diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 160 |
1 files changed, 158 insertions, 2 deletions
@@ -19,6 +19,7 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen 2. [Installation](#installation) * [Debian](#debian) * [CentOS, Oracle Linux, Red Hat Linux](#centos-oracle-linux-red-hat-linux) + * [BSD](#freebsd) 3. [Initial Configuration](#configuration) 4. [Installing Ruby 2.1.2 using RVM](#installing-ruby-2.1.2-using-rvm) 5. [Running with Docker](#running-with-docker) @@ -32,6 +33,7 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * [Source: Mysql](#source-mysql) * [Source: HTTP](#source-http) * [Output: GIT](#output-git) + * [Output: GIT-Crypt](#output-git-crypt) * [Output: HTTP](#output-http) * [Output: File](#output-file) * [Output types](#output-types) @@ -75,13 +77,14 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * Check Point * [GaiaOS](lib/oxidized/model/gaiaos.rb) * Ciena - * [SOAS](lib/oxidized/model/saos.rb) + * [SAOS](lib/oxidized/model/saos.rb) * Cisco * [AireOS](lib/oxidized/model/aireos.rb) * [ASA](lib/oxidized/model/asa.rb) * [CatOS](lib/oxidized/model/catos.rb) * [IOS](lib/oxidized/model/ios.rb) * [IOSXR](lib/oxidized/model/iosxr.rb) + * [NGA](lib/oxidized/model/cisconga.rb) * [NXOS](lib/oxidized/model/nxos.rb) * [SMB (Nikola series)](lib/oxidized/model/ciscosmb.rb) * Citrix @@ -125,6 +128,7 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * [ScreenOS (Netscreen)](lib/oxidized/model/screenos.rb) * Mellanox * [MLNX-OS](lib/oxidized/model/mlnxos.rb) + * [Voltaire](lib/oxidized/model/voltaire.rb) * Mikrotik * [RouterOS](lib/oxidized/model/routeros.rb) * Motorola @@ -138,6 +142,8 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * [WISP Switch (As Netonix)](lib/oxidized/model/netonix.rb) * Nokia (formerly TiMetra, Alcatel, Alcatel-Lucent) * [SR OS (TiMOS)](lib/oxidized/model/timos.rb) + * OneAccess + * [OneOS](lib/oxidized/model/oneos.rb) * Opengear * [Opengear](lib/oxidized/model/opengear.rb) * Palo Alto @@ -146,10 +152,14 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * [pfSense](lib/oxidized/model/pfsense.rb) * Quanta * [Quanta / VxWorks 6.6 (1.1.0.8)](lib/oxidized/model/quantaos.rb) + * Siklu + * [EtherHaul](lib/oxidized/model/siklu.rb) * Supermicro * [Supermicro](lib/oxidized/model/supermicro.rb) * Trango Systems * [Trango](lib/oxidized/model/trango.rb) + * TPLink + * [TPLink](lib/oxidized/model/tplink.rb) * Ubiquiti * [AirOS](lib/oxidized/model/airos.rb) * [Edgeos](lib/oxidized/model/edgeos.rb) @@ -190,6 +200,19 @@ gem install oxidized gem install oxidized-script oxidized-web ``` +## FreeBSD +Use RVM to install Ruby v2.1.2 + +Install all required packages and gems. + +```shell +pkg install cmake pkgconf +gem install oxidized +gem install oxidized-script oxidized-web +``` + + + ## Build from Git ```shell git clone https://github.com/ytti/oxidized.git @@ -233,7 +256,7 @@ Oxidized supports ```CSV```, ```SQLite``` and ```HTTP``` as source backends. The ## Outputs -Possible outputs are either ```file``` or ```git```. The file backend takes a destination directory as argument and will keep a file per device, with most recent running version of a device. The GIT backend (recommended) will initialize an empty GIT repository in the specified path and create a new commit on every configuration change. Take a look at the [Cookbook](#cookbook) for more details. +Possible outputs are either ```file```, ```git``` or ```git-crypt```. The file backend takes a destination directory as argument and will keep a file per device, with most recent running version of a device. The GIT backend (recommended) will initialize an empty GIT repository in the specified path and create a new commit on every configuration change. The GIT-Crypt backend will also initialize a GIT repository but every configuration push to it will be encrypted on the fly by using ```git-crypt``` tool. Take a look at the [Cookbook](#cookbook) for more details. Maps define how to map a model's fields to model [model fields](https://github.com/ytti/oxidized/tree/master/lib/oxidized/model). Most of the settings should be self explanatory, log is ignored if `use_syslog`(requires Ruby >= 2.0) is set to `true`. @@ -359,6 +382,12 @@ If you want to have the config automatically reloaded (e.g. when using a http so docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -e CONFIG_RELOAD_INTERVAL=3600 -t oxidized/oxidized:latest ``` +If you need to use an internal CA (e.g. to connect to an private github instance) + +``` +docker run -v /etc/oxidized:/root/.config/oxidized -v /path/to/MY-CA.crt:/usr/local/share/ca-certificates/MY-CA.crt -p 8888:8888/tcp -e UPDATE_CA_CERTIFICATES=true -t oxidized/oxidized:latest +``` + ## Cookbook ### Debugging In case a model plugin doesn't work correctly (ios, procurve, etc.), you can enable live debugging of SSH/Telnet sessions. Just add a ```debug``` option containing the value true to the ```input``` section. The log files will be created depending on the parent directory of the logfile option. @@ -601,6 +630,72 @@ output: ``` +### Output: Git-Crypt + +This uses the gem git and system git-crypt interfaces. Have a look at [GIT-Crypt](https://www.agwa.name/projects/git-crypt/) documentation to know how to install it. +Additionally to user and email informations, you have to provide the users ID that can be a key ID, a full fingerprint, an email address, or anything else that uniquely identifies a public key to GPG (see "HOW TO SPECIFY A USER ID" in the gpg man page). + + +For a single repositories for all devices: + +``` yaml +output: + default: gitcrypt + gitcrypt: + user: Oxidized + email: o@example.com + repo: "/var/lib/oxidized/devices" + users: + - "0x0123456789ABCDEF" + - "<user@example.com>" +``` + +And for groups repositories: + +``` yaml +output: + default: gitcrypt + gitcrypt: + user: Oxidized + email: o@example.com + repo: "/var/lib/oxidized/git-repos/default" + users: + - "0xABCDEF0123456789" + - "0x0123456789ABCDEF" +``` + +Oxidized will create a repository for each group in the same directory as the `default`. For +example: + +``` csv +host1:ios:first +host2:nxos:second +``` + +This will generate the following repositories: + +``` bash +$ ls /var/lib/oxidized/git-repos + +default.git first.git second.git +``` + +If you would like to use groups and a single repository, you can force this with the `single_repo` config. + +``` yaml +output: + default: gitcrypt + gitcrypt: + single_repo: true + repo: "/var/lib/oxidized/devices" + users: + - "0xABCDEF0123456789" + - "0x0123456789ABCDEF" + +``` + +Please note that user list is only updated once at creation. + ### Output: Http POST a config to the specified URL @@ -745,6 +840,16 @@ map: group: 2 ``` +### Triggered backups + +A node can be moved to head-of-queue via the REST API `GET/POST /node/next/[NODE]`. + +In the default configuration this node will be processed when the next job worker becomes available, it could take some time if existing backups are in progress. To execute moved jobs immediately a new job can be added: + +``` +next_adds_job: true +``` + # Hooks You can define arbitrary number of hooks that subscribe different events. The hook system is modular and different kind of hook types can be enabled. @@ -864,6 +969,57 @@ AWS SNS hook requires the following configuration keys: Your AWS credentials should be stored in `~/.aws/credentials`. +## Hook type: slackdiff + +The `slackdiff` hook posts colorized config diffs to a [Slack](http://www.slack.com) channel of your choice. It only triggers for `post_store` events. + +You will need to manually install the `slack-api` gem on your system: + +``` +gem install slack-api +``` + +Configuration example: + +``` yaml +hooks: + slack: + type: slackdiff + events: [post_store] + token: SLACK_BOT_TOKEN + channel: "#network-changes" +``` + +# Extra + +## Ubuntu SystemV init setup + +The init script assumes that you have a used named 'oxidized' and that oxidized is in one of the following paths: + +``` +/sbin +/bin +/usr/sbin +/usr/bin +/usr/local/bin +``` + +1.)Copy init script from extra/ folder to /etc/init.d/oxidized +2.)Setup /var/run/ + +``` +mkdir /var/run/oxidized +chown oxidized:oxidized /var/run/oxidized +``` + +3.)Make oxidized start on boot + +``` +update-rc.d oxidized deafults +``` + +Note the channel name must be in quotes. + # Ruby API The following objects exist in Oxidized. |