oxidized 0.28.0 → 0.29.0

data/README.md

@@ -1,5 +1,6 @@
 # Oxidized
-[![Build Status](https://api.travis-ci.com/ytti/oxidized.svg)](https://travis-ci.com/ytti/oxidized)
+
+[![Build Status](https://github.com/ytti/oxidized/actions/workflows/ruby.yml/badge.svg)](https://github.com/ytti/oxidized/actions/workflows/ruby.yml)
 [![codecov.io](https://codecov.io/gh/ytti/oxidized/coverage.svg?branch=master)](https://codecov.io/gh/ytti/oxidized?branch=master)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/5a90cb22db6a4d5ea23ad0dfb53fe03a)](https://www.codacy.com/app/ytti/oxidized?utm_source=github.com&utm_medium=referral&utm_content=ytti/oxidized&utm_campaign=Badge_Grade)
 [![Code Climate](https://codeclimate.com/github/ytti/oxidized/badges/gpa.svg)](https://codeclimate.com/github/ytti/oxidized)
@@ -8,7 +9,7 @@
 
 Oxidized is a network device configuration backup tool. It's a RANCID replacement!
 
-Light and extensible, Oxidized supports more than 120 operating system types.
+Light and extensible, Oxidized supports over 130 operating system types.
 
 Feature highlights:
 
@@ -76,7 +77,7 @@ Check out the [Oxidized TREX 2014 presentation](http://youtu.be/kBQ_CTUuqeU#t=3h
 
 ### Debian and Ubuntu
 
-Debian "buster" or newer and Ubuntu 17.10 (artful) or newer are recommended. On Ubuntu, begin by enabling the `universe` 
+Debian "buster" or newer and Ubuntu 17.10 (artful) or newer are recommended. On Ubuntu, begin by enabling the `universe`
 repository (required for libssh2-1-dev):
 
 ```shell
@@ -98,14 +99,14 @@ gem install oxidized-script oxidized-web # If you don't install oxidized-web, en
 
 ### CentOS, Oracle Linux, Red Hat Linux
 
-On CentOS 6 and 7 / RHEL 6 and 7, begin by installing Ruby 2.3 or greater. This can be accomplished in one of two ways:
+On CentOS 6 and 7 / RHEL 6 and 7, begin by installing Ruby 2.3 or greater. This can be accomplished in one of several ways:
 
 Install Ruby 2.3 from [SCL](https://www.softwarecollections.org/en/scls/rhscl/rh-ruby23/):
 
 ```shell
 yum install centos-release-scl
-yum install rh-ruby23 rh-ruby23-ruby-devel
-scl enable rh-ruby23 bash
+yum install rh-ruby30 rh-ruby30-ruby-devel
+scl enable rh-ruby30 bash
 ```
 
 The following additional packages will be required to build the dependencies:
@@ -114,15 +115,35 @@ The following additional packages will be required to build the dependencies:
 yum install make cmake which sqlite-devel openssl-devel libssh2-devel ruby gcc ruby-devel libicu-devel gcc-c++
 ```
 
-Alternatively, install Ruby 2.3 by following the instructions at [Installing Ruby 2.3 using RVM](#installing-ruby-23-using-rvm).
+Alternatively, install Ruby 2.6 via RVM by following the instructions:
+
+Make sure you dont have any leftover ruby:
+```yum erase ruby```
 
-Finally, install oxidized via Rubygems:
+Then, install gpg key and rvm
 
 ```shell
-gem install oxidized
-gem install oxidized-script oxidized-web # if you don't install oxidized-web, make sure you remove "rest" from your config
+sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
+curl -sSL https://get.rvm.io | bash -s stable
+source /etc/profile.d/rvm.sh
+rvm requirements run
+rvm install 3.0
+rvm use 3.0
 ```
 
+Install oxidized requirements:
+```yum install make cmake which sqlite-devel openssl-devel libssh2-devel gcc libicu-devel gcc-c++```
+
+Install the gems:
+```gem install oxidized oxidized-web```
+
+You need to wrap the gem and reference the wrap in the systemctl service file:
+```rvm wrapper oxidized```
+
+You can see where the wrapped gem is via
+```rvm wrapper show oxidized```
+Use that path in the oxidized.service file, restart the systemctl daemon, run oxidized by hand once, edit config file, start service.
+
 ### FreeBSD
 
