diff options
| -rw-r--r-- | Dockerfile | 2 | ||||
| -rw-r--r-- | LICENSE | 201 | ||||
| -rw-r--r-- | README.md | 1 | ||||
| -rw-r--r-- | docs/Configuration.md | 9 | ||||
| -rw-r--r-- | docs/Hooks.md | 37 | ||||
| -rw-r--r-- | docs/Model-Notes/EOS.md | 9 | ||||
| -rw-r--r-- | docs/Model-Notes/README.md | 3 | ||||
| -rw-r--r-- | docs/Model-Notes/XGS4600-Zyxel.md | 14 | ||||
| -rw-r--r-- | lib/oxidized/hook/ciscosparkdiff.rb | 49 | ||||
| -rw-r--r-- | lib/oxidized/input/ssh.rb | 5 | ||||
| -rw-r--r-- | lib/oxidized/model/xos.rb | 5 | ||||
| -rw-r--r-- | lib/oxidized/model/zynoscli.rb | 36 | ||||
| -rw-r--r-- | lib/oxidized/worker.rb | 6 | ||||
| -rw-r--r-- | spec/input/ssh_spec.rb | 2 |
14 files changed, 373 insertions, 6 deletions
@@ -33,7 +33,7 @@ COPY --from=libssh2-backport \ RUN dpkg -i /tmp/*.deb # dependencies for hooks -RUN gem install aws-sdk slack-api xmpp4r +RUN gem install aws-sdk slack-api xmpp4r cisco_spark # build and install oxidized COPY . /tmp/oxidized/ @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. @@ -57,6 +57,7 @@ Check out the [Oxidized TREX 2014 presentation](http://youtu.be/kBQ_CTUuqeU#t=3h * [Hook: awssns](docs/Hooks.md#hook-type-awssns) * [Hook: slackdiff](docs/Hooks.md#hook-type-slackdiff) * [Hook: xmppdiff](docs/Hooks.md#hook-type-xmppdiff) + * [Hook: ciscosparkdiff](docs/Hooks.md#hook-type-ciscosparkdiff) 5. [Creating and Extending Models](docs/Creating-Models.md) 6. [Help](#help) 7. [Ruby API](docs/Ruby-API.md#ruby-api) diff --git a/docs/Configuration.md b/docs/Configuration.md index 661e65a..1d16c91 100644 --- a/docs/Configuration.md +++ b/docs/Configuration.md @@ -62,6 +62,15 @@ vars: ssh_no_exec: true ``` +## SSH Auth Methods + +By default, Oxidized registers the following auth methods: `none`, `publickey` and `password`. However you can configure this globally, by groups, models or nodes. + +``` +vars: + auth_methods: none, publickey, password, keyboard-interactive +``` + ## SSH Proxy Command Oxidized can `ssh` through a proxy as well. To do so we just need to set `ssh_proxy` variable with the proxy host information. diff --git a/docs/Hooks.md b/docs/Hooks.md index ff430ca..09b6117 100644 --- a/docs/Hooks.md +++ b/docs/Hooks.md @@ -184,6 +184,43 @@ hooks: Note the channel name must be in quotes. +## Hook type: ciscosparkdiff + +The `ciscosparkdiff` hook posts config diffs to a [Cisco Spark](https://www.ciscospark.com/) space of your choice. It only triggers for `post_store` events. + +You will need to manually install the `cisco_spark` gem on your system (see [cisco_spark-ruby](https://github.com/NGMarmaduke/cisco_spark-ruby)) and generate either a [Bot or OAUTH access key](https://developer.ciscospark.com/apps.html), and retrieve the [Spark Space ID](https://developer.ciscospark.com/endpoint-rooms-get.html) + +```shell +gem install cisco_spark +``` + +### ciscosparkdiff hook configuration example + +```yaml +hooks: + ciscospark: + type: ciscosparkdiff + events: [post_store] + accesskey: SPARK_BOT_API_OR_OAUTH_KEY + space: SPARK_SPACE_ID + diff: true +``` + +Optionally you can disable snippets and post a formatted message, for instance linking to a commit in a git repo. Named parameters `%{node}`, `%{group}`, `%{model}` and `%{commitref}` are available. + +```yaml +hooks: + ciscospark: + type: ciscosparkdiff + events: [post_store] + accesskey: SPARK_BOT_API_OR_OAUTH_KEY + space: SPARK_SPACE_ID + diff: false + message: "%{node} %{group} %{model} updated https://git.intranet/network-changes/commit/%{commitref}" +``` + +Note the space and access tokens must be in quotes. + ## Hook type: xmppdiff The `xmppdiff` hook