diff options
| -rw-r--r-- | CHANGELOG.md | 11 | ||||
| -rw-r--r-- | README.md | 41 | ||||
| -rw-r--r-- | extra/oxidized.service | 2 | ||||
| -rw-r--r-- | lib/oxidized/input/ssh.rb | 2 | ||||
| -rw-r--r-- | lib/oxidized/model/aosw.rb | 1 | ||||
| -rw-r--r-- | lib/oxidized/model/asa.rb | 19 | ||||
| -rw-r--r-- | lib/oxidized/model/br6910.rb | 45 | ||||
| -rw-r--r-- | lib/oxidized/model/coriant8600.rb | 30 | ||||
| -rw-r--r-- | lib/oxidized/model/corianttmos.rb | 25 | ||||
| -rw-r--r-- | lib/oxidized/model/edgeswitch.rb | 4 | ||||
| -rw-r--r-- | lib/oxidized/model/eos.rb | 1 | ||||
| -rw-r--r-- | lib/oxidized/model/fortios.rb | 2 | ||||
| -rw-r--r-- | lib/oxidized/model/gaiaos.rb | 46 | ||||
| -rw-r--r-- | lib/oxidized/model/junos.rb | 3 | ||||
| -rw-r--r-- | lib/oxidized/model/model.rb | 4 | ||||
| -rw-r--r-- | lib/oxidized/model/procurve.rb | 2 | ||||
| -rw-r--r-- | lib/oxidized/model/quantaos.rb | 35 | ||||
| -rw-r--r-- | lib/oxidized/node.rb | 4 | ||||
| -rw-r--r-- | lib/oxidized/version.rb | 2 |
19 files changed, 253 insertions, 26 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index cea6fb4..f2235ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 0.15.0 +- FEATURE: disable periodic collection, only on demand (by Adam Winberg) +- FEATURE: allow disabling ssh exec mode always (mainly for oxidized-script) (by @nickhilliard) +- FEATURE: support mellanox devices (by @ham5ter) +- FEATURE: support firewireos devices (by @alexandre-io) +- FEATURE: support quanta devices (by @f0o) +- FEATURE: support tellabs coriant8800, coriant8600 (by @udhos) +- FEATURE: support brocade6910 (by @cardboardpig) +- BUGFIX: debugging, tests (by @ElvinEfendi) +- BUGFIX: nos, panos, acos, procurve, eos, edgeswitch, aosw, fortios updates + # 0.14.3 - BUGFIX: fix git when using multiple groups without single_repo @@ -20,13 +20,14 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen 1. [Supported OS Types](#supported-os-types) 2. [Installation](#installation) * [Debian](#debian) - * [CentOS, Oracle Linux, Red Hat Linux version 6](#centos-oracle-linux-red-hat-linux-version 6) + * [CentOS, Oracle Linux, Red Hat Linux](#centos-oracle-linux-red-hat-linux) 3. [Initial Configuration](#configuration) 4. [Installing Ruby 2.1.2 using RVM](#installing-ruby-2.1.2-using-rvm) 5. [Running with Docker](#running-with-docker) 6. [Cookbook](#cookbook) * [Debugging](#debugging) * [Privileged mode](#privileged-mode) + * [Disabling SSH exec channels](#disabling-ssh-exec-channels) * [Source: CSV](#source-csv) * [Source: SQLite](#source-sqlite) * [Source: HTTP](#source-http) @@ -62,6 +63,9 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * Ironware * NOS (Network Operating System) * Vyatta + * 6910 + * Check Point + * GaiaOS * Ciena * SOAS * Cisco @@ -74,6 +78,9 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * SMB (Nikola series) * Citrix * NetScaler (Virtual Applicance) + * Coriant (former Tellabs) + * TMOS (8800) + * 8600 * Cumulus * Linux * DataCom @@ -115,6 +122,8 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * Opengear * Palo Alto * PANOS + * Quanta + * Quanta / VxWorks 6.6 (1.1.0.8) * Supermicro * Supermicro * Ubiquiti @@ -137,13 +146,19 @@ gem install oxidized gem install oxidized-script oxidized-web # if you don't install oxidized-web, make sure you remove "rest" from your config ``` -## CentOS, Oracle Linux, Red Hat Linux version 6 -Install Ruby 1.9.3 or greater (for Ruby 2.1.2 installation instructions see "Installing Ruby 2.1.2 using RVM"), then install Oxidized dependencies +## CentOS, Oracle Linux, Red Hat Linux +On CentOS 6 / RHEL 6, install Ruby 1.9.3 or greater (for Ruby 2.1.2 installation instructions see "Installing Ruby 2.1.2 using RVM"), then install Oxidized dependencies ```shell yum install cmake sqlite-devel openssl-devel libssh2-devel ``` -Now lets install oxidized via Rubygems: +RHEL 7 / CentOS 7 will work out of the box with the following package list: + +```shell +yum install cmake sqlite-devel openssl-devel libssh2-devel ruby gcc ruby-devel +``` + +Now let's install oxidized via Rubygems: ```shell gem install oxidized gem install oxidized-script oxidized-web @@ -153,6 +168,14 @@ gem install oxidized-script oxidized-web Oxidized configuration is in YAML format. Configuration files are subsequently sourced from ```/etc/oxidized/config``` then ```~/.config/oxidized/config```. The hashes will be merged, this might be useful for storing source information in a system wide file and user specific configuration in the home directory (to only include a staff specific username and password). Eg. if many users are using ```oxs```, see [Oxidized::Script](https://github.com/ytti/oxidized-script). +It is recommended practice to run Oxidized using its own username. This username can be added using standard command-line tools: + +``` +useradd oxidized +``` + +It is recommended not to run Oxidized as root. + To initialize a default configuration in your home directory ```~/.config/oxidized/config```, simply run ```oxidized``` once. If you don't further configure anything from the output and source sections, it'll extend the examples on a subsequent ```oxidized``` execution. This is useful to see what options for a specific source or output backend are available. You can set the env variable `OXIDIZED_HOME` to change its home directory. @@ -320,6 +343,16 @@ The above strips out snmp community strings from your saved configs. **NOTE:** Removing secrets reduces the usefulness as a full configuration backup, but it may make sharing configs easier. +### Disabling SSH exec channels + +Oxidized uses exec channels to make information extraction simpler, but there are some situations where this doesn't work well, e.g. configuring devices. This feature can be turned off by setting the ```ssh_no_exec``` +variable. + +``` +vars: + ssh_no_exec: true +``` + ### Source: CSV One line per device, colon seperated. diff --git a/extra/oxidized.service b/extra/oxidized.service index 65063b7..ba60bd5 100644 --- a/extra/oxidized.service +++ b/extra/oxidized.service @@ -6,7 +6,7 @@ Description=Oxidized - Network Device Configuration Backup Tool [Service] ExecStart=/usr/local/bin/oxidized -User=root +User=oxidized [Install] WantedBy=multi-user.target diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index db39a7e..8db5aa4 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -112,7 +112,7 @@ module Oxidized end def exec state=nil - state == nil ? @exec : (@exec=state) + state == nil ? @exec : (@exec=state) unless vars :ssh_no_exec end def cmd_shell(cmd, expect_re) diff --git a/lib/oxidized/model/aosw.rb b/lib/oxidized/model/aosw.rb index 4f09e51..394561f 100644 --- a/lib/oxidized/model/aosw.rb +++ b/lib/oxidized/model/aosw.rb @@ -22,6 +22,7 @@ class AOSW < Oxidized::Model cfg.gsub!(/key (\S+)$/, 'key <secret removed>') cfg.gsub!(/secret (\S+)$/, 'secret <secret removed>') cfg.gsub!(/wpa-passphrase (\S+)$/, 'wpa-passphrase <secret removed>') + cfg.gsub!(/bkup-passwords (\S+)$/, 'bkup-passwords <secret removed>') cfg end diff --git a/lib/oxidized/model/asa.rb b/lib/oxidized/model/asa.rb index 48e6bf4..1e45a91 100644 --- a/lib/oxidized/model/asa.rb +++ b/lib/oxidized/model/asa.rb @@ -33,18 +33,17 @@ class ASA < Oxidized::Model # backup any xml referenced in the configuration. anyconnect_profiles = cfg.scan(Regexp.new('(\sdisk0:/.+\.xml)')).flatten anyconnect_profiles.each do |profile| - cfg << (comment profile + "\n" ) - cmd ("more" + profile) do |xml| - cfg << (comment xml) - end + cfg << (comment profile + "\n" ) + cmd ("more" + profile) do |xml| + cfg << (comment xml) + end end # if DAP is enabled, also backup dap.xml if cfg.rindex(/dynamic-access-policy-record\s(?!DfltAccessPolicy)/) - cfg << (comment "disk0:/dap.xml\n") - cmd "more disk0:/dap.xml" do |xml| - cfg << (comment xml) - puts xml - end + cfg << (comment "disk0:/dap.xml\n") + cmd "more disk0:/dap.xml" do |xml| + cfg << (comment xml) + end end cfg end @@ -53,7 +52,7 @@ class ASA < Oxidized::Model if vars :enable post_login do send "enable\n" - send vars(:enable) + "\n" + cmd vars(:enable) end end post_login 'terminal pager 0' diff --git a/lib/oxidized/model/br6910.rb b/lib/oxidized/model/br6910.rb new file mode 100644 index 0000000..b5c9bcf --- /dev/null +++ b/lib/oxidized/model/br6910.rb @@ -0,0 +1,45 @@ +
+class BR6910 < Oxidized::Model
+
+ prompt /^Vty-[0-9]\#$/
+ comment '! '
+
+ # not possible to disable paging prior to show running-config
+ expect /^((.*)Others to exit ---(.*))$/ do |data, re|
+ send 'a'
+ data.sub re, ''
+ end
+
+ cmd :all do |cfg|
+ # sometimes br6910s inserts arbitrary whitespace after commands are
+ # issued on the CLI, from run to run. this normalises the output.
+ cfg.each_line.to_a[1..-2].drop_while { |e| e.match /^\s+$/ }.join
+ end
+
+ cmd 'show version' do |cfg|
+ comment cfg
+ end
+
+ # show flash is not possible on a brocade 6910, do dir instead
+ # to see flash contents (includes config file names)
+ cmd 'dir' do |cfg|
+ comment cfg
+ end
+
+ cmd 'show running-config' do |cfg|
+ arr = cfg.each_line.to_a
+ arr[2..-1].join unless arr.length < 2
+ end
+
+ cfg :telnet do
+ username /^Username:/
+ password /^Password:/
+ end
+
+ # post login and post logout
+ cfg :telnet, :ssh do
+ post_login ''
+ pre_logout 'exit'
+ end
+
+end
