diff options
Diffstat (limited to 'data/templates/snmp')
| -rw-r--r-- | data/templates/snmp/etc.snmp.conf.j2 (renamed from data/templates/snmp/etc.snmp.conf.tmpl) | 2 | ||||
| -rw-r--r-- | data/templates/snmp/etc.snmpd.conf.j2 | 182 | ||||
| -rw-r--r-- | data/templates/snmp/etc.snmpd.conf.tmpl | 119 | ||||
| -rw-r--r-- | data/templates/snmp/override.conf.j2 | 14 | ||||
| -rw-r--r-- | data/templates/snmp/override.conf.tmpl | 14 | ||||
| -rw-r--r-- | data/templates/snmp/usr.snmpd.conf.j2 | 8 | ||||
| -rw-r--r-- | data/templates/snmp/usr.snmpd.conf.tmpl | 6 | ||||
| -rw-r--r-- | data/templates/snmp/var.snmpd.conf.j2 | 16 | ||||
| -rw-r--r-- | data/templates/snmp/var.snmpd.conf.tmpl | 14 |
9 files changed, 221 insertions, 154 deletions
diff --git a/data/templates/snmp/etc.snmp.conf.tmpl b/data/templates/snmp/etc.snmp.conf.j2 index 6e4c6f063..8012cf6bb 100644 --- a/data/templates/snmp/etc.snmp.conf.tmpl +++ b/data/templates/snmp/etc.snmp.conf.j2 @@ -1,4 +1,4 @@ ### Autogenerated by snmp.py ### -{% if trap_source %} +{% if trap_source is vyos_defined %} clientaddr {{ trap_source }} {% endif %} diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2 new file mode 100644 index 000000000..d7dc0ba5d --- /dev/null +++ b/data/templates/snmp/etc.snmpd.conf.j2 @@ -0,0 +1,182 @@ +### Autogenerated by snmp.py ### + +# non configurable defaults +sysObjectID 1.3.6.1.4.1.44641 +sysServices 14 +master agentx +agentXPerms 0777 0777 +pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias +smuxpeer .1.3.6.1.2.1.83 +smuxpeer .1.3.6.1.2.1.157 +smuxsocket localhost + +# linkUp/Down configure the Event MIB tables to monitor +# the ifTable for network interfaces being taken up or down +# for making internal queries to retrieve any necessary information +iquerySecName {{ vyos_user }} + +# Modified from the default linkUpDownNotification +# to include more OIDs and poll more frequently +notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus +notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus +monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 +monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 + +# Remove all old ifTable entries with the same ifName as newly appeared +# interface (with different ifIndex) - this is the case on e.g. ppp interfaces +interface_replace_old yes + +######################## +# configurable section # +######################## + +# Default system description is VyOS version +sysDescr VyOS {{ version }} + +{% if description is vyos_defined %} +# Description +SysDescr {{ description }} +{% endif %} + +# Listen +{% set options = [] %} +{% if listen_address is vyos_defined %} +{% for address, address_options in listen_address.items() %} +{% if address | is_ipv6 %} +{% set protocol = protocol ~ '6' %} +{% endif %} +{% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %} +{% endfor %} +{% else %} +{% set _ = options.append(protocol ~ ':161') %} +{% set _ = options.append(protocol ~ '6:161') %} +{% endif %} +agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} + +# SNMP communities +{% if community is vyos_defined %} +{% for comm, comm_config in community.items() %} +{% if comm_config.client is vyos_defined %} +{% for client in comm_config.client %} +{% if client | is_ipv4 %} +{{ comm_config.authorization }}community {{ comm }} {{ client }} +{% elif client | is_ipv6 %} +{{ comm_config.authorization }}community6 {{ comm }} {{ client }} +{% endif %} +{% endfor %} +{% endif %} +{% if comm_config.network is vyos_defined %} +{% for network in comm_config.network %} +{% if network | is_ipv4 %} +{{ comm_config.authorization }}community {{ comm }} {{ network }} +{% elif client | is_ipv6 %} +{{ comm_config.authorization }}community6 {{ comm }} {{ network }} +{% endif %} +{% endfor %} +{% endif %} +{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} +{{ comm_config.authorization }}community {{ comm }} +{% endif %} +{% endfor %} +{% endif %} + +{% if contact is vyos_defined %} +# system contact information +SysContact {{ contact }} +{% endif %} + +{% if location is vyos_defined %} +# system location information +SysLocation {{ location }} +{% endif %} + +{% if smux_peer is vyos_defined %} +# additional smux peers +{% for peer in smux_peer %} +smuxpeer {{ peer }} +{% endfor %} +{% endif %} + +{% if trap_target is vyos_defined %} +# if there is a problem - tell someone! +{% for trap, trap_config in trap_target.items() %} +trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }} +{% endfor %} +{% endif %} + +{% if v3 is vyos_defined %} +# +# SNMPv3 stuff goes here +# +{% if v3.view is vyos_defined %} +# views +{% for view, view_config in v3.view.items() %} +{% if view_config.oid is vyos_defined %} +{% for oid in view_config.oid %} +view {{ view }} included .