diff options
| -rw-r--r-- | CHANGELOG.md | 11 | ||||
| -rw-r--r-- | Dockerfile | 11 | ||||
| -rw-r--r-- | README.md | 164 | ||||
| -rw-r--r-- | extra/nagios_check_failing_nodes.rb | 22 | ||||
| -rw-r--r-- | extra/oxidized.service | 12 | ||||
| -rw-r--r-- | extra/syslog.rb | 50 | ||||
| -rw-r--r-- | lib/oxidized/config.rb | 3 | ||||
| -rw-r--r-- | lib/oxidized/core.rb | 5 | ||||
| -rw-r--r-- | lib/oxidized/hook.rb | 88 | ||||
| -rw-r--r-- | lib/oxidized/hook/exec.rb | 84 | ||||
| -rw-r--r-- | lib/oxidized/hook/noophook.rb | 9 | ||||
| -rw-r--r-- | lib/oxidized/input/ftp.rb | 54 | ||||
| -rw-r--r-- | lib/oxidized/input/ssh.rb | 3 | ||||
| -rw-r--r-- | lib/oxidized/input/telnet.rb | 7 | ||||
| -rw-r--r-- | lib/oxidized/manager.rb | 11 | ||||
| -rw-r--r-- | lib/oxidized/model/aosw.rb | 13 | ||||
| -rw-r--r-- | lib/oxidized/model/edgeos.rb | 27 | ||||
| -rw-r--r-- | lib/oxidized/model/ironware.rb | 7 | ||||
| -rw-r--r-- | lib/oxidized/model/masteros.rb | 46 | ||||
| -rw-r--r-- | lib/oxidized/model/routeros.rb | 8 | ||||
| -rw-r--r-- | lib/oxidized/model/xos.rb | 2 | ||||
| -rw-r--r-- | lib/oxidized/model/zynos.rb | 12 | ||||
| -rw-r--r-- | lib/oxidized/node.rb | 3 | ||||
| -rw-r--r-- | lib/oxidized/nodes.rb | 31 | ||||
| -rw-r--r-- | lib/oxidized/output/git.rb | 88 | ||||
| -rw-r--r-- | lib/oxidized/worker.rb | 6 | ||||
| -rw-r--r-- | oxidized.gemspec | 7 |
27 files changed, 743 insertions, 41 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 296c67d..1066372 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 0.8.0 +- FEATURE: hooks (by @aakso) +- FEATURE: MRV MasterOS support (by @kwibbly) +- FEATURE: EdgeOS support (by @laf) +- FEATURE: FTP input and Zyxel ZynOS support (by @ytti) +- FEATURE: version and diffs API For oxidized-web (by @FlorianDoublet) +- BUGFIX: aosw, ironware, routeros, xos models +- BUGFIX: crash with 0 nodes +- BUGFIX: ssh auth fail without keyboard-interactive +- Full changelog https://github.com/ytti/oxidized/compare/0.7.1...HEAD + # 0.7.0 - FEATURE: support http source (by @laf) - FEATURE: support Palo Alto PANOS (by @rixxxx) diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b2aecfb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM debian:latest +MAINTAINER Samer Abdel-Hafez <sam@arahant.net> + +RUN apt-get update && \ + apt-get install -y ruby ruby-dev libsqlite3-dev libssl-dev pkg-config make cmake + +RUN gem install oxidized oxidized-web --no-ri --no-rdoc + +RUN apt-get remove -y ruby-dev pkg-config make cmake + +RUN apt-get -y autoremove
\ No newline at end of file @@ -12,6 +12,7 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * restful API to reload list of nodes (GET /reload) * restful API to fetch configurations (/node/fetch/[NODE] or /node/fetch/group/[NODE]) * restful API to show list of nodes (GET /nodes) +* restful API to show list of version for a node (/node/version[NODE]) and diffs [Youtube Video: Oxidized TREX 2014 presentation](http://youtu.be/kBQ_CTUuqeU#t=3h) @@ -22,7 +23,8 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * [CentOS, Oracle Linux, Red Hat Linux version 6](#centos-oracle-linux-red-hat-linux-version 6) 3. [Initial Configuration](#configuration) 4. [Installing Ruby 2.1.2 using RVM](#installing-ruby-2.1.2-using-rvm) -5. [Cookbook](#cookbook) +5. [Running with Docker](#running-with-docker) +6. [Cookbook](#cookbook) * [Debugging](#debugging) * [Privileged mode](#privileged-mode) * [Source: CSV](#source-csv) @@ -30,8 +32,9 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * [Source: HTTP](#source-http) * [Output: GIT](#output-git) * [Output: File](#output-file) + * [Output types](#output-types) * [Advanced Configuration](#advanced-configuration) -6. [Ruby API](#ruby-api) +7. [Ruby API](#ruby-api) * [Input](#input) * [Output](#output) * [Source](#source) @@ -67,8 +70,10 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * Juniper JunOS * Juniper ScreenOS (Netscreen) * Mikrotik RouterOS + * MRV Master-OS * Ubiquiti AirOS * Palo Alto PAN-OS + * Zyxel ZyNOS # Installation @@ -159,6 +164,43 @@ rvm install 2.1.2 rvm use --default 2.1.2 ``` +# Running with Docker +1. clone git repo: + +``` + root@bla:~# git clone https://github.com/ytti/oxidized +``` +2. build container locally: +``` + root@bla:~# docker build -q -t oxidized/oxidized:latest oxidized/ +``` +3. create config directory in main system: +``` + root@bla~:# mkdir /etc/oxidized +``` +4. run container the first time: +``` + root@bla:~# docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest oxidized +``` +5. add 'router.db' to /etc/oxidized: +``` + root@bla:~# vim /etc/oxidized/router.db + [ ... ] + root@bla:~# +``` +6. run container again: +``` + root@bla:~# docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest oxidized + oxidized[1]: Oxidized starting, running as pid 1 + oxidized[1]: Loaded 1 nodes + Puma 2.13.4 starting... + * Min threads: 0, max threads: 16 + * Environment: development + * Listening on tcp://0.0.0.0:8888 + ^C + + root@bla:~# +``` ## Cookbook ### Debugging @@ -169,7 +211,7 @@ The following example will log an active ssh session to ```/home/fisakytt/.confi ``` input: default: ssh, telnet - debug: ~/.config/oxidized/log_input + debug: /tmp/oxidized_log_input ssh: secure: false ``` @@ -265,6 +307,52 @@ output: repo: "/var/lib/oxidized/devices.git" ``` +### Output types + +If you prefer to have different outputs in different files and/or directories, you can easily do this by modifying the corresponding model. To change the behaviour for IOS, you would edit `lib/oxidized/model/ios.rb`. + +For example, let's say you want to split out `show version` and `show inventory` into separate files in a directory called `nodiff` which your tools will not send automated diffstats for. You can apply a patch along the lines of + +``` +- cmd 'show version' do |cfg| +- comment cfg.lines.first ++ cmd 'show version' do |state| ++ state.type = 'nodiff' ++ state + +- cmd 'show inventory' do |cfg| +- comment cfg ++ cmd 'show inventory' do |state| ++ state.type = 'nodiff' ++ state ++ end + +- cmd 'show running-config' do |cfg| +- cfg = cfg.each_line.to_a[3..-1].join +- cfg.gsub! /^Current configuration : [^\n]*\n/, '' +- cfg.sub! /^(ntp clock-period).*/, '! \1' +- cfg.gsub! /^\ tunnel\ mpls\ traffic-eng\ bandwidth[^\n]*\n*( ++ cmd 'show running-config' do |state| ++ state = state.each_line.to_a[3..-1].join ++ state.gsub! /^Current configuration : [^\n]*\n/, '' ++ state.sub! /^(ntp clock-period).*/, '! \1' ++ state.gsub! /^\ tunnel\ mpls\ traffic-eng\ bandwidth[^\n]*\n*( + (?:\ [^\n]*\n*)* + tunnel\ mpls\ traffic-eng\ auto-bw)/mx, '\1' +- cfg ++ state = Oxidized::String.new state ++ state.type = 'nodiff' ++ state +``` + +which will result in the following layout + +``` +diff/$FQDN--show_running_config +nodiff/$FQDN--show_version +nodiff/$FQDN--show_inventory +``` + ### Advanced Configuration Below is an advanced example configuration. You will be able to (optinally) override options per device. The router.db format used is ```hostname:model:username:password:enable_password```. Hostname and model will be the only required options, all others override the global configuration sections. @@ -313,6 +401,57 @@ model_map: juniper: junos ``` +# Hooks +You can define arbitrary number of hooks that subscribe different events. The hook system is modular and different kind of hook types can be enabled. + +## Configuration +Following configuration keys need to be defined for all hooks: + + * `events`: which events to subscribe. Needs to be an array. See below for the list of available events. + * `type`: what hook class to use. See below for the list of available hook types. + +### Events + * `node_success`: triggered when configuration is succesfully pulled from a node and right before storing the configuration. + * `node_fail`: triggered after `retries` amount of failed node pulls. + * `post_store`: triggered after node configuration is stored. + +## Hook type: exec +The `exec` hook type allows users to run an arbitrary shell command or a binary when triggered. + +The command is executed on a separate child process either in synchronous or asynchronous fashion. Non-zero exit values cause errors to be logged. STDOUT and STDERR are currently not collected. + +Command is executed with the following environment: +``` +OX_EVENT +OX_NODE_NAME +OX_NODE_FROM +OX_NODE_MSG +OX_NODE_GROUP +OX_JOB_STATUS +OX_JOB_TIME +``` + +Exec hook recognizes following configuration keys: + + * `timeout`: hard timeout for the command execution. SIGTERM will be sent to the child process after the timeout has elapsed. Default: 60 + * `async`: influences whether main thread will wait for the command execution. Set this true for long running commands so node pull is not blocked. Default: false + * `cmd`: command to run. + + +## Hook configuration example +``` +hooks: + name_for_example_hook1: + type: exec + events: [node_success] + cmd: 'echo "Node success $OX_NODE_NAME" >> /tmp/ox_node_success.log' + name_for_example_hook2: + type: exec + events: [post_store, node_fail] + cmd: 'echo "Doing long running stuff for $OX_NODE_NAME" >> /tmp/ox_node_stuff.log; sleep 60' + async: true + timeout: 120 +``` # Ruby API @@ -345,3 +484,22 @@ The following objects exist in Oxidized. * cfg is executed in input/output/source context * cmd is executed in instance of model * 'junos', 'ios', 'ironware' and 'powerconnect' implemented + + +# License and Copyright + +Copyright 2013-2015 Saku Ytti <saku@ytti.fi> + 2013-2015 Samer Abdel-Hafez <sam@arahant.net> + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/extra/nagios_check_failing_nodes.rb b/extra/nagios_check_failing_nodes.rb index 1c81f66..27a5c66 100644 --- a/extra/nagios_check_failing_nodes.rb +++ b/extra/nagios_check_failing_nodes.rb @@ -6,20 +6,30 @@ require 'open-uri' require 'json' critical = false +pending = false critical_nodes = [] +pending_nodes = [] json = JSON.load(open("http://localhost:8888/nodes.json")) json.each do |node| - if node['last']['status'] != 'success' - critical_nodes << node['name'] - critical = true + if not node['last'].nil? + if node['last']['status'] != 'success' + critical_nodes << node['name'] + critical = true + end + else + pending_nodes << node['name'] + pending = true end end -if critical - puts 'Unable to backup: ' + critical_nodes.join(' ') +if pending + puts '[WARN] Pending backup: ' + pending_nodes.join(',') + exit 1 +elsif critical + puts '[CRIT] Unable to backup: ' + critical_nodes.join(',') exit 2 else - puts 'Backup of all nodes completed successfully.' + puts '[OK] Backup of all nodes completed successfully.' exit 0 end diff --git a/extra/oxidized.service b/extra/oxidized.service new file mode 100644 index 0000000..65063b7 --- /dev/null +++ b/extra/oxidized.service @@ -0,0 +1,12 @@ +#For debian 8 put it in /lib/systemd/system/ +#and call it with systemctl start oxidized.service + +[Unit] +Description=Oxidized - Network Device Configuration Backup Tool + +[Service] +ExecStart=/usr/local/bin/oxidized +User=root + +[Install] +WantedBy=multi-user.target diff --git a/extra/syslog.rb b/extra/syslog.rb index 20e439e..e364cf9 100644 --- a/extra/syslog.rb +++ b/extra/syslog.rb @@ -8,10 +8,18 @@ # set system syslog host SERVER interactive-commands notice # set system syslog host SERVER match "^mgd\[[0-9]+\]: UI_COMMIT: .*" -# Ports < 1024 need extra privileges, use a port higher than this by passing the first argument a number -# To use the default port for syslog (514) you shouldnt pass an argument, but you will need to allow this with: +# Ports < 1024 need extra privileges, use a port higher than this by setting the port option in your oxidized config file. +# To use the default port for syslog (514) you shouldn't pass an argument, but you will need to allow this with: # sudo setcap 'cap_net_bind_service=+ep' /usr/bin/ruby +# Config options are: +# syslogd +# port (Default = 514) +# file (Default = messages) +# resolve (Default = true) + +# To stop the resolution of IP's to PTR you can set resolve to false + # exit if fork ## TODO: proper daemonize require 'socket' @@ -19,13 +27,30 @@ require 'resolv' require_relative 'rest_client' module Oxidized + + require 'asetus' + class Config + Root = File.join ENV['HOME'], '.config', 'oxidized' + end + + CFGS = Asetus.new :name=>'oxidized', :load=>false, :key_to_s=>true + CFGS.default.syslogd.port = 514 + CFGS.default.syslogd.file = 'messages' + CFGS.default.syslogd.resolve = true + + begin + CFGS.load + rescue => error + raise InvalidConfig, "Error loading config: #{error.message}" + ensure + CFG = CFGS.cfg # convenienence, instead of Config.cfg.password, CFG.password + end + class SyslogMonitor NAME_MAP = { /(.