diff options
| author | slinderud <simen.linderud@gmail.com> | 2023-04-05 19:52:03 +0200 | 
|---|---|---|
| committer | slinderud <simen.linderud@gmail.com> | 2023-04-05 19:52:03 +0200 | 
| commit | 1039acac579c185fbddf5ab6cfce2b9f37806c7e (patch) | |
| tree | b1a6a2d7b968fb3af326b92927ef0e49d6f49404 /tools/oxidized | |
| parent | 1e83fed0a29559bfb019b93101a368d4606e7d98 (diff) | |
init oxidizedoxidized-tools
Diffstat (limited to 'tools/oxidized')
| -rw-r--r-- | tools/oxidized/README.md | 51 | ||||
| -rw-r--r-- | tools/oxidized/config/config | 60 | ||||
| -rw-r--r-- | tools/oxidized/img/slack.jpg | bin | 0 -> 87502 bytes | |||
| -rw-r--r-- | tools/oxidized/oxidized.j2 | 13 | ||||
| -rw-r--r-- | tools/oxidized/tools/monitor/30-oxidized.conf | 17 | ||||
| -rw-r--r-- | tools/oxidized/tools/monitor/monitor.service | 8 | ||||
| -rw-r--r-- | tools/oxidized/tools/monitor/monitor.sh | 11 | ||||
| -rw-r--r-- | tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service | 4 | ||||
| -rw-r--r-- | tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh | 3 | ||||
| -rw-r--r-- | tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer | 8 | ||||
| -rw-r--r-- | tools/oxidized/tools/slack/yolo.sh | 7 | 
11 files changed, 182 insertions, 0 deletions
| diff --git a/tools/oxidized/README.md b/tools/oxidized/README.md new file mode 100644 index 0000000..0130ddb --- /dev/null +++ b/tools/oxidized/README.md @@ -0,0 +1,51 @@ +# Oxidized + +Config backup used during TG23 + +Features + +- Config diff upload to Slack +- Fetches devices from gondul +- Automatic reload of device list + +## Tools + +A few moving components + +### monitor + +This service monitors a syslog file for changes and then runs a REST api call to oxidized +to queue a new backup job. +Make sure to only send `UI_COMMIT_COMPLETED` to this. Or modify bash script to look for this message. + +NB. Only use IP of syslog server. If you're using DNS, it will send the logg twice. [This is intended feature(tm) from Juniper](https://supportportal.juniper.net/s/article/Junos-Syslog-server-receives-duplicate-syslog-when-using-DNS-name-as-host?language=en_US) + +Config example + +```junos +system { +    syslog { +        /* Oxidized syslog */ +        host <IP of Syslog server> { +            interactive-commands notice; +            match UI_COMMIT_COMPLETED; +            source-address <lo0>; +        } +    } +} +``` + +### refresh-oxidized + +Supersimple service to refresh device database of oxidized every minute + +### slack / yolo.sh + +Uploads a diff of a git commit (in essence, the config of a single device) after every backup action. +Quite useful + + +## References + +- <https://codingpackets.com/blog/oxidized-getting-started/> +- <https://codingpackets.com/blog/oxidized-gitlab-storage-backend/> diff --git a/tools/oxidized/config/config b/tools/oxidized/config/config new file mode 100644 index 0000000..7c42637 --- /dev/null +++ b/tools/oxidized/config/config @@ -0,0 +1,60 @@ +--- +username: oxidized +password: <PASSWORD> +interval: 0 +debug: true +use_max_threads: true +# Default value +threads: 30 +# Default value +timeout: 20 +# Default value +log: /opt/oxidized/logs +retries: 3 +prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/ +rest: 127.0.0.1:8888 +pid: "/opt/oxidized/pid" +crash: +  directory: "/opt/oxidized/crashes" +  hostnames: false + +source: +  default: http +  debug: false +  http: +    secure: false +    scheme: https +    url: https://gondul.tg23.gathering.org/api/templates/oxidized.json +    map: +      name: hostname +      model: os +      ip: ipv4 +    headers: +      Authorization: Basic <BASIC> + +input: +  default: ssh +  debug: false +  ssh: +    secure: false +  utf8_encoded: true + +output: +  default: git +  file: +    directory: "/opt/oxidized/output/configs" +  git: +    single_repo: true +    user: yolomation +    email: yolomation@gathering.org +    repo: "/opt/oxidized/output/configs.git" + +hooks: +  yolomation: +    type: exec +    events: [post_store] +    cmd: '/opt/oxidized/tools/yolo.sh' + +use_syslog: true +resolve_dns: true +next_adds_job: true diff --git a/tools/oxidized/img/slack.jpg