Of the three access control methods used by NetSNMP, only VACM is being used in the template. I intend to eventually allow the choice to utilize the traditional access control configuration (of which rocommunity is a member), but instead I just left it commented out in the template.

If you provide the parameters views and accesses along with ro_community, you should get a functional VACM access configuration.

class { 'snmp':
  ro_community => 'public',
  views        => [
    'view    systemview    included   .1.3.6.1.2.1.1',
    'view    systemview    included   .1.3.6.1.2.1.25.1.1',
  ],
  accesses     => [
    'access  notConfigGroup ""      any       noauth    exact  systemview none none' 
  ],
}

The template definitely needs more work in this area.

from puppet-snmp.

to emulate this "traditional" behaviour you can just set views by adding the below config variable to your snmp class, obviously this removes the default setup that the module configures, the default config which you get without it hides network ifaces among other things so i had to do this for my observium install to start seeing NIC data again

views => ["systemview included .1"]

from puppet-snmp.

Also seeing this issue, simply adding what @anthonysomerset suggested fixed the issue. I actually didn't have to add the other views and accesses definitions from @razorsedge .

from puppet-snmp.

Why setting a RO community different from 'public', I get this snmpd.conf file?

...
# Traditional Access Control
#rocommunity blabla1 10.0.0.0/8

# ------------------------------------------------------------------------------
# VACM Configuration
#       sec.name       source        community
com2sec notConfigUser  default       public
...

from puppet-snmp.

The real solution to this is to use VACM instead of rocommunity. Although
it's not documented in the module very well I believe this was the
original intention. VACM is a lot more complicated to configure but it ends
up being more flexible as I discovered.

To answer your question that field is broken, you can still use rocommunity
by using the snmp_config parameter, I did that until I had time to figure
out VACM. In my opinion though the community parameter should either be
fixed or removed.

On Thursday, May 29, 2014, mimmus [email protected] wrote:

Why setting a RO community different from 'public', I get this snmpd.conf
file?

...

Traditional Access Control

#rocommunity blabla1 10.0.0.0/8

------------------------------------------------------------------------------

VACM Configuration

sec.name source community

com2sec notConfigUser default public
...

—
Reply to this email directly or view it on GitHub
#10 (comment)
.

from puppet-snmp.

I solved using com2sec.
I agree that ro_community, ro_network, rw_community, rw_network are in effect not used at all by module and should be either fixed or removed.

from puppet-snmp.

I will accept PRs to fix this. :-) Not sure when my schedule will allow me to get to it.

from puppet-snmp.

I'm trying to fix it, is there any reason to keep ro_network and rw_network parameters ? They make the template writing a bit more complicated. Can we consider those elements can be parts of ro_community and rw_community strings if needed ?

from puppet-snmp.

Documentation has been updated in commit 84bab50. Is this helpful until I can get things refactored?

from puppet-snmp.

Just thought I'd point out that the view part of the config at #10 (comment) doubles up on the "view" command at the start of the lines.

from puppet-snmp.

This is fixed in razorsedge/snmp version 3.3.1.

from puppet-snmp.