LibreNMS && Oxidized 備份網管設備設定檔
BUBU 之前有看到節省哥分享此服務,曾經試架設過一次,但是後來失敗,最近有看到這類的文章出現,因此再次架設此套件,目前架設已成功可以正常運行。
這套網通設備可以讓管理人員不用這樣子定期去執行備份,可以這個套件定期將每個台網通設備可以進行備份,這一套還有另外一個優點就是可以與之前版本進行做比對,當設備有問題的時候可以立刻還原到上一版去。
112.02.08 系統版本改為 Debian 11 順便修改流程。
運行環境
環境都是在 「Proxmox VE 」 虛擬系統上架設,都是以 「 LXC 」模式為主,除非有特殊狀況會告知使用 「 VM 」 模式
- 系統環境: Debian 10、11
安裝過程
安裝官方套件
- 安裝必要套件
apt-get install -y ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev g++
- 安裝服務套件
gem install oxidized
gem install oxidized-script oxidized-web
- 設定服務使用者及密碼
adduser oxidized
- 切換使用者
su - oxidized
- 執行
oxidized服務指令,系統會在該目錄產出一個隱藏目錄是.config
oxidized
- 確認是否有正常產出該目錄
ls -la
LibreNMS && Oxidized 設定
- oxidized 設定檔
vim home/oxidized/.config/oxidized/config修改前
---
username: username
password: password
model: junos
resolve_dns: true
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\[email protected]]+[#>]\s?)$/
rest: 127.0.0.1:8888
next_adds_job: false
vars: {}
groups: {}
models: {}
pid: "/root/.config/oxidized/pid"
crash:
directory: "/root/.config/oxidized/crashes"
hostnames: false
stats:
history_size: 10
input:
default: ssh, telnet
debug: false
ssh:
secure: false
ftp:
passive: true
utf8_encoded: true
output:
default: file
source:
default: csv
csv:
file: "/root/.config/oxidized/router.db"
delimiter: !ruby/regexp /:/
map:
name: 0
model: 1
gpg: false
model_map:
juniper: junos
cisco: ios
修改後
---
# 登入設備帳號密碼
username: username
password: password
model: junos
resolve_dns: false
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\[email protected]]+[#>]\s?)$/
# 連線 oxidized 頁面
rest: 0.0.0.0:8888
next_adds_job: false
vars: {}
groups: {}
models: {}
pid: "/home/oxidized/.config/oxidized/pid"
crash:
directory: "/home/oxidized/.config/oxidized/crashes"
hostnames: false
stats:
history_size: 10
input:
default: ssh, telnet
debug: false
ssh:
secure: false
ftp:
passive: true
utf8_encoded: true
# 輸出到 git 服務,這段會在做後續的確認
output:
default: git
git:
user: "your name"
email: [email protected]
repo: "/home/oxidized/.config/oxidized/oxidized.git"
# 來源是跟跟 librenms 連線會建立連線
source:
default: http
debug: false
http:
url: https://librenms/api/v0/oxidized
map:
name: hostname
model: os
group: group
headers:
# 這個由 LibreNMS 上的 API 介面產出來金鑰
X-Auth-Token: '01582bf94c03104ecb7953dsadsadwed'
model_map:
juniper: junos
cisco: ios
# 以下是我常用設備名稱及 OS 對應
fortigate: fortios
mikrotik: routeros
unifi: unifi
dlink: dlink
- 修改 LibreNMS 設定檔
# Oxidized configuration
$config['oxidized']['enabled'] = TRUE;
$config['oxidized']['url'] = 'http://oxidized 位置:8888';
$config['oxidized']['features']['versioning'] = true;
$config['oxidized']['group_support'] = false;
$config['oxidized']['default_group'] = 'false';
$config['oxidized']['reload_nodes'] = true;
#$config['oxidized']['maps']['group']['os'][] = array('match' => 'pfsense', 'group' => 'pfsense');
$config['oxidized']['ignore_os'] = array('ping', 'linux', 'generic');
