ersetze oxidized mit routeros-config-export (#562)

Reviewed-on: #562
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

docker-compose/homer/assets/mgmt.yml

@@ -89,11 +89,6 @@ services:
         url: "http://docker10.grote.lan:1234"
         target: "_blank"
         subtitle: "Monitoring"
-      - name: "Oxidized"
-        logo: "assets/icons/oxidized.svg"
-        url: "http://docker10.grote.lan:8888"
-        target: "_blank"
-        subtitle: "network device configuration backup tool"
 
   - name: "Internet-MGMT"
     icon: "fas fa-cloud"

docker-compose/oxidized/config.j2

@@ -1,34 +0,0 @@
-source:
-  default: csv
-  csv:
-    file: /home/oxidized/.config/oxidized/router.db
-    delimiter: !ruby/regexp /:/
-    map:
-      name: 0
-      ip: 1
-      model: 2
-      username: 3
-      password: 4
-    vars_map:
-      enable: 5
-
-# enable WebGUI
-rest: 0.0.0.0:8888
-
-# debug
-# debug: true
-
-output:
-  default: git
-  git:
-    user: oxidized
-    email: oxidized@grote.lan
-    repo: "/var/lib/oxidized/devices.git"
-
-hooks:
-  push_to_remote:
-    type: githubrepo
-    events: [post_store]
-    remote_repo: ssh://gitea@git.mgrote.net:2222/mg/oxidized-configs.git
-    publickey: /ssh/id_rsa.pub
-    privatekey: /ssh/id_rsa

docker-compose/oxidized/docker-compose.yml.j2

@@ -1,37 +0,0 @@
-version: '3.3'
-services:
-  oxidized:
-    restart: always
-    container_name: "oxidized"
-    image: oxidized/oxidized:latest
-    ports:
-      - 8888:8888/tcp
-    environment:
-      CONFIG_RELOAD_INTERVAL: 600
-    volumes:
-      - ./router.db:/home/oxidized/.config/oxidized/router.db
-      - ./config:/home/oxidized/.config/oxidized/config
-      - ./ssh:/ssh/
-      - oxidized:/var/lib/oxidized
-    labels:
-      com.centurylinklabs.watchtower.enable: false
-
-######## Volumes ########
-volumes:
-  oxidized:
-
-# auf git.mgrote.net ist "docker-oxidized" als user angelegt und die ssh-keys sind in seinem Nutzerprofil hinterlegt
-# von Nutzer "mg" sind die beiden oxidized Repos an "docker-oxidized" geteilt
-
-# ssh:
-# die ssh-keys müsen im alten pem-format vorliegen
-# https://github.com/ytti/oxidized/pull/2453/commits/a67a7204f65be8c564144e23012844fcff5444b5
-
-# erstellen:
-# 1. ssh-keygen (ohne alles)
-# 2. ssh-keygen -p -m PEM -f <private_key>
-# 3. chmod 0660 id_rsa*
-# 4. Key in ansible-vault/KeePass hinterlegen
-
-# hardware:
-# oxidized besitzt jeweils einen user auf jedem Gerät mit der Policy "read-only"

docker-compose/oxidized/router.db.j2

@@ -1,4 +0,0 @@
-rb5009.grote.lan:192.168.2.1:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_rb5009', 'password') }}
-nanohd-wohnzimmer.grote.lan:192.168.2.35:airos:ubi_ssh_admin:{{ lookup('keepass', 'docker_oxidized_nanohd', 'password') }}
-crs305.grote.lan:192.168.2.225:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_crs305', 'password') }}
-hex.grote.lan:192.168.3.144:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_hex', 'password') }}

docker-compose/oxidized/ssh/id_rsa.j2

@@ -1 +0,0 @@
-{{ lookup('keepass', 'docker_oxidized_gitea_ssh_key_private', 'notes') }}

