Child pages
  • opConfig Release Notes
Skip to end of metadata
Go to start of metadata

opConfig 3.0.7

This maintenance release of opConfig was published on 19 Sep 2017.

Highlights

  • More robust handling of slow commands
    You can now configure how opConfig should react to a particular command (or command set) timing out:
    it can either terminate and reopen the connection (default) or attempt a state resynchronisation (at the cost of some extra delay).
  • Improved handling of interaction with very slow devices
    opConfig now handles complex and/or slow logins (e.g. ones with extra banners) more robustly.
  • This version of opConfig introduces "Device Presets", which allow more fine-grained control of a device's timing options.
  • Various minor bug fixes

opConfig 3.0.6

This is a maintenance release of opConfig and was published on 9 Jun 2017.

Highlights

  • This version of opConfig fixes some scalability and robustness issues related to MongoDB interaction.
    The first startup this version may be slow as certain missing database indices have to be generated.
  • A number of robustness and reliability improvements were made in both the opConfig GUI and the backend.
  • opConfig now supports Delegated Authentication.
  • The Help menu now provides access to MongoDB status information.
  • It is now possible (but not recommended) to disable all DNS use in opConfig.
  • opConfig's node selection GUI now defaults to mode remote for opconfig_gui_node_search_mode.
    This mode doesn't show group memberships as nicely as mode prefetch, but scales much better for large installations.
  • Mikrotik device support was improved greatly, and the run_commands_noninteractively workaround is no longer required.
  • opConfig now supports Cisco ASA devices.
  • opConfig now handles discovery of device settings more robustly and communication errors are detected and reported better.
  • The standard phrasebooks were cleaned up for maximum interoperability.
  • Various minor improvements and bug fixes.

opConfig 3.0.4

Version 3.0.4 is a maintenance release of opConfig, published on 21 Feb 2017.

Highlights

  • The GUI performance was improved for greater scalability, and the dashboard and overview pages now allow to view substantially longer time periods without excessive slowdown.
  • opConfig now fully supports MongoDB 3.2, and the installer will offer to install that version if your system doesn't have MongoDB installed.
  • The Node editing index page now shows which applications the nodes are enabled/activated for.
  • The opconfig-cli action test_connect produces better (and safer) diagnostic output, and now supports option always_privileged=1/0 and ssh_key=<somepath>.
  • OS detection rules and phrasebooks for Fortinet and Mikrotik devices were updated.
  • opConfig's import from Open-AudIT Enterprise  honors filter expressions in confcommand_sets.d/externals.nmis again.
  • Various smaller bug fixes and minor improvements.

opConfig 3.0.3

Version 3.0.3 was released on 16 Nov 2016. It's a maintenance version with two new features.

Highlights

  • opConfig can now optionally run commands over SSH noninteractively
    The new command set scheduling option "run_commands_noninteractively" controls this behaviour: if set to true, all commands in the command set are issued using separate, independent and non-interactive SSH connections to the node.
    The normal default mode is to open one interactive SSH session to the device, then run commands sequentially in that shared session. This requires a fully working 'phrasebook' for the device (e.g. for determining when a command is done, where the next prompt is and so on).  For certain devices (e.g. Mikrotik) this interactive to-and-fro operation doesn't work reliably, and run_commands_noninteractively provides a more robust but less efficient alternative. The opConfig User Manual describes this feature in. more details
  • New capability for transferring and tracking arbitrary files
    A new special command called _download_file_ was added for command sets, which (combined with the new options run_local and store_internal allows you to specify what files opConfig should downloaded from a node (using SCP) and whether they should be tracked as text or as binary files. Please see the opConfig User Manual for further details.
  • Diagnostic output of opconfig-cli.p act=test_connect was fixed, and always_privileged can now be passed through to test_connect, too.
  • New and improved device support for Mikrotik and Fortinet
  • Various bug fixes and minor improvements.

opConfig 3.0.2

Version 3.0.2 was released on 3 Nov 2016.

This is primarily a maintenance release but we couldn't help introducing a few new features as well.

