oxidized 0.19.0 → 0.20.0

data/extra/auto-reload-config.runit

@@ -2,7 +2,7 @@
 
 if [ -z "$CONFIG_RELOAD_INTERVAL" ]; then
     # Just stop and do nothing
-    read
+    sleep infinity
 fi
 
 while true; do

data/extra/oxidized.init

@@ -14,12 +14,12 @@
 
 set -e
 
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/home/sts/oxidized/bin/oxidized
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+DAEMON=$(which oxidized)
 NAME="oxidized"
 DESC="Oxidized - Network Device Configuration Backup Tool"
 ARGS=""
-USER="sts"
+USER="oxidized"
 
 test -x $DAEMON || exit 0
 

data/extra/update-ca-certificates.runit

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ "$UPDATE_CA_CERTIFICATES" == "true" ]; then
+    update-ca-certificates
+fi
+
+sleep infinity

data/lib/oxidized/config.rb

@@ -28,8 +28,10 @@ module Oxidized
       asetus.default.retries       = 3
       asetus.default.prompt        = /^([\w.@-]+[#>]\s?)$/
       asetus.default.rest          = '127.0.0.1:8888' # or false to disable
-      asetus.default.vars          = {}             # could be 'enable'=>'enablePW'
-      asetus.default.groups        = {}             # group level configuration
+      asetus.default.next_adds_job = false            # if true, /next adds job, so device is fetched immmeiately
+      asetus.default.vars          = {}               # could be 'enable'=>'enablePW'
+      asetus.default.groups        = {}               # group level configuration
+      asetus.default.models        = {}               # model level configuration
       asetus.default.pid           = File.join(Oxidized::Config::Root, 'pid')
 
       asetus.default.input.default    = 'ssh, telnet'

data/lib/oxidized/config/vars.rb

@@ -8,8 +8,12 @@ module Oxidized::Config::Vars
         r ||= Oxidized.config.groups[@node.group].vars[name.to_s]
       end
     end
+    if Oxidized.config.models.has_key?(@node.model.class.name.to_s.downcase)
+      if Oxidized.config.models[@node.model.class.name.to_s.downcase].vars.has_key?(name.to_s)
+        r ||= Oxidized.config.models[@node.model.class.name.to_s.downcase].vars[name.to_s]
+      end
+    end
     r ||= Oxidized.config.vars[name.to_s] if Oxidized.config.vars.has_key?(name.to_s)
     r
   end
 end
-

data/lib/oxidized/hook/exec.rb

@@ -67,6 +67,7 @@ class Exec < Oxidized::Hook
     if ctx.node
       env.merge!(
         "OX_NODE_NAME" => ctx.node.name.to_s,
+        "OX_NODE_IP" => ctx.node.ip.to_s,
         "OX_NODE_FROM" => ctx.node.from.to_s,
         "OX_NODE_MSG" => ctx.node.msg.to_s,
         "OX_NODE_GROUP" => ctx.node.group.to_s,

data/lib/oxidized/hook/slackdiff.rb

@@ -0,0 +1,34 @@
+require 'slack'
+
+class SlackDiff < Oxidized::Hook
+  def validate_cfg!
+    raise KeyError, 'hook.token is required' unless cfg.has_key?('token')
+    raise KeyError, 'hook.channel is required' unless cfg.has_key?('channel')
+  end
+
+  def run_hook(ctx)
+    if ctx.node
+      if ctx.event.to_s == "post_store"
+        log "Connecting to slack"
+        Slack.configure do |config|
+           config.token = cfg.token
+           config.proxy = cfg.proxy if cfg.has_key?('proxy')
+        end
+        client = Slack::Client.new
+        client.auth_test
+        log "Connected"
+        gitoutput = ctx.node.output.new
+        diff = gitoutput.get_diff ctx.node, ctx.node.group, ctx.commitref, nil
+        title = "#{ctx.node.name.to_s} #{ctx.node.group.to_s} #{ctx.node.model.class.name.to_s.downcase}"
+        log "Posting diff as snippet to #{cfg.channel}"
+        client.files_upload(channels: cfg.channel, as_user: true,
+                             content: diff[:patch].lines.to_a[4..-1].join,
+                             filetype: "diff",
+                             title: title,
+                             filename: "change"
+                            )
+        log "Finished"
+      end
+    end
+  end
+end

