oxidized 0.19.0 → 0.20.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/Dockerfile +17 -2
- data/Gemfile +0 -1
- data/Gemfile.lock +10 -9
- data/README.md +205 -10
- data/extra/auto-reload-config.runit +1 -1
- data/extra/oxidized.init +3 -3
- data/extra/update-ca-certificates.runit +7 -0
- data/lib/oxidized/config.rb +4 -2
- data/lib/oxidized/config/vars.rb +5 -1
- data/lib/oxidized/hook/exec.rb +1 -0
- data/lib/oxidized/hook/slackdiff.rb +34 -0
- data/lib/oxidized/input/ssh.rb +4 -1
- data/lib/oxidized/model/aireos.rb +1 -1
- data/lib/oxidized/model/airos.rb +9 -4
- data/lib/oxidized/model/alvarion.rb +3 -1
- data/lib/oxidized/model/aosw.rb +22 -6
- data/lib/oxidized/model/asa.rb +3 -2
- data/lib/oxidized/model/cisconga.rb +19 -0
- data/lib/oxidized/model/comware.rb +6 -0
- data/lib/oxidized/model/cumulus.rb +15 -3
- data/lib/oxidized/model/fabricos.rb +2 -1
- data/lib/oxidized/model/fiberdriver.rb +4 -0
- data/lib/oxidized/model/firewareos.rb +7 -1
- data/lib/oxidized/model/fortios.rb +15 -4
- data/lib/oxidized/model/ios.rb +83 -8
- data/lib/oxidized/model/ironware.rb +5 -6
- data/lib/oxidized/model/junos.rb +3 -0
- data/lib/oxidized/model/mlnxos.rb +5 -1
- data/lib/oxidized/model/netgear.rb +32 -0
- data/lib/oxidized/model/nxos.rb +14 -1
- data/lib/oxidized/model/oneos.rb +58 -0
- data/lib/oxidized/model/opengear.rb +2 -0
- data/lib/oxidized/model/pfsense.rb +3 -2
- data/lib/oxidized/model/powerconnect.rb +1 -0
- data/lib/oxidized/model/procurve.rb +8 -3
- data/lib/oxidized/model/quantaos.rb +1 -1
- data/lib/oxidized/model/routeros.rb +8 -0
- data/lib/oxidized/model/saos.rb +3 -1
- data/lib/oxidized/model/siklu.rb +19 -0
- data/lib/oxidized/model/timos.rb +16 -0
- data/lib/oxidized/model/tplink.rb +65 -0
- data/lib/oxidized/model/voltaire.rb +56 -0
- data/lib/oxidized/model/voss.rb +33 -0
- data/lib/oxidized/model/zhoneolt.rb +52 -0
- data/lib/oxidized/node.rb +39 -10
- data/lib/oxidized/nodes.rb +2 -1
- data/lib/oxidized/output/gitcrypt.rb +244 -0
- data/lib/oxidized/source/csv.rb +10 -1
- data/lib/oxidized/source/http.rb +24 -7
- data/lib/oxidized/version.rb +1 -1
- data/lib/oxidized/worker.rb +3 -2
- data/oxidized.gemspec +2 -1
- metadata +29 -4
data/extra/oxidized.init
CHANGED
@@ -14,12 +14,12 @@
|
|
14
14
|
|
15
15
|
set -e
|
16
16
|
|
17
|
-
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
18
|
-
DAEMON
|
17
|
+
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
|
18
|
+
DAEMON=$(which oxidized)
|
19
19
|
NAME="oxidized"
|
20
20
|
DESC="Oxidized - Network Device Configuration Backup Tool"
|
21
21
|
ARGS=""
|
22
|
-
USER="
|
22
|
+
USER="oxidized"
|
23
23
|
|
24
24
|
test -x $DAEMON || exit 0
|
25
25
|
|
data/lib/oxidized/config.rb
CHANGED
@@ -28,8 +28,10 @@ module Oxidized
|
|
28
28
|
asetus.default.retries = 3
|
29
29
|
asetus.default.prompt = /^([\w.@-]+[#>]\s?)$/
|
30
30
|
asetus.default.rest = '127.0.0.1:8888' # or false to disable
|
31
|
-
asetus.default.
