From 1039acac579c185fbddf5ab6cfce2b9f37806c7e Mon Sep 17 00:00:00 2001 From: slinderud Date: Wed, 5 Apr 2023 19:52:03 +0200 Subject: init oxidized --- tools/oxidized/README.md | 51 ++++++++++++++++++ tools/oxidized/config/config | 60 +++++++++++++++++++++ tools/oxidized/img/slack.jpg | Bin 0 -> 87502 bytes tools/oxidized/oxidized.j2 | 13 +++++ tools/oxidized/tools/monitor/30-oxidized.conf | 17 ++++++ tools/oxidized/tools/monitor/monitor.service | 8 +++ tools/oxidized/tools/monitor/monitor.sh | 11 ++++ .../refresh-oxidized/refresh-oxidized.service | 4 ++ .../tools/refresh-oxidized/refresh-oxidized.sh | 3 ++ .../tools/refresh-oxidized/refresh-oxidized.timer | 8 +++ tools/oxidized/tools/slack/yolo.sh | 7 +++ 11 files changed, 182 insertions(+) create mode 100644 tools/oxidized/README.md create mode 100644 tools/oxidized/config/config create mode 100644 tools/oxidized/img/slack.jpg create mode 100644 tools/oxidized/oxidized.j2 create mode 100644 tools/oxidized/tools/monitor/30-oxidized.conf create mode 100644 tools/oxidized/tools/monitor/monitor.service create mode 100644 tools/oxidized/tools/monitor/monitor.sh create mode 100644 tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service create mode 100644 tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh create mode 100644 tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer create mode 100644 tools/oxidized/tools/slack/yolo.sh diff --git a/tools/oxidized/README.md b/tools/oxidized/README.md new file mode 100644 index 0000000..0130ddb --- /dev/null +++ b/tools/oxidized/README.md @@ -0,0 +1,51 @@ +# Oxidized + +Config backup used during TG23 + +Features + +- Config diff upload to Slack +- Fetches devices from gondul +- Automatic reload of device list + +## Tools + +A few moving components + +### monitor + +This service monitors a syslog file for changes and then runs a REST api call to oxidized +to queue a new backup job. +Make sure to only send `UI_COMMIT_COMPLETED` to this. Or modify bash script to look for this message. + +NB. Only use IP of syslog server. If you're using DNS, it will send the logg twice. [This is intended feature(tm) from Juniper](https://supportportal.juniper.net/s/article/Junos-Syslog-server-receives-duplicate-syslog-when-using-DNS-name-as-host?language=en_US) + +Config example + +```junos +system { + syslog { + /* Oxidized syslog */ + host { + interactive-commands notice; + match UI_COMMIT_COMPLETED; + source-address ; + } + } +} +``` + +### refresh-oxidized + +Supersimple service to refresh device database of oxidized every minute + +### slack / yolo.sh + +Uploads a diff of a git commit (in essence, the config of a single device) after every backup action. +Quite useful +![Odizied](img/slack.jpg?raw=true) + +## References + +- +- diff --git a/tools/oxidized/config/config b/tools/oxidized/config/config new file mode 100644 index 0000000..7c42637 --- /dev/null +++ b/tools/oxidized/config/config @@ -0,0 +1,60 @@ +--- +username: oxidized +password: +interval: 0 +debug: true +use_max_threads: true +# Default value +threads: 30 +# Default value +timeout: 20 +# Default value +log: /opt/oxidized/logs +retries: 3 +prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/ +rest: 127.0.0.1:8888 +pid: "/opt/oxidized/pid" +crash: + directory: "/opt/oxidized/crashes" + hostnames: false + +source: + default: http + debug: false + http: + secure: false + scheme: https + url: https://gondul.tg23.gathering.org/api/templates/oxidized.json + map: + name: hostname + model: os + ip: ipv4 + headers: + Authorization: Basic + +input: + default: ssh + debug: false + ssh: + secure: false + utf8_encoded: true + +output: + default: git + file: + directory: "/opt/oxidized/output/configs" + git: + single_repo: true + user: yolomation + email: yolomation@gathering.org + repo: "/opt/oxidized/output/configs.git" + +hooks: + yolomation: + type: exec + events: [post_store] + cmd: '/opt/oxidized/tools/yolo.sh' + +use_syslog: true +resolve_dns: true +next_adds_job: true diff --git a/tools/oxidized/img/slack.jpg b/tools/oxidized/img/slack.jpg new file mode 100644 index 