Discussion:
Anyone managing snmp on Ubuntu with Ansible?
David Reagan
2014-01-24 01:25:26 UTC
Permalink
Hey all,

I've been looking into managing snmp via ansible. Setting the
/etc/snmp/snmpd.conf file is simple enough. Just a template call.

It's setting up a snmp v3 user that has me stumped. To do so, I run
"net-snmp-config --create-snmpv3-user", then follow the prompts.

I haven't tried it yet, but according to the help text,
--create-snmpv3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]

I can just run a command to create the user directly without the prompts.
That works

But I've never been comfortable with running a command like that every time
I run a playbook, and making some kind of init variable feels clunky to me.

So, does anyone have a better idea?

Anyone working on a module for snmp?
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Adam Morris
2014-01-29 18:32:07 UTC
Permalink
Not yet, but that might be something I have to do soon...

Looking at the documentation I could find it seems like that just adds two
lines to two files then restarts snmpd.

## OUTPUT ##

adding the following line to /var/lib/snmp/snmpd.conf:
createUser snmpv3user MD5 "snmpv3pass" DES
adding the following line to /usr/share/snmp/snmpd.conf:
rouser snmpv3user


If that is the case then surely there isn't any issue with using Ansible to
edit the files directly and then (if changed) restart the service?

Adam
Post by David Reagan
Hey all,
I've been looking into managing snmp via ansible. Setting the
/etc/snmp/snmpd.conf file is simple enough. Just a template call.
It's setting up a snmp v3 user that has me stumped. To do so, I run
"net-snmp-config --create-snmpv3-user", then follow the prompts.
I haven't tried it yet, but according to the help text,
--create-snmpv3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]
I can just run a command to create the user directly without the prompts.
That works
But I've never been comfortable with running a command like that every
time I run a playbook, and making some kind of init variable feels clunky
to me.
So, does anyone have a better idea?
Anyone working on a module for snmp?
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
David Reagan
2014-01-29 18:45:58 UTC
Permalink
Yeah, I've tried that. Didn't work. Maybe I did it wrong... Hmm...

In the default snmpd.conf file that Ubuntu installs, it says NOT to put
those lines in that file. So...

--David Reagan
Post by Adam Morris
Not yet, but that might be something I have to do soon...
Looking at the documentation I could find it seems like that just adds two
lines to two files then restarts snmpd.
## OUTPUT ##
createUser snmpv3user MD5 "snmpv3pass" DES
rouser snmpv3user
If that is the case then surely there isn't any issue with using Ansible
to edit the files directly and then (if changed) restart the service?
Adam
Post by David Reagan
Hey all,
I've been looking into managing snmp via ansible. Setting the
/etc/snmp/snmpd.conf file is simple enough. Just a template call.
It's setting up a snmp v3 user that has me stumped. To do so, I run
"net-snmp-config --create-snmpv3-user", then follow the prompts.
I haven't tried it yet, but according to the help text,
--create-snmpv3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]
I can just run a command to create the user directly without the prompts.
That works
But I've never been comfortable with running a command like that every
time I run a playbook, and making some kind of init variable feels clunky
to me.
So, does anyone have a better idea?
Anyone working on a module for snmp?
--
You received this message because you are subscribed to a topic in the
Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/ansible-project/-hRkjQFmFsw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
d***@iww.org
2014-08-19 15:03:37 UTC
Permalink
I know this is an old thread, but it came up in google, and I have a
working solution now, so here it is.

The trick is to remember that /var/lib/snmp/snmpd.conf is overwritten from
memory when snmpd shuts down, so it has to be off before you can write
anything to it.

- hosts: monitored
tasks:
- name: make sure snmpd is installed
apt: name=snmpd state=present
- name: make sure snmpd is off
service: name=snmpd state=stopped enabled=yes
- name: make sure snmpd is configured
copy: src=snmpd.conf.etc dest=/etc/snmp/snmpd.conf
- name: make sure snmpd has creds
lineinfile: dest=/var/lib/snmp/snmpd.conf line='createUser nis MD5
badpassword DES badpassword'
- name: make sure snmpd is on
service: name=snmpd state=started


It would be nice to skip the restart if the credentials were already there,
but since they are hashed there is no trivial way to check without the
service restart.

on the up side, if the createUser line is redundant snmpd does not create
an extra hash line, it just saves the one.

