oxidized 0.32.0 → 0.33.0

data/docs/Supported-OS-Types.md

@@ -75,6 +75,7 @@
 |                    |Dell EMC Networking OS10      |[os10](/lib/oxidized/model/os10.rb)              |                 |[Dell EMC Networking OS10](Model-Notes/OS10.md)
 |D-Link              |D-Link                        |[dlink](/lib/oxidized/model/dlink.rb)
 |                    |D-Link cisco like CLI         |[dlinknextgen](/lib/oxidized/model/dlinknextgen.rb)
+|Eaton               |Gigabit Network Card          |[eatonnetwork](/lib/oxidized/model/eatonnetwork.rb) |@thanegill
 |ECI Telecom         |ECIapollo                     |[eciapollo](/lib/oxidized/model/eciapollo.rb)
 |EdgeCore            |ECS3510, ES3526XA-V2, ES3528M |[edgecos](/lib/oxidized/model/edgecos.rb)
 |Eltex               |Eltex                         |[eltex](/lib/oxidized/model/eltex.rb)
@@ -113,6 +114,7 @@
 |Huawei              |VRP                           |[vrp](/lib/oxidized/model/vrp.rb)                |                 |[VRP-Huawei](Model-Notes/VRP-Huawei.md)
 |                    |SmartAX series                |[smartax](/lib/oxidized/model/smartax.rb)        |                 |[SmartAX-Huawei](Model-Notes/SmartAX-Huawei.md)
 |Icotera             |6400 series                   |[icotera](/lib/oxidized/model/icotera.rb)
+|Ingate              |SIParator/Firewalls           |[ingate](/lib/oxidized/model/ingate.rb)          |@thanegill
 |IP Infusion         |OcNOS                         |[ocnos](/lib/oxidized/model/ocnos.rb)
 |Juniper             |JunOS                         |[junos](/lib/oxidized/model/junos.rb)            |                 |[MX/QFX/EX/SRX/J Series](Model-Notes/JunOS.md)
 |                    |ScreenOS (Netscreen)          |[screenos](/lib/oxidized/model/screenos.rb)
@@ -169,6 +171,7 @@
 |                    |Edgeos                        |[edgeos](/lib/oxidized/model/edgeos.rb)
 |                    |EdgeSwitch                    |[edgeswitch](/lib/oxidized/model/edgeswitch.rb)
 |                    |AirFiber                      |[airfiber](/lib/oxidized/model/airfiber.rb)
+|                    |UnifiAP                       |[unifiap](/lib/oxidized/model/unifiap.rb)              |@clifcox      |Also suports AirOS, and some Unifi switches
 |Uplink              |EP4440-DP                     |[EP4440](/lib/oxidized/model/uplinkolt.rb)             | |Might support all EP4440 series
 |VMWare              |NSX Edge (configuration)      |[nsxconfig](/lib/oxidized/model/nsxconfig.rb)
 |                    |NSX Edge (firewall rules)     |[nsxfirewall](/lib/oxidized/model/nsxfirewall.rb)

data/docs/Troubleshooting.md

@@ -87,7 +87,8 @@ find an example how to do this under [examples/podman-compose](/examples/podman-
 
 ## Git performance issues with large device counts
 When you use git to store your configurations, the size of your repository will
-grow over time. This growth can lead to performance issues. To resolve these issues, you should perform a Git garbage collection on your repository.
+grow over time. This growth can lead to performance issues. To resolve these
+issues, you should perform a Git garbage collection on your repository.
 
 Follow these steps to do so:
 
@@ -97,6 +98,10 @@ Follow these steps to do so:
 4. Execute the command `git gc` to run the garbage collection
 5. Restart oxidized - you're done!
 
