I’ve been asked about how to automate a network configuration backup and I read a lot of articles on the internet, but I didn’t find a simple, quick, complete and free setup.
So, I made this one.
You only need a Linux with Python3 (installed by default) check your version with:
$ python3 --version
or easy upgradable with:
$ python3 --version $ sudo apt-get update $ sudo apt-get install python3.6
and Ansible, very easy to install.
$ sudo apt update $ sudo apt install software-properties-common $ sudo apt-add-repository --yes --update ppa:ansible/ansible $ sudo apt install ansible
Now this setup I made has one master Playbook for:
- Support IOS, ASA, NxOS, and F5
- Keeps 10 historic configurations, with format hostname-date-time
- Only keep the backup if the configuration is different from the previous one
- Send an email or Slack message if the backup fails
Get the code with:
$ git clone https://github.com/aegiacometti/netconf-backup
Add your devices to the Ansible
hosts file, and execute the backup with:
$ ansible-playbook ./netconf-backup.yml
Optionally, if you want the alerts to be sent when a configuration backup fails, set to “yes” the variables
alert_slack at the master Playbook
netconfig-backup.yml. And set your mail details and/or Slack webhook at the playbooks
Add the Playbook execution to
$ crontab -e
Add a line like:
0 0 * * * ansible-playbook ~/your_dir_to/netconf-backup.yml
That’s it, you have an automated network configuration backup every day at 00:00.
And if something goes wrong you will have an email or a Slack message with the failed backup hostname.
Later with only using the Linux command
diff you can have the difference between the configuration files.
Now, if you need, you could expose those files with a simple web server or shared folder setup, but please add a user/password login, you don’t want the configurations to be public.
Special SSH connectivity notes
If normal prompt ssh connection don’t work, it will not work with Ansible either. So first check the normal ssh connection from command line, and if you have problems, check these two configurations to add to your Linux.
- Depending on the OS of your network devices you might need to enable other SSH parameters. lines with
sudo vi /etc/ssh/ssh_config.
#Legacy changes KexAlgorithms diffie-hellman-group1-sha1,firstname.lastname@example.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp5 21,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 Ciphers aes128-cbc,aes128-ctr,aes256-ctr
- On the Ansible side, analyse the addition of these two parameters in your
[defaults] # uncomment this to disable SSH key host checking host_key_checking = False [paramiko_connection] # When using persistent connections with Paramiko, the connection runs in a # background process. If the host doesn't already have a valid SSH key, by # default Ansible will prompt to add the host key. This will cause # connections # running in background processes to fail. Uncomment this line to have # Paramiko automatically add host keys. host_key_auto_add = True
In the next post, I will explore how to use a configuration version system like Git (locally) and GitHub which is the same concept as Git, but in the cloud and with a web GUI of course, this would be the entrance to a bigger and interesting world of possibilities about configuration management.