How to Install & Integrate Oxidized Into LibreNMS

-

 

How to Install & Integrate Oxidized Into LibreNMS

Project Links:

https://docs.librenms.org/Extensions/Oxidized/

https://github.com/ytti/oxidized

https://www.rubydoc.info/gems/oxidized/0.7.2

https://github.com/net-ssh/net-ssh

Oxidized is a great tool for automating backups of device configs like ASA Firewalls, IOS routers, and all types of switches! I chose Oxidized because it very easy integrates into Librenms.

The instructions for how to integrate oxidized into LibreNMS are below:

sudo -i

login as root user

 

to check Ubuntu OS version

 

lsb_release -a

Must be Update your ubuntu/LibreNMS

apt update && apt autoremove

su - librenms

git pull

./daily.sh

./validate.php

 

 Installation :

go to the working directory

login as a root user

Debian and Ubuntu

On Ubuntu, begin by enabling the universe repository (required for libssh2-1-dev):

add-apt-repository universe
 
Install the dependencies:
apt-get install ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev g++
 
Finally, install the gems:
gem install oxidized
gem install oxidized-script oxidized-web 
 
# If you don't install oxidized-web, ensure "rest" is removed from your Oxidized config.
 

Configuration:

Oxidized configuration is in YAML format. Configuration files are subsequently sourced from /etc/oxidized/config then ~/.config/oxidized/config. The hashes will be merged, this might be useful for storing source information in a system wide file and user specific configuration in the home directory (to only include a staff specific username and password).

It is recommended practice to run Oxidized using its own username. This username can be added using standard command-line tools:

sudo useradd oxidized -s /bin/bash -d /home/oxidized/ -m

 

passwd oxidized

 

Depending on operating system, you may also need to add the user to the "sudo" user group
 
usermod -aG sudo oxidized

 

su - oxidized

pwd

ls -la

 
Then, change the ownership and permissions on the folder:
sudo chown -R oxidized:oxidized /home/oxidized
 

First create the directory where the http output is going to store device configs and start Oxidized once.

mkdir -p ~/.config/oxidized/configs    >>> both create as oxidized user

mkdir -p ~/.config/oxidized/router.db

 

run simple    

oxidized

oxidized

 

Finally , edit the following lines in "config"

nano /home/oxidized/.config/oxidized/config

http source:

Now tell Oxidized where it finds a list of network devices to backup configuration from. You can either use http or SQLite as source. To create a http source add the following snippet:

source:

  default: http

  debug: false

  http:

    url: http://192.168.88.157:8071/api/v0/oxidized

    scheme: http

    file: "/home/oxidized/.config/oxidized/router.db"

    delimiter: !ruby/regexp /:/

    map:

      name: hostname

      model: os

      username: username

      password: password

      group: group

    vars_map:

      ssh_port: ssh_port

    headers:

      X-Auth-Token: '4b57d060f2a1de0333116ef48e9994c7'

 

Setup as system service

Find the “oxidized.service” file, should be in

/usr/local/rvm/gems/ruby-2.6.1/gems/oxidized-0.25.1/extra/oxidized.service

and copy it to

/usr/lib/systemd/system/

Edit it and change the user and try to launch it

If it fails, you may need to substitute the ExecStart= variable to the following

ExecStart=/usr/local/rvm/gems/ruby-2.6.1/wrappers/oxidize

Change the ruby number if yours is different.

Confirm oxidized runs correctly. Simply run "oxidized", if there are issues, run with --debug and troubleshoot as necessary.

 

Once oxidized is running fine as its own user, attempt to start it as a service:

 

Run these commands as a root 

systemctl start oxidized

 

systemctl daemon-reload

Enable the service on system boot up and start

systemctl enable --now oxidized

Check that oxidized is running

systemctl status oxidized

LibreNMS config

Add the following to your /opt/librenms/config.php config file.

# Oxidized configuration

 $config['oxidized']['enabled']                  = TRUE;

 $config['oxidized']['url']                      = 'http://127.0.0.1:8888';

 $config['oxidized']['features']['versioning']   = true;

 $config['oxidized']['group_support']            = true;

 $config['oxidized']['default_group']            = 'default';

 $config['oxidized']['reload_nodes']             = true;

$config['oxidized']['ignore_os'] = array('linux','windows');
 $config['oxidized']['ignore_types'] = array('server','power');

 

 

Finally simply run :

oxidized

 

As of right now you should see a “Config” tab per device, and a config saved for the devices we added to router.db.

We can see here that my device config is saved.

