feat(vrouter): SNMP configuration vyos/vyatta

Adds ability to turn on and configure snmp via the vrouter app
for vyos or vyatta hosts.

Author: nblair2

src/go/app/vrouter.go

@@ -51,6 +51,19 @@ type DHCPConfig struct {
 	Static       map[string]string `mapstructure:"staticAssignments"`
 }
 
+type SNMPConfig struct {
+	ListenAddr  string `mapstructure:"listenAddress"`
+	SystemName  string `mapstructure:"systemName"`
+	Location    string `mapstructure:"location"`
+	Contact     string `mapstructure:"contact"`
+	Communities []struct {
+		Name          string   `mapstructure:"name"`
+		Authorization string   `mapstructure:"authorization"`
+		Clients       []string `mapstructure:"clients"`
+		TrapTargets   []string `mapstructure:"trapTargets"`
+	} `mapstructure:"communities"`
+}
+
 type Emulator struct {
 	Ingress    []string `mapstructure:"ingress"`
 	Egress     []string `mapstructure:"egress"`
@@ -247,6 +260,13 @@ func (this *Vrouter) PreStart(ctx context.Context, exp *types.Experiment) error
 							data["emulators"] = emulators
 						}
 
+						snmp, err := this.processSNMP(md)
+						if err != nil {
+							return fmt.Errorf("processing SNMP metadata for host %s: %w", host.Hostname(), err)
+						}
+
+						data["snmp"] = snmp
+
 						sources, destinations, err := this.processNAT(md, node.Network().Interfaces())
 						if err != nil {
 							return fmt.Errorf("processing NAT metadata for host %s: %w", host.Hostname(), err)
@@ -258,6 +278,8 @@ func (this *Vrouter) PreStart(ctx context.Context, exp *types.Experiment) error
 						break
 					}
 				}
+
+				break
 			}
 		}
 
@@ -702,6 +724,32 @@ func (this *Vrouter) processIPSec(md map[string]interface{}, nets []ifaces.NodeN
 	return &ipsec, nil
 }
 
+func (Vrouter) processSNMP(md map[string]interface{}) (*SNMPConfig, error) {
+	raw, ok := md["snmp"]
+	if !ok {
+		return nil, nil
+	}
+
+	var snmp SNMPConfig
+	if err := mapstructure.Decode(raw, &snmp); err != nil {
+		return nil, fmt.Errorf("decoding SNMP config: %w", err)
+	}
+
+	for cidx := range snmp.Communities {
+		community := &snmp.Communities[cidx]
+		if community.Name == "" {
+			return nil, fmt.Errorf("snmp community at index %d must include a name", cidx)
+		}
+
+	}
+
+	if snmp.ListenAddr == "" && snmp.SystemName == "" && snmp.Location == "" && snmp.Contact == "" && len(snmp.Communities) == 0 {
+		return nil, nil
+	}
+
+	return &snmp, nil
+}
+
 func (this *Vrouter) processNAT(md map[string]interface{}, nets []ifaces.NodeNetworkInterface) ([]NATRule, []NATRule, error) {
 	var (
 		sources      []NATRule

src/go/tmpl/templates/vyatta.tmpl

@@ -4,6 +4,7 @@
 {{- $vyos := index . "vyos" -}}
 {{- $passwd := index . "passwd" -}}
 {{- $ssh := index . "ssh" -}}
+{{- $snmp := index . "snmp" -}}
 {{- $emulators := index . "emulators" -}}
 {{- $snat := index . "snat" -}}
 {{- $dnat := index . "dnat" -}}
@@ -221,14 +222,47 @@ set vpn ipsec site-to-site peer {{ $site.Peer }} tunnel {{ $idx }} remote prefix
         {{- end }}
     {{- end }}
 # -------------------------------- Services -------------------------------
+# SSH
     {{- if $ssh }}
 set service ssh listen-address {{ $ssh }}
     {{- end }}
+# NTP
     {{- if $ntpAddr }}
 set service ntp server {{ $ntpAddr }} prefer
     {{- else }}
 delete service ntp
     {{- end }}
+# SNMP
+    {{- if $snmp }}
+        {{- if $snmp.ListenAddr }}
+set service snmp listen-address {{ $snmp.ListenAddr }}
+        {{- end }}
+        {{- if $snmp.Contact }}
+set service snmp contact '{{ $snmp.Contact }}'
+        {{- end }}
+        {{- if $snmp.Location }}
+set service snmp location '{{ $snmp.Location }}'
+        {{- end }}
+        {{- if $snmp.SystemName }}
+set service snmp description '{{ $snmp.SystemName }}'
+        {{- end }}
+        {{- range $community := $snmp.Communities }}
+            {{- if $community.Name }}
+set service snmp community '{{ $community.Name }}'
+                {{- if $community.Authorization }}
+set service snmp community '{{ $community.Name }}' authorization {{ $community.Authorization }}
+                {{- else }}
+set service snmp community '{{ $community.Name }}' authorization ro
+                {{- end }}
+                {{- range $client := $community.Clients }}
+set service snmp community '{{ $community.Name }}' client {{ $client }}
+                {{- end }}
+                {{- range $target := $community.TrapTargets }}
+set service snmp trap-target {{ $target }} community '{{ $community.Name }}'
+                {{- end }}
+            {{- end }}
+        {{- end }}
+    {{- end }}
 # --------------------------------- System --------------------------------
 set system host-name {{ $node.RouterName }}
 commit
@@ -552,11 +586,48 @@ vpn {
     {{- end }}
 }
 
-    {{- if $ssh }}
+    {{- if or $ssh $snmp }}
 service {
+        {{- if $ssh }}
     ssh {
         listen-address {{ $ssh }}
     }
+        {{- end}}
+        {{- if $snmp }}
+    snmp {
+            {{- if $snmp.ListenAddr }}
+        listen-address {{ $snmp.ListenAddr }}
+            {{- end }}
+            {{- if $snmp.Contact }}
+        contact "{{ $snmp.Contact }}"
+            {{- end }}
+            {{- if $snmp.Location }}
+        location "{{ $snmp.Location }}"
+            {{- end }}
+            {{- if $snmp.SystemName }}
+        description "{{ $snmp.SystemName }}"
+            {{- end }}
+            {{- range $community := $snmp.Communities }}
+                {{- if $community.Name }}
+        community {{ $community.Name }} {
+                    {{- if $community.Authorization }}
+            authorization {{ $community.Authorization }}
+                    {{- else }}
+            authorization ro
+                    {{- end }}
+                    {{- range $client := $community.Clients }}
+            client {{ $client }}
+                    {{- end }}
+        }
+                    {{- range $target := $community.TrapTargets }}
+        trap-target {{ $target }} {
+            community "{{ $community.Name }}"
+        }
+                    {{- end }}
+                {{- end }}
+            {{- end }}
+    }
+        {{- end}}
 }
     {{- end }}