Highlights

  • opConfig now fully supports SSH keys for authentication at at target system, managed using the Credential Set GUI.
  • opConfig now properly supports devices which provide direct access to privileged/superuser/enabled mode (e.g. when TACACS+ is configured to put theuser in enable mode).
    To inform opConfig to adjust its behaviour accordingly you'll have to set the new option "Automatically Privileged" for the given credential set.
  • Connection details and credential discovery was improved for greater robustness.
    opConfig now deals properly with partially overlapping credentials (e.g. same user name and login password but different privileged/enable passwords), also taking into account the privileged mode.
  • Discovery of a node's connection details and credentials is now possible from the GU
    The new button "Discover Connection Details" schedules an immediate (but asynchronous) (re)discovery of a node.
  • Discovery of connection details can now be scheduled for a future time using opconfig-cli.
  • Initial state of nodes imported from NMIS is now configurable.
    This is meant for sites with lots of nodes in NMIS but only a few managed by opConfig: If you set the configuration option opconfig_import_nodes_activated to false, then any newly imported nodes will be added as 'deactivated for opConfig'.
    Please note that this applies only to new nodes, and only to the node's activation state for opConfig (i.e. not opEvents or other applications).
  • Configuration change pushing for devices without explicit 'configure' mode (e.g. Unix servers) is now more robust
    opConfig now autodetects whether a configuration mode is available, based on the phrasebook for the selected node personality. If no configuration mode is available, opConfig performs the configuration change operations in privileged/enabled/superuser mode instead.
  • The installer now automatically sets up a unique application secret (on install or upgrade), unless your system is already configured for SSO.
  • Various bug fixes and minor improvements

opConfig 3.0.1

Version 3.0.1 was released on 24 Jun 2016.
This is a maintenance release to address a number of compatibility and robustness issues that surfaced recently. No new features were added.

opConfig 3.0.0

Version 3 of opConfig  was released on 23 May 2016.

Highlights

  • opConfig now provides a flexible infrastructure for pushing configuration changes to devices.
  • The opConfig daemon was made much more robust, and the application logging was reworked for improved consistency.
  • The installer now provides example cron snippets in conf/cron.d/.
  • Phrasebooks are now updated automatically, and the application warns if conflicting phrasebooks exist.
  • The opConfig daemon now restarts when configuration file changes are detected.
  • OS Detection is now extensible and customisable, using the new configuration file OS_Rules.nmis, and discovery and NMIS import are more robust.
    Various new device types are now detectable.
  • Various GUI pages were reworked for improved performance and usability, e.g. more  flexible search functionality, bulk operations etc.
  • Importing Open-AudIT Enterprise results is now more robust.
  • The running of command sets can now be scheduled for a future time, using opconfig-cli's new at=<timespec> argument.
  • User actions are now logged comprehensively in the new log file log/audit.log.
  • The opConfig GUI now supports time zones.
    If you set the config option omkd_display_timezone to your desired timezone, then all times in the opConfig GUI will be displayed in that timezone and including the timezone offset.
    You can use any timezone definition from the ISO8601 standard and the Olson database, plus "local" (meaning the timezone configured on the server).
    If this option is not set, the times will be shown in the "local" timezone but without zone offset. If explicitely set to "local", the offset suffix is shown.

opConfig 2.2.4

Version 2.2.4 was released on 23 Nov 2015. It is primarily a maintenance release, but we couldn't help introducing a number of new features.

Highlights

  • opConfig now offers free licenses which are not time limited (but limited to 20 nodes).
    With this version it is also also much simpler to select and download any of your existing licenses from within the opConfig GUI.
  • The command sets configuration file, conf/commands_sets.nmis, was split into a directory of smaller files in conf/command_sets.d, which makes them easier to maintain. The installer offers to disable the old file if it wasn't modified since the last release; for backwards-compatibility purposes the old file is consulted first and only non-clashing command sets are used.
    The list of default command sets shipped with opConfig was also extended.
  • The phrasebooks for various device types were reorganized and a number of new device types are now included.
  • Node editing activities are now logged in log/audit.log for auditing purposes. This covers both changes made in the GUI as well as via opnode_admin.pl.
  • The installer now offers to merge and consolidate the authentication files for OMK applications and NMIS into a single htpasswd file.
  • opconfigd was reworked for better robustness and now logs to log/opConfig.log; it also restarts automatically on configuration changes.
  • The opConfig GUI now reuses and caches database connections for increased performance, and a number of other performance-improving modifications were made.
  • Irrevocable operations in the GUI now require confirmation.
  • The GUI dashboard was reorganized somewhat, and less essential menu items were moved to the right (e.g. links to other modules).
    There is now an "Advanced" drop down menu to let you set the Top-N parameter (as well as custom time periods) for the primary dashboard.
    Page/Tab titles were improved and now reflect what part of the opConfig GUI is being accessed.
  • The GUI has a new screen named "Commands Overview" which shows the most recent commands in tabular form. The Node Summary page now provides direct access to both Commands and Changes Overview for the given node.
  • The new configuration option opconfig_default_period lets you select the default period for all GUI pages.
    The new configuration option opconfig_application_heading lets you change the page heading to a custom value.
  • opnode_admin.pl now works better even with badly named nodes, and is more user-friendly: it now supports the new operations act=show and act=set for easy access to a node's properties and for changing those. In addition to that, the tool can now completely delete nodes (including any opConfig or opEvents data for them) when the extra argument deletedata=true is given.
  • A bug in importing nodes from NMIS was repaired, and now notes and comments are retained on refresh.
  • There is a new example script bin/opconfig_node_update.pl which is shipped in source and demonstrates various large-scale automation operations related to opConfig.
  • A bug in the multiprocessing code in opconfig_cli.pl was repaired, which could lead to the tool deadlocking and consuming all CPU until killed manually. The help text in opconfig-cli.pl was also improved, as was the argument format for passing in multiple nodes.  The transport and credential set discovery operation now learns from past successes and tries common combinations of transport and credential set first, and the diagnostic output for the various types of discovery outcomes was improved.