{{ oid }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} + +# access +{% if v3.group is vyos_defined %} +# context sec.model sec.level match read write notif +{% for group, group_config in v3.group.items() %} +access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {{ 'none' if group_config.mode == 'ro' else group_config.view }} none +{% endfor %} +{% endif %} + +# trap-target +{% if v3.trap_target is vyos_defined %} +{% for trap, trap_config in v3.trap_target.items() %} +{% set options = '' %} +{% if trap_config.type == 'inform' %} +{% set options = options ~ ' -Ci' %} +{% endif %} +{% if v3.engineid is vyos_defined %} +{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %} +{% endif %} +{% if trap_config.user is vyos_defined %} +{% set options = options ~ ' -u ' ~ trap_config.user %} +{% endif %} +{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %} +{% set options = options ~ ' -a ' ~ trap_config.auth.type %} +{% if trap_config.auth.plaintext_password is vyos_defined %} +{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %} +{% elif trap_config.auth.encrypted_password is vyos_defined %} +{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %} +{% endif %} +{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %} +{% set options = options ~ ' -x ' ~ trap_config.privacy.type %} +{% if trap_config.privacy.plaintext_password is vyos_defined %} +{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %} +{% elif trap_config.privacy.encrypted_password is vyos_defined %} +{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %} +{% endif %} +{% set options = options ~ ' -l authPriv' %} +{% else %} +{% set options = options ~ ' -l authNoPriv' %} +{% endif %} +{% else %} +{% set options = options ~ ' -l noAuthNoPriv' %} +{% endif %} +trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }} +{% endfor %} +{% endif %} + +# group +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} +group {{ user_config.group }} usm {{ user }} +{% endfor %} +{% endif %} +{# SNMPv3 end #} +{% endif %} + +{% if script_extensions.extension_name is vyos_defined %} +# extension scripts +{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %} +extend {{ script }} {{ script_config.script }} +{% endfor %} +{% endif %} diff --git a/data/templates/snmp/etc.snmpd.conf.tmpl b/data/templates/snmp/etc.snmpd.conf.tmpl deleted file mode 100644 index 30806ce8a..000000000 --- a/data/templates/snmp/etc.snmpd.conf.tmpl +++ /dev/null @@ -1,119 +0,0 @@ -### Autogenerated by snmp.py ### - -# non configurable defaults -sysObjectID 1.3.6.1.4.1.44641 -sysServices 14 -master agentx -agentXPerms 0777 0777 -pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias -smuxpeer .1.3.6.1.2.1.83 -smuxpeer .1.3.6.1.2.1.157 -smuxsocket localhost - -# linkUp/Down configure the Event MIB tables to monitor -# the ifTable for network interfaces being taken up or down -# for making internal queries to retrieve any necessary information -iquerySecName {{ vyos_user }} - -# Modified from the default linkUpDownNotification -# to include more OIDs and poll more frequently -notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus -notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus -monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 -monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 - -# Remove all old ifTable entries with the same ifName as newly appeared -# interface (with different ifIndex) - this is the case on e.g. ppp interfaces -interface_replace_old yes - -######################## -# configurable section # -######################## - -# Default system description is VyOS version -sysDescr VyOS {{ version }} - -{% if description %} -# Description -SysDescr {{ description }} -{% endif %} - -# Listen -agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},{{protocol}}:161{% if ipv6_enabled %},{{protocol}}6:161{% endif %}{% endif %} - -# SNMP communities -{% for c in communities %} -{% if c.network_v4 %} -{% for network in c.network_v4 %} -{{ c.authorization }}community {{ c.name }} {{ network }} -{% endfor %} -{% elif not c.has_source %} -{{ c.authorization }}community {{ c.name }} -{% endif %} -{% if c.network_v6 %} -{% for network in c.network_v6 %} -{{ c.authorization }}community6 {{ c.name }} {{ network }} -{% endfor %} -{% elif not c.has_source %} -{{ c.authorization }}community6 {{ c.name }} -{% endif %} -{% endfor %} - -{% if contact %} -# system contact information -SysContact {{ contact }} -{% endif %} - -{% if location %} -# system location information -SysLocation {{ location }} -{% endif %} - -{% if smux_peers %} -# additional smux peers -{% for sp in smux_peers %} -smuxpeer {{ sp }} -{% endfor %} -{% endif %} - -{% if trap_targets %} -# if there is a problem - tell someone! -{% for trap in trap_targets %} -trap2sink {{ trap.target }}{{ ":" + trap.port if trap.port is defined }} {{ trap.community }} -{% endfor %} -{% endif %} - -{% if v3_enabled %} -# -# SNMPv3 stuff goes here -# -# views -{% for view in v3_views %} -{% for oid in view.oids %} -view {{ view.name }} included .