...

...

...

...

...

apache 

...

Prerequisites:

• a working copy of NMIS (starting from an NMIS VM is a good idea, if you prefer to install it yourself see the  NMIS 8 Installation Guide (up to Version 8.5.4G))

Installation Steps

• Copy the opConfig tarball to the server (a tarball is a GZIP'd tar file, e.g. opConfig-Linux-x86_64-1.0.tar.gz)
  1. You may need to use SCP or FTP to get the file onto the server.
• The file will now likely be in the users home directory.
• If the installation directory does not already exist
• Change into the directory where the tarball was copied
• Untar the file

cd /usr/local
tar xvf ~/opConfig-Linux-x86_64-<version>.tar.gz
cd opmantek/
cp install/opCommon.nmis conf/
cp install/credential_sets.nmis conf/ 
cp install/command_sets.nmis conf/
cp install/connections.nmis conf/ 
cp -r install/phrasebooks conf/ 
bin/opfixperms.pl
cp install/01opmantek.conf /etc/httpd/conf.d/
service httpd restart

cp install/01opmantek.conf /etc/apache2/conf.d/
service apache2 restart

The standard Opmantek configuration MongoDB will suite here

Create database indexes

Before getting started it's a good idea to create the database indexes, be sure that you have authentication configured (or disabled)

bin/opConfig-cli.pl act=create_indexes

Enter the Licence Key

If all your settings are correct you should now be able to load up http://yourhost/cgi-omk/opConfig.pl 

...

If you do not see this screen check your apache log, it's likely that there is a file permissions error.  Make sure that the apache user is in the nmis group, that iptables and SELinux are setup to allow you to access this file and that all settings have been applied (daemons restarted).

Configure opConfig

Create database indexes

Before creating the indexes ensure that you have authentication configured (or disabled)

bin/opConfig-cli.pl act=create_indexes

...

)

...

conf/credential_sets.nmis holds the credential sets that are used when connecting to a device.  Even if auto discovery is not use the credentials still need to live in this file.Setup credentials,  edit conf/credential_sets.nmis

Setup CRON

#add/remove/change the lines with default username/password info to match credentials for the devices you want to discover
%hash = ( 
 'empty' => { username => '', password => '' },
 'YourSetHere' => { username => 'YourUsername', password => 'YourPassword' }
);

Make very sure this file is only readable by you / root (opfixperms.pl will do this for you)

chmod 600 conf/credential_sets.nmis 

Connections

Connections tell opConfig how to connect to the devices you would like to gather configuration data from.  Connections can be auto-discovered if opConfig is attached to an NMIS configuration.

NB: opConfig will only attempt to discover devices from NMIS that are active and are currently being collected.

#As root
crontab -e

##
####################################################
# opConfig Daily
0 1 * * * /usr/local/opmantek/bin/opConfig-cli.pl act=discover

This will attempt to use the credentials given in the credential_sets against every active & collected device in NMIS using different transport types (SSH and Telnet) and will output the commands it has found to connections.nmis.  If a connection for a device already exists in connections.nmis opConfig will leave the settings as they are and not attempt to discover them.

Here is a sample connections.nmis file, if you use auto discovery opConfig will produce output in this format (which is the required format):

%hash = (
 'asgard' => {
 'connection_info' => {
 'transport' => 'Telnet',
 'credential_set' => 'set3', 
 'personality' => 'ios',
 'node' => 'asgard',
 'host' => '192.168.88.254',
 'priveleged_credential_set' => 'set3'
 },
 'os_info' => {
 'featureset' => 'Unknown',
 'version' => '12.4(25f)',
 'platform' => '1841',
 'train' => '12.4',
 'major' => '12.4',
 'os' => 'IOS',
 'image' => 'C1841-ADVENTERPRISEK9-M'
 }
 },
 'thor' => {
 'connection_info' => {
 'transport' => 'SSH',
 'credential_set' => 'set4',
 'personality' => 'bash',
 'node' => 'thor',
 'host' => '192.168.88.8',
 'priveleged_credential_set' => 'set3'
 },
 'os_info' => {
 'featureset' => 'N/A',
 'version' => '2.6.32-131.21.1.el6.x86_64',
 'platform' => 'x86_64',
 'train' => '2.6',
 'major' => '2.6',
 'os' => 'Linux',
 'image' => 'N/A'
 }
 }
);

The important settings here are in the connection_info.  

