oxidized 0.34.0 → 0.34.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0c03871264e842280577898104fee04193865836f6a36f9e271fc899723c0490
-  data.tar.gz: f63f80d3220f6112f5e20955d7f519628d86a358502b907ebe196ad85126fdc3
+  metadata.gz: f51898465cc98bf27a9bb2259b1e359f7f52f2c31b23eac63e7730f0eabbb8b8
+  data.tar.gz: 6c45f1b142609bc44b99025b4485b25fde43844738bd489dc2994df77ecf47d7
 SHA512:
-  metadata.gz: 6f2a29dd10a0ecdfd43a5b4607e237a778ad7776d017d0c09f6cbe35bb01d2a20b1eefe733a995630355346b876ec0c15a504e72f6200a2362b5597da01ca0cf
-  data.tar.gz: 5030d36380278ad562d7242d090dcd12b73572b0c97d1ac9f0d6b654a3f530349923b8d83561fc2ccd2f7b68d1b4b503e0ba405a72589ad9bd916f50b74e7e8c
+  metadata.gz: c613a1c2c21144f6c064cb2dfaf94e7fa88248c499c43d3408cbce0e286bee477b09623c6432852b839c8c7f2c3a1511f9634d07ebc3bcbba5037032157f991a
+  data.tar.gz: 2cb4692eab7ebbd916264bae356d08b6f437a6f514da5a815bd1c79242d9a2cd558fcef13ad0f56eb6bb9ba74f054deba661a46b563c4a805ad4be4ede34808d

data/.github/workflows/ruby.yml

@@ -19,10 +19,8 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['3.1', '3.2', '3.3', '3.4']
-    # ruby-head disabled because of problem with bundler (2025-06-27)
-    #     ruby-version: ['3.1', '3.2', '3.3', '3.4', 'ruby-head']
-    # continue-on-error: ${{ matrix.ruby-version == 'ruby-head' }}
+        ruby-version: ['3.1', '3.2', '3.3', '3.4', 'ruby-head']
+    continue-on-error: ${{ matrix.ruby-version == 'ruby-head' }}
 
     steps:
     - uses: actions/checkout@v4

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-07-15 08:50:44 UTC using RuboCop version 1.78.0.
+# on 2025-08-01 14:00:10 UTC using RuboCop version 1.79.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new

data/CHANGELOG.md

@@ -4,11 +4,47 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [0.34.2 – 2025-08-01]
+This release mainly fixes a bug in input/scp that made ssh raise an error when
+closing a closed connection (Issue #3583).
+
+A fix for config vars (Issue #3536) changes the way oxidized stores its
+vars internally (symblos => strings). Libraries depending on oxidized internal
+structures may have problem with this. oxidized-web was fixed in Release 0.17.1.
+
+### Added
+- Absolute time limit for a fetch job (default: 300 seconds) (@robertcheramy)
+
+### Changed
+- slackdiff: Attempt to join the channel if Errors::NotInChannel is encountered (@varesa)
+
+### Fixed
+- SSH raises error when closing a closed connection. Fixes #3583 (@ytti)
+- Config vars will not fall back to less specific. Fixes #3536 (@ytti)
+- input/scp: make common errors produce a warning, not a crashfile (@robertcheramy)
+- input/scp: implement timeouts. Fixes #3590 (@robertcheramy, @ytti)
+- model/mtrlrfs: add missing prompt (@R3thos)
+- slackdiff: Respect the HTTP proxy configuration while uploading the file. Fixes #3534 (@varesa)
+- logging (syslog): do not write two timestamps (Fixed in semanticlogger) (@robertcheramy)
+
+
+## [0.34.1 - 2025-07-18]
+This release contains small fixes and will include the new version of oxidized-web (0.17.0) in the docker container.
+
+### Changed
+- github: run ruby CI against ruby-head (@robertcheramy)
+
+### Fixed
+- input/ssh: hide Net::SSH errors and only display fatal logs unless input.debug = true. Fixes: #3574 (@robertcheramy)
+- junos: fix unfrozen literal strings (@robertcheramy)
+- spec/model: fix unfrozen literal strings and set a default prompt (@robertcheramy)
+
+
 ## [0.34.0 - 2025-07-15]
 :warning: This release introduces a [new logging system](docs/Configuration.md#logging),
 based on [semantic logger](https://logger.rocketjob.io/). The old configuration
 (`log`, `syslog`) is still supported but obsolete and will be removed in a
-future release, so be sure to migrate your configureation.
+future release, so be sure to migrate your configuration.
 