Extra

Ubuntu SystemV init setup

The init script assumes that you have a user named 'oxidized' and that oxidized is in one of the following paths:

/sbin
/bin
/usr/sbin
/usr/bin
/usr/local/bin
  1. Copy init script from extra/ folder to /etc/init.d/oxidized
  2. Setup /var/run/
mkdir /var/run/oxidized
chown oxidized:oxidized /var/run/oxidized
  1. Make oxidized start on boot
update-rc.d oxidized defaults

 

192.168.88.157:8071

 

---

username: ubnt

password: ubnt

model: airos

resolve_dns: false

interval: 3600

use_syslog: false

debug: false

threads: 30

timeout: 20

retries: 3

prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/

rest: LibreNMSIP:8888

next_adds_job: false

vars: {}

groups:

groups:

   defaultgrp:

     username: default

     password: default

   airos:

     username: ubnt

     password: ubnt

   routeros:

     username: oxidized

     password: oxidized

     vars:

       ssh_port: 2256

models: {}

pid: "/home/oxidized/.config/oxidized/pid"

crash:

  directory: "/home/oxidized/.config/oxidized/crashes"

  hostnames: false

stats:

  history_size: 10

input:

  default: ssh, telnet

  debug: false

  ssh:

    secure: false

  ftp:

    passive: true

  utf8_encoded: true

output:

  default: file

  file:

    directory: "/home/oxidized.config/oxidized/configs"

source:

  default: http

  debug: false

  http:

    url: http://192.168.88.157:8071/api/v0/oxidized

    scheme: http

    file: "/home/oxidized/.config/oxidized/router.db"

    delimiter: !ruby/regexp /:/

    map:

      name: hostname

      model: os

      username: username

      password: password

      group: group

    vars_map:

      ssh_port: ssh_port

    headers:

      X-Auth-Token: '4b57d060f2a1de0333116ef48e9994c7'

model_map:

  juniper: junos

  cisco: ios

  mikrotik: routeros

  ubiquiti: airos

______________________________

/lib/systemd/system/oxidized.service

 

[Unit]

Description=Oxidized - Network Device Configuration Backup Tool

After=network-online.target multi-user.target

Wants=network-online.target

 

[Service]

ExecStart=/usr/local/bin/oxidized

User=oxidized

KillSignal=SIGKILL

#Environment="OXIDIZED_HOME=/etc/oxidized"

Restart=on-failure

RestartSec=300s

 

[Install]

WantedBy=multi-user.target

____________

curl -H 'X-Auth-Token: 4b57d060f2a1de0333116ef48e9994c7' http://LibreNMSIP/api/v0/oxidized

 

router.db file format

 

cisco-router1:cisco

nexus-switch1:nexus

fortigate-firewall1:fortigate:admin:password:2345

192.168.88.5:f5:::3456

# You can also include comments like this

192.168.88.1:mikrotik:mikrotik:oxidized:oxidized:2223

Comments

Post a Comment

Popular posts from this blog

Installing NFSEN & NFDUMP on Ubuntu and Next integrate with LibreNMS

-
  librenms@librenms:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:     Ubuntu 20.04.2 LTS Release:         20.04 Codename:        focal Project Link: http://nfsen.sourceforge.net/ http://nfdump.sourceforge.net/ https://github.com/phaag/nfdump https://www.first.org/resources/papers/conference2006/haag-peter-papers.pdf sudo add-apt-repository universe    FOR OLD ubuntu versions 16,18 Installation Use the sudo user sudo -i Update ubuntu: apt-get update apt autoremove   Create and navidate to a new folder: mkdir ~/nfsen && cd ~/nfsen   or   mkdir /var/nfsen && cd / var /nfsen   Download the required files: wget https://bit.ly/2NpMHqV      >>> NfSend wget https://github.com/phaag/nfdump/archive/v1.6.17.tar.gz     >>>NfDump Extract the files: tar zxfv 2NpMHqV tar xzfv v1.6.17.tar.gz Install Dependencies apt install make gcc flex rrdtool librrd-dev libpcap
Read more

IP Core Networks | Your Education, Your Choice

-
Image
    Our Youtube Channel Name : IP Core Networks  Channel link: https://www.youtube.com/channel/UCbkH41NcPM3od4Xkij0M7zw Email address:cciepearl@gmail.com WhatsApp:+92-345-7770727 Channel Description:  IP CORE NETWORKS is a Premium Cisco Consulting provider of Cisco Products, Solutions, Included MikroTik, MicroSoft Server,Firewalls Training, and Professional Services/Supports for small, medium, and large-sized businesses. We are a Cisco Premier Certified Partner founded by a Cisco CCIE architect and consultant with over 8 years of production experience in a wide range of network environments. Our Company consists of CCNA, CCNP, and CCIE consultants with real-world experience. AND our channel provides you all Cisco Training videos for CCNA, CCNP, CCIE,MikroTik and others Cisco Certifications as well as Networking-related troubleshooting videos. WhatsApp: +92-345-7770727 Elastic Systems Pvt Ltd.  http://www.elastic-home.com  
Read more