ucentral-schema: add support for configuring snmpd service using ucentral. WIFI-14152

renderer/templates/services/snmpd.uc

@@ -0,0 +1,73 @@
+{%
+
+if (!length(snmpd)) return;
+let interfaces = services.lookup_interfaces("snmpd");
+%}
+
+
+# SNMPD service configuration
+set snmpd.general.enabled={{ s(snmpd.general.enabled) }} 
+{% for (let interface in interfaces): %}
+{%    let name = ethernet.calculate_name(interface) %}
+add_list snmpd.general.network={{ name }}
+{% endfor %}
+
+
+add agent
+set snmpd.@agent[-1].agentaddress={{ s(snmpd.agent.agentaddress) }}
+
+add system
+set snmpd.@system[-1].sysLocation={{ s(snmpd.system.sysLocation) }}
+set snmpd.@system[-1].sysContact={{ s(snmpd.system.sysContact) }}
+set snmpd.@system[-1].sysName={{ s(snmpd.system.sysName) }}
+
+add agentx
+set snmpd.@agentx[-1].type={{ s(snmpd.agentx.type) }}
+
+{% for (let g, v in snmpd.group): %}
+set snmpd.{{g}}.group={{ s(v.group) }}
+set snmpd.{{g}}.version={{ s(v.version) }}
+set snmpd.{{g}}.secname={{ s(v.secname) }}
+{% endfor %}
+
+{% for (let n, v in snmpd.view): %}
+set snmpd.{{n}}.viewname={{ s(v.viewname) }}
+set snmpd.{{n}}.type={{ s(v.type) }}
+set snmpd.{{n}}.oid={{ s(v.oid) }}
+{% endfor %}
+
+{% for (let c, v in snmpd.com2sec): %}
+set snmpd.{{c}}.secname={{ s(v.secname) }}
+set snmpd.{{c}}.source={{ s(v.source) }}
+set snmpd.{{c}}.community={{ s(v.community) }}
+{% endfor %}
+
+{% for (let p, v in snmpd.pass): %}
+add snmpd pass
+set snmpd.@pass[-1].name={{ s(v.name) }}
+set snmpd.@pass[-1].miboid={{ s(v.miboid) }}
+set snmpd.@pass[-1].prog={{ s(v.prog) }}
+{% endfor %}
+
+{% for (let a, v in snmpd.access): %}
+add access
+set snmpd.{{a}}.context={{ s(v.context) }}
+set snmpd.{{a}}.version={{ s(v.version) }}
+set snmpd.{{a}}.level={{ s(v.level) }}
+set snmpd.{{a}}.prefix={{ s(v.prefix) }}
+set snmpd.{{a}}.read={{ s(v.read) }}
+set snmpd.{{a}}.write={{ s(v.write) }}
+set snmpd.{{a}}.notify={{ s(v.notify) }}
+set snmpd.{{a}}.group={{ s(v.group) }}
+{% endfor %}
+
+{% let port = split(snmpd.agent.agentaddress, ':')[1] %}
+{% for (let interface in interfaces): %}
+{%    let name = ethernet.calculate_name(interface) %}
+add firewall rule
+set firewall.@rule[-1].name='Allow SNMP'
+set firewall.@rule[-1].src={{ name }}
+set firewall.@rule[-1].dest_port={{port}}
+set firewall.@rule[-1].proto='udp'
+set firewall.@rule[-1].target='ACCEPT' 
+{% endfor %}

schema/service.snmpd.access.yml

@@ -0,0 +1,78 @@
+description:
+  List of access types for SNMP.
+type: object
+properties:
+  - public_access:
+      type: object
+      description:
+        Configuration of public access.
+      properties:
+        context:
+          description:
+            A collection of management information accessible by an SNMP entity.
+          type: string
+        group:
+          description:
+            Group related to the access.
+          type: string
+        level:
+          description:
+            Level of authorization.
+          type: string
+        notify:
+          description:
+            Specifies the view to be used for GET*, SET and TRAP/INFORM requests.
+          type: string
+        prefix:
+          description:
+            Specifies how CONTEXT should be matched against the context of the incoming request.
+          type: string
+        read:
+          description:
+            Specifies the view to be used for GET*, SET and TRAP/INFORM requests.
+          type: string
+        version:
+          description:
+            SNMP version.
+          type: string
+        write:
+          description:
+            Specifies the view to be used for GET*, SET and TRAP/INFORM requests.
+          type: string
+  - private_access:
+      type: object
+      description:
+        Configuration of public access.
+      properties:
+        context:
+          description:
+            A collection of management information accessible by an SNMP entity.
+          type: string
+        group:
+          description:
+            Group related to the access.
+          type: string
+        level:
+          description:
+            Level of authorization.
+          type: string
+        notify:
+          description:
+            Specifies the view to be used for GET*, SET and TRAP/INFORM requests.
+          type: string
+        prefix:
+          description:
+            Specifies how CONTEXT should be matched against the context of the incoming request.
+          type: string
+        read:
+          description:
+            Specifies the view to be used for GET*, SET and TRAP/INFORM requests.
+          type: string
+        version:
+          description:
+            SNMP version.
+          type: string
+        write:
+          description:
+            Specifies the view to be used for GET*, SET and TRAP/INFORM requests.
+          type: string

