access: set up SNMP user for D-Link switches

This commit is contained in:
Timotej Lazar 2024-10-02 14:27:45 +02:00
parent e51d08c073
commit 9006832194
8 changed files with 53 additions and 1 deletions

View file

@ -7,4 +7,4 @@
answer:
- "y"
- "y"
when: "'handler' not in ansible_skip_tags"
when: "not ansible_check_mode and 'handler' not in ansible_skip_tags"

View file

@ -0,0 +1 @@
d-link.yml

View file

@ -0,0 +1 @@
d-link.yml

View file

@ -0,0 +1,37 @@
- name: Generate SNMP passwords
delegate_to: localhost
command: 'snmpv3-hashgen --yaml --user {{ password.snmp_user }} --auth {{ password.snmp_pass }} --priv {{ password.snmp_pass }} --hash sha1 --engine {{ snmp_engine_id }}'
check_mode: false
changed_when: false
register: snmp_config
- name: Get SNMP password hash
set_fact:
snmp_hashes: '{{ (snmp_config.stdout | from_yaml).snmpv3.hashes }}'
- name: Get switch facts
cisco.ios.ios_facts:
gather_subset: config
- name: Get SNMP users
set_fact:
snmp_current: "{{ ansible_net_config | split('\n') | select('match', '^snmp-server user '+password.snmp_user+' public v3') }}"
snmp_target: "snmp-server user {{ password.snmp_user }} public v3 encrypted auth sha {{ snmp_hashes.auth }} priv {{ snmp_hashes.priv[:32] }} "
- name: Remove existing SNMP user to reset password
when: 'snmp_current and snmp_target is not in snmp_current'
block:
- name: Remove SNMP user
ansible.netcommon.cli_config:
config: 'no snmp-server user {{ password.snmp_user }} public v3'
notify: write config
- set_fact:
snmp_current: false
- name: Create SNMP user
when: 'not snmp_current'
ansible.netcommon.cli_config:
config: '{{ snmp_target }}'
notify: write config

View file

@ -0,0 +1 @@
fs.yml

View file

View file

@ -7,6 +7,10 @@
ansible_ssh_user: '{{ password.user }}'
ansible_ssh_pass: '{{ password.pass }}'
- name: Generate SNMP engine ID from serial number
set_fact:
snmp_engine_id: '{{ (serial | sha1)[:24] }}'
- name: Set configuration
ansible.netcommon.cli_config:
config: '{{ lookup("template", "config-"~manufacturer~"-"~device_type~".j2") }}'
@ -17,3 +21,6 @@
# These lines are not displayed by 'sho ru' and always reported as different, so ignore them.
changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|no voice vlan.*|switchport mode access|switchport mode hybrid|interface .*|no enable service web-server https?)$')
notify: write config
- name: Run model-specific tasks
include_tasks: '{{ manufacturer~"-"~device_type~".yml" }}'

View file

@ -69,7 +69,12 @@ voice vlan {{ voice_vlan }}
no voice vlan
{% endif %}
snmp-server
snmp-server name {{ inventory_hostname }}
snmp-server location {{ rack }}
{# SNMP engine ID must be exactly 24 hex digits #}
snmp-server engineID local {{ snmp_engine_id }}
snmp-server group public v3 priv read CommunityView
sntp enable
{% for address in ntp %}