+Note that slow performance in oxidized-web when listing the versions of a device
+are due to the necessity to go through the whole git log to search the
+history. See Issue #3121, the fix will come with oxidized version 0.33.0.
+
 ## Oxidized ignores the changes I made to its git repository
 First of all: you shouldn't manipulate the git repository of oxidized. Don't
 create it, don't modify it, leave it alone. You can break things. You have

data/extra/rest_client.rb

@@ -6,7 +6,7 @@ module Oxidized
     require 'asetus'
 
     class Config
-      Root = ENV['OXIDIZED_HOME'] || File.join(Dir.home, '.config', 'oxidized')
+      ROOT = ENV['OXIDIZED_HOME'] || File.join(Dir.home, '.config', 'oxidized')
     end
 
     CFGS = Asetus.new name: 'oxidized', load: false, key_to_s: true

data/lib/oxidized/config/vars.rb

@@ -1,17 +1,21 @@
-module Oxidized::Config::Vars
-  # convenience method for accessing node, group or global level user variables
-  def vars(name)
-    model_name = @node.model.class.name.to_s.downcase
-    if @node.vars&.has_key?(name)
-      @node.vars[name]
-    elsif Oxidized.config.groups.has_key?(@node.group) && Oxidized.config.groups[@node.group].models.has_key(model_name) && Oxidized.config.groups[@node.group].models[model_name].vars.has_key?(name.to_s)
-      Oxidized.config.groups[@node.group].models[model_name].vars[name.to_s]
-    elsif Oxidized.config.groups.has_key?(@node.group) && Oxidized.config.groups[@node.group].vars.has_key?(name.to_s)
-      Oxidized.config.groups[@node.group].vars[name.to_s]
-    elsif Oxidized.config.models.has_key(model_name) && Oxidized.config.models[model_name].vars.has_key?(name.to_s)
-      Oxidized.config.models[model_name].vars[name.to_s]
-    elsif Oxidized.config.vars.has_key?(name.to_s)
-      Oxidized.config.vars[name.to_s]
+module Oxidized
+  class Config
+    module Vars
+      # convenience method for accessing node, group or global level user variables
+      def vars(name)
+        model_name = @node.model.class.name.to_s.downcase
+        if @node.vars&.has_key?(name)
+          @node.vars[name]
+        elsif Oxidized.config.groups.has_key?(@node.group) && Oxidized.config.groups[@node.group].models.has_key(model_name) && Oxidized.config.groups[@node.group].models[model_name].vars.has_key?(name.to_s)
+          Oxidized.config.groups[@node.group].models[model_name].vars[name.to_s]
+        elsif Oxidized.config.groups.has_key?(@node.group) && Oxidized.config.groups[@node.group].vars.has_key?(name.to_s)
+          Oxidized.config.groups[@node.group].vars[name.to_s]
+        elsif Oxidized.config.models.has_key(model_name) && Oxidized.config.models[model_name].vars.has_key?(name.to_s)
+          Oxidized.config.models[model_name].vars[name.to_s]
+        elsif Oxidized.config.vars.has_key?(name.to_s)
+          Oxidized.config.vars[name.to_s]
+        end
+      end
     end
   end
 end

data/lib/oxidized/config.rb

@@ -35,7 +35,6 @@ module Oxidized
       asetus.default.timeout       = 20
       asetus.default.retries       = 3
       asetus.default.prompt        = /^([\w.@-]+[#>]\s?)$/
-      asetus.default.rest          = '127.0.0.1:8888' # or false to disable
       asetus.default.next_adds_job = false            # if true, /next adds job, so device is fetched immmeiately
       asetus.default.vars          = {}               # could be 'enable'=>'enablePW'
       asetus.default.groups        = {}               # group level configuration
@@ -43,6 +42,9 @@ module Oxidized
       asetus.default.models        = {}               # model level configuration
       asetus.default.pid           = File.join(Oxidized::Config::ROOT, 'pid')
 
+      # Extentions
+      asetus.default.extensions['oxidized-web'].load = false
+
       asetus.default.crash.directory = File.join(Oxidized::Config::ROOT, 'crashes')
       asetus.default.crash.hostnames = false
 

data/lib/oxidized/core.rb

@@ -23,15 +23,36 @@ module Oxidized
       end
       Signals.register_signal('HUP', reload_proc)
 
