-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathnetcfgbu.toml
258 lines (202 loc) · 8.92 KB
/
netcfgbu.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
# -----------------------------------------------------------------------------
#
# Network Configuration Backup
# Configuration File
# -----------------------------------------------------------------------------
# -----------------------------------------------------------------------------
# Default Settings
# -----------------------------------------------------------------------------
[defaults]
inventory = "$PROJ_DIR/inventory.csv"
configs_dir = "$PROJ_DIR/configs"
credentials.username = "$NETWORK_USERNAME"
credentials.password = "$NETWORK_PASSWORD"
# -----------------------------------------------------------------------------
#
# Jumphosts
#
# -----------------------------------------------------------------------------
#[[jumphost]]
# NOTE: your local SSH config file is not used, so make sure you provide
# either the IP address of FQDN of the jumphost
# proxy = "[email protected]"
# include = ['host=.*\.dc1']
# you MUST provide an include filter. For all devices, use
# ['host=.*']
# exclude = ['os_name=asa']
# -----------------------------------------------------------------------------
#
# Version Control System(s)
#
# Currently only git systems are supported, but others types may be
# supported in the future. If you have more than one vcs repository you can
# include the `name` field so that you can identify the vcs-repo using the CLI
# --name option.
# -----------------------------------------------------------------------------
[[git]]
# the first entry does not require a name and it will be treated
# as a default; i.e. when the --name option is omitted.
repo = "https://github.mycorp.com/jschulman/test-network-configs.git"
token = "$GIT_TOKEN"
[[git]]
# example of using a deployment key that does not use a passphrase
name = "ssh"
repo = "[email protected]:jschulman/test-network-configs.git"
deploy_key = "$HOME/test-config-backups"
[[git]]
# example of using a deployment key that uses a passphrase
name = "ssh-pw"
repo = "[email protected]:jschulman/test-network-configs.git"
deploy_key = "$HOME/pwtest-backups"
deploy_passphrase = "$GITKEY_PASSWORD"
# -----------------------------------------------------------------------------
# Inventory Integrations
# -----------------------------------------------------------------------------
[[inventory]]
name = 'netbox'
script = '''$PROJ_DIR/netcfgbu/netbox/netbox_inventory.py \
--exclude-tag no-backup --exclude-tag no-ssh \
--output inventory.csv'''
# -----------------------------------------------------------------------------
# Global Credentials
# -----------------------------------------------------------------------------
#[[credentials]]
# username = "superadmin"
# password = "$ENABLE_PASSWORD"
# -----------------------------------------------------------------------------
# Global SSH Configs
# -----------------------------------------------------------------------------
[ssh_configs]
kex_algs = [
'ecdh-sha2-nistp256',
'diffie-hellman-group14-sha1',
'diffie-hellman-group1-sha1'
]
# -----------------------------------------------------------------------------
#
# Network OS Specifications
#
# -----------------------------------------------------------------------------
# -----------------------------------------------------------------------------
# Cisco switchs, routers, and firewalls
# -----------------------------------------------------------------------------
[os_name.ios]
pre_get_config = "terminal length 0"
linter = "ios"
[os_name.iosxe]
linter = 'ios'
[os_name.nxos]
get_config = 'show running-config | no-more'
linter = "nxos"
[os_name.iosxr]
linter = "iosxr"
[os_name.asa]
pre_get_config = 'terminal pager 0'
# -----------------------------------------------------------------------------
# Cisco WLC
# -----------------------------------------------------------------------------
[os_name.aireos]
# support for 8.5 release requires a special connector to handle the User &
# Password prompts
get_config = "show run-config commands"
pre_get_config = "config paging disable"
connection = "netcfgbu.connectors.ssh.LoginPromptUserPass"
[os_name.aireos8_10]
# extending the timeout to 3min due to observations with the 8.10 release
# resulting in sporatic delays in the output of the config.
timeout = 300
get_config = "show run-config commands"
pre_get_config = "config paging disable"
# need to explicitly set the Key Exchange algorithms to support the 8.10
# SSH configured requirements; can be set here or in your ssh_config file.
# ssh_configs.kex_algs = [
# 'ecdh-sha2-nistp256',
# 'diffie-hellman-group14-sha1'
# ]
# NOTE: if you do not have these devices in your inventory, delete this section
# otherwise you will get an error if the environment variables are not defined
[[os_name.aireos8_10.credentials]]
username = "$WLC_USERNAME"
password = "$WLC_PASSWORD"
# -----------------------------------------------------------------------------
# Palo Alto PANOS Firewalls
# -----------------------------------------------------------------------------
[os_name.panos]
pre_get_config = [
"set cli pager off",
"configure"
]
get_config = "show"
linter = "panos"
# -----------------------------------------------------------------------------
# Cumulus Linux
# -----------------------------------------------------------------------------
[os_name.cumulus]
# NOTE: make sure that the user has password-less sudo access, otherwise the
# get_config execution will fail. There is no current workaround for this
# requirement. Also pre_get_config does not work for Cumulus devices at this time.
#
# Do not change the order of the cat commands either. This ensures the final
# file format is recognized by Batfish (https://github.com/batfish/batfish)
get_config = "( cat /etc/hostname; cat /etc/network/interfaces; cat /etc/cumulus/ports.conf; sudo cat /etc/frr/frr.conf)"
# example Cumulus prompt value: cumulus@leaf01:mgmt-vrf:~$
prompt_pattern = '[a-z0-9.\-@:~]{10,65}\s*[#$]'
# -----------------------------------------------------------------------------
# Juniper JUNOS routers, switches and firewalls
# -----------------------------------------------------------------------------
[os_name.junos]
# NOTE: Do not login as the root user. This will require you to enter CLI mode
# prior to getting the configuration, which currently does not work for Juniper
# devices.
pre_get_config = [
"set cli screen-length 0"
]
get_config = "show configuration | display set"
# you can return the configuration in hierarchical format by removing
# `| display set` from the command above
# -----------------------------------------------------------------------------
# Linters
# -----------------------------------------------------------------------------
[linters.iosxr]
config_starts_after = 'Building configuration'
[linters.ios]
config_starts_after = 'Current configuration'
[linters.nxos]
config_starts_after = '!Time:'
[linters.panos]
config_ends_at = "[edit]"
# -----------------------------------------------------------------------------
#
# Version Control System(s)
#
# Currently only github systems are supported, but others types may be
# supported in the future. If you have more than one vcs repository you can
# include the `name` field so that you can identify the vcs-repo using the CLI
# --name option.
# -----------------------------------------------------------------------------
[[vcs]]
repo = "https://github.mycorp.com/jschulman/test-network-configs.git"
token = "$GIT_TOKEN"
# -----------------------------------------------------------------------------
# Logging - follows Python format as described
# https://docs.python.org/3/library/logging.config.html
# -----------------------------------------------------------------------------
[logging.loggers.netcfgbu]
handlers = ["console", "file"]
level = "INFO"
[logging.loggers.asyncssh]
# set the level to warning by default. If you want to enable debugging
# use the '--debug-ssh' option to set the debug level from [1-3];
# https://asyncssh.readthedocs.io/en/latest/api.html#asyncssh.set_debug_level
handlers = ["console"]
level = "WARNING"
[logging.handlers.console]
class = "logging.StreamHandler"
formatter = "basic"
stream = "ext://sys.stdout"
[logging.handlers.file]
class = "logging.FileHandler"
formatter = "basic"
filename = "netcfgbu.log"
[logging.formatters.basic]
format = "%(asctime)s %(levelname)s: %(message)s"