- 確認 oxidized 是否能正常連線到 librenms API 服務
curl -H 'X-Auth-Token: YOURAPITOKENHERE' https://librenms.org/api/v0/oxidized
設定 oxidized 服務檔
- 設定檔位置
vim /etc/systemd/system/oxidized.service
# Put this file in /etc/systemd/system.
#
# To set OXIDIZED_HOME instead of the default,
# ~oxidized/.config/oxidized, uncomment (and modify as required) the
# "Environment" variable below so systemd sets the correct
# environment.
[Unit]
Description=Oxidized - Network Device Configuration Backup Tool
After=network-online.target multi-user.target
Wants=network-online.target
[Service]
ExecStart=/usr/local/bin/oxidized
User=oxidized
KillSignal=SIGKILL
#Environment="OXIDIZED_HOME=/etc/oxidized"
Restart=on-failure
RestartSec=300s
[Install]
WantedBy=multi-user.target
- 啟動服務
sudo systemctl daemon-reload && sudo systemctl enable --now oxidized.service
- 確認服務執行狀態
sudo systemctl status oxidized.service
- 再去 LibreNMS 上確認是否可以看到該網通設備的設定檔
- 也可以去 Oxidized 頁面查看
http://oxidized 位置:8888
補充說明
BUBU 因公司上有設備的帳密是不一樣,因此需要在設定檔裡做另外處理,提供兩種方式。
- 在 oxidized 設定檔上做設定
source:
default: http
debug: false
http:
url: https://librenms/api/v0/oxidized
map:
name: hostname
model: os
group: group
# 新增加以下兩個參數
username: username
password: password
headers:
# 這個由 LibreNMS 上的 API 介面產出來金鑰
X-Auth-Token: '01582bf94c03104ecb7953dsadsadwed'
- 在 LibreNMS 上做設定
$config['oxidized']['maps']['group']['os'][] = array('match' => 'fortios', 'group' => 'fortios');
$config['oxidized']['maps']['username']['os'][] = array('match' => 'fortios', 'username' => 'admin');
$config['oxidized']['maps']['password']['os'][] = array('match' => 'fortios', 'password' => 'PW_A');
- 查到的範例
$config['oxidized']['ignore_os'] = array('linux','windows');
$config['oxidized']['ignore_types'] = array('server','power');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'ios', 'group' => 'Cisco');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'iosxe', 'group' => 'Cisco');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'nxos', 'group' => 'Nexus');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'procurve', 'group' => 'Aruba');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'arista_eos', 'group' => 'Arista');
$config['oxidized']['maps']['username']['os'][] = array('match' => 'procurve', 'username' => 'admin');
$config['oxidized']['maps']['password']['os'][] = array('match' => 'procurve', 'password' => 'PW_A');
$config['oxidized']['maps']['username']['os'][] = array('match' => 'arista_eos', 'username' => 'admin');
$config['oxidized']['maps']['password']['os'][] = array('match' => 'arista_eos', 'password' => 'PW_B');
$config['oxidized']['maps']['username']['os'][] = array('regex' => '/ios|nxos|iosxe/', 'username' => 'oxidized');
$config['oxidized']['maps']['password']['os'][] = array('regex' => '/ios|nxos|iosxe/', 'password' => 'PW_Z');
- 在 oxidized 設定檔上面
vim /home/oxidized/.config/oxidized/config最後面新增加
models:
fortios:
username: admin
password: PW_A
參考相關網頁
備註
BUBU 最近在公司發現到在 LibreNMS 上面無法正常查看網通設備的設定檔,那也找到一些相關的資訊直都沒有找到正確答案,後來跟社群裡節省哥請教後查看 Log 檔後,原因是出在 php 的記憶體預設只有 128M 那調整到 512M 就可以正常顯示了。
- 調整 php.ini 檔
vim /etc/php/8.0/fpm/php.ini
# 調整前
; 記憶體用量上限
memory_limit = 128M
# 調整後
; 記憶體用量上限
memory_limit = 512M
參考相關網頁
- oxidized 官方 github
- Oxidized Getting Started
- LibreNMS 文檔 Oxidized intro
- Pre-Built LibreNMS OVF with Oxidized + Ryslog + 1 Min Polling
- Oxidized – Part 1
- Oxidized – Part 2
- Oxidized Gitlab Storage Backend
- LibreNMS Oxidized-影片
- How to Install & Integrate Oxidized Into LibreNMS | librenms oxidized- 影片
- How to Install & Integrate Oxidized Into LibreNMS
- 网络设备配置备份-Oxidized
- Oxidized随笔:安装篇
- 构建企业级网络设备自动备份平台 -- Oxidized (一)
- 构建企业级网络设备自动备份系统 -- Oxidized (二)
- Oxidized:一款開源強大但不便捷的網絡設備備份軟體