Bug 1447101 - OpenStack Director / tripleo: Do not hardcode snmp listen addresses
Summary: OpenStack Director / tripleo: Do not hardcode snmp listen addresses
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: puppet-tripleo
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
Target Milestone: ga
: 12.0 (Pike)
Assignee: Emilien Macchi
QA Contact: Gurenko Alex
Depends On:
TreeView+ depends on / blocked
Reported: 2017-05-01 17:55 UTC by Andreas Karis
Modified: 2018-02-05 19:07 UTC (History)
7 users (show)

Fixed In Version: puppet-tripleo-7.1.0-0.20170606021228.0a75929.el7ost openstack-tripleo-heat-templates-7.0.0-0.20170606145818.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-12-13 21:25:26 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1687628 0 None None None 2017-05-02 13:49:40 UTC
OpenStack gerrit 461791 0 None MERGED snmp: remove useless parameter for binding 2020-10-05 02:35:05 UTC
OpenStack gerrit 461839 0 None MERGED snmp: add SnmpdBindHost parameter 2020-10-05 02:35:05 UTC
Red Hat Product Errata RHEA-2017:3462 0 normal SHIPPED_LIVE Red Hat OpenStack Platform 12.0 Enhancement Advisory 2018-02-16 01:43:25 UTC

Description Andreas Karis 2017-05-01 17:55:39 UTC
Description of problem:

It's impossible to change the SNMP agentaddress via Director:

  if $step >= 4 {
    snmp::snmpv3_user { $snmpd_user:
      authtype => 'MD5',
      authpass => $snmpd_password,
    class { '::snmp':
      agentaddress => ['udp:161','udp6:[::1]:161'],
      snmpd_config => [ join(['createUser ', $snmpd_user, ' MD5 "', $snmpd_password, '"']),
                        join(['rouser ', $snmpd_user]),
                        'proc  cron',
                        'includeAllDisks  10%',
                        'master agentx',
                        'trapsink localhost public',
                        'iquerySecName internalUser',
                        'rouser internalUser',
                        'defaultMonitors yes',
                        'linkUpDownNotifications yes' ],


Additional info:
I wanted to create a KCS with instructions similar to this - but unfortunately, it is not possible to overwrite the snmpd settings with templates due to the above code.

### Modifying values via puppet ###
Not all values can be changed via `snmpd.local.conf` ; in this case, one can leverage [puppet hiera data](https://access.redhat.com/solutions/2328671)

#### Changing bind / listen address ####
The snmpd listen address is determined by `agentaddress`. This value may only appear once in the configuration, and hence may not appear in both `snmpd.conf` and `snmpd.local.conf` at the same time.
[root@overcloud-controller-0 ~]# grep agentaddress /etc/snmp/* -R
/etc/snmp/snmpd.conf:agentaddress udp:161,udp6:[::1]:161

In order to change this value:
    snmp::agentaddress: '[ udp:, udp6:[::1]:161 ]

Comment 1 Emilien Macchi 2017-05-02 16:22:14 UTC
Andreas: it's a feature, so impossible to backport upstream.

We have 2 options:

- backport the feature downstream and make it available in the next OSP10 release (not sure when it happens). It some work because we also need to backport it to OSP11.

- do not backport the feature upstream and use the ExtraConfig workaround until OSP12 (see my patches that address your request in Pike).


Comment 2 Andreas Karis 2017-05-02 16:29:53 UTC

No backport needed. I'm happy if this gets fixed in a future version. Should I ever need this in OSP 10, I'll consider to make the changes as in


- Andreas

Comment 3 Emilien Macchi 2017-05-02 16:32:55 UTC
yeah or use ExtraConfig really, it's designed for this use case.

Thanks for the feedback, and expect the bug fixed for OSP12.

Comment 4 Andreas Karis 2017-05-02 16:37:05 UTC
ExtraConfig won't work (do you mean the one for pushing hiera variables?) - I cannot push different snmp data because profile/base/snmp.pp hardcodes the value, so I cannot overwrite snmp::agentaddress). Of course, I can generate a new extraconfig / postconfig with a software config and overwrite this as a workaround. Or do you mean something else?

Comment 5 Emilien Macchi 2017-05-02 16:52:07 UTC
ah right, the Hiera priority... indeed. I think you better to apply my patches if that works for you. Let me know how it works, so we're sure my patches do what you wanted.


Comment 11 errata-xmlrpc 2017-12-13 21:25:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.