Every year it seems like more and more network devices get installed on our networks. Switches, router, firewall, access points are just a few of the devices that get installed. Each of them has a configuration file that gets setup and stored in the devices when it is setup or when changes are made. So…. how do we manage these configs and backup all these configuration files? We use Oxidized.
Oxidized is a great application that does one thing and does is well. It connects up to all your devices, check the config file to see if it has changed and if it has, it makes a backup copy. The backups are all version controlled and kept in Oxidized. It is them possible to look at all the changes, when the change took place, and restore back to an old version if needed.
Install Oxidized on FreeBSD
You can install Oxidized as a package using pkg on FreeBSD. This will install Oxidized and all the ruby/gem modules required.
# pkg install rubygem-oxidized rubygem-oxidized-script rubygem-oxidized-webOnce installed an oxidized user and group will be created for the service to run under. The directory that will contain the configuration and git repository is at /var/db/oxidized
Oxidized will create a basis config file when started up for the first time. Let’s force it to start up once so it can create it’s default config file and then we can go in and edit it.
# service oxidized onestartOxidized will have started up, created it’s default config file and then quit again. If you look into /var/db/oxidized/.config/oxidized there will be a config file now.
Configure Oxidized
A default config file was created the first time Oxidized started up. Now lets go in and edit the config file so it works like we want.
# cd /var/db/oxidized/.config/oxidized
# vi config---
username: admin
password: password
model: comware
resolve_dns: true
interval: 3600
use_syslog: true
debug: false
next_adds_job: true
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 0.0.0.0:8888
next_adds_job: false
vars:
remove_secret: true
groups:
switches:
username: admin
password: password
misc:
username: admin
password: password
models: {}
pid: "/var/db/oxidized/.config/oxidized/pid"
crash:
directory: "/var/db/oxidized/.config/oxidized/crashes"
hostnames: false
stats:
history_size: 10
input:
default: ssh, telnet
debug: false
ssh:
secure: false
ftp:
passive: true
utf8_encoded: true
output:
default: git
git:
user: oxidized
email: email@example.com
repo: "//var/db/oxidized/git"
source:
default: csv
csv:
file: /var/db/oxidized/.config/oxidized/router.db
delimiter: !ruby/regexp /:/
map:
name: 0
model: 1
group: 2
username: 3
password: 4
vars_map:
ssh_port: 5
model_map:
juniper: junos
cisco: ios
h3c: comware
fortigate: fortios
force10: ftosTelling Oxidized what to backup
Create a basic router.db file. This is the file you will add all your devices that you wish Oxidized to backup. In the config file (see the section starting with source:). In this section you can see that we have defined a csv file with the fields as following:
name:model:group:username:password:ssh_port
NOTE: The name, model, and group are required but the other field will use the defaults if not included.
I have a HP Comware switch called core.example.com so lets create a router.db file with that in it. My comware switch used the default username and password so I will leave them out.
# cd /var/db/oxidized/.config/oxidized
# vi router.dbcore.example.com:comware:switcheschange hte permissions on the file so that Oxidized can read it and no one else. NOTE: this file may contain password so you want to make sure only the Oxidized user can see it.
# chown oxidized:oxidized router.db
# chmod 600 router.dbEnable Automatic Startup
Oxidized has a startup script that enables it to run on startup. Enter the following line to enable it to run on startup.
sysrc oxidized_enable="YES"Now go ahead and start the service up.
# service oxidized startIf all went well and the service started, you should be able to browse to the host you set it up on at port 8888 as following: http://hostname:8888