oxidized 0.34.3 → 0.35.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a87e3af9faae64551e102d6cdc54df2e45faabca7ba632ca08ef5d75d15de049
-  data.tar.gz: 1b53f1e19450f791ec11cdd61fe228764374d16aa41c1fef2c246c63f1cbaa4e
+  metadata.gz: 1c6d2a888514d85b0339a1c7511546258fc9af9665caf0702811d9a7712471c3
+  data.tar.gz: 5c1e9435a1c74249ac5eb13f8a56bc543766dfb51960791293b1c9acdc82a288
 SHA512:
-  metadata.gz: 37b6c4f96885e86b5780ad61ce64e8f51292ddb2a33ab794cae270101f436cbaad3c684b7262b01197a61e93e8d45257dae2ecb3b080fb6befd9f93162778515
-  data.tar.gz: 5b7739c4e7fa07904c94ad241d9a95c636d7774c517f1235db893192c0df938c8c91bd2d6efd161eaba7ea35cbbc7dd129a275d83f3d58386ca986126ef9adcf
+  metadata.gz: 382ebf9e233125c17f8ec5acd1fe426f8ba95d5a88e8d4f2f1ae3aebe3b5749945917f7887898b71de2bdce7851b50e4785f82ee72a0eb952a117746307b9fed
+  data.tar.gz: 5792b01eab4cb6208c4515fcabc891416b9c782b47fe7015220670c25271ab8c9719cbc7174a0605629b6e4373ab37ab46cbc60f19c787bed7d3ebe33af96eff

data/.github/workflows/codeql.yml

@@ -40,11 +40,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@v4
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"

data/.github/workflows/publishdocker.yml

@@ -3,19 +3,33 @@ on:
   push:
     branches: [ "master" ]
     tags: [ "[0-9]+.[0-9]+.[0-9]+" ]
+env:
+  REGISTRY_IMAGE: oxidized/oxidized
 
 jobs:
   build:
     if: github.repository_owner == 'ytti'
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
+
     steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
 
-      - name: Define tags
+      - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: |
-            oxidized/oxidized
+          images: ${{ env.REGISTRY_IMAGE }}
           tags: |
             type=semver,pattern={{version}}
             type=sha,prefix=master-
@@ -28,17 +42,74 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Build and push
+      - name: Build and push by digest
+        id: build
         uses: docker/build-push-action@v6
         with:
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          platforms: ${{ matrix.platform }}
+          tags: ${{ env.REGISTRY_IMAGE }}
+          labels: |
+            ${{ steps.meta.outputs.labels }}
+            org.opencontainers.image.ref.name=${{ steps.meta.outputs.version }}
           build-args: |
             BUILDKIT_CONTEXT_KEEP_GIT_DIR=true
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v5
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v6
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=sha,prefix=master-
+          flavor: |
+            latest=true
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}

data/.github/workflows/ruby.yml

@@ -23,7 +23,7 @@ jobs:
     continue-on-error: ${{ matrix.ruby-version == 'ruby-head' }}
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Set up Ruby
     # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
     # change this to (see https://github.com/ruby/setup-ruby#versioning):

data/.github/workflows/stale.yml

@@ -12,7 +12,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           stale-issue-message: 'This issue is stale because it has been open 90 days with no activity.'
           stale-pr-message: 'This PR is stale because it has been open 90 days with no activity.'

data/.rubocop.yml

@@ -68,6 +68,7 @@ Style/FormatString:
 
 Style/FormatStringToken:
   EnforcedStyle: unannotated
+  AllowedMethods: ['metadata']
 
 Style/HashEachMethods:
   Enabled: true

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-08-01 14:00:10 UTC using RuboCop version 1.79.1.
+# on 2025-12-03 13:47:41 UTC using RuboCop version 1.81.7.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new