|
32
|
-
asetus.default.
|
31
|
+
asetus.default.next_adds_job = false # if true, /next adds job, so device is fetched immmeiately
|
32
|
+
asetus.default.vars = {} # could be 'enable'=>'enablePW'
|
33
|
+
asetus.default.groups = {} # group level configuration
|
34
|
+
asetus.default.models = {} # model level configuration
|
33
35
|
asetus.default.pid = File.join(Oxidized::Config::Root, 'pid')
|
34
36
|
|
35
37
|
asetus.default.input.default = 'ssh, telnet'
|
data/lib/oxidized/config/vars.rb
CHANGED
@@ -8,8 +8,12 @@ module Oxidized::Config::Vars
|
|
8
8
|
r ||= Oxidized.config.groups[@node.group].vars[name.to_s]
|
9
9
|
end
|
10
10
|
end
|
11
|
+
if Oxidized.config.models.has_key?(@node.model.class.name.to_s.downcase)
|
12
|
+
if Oxidized.config.models[@node.model.class.name.to_s.downcase].vars.has_key?(name.to_s)
|
13
|
+
r ||= Oxidized.config.models[@node.model.class.name.to_s.downcase].vars[name.to_s]
|
14
|
+
end
|
15
|
+
end
|
11
16
|
r ||= Oxidized.config.vars[name.to_s] if Oxidized.config.vars.has_key?(name.to_s)
|
12
17
|
r
|
13
18
|
end
|
14
19
|
end
|
15
|
-
|
data/lib/oxidized/hook/exec.rb
CHANGED
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'slack'
|
2
|
+
|
3
|
+
class SlackDiff < Oxidized::Hook
|
4
|
+
def validate_cfg!
|
5
|
+
raise KeyError, 'hook.token is required' unless cfg.has_key?('token')
|
6
|
+
raise KeyError, 'hook.channel is required' unless cfg.has_key?('channel')
|
7
|
+
end
|
8
|
+
|
9
|
+
def run_hook(ctx)
|
10
|
+
if ctx.node
|
11
|
+
if ctx.event.to_s == "post_store"
|
12
|
+
log "Connecting to slack"
|
13
|
+
Slack.configure do |config|
|
14
|
+
config.token = cfg.token
|
15
|
+
config.proxy = cfg.proxy if cfg.has_key?('proxy')
|
16
|
+
end
|
17
|
+
client = Slack::Client.new
|
18
|
+
client.auth_test
|
19
|
+
log "Connected"
|
20
|
+
gitoutput = ctx.node.output.new
|
21
|
+
diff = gitoutput.get_diff ctx.node, ctx.node.group, ctx.commitref, nil
|
22
|
+
title = "#{ctx.node.name.to_s} #{ctx.node.group.to_s} #{ctx.node.model.class.name.to_s.downcase}"
|
23
|
+
log "Posting diff as snippet to #{cfg.channel}"
|
24
|
+
client.files_upload(channels: cfg.channel, as_user: true,
|
25
|
+
content: diff[:patch].lines.to_a[4..-1].join,
|
26
|
+
filetype: "diff",
|
27
|
+
title: title,
|
28
|
+
filename: "change"
|
29
|
+
)
|
30
|
+
log "Finished"
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
data/lib/oxidized/input/ssh.rb
CHANGED
@@ -25,7 +25,10 @@ module Oxidized
|
|
25
25
|
@log = File.open(Oxidized::Config::Log + "/#{@node.ip}-ssh", 'w') if Oxidized.config.input.debug?
