Oxidized Help Setting up

j808 · 23 May 2017 18:30

I installed Oxidized on my librenms box. Seems like when I run oxidized it reads from the router.db file correctly. I can see the 3 devices I added to that file in the LibreNMS oxidized tab. Now i’m trying to integrate it with the LibreNMS devices. This is where I am having a hard time…
So in the Global Settings tab under External Settings/Oxidized integration.
I enable the Support, and put the address in http://127.0.0.1:8888. From here is where im stuck.

I saw this in the oxidized tab on the website
source:
default: http
debug: false
http:
url: https://librenms/api/v0/oxidized
map:
name: hostname
model: os
group: group
headers:
X-Auth-Token: ‘01582bf94c03104ecb7953dsadsadwed’

Where do i get my X-Auth-Token from?
This is the error message im getting when pasting into the oxidized config file.

oxidized
Error loading config: (): mapping values are not allowed in this context at line 27 column 14
/usr/local/share/gems/gems/oxidized-0.20.0/lib/oxidized/config.rb:52:in rescue in load': Error loading config: (<unknown>): mapping values are not allowed in this context at line 27 column 14 (Oxidized::InvalidConfig) from /usr/local/share/gems/gems/oxidized-0.20.0/lib/oxidized/config.rb:49:inload’
from /usr/local/share/gems/gems/oxidized-0.20.0/lib/oxidized/cli.rb:24:in initialize' from /usr/local/share/gems/gems/oxidized-0.20.0/bin/oxidized:9:innew’
from /usr/local/share/gems/gems/oxidized-0.20.0/bin/oxidized:9:in <top (required)>' from /usr/local/bin/oxidized:23:inload’
from /usr/local/bin/oxidized:23:in `’

Thank You

murrant · 23 May 2017 20:46

You can create api tokens under settings (the gear) API -> API Settings.

j808 · 23 May 2017 22:13

Thank You,
Was able to figure it out!

j808 · 24 May 2017 00:03

@murrant It doesnt seem to be saving version histories of the backup configs. Everytime oxidized stops or restarts the files are lost…
Also im running Cent7 is whats the best way to start oxidized when server starts?

laf · 24 May 2017 07:08

You need to switch your oxidized output to git. File output doesn’t support versioning.

j808 · 25 May 2017 00:30

OK thank you! Got it working

j808 · 20 June 2017 01:14

Hi @laf I am trying to add multiple devices that use different login and passwords. My config is the following:

username:
password:
model: cisco
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 30
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 127.0.0.1:8888
vars: {}
groups: {}
pid: /home/oxidized/.config/oxidized/pid
input:
default: ssh, telnet
debug: true
ssh:
secure: false
output:
default: git
git:
user: admin
email: @something.com
repo: "/root/.config/oxidized/configs/devices.git"
source:
default: http
debug: false
http:
url: http://localhost/api/v0/oxidized
map:
name: hostname
model: os
group: group
headers:
X-Auth-Token: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
models:
ios:
username: login
password: Password1
vars:
enable: Password1
edgeos:
username: login
password: Password1
edgeswitch:
username: login
password: Password1
airos:
username: login
password: Password1
tmos:
username: login
password: Password1

For some reason only the Cisco devices work. Is the config wrong?

laf · 20 June 2017 12:00

Your formatting is all off, show us how it’s formatted correctly. Bear in mind this is an oxidized question

j808 · 20 June 2017 20:22

Hi Sorry @laf , here is the pastebin. I didnt see much responding on the oxidized forms so I was hoping someone here can help me.
Thank You
https://pastebin.com/hkqBkfit

laf · 21 June 2017 20:40

Looks fine to me that, standard docs setup.

j808 · 22 June 2017 01:19

Hmm okay Thank you,
For some reason it works with cisco devices but not anything else.

Brent_Norris · 14 July 2017 15:39

Just looking at your pastebin I think you need to move all our other models out by two spaces. Oxidized cares about spacing so I think you need to get them in line with the others.

j808 · 18 July 2017 00:34

That worked. Everything is now backing up. Have you ever noticed retrieving configs can be a bit slow? I have about 1500 devices. Any performance optimizations? The VM I am using has 20 cores and being store on SSDs?
Thank You

Brent_Norris · 13 September 2017 00:44

No way man. I’m not even close to that setup. Damn. That is some serious gear.

jsdurling · 19 September 2017 12:02

@j808 can you clarify for me when you created your api key, did adding the source http to your oxidized configs, generate any errors? I’m getting an SSL error now when I try and run oxidized.

SSL_connect returned=1 errno=0 state=error: certificate verify failed
/usr/share/ruby/net/http.rb:921:in connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError)

Seems like an issue with Ruby/SSL but I am honestly struggling to figure out how to fix it.

-J

murrant · 19 September 2017 13:15

That means it doesn’t trust the SSL certificate on your librenms server. There are a few ways you can fix that. Use http, add the certificate to the oxidized server, get cert signed by a CA your oxidized server trusts.

jsdurling · 19 September 2017 14:08

@murrant - thanks for the reply. I do have a valid signed cert, at least per firefox etc.

Oxidized is actually running on the same server as librenms.

When I try and curl using the apikey, it seems like a cert issue for sure, but I’m not sure where/what is needed to resolve it.

[root@nms1 anchors]# curl -H ‘X-Auth-Token: c0de1e4acf58fa8b2fc4d656353c5a7f’ https://nms1.librenms.com/api/v0/oxidized
curl: (60) Peer’s Certificate issuer is not recognized.
More details here: curl - SSL CA Certificates

That being said, I’ve looked up the error, and I’m not sure how/why its an issue. I think this might also be partly the issue I’ve had with using the API with the librenms IOS app. I’ve not been able to make that work either.

jsdurling · 19 September 2017 14:45

Ok, so, I was missing my SSLCACert file, which has helped with the curl I am testing with per the oxidized documents in librenms.

[oxidized@nms1 oxidized]$ curl -H ‘X-Auth-Token: c0de1e4acf58fa8b2fc4d656353c5a7f’ https://nms1.librenms.com/api/v0/oxidized

401 Unauthorized

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

jsdurling · 19 September 2017 14:48

If I enable the http source within oxidize, I get this error when starting oxidized:

[oxidized@nms1 oxidized]$ oxidized -d
source is not valid JSON!
/usr/local/share/gems/gems/json_pure-2.1.0/lib/json/pure/parser.rb:121:in `parse’: source is not valid JSON! (JSON::ParserError)
SNIP

I’m assuming that is because the api curl testing from above isn’t working as of the moment.

jsdurling · 19 September 2017 16:52

So, I think this must be related to the way my authentication is setup. I auth against radius/ldap, but via apache. So, when I try and authenticate with an acct that is local to librenms, it fails.

I use http-auth. I’m not sure if that matter with api keys, but I am pretty sure any key I create doesn’t seem to allow me to curl anything.