Network Equipment Configuration Management Eltex | Oxidized

Every system/network administrator sooner or later faces a situation: someone edited the config, but it is not very clear who and when. There were no differential backups, syslog was not recorded.

How to find out what has been changed?

Looked for a suitable solution for a long time. Found it.

Goals

  1. Find a free or OpenSource solution for backing up network equipment configurations.

  2. Implement and use.

Technical details

We use a fairly large stack of equipment from Eltex. There are also remnants of Cisco, Nortel, Avaya, some Mikrotik.

The need has arisen to implement configuration management for this zoo. Moreover, regionally (throughout the Russian Federation), import-substituted and, of course, free of charge.

Asked google gemini

Question - Orchestration systems compatible with Eltex equipment

Answer Gemini - Great question! The choice of an orchestration system for Eltex equipment directly depends on the scale of your network, specific requirements, and automation goals.

Built-in Eltex tools

First of all, it is worth paying attention to the built-in management tools of the Eltex equipment itself. Many models support:

SNMP: A standard protocol for monitoring and managing network devices.

CLI: Command line for performing various configuration actions.

Web interface: A graphical interface for managing the device through a web browser.

These tools allow for basic orchestration and automation, especially in small networks or for performing routine tasks.

Some popular orchestration systems compatible with Eltex equipment:

Ansible: A highly automated configuration management system that uses a simple language to describe the desired state of the infrastructure.

Puppet: An open-source configuration system that uses a declarative language to manage infrastructure.

Chef: Another popular open-source configuration system that uses infrastructure as code.

SaltStack: A configuration management system that uses a master-agent architecture to manage remote systems.

CloudForms: A comprehensive platform for managing cloud infrastructure that includes orchestration features.

Reviewed the proposed options

Ansible - missed, successful implementation options for Eltex switches - either none, or I did not find.

Eltex ECCM - good in all respects, but not free, plus it is impossible to connect equipment from other vendors (most likely).

Oxidized - compatible, free (https://github.com/ytti/oxidized), trying.

About the solution

Oxidized - this is a universal solution that supports more than 130 types of devices from various vendors, so it is enough to install and configure it once and then use it regardless of the equipment used. This is much more convenient than solutions designed for the equipment of any particular manufacturer.

LET'S GET STARTED

For the setup, we will use Ubuntu 22.04 LTS, Eltex 2308B switch.

Oxidized is written in Ruby and therefore its installation is different from what Debian users are used to. Let's start by installing the necessary dependencies:

apt install ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev g++ libyaml-dev

Install Oxidized via RubyGems

gem install oxidized

gem install oxidized-script oxidized-web

gem install psych

Next, install Git to store configurations and control changes in them:

apt install git

Create a user for oxidized

useradd -s /bin/bash -m oxidized

Make a test login

su oxidized

oxidized

exit

First of all, set the default username and password with which oxidized will connect to network devices. I recommend using a separate user with a non-standard name for this, which should then be created on all network devices.

In our case

0xidiZed // P@$$w0rD

Don't forget to add privileges to the user on the switch, otherwise it won't work.

username 0xidiZed password P@$$w0rD privilege 15

Edit the Oxidized configuration file at

~oxidized/.config/oxidized/config


Eltex network equipment configuration using Oxidized

correct username | password

change model:eltex

change the request intervals (interval:86400) to save the configuration once a day

input - change from telnet to ssh, as it is more secure


Automation of Eltex configuration management through Oxidized

output is responsible for storing the configuration information collected from the devices, we will use Git, so the configuration will look like this:

output:

default: git

git:

user: oxidized

email: [email protected]

repo: "/home/oxidized/.config/oxidized/devices.git"

We set the IP addresses of the switches in the router database file (in other words, csv file with delimiter : ) located at

"/home/oxidized/.config/oxidized/router.db"

create the necessary file

mcedit ~oxidized/.config/oxidized/router.db

Add our switch to this file

TstRouter:192.168.72.1

If you need to set authorization parameters different from the global ones, set them

TstRouter:192.168.72.1:User:Password

Next, we need to create a Systemd unit to work as a service, for this we copy the ready-made template:

cp /var/lib/gems/3.0.0/gems/oxidized-0.30.1/extra/oxidized.service /etc/systemd/system

Pay close attention to the version number, in our case oxidized-0.30.1

Reload the systemd content:

systemctl daemon-reload

Create a directory in /run:

mkdir /run/oxidized

And make the oxidized user its owner:

chown oxidized:oxidized /run/oxidized

Add the service to autostart:

systemctl enable oxidized

And start it:

systemctl start oxidized

Check the service status

systemctl status oxidized


Monitoring and backup of Eltex configurations using Oxidized

Also check that the service is running on the correct port

ss -tpln


Oxidized interface for managing Eltex network devices

Configure git:

git config --global user.name "oxidized"

git config --global user.email "[email protected]"

git init oxidized.git

Install and configure NGINX (oxidized does not have its own web server).

apt install nginx

overwrite the default configuration

cat /var/lib/gems/3.0.0/gems/oxidized-0.30.1/extra/oxidized.nginx > /etc/nginx/sites-available/default

restart nginx

nginx -s reload

Go to the oxidized page


Eltex configuration management system based on Oxidized

If everything is set up correctly, you will see a similar picture.

Check the operation (save the router configuration, change the configuration, save the configuration again)


Oxidized: a solution for managing Eltex network equipment configurations

That's all for now.

Later it will be necessary to add equipment from other vendors, configure encryption, TLS, divide equipment into groups, etc.

To be continued.

Comments