-      # Initialize REST API and webUI if requested
-      if Oxidized.config.rest?
+      # Load extensions, currently only oxidized-web
+      # We have different namespaces for oxidized-web, which needs to be
+      # adressed if we need a generic way to load extensions:
+      # - gem: oxidized-web
+      # - module: Oxidized::API
+      # - path: oxidized/web
+      # - entrypoint: Oxidized::API::Web.new(nodes, configuration)
+
+      # Initialize oxidized-web if requested
+      if Oxidized.config.has_key? 'rest'
+        Oxidized.logger.warn(
+          'configuration: "rest" is deprecated. Migrate to ' \
+          '"extensions.oxidized-web" and remove "rest" from the configuration'
+        )
+        configuration = Oxidized.config.rest
+      elsif Oxidized.config.extensions['oxidized-web'].load?
+        # This comment stops rubocop complaining about Style/IfUnlessModifier
+        configuration = Oxidized.config.extensions['oxidized-web']
+      end
+
+      if configuration
         begin
           require 'oxidized/web'
         rescue LoadError
-          raise OxidizedError, 'oxidized-web not found: sudo gem install oxidized-web - \
-          or disable web support by setting "rest: false" in your configuration'
+          raise OxidizedError,
+                'oxidized-web not found: install it or disable it by ' \
+                'removing "rest" and "extensions.oxidized-web" from your ' \
+                'configuration'
         end
-        @rest = API::Web.new nodes, Oxidized.config.rest
+        @rest = API::Web.new nodes, configuration
         @rest.run
       end
       run

data/lib/oxidized/input/http.rb

@@ -59,7 +59,7 @@ module Oxidized
 
       if res.code == '401' && res['www-authenticate']&.include?('Digest')
         uri.user = @username
-        uri.password = @password
+        uri.password = URI.encode_www_form_component(@password)
         Oxidized.logger.debug "Server requires Digest authentication"
         auth = Net::HTTP::DigestAuth.new.auth_header(uri, res['www-authenticate'], 'GET')
 

data/lib/oxidized/model/aos7.rb

@@ -26,6 +26,9 @@ class AOS7 < Oxidized::Model
   end
 
   cmd 'show hardware-info' do |cfg|
+    # Remove extra lines occuring when the command runs slow
+    cfg.gsub! /^Please wait...\n/, ''
+    cfg.gsub! /^\n\n\n/, "\n\n"
     comment cfg
   end
 

