Ansible Playbook for Linux SNMP

Posted on by

This playbook is for installing and configuring SNMP on Ubuntu or RedHat machines

Change the snmp_location and snmp_contact etc. variables. Or define them in the inventory file, or pass them in as –extra-vars. –extra-vars=”snmp_location=’location address’ snmpv3_user=incredigeek …etc”

Couple of notes

  • We check to see if a read only SNMPv3 user has been created. If so, we don’t create a new one.
  • The snmpd service is stopped and started each time this is run
  • You will still need to allow SNMP through the firewall. Ubuntu or Fedora
---
- name: Linux SNMP Config
  hosts: all
  gather_facts: yes
  become: yes

# Install SNMPv3 on RHEL or Debian/Ubuntu
# Disable SNMP v1 and v2 on RHEL
# Configure SNMPv3 user

  vars:

    # Change these!
    snmp_location: My SNMP location
    snmp_contact: My SNMP contact info
    snmpv3_pass: mypassword
    snmpv3_user: incredigeek

    # These are used to disable the default public community.
    cmnt: '#'
    cmnt_lines:
      - com2sec notConfigUser
      - group   notConfigGroup
      - view    systemview
      - access  notConfigGroup 


  tasks: 

    - name: Check if SNMPv3 user exists
      ansible.builtin.lineinfile:
        path: /etc/snmp/snmpd.conf
        regexp: '^rouser'
        state: absent
      check_mode: yes
      changed_when: false
      register: snmpv3_user_exists

    - name: Stop SNMPD Service
      ansible.builtin.service:
        name: snmpd
        state: stopped

    - name: RHEL SNMP Config
      block:
        - name: Install SNMP RHEL
          ansible.builtin.dnf:
            name:
              - net-snmp
              - net-snmp-utils
            state: present

        - name: Disable public snmp community RHEL
          replace:
            path: /etc/snmp/snmpd.conf
            regexp: '^{{ item }}'
            replace: '{{ cmnt }} {{ item }}'
          loop: "{{ cmnt_lines }}"
        - name: Set SNMP Location
          ansible.builtin.lineinfile:
            path: /etc/snmp/snmpd.conf
            regexp: '^syslocation.*'
            line: "syslocation {{ snmp_location }}"

        - name: Set SNMP Contact
          ansible.builtin.lineinfile:
            path: /etc/snmp/snmpd.conf
            regexp: '^syscontact.*'
            line: "syscontact {{ snmp_contact }}"
        - name: Setup SNMPv3 user for RHEL
          shell: net-snmp-create-v3-user -ro -a SHA -A '{{ snmpv3_pass }}' -x '{{ snmpv3_pass }}' -X AES {{ snmpv3_user }}
          when: not snmpv3_user_exists.found

      when: ansible_os_family == "RedHat"

    - name: Debian SNMP Config
      block:
        - name: Install SNMP on Debian
          ansible.builtin.apt:
            pkg:
            - snmp
            - snmpd
            - libsnmp-dev

        - name: Modify available from address
          ansible.builtin.lineinfile:
            path: /etc/snmp/snmpd.conf
            regexp: '^agentAddress udp:127\.0\.0\.1:161'
            line: 'agentAddress udp:161,udp6:[::1]:161'

        - name: Set SNMP Location
          ansible.builtin.lineinfile:
            path: /etc/snmp/snmpd.conf
            regexp: '^sysLocation.*'
            line: "sysLocation {{ snmp_location }}"

        - name: Set SNMP Contact
          ansible.builtin.lineinfile:
            path: /etc/snmp/snmpd.conf
            regexp: '^sysContact.*'
            line: "sysContact {{ snmp_contact }}"
        - name: Setup SNMPv3 user for Debian
          shell: net-snmp-config --create-snmpv3-user -ro -a SHA -A '{{ snmpv3_pass }}' -x '{{ snmpv3_pass }}' -X AES {{ snmpv3_user }}
          when: not snmpv3_user_exists.found

      when: ansible_os_family == "Debian"

    - name: Enable SNMPD Service
      ansible.builtin.service:
        name: snmpd
        enabled: true

    - name: Start SNMPD Service
      ansible.builtin.service:
        name: snmpd
        state: started

Leave a Reply

Your email address will not be published. Required fields are marked *