Merge pull request #117 from gathering/oxidized-tools

Oxidized - Config Backup tools

11 files changed, 182 insertions, 0 deletions

diff --git a/tools/oxidized/README.md b/tools/oxidized/README.md
new file mode 100644
index 0000000..0130ddb
--- /dev/null
+++ b/tools/oxidized/README.md
@@ -0,0 +1,51 @@
+# Oxidized
+
+Config backup used during TG23
+
+Features
+
+- Config diff upload to Slack
+- Fetches devices from gondul
+- Automatic reload of device list
+
+## Tools
+
+A few moving components
+
+### monitor
+
+This service monitors a syslog file for changes and then runs a REST api call to oxidized
+to queue a new backup job.
+Make sure to only send `UI_COMMIT_COMPLETED` to this. Or modify bash script to look for this message.
+
+NB. Only use IP of syslog server. If you're using DNS, it will send the logg twice. [This is intended feature(tm) from Juniper](https://supportportal.juniper.net/s/article/Junos-Syslog-server-receives-duplicate-syslog-when-using-DNS-name-as-host?language=en_US)
+
+Config example
+
+```junos
+system {
+    syslog {
+        /* Oxidized syslog */
+        host <IP of Syslog server> {
+            interactive-commands notice;
+            match UI_COMMIT_COMPLETED;
+            source-address <lo0>;
+        }
+    }
+}
+```
+
+### refresh-oxidized
+
+Supersimple service to refresh device database of oxidized every minute
+
+### slack / yolo.sh
+
+Uploads a diff of a git commit (in essence, the config of a single device) after every backup action.
+Quite useful
+![Odizied](img/slack.jpg?raw=true)
+
+## References
+
+- <https://codingpackets.com/blog/oxidized-getting-started/>
+- <https://codingpackets.com/blog/oxidized-gitlab-storage-backend/>
diff --git a/tools/oxidized/config/config b/tools/oxidized/config/config
new file mode 100644
index 0000000..7c42637
--- /dev/null
+++ b/tools/oxidized/config/config
@@ -0,0 +1,60 @@
+---
+username: oxidized
+password: <PASSWORD>
+interval: 0
+debug: true
+use_max_threads: true
+# Default value
+threads: 30
+# Default value
+timeout: 20
+# Default value
+log: /opt/oxidized/logs
+retries: 3
+prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
+rest: 127.0.0.1:8888
+pid: "/opt/oxidized/pid"
+crash:
+  directory: "/opt/oxidized/crashes"
+  hostnames: false
+
+source:
+  default: http
+  debug: false
+  http:
+    secure: false
+    scheme: https
+    url: https://gondul.tg23.gathering.org/api/templates/oxidized.json
+    map:
+      name: hostname
+      model: os
+      ip: ipv4
+    headers:
+      Authorization: Basic <BASIC>
+
+input:
+  default: ssh
+  debug: false
+  ssh:
+    secure: false
+  utf8_encoded: true
+
+output:
+  default: git
+  file:
+    directory: "/opt/oxidized/output/configs"
+  git:
+    single_repo: true
+    user: yolomation
+    email: yolomation@gathering.org
+    repo: "/opt/oxidized/output/configs.git"
+
+hooks:
+  yolomation:
+    type: exec
+    events: [post_store]
+    cmd: '/opt/oxidized/tools/yolo.sh'
+
+use_syslog: true
+resolve_dns: true
+next_adds_job: true
diff --git a/tools/oxidized/img/slack.jpg b/tools/oxidized/img/slack.jpg
new file mode 100644
index 0000000..af5048c
--- /dev/null
+++ b/tools/oxidized/img/slack.jpg
diff --git a/tools/oxidized/oxidized.j2 b/tools/oxidized/oxidized.j2
new file mode 100644
index 0000000..df15b7d
--- /dev/null
+++ b/tools/oxidized/oxidized.j2
@@ -0,0 +1,13 @@
+{% set mgmt = objects["read/switches-management"].switches %}
+{% set ping = objects["public/ping"].switches %}
+{% set switches = objects["public/switches"].switches %}
+[
+{% for switch, state in ping.items() if state.latency4 is not none and not "server" in switches[switch].tags%}
