From: Tom Hughes <tom@compton.nu>
Date: Thu, 26 Sep 2013 18:46:49 +0000 (+0100)
Subject: Enable SNMP on lyonix servers
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/43579f6444232b183805cfba96dcac36332c81f2?ds=sidebyside

Enable SNMP on lyonix servers
---

diff --git a/cookbooks/snmpd/README.md b/cookbooks/snmpd/README.md
new file mode 100644
index 000000000..6b087690a
--- /dev/null
+++ b/cookbooks/snmpd/README.md
@@ -0,0 +1,57 @@
+DESCRIPTION
+===========
+
+Configures networking.
+
+USAGE
+=====
+
+Set the networking attributes in a role, for example from my base.rb:
+
+    :networking => {
+      :nameservers => [ "10.13.37.120", "10.13.37.40" ],
+      :search => [ "int.example.org". "example.org" ]
+    }
+
+The resulting /etc/resolv.conf will look like:
+
+    search int.example.org example.org
+    nameserver 10.13.37.120
+    nameserver 10.13.37.40
+
+LICENSE AND AUTHOR
+==================
+
+Author:: OpenStreetMap Administrators (<admins@openstreetmap.org>)
+
+Copyright 2010, OpenStreetMap Foundation.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Based on resolver cookbook:
+
+Author:: Joshua Timberman (<joshua@opscode.com>)
+
+Copyright 2009, Opscode, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/cookbooks/snmpd/attributes/default.rb b/cookbooks/snmpd/attributes/default.rb
new file mode 100644
index 000000000..55bd9a78d
--- /dev/null
+++ b/cookbooks/snmpd/attributes/default.rb
@@ -0,0 +1 @@
+default[:rsyncd][:modules] = [ ]
diff --git a/cookbooks/snmpd/metadata.rb b/cookbooks/snmpd/metadata.rb
new file mode 100644
index 000000000..f5bcb2e5f
--- /dev/null
+++ b/cookbooks/snmpd/metadata.rb
@@ -0,0 +1,17 @@
+maintainer        "OpenStreetMap Administrators"
+maintainer_email  "admins@openstreetmap.org"
+license           "Apache 2.0"
+description       "Configures snmpd"
+long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version           "1.0.0"
+depends           "networking"
+
+attribute "snmpd",
+  :display_name => "snmpd",
+  :description => "Hash of snmpd attributes",
+  :type => "hash"
+
+attribute "snmpd/clients",
+  :display_name => "snmpd",
+  :description => "Array of addresses allowed to query snmpd",
+  :type => "array"
diff --git a/cookbooks/snmpd/recipes/default.rb b/cookbooks/snmpd/recipes/default.rb
new file mode 100644
index 000000000..c67466785
--- /dev/null
+++ b/cookbooks/snmpd/recipes/default.rb
@@ -0,0 +1,50 @@
+#
+# Cookbook Name:: snmpd
+# Recipe:: default
+#
+# Copyright 2013, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "networking"
+
+communities = data_bag_item("snmpd", "communities")
+
+package "snmpd"
+
+service "snmpd" do
+  action [ :enable, :start ]
+  supports :status => true, :restart => true
+end
+
+template "/etc/snmp/snmpd.conf" do
+  source "snmpd.conf.erb"
+  owner "root"
+  group "root"
+  mode 0600
+  variables :communities => communities
+  notifies :restart, resources(:service => "snmpd")
+end
+
+node[:snmpd][:clients].each do |address|
+  firewall_rule "accept-snmp" do
+    action :accept
+    family "inet"
+    source "net:#{address}"
+    dest "fw"
+    proto "udp"
+    dest_ports "snmp"
+    source_ports "1024:"
+  end
+end
diff --git a/cookbooks/snmpd/templates/default/snmpd.conf.erb b/cookbooks/snmpd/templates/default/snmpd.conf.erb
new file mode 100644
index 000000000..acddef736
--- /dev/null
+++ b/cookbooks/snmpd/templates/default/snmpd.conf.erb
@@ -0,0 +1,5 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+rocommunity     <%= @communities[node[:snmpd][:community]] %>
+syslocation     <%= node[:snmpd][:location] %>
+syscontact      <%= node[:snmpd][:contact] %>
diff --git a/roles/lyonix.rb b/roles/lyonix.rb
index 8233916fd..f7bb27a3d 100644
--- a/roles/lyonix.rb
+++ b/roles/lyonix.rb
@@ -14,6 +14,12 @@ default_attributes(
         :zone => "ly"
       }
     }
+  },
+  :snmpd => {
+    :clients => [ "77.95.64.0/24", "77.95.70.0/24" ],
+    :community => "lyonix",
+    :location => "LYON",
+    :contact => "noc@lyonix.net"
   }
 )
 
@@ -24,5 +30,6 @@ override_attributes(
 )
 
 run_list(
-  "role[fr]"
+  "role[fr]",
+  "recipe[snmpd]"
 )