schema/service.snmpd.agent.yml

@@ -0,0 +1,9 @@
+description:
+  Configure the SNMP agent.
+type: object
+properties:
+  agentaddress:
+    description:
+      Define the agent configuration.
+    type: string
+    default: UDP:161

schema/service.snmpd.agentx.yml

@@ -0,0 +1,9 @@
+description:
+  Configure the role in AgentX protocol.
+type: object
+properties:
+  type:
+    description:
+      AgentX protocol role.
+    type: string
+    default: master

schema/service.snmpd.com2sec.yml

@@ -0,0 +1,38 @@
+description:
+  Map an SNMPv1 or SNMPv2c community string to a security name..
+type: object
+properties:
+  - public:
+      description:
+        Public com2sec.
+      type: object
+      properties:
+        community:
+          description:
+            Community name.
+          type: string
+        secname:
+          description:
+            Security name.
+          type: string
+        source:
+          description:
+            A restricted source can either be a specific hostname or a subnet.
+          type: string
+  - private:
+      description:
+        Private com2sec.
+      type: object
+      properties:
+        community:
+          description:
+            Community name.
+          type: string
+        secname:
+          description:
+            Security name.
+          type: string
+        source:
+          description:
+            A restricted source can either be a specific hostname or a subnet.
+          type: string

schema/service.snmpd.general.yml

@@ -0,0 +1,9 @@
+description:
+  General options for SNMP service.
+type: object
+properties:
+  enabled:
+    description:
+      Enable or disable the service
+    type: boolean
+    default: false

schema/service.snmpd.group.yml

@@ -0,0 +1,64 @@
+description:
+  List of pass sections for SNMP.
+type: object
+properties:
+  - public_v1:
+      type: object
+      properties:
+        group:
+          type: string
+          description:
+            Group name.
+        secname:
+          description:
+            Related security name.
+          type: string
+        version:
+          description:
+            SNMP version.
+          type: string
+  - private_v1:
+      type: object
+      properties:
+        group:
+          type: string
+          description:
+            Group name.
+        secname:
+          description:
+            Related security name.
+          type: string
+        version:
+          description:
+            SNMP version.
+          type: string
+  - private_v2c:
+      type: object
+      properties:
+        group:
+          type: string
+          description:
+            Group name.
+        secname:
+          description:
+            Related security name.
+          type: string
+        version:
+          description:
+            SNMP version.
+          type: string
+  - public_v2c:
+      type: object
+      properties:
+        group:
+          type: string
+          description:
+            Group name.
+        secname:
+          description:
+            Related security name.
+          type: string
+        version:
+          description:
+            SNMP version.
+          type: string

schema/service.snmpd.pass.yml

@@ -0,0 +1,18 @@
+description:
+  List of community permissions.
+type: array
+items:
+  type: object
+  properties:
+      miboid:
+        description:
+          OID used by pass protocol.
+        type: string
+      name:
+        description:
+          Name of the MIB.
+        type: string
+      prog:
+        description:
+          MIB script.
+        type: string

schema/service.snmpd.system.yml

@@ -0,0 +1,16 @@
+description:
+  System information used by SNMP service.
+type: object
+properties:
+  sysContact:
+    description:
+      Contact information.
+    type: string
+  sysLocation:
+    description:
+      Location information.
+    type: string
+  sysName:
+    description:
+      System name.
+    type: string

schema/service.snmpd.view.yml

@@ -0,0 +1,16 @@
+description:
+  View configuration.
+type: object
+properties:
+    oid:
+      description:
+        Define the source oid tree for the view.
+      type: string
+    type:
+      description:
+        Type is either included or excluded.
+      type: string
+    viewname:
+      description:
+        View name.
+      type: string

schema/service.snmpd.yml

@@ -0,0 +1,22 @@
+description:
+  SNMP sections.
+type: object
+properties:
+  agent:
+    $ref: "https://ucentral.io/schema/v1/service/snmpd/agent/"
+  access:
+    $ref: "https://ucentral.io/schema/v1/service/snmpd/access/"
+  agentx:
+    $ref: "https://ucentral.io/schema/v1/service/snmpd/agentx/"
+  com2sec:
+    $ref: "https://ucentral.io/schema/v1/service/snmpd/com2sec/"
+  general:
+    $ref: "https://ucentral.io/schema/v1/service/snmpd/general/"
+  pass:
+    $ref: "https://ucentral.io/schema/v1/service/snmpd/pass/"
+  group:
+    $ref: "https://ucentral.io/schema/v1/service/snmpd/group/"
+  system:
+    $ref: "https://ucentral.io/schema/v1/service/snmpd/system/"
+  view:
+    $ref: "https://ucentral.io/schema/v1/service/snmpd/view/"

schema/service.yml

@@ -49,3 +49,5 @@ properties:
     $ref: 'https://ucentral.io/schema/v1/service/rrm/'
   fingerprint:
     $ref: 'https://ucentral.io/schema/v1/service/fingerprint/'
+  snmpd:
+    $ref: 'https://ucentral.io/schema/v1/service/snmpd/'