From 1117cf40eb996b0f29567545b1232dbdfb40ca96 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 1 Sep 2018 14:22:57 +0200 Subject: T771: snmp.px: reduce syslog noise --- src/conf_mode/snmp.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'src/conf_mode/snmp.py') diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index b98741913..4d84aa4df 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -38,6 +38,7 @@ config_file_client = r'/etc/snmp/snmp.conf' config_file_daemon = r'/etc/snmp/snmpd.conf' config_file_access = r'/usr/share/snmp/snmpd.conf' config_file_user = r'/var/lib/snmp/snmpd.conf' +config_file_init = r'/etc/default/snmpd' # SNMP OIDs used to mark auth/priv type OIDs = { @@ -224,7 +225,17 @@ group {{ u.group }} tsm {{ u.name }} {% endif %} {% endif %} +""" + +init_config_tmpl = """ +### Autogenerated by snmp.py ### +# This file controls the activity of snmpd + +# snmpd control (yes means start daemon). +SNMPDRUN=yes +# snmpd options (use syslog, close stdin/out/err). +SNMPDOPTS='-LSed -u snmp -g snmp -p /run/snmpd.pid' """ default_config_data = { @@ -734,6 +745,12 @@ def generate(snmp): with open(config_file_user, 'w') as f: f.write(config_text) + # Write init config file + tmpl = jinja2.Template(init_config_tmpl) + config_text = tmpl.render(snmp) + with open(config_file_init, 'w') as f: + f.write(config_text) + return None def apply(snmp): -- cgit v1.2.3 From a5b70e5a9176043ada3749775dce51dd864f6b50 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 1 Sep 2018 14:42:33 +0200 Subject: snmp.py: beautify generated snmp.conf --- src/conf_mode/snmp.py | 112 ++++++++++++++++++++------------------------------ 1 file changed, 45 insertions(+), 67 deletions(-) (limited to 'src/conf_mode/snmp.py') diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 4d84aa4df..924c19754 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -72,22 +72,20 @@ rwuser {{ vyos_user }} user_config_tmpl = """ ### Autogenerated by snmp.py ### # user -{% if v3_users %} -{% for u in v3_users %} -{% if u.authOID == 'none' %} +{%- for u in v3_users %} +{%- if u.authOID == 'none' %} createUser {{ u.name }} -{% elif u.authPassword %} +{%- elif u.authPassword %} createUser {{ u.name }} {{ u.authProtocol | upper }} "{{ u.authPassword }}" {{ u.privProtocol | upper }} {{ u.privPassword }} -{% else %} +{%- else %} usmUser 1 3 {{ u.engineID }} "{{ u.name }}" "{{ u.name }}" NULL {{ u.authOID }} {{ u.authMasterKey }} {{ u.privOID }} {{ u.privMasterKey }} 0x -{% endif %} -{% endfor %} -{% endif %} +{%- endif %} +{%- endfor %} createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES -{% if v3_engineid %} +{%- if v3_engineid %} oldEngineID {{ v3_engineid }} -{%- endif -%} +{%- endif %} """ # SNMPS template - be careful if you edit the template. @@ -124,107 +122,87 @@ monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 ######################## # configurable section # ######################## - {% if v3_tsm_key %} [snmp] localCert {{ v3_tsm_key }} -{% endif %} +{%- endif %} # Default system description is VyOS version sysDescr VyOS {{ version }} -{% if description -%} +{% if description %} # Description SysDescr {{ description }} -{% endif %} +{%- endif %} # Listen agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},udp:161,udp6:161{% endif %}{% if v3_tsm_key %},tlstcp:{{ v3_tsm_port }},dtlsudp::{{ v3_tsm_port }}{% endif %} # SNMP communities -{% if communities -%} -{% for c in communities %} -{% if c.network -%} -{% for network in c.network_v4 %} +{%- for c in communities %} +{%- for network in c.network_v4 %} {{ c.authorization }}community {{ c.name }} {{ network }} -{% endfor %} -{% for network in c.network_v6 %} +{%- endfor %} +{%- for network in c.network_v6 %} {{ c.authorization }}community6 {{ c.name }} {{ network }} -{% endfor %} -{% else %} +{%- endfor %} +{%- else %} {{ c.authorization }}community {{ c.name }} {{ c.authorization }}community6 {{ c.name }} -{% endif %} -{% endfor %} -{% endif %} +{%- endfor %} -{% if contact -%} +{% if contact %} # system contact information SysContact {{ contact }} -{% endif %} +{%- endif %} -{% if location -%} +{% if location %} # system location information SysLocation {{ location }} -{% endif %} +{%- endif %} {% if smux_peers -%} # additional smux peers -{% for sp in smux_peers %} +{%- for sp in smux_peers %} smuxpeer {{ sp }} -{% endfor %} -{% endif %} +{%- endfor %} +{%- endif %} {% if trap_targets -%} # if there is a problem - tell someone! -{% for t in trap_targets %} +{%- for t in trap_targets %} trap2sink {{ t.target }}{% if t.port -%}:{{ t.port }}{% endif %} {{ t.community }} -{% endfor %} -{% endif %} +{%- endfor %} +{%- endif %} +{%- if v3_enabled %} # # SNMPv3 stuff goes here # -{% if v3_enabled %} - # views -{% if v3_views -%} -{% for v in v3_views %} -{% for oid in v.oids %} +{%- for v in v3_views %} +{%- for oid in v.oids %} view {{ v.name }} included .