Attached is the patch allowing an SNMPv3 get. As you can see it is
implemented as a separate method. I debated a lot about this, but
putting it all into one get seemed, well, unwieldy at best given the
number of options that are set for SNMPv3 to operate.
I have tested this on RHEL 5 and RHEL6. In order to test you need to run
something like the following command on a properly setup NET-SNMP
installation (instructions for setting up an SNMPv3 server here:
https://stomp.colorado.edu/blog/blog/2010/07/09/on-configuring-snmpv3-in-net-snmp/).
func 'YOUR.SERVER.HERE' call snmp getv3 sysDescr.0 YOUR_SNMP_USER_NAME
SHA 'YOUR_AUTHENTICATION_PASSPHRASE_HERE' AES 'YOUR_PRIVACY_PASSPHRASE_HERE'
You should get in return something like:
{'your.server.here': [0,
'Linux your.server.here 2.6.18-274.7.1.el5
#1 SMP Mon Oct 17 11:57:14 EDT 2011 x86_64\n',
'']}
There are a lot of variations you can do with with SNMPv3, auth can be
done either via MD5, or SHA. Privacy can use either DES or AES, as well
you can choose to not use auth or priv if you prefer. However, with the
attached form of the patch it always uses authPriv (meaning both auth
password and priv password are required). This is less flexible, though
more secure, but mainly it was implemented for simplicity.
My python mastery is not so great as to allow the true command line
flexibility that is required, or perhaps func is not flexible enough? I
am not sure. However, it would require something along the lines of if
noAuthNoPriv is specified to not require any passwords, if authNoPriv is
specified to require the auth password but not the priv password.
Additionally with that level of flexibility it would be easy to allow
say a call like snmp get v2 or v3 and then test for that thus negating
the use of a second method.
If someone knows how to do that, let me know. As always any feedback is
welcome, this was run against pep8 for formatting and came back clean.
I am still getting a handle on git so this ended up being two patches,
one with the bulk of the changes and the second fixing a formatting
error. I guess branches are the way to avoid this in the future...
-Erinn
>From de89fc7bb1434f4650ea412e61448fa5b8bd1468 Mon Sep 17 00:00:00 2001
From: Erinn Looney-Triggs <erinn.looneytriggs@xxxxxxxxx>
Date: Thu, 10 Nov 2011 15:56:03 -0800
Subject: [PATCH 2/3] Add a getv3 method to support SNMPv3, authPriv only at
this point.
---
func/minion/modules/snmp.py | 97 ++++++++++++++++++++++++++++++++++++++++---
1 files changed, 91 insertions(+), 6 deletions(-)
diff --git a/func/minion/modules/snmp.py b/func/minion/modules/snmp.py
index 6f7ae2d..bee2ffc 100644
--- a/func/minion/modules/snmp.py
+++ b/func/minion/modules/snmp.py
@@ -26,7 +26,7 @@ from certmaster.config import BaseConfig, Option
class Snmp(func_module.FuncModule):
version = "0.0.2"
- api_version = "0.0.1"
+ api_version = "0.0.2"
description = "SNMP related calls through FUNC."
class Config(BaseConfig):
@@ -50,6 +50,47 @@ class Snmp(func_module.FuncModule):
return (cmdref.returncode, data[0], data[1])
+ def getv3(self, oid, secname, authprotocol, authpassword,
+ privprotocol, privpassword, hostname='localhost'):
+ '''
+ Runs a version 3 snmpget operation on a specific OID and returns the
+ output of the call.
+
+ This method requires six arguments:
+ oid: String defining the oid as either the numerical or
+ text representation.
+ secname: String defining the security name (user name) to use.
+ authprotocol: String defining the authentication protocol one of:
+ MD5 or SHA.
+ authpassword: String defining the authentication password.
+ privprotocol: String defining the privacy protocol one of:
+ AES or DES.
+ privpassword: String defining the privacy password.
+
+ This method takes one optional argument:
+ hostname: String defining the host name to run against,
+ defaults to "localhost".
+ '''
+
+ seclevel='authPriv'
+
+ snmpget_options = '-v3 -Ov -OQ'
+
+ command = ('%s %s -l %s -u %s -a %s '
+ '-A %s -x %s -X %s %s %s') % (self.options.snmpget,
+ snmpget_options, seclevel,
+ secname, authprotocol,
+ authpassword, privprotocol,
+ privpassword, hostname, oid)
+
+ cmdref = subprocess.Popen(command.split(), stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE, shell=False,
+ close_fds=True)
+
+ data = cmdref.communicate()
+
+ return (cmdref.returncode, data[0], data[1])
+
def register_method_args(self):
"""
Implementing the argument getter
@@ -61,23 +102,67 @@ class Snmp(func_module.FuncModule):
'oid': {
'type': 'string',
'optional': False,
- 'description': 'The OID'
+ 'description': 'The OID.'
},
'rocommunity': {
'type': 'string',
'optional': False,
- 'description': "The read only community string"
+ 'description': 'The read only community string.'
},
'hostname': {
'type': 'string',
'optional': True,
'default': 'localhost',
- 'description': "The host name to be applied on"
+ 'description': 'The host name to be applied on.'
}
},
'description': ("Runs an snmpget on a specific oid "
- "returns the output of the call")
- }
+ "returns the output of the call.")
+ },
+ 'getv3': {
+ 'args': {
+ 'oid': {
+ 'type': 'string',
+ 'optional': False,
+ 'description': 'The OID'
+ },
+ 'secname': {
+ 'type': 'string',
+ 'optional': False,
+ 'description': 'The security (user) name.'
+ },
+ 'authprotocol': {
+ 'type': 'string',
+ 'optional': False,
+ 'description': ('The authentication protocol to '
+ 'use, either SHA or MD5.')
+ },
+ 'authpassword': {
+ 'type': 'string',
+ 'optional': False,
+ 'description': ('The authentication password '
+ 'to use.')
+ },
+ 'privprotocol': {
+ 'type': 'string',
+ 'optional': False,
+ 'description': ('The privacy protocol to use, '
+ 'one of: DES or AES')
+ },
+ 'privpassword': {
+ 'type': 'string',
+ 'optional': False,
+ 'description': 'The privacy password to be used.'
+ },
+ 'hostname': {
+ 'type': 'string',
+ 'optional': True,
+ 'description': 'The host name to be applied on.'
+ },
+ },
+ 'description': ('Runs an snmpget operation using SNMPv3 on '
+ 'a sepcified OID.')
+ }
}
#def walk(self, oid, rocommunity):
--
1.7.7.1
>From c45e47fc74354ab5c444210b2f61998ad8eb9a24 Mon Sep 17 00:00:00 2001
From: Erinn Looney-Triggs <erinn.looneytriggs@xxxxxxxxx>
Date: Tue, 15 Nov 2011 12:32:24 -1000
Subject: [PATCH 3/3] Fixed formatting.
---
func/minion/modules/snmp.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/func/minion/modules/snmp.py b/func/minion/modules/snmp.py
index bee2ffc..003fb22 100644
--- a/func/minion/modules/snmp.py
+++ b/func/minion/modules/snmp.py
@@ -72,7 +72,7 @@ class Snmp(func_module.FuncModule):
defaults to "localhost".
'''
- seclevel='authPriv'
+ seclevel = 'authPriv'
snmpget_options = '-v3 -Ov -OQ'
--
1.7.7.1
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
