最近又有人在問我如何做 Cisco 或 FortiGate 設定組態 (configuration)
如何自動備份?
N年前我就有寫過類似的東西,只不過在當時我是用 Perl + telnet DIY小程式去做.
當然也是改成 Perl + ssh DIY 的小程式去做.但 N 年過去了,
目前已有太多工具可以逹成這個目地.
接下來的筆記是記錄,我是如何透過 Oxidized 去做這件事,
順便將其整合進 LibreNMS內,
當然只使用 Oxidized 也是 OK 的.
參考文件
http://blog.jason.tools/2021/02/librenms-oxidized.html
官方 URL
https://docs.librenms.org/Extensions/Oxidized/
https://github.com/ytti/oxidized
之前寫的東西
http://xrcd2.blogspot.com/2013/02/cisco-show-run-config-perl.html
自動備份 cisco 設備 show run 的 config ( 使用 perl )
http://xrcd2.blogspot.com/2016/01/cisco-ios-configuration-cisco-config.html
Cisco IOS 設備 configuration 自動版本管理的方式 ( cisco config auto 2 svn )
------------------------------------------------------------------------
安裝 Oxidized (OS CentOS 7.9)
yum install -y centos-release-scl-rh
yum install -y rh-ruby24 rh-ruby24-ruby-devel
yum install make cmake which sqlite-devel openssl-devel libssh2-devel ruby gcc ruby-devel libicu-devel gcc-c++
scl enable rh-ruby24 bash
Install the gems:
gem install oxidized oxidized-web
===============
git 設定
git config --global user.name "cisco"
git config --global user.email "cisco@cisco.lab.local"
===============
[root@centos7 ~]# pwd
/root
[root@centos7 ~]#
[root@centos7 ~]# oxidized
edit ~/.config/oxidized/config
[root@centos7 ~]# oxidized
edit ~/.config/oxidized/router.db
設定檔參考如下:
[root@centos7 oxidized]# pwd
/root/.config/oxidized
[root@centos7 oxidized]# cat config
---
username: username
password: password
model: ios
resolve_dns: false
interval: 300
log: /root/.config/oxidized/logs/oxidized.log
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 192.168.100.105:8888
next_adds_job: false
vars: {}
groups: {}
models: {}
pid: "/root/.config/oxidized/pid"
crash:
directory: "/root/.config/oxidized/crashes"
hostnames: false
stats:
history_size: 10
input:
default: ssh, telnet
debug: false
ssh:
secure: false
ftp:
passive: true
utf8_encoded: true
output:
default: git
git:
user: cisco
email: cisco@cisco.lab.local
repo: "/root/.config/oxidized/configs/configs.git"
source:
default: csv
csv:
file: "/root/.config/oxidized/router.db"
delimiter: !ruby/regexp /:/
map:
name: 0
model: 1
ip: 2
username: 3
password: 4
group: 5
gpg: false
model_map:
juniper: junos
cisco: ios
============================
[root@centos7 oxidized]# cat router.db
csr1000v:ios:192.168.100.222:cisco:cisco:configs
[root@centos7 oxidized]#
=============================
整合進 librenms
===================
[root@centos7 oxidized]# su - librenms
Last login: Sat Jul 16 12:39:31 CST 2022 on pts/0
-bash-4.2$ lnms config:set oxidized.enabled true
-bash-4.2$ lnms config:set oxidized.url http://192.168.100.105:8888
-bash-4.2$ lnms config:set oxidized.features.versioning true
-bash-4.2$ lnms config:set oxidized.group_support true
-bash-4.2$ lnms config:set oxidized.default_group default
-bash-4.2$ lnms config:set oxidized.reload_nodes true
-bash-4.2$
=======================
Cisco CSR 1000v show run
==================
csr1000v#sh run
Building configuration...
Current configuration : 1204 bytes
!
! Last configuration change at 13:29:30 TPE Sat Jul 16 2022 by cisco
!
version 15.5
service timestamps debug datetime localtime
service timestamps log datetime localtime
no platform punt-keepalive disable-kernel-core
platform console auto
!
hostname csr1000v
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone TPE 8 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
license udi pid CSR1000V sn XXXXXXXXXXXXX
license boot level ax
spanning-tree extend system-id
!
username cisco privilege 15 secret 5 $1$7wax$evNlQZGH2VorRL3bm/SRV0
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
ip address 192.168.100.222 255.255.255.0
negotiation auto
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
!
virtual-service csr_mgmt
ip shared host-interface GigabitEthernet1
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
!
!
snmp-server community cisco RO
!
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
login local
transport input ssh
!
ntp server 168.95.195.12
!
end
csr1000v#
=====================
將 oxidized 設定成服務
====================
vi /etc/profile.d/rh-ruby24.sh
#!/bin/bash
source /opt/rh/rh-ruby24/enable
export X_SCLS="`scl enable rh-ruby24 'echo $X_SCLS'`"
export PATH=$PATH:/opt/rh/rh-ruby24/root/usr/bin/ruby
ln -s /opt/rh/rh-ruby24/root/usr/local/bin/oxidized /usr/local/bin/oxidized
====================
vi /lib/systemd/system/oxidized.service
# /lib/systemd/system/oxidized.service
[Unit]
Description=Oxidized - Network Device Configuration Backup Tool
After=network-online.target multi-user.target
Wants=network-online.target
[Service]
ExecStart=/usr/local/bin/oxidized
KillSignal=SIGKILL
User=root
[Install]
WantedBy=multi-user.target
===========================
chmod +x /lib/systemd/system/oxidized.service
vi /etc/ld.so.conf
#增加 /opt/rh/rh-ruby24/root/usr/lib64
ldconfig
ldconfig -v
#檢查 ruby ldconf
chmod +x /lib/systemd/system/oxidized.service
systemctl enable oxidized.service
systemctl start oxidized.service
systemctl status oxidized.service
====================
Demo