data/lib/oxidized/input/ssh.rb

@@ -25,7 +25,10 @@ module Oxidized
       @log = File.open(Oxidized::Config::Log + "/#{@node.ip}-ssh", 'w') if Oxidized.config.input.debug?
       port = vars(:ssh_port) || 22
       if proxy_host = vars(:ssh_proxy)
-        proxy =  Net::SSH::Proxy::Command.new("ssh #{proxy_host} -W %h:%p")
+        proxy_command =  "ssh "
+        proxy_command += "-o StrictHostKeyChecking=no " unless secure
+        proxy_command += "#{proxy_host} -W %h:%p"
+        proxy =  Net::SSH::Proxy::Command.new(proxy_command)
       end
       ssh_opts = {
         :port => port.to_i,

data/lib/oxidized/model/aireos.rb

@@ -44,7 +44,7 @@ class Aireos < Oxidized::Model
     out = []
     cfg.each_line do |line|
       next if line.match /^\s*$/
-      next if line.match /rogue adhoc alert [\da-f]{2}:/
+      next if line.match /rogue (adhoc|client) (alert|Unknown) [\da-f]{2}:/
       line = line[1..-1] if line[0] == "\r"
       out << line.strip
     end

data/lib/oxidized/model/airos.rb

@@ -1,14 +1,19 @@
 class Airos < Oxidized::Model
   # Ubiquiti AirOS circa 5.x
-  
+
   prompt /^[^#]+# /
-  
+  comment '# '
+
   cmd 'cat /etc/board.info' do |cfg|
     cfg.split("\n").map { |line| "# #{line}" }.join("\n") + "\n"
   end
-  
+
+  cmd 'cat /etc/version' do |cfg|
+    comment "airos version: #{cfg}"
+  end
+
   cmd 'sort /tmp/system.cfg'
-  
+
   cmd :secret do |cfg|
     cfg.gsub! /^(users\.\d+\.password|snmp\.community)=.+/, "# \\1=<hidden>"
     cfg

data/lib/oxidized/model/alvarion.rb

@@ -8,6 +8,8 @@ class Alvarion < Oxidized::Model
   end
 
 
-  cfg :tftp {}
+  cfg :tftp do
+
+  end
 
 end

data/lib/oxidized/model/aosw.rb

@@ -1,45 +1,61 @@
 class AOSW < Oxidized::Model
 
-  # AOSW Aruba Wireless
+  # AOSW Aruba Wireless, IAP, Instant Controller and Mobility Access Switches
   # Used in Alcatel OAW-4750 WLAN controller
   # Also Dell controllers
+  
+  # HPE Aruba Switches should use a different model as the software is based on the HP Procurve line.
+  
+  # Support for IAP & Instant Controller tested with 115, 205, 215 & 325 running 6.4.4.8-4.2.4.5_57965
+  # Support for Mobility Access Switches tested with S2500-48P & S2500-24P running 7.4.1.4_54199 and S2500-24P running 7.4.1.7_57823
+  # All IAPs connected to a Instant Controller will have the same config output. Only the controller needs to be monitored. 
 