data/lib/oxidized/model/eatonnetwork.rb

@@ -0,0 +1,65 @@
+class EatonNetwork < Oxidized::Model
+  using Refinements
+  # Eaton Gigabit Network Card M3
+
+  # -p option is a passphrase used to encrypted parts of the config data, the
+  # encrypted data is nondeterministic and changes with each run. Use auth
+  # password as the passphrase.
+  #
+  # See docs/Model-Notes/EatonNetwork.md for more info
+  post do
+    # Get config in post to allow passing auth password to cmd.
+    cfg = cmd "save_configuration -p #{@node.auth[:password]}"
+    cfg
+  end
+
+  cmd :all do |cfg|
+    # `save_configuration` echos the command back, outputs date time info, with
+    # last line is the prompt again.
+    json_str = cfg.each_line.select { |line| line.match /^\{/ }.join
+    json = JSON.parse(json_str)
+
+    json['features']['userAndSessionManagement']['data']['settings']['all']['1.0']['local']['1.0']['predefinedAccounts'].each do |n|
+      n.delete('attemptLogin')
+      n['password'].delete('history')
+    end
+    json['features']['userAndSessionManagement']['data']['settings']['all']['1.0']['local']['1.0']['createdAccounts'].each do |n|
+      n.delete('attemptLogin')
+      n['password'].delete('history')
+    end
+
+    cfg = JSON.pretty_generate(json)
+    cfg
+  end
+
+  cmd :secret do |cfg|
+    # Re-parse json to remove secrets by json path
+    json = JSON.parse(cfg)
+
+    json.delete('passphrase')
+    json['features']['rms']['data']['settings'].delete('proxyUsername')
+    json['features']['rms']['data']['settings'].delete('proxyPassword')
+    json['features']['rms']['data']['settings'].delete('username')
+    json['features']['rms']['data']['settings'].delete('password')
+    json['features']['rms']['data']['settings'].delete('defaultPassword')
+
+    json['features']['smtp']['data']['dmeData'].delete('password')
+
+    json['features']['snmp']['data']['dmeData']['v3']['users'].each do |n|
+      n['auth'].delete('password')
+      n['priv'].delete('password')
+    end
+
+    json['features']['userAndSessionManagement']['data']['settings']['all']['1.0']['ldap']['1.0']['settings']['connectivity']['bind'].delete('password')
+    json['features']['userAndSessionManagement']['data']['settings']['all']['1.0']['radius']['1.0']['settings']['connectivity']['primaryServer'].delete('secret')
+    json['features']['userAndSessionManagement']['data']['settings']['all']['1.0']['radius']['1.0']['settings']['connectivity']['secondaryServer'].delete('secret')
+
+    cfg = JSON.pretty_generate(json)
+    cfg
+  end
+
+  cfg :ssh do
+    exec true
+    pre_logout 'logout'
+  end
+end

data/lib/oxidized/model/fortios.rb

@@ -3,7 +3,7 @@ class FortiOS < Oxidized::Model
 
   comment '# '
 
-  prompt /^([-\w.~]+(\s[(\w\-.)]+)?~?\s?[#>$]\s?)$/
+  prompt /^(\(\w\) )?([-\w.~]+(\s[(\w\-.)]+)?~?\s?[#>$]\s?)$/
 
   # When a post-login-banner is enabled, you have to press "a" to log in
   expect /^\(Press\s'a'\sto\saccept\):/ do |data, re|
@@ -39,11 +39,11 @@ class FortiOS < Oxidized::Model
 
   cmd 'get system status' do |cfg|
     @vdom_enabled = cfg.match /Virtual domain configuration: (enable|multiple)/
-    cfg.gsub! /(System time:).*/, '\\1 <stripped>'
+    cfg.gsub! /(System time:).*/i, '\\1 <stripped>'
     cfg.gsub! /(Cluster (?:uptime|state change time):).*/, '\\1 <stripped>'
     cfg.gsub! /(Current Time\s+:\s+)(.*)/, '\1<stripped>'
     cfg.gsub! /(Uptime:\s+)(.*)/, '\1<stripped>\3'
-    cfg.gsub! /(Last reboot:\s+)(.*)/, '\1<stripped>\3'
+    cfg.gsub! /(Last reboot:\s+)(.*)/i, '\1<stripped>\3'
     cfg.gsub! /(Disk Usage\s+:\s+)(.*)/, '\1<stripped>'
     cfg.gsub! /(^\S+ (?:disk|DB):\s+)(.*)/, '\1<stripped>\3'
     cfg.gsub! /(VM Registration:\s+)(.*)/, '\1<stripped>\3'

