diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 134 |
1 files changed, 100 insertions, 34 deletions
@@ -1,6 +1,4 @@ -# Oxidized [![Build Status](https://travis-ci.org/Shopify/oxidized.svg)](https://travis-ci.org/Shopify/oxidized) - -[![Gem Version](https://badge.fury.io/rb/oxidized.svg)](http://badge.fury.io/rb/oxidized) +# Oxidized [![Build Status](https://travis-ci.org/Shopify/oxidized.svg)](https://travis-ci.org/Shopify/oxidized) [![Gem Version](https://badge.fury.io/rb/oxidized.svg)](http://badge.fury.io/rb/oxidized) [![Join the chat at https://gitter.im/oxidized/Lobby](https://badges.gitter.im/oxidized/Lobby.svg)](https://gitter.im/oxidized/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) Oxidized is a network device configuration backup tool. It's a RANCID replacement! @@ -20,13 +18,14 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen 1. [Supported OS Types](#supported-os-types) 2. [Installation](#installation) * [Debian](#debian) - * [CentOS, Oracle Linux, Red Hat Linux version 6](#centos-oracle-linux-red-hat-linux-version 6) + * [CentOS, Oracle Linux, Red Hat Linux](#centos-oracle-linux-red-hat-linux) 3. [Initial Configuration](#configuration) 4. [Installing Ruby 2.1.2 using RVM](#installing-ruby-2.1.2-using-rvm) 5. [Running with Docker](#running-with-docker) 6. [Cookbook](#cookbook) * [Debugging](#debugging) * [Privileged mode](#privileged-mode) + * [Disabling SSH exec channels](#disabling-ssh-exec-channels) * [Source: CSV](#source-csv) * [Source: SQLite](#source-sqlite) * [Source: HTTP](#source-http) @@ -35,6 +34,7 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * [Output: File](#output-file) * [Output types](#output-types) * [Advanced Configuration](#advanced-configuration) + * [Advanced Group Configuration](#advanced-group-configuration) 7. [Ruby API](#ruby-api) * [Input](#input) * [Output](#output) @@ -49,7 +49,6 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * AOS * AOS7 * ISAM - * TiMOS * Wireless * Arista * EOS @@ -62,6 +61,9 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * Ironware * NOS (Network Operating System) * Vyatta + * 6910 + * Check Point + * GaiaOS * Ciena * SOAS * Cisco @@ -74,6 +76,9 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * SMB (Nikola series) * Citrix * NetScaler (Virtual Applicance) + * Coriant (former Tellabs) + * TMOS (8800) + * 8600 * Cumulus * Linux * DataCom @@ -111,10 +116,15 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * MasterOS * Netonix * WISP Switch (As Netonix) + * Nokia (formerly TiMetra, Alcatel, Alcatel-Lucent) + * SR OS (TiMOS) * Opengear * Opengear * Palo Alto * PANOS + * pfSense + * Quanta + * Quanta / VxWorks 6.6 (1.1.0.8) * Supermicro * Supermicro * Ubiquiti @@ -137,13 +147,19 @@ gem install oxidized gem install oxidized-script oxidized-web # if you don't install oxidized-web, make sure you remove "rest" from your config ``` -## CentOS, Oracle Linux, Red Hat Linux version 6 -Install Ruby 1.9.3 or greater (for Ruby 2.1.2 installation instructions see "Installing Ruby 2.1.2 using RVM"), then install Oxidized dependencies +## CentOS, Oracle Linux, Red Hat Linux +On CentOS 6 / RHEL 6, install Ruby 1.9.3 or greater (for Ruby 2.1.2 installation instructions see "Installing Ruby 2.1.2 using RVM"), then install Oxidized dependencies ```shell yum install cmake sqlite-devel openssl-devel libssh2-devel ``` -Now lets install oxidized via Rubygems: +RHEL 7 / CentOS 7 will work out of the box with the following package list: + +```shell +yum install cmake sqlite-devel openssl-devel libssh2-devel ruby gcc ruby-devel +``` + +Now let's install oxidized via Rubygems: ```shell gem install oxidized gem install oxidized-script oxidized-web @@ -153,6 +169,14 @@ gem install oxidized-script oxidized-web Oxidized configuration is in YAML format. Configuration files are subsequently sourced from ```/etc/oxidized/config``` then ```~/.config/oxidized/config```. The hashes will be merged, this might be useful for storing source information in a system wide file and user specific configuration in the home directory (to only include a staff specific username and password). Eg. if many users are using ```oxs```, see [Oxidized::Script](https://github.com/ytti/oxidized-script). +It is recommended practice to run Oxidized using its own username. This username can be added using standard command-line tools: + +``` +useradd oxidized +``` + +It is recommended not to run Oxidized as root. + To initialize a default configuration in your home directory ```~/.config/oxidized/config```, simply run ```oxidized``` once. If you don't further configure anything from the output and source sections, it'll extend the examples on a subsequent ```oxidized``` execution. This is useful to see what options