diff options
| author | James Davidson <james.davidson@vyatta.com> | 2013-03-06 10:01:33 -0800 |
|---|---|---|
| committer | James Davidson <james.davidson@vyatta.com> | 2013-03-06 10:01:33 -0800 |
| commit | 3e5ac8cc1d3bed7fe392ba052f9f037f16441f6f (patch) | |
| tree | ef1a5298b6cbe3dec22962a10f587b97690f47be | |
| parent | e0a1bb48d6399b4788f9a69e543992cd2eb50aef (diff) | |
| download | vyatta-op-3e5ac8cc1d3bed7fe392ba052f9f037f16441f6f.tar.gz vyatta-op-3e5ac8cc1d3bed7fe392ba052f9f037f16441f6f.zip | |
Sync up SNMPv3 support
SNMP-100 Implement high-level vyatta CLI
SNMP-135 change 'show snmp', add 'show snmp v3 certificates'
SNMP-142 'sh snmp v3 cert' error/warning messages
SNMP-143 show CLI implementation
SNMP-152 Hide 'No such file or directory' error message
SNMP-143 show CLI implementation
SNMP-154 user friendly error message on 'show snmp'
SNMP-157 Run Perltidy for all Perl scripts
SNMP-158 change output of 'sh snmp v3 trap-target'
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | scripts/vyatta-show-snmp-v3.pl | 168 | ||||
| -rwxr-xr-x | scripts/vyatta-show-snmp.pl | 28 | ||||
| -rw-r--r-- | templates/show/snmp/v3/certificates/node.def | 7 | ||||
| -rw-r--r-- | templates/show/snmp/v3/group/node.def | 2 | ||||
| -rw-r--r-- | templates/show/snmp/v3/node.def | 2 | ||||
| -rw-r--r-- | templates/show/snmp/v3/trap-target/node.def | 2 | ||||
| -rw-r--r-- | templates/show/snmp/v3/user/node.def | 2 | ||||
| -rw-r--r-- | templates/show/snmp/v3/view/node.def | 2 |
9 files changed, 209 insertions, 5 deletions
diff --git a/Makefile.am b/Makefile.am index 99f5da6..0205f74 100644 --- a/Makefile.am +++ b/Makefile.am @@ -34,6 +34,7 @@ bin_SCRIPTS += scripts/vyatta-boot-image.pl bin_SCRIPTS += scripts/vyatta-sudo bin_SCRIPTS += scripts/vyatta-show-snmp.pl bin_SCRIPTS += scripts/vyatta-show-snmp-ifmib +bin_SCRIPTS += scripts/vyatta-show-snmp-v3.pl bin_SCRIPTS += scripts/rename-image.pl bin_SCRIPTS += scripts/show-image-storage.pl bin_SCRIPTS += scripts/vyatta-remote-copy.pl diff --git a/scripts/vyatta-show-snmp-v3.pl b/scripts/vyatta-show-snmp-v3.pl new file mode 100644 index 0000000..dc81623 --- /dev/null +++ b/scripts/vyatta-show-snmp-v3.pl @@ -0,0 +1,168 @@ +#! /usr/bin/perl + +use Getopt::Long; + +sub show_view() { + print <<END; + +SNMPv3 Views: + +END + + foreach my $view ( listNodes("view") ) { + print "View : $view\nOIDs :\n"; + foreach my $oid ( listNodes("view $view oid") ) { + my $exclude = ''; + $exclude = ' exclude' + if ( isExists("view $view oid $oid exclude") ); + my $mask = ''; + if ( isExists("view $view oid $oid mask") ) { + my $value = returnValue("view $view oid $oid mask"); + $mask = " mask $value"; + } + print " .$oid$exclude$mask\n"; + } + print "\n"; + } +} + +sub show_group() { + print <<END; + +SNMPv3 Groups: + +Group View +----- ---- +END + + foreach my $group ( listNodes("group") ) { + my $view = returnValue("group $group view"); + my $mode = returnValue("group $group mode"); + if ( length($group) >= 20 ) { + print "$group\n $view($mode)\n"; + } + else { + $~ = "GROUP_FORMAT"; + format GROUP_FORMAT = +@<<<<<<<<<<<<<<<<<< @*(@*) +$group $view $mode +. + write; + } + } + print "\n"; +} + +sub show_user() { + print <<END; + +SNMPv3 Users: + +User Auth Priv Mode Group +---- ---- ---- ---- ----- +END + + foreach my $user ( listNodes("user") ) { + my $auth = returnValue("user $user auth type"); + my $priv = returnValue("user $user privacy type"); + my $mode = returnValue("user $user mode"); + my $group = returnValue("user $user group"); + if ( length($user) >= 20 ) { + print "$user\n $auth $priv $mode $group\n"; + } + else { + $~ = "USER_FORMAT"; + format USER_FORMAT = +@<<<<<<<<<<<<<<<<<< @<<< @<<< @<<< @* +$user $auth $priv $mode $group +. + write; + } + } + print "\n"; +} + +sub show_trap() { + print <<END; + +SNMPv3 Trap-targets: + +Tpap-target Port Protocol Auth Priv Type EngineID User +----------- ---- -------- ---- ---- ---- -------- ---- +END + + foreach my $trap ( listNodes("trap-target") ) { + my $auth = returnValue("trap-target $trap auth type"); + my $priv = returnValue("trap-target $trap privacy type"); + my $type = returnValue("trap-target $trap type"); + my $port = returnValue("trap-target $trap port"); + my $user = returnValue("trap-target $trap user"); + my $protocol = returnValue("trap-target $trap protocol"); + my $engineid = returnValue("trap-target $trap engineid"); + if ( length($trap) >= 30 ) { + $~ = "TRAP_BIG_FORMAT"; + format TRAP_BIG_FORMAT = +^* +$trap + @<<<<< @<<<<<<< @<<< @<<< @<<<<< @<<<<<<<<<<<<<<<<<<<<... @* +$port $protocol $auth $priv $type $engineid $user +. + write; + } + else { + $~ = "TRAP_FORMAT"; + format TRAP_FORMAT = +@<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<<<< @<<<<<<< @<<< @<<< @<<<<< @<<<<<<<<<<<<<<<<<<<<... @* +$trap $port $protocol $auth $priv $type $engineid $user +. + write; + } + } + print "\n"; +} + +sub show_all() { + show_user(); + show_group(); + show_view(); + show_trap(); +} + +sub listNodes { + my $path = shift; + my @nodes = + split( ' ', `cli-shell-api listActiveNodes service snmp v3 $path` ); + return map { substr $_, 1, -1 } @nodes; +} + +sub returnValue { + my $path = shift; + my $value = `cli-shell-api returnActiveValue service snmp v3 $path`; + return $value; +} + +sub isExists { + my $path = shift; + system("cli-shell-api existsActive service snmp v3 $path"); + return !