cisco.intersight.intersight_snmp_policy module – SNMP Policy configuration for Cisco Intersight

Note

This module is part of the cisco.intersight collection (version 2.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.intersight.

To use it in a playbook, specify: cisco.intersight.intersight_snmp_policy.

Synopsis

  • Manages SNMP Policy configuration on Cisco Intersight.

  • A policy to configure SNMP settings for Cisco Intersight managed servers.

  • Supports both SNMPv2c and SNMPv3 configurations with users, traps, and community strings.

  • For more information see Cisco Intersight.

Parameters

Parameter

Comments

access_community_string

string

The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host.

The name can be 32 characters long.

Used with SNMPv2c access only.

api_key_id

string / required

Public API Key ID associated with the private key.

If not set, the value of the INTERSIGHT_API_KEY_ID environment variable is used.

api_private_key

path / required

Filename (absolute path) or string of PEM formatted private key data to be used for Intersight API authentication.

If a string is used, Ansible vault should be used to encrypt string data.

Ex. ansible-vault encrypt_string –vault-id tme@/Users/dsoper/Documents/vault_password_file ‘—–BEGIN EC PRIVATE KEY—–

<your private key data>

—–END EC PRIVATE KEY—–’

If not set, the value of the INTERSIGHT_API_PRIVATE_KEY environment variable is used.

api_uri

string

URI used to access the Intersight API.

If not set, the value of the INTERSIGHT_API_URI environment variable is used.

Default: "https://intersight.com/api/v1"

community_access

string

Controls access to the information in the inventory tables.

Applicable only for SNMPv2c users.

For SNMPv3, this is always set to Disabled.

For SNMPv2c, valid choices are Disabled, Limited, and Full.

Required when enabled is true.

Choices:

  • "Disabled" ← (default)

  • "Limited"

  • "Full"

description

aliases: descr

string

The user-defined description for the SNMP Policy.

Description can contain letters(a-z, A-Z), numbers(0-9), hyphen(-), period(.), colon(:), or an underscore(_).

enabled

boolean

State of the SNMP Policy on the endpoint.

If enabled, the endpoint sends SNMP traps to the designated host.

Choices:

  • false

  • true ← (default)

engine_input_id

string

User-defined unique identification of the static engine.

Used with SNMPv3 only.

name

string / required

The name assigned to the SNMP Policy.

The name must be between 1 and 62 alphanumeric characters, allowing special characters :-_.

organization

string

The name of the Organization this resource is assigned to.

Profiles, Policies, and Pools that are created within a Custom Organization are applicable only to devices in the same Organization.

Default: "default"

snmp_port

integer

Port on which Cisco IMC SNMP agent runs. Enter a value between 1-65535.

Reserved ports not allowed (22, 23, 80, 123, 389, 443, 623, 636, 2068, 3268, 3269).

Default: 161

snmp_traps

list / elements=dictionary

List of SNMP trap destinations.

community

string

SNMP community group used for sending SNMP trap to other devices.

Applicable only for SNMP v2c.

destination

string / required

IP address or hostname of the trap destination.

enabled

boolean

Enables/disables the trap on the server If enabled, trap is active on the server.

Choices:

  • false

  • true ← (default)

port

integer

Port number for the trap destination.

Default: 162

type

string

Type of trap which decides whether to receive a notification when a trap is received at the destination.

Note that ‘Inform’ is only supported for V2 traps, V3 traps only support ‘Trap’ type.

Choices:

  • "Trap" ← (default)

  • "Inform"

user

string

SNMP user for the trap.

Applicable only to SNMPv3.

version

string / required

SNMP version for the trap.

Choices:

  • "V2"

  • "V3"

snmp_users

list / elements=dictionary

List of SNMP users for SNMPv3 authentication.

auth_password

string / required

Authorization password for the user.

Required when security_level is AuthPriv or AuthNoPriv.

name

string / required

SNMP username.

Must have a minimum of 1 and and a maximum of 31 characters.

privacy_password

string

Privacy password for the SNMP user.

Required when security_level is AuthPriv.

security_level

string

Security mechanism used for communication between agent and manager.

Choices:

  • "AuthPriv" ← (default)

  • "AuthNoPriv"

state

string

If present, will verify the resource is present and will create if needed.

If absent, will verify the resource is absent and will delete if needed.

Choices:

  • "present" ← (default)

  • "absent"

sys_contact

string

Contact person responsible for the SNMP implementation.

Enter a string up to 64 characters, such as an email address or a name and telephone number.