opConfig 2.2.2

Version 2.2.2 is a maintenance release with only a small number of new features.

Highlights

  • This version interoperates fully with NMIS 8.5.10G, and requires at least this version of NMIS to be installed. Please check the Product Compatibility page for details.
  • opConfig now works with MongoDB 2.4, 2.6 and 3.0.
  • The Help/About screen shows more useful information, including a note about new opConfig releases. The window titles and icons have been updated.
  • Some new device types have been added to the Personality list, and the default command set was adjusted.
  • If installed together with opEvents or opAddress, then opConfig now provides links to node-related dashboards in those products  when possible.

opConfig 2.2.0

Version 2.2.0 was released on 30 Jan 2015. It includes a number of new features.

Highlights

  • opconfig-cli.pl now supports bulk transport and credential set discovery for all defined nodes.
  • opConfig can now optionally raise "Node Configuration Change" events via NMIS when a change is detected for a particular command.
    To enable this the command must be tagged with both change-detect and report-change. There is also the option to set a fixed event severity level (with report_level) or dynamically based on the number of changes detected (with report_level_min_changes). The default command_sets.nmis contains examples for both.
  • opConfig now supports a flexible and configurable mechanism for purging old revisions from the database. The details are documented on the separate page about how to purge old data in opConfig. You can also set/unsed a "protected" flag for a particular command's revision from within the GUI.
  • opConfig now includes a new Operational Status Report page, which makes it easier to get an overview of what opConfig is doing to which nodes, when, and how successful it was with these operations.
  • Compliance summaries are now shown on a separate page under Views -> Compliance Summary, not buried among the Compliance Status Details.
  • There is a new Node Report page, which provides a convenient overview of the active nodes, when the last commands were run, most recent change detected, most recent problem encountered etc.
  • The per-node Node Info page now includes a link to the node editing page, if the privileges of the current user are sufficient.
  • The opConfig GUI now provides a more interactive Node selector in the menu bar, which allows node lookup based on node name, IP address, group (and fragments thereof).
    This feature is adjustable using opconfig_gui_node_search_mode in opCommon.nmis and you can disable it altogether should you prefer the old drop-down list.
  • The default command_set.nmis that is shipped with opConfig was extended to include more common diagnostic/troubleshooting commands, suitable for example for running in reaction to an event in opEvents.
  • Group-based access control was refined and corrected in a few places. A user whose privileges don't  include a particular group will now not be able to access any data related to nodes in said group and any nodes that don't  belong to any group.
  • opConfig's import capability from Open-AudIT Enterprise was improved and now provides (optional) filtering, so that unimportant changes in the audit data (e.g. uptime or last DHCP lease renewal) can be ignored and don't create unwanted new revisions in opConfig.
  • The help texts and tool tips in the GUI were reworked and improved.
  • Log file rotation now works correctly and logs are reopened post-rotation.
  • The default file permissions for opConfig-generated files were adjusted and improved.
  • The installer is now more robust.
  • opconfigd's init script was made more robust and brought into line with the Linux Filesystem Hierarchy Standard.
  • Some nuisance warning outputs of omkd and opconfig-cli.pl were eliminated, and error reporting and logging in general were improved.
  • The CSS and Javascript components of the GUI were reworked for improved performance

opConfig 2.1.0

Version 2.1.0 was released on 24 Nov 2014, and includes some new features as well as numerous bug fixes.

