access: set up SNMP user for D-Link switches
This commit is contained in:
parent
e51d08c073
commit
9006832194
|
@ -7,4 +7,4 @@
|
|||
answer:
|
||||
- "y"
|
||||
- "y"
|
||||
when: "'handler' not in ansible_skip_tags"
|
||||
when: "not ansible_check_mode and 'handler' not in ansible_skip_tags"
|
||||
|
|
1
roles/access/tasks/d-link-dgs-1510-52x.yml
Symbolic link
1
roles/access/tasks/d-link-dgs-1510-52x.yml
Symbolic link
|
@ -0,0 +1 @@
|
|||
d-link.yml
|
1
roles/access/tasks/d-link-dgs-1510-52xmp.yml
Symbolic link
1
roles/access/tasks/d-link-dgs-1510-52xmp.yml
Symbolic link
|
@ -0,0 +1 @@
|
|||
d-link.yml
|
37
roles/access/tasks/d-link.yml
Normal file
37
roles/access/tasks/d-link.yml
Normal file
|
@ -0,0 +1,37 @@
|
|||
- name: Generate SNMP passwords
|
||||
delegate_to: localhost
|
||||
command: 'snmpv3-hashgen --yaml --user {{ password.snmp_user }} --auth {{ password.snmp_pass }} --priv {{ password.snmp_pass }} --hash sha1 --engine {{ snmp_engine_id }}'
|
||||
check_mode: false
|
||||
changed_when: false
|
||||
register: snmp_config
|
||||
|
||||
- name: Get SNMP password hash
|
||||
set_fact:
|
||||
snmp_hashes: '{{ (snmp_config.stdout | from_yaml).snmpv3.hashes }}'
|
||||
|
||||
- name: Get switch facts
|
||||
cisco.ios.ios_facts:
|
||||
gather_subset: config
|
||||
|
||||
- name: Get SNMP users
|
||||
set_fact:
|
||||
snmp_current: "{{ ansible_net_config | split('\n') | select('match', '^snmp-server user '+password.snmp_user+' public v3') }}"
|
||||
snmp_target: "snmp-server user {{ password.snmp_user }} public v3 encrypted auth sha {{ snmp_hashes.auth }} priv {{ snmp_hashes.priv[:32] }} "
|
||||
|
||||
- name: Remove existing SNMP user to reset password
|
||||
when: 'snmp_current and snmp_target is not in snmp_current'
|
||||
block:
|
||||
- name: Remove SNMP user
|
||||
ansible.netcommon.cli_config:
|
||||
config: 'no snmp-server user {{ password.snmp_user }} public v3'
|
||||
notify: write config
|
||||
|
||||
- set_fact:
|
||||
snmp_current: false
|
||||
|
||||
- name: Create SNMP user
|
||||
when: 'not snmp_current'
|
||||
ansible.netcommon.cli_config:
|
||||
config: '{{ snmp_target }}'
|
||||
notify: write config
|
||||
|
1
roles/access/tasks/fs-s5860-48xmg-u.yml
Symbolic link
1
roles/access/tasks/fs-s5860-48xmg-u.yml
Symbolic link
|
@ -0,0 +1 @@
|
|||
fs.yml
|
0
roles/access/tasks/fs.yml
Normal file
0
roles/access/tasks/fs.yml
Normal file
|
@ -7,6 +7,10 @@
|
|||
ansible_ssh_user: '{{ password.user }}'
|
||||
ansible_ssh_pass: '{{ password.pass }}'
|
||||
|
||||
- name: Generate SNMP engine ID from serial number
|
||||
set_fact:
|
||||
snmp_engine_id: '{{ (serial | sha1)[:24] }}'
|
||||
|
||||
- name: Set configuration
|
||||
ansible.netcommon.cli_config:
|
||||
config: '{{ lookup("template", "config-"~manufacturer~"-"~device_type~".j2") }}'
|
||||
|
@ -17,3 +21,6 @@
|
|||
# These lines are not displayed by 'sho ru' and always reported as different, so ignore them.
|
||||
changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|no voice vlan.*|switchport mode access|switchport mode hybrid|interface .*|no enable service web-server https?)$')
|
||||
notify: write config
|
||||
|
||||
- name: Run model-specific tasks
|
||||
include_tasks: '{{ manufacturer~"-"~device_type~".yml" }}'
|
||||
|
|
|
@ -69,7 +69,12 @@ voice vlan {{ voice_vlan }}
|
|||
no voice vlan
|
||||
{% endif %}
|
||||
|
||||
snmp-server
|
||||
snmp-server name {{ inventory_hostname }}
|
||||
snmp-server location {{ rack }}
|
||||
{# SNMP engine ID must be exactly 24 hex digits #}
|
||||
snmp-server engineID local {{ snmp_engine_id }}
|
||||
snmp-server group public v3 priv read CommunityView
|
||||
|
||||
sntp enable
|
||||
{% for address in ntp %}
|
||||
|
|
Loading…
Reference in a new issue