diff --git a/lib/oxidized/model/coriant8600.rb b/lib/oxidized/model/coriant8600.rb new file mode 100644 index 0000000..a48ffa5 --- /dev/null +++ b/lib/oxidized/model/coriant8600.rb @@ -0,0 +1,30 @@ +class Coriant8600 < Oxidized::Model + + comment '# ' + + prompt /^[^\s#>]+[#>]$/ + + cmd 'show hw-inventory' do |cfg| + comment cfg + end + + cmd 'show flash' do |cfg| + comment cfg + end + + cmd 'show run' do |cfg| + cfg + end + + cfg :telnet do + username /^user name:$/ + password /^password:$/ + end + + cfg :telnet, :ssh do + pre_logout 'exit' + post_login 'enable' + post_login 'terminal more off' + end + +end diff --git a/lib/oxidized/model/corianttmos.rb b/lib/oxidized/model/corianttmos.rb new file mode 100644 index 0000000..76603f6 --- /dev/null +++ b/lib/oxidized/model/corianttmos.rb @@ -0,0 +1,25 @@ +class CoriantTmos < Oxidized::Model + + comment '# ' + + prompt /^[^\s#]+#\s$/ + + cmd 'show node extensive' do |cfg| + comment cfg + end + + cmd 'show run' do |cfg| + cfg + end + + cfg :telnet do + username /^Login:\s$/ + password /^Password:\s$/ + end + + cfg :telnet, :ssh do + pre_logout 'exit' + post_login 'enable config terminal length 0' + end + +end diff --git a/lib/oxidized/model/edgeswitch.rb b/lib/oxidized/model/edgeswitch.rb index 7c82639..7f5b1ea 100644 --- a/lib/oxidized/model/edgeswitch.rb +++ b/lib/oxidized/model/edgeswitch.rb @@ -11,8 +11,8 @@ class EdgeSwitch < Oxidized::Model end cfg :telnet do - username /Username:\s/ - password /^Password:\s/ + username /User(name)?:\s?/ + password /^Password:\s?/ end cfg :telnet, :ssh do diff --git a/lib/oxidized/model/eos.rb b/lib/oxidized/model/eos.rb index 84ef8cb..75da0fa 100644 --- a/lib/oxidized/model/eos.rb +++ b/lib/oxidized/model/eos.rb @@ -14,6 +14,7 @@ class EOS < Oxidized::Model cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>' cfg.gsub! /username (\S+) privilege (\d+) (\S+).*/, '<secret hidden>' cfg.gsub! /^(enable secret).*/, '\\1 <configuration removed>' + cfg.gsub! /^(tacacs-server key \d+).*/, '\\1 <configuration removed>' cfg end diff --git a/lib/oxidized/model/fortios.rb b/lib/oxidized/model/fortios.rb index aad3a6e..cd379b7 100644 --- a/lib/oxidized/model/fortios.rb +++ b/lib/oxidized/model/fortios.rb @@ -2,7 +2,7 @@ class FortiOS < Oxidized::Model comment '# ' - prompt /^([-\w\.]+(\s[\(\w\-\.\)]+)?\~?\s?[#>$]\s?)$/ + prompt /^([-\w\.\~]+(\s[\(\w\-\.\)]+)?\~?\s?[#>$]\s?)$/ expect /^--More--\s$/ do |data, re| send ' ' diff --git a/lib/oxidized/model/gaiaos.rb b/lib/oxidized/model/gaiaos.rb new file mode 100644 index 0000000..434e774 --- /dev/null +++ b/lib/oxidized/model/gaiaos.rb @@ -0,0 +1,46 @@ +class GaiaOS < Oxidized::Model + + # CheckPoint - Gaia OS Model + + # Gaia Prompt + prompt /^([\[\]\w.@:-]+[#>]\s?)$/ + + # Comment tag + comment '# ' + + + cmd :all do |cfg| + cfg = cfg.each_line.to_a[1..-2].join + end + + cmd :secret do |cfg| + cfg.gsub! /^(set expert-password-hash ).*/, '\1<EXPERT PASSWORD REMOVED>' + cfg.gsub! /^(set user \S+ password-hash ).*/,'\1<USER PASSWORD REMOVED>' + cfg.gsub! /^(set ospf .* secret ).*/,'\1<OSPF KEY REMOVED>' + cfg.gsub! /^(set snmp community )(.*)( read-only.*)/,'\1<SNMP COMMUNITY REMOVED>\3' + cfg.gsub! /^(add snmp .* community )(.*)(\S?.