NOTE: If the command_sets you want to run filter based on os_info then you will need to define the required data in order for opConfig-cli.pl to match the connections you require.  At the very least os_info->os will need to be defined but for many devices it is likely you will want to define more than that so your command sets can target the device with better commands.

Command Sets

A default command_sets.nmis file is provided.  It defines a list of "command sets" to be run on devices that match the criteria laid out by each specific command set (usually by the os_info hash inside the command set).  As many sets as you like can be added, with as many commands as you like.  

%hash = (
 'IOS_DAILY' => {
 'os_info' => {
 'version' => '/12.2|12.4|15.0/',
 'os' => 'IOS'
 },
 'aging_info' => {
 'age' => 'forever'
 },
 'scheduling_info' => {
 'run_commands_on_separate_connection' => 'false'
 },
 commands => [
 {
 'tags' => 'config,version,troubleshooting, detect-change',
 'command' => 'show version',
 'privileged' => 'false',
 'multipage' => 'true',
 'run_command_on_separate_connection' => 'false',
 'command_filters' => [
 '/uptime is/'
 ]
 }
} 
); 

A quick note, every opConfig try and bundle as many commands for the same device together into a single session (or connection if you like).   If you would like the command set, or the individual command to be run on it's own connection (a good idea for long running commands), you can set run_commands_on_separate_connection => 'true' to run each command in that command set on it's own, or run_command_on_separate_connection => 'true' to run that specific command on it's own.

Running command sets

bin/opConfig-cli.pl act=run_command_sets

This command will run all command sets against all matching connections.

If you would like to run only specific command set/s 

bin/opConfig-cli.pl act=run_command_sets names=IOS_DAILY,LINUX_DAILY

This will run only the IOS_DAILY and LINUX_DAILY command sets.

There is currently no way to run a command set against a specific connection, and no way to run only 1 specific command.

NOTE: Only nodes that are marked as "active" and "collect" in NMIS are run, to force them to run add 'force_active' => 'true' to the connection

Setup CRON

#As root
crontab -e

##
####################################################
# opConfig Daily
0 1 * * * /usr/local/opmantek/bin/opConfig-cli.pl act=run_command_sets > /dev/null 2>&1   

...

run_command_sets > /dev/null 2>&1   

This will collect all command sets every morning at 1am.  The output of the script is sent to /dev/null, it can be run from the command line to see what the script is doing.

Setup opConfig Daemon

• Copy opconfigd.init.d /etc/init.d/opconfigd
• service opconfigd start
• chkconfig opconfigd on

Upgrade opConfig

If you have an existing installation of opConfig, then you can patch/upgrade/update it with the following steps.

• Copy the opConfig tarball to the server (a tarball is a GZIP'd tar file, e.g. opConfig-Linux-x86_64-VERSION.tar.gz)
  1. You may need to use SCP or FTP to get the file onto the server.
• The file will now likely be in the users home directory.
• If the installation directory does not already exist
• Change into the directory where the tarball was copied
• Untar the file

cd ~
tar xvf opConfig-Linux-x86_64-LIB-1.1.9.tar.gz
cd opmantek
unalias cp
cp -r * /usr/local/opmantek
cd /usr/local/opmantek
bin/opupdateconfig.pl install/opCommon.nmis conf/opCommon.nmis 
cp install/opconfigd.init.d /etc/init.d/opconfigd
service opconfigd restart

Please feel free to leave comments and suggestions below!