Ansible.SNMP.Arista

Adding a new monitoring system to your network is an interesting thing to do. But it implies some repetitive tasks like updating ACLs on firewalls, adding a new SNMP user(or using the existing one), maybe a new VLAN, etc.
So in this post, I’ll focus on the SNMP v3. (If you don’t use SNMPv3, you should.) For this task, I’ve used Ansible to create/update an SNMPv3 user/password. (I am using the password for encryption, also).

The project is made of a main yml file, a vars file, and an inventory file.
The Var file contains the credentials for the switches, the SNMPv3 user and password(I am using the password for encryption, also), and the cli connection details. The main file contains all the tasks.

---
- hosts: switches
  gather_facts: no
  serial: 1
  connection: local
  vars_files:
    - vars

  tasks:
  - name: Pre-Check snmp user
    shell:
      cmd:  snmpget -v3 -l authPriv -u {{snmpUser}} -a SHA -A {{ snmpAuthPriv }} -x AES -X {{ snmpAuthPriv }} {{ inventory_hostname }}  sysName.0
    register: result
    ignore_errors: yes

  - name: Check SNMP user existance
    assert:
      that:
         - result.stdout_lines|length == 0
      msg: "The SNMP user {{snmpUser}} already exist."

  - name: run multiple commands on remote nodes
    eos_command:
      authorize: true
      provider: "{{ provider_cli }}"
      commands:
        - conf t
        - snmp-server view all-items iso included
        - snmp-server group {{snmpUser}} v3 priv read all-items
        - snmp-server user {{ snmpUser }} {{snmpUser}} v3 auth sha {{ snmpAuthPriv }} priv aes {{ snmpAuthPriv }}
        - show snmp user
        - write memory
    register: output

  - debug:
      var: output.stdout_lines[4] , output.stdout_lines[5]

  - name: Check snmp user
    shell:
      cmd:  snmpget -v3 -l authPriv -u {{snmpUser}} -a SHA -A {{ snmpAuthPriv }} -x AES -X {{ snmpAuthPriv }} {{ inventory_hostname }}  sysName.0
    register: result

  - debug:
      var: result.stdout_lines

First, it will check if the user already exists and if it does it will stop. If you want to use this script for updating the SNMP user you’ll have to skip the first 2 tasks. (you can assign a tag to all tasks except the first 2 tasks and run ansible with that tag “–tags “tag_name”ย “). Next, it will create a view, a group, and then the user. Lastly it will check that the user was created.

You can find all the files here:
https://github.com/czirakim/Ansible.SNMP.Arista

About the author

Mihai is a Senior Network Engineer with more than 15 years of experience