data/CHANGELOG.md

@@ -4,13 +4,51 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [0.35.0 - 2025-12-04]
+### Release Notes
+- VyOS now has it's own Model and should be used for supported VyOS versions instead of the Vyatta Model.
+- AosCX has been reworked and may break old OS versions. Submit an issue along with a YAML Simulation File if you encounter problems.
+- TiMOS (deprecated model) has been removed. Use SROS.
+- FortiOs will be reworked in Release 0.36 (Issue #3680). Subscribe to the issue if you want to be informed and test the model before the release.
+- Support for Ruby 3.1 will be discontinued in Release 0.36 (Issue #3688) if no one objects.
+
+### Added
+- Allow setting timeout on per node basis. Closes #3612 (@ytti)
+- Added Vyos as individual model. Closes #3603 #3560 (@nicolasberens)
+- Add metadata to models. Closes #3249 (@robertcheramy)
+- perle: new model for console servers (@robertcheramy)
+- Introduce [conditional commands](/docs/Ruby-API.md#conditional-commands) (@robertcheramy)
+
+### Changed
+- tnsr: added simulation data for older versions (@Vantomas)
+- docker image: change default shell to bash. (@electrocret)
+- refactor suppression of ANSI escape codes into model.rb (use `clean :escape_codes` in your model. Updated cumulus, garderos, mlnxos and vyos. (@robertcheramy)
+- aoscx: rework handling of ANSI escape codes (@robertcheramy)
+- docker: build on arm64 natively. Closes #3665 (@robertcheramy)
+- docker image: move base image from phusion/baseimage to debian:trixie-slim (@robertcheramy)
+
+### Fixed
+- input/http: bracket IPv6 URI. Fixes #3620 (@ytti)
+- tnsr: fixed prompt regex, sometimes --More-- pager is misplaced on older versions (@ClumsyAdmin)
+- eatonnetwork: Update for firmware v2.2.0 #3634 (@thanegill)
+- input/http: Corrected pagination causing duplicated nodes. Fixes #3676 (@kquilliam)
+- many models: fix redundant regular expressions (@robertcheramy)
+- timos: remove deprecated model timos. Use sros. #3617 (@robertcheramy)
+- fsos: set terminal width to 0. Fixes #3576 (@robertcheramy)
+- aoscx: rework environmental data anonymization. Fixes #3568 (@robertcheramy, inspired by PR #3653 by @martadams89)
+- netgear: fix prompt issues caused by ANSI escape codes. Fixes #3287 (@robertcheramy)
+- remove redundant dependency on bundler producing a CI failure on ruby-head (@robertcheramy)
+- nxos: use "show inventory" when "show inventory all" is not supported. Fixes #3657 (@robertcheramy)
+- arubainstant: handle spaces/parentheses in AP names and add Zone column. Fixes #3611 (@iRomanyshyn, @robertcheramy)
+- core: fix "undefined method `[]' for nil" when only extensions: configured. Fixes: #3607 (@robertcheramy)
+
+
 ## [0.34.3 - 2025-08-05]
 This release fixes an issue preventing /node/show/<hostname> to work in oxidized-web.
 
 ### Fixed
 - Guarantee that node vars is a dict (Issue ytti/oxidized-web#365) (@ytti)
 
-
 ## [0.34.2 – 2025-08-01]
 This release mainly fixes a bug in input/scp that made ssh raise an error when
 closing a closed connection (Issue #3583).

data/Dockerfile

@@ -1,94 +1,102 @@
-FROM docker.io/phusion/baseimage:noble-1.0.2
-
-ENV DEBIAN_FRONTEND=noninteractive
+FROM docker.io/debian:trixie-slim
 
 ##### Place "static" commands at the beginning to optimize image size and build speed
-# remove default ubuntu user
-RUN userdel -r ubuntu
 
 # add non-privileged user
-ARG UID=30000
-ARG GID=$UID
-RUN groupadd -g "${GID}" -r oxidized && useradd -u "${UID}" -r -m -d /home/oxidized -g oxidized oxidized
+RUN groupadd -g "30000" -r oxidized && \
+    useradd -u "30000" -r -m -d /home/oxidized -g oxidized oxidized && \
+    chsh -s /bin/bash oxidized 
 
+# See PR #3637 - ruby runs /bin/sh and bash is whished for exec hooks
+RUN ln -sf /bin/bash /bin/sh
 