data/lib/oxidized/model/ingate.rb

@@ -0,0 +1,47 @@
+class Ingate < Oxidized::Model
+  using Refinements
+
+  cfg_cb = lambda do
+    cfg = @m.post(
+      @main_url,
+      {
+        'page'                                      => 'save',
+        'db.webgui.testmode/1/timelimit'            => '30',
+        'db.webgui.testmode/__KEEP_ROWS_ALIVE'      => '1',
+        'db.webgui.pending_apply/1/verbosity'       => 'always',
+        'db.webgui.pending_apply/__KEEP_ROWS_ALIVE' => '1',
+        'action.admin.download_config_cli'          => 'Save config to CLI file',
+        'upload.config_file;filename=type'          => 'application/octet-stream',
+        'upload.clicmd_file;filename;type'          => 'application/octet-stream',
+        'security'                                  => '',
+        'got_complete_form'                         => 'yes'
+      },
+      'Accept' => 'application/x-config-database'
+    )
+    cfg.body
+  end
+
+  cmd cfg_cb do |cfg|
+    cfg.gsub! /^# Timestamp:.*$/, ''
+    cfg
+  end
+
+  cfg :http do
+    @secure = true
+    @main_page = "/"
+    define_singleton_method :login do
+      @main_url = URI::HTTP.build host: @node.ip, path: @main_page
+      @m.post(
+        @main_url,
+        {
+          'security_user'     => @node.auth[:username],
+          'security_password' => @node.auth[:password],
+          'page'              => 'login',
+          'goal'              => 'save',
+          'got_complete_form' => 'yes',
+          'security'          => ''
+        }
+      )
+    end
+  end
+end

data/lib/oxidized/model/ios.rb

@@ -50,6 +50,7 @@ class IOS < Oxidized::Model
     cfg.gsub! /^( +client \S+ server-key \d) (.*)$/, '\\1 <secret hidden>'
     cfg.gsub! /^( +domain-password) \S+ ?(.*)/, '\\1 <secret hidden> \\2'
     cfg.gsub! /^( +pre-shared-key).*/, '\\1 <configuration removed>'
+    cfg.gsub! /^(.*server-key(?: \d)?) \S+/, '\\1 <secret hidden>'
     cfg
   end
 

data/lib/oxidized/model/netgear.rb

@@ -4,6 +4,12 @@ class Netgear < Oxidized::Model
   comment '!'
   prompt /^\(?[\w \-+.]+\)? ?[#>] ?$/
 
+  # Handle pager for "show version" on old Netgear models: #2394
+  expect /^--More-- or \(q\)uit$/ do |data, re|
+    send ' '
+    data.sub re, ''
+  end
+
   cmd :secret do |cfg|
     cfg.gsub!(/password (\S+)/, 'password <hidden>')
     cfg.gsub!(/encrypted (\S+)/, 'encrypted <hidden>')

data/lib/oxidized/model/powerconnect.rb

@@ -5,17 +5,19 @@ class PowerConnect < Oxidized::Model
 
   comment '! '
 
-  expect /^\s*--More--\s+.*$/ do |data, re|
+  expect /\n\s*--More--\s+.*/ do |data, re| # Also grab the blank line above the --More--
     send ' '
     data.sub re, ''
   end
 
+  # Filter all command output
   cmd :all do |cfg|
-    cfg.each_line.to_a[1..-3].join
+    cfg.gsub! /\r+/, ''                     # Remove the CR characters echoed back from the commands
+    cfg.cut_tail                            # Drop the last line which is the next prompt
   end
 
   cmd :secret do |cfg|
-    cfg.gsub! /^(username \S+ password (?:encrypted )?)\S+(.*)/, '\1<hidden>\2'
+    cfg.gsub! /^((?:enable |username \S+ )?password (?:level\s\d{1,2} |encrypted ){,2})\S+(.*)/, '\1<hidden>\2'
     cfg.gsub! /^(tacacs-server key) \S+/, '\\1 <secret hidden>'
     cfg
   end
@@ -32,7 +34,7 @@ class PowerConnect < Oxidized::Model
   end
 
   cmd 'show running-config' do |cfg|
-    cfg.sub(/^(sflow \S+ destination owner \S+ timeout )\d+$/, '! \1<timeout>')
+    cfg.sub(/^(sflow \S+ destination owner \S+ timeout )\d+$/, '! \1<timeout>') # Remove changing timeout
   end
 
   cfg :telnet, :ssh do
@@ -50,15 +52,21 @@ class PowerConnect < Oxidized::Model
       end
     end
 
