ecadlabs / rosdump Goto Github PK
View Code? Open in Web Editor NEWrosdump backups Mikrotik/RouterOS devices, and stores the backup on disk or in git
License: MIT License
rosdump backups Mikrotik/RouterOS devices, and stores the backup on disk or in git
License: MIT License
Add commit summaries and timestamp masking to example configs
When a backup is taken from a mikrotik device, it puts a timestamp in the exported config file. When this file is committed to git, git sees that the file has changed. This happens for every backup over time, which adds a lot of noise to the git repo, making it harder to find substantive configuration changes over time.
Image illustrating the behavior. Screenshot taken from a gitlab instance;
Mask out the date/time portion of the comment line before committing to git.
A downside to this solution is that we loose the ability to positively assert that a device was backed up just by looking at the config. This downside is addressed by #3
# sep/24/2018 17:03:12 by RouterOS 6.42.7
Gets rewritten before getting committed to git to read as:
# DATETIME_REMOVED by RouterOS 6.42.7
The yaml device list looks like this
devices:
list:
- options:
host: 10.60.58.1
- options:
host: 10.60.58.2
- options:
host: 10.60.99.1
Why have this options list? and the list key?
It could be simplified to be:
devices:
name: 10.60.58.1
name: 10.60.58.2
name: 10.60.99.1
which is cleaner IMO, and still open for extension/addition of new parameters.
Remove the -once
flag and use -d
to run the command in daemon mode. This aligns with typical unix command conventions.
When rosdump
is run without the -d
flag, it will run once and exit.
To make a backup of a mikrotik device quick and easy, allow users to run the tool without a config file.
Running the command:
rosdump -t 192.168.88.1 -u admin -p password
Would write the config file from device 192.168.88.1
to the current working directory named 192.168.88.1.cfg
To do a simple backup of your device using the roscump docker image, run the following command:
docker run --rm -v ./:/backups ecadlabs/rosdump -t 192.168.88.1 -u admin -p password
If the backup completes correctly, you will have a config file in your present directory named 192.168.88.1.cfg
Export prometheus metrics will be useful for organizations that want to monitor the backup process, and put alerts in place if the backup agent is down.
Some suggested metrics;
host
host
It's not a good idea to store a ssh key that can access all your network devices on a servers filesystem.
To ameliorate this problem, we should support reading/loading of ssh keys from https://www.vaultproject.io/
For each backup run, backups may succeed or fail. To make this information visable overtime, I propose we write a backup summary to the commit log.
The rosdump
utility can write a summary like follows:
Routers backup 4 devices of 5 devices
OK 10.60.99.2
OK 10.60.99.3
OK 10.60.99.1
FAIL 10.60.99.4
OK 10.60.58.1
and use this summary as the commit message when using the git storage back-end.
What about when no changes are detected?
We push an empty commit, to make clear that a change happened;
The git cli option for this is:
git commit --allow-empty
It is bad practice to record passwords to a git repository.
Add an option to mask_passwords
which will cause rosdump to filter out any passwords before committing to git.
The example:
/ppp secret
add local-address=192.168.88.254 name=foobar password=A_REAL_PASSWORD profile=\
profile-openvpn remote-address=19.168.99.253 service=ovpn
would be re-written to look like:
/ppp secret
add local-address=192.168.88.254 name=foobar password=<REDACTED> profile=\
profile-openvpn remote-address=19.168.99.253 service=ovpn
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.