oxidized 0.20.0 → 0.28.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.codeclimate.yml +4 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +12 -0
- data/.github/no-response.yml +13 -0
- data/.github/workflows/publishdocker.yml +13 -0
- data/.gitignore +4 -0
- data/.rubocop.yml +73 -0
- data/.rubocop_todo.yml +120 -0
- data/.travis.yml +6 -1
- data/CHANGELOG.md +693 -243
- data/Dockerfile +27 -19
- data/LICENSE +201 -0
- data/README.md +234 -913
- data/Rakefile +48 -7
- data/TODO.md +29 -23
- data/bin/console +1 -1
- data/bin/oxidized +6 -5
- data/docs/Configuration.md +313 -0
- data/docs/Creating-Models.md +140 -0
- data/docs/Hooks.md +274 -0
- data/docs/Model-Notes/AireOS.md +11 -0
- data/docs/Model-Notes/ArbOS.md +11 -0
- data/docs/Model-Notes/Comware.md +13 -0
- data/docs/Model-Notes/Cumulus.md +40 -0
- data/docs/Model-Notes/EOS.md +12 -0
- data/docs/Model-Notes/IOS.md +29 -0
- data/docs/Model-Notes/JunOS.md +33 -0
- data/docs/Model-Notes/LinuxGeneric.md +24 -0
- data/docs/Model-Notes/Netgear.md +87 -0
- data/docs/Model-Notes/Nokia.md +9 -0
- data/docs/Model-Notes/README.md +24 -0
- data/docs/Model-Notes/SmartAX-Huawei.md +35 -0
- data/docs/Model-Notes/VRP-Huawei.md +34 -0
- data/docs/Model-Notes/Viptela.md +12 -0
- data/docs/Model-Notes/XGS4600-Zyxel.md +36 -0
- data/docs/Outputs.md +190 -0
- data/docs/Ruby-API.md +199 -0
- data/docs/Sources.md +171 -0
- data/docs/Supported-OS-Types.md +227 -0
- data/docs/Troubleshooting.md +66 -0
- data/extra/nagios_check_failing_nodes.rb +9 -2
- data/extra/oxidized-report-git-commits +21 -40
- data/extra/oxidized-ubuntu.haproxy +45 -0
- data/extra/oxidized.logrotate +7 -0
- data/extra/oxidized.service +13 -0
- data/extra/rest_client.rb +7 -10
- data/extra/syslog.rb +47 -42
- data/lib/oxidized/cli.rb +41 -31
- data/lib/oxidized/config/vars.rb +9 -14
- data/lib/oxidized/config.rb +20 -13
- data/lib/oxidized/core.rb +8 -10
- data/lib/oxidized/hook/awssns.rb +6 -7
- data/lib/oxidized/hook/ciscosparkdiff.rb +43 -0
- data/lib/oxidized/hook/exec.rb +19 -24
- data/lib/oxidized/hook/githubrepo.rb +17 -17
- data/lib/oxidized/hook/noophook.rb +1 -1
- data/lib/oxidized/hook/slackdiff.rb +32 -19
- data/lib/oxidized/hook/xmppdiff.rb +59 -0
- data/lib/oxidized/hook.rb +63 -64
- data/lib/oxidized/input/cli.rb +22 -12
- data/lib/oxidized/input/exec.rb +28 -0
- data/lib/oxidized/input/ftp.rb +16 -15
- data/lib/oxidized/input/http.rb +72 -0
- data/lib/oxidized/input/input.rb +6 -6
- data/lib/oxidized/input/ssh.rb +64 -56
- data/lib/oxidized/input/telnet.rb +59 -102
- data/lib/oxidized/input/tftp.rb +9 -10
- data/lib/oxidized/jobs.rb +9 -10
- data/lib/oxidized/manager.rb +42 -44
- data/lib/oxidized/model/acos.rb +19 -20
- data/lib/oxidized/model/acsw.rb +62 -0
- data/lib/oxidized/model/adtran.rb +26 -0
- data/lib/oxidized/model/aen.rb +19 -0
- data/lib/oxidized/model/aireos.rb +9 -10
- data/lib/oxidized/model/airfiber.rb +22 -0
- data/lib/oxidized/model/alteonos.rb +58 -0
- data/lib/oxidized/model/alvarion.rb +0 -4
- data/lib/oxidized/model/aos.rb +11 -5
- data/lib/oxidized/model/aos7.rb +6 -7
- data/lib/oxidized/model/aosw.rb +30 -27
- data/lib/oxidized/model/apc_aos.rb +2 -5
- data/lib/oxidized/model/arbos.rb +26 -0
- data/lib/oxidized/model/aricentiss.rb +49 -0
- data/lib/oxidized/model/asa.rb +61 -22
- data/lib/oxidized/model/asyncos.rb +46 -0
- data/lib/oxidized/model/audiocodes.rb +28 -0
- data/lib/oxidized/model/audiocodesmp.rb +28 -0
- data/lib/oxidized/model/awplus.rb +84 -0
- data/lib/oxidized/model/axos.rb +16 -0
- data/lib/oxidized/model/boss.rb +77 -0
- data/lib/oxidized/model/br6910.rb +42 -45
- data/lib/oxidized/model/c4cmts.rb +6 -10
- data/lib/oxidized/model/cambium.rb +23 -0
- data/lib/oxidized/model/casa.rb +1 -1
- data/lib/oxidized/model/catos.rb +1 -3
- data/lib/oxidized/model/cisconga.rb +1 -3
