diff options
Diffstat (limited to 'data/templates/snmp')
-rw-r--r-- | data/templates/snmp/etc.snmp.conf.j2 (renamed from data/templates/snmp/etc.snmp.conf.tmpl) | 0 | ||||
-rw-r--r-- | data/templates/snmp/etc.snmpd.conf.j2 | 182 | ||||
-rw-r--r-- | data/templates/snmp/etc.snmpd.conf.tmpl | 182 | ||||
-rw-r--r-- | data/templates/snmp/override.conf.j2 (renamed from data/templates/snmp/override.conf.tmpl) | 0 | ||||
-rw-r--r-- | data/templates/snmp/usr.snmpd.conf.j2 (renamed from data/templates/snmp/usr.snmpd.conf.tmpl) | 4 | ||||
-rw-r--r-- | data/templates/snmp/var.snmpd.conf.j2 (renamed from data/templates/snmp/var.snmpd.conf.tmpl) | 12 |
6 files changed, 190 insertions, 190 deletions
diff --git a/data/templates/snmp/etc.snmp.conf.tmpl b/data/templates/snmp/etc.snmp.conf.j2 index 8012cf6bb..8012cf6bb 100644 --- a/data/templates/snmp/etc.snmp.conf.tmpl +++ b/data/templates/snmp/etc.snmp.conf.j2 diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2 new file mode 100644 index 000000000..d7dc0ba5d --- /dev/null +++ b/data/templates/snmp/etc.snmpd.conf.j2 @@ -0,0 +1,182 @@ +### Autogenerated by snmp.py ### + +# non configurable defaults +sysObjectID 1.3.6.1.4.1.44641 +sysServices 14 +master agentx +agentXPerms 0777 0777 +pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias +smuxpeer .1.3.6.1.2.1.83 +smuxpeer .1.3.6.1.2.1.157 +smuxsocket localhost + +# linkUp/Down configure the Event MIB tables to monitor +# the ifTable for network interfaces being taken up or down +# for making internal queries to retrieve any necessary information +iquerySecName {{ vyos_user }} + +# Modified from the default linkUpDownNotification +# to include more OIDs and poll more frequently +notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus +notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus +monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 +monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 + +# Remove all old ifTable entries with the same ifName as newly appeared +# interface (with different ifIndex) - this is the case on e.g. ppp interfaces +interface_replace_old yes + +######################## +# configurable section # +######################## + +# Default system description is VyOS version +sysDescr VyOS {{ version }} + +{% if description is vyos_defined %} +# Description +SysDescr {{ description }} +{% endif %} + +# Listen +{% set options = [] %} +{% if listen_address is vyos_defined %} +{% for address, address_options in listen_address.items() %} +{% if address | is_ipv6 %} +{% set protocol = protocol ~ '6' %} +{% endif %} +{% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %} +{% endfor %} +{% else %} +{% set _ = options.append(protocol ~ ':161') %} +{% set _ = options.append(protocol ~ '6:161') %} +{% endif %} +agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} + +# SNMP communities +{% if community is vyos_defined %} +{% for comm, comm_config in community.items() %} +{% if comm_config.client is vyos_defined %} +{% for client in comm_config.client %} +{% if client | is_ipv4 %} +{{ comm_config.authorization }}community {{ comm }} {{ client }} +{% elif client | is_ipv6 %} +{{ comm_config.authorization }}community6 {{ comm }} {{ client }} +{% endif %} +{% endfor %} +{% endif %} +{% if comm_config.network is vyos_defined %} +{% for network in comm_config.network %} +{% if network | is_ipv4 %} +{{ comm_config.authorization }}community {{ comm }} {{ network }} +{% elif client | is_ipv6 %} +{{ comm_config.authorization }}community6 {{ comm }} {{ network }} +{% endif %} +{% endfor %} +{% endif %} +{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} +{{ comm_config.authorization }}community {{ comm }} +{% endif %} +{% endfor %} +{% endif %} + +{% if contact is vyos_defined %} +# system contact information +SysContact {{ contact }} +{% endif %} + +{% if location is vyos_defined %} +# system location information +SysLocation {{ location }} +{% endif %} + +{% if smux_peer is vyos_defined %} +# additional smux peers +{% for peer in smux_peer %} +smuxpeer {{ peer }} +{% endfor %} +{% endif %} + +{% if trap_target is vyos_defined %} +# if there is a problem - tell someone! +{% for trap, trap_config in trap_target.items() %} +trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }} +{% endfor %} +{% endif %} + +{% if v3 is vyos_defined %} +# +# SNMPv3 stuff goes here +# +{% if v3.view is vyos_defined %} +# views +{% for view, view_config in v3.view.items() %} +{% if view_config.oid is vyos_defined %} +{% for oid in view_config.oid %} +view {{ view }} included .