oxidized 0.35.0 → 0.37.0

data/lib/oxidized/input/scp.rb

@@ -1,54 +1,20 @@
 module Oxidized
   require 'net/ssh'
-  require 'net/scp'
+  begin
+    require 'net/scp'
+  rescue LoadError
+    raise OxidizedError, 'net/scp not found: sudo gem install net-scp'
+  end
   require 'timeout'
-  require_relative 'cli'
+  require_relative 'sshbase'
 
-  class SCP < Input
+  class SCP < SSHBase
     RESCUE_FAIL = {
-      debug: [
-        Net::SSH::Disconnect,
-        Net::SSH::ConnectionTimeout
-      ],
-      warn:  [
-        Net::SCP::Error,
-        Net::SSH::HostKeyUnknown,
-        Net::SSH::AuthenticationFailed,
-        Timeout::Error
-      ]
+      Net::SCP::Error => :warn
     }.freeze
-    include Input::CLI
-
-    def connect(node) # rubocop:disable Naming/PredicateMethod
-      @node = node
-      @node.model.cfg['scp'].each { |cb| instance_exec(&cb) }
-      @log = File.open(Oxidized::Config::LOG + "/#{@node.ip}-scp", 'w') if Oxidized.config.input.debug?
-      @ssh = Net::SSH.start(@node.ip, @node.auth[:username], make_ssh_opts)
-      connected?
-    end
-
-    def make_ssh_opts
-      secure = Oxidized.config.input.scp.secure?
-      ssh_opts = {
-        number_of_password_prompts:      0,
-        verify_host_key:                 secure ? :always : :never,
-        append_all_supported_algorithms: true,
-        password:                        @node.auth[:password],
-        timeout:                         @node.timeout,
-        port:                            (vars(:ssh_port) || 22).to_i,
-        forward_agent:                   false
-      }
 
-      # Use our logger for Net::SSH
-      ssh_logger = SemanticLogger[Net::SSH]
-      ssh_logger.level = Oxidized.config.input.debug? ? :debug : :fatal
-      ssh_opts[:logger] = ssh_logger
-
-      ssh_opts
-    end
-
-    def connected?
-      @ssh && (not @ssh.closed?)
+    def self.rescue_fail
+      super.merge(RESCUE_FAIL)
     end
 
     def cmd(file)
@@ -57,25 +23,5 @@ module Oxidized
         @ssh.scp.download!(file)
       end
     end
-
-    def send(my_proc)
-      my_proc.call
-    end
-
-    def output
-      ""
-    end
-
-    private
-
-    def disconnect
-      Timeout.timeout(@node.timeout) do
-        @ssh.close
-      end
-    rescue Timeout::Error
-      logger.debug "#{@node.name} timed out while disconnecting"
-    ensure
-      @log.close if Oxidized.config.input.debug?
-    end
   end
 end

data/lib/oxidized/input/ssh.rb

@@ -1,32 +1,28 @@
+require 'timeout'
+require_relative 'sshbase'
+require_relative 'debugyaml'
+require_relative 'debugtext'
+
 module Oxidized
-  require 'net/ssh'
-  require 'net/ssh/proxy/command'
-  require 'timeout'
-  require 'oxidized/input/cli'
-  class SSH < Input
+  class SSH < SSHBase
+    class NoShell < OxidizedError; end
+
     RESCUE_FAIL = {
-      debug: [
-        Net::SSH::Disconnect
-      ],
-      warn:  [
-        RuntimeError,
-        Net::SSH::AuthenticationFailed
-      ]
+      RuntimeError => :warn
     }.freeze
-    include Input::CLI
 
-    class NoShell < OxidizedError; end
+    def self.rescue_fail
+      super.merge(RESCUE_FAIL)
+    end
 
     def connect(node) # rubocop:disable Naming/PredicateMethod
       @node        = node
       @output      = String.new('')
       @pty_options = { term: "vt100" }
       @node.model.cfg['ssh'].each { |cb| instance_exec(&cb) }
-      if Oxidized.config.input.debug?
-        logfile = Oxidized::Config::LOG + "/#{@node.ip}-ssh"
-        @log = File.open(logfile, 'w')
-        logger.debug "I/O Debuging to #{logfile}"
-      end
+
+      @yaml_debug = DebugYAML.new(Oxidized.config.input.debug, @node, config_name)
+      @text_debug = DebugText.new(Oxidized.config.input.debug, @node, config_name)
 
       logger.debug "Connecting to #{@node.name}"
       @ssh = Net::SSH.start(@node.ip, @node.auth[:username], make_ssh_opts)
@@ -41,30 +37,31 @@ module Oxidized
       connected?
     end
 
