cisco_archive
This tool provides a method to connect to Cisco IOS based hosts and execute various commands which will be archived in the database. This module provides similar functionality to the excellent rancid tool. The basic concepts and practices of the two tools differ slightly but I believe this tool to have a few advantages (IMHO of course). This tool does however (currently) lack the support for vendors and platforms other than Cisco.
The two default commands that are archived are a “show startup” and “show version” commands. This gives enough information to do configuration restoration and configuration differences. The output of each of these commands is timestamped and an md5 sum is calculated. There are several ways to update the archive such as via snmp config traps which will update each time the configuration of the device changes, or simply via a scheduled cron update.
Requirements
Install
- Download –
, not released yet its in pre-release stages. - tar -zxvf cisco_archive.tar.gz
- cd cisco_archive
- make
Configuration
/opt/ona/etc/cisco_archive.conf
You can make configuration changes to the /opt/ona/etc/cisco_archive.conf file to enable cisco_archive for your environment. The following is an example file. It is self documented for each item:
# This is the configuration file for the cisco_archive process. It will be used by # the following scripts: # cisco_archive # cisco_archive_trapscript # cisco_archive_procspool # # This script also assumes that /etc/onabase has been set to the base ONA directory path # and that ONABASE was set in the scripts that DOT in this config. ################################################## # This is the username that will be used to log into each device. # It is expected that this one user has the ability to log into each device on your network # and that the user has the proper privileges to execute a show startup command. # The password for this user will be determined using the getpw command. USERNAME=example # Set the global default connection method. # The value must be either 'ssh' or 'telnet' # It is best to set this to your most common mode, if it fails, we will automatically try the # other method. CON_MODE=ssh # Email settings for config_archive to send status information to (diffs etc) MAIL_SERVER=email.example.com # name or IP of the mail server to use MAIL_FROM=ona-archive@`hostname` # email address to use in the from field MAIL_TO=user@example.com # email address(es) to send our notifications to # The following is an array of commands to be executed on the device during the config # archive process. # Commands are in the form of "command name:CONF_ARCHIVE_TYPE" # command name is simply the name of the command to run on the device, in its native syntax # CONF_ARCHIVE_TYPE is the exact name of the configuration type in the database to store # this configuration under. # This is a bash shell array so format it appropriately DEV_COMMANDS=( "show start:IOS_CONFIG" "show version:IOS_VERSION" ) # Set Y or N to use the spool directory method. This will simply "touch" a file in the spool # directory that is named either the FQDN or the IP of the host needing an update. A # cron job would then be used to execute cisco_archive_procspool which will process # files in the SPOOL_DIR USE_SPOOL=N # Spool dir used to store info for processing later SPOOL_DIR=$ONABASE/spool/cisco_archive # This path stores the .sed files used to extract data from the command output. SED_PREFIX=$ONABASE/etc/cisco_archive # the file path/name prefix for the sed scripts # Path to the cisco_archive script that communicates with the device, change this if you # are using a different path ARCHIVE_CMD=$ONABASE/bin/cisco_archive # Path to the communication script used to connect and execute commands on the device COMMUNICATION_CMD=$ONABASE/bin/cisco_cmd # Path to the DCM commandline utility DCM_CMD=$ONABASE/bin/dcm.pl
Manipulating output
Sometimes the need arises to remove portions of the output from a device that will always change each time it is updated. Things like NTP clock information, byte sizes etc all need to be removed from the output or it will ALWAYS show as an update. There are several options available that allow you to have full control over what is or isnt removed from the output.
Located in /opt/ona/etc/cisco_archive.XXXX.sed are the specific files that control this behavior.
| Name | Description |
|---|---|
| cisco_archive.GLOBAL.sed | These sed commands will apply to ALL output, there are some required entries based on how cisco_archive is built that should not be removed. There are other things like uptime etc that are recommended to be removed each time. |
| cisco_archive.PASSWORD.sed | These sed commands will apply to ALL output. They are intended to hide passwords so that they are not stored in the database for potential mis-use later. It will replace the password with [HIDDEN] and then comment out the entire line with a ! comment character. You can add or remove types of passwords to be hidden by this file. If you do not want to hide any passwords, simply remove or rename this file. |
| cisco_archive.<configtype>.sed | These files apply only to the configuration type that is being backed up. For instance, there will be different items to remove from a show startup command than there would from a show version command. The <configtype> portion of this file name should be replaced with the exact name of the configuration type from the GUI. For instance “IOS_CONFIG” is the default used for the show startup output. It would apply to only archives ran for that type and would be ran after the GLOBAL and PASSWORD phases. |
Device passwords
Don't forget to define your devices and passwords in the getpw configuration file. Cisco_archive relies on getpw to determine the passwords it will use to connect to the devices. Please read the getpw page for further details on setting your passwords. The type that will be used in getpw will be the value you set for “USERNAME” in the cisco_archive.conf file.
Usage
- cisco_archive -h <hostname|IP> | -f <filename>
