debops.snmpd default variables¶
Sections
Basic configuration options¶
-
snmpd_packages¶
List of additional packages to install with snmpd.
snmpd_packages: []
-
snmpd_user¶
The user account used by the snmpd daemon.
snmpd_user: '{{ "snmp"
if ((ansible_distribution == "Ubuntu" and
ansible_distribution_release not in ["bionic"]) or
ansible_distribution_release in [ "wheezy", "jessie" ])
else "Debian-snmp" }}'
-
snmpd_group¶
The group used by the snmpd daemon.
snmpd_group: '{{ "snmp"
if ((ansible_distribution == "Ubuntu" and
ansible_distribution_release not in ["bionic"]) or
ansible_distribution_release in [ "wheezy", "jessie" ])
else "Debian-snmp" }}'
-
snmpd_logging_options¶
String with snmpd log-related options, can be used to change log
verbosity for debugging.
snmpd_logging_options: '-LScd'
-
snmpd_custom_options¶
Custom snmpd options written in YAML text block format,
inserted into /etc/snmp/snmpd.conf configuration file on
all hosts in the inventory.
snmpd_custom_options: ''
-
snmpd_group_custom_options¶
Custom snmpd options written in YAML text block format,
inserted into /etc/snmp/snmpd.conf configuration file on
hosts in specific inventory group.
snmpd_group_custom_options: ''
-
snmpd_host_custom_options¶
Custom snmpd options written in YAML text block format,
inserted into /etc/snmp/snmpd.conf configuration file on
specific hosts in the inventory.
snmpd_host_custom_options: ''
-
snmpd_combined_custom_options¶
List which combines all of the snmp_*_custom_options entries
together and is used in the role tasks and templates.
snmpd_combined_custom_options: '{{ snmpd_custom_options
+ snmpd_group_custom_options
+ snmpd_host_custom_options }}'
-
snmpd_download_mibs¶
Download MIB definitions by default?
snmpd_download_mibs: '{{ True
if (ansible_local|d() and ansible_local.apt|d() and
(ansible_local.apt.nonfree|d())|bool)
else False }}'
-
snmpd_extension_scripts¶
Path on the remote host where extension scripts are stored
snmpd_extension_scripts: '{{ (ansible_local.fhs.lib | d("/usr/local/lib"))
+ "/snmpd" }}'
Network options, firewall, TCP wrappers¶
-
snmpd_allow¶
List of IP addresses or CIDR networks which can connect to SNMP service (global). If not specified, remote connections are blocked.
snmpd_allow: []
-
snmpd_group_allow¶
List of IP addresses or CIDR networks which can connect to SNMP service (per Ansible group). If not specified, remote connections are blocked.
snmpd_group_allow: []
-
snmpd_host_allow¶
List of IP addresses or CIDR networks which can connect to SNMP service (per Ansible host). If not specified, remote connections are blocked.
snmpd_host_allow: []
-
snmpd_local_allow¶
List of IP addresses or CIDR networks which can connect to SNMP service (from localhost). If not specified, remote connections are blocked.
snmpd_local_allow: '{{ ansible_all_ipv4_addresses | d([]) +
(ansible_all_ipv6_addresses | d([])
| difference(ansible_all_ipv6_addresses | d([])
| ansible.utils.ipaddr("link-local"))) }}'
-
snmpd_agent_address¶
List of addresses on which to listen for incoming connections. By default
snmpd listens on all interfaces and firewall / TCP wrappers are used to
limit what remote hosts can connect.
snmpd_agent_address: [ 'udp:0.0.0.0:161', 'udp6:[::]:161' ]
sysLocation, sysContact, sysName SNMP variables¶
-
snmpd_organization¶
Organization name used in sysLocation and sysContact SNMP variables.
snmpd_organization: '{{ ansible_domain.split(".") | first | capitalize }}'
-
snmpd_sys_location¶
String set as sysLocation SNMP variable.
snmpd_sys_location: '{{ snmpd_organization + " " + snmpd_sys_location_name }}'
-
snmpd_sys_location_name¶
Name of the "virtual" location, appended to the organization name derived from DNS domain name.
snmpd_sys_location_name: 'Data Center'
-
snmpd_sys_contact¶
Contact information for a device set as sysContact SNMP variable.
snmpd_sys_contact: '{{ snmpd_sys_contact_name + " <" + snmpd_sys_contact_email + ">" }}'
-
snmpd_sys_contact_name¶
Name of the contact set as sysContact variable.
snmpd_sys_contact_name: '{{ snmpd_organization + " System Administrator" }}'
-
snmpd_sys_contact_email¶
E-mail address of the contact set as sysContact variable.
snmpd_sys_contact_email: 'root@{{ ansible_domain }}'
-
snmpd_sys_name¶
Host FQDN set as the sysName SNMP variable.
snmpd_sys_name: '{{ ansible_fqdn }}'
CPU load average monitoring¶
-
snmpd_load¶
Enable or disable load average monitoring
snmpd_load: True
-
snmpd_load_profile¶
Name of the load average "profile" to use, see snmpd_load_percent_map and
snmpd_load_weight_map variables for list of profiles.
snmpd_load_profile: 'default'
-
snmpd_load_percent¶
Name of the profile used to define amount of available CPU power taken into
account for load average profile calculation. See snmpd_load_percent_map
variable for list of available profiles.
snmpd_load_percent: '{{ snmpd_load_profile }}'
-
snmpd_load_weight¶
Name of the profile used to scale the load average profile calculation for
different time periods. See snmpd_load_percent_map variable for list of
available profiles.
snmpd_load_weight: '{{ snmpd_load_profile }}'
-
snmpd_load_base¶
Base value used to calculate load average profiles - number of vCPU cores.
snmpd_load_base: '{{ ansible_processor_vcpus }}'
-
snmpd_load_percent_map¶
Dict with CPU percentage profiles.
