oxidized 0.21.0 → 0.22.0

data/docs/Model-Notes/AireOS.md

@@ -0,0 +1,12 @@
+Cisco WLC Configuration
+=======================
+
+Create a user with read-write privilege:
+
+```text
+mgmtuser add oxidized **** read-write
+```
+
+Oxidized needs read-write privilege in order to execute 'config paging disable'.
+
+Back to [Model-Notes](README.md)

data/docs/Model-Notes/ArbOS.md

@@ -0,0 +1,12 @@
+Arbor Networks ArbOS notes
+==========================
+
+If you are running ArbOS version 7 or lower then you may need to update the model to remove `exec true`:
+
+```ruby
+  cfg :ssh do
+    pre_logout 'exit'
+  end
+```
+
+Back to [Model-Notes](README.md)

data/docs/Model-Notes/Comware.md

@@ -0,0 +1,14 @@
+Comware Configuration
+=====================
+
+If you find 3Com Comware devices aren't being backed up this may be due to prompt detection not matching because a previous login message is disabled after the first prompt.
+
+You can disable this on the devices themselves by running this command:
+
+```text
+info-center source default channel 1 log state off debug state off
+```
+
+[Reference](https://github.com/ytti/oxidized/issues/1171)
+
+Back to [Model-Notes](README.md)

data/docs/Model-Notes/EOS.md

@@ -0,0 +1,9 @@
+Arista EOS Configuration
+========================
+
+By default EOS requires keyboard-interactive to be added to your Oxidized config. You can avoid having to do this by configuring the following on the EOS device:
+
+```
+management ssh
+   authentication mode password
+```

data/docs/Model-Notes/JunOS.md

@@ -0,0 +1,34 @@
+JunOS Configuration
+===================
+
+Create login class cfg-view
+
+```text
+set system login class cfg-view permissions view-configuration
+set system login class cfg-view allow-commands "(show)|(set cli screen-length)|(set cli screen-width)"
+set system login class cfg-view deny-commands "(clear)|(file)|(file show)|(help)|(load)|(monitor)|(op)|(request)|(save)|(set)|(start)|(test)"
+set system login class cfg-view deny-configuration all
+```
+
+Create a user with cfg-view class
+
+```text
+set system login user oxidized class cfg-view
+set system login user oxidized authentication plain-text-password "verysecret"
+```
+
+The commands Oxidized executes are:
+
+1. set cli screen-length 0
+2. set cli screen-width 0
+3. show configuration
+4. show version
+5. show chassis hardware
+6. show system license
+7. show system license keys (ex22|ex33|ex4|ex8|qfx only)
+8. show virtual-chassis (MX960 only)
+9. show chassis fabric reachability
+
+Oxidized can now retrieve your configuration!
+
+Back to [Model-Notes](README.md)

data/docs/Model-Notes/Netgear.md

@@ -0,0 +1,68 @@
+Netgear Configuration
+=====================
+
+There are several models available with CLI management via telnet (port 60000), but they all behave like one of the following:
+- older models:
+```
+Connected to 192.168.3.201.
+
+(GS748Tv4)
+Applying Interface configuration, please wait ...admin
+Password:********
+(GS748Tv4) >enable
+Password:
+
+(GS748Tv4) #terminal length 0
+
+(GS748Tv4) #show running-config
+```
+
+- newer models:
+```
+Connected to 172.0.3.203.
+
+User:admin
+Password:********
+(GS724Tv4) >enable
+
+(GS724Tv4) #terminal length 0
+
+(GS724Tv4) #show running-config
+```
+
+The main differences are:
+- the prompt for username is different (looks quite strange for older models)
+- enable password
+  - the older model prompts for enable password and it expects empty string
+  - the newer model does not prompt for enable password at all
+
+Configuration for older/newer models: make sure you have defined variable 'enable':
+- `'true'` for newer models
+- `''` empty string: for older models
+
+One possible configuration:
+- oxidized config
+```yaml
+source:
+  default: csv
+  csv:
+    file: "/home/oxidized/.config/oxidized/router.db"
+    delimiter: !ruby/regexp /:/
+    map:
+      name: 0
+      model: 1
+      username: 2
+      password: 3
+    vars_map:
+      enable: 4
+      telnet_port: 5
+```
+- router.db
+```
+switchOldFW:netgear:admin:adminpw::60000
+switchNewFW:netgear:admin:adminpw:true:60000
+```
+
+[Reference](https://github.com/ytti/oxidized/pull/1268)
+
+Back to [Model-Notes](README.md)

