#!/usr/bin/perl # # Module: vyatta-snmp.pl # # **** License **** # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # This code was originally developed by Vyatta, Inc. # Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. # All Rights Reserved. # # Author: Stig Thormodsrud # Date: October 2007 # Description: Script to glue vyatta cli to snmp daemon # # **** End License **** # use lib "/opt/vyatta/share/perl5/"; use Vyatta::Config; use Vyatta::Misc; use Getopt::Long; use File::Copy; use strict; use warnings; my $mibdir = '/opt/vyatta/share/snmp/mibs'; my $snmp_init = '/opt/vyatta/sbin/snmpd.init'; my $snmp_conf = '/etc/snmp/snmpd.conf'; my $snmp_client = '/etc/snmp/snmp.conf'; my $snmp_tmp = "/tmp/snmpd.conf.$$"; my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf'; my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf'; my $versionfile = '/opt/vyatta/etc/version'; my $snmp_level = 'service snmp'; sub snmp_restart { system("$snmp_init restart > /dev/null 2>&1 &"); } sub snmp_stop { system("$snmp_init stop > /dev/null 2>&1"); } sub snmp_start { open (my $fh, '>', $snmp_tmp) or die "Couldn't open $snmp_tmp - $!"; select $fh; snmp_get_constants(); snmp_get_values(); close $fh; select STDOUT; snmp_client_config(); move($snmp_tmp, $snmp_conf) or die "Couldn't move $snmp_tmp to $snmp_conf - $!"; snmp_restart(); } sub get_version { my $version = "unknown-version"; if (open (my $f, '<', $versionfile)) { while (<$f>) { chomp; if (m/^Version\s*:\s*(.*)$/) { $version = $1; last; } } close $f; } return $version; } sub snmp_get_constants { my $version = get_version(); my $now = localtime; print "# autogenerated by vyatta-snmp.pl on $now\n"; print "sysDescr Vyatta $version\n"; print "sysObjectID 1.3.6.1.4.1.30803\n"; print "sysServices 14\n"; print "agentaddress unix:/var/run/snmpd.socket,udp:161,udp6:161\n"; print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n"; # ospfd print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n"; # bgpd print "smuxpeer .1.3.6.1.4.1.3317.1.2.3\n"; # ripd print "smuxsocket localhost\n"; print "perl do \"/opt/vyatta/sbin/enterprise-mib.pl\"\n"; } # generate a random character hex string sub randhex { my $length = shift; return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2); } # output snmpd.conf file syntax for community sub print_community { my ($config, $community, $type) = @_; $config->setLevel("service snmp $type $community"); my $auth = $config->returnValue('authorization'); $auth = 'ro' unless $auth; $auth .= $type; # rocommunity my @address = $config->returnValues('client'); push @address, $config->returnValues('network'); if (@address) { foreach my $addr (@address) { print "$auth $community $addr\n"; } } else { print "$auth $community\n"; } } sub snmp_get_values { my $config = new Vyatta::Config; my @communities = $config->listNodes("service snmp community"); foreach my $community (@communities) { print_community($config, $community, 'community'); } @communities = $config->listNodes("service snmp community6"); foreach my $community (@communities) { print_community($config, $community, 'community6'); } $config->setLevel($snmp_level); my $contact = $config->returnValue("contact"); if (defined $contact) { print "syscontact \"$contact\" \n"; } my $description = $config->returnValue("description"); if (defined $description) { print "sysdescr \"$description\" \n"; } my $location = $config->returnValue("location"); if (defined $location) { print "syslocation \"$location\" \n"; } my @trap_targets = $config->listNodes("trap-target"); if (@trap_targets) { # linkUp/Down configure the Event MIB tables to monitor # the ifTable for network interfaces being taken up or down # for making internal queries to retrieve any necessary information # create an internal snmpv3 user of the form 'vyattaxxxxxxxxxxxxxxxx' my $vyatta_user = "vyatta" . randhex(16); snmp_create_snmpv3_user($vyatta_user); snmp_write_snmpv3_user($vyatta_user); print "iquerySecName $vyatta_user\n"; # Modified from the default linkUpDownNotification # to include more OIDs and poll more frequently print <returnValue("trap-target $trap_target port"); my $community = $config->returnValue("trap-target $trap_target community"); print "trap2sink $trap_target"; print ":$port" if $port; print " $community" if $community; print "\n"; } } # Configure SNMP client parameters sub snmp_client_config { my $config = new Vyatta::Config; $config->setLevel($snmp_level); open (my $cf, '>', $snmp_client) or die "Couldn't open $snmp_client - $!"; my $version = get_version(); my $now = localtime; print {$cf} "# autogenerated by vyatta-snmp.pl on $now\n"; my $trap_source = $config->returnValue('trap-source'); print {$cf} "clientaddr $trap_source\n" if ($trap_source); close $cf; } sub snmp_create_snmpv3_user { my $vyatta_user = shift; my $passphrase = randhex(32); my $createuser = "createUser $vyatta_user MD5 \"$passphrase\" DES"; open(my $fh, '>>', $snmp_snmpv3_createuser_conf) || die "Couldn't open $snmp_snmpv3_createuser_conf - $!"; print $fh $createuser; close $fh; } sub snmp_write_snmpv3_user { my $vyatta_user = shift; my $user = "rouser $vyatta_user\n"; system ("sed -i '/user[[:space:]]*vyatta[[:alnum:]]*/d' $snmp_snmpv3_user_conf 2>/dev/null;"); open(my $fh, '>>', $snmp_snmpv3_user_conf) || die "Couldn't open $snmp_snmpv3_user_conf - $!"; print $fh $user; close $fh; } # # main # my $update_snmp; my $stop_snmp; GetOptions("update-snmp!" => \$update_snmp, "stop-snmp!" => \$stop_snmp); snmp_start() if ($update_snmp); snmp_stop() if ($stop_snmp);