'present' { if $autoupgrade { @@ -320,7 +374,6 @@ } } - # Install package { 'snmpd': ensure => $package_ensure, name => $package_name, @@ -336,19 +389,19 @@ file { 'var-net-snmp': ensure => 'directory', - mode => $snmp::params::varnetsnmp_perms, - owner => $snmp::params::varnetsnmp_owner, - group => $snmp::params::varnetsnmp_group, - path => $snmp::params::var_net_snmp, + path => $var_net_snmp, + owner => $varnetsnmp_owner, + group => $varnetsnmp_group, + mode => $varnetsnmp_perms, require => Package['snmpd'], } if $facts['os']['family'] == 'FreeBSD' { - file { $snmp::params::service_config_dir_path: + file { $service_config_dir_path: ensure => 'directory', - mode => $snmp::params::service_config_dir_perms, - owner => $snmp::params::service_config_dir_owner, - group => $snmp::params::service_config_dir_group, + owner => $service_config_dir_owner, + group => $service_config_dir_group, + mode => $service_config_dir_perms, require => Package['snmpd'], } } @@ -364,23 +417,22 @@ } } - # Config file { 'snmpd.conf': ensure => $file_ensure, - mode => $service_config_perms, + path => $service_config, owner => 'root', group => $service_config_dir_group, - path => $snmp::params::service_config, + mode => $service_config_perms, content => template($template_snmpd_conf), require => Package['snmpd'], } file { 'snmptrapd.conf': ensure => $file_ensure, - mode => $service_config_perms, + path => $trap_service_config, owner => 'root', group => $service_config_dir_group, - path => $snmp::params::trap_service_config, + mode => $service_config_perms, content => template($template_snmptrapd), require => Package['snmpd'], } @@ -389,10 +441,10 @@ unless $facts['os']['family'] == 'FreeBSD' or $facts['os']['family'] == 'OpenBSD' { file { 'snmpd.sysconfig': ensure => $file_ensure, - mode => '0644', + path => $sysconfig, owner => 'root', group => 'root', - path => $snmp::params::sysconfig, + mode => '0644', content => template($template_snmpd_sysconfig), require => Package['snmpd'], notify => Service['snmpd'], @@ -402,22 +454,24 @@ if $facts['os']['family'] == 'RedHat' { file { 'snmptrapd.sysconfig': ensure => $file_ensure, - mode => '0644', + path => $trap_sysconfig, owner => 'root', group => 'root', - path => $snmp::params::trap_sysconfig, + mode => '0644', content => template($template_snmptrapd_sysconfig), require => Package['snmpd'], notify => Service['snmptrapd'], } - } elsif ( $facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '16.04') >= 0 ) or - ( $facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '8') >= 0 ) { + } elsif + ( $facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '16.04') >= 0 ) or + ( $facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '8') >= 0 ) + { file { 'snmptrapd.sysconfig': ensure => $file_ensure, - mode => '0644', + path => $trap_sysconfig, owner => 'root', group => 'root', - path => $snmp::params::trap_sysconfig, + mode => '0644', content => template($template_snmptrapd_sysconfig), require => Package['snmptrapd'], notify => Service['snmptrapd'], @@ -429,12 +483,14 @@ enable => $trap_service_enable_real, hasstatus => $trap_service_hasstatus, hasrestart => $trap_service_hasrestart, - require => [ File['var-net-snmp'], Package['snmptrapd'], ], + require => [ + File['var-net-snmp'], + Package['snmptrapd'], + ], subscribe => File['snmptrapd.conf'], } } - # Services unless $facts['os']['family'] == 'Debian' { service { 'snmptrapd': ensure => $trap_service_ensure_real, diff --git a/manifests/params.pp b/manifests/params.pp deleted file mode 100644 index df21966e..00000000 --- a/manifests/params.pp +++ /dev/null @@ -1,215 +0,0 @@ -# @summary -# This