552 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			552 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| # This is the main configuration file for Netdisco web and backend apps
 | |
| #
 | |
| #    DO NOT EDIT THIS FILE
 | |
| #
 | |
| # Overrides should go to ~/environments/deployment.yml
 | |
| #
 | |
| # https://github.com/netdisco/netdisco/wiki/Configuration has
 | |
| # in depth explanations about each setting.
 | |
| 
 | |
| # ----------------
 | |
| # GENERAL SETTINGS
 | |
| # ----------------
 | |
| 
 | |
| log: 'warning'
 | |
| logger_format: '[%P] %U %L %m'
 | |
| include_paths:  []
 | |
| template_paths: []
 | |
| site_local_files: false
 | |
| external_databases: []
 | |
| 
 | |
| # ------------
 | |
| # WEB FRONTEND
 | |
| # ------------
 | |
| 
 | |
| domain_suffix: []
 | |
| no_auth: false
 | |
| suggest_guest: false
 | |
| navbar_autocomplete: true
 | |
| trust_remote_user: false
 | |
| trust_x_remote_user: false
 | |
| api_token_lifetime: 3600
 | |
| tacacs: {}
 | |
| radius: {}
 | |
| ldap: {}
 | |
| #  servers: []
 | |
| #  user_string: 'MYDOMAIN\%USER%'
 | |
| #  base: ""
 | |
| #  proxy_user: ""
 | |
| #  proxy_pass: ""
 | |
| #  opts:
 | |
| #    debug: 3
 | |
| #  tls_opts: {}
 | |
| path: '/'
 | |
| web_home: '/inventory'
 | |
| web_plugins:
 | |
|   - Inventory
 | |
|   - Report::PortVLANMismatch
 | |
|   - Report::PortAdminDown
 | |
|   - Report::PortBlocking
 | |
|   - Report::PortMultiNodes
 | |
|   - Report::PortSsid
 | |
|   - Report::PortUtilization
 | |
|   - Report::ApChannelDist
 | |
|   - Report::ApClients
 | |
|   - Report::ApRadioChannelPower
 | |
|   - Report::HalfDuplex
 | |
|   - Report::DeviceAddrNoDNS
 | |
|   - Report::DeviceByLocation
 | |
|   - Report::InventoryByModelByOS
 | |
|   - Report::DeviceDnsMismatch
 | |
|   - Report::DevicePoeStatus
 | |
|   - Report::DuplexMismatch
 | |
|   - Report::IpInventory
 | |
|   - Report::ModuleInventory
 | |
|   - Report::Netbios
 | |
|   - Report::NodeMultiIPs
 | |
|   - Report::NodeVendor
 | |
|   - Report::NodesDiscovered
 | |
|   - Report::SsidInventory
 | |
|   - Report::VlanInventory
 | |
|   - Report::SubnetUtilization
 | |
|   - Report::PortLog
 | |
|   - AdminTask::JobQueue
 | |
|   - AdminTask::NodeMonitor
 | |
|   - AdminTask::Topology
 | |
|   - AdminTask::PollerPerformance
 | |
|   - AdminTask::PseudoDevice
 | |
|   - AdminTask::SlowDevices
 | |
|   - AdminTask::UndiscoveredNeighbors
 | |
|   - AdminTask::OrphanedDevices
 | |
|   - AdminTask::DuplicateDevices
 | |
|   - AdminTask::TimedOutDevices
 | |
|   - AdminTask::UserLog
 | |
|   - AdminTask::Users
 | |
|   - Search::Device
 | |
|   - Search::Node
 | |
|   - Search::VLAN
 | |
|   - Search::Port
 | |
|   - Device::Details
 | |
|   - Device::Ports
 | |
|   - Device::Modules
 | |
|   - Device::Neighbors
 | |
|   - Device::Addresses
 | |
|   - Device::Vlans
 | |
|   - Device::SNMP
 | |
| extra_web_plugins: []
 | |
| sidebar_defaults:
 | |
|   search_node:
