How to configure SNMPv3 with `auth_passphrase` and `priv_passphrase`?

[TheRealBecks]

SUMMARY

I'm already using SNMPv3 as a manual configuration on my EOS 24.x devices. I now want to use Ansible for this configuration task:

- name: SNMP test
  tags:
    - snmp_test
  arista.eos.eos_snmp_server:
    state: "rendered"
    config:
      engineid:
        local: f5717f444ca827484900
      groups:
        - group: read-only-group
          version: v3
          auth_privacy: priv
          read: read-all-view
      hosts:
        - host: 192.0.2.1
          version: 3 priv
          user: monitoring
      users:
        - user: monitoring
          group: read-only-group
          version: v3
          localized:
            engineid: f5717f444ca827484900
            algorithm: sha
            auth_passphrase: authtest1234
            encryption: aes
            priv_passphrase: privtest1234
      views:
        - view: read-all-view
          mib: iso
          action: included
      vrfs:
        - vrf: mgmt

I tested two approaches: 1) With plaintext passwords for auth_passphrase and priv_passphrase: The commands get inserted and my monitoring host can poll the hosts - it's workin! :)

2) As first step I tried to insert the SNMPv3 auth/priv-config manually onto the devices, but then my monitoring host can't poll the device anymore. When inserting the configuration with plaintext passwords I can see that the SHA1 hashes and AES128 keys change every time (and therefore are different on all my devices), so they seem to be salted. It's also not working when I copy the previously secured config from a device, execute no snmp-server and insert it once again. The salt key seems to be gone and therefore the hash and key don't work anymore.

What do I need to do to configure the YAML file with the correct values? Do you have a working example?

ISSUE TYPE

• Documentation Report

COMPONENT NAME

eos_snmp_server