 [Use RVM to install Ruby v2.3](#installing-ruby-23-using-rvm), then install all required packages and gems:
@@ -177,7 +198,7 @@ Run the container for the first time to initialize the config:
 _Note: this step in only required for creating the Oxidized configuration file and can be skipped if you already have one._
 
 ```shell
-docker run --rm -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest oxidized
+docker run --rm -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest oxidized
 ```
 
 If the RESTful API and Web Interface are enabled, on the docker host running the container
@@ -188,15 +209,23 @@ Alternatively, you can use docker-compose to launch the oxidized container:
 ```yaml
 # docker-compose.yml
 # docker-compose file example for oxidized that will start along with docker daemon
-oxidized:
-  restart: always
-  image: oxidized/oxidized:latest
-  ports:
-    - 8888:8888/tcp
-  environment:
-    CONFIG_RELOAD_INTERVAL: 600
-  volumes:
-    - /etc/oxidized:/root/.config/oxidized
+---
+version: "3"
+services:
+  oxidized:
+    restart: always
+    image: oxidized/oxidized:latest
+    ports:
+      - 8888:8888/tcp
+    environment:
+      CONFIG_RELOAD_INTERVAL: 600
+    volumes:
+       - config:/home/oxidized/.config/oxidized/config
+       - router.db:/home/oxidized/.config/oxidized/router.db
+       - model:/home/oxidized/.config/oxidized/model
+       # if git is use as input
+       - data:/home/oxidized/.config/oxidized/backupcfg/
+
 ```
 
 Create the `/etc/oxidized/router.db` (see [CSV Source](docs/Sources.md#source-csv) for further info):
@@ -208,7 +237,7 @@ vim /etc/oxidized/router.db
 Run container again to start oxidized with your configuration:
 
 ```shell
-docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest
+docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest
 oxidized[1]: Oxidized starting, running as pid 1
 oxidized[1]: Loaded 1 nodes
 Puma 2.13.4 starting...
@@ -220,13 +249,13 @@ Puma 2.13.4 starting...
 If you want to have the config automatically reloaded (e.g. when using a http source that changes):
 
 ```shell
-docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -e CONFIG_RELOAD_INTERVAL=3600 -t oxidized/oxidized:latest
+docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp -e CONFIG_RELOAD_INTERVAL=3600 -t oxidized/oxidized:latest
 ```
 
 If you need to use an internal CA (e.g. to connect to an private github instance):
 
 ```shell
-docker run -v /etc/oxidized:/root/.config/oxidized -v /path/to/MY-CA.crt:/usr/local/share/ca-certificates/MY-CA.crt -p 8888:8888/tcp -e UPDATE_CA_CERTIFICATES=true -t oxidized/oxidized:latest
+docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -v /path/to/MY-CA.crt:/usr/local/share/ca-certificates/MY-CA.crt -p 8888:8888/tcp -e UPDATE_CA_CERTIFICATES=true -t oxidized/oxidized:latest
 ```
 
 ### Installing Ruby 2.3 using RVM
@@ -260,7 +289,7 @@ Oxidized configuration is in YAML format. Configuration files are subsequently s
 It is recommended practice to run Oxidized using its own username.  This username can be added using standard command-line tools:
 
 ```shell
-useradd oxidized
+useradd -s /bin/bash -m oxidized
 ```
 
 > It is recommended __not__ to run Oxidized as root.
@@ -324,9 +353,9 @@ Run `oxidized` again to take the first backups.
 
 ## Extra
 
-### Ubuntu SystemV init setup
+### Ubuntu init setup
 
-The init script assumes that you have a user named 'oxidized' and that oxidized is in one of the following paths:
+The systemd service assumes that you have a user named 'oxidized' and that oxidized is in one of the following paths:
 
 ```text
 /sbin
@@ -336,18 +365,23 @@ The init script assumes that you have a user named 'oxidized' and that oxidized
 /usr/local/bin
 ```
 
-1. Copy init script from extra/ folder to /etc/init.d/oxidized
-2. Setup /var/run/
+1. Copy systemd service file from extra/ folder to /etc/systemd/system
+
+```shell
+sudo cp extra/oxidized.service /etc/systemd/system
+```
+
+2. Setup `/var/run/`
 
 ```shell
-mkdir /var/run/oxidized
-chown oxidized:oxidized /var/run/oxidized
+mkdir /run/oxidized
+chown oxidized:oxidized /run/oxidized
 ```
 
 3. Make oxidized start on boot
 