-    def connected?
-      @ssh && (not @ssh.closed?)
-    end
-
     def cmd(cmd, expect = node.prompt)
-      logger.debug "Sending '#{cmd.dump}' @ #{node.name} with expect: #{expect.inspect}"
-      if Oxidized.config.input.debug?
-        @log.puts "sent cmd #{@exec ? cmd.dump : (cmd + newline).dump}"
-        @log.flush
+      unless cmd.is_a?(String)
+        logger.error "cmd must be a String (#{cmd.class}): #{cmd.inspect} @ #{node.name}"
+        raise ArgumentError, "cmd must be a String"
       end
+      logger.debug "Sending '#{cmd.dump}' @ #{node.name} with expect: #{expect.inspect}"
       cmd_output = if @exec
+                     @yaml_debug&.send_data(cmd)
+                     @text_debug&.send_data(cmd)
                      @ssh.exec! cmd
                    else
                      cmd_shell(cmd, expect).gsub("\r\n", "\n")
                    end
+
+      # only logging @exec as cmd_shell is handled in the ssh loop
+      @yaml_debug&.receive_data(cmd_output) if @exec
+      @text_debug&.receive_data(cmd_output) if @exec
+
       # Make sure we return a String
       cmd_output.to_s
     end
 
     def send(data)
-      if Oxidized.config.input.debug?
-        @log.puts "sent data #{data.dump}"
-        @log.flush
-      end
+      @yaml_debug&.send_data(data)
+      @text_debug&.send_data(data)
       @ses.send_data data
     end
 
@@ -76,6 +73,7 @@ module Oxidized
 
     private
 
+    # We need a specific disconnect for SSH in shell mode, see issue #3725
     def disconnect
       disconnect_cli
       # if disconnect does not disconnect us, give up after timeout
@@ -86,17 +84,16 @@ module Oxidized
     rescue Timeout::Error
       logger.debug "#{@node.name} timed out while disconnecting"
     ensure
-      @log.close if Oxidized.config.input.debug?
+      @yaml_debug&.close
+      @text_debug&.close
       (@ssh.close rescue true) unless @ssh.closed? # rubocop:disable Style/RedundantParentheses
     end
 
     def shell_open(ssh)
       @ses = ssh.open_channel do |ch|
         ch.on_data do |_ch, data|
-          if Oxidized.config.input.debug?
-            @log.puts "received #{data.dump}"
-            @log.flush
-          end
+          @yaml_debug&.receive_data(data)
+          @text_debug&.receive_data(data)
           @output << data
           @output = @node.model.expects @output
         end
@@ -118,6 +115,9 @@ module Oxidized
 
     def cmd_shell(cmd, expect_re)
       @output = String.new('')
+
+      @yaml_debug&.send_data(cmd + newline)
+      @text_debug&.send_data(cmd + newline)
       @ses.send_data cmd + newline
       @ses.process
       expect expect_re if expect_re
@@ -137,48 +137,5 @@ module Oxidized
         end
       end
     end
-
-    def make_ssh_opts
-      secure = Oxidized.config.input.ssh.secure?
-      ssh_opts = {
-        number_of_password_prompts:      0,
-        keepalive:                       vars(:ssh_no_keepalive) ? false : true,
-        verify_host_key:                 secure ? :always : :never,
-        append_all_supported_algorithms: true,
-        password:                        @node.auth[:password],
-        timeout:                         @node.timeout,
-        port:                            (vars(:ssh_port) || 22).to_i,
-        forward_agent:                   false
-      }
-
-      auth_methods = vars(:auth_methods) || %w[none publickey password]
-      ssh_opts[:auth_methods] = auth_methods
-      logger.debug "AUTH METHODS::#{auth_methods}"
-
-      ssh_opts[:proxy] = make_ssh_proxy_command(vars(:ssh_proxy), vars(:ssh_proxy_port), secure) if vars(:ssh_proxy)
-
-      ssh_opts[:keys]       = [vars(:ssh_keys)].flatten           if vars(:ssh_keys)
-      ssh_opts[:kex]        = vars(:ssh_kex).split(/,\s*/)        if vars(:ssh_kex)
-      ssh_opts[:encryption] = vars(:ssh_encryption).split(/,\s*/) if vars(:ssh_encryption)
-      ssh_opts[:host_key]   = vars(:ssh_host_key).split(/,\s*/)   if vars(:ssh_host_key)
-      ssh_opts[:hmac]       = vars(:ssh_hmac).split(/,\s*/)       if vars(:ssh_hmac)
-
-      # Use our logger for Net::SSH
-      ssh_logger = SemanticLogger[Net::SSH]
-      ssh_logger.level = Oxidized.config.input.debug? ? :debug : :fatal
-      ssh_opts[:logger] = ssh_logger
-
-      ssh_opts
-    end
-
-    def make_ssh_proxy_command(proxy_host, proxy_port, secure)
-      return nil unless !proxy_host.nil? && !proxy_host.empty?
-
-      proxy_command =  "ssh "
-      proxy_command += "-o StrictHostKeyChecking=no " unless secure
-      proxy_command += "-p #{proxy_port} "            if proxy_port
-      proxy_command += "#{proxy_host} -W [%h]:%p"
-      Net::SSH::Proxy::Command.new(proxy_command)
-    end
   end
 end