posts config diffs to a [XMPP](https://en.wikipedia.org/wiki/XMPP) chatroom of your choice. It only triggers for `post_store` events. diff --git a/docs/Model-Notes/EOS.md b/docs/Model-Notes/EOS.md new file mode 100644 index 0000000..66287e3 --- /dev/null +++ b/docs/Model-Notes/EOS.md @@ -0,0 +1,9 @@ +Arista EOS Configuration +======================== + +By default EOS requires keyboard-interactive to be added to your Oxidized config. You can avoid having to do this by configuring the following on the EOS device: + +``` +management ssh + authentication mode password +``` diff --git a/docs/Model-Notes/README.md b/docs/Model-Notes/README.md index fd1298e..993eb77 100644 --- a/docs/Model-Notes/README.md +++ b/docs/Model-Notes/README.md @@ -10,9 +10,10 @@ Vendor | Model |Updated 3COM|[Comware](Comware.md)|15 Feb 2018 AireOS|[AireOS](AireOS.md)|29 Nov 2017 Arbor Networks|[ArbOS](ArbOS.md)|27 Feb 2018 +Arista|[EOS](EOS.md)|05 Feb 2018 Huawei|[VRP](VRP-Huawei.md)|17 Nov 2017 Juniper|[MX/QFX/EX/SRX/J Series](JunOS.md)|18 Jan 2018 Netgear|[Netgear](Netgear.md)|11 Apr 2018 -Zyxel|[XGS4600 Series](XGS4600-Zyxel.md)|23 Jan 2018 +Zyxel|[XGS4600 Series](XGS4600-Zyxel.md)|1 Feb 2018 If you discover additional caveats or problems please make sure to consult the [GitHub issues for oxidized](https://github.com/ytti/oxidized/issues) known issues. diff --git a/docs/Model-Notes/XGS4600-Zyxel.md b/docs/Model-Notes/XGS4600-Zyxel.md index 17cb2b5..8b58ed8 100644 --- a/docs/Model-Notes/XGS4600-Zyxel.md +++ b/docs/Model-Notes/XGS4600-Zyxel.md @@ -20,6 +20,20 @@ input: passive: false ``` + +## SSH/TelNet + +Below is the table from the XGS4600 CLI Reference Guide (Version 3.79~4.50 Edition 1, 07/2017) +Take this table with a pinch of salt, level 3 will not allow _show running-config_! + +Privilege Level | Types of commands at this privilege level +----------------|------------------------------------------- +0|Display basic system information. +3|Display configuration or status. +13|Configure features except for login accounts, SNMP user accounts, the authentication method sequence and authorization settings, multiple logins, administrator and enable passwords, and configuration information display. +14|Configure login accounts, SNMP user accounts, the authentication method sequence and authorization settings, multiple logins, and administrator and enable passwords, and display configuration information. + + Oxidized can now retrieve your configuration! Back to [Model-Notes](README.md) diff --git a/lib/oxidized/hook/ciscosparkdiff.rb b/lib/oxidized/hook/ciscosparkdiff.rb new file mode 100644 index 0000000..e45d7c6 --- /dev/null +++ b/lib/oxidized/hook/ciscosparkdiff.rb @@ -0,0 +1,49 @@ +require 'cisco_spark' + +# defaults to posting a diff, if messageformat is supplied them a message will be posted too +# diffenable defaults to true +# Modified from slackdiff + +class CiscoSparkDiff < Oxidized::Hook + def validate_cfg! + raise KeyError, 'hook.accesskey is required' unless cfg.has_key?('accesskey') + raise KeyError, 'hook.space is required' unless cfg.has_key?('space') + end + + def run_hook(ctx) + return unless ctx.node + return unless ctx.event.to_s == "post_store" + log "Connecting to Cisco Spark" + CiscoSpark.configure do |config| + config.api_key = cfg.accesskey + config.proxy = cfg.proxy if cfg.has_key?('proxy') + end + space = cfg.space + client = CiscoSpark::Room.new(id: space) + client.fetch + log "Connected" + diffenable = true + if cfg.has_key?