diff options
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/snmp.py | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 7623206b4..863f7e2e2 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -18,6 +18,7 @@ import sys import os +import shutil import stat import pwd import time @@ -46,7 +47,6 @@ OIDs = { 'des' : '.1.3.6.1.6.3.10.1.2.2', 'none': '.1.3.6.1.6.3.10.1.2.1' } - # SNMPS template - be careful if you edit the template. client_config_tmpl = """ ### Autogenerated by snmp.py ### @@ -634,6 +634,9 @@ def verify(snmp): if user['privPassword'] == '' and user['privMasterKey'] == '': raise ConfigError('Must specify encrypted-key or plaintext-key for user privacy') + if user['privMasterKey'] and user['engineID'] == '': + raise ConfigError('Can not have "encrypted-key" without engineid') + if user['authPassword'] == '' and user['authMasterKey'] == '' and user['privTsmKey'] == '': raise ConfigError('Must specify auth or tsm-key for user auth') @@ -711,12 +714,30 @@ def generate(snmp): def apply(snmp): if snmp is not None: - if not os.path.exists('/config/snmp/tls'): - os.makedirs('/config/snmp/tls') - os.chmod('/config/snmp/tls', stat.S_IWUSR | stat.S_IRUSR) + nonvolatiledir = '/config/snmp/tls' + volatiledir = '/etc/snmp/tls' + if not os.path.exists(nonvolatiledir): + os.makedirs(nonvolatiledir) + os.chmod(nonvolatiledir, stat.S_IWUSR | stat.S_IRUSR) # get uid for user 'snmp' snmp_uid = pwd.getpwnam('snmp').pw_uid - os.chown('/config/snmp/tls', snmp_uid, -1) + os.chown(nonvolatiledir, snmp_uid, -1) + + # move SNMP certificate files from volatile location to non volatile /config/snmp + if os.path.exists(volatiledir) and os.path.isdir(volatiledir): + files = os.listdir(volatiledir) + for f in files: + shutil.move(volatiledir + '/' + f, nonvolatiledir) + os.chmod(nonvolatiledir + '/' + f, stat.S_IWUSR | stat.S_IRUSR) + + os.rmdir(volatiledir) + os.symlink(nonvolatiledir, volatiledir) + + if os.path.islink(volatiledir): + link = os.readlink(volatiledir) + if link != nonvolatiledir: + os.unlink(volatiledir) + os.symlink(nonvolatiledir, volatiledir) # start SNMP daemon os.system("sudo systemctl restart snmpd.service") |