 ##### MSMTP - Sending emails
 # link config for msmtp for easier use.
 # /home/oxidized/.msmtprc is a symbolic link to /home/oxidized/.config/oxidized/.msmtprc
 # Create the files as the user oxidized
 RUN mkdir -p /home/oxidized/.config/oxidized/ && \
-    chmod -R ug=rwX,o= /home/oxidized/.config/ && \
     touch /home/oxidized/.config/oxidized/.msmtprc && \
-    chmod -R u=rw,go= /home/oxidized/.config/oxidized/.msmtprc && \
     ln -s /home/oxidized/.config/oxidized/.msmtprc /home/oxidized/ && \
-    chown -R oxidized:oxidized /home/oxidized/.config /home/oxidized/.msmtprc
+    chmod -R ug=rwX,o= /home/oxidized/.config/ && \
+    chown -R oxidized:oxidized /home/oxidized/
 
 # add runit services
 COPY extra/oxidized.runit /etc/service/oxidized/run
 COPY extra/auto-reload-config.runit /etc/service/auto-reload-config/run
 COPY extra/update-ca-certificates.runit /etc/service/update-ca-certificates/run
 
-# set up dependencies for the build process
-RUN apt-get -qy update \
-    && apt-get -qy upgrade \
-    && apt-get -qy --no-install-recommends install ruby \
-    # Build process of oxidized from git and git-tools in the container
-    git \
-    # Allow git send-email from docker image
-    git-email libmailtools-perl \
-    # Allow sending emails in the docker container
-    msmtp \
-    # Debuging tools inside the container
-    inetutils-telnet \
-    # Use ubuntu gems where possible
-    # Gems needed by oxidized
-    ruby-rugged ruby-slop ruby-psych \
-    ruby-net-telnet ruby-net-ssh ruby-net-ftp ruby-ed25519 \
-    # Gem dependencies for inputs
-    ruby-net-http-persistent ruby-mechanize \
-    # Gem dependencies for sources
-    ruby-sqlite3 ruby-mysql2 ruby-pg ruby-sequel ruby-gpgme\
-    # Gem dependencies for hooks
-    ruby-aws-sdk ruby-xmpp4r \
-    # Gems needed by oxidized-web
-    ruby-charlock-holmes ruby-haml ruby-htmlentities ruby-json \
-    puma ruby-sinatra ruby-sinatra-contrib \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-# gems not available in ubuntu noble
-RUN gem install --no-document \
-    # dependencies for hooks
-    slack-ruby-client cisco_spark \
-    # dependencies for specific inputs
-    net-tftp \
-    # Net scp is needed in Version >= 4.1.0, which is not available in ubuntu
-    net-scp
-
-# Prepare the build of oxidized, copy our workig directory in the container
+# Prepare the build of oxidized, copy our working directory in the container
 COPY . /tmp/oxidized/
 WORKDIR /tmp/oxidized
 
-# Install gems which needs a build environment
-RUN apt-get -qy update && \
-    apt-get -qy install --no-install-recommends \
-                        build-essential ruby-dev && \
-    ##### X25519 (a.k.a. Curve25519) Elliptic Curve Diffie-Hellman
-    gem install x25519 && \
-    ##### build & install oxidized from the working repository
+# set up dependencies for the build process
+RUN set -eux; \
+    export DEBIAN_FRONTEND=noninteractive; \
+    apt-get update; \
+    # no apt-get upgrade needed, as debian images are rebuilt on security issues
+    apt-get install -y --no-install-recommends \
+      # runit: lightweight service supervisor
+      # dumb-init: proper PID 1 signal handling
+      # gosu: run oxidized as the user oxidized
+      runit dumb-init gosu \
+      # Build tools
+      build-essential ruby-dev \
+      # Useful tools
+      openssh-client vim-tiny inetutils-telnet \
+      # Dependencies for /extra scripts
+      curl jq \
+      # Build process of oxidized from git and git-tools in the container
+      git \
+      # Allow git send-email from docker image
+      git-email libmailtools-perl \
+      # Allow sending emails in the docker container
+      msmtp \
+      # Use debian packaged gems where possible
+      # ruby and core gems needed by oxidized
+      ruby ruby-rugged ruby-slop \
+      # Gem dependencies for inputs
+      ruby-net-telnet ruby-net-ssh ruby-net-ftp ruby-ed25519 ruby-net-scp \
+      ruby-net-http-persistent ruby-mechanize \
+      # Gem dependencies for sources
+      ruby-sqlite3 ruby-mysql2 ruby-pg ruby-sequel ruby-gpgme\
+      # Gem dependencies for hooks
+      ruby-aws-sdk ruby-xmpp4r \
+      # Gems needed by oxidized-web
+      ruby-charlock-holmes ruby-haml ruby-htmlentities ruby-json \
+      puma ruby-sinatra ruby-sinatra-contrib \
+      # Gems needed by slack-ruby-client
+      ruby-faraday ruby-faraday-net-http ruby-faraday-multipart ruby-hashie \
+      # Gems needed by semantic logger
+      ruby-concurrent \
+    ; \
+    # build & install oxidized from the working repository
     # docker automated build gets shallow copy, but non-shallow copy cannot be unshallowed
-    git fetch --unshallow || true && \
-    rake install && \
-    # install oxidized-web
-    gem install oxidized-web --no-document && \
+    git fetch --unshallow || true; \
+    rake install; \
+    # install oxidized-web and gems not available in debian trixie
+    gem install --no-document --no-wrappers --conservative --minimal-deps \
+      oxidized-web \
+      # dependencies for hooks
+      slack-ruby-client cisco_spark \
+      # dependencies for specific inputs
+      net-tftp \
+      ##### X25519 (a.k.a. Curve25519) Elliptic Curve Diffie-Hellman
+      x25519 \
+    ; \
     # remove the packages we do not need.
-    apt-get -qy remove build-essential ruby-dev && \
-    apt-get -qy autoremove && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+    apt-get remove -y build-essential ruby-dev; \
+    apt-get autoremove -y ; \
+    apt-get clean; \
+    rm -rf /var/lib/apt/lists/*; \
+    find /var/lib/gems/*/cache -mindepth 1 -delete; \
+    rm -rf /tmp/oxidized;
 