- data/lib/oxidized/model/ciscosma.rb +42 -0
- data/lib/oxidized/model/ciscosmb.rb +30 -10
- data/lib/oxidized/model/ciscovpn3k.rb +11 -0
- data/lib/oxidized/model/cnos.rb +33 -0
- data/lib/oxidized/model/comnetms.rb +43 -0
- data/lib/oxidized/model/comtrol.rb +41 -0
- data/lib/oxidized/model/comware.rb +28 -16
- data/lib/oxidized/model/coriant8600.rb +3 -5
- data/lib/oxidized/model/coriantgroove.rb +26 -0
- data/lib/oxidized/model/corianttmos.rb +1 -3
- data/lib/oxidized/model/cumulus.rb +60 -49
- data/lib/oxidized/model/datacom.rb +1 -4
- data/lib/oxidized/model/dcnos.rb +46 -0
- data/lib/oxidized/model/dellx.rb +76 -0
- data/lib/oxidized/model/dlink.rb +5 -4
- data/lib/oxidized/model/dnos.rb +11 -5
- data/lib/oxidized/model/eciapollo.rb +34 -0
- data/lib/oxidized/model/edgecos.rb +49 -0
- data/lib/oxidized/model/edgeos.rb +12 -5
- data/lib/oxidized/model/edgeswitch.rb +2 -4
- data/lib/oxidized/model/enterasys.rb +28 -0
- data/lib/oxidized/model/eos.rb +8 -8
- data/lib/oxidized/model/fabricos.rb +4 -6
- data/lib/oxidized/model/fastiron.rb +66 -0
- data/lib/oxidized/model/fiberdriver.rb +2 -2
- data/lib/oxidized/model/firebrick.rb +31 -0
- data/lib/oxidized/model/firelinuxos.rb +41 -0
- data/lib/oxidized/model/firewareos.rb +3 -6
- data/lib/oxidized/model/fortios.rb +31 -19
- data/lib/oxidized/model/ftos.rb +8 -5
- data/lib/oxidized/model/fujitsupy.rb +5 -7
- data/lib/oxidized/model/gaiaos.rb +7 -11
- data/lib/oxidized/model/gcombnps.rb +84 -0
- data/lib/oxidized/model/grandstream.rb +9 -0
- data/lib/oxidized/model/hatteras.rb +9 -6
- data/lib/oxidized/model/hirschmann.rb +39 -0
- data/lib/oxidized/model/hpebladesystem.rb +20 -18
- data/lib/oxidized/model/hpemsa.rb +10 -0
- data/lib/oxidized/model/hpmsm.rb +84 -0
- data/lib/oxidized/model/ibos.rb +55 -0
- data/lib/oxidized/model/icotera.rb +27 -0
- data/lib/oxidized/model/ios.rb +63 -70
- data/lib/oxidized/model/iosxe.rb +5 -0
- data/lib/oxidized/model/iosxr.rb +2 -3
- data/lib/oxidized/model/ipos.rb +10 -6
- data/lib/oxidized/model/ironware.rb +20 -19
- data/lib/oxidized/model/isam.rb +5 -6
- data/lib/oxidized/model/junos.rb +9 -11
- data/lib/oxidized/model/linuxgeneric.rb +74 -0
- data/lib/oxidized/model/masteros.rb +3 -6
- data/lib/oxidized/model/mlnxos.rb +9 -10
- data/lib/oxidized/model/model.rb +72 -46
- data/lib/oxidized/model/mtrlrfs.rb +1 -4
- data/lib/oxidized/model/ndms.rb +23 -0
- data/lib/oxidized/model/netgear.rb +35 -15
- data/lib/oxidized/model/netonix.rb +2 -2
- data/lib/oxidized/model/netscaler.rb +6 -3
- data/lib/oxidized/model/nos.rb +5 -7
- data/lib/oxidized/model/nsxconfig.rb +22 -0
- data/lib/oxidized/model/nsxfirewall.rb +22 -0
- data/lib/oxidized/model/nxos.rb +13 -3
- data/lib/oxidized/model/oneos.rb +15 -9
- data/lib/oxidized/model/openbsd.rb +63 -0
- data/lib/oxidized/model/opengear.rb +3 -5
- data/lib/oxidized/model/openwrt.rb +78 -0
- data/lib/oxidized/model/opnsense.rb +19 -0
- data/lib/oxidized/model/os10.rb +46 -0
- data/lib/oxidized/model/outputs.rb +5 -7
- data/lib/oxidized/model/panos.rb +11 -12
- data/lib/oxidized/model/pfsense.rb +11 -6
- data/lib/oxidized/model/planet.rb +14 -17
- data/lib/oxidized/model/powerconnect.rb +24 -19
- data/lib/oxidized/model/procurve.rb +43 -11
- data/lib/oxidized/model/purityos.rb +12 -0
- data/lib/oxidized/model/qtech.rb +41 -0
- data/lib/oxidized/model/quantaos.rb +4 -6
- data/lib/oxidized/model/raisecom.rb +19 -0
- data/lib/oxidized/model/routeros.rb +26 -8
- data/lib/oxidized/model/saos.rb +1 -2
- data/lib/oxidized/model/screenos.rb +8 -11
- data/lib/oxidized/model/sgos.rb +45 -0
- data/lib/oxidized/model/siklu.rb +1 -3
- data/lib/oxidized/model/slxos.rb +59 -0
- data/lib/oxidized/model/smartax.rb +25 -0
- data/lib/oxidized/model/sonicos.rb +51 -0
- data/lib/oxidized/model/speedtouch.rb +34 -0
- data/lib/oxidized/model/sros.rb +96 -0
