Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

There is an advanced configuration guide which then covers compliance management, creating support for new operating systems.

Steps

Table of Contents
maxLevel1
excludeSteps

Prerequisites

...

  • opConfig installed and setup
  • Understanding of opConfig terms and operation refer to 
    Insert excerpt
    opConfig User Manual
    opConfig User Manual

Configure access:  Adding Credential Sets, Managing Credential Sets

...

Credentials for all connections made by opConfig are configurable from the opConfig GUI ONLY.  Before anything else you need to create sets of credentials to access you devices.  At this point in time, opConfig supports only Telnet and SSH, and for SSH only password-based authentication is supported.

...

A credential set has to specify a User Name property, which is used when logging in to the nodes the set applies to. At this time, opConfig supports only password-based authentication at the node, and the Password property of the credential  set establishes the primary password for this user name.

SSH Key-based authentication

SSH Key-based authentication is supported from version 3.0.2. Considerations:

...

As a key example configuration: 

Unprivileged user

Some commands cannot be performed by an unprivileged user, which is why opConfig also supports elevating the privileges on demand. To control this, a credential set can optionally include a Superuser/Privileged/Enable Password. Depending on the node's platform and personality, different mechanisms will be used to gain increased privileges:

...

Please note that the Credential  Set editing dialogs never show existing passwords (or their legth or existence); You can only overwrite password entries. All credential sets are stored in the database in encrypted form.

Adding or Modifying Nodes

...

To tell opConfig to run commands for a node it needs to be told about the node's existence and what properties the node has (e.g. what platform, what OS, what credential set, what protocol to use to contact the node ). Adding a node for opConfig can be done using the GUI or the command line tools opconfig-cli.pl and opnode_admin.pl. You can add node information manually to opConfig, or you can import node's info from NMIS or OpenAudit.

opConfig can connect to any node (and run commands for it) as long as it has valid connection settings for it (and as long as it is not disabled for opConfig).

Add a node Using the GUI

...

Add or Import

Info
titleNote

Import is only available for opConfig version prior to 4.0.0. opConfig versions >= 4.0.0 share that information in the database. 

...

The problem reports are fairly self-explanatory (and clickable).

  • The following is a breakdown on the information opConfig uses about the device.

  1. General TAB - This is generic information about the device and is the information imported from NMIS / OpenAudit.   Only the host entry needs to be correct here, and it must be a usable FQDN or IP address the rest is informational only.
  2. Connection TAB -  To connect to a node, opConfig needs to know some information about it
    1.  Personality this is the CLI Parsing to use to enable the issuing of commands e.g. line endings, prompts etc.  The Personality includes information about the prompts, line-ending conventions etc. a node is subject to; for example, the 'ios' personality handles understanding the > prompt and  "enable" command and "bash" understands shell prompts.  The personalities supported are available in the drop down.
    2.  CredentialSet - NOT automatic and needs to be set - authentication and authorization in the form of the access credential set created earlier.
    3. Transport (Telnet or SSH) - NOT automatic and needs to be set Also note this cannot get flagged as not being changed in the Configuration Problems window so do check it.
  3. OS info TAB -  Once connected to a node we need to know the OS and maybe version, subversion, platform in use to select the right commands to issue and how to parse the command results.  This where COMMAND SETS ("command_sets.nmis" file) that opConfig uses, makes association between the OS and maybe a  version and maybe a major release or train and the command to issue and how to parse it. 
    1. These fields should be automatically populated if your device was discovered by NMIS or OpenAudit and if they are Cisco IOS or Linux devices
    2. The OS field and potentially the version and other fields must match the 'os' => and any 'version' =>   fields in the command_sets.nmis file.

    3. See the command sets section later and have a look in the file if you want to know what os and version fields will work.  If the import did not get results you can try the following: for Cisco IOS typically if you put OS as "IOS" and version as "12.2" you will get results and Linux OSs use just OS as "Linux"

Once you have added the device you will either need to wait for the polling cycles to complete per your cron Schedule or use command line tools below to determine results.

Import (and discovery) from the Command Line

...

opConfig CLI tools are found in /usr/local/omk/bin

...

Info

If you have already setup credential sets, then you can let opConfig guess which to use for your node using 

opconfig-cli.pl act=discover node=TheNewNodeName 

If none of the Transport+Credential Set combinations work for the node, opconfig-cli.pl will print an error message.


Checking operation 

opConfig 4 Troubleshooting


Extend and customise with advanced configuration

opConfig 4 User Manual

...

Info

Filter by label (Content by label)
showLabelsfalse
max5
spacesopconfig
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "opconfig" and type = "page" and space = "opconfig"
labelsopconfig