-# clean up
 WORKDIR /
-RUN rm -rf /tmp/oxidized
 
 EXPOSE 8888/tcp
+
+# dumb-init handles PID 1 for proper signal forwarding (Ctrl-C, SIGTERM)
+ENTRYPOINT ["/usr/bin/dumb-init", "--"]
+
+# runit supervises all services in /etc/service/
+CMD ["runsvdir", "-P", "/etc/service"]

data/README.md

@@ -84,7 +84,7 @@ add-apt-repository universe
 Install the dependencies:
 
 ```shell
-apt install ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev g++ libyaml-dev
+apt install ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev g++ libyaml-dev libzstd-dev
 ```
 
 Finally, install Oxidized:
@@ -101,7 +101,7 @@ gem install oxidized-script # Script-based input/output extensions
 ```
 
 ### Rocky Linux, Red Hat Enterprise Linux
-These instructions has been verified on Rocky Linux 9.3 and Fedora.
+These instructions has been verified on Rocky Linux 9, Rocky Linux 10 and Fedora.
 
 On Rocky Linux 9, you need to install/enable EPEL, CRB and Ruby 3.1:
 ```shell

data/Rakefile

@@ -1,5 +1,6 @@
 require 'bundler/gem_tasks'
 require 'rake/testtask'
+require 'time'
 require_relative 'lib/oxidized/version'
 
 gemspec = Gem::Specification.load(Dir['*.gemspec'].first)
@@ -92,17 +93,34 @@ desc 'Build the container image with docker or podman'
 task :build_container do
   branch_name = %x(git rev-parse --abbrev-ref HEAD).chop.gsub '/', '_'
   sha_hash = %x(git rev-parse --short HEAD).chop
+  sha_hash_long = %x(git rev-parse HEAD).chop
   image_tag = "#{branch_name}-#{sha_hash}"
+  created_time = Time.now.iso8601
+
+  # Build-Args for consistent labels
+  build_args = [
+    "--label org.opencontainers.image.title=oxidized",
+    "--label org.opencontainers.image.description='Local build of Oxidized'",
+    "--label org.opencontainers.image.url=https://github.com/ytti/oxidized",
+    "--label org.opencontainers.image.source=https://github.com/ytti/oxidized",
+    "--label org.opencontainers.image.created=#{created_time}",
+    "--label org.opencontainers.image.ref.name=#{image_tag}",
+    "--label org.opencontainers.image.licenses=Apache-2.0",
+    "--label org.opencontainers.image.version=#{image_tag}",
+    "--label org.opencontainers.image.revision=#{sha_hash_long}",
+    "-t oxidized:#{image_tag}",
+    "-t oxidized:latest"
+  ].join(' ')
 