 ### Added
 - add iosxr support to SyslogMonitor (@deesel)

data/Dockerfile

@@ -79,15 +79,14 @@ RUN apt-get -qy update && \
     # docker automated build gets shallow copy, but non-shallow copy cannot be unshallowed
     git fetch --unshallow || true && \
     rake install && \
+    # install oxidized-web
+    gem install oxidized-web --no-document && \
     # remove the packages we do not need.
     apt-get -qy remove build-essential ruby-dev && \
     apt-get -qy autoremove && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-# install oxidized-web
-RUN gem install oxidized-web --no-document
-
 # clean up
 WORKDIR /
 RUN rm -rf /tmp/oxidized

data/Rakefile

@@ -26,6 +26,7 @@ task :test do
   Rake::TestTask.new do |t|
     t.libs << 'spec'
     t.test_files = FileList['spec/**/*_spec.rb']
+    t.ruby_opts = ['-W:deprecated']
     # Don't display ambiguity warning between regexp and division in models
     t.warning = false
     t.verbose = true
@@ -47,7 +48,7 @@ end
 
 desc 'Tag the release'
 task :tag do
-  system "git tag #{gemspec.version}"
+  system "git tag #{gemspec.version} -m 'Release #{gemspec.version}'"
 end
 
 desc 'Push to rubygems'

data/docs/Configuration.md

@@ -1,30 +1,11 @@
 # Configuration
 
-## Debugging
-
-In case a model plugin doesn't work correctly (ios, procurve, etc.), you can
-enable live debugging of SSH/Telnet sessions. Just add a `debug` option
-containing the value true to the `input` section. The log files will be created
-depending on the parent directory of the logfile option.
-
-The following example will log an active ssh/telnet session
-`/home/oxidized/.config/oxidized/log/<IP-Address>-<PROTOCOL>`. The file will be
-truncated on each consecutive ssh/telnet session, so you need to put a `tailf`
-or `tail -f` on that file!
-
-```yaml
-log: /home/oxidized/.config/oxidized/log
-
-# ...
-
-input:
-  default: ssh, telnet
-  debug: true
-  ssh:
-    secure: false
-  http:
-    ssl_verify: true
-```
+## Modules
+The configuration of each module is described in its respective sub-configuration file:
+* [Inputs.md](Inputs.md)
+* [Outputs.md](Outputs.md)
+* [Sources.md](Sources.md)
+* [Hooks.md](Hooks.md)
 
 ## Privileged mode
 
@@ -65,142 +46,22 @@ The above strips out snmp community strings from your saved configs.
 
 **NOTE:** Removing secrets reduces the usefulness as a full configuration backup, but it may make sharing configs easier.
 
-## Disabling SSH exec channels
-
-Oxidized uses exec channels to make information extraction simpler, but there
-are some situations where this doesn't work well, e.g. configuring devices. This
-feature can be turned off by setting the `ssh_no_exec`
-variable.
-
-```yaml
-vars:
-  ssh_no_exec: true
-```
-
-## Disabling SSH keepalives
-
-Oxidized SSH input makes use of SSH keepalives to prevent timeouts from slower
-devices and to quickly tear down stale sessions in larger deployments. There
-have been reports of SSH keepalives breaking compatibility with certain OS
-types. They can be disabled using the `ssh_no_keepalive` variable on a per-node
-basis (by specifying it in the source) or configured application-wide.
-
-```yaml
-vars:
-  ssh_no_keepalive: true
-```
-
-## SSH Auth Methods
-
-By default, Oxidized registers the following auth methods: `none`, `publickey` and `password`. However you can configure this globally, by groups, models or nodes.
-
-```yaml
-vars:
-  auth_methods: [ "none", "publickey", "password", "keyboard-interactive" ]
-```
-
-## Public Key Authentication with SSH
-
-Instead of password-based login, Oxidized can make use of key-based SSH
-authentication.
+## Timeout and Time limit
+You can configure when oxidized will `timeout` while fetching a configuration
+(default: 20 seconds), and how much absolute time (`timelimit`) the fetching
+is allowed to last (default: 300 seconds, or 5 minutes):
 
-You can tell Oxidized to use one or more private keys globally, or specify the
-key to be used on a per-node basis. The latter can be done by mapping the
-`ssh_keys` variable through the active source.
+* `timeout`: Maximum time to wait for a single operation during config fetching.
+  Not every input module has an implemented timeout.
+* `timelimit`: Maximum total time allowed for the entire fetch job. It is
+  independent of input modules and will always be enforced.
 
