Oxidized is an open-source network device configuration backup tool, created as an alternative to the popular RANCID software. Oxidized is highly suitable for centralizing backups of network devices, making it easier to manage and recover configurations from various devices within a single platform. This article provides a step-by-step guide on how to install this Backup Tool for network configuration backup on a Debian 11 system.
Introduction
Oxidized is a powerful, yet lightweight tool designed for network device configuration backups, offering extensive compatibility with over 130 different operating systems. Whether you’re managing a small network or a large-scale infrastructure, this Backup Tool streamlines the backup process, replacing older tools like RANCID with modern, efficient capabilities. Its flexibility and robust feature set make it an essential solution for network administrators looking to automate and centralize their configuration management.
Feature Highlights
- Dynamically adjusts thread usage to ensure timely retrieval of configurations
- Comprehensive RESTful API for seamless management of devices and configuration retrieval
- Supports Syslog (UDP+file) for real-time config fetch triggers on IOS and JunOS changes
- Integrated Git support for detailed change tracking and version control using ‘git blame’
- Proven compatibility with a range of devices including Cisco, Juniper, Mikrotik, and Dell Force10
Prerequisites
Before we get started, make sure you have the following software and devices ready:
- Oxidized – We’ll be using version 0.28.0 or latest for this setup.
- Operating System – This guide is tailored for Debian 11, so you’ll need that installed on your system.
- Network Devices – We’re working with a mix of Mikrotik (CCR, MAP Lite, RB450), Cisco (C2960G), and Dell Force10 (S60) devices.
How To Install Oxidized
Let’s start by installing the necessary tools and libraries that Oxidized needs to run smoothly on your Debian 11 system. Follow these simple steps:
|
1 2 3 4 |
sudo add-apt-repository universe sudo apt-get install ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev g++ sudo gem install oxidized sudo gem install oxidized-script oxidized-web # If you skip installing oxidized-web, make sure to remove "rest" from your Oxidized config. |
These commands will install Ruby, which is the language Oxidized is written in, along with other essential libraries. By the end, you’ll have Oxidized and its web interface ready to go!
Create User and Set Up Environment
Next, we’ll set up a dedicated user and environment for Oxidized to keep everything organized and secure. Here’s how to do it:
|
1 2 3 4 5 |
sudo useradd oxidized sudo chsh -s /usr/sbin/nologin oxidized sudo mkdir -p /opt/oxidized/{output,.config/oxidized/} sudo usermod -m -d /opt/oxidized oxidized echo "OXIDIZED_HOME=/opt/oxidized" | sudo tee --append /etc/environment |
These commands create a new user named ‘oxidized’ without login access, set up the necessary directories, and configure the environment for Oxidized.
Now, let’s create the initial configuration files that Oxidized will use:
|
1 2 |
touch /opt/oxidized/.config/oxidized/config touch /opt/oxidized/.config/oxidized/router.db |
This will generate empty configuration files where you’ll define your settings and devices later on.
Configuring Oxidized
To get Oxidized up and running, you’ll need to fill in the configuration file at /opt/oxidized/.config/oxidized/config. This file sets how this Backup Tool will operate, including how it saves and syncs your network configurations. Here’s a sample configuration to get you started:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
rest: 0.0.0.0:8888 log: /opt/oxidized/.config/oxidized/logs/oxidized.log input: default: ssh, telnet debug: false ssh: secure: false source: default: csv csv: file: "/opt/oxidized/.config/oxidized/router.db" delimiter: !ruby/regexp /:/ map: name: ip: 1 model: 2 group: 3 vars_map: {} model_map: juniper: junos cisco: ios mikrotik: routeros force10: dnos vars: enable: <your secret> remove_secret: true groups: cisco: username: oxidized password: <your password> mikrotik: username: oxidized password: <your password> force10: username: oxidized password: <your password> models: {} output: file: directory: /var/lib/oxidized/configs |
This configuration ensures this Backup Tool listens for requests on your local server, logs its activities, and saves your device configurations securely. The remove_secret: true setting is particularly important as it helps protect sensitive information like passwords by removing them from the backup files.
Simply copy and paste this configuration into the config file, adjust the placeholders with your actual details, and you’re all set!