*)/,'\1<SNMP COMMUNITY REMOVED>\3' + cfg.gsub! /(auth|privacy)(-pass-phrase-hashed )(\S*)/,'\1-pass-phrase-hashed <SNMP PASS-PHRASE REMOVED>' + cfg + end + + cmd 'show asset all' do |cfg| + comment cfg + end + + cmd 'show version all' do |cfg| + comment cfg + end + + cmd 'show configuration' do |cfg| + cfg.gsub! /^# Exported by \S+ on .*/, '# ' + cfg + end + + + cfg :ssh do + # User shell must be /etc/cli.sh + post_login 'set clienv rows 0' + pre_logout 'exit' + end + +end diff --git a/lib/oxidized/model/junos.rb b/lib/oxidized/model/junos.rb index bdd9bed..058e3cf 100644 --- a/lib/oxidized/model/junos.rb +++ b/lib/oxidized/model/junos.rb @@ -7,8 +7,7 @@ class JunOS < Oxidized::Model end cmd :all do |cfg| - # we don't need screen-scraping in ssh due to exec - cfg = cfg.lines.to_a[1..-2].join if telnet + cfg = cfg.lines.to_a[1..-2].join if screenscrape cfg.lines.map { |line| line.rstrip }.join("\n") + "\n" end diff --git a/lib/oxidized/model/model.rb b/lib/oxidized/model/model.rb index 4a15a45..a2a71cb 100644 --- a/lib/oxidized/model/model.rb +++ b/lib/oxidized/model/model.rb @@ -154,6 +154,10 @@ module Oxidized data end + def screenscrape + @input.class.to_s.match(/Telnet/) || vars(:ssh_no_exec) + end + private def process_cmd_output output, name diff --git a/lib/oxidized/model/procurve.rb b/lib/oxidized/model/procurve.rb index 0dc6f8f..da792e6 100644 --- a/lib/oxidized/model/procurve.rb +++ b/lib/oxidized/model/procurve.rb @@ -11,7 +11,7 @@ class Procurve < Oxidized::Model data.gsub re, '' end - expect /Press any key to continue/ do + expect /Press any key to continue(\e\[\??\d+(;\d+)*[A-Za-z])*$/ do send ' ' "" end diff --git a/lib/oxidized/model/quantaos.rb b/lib/oxidized/model/quantaos.rb new file mode 100644 index 0000000..274440d --- /dev/null +++ b/lib/oxidized/model/quantaos.rb @@ -0,0 +1,35 @@ +class QuantaOS < Oxidized::Model + + prompt /^\((\w|\S)+\) (>|#)$/ + comment '! ' + + cmd 'show run' do |cfg| + cfg.each_line.select do |line| + not line.match /^!.*$/ and + not line.match /^\((\w|\S)+\) (>|#)$/ and + not line.match /^show run$/ + end.join + end + + cfg :telnet do + username /^Username:/ + password /^Password:/ + end + + cfg :telnet, :ssh do + post_login do + send "enable\n" + if vars :enable + cmd vars(:enable) + else + cmd "" + end + end + post_login 'terminal length 0' + pre_logout do + send "quit\n" + send "n\n" + end + end + +end diff --git a/lib/oxidized/node.rb b/lib/oxidized/node.rb index 1a08dff..3e46b17 100644 --- a/lib/oxidized/node.rb +++ b/lib/oxidized/node.rb @@ -9,9 +9,7 @@ module Oxidized attr_accessor :running, :user, :msg, :from, :stats, :retry alias :running? :running def initialize opt - if Oxidized.config.debug == true or opt[:debug] == true - puts 'resolving DNS for %s...' % opt[:name] - end + Oxidized.logger.debug 'resolving DNS for %s...' % opt[:name] @name = opt[:name] @ip = IPAddr.new(opt[:ip]).to_s rescue nil @ip ||= Resolv.new.getaddress @name diff --git a/lib/oxidized/version.rb b/lib/oxidized/version.rb index 428cd19..db52c3b 100644 --- a/lib/oxidized/version.rb +++ b/lib/oxidized/version.rb @@ -1,3 +1,3 @@ module Oxidized - VERSION = '0.14.3' + VERSION = '0.15.0' end |