|
26
26
|
port = vars(:ssh_port) || 22
|
27
27
|
if proxy_host = vars(:ssh_proxy)
|
28
|
-
|
28
|
+
proxy_command = "ssh "
|
29
|
+
proxy_command += "-o StrictHostKeyChecking=no " unless secure
|
30
|
+
proxy_command += "#{proxy_host} -W %h:%p"
|
31
|
+
proxy = Net::SSH::Proxy::Command.new(proxy_command)
|
29
32
|
end
|
30
33
|
ssh_opts = {
|
31
34
|
:port => port.to_i,
|
@@ -44,7 +44,7 @@ class Aireos < Oxidized::Model
|
|
44
44
|
out = []
|
45
45
|
cfg.each_line do |line|
|
46
46
|
next if line.match /^\s*$/
|
47
|
-
next if line.match /rogue adhoc alert [\da-f]{2}:/
|
47
|
+
next if line.match /rogue (adhoc|client) (alert|Unknown) [\da-f]{2}:/
|
48
48
|
line = line[1..-1] if line[0] == "\r"
|
49
49
|
out << line.strip
|
50
50
|
end
|
data/lib/oxidized/model/airos.rb
CHANGED
@@ -1,14 +1,19 @@
|
|
1
1
|
class Airos < Oxidized::Model
|
2
2
|
# Ubiquiti AirOS circa 5.x
|
3
|
-
|
3
|
+
|
4
4
|
prompt /^[^#]+# /
|
5
|
-
|
5
|
+
comment '# '
|
6
|
+
|
6
7
|
cmd 'cat /etc/board.info' do |cfg|
|
7
8
|
cfg.split("\n").map { |line| "# #{line}" }.join("\n") + "\n"
|
8
9
|
end
|
9
|
-
|
10
|
+
|
11
|
+
cmd 'cat /etc/version' do |cfg|
|
12
|
+
comment "airos version: #{cfg}"
|
13
|
+
end
|
14
|
+
|
10
15
|
cmd 'sort /tmp/system.cfg'
|
11
|
-
|
16
|
+
|
12
17
|
cmd :secret do |cfg|
|
13
18
|
cfg.gsub! /^(users\.\d+\.password|snmp\.community)=.+/, "# \\1=<hidden>"
|
14
19
|
cfg
|
data/lib/oxidized/model/aosw.rb
CHANGED
@@ -1,45 +1,61 @@
|
|
1
1
|
class AOSW < Oxidized::Model
|
2
2
|
|
3
|
-
# AOSW Aruba Wireless
|
3
|
+
# AOSW Aruba Wireless, IAP, Instant Controller and Mobility Access Switches
|
4
4
|
# Used in Alcatel OAW-4750 WLAN controller
|
5
5
|
# Also Dell controllers
|
6
|
+
|
7
|
+
# HPE Aruba Switches should use a different model as the software is based on the HP Procurve line.
|
8
|
+
|
9
|
+
# Support for IAP & Instant Controller tested with 115, 205, 215 & 325 running 6.4.4.8-4.2.4.5_57965
|
10
|
+
# Support for Mobility Access Switches tested with S2500-48P & S2500-24P running 7.4.1.4_54199 and S2500-24P running 7.4.1.7_57823
|
11
|
+
# All IAPs connected to a Instant Controller will have the same config output. Only the controller needs to be monitored.
|
6
12
|
|
7
13
|
comment '# '
|
8
|
-
prompt /^\(
|
14
|
+
prompt /^\(?.+\)?\s?[#>]/
|
9
15
|
|
10
16
|
cmd :all do |cfg|
|
11
17
|
cfg.each_line.to_a[1..-2].join
|
12
18
|
end
|
13
19
|
|
14
20
|
cmd :secret do |cfg|
|
21
|
+
cfg.gsub!(/secret (\S+)$/, 'secret <secret removed>')
|
22
|
+
cfg.gsub!(/enable secret (\S+)$/, 'enable secret <secret removed>')
|
15
23
|
cfg.gsub!(/PRE-SHARE (\S+)$/, 'PRE-SHARE <secret removed>')
|
16
24
|
cfg.gsub!(/ipsec (\S+)$/, 'ipsec <secret removed>')
|
17
25
|
