diff options
author | James Davidson <james.davidson@vyatta.com> | 2013-03-06 10:16:06 -0800 |
---|---|---|
committer | James Davidson <james.davidson@vyatta.com> | 2013-03-28 09:40:24 -0700 |
commit | aa3cc1e9e91cfc54397b8a065b109e80538ae209 (patch) | |
tree | 14a40450ea878eb2600ee091f7d3c664e6eabe6f /templates | |
parent | 4aea4a53988339a768767d0e6f08d8fa7a2e268b (diff) | |
download | vyatta-cfg-system-aa3cc1e9e91cfc54397b8a065b109e80538ae209.tar.gz vyatta-cfg-system-aa3cc1e9e91cfc54397b8a065b109e80538ae209.zip |
Sync up SNMPv3 support
SNMP-135 store SNMP superuser password to config file
SNMP-130 add engineId for trap-target
SNMP-134 use 'stop' and 'start' instead of 'restart'
SNMP-141 change engineID syntax checking
SNMP-136 Users are lost after changing TSM port
SNMP-149 TLS Error: Permission denied
SNMP-147 Not correct priority in TSM users
SNMP-148 Configuring already use port for TSM is destroying users.
SNMP-151 Errors in logs after first snmp configuration
SNMP-152 Hide 'No such file or directory' error message
SNMP-153 Debug messages after 'delete service snmp'
SNMP-157 Run Perltidy for all Perl scripts
SNMP-158 change syntax of trap-target engineID
SNMP-163: added script to check name, apply it for user, group and view names
SNMP-161 Faulty configuration with many trap-target
SNMP-160 Look for TSM keys in /config folder
SNMP-162 CLI permit not correct oid
SNMP-163: typo in script
SNMP-160 Look for TSM keys in /config folder
SNMP-163: added support of upper case for names in the script
SNMP-163: create rule for names, permit only a-zA-Z0-9
SNMP-163: typo
(cherry picked from commit e4c3ae81d2d1f040a8ad363928302d72f8431ef9)
Diffstat (limited to 'templates')
-rw-r--r-- | templates/service/snmp/node.def | 7 | ||||
-rw-r--r-- | templates/service/snmp/v3/group/node.def | 2 | ||||
-rw-r--r-- | templates/service/snmp/v3/node.def | 4 | ||||
-rw-r--r-- | templates/service/snmp/v3/trap-target/node.def | 2 | ||||
-rw-r--r-- | templates/service/snmp/v3/trap-target/node.tag/engineid/node.def | 3 | ||||
-rw-r--r-- | templates/service/snmp/v3/tsm/local-key/node.def | 8 | ||||
-rw-r--r-- | templates/service/snmp/v3/user/node.def | 5 | ||||
-rw-r--r-- | templates/service/snmp/v3/user/node.tag/tsm-key/node.def | 8 | ||||
-rw-r--r-- | templates/service/snmp/v3/view/node.def | 5 | ||||
-rw-r--r-- | templates/service/snmp/v3/view/node.tag/oid/node.def | 2 |
10 files changed, 35 insertions, 11 deletions
diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def index 8047121f..9fb161dc 100644 --- a/templates/service/snmp/node.def +++ b/templates/service/snmp/node.def @@ -3,6 +3,7 @@ help: Simple Network Management Protocol (SNMP) commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" || $VAR(v3/) != "" \ ; "must configure a community or community6 or v3" +create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi delete: touch /tmp/snmp.$PPID end:if [ -f "/tmp/snmp.$PPID" ] then @@ -10,6 +11,12 @@ end:if [ -f "/tmp/snmp.$PPID" ] rm /tmp/snmp.$PPID; sudo rm -f /etc/snmp/snmpd.conf; else + if [ -n "$VAR(v3/)" ]; then + sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --check-config; + if [ $? != 0 ]; then + exit 1; + fi + fi sudo /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp; if [ -n "$VAR(v3/)" ] then diff --git a/templates/service/snmp/v3/group/node.def b/templates/service/snmp/v3/group/node.def index bcfe6795..13579174 100644 --- a/templates/service/snmp/v3/group/node.def +++ b/templates/service/snmp/v3/group/node.def @@ -1,5 +1,7 @@ tag: type: txt help: Specifies the group with name groupname +syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name" +syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)" commit:expression: $VAR(view/) != "" ; "must specify view" commit:expression: $VAR(mode/) != "" ; "must specify mode" diff --git a/templates/service/snmp/v3/node.def b/templates/service/snmp/v3/node.def index 756a156f..f89d2328 100644 --- a/templates/service/snmp/v3/node.def +++ b/templates/service/snmp/v3/node.def @@ -1,7 +1,6 @@ help: Simple Network Management Protocol (SNMP) v3 -create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi - if [ ! -d "/config/snmp/tls" ]; then +create: if [ ! -d "/config/snmp/tls" ]; then sudo mkdir /config/snmp/tls ; if [ -d "/etc/snmp/tls" ] ; then sudo mv /etc/snmp/tls/* /config/snmp/tls > /dev/null 2>&1; @@ -18,6 +17,7 @@ create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi fi begin: if [ -d "/config/snmp/tls" ]; then + sudo chown -R snmp /config/snmp/tls; sudo