Oxidized is a wonderful script that can automatically backup your RouterOS(And many other vendors) devices that supports versioning using standard GIT repositories.
The format is fairly simple and intuitive to get up and running quickly and can easily be expanded to plug into LibreNMS for a more robust solution.
I am not going to go into a more advanced installation with this tutorial but will be focusing on a simple solution to get oxidized up and running in very little time.
Required components:
- Clean install of Ubuntu Server
- Enough storage for all your backup files
- Enough bandwidth to download the backup files
- GIT server with a GIT repository
While not strictly necessary I recommend creating an user that is in the “read” group on each device to use for downloading the backup files
Once your server has been installed make sure the “UNIVERSE” repository is enabled if not
-
sudo add-apt-repository universe
After adding the repository update apt
-
sudo apt update
Install the dependencies
-
apt-get install ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev g++
Install the gems
-
gem install oxidized
-
gem install oxidized-script oxidized-web
Oxidized configuration is in YAML format. Configuration files are subsequently sourced from /etc/oxidized/config then ~/.config/oxidized/config. The hashes will be merged, this might be useful for storing source information in a system wide file and user specific configuration in the home directory (to only include a staff specific username and password). Eg. if many users are using oxs, see Oxidized::Script.
It is recommended practice to run Oxidized using its own username. This username can be added using standard command-line tools:
-
useradd oxidized
To initialize a default configuration in your home directory ~/.config/oxidized/config, simply run oxidized
the folder ~/.config/ozidized will now be populated with a default configuration that needs to be modified for further use
modify your ~/.config/oxidized/config file to suite your own needs pay special attention to the username and password and GIT configuration (for standard file formats comment out the GIT settings and uncomment the file settings under the “output” sections)
-
nano ~/.config/oxidized/config
-
—
username: BackupUserName
password: BackupPassword
model: routeros
resolve_dns: false
interval: 3600
log: ~/.config/oxidized/log
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: x.x.x.x:8888 #IP of oxidized server
next_adds_job: false
vars: {}
groups: {}
models: {}
pid: “/home/oxidized/.config/oxidized/pid”
crash:
directory: “/home/oxidized/.config/oxidized/crashes”
hostnames: false
stats:
history_size: 10
input:
default: ssh
debug: false
ssh:
secure: false
ftp:
passive: true
utf8_encoded: true
#output:
# default: file
# file:
# directory: “/home/oxidized/.config/oxidized/configs”
output:
default: git
user: gituser
email: gituser@contoso.com
repo: “/path/to/git-repos/default.git”
source:
default: csv
csv:
file: “/home/oxidized/.config/oxidized/router.db”
delimiter: !ruby/regexp /:/
map:
name: 0
model: 1
gpg: false
model_map:
juniper: junos
cisco: ios
mikrotik: routeros -
nano ~/.config/oxidized/router.db (the format is IP/DNS:DeviceType)
-
IP_OF_MIKROTIK:mikrotik
IP_OF_ANOTHER:mikrotik -
systemctl restart oxidized
You can now browse to http://IP_OF_Oxidized:8888 and see your backup status
Just a note the oxidized page is not password protected in order to do this you will need to configure a reverse proxy using Apache2/Nginx if you want to protect the site