- data/lib/oxidized/model/stoneos.rb +32 -0
- data/lib/oxidized/model/supermicro.rb +6 -41
- data/lib/oxidized/model/tdre.rb +30 -0
- data/lib/oxidized/model/telco.rb +24 -0
- data/lib/oxidized/model/timos.rb +6 -114
- data/lib/oxidized/model/tmos.rb +6 -3
- data/lib/oxidized/model/tplink.rb +11 -11
- data/lib/oxidized/model/trango.rb +21 -42
- data/lib/oxidized/model/ucs.rb +30 -0
- data/lib/oxidized/model/viptela.rb +29 -0
- data/lib/oxidized/model/voltaire.rb +9 -12
- data/lib/oxidized/model/voss.rb +17 -6
- data/lib/oxidized/model/vrp.rb +11 -6
- data/lib/oxidized/model/vyatta.rb +8 -6
- data/lib/oxidized/model/weos.rb +20 -0
- data/lib/oxidized/model/xos.rb +20 -8
- data/lib/oxidized/model/zhoneolt.rb +2 -2
- data/lib/oxidized/model/zynos.rb +1 -3
- data/lib/oxidized/model/zynoscli.rb +36 -0
- data/lib/oxidized/model/zynosgs.rb +38 -0
- data/lib/oxidized/node/stats.rb +33 -8
- data/lib/oxidized/node.rb +86 -95
- data/lib/oxidized/nodes.rb +48 -44
- data/lib/oxidized/output/file.rb +32 -37
- data/lib/oxidized/output/git.rb +138 -153
- data/lib/oxidized/output/gitcrypt.rb +228 -242
- data/lib/oxidized/output/http.rb +35 -34
- data/lib/oxidized/output/output.rb +2 -3
- data/lib/oxidized/source/csv.rb +50 -44
- data/lib/oxidized/source/http.rb +58 -58
- data/lib/oxidized/source/source.rb +9 -10
- data/lib/oxidized/source/sql.rb +47 -45
- data/lib/oxidized/string.rb +18 -14
- data/lib/oxidized/version.rb +17 -1
- data/lib/oxidized/worker.rb +72 -33
- data/oxidized.gemspec +20 -19
- metadata +180 -36
- data/.ruby-version +0 -1
- data/Gemfile.lock +0 -44
data/docs/Hooks.md
ADDED
@@ -0,0 +1,274 @@
|
|
1
|
+
# Hooks
|
2
|
+
|
3
|
+
You can define an arbitrary number of hooks that subscribe to different events. The hook system is modular and different kind of hook types can be enabled.
|
4
|
+
|
5
|
+
## Configuration
|
6
|
+
|
7
|
+
Following configuration keys need to be defined for all hooks:
|
8
|
+
|
9
|
+
* `events`: which events to subscribe. Needs to be an array. See below for the list of available events.
|
10
|
+
* `type`: what hook class to use. See below for the list of available hook types.
|
11
|
+
|
12
|
+
## Events
|
13
|
+
|
14
|
+
* `node_success`: triggered when configuration is successfully pulled from a node and right before storing the configuration.
|
15
|
+
* `node_fail`: triggered after `retries` amount of failed node pulls.
|
16
|
+
* `post_store`: triggered after node configuration is stored (this is executed only when the configuration has changed).
|
17
|
+
* `nodes_done`: triggered after finished fetching all nodes.
|
18
|
+
|
19
|
+
## Hook type: exec
|
20
|
+
|
21
|
+
The `exec` hook type allows users to run an arbitrary shell command or a binary when triggered.
|
22
|
+
|
23
|
+
The command is executed on a separate child process either in synchronous or asynchronous fashion. Non-zero exit values cause errors to be logged. STDOUT and STDERR are currently not collected.
|
24
|
+
|
25
|
+
Command is executed with the following environment:
|
26
|
+
|
27
|
+
```text
|
28
|
+
OX_EVENT
|
29
|
+
OX_NODE_NAME
|
30
|
+
OX_NODE_IP
|
31
|
+
OX_NODE_FROM
|
32
|
+
OX_NODE_MSG
|
33
|
+
OX_NODE_GROUP
|
34
|
+
OX_NODE_MODEL
|
35
|
+
OX_JOB_STATUS
|
36
|
+
OX_JOB_TIME
|
37
|
+
OX_REPO_COMMITREF
|
38
|
+
OX_REPO_NAME
|
39
|
+
```
|
40
|
+
|
41
|
+
Exec hook recognizes the following configuration keys:
|
42
|
+
|
43
|
+
* `timeout`: hard timeout (in seconds) for the command execution. SIGTERM will be sent to the child process after the timeout has elapsed. Default: `60`
|
44
|
+
* `async`: Execute the command in an asynchronous fashion. The main thread by default will wait for the hook command execution to complete. Set this to `true` for long running commands so node configuration pulls are not blocked. Default: `false`
|
45
|
+
* `cmd`: command to run.
