diff options
| -rw-r--r-- | LICENSE | 201 | ||||
| -rw-r--r-- | docs/Configuration.md | 9 | ||||
| -rw-r--r-- | docs/Model-Notes/EOS.md | 9 | ||||
| -rw-r--r-- | docs/Model-Notes/README.md | 3 | ||||
| -rw-r--r-- | docs/Model-Notes/XGS4600-Zyxel.md | 14 | ||||
| -rw-r--r-- | lib/oxidized/input/ssh.rb | 5 | ||||
| -rw-r--r-- | lib/oxidized/model/xos.rb | 5 | ||||
| -rw-r--r-- | lib/oxidized/model/zynoscli.rb | 36 | ||||
| -rw-r--r-- | lib/oxidized/nodes.rb | 3 | ||||
| -rw-r--r-- | lib/oxidized/source/http.rb | 8 | ||||
| -rw-r--r-- | lib/oxidized/source/sql.rb | 7 | ||||
| -rw-r--r-- | lib/oxidized/worker.rb | 6 | ||||
| -rw-r--r-- | spec/input/ssh_spec.rb | 2 | 
13 files changed, 299 insertions, 9 deletions
| @@ -0,0 +1,201 @@ +                                 Apache License +                           Version 2.0, January 2004 +                        http://www.apache.org/licenses/ + +   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +   1. Definitions. + +      "License" shall mean the terms and conditions for use, reproduction, +      and distribution as defined by Sections 1 through 9 of this document. + +      "Licensor" shall mean the copyright owner or entity authorized by +      the copyright owner that is granting the License. + +      "Legal Entity" shall mean the union of the acting entity and all +      other entities that control, are controlled by, or are under common +      control with that entity. For the purposes of this definition, +      "control" means (i) the power, direct or indirect, to cause the +      direction or management of such entity, whether by contract or +      otherwise, or (ii) ownership of fifty percent (50%) or more of the +      outstanding shares, or (iii) beneficial ownership of such entity. + +      "You" (or "Your") shall mean an individual or Legal Entity +      exercising permissions granted by this License. + +      "Source" form shall mean the preferred form for making modifications, +      including but not limited to software source code, documentation +      source, and configuration files. + +      "Object" form shall mean any form resulting from mechanical +      transformation or translation of a Source form, including but +      not limited to compiled object code, generated documentation, +      and conversions to other media types. + +      "Work" shall mean the work of authorship, whether in Source or +      Object form, made available under the License, as indicated by a +      copyright notice that is included in or attached to the work +      (an example is provided in the Appendix below). + +      "Derivative Works" shall mean any work, whether in Source or Object +      form, that is based on (or derived from) the Work and for which the +      editorial revisions, annotations, elaborations, or other modifications +      represent, as a whole, an original work of authorship. For the purposes +      of this License, Derivative Works shall not include works that remain +      separable from, or merely link (or bind by name) to the interfaces of, +      the Work and Derivative Works thereof. + +      "Contribution" shall mean any work of authorship, including +      the original version of the Work and any modifications or additions +      to that Work or Derivative Works thereof, that is intentionally +      submitted to Licensor for inclusion in the Work by the copyright owner +      or by an individual or Legal Entity authorized to submit on behalf of +      the copyright owner. For the purposes of this definition, "submitted" +      means any form of electronic, verbal, or written communication sent +      to the Licensor or its representatives, including but not limited to +      communication on electronic mailing lists, source code control systems, +      and issue tracking systems that are managed by, or on behalf of, the +      Licensor for the purpose of discussing and improving the Work, but +      excluding communication that is conspicuously marked or otherwise +      designated in writing by the copyright owner as "Not a Contribution." + +      "Contributor" shall mean Licensor and any individual or Legal Entity +      on behalf of whom a Contribution has been received by Licensor and +      subsequently incorporated within the Work. + +   2. Grant of Copyright License. Subject to the terms and conditions of +      this License, each Contributor hereby grants to You a perpetual, +      worldwide, non-exclusive, no-charge, royalty-free, irrevocable +      copyright license to reproduce, prepare Derivative Works of, +      publicly display, publicly perform, sublicense, and distribute the +      Work and such Derivative Works in Source or Object form. + +   3. Grant of Patent License. Subject to the terms and conditions of +      this License, each Contributor hereby grants to You a perpetual, +      worldwide, non-exclusive, no-charge, royalty-free, irrevocable +      (except as stated in this section) patent license to make, have made, +      use, offer to sell, sell, import, and otherwise transfer the Work, +      where such license applies only to those patent claims licensable +      by such Contributor that are