Versions Compared

Old Version 11

changes.mady.by.user Nick Day

Saved on

compared with

New Version 12

changes.mady.by.user Nick Day

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • CREDENTIAL SETS:

    • Credential sets are a combination of usernames, passwords, access protocols (ssh, telnet), privilege modes privileged passwords etc. allowing access to the devices CLI.
    • Once the credential set has been used to create a working CLI access then "commands" can be issued and the results recorded.

  • COMMAND SETS

    • Commands are normally command line constructs which will be executed on the node in question. 

      • (Some are "passive commands" like "audit-import" which are not actually run on the node but the result is associated with node.

      • Commands can be grouped and collected into what opConfig calls a "command set". Command sets are configured to apply only to particular OS and maybe versions or platforms.

    • The command output is captured and stored by opConfig.

    •  Command outputs are compared against the previous revision, and if different it's saved as a new revision in opConfig.  It could also be a one-shot command which is not analyzed in great detail (e.g. a process listing or some other diagnostic command)

    • A command can be marked for change detection in which case more detailed analysis occurs for changes.

  • CHANGES / REVISIONS:

    • Command outputs can be marked for change detection (e.g. a listing of installed software), in which case opConfig creates detailed records of what the changes are - again only if there are differences between the current command output and the most recent revision for this command.

    • Revisions are  the time series of the command outputs and there changes.

...

Please note that the Credential  Set editing dialogs do dialogs never show existing passwords (or their legth or existence); You can only overwrite password entries. All credential sets are stored in the database in encrypted form.

...

If you successfully import the node from NMIS you should only need to add the credential set and the transport protocol (which are in the connection tab).  Import generally works for "bashLinix" like devices and for Cisco devices.  For all other device types you simply need to add some details by hand.  You will see what configuration you MUST still add displayed as part of the "Edit Node" screen.  

...

  1. General TAB - This is generic information about the device and is the information imported from NMIS / OpenAudit.   Only the host entry needs to be correct here, and it must be a usable FQDN or IP address.
  2. Connection TAB -  To connect to a node, opConfig needs to know some information about it
    1.  Personality this is the CLI Parsing to use to enable the issuing of commands e.g. line endings, prompts etc.  The Personality includes information about the prompts, line-ending conventions etc. a node is subject to; for example, the 'ios' personality handles understanding the > prompt and  "enable" command and "bash" understands shell prompts.  The personalities supported are available in the drop down.
    2.  CredentialSet - NOT  NOT automatic and needs to be set - authentication and authorization in the form of the access credential set created earlier.
    3. Transport (Telnet or SSH) - NOT  NOT automatic and needs to be set Also note this cannot get flagged as not being changed in the Configuration Problems window so do check it.
  3. OS info TAB -  Once connected to a node we need to know the OS and maybe version, subversion, platform in use to select the right commands to issue and how to parse the command results.  This where COMMAND SETS ("command_sets.nmis" file) that opConfig uses, makes association between the OS and maybe a  version and maybe a major release or train and the command to issue and how to parse it. 
    1. These fields should be automatically populated if your device was discovered by NMIS or OpenAudit and if they are Cisco IOS or Linux devices

    2. The OS field and potentially the version and other fields must match the 'os' => and any 'version' =>   fields in the command_sets.nmis file.

    3. See the command sets section later and have a look in the file if you want to know what os and version fields will work.  If the import did not get resulrs results you can try the following: for Cisco IOS typically if you put OS as "IOS" and version as "12.2" you will get results and Linux OSs use just OS as "Linux"

...

  • meta-information like the command set's name,name - The command set name is used in CRON to determine when / how often this command set is run.
  • optional control information like scheduling constraints and an expiration policy for the commands in that set,
  • filters for selecting which devices/nodes the command set should apply to.  These are the os_info, version, os fields discussed before which are discussed in more detail below.
  • and finally the list of the actual commands to be run.

...