cfg.gsub!(/community (\S+)$/, 'community <secret removed>')
|
18
26
|
cfg.gsub!(/ sha (\S+)/, ' sha <secret removed>')
|
19
27
|
cfg.gsub!(/ des (\S+)/, ' des <secret removed>')
|
20
28
|
cfg.gsub!(/mobility-manager (\S+) user (\S+) (\S+)/, 'mobility-manager \1 user \2 <secret removed>')
|
21
|
-
cfg.gsub!(/mgmt-user (\S+) (
|
29
|
+
cfg.gsub!(/mgmt-user (\S+) (root|guest\-provisioning|network\-operations|read\-only|location\-api\-mgmt) (\S+)$/, 'mgmt-user \1 \2 <secret removed>') #MAS & Wireless Controler
|
30
|
+
cfg.gsub!(/mgmt-user (\S+) (\S+)( (read\-only|guest\-mgmt))?$/, 'mgmt-user \1 <secret removed> \3') #IAP
|
31
|
+
#MAS format: mgmt-user <username> <accesslevel> <password hash>
|
32
|
+
#IAP format (root user): mgmt-user <username> <password hash>
|
33
|
+
#IAP format: mgmt-user <username> <password hash> <access level>
|
22
34
|
cfg.gsub!(/key (\S+)$/, 'key <secret removed>')
|
23
|
-
cfg.gsub!(/secret (\S+)$/, 'secret <secret removed>')
|
24
35
|
cfg.gsub!(/wpa-passphrase (\S+)$/, 'wpa-passphrase <secret removed>')
|
25
36
|
cfg.gsub!(/bkup-passwords (\S+)$/, 'bkup-passwords <secret removed>')
|
37
|
+
cfg.gsub!(/user (\S+) (\S+) (\S+)$/, 'user \1 <secret removed> \3')
|
38
|
+
cfg.gsub!(/virtual-controller-key (\S+)$/, 'virtual-controller-key <secret removed>')
|
26
39
|
cfg
|
27
40
|
end
|
28
41
|
|
29
42
|
cmd 'show version' do |cfg|
|
30
|
-
cfg = cfg.each_line.select { |line| not line.match /Switch uptime/i }
|
43
|
+
cfg = cfg.each_line.select { |line| not line.match /(Switch|AP) uptime/i }
|
31
44
|
rstrip_cfg comment cfg.join
|
32
45
|
end
|
33
46
|
|
34
47
|
cmd 'show inventory' do |cfg|
|
48
|
+
cfg = "" if cfg.match /(Invalid input detected at '\^' marker|Parse error)/ #Don't show for unsupported devices (IAP and MAS)
|
35
49
|
rstrip_cfg clean cfg
|
36
50
|
end
|
37
51
|
|
38
52
|
cmd 'show slots' do |cfg|
|
53
|
+
cfg = "" if cfg.match /(Invalid input detected at '\^' marker|Parse error)/ #Don't show for unsupported devices (IAP and MAS)
|
39
54
|
rstrip_cfg comment cfg
|
40
55
|
end
|
41
56
|
|
42
57
|
cmd 'show license' do |cfg|
|
58
|
+
cfg = "" if cfg.match /(Invalid input detected at '\^' marker|Parse error)/ #Don't show for unsupported devices (IAP and MAS)
|
43
59
|
rstrip_cfg comment cfg
|
44
60
|
end
|
45
61
|
|
@@ -90,7 +106,7 @@ class AOSW < Oxidized::Model
|
|
90
106
|
next if line.match /Output \d Config/i
|
91
107
|
next if line.match /(Tachometers|Temperatures|Voltages)/
|
92
108
|
next if line.match /((Card|CPU) Temperature|Chassis Fan|VMON1[0-9])/
|
93
|
-
next if line.match /[0-9]+
|
109
|
+
next if line.match /[0-9]+\s+(RPMS?|m?V|C)/i
|
94
110
|
out << line.strip
|
95
111
|
end
|
96
112
|
out = comment out.join "\n"