 ```shell
-update-rc.d oxidized defaults
+sudo systemctl enable oxidized.service
 ```
 
 ## Help
@@ -385,7 +419,7 @@ If you would like to be a maintainer for Oxidized then please read through the b
 
 ## YES, I WANT TO HELP
 
-Awesome! Simply send an email to Saku Ytti <saku@ytti.fi>.
+Awesome! Simply send an e-mail to Saku Ytti at <saku@ytti.fi>.
 
 ## Further reading
 

data/Rakefile

@@ -33,6 +33,8 @@ task :test do
 end
 
 task build: %i[chmod version_set]
+
+desc 'Set Gem Version'
 task :version_set do
   Oxidized.version_set
   Bundler::GemHelper.instance.gemspec.version = Oxidized::VERSION

data/docs/Configuration.md

@@ -124,7 +124,7 @@ Finally, multiple private keys can be specified as an array of file paths, such
 
 ## SSH Proxy Command
 
-Oxidized can `ssh` through a proxy as well. To do so we just need to set `ssh_proxy` variable with the proxy host information and optionally set the `ssh_proxy_port` with the SSH port if it is not listening no port 22.
+Oxidized can `ssh` through a proxy as well. To do so we just need to set `ssh_proxy` variable with the proxy host information and optionally set the `ssh_proxy_port` with the SSH port if it is not listening on port 22.
 
 This can be provided on a per-node basis by mapping the proper fields from your source.
 
@@ -184,7 +184,11 @@ model: junos
 interval: 3600 #interval in seconds
 log: ~/.config/oxidized/log
 debug: false
-threads: 30
+threads: 30 # maximum number of threads
+# use_max_threads:
+# false - the number of threads is selected automatically based on the interval option, but not more than the maximum
+# true - always use the maximum number of threads
+use_max_threads: false
 timeout: 20
 retries: 3
 prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
@@ -238,13 +242,51 @@ groups:
     password: ubnt
 ```
 
-and add group mapping
+Model specific variables within groups
 
 ```yaml
-map:
-  model: 0
-  name: 1
-  group: 2
+groups:
+  foo:
+    models:
+      arista:
+        vars:
+          ssh_keys: "~/.ssh/id_rsa_foo_arista"
+      vyatta:
+        vars:
+          ssh_keys: "~/.ssh/id_rsa_foo_vyatta"
+  bar:
+    models:
+      routeros:
+        vars:
+          ssh_keys: "~/.ssh/id_rsa_bar_routeros"
+      vyatta:
+        vars:
+          ssh_keys: "~/.ssh/id_rsa_bar_vyatta"
+```
+
+For mapping multiple group values to a common name
+
+```yaml
+group_map:
+  alias1: groupA
+  alias2: groupA
+  alias3: groupB
+  alias4: groupB
+  aliasN: groupZ
+  ...
+```
+
+add group mapping to a source
+
+```yaml
+source:
+  ...
+  <source>:
+    ...
+    map:
+      model: 0
+      name: 1
+      group: 2
 ```
 
 For model specific credentials

data/docs/Creating-Models.md

@@ -10,11 +10,11 @@ This methodology allows local site changes to be preserved during Oxidized versi
 
 An Oxidized model, at minimum, requires just three elements:
 
-* A model file, this file should be placed in the ~/.config/oxidized directory and named after the target OS type.
+* A model file, this file should be placed in the ~/.config/oxidized/model directory and named after the target OS type.
 * A class defined within this file with the same name as the file itself that inherits from `Oxidized::Model`, the base model class.
 * At least one command that will be executed and the output of which will be collected by Oxidized.
 
-A bare-bone example for a fictional model running the OS type `rootware` could be introduced by creating the file `~/.config/oxidized/rootware.rb`, with the following content:
+A bare-bone example for a fictional model running the OS type `rootware` could be introduced by creating the file `~/.config/oxidized/model/rootware.rb`, with the following content:
 
 ```ruby
 class RootWare < Oxidized::Model
@@ -124,13 +124,19 @@ This functionality is supported for `cfg`, `cmd`, `pre`, `post`, and `expect` bl
 Examples:
 
 ```ruby
-cmd :secret clear: true do
+cmd :secret, clear: true do
   ... "(new code for secret removal which replaces the existing :secret definition in the model)" ...
 end
 ```
 
