Timotej Lazar
7a2223ea71
Define a custom SNMP group with read access only to fields we need. For D-Link switches, modifying the group must be handled the same as user, i.e. the group (and user) must be removed and readded. Untested for FS S5800.
67 lines
2.2 KiB
Django/Jinja
67 lines
2.2 KiB
Django/Jinja
hostname {{ inventory_hostname }}
|
|
|
|
{# disable encryption until we figure out the hash function, otherwise we can’t create SNMP users idempotently #}
|
|
no service password-encryption
|
|
|
|
service http disable
|
|
service telnet disable
|
|
|
|
vlan database
|
|
{% for vlan in add_vlans %}
|
|
vlan {{ vlan }}
|
|
{% endfor %}
|
|
{% for vlan in del_vlans %}
|
|
no vlan {{ vlan }}
|
|
{% endfor %}
|
|
|
|
snmp-server enable
|
|
snmp-server system-location {{ rack }}
|
|
snmp-server engineID {{ snmp_engine_id }}
|
|
snmp-server view public included 1.3.6.1.2.1.1 {# system +#}
|
|
snmp-server view public included 1.3.6.1.2.1.2 {# interfaces +#}
|
|
snmp-server view public included 1.3.6.1.2.1.17.7 {# qBridgeMIB +#}
|
|
snmp-server view public included 1.3.6.1.2.1.31 {# ifMIB +#}
|
|
snmp-server access public security-model usm priv read public
|
|
|
|
{# sort to ensure LAG interfaces are added last #}
|
|
{% for iface in interfaces | sort(attribute="type.value") | sort(attribute="mgmt_only") %}
|
|
{% if iface.mgmt_only %}
|
|
{% for address in iface.ip_addresses %}
|
|
{% set subnet = address.address | ipaddr('subnet') %}
|
|
{% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
|
|
{% if address.family.value == 4 %}
|
|
management ip address {{ address.address }}
|
|
{% if prefix.custom_fields.gateway %}
|
|
management route add gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') }}
|
|
{% endif %}
|
|
{% else %}
|
|
management ipv6 address {{ address.address }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
{% else %}
|
|
|
|
interface {{ iface.name }}
|
|
{% if iface.enabled %} no{% endif %} shutdown
|
|
{% if iface.lag %}
|
|
channel-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active
|
|
|
|
{% else %}
|
|
{% if iface.mode and iface.mode.value == 'access' %}
|
|
switchport mode access
|
|
{% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %}
|
|
switchport access vlan {{ iface.untagged_vlan.vid }}
|
|
{% else %}
|
|
no switchport access vlan
|
|
{% endif %}
|
|
{%- elif iface.mode and iface.mode.value == 'tagged' %}
|
|
switchport mode trunk
|
|
switchport trunk allowed vlan only {{ (iface.tagged_vlans or vlans) | map(attribute='vid') | compact_numlist }}
|
|
{%- elif iface.mode and iface.mode.value == 'tagged-all' %}
|
|
switchport mode trunk
|
|
switchport trunk allowed vlan all
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|