I originally tried adding the hashed credentail line before I discovered
that the hash is generated with the snmpd serial#, so the hash will not
validate unless generated on a machine with the same serial#
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8f7fbfe3-f709-41a9-b047-cb8f02250d3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Henry Finucane
2014-08-23 20:57:56 UTC
Permalink
I'm glad that you wrote this down- I run snmpd on Ubuntu, and I suspect my
setup only works accidentally.
Post by d***@iww.org
I know this is an old thread, but it came up in google, and I have a
working solution now, so here it is.
The trick is to remember that /var/lib/snmp/snmpd.conf is overwritten from
memory when snmpd shuts down, so it has to be off before you can write
anything to it.
- hosts: monitored
- name: make sure snmpd is installed
apt: name=snmpd state=present
- name: make sure snmpd is off
service: name=snmpd state=stopped enabled=yes
- name: make sure snmpd is configured
copy: src=snmpd.conf.etc dest=/etc/snmp/snmpd.conf
- name: make sure snmpd has creds
lineinfile: dest=/var/lib/snmp/snmpd.conf line='createUser nis MD5
badpassword DES badpassword'
- name: make sure snmpd is on
service: name=snmpd state=started
It would be nice to skip the restart if the credentials were already
there, but since they are hashed there is no trivial way to check without
the service restart.
on the up side, if the createUser line is redundant snmpd does not create
an extra hash line, it just saves the one.
I originally tried adding the hashed credentail line before I discovered
that the hash is generated with the snmpd serial#, so the hash will not
validate unless generated on a machine with the same serial#
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8f7fbfe3-f709-41a9-b047-cb8f02250d3e%40googlegroups.com
<https://groups.google.com/d/msgid/ansible-project/8f7fbfe3-f709-41a9-b047-cb8f02250d3e%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAGYSzJ_F%2BA%3DvUABpr-H9dx%2B1dPZ6taj%3DHQVLZ2aBAP%2ByVG%2B4DQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
David Reagan
2014-08-28 22:07:39 UTC
Permalink
Thanks. When I was initially working on my ansible role, I wasn't stopping
snmpd before editing the conf file. So, once I copied how you are doing
things, it started working. :)

--David Reagan
Post by d***@iww.org
I know this is an old thread, but it came up in google, and I have a
working solution now, so here it is.
The trick is to remember that /var/lib/snmp/snmpd.conf is overwritten from
memory when snmpd shuts down, so it has to be off before you can write
anything to it.
- hosts: monitored
- name: make sure snmpd is installed
apt: name=snmpd state=present
- name: make sure snmpd is off
service: name=snmpd state=stopped enabled=yes
- name: make sure snmpd is configured
copy: src=snmpd.conf.etc dest=/etc/snmp/snmpd.conf
- name: make sure snmpd has creds
lineinfile: dest=/var/lib/snmp/snmpd.conf line='createUser nis MD5
badpassword DES badpassword'
- name: make sure snmpd is on
service: name=snmpd state=started
It would be nice to skip the restart if the credentials were already
there, but since they are hashed there is no trivial way to check without
the service restart.
on the up side, if the createUser line is redundant snmpd does not create
an extra hash line, it just saves the one.
I originally tried adding the hashed credentail line before I discovered
that the hash is generated with the snmpd serial#, so the hash will not
validate unless generated on a machine with the same serial#
--
You received this message because you are subscribed to a topic in the
Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/ansible-project/-hRkjQFmFsw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8f7fbfe3-f709-41a9-b047-cb8f02250d3e%40googlegroups.com
<https://groups.google.com/d/msgid/ansible-project/8f7fbfe3-f709-41a9-b047-cb8f02250d3e%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CANo%2B_AdEC8TBZo6QXKJfiqNi9NCh2oMzJHv%3DrppwA7ch3RV9%2Bw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Loading...