Add commit summaries and timestamp masking to example configs

Problem/Challenge

When a backup is taken from a mikrotik device, it puts a timestamp in the exported config file. When this file is committed to git, git sees that the file has changed. This happens for every backup over time, which adds a lot of noise to the git repo, making it harder to find substantive configuration changes over time.

Image illustrating the behavior. Screenshot taken from a gitlab instance;

Proposition

Mask out the date/time portion of the comment line before committing to git.

A downside to this solution is that we loose the ability to positively assert that a device was backed up just by looking at the config. This downside is addressed by #3

Example:

# sep/24/2018 17:03:12 by RouterOS 6.42.7

Gets rewritten before getting committed to git to read as:

# DATETIME_REMOVED by RouterOS 6.42.7

The yaml device list looks like this

devices:
  list:
    - options:
        host: 10.60.58.1
    - options:
        host: 10.60.58.2
    - options:
        host: 10.60.99.1

Why have this options list? and the list key?

It could be simplified to be:

devices:
  name: 10.60.58.1
  name: 10.60.58.2
  name: 10.60.99.1

which is cleaner IMO, and still open for extension/addition of new parameters.

Remove the -once flag and use -d to run the command in daemon mode. This aligns with typical unix command conventions.

When rosdump is run without the -d flag, it will run once and exit.

To make a backup of a mikrotik device quick and easy, allow users to run the tool without a config file.

Running the command:

rosdump -t 192.168.88.1 -u admin -p password

Would write the config file from device 192.168.88.1 to the current working directory named 192.168.88.1.cfg

Proposed documentation for this feature, to go in the readme quickstart section:

To do a simple backup of your device using the roscump docker image, run the following command:

docker run --rm -v ./:/backups ecadlabs/rosdump -t 192.168.88.1 -u admin -p password

If the backup completes correctly, you will have a config file in your present directory named 192.168.88.1.cfg

Export prometheus metrics will be useful for organizations that want to monitor the backup process, and put alerts in place if the backup agent is down.

Some suggested metrics;

• rosdump_runs
• rusdump_backup_success_counter Labels host
• rusdump_backup_fail_counter Labels: host

It's not a good idea to store a ssh key that can access all your network devices on a servers filesystem.

To ameliorate this problem, we should support reading/loading of ssh keys from https://www.vaultproject.io/

For each backup run, backups may succeed or fail. To make this information visable overtime, I propose we write a backup summary to the commit log.

The rosdump utility can write a summary like follows:

Routers backup 4 devices of 5 devices

OK 10.60.99.2
OK 10.60.99.3
OK 10.60.99.1
FAIL 10.60.99.4
OK 10.60.58.1

and use this summary as the commit message when using the git storage back-end.

What about when no changes are detected?

We push an empty commit, to make clear that a change happened;

The git cli option for this is:

git commit --allow-empty

See: https://bestpractices.coreinfrastructure.org/en

It is bad practice to record passwords to a git repository.

Add an option to mask_passwords which will cause rosdump to filter out any passwords before committing to git.

The example:

/ppp secret
add local-address=192.168.88.254 name=foobar password=A_REAL_PASSWORD profile=\
    profile-openvpn remote-address=19.168.99.253 service=ovpn

would be re-written to look like:

/ppp secret
add local-address=192.168.88.254 name=foobar password=<REDACTED> profile=\
    profile-openvpn remote-address=19.168.99.253 service=ovpn