fc46384fc6
this and two related commits implements: - setting snmp_field_protection which can be used to protect any database field from having a null value set - extra device discover worker which prefetches SNMP interfaces and performs some sanity checks and comparison against the DB the two checks will return job status ERROR with CANCELLED if they see anything fishy.
521 lines
13 KiB
YAML
521 lines
13 KiB
YAML
# This is the main configuration file for Netdisco web and backend apps
|
||
#
|
||
# DO NOT EDIT THIS FILE
|
||
#
|
||
# Overrides should go to ~/environments/deployment.yml
|
||
#
|
||
# https://github.com/netdisco/netdisco/wiki/Configuration has
|
||
# in depth explanations about each setting.
|
||
|
||
# ----------------
|
||
# GENERAL SETTINGS
|
||
# ----------------
|
||
|
||
log: 'warning'
|
||
logger_format: '[%P] %U %L %m'
|
||
include_paths: []
|
||
template_paths: []
|
||
site_local_files: false
|
||
external_databases: []
|
||
|
||
# ------------
|
||
# WEB FRONTEND
|
||
# ------------
|
||
|
||
domain_suffix: []
|
||
no_auth: false
|
||
suggest_guest: false
|
||
navbar_autocomplete: true
|
||
trust_remote_user: false
|
||
trust_x_remote_user: false
|
||
api_token_lifetime: 3600
|
||
#ldap:
|
||
# servers: []
|
||
# user_string: 'MYDOMAIN\%USER%'
|
||
# base: ""
|
||
# proxy_user: ""
|
||
# proxy_pass: ""
|
||
# opts:
|
||
# debug: 3
|
||
# tls_opts: {}
|
||
path: '/'
|
||
web_home: '/inventory'
|
||
web_plugins:
|
||
- Inventory
|
||
- Report::PortVLANMismatch
|
||
- Report::PortAdminDown
|
||
- Report::PortBlocking
|
||
- Report::PortMultiNodes
|
||
- Report::PortSsid
|
||
- Report::PortUtilization
|
||
- Report::ApChannelDist
|
||
- Report::ApClients
|
||
- Report::ApRadioChannelPower
|
||
- Report::HalfDuplex
|
||
- Report::DeviceAddrNoDNS
|
||
- Report::DeviceByLocation
|
||
- Report::InventoryByModelByOS
|
||
- Report::DeviceDnsMismatch
|
||
- Report::DevicePoeStatus
|
||
- Report::DuplexMismatch
|
||
- Report::IpInventory
|
||
- Report::ModuleInventory
|
||
- Report::Netbios
|
||
- Report::NodeMultiIPs
|
||
- Report::NodeVendor
|
||
- Report::NodesDiscovered
|
||
- Report::SsidInventory
|
||
- Report::VlanInventory
|
||
- Report::SubnetUtilization
|
||
- Report::PortLog
|
||
- AdminTask::JobQueue
|
||
- AdminTask::NodeMonitor
|
||
- AdminTask::Topology
|
||
- AdminTask::PollerPerformance
|
||
- AdminTask::PseudoDevice
|
||
- AdminTask::SlowDevices
|
||
- AdminTask::UndiscoveredNeighbors
|
||
- AdminTask::OrphanedDevices
|
||
- AdminTask::DuplicateDevices
|
||
- AdminTask::TimedOutDevices
|
||
- AdminTask::UserLog
|
||
- AdminTask::Users
|
||
- Search::Device
|
||
- Search::Node
|
||
- Search::VLAN
|
||
- Search::Port
|
||
- Device::Details
|
||
- Device::Ports
|
||
- Device::Modules
|
||
- Device::Neighbors
|
||
- Device::Addresses
|
||
- Device::Vlans
|
||
extra_web_plugins: []
|
||
sidebar_defaults:
|
||
search_node:
|
||
stamps: { default: checked }
|
||
deviceports: { default: checked }
|
||
show_vendor: { default: null }
|
||
archived: { default: null }
|
||
partial: { default: null }
|
||