data/docs/Model-Notes/README.md

@@ -0,0 +1,19 @@
+Model Notes
+===========
+
+This directory contains implementation notes and caveats to assist you in your oxidized deployment.
+
+Use the table below for more information on the Vendor/Model caveats.
+
+Vendor          | Model           |Updated
+----------------|-----------------|----------------
+3COM|[Comware](Comware.md)|15 Feb 2018
+AireOS|[AireOS](AireOS.md)|29 Nov 2017
+Arbor Networks|[ArbOS](ArbOS.md)|27 Feb 2018
+Arista|[EOS](EOS.md)|05 Feb 2018
+Huawei|[VRP](VRP-Huawei.md)|17 Nov 2017
+Juniper|[MX/QFX/EX/SRX/J Series](JunOS.md)|18 Jan 2018
+Netgear|[Netgear](Netgear.md)|11 Apr 2018
+Zyxel|[XGS4600 Series](XGS4600-Zyxel.md)|1 Feb 2018
+
+If you discover additional caveats or problems please make sure to consult the [GitHub issues for oxidized](https://github.com/ytti/oxidized/issues) known issues.

data/docs/{VRP-Huawei.md → Model-Notes/VRP-Huawei.md}

@@ -3,12 +3,14 @@ Huawei VRP Configuration
 
 Create a user with no privileges
 
+```text
     <HUAWEI> system-view
     [~HUAWEI] aaa
     [~HUAWEI-aaa] local-user oxidized password irreversible-cipher verysecret
     [*HUAWEI-aaa] local-user oxidized level 1
     [*HUAWEI-aaa] local-user oxidized service-type terminal ssh
     [*HUAWEI-aaa] commit
+```
 
 The commands Oxidized executes are:
 
@@ -17,11 +19,17 @@ The commands Oxidized executes are:
 3. display device
 4. display current-configuration all
 
-Command 2 and 3 can be executed without issues, but 1 and 4 are only available for higher level users. Instead of making Oxidized a read/write user on your device, lower the priviledge-level for commands 1 and 4:
+Command 2 and 3 can be executed without issues, but 1 and 4 are only available for higher level users. Instead of making Oxidized a read/write user on your device, lower the privilege-level for commands 1 and 4:
 
+```text
     <HUAWEI> system-view
     [~HUAWEI] command-privilege level 1 view global display current-configuration all
     [*HUAWEI] command-privilege level 1 view shell screen-length
     [*HUAWEI] commit
+```
 
-Oxidized can now retrieve your configuration!
+Oxidized can now retrieve your configuration!
+
+Caveat: Some versions of VRP default to appending a timestamp prior to the output of each `display` command, which will lead to superfluous updates. The configuration statement `timestamp disable` can be used to disable this functionality. (Issue #1218)
+
+Back to [Model-Notes](README.md)

data/docs/Model-Notes/XGS4600-Zyxel.md

@@ -0,0 +1,39 @@
+ZynOS Configuration
+===================
+
+## FTP
+
+FTP access is only possible as admin, other users can login but cannot pull the files.
+For the XGS4600 series the config file is _config_ and not _config-0_
+
+The following line in _oxidized/lib/oxidized/model/zynos.rb_ will need changing
+
+```text
+  cmd 'config-0'
+```
+
+The inclusion of an extra ftp option is also require. Within _input_ add the following
+
+```yaml
+input:
+  ftp:
+    passive: false
+```
+
+
+## SSH/TelNet
+
+Below is the table from the XGS4600 CLI Reference Guide (Version 3.79~4.50 Edition 1, 07/2017)
+Take this table with a pinch of salt, level 3 will not allow _show running-config_!
+
+Privilege Level | Types of commands at this privilege level
+----------------|-------------------------------------------
+0|Display basic system information.
+3|Display configuration or status.
+13|Configure features except for login accounts, SNMP user accounts, the authentication method sequence and authorization settings, multiple logins, administrator and enable passwords, and configuration information display.
+14|Configure login accounts, SNMP user accounts, the authentication method sequence and authorization settings, multiple logins, and administrator and enable passwords, and display configuration information.
+
+
+Oxidized can now retrieve your configuration!
+
+Back to [Model-Notes](README.md)

data/docs/Outputs.md

@@ -1,23 +1,22 @@
+# Outputs
 
-## Output
-
-### Output: File
+## Output: File
 
 Parent directory needs to be created manually, one file per device, with most recent running config.
 