chmod -R 600 /config/snmp/tls; fi diff --git a/templates/service/snmp/v3/trap-target/node.def b/templates/service/snmp/v3/trap-target/node.def index d6203e9b..6c2717a8 100644 --- a/templates/service/snmp/v3/trap-target/node.def +++ b/templates/service/snmp/v3/trap-target/node.def @@ -7,6 +7,8 @@ commit:expression: $VAR(auth/) != ""; "must specify auth" commit:expression: $VAR(protocol/) != ""; "must specify protocol" commit:expression: $VAR(user/) != ""; "must specify user" commit:expression: $VAR(port/) != ""; "must specify port" +commit:expression: $VAR(type/@) == "inform" || ( $VAR(type/@) == "trap" && $VAR(engineid/) != "" ); \ + "must specify engineid if type is 'trap'" val_help: <x.x.x.x>; IP address of trap target val_help: <h:h:h:h:h:h:h:h>; IPv6 address of trap target
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def b/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def new file mode 100644 index 00000000..7a621af6 --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def @@ -0,0 +1,3 @@ +type: txt +help: Defines the engineID. (needs for trap) +syntax:expression: pattern $VAR(@) "^([0-9a-f][0-9a-f]){1,16}$" ; "id must contain from 2 to 32 hex digits"
\ No newline at end of file diff --git a/templates/service/snmp/v3/tsm/local-key/node.def b/templates/service/snmp/v3/tsm/local-key/node.def index d238d310..4bc3d07b 100644 --- a/templates/service/snmp/v3/tsm/local-key/node.def +++ b/templates/service/snmp/v3/tsm/local-key/node.def @@ -1,8 +1,12 @@ type: txt help: Defines the server certificate fingerprint or key-file name. -allowed: sudo ls /etc/snmp/tls/certs +allowed: if sudo [ -d /etc/snmp/tls/certs ]; then + sudo ls /etc/snmp/tls/certs 2> /dev/null + else + sudo ls /config/snmp/tls/certs 2> /dev/null + fi syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" || - exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \ + exec "if sudo [ -f /etc/snmp/tls/certs/$VAR(@) -o -f /config/snmp/tls/certs/$VAR(@) ]; \ then \ exit 0; \ else \ diff --git a/templates/service/snmp/v3/user/node.def b/templates/service/snmp/v3/user/node.def index e6a8bc87..32e0f61f 100644 --- a/templates/service/snmp/v3/user/node.def +++ b/templates/service/snmp/v3/user/node.def @@ -1,6 +1,7 @@ tag: type: txt help: Specifies the user with name username -syntax:expression: pattern $VAR(@) "^[^-]*$" ; "characters '-' in name is not supported yet" +syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name" +syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)" commit:expression: $VAR(auth/) != "" || $VAR(tsm-key/) != ""; "must specify auth or tsm-key" -commit:expression: $VAR(mode/) != ""; "must specify mode"
\ No newline at end of file +commit:expression: $VAR(mode/) != ""; "must specify mode" diff --git a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def index e9f55a5f..b41be079 100644 --- a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def +++ b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def @@ -1,8 +1,12 @@ type: txt help: Specifies finger print or file name of TSM certificate. -allowed: sudo ls /etc/snmp/tls/certs +allowed: if sudo [ -d /etc/snmp/tls/certs ]; then + sudo ls /etc/snmp/tls/certs 2> /dev/null + else + sudo ls /config/snmp/tls/certs 2> /dev/null + fi syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" || - exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \ + exec "if sudo [ -f /etc/snmp/tls/certs/$VAR(@) -o -f /config/snmp/tls/certs/$VAR(@) ]; \ then \ exit 0; \ else \ diff --git a/templates/service/snmp/v3/view/node.def b/templates/service/snmp/v3/view/node.def index a83c978b..1fa589ae 100644 --- a/templates/service/snmp/v3/view/node.def +++ b/templates/service/snmp/v3/view/node.def @@ -1,5 +1,6 @@ tag: type: txt help: Specifies the view with name viewname - -commit:expression: $VAR(oid/) != ""; "must configure an oid"
\ No newline at end of file +syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name" +syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)" +commit:expression: $VAR(oid/) != ""; "must configure an oid" diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.def index beed3274..ca2a5c5d 100644 --- a/templates/service/snmp/v3/view/node.tag/oid/node.def +++ b/templates/service/snmp/v3/view/node.tag/oid/node.def @@ -1,4 +1,4 @@ tag: type: txt help: Specifies the oid -syntax:expression: pattern $VAR(@) "^[0-9]+(\.[0-9]+)*$" ; "oid must start from a number" +syntax:expression: pattern $VAR(@) "^[0-9]+(\\.[0-9]+)*$" ; "oid must start from a number" |