   # Prefer podman if available as it runs rootless
   if command_available?('podman')
-    sh "podman build -t oxidized:#{image_tag} -t oxidized:latest ."
+    sh "podman build #{build_args} ."
   elsif command_available?('docker')
     if docker_needs_root?
       puts 'docker needs root to build the image. Using sudo...'
-      sh "sudo docker build -t oxidized:#{image_tag} -t oxidized:latest ."
+      sh "sudo docker build #{build_args} ."
     else
-      sh "docker build -t oxidized:#{image_tag} -t oxidized:latest ."
+      sh "docker build #{build_args} ."
     end
   else
     puts 'You need Podman or Docker to build the container image.'

data/docs/Configuration.md

@@ -456,3 +456,95 @@ The threads used to fetch the configs are named `Oxidized::Job 'hostname'`:
 /home/xxx/oxidized/lib/oxidized/input/ssh.rb:127:in `sleep'
 /home/xxx/oxidized/lib/oxidized/input/ssh.rb:127:in `block (2 levels) in expect'
 ```
+
+## Metadata
+You can include some metadata in your model outputs, for this you have to set
+the variable `metadata` to `true`:
+```yaml
+vars:
+  metadata: true
+```
+
+As every [variable](#options-credentials-vars-etc-precedence), you can set it on
+model, group and even node level.
+
+By default this will produce
+`"%{comment}Fetched by Oxidized with model %{model} from host %{name} [%{ip}]\n"`
+at the first line of every model output. Some models with specific needs (XML
+for example) will save the metadata differently (for example, OpnSense and
+PfSense save an XML comment at the end of the model).
+
+### Customize metadata
+You can customize the metadata produced by setting the varibles `metadata_top`
+(top of the file) and `metadata_bottom` (bottom of the file).
+
+These variables accept string templates, and you can include newline characters
+(\n) to control formatting.
+
+Both `metadata_top` and `metadata_bottom` support interpolation of dynamic values
+using the following substitution templates:
+  - `%{model}`: name of the Oxidized model
+  - `%{name}`: name of the node
+  - `%{ip}`: IP address of the node
+  - `%{group}`: group name of the node
+  - `%{comment}`: comment string used in the model output (`# `)
+  - `%{year}`: current year (`2025`)
+  - `%{month}`: current month, zero-padded (`03` for March)
+  - `%{day}`: current day, zero-padded (`09`)
+  - `%{hour}`: current hour (24-hour format, zero-padded)
+  - `%{minute}`: current minute, zero-padded
+  - `%{second}`: current second, zero-padded
+
+Example:
+```yaml
+vars:
+  metadata: true
+  metadata_top: "%{comment}Model: %{model}; Device %{name} [%{ip}] at %{year}-%{month}-%{day} %{hour}:%{minute}:%{second}\n"
+```
+
+### Customize metadata in models
+When writing a custom metadata for a model, you can default to
+`vars("metadata_*")` or the model default. You need to interpolate the strings
+with interpolate_string. This example is taken from OpnSense, and makes an 
+XML comment of the default strings, with precedence for vars("metadata_bottom"),
+as the XML comment is situated at the bottom.
+
+```ruby
+  metadata :bottom do
+    xmlcomment interpolate_string(
+      vars("metadata_bottom") ||
+      vars("metadata_top") ||
+      Oxidized::Model::METADATA_DEFAULT
+    )
+  end
+```
+
+You can also change the metadata in the models in your configuration directory with
+[monkey patching](Creating-Models.md#monkey-patching-blocks-in-existing-models).
+This can be done in two ways:
+
+1. Interpolation string:
+```ruby
+require 'oxidized/model/ios.rb'
+
+class IOS
+  metadata :top, "%{comment}Model: %{model}\n"
+  metadata :bottom, "%{comment}Will be placed at the end of the output\n"
+end
+```
+
+2. For advanced code, you can use a code block, and access every variable of
+   the model:
+
+```ruby
+require 'oxidized/model/opnsense.rb'
+class OpnSense
+  metadata :top do
+    xmlcomment "Model:#{self.class.name}, hostname: #{@node.name}, ip:#{@node.ip}"
+  end
+
+  metadata :bottom, nil
+end
+```
+
+Remove a previous metadata by setting it to `nil`.