age_invert: { default: null }
|
||
daterange: { default: null }
|
||
mac_format: { default: IEEE }
|
||
search_port:
|
||
partial: { default: checked }
|
||
uplink: { default: null }
|
||
ethernet: { default: checked }
|
||
search_device:
|
||
matchall: { default: checked }
|
||
device_ports:
|
||
c_admin: { label: 'Port Controls', default: null, idx: 0 }
|
||
c_port: { label: 'Port', default: checked, idx: 1 }
|
||
c_descr: { label: 'Description', default: null, idx: 2 }
|
||
c_comment: { label: 'Last Comment', default: null, idx: 3 }
|
||
c_type: { label: 'Type', default: null, idx: 4 }
|
||
c_duplex: { label: 'Duplex', default: null, idx: 5 }
|
||
c_lastchange: { label: 'Last Change', default: null, idx: 6 }
|
||
c_name: { label: 'Name', default: checked, idx: 7 }
|
||
c_speed: { label: 'Speed (running)', default: null, idx: 8 }
|
||
c_speed_admin: { label: 'Speed (configured)', default: null, idx: 9 }
|
||
c_error: { label: 'Error Message', default: null, idx: 10 }
|
||
c_mac: { label: 'Port MAC', default: null, idx: 11 }
|
||
c_mtu: { label: 'MTU', default: null, idx: 12 }
|
||
c_pvid: { label: 'Native VLAN', default: checked, idx: 13 }
|
||
c_vmember: { label: 'VLAN Membership', default: checked, idx: 14 }
|
||
c_power: { label: 'PoE', default: null, idx: 15 }
|
||
c_ssid: { label: 'SSID', default: null, idx: 16 }
|
||
c_nodes: { label: 'Connected Nodes', default: null, idx: 17 }
|
||
c_neighbors: { label: 'Connected Devices', default: checked, idx: 18 }
|
||
c_stp: { label: 'Spanning Tree', default: null, idx: 19 }
|
||
c_up: { label: 'Status', default: null, idx: 20 }
|
||
mac_format: { default: IEEE }
|
||
n_inventory: { label: 'Inventory Data', default: checked, idx: 0 }
|
||
n_detailed_inventory: { label: 'Detailed Inventory', default: null, idx: 1 }
|
||
n_age: { label: 'Age Stamp', default: null, idx: 2 }
|
||
n_ip4: { label: 'IPv4 Addresses', default: checked, idx: 3 }
|
||
n_ip6: { label: 'IPv6 Addresses', default: checked, idx: 4 }
|
||
n_netbios: { label: 'NetBIOS Name', default: checked, idx: 5 }
|
||
n_ssid: { label: 'SSID', default: checked, idx: 6 }
|
||
n_vendor: { label: 'Vendor', default: null, idx: 7 }
|
||
n_archived: { label: 'Archived Data', default: null, idx: 8 }
|
||
age_num: { default: 3 }
|
||
age_unit: { default: months }
|
||
device_netmap:
|
||
showips: { default: null }
|
||
showspeed: { default: null }
|
||
mapshow: { default: neighbors }
|
||
colorby: { default: speed }
|
||
dynamicsize: { default: checked }
|
||
report_moduleinventory:
|
||
fruonly: { default: checked }
|
||
matchall: { default: checked }
|
||
report_portutilization:
|
||
age_num: { default: 3 }
|
||
age_unit: { default: months }
|
||
device_port_col_idx_left: 0
|
||
device_port_col_idx_mid: 2
|
||
device_port_col_idx_right: -1
|
||
jobqueue_refresh: 10
|
||
safe_password_store: true
|
||
reports: []
|
||
system_reports:
|
||
- tag: portserrordisabled
|
||
label: 'Error Disabled Ports'
|
||
category: Port
|
||
columns:
|
||
- { ip: Device }
|
||
- { dns: DNS }
|
||
- { port: Port }
|
||
- { name: Description }
|
||