class handles OS-specific configuration of the snmp module. -# -class snmp::params { - $agentaddress = [ 'udp:127.0.0.1:161', 'udp6:[::1]:161' ] - $master = false - $agentx_perms = undef - $agentx_ping_interval = undef - $agentx_socket = undef - $agentx_timeout = 1 - $agentx_retries = 5 - $snmptrapdaddr = [ 'udp:127.0.0.1:162', 'udp6:[::1]:162' ] - $ro_community = 'public' - $ro_community6 = 'public' - $rw_community = undef - $rw_community6 = undef - $ro_network = '127.0.0.1' - $ro_network6 = '::1' - $rw_network = '127.0.0.1' - $rw_network6 = '::1' - $contact = 'Unknown' - $location = 'Unknown' - $sysname = $facts['networking']['fqdn'] - $com2sec = [ 'notConfigUser default public', ] - $com2sec6 = [ 'notConfigUser default public', ] - $groups = [ - 'notConfigGroup v1 notConfigUser', - 'notConfigGroup v2c notConfigUser', - ] - $services = 72 - $openmanage_enable = false - $views = [ - 'systemview included .1.3.6.1.2.1.1', - 'systemview included .1.3.6.1.2.1.25.1.1', - ] - $accesses = [ - 'notConfigGroup "" any noauth exact systemview none none', - ] - $dlmod = [] - $extends = [] - $disable_authorization = 'no' - $do_not_log_traps = 'no' - $do_not_log_tcpwrappers = 'no' - $trap_handlers = [] - $trap_forwards = [] - $snmp_config = [] - $snmpd_config = [] - $snmptrapd_config = [] - - ### The following parameters should not need to be changed. - - $ensure = 'present' - $service_ensure = 'running' - $trap_service_ensure = 'stopped' - $autoupgrade = false - $manage_client = false - $service_enable = true - $service_hasstatus = true - $service_hasrestart = true - $trap_service_enable = false - $trap_service_hasstatus = true - $trap_service_hasrestart = true - $snmpv2_enable = true - $template_snmpd_conf = 'snmp/snmpd.conf.erb' - $template_snmpd_sysconfig = "snmp/snmpd.sysconfig-${facts['os']['family']}.erb" - $template_snmptrapd = 'snmp/snmptrapd.conf.erb' - $template_snmptrapd_sysconfig = "snmp/snmptrapd.sysconfig-${facts['os']['family']}.erb" - - $majordistrelease = $facts['os']['release']['major'] - - case $facts['os']['family'] { - 'RedHat': { - if $majordistrelease == '6' { - $snmpd_options = '-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid' - $sysconfig = '/etc/sysconfig/snmpd' - $trap_sysconfig = '/etc/sysconfig/snmptrapd' - $var_net_snmp = '/var/lib/net-snmp' - $varnetsnmp_perms = '0755' - $snmptrapd_options = '-Lsd -p /var/run/snmptrapd.pid' - $service_config_perms = '0600' - } else { - $snmpd_options = '-LS0-6d' - $sysconfig = '/etc/sysconfig/snmpd' - $trap_sysconfig = '/etc/sysconfig/snmptrapd' - $var_net_snmp = '/var/lib/net-snmp' - $varnetsnmp_perms = '0755' - $snmptrapd_options = '-Lsd' - $service_config_perms = '0600' - } - $package_name = 'net-snmp' - $service_config = '/etc/snmp/snmpd.conf' - $service_config_dir_group = 'root' - $service_name = 'snmpd' - $varnetsnmp_owner = 'root' - $varnetsnmp_group = 'root' - - $client_package_name = 'net-snmp-utils' - $client_config = '/etc/snmp/snmp.conf' - - $trap_service_config = '/etc/snmp/snmptrapd.conf' - $trap_service_name = 'snmptrapd' - $snmptrapd_package_name = undef - } - 'Debian': { - if $facts['os']['name'] == 'Debian' and versioncmp($majordistrelease, '9') >= 0 { - $varnetsnmp_owner = 'Debian-snmp' - $varnetsnmp_group = 'Debian-snmp' - } elsif $facts['os']['name'] == 'Ubuntu' and versioncmp($majordistrelease, '18.04') >= 0 { - $varnetsnmp_owner = 'Debian-snmp' - $varnetsnmp_group = 'Debian-snmp' - } else { - $varnetsnmp_owner = 'snmp' - $varnetsnmp_group = 'snmp' - } - $package_name = 'snmpd' - $service_config = '/etc/snmp/snmpd.conf' - $service_config_perms = '0600' - $service_config_dir_group = 