 | |
|     stamps:      { default: checked }
 | |
|     deviceports: { default: checked }
 | |
|     show_vendor: { default: null }
 | |
|     archived:    { default: null }
 | |
|     partial:     { default: null }
 | |
|     age_invert:  { default: null }
 | |
|     daterange:   { default: null }
 | |
|     mac_format:  { default: IEEE }
 | |
|   search_port:
 | |
|     partial:     { default: checked }
 | |
|     uplink:      { default: null }
 | |
|     ethernet:    { default: checked }
 | |
|   search_device:
 | |
|     matchall:    { default: checked }
 | |
|   device_ports:
 | |
|     c_admin:       { label: 'Port Controls', default: null, idx: 0 }
 | |
|     c_port:        { label: 'Port', default: checked, idx: 1 }
 | |
|     c_descr:       { label: 'Description', default: null, idx: 2 }
 | |
|     c_comment:     { label: 'Last Comment', default: null, idx: 3 }
 | |
|     c_type:        { label: 'Type', default: null, idx: 4 }
 | |
|     c_ifindex:     { label: 'Interface Index', default: null, idx: 5 }
 | |
|     c_lastchange:  { label: 'Last Change', default: null, idx: 6 }
 | |
|     c_name:        { label: 'Name', default: checked, idx: 7 }
 | |
|     c_speed_admin: { label: 'Speed (configured)', default: null, idx: 8 }
 | |
|     c_speed:       { label: 'Speed (running)', default: null, idx: 9 }
 | |
|     c_duplex:      { label: 'Duplex', default: null, idx: 10 }
 | |
|     c_error:       { label: 'Error Message', default: null, idx: 11 }
 | |
|     c_mac:         { label: 'Port MAC', default: null, idx: 12 }
 | |
|     c_mtu:         { label: 'MTU', default: null, idx: 13 }
 | |
|     c_pvid:        { label: 'Native VLAN', default: checked, idx: 14 }
 | |
|     c_vmember:     { label: 'VLAN Membership', default: checked, idx: 15 }
 | |
|     c_power:       { label: 'PoE', default: null, idx: 16 }
 | |
|     c_ssid:        { label: 'SSID', default: null, idx: 17 }
 | |
|     c_nodes:       { label: 'Connected Nodes', default: null, idx: 18 }
 | |
|     c_neighbors:   { label: 'Connected Devices', default: checked, idx: 19 }
 | |
|     c_stp:         { label: 'Spanning Tree', default: null, idx: 20 }
 | |
|     c_up:          { label: 'Status', default: null, idx: 21 }
 | |
|     mac_format:    { default: IEEE }
 | |
|     n_inventory:   { label: 'Remote Inventory', default: checked, idx: 0 }
 | |
|     n_detailed_inventory: { label: 'Remote Advertisement', default: null, idx: 1 }
 | |
|     n_age:         { label: 'Age Stamp', default: null, idx: 2 }
 | |
|     n_ip4:         { label: 'IPv4 Addresses', default: checked, idx: 3 }
 | |
|     n_ip6:         { label: 'IPv6 Addresses', default: checked, idx: 4 }
 | |
|     n_netbios:     { label: 'NetBIOS Name', default: checked, idx: 5 }
 | |
|     n_ssid:        { label: 'SSID', default: checked, idx: 6 }
 | |
|     n_vendor:      { label: 'Vendor', default: null, idx: 7 }
 | |
|     n_archived:    { label: 'Archived Data', default: null, idx: 8 }
