2022年7月15日 星期五

將 Oxidized 外掛上 Librenms

 最近又有人在問我如何做 Cisco 或 FortiGate 設定組態 (configuration)

如何自動備份?

N年前我就有寫過類似的東西,只不過在當時我是用 Perl + telnet DIY小程式去做.

當然也是改成 Perl + ssh DIY 的小程式去做.但 N 年過去了,

目前已有太多工具可以逹成這個目地.

接下來的筆記是記錄,我是如何透過 Oxidized  去做這件事,

順便將其整合進 LibreNMS內,

當然只使用 Oxidized 也是 OK 的.

參考文件

http://blog.jason.tools/2021/02/librenms-oxidized.html

官方 URL

https://docs.librenms.org/Extensions/Oxidized/

https://github.com/ytti/oxidized

之前寫的東西

http://xrcd2.blogspot.com/2013/02/cisco-show-run-config-perl.html

自動備份 cisco 設備 show run 的 config ( 使用 perl )

http://xrcd2.blogspot.com/2016/01/cisco-ios-configuration-cisco-config.html

Cisco IOS 設備 configuration 自動版本管理的方式 ( cisco config auto 2 svn )

------------------------------------------------------------------------

安裝 Oxidized (OS CentOS 7.9)

yum install -y centos-release-scl-rh

yum install -y rh-ruby24 rh-ruby24-ruby-devel

yum install make cmake which sqlite-devel openssl-devel libssh2-devel ruby gcc ruby-devel libicu-devel gcc-c++

scl enable rh-ruby24 bash

Install the gems: 

gem install oxidized oxidized-web

===============
git 設定

git config --global user.name "cisco"
git config --global user.email "cisco@cisco.lab.local"

===============

[root@centos7 ~]# pwd
/root
[root@centos7 ~]# 

[root@centos7 ~]# oxidized
edit ~/.config/oxidized/config
[root@centos7 ~]# oxidized
edit ~/.config/oxidized/router.db 

設定檔參考如下:

[root@centos7 oxidized]# pwd
/root/.config/oxidized
[root@centos7 oxidized]# cat config
---
username: username
password: password
model: ios
resolve_dns: false
interval: 300
log: /root/.config/oxidized/logs/oxidized.log
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 192.168.100.105:8888
next_adds_job: false
vars: {}
groups: {}
models: {}
pid: "/root/.config/oxidized/pid"
crash:
  directory: "/root/.config/oxidized/crashes"
  hostnames: false
stats:
  history_size: 10
input:
  default: ssh, telnet
  debug: false
  ssh:
    secure: false
  ftp:
    passive: true
  utf8_encoded: true
output:
  default: git
  git:
    user: cisco
    email: cisco@cisco.lab.local
    repo: "/root/.config/oxidized/configs/configs.git"
source:
  default: csv
  csv:
    file: "/root/.config/oxidized/router.db"
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      model: 1
      ip: 2
      username: 3
      password: 4
      group: 5
    gpg: false
model_map:
  juniper: junos
  cisco: ios
============================
[root@centos7 oxidized]# cat router.db 

csr1000v:ios:192.168.100.222:cisco:cisco:configs

[root@centos7 oxidized]# 

=============================
整合進 librenms
===================

[root@centos7 oxidized]# su - librenms
Last login: Sat Jul 16 12:39:31 CST 2022 on pts/0
-bash-4.2$ lnms config:set oxidized.enabled true
-bash-4.2$ lnms config:set oxidized.url http://192.168.100.105:8888
-bash-4.2$ lnms config:set oxidized.features.versioning true
-bash-4.2$ lnms config:set oxidized.group_support true
-bash-4.2$ lnms config:set oxidized.default_group default
-bash-4.2$ lnms config:set oxidized.reload_nodes true
-bash-4.2$ 


=======================
Cisco CSR 1000v  show run 
==================

csr1000v#sh run 
Building configuration...

Current configuration : 1204 bytes
!
! Last configuration change at 13:29:30 TPE Sat Jul 16 2022 by cisco
!
version 15.5
service timestamps debug datetime localtime
service timestamps log datetime localtime
no platform punt-keepalive disable-kernel-core
platform console auto
!
hostname csr1000v
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone TPE 8 0
!
!
!
!
!
!
!
!
!



!
!
!
!
!
!
!
!
!
!         
subscriber templating
!
multilink bundle-name authenticated
!
!
!
license udi pid CSR1000V sn XXXXXXXXXXXXX
license boot level ax
spanning-tree extend system-id
!
username cisco privilege 15 secret 5 $1$7wax$evNlQZGH2VorRL3bm/SRV0
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
 ip address 192.168.100.222 255.255.255.0
 negotiation auto
!
interface GigabitEthernet2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet3
 no ip address
 shutdown
 negotiation auto
!
!
virtual-service csr_mgmt
 ip shared host-interface GigabitEthernet1
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
!
!
snmp-server community cisco RO
!
!
control-plane
!
!
line con 0
 stopbits 1
line vty 0 4
 login local
 transport input ssh
!
ntp server 168.95.195.12
!
end

csr1000v# 

=====================

將  oxidized 設定成服務

====================

vi /etc/profile.d/rh-ruby24.sh
#!/bin/bash
source /opt/rh/rh-ruby24/enable
export X_SCLS="`scl enable rh-ruby24 'echo $X_SCLS'`"
export PATH=$PATH:/opt/rh/rh-ruby24/root/usr/bin/ruby


ln -s /opt/rh/rh-ruby24/root/usr/local/bin/oxidized /usr/local/bin/oxidized



====================


vi  /lib/systemd/system/oxidized.service
 
# /lib/systemd/system/oxidized.service
[Unit]
Description=Oxidized - Network Device Configuration Backup Tool
After=network-online.target multi-user.target
Wants=network-online.target
 
[Service]
ExecStart=/usr/local/bin/oxidized
KillSignal=SIGKILL
User=root
 
[Install]
WantedBy=multi-user.target


===========================

 
chmod +x /lib/systemd/system/oxidized.service
 
vi /etc/ld.so.conf

#增加 /opt/rh/rh-ruby24/root/usr/lib64
 
ldconfig
ldconfig -v

#檢查 ruby ldconf
 
chmod +x /lib/systemd/system/oxidized.service
 
systemctl enable oxidized.service
systemctl start oxidized.service
systemctl status oxidized.service


====================

Demo