-```
+```yaml
 output:
   file:
     directory: /var/lib/oxidized/configs
 ```
 
-### Output: Git
+## Output: Git
 
 This uses the rugged/libgit2 interface. So you should remember that normal Git hooks will not be executed.
 
-For a single repositories for all devices:
+For a single repository containing all devices:
 
-``` yaml
+```yaml
 output:
   default: git
   git:
@@ -26,9 +25,9 @@ output:
     repo: "/var/lib/oxidized/devices.git"
 ```
 
-And for groups repositories:
+And for group-based repositories:
 
-``` yaml
+```yaml
 output:
   default: git
   git:
@@ -40,14 +39,14 @@ output:
 Oxidized will create a repository for each group in the same directory as the `default.git`. For
 example:
 
-``` csv
+```csv
 host1:ios:first
 host2:nxos:second
 ```
 
 This will generate the following repositories:
 
-``` bash
+```bash
 $ ls /var/lib/oxidized/git-repos
 
 default.git first.git second.git
@@ -55,7 +54,7 @@ default.git first.git second.git
 
 If you would like to use groups and a single repository, you can force this with the `single_repo` config.
 
-``` yaml
+```yaml
 output:
   default: git
   git:
@@ -64,15 +63,14 @@ output:
 
 ```
 
-### Output: Git-Crypt
+## Output: Git-Crypt
 
 This uses the gem git and system git-crypt interfaces. Have a look at [GIT-Crypt](https://www.agwa.name/projects/git-crypt/) documentation to know how to install it.
 Additionally to user and email informations, you have to provide the users ID that can be a key ID, a full fingerprint, an email address, or anything else that uniquely identifies a public key to GPG (see "HOW TO SPECIFY A USER ID" in the gpg man page).
 
+For a single repository containing all devices:
 
-For a single repositories for all devices:
-
-``` yaml
+```yaml
 output:
   default: gitcrypt
   gitcrypt:
@@ -84,9 +82,9 @@ output:
       - "<user@example.com>"
 ```
 
-And for groups repositories:
+And for group-based repositories:
 
-``` yaml
+```yaml
 output:
   default: gitcrypt
   gitcrypt:
@@ -101,14 +99,14 @@ output:
 Oxidized will create a repository for each group in the same directory as the `default`. For
 example:
 
-``` csv
+```csv
 host1:ios:first
 host2:nxos:second
 ```
 
 This will generate the following repositories:
 
-``` bash
+```bash
 $ ls /var/lib/oxidized/git-repos
 
 default.git first.git second.git
@@ -116,7 +114,7 @@ default.git first.git second.git
 
 If you would like to use groups and a single repository, you can force this with the `single_repo` config.
 
-``` yaml
+```yaml
 output:
   default: gitcrypt
   gitcrypt:
@@ -130,11 +128,12 @@ output:
 
 Please note that user list is only updated once at creation.
 
-### Output: Http
+## Output: Http
 
-POST a config to the specified URL
+The HTTP output will POST a config to the specified HTTP URL. Basic username/password authentication is supported.
 
