search

ytti / oxidized

Oxidized is a network device configuration backup tool. It's a RANCID replacement!
Apache License 2.0
2.79k stars 922 forks source link

Oxidized ignoring custom var_maps #2507

Closed dml2022 closed 2 years ago

dml2022 commented 2 years ago

Fortigate config changes every time it's requested, so I wanted to increase the delay from hourly to daily only on fortigate devices. I have added a custom var_map called interval and added 86400 seconds into router.db but it doesn't seem to be working, after a restart all configs are still saved on a hourly basis which is the default for all devices.

Here's the latest request where the new variable "interval" is detected and shows the right value, but configs are saved every hour:

{:name=>"Fortigate_01",
:full_name=>"US/Fortigate_01",
:ip=>"10.1.1.1",
:group=>"US",
:model=>"FortiOS",
:last=>
{:start=>2022-03-28 07:16:56.697461204 UTC,
:end=>2022-03-28 07:17:38.862760858 UTC,
:status=>:success,
:time=>42.165299654},
:vars=>{:enable=>"", :interval=>"86400"},
:mtime=>2022-03-28 07:17:39.848643771 UTC}

Here's my config file:

---
username: username
password: password
model: ios
resolve_dns: true
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 45
retries: 1
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 127.0.0.1:8888
next_adds_job: false
vars: 
  ssh_no_keepalive: true
  auth_methods: [ "none", "publickey", "password", "keyboard-interactive" ]
groups: {}
models: {}
pid: "/home/oxidized/.config/oxidized/pid"
crash:
  directory: "/home/oxidized/.config/oxidized/crashes"
  hostnames: false
stats:
  history_size: 10
input:
  default: ssh, telnet
  debug: false
  ssh:
    secure: false
  ftp:
    passive: true
  utf8_encoded: true
output:
  default: git
  git:
    user: oxidized
    email: oxidized@ozidized.com
    repo: "/home/oxidized/oxidized/git"
source:
  csv:
    file: "/home/oxidized/.config/oxidized/router.db"
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      ip: 1
      model: 2
      group: 3
      username: 4
      password: 5
    vars_map:
      enable: 6
      interval: 7
    gpg: false
model_map:
  cisco: ios
  cisco: aireos
  hp: procurve
  hp: comware
  nexus: nxos
  fortigate: fortios

Here's my router.db file:

#Fortigate
Fortigate_01:10.1.1.1:fortios:US:readonly:Password::86400

I'm not sure what am I doing wrong.

pfunkylol commented 2 years ago

I don't think you can set individually intervals for devices, but only global.

dml2022 commented 2 years ago

I don't think you can set individually intervals for devices, but only global.

Well that's going to be a problem, Fortigate devices update their config file secrets every time it's pulled and with an hourly check and a few firewalls my git repo was growing at an alarming rate.

Any ideas on how to avoid unnecesary config saves in fortios?

pfunkylol commented 2 years ago

You can remove secrets for fortios , that's how i do it.

models:
  fortios:
    vars:
      remove_secret: true

Or you can take a look at this https://github.com/ytti/oxidized/issues/931