-    post_login "terminal datadump"
-    post_login "terminal length 0"
-    pre_logout "logout"
-    pre_logout "exit"
+    post_login do
+      cmd "terminal datadump"
+      cmd "terminal length 0"
+    end
+    pre_logout do
+      send "exit\r"
+      sleep(0.25)
+      send "logout\r"
+    end
   end
 
   def clean(cfg)
     out = []
-    skip_blocks = 0
+    len1 = len2 = skip_blocks = 0
+
     cfg.each_line do |line|
       # If this is a stackable switch we should skip this block of information
       if line.match(/Up\sTime|Temperature|Power Suppl(ies|y)|Fans/i) && (@stackable == true)
@@ -71,9 +79,22 @@ class PowerConnect < Oxidized::Model
         skip_blocks -= 1 if /\S/ !~ line
         next
       end
-      out << line.strip
+      line = line.strip
+      # If the temps were not removed by skipping blocks, then mask them out wih XXX
+      # The most recent set of dashes has the spacing we want to match
+      if (match = line.match(/^(---+ +)(---+ +)/))
+        one, two = match.captures
+        len1 = one.length
+        len2 = two.length
+      end
+      # This can only be a temperature, right? ;-)
+      if (match = line.match(/^(\d{1,2}) {3,}\d+ (.*)$/))
+        one, two = match.captures
+        line = one.to_s + (' ' * (len1 - one.length)) + "XXX" + (' ' * (len2 - 3)) + two.to_s
+      end
+      out << line
     end
-    out = out.reject { |line| line[/Up\sTime/] }
+    out = out.reject { |line| line[/Up\sTime/] } # Filter out Up Time
     out = comment out.join "\n"
     out << "\n"
   end

data/lib/oxidized/model/srosmd.rb

@@ -26,7 +26,7 @@ class SROSMD < Oxidized::Model
     #
     # Strip uptime.
     #
-    cfg.sub! /^System Up Time.*\n/, ''
+    cfg.gsub! /^System Up Time.*\n/, ''
     comment cfg
   end
 

