Convert SNMP configuration to composable services format

Change-Id: I7265b0781acefd4a0de687b0465144e57bcc079f
Partially-Implements: blueprint composable-services-within-roles

9 files changed, 35 insertions, 74 deletions

diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index e4fc8a0b..ba5b1eb8 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -161,6 +161,7 @@ resource_registry:
   OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml
   OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml
   OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml
+  OS::TripleO::Services::Snmp: puppet/services/snmp.yaml
 
 parameter_defaults:
   EnablePackageInstall: false
diff --git a/overcloud.yaml b/overcloud.yaml
index 0abc512d..6f64b204 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -258,14 +258,6 @@ parameters:
     description: The password for Redis
     type: string
     hidden: true
-  SnmpdReadonlyUserName:
-    default: ro_snmp_user
-    description: The user name for SNMPd with readonly rights running on all Overcloud nodes
-    type: string
-  SnmpdReadonlyUserPassword:
-    description: The user password for SNMPd with readonly rights running on all Overcloud nodes
-    type: string
-    hidden: true
   StorageVirtualFixedIPs:
     default: []
     description: >
@@ -589,6 +581,7 @@ parameters:
       - OS::TripleO::Services::Ntp
       - OS::TripleO::Services::SwiftProxy
       - OS::TripleO::Services::SwiftStorage
+      - OS::TripleO::Services::Snmp
     description: A list of service resources (configured in the Heat
                  resource_registry) which represent nested stacks
                  for each service that should get installed on the Controllers.
@@ -598,6 +591,7 @@ parameters:
     default:
       - OS::TripleO::Services::NovaCompute
       - OS::TripleO::Services::Ntp
+      - OS::TripleO::Services::Snmp
     description: A list of service resources (configured in the Heat
                  resource_registry) which represent nested stacks
                  for each service that should get installed on the Compute Nodes.
@@ -655,6 +649,7 @@ parameters:
     default:
       - OS::TripleO::Services::Ntp
       - OS::TripleO::Services::SwiftStorage
+      - OS::TripleO::Services::Snmp
     description: A list of service resources (configured in the Heat
                  resource_registry) which represent nested stacks
                  for each service that should get installed on the ObjectStorage nodes.
@@ -873,8 +868,6 @@ resources:
           RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
           RabbitClientPort: {get_param: RabbitClientPort}
           RedisPassword: {get_param: RedisPassword}
-          SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
-          SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
           RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
           RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
           SwiftHashSuffix: {get_param: SwiftHashSuffix}
@@ -976,8 +969,6 @@ resources:
           RabbitUserName: {get_param: RabbitUserName}
           RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
           RabbitClientPort: {get_param: RabbitClientPort}
-          SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
-          SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
           ServiceNetMap: {get_param: ServiceNetMap}
           TimeZone: {get_param: TimeZone}
           EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 7a863252..1bc0e0f0 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -254,14 +254,6 @@ parameters:
     default: 5672
     description: Set rabbit subscriber port, change this if using SSL
     type: number
-  SnmpdReadonlyUserName:
-    default: ro_snmp_user
-    description: The user name for SNMPd with readonly rights running on all Overcloud nodes
-    type: string
-  SnmpdReadonlyUserPassword:
-    description: The user password for SNMPd with readonly rights running on all Overcloud nodes
-    type: string
-    hidden: true
   UpgradeLevelNovaCompute:
     type: string
     description: Nova Compute upgrade level
@@ -541,8 +533,6 @@ resources:
                 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
                 ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
                 ceilometer_compute_agent: {get_input: ceilometer_compute_agent}
-                snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
-                snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
                 nova::glance_api_servers: {get_input: glance_api_servers}
                 neutron::debug: {get_input: debug}
                 neutron::rabbit_password: {get_input: rabbit_password}
@@ -616,8 +606,6 @@ resources:
         ceilometer_password: {get_param: CeilometerPassword}
         ceilometer_compute_agent: {get_param: CeilometerComputeAgent}
         ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
-        snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
-        snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
         glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
         neutron_flat_networks:
           str_replace:
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 6e703b93..fba8ba18 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -326,14 +326,6 @@ parameters:
     type: string
     default: ''  # Has to be here because of the ignored empty value bug
     description: An IP address which is wrapped in brackets in case of IPv6
-  SnmpdReadonlyUserName:
-    default: ro_snmp_user
-    description: The user name for SNMPd with readonly rights running on all Overcloud nodes
-    type: string
-  SnmpdReadonlyUserPassword:
-    description: The user password for SNMPd with readonly rights running on all Overcloud nodes
-    type: string
-    hidden: true
   SwiftHashSuffix:
     description: A random string to be used as a salt when hashing to determine mappings
       in the ring.
@@ -697,8 +689,6 @@ resources:
         ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
         ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
         ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
-        snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
-        snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
         nova_enable_db_purge: {get_param: NovaEnableDBPurge}
         nova_ipv6: {get_param: NovaIPv6}
         corosync_ipv6: {get_param: CorosyncIPv6}
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index da84927e..f0987c7c 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -194,16 +194,6 @@ if hiera('step') >= 4 {
   include ::ceilometer::agent::compute
   include ::ceilometer::agent::auth
 