|
46
|
+
|
47
|
+
### exec hook configuration example
|
48
|
+
|
49
|
+
```yaml
|
50
|
+
hooks:
|
51
|
+
name_for_example_hook1:
|
52
|
+
type: exec
|
53
|
+
events: [node_success]
|
54
|
+
cmd: 'echo "Node success $OX_NODE_NAME" >> /tmp/ox_node_success.log'
|
55
|
+
name_for_example_hook2:
|
56
|
+
type: exec
|
57
|
+
events: [post_store, node_fail]
|
58
|
+
cmd: 'echo "Doing long running stuff for $OX_NODE_NAME" >> /tmp/ox_node_stuff.log; sleep 60'
|
59
|
+
async: true
|
60
|
+
timeout: 120
|
61
|
+
```
|
62
|
+
|
63
|
+
## Hook type: githubrepo
|
64
|
+
|
65
|
+
The `githubrepo` hook executes a `git push` to a configured `remote_repo` when the specified event is triggered.
|
66
|
+
|
67
|
+
Several authentication methods are supported:
|
68
|
+
|
69
|
+
* Provide a `password` for username + password authentication
|
70
|
+
* Provide both a `publickey` and a `privatekey` for ssh key-based authentication
|
71
|
+
* Don't provide any credentials for ssh-agent authentication
|
72
|
+
|
73
|
+
The username will be set to the relevant part of the `remote_repo` URI, with a fallback to `git`. It is also possible to provide one by setting the `username` configuration key.
|
74
|
+
|
75
|
+
For ssh key-based authentication, it is possible to set the environment variable `OXIDIZED_SSH_PASSPHRASE` to a passphrase if the private key requires it.
|
76
|
+
|
77
|
+
`githubrepo` hook recognizes the following configuration keys:
|
78
|
+
|
79
|
+
* `remote_repo`: the remote repository to be pushed to.
|
80
|
+
* `username`: username for repository auth.
|
81
|
+
* `password`: password for repository auth.
|
82
|
+
* `publickey`: public key file path for repository auth.
|
83
|
+
* `privatekey`: private key file path for repository auth.
|
84
|
+
|
85
|
+
When using groups, each group must have a unique entry in the `remote_repo` config.
|
86
|
+
|
87
|
+
```yaml
|
88
|
+
hooks:
|
89
|
+
push_to_remote:
|
90
|
+
remote_repo:
|
91
|
+
routers: git@git.intranet:oxidized/routers.git
|
92
|
+
switches: git@git.intranet:oxidized/switches.git
|
93
|
+
firewalls: git@git.intranet:oxidized/firewalls.git
|
94
|
+
```
|
95
|
+
|
96
|
+
### githubrepo hook configuration example
|
97
|
+
|
98
|
+
Authenticate with a username and a password without groups in use:
|
99
|
+
|
100
|
+
```yaml
|
101
|
+
hooks:
|
102
|
+
push_to_remote:
|
103
|
+
type: githubrepo
|
104
|
+
events: [post_store]
|
105
|
+
remote_repo: git@git.intranet:oxidized/test.git
|
106
|
+
username: user
|
107
|
+
password: pass
|
108
|
+
```
|
109
|
+
|
110
|
+
Authenticate with the username `git` and an ssh key:
|
111
|
+
|
112
|
+
```yaml
|
113
|
+
hooks:
|
114
|
+
push_to_remote:
|
115
|
+
type: githubrepo
|
116
|
+
events: [post_store]
|
117
|
+
remote_repo: git@git.intranet:oxidized/test.git
|
118
|
+
publickey: /root/.ssh/id_rsa.pub
|
119
|
+
privatekey: /root/.ssh/id_rsa
|
120
|
+
```
|
121
|
+
|
122
|
+
## Hook type: awssns
|
123
|
+
|
124
|
+
The `awssns` hook publishes messages to AWS SNS topics. This allows you to notify other systems of device configuration changes, for example a config orchestration pipeline. Multiple services can subscribe to the same AWS topic.
|
125
|
+
|
126
|
+
Fields sent in the message:
|
127
|
+
|
128
|
+
* `event`: Event type (e.g. `node_success`)
|
129
|
+
* `group`: Group name
|
130
|
+
* `model`: Model name (e.g. `eos`)
|
131
|
+
* `node`: Device hostname
|
132
|
+
|
133
|
+
The AWS SNS hook requires the following configuration keys:
|
134
|
+
|
135
|
+
* `region`: AWS Region name
|
136
|
+
* `topic_arn`: ASN Topic reference
|
137
|
+
|
138
|
+
### awssns hook configuration example
|
139
|
+
|
140
|
+
```yaml
|
141
|
+
hooks:
|
142
|
+
hook_script:
|
143
|
+
type: awssns
|
144
|
+
events: [node_fail,node_success,post_store]
|
145
|
+
region: us-east-1
|
146
|
+
topic_arn: arn:aws:sns:us-east-1:1234567:oxidized-test-backup_events
|
147
|
+
```
|
148
|
+
|
149
|
+
Your AWS credentials should be stored in `~/.aws/credentials`.
|
150
|
+
|
151
|
+
## Hook type: slackdiff
|
152
|
+
|
153
|
+
The `slackdiff` hook posts colorized config diffs to a [Slack](http://www.slack.com) channel of your choice. It only triggers for `post_store` events.
|
154
|
+
|
155
|
+
You will need to manually install the `slack-api` gem on your system:
|
156
|
+
|
157
|
+
```shell
|
158
|
+
gem install slack-api
|
159
|
+
```
|
160
|
+
|
161
|
+
### slackdiff hook configuration example
|
162
|
+
|
163
|
+
```yaml
|
164
|
+
hooks:
|
165
|
+
slack:
|
166
|
+
type: slackdiff
|
167
|
+
events: [post_store]
|
168
|
+
token: SLACK_BOT_TOKEN
|
169
|
+
channel: "#network-changes"
|
170
|
+
```
|
171
|
+
|
172
|
+
The token parameter is a "legacy token" and is generated [Here](https://api.slack.com/custom-integrations/legacy-tokens).