$?; +} + +my $all; +my $view; +my $group; +my $user; +my $trap; + +GetOptions( + "all!" => \$all, + "view!" => \$view, + "group!" => \$group, + "user!" => \$user, + "trap!" => \$trap, +); + +show_all() if ($all); +show_view() if ($view); +show_group() if ($group); +show_user() if ($user); +show_trap() if ($trap); diff --git a/scripts/vyatta-show-snmp.pl b/scripts/vyatta-show-snmp.pl index 2346a6c..634b3cc 100755 --- a/scripts/vyatta-show-snmp.pl +++ b/scripts/vyatta-show-snmp.pl @@ -27,11 +27,14 @@ use NetAddr::IP; my $SNMPDCFG = '/etc/snmp/snmpd.conf'; my $SNMPSTATUS = '/usr/bin/snmpstatus'; +my $password_file = '/config/snmp/superuser_pass'; # generate list of communities in configuration file sub read_config { my %community; + die "Service SNMP does not configured.\n" if (! -e $SNMPDCFG); + open( my $cfg, '<', $SNMPDCFG ) or die "Can't open $SNMPDCFG : $!\n"; @@ -65,14 +68,29 @@ sub status_any { my %community = %{$cref}; my $localhost = new NetAddr::IP('localhost'); - die "No SNMP community's configured\n" - unless scalar(%community); - - foreach my $c ( keys %community ) { + if (scalar(%community)) { + foreach my $c ( keys %community ) { my $addr = $community{$c}; status( $c, $localhost->addr() ) if ( $addr->contains($localhost) ); + } + } + status_v3(); + +} + +sub status_v3 { + open (my $file, '<' , $password_file) or die "Couldn't open $password_file - $!"; + my $superuser_pass = do { local $/; <$file> }; + close $file; + open ($file, '<', $SNMPDCFG) or die "Couldn't open $SNMPDCFG - $!"; + my $superuser_login = ''; + while (my $line = <$file>) { + if ($line =~ /^iquerySecName (.*)$/) { + $superuser_login = $1; + } } - die "No SNMP community's accessible from ", $localhost->addr(), "\n"; + close $file; + exec $SNMPSTATUS, '-v3', '-l', 'authNoPriv', '-u', $superuser_login, '-A', $superuser_pass, 'localhost'; } # check status of one community diff --git a/templates/show/snmp/v3/certificates/node.def b/templates/show/snmp/v3/certificates/node.def new file mode 100644 index 0000000..e66fc0d --- /dev/null +++ b/templates/show/snmp/v3/certificates/node.def @@ -0,0 +1,7 @@ +help: Show TSM certificates +run: files=`sudo ls /etc/snmp/tls/certs/ 2> /dev/null`; + if [ -n "$files" ]; then + sudo /usr/bin/net-snmp-cert showcerts --subject --fingerprint + else + echo "You don't have any certificates. Put it in '/etc/snmp/tls/certs/' folder." + fi diff --git a/templates/show/snmp/v3/group/node.def b/templates/show/snmp/v3/group/node.def new file mode 100644 index 0000000..7ff947a --- /dev/null +++ b/templates/show/snmp/v3/group/node.def @@ -0,0 +1,2 @@ +help: Show the list of configured groups +run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --group
\ No newline at end of file diff --git a/templates/show/snmp/v3/node.def b/templates/show/snmp/v3/node.def new file mode 100644 index 0000000..70c0df2 --- /dev/null +++ b/templates/show/snmp/v3/node.def @@ -0,0 +1,2 @@ +help: Show status of SNMP v3 on localhost +run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --all
\ No newline at end of file diff --git a/templates/show/snmp/v3/trap-target/node.def b/templates/show/snmp/v3/trap-target/node.def new file mode 100644 index 0000000..9f0d2f1 --- /dev/null +++ b/templates/show/snmp/v3/trap-target/node.def @@ -0,0 +1,2 @@ +help: Show the list of configured targets +run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --trap diff --git a/templates/show/snmp/v3/user/node.def b/templates/show/snmp/v3/user/node.def new file mode 100644 index 0000000..621ccc8 --- /dev/null +++ b/templates/show/snmp/v3/user/node.def @@ -0,0 +1,2 @@ +help: Show the list of configured users +run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --user diff --git a/templates/show/snmp/v3/view/node.def b/templates/show/snmp/v3/view/node.def new file mode 100644 index 0000000..7e05d84 --- /dev/null +++ b/templates/show/snmp/v3/view/node.def @@ -0,0 +1,2 @@ +help: Show the list of configured views +run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --view
\ No newline at end of file |