data/lib/oxidized/input/sshbase.rb

@@ -0,0 +1,102 @@
+module Oxidized
+  require 'net/ssh'
+  require 'net/ssh/proxy/command'
+  require 'timeout'
+
+  class SSHBase < Input
+    RESCUE_FAIL = {
+      Net::SSH::Disconnect           => :debug,
+      Net::SSH::ConnectionTimeout    => :debug,
+      Net::SSH::AuthenticationFailed => :warn,
+      Net::SSH::HostKeyUnknown       => :warn
+    }.freeze
+
+    def self.rescue_fail
+      super.merge(RESCUE_FAIL)
+    end
+
+    def connect(node) # rubocop:disable Naming/PredicateMethod
+      @node = node
+      @node.model.cfg[config_name].each { |cb| instance_exec(&cb) }
+      logger.debug "Connecting to #{@node.name}"
+      @ssh = Net::SSH.start(@node.ip, @node.auth[:username], make_ssh_opts)
+      connected?
+    end
+
+    def connected?
+      @ssh && (not @ssh.closed?)
+    end
+
+    def make_ssh_opts
+      ssh_opts = {
+        number_of_password_prompts:      0,
+        keepalive:                       vars(:ssh_no_keepalive) ? false : true,
+        verify_host_key:                 must_secure? ? :always : :never,
+        append_all_supported_algorithms: true,
+        password:                        @node.auth[:password],
+        timeout:                         @node.timeout,
+        port:                            (vars(:ssh_port) || 22).to_i,
+        forward_agent:                   false
+      }
+
+      auth_methods = vars(:auth_methods) || %w[none publickey password]
+      ssh_opts[:auth_methods] = auth_methods
+      logger.debug "AUTH METHODS::#{auth_methods}"
+
+      if vars(:ssh_proxy)
+        ssh_opts[:proxy] = make_ssh_proxy_command(
+          vars(:ssh_proxy), vars(:ssh_proxy_port), must_secure?
+        )
+      end
+      ssh_opts[:keys]       = [vars(:ssh_keys)].flatten           if vars(:ssh_keys)
+      ssh_opts[:kex]        = vars(:ssh_kex).split(/,\s*/)        if vars(:ssh_kex)
+      ssh_opts[:encryption] = vars(:ssh_encryption).split(/,\s*/) if vars(:ssh_encryption)
+      ssh_opts[:host_key]   = vars(:ssh_host_key).split(/,\s*/)   if vars(:ssh_host_key)
+      ssh_opts[:hmac]       = vars(:ssh_hmac).split(/,\s*/)       if vars(:ssh_hmac)
+
+      # Use our logger for Net::SSH
+      ssh_logger = SemanticLogger[Net::SSH]
+      config_debug = Oxidized.config.input.debug
+      if config_debug == true ||
+         (config_debug.is_a?(String) && config_debug.downcase.include?('library'))
+        ssh_logger.level = :debug
+      else
+        ssh_logger.level = :fatal
+      end
+      ssh_opts[:logger] = ssh_logger
+
+      ssh_opts
+    end
+
+    def must_secure?
+      Oxidized.config.input[config_name].secure? == true
+    end
+
+    def make_ssh_proxy_command(proxy_host, proxy_port, secure)
+      return nil unless !proxy_host.nil? && !proxy_host.empty?
+
+      proxy_command =  "ssh "
+      proxy_command += "-o StrictHostKeyChecking=no " unless secure
+      proxy_command += "-p #{proxy_port} "            if proxy_port
+      proxy_command += "#{proxy_host} -W [%h]:%p"
+      Net::SSH::Proxy::Command.new(proxy_command)
+    end
+
+    def disconnect
+      disconnect_cli
+      Timeout.timeout(@node.timeout) do
+        @ssh.close
+      end
+    rescue Errno::ECONNRESET, Net::SSH::Disconnect, IOError => e
+      logger.debug 'The other side closed the connection while ' \
+                   "disconnecting, raising #{e.class} with #{e.message}"
+    rescue Timeout::Error
+      logger.debug "#{@node.name} timed out while disconnecting"
+    end
+
+    # Methods to implement in subclasses
+    def cmd(**_args)
+      raise NotImplementedError, "Subclasses must implement cmd"
+    end
+  end
+end

