From 5ffbd74baee4c3e987fe1875c2c73a1fe7afdbe1 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 1 May 2022 18:59:29 +0200 Subject: snmp: T4353: fix Jinja2 linting errors --- data/templates/snmp/etc.snmp.conf.j2 | 4 + data/templates/snmp/etc.snmp.conf.tmpl | 4 - data/templates/snmp/etc.snmpd.conf.j2 | 182 ++++++++++++++++++++++++++++++++ data/templates/snmp/etc.snmpd.conf.tmpl | 182 -------------------------------- data/templates/snmp/override.conf.j2 | 14 +++ data/templates/snmp/override.conf.tmpl | 14 --- data/templates/snmp/usr.snmpd.conf.j2 | 8 ++ data/templates/snmp/usr.snmpd.conf.tmpl | 8 -- data/templates/snmp/var.snmpd.conf.j2 | 16 +++ data/templates/snmp/var.snmpd.conf.tmpl | 16 --- src/conf_mode/snmp.py | 10 +- 11 files changed, 229 insertions(+), 229 deletions(-) create mode 100644 data/templates/snmp/etc.snmp.conf.j2 delete mode 100644 data/templates/snmp/etc.snmp.conf.tmpl create mode 100644 data/templates/snmp/etc.snmpd.conf.j2 delete mode 100644 data/templates/snmp/etc.snmpd.conf.tmpl create mode 100644 data/templates/snmp/override.conf.j2 delete mode 100644 data/templates/snmp/override.conf.tmpl create mode 100644 data/templates/snmp/usr.snmpd.conf.j2 delete mode 100644 data/templates/snmp/usr.snmpd.conf.tmpl create mode 100644 data/templates/snmp/var.snmpd.conf.j2 delete mode 100644 data/templates/snmp/var.snmpd.conf.tmpl diff --git a/data/templates/snmp/etc.snmp.conf.j2 b/data/templates/snmp/etc.snmp.conf.j2 new file mode 100644 index 000000000..8012cf6bb --- /dev/null +++ b/data/templates/snmp/etc.snmp.conf.j2 @@ -0,0 +1,4 @@ +### Autogenerated by snmp.py ### +{% if trap_source is vyos_defined %} +clientaddr {{ trap_source }} +{% endif %} diff --git a/data/templates/snmp/etc.snmp.conf.tmpl b/data/templates/snmp/etc.snmp.conf.tmpl deleted file mode 100644 index 8012cf6bb..000000000 --- a/data/templates/snmp/etc.snmp.conf.tmpl +++ /dev/null @@ -1,4 +0,0 @@ -### Autogenerated by snmp.py ### -{% if trap_source is vyos_defined %} -clientaddr {{ trap_source }} -{% endif %} diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2 new file mode 100644 index 000000000..d7dc0ba5d --- /dev/null +++ b/data/templates/snmp/etc.snmpd.conf.j2 @@ -0,0 +1,182 @@ +### Autogenerated by snmp.py ### + +# non configurable defaults +sysObjectID 1.3.6.1.4.1.44641 +sysServices 14 +master agentx +agentXPerms 0777 0777 +pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias +smuxpeer .1.3.6.1.2.1.83 +smuxpeer .1.3.6.1.2.1.157 +smuxsocket localhost + +# linkUp/Down configure the Event MIB tables to monitor +# the ifTable for network interfaces being taken up or down +# for making internal queries to retrieve any necessary information +iquerySecName {{ vyos_user }} + +# Modified from the default linkUpDownNotification +# to include more OIDs and poll more frequently +notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus +notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus +monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 +monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 + +# Remove all old ifTable entries with the same ifName as newly appeared +# interface (with different ifIndex) - this is the case on e.g. ppp interfaces +interface_replace_old yes + +######################## +# configurable section # +######################## + +# Default system description is VyOS version +sysDescr VyOS {{ version }} + +{% if description is vyos_defined %} +# Description +SysDescr {{ description }} +{% endif %} + +# Listen +{% set options = [] %} +{% if listen_address is vyos_defined %} +{% for address, address_options in listen_address.items() %} +{% if address | is_ipv6 %} +{% set protocol = protocol ~ '6' %} +{% endif %} +{% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %} +{% endfor %} +{% else %} +{% set _ = options.append(protocol ~ ':161') %} +{% set _ = options.append(protocol ~ '6:161') %} +{% endif %} +agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} + +# SNMP communities +{% if community is vyos_defined %} +{% for comm, comm_config in community.items() %} +{% if comm_config.client is vyos_defined %} +{% for client in comm_config.client %} +{% if client | is_ipv4 %} +{{ comm_config.authorization }}community {{ comm }} {{ client }} +{% elif client | is_ipv6 %} +{{ comm_config.authorization }}community6 {{ comm }} {{ client }} +{% endif %} +{% endfor %} +{% endif %} +{% if comm_config.network is vyos_defined %} +{% for network in comm_config.network %} +{% if network | is_ipv4 %} +{{ comm_config.authorization }}community {{ comm }} {{ network }} +{% elif client | is_ipv6 %} +{{ comm_config.authorization }}community6 {{ comm }} {{ network }} +{% endif %} +{% endfor %} +{% endif %} +{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} +{{ comm_config.authorization }}community {{ comm }} +{% endif %} +{% endfor %} +{% endif %} + +{% if contact is vyos_defined %} +# system contact information +SysContact {{ contact }} +{% endif %} + +{% if location is vyos_defined %} +# system location information +SysLocation {{ location }} +{% endif %} + +{% if smux_peer is vyos_defined %} +# additional smux peers +{% for peer in smux_peer %} +smuxpeer {{ peer }} +{% endfor %} +{% endif %} + +{% if trap_target is vyos_defined %} +# if there is a problem - tell someone! +{% for trap, trap_config in trap_target.items() %} +trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }} +{% endfor %} +{% endif %} + +{% if v3 is vyos_defined %} +# +# SNMPv3 stuff goes here +# +{% if v3.view is vyos_defined %} +# views +{% for view, view_config in v3.view.items() %} +{% if view_config.oid is vyos_defined %} +{% for oid in view_config.oid %} +view {{ view }} included .{{ oid }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} + +# access +{% if v3.group is vyos_defined %} +# context sec.model sec.level match read write notif +{% for group, group_config in v3.group.items() %} +access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {{ 'none' if group_config.mode == 'ro' else group_config.view }} none +{% endfor %} +{% endif %} + +# trap-target +{% if v3.trap_target is vyos_defined %} +{% for trap, trap_config in v3.trap_target.items() %} +{% set options = '' %} +{% if trap_config.type == 'inform' %} +{% set options = options ~ ' -Ci' %} +{% endif %} +{% if v3.engineid is vyos_defined %} +{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %} +{% endif %} +{% if trap_config.user is vyos_defined %} +{% set options = options ~ ' -u ' ~ trap_config.user %} +{% endif %} +{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %} +{% set options = options ~ ' -a ' ~ trap_config.auth.type %} +{% if trap_config.auth.plaintext_password is vyos_defined %} +{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %} +{% elif trap_config.auth.encrypted_password is vyos_defined %} +{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %} +{% endif %} +{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %} +{% set options = options ~ ' -x ' ~ trap_config.privacy.type %} +{% if trap_config.privacy.plaintext_password is vyos_defined %} +{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %} +{% elif trap_config.privacy.encrypted_password is vyos_defined %} +{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %} +{% endif %} +{% set options = options ~ ' -l authPriv' %} +{% else %} +{% set options = options ~ ' -l authNoPriv' %} +{% endif %} +{% else %} +{% set options = options ~ ' -l noAuthNoPriv' %} +{% endif %} +trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }} +{% endfor %} +{% endif %} + +# group +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} +group {{ user_config.group }} usm {{ user }} +{% endfor %} +{% endif %} +{# SNMPv3 end #} +{% endif %} + +{% if script_extensions.extension_name is vyos_defined %} +# extension scripts +{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %} +extend {{ script }} {{ script_config.script }} +{% endfor %} +{% endif %} diff --git a/data/templates/snmp/etc.snmpd.conf.tmpl b/data/templates/snmp/etc.snmpd.conf.tmpl deleted file mode 100644 index 510b35097..000000000 --- a/data/templates/snmp/etc.snmpd.conf.tmpl +++ /dev/null @@ -1,182 +0,0 @@ -### Autogenerated by snmp.py ### - -# non configurable defaults -sysObjectID 1.3.6.1.4.1.44641 -sysServices 14 -master agentx -agentXPerms 0777 0777 -pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias -smuxpeer .1.3.6.1.2.1.83 -smuxpeer .1.3.6.1.2.1.157 -smuxsocket localhost - -# linkUp/Down configure the Event MIB tables to monitor -# the ifTable for network interfaces being taken up or down -# for making internal queries to retrieve any necessary information -iquerySecName {{ vyos_user }} - -# Modified from the default linkUpDownNotification -# to include more OIDs and poll more frequently -notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus -notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus -monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 -monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 - -# Remove all old ifTable entries with the same ifName as newly appeared -# interface (with different ifIndex) - this is the case on e.g. ppp interfaces -interface_replace_old yes - -######################## -# configurable section # -######################## - -# Default system description is VyOS version -sysDescr VyOS {{ version }} - -{% if description is vyos_defined %} -# Description -SysDescr {{ description }} -{% endif %} - -# Listen -{% set options = [] %} -{% if listen_address is vyos_defined %} -{% for address, address_options in listen_address.items() %} -{% if address | is_ipv6 %} -{% set protocol = protocol ~ '6' %} -{% endif %} -{% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %} -{% endfor %} -{% else %} -{% set _ = options.append(protocol ~ ':161') %} -{% set _ = options.append(protocol ~ '6:161') %} -{% endif %} -agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} - -# SNMP communities -{% if community is vyos_defined %} -{% for comm, comm_config in community.items() %} -{% if comm_config.client is vyos_defined %} -{% for client in comm_config.client %} -{% if client | is_ipv4 %} -{{ comm_config.authorization }}community {{ comm }} {{ client }} -{% elif client | is_ipv6 %} -{{ comm_config.authorization }}community6 {{ comm }} {{ client }} -{% endif %} -{% endfor %} -{% endif %} -{% if comm_config.network is vyos_defined %} -{% for network in comm_config.network %} -{% if network | is_ipv4 %} -{{ comm_config.authorization }}community {{ comm }} {{ network }} -{% elif client | is_ipv6 %} -{{ comm_config.authorization }}community6 {{ comm }} {{ network }} -{% endif %} -{% endfor %} -{% endif %} -{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} -{{ comm_config.authorization }}community {{ comm }} -{% endif %} -{% endfor %} -{% endif %} - -{% if contact is vyos_defined %} -# system contact information -SysContact {{ contact }} -{% endif %} - -{% if location is vyos_defined %} -# system location information -SysLocation {{ location }} -{% endif %} - -{% if smux_peer is vyos_defined %} -# additional smux peers -{% for peer in smux_peer %} -smuxpeer {{ peer }} -{% endfor %} -{% endif %} - -{% if trap_target is vyos_defined %} -# if there is a problem - tell someone! -{% for trap, trap_config in trap_target.items() %} -trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }} -{% endfor %} -{% endif %} - -{% if v3 is vyos_defined %} -# -# SNMPv3 stuff goes here -# -{% if v3.view is vyos_defined %} -# views -{% for view, view_config in v3.view.items() %} -{% if view_config.oid is vyos_defined %} -{% for oid in view_config.oid %} -view {{ view }} included .{{ oid }} -{% endfor %} -{% endif %} -{% endfor %} -{% endif %} - -# access -{% if v3.group is vyos_defined %} -# context sec.model sec.level match read write notif -{% for group, group_config in v3.group.items() %} -access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {% if group_config.mode == 'ro' %}none{% else %}{{ group_config.view }}{% endif %} none -{% endfor %} -{% endif %} - -# trap-target -{% if v3.trap_target is vyos_defined %} -{% for trap, trap_config in v3.trap_target.items() %} -{% set options = '' %} -{% if trap_config.type == 'inform' %} -{% set options = options ~ ' -Ci' %} -{% endif %} -{% if v3.engineid is vyos_defined %} -{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %} -{% endif %} -{% if trap_config.user is vyos_defined %} -{% set options = options ~ ' -u ' ~ trap_config.user %} -{% endif %} -{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %} -{% set options = options ~ ' -a ' ~ trap_config.auth.type %} -{% if trap_config.auth.plaintext_password is vyos_defined %} -{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %} -{% elif trap_config.auth.encrypted_password is vyos_defined %} -{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %} -{% endif %} -{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %} -{% set options = options ~ ' -x ' ~ trap_config.privacy.type %} -{% if trap_config.privacy.plaintext_password is vyos_defined %} -{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %} -{% elif trap_config.privacy.encrypted_password is vyos_defined %} -{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %} -{% endif %} -{% set options = options ~ ' -l authPriv' %} -{% else %} -{% set options = options ~ ' -l authNoPriv' %} -{% endif %} -{% else %} -{% set options = options ~ ' -l noAuthNoPriv' %} -{% endif %} -trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }} -{% endfor %} -{% endif %} - -# group -{% if v3.user is vyos_defined %} -{% for user, user_config in v3.user.items() %} -group {{ user_config.group }} usm {{ user }} -{% endfor %} -{% endif %} -{# SNMPv3 end #} -{% endif %} - -{% if script_extensions.extension_name is vyos_defined %} -# extension scripts -{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %} -extend {{ script }} {{ script_config.script }} -{% endfor %} -{% endif %} diff --git a/data/templates/snmp/override.conf.j2 b/data/templates/snmp/override.conf.j2 new file mode 100644 index 000000000..5d787de86 --- /dev/null +++ b/data/templates/snmp/override.conf.j2 @@ -0,0 +1,14 @@ +{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} +{% set oid_route_table = ' ' if oid_enable is vyos_defined('route-table') else '-I -ipCidrRouteTable,inetCidrRouteTable' %} +[Unit] +StartLimitIntervalSec=0 +After=vyos-router.service + +[Service] +Environment= +Environment="MIBDIRS=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/vyos/mibs" +ExecStart= +ExecStart={{ vrf_command }}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp {{ oid_route_table }} -f -p /run/snmpd.pid +Restart=always +RestartSec=10 + diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.tmpl deleted file mode 100644 index 5d787de86..000000000 --- a/data/templates/snmp/override.conf.tmpl +++ /dev/null @@ -1,14 +0,0 @@ -{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} -{% set oid_route_table = ' ' if oid_enable is vyos_defined('route-table') else '-I -ipCidrRouteTable,inetCidrRouteTable' %} -[Unit] -StartLimitIntervalSec=0 -After=vyos-router.service - -[Service] -Environment= -Environment="MIBDIRS=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/vyos/mibs" -ExecStart= -ExecStart={{ vrf_command }}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp {{ oid_route_table }} -f -p /run/snmpd.pid -Restart=always -RestartSec=10 - diff --git a/data/templates/snmp/usr.snmpd.conf.j2 b/data/templates/snmp/usr.snmpd.conf.j2 new file mode 100644 index 000000000..a713c1cec --- /dev/null +++ b/data/templates/snmp/usr.snmpd.conf.j2 @@ -0,0 +1,8 @@ +### Autogenerated by snmp.py ### +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} +{{ user_config.mode }}user {{ user }} +{% endfor %} +{% endif %} + +rwuser {{ vyos_user }} diff --git a/data/templates/snmp/usr.snmpd.conf.tmpl b/data/templates/snmp/usr.snmpd.conf.tmpl deleted file mode 100644 index a46b3997f..000000000 --- a/data/templates/snmp/usr.snmpd.conf.tmpl +++ /dev/null @@ -1,8 +0,0 @@ -### Autogenerated by snmp.py ### -{% if v3.user is vyos_defined %} -{% for user, user_config in v3.user.items() %} -{{ user_config.mode }}user {{ user }} -{% endfor %} -{% endif %} - -rwuser {{ vyos_user }} diff --git a/data/templates/snmp/var.snmpd.conf.j2 b/data/templates/snmp/var.snmpd.conf.j2 new file mode 100644 index 000000000..012f33aeb --- /dev/null +++ b/data/templates/snmp/var.snmpd.conf.j2 @@ -0,0 +1,16 @@ +### Autogenerated by snmp.py ### +# user +{% if v3 is vyos_defined %} +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} +usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.auth.type | snmp_auth_oid }} 0x{{ user_config.auth.encrypted_password }} {{ user_config.privacy.type | snmp_auth_oid }} 0x{{ user_config.privacy.encrypted_password }} 0x +{% endfor %} +{% endif %} + +# VyOS default user +createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES + +{% if v3.engineid is vyos_defined %} +oldEngineID 0x{{ v3.engineid }} +{% endif %} +{% endif %} diff --git a/data/templates/snmp/var.snmpd.conf.tmpl b/data/templates/snmp/var.snmpd.conf.tmpl deleted file mode 100644 index 16d39db89..000000000 --- a/data/templates/snmp/var.snmpd.conf.tmpl +++ /dev/null @@ -1,16 +0,0 @@ -### Autogenerated by snmp.py ### -# user -{% if v3 is vyos_defined %} -{% if v3.user is vyos_defined %} -{% for user, user_config in v3.user.items() %} -usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.auth.type | snmp_auth_oid }} 0x{{ user_config.auth.encrypted_password }} {{ user_config.privacy.type | snmp_auth_oid }} 0x{{ user_config.privacy.encrypted_password }} 0x -{% endfor %} -{% endif %} - -# VyOS default user -createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES - -{% if v3.engineid is vyos_defined %} -oldEngineID 0x{{ v3.engineid }} -{% endif %} -{% endif %} diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index e35bb8a0c..ae060580d 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -270,15 +270,15 @@ def generate(snmp): call(f'/opt/vyatta/sbin/my_delete service snmp v3 user "{user}" privacy plaintext-password > /dev/null') # Write client config file - render(config_file_client, 'snmp/etc.snmp.conf.tmpl', snmp) + render(config_file_client, 'snmp/etc.snmp.conf.j2', snmp) # Write server config file - render(config_file_daemon, 'snmp/etc.snmpd.conf.tmpl', snmp) + render(config_file_daemon, 'snmp/etc.snmpd.conf.j2', snmp) # Write access rights config file - render(config_file_access, 'snmp/usr.snmpd.conf.tmpl', snmp) + render(config_file_access, 'snmp/usr.snmpd.conf.j2', snmp) # Write access rights config file - render(config_file_user, 'snmp/var.snmpd.conf.tmpl', snmp) + render(config_file_user, 'snmp/var.snmpd.conf.j2', snmp) # Write daemon configuration file - render(systemd_override, 'snmp/override.conf.tmpl', snmp) + render(systemd_override, 'snmp/override.conf.j2', snmp) return None -- cgit v1.2.3