summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/snmp.py31
1 files changed, 26 insertions, 5 deletions
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 7623206b4..863f7e2e2 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -18,6 +18,7 @@
import sys
import os
+import shutil
import stat
import pwd
import time
@@ -46,7 +47,6 @@ OIDs = {
'des' : '.1.3.6.1.6.3.10.1.2.2',
'none': '.1.3.6.1.6.3.10.1.2.1'
}
-
# SNMPS template - be careful if you edit the template.
client_config_tmpl = """
### Autogenerated by snmp.py ###
@@ -634,6 +634,9 @@ def verify(snmp):
if user['privPassword'] == '' and user['privMasterKey'] == '':
raise ConfigError('Must specify encrypted-key or plaintext-key for user privacy')
+ if user['privMasterKey'] and user['engineID'] == '':
+ raise ConfigError('Can not have "encrypted-key" without engineid')
+
if user['authPassword'] == '' and user['authMasterKey'] == '' and user['privTsmKey'] == '':
raise ConfigError('Must specify auth or tsm-key for user auth')
@@ -711,12 +714,30 @@ def generate(snmp):
def apply(snmp):
if snmp is not None:
- if not os.path.exists('/config/snmp/tls'):
- os.makedirs('/config/snmp/tls')
- os.chmod('/config/snmp/tls', stat.S_IWUSR | stat.S_IRUSR)
+ nonvolatiledir = '/config/snmp/tls'
+ volatiledir = '/etc/snmp/tls'
+ if not os.path.exists(nonvolatiledir):
+ os.makedirs(nonvolatiledir)
+ os.chmod(nonvolatiledir, stat.S_IWUSR | stat.S_IRUSR)
# get uid for user 'snmp'
snmp_uid = pwd.getpwnam('snmp').pw_uid
- os.chown('/config/snmp/tls', snmp_uid, -1)
+ os.chown(nonvolatiledir, snmp_uid, -1)
+
+ # move SNMP certificate files from volatile location to non volatile /config/snmp
+ if os.path.exists(volatiledir) and os.path.isdir(volatiledir):
+ files = os.listdir(volatiledir)
+ for f in files:
+ shutil.move(volatiledir + '/' + f, nonvolatiledir)
+ os.chmod(nonvolatiledir + '/' + f, stat.S_IWUSR | stat.S_IRUSR)
+
+ os.rmdir(volatiledir)
+ os.symlink(nonvolatiledir, volatiledir)
+
+ if os.path.islink(volatiledir):
+ link = os.readlink(volatiledir)
+ if link != nonvolatiledir:
+ os.unlink(volatiledir)
+ os.symlink(nonvolatiledir, volatiledir)
# start SNMP daemon
os.system("sudo systemctl restart snmpd.service")