data/lib/oxidized/input/telnet.rb

@@ -1,17 +1,17 @@
+require_relative 'debugtext'
+
 module Oxidized
   require 'net/telnet'
-  require 'oxidized/input/cli'
   class Telnet < Input
-    RESCUE_FAIL = {}.freeze
-    include Input::CLI
-
     attr_reader :telnet
 
     def connect(node) # rubocop:disable Naming/PredicateMethod
       @node    = node
       @timeout = @node.timeout
       @node.model.cfg['telnet'].each { |cb| instance_exec(&cb) }
-      @log = File.open(Oxidized::Config::LOG + "/#{@node.ip}-telnet", 'w') if Oxidized.config.input.debug?
+
+      @text_debug = DebugText.new(Oxidized.config.input.debug, @node, config_name)
+
       port = vars(:telnet_port) || 23
 
       telnet_opts = {
@@ -19,7 +19,7 @@ module Oxidized
         'Port'    => port.to_i,
         'Timeout' => @timeout,
         'Model'   => @node.model,
-        'Log'     => @log
+        'Log'     => @text_debug
       }
 
       @telnet = Net::Telnet.new telnet_opts
@@ -42,12 +42,14 @@ module Oxidized
       # create a string to be passed to oxidized_expect and modified _there_
       # default to a single space so it shouldn't be coerced to nil by any models.
       out = String(' ')
+      @text_debug&.send_data(cmd_str)
       @telnet.puts(cmd_str)
       @telnet.oxidized_expect(timeout: @timeout, expect: expect, out: out)
       out
     end
 
     def send(data)
+      @text_debug&.send_data(data)
       @telnet.write data
     end
 
@@ -67,7 +69,7 @@ module Oxidized
     rescue Errno::ECONNRESET, IOError
       # This exception is intented and therefore not handled here
     ensure
-      @log.close if Oxidized.config.input.debug?
+      @text_debug&.close
       (@telnet.close rescue true) unless @telnet.sock.closed? # rubocop:disable Style/RedundantParentheses
     end
   end
@@ -80,8 +82,8 @@ module Net
     attr_reader :output
 
     def oxidized_expect(options)
-      model    = @options["Model"]
-      @log     = @options["Log"]
+      model      = @options["Model"]
+      text_debug = @options["Log"]
 
       expects  = [options[:expect]].flatten
       time_out = options[:timeout] || @options["Timeout"]
@@ -107,10 +109,7 @@ module Net
             buf = preprocess(c)
             rest = ''
           end
-          if Oxidized.config.input.debug?
-            @log.print buf
-            @log.flush
-          end
+          text_debug&.receive_data buf
           line += buf
           line = model.expects line
           # match is a regexp object. we need to return that for logins to work.

data/lib/oxidized/input/tftp.rb

@@ -1,7 +1,5 @@
 module Oxidized
   require 'stringio'
-  require_relative 'cli'
-
   begin
     require 'net/tftp'
   rescue LoadError
@@ -9,14 +7,19 @@ module Oxidized
   end
 
   class TFTP < Input
-    include Input::CLI
+    RESCUE_FAIL = {
+      Net::TFTPTimeout => :warn
+    }.freeze
+
+    def self.rescue_fail
+      super.merge(RESCUE_FAIL)
+    end
 