 ```ruby
-cmd :ssh do prepend: true do
+cmd 'show version', clear: true do |cfg|
+  ... "(new code for parsing 'show version', replaces the existing definition in the model)" ...
+end
+```
+
+```ruby
+cmd :ssh, prepend: true do
   ... "(code that should run first, before any code in the existing :ssh definition in the model)" ...
 end
 ```

data/docs/Hooks.md

@@ -36,6 +36,8 @@ OX_JOB_STATUS
 OX_JOB_TIME
 OX_REPO_COMMITREF
 OX_REPO_NAME
+OX_ERR_TYPE
+OX_ERR_REASON
 ```
 
 Exec hook recognizes the following configuration keys:
@@ -62,12 +64,15 @@ hooks:
 
 ## Hook type: githubrepo
 
+Note: You must not use the same name as any local repo configured under output. Make sure your 'git' output has a unique name that does not match your remote_repo.
+
 The `githubrepo` hook executes a `git push` to a configured `remote_repo` when the specified event is triggered.
 
 Several authentication methods are supported:
 
 * Provide a `password` for username + password authentication
 * Provide both a `publickey` and a `privatekey` for ssh key-based authentication
+* Provide only a `privatekey` (public key filename is assumed to be `privatekey` + "`.pub`"
 * Don't provide any credentials for ssh-agent authentication
 
 The username will be set to the relevant part of the `remote_repo` URI, with a fallback to `git`. It is also possible to provide one by setting the `username` configuration key.
@@ -79,10 +84,15 @@ For ssh key-based authentication, it is possible to set the environment variable
 * `remote_repo`: the remote repository to be pushed to.
 * `username`: username for repository auth.
 * `password`: password for repository auth.
-* `publickey`: public key file path for repository auth.
+* `publickey`: public key file path for repository auth. (optional)
 * `privatekey`: private key file path for repository auth.
+  * NOTE: this key needs to be in the legacy PEM format, not the newer OpenSSL format [#1877](https://github.com/ytti/oxidized/issues/1877), [#2324](https://github.com/ytti/oxidized/issues/2324)
+    * To convert a key beginning with `BEGIN OPENSSH PRIVATE KEY` to the legacy PEM format, run this command:
+      `ssh-keygen -p -m PEM -f $MY_KEY_HERE`
+
+When using groups, `remote_repo` must be a dictionary of groups that the hook should apply to. If a group is missing from the dictionary, no action will be taken.
 
-When using groups, each group must have a unique entry in the `remote_repo` config.
+The dictionary entry can either be a url alone:
 
 ```yaml
 hooks:
@@ -93,6 +103,25 @@ hooks:
       firewalls: git@git.intranet:oxidized/firewalls.git
 ```
 
+... or it can be a dictionary with `url` and `privatekey` specified:
+
+```yaml
+hooks:
+  push_to_remote:
+    remote_repo:
+      routers:
+        url: git@git.intranet:oxidized/routers.git
+        privatekey: /root/.ssh/id_rsa_routers
+      switches:
+        url: git@git.intranet:oxidized/switches.git
+        privatekey: /root/.ssh/id_rsa_switches
+      firewalls:
+        url: git@git.intranet:oxidized/firewalls.git
+        privatekey: /root/.ssh/id_rsa_firewalls
+```
+
+Both forms can be mixed and matched.
+
 ### githubrepo hook configuration example
 
 Authenticate with a username and a password without groups in use:
@@ -150,12 +179,12 @@ Your AWS credentials should be stored in `~/.aws/credentials`.
 
 ## Hook type: slackdiff
 
-The `slackdiff` hook posts colorized config diffs to a [Slack](http://www.slack.com) channel of your choice. It only triggers for `post_store` events.
+The `slackdiff` hook posts colorized config diffs to a [Slack](https://www.slack.com) channel of your choice. It only triggers for `post_store` events.
 
