43155ed146
Add a parameter, SnmpdIpSubnet, which can be an IP/MASK that will be used to secure with IPtables the source network authorized to reach SNMP service on the host. If SnmpdIpSubnet is left empty (default) the parameter will be set to SnmpdNetwork. Also change the IPtables id, 127 was used by Horizon, so let's switch SNMP to 124. No impact on users. Change-Id: I46fce28926cb5a881f7384948480266712ae75e3 Closes-Bug: #1749324
89 lines
2.9 KiB
YAML
89 lines
2.9 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
SNMP client configured with Puppet, to facilitate Ceilometer Hardware
|
|
monitoring in the undercloud. This service is required to enable hardware
|
|
monitoring.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
SnmpdReadonlyUserName:
|
|
default: ro_snmp_user
|
|
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
|
|
type: string
|
|
SnmpdReadonlyUserPassword:
|
|
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
|
|
type: string
|
|
hidden: true
|
|
SnmpdBindHost:
|
|
description: An array of bind host addresses on which SNMP daemon will listen.
|
|
type: comma_delimited_list
|
|
default: ['udp:161','udp6:[::1]:161']
|
|
SnmpdOptions:
|
|
description: A string containing the commandline options passed to snmpd
|
|
type: string
|
|
default: '-LS0-5d'
|
|
SnmpdIpSubnet:
|
|
default: ''
|
|
description: IP address/subnet on the snmpd network. If empty (default), SnmpdNetwork
|
|
will be taken.
|
|
type: string
|
|
conditions:
|
|
snmpd_network_unset: {equals : [{get_param: SnmpdIpSubnet}, '']}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the SNMP services
|
|
value:
|
|
service_name: snmp
|
|
config_settings:
|
|
tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
|
|
tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
|
|
snmp::agentaddress: {get_param: SnmpdBindHost}
|
|
snmp::snmpd_options: {get_param: SnmpdOptions}
|
|
snmpd_network:
|
|
str_replace:
|
|
template: "NETWORK_subnet"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, SnmpdNetwork]}
|
|
tripleo.snmp.firewall_rules:
|
|
'124 snmp':
|
|
dport: 161
|
|
proto: 'udp'
|
|
source:
|
|
if:
|
|
- snmpd_network_unset
|
|
- "%{hiera('snmpd_network')}"
|
|
- {get_param: SnmpdIpSubnet}
|
|
step_config: |
|
|
include ::tripleo::profile::base::snmp
|
|
upgrade_tasks:
|
|
- name: Stop snmp service
|
|
when: step|int == 1
|
|
service: name=snmpd state=stopped
|