|
data/lib/oxidized/model/asa.rb
CHANGED
@@ -13,9 +13,10 @@ class ASA < Oxidized::Model
|
|
13
13
|
cmd :secret do |cfg|
|
14
14
|
cfg.gsub! /enable password (\S+) (.*)/, 'enable password <secret hidden> \2'
|
15
15
|
cfg.gsub! /username (\S+) password (\S+) (.*)/, 'username \1 password <secret hidden> \3'
|
16
|
-
cfg.gsub! /
|
17
|
-
cfg.gsub! /ikev2 (remote|local)-authentication pre-shared-key (\S+)/, 'ikev2 \1-authentication pre-shared-key <secret hidden>'
|
16
|
+
cfg.gsub! /(ikev[12] ((remote|local)-authentication )?pre-shared-key) (\S+)/, '\1 <secret hidden>'
|
18
17
|
cfg.gsub! /^(aaa-server TACACS\+? \(\S+\) host.*\n\skey) \S+$/mi, '\1 <secret hidden>'
|
18
|
+
cfg.gsub! /ldap-login-password (\S+)/, 'ldap-login-password <secret hidden>'
|
19
|
+
cfg.gsub! /^snmp-server host (.*) community (\S+)/, 'snmp-server host \1 community <secret hidden>'
|
19
20
|
cfg
|
20
21
|
end
|
21
22
|
|
@@ -0,0 +1,19 @@
|
|
1
|
+
class CiscoNGA < Oxidized::Model
|
2
|
+
|
3
|
+
comment '# '
|
4
|
+
prompt /([\w.@-]+[#>]\s?)$/
|
5
|
+
|
6
|
+
cmd 'show version' do |cfg|
|
7
|
+
comment cfg
|
8
|
+
end
|
9
|
+
|
10
|
+
cmd 'show configuration' do |cfg|
|
11
|
+
cfg
|
12
|
+
end
|
13
|
+
|
14
|
+
cfg :ssh do
|
15
|
+
post_login 'terminal length 0'
|
16
|
+
pre_logout 'exit'
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
@@ -18,6 +18,12 @@ class Comware < Oxidized::Model
|
|
18
18
|
cfg.each_line.to_a[1..-2].join
|
19
19
|
end
|
20
20
|
|
21
|
+
cmd :secret do |cfg|
|
22
|
+
cfg.gsub! /^( snmp-agent community).*/, '\\1 <configuration removed>'
|
23
|
+
cfg.gsub! /^( password hash).*/, '\\1 <configuration removed>'
|
24
|
+
cfg
|
25
|
+
end
|
26
|
+
|
21
27
|
cfg :telnet do
|
22
28
|
username /^Username:$/
|
23
29
|
password /^Password:$/
|
@@ -32,7 +32,10 @@ class Cumulus < Oxidized::Model
|
|
32
32
|
|
33
33
|
cfg += add_comment 'IP Routes'
|
34
34
|
cfg += cmd 'netstat -rn'
|
35
|
-
|
35
|
+
|
36
|
+
cfg += add_comment 'SNMP settings'
|
37
|
+
cfg += cmd 'cat /etc/snmp/snmpd.conf'
|
38
|
+
|
36
39
|
cfg += add_comment 'QUAGGA DAEMONS'
|
37
40
|
cfg += cmd 'cat /etc/quagga/daemons'
|
38
41
|
|
@@ -48,21 +51,30 @@ class Cumulus < Oxidized::Model
|
|
48
51
|
cfg += add_comment 'QUAGGA OSPF6'
|
49
52
|
cfg += cmd 'cat /etc/quagga/ospf6d.conf'
|
50
53
|
|
54
|
+
cfg += add_comment 'QUAGGA CONF'
|
55
|
+
cfg += cmd 'cat /etc/quagga/Quagga.conf'
|
56
|
+
|
51
57
|
cfg += add_comment 'MOTD'
|
52
58
|
cfg += cmd 'cat /etc/motd'
|
53
59
|
|
54
60
|
cfg += add_comment 'PASSWD'
|
55
61
|
cfg += cmd 'cat /etc/passwd'
|
56
62
|
|
57
|
-
cfg += add_comment '
|
63
|
+
cfg += add_comment 'SWITCHD'
|
58
64
|
cfg += cmd 'cat /etc/cumulus/switchd.conf'
|
59
65
|
|
66
|
+