0000000..af5048c Binary files /dev/null and b/tools/oxidized/img/slack.jpg differ diff --git a/tools/oxidized/oxidized.j2 b/tools/oxidized/oxidized.j2 new file mode 100644 index 0000000..df15b7d --- /dev/null +++ b/tools/oxidized/oxidized.j2 @@ -0,0 +1,13 @@ +{% set mgmt = objects["read/switches-management"].switches %} +{% set ping = objects["public/ping"].switches %} +{% set switches = objects["public/switches"].switches %} +[ +{% for switch, state in ping.items() if state.latency4 is not none and not "server" in switches[switch].tags%} + { + "hostname": "{{ mgmt[switch].sysname }}.tg23.gathering.org", + "os": "junos", + "ipv4": "{{ mgmt[switch].mgmt_v4_addr }}", + "ipv6": "{{ mgmt[switch].mgmt_v6_addr }}" + }{% if not loop.last -%},{% endif %} +{%endfor%} +] diff --git a/tools/oxidized/tools/monitor/30-oxidized.conf b/tools/oxidized/tools/monitor/30-oxidized.conf new file mode 100644 index 0000000..441544a --- /dev/null +++ b/tools/oxidized/tools/monitor/30-oxidized.conf @@ -0,0 +1,17 @@ +# Config File for rsyslog +# Listen for syslog messages on UDP:514 +$ModLoad imudp +$UDPServerRun 514 +$PreserveFQDN on + + +module(load="omfile") + +# %fromhost-ip% +# Define a template to format the log messages +template(name="RemoteSyslogFormat" type="string" string="%hostname%.tg23.gathering.org %syslogtag%%msg%\n") + +# Log messages from remote hosts to a file +if $fromhost-ip != "127.0.0.1" then { + action(type="omfile" file="/var/log/remote-commit.log" template="RemoteSyslogFormat") +} diff --git a/tools/oxidized/tools/monitor/monitor.service b/tools/oxidized/tools/monitor/monitor.service new file mode 100644 index 0000000..fbf4c5f --- /dev/null +++ b/tools/oxidized/tools/monitor/monitor.service @@ -0,0 +1,8 @@ +[Unit] +Description=Monitor syslog + +[Service] +ExecStart=/opt/tools/monitor.sh + +[Install] +WantedBy=multi-user.target diff --git a/tools/oxidized/tools/monitor/monitor.sh b/tools/oxidized/tools/monitor/monitor.sh new file mode 100644 index 0000000..79095ae --- /dev/null +++ b/tools/oxidized/tools/monitor/monitor.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +f="/var/log/remote-commit.log" + +inotifywait -m -e modify "$f" --format "%e" | while read -r event; do + if [ "$event" == "MODIFY" ]; then + host=$(tail -n 1 $f | cut -d' ' -f1) + curl -s -X GET "http://127.0.0.1:8888/node/next/${host}" > /dev/null + echo "Fetching config from ${host}" + fi +done diff --git a/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service new file mode 100644 index 0000000..b26158d --- /dev/null +++ b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.service @@ -0,0 +1,4 @@ +[Unit] +Description=Update git folder +[Service] +ExecStart=/opt/tools/refresh-oxidized.sh diff --git a/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh new file mode 100644 index 0000000..aa295b1 --- /dev/null +++ b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.sh @@ -0,0 +1,3 @@ +#!/bin/bash +echo "Reloading config..." +curl -s http://127.0.0.1:8888/reload?format=json -O /dev/null diff --git a/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer new file mode 100644 index 0000000..43fc522 --- /dev/null +++ b/tools/oxidized/tools/refresh-oxidized/refresh-oxidized.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Update Oxidized +[Timer] +OnBootSec=60 +OnUnitActiveSec=60 +AccuracySec=1ms +[Install] +WantedBy=timers.target diff --git a/tools/oxidized/tools/slack/yolo.sh b/tools/oxidized/tools/slack/yolo.sh new file mode 100644 index 0000000..dd76190 --- /dev/null +++ b/tools/oxidized/tools/slack/yolo.sh @@ -0,0 +1,7 @@ +#!/bin/bash +cd "$(dirname "$0")" +cd ../oxidized/output/configs.git +git push --force +git diff HEAD^ ${OX_REPO_COMMITREF} > /tmp/config_diff_oxidized.txt +curl -F file=@/tmp/config_diff_oxidized.txt -F "initial_comment=${OX_NODE_NAME} got a config update. View the commit here: https://github.com/gathering/netconfig/commit/${OX_REPO_COMMITREF}" -F filename=${OX_REPO_COMMITREF} -F filetype=diff -F channels=C -H "Authorization: Bearer xoxb-" https://slack.com/api/files.upload +rm /tmp/config_diff_oxidized.txt -- cgit v1.2.3