('diff') == true + if cfg.diff == false + diffenable = false + end + end + if diffenable == true + gitoutput = ctx.node.output.new + diff = gitoutput.get_diff ctx.node, ctx.node.group, ctx.commitref, nil + title = ctx.node.name.to_s + log "Posting diff as snippet to #{cfg.space}" + message = CiscoSpark::Message.new(text: 'Device ' + title + ' modified:' + "\n" + diff[:patch].lines.to_a[4..-1].join) + room = CiscoSpark::Room.new(id: space) + room.send_message(message) + end + if cfg.has_key?('message') == true + log cfg.message + msg = cfg.message % { :node => ctx.node.name.to_s, :group => ctx.node.group.to_s, :commitref => ctx.commitref, :model => ctx.node.model.class.name.to_s.downcase } + log msg + log "Posting message to #{cfg.space}" + client.chat_postMessage(channel: cfg.channel, text: msg, as_user: true) + end + log "Finished" + end +end diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index dc1eb27..6e86d13 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -29,11 +29,14 @@ module Oxidized port: port.to_i, paranoid: secure, keepalive: true, - auth_methods: %w(none publickey password keyboard-interactive), password: @node.auth[:password], :timeout => Oxidized.config.timeout, number_of_password_prompts: 0, } + auth_methods = vars(:auth_methods) || %w(none publickey password) + ssh_opts[:auth_methods] = auth_methods + Oxidized.logger.info "AUTH METHODS::#{auth_methods}" + if proxy_host = vars(:ssh_proxy) proxy_command = "ssh " proxy_command += "-o StrictHostKeyChecking=no " unless secure diff --git a/lib/oxidized/model/xos.rb b/lib/oxidized/model/xos.rb index e862596..5ce8017 100644 --- a/lib/oxidized/model/xos.rb +++ b/lib/oxidized/model/xos.rb @@ -26,7 +26,10 @@ class XOS < Oxidized::Model comment cfg.each_line.reject { |line| line.match /Time:/ or line.match /boot/i }.join end - cmd 'show configuration' + cmd 'show configuration' do |cfg| + cfg = cfg.each_line.reject { |line| line.match /^#(\s[\w]+\s)(Configuration generated)/ }.join + cfg + end cmd 'show policy detail' do |cfg| comment cfg diff --git a/lib/oxidized/model/zynoscli.rb b/lib/oxidized/model/zynoscli.rb new file mode 100644 index 0000000..ae64b04 --- /dev/null +++ b/lib/oxidized/model/zynoscli.rb @@ -0,0 +1,36 @@ +class ZyNOSCLI < Oxidized::Model + # Used in Zyxel DSLAMs, such as SAM1316 + + # Typical prompt "XGS4600#" + prompt /^([\w.@()-]+[#>]\s\e7)$/ + comment ';; ' + + cmd :all do |cfg| + cfg.gsub! /^.*\e7/, '' + end + cmd 'show stacking' + + cmd 'show version' + + cmd 'show running-config' + + cfg :telnet do + username /^User name:/i + password /^Password:/i + end + + cfg :telnet, :ssh do + if vars :enable + post_login do + send "enable\n" + # Interpret enable: true as meaning we won't be prompted for a password + unless vars(:enable).is_a? TrueClass + expect /[pP]assword:\s?$/ + send vars(:enable) + "\n" + end + expect /^.+[#]$/ + end + end + pre_logout 'exit' + end +end diff --git a/lib/oxidized/worker.rb b/lib/oxidized/worker.rb index 7eaa888..692b060 100644 --- a/lib/oxidized/worker.rb +++ b/lib/oxidized/worker.rb @@ -80,7 +80,11 @@ module Oxidized private def is_cycle_finished? - @jobs_done > 0 && @jobs_done % @nodes.count == 0 + if @jobs_done > @nodes.count + true + else + @jobs_done > 0 && @jobs_done % @nodes.count == 0 + end end def run_done_hook diff --git a/spec/input/ssh_spec.rb b/spec/input/ssh_spec.rb index 9e08cea..3c33cd8 100644 --- a/spec/input/ssh_spec.rb +++ b/spec/input/ssh_spec.rb @@ -34,7 +34,7 @@ describe Oxidized::SSH do proxy: proxy, password: 'armud', number_of_password_prompts: 0, - auth_methods: ['none', 'publickey', 'password', 'keyboard-interactive']) + auth_methods: %w[none publickey password]) ssh.instance_variable_set("@exec", true) ssh.connect(@node) |