- { reason: Reason }
|
||
query: |
|
||
SELECT dp.ip, d.dns, dp.port, dp.name, properties.error_disable_cause AS reason
|
||
FROM device_port dp
|
||
INNER JOIN device_port_properties properties USING (ip, port)
|
||
LEFT JOIN device d USING (ip)
|
||
WHERE properties.error_disable_cause IS NOT NULL
|
||
ORDER BY dp.ip, dp.port
|
||
table_pagesize: 10
|
||
table_showrecordsmenu:
|
||
- [10, 25, 50, 100, '-1']
|
||
- [10, 25, 50, 100, 'All']
|
||
vlanctl: true
|
||
portctl_nameonly: false
|
||
portctl_nophones: false
|
||
portctl_vlans: false
|
||
portctl_uplinks: false
|
||
port_control_reasons:
|
||
address: 'Address Allocation Abuse'
|
||
copyright: 'Copyright Violation'
|
||
dos: 'Denial of Service'
|
||
bandwidth: 'Excessive Bandwidth'
|
||
polling: 'Excessive Polling of DNS/DHCP/SNMP'
|
||
noserv: 'Not In Service'
|
||
exploit: 'Remote Exploit Possible'
|
||
compromised: 'System Compromised'
|
||
other: 'Other'
|
||
resolved: 'Issue Resolved'
|
||
check_userlog: false
|
||
devport_vlan_limit: 150
|
||
login_logo: ""
|
||
defanged_admin: 'admin'
|
||
|
||
# -------------
|
||
# NETDISCO CORE
|
||
# -------------
|
||
|
||
# mibhome is discovered from environment
|
||
# mibdirs defaults to contents of mibhome
|
||
host_groups:
|
||
__ANY__:
|
||
- '0.0.0.0/0'
|
||
- '::/0'
|
||
__LOCAL_ADDRESSES__:
|
||
- '::1'
|
||
- 'fe80::/10'
|
||
- '127.0.0.0/8'
|
||
host_group_displaynames: {}
|
||
device_identity: []
|
||
community: []
|
||
community_rw: []
|
||
device_auth: []
|
||
use_legacy_rancidexport: false
|
||
use_legacy_sshcollector: false
|
||
get_credentials: ""
|
||
bulkwalk_off: false
|
||
bulkwalk_no: []
|
||
bulkwalk_repeaters: 20
|
||
nonincreasing: false
|
||
snmpver: 3
|
||
snmptimeout: 3000000
|
||
snmpretries: 2
|
||
snmp_remoteport: {}
|
||
snmp_field_protection:
|
||
device:
|
||
serial: ['group:__ANY__']
|
||
devices_no: []
|
||
devices_only: []
|
||
discover_no: []
|
||
discover_only: []
|
||
discover_no_type: []
|
||
discover_waps: true
|
||
discover_phones: false
|
||
discover_min_age: 0
|
||
macsuck_no: []
|
||
macsuck_only: []
|
||
macsuck_all_vlans: false
|
||
macsuck_no_unnamed: false
|
||
macsuck_no_vlan:
|
||
- 'fddi-default'
|
||
- 'token-ring-default'
|
||
- 'fddinet-default'
|
||
- 'trnet-default'
|
||
- 'fcoe-vsan-4048'
|
||
- 'SAM-vlan-boot'
|
||
- 'SAM-vlan-appliance-management'
|
||
- 'SAM-vlan-management'
|
||
macsuck_no_devicevlan: []
|
||
macsuck_unsupported: []
|
||
macsuck_unsupported_type: []
|
||
macsuck_bleed: false
|
||
macsuck_min_age: 0
|
||
snmpforce_v1: []
|
||
snmpforce_v2: []
|
||
snmpforce_v3: []
|
||
arpnip_no: []
|
||
arpnip_only: []
|
||
arpnip_min_age: 0
|
||
nbtstat_no: []
|
||
nbtstat_only: []
|
||
nbtstat_max_age: 7
|
||
nbtstat_interval: 0.02
|
||
nbtstat_response_timeout: 1
|
||
node_freshness: 0
|
||
expire_devices: 60
|
||
expire_nodes: 90
|
||
expire_nodes_archive: 60
|
||
expire_jobs: 14
|
||
expire_userlog: 365
|
||
expire_nodeip_freshness: null
|
||
store_wireless_clients: true
|
||
store_modules: true
|
||
ignore_interfaces:
|
||
- 'EOBC'
|
||
- 'unrouted VLAN(?: \d+)?'
