diff --git a/roles/access/handlers/main.yml b/roles/access/handlers/main.yml index af48a6f..5a7fcbd 100644 --- a/roles/access/handlers/main.yml +++ b/roles/access/handlers/main.yml @@ -7,4 +7,4 @@ answer: - "y" - "y" - when: "'handler' not in ansible_skip_tags" + when: "not ansible_check_mode and 'handler' not in ansible_skip_tags" diff --git a/roles/access/tasks/d-link-dgs-1510-52x.yml b/roles/access/tasks/d-link-dgs-1510-52x.yml new file mode 120000 index 0000000..c0ec355 --- /dev/null +++ b/roles/access/tasks/d-link-dgs-1510-52x.yml @@ -0,0 +1 @@ +d-link.yml \ No newline at end of file diff --git a/roles/access/tasks/d-link-dgs-1510-52xmp.yml b/roles/access/tasks/d-link-dgs-1510-52xmp.yml new file mode 120000 index 0000000..c0ec355 --- /dev/null +++ b/roles/access/tasks/d-link-dgs-1510-52xmp.yml @@ -0,0 +1 @@ +d-link.yml \ No newline at end of file diff --git a/roles/access/tasks/d-link.yml b/roles/access/tasks/d-link.yml new file mode 100644 index 0000000..413fe87 --- /dev/null +++ b/roles/access/tasks/d-link.yml @@ -0,0 +1,40 @@ +- name: Get secrets for SNMP manager + set_fact: + manager: '{{ lookup("passwordstore", "host/"+snmp_manager.name, returnall=true, missing="empty") | from_yaml }}' + +- name: Generate SNMP passwords + delegate_to: localhost + command: 'snmpv3-hashgen --yaml --user {{ manager.snmp_user }} --auth {{ manager.snmp_pass }} --priv {{ manager.snmp_pass }} --hash sha1 --engine {{ snmp_engine_id }}' + check_mode: false + changed_when: false + register: snmp_config + +- name: Get SNMP password hash + set_fact: + snmp_hashes: '{{ (snmp_config.stdout | from_yaml).snmpv3.hashes }}' + +- name: Get switch facts + cisco.ios.ios_facts: + gather_subset: config + +- name: Get SNMP users + set_fact: + snmp_current: "{{ ansible_net_config | split('\n') | select('match', '^snmp-server user '+manager.snmp_user+' public v3') }}" + snmp_target: "snmp-server user {{ manager.snmp_user }} public v3 encrypted auth sha {{ snmp_hashes.auth }} priv {{ snmp_hashes.priv[:32] }} " + +- name: Remove existing SNMP user to reset password + when: 'snmp_current and snmp_target is not in snmp_current' + block: + - name: Remove SNMP user + ansible.netcommon.cli_config: + config: 'no snmp-server user {{ manager.snmp_user }} public v3' + notify: write config + + - set_fact: + snmp_current: false + +- name: Create SNMP user + when: 'not snmp_current' + ansible.netcommon.cli_config: + config: '{{ snmp_target }}' + notify: write config diff --git a/roles/access/tasks/fs-s5860-48xmg-u.yml b/roles/access/tasks/fs-s5860-48xmg-u.yml new file mode 120000 index 0000000..b136bed --- /dev/null +++ b/roles/access/tasks/fs-s5860-48xmg-u.yml @@ -0,0 +1 @@ +fs.yml \ No newline at end of file diff --git a/roles/access/tasks/fs.yml b/roles/access/tasks/fs.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/access/tasks/main.yml b/roles/access/tasks/main.yml index 3e82132..a48f03e 100644 --- a/roles/access/tasks/main.yml +++ b/roles/access/tasks/main.yml @@ -7,6 +7,10 @@ ansible_ssh_user: '{{ password.user }}' ansible_ssh_pass: '{{ password.pass }}' +- name: Generate SNMP engine ID from serial number + set_fact: + snmp_engine_id: '{{ (serial | sha1)[:24] }}' + - name: Set configuration ansible.netcommon.cli_config: config: '{{ lookup("template", "config-"~manufacturer~"-"~device_type~".j2") }}' @@ -17,3 +21,6 @@ # These lines are not displayed by 'sho ru' and always reported as different, so ignore them. changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|no voice vlan.*|switchport mode access|switchport mode hybrid|interface .*|no enable service web-server https?)$') notify: write config + +- name: Run model-specific tasks + include_tasks: '{{ manufacturer~"-"~device_type~".yml" }}' diff --git a/roles/access/templates/config-d-link.j2 b/roles/access/templates/config-d-link.j2 index 2313f15..ab2a982 100644 --- a/roles/access/templates/config-d-link.j2 +++ b/roles/access/templates/config-d-link.j2 @@ -69,7 +69,12 @@ voice vlan {{ voice_vlan }} no voice vlan {% endif %} +snmp-server snmp-server name {{ inventory_hostname }} +snmp-server location {{ rack }} +{# SNMP engine ID must be exactly 24 hex digits #} +snmp-server engineID local {{ snmp_engine_id }} +snmp-server group public v3 priv read CommunityView sntp enable {% for address in ntp %}