Ryan Barry has uploaded a new change for review. Change subject: Unpersist and repersist snmpd.conf so it can be moved ......................................................................
Unpersist and repersist snmpd.conf so it can be moved EL 7.1 (and probably EL6 at some point) now tries to move /var/lib/net-snmp/snmpd.conf to snmpd.conf.0, probably as a backup. This fails, since it's persisted (and bind mounted). Unpersist it, then re-persist it when changes which require restarting snmpd happen. Also, rework the logic of enable_snmpd a little so we're not starting and stopping and restarting the service or touching config files to change a password through snmpusm Change-Id: I0ff002717a8bf2744efa995f2e7e09a60b1eaede Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1232412 Signed-off-by: Ryan Barry <[email protected]> --- M src/ovirt/node/setup/snmp/snmp_model.py 1 file changed, 25 insertions(+), 24 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/71/42771/1 diff --git a/src/ovirt/node/setup/snmp/snmp_model.py b/src/ovirt/node/setup/snmp/snmp_model.py index 50639ce..d9e6d18 100644 --- a/src/ovirt/node/setup/snmp/snmp_model.py +++ b/src/ovirt/node/setup/snmp/snmp_model.py @@ -28,38 +28,39 @@ def enable_snmpd(password): - system.service("snmpd", "stop") - - # get old password # - if os.path.exists("/tmp/snmpd.conf"): - conf = "/tmp/snmpd.conf" - else: - conf = snmp_conf - cmd = "cat %s|grep createUser| grep -v '^#' | awk '{print $4}'" % conf - oldpwd = process.pipe(cmd, shell=True).strip() - - # change existing password - if len(oldpwd) > 0: + def change_password(oldpwd): system.service("snmpd", "start") - pwd_change_cmd = (("snmpusm -v 3 -u root -n \"\" -l authNoPriv -a " + - "SHA -A %s localhost passwd %s %s -x AES") % + pwd_change_cmd = (("snmpusm -v 3 -u root -n \"\" -l authNoPriv " + + "-a SHA -A %s localhost passwd %s %s -x AES") % (oldpwd, oldpwd, password)) process.check_call(pwd_change_cmd, shell=True) # Only reached when no excepion occurs process.call(["rm", "-rf", "/tmp/snmpd.conf"]) system.service("snmpd", "stop") - if not any([x for x in open('/etc/snmp/snmpd.conf').readlines() - if 'rwuser root' in x]): - with open('/etc/snmp/snmpd.conf', 'a') as f: - f.write("rwuser root") - fs.Config().persist("/etc/snmp/snmpd.conf") + # Check for an old password + if os.path.exists("/tmp/snmpd.conf"): + conf = "/tmp/snmpd.conf" + else: + conf = snmp_conf - cfg = fs.File(snmp_conf) - # create user account - cfg.write("createUser root SHA %s AES\n" % password) - system.service("snmpd", "start") - fs.Config().persist(snmp_conf) + cmd = "cat %s | grep createUser | grep -v '^#' | awk '{print $4}'" % conf + oldpwd = process.pipe(cmd, shell=True).strip() + + if len(oldpwd) > 0: + change_password(oldpwd) + else: + system.service("snmpd", "stop") + # net-snmp tries to move this to a backup. We don't care about that, + # but it fails, and fails to create the user if it's persisted (and + # bind mounted). + fs.Config().unpersist(snmp_conf) + # create user account + process.check_call(["net-snmp-create-v3-user", "-A", password, "-a", + "SHA", "-x", "AES", "root"]) + system.service("snmpd", "start") + fs.Config().persist("/etc/snmp/snmpd.conf") + fs.Config().persist(snmp_conf) firewall.open_port(port="161", proto="udp") -- To view, visit https://gerrit.ovirt.org/42771 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I0ff002717a8bf2744efa995f2e7e09a60b1eaede Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Ryan Barry <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