*)\.ip\.tdc\.net/ => '\1', /(.*)\.ip\.fi/ => '\1', } - PORT = 514 - FILE = 'messages' MSG = { :ios => /%SYS-(SW[0-9]+-)?5-CONFIG_I:/, :junos => 'UI_COMMIT:', @@ -34,13 +59,12 @@ module Oxidized } class << self - def udp port=PORT, listen=0 - port ||= PORT + def udp port=Oxidized::CFG.syslogd.port, listen=0 io = UDPSocket.new io.bind listen, port new io, :udp end - def file syslog_file=FILE + def file syslog_file=Oxidized::CFG.syslogd.file io = open syslog_file, 'r' io.seek 0, IO::SEEK_END new io, :file @@ -104,12 +128,16 @@ module Oxidized end def getname ip - name = (Resolv.getname ip.to_s rescue ip) - NAME_MAP.each { |re, sub| name.sub! re, sub } - name + if Oxidized::CFG.syslogd.resolve == false + ip + else + name = (Resolv.getname ip.to_s rescue ip) + NAME_MAP.each { |re, sub| name.sub! re, sub } + name + end end end end -Oxidized::SyslogMonitor.udp ARGV[0] +Oxidized::SyslogMonitor.udp #Oxidized::SyslogMonitor.file '/var/log/poop' diff --git a/lib/oxidized/config.rb b/lib/oxidized/config.rb index 96c8fbf..f45004a 100644 --- a/lib/oxidized/config.rb +++ b/lib/oxidized/config.rb @@ -9,10 +9,11 @@ module Oxidized OutputDir = File.join Directory, %w(lib oxidized output) ModelDir = File.join Directory, %w(lib oxidized model) SourceDir = File.join Directory, %w(lib oxidized source) + HookDir = File.join Directory, %w(lib oxidized hook) Sleep = 1 end class << self - attr_accessor :mgr + attr_accessor :mgr, :Hooks end CFGS = Asetus.new :name=>'oxidized', :load=>false, :key_to_s=>true CFGS.default.username = 'username' diff --git a/lib/oxidized/core.rb b/lib/oxidized/core.rb index 71267dd..6e7a352 100644 --- a/lib/oxidized/core.rb +++ b/lib/oxidized/core.rb @@ -6,6 +6,7 @@ module Oxidized require 'oxidized/worker' require 'oxidized/nodes' require 'oxidized/manager' + require 'oxidized/hook' class << self def new *args Core.new args @@ -13,9 +14,13 @@ module Oxidized end class Core + class NoNodesFound < OxidizedError; end + def initialize args Oxidized.mgr = Manager.new + Oxidized.Hooks = HookManager.from_config CFG nodes = Nodes.new + raise NoNodesFound, 'source returns no usable nodes' if nodes.size == 0 @worker = Worker.new nodes trap('HUP') { nodes.load } if CFG.rest? diff --git a/lib/oxidized/hook.rb b/lib/oxidized/hook.rb new file mode 100644 index 0000000..2763c4f --- /dev/null +++ b/lib/oxidized/hook.rb @@ -0,0 +1,88 @@ +module Oxidized +class HookManager + class << self + def from_config cfg + mgr = new + cfg.hooks.each do |name,h_cfg| + h_cfg.events.each do |event| + mgr.register event.to_sym, name, h_cfg.type, h_cfg + end + end + mgr + end + end + + # HookContext is passed to each hook. It can contain anything related to the + # event in question. At least it contains the event name + class HookContext < OpenStruct; end + + # RegisteredHook is a container for a Hook instance + class RegisteredHook < Struct.new(:name, :hook); end + + Events = [ + :node_success, + :node_fail, + :post_store, + ] + attr_reader :registered_hooks + + def initialize + @registered_hooks = Hash.new {|h,k| h[k] = []} + end + + def register event, name, hook_type, cfg + unless Events.include? event + raise ArgumentError, + "unknown event #{event}, available: #{Events.join ','}" + end + + Oxidized.mgr.add_hook hook_type + begin + hook = Oxidized.mgr.hook.fetch(hook_type).new + rescue KeyError + raise KeyError, "cannot find hook #{hook_type.inspect}" + end + + hook.cfg = cfg + + @registered_hooks[event] << RegisteredHook.new(name, hook) + Log.debug "Hook #{name.inspect} registered #{hook.class} for event #{event.inspect}" + end + + def handle event, **ctx_params + ctx = HookContext.new ctx_params + ctx.event = event + + @registered_hooks[event].each do |r_hook| + begin + r_hook.hook.run_hook ctx + rescue => e + Log.error "Hook #{r_hook.name} (#{r_hook.hook}) failed " + + "(#{e.inspect}) for event #{event.inspect}" + end + end + end +end + +# Hook abstract base class +class Hook + attr_accessor :cfg + + def initialize + end + + def cfg=(cfg) + @cfg = cfg + validate_cfg! if self.respond_to? :validate_cfg! + end + + def run_hook ctx + raise NotImplementedError + end + + def log(msg, level=:info) + Log.send(level, "#{self.class.name}: #{msg}") + end + +end +end diff --git a/lib/oxidized/hook/exec.rb b/lib/oxidized/hook/exec.rb new file mode 100644 index 0000000..eb71466 --- /dev/null +++ b/lib/oxidized/hook/exec.rb @@ -0,0 +1,84 @@ +class Exec < Oxidized::Hook + include Process + + def initialize + super + @timeout = 60 + @async = false + end + + def validate_cfg! + # Syntax check + if cfg.has_key? "timeout" + @timeout = cfg.timeout + raise "invalid timeout value" unless @timeout.is_a?