Each profile is a list of entries, 1 minute load average, 5 minutes and 15 minutes. Each entry defines how much of total CPU power available on a host is taken into account, divided by number of virtual CPUs present; for example with 4 vCPUs, 100% means 4 vCPUs, 50% means ~2 vCPUs, 200% means ~8 vCPUs, and so on.
Values lower than 100% mean that alerts will be fired earlier, values higher than 100% give processes more time to do the work before firing the alerts.
snmpd_load_percent_map:
'default': [ '90', '90', '100' ]
-
snmpd_load_weight_map¶
Dict with load average weight profiles.
Each profile is a list of entries, 1 minute load average, 5 minutes and 15 minutes. Each entry defines how the calculation for a particular average is scaled. You can use this parameter to make each value lower (with less than 1.0) or higher (with more than 1.0) and change the shape of the load average profile independently of the number of cores available.
It's hard to explain, essentially it's another parameter which you can use to tune the load average monitoring.
snmpd_load_weight_map:
'default': [ '1.5', '1.7', '1.8' ]
-
snmpd_load_1min¶
1 minute load average value which will trigger a SNMP trap.
snmpd_load_1min: '{{ (((snmpd_load_base | float) *
(snmpd_load_percent_map[snmpd_load_percent][0] | float) / 100) | float *
snmpd_load_weight_map[snmpd_load_weight][0] | float) }}'
-
snmpd_load_5min¶
5 minute load average value which will trigger a SNMP trap.
snmpd_load_5min: '{{ (((snmpd_load_base | float) *
(snmpd_load_percent_map[snmpd_load_percent][1] | float) / 100) | float *
snmpd_load_weight_map[snmpd_load_weight][1] | float) }}'
-
snmpd_load_15min¶
15 minute load average value which will trigger a SNMP trap.
snmpd_load_15min: '{{ (((snmpd_load_base | float) *
(snmpd_load_percent_map[snmpd_load_percent][2] | float) / 100) | float *
snmpd_load_weight_map[snmpd_load_weight][2] | float) }}'
Process monitoring¶
-
snmpd_proc_hidepid¶
Should the debops.snmpd add the snmp user account to a group that has
access to the /proc filesystem?
snmpd_proc_hidepid: '{{ True
if (ansible_local|d() and ansible_local.proc_hidepid|d() and
(ansible_local.proc_hidepid.enabled|d())|bool)
else False }}'
-
snmpd_proc_hidepid_group¶
Name of the system group which snmp user will be added to to get
information about processes.
snmpd_proc_hidepid_group: '{{ ansible_local.proc_hidepid.group|d("") }}'
SNMPv3 admin, agent and local accounts¶
-
snmpd_account¶
Enable or disable automatic creation of "admin" (RW), "agent" (RO) and "local" (RO) SNMPv3 accounts.
snmpd_account: True
-
snmpd_account_username_length¶
Length of the randomly generated usernames.
snmpd_account_username_length: '16'
-
snmpd_account_password_length¶
Length of the randomly generated passwords.
snmpd_account_password_length: '48'
-
snmpd_account_admin_username¶
Randomly generated, global SNMPv3 username of administrator account,
read-write, deactivated after snmpd is configured.
snmpd_account_admin_username: '{{ lookup("password", secret +
"/snmp/credentials/admin/username chars=ascii_letters,digits length=" +
snmpd_account_username_length) }}'
-
snmpd_account_admin_password¶
Randomly generated, global SNMPv3 password of administrator account,
read-write, deactivated after snmpd is configured.
snmpd_account_admin_password: '{{ lookup("password", secret +
"/snmp/credentials/admin/password chars=ascii_letters,digits,hexdigits length=" +
snmpd_account_password_length) }}'
-
snmpd_account_agent_username¶
Randomly generated, global SNMPv3 username of agent account, read-only.
snmpd_account_agent_username: '{{ lookup("password", secret +
"/snmp/credentials/agent/username chars=ascii_letters,digits length=" +
snmpd_account_username_length) }}'
-
snmpd_account_agent_password¶
Randomly generated, global SNMPv3 password of agent account, read-only.
snmpd_account_agent_password: '{{ lookup("password", secret +
"/snmp/credentials/agent/password chars=ascii_letters,digits,hexdigits length=" +
snmpd_account_password_length) }}'
Configuration of other Ansible roles¶
-
snmpd_apt_preferences_dependent_list¶
Configuration for debops.apt_preferences role.
snmpd_apt_preferences_dependent_list:
- package: 'lldpd libbsd0'
backports: [ 'wheezy' ]
reason: 'Version parity with Debian Jessie'
by_role: 'debops.snmpd'
-
snmpd_ferm_dependent_rules¶
Configuration for debops.ferm role.
snmpd_ferm_dependent_rules:
- type: 'accept'
protocol: [ 'udp' ]
dport: [ 'snmp' ]
saddr: '{{ snmpd_allow + snmpd_group_allow + snmpd_host_allow + snmpd_local_allow }}'
role: 'snmpd'
-
snmpd_tcpwrappers_dependent_allow¶
Configuration for debops.tcpwrappers role.
snmpd_tcpwrappers_dependent_allow:
- daemon: 'snmpd'
client: '{{ snmpd_allow + snmpd_group_allow + snmpd_host_allow + snmpd_local_allow }}'
weight: '50'
filename: 'snmpd_dependency_allow'
comment: 'Allow remote connections to SNMP daemon'