summaryrefslogtreecommitdiff
path: root/src/conf_mode/snmp.py
AgeCommit message (Collapse)Author
2023-02-12T5001: Replace links to the phabricator siteChristian Breunig
Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev
2023-02-10snmp: T4857: explicitly define default community networks 0.0.0.0/0 and ::/0Christian Breunig
After the RESTRICTED view was introduced snmpd requires a network to be specified. Before adding the RESTRICTED view snmpd always assumed the default network 0.0.0.0/0. This commit re-adds the build in default networks for IPv4 and IPv6 and exposes it as a proper default to the CLI so the user is informed about it: vyos@vyos# set service snmp community foooo Possible completions: authorization Authorization type (default: ro) + client IP address of SNMP client allowed to contact system + network Subnet of SNMP client(s) allowed to contact system (default: 0.0.0.0/0, ::/0)
2023-01-19Merge pull request #1697 from nicolas-fort/snmp_reworkChristian Breunig
T4857: SNMP: Implement FRR SNMP Recomendations
2023-01-18T4857: change description in cli, and change word oid to uppercase OIDs in ↵Nicolas Fort
warning message
2023-01-18T4857: Cleaning prNicolas Fort
2023-01-14systemd: T2185: always place generated override files in /runChristian Breunig
This prevents any stale override files when the system is beeing rebooted, but the actual configuration was not saved. /run is a tmpfs and thus always fresh after boot.
2022-05-25Merge pull request #1088 from zdc/T4020-sagittaDaniil Baturin
FRR: T4020: Added CLI options for FRR daemons
2022-05-01snmp: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-04-16vyos.base: use Warning() helper where applicableChristian Poessinger
2022-04-11snmp: T4346: remove IPv6 disabled code-pathChristian Poessinger
2022-02-07FRR: T4020: Updated CLI options processing for FRR daemonszsdc
- Reverted changes from `python/vyos/util.py`. This may lead to unnecessary FRR restart during each boot, depending on a default file content and template, but makes this changeset cleaner. - Fixed typos in node names (extra `>` characters). - Added SNMP module for `isisd` and `ldpd`, since they have it compiled now.
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-12-27snmp: T4093: add missing verify() step for required group per snmp v3 userChristian Poessinger
2021-11-27FRR: T4020: Added CLI options for FRR daemonszsdc
Added first CLI items for controlling FRR daemons parameters that cannot be changed via vtysh and are available via arguments only. Now it is possible to enable/disable modules: SNMP (for each daemon), BMP (for BGP), IRDP (for Zebra).
2021-11-17snmp: T3996: fix invalid IPv6 localhost handling when using listen-addressChristian Poessinger
We need to use a temporary variable when validating the tuple if address is used. If not the else branch will always add the tuple to the list of addresses used for listen-address.
2021-10-25snmp: T2763: Add protocol TCP for service snmpViacheslav
2021-08-10snmp: T3709: Allow enable oid ipCidrRouteTableViacheslav
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-09-25T2926: Missing importkroy
2020-07-12snmp: T2687: replace 3rd party hash library with custom codeChristian Poessinger
The 3rd party library used for calculating the SNMP hashes in advance only worked for SHA and nod for MD5 as SHA was hardcoded [1]. The code has been replaced by a class-less implementation providing only the required functionality. [1]: https://github.com/TheMysteriousX/SNMPv3-Hash-Generator/issues/2
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-04snmp: vrf: T2682: support restart on failure indefinitely.Christian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-06-16snmp: T2321: use restart of start in systemctlChristian Poessinger
For an unknown reason snmpd not always starts after reboot.
2020-06-13snmp: T2321: add VRF supportChristian Poessinger
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-04-15dns-forwarding: T2298: fix path to control fileChristian Poessinger
After migrating PowerDNS to systemd and also its configuration files to a volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration files to volatile /run directory") the path for the control file has not been altered and pushed to the client rec_control binary"
2020-04-12template: T2230: use render to generate templatesThomas Mangin
convert all call to jinja to use template.render
2020-04-09util: T2226: os.system was wrongly converted to runThomas Mangin
os.system does print the ouput of the command, run() does not. A new function called call() does the printing and return the error code.
2020-04-06util: T2226: covert most calls from os.system to utilThomas Mangin
As little change a possible but the function call The behaviour should be totally unchanged.
2020-04-05snmp: T2230: move inlined templates to dedicated filesChristian Poessinger
2020-03-25T2161: Skip ipv6 listen, if it is disabledAndras Elso
2020-03-21snmp: cleanup import sectionChristian Poessinger
2020-02-19snmp: T1769: fix indentation error and add try clauseJohn Estabrook
2020-02-18snmp: T1769: cleanup leftove code path for certificate migrationChristian Poessinger
2020-02-18snmp: T2042: remove superfluous sudo callsChristian Poessinger
2020-02-18snmp: T2042: import statement cleanupChristian Poessinger
2020-02-15snmp: T2042: stricter validation when deleting SNMP in combination with LLDPChristian Poessinger
A consistency check was missing to prevent deleting the SNMP configuration but still setting "service lldp snmp enable".
2020-02-09snmp: T1931: instead of searching a pseudo marker find real marker in configChristian Poessinger
As we need to operate with usmUser, we can search for it directly if its present or not. There is always one usmUser entry for the system user.
2020-02-09snmp: T1931: change calling order when setting marker flagChristian Poessinger
2020-02-09snmp: T1931: delete obsolete reading of oldEngineIDChristian Poessinger
2020-02-09snmp: T1931: harden logic when re-reading config fpr encrypted keysChristian Poessinger
2020-02-09snmp: T1931: shorten file read timeout to 10msChristian Poessinger
2020-01-26snmpd: T1937: fix all startup warningsChristian Poessinger
This is actually an "upstream" bug, see [1] but it can be fixed via our own scripts. [1]: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1384122
2020-01-26Revert "snmp: T1937: fix "unknown token" warnings"Christian Poessinger
This reverts commit 6945b2e3561cd76d193d41dd6ab5249661230460.
2020-01-06service-snmp: T1931: Enabling SNMP commit errorhagbard
2020-01-03snmp: T1937: fix "unknown token" warningsChristian Poessinger
2019-12-30snmp: T1921: reduce syslog noiseChristian Poessinger
Remove informative but noisy messages: Dec 30 11:45:02 vyos snmpd[2870]: Connection from UDP: [172.16.100.1]:42781 ... Dec 30 11:45:02 vyos snmpd[2870]: Connection from UDP: [172.16.100.1]:57331 ...
2019-12-30snmp: T1921: change log optionsChristian Poessinger
suppress error message: Dec 30 11:44:10 LR1 snmpd[2870]: error on subcontainer 'ia_addr' insert (-1)
2019-12-30snmp: T1921: migrate sysvinit default to systemd override fileChristian Poessinger
2019-12-30snmp: adopt user/group to Debian BusterChristian Poessinger