-Global:
+If `timelimit`is reached, the fetch job will be killed and will produce a
+warning. The job status will be set to `timelimit`.
 
 ```yaml
-vars:
-  ssh_keys: "~/.ssh/id_rsa"
-```
-
-Per-Node:
-
-```yaml
-# ...
-map:
-  name: 0
-  model: 1
-vars_map:
-  enable: 2
-  ssh_keys: 3
-# ...
-```
-
-If you are using a non-standard path, especially when copying the private key
-via a secured channel, make sure that the permissions are set correctly:
-
-```bash
-foo@bar:~$ ls -la ~/.ssh/
-total 20
-drwx------ 2 oxidized oxidized 4096 Mar 13 17:03 .
-drwx------ 5 oxidized oxidized 4096 Mar 13 21:40 ..
--r-------- 1 oxidized oxidized  103 Mar 13 17:03 authorized_keys
--rw------- 1 oxidized oxidized  399 Mar 13 17:02 id_ed25519
--rw-r--r-- 1 oxidized oxidized   94 Mar 13 17:02 id_ed25519.pub
-```
-
-Finally, multiple private keys can be specified as an array of file paths, such
-as `["~/.ssh/id_rsa", "~/.ssh/id_another_rsa"]`.
-
-## SSH Proxy Command
-
-Oxidized can `ssh` through a proxy as well. To do so we just need to set
-`ssh_proxy` variable with the proxy host information and optionally set the
-`ssh_proxy_port` with the SSH port if it is not listening on port 22.
-
-This can be provided on a per-node basis by mapping the proper fields from your
-source.
-
-An example for a `csv` input source that maps the 4th field as the `ssh_proxy`
-value and the 5th field as `ssh_proxy_port`.
-
-```yaml
-# ...
-map:
-  name: 0
-  model: 1
-vars_map:
-  enable: 2
-  ssh_proxy: 3
-  ssh_proxy_port: 4
-# ...
-```
-
-## SSH enabling legacy algorithms
-
-When connecting to older firmware over SSH, it is sometimes necessary to enable
-legacy/disabled settings like KexAlgorithms, HostKeyAlgorithms, MAC or the
-Encryption.
-
-These settings can be provided on a per-node basis by mapping the ssh_kex,
-ssh_host_key, ssh_hmac and the ssh_encryption fields from you source.
-
-```yaml
-# ...
-map:
-  name: 0
-  model: 1
-vars_map:
-  enable: 2
-  ssh_kex: 3
-  ssh_host_key: 4
-  ssh_hmac: 5
-  ssh_encryption: 6
-# ...
-```
-
-## FTP Passive Mode
-
-Oxidized uses ftp passive mode by default. Some devices require passive mode to
-be disabled. To do so, we can set `input.ftp.passive` to false - this will make
-use of FTP active mode.
-
-```yaml
-input:
-  ftp:
-    passive: false
+timeout: 20
+timelimit: 300
 ```
 
 ## Advanced Configuration
@@ -230,6 +91,7 @@ threads: 30 # maximum number of threads
 # true - always use the maximum number of threads
 use_max_threads: false
 timeout: 20
+timelimit: 300
 retries: 3
 prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
 crash:
@@ -372,7 +234,7 @@ models:
     password: pass
 ```
 
-### Options (credentials, vars, etc.) precedence:
+## Options (credentials, vars, etc.) precedence:
 From least to most important:
 - global options
 - model specific options
@@ -513,9 +375,6 @@ following appenders are currently supported:
 > `stderr` and `stdout` are mutually exclusive and will produce a warning if used
 > simultaneously.
 
-> Note: `syslog` currently produces two timestamps because of an issue in
-> [Sematic Logger](https://github.com/reidmorrison/semantic_logger/issues/316).
-
 > You can configure as many file appenders as you wish.
 
 You can set a log level globally and/or for each appender.
@@ -577,9 +436,8 @@ It will rotate between the log levels and log a warning with the new level
 If you specified a log level for an appender, this log level won't be
 changed.
 
-> :warning: **Warning** This currently does not work when oxidized-web is used
-> and will kill the whole oxidized application. This will be corrected in a
-> future release of oxidized-web.
+> :warning: **Warning** You need oxidized-web 0.17.0 and above for this or
+> it will kill the whole oxidized application.
 
 ### Dump running threads
 With the SIGTTIN signal, oxidized will log a backtrace for each of its threads.

data/docs/Hooks.md

@@ -249,7 +249,7 @@ Your AWS credentials should be stored in `~/.aws/credentials`.
 
 ## Hook type: slackdiff
 
-The `slackdiff` hook posts colorized config diffs to a [Slack](https://www.slack.com) channel of your choice. It only triggers for `post_store` events.
+The `slackdiff` hook posts colorized config diffs to a [Slack](https://www.slack.com) channel of your choice. It only triggers for `post_store` events. The used output must be capable of generating a diff. E.g. file output is not usable while git/gitcrypt will work.
 
 You will need to manually install the `slack-ruby-client` gem on your system:
 
@@ -270,7 +270,7 @@ hooks:
     channel: "CHANNEL_ID"
 ```
 
-The token parameter is a Slack API token that can be generated following [this tutorial](https://api.slack.com/tutorials/tracks/getting-a-token).  Until Slack stops supporting them, legacy tokens can also be used.
+The token parameter is a Slack API token that can be generated following [this tutorial](https://api.slack.com/tutorials/tracks/getting-a-token).  Until Slack stops supporting them, legacy tokens can also be used. If the token has channels:join permission, the bot will attempt to automatically join the configured channel if necessary.
 
 Optionally you can disable snippets and post a formatted message, for instance linking to a commit in a git repo. Named parameters `%{node}`, `%{group}`, `%{model}` and `%{commitref}` are available.
 