cfg += add_comment 'PORTS'
|
67
|
+
cfg += cmd 'cat /etc/cumulus/ports.conf'
|
68
|
+
|
69
|
+
cfg += add_comment 'TRAFFIC'
|
70
|
+
cfg += cmd 'cat /etc/cumulus/datapath/traffic.conf'
|
71
|
+
|
60
72
|
cfg += add_comment 'ACL'
|
61
73
|
cfg += cmd 'iptables -L -n'
|
62
74
|
|
63
75
|
cfg += add_comment 'VERSION'
|
64
76
|
cfg += cmd 'cat /etc/cumulus/etc.replace/os-release'
|
65
|
-
|
77
|
+
|
66
78
|
cfg += add_comment 'License'
|
67
79
|
cfg += cmd 'cl-license'
|
68
80
|
|
@@ -7,10 +7,11 @@ class FabricOS < Oxidized::Model
|
|
7
7
|
comment '# '
|
8
8
|
|
9
9
|
cmd 'chassisShow' do |cfg|
|
10
|
-
comment cfg
|
10
|
+
comment cfg.each_line.reject { |line| line.match /Time Awake:/ or line.match /Power Usage \(Watts\):/ or line.match /Time Alive:/ or line.match /Update:/ }.join
|
11
11
|
end
|
12
12
|
|
13
13
|
cmd 'configShow -all' do |cfg|
|
14
|
+
cfg = cfg.each_line.reject { |line| line.match /date = /}.join
|
14
15
|
cfg
|
15
16
|
end
|
16
17
|
|
@@ -11,6 +11,10 @@ class FiberDriver < Oxidized::Model
|
|
11
11
|
|
12
12
|
cmd "show running-config" do |cfg|
|
13
13
|
cfg.each_line.to_a[3..-1].join
|
14
|
+
cfg.gsub! /^Building configuration.*$/, ''
|
15
|
+
cfg.gsub! /^Current configuration:.*$$/, ''
|
16
|
+
cfg.gsub! /^! Configuration saved on .*$/, ''
|
17
|
+
cfg
|
14
18
|
end
|
15
19
|
|
16
20
|
cfg :ssh do
|
@@ -1,12 +1,18 @@
|
|
1
1
|
class FirewareOS < Oxidized::Model
|
2
2
|
|
3
|
-
prompt
|
3
|
+
prompt /^([\w.@-]+[#>]\s?)$/
|
4
4
|
comment '-- '
|
5
5
|
|
6
6
|
cmd :all do |cfg|
|
7
7
|
cfg.each_line.to_a[1..-2].join
|
8
8
|
end
|
9
9
|
|
10
|
+
# Handle Logon Disclaimer added in XTM 11.9.3
|
11
|
+
expect /^I have read and accept the Logon Disclaimer message. \(yes or no\)\? $/ do |data, re|
|
12
|
+
send "yes\n"
|
13
|
+
data.sub re, ''
|
14
|
+
end
|
15
|
+
|
10
16
|
cmd 'show sysinfo' do |cfg|
|
11
17
|
# avoid commits due to uptime
|
12
18
|
cfg = cfg.each_line.select { |line| not line.match /(.*time.*)|(.*memory.*)|(.*cpu.*)/ }
|
@@ -14,6 +14,12 @@ class FortiOS < Oxidized::Model
|
|
14
14
|
new_cfg << cfg.each_line.to_a[1..-2].map { |line| line.gsub(/(conf_file_ver=)(.*)/, '\1<stripped>\3') }.join
|
15
15
|
end
|
16
16
|
|
17
|
+
cmd :secret do |cfg|
|
18
|
+
cfg.gsub! /(set (?:passwd|password|psksecret|secret|key ENC)).*/, '\\1 <configuration removed>'
|
19
|
+
cfg.gsub! /(set private-key).*-+END ENCRYPTED PRIVATE KEY-*"$/m , '\\1 <configuration removed>'
|
20
|
+
cfg
|
21
|
+
end
|
22
|
+
|
17
23
|
cmd 'get system status' do |cfg|
|
18
24
|
@vdom_enabled = cfg.include? 'Virtual domain configuration: enable'
|
19
25
|
cfg.gsub!(/(System time: )(.*)/, '\1<stripped>\3')
|
@@ -25,14 +31,18 @@ class FortiOS < Oxidized::Model
|
|
25
31
|