-```
+Example HTTP output configuration:
+```yaml
 output:
   default: http
   http:
@@ -143,13 +142,13 @@ output:
     url: "http://192.168.162.50:8080/db/coll"
 ```
 
-### Output types
+## Output types
 
 If you prefer to have different outputs in different files and/or directories, you can easily do this by modifying the corresponding model. To change the behaviour for IOS, you would edit `lib/oxidized/model/ios.rb` (run `gem contents oxidized` to find out the full file path).
 
 For example, let's say you want to split out `show version` and `show inventory` into separate files in a directory called `nodiff` which your tools will not send automated diffstats for. You can apply a patch along the lines of
 
-```
+```text
 -  cmd 'show version' do |cfg|
 -    comment cfg.lines.first
 +  cmd 'show version' do |state|
@@ -183,8 +182,8 @@ For example, let's say you want to split out `show version` and `show inventory`
 
 which will result in the following layout
 
-```
+```text
 diff/$FQDN--show_running_config
 nodiff/$FQDN--show_version
 nodiff/$FQDN--show_inventory
-```
+```

data/docs/Ruby-API.md

@@ -3,33 +3,39 @@
 The following objects exist in Oxidized.
 
 ## Input
- * gets config from nodes
- * must implement 'connect', 'get', 'cmd'
- * 'ssh', 'telnet, ftp, and tftp' implemented
+
+* gets config from nodes
+* must implement 'connect', 'get', 'cmd'
+* 'ssh', 'telnet', 'ftp', and 'tftp' implemented
 
 ## Output
- * stores config
- * must implement 'store' (may implement 'fetch')
- * 'git' and 'file' (store as flat ascii) implemented
+
+* stores config
+* must implement 'store' (may implement 'fetch')
+* 'git' and 'file' (store as flat ascii) implemented
 
 ## Source
- * gets list of nodes to poll
- * must implement 'load'
- * source can have 'name', 'model', 'group', 'username', 'password', 'input', 'output', 'prompt'
-   * name - name of the devices
-   * model - model to use ios/junos/xyz, model is loaded dynamically when needed (Also default in config file)
-   * input - method to acquire config, loaded dynamically as needed (Also default in config file)
-   * output - method to store config, loaded dynamically as needed (Also default in config file)
-   * prompt - prompt used for node (Also default in config file, can be specified in model too)
- * 'sql', 'csv' and 'http' (supports any format with single entry per line, like router.db)
+
+* gets list of nodes to poll
+* must implement 'load'
+* source can have 'name', 'model', 'group', 'username', 'password', 'input', 'output', 'prompt' for each device.
+  * `name` - name of the device
+  * `model` - model to use ('ios', 'junos', etc).The model is loaded dynamically by the first node of that model type. (Also default in config file)
+  * `input` - method to acquire config, loaded dynamically as needed (Also default in config file)
+  * `output` - method to store config, loaded dynamically as needed (Also default in config file)
+  * `prompt` - prompt used for node (Also default in config file, can be specified in model too)
+* 'sql', 'csv' and 'http' (supports any format with single entry per line, like router.db)
 
 ## Model
+
 ### At the top level
+
 A model may use several methods at the top level in the class. `cfg` is
 executed in input/output/source context. `cmd` is executed within an instance
 of the model.
 
 #### `cfg`
+
 `cfg` may be called with a list of methods (`:ssh`, `:telnet`) and a block with
 zero parameters.  Calling `cfg` registers the given access methods and calling
 it at least once is required for a model to work.
@@ -38,6 +44,7 @@ The block may contain commands to change some behaviour for the given methods
 (e.g. calling `post_login` to disable the pager).
 
 #### `cmd`
+
 Is used to specify commands that should be executed on a model in order to
 gather its configuration. It can be called with:
 
@@ -69,18 +76,21 @@ Execution order is `:all`, `:secret`, and lastly the command specific block, if
 given.
 
 #### `comment`
+
 Called with a single string containing the string to prepend for comments in
 emitted configuration for this model.
 
 If not specified the default of `'# '` will be used (note the trailing space).
 
 #### `prompt`
+
 Is called with a regular expression that is used to detect when command output
 ends after a command has been executed.
 
 If not specified, a default of `/^([\w.@-]+[#>]\s?)$/` is used.
 
 #### `expect`
+
 Called with a regular expression and a block. The block takes two parameters:
 the regular expression, and the data containing the match.
 
@@ -90,26 +100,36 @@ The passed data is replaced by the return value of the block.
 it's further processed.
 
 ### At the second level
+
 The following methods are available:
 
 #### `comment`
+
 Used inside `cmd` invocations. Comments out every line in the passed string and
 returns the result.
 
 #### `password`
+
 Used inside `cfg` invocations to specify the regular expression used to detect
 the password prompt. If not specified, the default of `/^Password/` is used.
 
 #### `post_login`
+
 Used inside `cfg` invocations to specify commands to run once Oxidized has
-logged in to the switch. Takes one argument that is either a block (taking zero
+logged in to the device. Takes one argument that is either a block (taking zero
 parameters) or a string containing a command to execute.
 
+This allows `post_login` to be used for any model-specific items prior to running the regular commands. This could include disabling the output pager or timestamp outputs that would cause constant differences.
+
 #### `pre_logout`
+
 Used to specify commands to run before Oxidized closes the connection to the
-switch. Takes one argument that is either a block (taking zero parameters) or a
+device. Takes one argument that is either a block (taking zero parameters) or a
 string containing a command to execute.
 
+This allows `pre_logout` to be used to 'undo' any changes that may have been needed via `post_login` (restore pager output, etc.)
+
 #### `send`
+
 Usually used inside `expect` or blocks passed to `post_login`/`pre_logout`.
-Takes a single parameter: a string to be sent to the switch.
+Takes a single parameter: a string to be sent to the device.