data/docs/Inputs.md

@@ -0,0 +1,205 @@
+# Inputs
+## Index
+* Configuration
+  * [SSH](#ssh)
+  * [SCP](#scp)
+  * [FTP](#ftp)
+  * telnet
+  * http
+  * tftp
+  * exec
+* [Debugging](#debugging)
+
+## SSH
+### Disabling SSH exec channels
+
+Oxidized uses exec channels to make information extraction simpler, but there
+are some situations where this doesn't work well, e.g. configuring devices. This
+feature can be turned off by setting the `ssh_no_exec`
+variable.
+
+```yaml
+vars:
+  ssh_no_exec: true
+```
+
+### Disabling SSH keepalives
+
+Oxidized SSH input makes use of SSH keepalives to prevent timeouts from slower
+devices and to quickly tear down stale sessions in larger deployments. There
+have been reports of SSH keepalives breaking compatibility with certain OS
+types. They can be disabled using the `ssh_no_keepalive` variable on a per-node
+basis (by specifying it in the source) or configured application-wide.
+
+```yaml
+vars:
+  ssh_no_keepalive: true
+```
+
+### SSH Auth Methods
+
+By default, Oxidized registers the following auth methods: `none`, `publickey` and `password`. However you can configure this globally, by groups, models or nodes.
+
+```yaml
+vars:
+  auth_methods: [ "none", "publickey", "password", "keyboard-interactive" ]
+```
+
+### Public Key Authentication with SSH
+
+Instead of password-based login, Oxidized can make use of key-based SSH
+authentication.
+
+You can tell Oxidized to use one or more private keys globally, or specify the
+key to be used on a per-node basis. The latter can be done by mapping the
+`ssh_keys` variable through the active source.
+
+Global:
+
+```yaml
+vars:
+  ssh_keys: "~/.ssh/id_rsa"
+```
+
+Per-Node:
+
+```yaml
+# ...
+map:
+  name: 0
+  model: 1
+vars_map:
+  enable: 2
+  ssh_keys: 3
+# ...
+```
+
+If you are using a non-standard path, especially when copying the private key
+via a secured channel, make sure that the permissions are set correctly:
+
+```bash
+foo@bar:~$ ls -la ~/.ssh/
+total 20
+drwx------ 2 oxidized oxidized 4096 Mar 13 17:03 .
+drwx------ 5 oxidized oxidized 4096 Mar 13 21:40 ..
+-r-------- 1 oxidized oxidized  103 Mar 13 17:03 authorized_keys
+-rw------- 1 oxidized oxidized  399 Mar 13 17:02 id_ed25519
+-rw-r--r-- 1 oxidized oxidized   94 Mar 13 17:02 id_ed25519.pub
+```
+
+Finally, multiple private keys can be specified as an array of file paths, such
+as `["~/.ssh/id_rsa", "~/.ssh/id_another_rsa"]`.
+
+### SSH Proxy Command
+
+Oxidized can `ssh` through a proxy as well. To do so we just need to set
+`ssh_proxy` variable with the proxy host information and optionally set the
+`ssh_proxy_port` with the SSH port if it is not listening on port 22.
+
+This can be provided on a per-node basis by mapping the proper fields from your
+source.
+
+An example for a `csv` input source that maps the 4th field as the `ssh_proxy`
+value and the 5th field as `ssh_proxy_port`.
+
+```yaml
+# ...
+map:
+  name: 0
+  model: 1
+vars_map:
+  enable: 2
+  ssh_proxy: 3
+  ssh_proxy_port: 4
+# ...
+```
+
+### SSH enabling legacy algorithms
+
+When connecting to older firmware over SSH, it is sometimes necessary to enable
+legacy/disabled settings like KexAlgorithms, HostKeyAlgorithms, MAC or the
+Encryption.
+
+These settings can be provided on a per-node basis by mapping the ssh_kex,
+ssh_host_key, ssh_hmac and the ssh_encryption fields from you source.
+
+```yaml
+# ...
+map:
+  name: 0
+  model: 1
+vars_map:
+  enable: 2
+  ssh_kex: 3
+  ssh_host_key: 4
+  ssh_hmac: 5
+  ssh_encryption: 6
+# ...
+```
+
+### Custom SSH port
+Set the variable `ssh_port` to the desired value (default is 22).
+
+### SSH Host key verification
+With the configuration `secure', you can set the ssh key verification:
+- `true`: strict host verification, looking up the known host files
+- `false` (default): disable host verification, accept any ssh key
+
+```
+input:
+  ssh:
+    secure: true
+```
+
+## SCP
+### SSH Host key verification (SCP)
+Same as for [SSH host key verification](#ssh-host-key-verification)
+
+```
+input:
+  scp:
+    secure: true
+```
+
+### Custom SCP port
+Set the variable `ssh_port` to the desired value (default is 22).
+
+## FTP
+### FTP Passive Mode
+
+Oxidized uses ftp passive mode by default. Some devices require passive mode to
+be disabled. To do so, we can set `input.ftp.passive` to false - this will make
+use of FTP active mode.
+
+```yaml
+input:
+  ftp:
+    passive: false
+```
+
+
+## Debugging
+
+In case a model plugin doesn't work correctly (ios, procurve, etc.), you can
+enable live debugging of SSH/Telnet sessions. Just add a `debug` option
+containing the value true to the `input` section. The log files will be created
+depending on the parent directory of the logfile option.
+
+The following example will log an active ssh/telnet session
+`/home/oxidized/.config/oxidized/log/<IP-Address>-<PROTOCOL>`. The file will be
+truncated on each consecutive ssh/telnet session, so you need to put a `tailf`
+or `tail -f` on that file!
+
+```yaml
+log: /home/oxidized/.config/oxidized/log
+
+# ...
+
+input:
+  default: ssh, telnet
+  debug: true
+  ssh:
+    secure: false
+  http:
+    ssl_verify: true
+```

data/docs/Release.md

@@ -2,22 +2,27 @@
 This document is targeted at oxidized maintainers. It describes the release process.
 