cfg << cmd('config global') if @vdom_enabled
|
26
32
|
|
27
33
|
cfg << cmd('get hardware status') do |cfg|
|
28
|
-
|
34
|
+
comment cfg
|
29
35
|
end
|
30
36
|
|
31
|
-
|
32
|
-
|
37
|
+
#default behaviour: include autoupdate output (backwards compatibility)
|
38
|
+
#do not include if variable "show_autoupdate" is set to false
|
39
|
+
if defined?(vars(:fortios_autoupdate)).nil? || vars(:fortios_autoupdate)
|
40
|
+
cfg << cmd('diagnose autoupdate version') do |cfg|
|
41
|
+
comment cfg.each_line.reject { |line| line.match /Last Update|Result/ }.join
|
42
|
+
end
|
33
43
|
end
|
34
44
|
|
35
|
-
|
45
|
+
cfg << cmd('end') if @vdom_enabled
|
36
46
|
|
37
47
|
cfg << cmd('show')
|
38
48
|
cfg.join "\n"
|
@@ -48,3 +58,4 @@ class FortiOS < Oxidized::Model
|
|
48
58
|
end
|
49
59
|
|
50
60
|
end
|
61
|
+
|
data/lib/oxidized/model/ios.rb
CHANGED
@@ -19,21 +19,96 @@ class IOS < Oxidized::Model
|
|
19
19
|
cmd :all do |cfg|
|
20
20
|
#cfg.gsub! /\cH+\s{8}/, '' # example how to handle pager
|
21
21
|
#cfg.gsub! /\cH+/, '' # example how to handle pager
|
22
|
+
# get rid of errors for commands that don't work on some devices
|
23
|
+
cfg.gsub! /^% Invalid input detected at '\^' marker\.$|^\s+\^$/, ''
|
22
24
|
cfg.each_line.to_a[1..-2].join
|
23
25
|
end
|
24
26
|
|
25
27
|
cmd :secret do |cfg|
|
26
28
|
cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>'
|
27
|
-
cfg.gsub!
|
28
|
-
cfg.gsub! /^username \S+ password \d \S
|
29
|
-
cfg.gsub! /^
|
30
|
-
cfg.gsub!
|
31
|
-
cfg.gsub! /^
|
29
|
+
cfg.gsub! /^(username \S+ privilege \d+) (\S+).*/, '\\1 <secret hidden>'
|
30
|
+
cfg.gsub! /^(username \S+ password \d) (\S+)/, '\\1 <secret hidden>'
|
31
|
+
cfg.gsub! /^(username \S+ secret \d) (\S+)/, '\\1 <secret hidden>'
|
32
|
+
cfg.gsub! /^(enable (password|secret) \d) (\S+)/, '\\1 <secret hidden>'
|
33
|
+
cfg.gsub! /^(\s+(?:password|secret)) (?:\d )?\S+/, '\\1 <secret hidden>'
|
34
|
+
cfg.gsub! /^(.*wpa-psk ascii \d) (\S+)/, '\\1 <secret hidden>'
|
35
|
+
cfg.gsub! /^(.*key 7) (\d.+)/, '\\1 <secret hidden>'
|
36
|
+
cfg.gsub! /^(tacacs-server key \d) (\S+)/, '\\1 <secret hidden>'
|
37
|
+
cfg.gsub! /^(crypto isakmp key) (\S+) (.*)/, '\\1 <secret hidden> \\3'
|
32
38
|
cfg
|
33
39
|
end
|
34
40
|
|
35
41
|
cmd 'show version' do |cfg|
|
36
|
-
|
42
|
+
comments = []
|
43
|
+
comments << cfg.lines.first
|
44
|
+
lines = cfg.lines
|
45
|
+
lines.each_with_index do |line,i|
|
46
|
+
slave = ''
|
47
|
+
slaveslot = ''
|
48
|
+
|
49
|
+
if line.match /^Slave in slot (\d+) is running/
|
50
|
+
slave = " Slave:";
|
51
|
+
slaveslot = ", slot #{$1}";
|
52
|
+
end
|
53
|
+
|
54
|
+
if line.match /^Compiled (.*)$/
|
55
|
+
comments << "Image:#{slave} Compiled: #{$1}"
|
56
|
+
end