|
173
|
+
|
174
|
+
Optionally you can disable snippets and post a formatted message, for instance linking to a commit in a git repo. Named parameters `%{node}`, `%{group}`, `%{model}` and `%{commitref}` are available.
|
175
|
+
|
176
|
+
```yaml
|
177
|
+
hooks:
|
178
|
+
slack:
|
179
|
+
type: slackdiff
|
180
|
+
events: [post_store]
|
181
|
+
token: SLACK_BOT_TOKEN
|
182
|
+
channel: "#network-changes"
|
183
|
+
diff: false
|
184
|
+
message: "%{node} %{group} %{model} updated https://git.intranet/network-changes/commit/%{commitref}"
|
185
|
+
```
|
186
|
+
|
187
|
+
Note the channel name must be in quotes.
|
188
|
+
|
189
|
+
A proxy can optionally be specified if needed to reach the Slack API endpoint.
|
190
|
+
|
191
|
+
```yaml
|
192
|
+
hooks:
|
193
|
+
slack:
|
194
|
+
type: slackdiff
|
195
|
+
events: [post_store]
|
196
|
+
token: SLACK_BOT_TOKEN
|
197
|
+
channel: "#network-changes"
|
198
|
+
proxy: http://myproxy:8080
|
199
|
+
```
|
200
|
+
|
201
|
+
## Hook type: ciscosparkdiff
|
202
|
+
|
203
|
+
The `ciscosparkdiff` hook posts config diffs to a [Cisco Spark](https://www.ciscospark.com/) space of your choice. It only triggers for `post_store` events.
|
204
|
+
|
205
|
+
You will need to manually install the `cisco_spark` gem on your system (see [cisco_spark-ruby](https://github.com/NGMarmaduke/cisco_spark-ruby)) and generate either a [Bot or OAUTH access key](https://developer.ciscospark.com/apps.html), and retrieve the [Spark Space ID](https://developer.ciscospark.com/endpoint-rooms-get.html)
|
206
|
+
|
207
|
+
```shell
|
208
|
+
gem install cisco_spark
|
209
|
+
```
|
210
|
+
|
211
|
+
### ciscosparkdiff hook configuration example
|
212
|
+
|
213
|
+
```yaml
|
214
|
+
hooks:
|
215
|
+
ciscospark:
|
216
|
+
type: ciscosparkdiff
|
217
|
+
events: [post_store]
|
218
|
+
accesskey: SPARK_BOT_API_OR_OAUTH_KEY
|
219
|
+
space: SPARK_SPACE_ID
|
220
|
+
diff: true
|
221
|
+
```
|
222
|
+
|
223
|
+
Optionally you can disable snippets and post a formatted message, for instance linking to a commit in a git repo. Named parameters `%{node}`, `%{group}`, `%{model}` and `%{commitref}` are available.
|
224
|
+
|
225
|
+
```yaml
|
226
|
+
hooks:
|
227
|
+
ciscospark:
|
228
|
+
type: ciscosparkdiff
|
229
|
+
events: [post_store]
|
230
|
+
accesskey: SPARK_BOT_API_OR_OAUTH_KEY
|
231
|
+
space: SPARK_SPACE_ID
|
232
|
+
diff: false
|
233
|
+
message: "%{node} %{group} %{model} updated https://git.intranet/network-changes/commit/%{commitref}"
|
234
|
+
```
|
235
|
+
|
236
|
+
Note the space and access tokens must be in quotes.
|
237
|
+
|
238
|
+
A proxy can optionally be specified if needed to reach the Spark API endpoint.
|
239
|
+
|
240
|
+
```yaml
|
241
|
+
hooks:
|
242
|
+
ciscospark:
|
243
|
+
type: ciscosparkdiff
|
244
|
+
events: [post_store]
|
245
|
+
accesskey: SPARK_BOT_API_OR_OAUTH_KEY
|
246
|
+
space: SPARK_SPACE_ID
|
247
|
+
diff: true
|
248
|
+
proxy: http://myproxy:8080
|
249
|
+
```
|
250
|
+
|
251
|
+
## Hook type: xmppdiff
|
252
|
+
|
253
|
+
The `xmppdiff` hook posts config diffs to a [XMPP](https://en.wikipedia.org/wiki/XMPP) chatroom of your choice. It only triggers for `post_store` events.
|
254
|
+
|
255
|
+
You will need to manually install the `xmpp4r` gem on your system:
|
256
|
+
|
257
|
+
```shell
|
258
|
+
gem install xmpp4r
|
259
|
+
```
|
260
|
+
|
261
|
+
### xmppdiff hook configuration example
|
262
|
+
|
263
|
+
```yaml
|
264
|
+
hooks:
|
265
|
+
xmpp:
|
266
|
+
type: xmppdiff
|
267
|
+
events: [post_store]
|
268
|
+
jid: "user@server.tld/resource"
|
269
|
+
password: "password"
|
270
|
+
channel: "room@server.tld"
|
271
|
+
nick: "nickname"
|
272
|
+
```
|
273
|
+
|
274
|
+
Note the channel name must be in quotes.