 ## Version numbering
-Oxidized versions are nummered like major.minor.patch
+Oxidized versions are numbered like major.minor.patch
 - currently, the major version is 0.
 - minor is incremented when releasing new features.
 - patch is incremented when releasing fixes only.
 
+## Create a release branch
+Name the release branch `release/0.xx.yy`
+
 ## Review changes
-Run `git diff 0.30.0..master` (where `0.30.0` is to be changed to the last release) and review
+Run `git diff 0.30.0` (where `0.30.0` is to be changed to the last release) and review
 all the changes that have been done. Have a specific look at changes you don't understand.
 
-For a graphical compare, use `git difftool -d 0.30.0..master`.
+For a graphical compare, use `git difftool -d 0.30.0`.
+
+Commit fixes to the release branch
 
 ## Update the gem dependencies to the latest versions
 ```
-bundle outaded
+bundle outdated
 bundle update
-bundle outaded
+bundle outdated
 ```
 
 ## Update rubocup .rubocop_todo.yml
@@ -29,9 +34,11 @@ If you change some code => Restart the release process at the beginning ;-)
 ## Make sure the file permissions are correct
 Run `bundle exec rake chmod`
 
-## Create a release branch
-Name the release branch `release/0.xx.yy`
+## Test !
+Test the git code and the container against as much device types and
+environments as you can.
 
+## Bump the version
 Update CHANGELOG.md:
 - review it
 - add release notes
@@ -42,16 +49,13 @@ Change the version in `lib/oxidized/version.rb`
 Upload the branch to github, make a Pull Request for it.
 
 ## Make sure you pass all GitHub CI
-They test different ruby versions, the docker build process and codeql.
-
-## Test !
-Test the git code and the container against as much device types and
-environments as you can.
+They test different ruby versions an run security checks on the code (codeql).
 
 ## Prepare the release in your working repository
-1. Merge the Pull Request into master
-2. `git pull` master
-3. Tag the commit with `git tag -a 0.xx.yy -m "Release 0.xx.yy"`
+1. Merge the Pull Request into master with the commit message
+   `chore(release): release version 0.3x.y`
+2. `git pull` on master
+3. Tag the commit with `git tag -a 0.xx.yy -m "Release 0.xx.yy"` or `rake tag`
 4. Build the gem with ‘rake build’
 5. Run `git diff` to check if there have been more changes (there shouldn't)
 6. Install an test the gem locally

data/extra/device2yaml.rb

@@ -111,7 +111,7 @@ def yaml_output(prepend = '')
 end
 
 def cleanup
-  (@ssh.close rescue true) unless @ssh.closed?
+  (@ssh.close rescue true) unless @ssh.closed? # rubocop:disable Style/RedundantParentheses
   @output&.close
 end
 

data/extra/syslog.rb

@@ -141,7 +141,7 @@ module Oxidized
       if Oxidized::CFG.syslogd.resolve == false
         ipaddr
       else
-        name = (Resolv.getname ipaddr.to_s rescue ipaddr)
+        name = (Resolv.getname ipaddr.to_s rescue ipaddr) # rubocop:disable Style/RedundantParentheses
         Oxidized::CFG.syslogd.dns_map.each { |re, sub| name.sub! Regexp.new(re.to_s), sub }
         name
       end

data/lib/oxidized/config/vars.rb

@@ -4,21 +4,32 @@ module Oxidized
       # convenience method for accessing node, group or global level user variables
       def vars(name)
         model_name = @node.model.class.name.to_s.downcase
-        if @node.vars&.has_key?(name)
-          @node.vars[name]
-        elsif Oxidized.config.groups.has_key?(@node.group) &&
-              Oxidized.config.groups[@node.group].models.has_key(model_name) &&
-              Oxidized.config.groups[@node.group].models[model_name].vars.has_key?(name.to_s)
-          Oxidized.config.groups[@node.group].models[model_name].vars[name.to_s]
-        elsif Oxidized.config.groups.has_key?(@node.group) &&
-              Oxidized.config.groups[@node.group].vars.has_key?(name.to_s)
-          Oxidized.config.groups[@node.group].vars[name.to_s]
-        elsif Oxidized.config.models.has_key(model_name) &&
-              Oxidized.config.models[model_name].vars.has_key?(name.to_s)
-          Oxidized.config.models[model_name].vars[name.to_s]
-        elsif Oxidized.config.vars.has_key?(name.to_s)
-          Oxidized.config.vars[name.to_s]
+        groups = Oxidized.config.groups
+        models = Oxidized.config.models
+        group = groups[@node.group] if groups.has_key?(@node.group)
+        model = models[model_name] if models.has_key?(model_name)
+        group_model = group.models[model_name] if group&.models&.has_key?(model_name)
+
+        scopes = {
+          node:        @node.vars,
+          group_model: group_model&.vars,
+          group:       group&.vars,
+          model:       model&.vars,
+          vars:        Oxidized.config.vars
+        }
+
+        scopes.each do |scope_name, scope|
+          next unless scope&.has_key?(name.to_s)
+
+          val = scope[name.to_s]
+          if val.nil?
+            Oxidized.logger.debug "vars.rb: scope #{scope_name} has key #{name} with value nil, ignoring scope"
+          else
+            Oxidized.logger.debug "vars.rb: scope #{scope_name} has key #{name} with value #{val}, using scope"
+            return val
+          end
         end
+        nil
       end
     end
   end

