Prerequisites:
apache
...
- a working copy of NMIS (starting from an NMIS VM is a good idea, if you prefer to install it yourself see the NMIS 8 Installation Guide)
...
The standard Opmantek configuration MongoDB will suite here
Enter the Licence Key
If all your settings are correct you should now be able to load up http://yourhost/cgi-omk/opConfig.pl
...
If you do not see this screen check your apache log, it's likely that there is a file permissions error. Make sure that the apache user is in the nmis group, that iptables and SELinux are setup to allow you to access this file and that all settings have been applied (daemons restarted).
Configure opConfig
Create database indexes
Before creating the indexes ensure that you have authentication configured (or disabled)
...
conf/credential_sets.nmis holds the credential sets that are used when connecting to a device. Even if auto discovery is not use the credentials still need to live in this file.
Setup To setup credentials , edit edit conf/credential_sets.nmis
| Code Block |
|---|
#add/remove/change the lines with default username/password info to match credentials for the devices you want to discover
%hash = (
'empty' => { username => '', password => '' },
'YourSetHeremyCredentialSetHere' => { username => 'YourUsername', password => 'YourPassword' },
'myPrivilegedCredential' => { username => 'YourUsername_admin', password => 'YourPassword_supersecret' }
); |
Make very sure this file is only readable by you / root (opfixperms.pl will do this for you)
...
NB: opConfig will only attempt to discover devices from NMIS that are active and are currently being collected. To force all NMIS devices into the list (even if they are not active) pass force_active=true
| Code Block |
|---|
bin/opConfig-cli.pl act=discover |
This will attempt to use the credentials given in the credential_sets against every active & collected device in NMIS using different transport types (SSH and Telnet) and will output the commands it has found to connections.nmis. If a connection for a device already exists in connections.nmis opConfig will leave the settings as they are and not attempt to discover them. If your list of credentials is long and so is your list of devices I suggest not using this method as it will take a long time
NOTE: to skip testing each credential set pass disable_test=true, if this is done the connections file will need to have the credential entries for each device set, and the transport value checked (as it's only a guess)
Here is a sample connections.nmis file, if you use auto discovery opConfig will produce output in this format (which is the required format):
| Code Block |
|---|
%hash = (
'asgard' => {
'connection_info' => {
'transport' => 'Telnet',
'credential_set' => 'set3myCredentialSetHere',
'personality' => 'ios',
'node' => 'asgard',
'host' => '192.168.88.254',
'priveleged_credential_set' => 'set3myPrivilegedCredential'
},
'os_info' => {
'featureset' => 'Unknown',
'version' => '12.4(25f)',
'platform' => '1841',
'train' => '12.4',
'major' => '12.4',
'os' => 'IOS',
'image' => 'C1841-ADVENTERPRISEK9-M'
}
},
'thor' => {
'connection_info' => {
'transport' => 'SSH',
'credential_set' => 'set4',
'personality' => 'bash',
'node' => 'thor',
'host' => '192.168.88.8',
'priveleged_credential_set' => 'set3'
},
'os_info' => {
'featureset' => 'N/A',
'version' => '2.6.32-131.21.1.el6.x86_64',
'platform' => 'x86_64',
'train' => '2.6',
'major' => '2.6',
'os' => 'Linux',
'image' => 'N/A'
}
}
);
|
...
If you would like to run only specific command set/s s: (comma separated, no spaces)
| Code Block |
|---|
bin/opConfig-cli.pl act=run_command_sets names=IOS_DAILY,LINUX_DAILY |
...
NOTE: Only nodes that are marked as "active" and "collect" in NMIS are run, to force them to run add 'force_active' => 'true' to the connection
If you would like to run it against only specific nodes: (comma separated, no spaces):
| Code Block |
|---|
bin/opConfig-cli.pl act=run_command_sets nodes=node1,node2 |
Setup CRON
| Code Block |
|---|
#As root crontab -e ## #################################################### # opConfig Daily 0 1 * * * /usr/local/opmantek/bin/opConfig-cli.pl act=run_command_sets > /dev/null 2>&1 |
This will collect all command sets every morning at 1am. The output of the script is sent to /dev/null, it can be run from the command line to see what the script is doing.
Please feel free to leave comments and suggestions below!