b/tools/oxidized/img/slack.jpgBinary files differ new file mode 100644 index 0000000..af5048c --- /dev/null +++ b/tools/oxidized/img/slack.jpg diff --git a/tools/oxidized/oxidized.j2 b/tools/oxidized/oxidized.j2 new file mode 100644 index 0000000..df15b7d --- /dev/null +++ b/tools/oxidized/oxidized.j2 @@ -0,0 +1,13 @@ +{% set mgmt = objects["read/switches-management"].switches %} +{% set ping = objects["public/ping"].switches %} +{% set switches = objects["public/switches"].switches %} +[ +{% for switch, state in ping.items() if state.latency4 is not none and not "server" in switches[switch].tags%} +    { +        "hostname": "{{ mgmt[switch].sysname }}.tg23.gathering.org", +        "os": "junos", +        "ipv4": "{{ mgmt[switch].mgmt_v4_addr }}", +        "ipv6": "{{ mgmt[switch].mgmt_v6_addr }}" +    }{% if not loop.last -%},{% endif %} +{%endfor%} +] diff --git a/tools/oxidized/tools/monitor/30-oxidized.conf b/tools/oxidized/tools/monitor/30-oxidized.conf new file mode 100644 index 0000000..441544a --- /dev/null +++ b/tools/oxidized/tools/monitor/30-oxidized.conf @@ -0,0 +1,17 @@ +# Config File for rsyslog +# Listen for syslog messages on UDP:514 +$ModLoad imudp +$UDPServerRun 514 +$PreserveFQDN on + + +module(load="omfile") + +# %fromhost-ip% +# Define a template to format the log messages +template(name="RemoteSyslogFormat" type="string" string="%hostname%.tg23.gathering.org %syslogtag%%msg%\n") + +# Log messages from remote hosts to a file +if $fromhost-ip != "127.0.0.1" then { +    action(type="omfile" file="/var/log/remote-commit.log" template="RemoteSyslogFormat") +} diff --git a/tools/oxidized/tools/monitor/monitor.service b/tools/oxidized/tools/monitor/monitor.service new file mode 100644 index 0000000..fbf4c5f --- /dev/null +++ b/tools/oxidized/tools/monitor/monitor.service @@ -0,0 +1,8 @@ +[Unit] +Description=Monitor syslog + +[Service] +ExecStart=/opt/tools/monitor.sh + +[Install] +WantedBy=multi-user.target diff --git a/tools/oxidized/tools/monitor/monitor.sh b/tools/oxidized/tools/monitor/monitor.sh new file mode 100644 index 0000000..79095ae --- /dev/null +++ b/tools/oxidized/tools/monitor/monitor.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +f="/var/log/remote-commit.log" + +inotifywait -m -e modify "$f" --format "%e" | while read -r event; do +    if [ "$event" == "MODIFY" ]; then +        host=$(tail -n 1 $f | cut -d' ' -f1) +        curl -s -X GET "http://127.0.0.1:8888/node/next/${host}" > /dev/null +	echo "Fetching config from ${host}" +    fi +done diff --git a/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service new file mode 100644 index 0000000..b26158d --- /dev/null +++ b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service @@ -0,0 +1,4 @@ +[Unit] +Description=Update git folder +[Service] +ExecStart=/opt/tools/refresh-oxidized.sh diff --git a/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh new file mode 100644 index 0000000..aa295b1 --- /dev/null +++ b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh @@ -0,0 +1,3 @@ +#!/bin/bash +echo "Reloading config..." +curl -s http://127.0.0.1:8888/reload?format=json -O /dev/null diff --git a/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer new file mode 100644 index 0000000..43fc522 --- /dev/null +++ b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Update Oxidized +[Timer] +OnBootSec=60 +OnUnitActiveSec=60 +AccuracySec=1ms +[Install] +WantedBy=timers.target diff --git a/tools/oxidized/tools/slack/yolo.sh b/tools/oxidized/tools/slack/yolo.sh new file mode 100644 index 0000000..dd76190 --- /dev/null +++ b/tools/oxidized/tools/slack/yolo.sh @@ -0,0 +1,7 @@ +#!/bin/bash +cd "$(dirname "$0")" +cd ../oxidized/output/configs.git +git push --force +git diff HEAD^ ${OX_REPO_COMMITREF} > /tmp/config_diff_oxidized.txt +curl  -F file=@/tmp/config_diff_oxidized.txt -F "initial_comment=${OX_NODE_NAME} got a config update. View the commit here: https://github.com/gathering/netconfig/commit/${OX_REPO_COMMITREF}" -F filename=${OX_REPO_COMMITREF} -F filetype=diff -F channels=C<CHANNEL ID> -H "Authorization: Bearer xoxb-<TOKEN>" https://slack.com/api/files.upload +rm /tmp/config_diff_oxidized.txt | 