   comment  '# '
-  prompt /^\([^)]+\) [#>]/
+  prompt /^\(?.+\)?\s?[#>]/
 
   cmd :all do |cfg|
     cfg.each_line.to_a[1..-2].join
   end
 
   cmd :secret do |cfg|
+    cfg.gsub!(/secret (\S+)$/, 'secret <secret removed>')
+    cfg.gsub!(/enable secret (\S+)$/, 'enable secret <secret removed>')
     cfg.gsub!(/PRE-SHARE (\S+)$/, 'PRE-SHARE <secret removed>')
     cfg.gsub!(/ipsec (\S+)$/, 'ipsec <secret removed>')
     cfg.gsub!(/community (\S+)$/, 'community <secret removed>')
     cfg.gsub!(/ sha (\S+)/, ' sha <secret removed>')
     cfg.gsub!(/ des (\S+)/, ' des <secret removed>')
     cfg.gsub!(/mobility-manager (\S+) user (\S+) (\S+)/, 'mobility-manager \1 user \2 <secret removed>')
-    cfg.gsub!(/mgmt-user (\S+) (\S+) (\S+)$/, 'mgmt-user \1 \2 <secret removed>')
+    cfg.gsub!(/mgmt-user (\S+) (root|guest\-provisioning|network\-operations|read\-only|location\-api\-mgmt) (\S+)$/, 'mgmt-user \1 \2 <secret removed>') #MAS & Wireless Controler 
+    cfg.gsub!(/mgmt-user (\S+) (\S+)( (read\-only|guest\-mgmt))?$/, 'mgmt-user \1 <secret removed> \3') #IAP 
+#MAS format: mgmt-user <username> <accesslevel> <password hash>
+#IAP format (root user): mgmt-user <username> <password hash>
+#IAP format: mgmt-user <username> <password hash> <access level>
     cfg.gsub!(/key (\S+)$/, 'key <secret removed>')
-    cfg.gsub!(/secret (\S+)$/, 'secret <secret removed>')
     cfg.gsub!(/wpa-passphrase (\S+)$/, 'wpa-passphrase <secret removed>')
     cfg.gsub!(/bkup-passwords (\S+)$/, 'bkup-passwords <secret removed>')
+    cfg.gsub!(/user (\S+) (\S+) (\S+)$/, 'user \1 <secret removed> \3')
+    cfg.gsub!(/virtual-controller-key (\S+)$/, 'virtual-controller-key <secret removed>')
     cfg
   end
 
   cmd 'show version' do |cfg|
-    cfg = cfg.each_line.select { |line| not line.match /Switch uptime/i }
+    cfg = cfg.each_line.select { |line| not line.match /(Switch|AP) uptime/i }
     rstrip_cfg comment cfg.join
   end
 
   cmd 'show inventory' do |cfg|
+    cfg = "" if cfg.match /(Invalid input detected at '\^' marker|Parse error)/ #Don't show for unsupported devices (IAP and MAS)
     rstrip_cfg clean cfg
   end
 
   cmd 'show slots' do |cfg|
+    cfg = "" if cfg.match /(Invalid input detected at '\^' marker|Parse error)/ #Don't show for unsupported devices (IAP and MAS)
     rstrip_cfg comment cfg
   end
 
   cmd 'show license' do |cfg|
+    cfg = "" if cfg.match /(Invalid input detected at '\^' marker|Parse error)/ #Don't show for unsupported devices (IAP and MAS)
     rstrip_cfg comment cfg
   end
 
@@ -90,7 +106,7 @@ class AOSW < Oxidized::Model
       next if line.match /Output \d Config/i
       next if line.match /(Tachometers|Temperatures|Voltages)/
       next if line.match /((Card|CPU) Temperature|Chassis Fan|VMON1[0-9])/
-      next if line.match /[0-9]+ (RPMS?|m?V|C)/i
+      next if line.match /[0-9]+\s+(RPMS?|m?V|C)/i
       out << line.strip
     end
     out = comment out.join "\n"

data/lib/oxidized/model/asa.rb

@@ -13,9 +13,10 @@ class ASA < Oxidized::Model
   cmd :secret do |cfg|
     cfg.gsub! /enable password (\S+) (.*)/, 'enable password <secret hidden> \2'
     cfg.gsub! /username (\S+) password (\S+) (.*)/, 'username \1 password <secret hidden> \3'
-    cfg.gsub! /ikev2 pre-shared-key (\S+)/, 'ikev2 pre-shared-key <secret hidden>'
-    cfg.gsub! /ikev2 (remote|local)-authentication pre-shared-key (\S+)/, 'ikev2 \1-authentication pre-shared-key <secret hidden>'
+    cfg.gsub! /(ikev[12] ((remote|local)-authentication )?pre-shared-key) (\S+)/, '\1 <secret hidden>'
     cfg.gsub! /^(aaa-server TACACS\+? \(\S+\) host.*\n\skey) \S+$/mi, '\1 <secret hidden>'
+    cfg.gsub! /ldap-login-password (\S+)/, 'ldap-login-password <secret hidden>'
+    cfg.gsub! /^snmp-server host (.*) community (\S+)/, 'snmp-server host \1 community <secret hidden>'
     cfg
   end
 

