Skip to main content

LibreNMS && Oxidized 備份網管設備設定檔

  BUBU 之前有看到節省哥分享此服務,曾經試架設過一次,但是後來失敗,最近有看到這類的文章出現,因此再次架設此套件,目前架設已成功可以正常運行。

  這套網通設備可以讓管理人員不用這樣子定期去執行備份,可以這個套件定期將每個台網通設備可以進行備份,這一套還有另外一個優點就是可以與之前版本進行做比對,當設備有問題的時候可以立刻還原到上一版去。

112.02.08 系統版本改為 Debian 11 順便修改流程。

運行環境


環境都是在 「Proxmox VE 」 虛擬系統上架設,都是以 「 LXC 」模式為主,除非有特殊狀況會告知使用 「 VM 」 模式

  • 系統環境: Debian 10、11

安裝過程


安裝官方套件

  • 安裝必要套件
apt-get install -y ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev g++
  • 安裝服務套件
gem install oxidized
gem install oxidized-script oxidized-web
  • 設定服務使用者及密碼
adduser oxidized
  • 切換使用者
su - oxidized
  • 執行 oxidized 服務指令,系統會在該目錄產出一個隱藏目錄是 .config
oxidized
  • 確認是否有正常產出該目錄
ls -la
LibreNMS && Oxidized 設定

  • oxidized 設定檔 vim home/oxidized/.config/oxidized/config 修改前
---
username: username
password: password
model: junos
resolve_dns: true
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 127.0.0.1:8888
next_adds_job: false
vars: {}
groups: {}
models: {}
pid: "/root/.config/oxidized/pid"
crash:
  directory: "/root/.config/oxidized/crashes"
  hostnames: false
stats:
  history_size: 10
input:
  default: ssh, telnet
  debug: false
  ssh:
    secure: false
  ftp:
    passive: true
  utf8_encoded: true
output:
  default: file
source:
  default: csv
  csv:
    file: "/root/.config/oxidized/router.db"
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      model: 1
    gpg: false
model_map:
  juniper: junos
  cisco: ios

修改後

---
# 登入設備帳號密碼
username: username
password: password
model: junos
resolve_dns: false
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
# 連線 oxidized 頁面
rest: 0.0.0.0:8888
next_adds_job: false
vars: {}
groups: {}
models: {}
pid: "/home/oxidized/.config/oxidized/pid"
crash:
  directory: "/home/oxidized/.config/oxidized/crashes"
  hostnames: false
stats:
  history_size: 10
input:
  default: ssh, telnet
  debug: false
  ssh:
    secure: false
  ftp:
    passive: true
  utf8_encoded: true
# 輸出到 git 服務,這段會在做後續的確認
output:
  default: git
  git:
    user: "your name"
    email: [email protected]
    repo: "/home/oxidized/.config/oxidized/oxidized.git"
# 來源是跟跟 librenms 連線會建立連線
source:
  default: http
  debug: false
  http:
    url: https://librenms/api/v0/oxidized
    map:
      name: hostname
      model: os
      group: group
    headers:
    # 這個由 LibreNMS 上的 API 介面產出來金鑰
      X-Auth-Token: '01582bf94c03104ecb7953dsadsadwed'
model_map:
  juniper: junos
  cisco: ios
# 以下是我常用設備名稱及 OS 對應
  fortigate: fortios
  mikrotik: routeros
  unifi: unifi
  dlink: dlink
  • 修改 LibreNMS 設定檔
# Oxidized configuration
$config['oxidized']['enabled']                  = TRUE;
$config['oxidized']['url']                      = 'http://oxidized 位置:8888';
$config['oxidized']['features']['versioning']   = true;
$config['oxidized']['group_support']            = false;
$config['oxidized']['default_group']            = 'false';
$config['oxidized']['reload_nodes']             = true;

#$config['oxidized']['maps']['group']['os'][] = array('match' => 'pfsense', 'group' => 'pfsense');
$config['oxidized']['ignore_os'] = array('ping', 'linux', 'generic');
  • 確認 oxidized 是否能正常連線到 librenms API 服務
curl -H 'X-Auth-Token: YOURAPITOKENHERE' https://librenms.org/api/v0/oxidized
設定 oxidized 服務檔

  • 設定檔位置 vim /etc/systemd/system/oxidized.service
# Put this file in /etc/systemd/system.
#
# To set OXIDIZED_HOME instead of the default,
# ~oxidized/.config/oxidized, uncomment (and modify as required) the
# "Environment" variable below so systemd sets the correct
# environment.