data/lib/oxidized/config.rb

@@ -32,6 +32,7 @@ module Oxidized
       asetus.default.threads       = 30
       asetus.default.use_max_threads = false
       asetus.default.timeout       = 20
+      asetus.default.timelimit     = 300
       asetus.default.retries       = 3
       asetus.default.prompt        = /^([\w.@-]+[#>]\s?)$/
       asetus.default.next_adds_job = false            # if true, /next adds job, so device is fetched immmeiately

data/lib/oxidized/hook/slackdiff.rb

@@ -11,14 +11,20 @@ class SlackDiff < Oxidized::Hook
     raise KeyError, 'hook.channel is required' unless cfg.has_key?('channel')
   end
 
-  def slack_upload(client, title, content, channel)
+  def slack_upload(client, title, content, channel, proxy)
     logger.info "Posting diff as snippet to #{channel}"
     upload_dest = client.files_getUploadURLExternal(filename:     "change",
                                                     length:       content.length,
                                                     snippet_type: "diff")
     file_uri = URI.parse(upload_dest[:upload_url])
 
-    http = Net::HTTP.new(file_uri.host, file_uri.port)
+    proxy_uri = URI.parse(proxy) if proxy
+    proxy_address = proxy_uri ? proxy_uri.host : :ENV
+    proxy_port = proxy_uri&.port
+    proxy_user = proxy_uri&.user
+    proxy_pass = proxy_uri&.password
+
+    http = Net::HTTP.new(file_uri.host, file_uri.port, proxy_address, proxy_port, proxy_user, proxy_pass)
     http.use_ssl = true
 
     request = Net::HTTP::Post.new(file_uri.request_uri, { Host: file_uri.host })
@@ -31,8 +37,15 @@ class SlackDiff < Oxidized::Hook
       id:    upload_dest[:file_id],
       title: title
     }]
-    client.files_completeUploadExternal(channel_id: channel,
-                                        files:      files.to_json)
+    begin
+      client.files_completeUploadExternal(channel_id: channel,
+                                          files:      files.to_json)
+    rescue Slack::Web::Api::Errors::NotInChannel
+      logger.info "Not in specified channel, attempting to join"
+      client.conversations_join(channel: channel)
+      client.files_completeUploadExternal(channel_id: channel,
+                                          files:      files.to_json)
+    end
   end
 
   def run_hook(ctx)
@@ -53,7 +66,7 @@ class SlackDiff < Oxidized::Hook
       unless diff == "no diffs"
         title = "#{ctx.node.name} #{ctx.node.group} #{ctx.node.model.class.name.to_s.downcase}"
         content = diff[:patch].lines.to_a[4..-1].join
-        slack_upload(client, title, content, cfg.channel)
+        slack_upload(client, title, content, cfg.channel, cfg.has_key?('proxy') ? cfg.proxy : nil)
       end
     end
     # message custom formatted - optional

data/lib/oxidized/input/scp.rb

@@ -7,11 +7,14 @@ module Oxidized
   class SCP < Input
     RESCUE_FAIL = {
       debug: [
-        # Net::SSH::Disconnect,
+        Net::SSH::Disconnect,
+        Net::SSH::ConnectionTimeout
       ],
       warn:  [
-        # RuntimeError,
-        # Net::SSH::AuthenticationFailed,
+        Net::SCP::Error,
+        Net::SSH::HostKeyUnknown,
+        Net::SSH::AuthenticationFailed,
+        Timeout::Error
       ]
     }.freeze
     include Input::CLI
@@ -20,17 +23,39 @@ module Oxidized
       @node = node
       @node.model.cfg['scp'].each { |cb| instance_exec(&cb) }
       @log = File.open(Oxidized::Config::LOG + "/#{@node.ip}-scp", 'w') if Oxidized.config.input.debug?
-      @ssh = Net::SSH.start(@node.ip, @node.auth[:username], password: @node.auth[:password])
+      @ssh = Net::SSH.start(@node.ip, @node.auth[:username], make_ssh_opts)
       connected?
     end
 
+    def make_ssh_opts
+      secure = Oxidized.config.input.scp.secure?
+      ssh_opts = {
+        number_of_password_prompts:      0,
+        verify_host_key:                 secure ? :always : :never,
+        append_all_supported_algorithms: true,
+        password:                        @node.auth[:password],
+        timeout:                         Oxidized.config.timeout,
+        port:                            (vars(:ssh_port) || 22).to_i,
+        forward_agent:                   false
+      }
+
+      # Use our logger for Net::SSH
+      ssh_logger = SemanticLogger[Net::SSH]
+      ssh_logger.level = Oxidized.config.input.debug? ? :debug : :fatal
+      ssh_opts[:logger] = ssh_logger
+
+      ssh_opts
+    end
+
     def connected?
       @ssh && (not @ssh.closed?)
     end
 
     def cmd(file)
       logger.debug "SCP: #{file} @ #{@node.name}"
-      @ssh.scp.download!(file)
+      Timeout.timeout(Oxidized.config.timeout) do
+        @ssh.scp.download!(file)
+      end
     end
 
