Adding a new monitoring system to your network it is interesting thing to do. But it implies some repetitive tasks like : update ACL’s on firewalls, add a new SNMP user(or use the existing one), maybe a new VLAN, etc.
So in this post, I’ll focus on the SNMP v3. (If you don’t use SNMPv3, you should.) For this task, I’ve used Ansible to create/update an SNMPv3 user/password. (I am using the password for encryption, also).
The project is made of a main yml file , a vars file and an inventory file.
Var file contains the credentials for the switches, the SNMPv3 user and password(I am using the password for encryption, also) and the cli connection details. The main file contains all the tasks.
--- - hosts: switches gather_facts: no serial: 1 connection: local vars_files: - vars tasks: - name: Pre-Check snmp user shell: cmd: snmpget -v3 -l authPriv -u {{snmpUser}} -a SHA -A {{ snmpAuthPriv }} -x AES -X {{ snmpAuthPriv }} {{ inventory_hostname }} sysName.0 register: result ignore_errors: yes - name: Check SNMP user existance assert: that: - result.stdout_lines|length == 0 msg: "The SNMP user {{snmpUser}} already exist." - name: run multiple commands on remote nodes eos_command: authorize: true provider: "{{ provider_cli }}" commands: - conf t - snmp-server view all-items iso included - snmp-server group {{snmpUser}} v3 priv read all-items - snmp-server user {{ snmpUser }} {{snmpUser}} v3 auth sha {{ snmpAuthPriv }} priv aes {{ snmpAuthPriv }} - show snmp user - write memory register: output - debug: var: output.stdout_lines[4] , output.stdout_lines[5] - name: Check snmp user shell: cmd: snmpget -v3 -l authPriv -u {{snmpUser}} -a SHA -A {{ snmpAuthPriv }} -x AES -X {{ snmpAuthPriv }} {{ inventory_hostname }} sysName.0 register: result - debug: var: result.stdout_lines
First it will check if the user already exists and if it does it will stop. If you want to use this script for updating the snmp user you ‘ll have to skip the first 2 tasks. (you can assign a tag to all tasks except the first 2 tasks and run ansible with that tag “--tags "tag_name"
“). Next it will create a view , a group and then the user. Last it will check that the user was created.
You can find all the files here:
https://github.com/czirakim/Ansible.SNMP.Arista