(Integer) && + @timeout > 0 + end + + if cfg.has_key? "async" + @async = !!cfg.async + end + + if cfg.has_key? "cmd" + @cmd = cfg.cmd + raise "invalid cmd value" unless @cmd.is_a?(String) || @cmd.is_a?(Array) + end + + rescue RuntimeError => e + raise ArgumentError, + "#{self.class.name}: configuration invalid: #{e.message}" + end + + def run_hook ctx + env = make_env ctx + log "Execute: #{@cmd.inspect}", :debug + th = Thread.new do + begin + run_cmd! env + rescue => e + raise e unless @async + end + end + th.join unless @async + end + + def run_cmd! env + pid, status = nil, nil + Timeout.timeout(@timeout) do + pid = spawn env, @cmd , :unsetenv_others => true + pid, status = wait2 pid + unless status.exitstatus.zero? + msg = "#{@cmd.inspect} failed with exit value #{status.exitstatus}" + log msg, :error + raise msg + end + end + rescue TimeoutError + kill "TERM", pid + msg = "#{@cmd} timed out" + log msg, :error + raise TimeoutError, msg + end + + def make_env ctx + env = { + "OX_EVENT" => ctx.event.to_s + } + if ctx.node + env.merge!( + "OX_NODE_NAME" => ctx.node.name.to_s, + "OX_NODE_FROM" => ctx.node.from.to_s, + "OX_NODE_MSG" => ctx.node.msg.to_s, + "OX_NODE_GROUP" => ctx.node.group.to_s, + "OX_EVENT" => ctx.event.to_s, + ) + end + if ctx.job + env.merge!( + "OX_JOB_STATUS" => ctx.job.status.to_s, + "OX_JOB_TIME" => ctx.job.time.to_s, + ) + end + env + end +end diff --git a/lib/oxidized/hook/noophook.rb b/lib/oxidized/hook/noophook.rb new file mode 100644 index 0000000..d4673ba --- /dev/null +++ b/lib/oxidized/hook/noophook.rb @@ -0,0 +1,9 @@ +class NoopHook < Oxidized::Hook + def validate_cfg! + log "Validate config" + end + + def run_hook ctx + log "Run hook with context: #{ctx}" + end +end diff --git a/lib/oxidized/input/ftp.rb b/lib/oxidized/input/ftp.rb new file mode 100644 index 0000000..ccbf5ef --- /dev/null +++ b/lib/oxidized/input/ftp.rb @@ -0,0 +1,54 @@ +module Oxidized + require 'net/ftp' + require 'timeout' + require_relative 'cli' + + class FTP < Input + RescueFail = { + :debug => [ + #Net::SSH::Disconnect, + ], + :warn => [ + #RuntimeError, + #Net::SSH::AuthenticationFailed, + ], + } + include Input::CLI + + def connect node + @node = node + @node.model.cfg['ftp'].each { |cb| instance_exec(&cb) } + @log = File.open(CFG.input.debug?.to_s + '-ftp', 'w') if CFG.input.debug? + @ftp = Net::FTP.new @node.ip, @node.auth[:username], @node.auth[:password] + connected? + end + + def connected? + @ftp and not @ftp.closed? + end + + def cmd file + Log.debug "FTP: #{file} @ #{@node.name}" + @ftp.getbinaryfile file, nil + end + + # meh not sure if this is the best way, but perhaps better than not implementing send + def send my_proc + my_proc.call + end + + def output + "" + end + + private + + def disconnect + @ftp.close + #rescue Errno::ECONNRESET, IOError + ensure + @log.close if CFG.input.debug? + end + + end +end diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index b1f109b..d6b4e1f 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -21,7 +21,8 @@ module Oxidized @node.model.cfg['ssh'].each { |cb| instance_exec(&cb) } secure = CFG.input.ssh.secure @log = File.open(CFG.input.debug?.to_s + '-ssh', 'w') if CFG.input.debug? - @ssh = Net::SSH.start @node.ip, @node.auth[:username], + port = vars(:ssh_port) || 22 + @ssh = Net::SSH.start @node.ip, @node.auth[:username], :port => port.to_i, :password => @node.auth[:password], :timeout => CFG.timeout, :paranoid => secure, :auth_methods => %w(none publickey password keyboard-interactive), diff --git a/lib/oxidized/input/telnet.rb b/lib/oxidized/input/telnet.rb index 13fccf7..d305fcd 100644 --- a/lib/oxidized/input/telnet.rb +++ b/lib/oxidized/input/telnet.rb @@ -10,9 +10,12 @@ module Oxidized @node = node @timeout = CFG.timeout @node.model.cfg['telnet'].each { |cb| instance_exec(&cb) } + port = vars(:telnet_port) || 23 - opt = { 'Host' => @node.ip, 'Timeout' => @timeout, - 'Model' => @node.model } + opt = { 'Host' => @node.ip, + 'Port' => port.to_i, + 'Timeout' => @timeout, + 'Model' => @node.model } opt['Output_log'] = CFG.input.debug?.to_s + '-telnet' if CFG.input.debug? @telnet = Net::Telnet.new opt diff --git a/lib/oxidized/manager.rb b/lib/oxidized/manager.rb index b4eaecd..bf28ae7 100644 --- a/lib/oxidized/manager.rb +++ b/lib/oxidized/manager.rb @@ -23,12 +23,13 @@ module Oxidized end end end - attr_reader :input, :output, :model, :source + attr_reader :input, :output, :model, :source, :hook def initialize @input = {} @output = {} @model = {} @source = {} + @hook = {} end def add_input method method = Manager.load Config::InputDir, method @@ -53,5 +54,13 @@ module Oxidized return false if _source.empty? @source.merge! _source end + def add_hook _hook + return nil if @hook.key? _hook + name = _hook + _hook = Manager.load File.join(Config::Root, 'hook'), name + _hook = Manager.load Config::HookDir, name if _hook.empty? + return false if _hook.empty? + @hook.merge! _hook + end end end diff --git a/lib/oxidized/model/aosw.rb b/lib/oxidized/model/aosw.rb index 203c5e0..43e1cff 100644 --- a/lib/oxidized/model/aosw.rb +++ b/lib/oxidized/model/aosw.rb @@ -5,7 +5,7 @@ class AOSW < Oxidized::Model # Also Dell controllers comment '# ' - prompt /^\([^)]+\) #/ + prompt /^\([^)]+\) [#>]/ cmd :all do |cfg| cfg.each_line.to_a[1..-2].join @@ -36,7 +36,16 @@ class AOSW < Oxidized::Model end cfg :telnet, :ssh do + if vars :enable + post_login do + send 'enable\n' + send vars(:enable) + '\n' + end + end post_login 'no paging' + if vars :enable + pre_logout 'exit' + end pre_logout 'exit' end @@ -50,7 +59,7 @@ class AOSW < Oxidized::Model next if line.match /[0-9]+ (RPM|mV|C)$/ out << line.strip end - out = out.join "\n" + out = comment out.join "\n" out << "\n" end diff --git a/lib/oxidized/model/edgeos.rb b/lib/oxidized/model/edgeos.rb new file mode 100644 index 0000000..2a8d663 --- /dev/null +++ b/lib/oxidized/model/edgeos.rb @@ -0,0 +1,27 @@ +class Edgeos < Oxidized::Model + + # EdgeOS # + + prompt /\@.*?\:~\$\s/ + + cmd :all do |cfg| + cfg = cfg.lines.to_a[1..-2].join + end + + cmd :secret do |cfg| + cfg.gsub! /community (\S+) {/, 'community <hidden> {' + cfg + end + + cmd 'show configuration | no-more' + + cfg :telnet do + username /login:\s/ + password /^Password:\s/ + end + + cfg :telnet, :ssh do + pre_logout 'exit' + end + +end diff --git a/lib/oxidized/model/ironware.rb b/lib/oxidized/model/ironware.rb index 1ec8b80..805e07b 100644 --- a/lib/oxidized/model/ironware.rb +++ b/lib/oxidized/model/ironware.rb @@ -1,6 +1,6 @@ class IronWare < Oxidized::Model - prompt /^.+[>#]\s?$/ + prompt /^.*(telnet|ssh)\@.+[>#]\s?$/i comment '! ' #to handle pager without enable @@ -26,13 +26,13 @@ class IronWare < Oxidized::Model cmd 'show version' do |cfg| cfg.gsub! /(^((.*)[Ss]ystem uptime(.*))$)/, '' #remove unwanted line system uptime - cfg.gsub! /uptime is .*/,'' + cfg.gsub! /[Uu]p\s?[Tt]ime is .*/,'' comment cfg end cmd 'show chassis' do |cfg| - cfg.gsub! "\xFF", '' # ugly hack - avoids JSON.dump utf-8 breakage on 1.9.. + cfg.encode!("UTF-8", :invalid => :replace) #sometimes ironware returns broken encoding cfg.gsub! /(^((.*)Current temp(.*))$)/, '' #remove unwanted lines current temperature cfg.gsub! /Speed = [A-Z]{3} \(\d{2}\%\)/, '' #remove unwanted lines Speed Fans cfg.gsub! /current speed is [A-Z]{3} \(\d{2}\%\)/, '' @@ -71,6 +71,7 @@ class IronWare < Oxidized::Model send vars(:enable) + "\n" end end + post_login '' post_login 'skip-page-display' post_login 'terminal length 0' pre_logout 'logout' diff --git a/lib/oxidized/model/masteros.rb b/lib/oxidized/model/masteros.rb new file mode 100644 index 0000000..3f5a2fc --- /dev/null +++ b/lib/oxidized/model/masteros.rb @@ -0,0 +1,46 @@ +class MasterOS < Oxidized::Model + + # MRV MasterOS model # + +comment '!' + + cmd :secret do |cfg| + cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>' + cfg.gsub! /username (\S+) password encrypted (\S+) class (\S+).*/, '<secret hidden>' + cfg + end + + cmd :all do |cfg| + cfg.each_line.to_a[1..-2].join + end + + cmd 'show inventory' do |cfg| + cfg = cfg.each_line.to_a[0..-2].join + comment cfg + end + + cmd 'show plugins' do |cfg| + comment cfg + end + + cmd 'show hw-config' do |cfg| + comment cfg + end + + cmd 'show running-config' do |cfg| + cfg = cfg.each_line.to_a[3..-1].join + cfg + end + + cfg :telnet, :ssh do + post_login 'no pager' + if vars :enable + post_login do + send "enable\n" + send vars(:enable) + "\n" + end + end + pre_logout 'exit' + end + +end
