diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 155 |
1 files changed, 150 insertions, 5 deletions
@@ -31,6 +31,7 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * [Source: SQLite](#source-sqlite) * [Source: HTTP](#source-http) * [Output: GIT](#output-git) + * [Output: HTTP](#output-http) * [Output: File](#output-file) * [Output types](#output-types) * [Advanced Configuration](#advanced-configuration) @@ -66,17 +67,25 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * Cisco * AireOS * ASA + * CatOS * IOS * IOSXR * NXOS * SMB (Nikola series) + * Citrix + * NetScaler (Virtual Applicance) * Cumulus * Linux + * DataCom + * DmSwitch 3000 * DELL * PowerConnect * AOSW + * Ericsson/Redback + * IPOS (former SEOS) * Extreme Networks * XOS + * WM * F5 * TMOS * Force10 @@ -96,12 +105,18 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen * MLNX-OS * Mikrotik * RouterOS + * Motorola + * RFS * MRV * MasterOS + * Netonix + * WISP Switch (As Netonix) * Opengear * Opengear * Palo Alto * PANOS + * Supermicro + * Supermicro * Ubiquiti * AirOS * Edgeos @@ -115,7 +130,7 @@ Oxidized is a network device configuration backup tool. It's a RANCID replacemen Install all required packages and gems. ```shell -apt-get install ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake +apt-get install ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev gem install oxidized gem install oxidized-script oxidized-web # if you don't install oxidized-web, make sure you remove "rest" from your config ``` @@ -123,7 +138,7 @@ gem install oxidized-script oxidized-web # if you don't install oxidized-web, ma ## CentOS, Oracle Linux, Red Hat Linux version 6 Install Ruby 1.9.3 or greater (for Ruby 2.1.2 installation instructions see "Installing Ruby 2.1.2 using RVM"), then install Oxidized dependencies ```shell -yum install cmake sqlite-devel openssl-devel +yum install cmake sqlite-devel openssl-devel libssh2-devel ``` Now lets install oxidized via Rubygems: @@ -138,6 +153,21 @@ Oxidized configuration is in YAML format. Configuration files are subsequently s To initialize a default configuration in your home directory ```~/.config/oxidized/config```, simply run ```oxidized``` once. If you don't further configure anything from the output and source sections, it'll extend the examples on a subsequent ```oxidized``` execution. This is useful to see what options for a specific source or output backend are available. +You can set the env variable `OXIDIZED_HOME` to change its home directory. + +``` +OXIDIZED_HOME=/etc/oxidized + +$ tree -L 1 /etc/oxidized +/etc/oxidized/ +├── config +├── log-router-ssh +├── log-router-telnet +├── pid +├── router.db +└── repository.git +``` + ## Source Oxidized supports ```CSV```, ```SQLite``` and ```HTTP``` as source backends. The CSV backend reads nodes from a rancid compatible router.db file. The SQLite backend will fire queries against a database and map certain fields to model items. The HTTP backend will fire queries against a http/https url. Take a look at the [Cookbook](#cookbook) for more details. @@ -183,7 +213,7 @@ Install Ruby 2.1.2 build dependencies ``` yum install curl gcc-c++ patch readline readline-devel zlib zlib-devel yum install libyaml-devel libffi-devel openssl-devel make cmake -yum install bzip2 autoconf automake libtool bison iconv-devel +yum install bzip2 autoconf automake libtool bison iconv-devel libssh2-devel ``` Install RVM @@ -264,6 +294,30 @@ vars: enable: S3cre7 ``` +### Removing secrets + +To strip out secrets from configurations before storing them, Oxidized needs the the remove_secrets flag. You can globally enable this by adding the following snippet to the global sections of the configuration file. + +``` +vars: + remove_secret: true +``` + +Device models can contain substitution filters to remove potentially sensitive data from configs. + +As a partial example from ios.rb: + +``` + cmd :secret do |cfg| + cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>' + (...) + cfg + end +``` +The above strips out snmp community strings from your saved configs. + +**NOTE:** Removing secrets reduces the usefulness as a full configuration backup, but it may make sharing configs easier. + ### Source: CSV One line per device, colon seperated. @@ -285,7 +339,7 @@ source: ### SSH Proxy Command -Oxidized can `ssh` through a proxy as well. To do so we just need to set `proxy` variable. +Oxidized can `ssh` through a proxy as well. To do so we just need to set `ssh_proxy` variable. ``` ... @@ -294,7 +348,7 @@ map: model: 1 vars_map: enable: 2 - proxy: 3 + ssh_proxy: 3 ... ``` @@ -356,13 +410,67 @@ output: This uses the rugged/libgit2 interface. So you should remember that normal Git hooks will not be executed. + +For a single repositories for all devices: + +``` yaml +output: + default: git + git: + user: Oxidized + email: o@example.com + repo: "/var/lib/oxidized/devices.git" ``` + +And for groups repositories: + +``` yaml output: default: git git: user: Oxidized email: o@example.com + repo: "/var/lib/oxidized/git-repos/default.git" +``` + +Oxidized will create a repository for each group in the same directory as the `default.git`. For +example: + +``` csv +host1:ios:first +host2:nxos:second +``` + +This will generate the following repositories: + +``` bash +$ ls /var/lib/oxidized/git-repos + +default.git first.git second.git +``` + +If you would like to use groups and a single repository, you can force this with the `single_repo` config. + +``` yaml +output: + default: git + git: + single_repo: true repo: "/var/lib/oxidized/devices.git" + +``` + +### Output: Http + +POST a config to the specified URL + +``` +output: + default: http + http: + user: admin + password: changeit + url: "http://192.168.162.50:8080/db/coll" ``` ### Output types @@ -445,6 +553,7 @@ vars: enable: S3cr3tx groups: {} rest: 127.0.0.1:8888 +pid: ~/.config/oxidized/oxidized.pid input: default: ssh, telnet debug: false @@ -527,6 +636,42 @@ hooks: timeout: 120 ``` +### githubrepo + +This hook configures the repository `remote` and _push_ the code when the specified event is triggerd. If the `username` and `password` are not provided, the `Rugged::Credentials::SshKeyFromAgent` will be used. + +`githubrepo` hook recognizes following configuration keys: + + * `remote_repo`: the remote repository to be pushed to. + * `username`: username for repository auth. + * `password`: password for repository auth. + * `publickey`: publickey for repository auth. + * `privatekey`: privatekey for repository auth. + +When using groups repositories, each group must have its own `remote` in the `remote_repo` config. + +``` yaml +hooks: + push_to_remote: + remote_repo: + routers: git@git.intranet:oxidized/routers.git + switches: git@git.intranet:oxidized/switches.git + firewalls: git@git.intranet:oxidized/firewalls.git +``` + + +## Hook configuration example + +``` yaml +hooks: + push_to_remote: + type: githubrepo + events: [post_store] + remote_repo: git@git.intranet:oxidized/test.git + username: user + password: pass +``` + # Ruby API The following objects exist in Oxidized. |