Bug 1447101

Summary: OpenStack Director / tripleo: Do not hardcode snmp listen addresses
Product: Red Hat OpenStack Reporter: Andreas Karis <akaris>
Component: puppet-tripleoAssignee: Emilien Macchi <emacchi>
Status: CLOSED ERRATA QA Contact: Gurenko Alex <agurenko>
Severity: medium Docs Contact:
Priority: medium    
Version: 10.0 (Newton)CC: akaris, aschultz, emacchi, jjoyce, jschluet, slinaber, tvignaud
Target Milestone: gaKeywords: Triaged, ZStream
Target Release: 12.0 (Pike)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: puppet-tripleo-7.1.0-0.20170606021228.0a75929.el7ost openstack-tripleo-heat-templates-7.0.0-0.20170606145818.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-13 21:25:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andreas Karis 2017-05-01 17:55:39 UTC 
Description of problem:

It's impossible to change the SNMP agentaddress via Director:

/etc/puppet/modules/tripleo/manifests/profile/base/snmp.pp
~~~
  if $step >= 4 {
    snmp::snmpv3_user { $snmpd_user:
      authtype => 'MD5',
      authpass => $snmpd_password,
    }
    class { '::snmp':
      agentaddress => ['udp:161','udp6:[::1]:161'],
      snmpd_config => [ join(['createUser ', $snmpd_user, ' MD5 "', $snmpd_password, '"']),
                        join(['rouser ', $snmpd_user]),
                        'proc  cron',
                        'includeAllDisks  10%',
                        'master agentx',
                        'trapsink localhost public',
                        'iquerySecName internalUser',
                        'rouser internalUser',
                        'defaultMonitors yes',
                        'linkUpDownNotifications yes' ],
    }

~~~

Additional info:
I wanted to create a KCS with instructions similar to this - but unfortunately, it is not possible to overwrite the snmpd settings with templates due to the above code.

### Modifying values via puppet ###
Not all values can be changed via `snmpd.local.conf` ; in this case, one can leverage [puppet hiera data](https://access.redhat.com/solutions/2328671)

#### Changing bind / listen address ####
The snmpd listen address is determined by `agentaddress`. This value may only appear once in the configuration, and hence may not appear in both `snmpd.conf` and `snmpd.local.conf` at the same time.
~~~
[root@overcloud-controller-0 ~]# grep agentaddress /etc/snmp/* -R
/etc/snmp/snmpd.conf:agentaddress udp:161,udp6:[::1]:161
~~~

In order to change this value:
~~~
parameter_defaults:
  ExtraConfig:
    snmp::agentaddress: '[ udp:127.0.0.1:161, udp6:[::1]:161 ]
~~~
Comment 1 Emilien Macchi 2017-05-02 16:22:14 UTC 
Andreas: it's a feature, so impossible to backport upstream.

We have 2 options:

- backport the feature downstream and make it available in the next OSP10 release (not sure when it happens). It some work because we also need to backport it to OSP11.

- do not backport the feature upstream and use the ExtraConfig workaround until OSP12 (see my patches that address your request in Pike).

Thoughts?
Comment 2 Andreas Karis 2017-05-02 16:29:53 UTC 
Hi,

No backport needed. I'm happy if this gets fixed in a future version. Should I ever need this in OSP 10, I'll consider to make the changes as in
https://review.openstack.org/#/c/461791/2/manifests/profile/base/snmp.pp
https://review.openstack.org/#/c/461839/1/puppet/services/snmp.yaml

Thanks!

- Andreas
Comment 3 Emilien Macchi 2017-05-02 16:32:55 UTC 
yeah or use ExtraConfig really, it's designed for this use case.

Thanks for the feedback, and expect the bug fixed for OSP12.
Comment 4 Andreas Karis 2017-05-02 16:37:05 UTC 
ExtraConfig won't work (do you mean the one for pushing hiera variables?) - I cannot push different snmp data because profile/base/snmp.pp hardcodes the value, so I cannot overwrite snmp::agentaddress). Of course, I can generate a new extraconfig / postconfig with a software config and overwrite this as a workaround. Or do you mean something else?
Comment 5 Emilien Macchi 2017-05-02 16:52:07 UTC 
ah right, the Hiera priority... indeed. I think you better to apply my patches if that works for you. Let me know how it works, so we're sure my patches do what you wanted.

Thanks
Comment 11 errata-xmlrpc 2017-12-13 21:25:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462