+    {
+        "hostname": "{{ mgmt[switch].sysname }}.tg23.gathering.org",
+        "os": "junos",
+        "ipv4": "{{ mgmt[switch].mgmt_v4_addr }}",
+        "ipv6": "{{ mgmt[switch].mgmt_v6_addr }}"
+    }{% if not loop.last -%},{% endif %}
+{%endfor%}
+]
diff --git a/tools/oxidized/tools/monitor/30-oxidized.conf b/tools/oxidized/tools/monitor/30-oxidized.conf
new file mode 100644
index 0000000..441544a
--- /dev/null
+++ b/tools/oxidized/tools/monitor/30-oxidized.conf
@@ -0,0 +1,17 @@
+# Config File for rsyslog
+# Listen for syslog messages on UDP:514
+$ModLoad imudp
+$UDPServerRun 514
+$PreserveFQDN on
+
+
+module(load="omfile")
+
+# %fromhost-ip%
+# Define a template to format the log messages
+template(name="RemoteSyslogFormat" type="string" string="%hostname%.tg23.gathering.org %syslogtag%%msg%\n")
+
+# Log messages from remote hosts to a file
+if $fromhost-ip != "127.0.0.1" then {
+    action(type="omfile" file="/var/log/remote-commit.log" template="RemoteSyslogFormat")
+}
diff --git a/tools/oxidized/tools/monitor/monitor.service b/tools/oxidized/tools/monitor/monitor.service
new file mode 100644
index 0000000..fbf4c5f
--- /dev/null
+++ b/tools/oxidized/tools/monitor/monitor.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Monitor syslog
+
+[Service]
+ExecStart=/opt/tools/monitor.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/tools/oxidized/tools/monitor/monitor.sh b/tools/oxidized/tools/monitor/monitor.sh
new file mode 100644
index 0000000..79095ae
--- /dev/null
+++ b/tools/oxidized/tools/monitor/monitor.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+f="/var/log/remote-commit.log"
+
+inotifywait -m -e modify "$f" --format "%e" | while read -r event; do
+    if [ "$event" == "MODIFY" ]; then
+        host=$(tail -n 1 $f | cut -d' ' -f1)
+        curl -s -X GET "http://127.0.0.1:8888/node/next/${host}" > /dev/null
+	echo "Fetching config from ${host}"
+    fi
+done
diff --git a/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service
new file mode 100644
index 0000000..b26158d
--- /dev/null
+++ b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service
@@ -0,0 +1,4 @@
+[Unit]
+Description=Update git folder
+[Service]
+ExecStart=/opt/tools/refresh-oxidized.sh
diff --git a/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh
new file mode 100644
index 0000000..aa295b1
--- /dev/null
+++ b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+echo "Reloading config..."
+curl -s http://127.0.0.1:8888/reload?format=json -O /dev/null
diff --git a/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer
new file mode 100644
index 0000000..43fc522
--- /dev/null
+++ b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer
@@ -0,0 +1,8 @@
+[Unit]
+Description=Update Oxidized
+[Timer]
+OnBootSec=60
+OnUnitActiveSec=60
+AccuracySec=1ms
+[Install]
+WantedBy=timers.target
diff --git a/tools/oxidized/tools/slack/yolo.sh b/tools/oxidized/tools/slack/yolo.sh
new file mode 100644
index 0000000..dd76190
--- /dev/null
+++ b/tools/oxidized/tools/slack/yolo.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+cd ../oxidized/output/configs.git
+git push --force
+git diff HEAD^ ${OX_REPO_COMMITREF} > /tmp/config_diff_oxidized.txt
+curl  -F file=@/tmp/config_diff_oxidized.txt -F "initial_comment=${OX_NODE_NAME} got a config update. View the commit here: https://github.com/gathering/netconfig/commit/${OX_REPO_COMMITREF}" -F filename=${OX_REPO_COMMITREF} -F filetype=diff -F channels=C<CHANNEL ID> -H "Authorization: Bearer xoxb-<TOKEN>" https://slack.com/api/files.upload
+rm /tmp/config_diff_oxidized.txt