Skip to content

Adrian Giacometti

  • Home
  • Useful links
  • About Me

Simple, complete, free, and automated network configuration backup setup

14th March 2020 by Adrian Giacometti

I’ve been asked about how to automate a network configuration backup and I read a lot of articles on the internet, but I didn’t find a simple, quick, complete and free setup.

So, I made this one.

You only need a Linux with Python3 (installed by default) check your version with:

$ python3 --version 

or easy upgradable with:

$ python3 --version 
$ sudo apt-get update
$ sudo apt-get install python3.6

and Ansible, very easy to install.

$ sudo apt update
$ sudo apt install software-properties-common
$ sudo apt-add-repository --yes --update ppa:ansible/ansible
$ sudo apt install ansible

Now this setup I made has one master Playbook for:

  • Support IOS, ASA, NxOS, and F5
  • Keeps 10 historic configurations, with format hostname-date-time
  • Only keep the backup if the configuration is different from the previous one
  • Send an email or Slack message if the backup fails

Get the code with:

$ git clone https://github.com/aegiacometti/netconf-backup 

Add your devices to the Ansible hosts file, and execute the backup with:

$ ansible-playbook ./netconf-backup.yml

Optionally, if you want the alerts to be sent when a configuration backup fails, set to “yes” the variables alert_mail and/or alert_slack at the master Playbook netconfig-backup.yml. And set your mail details and/or Slack webhook at the playbooks playbooks/netconfig-backup-send-mail.yml and/or playbooks/netconfig-backup-msg-slack.yml

Add the Playbook execution to crond with:

$ crontab -e

Add a line like:

0 0 * * * ansible-playbook ~/your_dir_to/netconf-backup.yml

That’s it, you have an automated network configuration backup every day at 00:00.

And if something goes wrong you will have an email or a Slack message with the failed backup hostname.

Later with only using the Linux command diff you can have the difference between the configuration files.

Now, if you need, you could expose those files with a simple web server or shared folder setup, but please add a user/password login, you don’t want the configurations to be public.

Special SSH connectivity notes

If normal prompt ssh connection don’t work, it will not work with Ansible either. So first check the normal ssh connection from command line, and if you have problems, check these two configurations to add to your Linux.

  • Depending on the OS of your network devices you might need to enable other SSH parameters. lines with sudo vi /etc/ssh/ssh_config.
#Legacy changes
 KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp5 21,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
 Ciphers aes128-cbc,aes128-ctr,aes256-ctr
  • On the Ansible side, analyse the addition of these two parameters in your .ansible.cfg.
[defaults]
# uncomment this to disable SSH key host checking
host_key_checking = False

[paramiko_connection]
# When using persistent connections with Paramiko, the connection runs in a
# background process.  If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key.  This will cause 
# connections
# running in background processes to fail.  Uncomment this line to have
# Paramiko automatically add host keys.
host_key_auto_add = True

In the next post, I will explore how to use a configuration version system like Git (locally) and GitHub which is the same concept as Git, but in the cloud and with a web GUI of course, this would be the entrance to a bigger and interesting world of possibilities about configuration management.

Cheers.

Share on Social Media
linkedin twitter email

Post navigation

Previous Post:

Cheap, Fast, Easy and Secure with Automation Bots

Next Post:

Quick start to Ansible Vault

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Translate to your language

Site search

Tags

ansible automation aws bcp bgp books chatbot chatops cisco cisco aci cloud automation datacenter desing devops drp enterprise f5 fastapi free gitlab ci gitops high availability internet iproute2 isp learning linux monitoring nat netdevops netmiko netops network network automation network backup opensource oracle oci python saltstack slack slackops terraform vpn vrf webinar

Blog Stats

  • 13,367 hits

RSS ipSpace.net Blog Posts

  • Video: Packet Buffers in Data Center ASICs
  • Will ChatGPT Replace Stack Overflow?
  • New: CI/CD in Networking Resource Page
  • External Links on Spine Switches
  • Test VRF-Aware DHCP Relaying with netlab

RSS Unknown Feed

Archives

  • 2021 (10)
    • November (1)
    • August (2)
    • July (1)
    • May (2)
    • April (3)
    • February (1)
  • 2020 (15)
    • December (2)
    • October (1)
    • September (1)
    • June (1)
    • April (5)
    • March (1)
    • February (2)
    • January (2)
  • 2019 (3)
    • December (3)

Follow & Contact info

  • LinkedIn
  • GitHub
  • Twitter
  • YouTube
  • Email
  • RSS Feed

Subscribe to stay updated

Loading
© 2023 Adrian Giacometti