data/lib/oxidized/model/cisconga.rb

@@ -0,0 +1,19 @@
+class CiscoNGA < Oxidized::Model
+
+  comment '# '
+  prompt /([\w.@-]+[#>]\s?)$/
+
+  cmd 'show version' do |cfg|
+    comment cfg
+  end
+
+  cmd 'show configuration' do |cfg|
+    cfg
+  end
+  
+  cfg :ssh do
+    post_login 'terminal length 0'
+    pre_logout 'exit'
+  end
+
+end

data/lib/oxidized/model/comware.rb

@@ -18,6 +18,12 @@ class Comware < Oxidized::Model
     cfg.each_line.to_a[1..-2].join
   end
  
+  cmd :secret do |cfg|
+    cfg.gsub! /^( snmp-agent community).*/, '\\1 <configuration removed>'
+    cfg.gsub! /^( password hash).*/, '\\1 <configuration removed>'
+    cfg
+  end
+
   cfg :telnet do
     username /^Username:$/
     password /^Password:$/

data/lib/oxidized/model/cumulus.rb

@@ -32,7 +32,10 @@ class Cumulus < Oxidized::Model
     
     cfg += add_comment 'IP Routes'
     cfg += cmd 'netstat -rn'
-
+    
+    cfg += add_comment 'SNMP settings'
+    cfg += cmd 'cat /etc/snmp/snmpd.conf'
+    
     cfg += add_comment 'QUAGGA DAEMONS'
     cfg += cmd 'cat /etc/quagga/daemons'
     
@@ -48,21 +51,30 @@ class Cumulus < Oxidized::Model
     cfg += add_comment 'QUAGGA OSPF6'
     cfg += cmd 'cat /etc/quagga/ospf6d.conf'
     
+    cfg += add_comment 'QUAGGA CONF'
+    cfg += cmd 'cat /etc/quagga/Quagga.conf'
+    
     cfg += add_comment 'MOTD'
     cfg += cmd 'cat /etc/motd'
     
     cfg += add_comment 'PASSWD'
     cfg += cmd 'cat /etc/passwd'
     
-    cfg += add_comment ' SWITCHD'
+    cfg += add_comment 'SWITCHD'
     cfg += cmd 'cat /etc/cumulus/switchd.conf'
     
+    cfg += add_comment 'PORTS'
+    cfg += cmd 'cat /etc/cumulus/ports.conf'
+    
+    cfg += add_comment 'TRAFFIC'
+    cfg += cmd 'cat /etc/cumulus/datapath/traffic.conf'
+   	
     cfg += add_comment 'ACL'
     cfg += cmd 'iptables -L -n'
     
     cfg += add_comment 'VERSION'
     cfg += cmd 'cat /etc/cumulus/etc.replace/os-release'
-
+    
     cfg += add_comment 'License'
     cfg += cmd 'cl-license'
     

data/lib/oxidized/model/fabricos.rb

@@ -7,10 +7,11 @@ class FabricOS < Oxidized::Model
   comment  '# '
 
   cmd 'chassisShow' do |cfg|
-    comment cfg
+    comment cfg.each_line.reject { |line| line.match /Time Awake:/ or line.match /Power Usage \(Watts\):/ or line.match /Time Alive:/ or line.match /Update:/ }.join
   end
 
   cmd 'configShow -all' do |cfg|
+    cfg = cfg.each_line.reject { |line| line.match /date = /}.join
     cfg
   end
 

data/lib/oxidized/model/fiberdriver.rb

@@ -11,6 +11,10 @@ class FiberDriver < Oxidized::Model
 
   cmd "show running-config" do |cfg|
     cfg.each_line.to_a[3..-1].join
+    cfg.gsub! /^Building configuration.*$/, ''
+    cfg.gsub! /^Current configuration:.*$$/, ''
+    cfg.gsub! /^! Configuration saved on .*$/, ''
+    cfg
   end
 