-You will need to manually install the `slack-api` gem on your system:
+You will need to manually install the `slack-ruby-client` gem on your system:
 
 ```shell
-gem install slack-api
+gem install slack-ruby-client
 ```
 
 ### slackdiff hook configuration example
@@ -169,7 +198,7 @@ hooks:
     channel: "#network-changes"
 ```
 
-The token parameter is a "legacy token" and is generated [Here](https://api.slack.com/custom-integrations/legacy-tokens).
+The token parameter is a Slack API token that can be generated following [this tutorial](https://api.slack.com/tutorials/tracks/getting-a-token).  Until Slack stops supporting them, legacy tokens can also be used.
 
 Optionally you can disable snippets and post a formatted message, for instance linking to a commit in a git repo. Named parameters `%{node}`, `%{group}`, `%{model}` and `%{commitref}` are available.
 

data/docs/Model-Notes/ADVA.md

@@ -0,0 +1,12 @@
+# ADVA Configuration
+
+To ensure Oxidized can fetch the configuration, you have to make sure that `cli-paging` is set to `disabled` for the user that is used to connect to the ADVA devices.
+
+## Restoring the configuration
+
+In order to trick the device into restoring the files you need to add the following remarks as first line of the file.
+```
+# DO NOT EDIT THIS LINE. FILE_TYPE=CONFIGURATION_FILE
+```
+
+Back to [Model-Notes](README.md)

data/docs/Model-Notes/Cumulus.md

@@ -8,11 +8,15 @@ With the release of Cumulus Linux 3.4.0 the platform moved the routing daemon to
 
 A variable has been added to enable users running Cumulus Linux > 3.4.0 to target the new `frr` routing daemon.
 
+## NCLU
+It is possible to switch to [NCLU](https://docs.nvidia.com/networking-ethernet-software/cumulus-linux-44/System-Configuration/Network-Command-Line-Utility-NCLU/) as a configuration collecting method, by setting `cumulus_use_nclu` to true
+
 ### Example usage
 
 ```yaml
 vars:
   cumulus_routing_daemon: frr
+  cumulus_use_nclu: true
 ```
 
 Alternatively map a column for the  `cumulus_routing_daemon` variable.
@@ -35,6 +39,8 @@ And set the `cumulus_routing_daemon` variable in the `router.db` file.
 cumulus1:192.168.121.134:cumulus:cumulus:frr
 ```
 
-The default variable is `quagga` so existing installations continue to operate without interruption.
+The default value for `cumulus_routing_daemon` is `quagga` so existing installations continue to operate without interruption.
+
+The default value for `cumulus_use_nclu` is `false`, in case NCLU is not installed.
 
 Back to [Model-Notes](README.md)