{{ oid }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} + +# access +{% if v3.group is vyos_defined %} +# context sec.model sec.level match read write notif +{% for group, group_config in v3.group.items() %} +access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {{ 'none' if group_config.mode == 'ro' else group_config.view }} none +{% endfor %} +{% endif %} + +# trap-target +{% if v3.trap_target is vyos_defined %} +{% for trap, trap_config in v3.trap_target.items() %} +{% set options = '' %} +{% if trap_config.type == 'inform' %} +{% set options = options ~ ' -Ci' %} +{% endif %} +{% if v3.engineid is vyos_defined %} +{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %} +{% endif %} +{% if trap_config.user is vyos_defined %} +{% set options = options ~ ' -u ' ~ trap_config.user %} +{% endif %} +{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %} +{% set options = options ~ ' -a ' ~ trap_config.auth.type %} +{% if trap_config.auth.plaintext_password is vyos_defined %} +{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %} +{% elif trap_config.auth.encrypted_password is vyos_defined %} +{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %} +{% endif %} +{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %} +{% set options = options ~ ' -x ' ~ trap_config.privacy.type %} +{% if trap_config.privacy.plaintext_password is vyos_defined %} +{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %} +{% elif trap_config.privacy.encrypted_password is vyos_defined %} +{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %} +{% endif %} +{% set options = options ~ ' -l authPriv' %} +{% else %} +{% set options = options ~ ' -l authNoPriv' %} +{% endif %} +{% else %} +{% set options = options ~ ' -l noAuthNoPriv' %} +{% endif %} +trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }} +{% endfor %} +{% endif %} + +# group +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} +group {{ user_config.group }} usm {{ user }} +{% endfor %} +{% endif %} +{# SNMPv3 end #} +{% endif %} + +{% if script_extensions.extension_name is vyos_defined %} +# extension scripts +{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %} +extend {{ script }} {{ script_config.script }} +{% endfor %} +{% endif %} diff --git a/data/templates/snmp/etc.snmpd.conf.tmpl b/data/templates/snmp/etc.snmpd.conf.tmpl deleted file mode 100644 index 510b35097..000000000 --- a/data/templates/snmp/etc.snmpd.conf.tmpl +++ /dev/null @@ -1,182 +0,0 @@ -### Autogenerated by snmp.py ### - -# non configurable defaults -sysObjectID 1.3.6.1.4.1.44641 -sysServices 14 -master agentx -agentXPerms 0777 0777 -pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias -smuxpeer .1.3.6.1.2.1.83 -smuxpeer .1.3.6.1.2.1.157 -smuxsocket localhost - -# linkUp/Down configure the Event MIB tables to monitor -# the ifTable for network interfaces being taken up or down -# for making internal queries to retrieve any necessary information -iquerySecName {{ vyos_user }} - -# Modified from the default linkUpDownNotification -# to include more OIDs and poll more frequently -notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus -notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus -monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 -monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 - -# Remove all old ifTable entries with the same ifName as newly appeared -# interface (with different ifIndex) - this is the case on e.g. ppp interfaces -interface_replace_old yes - -######################## -# configurable section # -######################## - -# Default system description is VyOS version -sysDescr VyOS {{ version }} - -{% if description is vyos_defined %} -# Description -SysDescr {{ description }} -{% endif %} - -# Listen -{% set options = [] %} -{% if listen_address is vyos_defined %} -{% for address, address_options in listen_address.items() %} -{% if address | is_ipv6 %} -{% set protocol = protocol ~ '6' %} -{% endif %} -{% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %} -{% endfor %} -{% else %} -{% set _ = options.append(protocol ~ ':161') %} -{% set _ = options.append(protocol ~ '6:161') %} -{% endif %} -agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} - -# SNMP communities -{% if community is vyos_defined %} -{% for comm, comm_config in community.items() %} -{% if comm_config.client is vyos_defined %} -{% for client in comm_config.client %} -{% if client | is_ipv4 %} -{{ comm_config.authorization }}community {{ comm }} {{ client }} -{% elif client | is_ipv6 %} -{{ comm_config.authorization }}community6 {{ comm }} {{ client }} -{% endif %} -{% endfor %} -{% endif %} -{% if comm_config.network is vyos_defined %} -{% for network in comm_config.network %} -{% if network | is_ipv4 %} -{{ comm_config.authorization }}community {{ comm }} {{ network }} -{% elif client | is_ipv6 %} -{{ comm_config.authorization }}community6 {{ comm }} {{ network }} -{% endif %} -{% endfor %} -{% endif %} -{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} -{{ comm_config.authorization }}community {{ comm }} -{% endif %} -{% endfor %} -{% endif %} - -{% if contact is vyos_defined %} -# system contact information -SysContact {{ contact }} -{% endif %} - -{% if location is vyos_defined %} -# system location information -SysLocation {{ location }} -{% endif %} - -{% if smux_peer is vyos_defined %} -# additional smux peers -{% for peer in smux_peer %} -smuxpeer {{ peer }} -{% endfor %} -{% endif %} - -{% if trap_target is vyos_defined %} -# if there is a problem - tell someone! -{% for trap, trap_config in trap_target.items() %} -trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }} -{% endfor %} -{% endif %} - -{% if v3 is vyos_defined %} -# -# SNMPv3 stuff goes here -# -{% if v3.view is vyos_defined %} -# views -{% for view, view_config in v3.view.items() %} -{% if view_config.oid is vyos_defined %} -{% for oid in view_config.oid %} -view {{ view }} included .{{ oid }} -{% endfor %} -{% endif %} -{% endfor %} -{% endif %} - -# access -{% if v3.group is vyos_defined %} -# context sec.model sec.level match read write notif -{% for group, group_config in v3.group.items() %} -access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {% if group_config.mode == 'ro' %}none{% else %}{{ group_config.view }}{% endif %} none -{% endfor %} -{% endif %} - -# trap-target -{% if v3.trap_target is vyos_defined %} -{% for trap, trap_config in v3.trap_target.items() %} -{% set options = '' %} -{% if trap_config.type == 'inform' %} -{% set options = options ~ ' -Ci' %} -{% endif %} -{% if v3.engineid is vyos_defined %} -{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %} -{% endif %} -{% if trap_config.user is vyos_defined %} -{% set options = options ~ ' -u ' ~ trap_config.user %} -{% endif %} -{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %} -{% set options = options ~ ' -a ' ~ trap_config.auth.type %} -{% if trap_config.auth.plaintext_password is vyos_defined %} -{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %} -{% elif trap_config.auth.encrypted_password is vyos_defined %} -{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %} -{% endif %} -{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %} -{% set options = options ~ ' -x ' ~ trap_config.privacy.type %} -{% if trap_config.privacy.plaintext_password is vyos_defined %} -{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %} -{% elif trap_config.privacy.encrypted_password is vyos_defined %} -{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %} -{% endif %} -{% set options = options ~ ' -l authPriv' %} -{% else %} -{% set options = options ~ ' -l authNoPriv' %} -{% endif %} -{% else %} -{% set options = options ~ ' -l noAuthNoPriv' %} -{% endif %} -trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }} -{% endfor %} -{% endif %} - -# group -{% if v3.user is vyos_defined %} -{% for user, user_config in v3.user.items() %} -group {{ user_config.group }} usm {{ user }} -{% endfor %} -{% endif %} -{# SNMPv3 end #} -{% endif %} - -{% if script_extensions.extension_name is vyos_defined %} -# extension scripts -{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %} -extend {{ script }} {{ script_config.script }} -{% endfor %} -{% endif %} diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.j2 index 5d787de86..5d787de86 100644 --- a/data/templates/snmp/override.conf.tmpl +++ b/data/templates/snmp/override.conf.j2 diff --git a/data/templates/snmp/usr.snmpd.conf.tmpl b/data/templates/snmp/usr.snmpd.conf.j2 index a46b3997f..a713c1cec 100644 --- a/data/templates/snmp/usr.snmpd.conf.tmpl +++ b/data/templates/snmp/usr.snmpd.conf.j2 @@ -1,8 +1,8 @@ ### Autogenerated by snmp.py ### -{% if v3.user is vyos_defined %} +{% if v3.user is vyos_defined %} {% for user, user_config in v3.user.items() %} {{ user_config.mode }}user {{ user }} {% endfor %} -{% endif %} +{% endif %} rwuser {{ vyos_user }} diff --git a/data/templates/snmp/var.snmpd.conf.tmpl b/data/templates/snmp/var.snmpd.conf.j2 index 16d39db89..012f33aeb 100644 --- a/data/templates/snmp/var.snmpd.conf.tmpl +++ b/data/templates/snmp/var.snmpd.conf.j2 @@ -1,16 +1,16 @@ ### Autogenerated by snmp.py ### # user {% if v3 is vyos_defined %} -{% if v3.user is vyos_defined %} -{% for user, user_config in v3.user.items() %} +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.auth.type | snmp_auth_oid }} 0x{{ user_config.auth.encrypted_password }} {{ user_config.privacy.type | snmp_auth_oid }} 0x{{ user_config.privacy.encrypted_password }} 0x -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} # VyOS default user createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES -{% if v3.engineid is vyos_defined %} +{% if v3.engineid is vyos_defined %} oldEngineID 0x{{ v3.engineid }} -{% endif %} +{% endif %} {% endif %} |