Date: Fri, 29 Mar 2024 09:54:00 +0000 (UTC) Message-ID: <1127853968.4095.1711706040756@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_4094_1932134103.1711706040756" ------=_Part_4094_1932134103.1711706040756 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
opConfig has 3 primary configuration files that make it run. &nb= sp;
Below is a description of how to configure them and a little explanation= of what they do.
conf/credential_sets.nmis holds the credential sets that are used when c= onnecting to a device. Even if auto discovery is not use the credenti= als still need to live in this file.
To setup credentials edit conf/credential_sets.nmis
#add/remove/chang= e the lines with default username/password info to match credentials for th= e devices you want to discover %hash =3D (=20 'empty' =3D> { username =3D> '', password =3D> '' }, 'myCredentialSetHere' =3D> { username =3D> 'YourUsername', password = =3D> 'YourPassword, password_privileged =3D> 'YourPassword_supersecre= t' } );
Make very sure this file is only readable by you / root (opfixperms.pl w= ill do this for you)
chmod 600 conf/cr= edential_sets.nmis
Connections tell opConfig how to connect to the devices you would like t= o gather configuration data from. Connections can be auto-discovered = if opConfig is attached to an NMIS configuration.
NB: opConfig will only attempt to discover devices from NMIS that are&nb= sp;active and are currently being collec= ted. To force all NMIS devices into the list (even if th= ey are not active) pass force_active=3Dtrue
bin/opconfig-cli.= pl act=3Ddiscover
This will attempt to use the credentials given in the credential_sets ag= ainst every active & collected device in NMIS using different transport= types (SSH and Telnet) and will output the commands it has found to connec= tions.nmis. If a connection for a device already exists in connection= s.nmis opConfig will leave the settings as they are and not attempt to disc= over them. If your list of credentials is long and your list of devic= es is long I suggest not using this method as it will take many many cups o= f coffee to complete.
NOTE: to skip testing each credential set pass disable_test=3Dtr= ue, if this is done the connections file will need to have the credential e= ntries for each device set, and the transport value checked (as it's only a= guess)
Here is a sample connections.nmis file, if you use auto discovery opConf= ig will produce output in this format (which is the required format):
%hash =3D ( 'asgard' =3D> { 'connection_info' =3D> { 'transport' =3D> 'Telnet', 'credential_set' =3D> 'myCredentialSetHere',=20 'personality' =3D> 'ios', 'node' =3D> 'asgard', 'host' =3D> '192.168.88.254' }, 'os_info' =3D> { 'featureset' =3D> 'Unknown', 'version' =3D> '12.4(25f)', 'platform' =3D> '1841', 'train' =3D> '12.4', 'major' =3D> '12.4', 'os' =3D> 'IOS', 'image' =3D> 'C1841-ADVENTERPRISEK9-M' } }, 'thor' =3D> { 'connection_info' =3D> { 'transport' =3D> 'SSH', 'credential_set' =3D> 'set4', 'personality' =3D> 'bash', 'node' =3D> 'thor', 'host' =3D> '192.168.88.8', 'priveleged_credential_set' =3D> 'set3' }, 'os_info' =3D> { 'featureset' =3D> 'N/A', 'version' =3D> '2.6.32-131.21.1.el6.x86_64', 'platform' =3D> 'x86_64', 'train' =3D> '2.6', 'major' =3D> '2.6', 'os' =3D> 'Linux', 'image' =3D> 'N/A' } } );
The important settings here are in the connection_info.
NOTE: If the command_sets you want to run filter b= ased on os_info then you will need to define the required data in order for= opConfig-cli.pl to match the connections you require. At the very le= ast os_info->os will need to be defined but for many devices it is likel= y you will want to define more than that so your command sets can target th= e device with better commands.
A default command_sets.nmis file is provided. It defines a list of= "command sets" to be run on devices that match the criteria laid out by ea= ch specific command set (usually by the os_info hash inside the command set= ). As many sets as you like can be added, with as many commands as yo= u like.
If you are running the lastest versions of IOS, at the time of writing 1= 5.1 was new, you would need to modify the command set to include 15.1 in th= e version list, this could be done by changing
'version' =3D> '/12.2|12.4|15.0/',
to
'version' =3D> '/12.2|12.4|15.0|15.1/',
or
'version' =3D> '/12.2|12.4|15.\d+/',
Changing it to 15.\d+ will match any version of IOS 15 from now on.
%hash =3D ( 'IOS_DAILY' =3D> { 'os_info' =3D> { 'version' =3D> '/12.2|12.4|15.0/', 'os' =3D> 'IOS' }, 'aging_info' =3D> { 'age' =3D> 'forever' }, 'scheduling_info' =3D> { 'run_commands_on_separate_connection' =3D> 'false' }, commands =3D> [ { 'tags' =3D> 'config,version,troubleshooting, detect-change', 'command' =3D> 'show version', 'privileged' =3D> 'false', 'multipage' =3D> 'true', 'run_command_on_separate_connection' =3D> 'false', 'command_filters' =3D> [ '/uptime is/' ] } }=20 );
A quick note, every opConfig try and bundle as many commands for the sam= e device together into a single session (or connection if you like). = If you would like the command set, or the individual command to be run on = it's own connection (a good idea for long running commands), you can set&nb= sp;run_commands_on_separate_connection =3D> 'true' to run each com= mand in that command set on it's own, or run_command_on_s= eparate_connection =3D> 'true' to run that specific command on it's own.=
bin/opconfig-cli.= pl act=3Drun_command_sets
This command will run all command sets against all matching connections.=
If you would like to run only specific command set/s: (comma separated, = no spaces)
bin/opconfig-cli.= pl act=3Drun_command_sets names=3DIOS_DAILY,LINUX_DAILY
This will run only the IOS_DAILY and LINUX_DAILY command sets.
There is currently no way to run a command set against a specific connec= tion, and no way to run only 1 specific command.
NOTE: Only nodes that are marked as "active" and "collect" in NM= IS are run, to force them to run add 'force_active' =3D> 'true' to = the connection
If you would like to run it against only specific nodes: (comma separate= d, no spaces):
bin/opconfig-cli.= pl act=3Drun_command_sets nodes=3Dnode1,node2