Oxidized - jonatello/lab-musing GitHub Wiki

Oxidized is a awesome solution for automated network device backups via SSH. I won't go any deeper into describing the project as you can read about it further here - https://github.com/ytti/oxidized

Configuration:

Update the jail

pkg update

pkg upgrade

Install the Oxidized packages as well as rubygem-net-telnet, the telnet package is a required dependency that without will break the rubygem-oxidized package (last I checked)

pkg install rubygem-net-telnet rubygem-oxidized rubygem-oxidized-script rubygem-oxidized-web

At one point it was necessary to install gnupg1-1.4.22 and rubygem-gpgme packages for the encrypted router.db file to decrypt properly, but I don't think this is the case anymore.

Add the Oxidized user and always run Oxidized as this user

adduser oxidized

Configure Oxidized

Switch Users to Oxidized

su oxidized

Run Oxidized twice to generate all of the configs

oxidized

oxidized

Set the permissions for Oxidized

chown oxidized:oxidized /home/oxidized/.config/oxidized/oxidized.git

Create the Oxidized config file using "oxidized.config", update the email domain and model_map appropriately

vi ~/.config/oxidized/config

Create the router.db file containing the devices to be backed up as well as model mapping, username, password, etc as necessary

vi ~/.config/oxidized/router.db

Encrypt the router.db file with gpg (provide a secret appropriately)

gpg -c ~/.config/oxidized/router.db

Remove the original unencrypted router.db file

rm ~/.config/oxidized/router.db

Alternatively to using a router file, you can also configure Oxidized to automatically pull devices via the LibreNMS API utilizing an Access Token generated within the LibreNMS dashboard. I would recommend that as it reduces the amount of steps when adding a new device into an environment.

exit

Configure Nginx

Install the Nginx package

pkg install nginx

Create the site configuration, adding basic authentication and a location block to proxy to port 8888 for Oxidized. Ideally it would be good to also add SSL termination.

vi /usr/local/etc/nginx/nginx.conf

Or use "oxidized.nginx.conf"

Create an .htpasswd file to contain users with access to the Oxidized site (replace %Password% appropriately)

printf "oxidized:$(openssl passwd -crypt %Password%)\n" >> /usr/local/etc/nginx/.htpasswd

Enable Nginx and Oxidized via rc.conf

sysrc nginx_enable=yes

sysrc oxidized_enable=yes

Start Nginx and Oxidized

service nginx start

service oxidized start

Troubleshooting

It's important to keep in mind that Oxidized will run what it deems the appropriate ruby script based on the detected model. Create model mapping as needed or even customize the ruby scripts here (assuming version 0.21):

/usr/local/lib/ruby/gems/2.4/gems/oxidized-0.21.0/lib/oxidized/model/