     def send(my_proc)
@@ -44,7 +69,11 @@ module Oxidized
     private
 
     def disconnect
-      @ssh.close
+      Timeout.timeout(Oxidized.config.timeout) do
+        @ssh.close
+      end
+    rescue Timeout::Error
+      logger.debug "#{@node.name} timed out while disconnecting"
     ensure
       @log.close if Oxidized.config.input.debug?
     end

data/lib/oxidized/input/ssh.rb

@@ -14,6 +14,7 @@ module Oxidized
       ]
     }.freeze
     include Input::CLI
+
     class NoShell < OxidizedError; end
 
     def connect(node) # rubocop:disable Naming/PredicateMethod
@@ -81,12 +82,12 @@ module Oxidized
       Timeout.timeout(Oxidized.config.timeout) { @ssh.loop }
     rescue Errno::ECONNRESET, Net::SSH::Disconnect, IOError => e
       logger.debug 'The other side closed the connection while ' \
-                   "disconnecting, rasing #{e.class} with #{e.messages}"
+                   "disconnecting, raising #{e.class} with #{e.message}"
     rescue Timeout::Error
       logger.debug "#{@node.name} timed out while disconnecting"
     ensure
       @log.close if Oxidized.config.input.debug?
-      (@ssh.close rescue true) unless @ssh.closed?
+      (@ssh.close rescue true) unless @ssh.closed? # rubocop:disable Style/RedundantParentheses
     end
 
     def shell_open(ssh)
@@ -162,9 +163,9 @@ module Oxidized
       ssh_opts[:host_key]   = vars(:ssh_host_key).split(/,\s*/)   if vars(:ssh_host_key)
       ssh_opts[:hmac]       = vars(:ssh_hmac).split(/,\s*/)       if vars(:ssh_hmac)
 
-      # Use our logger for Net:SSH
+      # Use our logger for Net::SSH
       ssh_logger = SemanticLogger[Net::SSH]
-      ssh_logger.level = Oxidized.config.input.debug? ? :debug : :error
+      ssh_logger.level = Oxidized.config.input.debug? ? :debug : :fatal
       ssh_opts[:logger] = ssh_logger
 
       ssh_opts

data/lib/oxidized/input/telnet.rb

@@ -4,6 +4,7 @@ module Oxidized
   class Telnet < Input
     RESCUE_FAIL = {}.freeze
     include Input::CLI
+
     attr_reader :telnet
 
     def connect(node) # rubocop:disable Naming/PredicateMethod
@@ -67,7 +68,7 @@ module Oxidized
       # This exception is intented and therefore not handled here
     ensure
       @log.close if Oxidized.config.input.debug?
-      (@telnet.close rescue true) unless @telnet.sock.closed?
+      (@telnet.close rescue true) unless @telnet.sock.closed? # rubocop:disable Style/RedundantParentheses
     end
   end
 end

data/lib/oxidized/job.rb

@@ -7,13 +7,21 @@ module Oxidized
     def initialize(node)
       @node = node
       @start = Time.now.utc
-      self.name = "Oxidized::Job '#{@node.name}'"
+      self.name = "Job '#{@node.name}'"
       super do
-        logger.debug "Starting fetching process for #{@node.name} at #{Time.now.utc}"
-        @status, @config = @node.run
-        @end             = Time.now.utc
-        @time            = @end - @start
-        logger.debug "Config fetched for #{@node.name} at #{@end}"
+        logger.debug "Starting fetching process for #{@node.name}"
+        begin
+          Timeout.timeout(Oxidized.config.timelimit) do
+            @status, @config = @node.run
+          end
+          logger.debug "Config fetched for #{@node.name}"
+        rescue Timeout::Error
+          logger.warn "Job timelimit reached for #{@node.name}"
+          @status = :timelimit
+        ensure
+          @end  = Time.now.utc
+          @time = @end - @start
+        end
       end
     end
   end

data/lib/oxidized/model/junos.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class JunOS < Oxidized::Model
   using Refinements
   comment '# '
@@ -26,7 +28,7 @@ class JunOS < Oxidized::Model
   end
 
   post do
-    out = String.new('')
+    out = String.new
     case @model
     when 'mx960'
       out << cmd('show chassis fabric reachability') { |cfg| comment cfg }
@@ -34,7 +36,7 @@ class JunOS < Oxidized::Model
       out << cmd('show virtual-chassis') { |cfg| comment cfg }
     when /^srx/
       out << cmd('show chassis cluster status') do |cfg|
-        cfg.lines.count <= 1 && cfg.include?("error:") ? '' : comment(cfg)
+        cfg.lines.count <= 1 && cfg.include?("error:") ? String.new : comment(cfg)
       end
     end
     out

data/lib/oxidized/model/model.rb

@@ -4,6 +4,7 @@ require_relative 'outputs'
 module Oxidized
   class Model
     include SemanticLogger::Loggable
+
     using Refinements
 
     include Oxidized::Config::Vars

data/lib/oxidized/model/mtrlrfs.rb

@@ -3,6 +3,7 @@ class Mtrlrfs < Oxidized::Model
 
   # Motorola RFS/Extreme WM
 
+  prompt /^([\w.@-]+\*?[#>])\s?$/
   comment  '# '
 
   cmd :all do |cfg|

data/lib/oxidized/node.rb

@@ -1,6 +1,5 @@
 module Oxidized
   require 'resolv'
-  require 'ostruct'
   require_relative 'node/stats'
   class MethodNotFound < OxidizedError; end
   class ModelNotFound  < OxidizedError; end

data/lib/oxidized/nodes.rb

@@ -38,8 +38,10 @@ module Oxidized
     def node_want?(node_want, node)
       return true unless node_want
 
