Comments (11)
Of the three access control methods used by NetSNMP, only VACM is being used in the template. I intend to eventually allow the choice to utilize the traditional access control configuration (of which rocommunity is a member), but instead I just left it commented out in the template.
If you provide the parameters views and accesses along with ro_community, you should get a functional VACM access configuration.
class { 'snmp':
ro_community => 'public',
views => [
'view systemview included .1.3.6.1.2.1.1',
'view systemview included .1.3.6.1.2.1.25.1.1',
],
accesses => [
'access notConfigGroup "" any noauth exact systemview none none'
],
}
The template definitely needs more work in this area.
from puppet-snmp.
to emulate this "traditional" behaviour you can just set views by adding the below config variable to your snmp class, obviously this removes the default setup that the module configures, the default config which you get without it hides network ifaces among other things so i had to do this for my observium install to start seeing NIC data again
views => ["systemview included .1"]
from puppet-snmp.
Also seeing this issue, simply adding what @anthonysomerset suggested fixed the issue. I actually didn't have to add the other views and accesses definitions from @razorsedge .
from puppet-snmp.
Why setting a RO community different from 'public', I get this snmpd.conf file?
...
# Traditional Access Control
#rocommunity blabla1 10.0.0.0/8
# ------------------------------------------------------------------------------
# VACM Configuration
# sec.name source community
com2sec notConfigUser default public
...
from puppet-snmp.
The real solution to this is to use VACM instead of rocommunity. Although
it's not documented in the module very well I believe this was the
original intention. VACM is a lot more complicated to configure but it ends
up being more flexible as I discovered.
To answer your question that field is broken, you can still use rocommunity
by using the snmp_config parameter, I did that until I had time to figure
out VACM. In my opinion though the community parameter should either be
fixed or removed.
On Thursday, May 29, 2014, mimmus [email protected] wrote:
Why setting a RO community different from 'public', I get this snmpd.conf
file?...
Traditional Access Control
#rocommunity blabla1 10.0.0.0/8
------------------------------------------------------------------------------
VACM Configuration
sec.name source community
com2sec notConfigUser default public
...—
Reply to this email directly or view it on GitHub
#10 (comment)
.
from puppet-snmp.
I solved using com2sec.
I agree that ro_community, ro_network, rw_community, rw_network are in effect not used at all by module and should be either fixed or removed.
from puppet-snmp.
I will accept PRs to fix this. :-) Not sure when my schedule will allow me to get to it.
from puppet-snmp.
I'm trying to fix it, is there any reason to keep ro_network and rw_network parameters ? They make the template writing a bit more complicated. Can we consider those elements can be parts of ro_community and rw_community strings if needed ?
from puppet-snmp.
Documentation has been updated in commit 84bab50. Is this helpful until I can get things refactored?
from puppet-snmp.
Just thought I'd point out that the view part of the config at #10 (comment) doubles up on the "view" command at the start of the lines.
from puppet-snmp.
This is fixed in razorsedge/snmp version 3.3.1.
from puppet-snmp.
Related Issues (20)
- # Other Configuration HOT 2
- To support CentOS 8 HOT 1
- rw and ro community strings wrong and default breaks rhel7 if ipv6 off
- $facts['networking']['fqdn'] is too recent HOT 3
- Dependency on stdlib versions incorrect for version 5.1.0 ; types/ip/address/v6/cidr.pp and type Stdlib::IP::Address::V6::CIDR does not exist in 4.25.0
- Docs: Incorrect dependency (stdlib) listed on forge.puppet.com page HOT 2
- Doesn't work on ubuntu focal 20.04 HOT 1
- Cannot disable traditional access control for ro_community{,6}
- FreeBSD Support
- Support Debian Bullseye 11 (to be released in may or june) HOT 4
- systemd daemon-reload restarts snmpd HOT 15
- snmpd starts on each puppet run HOT 1
- Incorrect type of agentx_perms parameter
- Release new version HOT 4
- How to disable snmpv1 and v2 HOT 1
- Support for Ubuntu 22.04 HOT 6
- Reload snmpd config instead of restarting service by default
- $snmpv2_enable parameter does not disable snmpv2.
- snmpd_options and/or snmptrapd_options are ignored on Ubuntu and Debian due to lack of systemd support
- Removing a non-empty directory $var_net_snmp
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-snmp.