|
||
- 'StackPort'
|
||
- 'Control Plane Interface'
|
||
- 'SPAN (S|R)P Interface'
|
||
- 'StackSub-.*'
|
||
- 'StackPort\d+'
|
||
- 'netflow'
|
||
- 'Vlan\d+-mpls layer'
|
||
- 'BRI\S+-Bearer Channel'
|
||
- 'BRI\S+-Physical'
|
||
- 'BRI\S+-Signalling'
|
||
- 'BRI\S+-Signaling'
|
||
- 'Embedded-Service-Engine\d+\/\d+'
|
||
- 'Virtual-Template\d+'
|
||
- 'Virtual-Access\d+'
|
||
- '(E|T)\d \d\/\d\/\d'
|
||
- 'InLoopback0'
|
||
- 'NULL\d'
|
||
- 'Register-Tunnel\d'
|
||
- 'Blade-Aggregation\d'
|
||
- 'M-GigabitEthernet\d\/\d\/\d'
|
||
- 'Ethernet(?:-| )QOS Packet Scheduler'
|
||
- 'Ethernet(?:-| )WFP (?:802\.3|Native) MAC Layer Lightweight Filter'
|
||
- 'ii\d\/\d\/\d+'
|
||
ignore_notpresent_types:
|
||
- 'ethernetCsmacd'
|
||
- 'tunnel'
|
||
- 'ieee8023adLag'
|
||
ignore_private_nets: false
|
||
reverse_sysname: false
|
||
phone_capabilities:
|
||
- '(?i:phone)'
|
||
phone_platforms:
|
||
- '(?i:mitel.5\d{3})'
|
||
wap_capabilities:
|
||
- 'wlanAccessPoint'
|
||
wap_platforms:
|
||
- '(?i:\bwap\b)'
|
||
- 'cisco\s+AIR-[L|C]?AP'
|
||
- '-K9W8-'
|
||
|
||
# --------------
|
||
# BACKEND DAEMON
|
||
# --------------
|
||
|
||
workers:
|
||
tasks: 'AUTO * 2'
|
||
timeout: 600
|
||
sleep_time: 1
|
||
min_runtime: 0
|
||
max_deferrals: 10
|
||
retry_after: '7 days'
|
||
queue: PostgreSQL
|
||
|
||
# 50 minutes
|
||
jobs_stale_after: 3000
|
||
jobs_qdepth: 50
|
||
|
||
dns:
|
||
max_outstanding: 50
|
||
hosts_file: '/etc/hosts'
|
||
no: ['group:__LOCAL_ADDRESSES__','169.254.0.0/16']
|
||
|
||
schedule:
|
||
discoverall:
|
||
when: '5 7 * * *'
|
||
macwalk:
|
||
when:
|
||
min: 20
|
||
arpwalk:
|
||
when:
|
||
min: 50
|
||
nbtwalk:
|
||
when: '0 8,13,21 * * *'
|
||
expire:
|
||
when: '30 23 * * *'
|
||
makerancidconf: null
|
||
|
||
job_prio:
|
||
high:
|
||
- location
|
||
- contact
|
||
- portcontrol
|
||
- portname
|
||
- vlan
|
||
- power
|
||
normal:
|
||
- discoverall
|
||
- discover
|
||
- arpwalk
|
||
- arpnip
|
||
- macwalk
|
||
- macsuck
|
||
- nbtwalk
|
||
- nbtstat
|
||
- expire
|
||
- stats
|
||
|
||
worker_plugins:
|
||
- 'Arpnip'
|
||
- 'Arpnip::Nodes'
|
||
- 'Arpnip::Subnets'
|
||
- 'Arpwalk'
|
||
- 'Contact'
|
||
- 'Delete'
|
||
- 'Discover'
|
||
- 'Discover::CanonicalIP'
|
||
- 'Discover::Entities'
|
||
- 'Discover::Neighbors'
|
||
- 'Discover::Neighbors::Routed'
|
||
- 'Discover::Neighbors::DOCSIS'
|
||
- 'Discover::PortPower'
|
||
- 'Discover::PortProperties'
|
||
- 'Discover::Properties'
|
||
- 'Discover::VLANs'
|
||
- 'Discover::Wireless'
|
||
- 'Discover::WithNodes'
|
||
- 'DiscoverAll'
|
||
- 'DumpConfig'
|
||
- 'Expire'
|
||
- 'ExpireNodes'
|
||
- 'Graph'
|
||
- 'Location'
|
||
- 'Macsuck'
|
||
- 'Macsuck::Nodes'
|
||
- 'Macsuck::WirelessNodes'
