Versions Compared

Old Version 35

changes.mady.by.user Alexander Zangerl

Saved on

compared with

New Version 36

changes.mady.by.user Josune Cordoba

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel3

 


Excerpt

opConfig Concepts

The main concepts to bear in mind are nodes, credential sets, commands, changes and revisions:

  • NODES:

    • Nodes are devices/computers that opConfig knows about, and which it is configured to run commands for.

    • As opConfig needs to connect to the node in question and execute commands on that node, the node needs to be configured with access credentials. In opConfig these are stored independent from the nodes in what opConfig calls credential sets.

  • CREDENTIAL SETS:

    • Credential sets are a combination of usernames, passwords, privileged passwords etc. allowing access to the devices CLI.
    • Once the credential set has been used to create a working CLI access then "commands" can be issued and the results recorded.

  • COMMAND SETS

    • Commands are normally command line constructs which will be executed on the node in question. 

      • (Some are "passive commands" like "audit-import" which are not actually run on the node but the result is associated with node.

      • Commands can be grouped and collected into what opConfig calls a "command set". Command sets are configured to apply only to particular OS and maybe versions or platforms.

    • The command output is captured and stored by opConfig.

    •  Command outputs are compared against the previous revision, and if different it's saved as a new revision in opConfig.  It could also be a one-shot command which is not analyzed in great detail (e.g. a process listing or some other diagnostic command)

    • A command can be marked for change detection in which case more detailed analysis occurs for changes.

  • CHANGES / REVISIONS:

    • Revisions are the command outputs as collected over time.
    • opConfig lets you distinguish between "very dynamic" and "mostly static" commands in an efficient flexible fashion:
      • Static commands should be marked for detailed change detection.
        In this case, a new revision is created if and only if there are (relevant) differences between the most recent state and the new  command output.
      • Dynamic commands should not be marked for change detection.
        Every time such a command is run, the output will be saved as a new revision - regardless of whether there were any differences between historic and current state.

...

Info

To enable or disable this feature in general edit /usr/local/nmis8/conf/Config.nmis. 

Code Block
title/usr/local/nmis8/conf/Config.nmis
    'log_node_configuration_events' => 'true',

If set to true the feature is enabled; if set to false the feature is disabled.

...


In this case, the Redhat/Centos command chkconfig (= list of system services to automatically start on boot) will be checked for changes, and if any are found then a "Node Configuration Change" event with the context node in question, the element "chkconfig" and the serverity "Minor" will be raised in the local NMIS.

...

In this example, changes in the vgdisplay command output would result in an event of severity Normal if there are 1 or 2 changes, Minor for 3 to 9 changes, and Major for 10 or more. 


How to categorize command sets (and why)

...

Using tags in this fashion for categorization is much more convenient than having to tell opconfig-cli.pl which command sets to run by name (which is also possible). 


General Usage of opconfig-cli.pl

...

Listed below are the possible options for the act=X argument:

import_from_nmis

Info
titleInfo

This option is only available from versions < 4.0.0. From opConfig 4.0.0, the data is shared between applications. 

Grabs one or more nodes from NMIS. Identical in function to "Refresh" or "Import Nodes from NMIS" in the GUI.

Info
titleAutomatically Setting a Nodes opConfig attributes

When a device is imported we automatically set a number of the devices opConfig attributes such as "connection_info.personality" "os_info.os" etc.

The matching of NMIS device attributes and the subsequent setting of opConfig attributes is controlled via omk/conf/OS_Rules.nmis

You can extend this file to automatically set all sorts of opConfig device attributes when an import is done, e.g you might set all cisco devices to use ssh by setting 'connection.transport' => 'SSH',

For more information see Create an OS Rule and OS Rules Help Text

...


discover

Tests a single given node (argument node=nodeX) and attempts to determine its Transport and Credential Set configuration. The node must already have a Personality set.

...