 | |
|     age_num:       { default: 3 }
 | |
|     age_unit:      { default: months }
 | |
|     p_vlan_names:  { label: 'Use VLAN Names', default: null, idx: 0 }
 | |
|     p_hide1002:    { label: 'Hide VLAN 1002-1005', default: null, idx: 1 }
 | |
|   device_netmap:
 | |
|     showips:     { default: null }
 | |
|     showspeed:   { default: null }
 | |
|     mapshow:     { default: neighbors }
 | |
|     colorby:     { default: speed }
 | |
|     dynamicsize: { default: checked }
 | |
|   report_moduleinventory:
 | |
|     fruonly:     { default: checked }
 | |
|     matchall:    { default: checked }
 | |
|   report_portutilization:
 | |
|     age_num:      { default: 3 }
 | |
|     age_unit:     { default: months }
 | |
| device_port_col_idx_left: 0
 | |
| device_port_col_idx_mid: 2
 | |
| device_port_col_idx_right: -1
 | |
| jobqueue_refresh: 10
 | |
| safe_password_store: true
 | |
| reports: []
 | |
| system_reports:
 | |
|   - tag: portserrordisabled
 | |
|     label: 'Error Disabled Ports'
 | |
|     category: Port
 | |
|     columns:
 | |
|     - { ip: Device } 
 | |
|     - { dns: DNS } 
 | |
|     - { port: Port } 
 | |
|     - { name: Description } 
 | |
|     - { reason: Reason } 
 | |
|     query: |
 | |
|       SELECT dp.ip, d.dns, dp.port, dp.name, properties.error_disable_cause AS reason
 | |
|         FROM device_port dp
 | |
|         INNER JOIN device_port_properties properties USING (ip, port)
 | |
|         LEFT JOIN device d USING (ip)
 | |
|       WHERE properties.error_disable_cause IS NOT NULL
 | |
|       ORDER BY dp.ip, dp.port
 | |
| table_pagesize: 10
 | |
| table_showrecordsmenu:
 | |
|   - [10, 25, 50, 100, '-1']
 | |
|   - [10, 25, 50, 100, 'All']
 | |
| vlanctl: true
 | |
| portctl_nameonly: false
 | |
| portctl_no: []
 | |
| portctl_only: []
 | |
| portctl_nowaps: false
 | |
| portctl_nophones: false
 | |
| portctl_vlans: false
 | |
| portctl_uplinks: false
 | |
| system_port_control_reasons:
 | |
|   address:     'Address Allocation Abuse'
 | |
|   copyright:   'Copyright Violation'
 | |
|   dos:         'Denial of Service'
 | |
|   bandwidth:   'Excessive Bandwidth'
 | |
|   polling:     'Excessive Polling of DNS/DHCP/SNMP'
 | |
|   noserv:      'Not In Service'
 | |
|   exploit:     'Remote Exploit Possible'
 | |
|   compromised: 'System Compromised'
 | |
|   other:       'Other'
 | |
|   resolved:    'Issue Resolved'
 | |
| check_userlog: false
 | |
| devport_vlan_limit: 150
 | |
| login_logo: ""
 | |
| defanged_admin: 'admin'
 | |
| 
 | |
| # -------------
 | |
| # NETDISCO CORE
 | |
| # -------------
 | |
| 
 | |
| # mibhome is discovered from environment
 | |
| # mibdirs defaults to contents of mibhome
 | |
| host_groups:
 | |
|   __ANY__:
 | |
|     - '0.0.0.0/0'
 | |
|     - '::/0'
 | |
|   __LOCAL_ADDRESSES__:
 | |
|     - '::1'
 | |
|     - '127.0.0.0/8'
 | |
| host_group_displaynames: {}
 | |
| device_identity: []
 | |
| community: []
 | |
| community_rw: []
