...

• CREDENTIAL SETS:

  • Credential sets are a combination of usernames, passwords, access protocols (ssh, telnet), privilege modes etc. allowing access to the devices CLI.
  • Once the credential set has been used to create a working CLI access then "commands" can be issued and the results recorded.
  COMMANDS:

• COMMAND SETS

  • Commands are normally command line constructs which will be executed on the node in question. 

    • (Some are "passive commands" like "audit-import" which are not actually run on the node but the result is associated with node.

    • Commands can be grouped and collected into what opConfig calls a "command set". Command sets can be configured are conured to apply only to particular platforms or OS versions.
      

  • The command output is captured and stored by opConfig.

  •  Command outputs are compared against the previous revision, and if different it's saved as a new revision in opConfig.  e.g.a one-shot command which is not analyzed in great detail (e.g. a process listing or some other diagnostic command)

  • A command can be marked for change detection in which case more detailed analysis occurs for changes.

• CHANGES / REVISIONS:

  • Command outputs can be maked for change detection (e.g. a listing of installed software), in which case opConfig creates detailed records of what the changes are - again only if there are differences between the current command output and the most recent revision for this command.

  • Revisions are  the time series of the command outputs and there changes.

Adding Credentials, Managing

...

Sets

Credentials for all connections made by opConfig are configurable from the opConfig GUI ONLY.  Before anything else you need to create sets of credentials to access you devices.  At this point in time, opConfig supports only Telnet and SSH, and for SSH only password-based authentication is supported.

Select the menu "System", then "Edit Credential Sets". Credential sets can be shared by any number of nodes.

...

To tell opConfig to run commands for a node it needs to be told about the node's existence and what properties the node has (e.g. what platform, what OS, what credential set (ssh telnet) , what protocol to use to contact the node ). Adding a node for opConfig can be done using the GUI or the command line tools opconfig-cli.pl and opnode_admin.pl. You can add node information manually to opConfig, or you can import node's info from NMIS or OpenAudit.

opConfig can connect to any node (and run commands for it) as long as it has valid connection settings for it (and as long as it is note not disabled for opConfig).

Add a node Using the GUI

Add or Import

• System menu
  • Edit Nodes.
    
    
    • "Import new Nodes from NMIS" or  "Add Node"   -  These let you create new node records either automatically or manually.  

If you successfully import the node from NMIS you should only need to add the credential set and the transport protocol

...

(which are in the connection tab).  Import works for "bash" like devices and for Cisco devices.  For all other device types you simply need to add some details by hand.  You will see what configuration you MUST still add displayed as part of the "Edit Node" screen.  

Image AddedThe problem reports are fairly self-explanatory (and clickable).

• .And, last but not least: interactive connections to nodes clearly require s, hence you must tell opConfig which Credential Set should apply to your new node

The following is a breakdown on the information opConfig uses about the device.

1. General TAB - This is generic information about the device and is the information imported from NMIS / OpenAudit.   Only the host entry needs to be correct here, and it must be a usable FQDN or IP address.
2. Connection TAB -  To connect to a node, opConfig needs to know some information about it
   1.  Personality this is the CLI Parsing to use to enable the issuing of commands e.g. line endings, prompts etc.  The Personality includes information about the prompts, line-ending conventions etc. a node is subject to; for example, the 'ios' personality handles understanding the > prompt and  "enable" command and "bash" understands shell prompts.  The personalities supported are available in the drop down.
   2.  CredentialSet - NOT automatic and needs to be set - authentication and authorization in the form of the access credential set created earlier.
   3. Transport (Telnet or SSH) - NOT automatic and needs to be set
3. OS info TAB -  Once connected to a node we need to know the OS and maybe version, subversion, platform in use to select the right commands to issue and how to parse the command results.  This where COMMAND SETS that opConfig uses are associated to the OS and maybea  version and maybe a major release or train

The following is a breakdown on the information opConfig uses about the device, which you might need to edit manually if certain information was not already known

1. General TAB - This is generic information about the device and is the information imported from NMIS / OpenAudit.
2. Connection TAB -  To connect to a node, opConfig needs to know some information about it,  a lot of this is automatically added based on NMIS or OpenAudit information
   1.  Personality this is the CLI Parsing to use to enable the issuing of commands -The Personality is also required to tell opConfig what kind of commands this node understands, e.g. whether it's a Unix-like system with a real shell or whether it's a Cisco IOS device and so on. The Personality includes information about the prompts, line-ending conventions etc. a node is subject to; for example, the 'ios' personality works only on Cisco IOS devices, while the 'bash' personality covers just about all Unix systems with the bash shell.
   2.  CredentialSet - NOT automatic is the credentials to use
   3. NOT automatic is what Transport to use (Telnet or SSH).
3. OS TAB - opConfig needs to know about your new node's OS  - this is because the default command sets that opConfig uses are associated to the Operating System name. 
   1. These fields should be automatically populated if your device was discovered by NMIS or OpenAudit
      
   Most entries on these editing pages have tooltips with explanations. If you edit or add a node you will likely see some entries in the red "Configuration Problems" tab. Here is an example:
4. Image Removed
   The problem reports are fairly self-explanatory (and clickable), but let's go over them quickly:
5. At this point in time, opConfig supports only Telnet and SSH, and for SSH only password-based authentication is supported.
6. If a node is imported from NMIS (or Open-AudIT Enterprise) then the OS Info is prefilled as much as possible (but can be modified by you, of course). If there is no or incorrect OS information, then opConfig will not run any or the right command sets on your node.
And, last but not least: interactive connections to nodes clearly require authentication and authorization in the form of access credentials, hence you must tell opConfig which Credential Set should apply to your new node.
1. if they are Cisco IOS or Linux devices
2. 
   
   

Import (and discovery) from the Command Line

...