'root' - $service_name = 'snmpd' - $snmpd_options = "-Lsd -Lf /dev/null -u ${varnetsnmp_owner} -g ${varnetsnmp_group} -I -smux -p /var/run/snmpd.pid" - $sysconfig = '/etc/default/snmpd' - $var_net_snmp = '/var/lib/snmp' - $varnetsnmp_perms = '0755' - - $client_package_name = 'snmp' - $client_config = '/etc/snmp/snmp.conf' - - $trap_service_config = '/etc/snmp/snmptrapd.conf' - $snmptrapd_options = '-Lsd -p /var/run/snmptrapd.pid' - - if $facts['os']['name'] == 'Ubuntu' and versioncmp($majordistrelease, '16.04') >= 0 { - $trap_service_name = 'snmptrapd' - $snmptrapd_package_name = 'snmptrapd' - $trap_sysconfig = '/etc/default/snmptrapd' - } elsif $facts['os']['name'] == 'Debian' and versioncmp($majordistrelease, '8') >= 0 { - $trap_service_name = 'snmptrapd' - $snmptrapd_package_name = 'snmptrapd' - $trap_sysconfig = '/etc/default/snmptrapd' - } else { - $trap_service_name = undef - $snmptrapd_package_name = undef - } - } - 'Suse': { - $package_name = 'net-snmp' - $service_config = '/etc/snmp/snmpd.conf' - $service_config_perms = '0600' - $service_config_dir_group = 'root' - $service_name = 'snmpd' - $snmpd_options = 'd' - $sysconfig = '/etc/sysconfig/net-snmp' - $var_net_snmp = '/var/lib/net-snmp' - $varnetsnmp_perms = '0755' - $varnetsnmp_owner = 'root' - $varnetsnmp_group = 'root' - - $client_package_name = 'net-snmp' - $client_config = '/etc/snmp/snmp.conf' - - $trap_service_config = '/etc/snmp/snmptrapd.conf' - $trap_service_name = 'snmptrapd' - $snmptrapd_options = undef - $snmptrapd_package_name = undef - } - 'FreeBSD': { - $package_name = 'net-mgmt/net-snmp' - $service_config_dir_path = '/usr/local/etc/snmp' - $service_config_dir_perms = '0755' - $service_config_dir_owner = 'root' - $service_config_dir_group = 'wheel' - $service_config = '/usr/local/etc/snmp/snmpd.conf' - $service_config_perms = '0755' - $service_name = 'snmpd' - $snmpd_options = 'd' - $var_net_snmp = '/var/net-snmp' - $varnetsnmp_perms = '0600' - $varnetsnmp_owner = 'root' - $varnetsnmp_group = 'wheel' - - $client_package_name = 'net-mgmt/net-snmp' - $client_config = '/usr/local/etc/snmp/snmp.conf' - - $trap_service_config = '/usr/local/etc/snmp/snmptrapd.conf' - $trap_service_name = 'snmptrapd' - $snmptrapd_options = undef - $snmptrapd_package_name = undef - } - 'OpenBSD': { - $package_name = 'net-snmp' - $service_config_dir_path = '/etc/snmp' - $service_config_dir_perms = '0755' - $service_config_dir_owner = 'root' - $service_config_dir_group = 'wheel' - $service_config = '/etc/snmp/snmpd.conf' - $service_config_perms = '0755' - $service_name = 'netsnmpd' - $snmpd_options = undef - $var_net_snmp = '/var/net-snmp' - $varnetsnmp_perms = '0600' - $varnetsnmp_owner = '_netsnmp' - $varnetsnmp_group = 'wheel' - - $client_package_name = 'net-snmp' - $client_config = '/etc/snmp/snmp.conf' - - $trap_service_config = '/etc/snmp/snmptrapd.conf' - $trap_service_name = 'netsnmptrapd' - $snmptrapd_options = undef - $snmptrapd_package_name = undef - } - default: { - fail("Module does not support ${facts['os']['family']}.") - } - } -} diff --git a/manifests/snmpv3_user.pp b/manifests/snmpv3_user.pp index 933a9359..0db389d7 100644 --- a/manifests/snmpv3_user.pp +++ b/manifests/snmpv3_user.pp @@ -30,6 +30,7 @@ Enum['AES','DES'] $privtype = 'AES', Enum['snmpd','snmptrapd'] $daemon = 'snmpd' ) { + include snmp if ($daemon == 'snmptrapd') and ($facts['os']['family'] != 'Debian') { @@ -68,7 +69,7 @@ path => '/bin:/sbin:/usr/bin:/usr/sbin', # TODO: Add "rwuser ${title}" (or rouser) to /etc/snmp/${daemon}.conf command => "service ${service_name} stop ; sleep 5 ; \ -echo \"${cmd}\" >>${snmp::params::var_net_snmp}/${daemon}.conf", +echo \"${cmd}\" >>${snmp::var_net_snmp}/${daemon}.conf", user => 'root', require => [ Package['snmpd'], File['var-net-snmp'], ], before => Service[$service_name], diff --git a/spec/classes/snmp_init_spec.rb b/spec/classes/snmp_init_spec.rb index 772962f5..f5396bb3 100644 --- a/spec/classes/snmp_init_spec.rb +++ b/spec/classes/snmp_init_spec.rb @@ -227,7 +227,7 @@ is_expected.to contain_class('snmp::client').with( ensure: 'present', autoupgrade: 'false', - snmp_config: [] + snmp_config: nil ) } end @@ -492,7 +492,7 @@ { master: true, agentx_perms: '0644', - agentx_ping_interval: '5', + agentx_ping_interval: 5, agentx_socket: 'unix:/var/agentx/master', agentx_timeout: 10, agentx_retries: 10 @@ -516,7 +516,7 @@ { master: false, agentx_perms: '0644', - agentx_ping_interval: '5', + agentx_ping_interval: 5, agentx_socket: 'unix:/var/agentx/master', agentx_timeout: 10, agentx_retries: 10 diff --git a/templates/snmpd.conf.erb b/templates/snmpd.conf.erb index a5d29446..9d63f06e 100644 --- a/templates/snmpd.conf.erb +++ b/templates/snmpd.conf.erb @@ -98,19 +98,23 @@ sysName <%= @sysname %> ################################################################################ # EXTENDING AGENT FUNCTIONALITY -<% if @extends.any? -%> -<% @extends.each do |extending| -%> +<% if @extends -%> +<% if @extends.any? -%> +<% @extends.each do |extending| -%> extend <%= extending %> -<% end -%> +<% end -%> +<% end -%> <% end -%> -<% if @dlmod.any? -%> +<% if @dlmod -%> +<% if @dlmod.any? -%> # ------------------------------------------------------------------------------ # Dynamically Loadable Modules -<% @dlmod.each do |mod| -%> +<% @dlmod.each do |mod| -%> dlmod <%= mod %> -<% end -%> +<% end -%> +<% end -%> <% end -%> ############################################################################### @@ -132,6 +136,8 @@ smuxpeer .1.3.6.1.4.1.674.10892.1 #Allow Systems Management Data Engine SNMP Storageservices to connect to snmpd using SMUX smuxpeer .1.3.6.1.4.1.674.10893.1 <% end -%> -<% @snmpd_config.each do |line| -%> +<% if not @snmpd_config.nil? -%> +<% @snmpd_config.each do |line| -%> <%= line %> +<% end -%> <% end -%> diff --git a/templates/snmptrapd.conf.erb b/templates/snmptrapd.conf.erb index 02e40595..1a4e5751 100644 --- a/templates/snmptrapd.conf.erb +++ b/templates/snmptrapd.conf.erb @@ -21,16 +21,22 @@ disableAuthorization <%= @disable_authorization %> ################################################################################ # NOTIFICATION PROCESSING -<% @trap_handlers.each do |handler| -%> +<% if not @trap_handlers.nil? -%> +<% @trap_handlers.each do |handler| -%> traphandle <%= handler %> +<% end -%> <% end -%> -<% @trap_forwards.each do |forward| -%> +<% if not @trap_forwards.nil? -%> +<% @trap_forwards.each do |forward| -%> forward <%= forward %> +<% end -%> <% end -%> ################################################################################ # OTHER CONFIGURATION -<% @snmptrapd_config.each do |line| -%> +<% if not @snmptrapd_config.nil? -%> +<% @snmptrapd_config.each do |line| -%> <%= line %> +<% end -%> <% end -%> From e2e1aaad430a3b4e2fab361181cfd85695c29874 Mon Sep 17 00:00:00 2001 From: Alexander Fisher Date: Sat, 23 Feb 2019 16:30:34 +0000 Subject: [PATCH 2/2] Update puppetlabs/stdlib minimum version Needed for newer types such as `Stdlib::IP::Address::V4::CIDR`. --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 5056057d..e48a6921 100644 --- a/metadata.json +++ b/metadata.json @@ -15,7 +15,7 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 4.22.0 < 6.0.0" + "version_requirement": ">= 4.25.0 < 6.0.0" } ], "operatingsystem_support": [