     # TFTP utilizes UDP, there is not a connection. We simply specify an IP and send/receive data.
     def connect(node)
       @node = node
 
       @node.model.cfg['tftp'].each { |cb| instance_exec(&cb) }
-      @log = File.open(Oxidized::Config::LOG + "/#{@node.ip}-tftp", 'w') if Oxidized.config.input.debug?
       @tftp = Net::TFTP.new @node.ip
     end
 
@@ -32,9 +35,6 @@ module Oxidized
 
     def disconnect
       # TFTP uses UDP, there is no connection to close
-      true
-    ensure
-      @log.close if Oxidized.config.input.debug?
     end
   end
 end

data/lib/oxidized/model/aoscx.rb

@@ -22,9 +22,11 @@ class Aoscx < Oxidized::Model
   end
 
   cmd :secret do |cfg|
+    cfg.gsub! /^(user .* group .*(?: ciphertext)?) \S+/, '\\1 <secret hidden>'
     cfg.gsub! /^(snmp-server community) \S+(.*)/, '\\1 <secret hidden> \\2'
     cfg.gsub! /^(snmp-server host \S+) \S+(.*)/, '\\1 <secret hidden> \\2'
-    cfg.gsub! /^(radius-server host \S+ key) \S+(.*)/, '\\1 <secret hidden> \\2'
+    cfg.gsub! /^(snmpv3 user).*?(auth (?:md5|sha(?:\d{1,3})?) auth-pass ciphertext).*?(priv (?:des|aes(?:\d{1,3})?) priv-pass ciphertext).*/, '\\1 <user> \\2 <auth-pass> \\3 <priv-pass>'
+    cfg.gsub! /^(radius-server host \S+ key(?: ciphertext)?) \S+ (.*)/, '\\1 <secret hidden> \\2'
     cfg.gsub! /^(radius-server key).*/, '\\1 <configuration removed>'
     cfg.gsub! /^(tacacs-server host \S+ key) \S+(.*)/, '\\1 <secret hidden> \\2'
     cfg.gsub! /^(tacacs-server key).*/, '\\1 <secret hidden>'
@@ -35,22 +37,23 @@ class Aoscx < Oxidized::Model
     comment cfg
   end
 
-  cmd 'show environment' do |cfg|
-    def with_section(cfg, section, &block)
-      cfg.sub!(/(show environment #{section}.*?-{10,}\n)(.*?)(?=\nshow environment|\z)/m) do
-        header = ::Regexp.last_match(1)
-        content = ::Regexp.last_match(2)
-        block.call(content) if block_given?
-        header + content
-      end
+  def with_section(cfg, section, &block)
+    cfg.sub!(/(show environment #{section}.*?-{10,}\n)(.*?)(?=\nshow environment|\z)/m) do
+      header = ::Regexp.last_match(1)
+      content = ::Regexp.last_match(2)
+      block.call(content) if block_given?
+      header + content
     end
+  end
 
+  cmd 'show environment' do |cfg|
     with_section(cfg, 'fan') do |content|
-      content.gsub!(/^(.*)(slow|normal|medium|fast|max) (.*?)\d+ +$/, '\\1<speed> \\3<rpm>')
+      content.gsub!(/^((?:\S+ +){3})(slow  |normal|medium|fast  |max   |N\/A   ) (.*?)\d+ +$/, '\\1<speed> \\3<rpm>')
     end
 
     with_section(cfg, 'power-consumption') do |content|
       content.gsub!(/^(.*?) (?:\d+\.\d+ +)+\d+\.\d+$/, '\\1 <power hidden>')
+      content.gsub!(/^(Total Power Consumption +)\d+\.\d+$/, '\\1<power hidden>')
     end
 
     with_section(cfg, 'power-allocation') do |content|
@@ -58,7 +61,7 @@ class Aoscx < Oxidized::Model
     end
 
     with_section(cfg, 'temperature') do |content|
-      content.gsub!(/^(.*) \d+\.\d+ C (.*)$/, '\\1 <hidden>\\2')
+      content.gsub!(/^(.*) -?\d+\.\d+ C (.*)$/, '\\1 <hidden>\\2')
     end
     comment cfg
   end
@@ -71,7 +74,10 @@ class Aoscx < Oxidized::Model
     comment cfg
   end
 
