The description and example config of snmp::com2sec and snmp::com2sec6 looks wrongs. When I create the following template file according to the document, ~~~ parameter_defaults: ExtraConfig: snmp::com2sec: mysecurestring snmp::com2sec6: myv6securestring ~~~ the deployment fails with the following message. ~~~ Jul 12 01:11:32 puppet-user: Error: Evaluation Error: Error while evaluating a Function Call, "mysecurestring" is not an Array. It looks to be a String (file: /etc/puppet/modules/snmp/manifests/init.pp, line: 371, column: 3) on node overcloud-controller-0.yatanaka.example.com ~~~ According to the following upstream document, the values of these parameters should be an array, not string. ~~~ https://forge.puppet.com/modules/razorsedge/snmp/readme com2sec An array of VACM com2sec mappings. Must provide SECNAME, SOURCE and COMMUNITY. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details. Default: [ "notConfigUser default public" ] com2sec6 An array of VACM com2sec6 mappings. Must provide SECNAME, SOURCE and COMMUNITY. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details. Default: [ "notConfigUser default ${ro_community}" ] ~~~ Therefore we should modify our document from: ~~~ SNMP view-based access control settings (VACM) snmp::com2sec IPv4 security name. snmp::com2sec6 IPv6 security name. For example: parameter_defaults: ExtraConfig: snmp::com2sec: mysecurestring snmp::com2sec6: myv6securestring ~~~ to: ~~~ SNMP view-based access control settings (VACM) snmp::com2sec An array of VACM com2sec mappings. Must provide SECNAME, SOURCE and COMMUNITY. snmp::com2sec6 An array of VACM com2sec6 mappings. Must provide SECNAME, SOURCE and COMMUNITY. For example: parameter_defaults: ExtraConfig: snmp::com2sec: ["notConfigUser default mysecurestring"] snmp::com2sec6: ["notConfigUser default myv6securestring"] ~~~ Reported by: rhn-support-yatanaka https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html/advanced_overcloud_customization/assembly_security-enhancements#annotations:32a92219-f604-4db0-a107-dcbb2e8f7f74
snmp is for DFG:CloudOps
Based on the docs context, this is either for the DFG:Networking or DFG:Security (not related to SNMP traps in CloudOps)
Hi, This content was moved to a different guide in RHOSP 17.0: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.0/html/security_and_hardening_guide/assembly_security-enhancements_security_and_hardening#ref_changing-the-simple-network-management-protocol-snmp-strings_security-enhancements --Greg
Verbiage confirmed via /usr/share/openstack-puppet/modules/snmp/README.markdown: ##### `com2sec` An array of VACM com2sec mappings. Must provide SECNAME, SOURCE and COMMUNITY. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details. Default: [ "notConfigUser default public" ] ##### `com2sec6` An array of VACM com2sec6 mappings. Must provide SECNAME, SOURCE and COMMUNITY. See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details. Default: [ "notConfigUser default ${ro_community}" ] Configuration tests successfully
Content has been updated and published: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html/advanced_overcloud_customization/assembly_security-enhancements