-  $snmpd_user = hiera('snmpd_readonly_user_name')
-  snmp::snmpv3_user { $snmpd_user:
-    authtype => 'MD5',
-    authpass => hiera('snmpd_readonly_user_password'),
-  }
-  class { '::snmp':
-    agentaddress => ['udp:161','udp6:[::1]:161'],
-    snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc  cron', 'includeAllDisks  10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
-  }
-
   hiera_include('compute_classes')
   package_manifest{ '/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present }
 
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 8c14f913..b79eca4a 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -294,16 +294,6 @@ if hiera('step') >= 4 {
       default: { fail('Unrecognized gnocchi_backend parameter.') }
   }
 
-  $snmpd_user = hiera('snmpd_readonly_user_name')
-  snmp::snmpv3_user { $snmpd_user:
-    authtype => 'MD5',
-    authpass => hiera('snmpd_readonly_user_password'),
-  }
-  class { '::snmp':
-    agentaddress => ['udp:161','udp6:[::1]:161'],
-    snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc  cron', 'includeAllDisks  10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
-  }
-
   hiera_include('controller_classes')
 
 } #END STEP 4
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 84a8cb66..e095c966 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -534,16 +534,6 @@ MYSQL_HOST=localhost\n",
     enabled        => false,
   }
 
-  $snmpd_user = hiera('snmpd_readonly_user_name')
-  snmp::snmpv3_user { $snmpd_user:
-    authtype => 'MD5',
-    authpass => hiera('snmpd_readonly_user_password'),
-  }
-  class { '::snmp':
-    agentaddress => ['udp:161','udp6:[::1]:161'],
-    snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc  cron', 'includeAllDisks  10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
-  }
-
   hiera_include('controller_classes')
 
 } #END STEP 4
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index 5b6a9e5b..cb0ea7c0 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -26,16 +26,6 @@ if hiera('step') >= 1 {
 }
 
 if hiera('step') >= 4 {
-  $snmpd_user = hiera('snmpd_readonly_user_name')
-  snmp::snmpv3_user { $snmpd_user:
-    authtype => 'MD5',
-    authpass => hiera('snmpd_readonly_user_password'),
-  }
-  class { '::snmp':
-    agentaddress => ['udp:161','udp6:[::1]:161'],
-    snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc  cron', 'includeAllDisks  10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
-  }
-
   hiera_include('object_classes')
 }
 
diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml
new file mode 100644
index 00000000..24ee2933
--- /dev/null
+++ b/puppet/services/snmp.yaml
@@ -0,0 +1,31 @@
+heat_template_version: 2016-04-08
+
+description: >
+  SNMP client configured with Puppet, to facilitate Ceilometer Hardware
+  monitoring in the undercloud. This service is required to enable hardware
+  monitoring.
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  SnmpdReadonlyUserName:
+    default: ro_snmp_user
+    description: The user name for SNMPd with readonly rights running on all Overcloud nodes
+    type: string
+  SnmpdReadonlyUserPassword:
+    description: The user password for SNMPd with readonly rights running on all Overcloud nodes
+    type: string
+    hidden: true
+
+outputs:
+  role_data:
+    description: Role data for the SNMP services
+    value:
+      config_settings:
+        snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
+        snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
+      step_config: |
+        include ::tripleo::profile::base::snmp