As a user of the netcfgbu I may need to examine more verbose debug messages to troubleshoot SSH issues. Add the following:

--debug-ssh=<level [1-3]>

Where the debug levels correspond to the AsyncSSH documentation: here.

As a network engineer using a AAA server that cannot respond "fast enough" to login requests due to the fact that netcfgbu runs concurrent tasks, I need the tool to account for this disability and perform one or more re-attempt to login using some form of backoff mechanism. I should be able to configure the number of retries; the default could be 2.

In order to avoid copy/paste of os_name section content, provide a means to alias one on_name to another. For example alias "catos" to be the same as "ios":

[os_name.ios]
    aliases = ['catos']
    pre_get_config = "terminal length 0"

change show_running to get_config
change disable_paging to pre_get_config

Add the ability to exclude hosts using the contents of the file. The file must be a text file whose contents will be line-split and then will use the first word on the line as the value to exclude. The line-word-split will use the pattern of whitespace (includes tabs) and comma.

When I was working on a connector for HP Procurve device, initially in order to handle annoying login banner asking to press a key to actually get to a CLI prompt, but despite the fact that the banner was handled properly with custom login(), read_until_prompt() hadn't matched the prompt pattern. The issue was caused by the presence of ANSI escape codes in the output. I managed to workaround it by incorporating strip_ansi_escape_codes() function from
https://github.com/ktbyers/netmiko/blob/0aa11265ea962f743f0ffa97d35ed4fa9aa0837d/netmiko/base_connection.py#L1777 in custom read_until_prompt() within my connector.

Are you interested in a PR which includes connector for HP Procurve in the code base and if so maybe there is more elegant way to handle the issue with escape codes?

Provide the ability to limit the inventory using an IP-prefix. For example, I want to include only inventory records that are in the 192.168.100.0/24 subnet:

netcfgbu inventory ls --limit ipaddr=192.168.100.0/24

To limit based on a list of ip subnets, for example any record in the 192.168.100.0/24 or the 10.1.255.0/27 subnet:

netcfgbu inventory ls --limit ipaddr=192.168.100.0/24,10.1.155.0/27

In the version of AsyncSSH used, the ssh_config file is not parsed. Therefore we need to provide the User with the ability to assign the ssh_config options as describe here:
https://asyncssh.readthedocs.io/en/stable/api.html#supported-algorithms
and here:
https://asyncssh.readthedocs.io/en/stable/api.html#asyncssh.SSHClientConnectionOptions

At the global level in the configuration file:

[ssh_configs]
   kex_algs = ["ecdh-sha2-nistp256", "diffie-hellman-group14-sha1"]
   encryption_algs = [
      "aes128-cbc,3des-cbc",
      "aes192-cbc,aes256-cbc",
      "aes256-ctr,aes192-ctr",
      "aes128-ctr"]

Or at the OS-spec level of the config file:

[os_name.aireos]
   ssh_configs.kex_algs =  ["ecdh-sha2-nistp256", "diffie-hellman-group14-sha1"]
   ssh_configs.encryption_algs = ["aes128-cbc,3des-cbc"]

NOTE: AsyncSSH will support parsing ssh_config file(s); this work is underway in the development branch.

When fetching devices, include the exclude=config_context parameter to improve the response time in using the Netbox API. In some cases given a large number of devices, if this parameter is omitted and the limit=0 is set, then the API will Timeout.

Automatically create the file "failed.csv" that is the inventory of devices failed the operation. This way this file could them be used in a future "--exclude @" type of usage.

Hitting a bug where os_name is None after it goes through validation.