|
||
- 'Macwalk'
|
||
- 'MakeRancidConf'
|
||
- 'NodeMonitor'
|
||
- 'Nbtstat'
|
||
- 'Nbtstat::Core'
|
||
- 'Nbtwalk'
|
||
- 'PortControl'
|
||
- 'PortName'
|
||
- 'Power'
|
||
- 'Psql'
|
||
- 'Renumber'
|
||
- 'GetAPIKey'
|
||
- 'Show'
|
||
- 'Stats'
|
||
- 'Vlan'
|
||
- 'Vlan::Core'
|
||
|
||
extra_worker_plugins: []
|
||
|
||
driver_priority:
|
||
restconf: 500
|
||
netconf: 400
|
||
eapi: 300
|
||
cli: 200
|
||
snmp: 100
|
||
|
||
# ---------------
|
||
# GraphViz Export
|
||
# ---------------
|
||
|
||
graph:
|
||
# ---- Graph Settings ----
|
||
edge_color : wheat
|
||
|
||
graph : 'graph/netmap.gif'
|
||
graph_png : 'graph/netmap.png'
|
||
graph_bg : black
|
||
graph_clusters : false # try fdp layout
|
||
graph_color : white
|
||
graph_default : png
|
||
#graph_dir : net_dir.gif
|
||
graph_epsilon : 6
|
||
graph_layout : twopi # try neato or fdp too
|
||
graph_map : 'graph/netmap.map'
|
||
graph_overlap : scale
|
||
graph_nodesep : 2
|
||
graph_ranksep : .3
|
||
graph_raw : 'graph/graph_raw.dot'
|
||
graph_splines : false
|
||
graph_svg : 'graph/netmap.svg'
|
||
graph_timeout : 90
|
||
graph_x : 30
|
||
graph_y : 30
|
||
|
||
node_fillcolor : dimgrey
|
||
node_font : lucon
|
||
node_fontsize : 46.0
|
||
node_fontcolor : white
|
||
node_problem : red
|
||
node_shape : box
|
||
node_style : filled
|
||
#edge_style : setlinewidth(10)
|
||
|
||
# ---- Node Maps ----
|
||
# variable:matching pattern:node attribute:attribute value:key:key name
|
||
#node_map:
|
||
# - 'label:cat(?!-g):fillcolor:blue:cat:Blue Box - Catalyst Device'
|
||
# - 'label:-g:fillcolor:darkgreen:dev-g:Green Box - Gateway / Router'
|
||
# - 'ip:^192.168\.:color:yellow:dev:Yellow Border - ResNet'
|
||
|
||
# ---------------
|
||
# DANCER INTERNAL
|
||
# ---------------
|
||
|
||
charset: 'UTF-8'
|
||
warnings: false
|
||
show_errors: false
|
||
logger: 'console'
|
||
engines:
|
||
netdisco_template_toolkit:
|
||
subclass: 'Template::AutoFilter'
|
||
encoding: 'utf8'
|
||
start_tag: '[%'
|
||
end_tag: '%]'
|
||
ANYCASE: 1
|
||
ABSOLUTE: 1
|
||
PRE_CHOMP: 1
|
||
INCLUDE_PATH: []
|
||
AUTO_FILTER: 'html_entity'
|
||
layout: 'noop'
|
||
plugins:
|
||
Swagger:
|
||
main_api_module: 'App::Netdisco'
|
||
ui_url: '/swagger-ui'
|
||
show_ui: false
|
||
ui_dir: '/dev/null'
|
||
Auth::Extensible:
|
||
no_api_change_warning: true
|
||
no_default_pages: true
|
||
no_login_handler: true
|
||
realms:
|
||
users:
|
||
provider: 'App::Netdisco::Web::Auth::Provider::DBIC'
|
||
schema_name: 'netdisco'
|
||
session: 'cookie'
|
||
session_cookie_key: 'this_will_be_overridden_on_webapp_startup'
|
||
template: 'netdisco_template_toolkit'
|
||
route_cache: true
|
||
appname: 'Netdisco'
|
||
behind_proxy: false
|