...

The main concepts to bear in mind are nodes, credential sets, commands, changes and revisions.:

• NODES:

  • Nodes are

...

• • devices/computers that opConfig knows about, and which it is configured to run commands for.

  • As opConfig needs to connect to the node in question and execute commands on that node, the node needs to be configured with access credentials. In opConfig these are stored independent from the nodes in what opConfig calls credential sets.

...

• CREDENTIAL SETS:

  • Credential sets are a combination of usernames, passwords, access protocols (ssh, telnet), privilege modes etc. allowing access to the devices CLI.
  • Once the credential set has been used to create a working CLI access then "commands" can be issued and the results recorded.

• COMMANDS:

  • Commands are normally command line constructs which will be executed on the node in question. 

    • (Some are "passive commands" like "audit-import" which are not actually run on the node but the result is associated with node.

    • Commands can be grouped and collected into what opConfig calls a "command set". Command sets can be configured to apply only to particular platforms or OS versions.
      

  • The command output is captured and stored by opConfig.

  •  Command outputs are compared against the previous revision, and if different it's saved as a new revision in opConfig.  e.g.a one-shot command which is not analyzed in great detail (e.g. a process listing or some other diagnostic command)

  • A command can be marked for change detection

...

• • in which case more detailed analysis occurs for changes.

• CHANGES / REVISIONS:

  • Command outputs can be maked for change detection (e.g. a listing of installed software), in which case opConfig creates detailed records of what the changes are - again only if there are differences between the current command output and the most recent revision for this command.

...

• • Revisions are  the time series of the command outputs and there changes.

Adding or Modifying Nodes

To tell opConfig to run commands for a node it

How to add (or modify) a Node

To tell opConfig to run commands for a node it needs to be told about the node's existence and what properties the node has (e.g. what platform, what OS, whether what credential set (ssh telnet) to use Telnet or SSH to contact the node and so on ). Adding a node for opConfig can be done using the GUI or the command line tools opconfig-cli.pl and opnode_admin.pl. You can provide the add node 's information manually to opConfig, or you can import a node's info from NMIS or OpenAudit.

opConfig will can connect to any node (and run commands for it) that has as long as it has valid connection settings and which isn't explicitely for it (and as long as it is note disabled for opConfig).

Add a node Using the GUI

...

• System menu

...

• • Edit Nodes.

...

• • 
    Image Added
    
    • "Import new Nodes from NMIS"

...

• • • or  "Add Node"   -  These let you create new node records

...

• • • either automatically or manually.  
      • If you successfully import the node you should only need to add the credential set and the transport protocol.  See below about config problems.

The following is a breakdown on the information opConfig uses about the device, which you might need to edit manually if certain information was not already known

1. General TAB - This is generic information about the device and is the information imported from NMIS / OpenAudit.
2. Connection TAB -  To

If you edit an imported, existing node or click on Add Node you'll likely see some entries in the red "Configuration Problems" tab. Here is an example:

Image Removed

The problem reports are fairly self-explanatory (and clickable), but let's go over them quickly:

...

1. connect to a node, opConfig needs to know

...

1. some information about it,  a lot of this is automatically added based on NMIS or OpenAudit information
   1.  Personality this is the CLI Parsing to use to enable the issuing of commands -The Personality is also required to tell opConfig what kind of commands this node understands, e.g. whether it's a Unix-like system with a real shell or whether it's a Cisco IOS device and so on. The Personality includes information about the prompts, line-ending conventions etc. a node is subject to; for example, the 'ios' personality works only on Cisco IOS devices, while the 'bash' personality covers just about all Unix systems with the bash shell.

...

1. 1.  CredentialSet - NOT automatic is the credentials to use
   2. NOT automatic is what Transport to use (Telnet or SSH).
2. OS TAB - opConfig needs to know about your new node's OS  - this is because the default command sets that opConfig uses are associated to the Operating System name.  
   1. These fields should be automatically populated if your device was discovered by NMIS or OpenAudit
      
      
   • Most entries on these editing pages have tooltips with explanations. If you edit or add a node you will likely see some entries in the red "Configuration Problems" tab. Here is an example:
     • Image Added
       The problem reports are fairly self-explanatory (and clickable), but let's go over them quickly:
     • At this point in time, opConfig supports only Telnet and SSH, and for SSH only password-based authentication is supported.
     • If a node is imported from NMIS (or Open-AudIT Enterprise) then the OS Info is prefilled as much as possible (but can be modified by you, of course). If there is no or incorrect OS information, then opConfig will not run any or the right command sets on your node.
     • And, last but not least: interactive connections to nodes clearly require authentication and authorization in the form of access credentials, hence you must tell opConfig which Credential Set should apply to your new node.

Import (and discovery) from the Command Line

...