data/lib/oxidized/model/unifiap.rb

@@ -0,0 +1,142 @@
+class Unifiap < Oxidized::Model
+  using Refinements
+
+  # Ubiquiti Unifi AP circa 6.x
+  # Should also work for unfi switches, and airOS, maybe they could be combined.
+  # Since it relies on exec channels, because the interactive session wouldn't
+  # capture all of the system.cfg output, you can't use telnet with this model.
+
+  # Sometimes there's a handy info command that summarizes some device attributes,
+  # but it doesn't seem to be available in exec mode. So we try to build up a similar
+  # list by extracting tidbits from various places. AirOS doesn't have some of these
+  # files, so we  # may have to fall back on other commands, or locations.
+
+  # First get the board model
+  cmd 'head -4 /etc/board.info' do |cfg|
+    @model = Regexp.last_match(1) if cfg =~ /board\.name=(\S+)/i
+    ""
+  end
+
+  # and version
+  cmd 'cat /etc/version' do |cfg|
+    @version = Regexp.last_match(1) if cfg =~ /(\S+)$/i
+    ""
+  end
+
+  # Now the Mac address
+  cmd 'ifconfig eth0' do |cfg|
+    @mac = Regexp.last_match(1) if cfg =~ /eth0\s+Link encap:Ethernet\s+HWaddr\s+(\w+:\w+:\w+:\w+:\w+:\w+)/i
+    ""
+  end
+
+  # Next see if we can get our IP and host name out of /etc/hosts
+  cmd 'cat /etc/hosts' do |cfg|
+    cfg = cfg.split("\n").reject { |line| line[/^\s*(127|0000:0000:0000:0000:0000:0000:0000:0001|0:0:0:0:0:0:0:1|::1)/] }
+    cfg.select do |line|
+      if (match = line.match(/(\d+\.\d+\.\d+\.\d+)\s+(\S+)/))
+        @ip, @hostname = match.captures
+      end
+    end
+    ""
+  end
+
+  # We check here to see if we succeeded with /etc/hosts. If not, then we try again with ifconfig, and /tmp/system.cfg
+  cmd do
+    unless @ip
+      cmd 'ifconfig br0' do |cfg|
+        @ip = Regexp.last_match(1) if cfg =~ /inet addr:\s*(\d+\.\d+\.\d+\.\d+)/i
+      end
+
+      unless @ip
+        cmd 'ifconfig eth0' do |cfg|
+          @ip = Regexp.last_match(1) if cfg =~ /inet addr:\s*(\d+\.\d+\.\d+\.\d+)/i
+        end
+      end
+    end
+
+    unless @hostname
+      cmd 'cat /tmp/system.cfg' do |cfg|
+        @hostname = Regexp.last_match(1) if cfg =~ /resolv.host.1.name=(\S+)/i
+      end
+    end
+    ""
+  end
+
+  # Check if ntpclient is running
+  cmd 'ps wwww' do |cfg|
+    @ntpserver = Regexp.last_match(1) if cfg =~ /bin\/ntpclient.+-h\s*(\S+)/i
+    ""
+  end
+
+  # If it's a Unifi device it may have NTP health indication
+  # If there are other places that Ubiquiti puts these status files, add them here.
+  cmd '[ -e /tmp/run/ntp.ready ] || [ -e /var/run/ntp.ready ] && echo "File(s) exist(s)" || echo "No such file"' do |cfg|
+    if cfg =~ /No such file/i
+      if @ntpserver
+        # Ok, now lets try getting the skew from the output of ntpclient
+        cmd "ntpclient -d -n -c 2 -i0 -h #{@ntpserver}" do |cfg|
+          @skew = ntpskew(cfg)
+        end
+        @sync = !@skew.nil? && @skew.to_f.abs < 1e6 ? "Synchronized" : "FAIL"
+      end
+    else
+      @ntpserver = true
+      @sync = "Synchronized"
+    end
+    ""
+  end
+
+  # Now we can display it all as a banner
+  cmd do
+    out = []
+    out << "*************************"
+    out << "Model:       #{@model}"
+    out << "Version:     #{@version}"
+    out << "MAC Address: #{@mac}"
+    out << "IP Address:  #{@ip}"
+    out << "Hostname:    #{@hostname}"
+    out << "NTP:         #{@sync}" if @ntpserver
+    out << "*************************"
+    comment out.join("\n") + "\n"
+  end
+
+  # Followed by the board info
+  cmd 'cat /etc/board.info' do |cfg|
+    cfg = "#\n# Board Info:\n#\n" + cfg
+    comment cfg
+  end
+
+  # Lastly the system config
+  cmd 'cat /tmp/system.cfg' do |cfg|
+    cfg = "#\n# System Config:\n#\n" + cfg
+    cfg + "\n"
+  end
+
+  cmd :secret do |cfg|
+    cfg.gsub! /^((?:users|snmp\.(?:user|community))\.\d+\.password)=.+/, "# \\1=<hidden>"
+    cfg
+  end
+
+  cfg :ssh do
+    exec true # Don't run shell, run each command in exec channel
+  end
+
+  # NTPskew: Return the skew in micro seconds from the ntpclient output
+  def ntpskew(cfg)
+    index = skew = nil
+
+    cfg.each_line do |line|
+      # Look for the header just before the stats line, and find which number is skew
+      if line.match(/^\s*[a-z]+\s+[a-z]+\s+[a-z]+\s+[a-z]+/i)
+        words = line.split
+        index = words.map(&:downcase).index("skew")
+      end
+      # Now look for the single stats line and grab the skew
+      if !index.nil? && line.match(/^\s*[\d.]+\s+[\d.]+\s+[\d.]+\s+[\d.]+/)
+        numbers = line.split
+        skew = numbers[index]
+      end
+    end
+    skew
+  end
+end