   cfg :ssh do

data/lib/oxidized/model/firewareos.rb

@@ -1,12 +1,18 @@
 class FirewareOS < Oxidized::Model
 
-  prompt /^\[?\w*\]?\w*<?\w*>?#\s*$/
+  prompt /^([\w.@-]+[#>]\s?)$/
   comment  '-- '
 
   cmd :all do |cfg|
     cfg.each_line.to_a[1..-2].join
   end
 
+  # Handle Logon Disclaimer added in XTM 11.9.3
+  expect /^I have read and accept the Logon Disclaimer message. \(yes or no\)\? $/ do |data, re|
+    send "yes\n"
+    data.sub re, ''
+  end
+
   cmd 'show sysinfo' do |cfg|
     # avoid commits due to uptime
     cfg = cfg.each_line.select { |line| not line.match /(.*time.*)|(.*memory.*)|(.*cpu.*)/ }

data/lib/oxidized/model/fortios.rb

@@ -14,6 +14,12 @@ class FortiOS < Oxidized::Model
     new_cfg << cfg.each_line.to_a[1..-2].map { |line| line.gsub(/(conf_file_ver=)(.*)/, '\1<stripped>\3') }.join
   end
 
+  cmd :secret do |cfg|
+    cfg.gsub! /(set (?:passwd|password|psksecret|secret|key ENC)).*/, '\\1 <configuration removed>'
+    cfg.gsub! /(set private-key).*-+END ENCRYPTED PRIVATE KEY-*"$/m , '\\1 <configuration removed>'
+    cfg
+  end
+
   cmd 'get system status' do |cfg|
     @vdom_enabled = cfg.include? 'Virtual domain configuration: enable'
     cfg.gsub!(/(System time: )(.*)/, '\1<stripped>\3')
@@ -25,14 +31,18 @@ class FortiOS < Oxidized::Model
     cfg << cmd('config global') if @vdom_enabled
 
     cfg << cmd('get hardware status') do |cfg|
-      comment cfg
+       comment cfg
     end
 
-    cfg << cmd('diagnose autoupdate version') do |cfg|
-      comment cfg
+    #default behaviour: include autoupdate output (backwards compatibility)
+    #do not include if variable "show_autoupdate" is set to false
+    if  defined?(vars(:fortios_autoupdate)).nil? || vars(:fortios_autoupdate)
+       cfg << cmd('diagnose autoupdate version') do |cfg|
+          comment cfg.each_line.reject { |line| line.match /Last Update|Result/ }.join
+       end
     end
 
-    cfg << cmd('end') if @vdom_enabled
+cfg << cmd('end') if @vdom_enabled
 
     cfg << cmd('show')
     cfg.join "\n"
@@ -48,3 +58,4 @@ class FortiOS < Oxidized::Model
   end
 
 end
+

data/lib/oxidized/model/ios.rb

@@ -19,21 +19,96 @@ class IOS < Oxidized::Model
   cmd :all do |cfg|
     #cfg.gsub! /\cH+\s{8}/, ''         # example how to handle pager
     #cfg.gsub! /\cH+/, ''              # example how to handle pager
+    # get rid of errors for commands that don't work on some devices
+    cfg.gsub! /^% Invalid input detected at '\^' marker\.$|^\s+\^$/, ''
     cfg.each_line.to_a[1..-2].join
   end
 
   cmd :secret do |cfg|
     cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>'
-    cfg.gsub! /username (\S+) privilege (\d+) (\S+).*/, '<secret hidden>'
-    cfg.gsub! /^username \S+ password \d \S+/, '<secret hidden>'
-    cfg.gsub! /^enable password \d \S+/, '<secret hidden>'
-    cfg.gsub! /wpa-psk ascii \d \S+/, '<secret hidden>'
-    cfg.gsub! /^tacacs-server key \d \S+/, '<secret hidden>'
+    cfg.gsub! /^(username \S+ privilege \d+) (\S+).*/, '\\1 <secret hidden>'
+    cfg.gsub! /^(username \S+ password \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(username \S+ secret \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(enable (password|secret) \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(\s+(?:password|secret)) (?:\d )?\S+/, '\\1 <secret hidden>'
+    cfg.gsub! /^(.*wpa-psk ascii \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(.*key 7) (\d.+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(tacacs-server key \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(crypto isakmp key) (\S+) (.*)/, '\\1 <secret hidden> \\3'
     cfg
   end
 