{{ oid.oid }} -{% endfor %} -{% endfor %} -{% endif %} +{%- endfor %} +{%- endfor %} # access # context sec.model sec.level match read write notif -{% if v3_groups -%} -{% for g in v3_groups %} -{% if g.mode == 'ro' %} -access {{ g.name }} "" usm {{ g.seclevel }} exact {{ g.view }} none none -access {{ g.name }} "" tsm {{ g.seclevel }} exact {{ g.view }} none none -{% elif g.mode == 'rw' %} -access {{ g.name }} "" usm {{ g.seclevel }} exact {{ g.view }} {{ g.view }} none -access {{ g.name }} "" tsm {{ g.seclevel }} exact {{ g.view }} {{ g.view }} none -{% endif %} -{% endfor -%} -{% endif %} +{%- for g in v3_groups %} +access {{ g.name }} "" usm {{ g.seclevel }} exact {{ g.view }} {% if g.mode == 'ro' %}none{% else %}{{ g.view }}{% endif %} none +access {{ g.name }} "" tsm {{ g.seclevel }} exact {{ g.view }} {% if g.mode == 'ro' %}none{% else %}{{ g.view }}{% endif %} none +{%- endfor %} # trap-target -{% if v3_traps -%} -{% for t in v3_traps %} +{%- for t in v3_traps %} trapsess -v 3 {{ '-Ci' if t.type == 'inform' }} -e {{ t.engineID }} -u {{ t.secName }} -l {{ t.secLevel }} -a {{ t.authProtocol }} {% if t.authPassword %}-A {{ t.authPassword }}{% elif t.authMasterKey %}-3m {{ t.authMasterKey }}{% endif %} -x {{ t.privProtocol }} {% if t.privPassword %}-X {{ t.privPassword }}{% elif t.privMasterKey %}-3M {{ t.privMasterKey }}{% endif %} {{ t.ipProto }}:{{ t.ipAddr }}:{{ t.ipPort }} -{% endfor -%} -{% endif %} +{%- endfor %} # group -{% if v3_users -%} -{% for u in v3_users %} +{%- for u in v3_users %} group {{ u.group }} usm {{ u.name }} group {{ u.group }} tsm {{ u.name }} {% endfor %} -{% endif %} - -{% endif %} +{%- endif %} """ init_config_tmpl = """ @@ -722,25 +700,25 @@ def generate(snmp): return None # Write client config file - tmpl = jinja2.Template(client_config_tmpl, trim_blocks=True) + tmpl = jinja2.Template(client_config_tmpl) config_text = tmpl.render(snmp) with open(config_file_client, 'w') as f: f.write(config_text) # Write server config file - tmpl = jinja2.Template(daemon_config_tmpl, trim_blocks=True) + tmpl = jinja2.Template(daemon_config_tmpl) config_text = tmpl.render(snmp) with open(config_file_daemon, 'w') as f: f.write(config_text) # Write access rights config file - tmpl = jinja2.Template(access_config_tmpl, trim_blocks=True) + tmpl = jinja2.Template(access_config_tmpl) config_text = tmpl.render(snmp) with open(config_file_access, 'w') as f: f.write(config_text) # Write access rights config file - tmpl = jinja2.Template(user_config_tmpl, trim_blocks=True) + tmpl = jinja2.Template(user_config_tmpl) config_text = tmpl.render(snmp) with open(config_file_user, 'w') as f: f.write(config_text) -- cgit v1.2.3 From bd2f3a42ec9fafdd133d78faa385a19a656f7240 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 1 Sep 2018 14:43:21 +0200 Subject: snmp.py: bugfix writing rocommunity string in config --- src/conf_mode/snmp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/conf_mode/snmp.py') diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 924c19754..86a10c496 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -273,9 +273,9 @@ def get_config(): if conf.exists('community {0} network'.format(name)): for addr in conf.return_values('community {0} network'.format(name)): if vyos.validate.is_ipv4(addr): - community['network_v4'] = addr + community['network_v4'].append(addr) else: - community['network_v6'] = addr + community['network_v6'].append(addr) snmp['communities'].append(community) -- cgit v1.2.3 From bfde18e1064d0622d1eb022ffca2fa9a95bace0f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 1 Sep 2018 14:48:06 +0200 Subject: snmp.py: bugfix - CLI client community node was not processed --- src/conf_mode/snmp.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/conf_mode/snmp.py') diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 86a10c496..ef5db4690 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -270,6 +270,7 @@ def get_config(): if conf.exists('community {0} authorization'.format(name)): community['authorization'] = conf.return_value('community {0} authorization'.format(name)) + # Subnet of SNMP client(s) allowed to contact system if conf.exists('community {0} network'.format(name)): for addr in conf.return_values('community {0} network'.format(name)): if vyos.validate.is_ipv4(addr): @@ -277,6 +278,14 @@ def get_config(): else: community['network_v6'].append(addr) + # IP address of SNMP client allowed to contact system + if conf.exists('community {0} client'.format(name)): + for addr in conf.return_values('community {0} client'.format(name)): + if vyos.validate.is_ipv4(addr): + community['network_v4'].append(addr) + else: + community['network_v6'].append(addr) + snmp['communities'].append(community) if conf.exists('contact'): -- cgit v1.2.3 From d48e5d8d196365862feae6943e97cbc803469cbb Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 1 Sep 2018 14:57:53 +0200 Subject: snmp.py: beautify generated snmp.conf #2 --- src/conf_mode/snmp.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/conf_mode/snmp.py') diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index ef5db4690..a4e776d49 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -60,12 +60,12 @@ clientaddr {{ trap_source }} # SNMPS template - be careful if you edit the template. access_config_tmpl = """ ### Autogenerated by snmp.py ### -{% if v3_users %} -{% for u in v3_users %} +{%- for u in v3_users %} {{ u.mode }}user {{ u.name }} -{% endfor %} -{% endif -%} +{%- endfor %} + rwuser {{ vyos_user }} + """ # SNMPS template - be careful if you edit the template. -- cgit v1.2.3