for a specific source or output backend are available. You can set the env variable `OXIDIZED_HOME` to change its home directory. @@ -231,46 +255,54 @@ rvm use --default 2.1.2 ``` # Running with Docker -1. clone git repo: + +clone git repo: ``` - root@bla:~# git clone https://github.com/ytti/oxidized -``` -2. build container locally: +git clone https://github.com/ytti/oxidized ``` - root@bla:~# docker build -q -t oxidized/oxidized:latest oxidized/ + +build container locally: + ``` -3. create config directory in main system: +docker build -q -t oxidized/oxidized:latest oxidized/ ``` - root@bla~:# mkdir /etc/oxidized + +create config directory in main system: + ``` -4. run container the first time: +mkdir /etc/oxidized ``` - root@bla:~# docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest oxidized + +run container the first time: +_Note: this step in only needed for creating Oxidized's configuration file and can be skipped if you already have it + ``` -5. add 'router.db' to /etc/oxidized: +docker run --rm -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest oxidized ``` - root@bla:~# vim /etc/oxidized/router.db - [ ... ] - root@bla:~# + +create the `/etc/oxidized/router.db` + ``` -6. run container again: +vim /etc/oxidized/router.db ``` - root@bla:~# docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest - oxidized[1]: Oxidized starting, running as pid 1 - oxidized[1]: Loaded 1 nodes - Puma 2.13.4 starting... - * Min threads: 0, max threads: 16 - * Environment: development - * Listening on tcp://0.0.0.0:8888 - ^C - root@bla:~# +run container again: + +``` +docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest +oxidized[1]: Oxidized starting, running as pid 1 +oxidized[1]: Loaded 1 nodes +Puma 2.13.4 starting... +* Min threads: 0, max threads: 16 +* Environment: development +* Listening on tcp://0.0.0.0:8888 ``` If you want to have the config automatically reloaded (e.g. when using a http source that changes) + ``` - root@bla:~# docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -e CONFIG_RELOAD_INTERVAL=3600 -t oxidized/oxidized:latest +docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -e CONFIG_RELOAD_INTERVAL=3600 -t oxidized/oxidized:latest ``` ## Cookbook @@ -320,6 +352,16 @@ The above strips out snmp community strings from your saved configs. **NOTE:** Removing secrets reduces the usefulness as a full configuration backup, but it may make sharing configs easier. +### Disabling SSH exec channels + +Oxidized uses exec channels to make information extraction simpler, but there are some situations where this doesn't work well, e.g. configuring devices. This feature can be turned off by setting the ```ssh_no_exec``` +variable. + +``` +vars: + ssh_no_exec: true +``` + ### Source: CSV One line per device, colon seperated. @@ -387,6 +429,8 @@ source: url: https://url/api scheme: https delimiter: !ruby/regexp /:/ + user: username + pass: password map: name: hostname model: os @@ -477,7 +521,7 @@ output: ### Output types -If you prefer to have different outputs in different files and/or directories, you can easily do this by modifying the corresponding model. To change the behaviour for IOS, you would edit `lib/oxidized/model/ios.rb`. +If you prefer to have different outputs in different files and/or directories, you can easily do this by modifying the corresponding model. To change the behaviour for IOS, you would edit `lib/oxidized/model/ios.rb` (run `gem contents oxidized` to find out the full file path). For example, let's say you want to split out `show version` and `show inventory` into separate files in a directory called `nodiff` which your tools will not send automated diffstats for. You can apply a patch along the lines of @@ -537,7 +581,7 @@ rest: 10.0.0.1:8000/oxidized ### Advanced Configuration -Below is an advanced example configuration. You will be able to (optinally) override options per device. The router.db format used is ```hostname:model:username:password:enable_password```. Hostname and model will be the only required options, all others override the global configuration sections. +Below is an advanced example configuration. You will be able to (optionally) override options per device. The router.db format used is ```hostname:model:username:password:enable_password```. Hostname and model will be the only required options, all others override the global configuration sections. ``` --- @@ -582,6 +626,28 @@ source: model_map: cisco: ios juniper: junos + +``` + +### Advanced Group Configuration + +For group specific credentials + +``` +groups: + mikrotik: + username: admin + password: blank + ubiquiti: + username: ubnt + password: ubnt +``` +and add group mapping +``` +map: + model: 0 + name: 1 + group: 2 ``` # Hooks |