access: set up SNMP for FS S5800 switches
This commit is contained in:
		
							parent
							
								
									4385ad4ff4
								
							
						
					
					
						commit
						beaa977e21
					
				
					 2 changed files with 40 additions and 1 deletions
				
			
		|  | @ -0,0 +1,32 @@ | |||
| - name: Get secrets for SNMP manager | ||||
|   set_fact: | ||||
|     manager: "{{ lookup('passwordstore', 'host/'+snmp_manager.name, returnall=true, missing='empty') | from_yaml }}" | ||||
| 
 | ||||
| - name: Get existing SNMP users | ||||
|   set_fact: | ||||
|     snmp_current: "{{ ansible_net_config | split('\n') | select('match', '^snmp-server usm-user '+manager.snmp_user) }}" | ||||
|     snmp_target: "snmp-server usm-user {{ manager.snmp_user }} authentication sha {{ manager.snmp_pass }} privacy des {{ manager.snmp_pass }} " | ||||
| 
 | ||||
| - name: Remove existing SNMP user to reset password | ||||
|   when: "snmp_current and snmp_target is not in snmp_current" | ||||
|   block: | ||||
|     - name: Remove SNMP user | ||||
|       ansible.netcommon.cli_config: | ||||
|         config: "{{ item }}" | ||||
|       loop: | ||||
|         - "no snmp-server usm-user {{ manager.snmp_user }}" | ||||
|         - "no snmp-server group public user {{ manager.snmp_user }} security-model usm" | ||||
|       notify: write config | ||||
| 
 | ||||
|     - set_fact: | ||||
|         snmp_current: false | ||||
| 
 | ||||
| - name: Create SNMP user | ||||
|   when: "not snmp_current" | ||||
|   ansible.netcommon.cli_config: | ||||
|     config: "{{ item }}" | ||||
|   loop: | ||||
|     - "{{ snmp_target }}" | ||||
|     - "snmp-server group public user {{ manager.snmp_user }} security-model usm" | ||||
|   no_log: true | ||||
|   notify: write config | ||||
|  | @ -1,5 +1,8 @@ | |||
| hostname {{ inventory_hostname }} | ||||
| 
 | ||||
| {# disable encryption until we figure out the hash function, otherwise we can’t create SNMP users idempotently #} | ||||
| no service password-encryption | ||||
| 
 | ||||
| service http disable | ||||
| service telnet disable | ||||
| 
 | ||||
|  | @ -10,7 +13,11 @@ vlan database | |||
| {% for vlan in del_vlans %} | ||||
|  no vlan {{ vlan }} | ||||
| {% endfor %} | ||||
| exit | ||||
| 
 | ||||
| snmp-server enable | ||||
| snmp-server system-location {{ rack }} | ||||
| snmp-server engineID {{ snmp_engine_id }} | ||||
| snmp-server access public security-model usm priv read _all_ | ||||
| 
 | ||||
| {# sort to ensure LAG interfaces are added last #} | ||||
| {% for iface in interfaces | sort(attribute="type.value") | sort(attribute="mgmt_only") %} | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue