Files
netdisco/share/config.yml
2023-05-31 20:10:38 +01:00

644 lines
17 KiB
YAML

# This is the main configuration file for Netdisco web and backend apps
#
# DO NOT EDIT THIS FILE
#
# Overrides should go to ~/environments/deployment.yml
#
# https://github.com/netdisco/netdisco/wiki/Configuration has
# in depth explanations about each setting.
# ----------------
# GENERAL SETTINGS
# ----------------
log: 'warning'
logger_format: '[%P] %U %L %m'
include_paths: []
template_paths: []
site_local_files: false
external_databases: []
tenant_databases: []
# ------------
# WEB FRONTEND
# ------------
domain_suffix: []
no_auth: false
suggest_guest: false
navbar_autocomplete: true
trust_remote_user: false
trust_x_remote_user: false
api_token_lifetime: 3600
tacacs: {}
radius: {}
ldap: {}
# servers: []
# user_string: 'MYDOMAIN\%USER%'
# base: ""
# proxy_user: ""
# proxy_pass: ""
# opts:
# debug: 3
# tls_opts: {}
path: '/'
web_home: '/inventory'
web_plugins:
- Inventory
- Report::PortVLANMismatch
- Report::PortAdminDown
- Report::PortBlocking
- Report::PortMultiNodes
- Report::PortSsid
- Report::PortUtilization
- Report::ApChannelDist
- Report::ApClients
- Report::ApRadioChannelPower
- Report::HalfDuplex
- Report::DeviceAddrNoDNS
- Report::DeviceByLocation
- Report::InventoryByModelByOS
- Report::DeviceDnsMismatch
- Report::DevicePoeStatus
- Report::DuplexMismatch
- Report::IpInventory
- Report::ModuleInventory
- Report::Netbios
- Report::NodeMultiIPs
- Report::NodeVendor
- Report::NodesDiscovered
- Report::SsidInventory
- Report::VlanInventory
- Report::SubnetUtilization
- Report::PortLog
- AdminTask::JobQueue
- AdminTask::NodeMonitor
- AdminTask::Topology
- AdminTask::PollerPerformance
- AdminTask::PseudoDevice
- AdminTask::SlowDevices
- AdminTask::UndiscoveredNeighbors
- AdminTask::OrphanedDevices
- AdminTask::DuplicateDevices
- AdminTask::TimedOutDevices
- AdminTask::UserLog
- AdminTask::Users
- Search::Device
- Search::Node
- Search::VLAN
- Search::Port
- Device::Details
- Device::Ports
- Device::Modules
- Device::Neighbors
- Device::Addresses
- Device::Vlans
- Device::SNMP
extra_web_plugins: []
sidebar_defaults:
search_node:
stamps: { default: checked }
deviceports: { default: checked }
show_vendor: { default: null }
archived: { default: null }
partial: { default: null }
age_invert: { default: null }
daterange: { default: null }
mac_format: { default: IEEE }
search_port:
partial: { default: checked }
uplink: { default: null }
descr: { default: null }
ethernet: { default: checked }
search_device:
matchall: { default: checked }
device_ports:
c_admin: { label: 'Port Control and Editing', default: null, idx: 0 }
c_port: { label: 'Port', default: checked, idx: 1 }
c_descr: { label: 'Description', default: null, idx: 2 }
c_comment: { label: 'Last Comment', default: null, idx: 3 }
c_type: { label: 'Type', default: null, idx: 4 }
c_ifindex: { label: 'Interface Index', default: null, idx: 5 }
c_lastchange: { label: 'Last Change', default: null, idx: 6 }
c_name: { label: 'Name', default: checked, idx: 7 }
c_speed_admin: { label: 'Speed (configured)', default: null, idx: 8 }
c_speed: { label: 'Speed (running)', default: null, idx: 9 }
c_duplex_admin: { label: 'Duplex (configured)', default: null, idx: 10 }
c_duplex: { label: 'Duplex (running)', default: null, idx: 11 }
c_error: { label: 'Error Message', default: null, idx: 12 }
c_mac: { label: 'Port MAC', default: null, idx: 13 }
c_mtu: { label: 'MTU', default: null, idx: 14 }
c_pvid: { label: 'Native VLAN', default: checked, idx: 15 }
c_vmember: { label: 'VLAN Membership', default: checked, idx: 16 }
c_power: { label: 'PoE', default: null, idx: 17 }
c_ssid: { label: 'SSID', default: null, idx: 18 }
c_nac_summary: { label: 'NAC/802.1X Status', default: null, idx: 19 }
c_nodes: { label: 'Connected Nodes', default: null, idx: 20 }
c_neighbors: { label: 'Connected Devices', default: checked, idx: 21 }
c_stp: { label: 'Spanning Tree', default: null, idx: 22 }
c_up: { label: 'Up/Down Status', default: null, idx: 23 }
mac_format: { default: IEEE }
n_inventory: { label: 'Remote Inventory', default: checked, idx: 0 }
n_detailed_inventory: { label: 'Remote Advertisement', default: null, idx: 1 }
n_age: { label: 'Age Stamp', default: null, idx: 2 }
n_ip4: { label: 'IPv4 Addresses', default: checked, idx: 3 }
n_ip6: { label: 'IPv6 Addresses', default: checked, idx: 4 }
n_netbios: { label: 'NetBIOS Name', default: checked, idx: 5 }
n_ssid: { label: 'SSID', default: checked, idx: 6 }
n_vendor: { label: 'Vendor', default: null, idx: 7 }
n_archived: { label: 'Archived Data', default: null, idx: 8 }
age_num: { default: 3 }
age_unit: { default: months }
p_vlan_names: { label: 'Use VLAN Names', default: null, idx: 0 }
p_hide1002: { label: 'Hide VLAN 1002-1005', default: null, idx: 1 }
p_include_hidden: { label: 'Include Hidden Ports', default: null, idx: 2 }
device_netmap:
showips: { default: null }
showspeed: { default: null }
mapshow: { default: neighbors }
colorby: { default: speed }
dynamicsize: { default: checked }
report_moduleinventory:
fruonly: { default: checked }
matchall: { default: checked }
report_portutilization:
age_num: { default: 3 }
age_unit: { default: months }
device_port_col_idx_left: 7
device_port_col_idx_mid: 19
device_port_col_idx_right: 23
jobqueue_refresh: 10
safe_password_store: true
reports: []
system_reports:
- tag: portserrordisabled
label: 'Error Disabled Ports'
category: Port
columns:
- { ip: Device }
- { dns: DNS }
- { port: Port }
- { name: Description }
- { reason: Reason }
query: |
SELECT dp.ip, d.dns, dp.port, dp.name, properties.error_disable_cause AS reason
FROM device_port dp
INNER JOIN device_port_properties properties USING (ip, port)
LEFT JOIN device d USING (ip)
WHERE properties.error_disable_cause IS NOT NULL
ORDER BY dp.ip, dp.port
- tag: devicemultipleaddresses
label: 'Devices with Multiple Addresses'
category: Device
columns:
- { 'ip': 'Device IP', _searchable: true }
- { 'devname': 'Name' }
- { 'count': 'Addresses Count' }
- { 'contact': 'Contact' }
- { 'location': 'Location' }
query: |
SELECT ip, COALESCE(NULLIF(device.dns,''), NULLIF(name,''), '(none)') AS devname, count(alias), contact, location
FROM device_ip LEFT JOIN device USING (ip)
GROUP BY ip, devname, contact, location
HAVING count(alias) > 1
ORDER BY count(alias) DESC, devname ASC
- tag: devicesharedaddresses
label: 'IPs on Multiple Devices'
category: Device
columns:
- { 'alias': 'Interface IP', _searchable: true }
- { 'count': 'Instance Count' }
query: |
SELECT alias, count(ip)
FROM device_ip
WHERE alias != '127.0.0.1'
GROUP BY alias
HAVING count(ip) > 1
ORDER BY count(ip) DESC, alias ASC
- tag: recentlyaddeddevices
category: Device
label: 'Recently Added Devices'
columns:
- { ip: 'Device IP', _searchable: true }
- { devname: 'Name' }
- { model: 'Model' }
- { vendor: 'Vendor' }
- { creation: 'Date Added' }
- { os: 'Operating System' }
- { os_ver: 'OS Version' }
- { location: 'Location' }
- { contact: 'Contact' }
- { serial: 'Serial' }
bind_params: ['since']
query: |
SELECT ip, COALESCE(NULLIF(dns,''), NULLIF(name,''), '') AS devname,
model, vendor, creation, os, os_ver, location, contact, serial
FROM device
WHERE creation > (LOCALTIMESTAMP - COALESCE(NULLIF(?,''), '2 months')::interval)
ORDER BY creation DESC
table_pagesize: 10
table_showrecordsmenu:
- [10, 25, 50, 100, '-1']
- [10, 25, 50, 100, 'All']
vlanctl: true
portctl_nameonly: false
portctl_no: []
portctl_only: []
portctl_nowaps: false
portctl_nophones: false
portctl_vlans: false
portctl_uplinks: false
system_port_control_reasons:
address: 'Address Allocation Abuse'
copyright: 'Copyright Violation'
dos: 'Denial of Service'
bandwidth: 'Excessive Bandwidth'
polling: 'Excessive Polling of DNS/DHCP/SNMP'
noserv: 'Not In Service'
exploit: 'Remote Exploit Possible'
compromised: 'System Compromised'
other: 'Other'
resolved: 'Issue Resolved'
check_userlog: false
devport_vlan_limit: 150
login_logo: ""
defanged_admin: 'admin'
hide_deviceports: []
# -------------
# NETDISCO CORE
# -------------
# mibhome is discovered from environment
# mibdirs defaults to contents of mibhome
host_groups:
__ANY__:
- '0.0.0.0/0'
- '::/0'
__LOOPBACK_ADDRESSES__:
- '::1'
- '127.0.0.0/8'
__LOCAL_ADDRESSES__:
- '169.254.0.0/16'
- 'fe80::/10'
__LOOPBACK_WITH_NO_IP__:
- 'op:and'
- 'alias:'
- 'type:softwareLoopback'
__IGNORE_INTERFACES__:
- 'port:EOBC'
- 'port:unrouted VLAN(?: \d+)?'
- 'port:StackPort'
- 'port:Control Plane Interface'
- 'port:SPAN (S|R)P Interface'
- 'port:StackSub-.*'
- 'port:StackPort\d+'
- 'port:netflow'
- 'port:Vlan\d+-mpls layer'
- 'port:BRI\S+-Bearer Channel'
- 'port:BRI\S+-Physical'
- 'port:BRI\S+-Signalling'
- 'port:BRI\S+-Signaling'
- 'port:Embedded-Service-Engine\d+\/\d+'
- 'port:Virtual-Template\d+'
- 'port:Virtual-Access\d+'
- 'port:(E|T)\d \d\/\d\/\d'
- 'port:InLoopback0'
- 'port:NULL\d'
- 'port:Register-Tunnel\d'
- 'port:Blade-Aggregation\d'
- 'port:M-GigabitEthernet\d\/\d\/\d'
- 'port:Ethernet(?:-| )QOS Packet Scheduler'
- 'port:Ethernet(?:-| )WFP (?:802\.3|Native) MAC Layer Lightweight Filter'
- 'port:ii\d\/\d\/\d+'
__IGNORE_INTERFACE_TYPES__: []
__NOTPRESENT_TYPES__:
- 'type:ethernetCsmacd'
- 'type:tunnel'
- 'type:ieee8023adLag'
__IGNORE_NOTPRESENT_TYPES__:
- 'op:and'
- 'up:notPresent'
- 'group:__NOTPRESENT_TYPES__'
host_group_displaynames: {}
device_identity: []
community: []
community_rw: []
device_auth: []
use_legacy_rancidexport: false
use_legacy_sshcollector: false
custom_fields:
device: []
device_port: []
get_credentials: ""
bulkwalk_off: false
bulkwalk_no: []
bulkwalk_repeaters: 20
nonincreasing: false
snmpver: 3
snmptimeout: 3000000
snmpretries: 2
net_snmp_options: {}
snmp_remoteport: {}
snmp_field_protection:
device:
serial: ['group:__ANY__']
devices_no: []
devices_only: []
discover_no: []
discover_only: []
discover_no_type: []
discover_waps: true
discover_phones: false
discover_routed_neighbors: true
discover_min_age: 0
ignore_layers: []
force_macsuck: []
macsuck_no: []
macsuck_only: []
macsuck_all_vlans: false
macsuck_no_unnamed: false
macsuck_no_vlan:
- 'SAM-vlan-appliance-management'
- 'SAM-vlan-boot'
- 'SAM-vlan-management'
- 'fcoe-vsan-4048'
- 'fddi-default'
- 'fddinet-default'
- 'token-ring-default'
- 'trbrf-default'
- 'trcrf-default'
- 'trnet-default'
macsuck_no_devicevlan: []
macsuck_no_deviceports: []
macsuck_unsupported: []
macsuck_unsupported_type: []
macsuck_bleed: false
macsuck_min_age: 0
snmpforce_v1: []
snmpforce_v2: []
snmpforce_v3: []
force_arpnip: []
arpnip_no: []
arpnip_only: []
arpnip_min_age: 0
nbtstat_no: []
nbtstat_only: []
nbtstat_max_age: 7
nbtstat_interval: 0.02
nbtstat_response_timeout: 1
node_freshness: 0
expire_devices: 60
expire_nodes: 90
expire_nodes_archive: 60
expire_jobs: 14
expire_userlog: 365
expire_nodeip_freshness: null
store_wireless_clients: true
store_modules: true
ignore_deviceports:
'group:__ANY__':
- 'group:__IGNORE_INTERFACES__'
- 'group:__IGNORE_INTERFACE_TYPES__'
- 'group:__IGNORE_NOTPRESENT_TYPES__'
'vendor:juniper':
- 'subnet:128\.0\.0\.0/2'
- 'port:.+\.1638\d'
- 'port:.+\.3276\d'
ignore_interfaces: []
ignore_interface_types: []
ignore_notpresent_types: []
ignore_private_nets: false
reverse_sysname: false
phone_capabilities:
- '(?i:phone)'
phone_platforms:
- '(?i:mitel.5\d{3})'
wap_capabilities:
- 'wlanAccessPoint'
wap_platforms:
- '(?i:\bwap\b)'
- 'cisco\s+AIR-[L|C]?AP'
- '-K9W8-'
# --------------
# BACKEND DAEMON
# --------------
workers:
tasks: 'AUTO * 2'
timeout: 600
sleep_time: 1
min_runtime: 0
max_deferrals: 10
retry_after: '7 days'
queue: PostgreSQL
# this one takes ages
snapshot_timeout: 1200
# 50 minutes
jobs_stale_after: 3000
jobs_qdepth: 50
dns:
max_outstanding: 50
hosts_file: '/etc/hosts'
no: ['group:__LOCAL_ADDRESSES__','group:__LOOPBACK_ADDRESSES__']
hooks: []
schedule:
discoverall:
when: '5 7 * * *'
macwalk:
when:
min: 20
arpwalk:
when:
min: 50
nbtwalk:
when: '0 8,13,21 * * *'
expire:
when: '30 23 * * *'
makerancidconf: null
job_prio:
high:
- contact
- hook::exec
- hook::http
- location
- portcontrol
- portname
- power
- snapshot
- vlan
- delete
normal:
- arpnip
- arpwalk
- discover
- discoverall
- expire
- macsuck
- macwalk
- nbtstat
- nbtwalk
- stats
worker_plugins:
- 'AddPseudoDevice'
- 'Arpnip'
- 'Arpnip::Hooks'
- 'Arpnip::Nodes'
- 'Arpnip::Subnets'
- 'Arpwalk'
- 'Contact'
- 'Delete'
- 'Delete::Hooks'
- 'Discover'
- 'Discover::CanonicalIP'
- 'Discover::Entities'
- 'Discover::Hooks'
- 'Discover::Neighbors'
- 'Discover::Neighbors::DOCSIS'
- 'Discover::Neighbors::Routed'
- 'Discover::PortPower'
- 'Discover::PortProperties'
- 'Discover::PortProperties::PortAccessEntity'
- 'Discover::Properties'
- 'Discover::VLANs'
- 'Discover::Wireless'
- 'Discover::WithNodes'
- 'DiscoverAll'
- 'DumpConfig'
- 'Expire'
- 'ExpireNodes'
- 'GetAPIKey'
- 'Graph'
- 'Hook'
- 'Hook::Exec'
- 'Hook::HTTP'
- 'LoadMIBs'
- 'Location'
- 'Macsuck'
- 'Macsuck::Hooks'
- 'Macsuck::Nodes'
- 'Macsuck::WirelessNodes'
- 'Macsuck::Nodes::PortAccessEntity'
- 'Macwalk'
- 'MakeRancidConf'
- 'Nbtstat'
- 'Nbtstat::Core'
- 'Nbtwalk'
- 'NodeMonitor'
- 'PortControl'
- 'PortName'
- 'Power'
- 'Psql'
- 'Renumber'
- 'Show'
- 'Snapshot'
- 'Stats'
- 'Vlan'
- 'Vlan::Core'
extra_worker_plugins: []
driver_priority:
direct: 1000000
restconf: 500
netconf: 400
eapi: 300
cli: 200
snmp: 100
# ---------------
# GraphViz Export
# ---------------
graph:
# ---- Graph Settings ----
edge_color : wheat
graph : 'graph/netmap.gif'
graph_png : 'graph/netmap.png'
graph_bg : black
graph_clusters : false # try fdp layout
graph_color : white
graph_default : png
#graph_dir : net_dir.gif
graph_epsilon : 6
graph_layout : twopi # try neato or fdp too
graph_map : 'graph/netmap.map'
graph_overlap : scale
graph_nodesep : 2
graph_ranksep : .3
graph_raw : 'graph/graph_raw.dot'
graph_splines : false
graph_svg : 'graph/netmap.svg'
graph_timeout : 90
graph_x : 30
graph_y : 30
node_fillcolor : dimgrey
node_font : lucon
node_fontsize : 46.0
node_fontcolor : white
node_problem : red
node_shape : box
node_style : filled
#edge_style : setlinewidth(10)
# ---- Node Maps ----
# variable:matching pattern:node attribute:attribute value:key:key name
#node_map:
# - 'label:cat(?!-g):fillcolor:blue:cat:Blue Box - Catalyst Device'
# - 'label:-g:fillcolor:darkgreen:dev-g:Green Box - Gateway / Router'
# - 'ip:^192.168\.:color:yellow:dev:Yellow Border - ResNet'
# ---------------
# DANCER INTERNAL
# ---------------
charset: 'UTF-8'
warnings: false
show_errors: false
logger: 'console'
engines:
netdisco_template_toolkit:
subclass: 'Template::AutoFilter'
encoding: 'utf8'
start_tag: '[%'
end_tag: '%]'
ANYCASE: 1
ABSOLUTE: 1
PRE_CHOMP: 1
INCLUDE_PATH: []
AUTO_FILTER: 'html_entity'
layout: 'noop'
plugins:
Swagger:
main_api_module: 'App::Netdisco'
ui_url: '/swagger-ui'
show_ui: false
ui_dir: '/dev/null'
Auth::Extensible:
no_api_change_warning: true
no_default_pages: true
no_login_handler: true
realms:
users:
provider: 'App::Netdisco::Web::Auth::Provider::DBIC'
schema_name: 'netdisco'
session: 'cookie'
session_cookie_key: 'this_will_be_overridden_on_webapp_startup'
template: 'netdisco_template_toolkit'
route_cache: true
appname: 'Netdisco'
behind_proxy: false
HTTP-Header-X-Frame-Options: 'DENY'
HTTP-Header-Content-Security-Policy: 'frame-ancestors none;'