[Unit]
Description=Oxidized - Network Device Configuration Backup Tool
After=network-online.target multi-user.target
Wants=network-online.target

[Service]
ExecStart=/usr/local/bin/oxidized
User=oxidized
KillSignal=SIGKILL
#Environment="OXIDIZED_HOME=/etc/oxidized"
Restart=on-failure
RestartSec=300s

[Install]
WantedBy=multi-user.target
  • 啟動服務
sudo systemctl daemon-reload  && sudo systemctl enable --now oxidized.service
  • 確認服務執行狀態
sudo systemctl status oxidized.service
  • 再去 LibreNMS 上確認是否可以看到該網通設備的設定檔

librenms-Oxidized-01.png

  • 也可以去 Oxidized 頁面查看 http://oxidized 位置:8888

librenms-Oxidized-02.png

補充說明


  BUBU 因公司上有設備的帳密是不一樣,因此需要在設定檔裡做另外處理,提供兩種方式。

  • 在 oxidized 設定檔上做設定
source:
  default: http
  debug: false
  http:
    url: https://librenms/api/v0/oxidized
    map:
      name: hostname
      model: os
      group: group
      # 新增加以下兩個參數
      username: username
      password: password
    headers:
    # 這個由 LibreNMS 上的 API 介面產出來金鑰
      X-Auth-Token: '01582bf94c03104ecb7953dsadsadwed'
  • 在 LibreNMS 上做設定
$config['oxidized']['maps']['group']['os'][] = array('match' => 'fortios', 'group' => 'fortios');
$config['oxidized']['maps']['username']['os'][] = array('match' => 'fortios', 'username' => 'admin');
$config['oxidized']['maps']['password']['os'][] = array('match' => 'fortios', 'password' => 'PW_A');
  • 查到的範例
$config['oxidized']['ignore_os'] = array('linux','windows');
$config['oxidized']['ignore_types'] = array('server','power');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'ios', 'group' => 'Cisco');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'iosxe', 'group' => 'Cisco');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'nxos', 'group' => 'Nexus');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'procurve', 'group' => 'Aruba');
$config['oxidized']['maps']['group']['os'][] = array('match' => 'arista_eos', 'group' => 'Arista');

$config['oxidized']['maps']['username']['os'][] = array('match' => 'procurve', 'username' => 'admin');
$config['oxidized']['maps']['password']['os'][] = array('match' => 'procurve', 'password' => 'PW_A');
$config['oxidized']['maps']['username']['os'][] = array('match' => 'arista_eos', 'username' => 'admin');
$config['oxidized']['maps']['password']['os'][] = array('match' => 'arista_eos', 'password' => 'PW_B');
$config['oxidized']['maps']['username']['os'][] = array('regex' => '/ios|nxos|iosxe/', 'username' => 'oxidized');
$config['oxidized']['maps']['password']['os'][] = array('regex' => '/ios|nxos|iosxe/', 'password' => 'PW_Z');
  • 在 oxidized 設定檔上面 vim /home/oxidized/.config/oxidized/config 最後面新增加
models:
  fortios:
     username: admin
     password: PW_A
參考相關網頁

備註


  BUBU 最近在公司發現到在 LibreNMS 上面無法正常查看網通設備的設定檔,那也找到一些相關的資訊直都沒有找到正確答案,後來跟社群裡節省哥請教後查看 Log 檔後,原因是出在 php 的記憶體預設只有 128M 那調整到 512M 就可以正常顯示了。

  • 調整 php.ini 檔 vim /etc/php/8.0/fpm/php.ini
# 調整前
; 記憶體用量上限
memory_limit = 128M

# 調整後
; 記憶體用量上限
memory_limit = 512M



參考相關網頁