|
@@ -0,0 +1,13 @@
|
|
1
|
+
# Comware Configuration
|
2
|
+
|
3
|
+
If you find 3Com Comware devices aren't being backed up this may be due to prompt detection not matching because a previous login message is disabled after the first prompt.
|
4
|
+
|
5
|
+
You can disable this on the devices themselves by running this command:
|
6
|
+
|
7
|
+
```text
|
8
|
+
info-center source default channel 1 log state off debug state off
|
9
|
+
```
|
10
|
+
|
11
|
+
[Reference](https://github.com/ytti/oxidized/issues/1171)
|
12
|
+
|
13
|
+
Back to [Model-Notes](README.md)
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# Cumulus Linux
|
2
|
+
|
3
|
+
## Routing Daemon
|
4
|
+
|
5
|
+
With the release of Cumulus Linux 3.4.0 the platform moved the routing daemon to a fork of `Quagga` named `FRRouting`. See the below link for the release notes.
|
6
|
+
|
7
|
+
[https://support.cumulusnetworks.com/hc/en-us/articles/115011217808-Cumulus-Linux-3-4-0-Release-Notes](https://support.cumulusnetworks.com/hc/en-us/articles/115011217808-Cumulus-Linux-3-4-0-Release-Notes)
|
8
|
+
|
9
|
+
A variable has been added to enable users running Cumulus Linux > 3.4.0 to target the new `frr` routing daemon.
|
10
|
+
|
11
|
+
### Example usage
|
12
|
+
|
13
|
+
```yaml
|
14
|
+
vars:
|
15
|
+
cumulus_routing_daemon: frr
|
16
|
+
```
|
17
|
+
|
18
|
+
Alternatively map a column for the `cumulus_routing_daemon` variable.
|
19
|
+
|
20
|
+
```yaml
|
21
|
+
source:
|
22
|
+
csv:
|
23
|
+
map:
|
24
|
+
name: 0
|
25
|
+
ip: 1
|
26
|
+
model: 2
|
27
|
+
group: 3
|
28
|
+
vars_map:
|
29
|
+
cumulus_routing_daemon: 4
|
30
|
+
```
|
31
|
+
|
32
|
+
And set the `cumulus_routing_daemon` variable in the `router.db` file.
|
33
|
+
|
34
|
+
```text
|
35
|
+
cumulus1:192.168.121.134:cumulus:cumulus:frr
|
36
|
+
```
|
37
|
+
|
38
|
+
The default variable is `quagga` so existing installations continue to operate without interruption.
|
39
|
+
|
40
|
+
Back to [Model-Notes](README.md)
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# Arista EOS Configuration
|
2
|
+
|
3
|
+
By default, EOS requires the `keyboard-interactive` SSH authentication method for a successful SSH login. To add support for this method to your Oxidized configuration, see the [SSH Auth Methods](../Configuration.md#ssh-auth-methods) directive.
|
4
|
+
|
5
|
+
It is also possible to modify the EOS configuration to accept the `password` method which Oxidized presents by default. To do so, the following configuration statement can be used:
|
6
|
+
|
7
|
+
```text
|
8
|
+
management ssh
|
9
|
+
authentication mode password
|
10
|
+
```
|
11
|
+
|
12
|
+
Back to [Model-Notes](README.md)
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# Cisco IOS Switches
|
2
|
+
|
3
|
+
## Include unsaved changes done on a device (commented) with each configuration
|
4
|
+
|
5
|
+
Create the file `~/.config/oxidized/model/ios.rb` with the following contents to extend the IOS model:
|
6
|
+
|
7
|
+
```ruby
|
8
|
+
require 'oxidized/model/ios.rb'
|
9
|
+
|
10
|
+
class IOS
|
11
|
+
|
12
|
+
cmd 'show archive config diff' do |cfg|
|
13
|
+
# Print diff unless ntp period change or ssl-cert read from file
|
14
|
+
cfg.gsub! /^\n/, '' # Remove empty line
|
15
|
+
cfg.gsub! /^!\n/, '' # Remove line with only !
|
16
|
+
cfg.gsub! /.*ntp clock-period \d+\n/, '' # Remove line with only "ntp clock-period blabla"
|
17
|
+
cfg.gsub! /\n/, "\\n" # Escape newline
|
18
|
+
cfg.gsub! /crypto pki certificate chain.*certificate .*\.cer\\n/, '' # Remove ssl-cert in start config, as it is read from file, this always differ in running if used.
|
19
|
+
cfg.gsub! /crypto pki certificate chain.*-\s*quit\\n/, '' # Remove ssl-cert from running
|
20
|
+
cfg.gsub! /\\n/, "\n" # Set newline back
|
21
|
+
unless cfg == "!Contextual Config Diffs:\n" # Do not print if only something above was changed
|
22
|
+
comment cfg
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
```
|
28
|
+
|
29
|
+
Back to [Model-Notes](README.md)
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# JunOS Configuration
|
2
|
+
|
3
|
+
Create login class cfg-view
|
4
|
+
|
5
|
+
```text
|
6
|
+
set system login class cfg-view permissions view-configuration
|
7
|
+
set system login class cfg-view allow-commands "(show)|(set cli screen-length)|(set cli screen-width)"
|
8
|
+
set system login class cfg-view deny-commands "(clear)|(file)|(file show)|(help)|(load)|(monitor)|(op)|(request)|(save)|(set)|(start)|(test)"
|
9
|
+
set system login class cfg-view deny-configuration all
|
10
|
+
```
|
11
|
+
|
12
|
+
Create a user with cfg-view class
|
13
|
+
|
14
|
+
```text
|
15
|
+
set system login user oxidized class cfg-view
|
16
|
+
set system login user oxidized authentication plain-text-password "verysecret"
|
17
|
+
```
|
18
|
+
|
19
|
+
The commands Oxidized executes are:
|
20
|
+
|
21
|
+
1. set cli screen-length 0
|
22
|
+
2. set cli screen-width 0
|
23
|
+
3. show version
|
24
|
+
4. show chassis hardware
|
25
|
+
5. show system license
|
26
|
+
6. show system license keys (ex22|ex33|ex4|ex8|qfx only)
|
27
|
+
7. show virtual-chassis (MX960 only)
|
28
|
+
8. show chassis fabric reachability
|
29
|
+
9. show configuration
|
30
|
+
|
31
|
+
Oxidized can now retrieve your configuration!