 | |
| device_auth: []
 | |
| use_legacy_rancidexport: false
 | |
| use_legacy_sshcollector: false
 | |
| get_credentials: ""
 | |
| bulkwalk_off: false
 | |
| bulkwalk_no: []
 | |
| bulkwalk_repeaters: 20
 | |
| nonincreasing: false
 | |
| snmpver: 3
 | |
| snmptimeout: 3000000
 | |
| snmpretries: 2
 | |
| snmp_remoteport: {}
 | |
| snmp_field_protection:
 | |
|   device:
 | |
|     serial: ['group:__ANY__']
 | |
| devices_no: []
 | |
| devices_only: []
 | |
| discover_no: []
 | |
| discover_only: []
 | |
| discover_no_type: []
 | |
| discover_waps: true
 | |
| discover_phones: false
 | |
| discover_routed_neighbors: true
 | |
| discover_min_age: 0
 | |
| macsuck_no: []
 | |
| macsuck_only: []
 | |
| macsuck_all_vlans: false
 | |
| macsuck_no_unnamed: false
 | |
| macsuck_no_vlan:
 | |
|   - 'fddi-default'
 | |
|   - 'token-ring-default'
 | |
|   - 'fddinet-default'
 | |
|   - 'trnet-default'
 | |
|   - 'fcoe-vsan-4048'
 | |
|   - 'SAM-vlan-boot'
 | |
|   - 'SAM-vlan-appliance-management'
 | |
|   - 'SAM-vlan-management'
 | |
| macsuck_no_devicevlan: []
 | |
| macsuck_no_deviceport: []
 | |
| macsuck_unsupported: []
 | |
| macsuck_unsupported_type: []
 | |
| macsuck_bleed: false
 | |
| macsuck_min_age: 0
 | |
| snmpforce_v1: []
 | |
| snmpforce_v2: []
 | |
| snmpforce_v3: []
 | |
| arpnip_no: []
 | |
| arpnip_only: []
 | |
| arpnip_min_age: 0
 | |
| nbtstat_no: []
 | |
| nbtstat_only: []
 | |
| nbtstat_max_age: 7
 | |
| nbtstat_interval: 0.02
 | |
| nbtstat_response_timeout: 1
 | |
| node_freshness: 0
 | |
| expire_devices: 60
 | |
| expire_nodes: 90
 | |
| expire_nodes_archive: 60
 | |
| expire_jobs: 14
 | |
| expire_userlog: 365
 | |
| expire_nodeip_freshness: null
 | |
| store_wireless_clients: true
 | |
| store_modules: true
 | |
| ignore_interfaces:
 | |
|   - 'EOBC'
 | |
|   - 'unrouted VLAN(?: \d+)?'
 | |
|   - 'StackPort'
 | |
|   - 'Control Plane Interface'
 | |
|   - 'SPAN (S|R)P Interface'
 | |
|   - 'StackSub-.*'
 | |
|   - 'StackPort\d+'
 | |
|   - 'netflow'
 | |
|   - 'Vlan\d+-mpls layer'
 | |
|   - 'BRI\S+-Bearer Channel'
 | |
|   - 'BRI\S+-Physical'
 | |
|   - 'BRI\S+-Signalling'
 | |
|   - 'BRI\S+-Signaling'
 | |
|   - 'Embedded-Service-Engine\d+\/\d+'
 | |
|   - 'Virtual-Template\d+'
 | |
|   - 'Virtual-Access\d+'
 | |
|   - '(E|T)\d \d\/\d\/\d'
 | |
|   - 'InLoopback0'
 | |
|   - 'NULL\d'
 | |
|   - 'Register-Tunnel\d'
 | |
|   - 'Blade-Aggregation\d'
 | |
|   - 'M-GigabitEthernet\d\/\d\/\d'
 | |
|   - 'Ethernet(?:-| )QOS Packet Scheduler'
 | |
|   - 'Ethernet(?:-| )WFP (?:802\.3|Native) MAC Layer Lightweight Filter'
 | |
|   - 'ii\d\/\d\/\d+'
 | |
| ignore_interface_types: []
 | |
| ignore_notpresent_types:
 | |
|   - 'ethernetCsmacd'
 | |
|   - 'tunnel'
 | |
|   - 'ieee8023adLag'
 | |
| ignore_private_nets: false
 | |
| reverse_sysname: false
 | |
| phone_capabilities:
 | |
|   - '(?i:phone)'
 | |
| phone_platforms:
 | |
|   - '(?i:mitel.5\d{3})'
 | |
| wap_capabilities:
 | |
|   - 'wlanAccessPoint'