-  cmd 'show system | exclude "Up Time" | exclude "CPU" | exclude "Memory" | exclude "Pkts .x" | exclude "Lowest" | exclude "Missed"' do |cfg|
+  cmd 'show system' do |cfg|
+    cfg = cfg.reject_lines [
+      "Up Time", "CPU", "Memory", /Pkts .x/, "Lowest", "Missed"
+    ]
     comment cfg
   end
 

data/lib/oxidized/model/aosw.rb

@@ -48,8 +48,11 @@ class AOSW < Oxidized::Model
   end
 
   cmd 'show version' do |cfg|
-    cfg = cfg.each_line.reject { |line| line.match(/(Switch|AP) uptime/i) || line.match(/Reboot Time and Cause/i) }
-    rstrip_cfg comment cfg.join
+    cfg = cfg.reject_lines [
+      /(Switch|AP) uptime/i,
+      /Reboot Time and Cause/i
+    ]
+    rstrip_cfg comment cfg
   end
 
   cmd 'show inventory' do |cfg|
@@ -77,15 +80,11 @@ class AOSW < Oxidized::Model
   end
 
   cmd 'show running-config' do |cfg|
-    out = []
-    cfg.each_line do |line|
-      next if line =~ /^controller config \d+$/
-      next if line =~ /^Building Configuration/
-
-      out << line.strip
-    end
-    out = out.join "\n"
-    out << "\n"
+    cfg = cfg.reject_lines [
+      /^controller config \d+$/,
+      /^Building Configuration/
+    ]
+    rstrip_cfg cfg
   end
 
   cfg :telnet do

data/lib/oxidized/model/apc_aos.rb

@@ -1,7 +1,11 @@
 class Apc_aos < Oxidized::Model # rubocop:disable Naming/ClassAndModuleCamelCase
   using Refinements
 
+  comment '; '
+
   cmd 'config.ini' do |cfg|
+    logger.warn "Apc_aos is deprecated, use ApcAos instead."
+
     cfg.gsub!(/^; Configuration file, generated on.*\n/, '')
     cfg
   end

data/lib/oxidized/model/apcaos.rb

@@ -0,0 +1,39 @@
+class ApcAos < Oxidized::Model
+  using Refinements
+
+  # Prompt can be short (apc>) or long (username@apc>)
+  prompt /^(:?\S+@)?apc>/
+  comment '; '
+
+  def clean(cfg)
+    cfg = cfg.cut_both(2, 1)
+    cfg.gsub("\r", "")
+  end
+
+  cmd 'about', input: :ssh do |cfg|
+    cfg = clean(cfg)
+    cfg = cfg.reject_lines [/^Management Uptime: /, /^Date: /, /^Time: /]
+    comment cfg
+  end
+
+  cmd 'upsabout', input: :ssh do |cfg|
+    cfg = clean(cfg)
+    comment cfg
+  end
+
+  cmd 'detstatus -ss', input: :ssh do |cfg|
+    cfg = clean(cfg)
+    comment cfg
+  end
+
+  cmd 'config.ini', input: %i[scp ftp] do |cfg|
+    cfg = cfg.reject_lines [/^; Configuration file, generated on /]
+    "; ========== config.ini ==========\n" + cfg
+  end
+
+  inputs [:ssh, %i[scp ftp]]
+
+  cfg :ssh do
+    pre_logout 'exit'
+  end
+end

data/lib/oxidized/model/arubainstant.rb

@@ -31,30 +31,21 @@ class ArubaInstant < Oxidized::Model
 
   # get software version
   cmd 'show version' do |cfg|
-    out = ''
-    cfg.each_line do |line|
-      next if line =~ /^(Switch|AP) uptime is /
-
-      next if line =~ /^Reboot Time and Cause/
-
-      out += line
-    end
-    comment out
+    cfg = cfg.reject_lines [
+      /^(Switch|AP) uptime is /,
+      /^Reboot Time and Cause/
+    ]
+    comment cfg
   end
 
   # Get serial number
   cmd 'show activate status' do |cfg|
-    out = ''
-    cfg.each_line do |line|
-      next if line =~ /^Activate /
-
-      next if line =~ /^Provision interval/
-
-      next if line =~ /^Cloud Activation Key/
-
-      out += line
-    end
-    comment out + "\n"
+    cfg = cfg.reject_lines [
+      /^Activate /,
+      /^Provision interval/,
+      /^Cloud Activation Key/
+    ]
+    comment cfg + "\n"
   end
 
   # Get controlled WLAN-AP