|
32
|
+
|
33
|
+
Back to [Model-Notes](README.md)
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# LinuxGeneric model notes
|
2
|
+
|
3
|
+
To expand the usage of this model for more specific needs you can create a file in `~/.config/oxidized/model/linuxgeneric.rb`
|
4
|
+
|
5
|
+
```ruby
|
6
|
+
require 'oxidized/model/linuxgeneric.rb'
|
7
|
+
|
8
|
+
class LinuxGeneric
|
9
|
+
|
10
|
+
cmd :secret, clear: true do |cfg|
|
11
|
+
cfg.gsub! /^(default (\S+).* (expires) ).*/, '\\1 <redacted>'
|
12
|
+
cfg
|
13
|
+
end
|
14
|
+
|
15
|
+
post do
|
16
|
+
cfg = add_comment 'THE MONKEY PATCH'
|
17
|
+
cfg += cmd 'firewall-cmd --list-all --zone=public'
|
18
|
+
end
|
19
|
+
end
|
20
|
+
```
|
21
|
+
|
22
|
+
See [Extending-Model](https://github.com/ytti/oxidized/blob/master/docs/Creating-Models.md#creating-and-extending-models)
|
23
|
+
|
24
|
+
Back to [Model-Notes](README.md)
|
@@ -0,0 +1,87 @@
|
|
1
|
+
# Netgear Configuration
|
2
|
+
|
3
|
+
There are several models available with CLI management via telnet (port 60000). To enable telnet configure device with web interface and set 'Maintenance > Troubleshooting > Remote Diagnostics' to 'enable'. All devices behave like one of the following:
|
4
|
+
|
5
|
+
## Older models
|
6
|
+
|
7
|
+
```text
|
8
|
+
Connected to 192.168.3.201.
|
9
|
+
|
10
|
+
(GS748Tv4)
|
11
|
+
Applying Interface configuration, please wait ...admin
|
12
|
+
Password:********
|
13
|
+
(GS748Tv4) >enable
|
14
|
+
Password:
|
15
|
+
|
16
|
+
(GS748Tv4) #terminal length 0
|
17
|
+
|
18
|
+
(GS748Tv4) #show running-config
|
19
|
+
```
|
20
|
+
|
21
|
+
## Newer models
|
22
|
+
|
23
|
+
```text
|
24
|
+
Connected to 172.0.3.203.
|
25
|
+
|
26
|
+
User:admin
|
27
|
+
Password:********
|
28
|
+
(GS724Tv4) >enable
|
29
|
+
|
30
|
+
(GS724Tv4) #terminal length 0
|
31
|
+
|
32
|
+
(GS724Tv4) #show running-config
|
33
|
+
```
|
34
|
+
|
35
|
+
The main differences are:
|
36
|
+
|
37
|
+
* the prompt for username is different (looks quite strange for older models)
|
38
|
+
* enable password
|
39
|
+
* the older model prompts for enable password and it expects empty string
|
40
|
+
* the newer model does not prompt for enable password at all
|
41
|
+
|
42
|
+
Configuration for older/newer models: make sure you have defined variable 'enable':
|
43
|
+
|
44
|
+
* `'true'` for newer models
|
45
|
+
* `''` empty string: for older models
|
46
|
+
|
47
|
+
One possible configuration:
|
48
|
+
|
49
|
+
## oxidized config
|
50
|
+
|
51
|
+
```yaml
|
52
|
+
source:
|
53
|
+
default: csv
|
54
|
+
csv:
|
55
|
+
file: "/home/oxidized/.config/oxidized/router.db"
|
56
|
+
delimiter: !ruby/regexp /:/
|
57
|
+
map:
|
58
|
+
name: 0
|
59
|
+
model: 1
|
60
|
+
username: 2
|
61
|
+
password: 3
|
62
|
+
vars_map:
|
63
|
+
enable: 4
|
64
|
+
telnet_port: 5
|
65
|
+
```
|
66
|
+
|
67
|
+
## router.db
|
68
|
+
|
69
|
+
```text
|
70
|
+
switchOldFW:netgear:admin:adminpw::60000
|
71
|
+
switchNewFW:netgear:admin:adminpw:true:60000
|
72
|
+
```
|
73
|
+
|
74
|
+
Another approach to set parameters:
|
75
|
+
|
76
|
+
## oxidized config
|
77
|
+
|
78
|
+
```yaml
|
79
|
+
netgear:
|
80
|
+
vars:
|
81
|
+
enable: true
|
82
|
+
telnet_port: 60000
|
83
|
+
```
|
84
|
+
|
85
|
+
[Reference](https://github.com/ytti/oxidized/pull/1268)
|
86
|
+
|
87
|
+
Back to [Model-Notes](README.md)
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# Model Notes
|
2
|
+
|
3
|
+
This directory contains implementation notes and caveats to assist you in your oxidized deployment.
