From 9a42275a13919e88a8692c2c6cfed75d565be4db Mon Sep 17 00:00:00 2001 From: Bonrob2 <59453630+Bonrob2@users.noreply.github.com> Date: Tue, 29 Aug 2023 16:23:39 -0400 Subject: [PATCH] DP-3: Horizon/Meridian: Add tabbed block to Configure Backup Sprint Updated the device config. backup user accounts section so that each script example appears in a block format like our OS tabs in the deployment sections of the docs. --- .../dcb-accounts/aruba-os.adoc | 16 +++ .../dcb-accounts/aruba-oscx.adoc | 17 +++ .../dcb-accounts/cisco-ios.adoc | 10 ++ .../dcb-accounts/juniper.adoc | 27 +++++ .../deep-dive/device-config-backup/ssh.adoc | 106 +++++------------- .../minion-confd/minion-confd.adoc | 1 + 6 files changed, 97 insertions(+), 80 deletions(-) create mode 100644 docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/aruba-os.adoc create mode 100644 docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/aruba-oscx.adoc create mode 100644 docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/cisco-ios.adoc create mode 100644 docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/juniper.adoc diff --git a/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/aruba-os.adoc b/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/aruba-os.adoc new file mode 100644 index 000000000000..d4db571b827f --- /dev/null +++ b/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/aruba-os.adoc @@ -0,0 +1,16 @@ +This script creates a `dcb` user account based on a custom user group (`dcb-group`). +The user group has limited privileges, which are passed on to the `dcb` account. + +[source, script] +---- +aruba-os# configure +aruba-os(config)# aaa authorization commands local +aruba-os(config)# aaa authorization group "dcb-group" 1 match-command "copy running-config tftp .*" permit +aruba-os(config)# aaa authorization group "dcb-group" 2 match-command "show running-config" permit +aruba-os(config)# aaa authorization group "dcb-group" 3 match-command "copy startup-config tftp .*" permit +aruba-os(config)# aaa authorization group "dcb-group" 4 match-command "show startup-config" permit +aruba-os(config)# aaa authentication local-user "dcb" group "dcb-group" password plaintext +New password for dcb: Pa55w0rd +Please retype new password for dcb: Pa55w0rd +aruba-os(config)# exit +---- \ No newline at end of file diff --git a/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/aruba-oscx.adoc b/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/aruba-oscx.adoc new file mode 100644 index 000000000000..c2baaa6ca7b5 --- /dev/null +++ b/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/aruba-oscx.adoc @@ -0,0 +1,17 @@ +This script creates a `dcb` user account based on a custom user group (`dcb-group`). +The user group has limited privileges, which are passed on to the `dcb` account. + +[source, script] +---- +aruba-os-cx# config +aruba-os-cx(config)# user-group dcb-group +aruba-os-cx(config-usr-grp-dcb-group)# permit cli command "copy startup-config tftp.*" +aruba-os-cx(config-usr-grp-dcb-group)# permit cli command "copy running-config tftp.*" +aruba-os-cx(config-usr-grp-dcb-group)# permit cli command "show running-config" +aruba-os-cx(config-usr-grp-dcb-group)# deny cli command ".*" +aruba-os-cx(config-usr-grp-dcb-group)# exit +aruba-os-cx(config)# user dcb group dcb-group password +Enter password: Pa55w0rd +Confirm password: Pa55w0rd +aruba-os-cx(config)# +---- \ No newline at end of file diff --git a/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/cisco-ios.adoc b/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/cisco-ios.adoc new file mode 100644 index 000000000000..16fa29614d49 --- /dev/null +++ b/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/cisco-ios.adoc @@ -0,0 +1,10 @@ +This script creates a `dcb` user account based on a custom privilege configuration: + +[source, script] +---- +cisco-ios#configure terminal +cisco-ios(config)#username dcb privilege 2 secret Pa55w0rd +cisco-ios(config)#privilege exec level 2 copy running-config +cisco-ios(config)#privilege exec level 2 copy startup-config +cisco-ios(config)#exit +---- \ No newline at end of file diff --git a/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/juniper.adoc b/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/juniper.adoc new file mode 100644 index 000000000000..5289d4acab4e --- /dev/null +++ b/docs/modules/operation/pages/deep-dive/device-config-backup/dcb-accounts/juniper.adoc @@ -0,0 +1,27 @@ +This script creates a `dcb` user account based on a custom login class (`dcb-class`). +The login class has limited privileges, which are passed on to the `dcb` account. + +[source, script] +---- +admin@juniper-junos# set system login class dcb-class permissions all + +[edit] +admin@juniper-junos# set system login class dcb-class allow-commands "(exit)|(start shell)|(show configuration.*)" + +[edit] +admin@juniper-junos# set system login class dcb-class deny-commands .