 | |
| wap_platforms:
 | |
|   - '(?i:\bwap\b)'
 | |
|   - 'cisco\s+AIR-[L|C]?AP'
 | |
|   - '-K9W8-'
 | |
| 
 | |
| # --------------
 | |
| # BACKEND DAEMON
 | |
| # --------------
 | |
| 
 | |
| workers:
 | |
|   tasks: 'AUTO * 2'
 | |
|   timeout: 600
 | |
|   sleep_time: 1
 | |
|   min_runtime: 0
 | |
|   max_deferrals: 10
 | |
|   retry_after: '7 days'
 | |
|   queue: PostgreSQL
 | |
| 
 | |
| # this one takes ages
 | |
| snapshot_timeout: 1200
 | |
| 
 | |
| # 50 minutes
 | |
| jobs_stale_after: 3000
 | |
| jobs_qdepth: 50
 | |
| 
 | |
| dns:
 | |
|   max_outstanding: 50
 | |
|   hosts_file: '/etc/hosts'
 | |
|   no: ['group:__LOCAL_ADDRESSES__','169.254.0.0/16','fe80::/10']
 | |
| 
 | |
| hooks: []
 | |
| 
 | |
| schedule:
 | |
|   discoverall:
 | |
|     when: '5 7 * * *'
 | |
|   macwalk:
 | |
|     when:
 | |
|       min: 20
 | |
|   arpwalk:
 | |
|     when:
 | |
|       min: 50
 | |
|   nbtwalk:
 | |
|     when: '0 8,13,21 * * *'
 | |
|   expire:
 | |
|     when: '30 23 * * *'
 | |
|   makerancidconf: null
 | |
| 
 | |
| job_prio:
 | |
|   high:
 | |
|     - contact
 | |
|     - hook::exec
 | |
|     - hook::http
 | |
|     - location
 | |
|     - portcontrol
 | |
|     - portname
 | |
|     - power
 | |
|     - snapshot
 | |
|     - vlan
 | |
|   normal:
 | |
|     - arpnip
 | |
|     - arpwalk
 | |
|     - discover
 | |
|     - discoverall
 | |
|     - expire
 | |
|     - macsuck
 | |
|     - macwalk
 | |
|     - nbtstat
 | |
|     - nbtwalk
 | |
|     - stats
 | |
| 
 | |
| worker_plugins:
 | |
|   - 'AddPseudoDevice'
 | |
|   - 'Arpnip'
 | |
|   - 'Arpnip::Hooks'
 | |
|   - 'Arpnip::Nodes'
 | |
|   - 'Arpnip::Subnets'
 | |
|   - 'Arpwalk'
 | |
|   - 'Contact'
 | |
|   - 'Delete'
 | |
|   - 'Discover'
 | |
|   - 'Discover::CanonicalIP'
 | |
|   - 'Discover::Entities'
 | |
|   - 'Discover::Hooks'
 | |
|   - 'Discover::Neighbors'
 | |
|   - 'Discover::Neighbors::DOCSIS'
 | |
|   - 'Discover::Neighbors::Routed'
 | |
|   - 'Discover::PortPower'
 | |
|   - 'Discover::PortProperties'
 | |
|   - 'Discover::Properties'
 | |
|   - 'Discover::VLANs'
 | |
|   - 'Discover::Wireless'
 | |
|   - 'Discover::WithNodes'
 | |
|   - 'DiscoverAll'
 | |
|   - 'DumpConfig'
 | |
|   - 'Expire'
 | |
|   - 'ExpireNodes'
 | |
|   - 'GetAPIKey'
 | |
|   - 'Graph'
 | |
|   - 'Hook'
 | |
|   - 'Hook::Exec'
 | |
|   - 'Hook::HTTP'
 | |
|   - 'LoadMIBs'
 | |
|   - 'Location'
 | |
|   - 'Macsuck'
 | |
|   - 'Macsuck::Hooks'
 | |
|   - 'Macsuck::Nodes'
 | |
|   - 'Macsuck::WirelessNodes'
 | |
|   - 'Macwalk'
 | |
|   - 'MakeRancidConf'
 | |
|   - 'Nbtstat'
 | |
|   - 'Nbtstat::Core'
 | |
|   - 'Nbtwalk'
 | |
|   - 'NodeMonitor'
 | |
|   - 'PortControl'
 | |
|   - 'PortName'
 | |
|   - 'Power'
 | |
|   - 'Psql'
 | |
|   - 'Renumber'
 | |
|   - 'Show'
 | |
|   - 'Snapshot'
 | |
|   - 'Stats'
 | |
|   - 'Vlan'
 | |
|   - 'Vlan::Core'
 | |
| 
 | |
| extra_worker_plugins: []
 | |
| 
 | |
| driver_priority:
 | |
|   restconf: 500