|
4
|
+
|
5
|
+
Use the table below for more information on the Vendor/Model caveats.
|
6
|
+
|
7
|
+
Vendor | Model |Updated
|
8
|
+
----------------|-----------------|----------------
|
9
|
+
3COM|[Comware](Comware.md)|15 Feb 2018
|
10
|
+
AireOS|[AireOS](AireOS.md)|29 Nov 2017
|
11
|
+
Arbor Networks|[ArbOS](ArbOS.md)|27 Feb 2018
|
12
|
+
Arista|[EOS](EOS.md)|05 Feb 2018
|
13
|
+
Cumulus|[Cumulus](Cumulus.md)|11 Jun 2018
|
14
|
+
Huawei|[VRP](VRP-Huawei.md)|17 Nov 2017
|
15
|
+
Huawei|[SmartAX series](SmartAX-Huawei.md)|21 Jan 2019
|
16
|
+
Cisco IOS|[IOS](IOS.md)|29 Mar 2019
|
17
|
+
Juniper|[MX/QFX/EX/SRX/J Series](JunOS.md)|18 Jan 2018
|
18
|
+
Netgear|[Netgear](Netgear.md)|11 Apr 2018
|
19
|
+
Nokia|[Nokia ISAM](Nokia.md)|22 Aug 2018
|
20
|
+
Viptela|[Viptela](Viptela.md)|1 Jul 2018
|
21
|
+
Zyxel|[XGS4600 Series](XGS4600-Zyxel.md)|1 Feb 2018
|
22
|
+
Linux|[LinuxGeneric](LinuxGeneric.md)|10 Jun 2019
|
23
|
+
|
24
|
+
If you discover additional caveats or problems please make sure to consult the [GitHub issues for oxidized](https://github.com/ytti/oxidized/issues) known issues.
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# Huawei SmartAX GPON/EPON/DOCSIS network access devices
|
2
|
+
|
3
|
+
It is necessary to disable SSH keepalives in Oxidized for configuration retrieval via SSH to work properly.
|
4
|
+
|
5
|
+
To disable SSH keepalives globally edit the config's vars section and add:
|
6
|
+
|
7
|
+
```yaml
|
8
|
+
vars:
|
9
|
+
ssh_no_keepalive: true
|
10
|
+
```
|
11
|
+
|
12
|
+
To disable SSH keepalives per device edit the config's source section and map ssh_no_keepalive to a column inside router.db file.
|
13
|
+
|
14
|
+
```yaml
|
15
|
+
source:
|
16
|
+
default: csv
|
17
|
+
csv:
|
18
|
+
file: ~/.config/oxidized/router.db
|
19
|
+
delimiter: !ruby/regexp /:/
|
20
|
+
map:
|
21
|
+
name: 0
|
22
|
+
model: 1
|
23
|
+
username: 2
|
24
|
+
password: 3
|
25
|
+
vars_map:
|
26
|
+
ssh_no_keepalive: 4
|
27
|
+
```
|
28
|
+
|
29
|
+
```text
|
30
|
+
# router.db
|
31
|
+
10.0.0.1:smartax:someusername:somepassword:true
|
32
|
+
10.0.0.2:ios:someusername:somepassword:false
|
33
|
+
```
|
34
|
+
|
35
|
+
Back to [Model-Notes](README.md)
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# Huawei VRP Configuration
|
2
|
+
|
3
|
+
Create a user with no privileges
|
4
|
+
|
5
|
+
```text
|
6
|
+
<HUAWEI> system-view
|
7
|
+
[~HUAWEI] aaa
|
8
|
+
[~HUAWEI-aaa] local-user oxidized password irreversible-cipher verysecret
|
9
|
+
[*HUAWEI-aaa] local-user oxidized level 1
|
10
|
+
[*HUAWEI-aaa] local-user oxidized service-type terminal ssh
|
11
|
+
[*HUAWEI-aaa] commit
|
12
|
+
```
|
13
|
+
|
14
|
+
The commands Oxidized executes are:
|
15
|
+
|
16
|
+
1. screen-length 0 temporary
|
17
|
+
2. display version
|
18
|
+
3. display device
|
19
|
+
4. display current-configuration all
|
20
|
+
|
21
|
+
Command 2 and 3 can be executed without issues, but 1 and 4 are only available for higher level users. Instead of making Oxidized a read/write user on your device, lower the privilege-level for commands 1 and 4:
|
22
|
+
|
23
|
+
```text
|
24
|
+
<HUAWEI> system-view
|
25
|
+
[~HUAWEI] command-privilege level 1 view global display current-configuration all
|
26
|
+
[*HUAWEI] command-privilege level 1 view shell screen-length
|
27
|
+
[*HUAWEI] commit
|
28
|
+
```
|
29
|
+
|
30
|
+
Oxidized can now retrieve your configuration!
|
31
|
+
|
32
|
+
Caveat: Some versions of VRP default to appending a timestamp prior to the output of each `display` command, which will lead to superfluous updates. The configuration statement `timestamp disable` can be used to disable this functionality. (Issue #1218)
|
33
|
+
|
34
|
+
Back to [Model-Notes](README.md)
|