(venv) axians@ubuntu-automation:~/netcfgbu$ netcfgbu login
Traceback (most recent call last):
  File "/home/axians/netcfgbu/venv/bin/netcfgbu", line 7, in <module>
    exec(compile(f.read(), __file__, 'exec'))
  File "/home/axians/netcfgbu/bin/netcfgbu", line 6, in <module>
    main.run()
  File "/home/axians/netcfgbu/netcfgbu/cli/main.py", line 11, in run
    cli(obj={})
  File "/home/axians/netcfgbu/venv/lib/python3.8/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/home/axians/netcfgbu/venv/lib/python3.8/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/home/axians/netcfgbu/venv/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/axians/netcfgbu/netcfgbu/cli/root.py", line 66, in invoke
    super().invoke(ctx)
  File "/home/axians/netcfgbu/venv/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/axians/netcfgbu/venv/lib/python3.8/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/home/axians/netcfgbu/venv/lib/python3.8/site-packages/click/decorators.py", line 21, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/home/axians/netcfgbu/netcfgbu/cli/login.py", line 84, in cli_login
    exec_test_login(ctx.obj["app_cfg"], ctx.obj["inventory_recs"], cli_opts)
  File "/home/axians/netcfgbu/netcfgbu/cli/login.py", line 25, in exec_test_login
    login_tasks = {
  File "/home/axians/netcfgbu/netcfgbu/cli/login.py", line 26, in <dictcomp>
    make_host_connector(rec, app_cfg).test_login(timeout=cli_opts["timeout"]): rec
  File "/home/axians/netcfgbu/netcfgbu/os_specs/__init__.py", line 11, in make_host_connector
    os_spec_def = get_os_spec(rec, app_cfg)
  File "/home/axians/netcfgbu/netcfgbu/os_specs/__init__.py", line 7, in get_os_spec
    return app_cfg.os_name.get(os_name) or OSNameSpec()
AttributeError: 'NoneType' object has no attribute 'get'

Jeremy found the issue within config_model.py whereby v needed to be returned on line 162.

Cheers for looking into this issue @jeremyschulman.

When I use an environment variable for the Git repo URL, I get the following error:

(cfgbu) samir-mbp15:cicd_book saparikh$ echo $GIT_REPO
[email protected]:saparikh/cfg-backup.git

(cfgbu) samir-mbp15:cicd_book saparikh$ netcfgbu login
Usage: netcfgbu login [OPTIONS]
Try 'netcfgbu login --help' for help.

Error: Configuration errors
    File:[/Users/saparikh/git/experimental/samir/cicd_book/netcfgbu.toml]
    Section: [git.0.repo]: Bad repo URL [$GIT_REPO]: expected to start with ('https:', 'git@').

This is the TOML file section:

[[git]]
    # the first entry does not require a name and it will be treated
    # as a default; i.e. when the --name option is omitted.
    repo = "$GIT_REPO"
    deploy_key = "$GIT_DEPLOY_KEY"

If I replace the env var with the URL, everything works:

[[git]]
    # the first entry does not require a name and it will be treated
    # as a default; i.e. when the --name option is omitted.
    repo = "[email protected]:saparikh/cfg-backup.git"
    deploy_key = "$GIT_DEPLOY_KEY"

Running version 0.60

(cfgbu) samir-mbp15:cicd_book saparikh$ netcfgbu --version
netcfgbu, version 0.6.0

Fresh install of netcfgu via pip and get the following error when trying to specify the path to the toml file:

netcfgbu -C netcfgbu.toml 
Usage: netcfgbu [OPTIONS] COMMAND [ARGS]...
Try 'netcfgbu --help' for help.

Error: no such option: -C

Setup section of the docs: https://github.com/jeremyschulman/netcfgbu#setup indicates this should work.

Help output from cli doesn't say anything about -C option

netcfgbu --help
Usage: netcfgbu [OPTIONS] COMMAND [ARGS]...

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  backup     Backup network configurations.
  inventory  Inventory subcommands.
  login      Verify SSH login to devices.
  probe      Probe device for SSH reachablility.
  vcs        Version Control System subcommands.

The current netbox_inventory.py script is written for the Netbox API < 2.7. Need to enhance the script to support >= 2.7 API changes.

add command:

inventory make [--name <name>]

So that it executes the inventory script bound to in the configuration.

Description

netcfgbu fails to run because the first package is missing from the requirements.txt file

Environment

• Python version: 3.8.1
• OS: Linux - RHEL7

Steps to Reproduce

1. $ git clone https://github.com/jeremyschulman/netcfgbu.git
2. $ cd netcfgbu
3. $ python3.8 setup.py install --user
4. $ netcfgbu

Expected Behavior

netcfg usage instructions

[3667673@lab-auto-dev netcfgbu]$ netcfgbu
Usage: netcfgbu [OPTIONS] COMMAND [ARGS]...

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  backup     Backup network configurations.
  inventory  [ls, build, ...]
  lint       Remove unwanted content from network config files.
  login      Verify SSH login to devices.
  probe      Probe device for SSH reachablility.