 | |
|   netconf:  400
 | |
|   eapi:     300
 | |
|   cli:      200
 | |
|   snmp:     100
 | |
| 
 | |
| # ---------------
 | |
| # GraphViz Export
 | |
| # ---------------
 | |
| 
 | |
| graph:
 | |
|   # ---- Graph Settings ----
 | |
|   edge_color      : wheat
 | |
| 
 | |
|   graph           : 'graph/netmap.gif'
 | |
|   graph_png       : 'graph/netmap.png'
 | |
|   graph_bg        : black
 | |
|   graph_clusters  : false  # try fdp layout
 | |
|   graph_color     : white
 | |
|   graph_default   : png
 | |
|   #graph_dir      : net_dir.gif
 | |
|   graph_epsilon   : 6
 | |
|   graph_layout    : twopi  # try neato or fdp too
 | |
|   graph_map       : 'graph/netmap.map'
 | |
|   graph_overlap   : scale
 | |
|   graph_nodesep   : 2
 | |
|   graph_ranksep   : .3
 | |
|   graph_raw       : 'graph/graph_raw.dot'
 | |
|   graph_splines   : false
 | |
|   graph_svg       : 'graph/netmap.svg'
 | |
|   graph_timeout   : 90
 | |
|   graph_x         : 30
 | |
|   graph_y         : 30
 | |
| 
 | |
|   node_fillcolor  : dimgrey
 | |
|   node_font       : lucon
 | |
|   node_fontsize   : 46.0
 | |
|   node_fontcolor  : white
 | |
|   node_problem    : red
 | |
|   node_shape      : box
 | |
|   node_style      : filled
 | |
|   #edge_style      : setlinewidth(10)
 | |
| 
 | |
|   # ---- Node Maps ----
 | |
|   # variable:matching pattern:node attribute:attribute value:key:key name
 | |
|   #node_map:
 | |
|   #  - 'label:cat(?!-g):fillcolor:blue:cat:Blue Box - Catalyst Device'
 | |
|   #  - 'label:-g:fillcolor:darkgreen:dev-g:Green Box - Gateway / Router'
 | |
|   #  - 'ip:^192.168\.:color:yellow:dev:Yellow Border - ResNet'
 | |
| 
 | |
| # ---------------
 | |
| # DANCER INTERNAL
 | |
| # ---------------
 | |
| 
 | |
| charset: 'UTF-8'
 | |
| warnings: false
 | |
| show_errors: false
 | |
| logger: 'console'
 | |
| engines:
 | |
|   netdisco_template_toolkit:
 | |
|     subclass: 'Template::AutoFilter'
 | |
|     encoding: 'utf8'
 | |
|     start_tag: '[%'
 | |
|     end_tag: '%]'
 | |
|     ANYCASE: 1
 | |
|     ABSOLUTE: 1
 | |
|     PRE_CHOMP: 1
 | |
|     INCLUDE_PATH: []
 | |
|     AUTO_FILTER: 'html_entity'
 | |
| layout: 'noop'
 | |
| plugins:
 | |
|   Swagger:
 | |
|      main_api_module: 'App::Netdisco'
 | |
|      ui_url: '/swagger-ui'
 | |
|      show_ui: false
 | |
|      ui_dir: '/dev/null'
 | |
|   Auth::Extensible:
 | |
|     no_api_change_warning: true
 | |
|     no_default_pages: true
 | |
|     no_login_handler: true
 | |
|     realms:
 | |
|       users:
 | |
|         provider: 'App::Netdisco::Web::Auth::Provider::DBIC'
 | |
|         schema_name: 'netdisco'
 | |
| session: 'cookie'
 | |
| session_cookie_key: 'this_will_be_overridden_on_webapp_startup'
 | |
| template: 'netdisco_template_toolkit'
 | |
| route_cache: true
 | |
| appname: 'Netdisco'
 | |
| behind_proxy: false
 | |
| HTTP-Header-X-Frame-Options: 'DENY'
 | |
| HTTP-Header-Content-Security-Policy: 'frame-ancestors none;'
 | |
| 
 |