necessarily infringed by their +      Contribution(s) alone or by combination of their Contribution(s) +      with the Work to which such Contribution(s) was submitted. If You +      institute patent litigation against any entity (including a +      cross-claim or counterclaim in a lawsuit) alleging that the Work +      or a Contribution incorporated within the Work constitutes direct +      or contributory patent infringement, then any patent licenses +      granted to You under this License for that Work shall terminate +      as of the date such litigation is filed. + +   4. Redistribution. You may reproduce and distribute copies of the +      Work or Derivative Works thereof in any medium, with or without +      modifications, and in Source or Object form, provided that You +      meet the following conditions: + +      (a) You must give any other recipients of the Work or +          Derivative Works a copy of this License; and + +      (b) You must cause any modified files to carry prominent notices +          stating that You changed the files; and + +      (c) You must retain, in the Source form of any Derivative Works +          that You distribute, all copyright, patent, trademark, and +          attribution notices from the Source form of the Work, +          excluding those notices that do not pertain to any part of +          the Derivative Works; and + +      (d) If the Work includes a "NOTICE" text file as part of its +          distribution, then any Derivative Works that You distribute must +          include a readable copy of the attribution notices contained +          within such NOTICE file, excluding those notices that do not +          pertain to any part of the Derivative Works, in at least one +          of the following places: within a NOTICE text file distributed +          as part of the Derivative Works; within the Source form or +          documentation, if provided along with the Derivative Works; or, +          within a display generated by the Derivative Works, if and +          wherever such third-party notices normally appear. The contents +          of the NOTICE file are for informational purposes only and +          do not modify the License. You may add Your own attribution +          notices within Derivative Works that You distribute, alongside +          or as an addendum to the NOTICE text from the Work, provided +          that such additional attribution notices cannot be construed +          as modifying the License. + +      You may add Your own copyright statement to Your modifications and +      may provide additional or different license terms and conditions +      for use, reproduction, or distribution of Your modifications, or +      for any such Derivative Works as a whole, provided Your use, +      reproduction, and distribution of the Work otherwise complies with +      the conditions stated in this License. + +   5. Submission of Contributions. Unless You explicitly state otherwise, +      any Contribution intentionally submitted for inclusion in the Work +      by You to the Licensor shall be under the terms and conditions of +      this License, without any additional terms or conditions. +      Notwithstanding the above, nothing herein shall supersede or modify +      the terms of any separate license agreement you may have executed +      with Licensor regarding such Contributions. + +   6. Trademarks. This License does not grant permission to use the trade +      names, trademarks, service marks, or product names of the Licensor, +      except as required for reasonable and customary use in describing the +      origin of the Work and reproducing the content of the NOTICE file. + +   7. Disclaimer of Warranty. Unless required by applicable law or +      agreed to in writing, Licensor provides the Work (and each +      Contributor provides its Contributions) on an "AS IS" BASIS, +      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +      implied, including, without limitation, any warranties or conditions +      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A +      PARTICULAR PURPOSE. You are solely responsible for determining the +      appropriateness of using or redistributing the Work and assume any +      risks associated with Your exercise of permissions under this License. + +   8. Limitation of Liability. In no event and under no legal theory, +      whether in tort (including negligence), contract, or otherwise, +      unless required by applicable law (such as deliberate and grossly +      negligent acts) or agreed to in writing, shall any Contributor be +      liable to You for damages, including any direct, indirect, special, +      incidental, or consequential damages of any character arising as a +      result of this License or out of the use or inability to use the +      Work (including but not limited to damages for loss of goodwill, +      work stoppage, computer failure or malfunction, or any and all +      other commercial damages or losses), even if such Contributor +      has been advised of the possibility of such damages. + +   9. Accepting Warranty or Additional Liability. While redistributing +      the Work or Derivative Works thereof, You may choose to offer, +      and charge a fee for, acceptance of support, warranty, indemnity, +      or other liability obligations and/or rights consistent with this +      License. However, in accepting such obligations, You may act only +      on Your own behalf and on Your sole responsibility, not on behalf +      of any other Contributor, and only if You agree to indemnify, +      defend, and hold each Contributor harmless for any liability +      incurred by, or claims asserted against, such Contributor by reason +      of your accepting any such warranty or additional liability. + +   END OF TERMS AND CONDITIONS + +   APPENDIX: How to apply the Apache License to your work. + +      To apply the Apache License to your work, attach the following +      boilerplate notice, with the fields enclosed by brackets "[]" +      replaced with your own identifying information. (Don't include +      the brackets!)  The text should be enclosed in the appropriate +      comment syntax for the file format. We also recommend that a +      file or class name and description of purpose be included on the +      same "printed page" as the copyright notice for easier +      identification within third-party archives. + +   Copyright [yyyy] [name of copyright owner] + +   Licensed under the Apache License, Version 2.0 (the "License"); +   you may not use this file except in compliance with the License. +   You may obtain a copy of the License at + +       http://www.apache.org/licenses/LICENSE-2.0 + +   Unless required by applicable law or agreed to in writing, software +   distributed under the License is distributed on an "AS IS" BASIS, +   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +   See the License for the specific language governing permissions and +   limitations under the License. diff --git a/docs/Configuration.md b/docs/Configuration.md index 661e65a..1d16c91 100644 --- a/docs/Configuration.md +++ b/docs/Configuration.md @@ -62,6 +62,15 @@ vars:    ssh_no_exec: true  ``` +## SSH Auth Methods + +By default, Oxidized registers the following auth methods: `none`, `publickey` and `password`. However you can configure this globally, by groups, models or nodes. + +``` +vars: +    auth_methods: none, publickey, password, keyboard-interactive +``` +  ## SSH Proxy Command  Oxidized can `ssh` through a proxy as well. To do so we just need to set `ssh_proxy` variable with the proxy host information. diff --git a/docs/Model-Notes/EOS.md b/docs/Model-Notes/EOS.md new file mode 100644 index 0000000..66287e3 --- /dev/null +++ b/docs/Model-Notes/EOS.md @@ -0,0 +1,9 @@ +Arista EOS Configuration +======================== + +By default EOS requires keyboard-interactive to be added to your Oxidized config. You can avoid having to do this by configuring the following on the EOS device: + +``` +management ssh +   authentication mode password +``` diff --git a/docs/Model-Notes/README.md b/docs/Model-Notes/README.md index fd1298e..993eb77 100644 --- a/docs/Model-Notes/README.md +++ b/docs/Model-Notes/README.md @@ -10,9 +10,10 @@ Vendor          | Model           |Updated  3COM|[Comware](Comware.md)|15 Feb 2018  AireOS|[AireOS](AireOS.md)|29 Nov 2017  Arbor Networks|[ArbOS](ArbOS.md)|27 Feb 2018 +Arista|[EOS](EOS.md)|05 Feb 2018  Huawei|[VRP](VRP-Huawei.md)|17 Nov 2017  Juniper|[MX/QFX/EX/SRX/J Series](JunOS.md)|18 Jan 2018  Netgear|[Netgear](Netgear.md)|11 Apr 2018 -Zyxel|[XGS4600 Series](XGS4600-Zyxel.md)|23 Jan 2018 +Zyxel|[XGS4600 Series](XGS4600-Zyxel.md)|1 Feb 2018  If you discover additional caveats or problems please make sure to consult the [GitHub issues for oxidized](https://github.com/ytti/oxidized/issues) known issues. diff --git a/docs/Model-Notes/XGS4600-Zyxel.md b/docs/Model-Notes/XGS4600-Zyxel.md index 17cb2b5..8b58ed8 100644 --- a/docs/Model-Notes/XGS4600-Zyxel.md +++ b/docs/Model-Notes/XGS4600-Zyxel.md @@ -20,6 +20,20 @@ input:      passive: false  ``` + +## SSH/TelNet + +Below is the table from the XGS4600 CLI Reference Guide (Version 3.79~4.50 Edition 1, 07/2017) +Take this table with a pinch of salt, level 3 will not allow _show running-config_! + +Privilege Level | Types of commands at this privilege level +----------------|------------------------------------------- +0|Display basic system information. +3|Display configuration or status. +13|Configure features except for login accounts, SNMP user accounts, the authentication method sequence and authorization settings, multiple logins, administrator and enable passwords, and configuration information display. +14|Configure login accounts, SNMP user accounts, the authentication method sequence and authorization settings, multiple logins, and administrator and enable passwords, and display configuration information. + +  Oxidized can now retrieve your configuration!  