{{ oid.oid }} -{% endfor %} -{% endfor %} - -# access -# context sec.model sec.level match read write notif -{% for group in v3_groups %} -access {{ group.name }} "" usm {{ group.seclevel }} exact {{ group.view }} {% if group.mode == 'ro' %}none{% else %}{{ group.view }}{% endif %} none -{% endfor %} - -# trap-target -{% for t in v3_traps %} -trapsess -v 3 {{ '-Ci' if t.type == 'inform' }} -e {{ v3_engineid }} -u {{ t.secName }} -l {{ t.secLevel }} -a {{ t.authProtocol }} {% if t.authPassword %}-A {{ t.authPassword }}{% elif t.authMasterKey %}-3m {{ t.authMasterKey }}{% endif %} -x {{ t.privProtocol }} {% if t.privPassword %}-X {{ t.privPassword }}{% elif t.privMasterKey %}-3M {{ t.privMasterKey }}{% endif %} {{ t.ipProto }}:{{ t.ipAddr }}:{{ t.ipPort }} -{% endfor %} - -# group -{% for u in v3_users %} -group {{ u.group }} usm {{ u.name }} -{% endfor %} -{% endif %} - -{% if script_ext %} -# extension scripts -{% for ext in script_ext|sort(attribute='name') %} -extend {{ ext.name }} {{ ext.script }} -{% endfor %} -{% endif %} diff --git a/data/templates/snmp/override.conf.j2 b/data/templates/snmp/override.conf.j2 new file mode 100644 index 000000000..5d787de86 --- /dev/null +++ b/data/templates/snmp/override.conf.j2 @@ -0,0 +1,14 @@ +{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} +{% set oid_route_table = ' ' if oid_enable is vyos_defined('route-table') else '-I -ipCidrRouteTable,inetCidrRouteTable' %} +[Unit] +StartLimitIntervalSec=0 +After=vyos-router.service + +[Service] +Environment= +Environment="MIBDIRS=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/vyos/mibs" +ExecStart= +ExecStart={{ vrf_command }}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp {{ oid_route_table }} -f -p /run/snmpd.pid +Restart=always +RestartSec=10 + diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.tmpl deleted file mode 100644 index 2ac45a89f..000000000 --- a/data/templates/snmp/override.conf.tmpl +++ /dev/null @@ -1,14 +0,0 @@ -{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} -{% set oid_route_table = ' ' if route_table is sameas true else '-I -ipCidrRouteTable,inetCidrRouteTable' %} -[Unit] -StartLimitIntervalSec=0 -After=vyos-router.service - -[Service] -Environment= -Environment="MIBDIRS=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/vyos/mibs" -ExecStart= -ExecStart={{vrf_command}}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp {{oid_route_table}} -f -p /run/snmpd.pid -Restart=always -RestartSec=10 - diff --git a/data/templates/snmp/usr.snmpd.conf.j2 b/data/templates/snmp/usr.snmpd.conf.j2 new file mode 100644 index 000000000..a713c1cec --- /dev/null +++ b/data/templates/snmp/usr.snmpd.conf.j2 @@ -0,0 +1,8 @@ +### Autogenerated by snmp.py ### +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} +{{ user_config.mode }}user {{ user }} +{% endfor %} +{% endif %} + +rwuser {{ vyos_user }} diff --git a/data/templates/snmp/usr.snmpd.conf.tmpl b/data/templates/snmp/usr.snmpd.conf.tmpl deleted file mode 100644 index e2c5ec102..000000000 --- a/data/templates/snmp/usr.snmpd.conf.tmpl +++ /dev/null @@ -1,6 +0,0 @@ -### Autogenerated by snmp.py ### -{% for u in v3_users %} -{{ u.mode }}user {{ u.name }} -{% endfor %} - -rwuser {{ vyos_user }} diff --git a/data/templates/snmp/var.snmpd.conf.j2 b/data/templates/snmp/var.snmpd.conf.j2 new file mode 100644 index 000000000..012f33aeb --- /dev/null +++ b/data/templates/snmp/var.snmpd.conf.j2 @@ -0,0 +1,16 @@ +### Autogenerated by snmp.py ### +# user +{% if v3 is vyos_defined %} +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} +usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.auth.type | snmp_auth_oid }} 0x{{ user_config.auth.encrypted_password }} {{ user_config.privacy.type | snmp_auth_oid }} 0x{{ user_config.privacy.encrypted_password }} 0x +{% endfor %} +{% endif %} + +# VyOS default user +createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES + +{% if v3.engineid is vyos_defined %} +oldEngineID 0x{{ v3.engineid }} +{% endif %} +{% endif %} diff --git a/data/templates/snmp/var.snmpd.conf.tmpl b/data/templates/snmp/var.snmpd.conf.tmpl deleted file mode 100644 index c779587df..000000000 --- a/data/templates/snmp/var.snmpd.conf.tmpl +++ /dev/null @@ -1,14 +0,0 @@ -### Autogenerated by snmp.py ### -# user -{% for u in v3_users %} -{% if u.authOID == 'none' %} -createUser {{ u.name }} -{% else %} -usmUser 1 3 0x{{ v3_engineid }} "{{ u.name }}" "{{ u.name }}" NULL {{ u.authOID }} 0x{{ u.authMasterKey }} {{ u.privOID }} 0x{{ u.privMasterKey }} 0x -{% endif %} -{% endfor %} - -createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES -{% if v3_engineid %} -oldEngineID 0x{{ v3_engineid }} -{% endif %} |