Required when enabled is true.

sys_location

string

Location of the host on which the SNMP agent (server) runs.

Required when enabled is true.

tags

list / elements=dictionary

List of tags in Key:<user-defined key> Value:<user-defined value> format.

trap_community

string

SNMP community group used for sending SNMP trap to other devices.

Valid only for SNMPv2c users.

use_proxy

boolean

If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.

Choices:

  • false

  • true ← (default)

v2c_enabled

boolean

State of the SNMPv2c protocol.

When enabled, SNMPv2c access is available for the associated servers.

Choices:

  • false

  • true ← (default)

v3_enabled

boolean

State of the SNMPv3 protocol.

When enabled, SNMPv3 access is available for the associated servers.

Choices:

  • false

  • true ← (default)

validate_certs

boolean

Boolean control for verifying the api_uri TLS certificate

Choices:

  • false

  • true ← (default)

Examples

- name: Create SNMP Policy with SNMPv2 and SNMPv3 enabled
  cisco.intersight.intersight_snmp_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    organization: "default"
    name: "mixed-snmp-policy"
    description: "SNMP policy with both v2 and v3 enabled"
    enabled: true
    v2c_enabled: true
    v3_enabled: true
    snmp_port: 161
    sys_contact: "[email protected]"
    sys_location: "Data Center A"
    community_access: "Full"
    access_community_string: "public"
    trap_community: "trapcomm"
    engine_input_id: "custom-engine-id"
    snmp_users:
      - name: "admin"
        security_level: "AuthPriv"
        auth_password: "authpassword123"
        privacy_password: "privpassword123"
      - name: "readonly"
        security_level: "AuthNoPriv"
        auth_password: "readonlypass123"
    snmp_traps:
      - enabled: true
        version: "V2"
        community: "trapcomm"
        type: "Trap"
        destination: "192.168.1.100"
        port: 162
      - enabled: true
        version: "V3"
        user: "admin"
        type: "Trap"
        destination: "192.168.1.101"
        port: 162
    tags:
      - Key: "Environment"
        Value: "Production"
    state: present

- name: Create SNMP Policy with only SNMPv3 enabled
  cisco.intersight.intersight_snmp_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    name: "v3-only-snmp-policy"
    description: "SNMP policy with only v3 enabled"
    enabled: true
    v2c_enabled: false
    v3_enabled: true
    snmp_port: 161
    sys_contact: "[email protected]"
    sys_location: "Data Center B"
    engine_input_id: "v3-engine-id"
    snmp_users:
      - name: "v3user"
        security_level: "AuthPriv"
        auth_password: "v3authpass123"
        privacy_password: "v3privpass123"
    state: present

- name: Create SNMP Policy with only SNMPv2 enabled
  cisco.intersight.intersight_snmp_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    name: "v2-only-snmp-policy"
    description: "SNMP policy with only v2 enabled"
    enabled: true
    v2c_enabled: true
    v3_enabled: false
    snmp_port: 161
    sys_contact: "[email protected]"
    sys_location: "Data Center C"
    community_access: "Limited"
    access_community_string: "readonly"
    trap_community: "v2traps"
    state: present

- name: Create disabled SNMP Policy
  cisco.intersight.intersight_snmp_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    name: "disabled-snmp-policy"
    description: "Disabled SNMP policy"
    enabled: false
    state: present

- name: Delete SNMP Policy
  cisco.intersight.intersight_snmp_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    name: "mixed-snmp-policy"
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

api_repsonse

dictionary

The API response output returned by the specified resource.

Returned: always

Sample: {"api_response": {"AccessCommunityString": "public", "CommunityAccess": "Full", "Enabled": true, "EngineId": "custom-engine-id", "Name": "mixed-snmp-policy", "ObjectType": "snmp.Policy", "SnmpPort": 161, "SnmpTraps": [{"Community": "trapcomm", "Destination": "192.168.1.100", "Enabled": true, "Port": 162, "Type": "Trap", "Version": "V2"}], "SnmpUsers": [{"AuthType": "SHA", "IsAuthPasswordSet": true, "IsPrivacyPasswordSet": true, "Name": "admin", "PrivacyType": "AES", "SecurityLevel": "AuthPriv"}], "SysContact": "admin@example.com", "SysLocation": "Data Center A", "Tags": [{"Key": "Environment", "Value": "Production"}], "TrapCommunity": "trapcomm", "V2Enabled": true, "V3Enabled": true}}

Authors

  • Ron Gershburg (@rgershbu)