Ansible.SNMP.Arista

by mihai cziraki | Posted on

Adding a new monitoring system to your network it is interesting thing to do. But it implies some repetitive tasks like : update ACL’s on firewalls, add a new SNMP user(or use the existing one), maybe a new VLAN, etc.
So in this post, I’ll focus on the SNMP v3. (If you don’t use SNMPv3, you should.) For this task, I’ve used Ansible to create/update an SNMPv3 user/password. (I am using the password for encryption, also).

The project is made of a main yml file , a vars file and an inventory file.
Var file contains the credentials for the switches, the SNMPv3 user and password(I am using the password for encryption, also) and the cli connection details. The main file contains all the tasks.

---
- hosts: switches
  gather_facts: no
  serial: 1
  connection: local
  vars_files:
    - vars

  tasks:
  - name: Pre-Check snmp user
    shell:
      cmd:  snmpget -v3 -l authPriv -u {{snmpUser}} -a SHA -A {{ snmpAuthPriv }} -x AES -X {{ snmpAuthPriv }} {{ inventory_hostname }}  sysName.0
    register: result
    ignore_errors: yes

  - name: Check SNMP user existance
    assert:
      that:
         - result.stdout_lines|length == 0
      msg: "The SNMP user {{snmpUser}} already exist."

  - name: run multiple commands on remote nodes
    eos_command:
      authorize: true
      provider: "{{ provider_cli }}"
      commands:
        - conf t
        - snmp-server view all-items iso included
        - snmp-server group {{snmpUser}} v3 priv read all-items
        - snmp-server user {{ snmpUser }} {{snmpUser}} v3 auth sha {{ snmpAuthPriv }} priv aes {{ snmpAuthPriv }}
        - show snmp user
        - write memory
    register: output

  - debug:
      var: output.stdout_lines[4] , output.stdout_lines[5]

  - name: Check snmp user
    shell:
      cmd:  snmpget -v3 -l authPriv -u {{snmpUser}} -a SHA -A {{ snmpAuthPriv }} -x AES -X {{ snmpAuthPriv }} {{ inventory_hostname }}  sysName.0
    register: result

  - debug:
      var: result.stdout_lines

First it will check if the user already exists and if it does it will stop. If you want to use this script for updating the snmp user you ‘ll have to skip the first 2 tasks. (you can assign a tag to all tasks except the first 2 tasks and run ansible with that tag “--tags "tag_name" “). Next it will create a view , a group and then the user. Last it will check that the user was created.

You can find all the files here:
https://github.com/czirakim/Ansible.SNMP.Arista

About the author

Mihai is a Network Aficionado with more than 10 years experience

Related Posts