* + +[edit] +admin@juniper-junos# set system login user dcb uid 1006 + +[edit] +admin@juniper-junos# set system login user dcb class dcb-class + +[edit] +admin@juniper-junos# set system login user dcb authentication plain-text-password +New password: Pa55w0rd +Retype new password: Pa55w0rd + +[edit] +admin@juniper-junos# exit +---- \ No newline at end of file diff --git a/docs/modules/operation/pages/deep-dive/device-config-backup/ssh.adoc b/docs/modules/operation/pages/deep-dive/device-config-backup/ssh.adoc index a2906678080f..bb669c92aeea 100644 --- a/docs/modules/operation/pages/deep-dive/device-config-backup/ssh.adoc +++ b/docs/modules/operation/pages/deep-dive/device-config-backup/ssh.adoc @@ -124,84 +124,30 @@ There are several example scripts available in `$\{OPENNMS_HOME}/etc/examples/de We recommend that you limit the privileges of any user accounts used for configuration retrieval. The following examples demonstrate how to configure a `dcb` user account, specify its password (`Pa55w0rd`), and limit its privileges to only configuration retrieval commands. -==== ArubaOS configuration +[{tabs}] +==== +ArubaOS:: ++ +-- +include::dcb-accounts/aruba-os.adoc[] +-- + +ArubaOS-CX:: ++ +-- +include::dcb-accounts/aruba-oscx.adoc[] +-- + +Cisco IOS:: ++ +-- +include::dcb-accounts/cisco-ios.adoc[] +-- + +Juniper Junos:: ++ +-- +include::dcb-accounts/juniper.adoc[] +-- +==== -This script creates a `dcb` user account based on a custom user group (`dcb-group`). -The user group has limited privileges, which are passed on to the `dcb` account. - -[source, script] ----- -aruba-os# configure -aruba-os(config)# aaa authorization commands local -aruba-os(config)# aaa authorization group "dcb-group" 1 match-command "copy running-config tftp .*" permit -aruba-os(config)# aaa authorization group "dcb-group" 2 match-command "show running-config" permit -aruba-os(config)# aaa authorization group "dcb-group" 3 match-command "copy startup-config tftp .*" permit -aruba-os(config)# aaa authorization group "dcb-group" 4 match-command "show startup-config" permit -aruba-os(config)# aaa authentication local-user "dcb" group "dcb-group" password plaintext -New password for dcb: Pa55w0rd -Please retype new password for dcb: Pa55w0rd -aruba-os(config)# exit ----- - -==== ArubaOS-CX configuration - -This script creates a `dcb` user account based on a custom user group (`dcb-group`). -The user group has limited privileges, which are passed on to the `dcb` account. - -[source, script] ----- -aruba-os-cx# config -aruba-os-cx(config)# user-group dcb-group -aruba-os-cx(config-usr-grp-dcb-group)# permit cli command "copy startup-config tftp.*" -aruba-os-cx(config-usr-grp-dcb-group)# permit cli command "copy running-config tftp.*" -aruba-os-cx(config-usr-grp-dcb-group)# permit cli command "show running-config" -aruba-os-cx(config-usr-grp-dcb-group)# deny cli command ".*" -aruba-os-cx(config-usr-grp-dcb-group)# exit -aruba-os-cx(config)# user dcb group dcb-group password -Enter password: Pa55w0rd -Confirm password: Pa55w0rd -aruba-os-cx(config)# ----- - -==== Cisco IOS configuration - -This script creates a `dcb` user account based on a custom privilege configuration: - -[source, script] ----- -cisco-ios#configure terminal -cisco-ios(config)#username dcb privilege 2 secret Pa55w0rd -cisco-ios(config)#privilege exec level 2 copy running-config -cisco-ios(config)#privilege exec level 2 copy startup-config -cisco-ios(config)#exit ----- - -==== Juniper Junos configuration - -This script creates a `dcb` user account based on a custom login class (`dcb-class`). -The login class has limited privileges, which are passed on to the `dcb` account. - -[source, script] ----- -admin@juniper-junos# set system login class dcb-class permissions all - -[edit] -admin@juniper-junos# set system login class dcb-class allow-commands "(exit)|(start shell)|(show configuration.*)" - -[edit] -admin@juniper-junos# set system login class dcb-class deny-commands .* - -[edit] -admin@juniper-junos# set system login user dcb uid 1006 - -[edit] -admin@juniper-junos# set system login user dcb class dcb-class - -[edit] -admin@juniper-junos# set system login user dcb authentication plain-text-password -New password: Pa55w0rd -Retype new password: Pa55w0rd - -[edit] -admin@juniper-junos# exit ----- diff --git a/docs/modules/reference/pages/configuration/minion-confd/minion-confd.adoc b/docs/modules/reference/pages/configuration/minion-confd/minion-confd.adoc index 71dc1a55aa93..f669498e8115 100644 --- a/docs/modules/reference/pages/configuration/minion-confd/minion-confd.adoc +++ b/docs/modules/reference/pages/configuration/minion-confd/minion-confd.adoc @@ -49,6 +49,7 @@ ipc: kafka: bootstrap.servers: "127.0.0.1:9092" # Any other keys necessary can be specified here +---- Writes the specified configuration settings to `$\{MINION_HOME}/etc/org.opennms.core.ipc.kafka.cfg`. If the `bootstrap.servers` key is specified, `$\{MINION_HOME}/etc/featuresBoot.d/kafka-ipc.boot` is also updated.