Highlights

  • opConfig can now use a separate MongoDB if so desired (but node and credential configuration remain in the default/common/shared database).
  • This version includes a helper for setting up MongoDB for Opmantek use, and the installer offers to run the helper on installations and upgrades.
  • opConfig now supports per-node licensing and activation: nodes can be marked disabled from within the GUI, in which case the node does not count for license limits and no commands are run on that node, nor are audit results imported or compliance rules evaluated. By default all nodes are active.
  • The node configuration infrastructure in opConfig is now fully unified and shared with opEvents.
  • opConfig now includes a full-featured command line tool for node administration, bin/opnode_admin.pl . This tool implements all node management functions already present in the GUI, as well as some extras to make it suitable for scriptable node creating and editing.
  • The display of errors and exceptions in the GUI has been improved.
  • Opmantek applications can now be selectively enabled using the configuration option load_applications.
  • opconfig-cli can now be told to echo command outputs (via command line option print_command_output=true) to better integrate with external tools
  • Importing audit results from Open-AudIT Enterprise was improved to analyze and use more of a node's characteristics
  • The node editing gui was extensively reworked.
  • Error handling and reporting for opconfig-cli were improved.
  • Various fixes and improvements to both GUI and back ends

opConfig 2.0.1

Version 2.0.1 was released on 30 Sep 2014, and is an important bug-fix release. We strongly recommend that you upgrade from version 2.0.0 at your earliest convenience.

  • We detected a problem with the version of the bundled MongoDB client library, which causes database connections not to be closed correctly.
    This causes the MongoDB server to reject new connections once  the normal limit of concurrent connections is exhausted (in the high hundreds).
    This, in turn, causes both the Opmantek GUI and opconfig-cli to fail after a number of  accesses.
  • Release 2.0.1 was built with an updated, fixed version of the MongoDB client.
  • If you have opEvents and opConfig 2.0.0 installed on your system, then the MongoDB client problem will affect both products as the library module is shared.
    Upgrading opConfig to version 2.0.1 will resolve the issue for both products.
  • This version also ships with the newest version of the Opmantek Support Tool.

opConfig 2.0.0

Version 2.0.0 was released on 25 Sep 2014.

It's a new major release of opConfig with many substantial changes.

Highlights

  • This version comes with the interactive Opmantek Installer which guides you through both upgrades and initial installations.
  • opConfig no longer uses CGI scripts; instead it integrates with the Opmantek Web Server infrastructure, which provides consistency across applications and better scalability.
    opConfig now runs out of  /usr/local/omk and interoperates with all other current Opmantek Applications (ie. opExport, opEvents, opCharts, opHA 2, Open-AudIT Enterprise).
  • The GUI was revised and modernized, and both interactive response time and performance have improved substantially.
  • opConfig now provides a flexible and extensible facility for (software and configuration) Compliance Management.
  • Credential sets are now stored in encrypted form within the database.
  • opConfig now provides integration with Open-AudIT Enterprise and optionally imports complete audit information for nodes known to Open-AudIT Enterprise.
  • opConfig now interoperates better with opEvents, and node configurations are shared between the applications. Importing node information from NMIS also has been simplified.
  • User authorization (using groups) is now supported and nodes are completely invisible to users whose authorization doesn't match the nodes' groups.
  • The default command sets were reorganized and now support easier separation into different classes, e.g. hourly/daily/weekly sets of commands.
  • The functionality of the opconfig-cli.pl CLI tool and its builtin documentation were extended and improved.
  • opConfig now also ships with the Opmantek Support Tool.
  • Almost all configuration is now performed from within the GUI. The only remaining configuration files are the opCommon file, and the command set and compliance policy files.
    Existing credential sets and connection lists are migrated automatically on first startup.
  • Application logging was revised and overhauled.
  • opConfig now deals better with querying Unix systems for configuration.
  • And of course lots of bugs were resolved, and minor imperfections repaired.

opConfig 1.1.9

Version 1.1.9 was released on 21 Feb 2014.

Highlights

This is a maintenance release incorporating primarily minor bug fixes. The main noteworthy change is an update to the licensing system: to evaluate opConfig you will require a new evaluation license. Full licenses are not affected by this change.

  • No labels