   cmd 'show version' do |cfg|
-    comment cfg.lines.first
+    comments = []
+    comments << cfg.lines.first
+    lines = cfg.lines
+    lines.each_with_index do |line,i|
+        slave = ''
+        slaveslot = ''
+
+        if line.match /^Slave in slot (\d+) is running/
+            slave = " Slave:";
+            slaveslot = ", slot #{$1}";
+        end
+
+        if line.match /^Compiled (.*)$/
+            comments << "Image:#{slave} Compiled: #{$1}"
+        end
+
+        if line.match /^(?:Cisco )?IOS .* Software,? \(([A-Za-z0-9_-]*)\), .*Version\s+(.*)$/
+            comments << "Image:#{slave} Software: #{$1}, #{$2}"
+        end
+
+        if line.match /^ROM: (IOS \S+ )?(System )?Bootstrap.*(Version.*)$/
+            comments << "ROM Bootstrap: #{$3}"
+        end
+
+        if line.match /^BOOTFLASH: .*(Version.*)$/
+            comments << "BOOTFLASH: #{$1}"
+        end
+
+        if line.match /^(\d+[kK]) bytes of (non-volatile|NVRAM)/
+            comments << "Memory: nvram #{$1}"
+        end
+
+        if line.match /^(\d+[kK]) bytes of (flash memory|flash internal|processor board System flash|ATA CompactFlash)/i
+            comments << "Memory: flash #{$1}"
+        end
+
+        if line.match (/^(\d+[kK]) bytes of (Flash|ATA)?.*PCMCIA .*(slot|disk) ?(\d)/i)
+            comments << "Memory: pcmcia #{$2} #{$3}#{$4} #{$1}";
+        end
+
+        if line.match /(\S+(?:\sseries)?)\s+(?:\((\S+)\)\s+processor|\(revision[^)]+\)).*\s+with (\S+k) bytes/i
+            sproc = $1
+            cpu = $2
+            mem = $3
+            cpuxtra = ''
+            comments << "Chassis type:#{slave} #{sproc}";
+            comments << "Memory:#{slave} main #{mem}";
+            # check the next two lines for more CPU info
+            if cfg.lines[i+1].match /processor board id (\S+)/i
+                comments << "Processor ID: #{$1}";
+            end
+            if cfg.lines[i+2].match /(cpu at |processor: |#{cpu} processor,)/i
+                # change implementation to impl and prepend comma
+                cpuxtra = cfg.lines[i+2].gsub(/implementation/,'impl').gsub(/^/,', ').chomp;
+            end
+            comments << "CPU:#{slave} #{cpu}#{cpuxtra}#{slaveslot}";
+        end
+
+        if line.match /^System image file is "([^\"]*)"$/
+            comments << "Image: #{$1}"
+        end
+    end
+    comments << "\n"
+    comment comments.join "\n"
+  end
+
+  cmd 'show vtp status' do |cfg|
+    cfg.gsub! /^$\n/, ''
+    cfg.gsub! /^/, 'VTP: ' if (!cfg.empty?)
+    comment "#{cfg}\n"
   end
 
   cmd 'show inventory' do |cfg|
@@ -56,8 +131,6 @@ class IOS < Oxidized::Model
   end
 
   cfg :telnet, :ssh do
-    post_login 'terminal length 0'
-    post_login 'terminal width 0'
     # preferred way to handle additional passwords
     if vars :enable
       post_login do
@@ -65,6 +138,8 @@ class IOS < Oxidized::Model
         cmd vars(:enable)
       end
     end
+    post_login 'terminal length 0'
+    post_login 'terminal width 0'
     pre_logout 'exit'
   end