Configuring Your Router Database
Next, you’ll need to set up the router database that this Backup Tool will use to manage your network devices. Open the file at /opt/oxidized/.config/oxidized/router.db and enter the following information:
|
1 2 |
# name:ip:model:group cisco-SW:172.x.x.x:cisco:cisco |
This file is formatted as a CSV (Comma-Separated Values) file but uses a colon (:) as the separator. Each line represents a device and includes:
- name: The name you give to the device (e.g.,
cisco-SW). - ip: The IP address of the device (e.g.,
172.x.x.x). - model: The type of device (e.g.,
cisco). - group: A label to categorize the device (e.g.,
cisco).
Simply replace the example values with your own device details. This setup allows this Backup Tool to recognize and connect to your network devices correctly.
Set Permissions
To ensure that this Backup Tool can access and manage its files properly, you need to adjust the permissions for the /opt/oxidized directory. This involves changing the ownership of the directory so that the oxidized user has full control.
Run the following command to update the directory permissions:
|
1 |
sudo chown -R oxidized:oxidized /opt/oxidized |
This command makes the oxidized user the owner of all files and subdirectories within /opt/oxidized. This step is crucial for ensuring that this Backup Tool can operate smoothly without permission issues.
Create Oxidized Service
To make Oxidized start automatically and manage it as a service, you’ll need to create a service file. This file will allow you to control Oxidized using standard system commands like starting, stopping, and enabling the service.
Create a file named oxidized.service in the /lib/systemd/system/ directory. You can do this by following these simple steps:
|
1 2 |
# Create the service file with the following content: sudo nano /lib/systemd/system/oxidized.service |
Then, add the following content to the file:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# /lib/systemd/system/oxidized.service [Unit] Description=Oxidized - Network Device Configuration Backup Tool After=network-online.target multi-user.target Wants=network-online.target [Service] ExecStart=/usr/local/bin/oxidized User=oxidized KillSignal=SIGKILL [Install] WantedBy=multi-user.target |
This configuration sets up Oxidized to start automatically at boot and ensures it runs under the correct user. After creating the file, you can manage this Backup Tool service easily with system commands.
Start and Enable the Oxidized Service
Now that you’ve set up the service file, it’s time to start Oxidized and make sure it runs automatically every time your system boots up.
To get Oxidized up and running, use the following commands:
|
1 2 3 4 5 |
# Start Oxidized immediately sudo systemctl start oxidized.service # Enable Oxidized to start automatically on boot sudo systemctl enable oxidized.service |
The first command starts Oxidized right away, so it begins managing your network device backups. The second command ensures that Oxidized will start automatically whenever your system starts up, so you don’t have to start it manually each time.
Verification
Once you’ve started the Oxidized service, it will begin retrieving configuration data from all the devices you listed. To check if everything is working correctly, you can look inside the output directory where this Backup Tool stores the backups.
Use the following command to view the contents of the output directory:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
tree /opt/oxidized/output/gemaroprek.git/ # Expected output /opt/oxidized/output/gemaroprek.git/ ├── cisco │ └── gemaroprek-SW ├── force10 │ └── gemaroprek-MMR ├── mikrotik │ ├── miko-gemaroprek │ └── R1-gemaroprek └── README.md 3 directories, 5 files |
This output structure shows that this Backup Tool has successfully created directories for each device type (cisco, force10, mikrotik) and saved their respective configuration files inside. The README.md file provides additional information about the backup files.
this Backup Tool organizes your backups by creating a separate folder for each group of devices. This makes it easy to find and manage configurations for different device types.
Troubleshooting
If something goes wrong, here’s how to troubleshoot:
systemctl status oxidized.service– Check this command to make sure the Oxidized service is running smoothly without any issues./opt/oxidized/.config/oxidized/logs/oxidized.log– Look here for detailed logs and error messages from Oxidized./opt/oxidized/.config/oxidized/crash– This file contains information about any crashes that may have occurred./var/log/syslog– This system log file might have useful information related to Oxidized’s operation.debug: true– You can enable debugging in the Oxidized configuration to get more detailed error reports if needed.
For additional help, check out the official Oxidized documentation. Stay tuned for our next post, where we’ll cover how to set up auto-syncing with a Git repository.