docker-compose/oxidized/ssh/id_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiSAQC6Ayt6c9FSrJFBuuGmNpAU/cTDt+s9fy5l4LXOlY+255+ny0IDwfSYBx0e4DtOcpMnaOBazBSONc9zPAU+JFfX7XnO00ion4zHdoviy4TGYO+26L08srobU2sggZnIZLdXIXflpB2t80L2VfJa0RruARjDOAwAv1pM2JqWLjI1be1s8VvY6cj4ki5vl2xkKLBviIS/tBTgdIxtr/+S6U5az+wuopzEO6bXgIoye8ZvwWRVbqWhWwSarntX1yLfDHjFg5IIP9T5j1ySK/dgNL632JZhqM36F4LYEHiTZ4myAE7dCk08HIneQ3O5K4mWgRDKShBpPrWRMGKQouH0N0uoXVu24R7nBio3poVP0dY0TInhWtjIrY8vmdebHQGThNtTwXCBmBHX40UAkKSUuy98gzXa5X068ohvoWzOBHhSk9XY2upPwPEf3qga+mB98aH6UqjcI6/CHi2dIGOL5z8WbYBLhHJQo/hp7lVgLCbpQVv45Whjf+p+IX/sgk= mg@docker10

docker-compose/routeros-config-export/deploy_token.j2

@@ -0,0 +1 @@
+{{ lookup('keepass', 'routeros-config-backup_deploy-token', 'notes') }}

docker-compose/routeros-config-export/docker-compose.yml

@@ -0,0 +1,23 @@
+version: "3"
+services:
+  routeros-config-export:
+    container_name: routeros-config-export
+    restart: always
+    image: registry.mgrote.net/oxidized-selfmade:master
+    volumes:
+      - ./key_rb5009:/key_rb5009:ro
+      - ./key_hex:/key_hex:ro
+      - ./key_crs305:/key_crs305:ro
+      - ./deploy_token:/deploy_token:ro
+    environment:
+      DEVICES: |-
+              rb5009.grote.lan,routeros-config-backup,/key_rb5009
+              hex.grote.lan,routeros-config-backup,/key_hex
+              crs305.grote.lan,routeros-config-backup,/key_crs305
+      GIT_REPO_BRANCH: "master"
+      GIT_REPO_URL: "ssh://gitea@git.mgrote.net:2222/mg/routeros-configs.git"
+      GIT_REPO_DEPLOY_KEY: "/deploy_token"
+      GIT_USERNAME: oxidized-selfmade
+      GIT_USER_MAIL: michael.grote@posteo.de
+      GIT_REPO_REMOTE_NAME: origin
+      INTERVAL: 600 # in sekunden

docker-compose/routeros-config-export/key_crs305.j2

@@ -0,0 +1 @@
+{{ lookup('keepass', 'routeros-config-backup_crs305_private_key', 'notes') }}

docker-compose/routeros-config-export/key_hex.j2

@@ -0,0 +1 @@
+{{ lookup('keepass', 'routeros-config-backup_hex_private_key', 'notes') }}

docker-compose/routeros-config-export/key_rb5009.j2

@@ -0,0 +1 @@
+{{ lookup('keepass', 'routeros-config-backup_rb5009_private_key', 'notes') }}

host_vars/docker10.grote.lan.yml

@@ -25,8 +25,6 @@
   compose_dest_basedir: "/docker"
   compose_src_basedir: "{{ inventory_dir }}/docker-compose"
   compose_files:
-    - name: oxidized
-      state: present
     - name: homer
       state: present
     - name: munin
@@ -53,6 +51,8 @@
       state: present
     - name: blocky
       state: present
+    - name: routeros-config-export
+      state: present
     - name: registry
       state: present
       network: traefik
@@ -136,7 +136,7 @@
       src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
       config: |
         [http_response]
-        env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081
+        env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081
         env.max_time 20
         env.short_label true
         env.follow_redirect true
@@ -271,7 +271,7 @@
       config: |
         [gitea_commit_time_diff]
         env.url git.mgrote.net
-        env.repo oxidized-configs
+        env.repo routeros-configs
         env.user mg
         env.git_ref HEAD
         env.warning 1000