Back to [Model-Notes](README.md) diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index dc1eb27..6e86d13 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -29,11 +29,14 @@ module Oxidized          port:         port.to_i,          paranoid:     secure,          keepalive:    true, -        auth_methods: %w(none publickey password keyboard-interactive),          password:     @node.auth[:password], :timeout => Oxidized.config.timeout,          number_of_password_prompts: 0,        } +      auth_methods = vars(:auth_methods) || %w(none publickey password) +      ssh_opts[:auth_methods] = auth_methods +      Oxidized.logger.info "AUTH METHODS::#{auth_methods}" +        if proxy_host = vars(:ssh_proxy)          proxy_command =  "ssh "          proxy_command += "-o StrictHostKeyChecking=no " unless secure diff --git a/lib/oxidized/model/xos.rb b/lib/oxidized/model/xos.rb index e862596..5ce8017 100644 --- a/lib/oxidized/model/xos.rb +++ b/lib/oxidized/model/xos.rb @@ -26,7 +26,10 @@ class XOS < Oxidized::Model      comment cfg.each_line.reject { |line| line.match /Time:/ or line.match /boot/i }.join    end -  cmd 'show configuration' +  cmd 'show configuration' do |cfg| +    cfg = cfg.each_line.reject { |line| line.match /^#(\s[\w]+\s)(Configuration generated)/ }.join +    cfg +  end    cmd 'show policy detail' do |cfg|      comment cfg diff --git a/lib/oxidized/model/zynoscli.rb b/lib/oxidized/model/zynoscli.rb new file mode 100644 index 0000000..ae64b04 --- /dev/null +++ b/lib/oxidized/model/zynoscli.rb @@ -0,0 +1,36 @@ +class ZyNOSCLI < Oxidized::Model +  # Used in Zyxel DSLAMs, such as SAM1316 + +  # Typical prompt "XGS4600#" +  prompt /^([\w.@()-]+[#>]\s\e7)$/ +  comment  ';; ' + +  cmd :all do |cfg| +    cfg.gsub! /^.*\e7/, '' +  end +  cmd 'show stacking' + +  cmd 'show version' + +  cmd 'show running-config' + +  cfg :telnet do +    username /^User name:/i +    password /^Password:/i +  end + +  cfg :telnet, :ssh do +    if vars :enable +      post_login do +        send "enable\n" +        # Interpret enable: true as meaning we won't be prompted for a password +        unless vars(:enable).is_a? TrueClass +          expect /[pP]assword:\s?$/ +          send vars(:enable) + "\n" +        end +        expect /^.+[#]$/ +      end +    end +    pre_logout 'exit' +  end +end diff --git a/lib/oxidized/nodes.rb b/lib/oxidized/nodes.rb index 84766f0..a159b48 100644 --- a/lib/oxidized/nodes.rb +++ b/lib/oxidized/nodes.rb @@ -12,7 +12,8 @@ module Oxidized          @source = Oxidized.config.source.default          Oxidized.mgr.add_source @source          Oxidized.logger.info "lib/oxidized/nodes.rb: Loading nodes" -        Oxidized.mgr.source[@source].new.load.each do |node| +        nodes = Oxidized.mgr.source[@source].new.load node_want +        nodes.each do |node|            # we want to load specific node(s), not all of them            next unless node_want? node_want, node            begin diff --git a/lib/oxidized/source/http.rb b/lib/oxidized/source/http.rb index 4480cbb..55dcd4c 100644 --- a/lib/oxidized/source/http.rb +++ b/lib/oxidized/source/http.rb @@ -15,7 +15,7 @@ module Oxidized      require "uri"      require "json" -    def load +    def load node_want = nil        nodes = []        uri = URI.parse(@cfg.url)        http = Net::HTTP.new(uri.host, uri.port) @@ -28,7 +28,11 @@ module Oxidized          headers[header] = value        end -      request = Net::HTTP::Get.new(uri.request_uri, headers) +      req_uri = uri.request_uri +      if node_want +        req_uri = "#{req_uri}/#{node_want}" +      end +      request = Net::HTTP::Get.new(req_uri, headers)        if (@cfg.user? && @cfg.pass?)          request.basic_auth(@cfg.user, @cfg.pass)        end diff --git a/lib/oxidized/source/sql.rb b/lib/oxidized/source/sql.rb index 5737c93..c5fe650 100644 --- a/lib/oxidized/source/sql.rb +++ b/lib/oxidized/source/sql.rb @@ -18,11 +18,16 @@ module Oxidized        end      end -    def load +    def load node_want = nil        nodes = []        db = connect        query = db[@cfg.table.to_sym]        query = query.with_sql(@cfg.query) if @cfg.query? + +      if node_want +        query = query.where(@cfg.map.name.to_sym => node_want) +      end +        query.each do |node|          # map node parameters          keys = {} diff --git a/lib/oxidized/worker.rb b/lib/oxidized/worker.rb index 7eaa888..692b060 100644 --- a/lib/oxidized/worker.rb +++ b/lib/oxidized/worker.rb @@ -80,7 +80,11 @@ module Oxidized      private      def is_cycle_finished? -      @jobs_done > 0 && @jobs_done % @nodes.count == 0 +      if @jobs_done > @nodes.count +        true +      else +        @jobs_done > 0 && @jobs_done % @nodes.count == 0 +      end      end      def run_done_hook diff --git a/spec/input/ssh_spec.rb b/spec/input/ssh_spec.rb index 9e08cea..3c33cd8 100644 --- a/spec/input/ssh_spec.rb +++ b/spec/input/ssh_spec.rb @@ -34,7 +34,7 @@ describe Oxidized::SSH do                                                                proxy:     proxy,                                                                password: 'armud',                                                                number_of_password_prompts: 0, -                                                              auth_methods: ['none', 'publickey', 'password', 'keyboard-interactive']) +                                                              auth_methods: %w[none publickey password])        ssh.instance_variable_set("@exec", true)        ssh.connect(@node) | 