+      # rubocop:disable Style/RedundantParentheses
       node_want_ip = (IPAddr.new(node_want) rescue false)
       name_is_ip   = (IPAddr.new(node[:name]) rescue false)
+      # rubocop:enable Style/RedundantParentheses
       # rubocop:todo Lint/DuplicateBranch
       if name_is_ip && (node_want_ip == node[:name])
         true

data/lib/oxidized/source/csv.rb

@@ -43,7 +43,7 @@ module Oxidized
           # map node specific vars
           vars = {}
           @cfg.vars_map.each do |key, position|
-            vars[key.to_sym] = node_var_interpolate data[position]
+            vars[key.to_s] = node_var_interpolate data[position]
           end
           keys[:vars] = vars unless vars.empty?
 

data/lib/oxidized/source/jsonfile.rb

@@ -50,7 +50,7 @@ module Oxidized
           # map node specific vars
           vars = {}
           @cfg.vars_map.each do |key, want_position|
-            vars[key.to_sym] = node_var_interpolate string_navigate_object(node, want_position)
+            vars[key.to_s] = node_var_interpolate string_navigate_object(node, want_position)
           end
           keys[:vars] = vars unless vars.empty?
 

data/lib/oxidized/source/sql.rb

@@ -42,7 +42,7 @@ module Oxidized
           # map node specific vars
           vars = {}
           @cfg.vars_map.each do |key, sql_column|
-            vars[key.to_sym] = node_var_interpolate node[sql_column.to_sym]
+            vars[key.to_s] = node_var_interpolate node[sql_column.to_sym]
           end
           keys[:vars] = vars unless vars.empty?
 

data/lib/oxidized/version.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 module Oxidized
-  VERSION = '0.34.0'
-  VERSION_FULL = '0.34.0'
+  VERSION = '0.34.2'
+  VERSION_FULL = '0.34.2'
   def self.version_set
     version_full = %x(git describe --tags).chop rescue ""
     version      = %x(git describe --tags --abbrev=0).chop rescue ""

data/oxidized.gemspec

@@ -41,7 +41,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'net-telnet',           '~> 0.2'
   s.add_dependency 'psych',                '~> 5.0'
   s.add_dependency 'rugged',               '~> 1.6'
-  s.add_dependency 'semantic_logger',      '~> 4.16'
+  s.add_dependency 'semantic_logger',      '~> 4.17.0'
   s.add_dependency 'slop',                 '~> 4.6'
   s.add_dependency 'syslog',               '~> 0.3.0'
   s.add_dependency 'syslog_protocol',      '~> 0.9.2'
@@ -53,13 +53,13 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'mocha',               '~> 2.1'
   s.add_development_dependency 'pry',                 '~> 0.15.0'
   s.add_development_dependency 'rake',                '~> 13.0'
-  s.add_development_dependency 'rubocop',             '~> 1.78.0'
+  s.add_development_dependency 'rubocop',             '~> 1.79.1'
   s.add_development_dependency 'rubocop-minitest',    '~> 0.38.0'
   s.add_development_dependency 'rubocop-rake',        '~> 0.7.0'
   s.add_development_dependency 'rubocop-sequel',      '~> 0.4.0'
   s.add_development_dependency 'simplecov',           '~> 0.22.0'
 
   # Dependencies on optional libraries, used for unit tests & development
-  s.add_development_dependency 'oxidized-web',        '~> 0.16'
+  s.add_development_dependency 'oxidized-web',        '~> 0.17.1'
   s.add_development_dependency 'sequel',              '>= 5.63.0', '<= 5.94.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oxidized
 version: !ruby/object:Gem::Version
-  version: 0.34.0
+  version: 0.34.2
 platform: ruby
 authors:
 - Saku Ytti
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-07-15 00:00:00.000000000 Z
+date: 2025-08-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: asetus
@@ -158,14 +158,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.16'
+        version: 4.17.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.16'
+        version: 4.17.0
 - !ruby/object:Gem::Dependency
   name: slop
   requirement: !ruby/object:Gem::Requirement
@@ -304,14 +304,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.78.0
+        version: 1.79.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.78.0
+        version: 1.79.1
 - !ruby/object:Gem::Dependency
   name: rubocop-minitest
   requirement: !ruby/object:Gem::Requirement
@@ -374,14 +374,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: 0.17.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: 0.17.1
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
@@ -440,6 +440,7 @@ files:
 - docs/DeviceSimulation.md
 - docs/Docker.md
 - docs/Hooks.md
+- docs/Inputs.md
 - docs/Issues.md
 - docs/Model-Notes/ADVA.md
 - docs/Model-Notes/APC_AOS.md