\ No newline at end of file diff --git a/lib/oxidized/model/routeros.rb b/lib/oxidized/model/routeros.rb index bd588b7..4822500 100644 --- a/lib/oxidized/model/routeros.rb +++ b/lib/oxidized/model/routeros.rb @@ -1,5 +1,5 @@ class RouterOS < Oxidized::Model - prompt /^\[\w+@\S+\]\s?>\s?$/ + prompt /\[\w+@\S+\]\s?>\s?$/ comment "# " cmd '/system routerboard print' do |cfg| @@ -7,10 +7,16 @@ class RouterOS < Oxidized::Model end cmd '/export' do |cfg| + cfg.gsub! /\x1B\[([0-9]{1,3}((;[0-9]{1,3})*)?)?[m|K]/, '' # strip ANSI colours cfg = cfg.split("\n").select { |line| not line[/^\#\s\w{3}\/\d{2}\/\d{4}.*$/] } cfg.join("\n") + "\n" end + cfg :telnet do + username /^Login:/ + password /^Password:/ + end + cfg :ssh do exec true end diff --git a/lib/oxidized/model/xos.rb b/lib/oxidized/model/xos.rb index 88c81ed..309340f 100644 --- a/lib/oxidized/model/xos.rb +++ b/lib/oxidized/model/xos.rb @@ -6,7 +6,7 @@ class XOS < Oxidized::Model comment '# ' cmd :all do |cfg| - cfg.each_line.to_a[1..-2].join.rstrip + cfg.each_line.to_a[1..-2].join end cmd 'show version' do |cfg| diff --git a/lib/oxidized/model/zynos.rb b/lib/oxidized/model/zynos.rb new file mode 100644 index 0000000..89be8af --- /dev/null +++ b/lib/oxidized/model/zynos.rb @@ -0,0 +1,12 @@ +class ZyNOS < Oxidized::Model + + # Used in Zyxel DSLAMs, such as SAM1316 + + comment '! ' + + cmd 'config-0' + + cfg :ftp do + end + +end diff --git a/lib/oxidized/node.rb b/lib/oxidized/node.rb index 253de53..d50317f 100644 --- a/lib/oxidized/node.rb +++ b/lib/oxidized/node.rb @@ -29,6 +29,9 @@ module Oxidized def run status, config = :fail, nil @input.each do |input| + # don't try input if model is missing config block, we may need strong config to class_name map + cfg_name = input.to_s.split('::').last.downcase + next unless @model.cfg[cfg_name] and not @model.cfg[cfg_name].empty? @model.input = input = input.new if config=run_input(input) status = :success diff --git a/lib/oxidized/nodes.rb b/lib/oxidized/nodes.rb index cb2fbc5..cb2ce7b 100644 --- a/lib/oxidized/nodes.rb +++ b/lib/oxidized/nodes.rb @@ -111,7 +111,7 @@ module Oxidized end def find_index node - index { |e| e.name == node } + index { |e| e.name == node or e.ip == node} end # @param node node which is removed from nodes list @@ -148,6 +148,35 @@ module Oxidized end end end + + public + + def version node, group + with_lock do + i = find_node_index node + output = self[i].output.new + raise Oxidized::NotSupported unless output.respond_to? :fetch + output.version node, group + end + end + + def get_version node, group, oid + with_lock do + i = find_node_index node + output = self[i].output.new + raise Oxidized::NotSupported unless output.respond_to? :fetch + output.get_version node, group, oid + end + end + + def get_diff node, group, oid1, oid2 + with_lock do + i = find_node_index node + output = self[i].output.new + raise Oxidized::NotSupported unless output.respond_to? :fetch + output.get_diff node, group, oid1, oid2 + end + end end end diff --git a/lib/oxidized/output/git.rb b/lib/oxidized/output/git.rb index 57b6f62..3757cfc 100644 --- a/lib/oxidized/output/git.rb +++ b/lib/oxidized/output/git.rb @@ -19,6 +19,7 @@ class Git < Output CFGS.save :user raise NoConfig, 'no output git config, edit ~/.config/oxidized/config' end + @cfg.repo = File.expand_path @cfg.repo end def store file, outputs, opt={} @@ -50,18 +51,95 @@ class Git < Output def fetch node, group begin repo = @cfg.repo - if group - repo = File.join File.dirname(repo), group + '.git' - end + repo = File.join File.dirname(repo), group + '.git' if group and not @cfg.single_repo? repo = Rugged::Repository.new repo index = repo.index index.read_tree repo.head.target.tree unless repo.empty? - repo.read(index.get(node)[:oid]).data + file = node + file = File.join(group, node) if group and @cfg.single_repo? + repo.read(index.get(file)[:oid]).data rescue 'node not found' end end + #give a hash of all oid revision for the givin node, and the date of the commit + def version node, group + begin + repo = @cfg.repo + if group + repo = File.join File.dirname(repo), group + '.git' + end + repo = Rugged::Repository.new repo + walker = Rugged::Walker.new(repo) + walker.sorting(Rugged::SORT_DATE) + walker.push(repo.head.target) + i = -1 + tab = [] + walker.each do |commit| + if commit.diff(paths: [node]).size > 0 + hash = {} + hash[:date] = commit.time.to_s + hash[:oid] = commit.oid + hash[:author] = commit.author + hash[:message] = commit.message + tab[i += 1] = hash + end + end + walker.reset + tab + rescue + 'node not found' + end + end + + #give the blob of a specific revision + def get_version node, group, oid + begin + repo = @cfg.repo + if group && group != '' + repo = File.join File.dirname(repo), group + '.git' + end + repo = Rugged::Repository.new repo + repo.blob_at(oid,node).content + rescue + 'version not found' + end + end + + #give a hash with the patch of a diff between 2 revision and the stats (added and deleted lines) + def get_diff node, group, oid1, oid2 + begin + repo = @cfg.repo + diff_commits = nil + if group && group != '' + repo = File.join File.dirname(repo), group + '.git' + end + repo = Rugged::Repository.new repo + commit = repo.lookup(oid1) + #if the second revision is precised + if oid2 + commit_old = repo.lookup(oid2) + diff = repo.diff(commit_old, commit) + diff.each do |patch| + if /#{node}\s+/.match(patch.to_s.lines.first) + diff_commits = {:patch => patch.to_s, :stat => patch.stat} + break + end + end + #else gives the diffs between the first oid and his first parrent + else + stat = commit.parents[0].diff(commit).stat + stat = [stat[1],stat[2]] + patch = commit.parents[0].diff(commit).patch + diff_commits = {:patch => patch, :stat => stat} + end + diff_commits + rescue + 'no diffs' + end + end + private def update repo, file, data @@ -104,7 +182,7 @@ class Git < Output :parents => repo.empty? ? [] : [repo.head.target].compact, :update_ref => 'HEAD', ) - + index.write true end diff --git a/lib/oxidized/worker.rb b/lib/oxidized/worker.rb index 6bb2a22..eea747e 100644 --- a/lib/oxidized/worker.rb +++ b/lib/oxidized/worker.rb @@ -34,12 +34,16 @@ module Oxidized @jobs.duration job.time node.running = false if job.status == :success + Oxidized.Hooks.handle :node_success, :node => node, + :job => job msg = "update #{node.name}" msg += " from #{node.from}" if node.from msg += " with message '#{node.msg}'" if node.msg if node.output.new.store node.name, job.config, :msg => msg, :user => node.user, :group => node.group Log.info "Configuration updated for #{node.group}/#{node.name}" + Oxidized.Hooks.handle :post_store, :node => node, + :job => job end node.reset else @@ -51,6 +55,8 @@ module Oxidized else msg += ", retries exhausted, giving up" node.retry = 0 + Oxidized.Hooks.handle :node_fail, :node => node, + :job => job end Log.warn msg end diff --git a/oxidized.gemspec b/oxidized.gemspec index 62c3e73..15e4e41 100644 --- a/oxidized.gemspec +++ b/oxidized.gemspec @@ -1,10 +1,10 @@ Gem::Specification.new do |s| s.name = 'oxidized' - s.version = '0.7.1' + s.version = '0.8.0' s.licenses = %w( Apache-2.0 ) s.platform = Gem::Platform::RUBY - s.authors = [ 'Saku Ytti', 'Samer Abdel-Hafez' ] - s.email = %w( saku@ytti.fi sam@arahant.net ) + s.authors = [ 'Saku Ytti', 'Samer Abdel-Hafez', 'Anton Aksola' ] + s.email = %w( saku@ytti.fi sam@arahant.net aakso@iki.fi) s.homepage = 'http://github.com/ytti/oxidized' s.summary = 'feeble attempt at rancid' s.description = 'software to fetch configuration from network devices and store them' @@ -18,4 +18,5 @@ Gem::Specification.new do |s| s.add_runtime_dependency 'slop', '~> 3.5' s.add_runtime_dependency 'net-ssh', '~> 2.8' s.add_runtime_dependency 'rugged', '~> 0.21', '>= 0.21.4' + s.add_development_dependency 'pry', '~> 0' end |