|
57
|
+
|
58
|
+
if line.match /^(?:Cisco )?IOS .* Software,? \(([A-Za-z0-9_-]*)\), .*Version\s+(.*)$/
|
59
|
+
comments << "Image:#{slave} Software: #{$1}, #{$2}"
|
60
|
+
end
|
61
|
+
|
62
|
+
if line.match /^ROM: (IOS \S+ )?(System )?Bootstrap.*(Version.*)$/
|
63
|
+
comments << "ROM Bootstrap: #{$3}"
|
64
|
+
end
|
65
|
+
|
66
|
+
if line.match /^BOOTFLASH: .*(Version.*)$/
|
67
|
+
comments << "BOOTFLASH: #{$1}"
|
68
|
+
end
|
69
|
+
|
70
|
+
if line.match /^(\d+[kK]) bytes of (non-volatile|NVRAM)/
|
71
|
+
comments << "Memory: nvram #{$1}"
|
72
|
+
end
|
73
|
+
|
74
|
+
if line.match /^(\d+[kK]) bytes of (flash memory|flash internal|processor board System flash|ATA CompactFlash)/i
|
75
|
+
comments << "Memory: flash #{$1}"
|
76
|
+
end
|
77
|
+
|
78
|
+
if line.match (/^(\d+[kK]) bytes of (Flash|ATA)?.*PCMCIA .*(slot|disk) ?(\d)/i)
|
79
|
+
comments << "Memory: pcmcia #{$2} #{$3}#{$4} #{$1}";
|
80
|
+
end
|
81
|
+
|
82
|
+
if line.match /(\S+(?:\sseries)?)\s+(?:\((\S+)\)\s+processor|\(revision[^)]+\)).*\s+with (\S+k) bytes/i
|
83
|
+
sproc = $1
|
84
|
+
cpu = $2
|
85
|
+
mem = $3
|
86
|
+
cpuxtra = ''
|
87
|
+
comments << "Chassis type:#{slave} #{sproc}";
|
88
|
+
comments << "Memory:#{slave} main #{mem}";
|
89
|
+
# check the next two lines for more CPU info
|
90
|
+
if cfg.lines[i+1].match /processor board id (\S+)/i
|
91
|
+
comments << "Processor ID: #{$1}";
|
92
|
+
end
|
93
|
+
if cfg.lines[i+2].match /(cpu at |processor: |#{cpu} processor,)/i
|
94
|
+
# change implementation to impl and prepend comma
|
95
|
+
cpuxtra = cfg.lines[i+2].gsub(/implementation/,'impl').gsub(/^/,', ').chomp;
|
96
|
+
end
|
97
|
+
comments << "CPU:#{slave} #{cpu}#{cpuxtra}#{slaveslot}";
|
98
|
+
end
|
99
|
+
|
100
|
+
if line.match /^System image file is "([^\"]*)"$/
|
101
|
+
comments << "Image: #{$1}"
|
102
|
+
end
|
103
|
+
end
|
104
|
+
comments << "\n"
|
105
|
+
comment comments.join "\n"
|
106
|
+
end
|
107
|
+
|
108
|
+
cmd 'show vtp status' do |cfg|
|
109
|
+
cfg.gsub! /^$\n/, ''
|
110
|
+
cfg.gsub! /^/, 'VTP: ' if (!cfg.empty?)
|
111
|
+
comment "#{cfg}\n"
|
37
112
|
end
|
38
113
|
|
39
114
|
cmd 'show inventory' do |cfg|
|
@@ -56,8 +131,6 @@ class IOS < Oxidized::Model
|
|
56
131
|
end
|
57
132
|
|
58
133
|
cfg :telnet, :ssh do
|
59
|
-
post_login 'terminal length 0'
|
60
|
-
post_login 'terminal width 0'
|
61
134
|
# preferred way to handle additional passwords
|
62
135
|
if vars :enable
|
63
136
|
post_login do
|
@@ -65,6 +138,8 @@ class IOS < Oxidized::Model
|
|
65
138
|
cmd vars(:enable)
|
66
139
|
end
|
67
140
|
end
|
141
|
+
post_login 'terminal length 0'
|
142
|
+
post_login 'terminal width 0'
|
68
143
|
pre_logout 'exit'
|
69
144
|
end
|
70
145
|
|