X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/43579f6444232b183805cfba96dcac36332c81f2..2915ebac652fcc0521325cf1aae5a2f56f792549:/cookbooks/snmpd/recipes/default.rb diff --git a/cookbooks/snmpd/recipes/default.rb b/cookbooks/snmpd/recipes/default.rb index c67466785..26ae86b78 100644 --- a/cookbooks/snmpd/recipes/default.rb +++ b/cookbooks/snmpd/recipes/default.rb @@ -1,14 +1,14 @@ # -# Cookbook Name:: snmpd +# Cookbook:: snmpd # Recipe:: default # -# Copyright 2013, OpenStreetMap Foundation +# Copyright:: 2013, OpenStreetMap Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -23,25 +23,61 @@ communities = data_bag_item("snmpd", "communities") package "snmpd" -service "snmpd" do - action [ :enable, :start ] - supports :status => true, :restart => true -end - template "/etc/snmp/snmpd.conf" do source "snmpd.conf.erb" owner "root" group "root" - mode 0600 + mode "600" variables :communities => communities - notifies :restart, resources(:service => "snmpd") + notifies :restart, "service[snmpd]" +end + +service "snmpd" do + action [:enable, :start] + supports :status => true, :restart => true end -node[:snmpd][:clients].each do |address| +if node[:snmpd][:clients] + node[:snmpd][:clients].each do |address| + firewall_rule "accept-snmp" do + action :accept + family "inet" + source "net:#{address}" + dest "fw" + proto "udp" + dest_ports "snmp" + source_ports "1024:" + end + end +else firewall_rule "accept-snmp" do action :accept family "inet" - source "net:#{address}" + source "net" + dest "fw" + proto "udp" + dest_ports "snmp" + source_ports "1024:" + end +end + +if node[:snmpd][:clients6] + node[:snmpd][:clients6].each do |address| + firewall_rule "accept-snmp" do + action :accept + family "inet6" + source "net:#{address}" + dest "fw" + proto "udp" + dest_ports "snmp" + source_ports "1024:" + end + end +else + firewall_rule "accept-snmp" do + action :accept + family "inet6" + source "net" dest "fw" proto "udp" dest_ports "snmp"