data/docs/Model-Notes/IOS.md

@@ -26,4 +26,40 @@ class IOS
 end
 ```
 
+## Support Lower Privilege Level (Readonly RBAC) User Accounts
+
+If Oxidized is configured to use a lower privilege level (readonly) local
+account, it may be necessary for it to run "show running-config view full"
+instead of "show running-config". In these cases, the ```ios_rbac: true```
+variable needs to be set either as a top-level variable or at the groups
+level.
+
+Below are examples showing how each option can be enabled in the oxidized config:
+
+### Top Level Variable
+
+```yaml
+vars:
+  ios_rbac: true
+```
+
+### Group Level Variable
+
+```yaml
+groups:
+  cisco:
+    vars:
+      ios_rbac: true
+source:
+  default: csv
+  csv:
+    file: /home/oxidized/.config/oxidized/router.db
+    delimiter: !ruby/regexp /:/
+    map:
+      name: 0
+      ip: 1
+      model: 2
+      group: 2
+```
+
 Back to [Model-Notes](README.md)

data/docs/Model-Notes/JunOS.md

@@ -23,9 +23,9 @@ The commands Oxidized executes are:
 3. show version
 4. show chassis hardware
 5. show system license
-6. show system license keys (ex22|ex33|ex4|ex8|qfx only)
-7. show virtual-chassis (MX960 only)
-8. show chassis fabric reachability
+6. show system license keys
+7. show virtual-chassis (ex22|ex33|ex4|ex8|qfx only)
+8. show chassis fabric reachability (MX960 only)
 9. show configuration
 
 Oxidized can now retrieve your configuration!

data/docs/Model-Notes/LenovoNOS.md

@@ -0,0 +1,29 @@
+# Lenovo Network OS
+
+## Remove unstable lines
+
+Some configuration lines change each time you issue the `show running-config` command. These are strings with user passwords and keys (TACACS, RADIUS, etc). In order not to create many elements in the configuration history, these changing lines can be replaced with a stub line. This is what the `remove_unstable_lines` variable is for. Configuration example:
+
+```yaml
+vars:
+  remove_unstable_lines: true
+```
+
+Alternatively map a column for the `remove_unstable_lines` variable.
+
+```yaml
+source:
+  csv:
+    map:
+      name: 0
+      ip: 1
+      model: 2
+      group: 3
+    vars_map:
+      remove_unstable_lines: 4
+```
+
+If the value of the variable is `true`, then changing lines will be replaced with a `<unstable line hidden>` stub. Otherwise, the configuration will be saved unchanged. The default value of the variable is `false`.
+
+Back to [Model-Notes](README.md)
+

data/docs/Model-Notes/LinksysSRW.md

@@ -0,0 +1,15 @@
+# LinksysSRW model notes
+
+This is a switch model with a horible IE5 only web interface that is unusable in any modern browser due to broken and buggy html and javascript.
+
+On a first glance the serial or telnet interface isn't any more usable, but there is a way to break out of the menu driven interface and start a more usable cli.
+
+This is what this model does and dumps the config in there.
+
+As far as I know, the Linksys SRW 2008, SRW2016 , SRW2024 and SRW2048 are the only switches running this os/ui, but there might be others out there.
+
+Over snmp they identifes them self as Operating System: Cisco Small Business Software, so that might be a clue to look for if you're trying to figure out if your switch could have this hidden cli.
+
+The author of this model isn't the one who found this "hidden" cli but only someone who integrated it with oxidized. The real credits goes out to some unknown hero out there on the internet who figured this out a long time ago.
+
+Back to [Model-Notes](README.md)

data/docs/Model-Notes/Nokia.md

@@ -7,3 +7,6 @@ Nokia ISAM might require disabling SSH keepalives.
 [Reference](https://github.com/ytti/oxidized/issues/1482)
 
 Back to [Model-Notes](README.md)
+
+## Model-driven CLI in Nokia SR OS (starting from versions 16.1.R1)
+New model `srosmd` is introduced which collects information in model-driven format.

data/docs/Model-Notes/OS10.md

@@ -0,0 +1,33 @@
+# OS10 Configuration
+
+Disable banner/motd
+
+```text
+banner login disable
+banner motd disable
+```
+
+Add allowed commands to privilege level 4
+
+```text
+privilege exec priv-lvl 4 "show inventory"
+privilege exec priv-lvl 4 "show inventory media"
+privilege exec priv-lvl 4 "show running-configuration"
+```
+
+Create the user will the role sysadmin (it will see the full config, including auth info and users) and the privilege level 4
+
+```text
+username oxidized password verysecurepassword role sysadmin priv-lvl 4
+```
+
+The commands Oxidized executes are:
+
+1. terminal length 0
+2. show inventory
+3. show inventory media
+4. show running-configuration
+
+Oxidized can now retrieve your configuration!
+
+Back to [Model-Notes](README.md)

data/docs/Model-Notes/PanOS_API.md

@@ -0,0 +1,28 @@
+# PanOS API
+
+Backup Palo Alto XML configuration via the HTTP API. Works for PanOS and Panorama.
+
+Logs in using username and password and fetches an API key.
+
+## Requirements
+
+- Create a user with a `Superuser (read-only)` admin role in Panorama or PanOS
+- Make sure the `nokogiri` gem is installed with your oxidized host
+
+## Configuration
+
+Make sure the following is configured in the oxidized config:
+
+```yaml
+# allow ssl host name verification
+resolve_dns: false
+input:
+  default: ssh, http
+  http:
+    secure: true
+    ssl_verify: true
+
+# model specific configuration
+#model:
+#  panos_api:
+```

data/docs/Model-Notes/README.md

@@ -17,8 +17,10 @@ Cisco IOS|[IOS](IOS.md)|29 Mar 2019
 Juniper|[MX/QFX/EX/SRX/J Series](JunOS.md)|18 Jan 2018
 Netgear|[Netgear](Netgear.md)|11 Apr 2018
 Nokia|[Nokia ISAM](Nokia.md)|22 Aug 2018
+Dell/EMC|[Dell EMC Networking OS10](OS10.md)|07 Dec 2021
 Viptela|[Viptela](Viptela.md)|1 Jul 2018
 Zyxel|[XGS4600 Series](XGS4600-Zyxel.md)|1 Feb 2018
 Linux|[LinuxGeneric](LinuxGeneric.md)|10 Jun 2019
+Lenovo|[Lenovo Network OS](LenovoNOS.md)|5 Apr 2022
 
 If you discover additional caveats or problems please make sure to consult the [GitHub issues for oxidized](https://github.com/ytti/oxidized/issues) known issues.