access: set up SNMP for FS S5800 switches
This commit is contained in:
parent
4385ad4ff4
commit
beaa977e21
2 changed files with 40 additions and 1 deletions
|
@ -0,0 +1,32 @@
|
|||
- name: Get secrets for SNMP manager
|
||||
set_fact:
|
||||
manager: "{{ lookup('passwordstore', 'host/'+snmp_manager.name, returnall=true, missing='empty') | from_yaml }}"
|
||||
|
||||
- name: Get existing SNMP users
|
||||
set_fact:
|
||||
snmp_current: "{{ ansible_net_config | split('\n') | select('match', '^snmp-server usm-user '+manager.snmp_user) }}"
|
||||
snmp_target: "snmp-server usm-user {{ manager.snmp_user }} authentication sha {{ manager.snmp_pass }} privacy des {{ manager.snmp_pass }} "
|
||||
|
||||
- name: Remove existing SNMP user to reset password
|
||||
when: "snmp_current and snmp_target is not in snmp_current"
|
||||
block:
|
||||
- name: Remove SNMP user
|
||||
ansible.netcommon.cli_config:
|
||||
config: "{{ item }}"
|
||||
loop:
|
||||
- "no snmp-server usm-user {{ manager.snmp_user }}"
|
||||
- "no snmp-server group public user {{ manager.snmp_user }} security-model usm"
|
||||
notify: write config
|
||||
|
||||
- set_fact:
|
||||
snmp_current: false
|
||||
|
||||
- name: Create SNMP user
|
||||
when: "not snmp_current"
|
||||
ansible.netcommon.cli_config:
|
||||
config: "{{ item }}"
|
||||
loop:
|
||||
- "{{ snmp_target }}"
|
||||
- "snmp-server group public user {{ manager.snmp_user }} security-model usm"
|
||||
no_log: true
|
||||
notify: write config
|
|
@ -1,5 +1,8 @@
|
|||
hostname {{ inventory_hostname }}
|
||||
|
||||
{# disable encryption until we figure out the hash function, otherwise we can’t create SNMP users idempotently #}
|
||||
no service password-encryption
|
||||
|
||||
service http disable
|
||||
service telnet disable
|
||||
|
||||
|
@ -10,7 +13,11 @@ vlan database
|
|||
{% for vlan in del_vlans %}
|
||||
no vlan {{ vlan }}
|
||||
{% endfor %}
|
||||
exit
|
||||
|
||||
snmp-server enable
|
||||
snmp-server system-location {{ rack }}
|
||||
snmp-server engineID {{ snmp_engine_id }}
|
||||
snmp-server access public security-model usm priv read _all_
|
||||
|
||||
{# sort to ensure LAG interfaces are added last #}
|
||||
{% for iface in interfaces | sort(attribute="type.value") | sort(attribute="mgmt_only") %}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue