voxpupuli · razorsedge · Dec 28, 2014 · Oct 30, 2014 · Oct 30, 2014 · Oct 30, 2014
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ Actions:
 
 OS Support:
 
-* RedHat family  - tested on CentOS 5.9 and CentOS 6.4
+* RedHat family  - tested on CentOS 5.9, CentOS 6.6, and CentOS 7.0
 * SuSE family    - tested on SLES 11 SP1
 * Debian family  - tested on Ubuntu 12.04.2 LTS, Debian 6.0.7, and Debian 7.0
 * FreeBSD family - tested on FreeBSD 9.2-RELEASE, FreeBSD 10.0-RELEASE
@@ -30,12 +30,13 @@ Class documentation is available via puppetdoc.
 Examples
 --------
 
-To install the SNMP service:
+To install the SNMP service listening on all IPv4 and IPv6 interfaces:
 
 ```puppet
 class { 'snmp':
-  agentaddress => [ 'udp:161', ],
+  agentaddress => [ 'udp:161', 'udp6:161' ],
   com2sec      => [ 'notConfigUser 10.20.30.40/32 SeCrEt' ],
+  come2sec6    => [ 'notConfiguser fd48:45d7:f49b:cb0f::1/128 SeCrEt' ],
   contact      => '[email protected]',
   location     => 'Phoenix, AZ',
 }
@@ -100,15 +101,17 @@ snmp::snmpv3_user { 'myuser':
 Notes
 -----
 
-* Only tested on CentOS 5.9, CentOS 6.4, Ubuntu 12.04.2 LTS, Debian squeeze, and
-  Debian wheezy x86_64.
+* By default the SNMP service now listens on BOTH the IPv4 and IPv6 loopback
+  addresses.
+* Only tested on CentOS 5.9, CentOS 6.6, CentOS 7.0, Ubuntu 12.04.2 LTS, Debian
+  squeeze, and Debian wheezy x86_64.
 * SNMPv3 user auth is not yet tested on Debian or Suse osfamilies.
 * There is a bug on Debian squeeze of net-snmp's status script. If snmptrapd is
   not running the status script returns 'not running' so puppet restarts the
   snmpd service. The following is a workaround: `class { 'snmp':
   service_hasstatus => false, trap_service_hasstatus => false, }`
 * For security reasons, the SNMP daemons are configured to listen on the loopback
-  interface (127.0.0.1).  Use `agentaddress` and `snmptrapdaddr` to change this
+  interfaces (127.0.0.1 and [::1]).  Use `agentaddress` and `snmptrapdaddr` to change this
   configuration.
 * [Traditional Access
   Control](http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAK) is not fully

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -6,29 +6,45 @@
 #
 # [*agentaddress*]
 #   An array of addresses, on which snmpd will listen for queries.
-#   Default: [ udp:127.0.0.1:161 ]
+#   Default: [ udp:127.0.0.1:161, udp6:[::1]:161 ]
 #
 # [*snmptrapdaddr*]
 #   An array of addresses, on which snmptrapd will listen to receive incoming
 #   SNMP notifications.
-#   Default: [ udp:127.0.0.1:162 ]
+#   Default: [ udp:127.0.0.1:162, udp6:[::1]:162 ]
 #
 # [*ro_community*]
 #   Read-only (RO) community string for snmptrap daemon.
 #   Default: public
 #
+# [*ro_community6*]
+#   Read-only (RO) community string for IPv6.
+#   Default: public
+#
 # [*rw_community*]
 #   Read-write (RW) community string.
 #   Default: none
 #
+# [*rw_community6*]
+#   Read-write (RW) community string for IPv6.
+#   Default: none
+#
 # [*ro_network*]
 #   Network that is allowed to RO query the daemon.
 #   Default: 127.0.0.1
 #
+# [*ro_network6*]
+#   Network that is allowed to RO query the daemon via IPv6.
+#   Default: ::1/128
+#
 # [*rw_network*]
 #   Network that is allowed to RW query the daemon.
 #   Default: 127.0.0.1
 #
+# [*rw_network6*]
+#   Network that is allowed to RW query the daemon via IPv6.
+#   Default: ::1/128
+#
 # [*contact*]
 #   Responsible person for the SNMP system.
 #   Default: Unknown
@@ -51,6 +67,12 @@
 #   See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details.
 #   Default: [ "notConfigUser default public" ]
 #
+# [*com2sec6*]
+#   An array of VACM com2sec6 mappings.
+#   Must provide SECNAME, SOURCE and COMMUNITY.
+#   See http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL for details.
+#   Default: [ "notConfigUser default ${ro_community}" ]
+#
 # [*groups*]
 #   An array of VACM group mappings.
 #   Must provide GROUP, {v1|v2c|usm|tsm|ksm}, SECNAME.
@@ -226,14 +248,19 @@
   $agentaddress            = $snmp::params::agentaddress,
   $snmptrapdaddr           = $snmp::params::snmptrapdaddr,
   $ro_community            = $snmp::params::ro_community,
+  $ro_community6           = $snmp::params::ro_community6,
   $rw_community            = $snmp::params::rw_community,
+  $rw_community6           = $snmp::params::rw_community6,
   $ro_network              = $snmp::params::ro_network,
+  $ro_network6             = $snmp::params::ro_network6,
   $rw_network              = $snmp::params::rw_network,
+  $rw_network6             = $snmp::params::rw_network6,
   $contact                 = $snmp::params::contact,
   $location                = $snmp::params::location,
   $sysname                 = $snmp::params::sysname,
   $services                = $snmp::params::services,
   $com2sec                 = $snmp::params::com2sec,
+  $com2sec6                = $snmp::params::com2sec6,
   $groups                  = $snmp::params::groups,
   $views                   = $snmp::params::views,
   $accesses                = $snmp::params::accesses,

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -17,34 +17,54 @@
   # If we have a top scope variable defined, use it, otherwise fall back to a
   # hardcoded value.
   $agentaddress = $::snmp_agentaddress ? {
-    undef   => [ 'udp:127.0.0.1:161' ],
+    undef   => [ 'udp:127.0.0.1:161', 'udp6:[::1]:161' ],
     default => $::snmp_agentaddress,
   }
 
   $snmptrapdaddr = $::snmp_snmptrapdaddr ? {
-    undef   => [ 'udp:127.0.0.1:162' ],
+    undef   => [ 'udp:127.0.0.1:162', 'udp6:[::1]:162' ],
     default => $::snmp_snmptrapdaddr,
   }
 
   $ro_community = $::snmp_ro_community ? {
     undef   => 'public',
     default => $::snmp_ro_community,
   }
+
+  $ro_community6 = $::snmp_ro_community6 ? {
+    undef   => 'public',
+    default => $::snmp_ro_community6,
+  }
 
   $rw_community = $::snmp_rw_community ? {
     undef   => undef,
     default => $::snmp_rw_community,
   }
+
+  $rw_community6 = $::snmp_rw_community6 ? {
+    undef   => undef,
+    default => $::snmp_rw_community6,
+  }
 
   $ro_network = $::snmp_ro_network ? {
     undef   => '127.0.0.1',
     default => $::snmp_ro_network,
   }
 
+  $ro_network6 = $::snmp_ro_network6 ? {
+    undef   => '::1',
+    default => $::snmp_ro_network6,
+  }
+
   $rw_network = $::snmp_rw_network ? {
     undef   => '127.0.0.1',
     default => $::snmp_rw_network,
   }
+
+  $rw_network6 = $::snmp_rw_network6 ? {
+    undef   => '::1',
+    default => $::snmp_rw_network6,
+  }
 
   $contact = $::snmp_contact ? {
     undef   => 'Unknown',
@@ -68,6 +88,13 @@
     default => $::snmp_com2sec,
   }
 
+  $com2sec6 = $::snmp_com2sec6 ? {
+    undef   => [
+      "notConfigUser  default       public",
+    ],
+    default => $::snmp_com2sec6,
+  }
+
   $groups = $::snmp_groups ? {
     undef   => [
       'notConfigGroup v1            notConfigUser',

diff --git a/spec/classes/snmp_init_spec.rb b/spec/classes/snmp_init_spec.rb
@@ -62,9 +62,11 @@
         # TODO add more contents for File[snmpd.conf]
         it 'should contain File[snmpd.conf] with expected contents' do
           verify_contents(subject, 'snmpd.conf', [
-            'agentaddress udp:127.0.0.1:161',
+            'agentaddress udp:127.0.0.1:161,udp6:[::1]:161',
             '#rocommunity public 127.0.0.1',
+            '#rocommunity6 public ::1',
             'com2sec notConfigUser  default       public',
+            'com2sec6 notConfigUser  default       public',
             'group   notConfigGroup v1            notConfigUser',
             'group   notConfigGroup v2c           notConfigUser',
             'view    systemview    included   .1.3.6.1.2.1.1',
@@ -177,9 +179,11 @@
         # TODO add more contents for File[snmpd.conf]
         it 'should contain File[snmpd.conf] with expected contents' do
           verify_contents(subject, 'snmpd.conf', [
-            'agentaddress udp:127.0.0.1:161',
+            'agentaddress udp:127.0.0.1:161,udp6:[::1]:161',
             '#rocommunity public 127.0.0.1',
+            '#rocommunity6 public ::1',
             'com2sec notConfigUser  default       public',
+            'com2sec6 notConfigUser  default       public',
             'group   notConfigGroup v1            notConfigUser',
             'group   notConfigGroup v2c           notConfigUser',
             'view    systemview    included   .1.3.6.1.2.1.1',
@@ -279,9 +283,11 @@
         # TODO add more contents for File[snmpd.conf]
         it 'should contain File[snmpd.conf] with expected contents' do
           verify_contents(subject, 'snmpd.conf', [
-            'agentaddress udp:127.0.0.1:161',
+            'agentaddress udp:127.0.0.1:161,udp6:[::1]:161',
             '#rocommunity public 127.0.0.1',
+            '#rocommunity6 public ::1',
             'com2sec notConfigUser  default       public',
+            'com2sec6 notConfigUser  default       public',
             'group   notConfigGroup v1            notConfigUser',
             'group   notConfigGroup v2c           notConfigUser',
             'view    systemview    included   .1.3.6.1.2.1.1',
@@ -386,9 +392,11 @@
         # TODO add more contents for File[snmpd.conf]
         it 'should contain File[snmpd.conf] with expected contents' do
           verify_contents(subject, 'snmpd.conf', [
-            'agentaddress udp:127.0.0.1:161',
+            'agentaddress udp:127.0.0.1:161,udp6:[::1]:161',
             '#rocommunity public 127.0.0.1',
+            '#rocommunity6 public ::1',
             'com2sec notConfigUser  default       public',
+            'com2sec6 notConfigUser  default       public',
             'group   notConfigGroup v1            notConfigUser',
             'group   notConfigGroup v2c           notConfigUser',
             'view    systemview    included   .1.3.6.1.2.1.1',
@@ -583,6 +591,15 @@
       end
     end
 
+    describe 'com2sec6 => [ SomeString ]' do
+      let(:params) {{ :com2sec6 => [ 'SomeString', ] }}
+      it 'should contain File[snmpd.conf] with contents "com2sec6 SomeString"' do
+        verify_contents(subject, 'snmpd.conf', [
+          'com2sec6 SomeString',
+        ])
+      end
+    end
+
     describe 'groups => [ SomeString ]' do
       let(:params) {{ :groups => [ 'SomeString', ] }}
       it 'should contain File[snmpd.conf] with contents "groups SomeString"' do

diff --git a/templates/snmpd.conf.erb b/templates/snmpd.conf.erb
@@ -15,9 +15,13 @@ agentaddress <%= @agentaddress.join(',') %>
 # ------------------------------------------------------------------------------
 # Traditional Access Control
 #rocommunity <%= @ro_community %> <%= @ro_network %>
+#rocommunity6 <%= @ro_community6 %> <%= @ro_network6 %>
 <% if @rw_community -%>
 #rwcommunity <%= @rw_community %> <%= @rw_network %>
 <% end -%>
+<% if @rw_community6 -%>
+#rwcommmunity6 <%= @rw_community6 %> <%= @rw_network6 %>
+<% end -%>
 
 # ------------------------------------------------------------------------------
 # VACM Configuration
@@ -28,6 +32,12 @@ com2sec <%= com2sec %>
 <% end -%>
 <% end -%>
 
+<% if @com2sec6.any? -%>
+<% @com2sec6.each do |com2sec6| -%>
+com2sec6 <%= com2sec6 %>
+<% end -%>
+<% end -%>
+
 #       groupName      securityModel securityName
 <% if @groups.any? -%>
 <% @groups.each do |group| -%>