Observed Behavior

ModuleNotFoundError occurred

[marcus@lab-auto-dev netcfgbu]$ netcfgbu
Traceback (most recent call last):
  File "/home/3667673/.local/bin/netcfgbu", line 4, in <module>
    __import__('pkg_resources').run_script('netcfgbu==0.2.0', 'netcfgbu')
  File "/usr/local/lib/python3.8/site-packages/pkg_resources/__init__.py", line 666, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/local/lib/python3.8/site-packages/pkg_resources/__init__.py", line 1469, in run_script
    exec(script_code, namespace, namespace)
  File "/home/3667673/.local/lib/python3.8/site-packages/netcfgbu-0.2.0-py3.8.egg/EGG-INFO/scripts/netcfgbu", line 27, in <module>
ModuleNotFoundError: No module named 'first'

Add support for gitlab.

As a User of netcfgbu I may want to include additional columns in my inventory.csv file and use those column names for --include and --exclude filters.

Need a mechanism to "clean" the configuration files so that extraneous content is removed and any content that would cause a false-positive diff-change is removed.

Example:

!Time: Fri Jun  5 17:49:00 2020

Create the version control system (VCS) backend module for storing backups into github.

How can I specify the SSH port in inventory.csv other than 22?

The netcfgbu tool can be used with any git based system, which includes GitLab for example. This issue tracks the BREAKING CHANGE to the configuration file to rename the section name from "github" to simply "git".

See discussion in #47 for further details.

cc @minitriga

The built-in prompt pattern doesn't work for Cumulus devices. Because of this pre_get_config is not usable.

You end up with this error when trying to use pre_get_config:

FAILURES: 20
host     os_name    reason
-------  ---------  -----------------------------------
leaf02   cumulus    TIMEOUT('Timeout awaiting prompt',)
leaf03   cumulus    TIMEOUT('Timeout awaiting prompt',)
leaf13   cumulus    TIMEOUT('Timeout awaiting prompt',)

The need for pre_get_config is coming from the fact that using this setting get_config = "( cat /etc/hostname; cat /etc/network/interfaces; cat /etc/cumulus/ports.conf; sudo cat /etc/frr/frr.conf)" results in the first few lines still being lost.

This is what should be retrieved:

cumulus@leaf01:mgmt-vrf:~$ ( cat /etc/hostname; cat /etc/network/interfaces; cat /etc/cumulus/ports.conf; sudo cat /etc/frr/frr.conf )
leaf01
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*.intf

auto lo
iface lo inet loopback
    address 10.16.1.1/32
    address 192.168.123.1/32

This is what is currently retrieved:

rmation, see interfaces(5).

source /etc/network/interfaces.d/*.intf

auto lo
iface lo inet loopback
    address 10.16.1.1/32
    address 192.168.123.1/32

Need to add code to check that the entire structure of the User provided configuration is valid before proceeding to use it. Some of the config file is programmatically checked in various functions as the content is used. What is needed is effectively a first-global-check before proceeding. Probably use a schema package like pydantic.

The opposite of "--limit" that includes, add an "--exclude"

Examples:

--exclude host=myhost

--exclude 'host=.*foo\.com'

--exclude os_name=nxos

I have a use case where I want one box doing all of the config backups across several data centers. I also have a jumpbox in each data center that I can use to access the mgmt network. However, in order to do this, I use the ssh config option ProxyCommand to proxy my connection to the network gear through the respective data center's jumpbox. Below is a snippet of my ssh config file:

Host !jumpbox.networkandrew.com *.networkandrew.com
    ProxyCommand ssh -W %h:%p [email protected]

If I'm able to use the above ProxyCommand in my netcfgbu.toml file, I'll be able to accomplish this.

I need to be able to provide one or more credentials to specific os-specs so that I can account for these types of use-caes.

Folks have been asking why I developed this tool and how it compares to existing options such as Rancid or Oxidized.

This issue tracks to creation of this document.

Provide CLI options that specify the location of the inventory file so that the value need not be stored in the configuration-file.

As a workaround, you can set the inventory value to an environment variable as shown in the sample config

Add start-time, end-time, and duration into the report output.

Add environment variables that would allow a User to define a set of equivalent [[git]] configuration so that it is not required in an actual configuration file.

For example:

NETCFGBU_GIT_REPO
NETCFGBU_GIT_TOKEN
NETCFGBU_GIT_DEPLOY_KEY
NETCFGBU_GIT_DEPLOY_KEY_PASSPHRASE
NETCFGBU_GIT_USERNAME
NETCFGBU_GIT_EMAIL