Config Backup plugin help

Addons for Cacti and discussion about those addons

Moderators: Developers, Moderators

DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

Could it be permissions? per the plugin page I set "server_args" = "-c -s /home/configs/backups" but instead of "/home/configs/backups" I pointed it at a mount point I made so the backups would be on a different drive than the OS.
https://docs.cacti.net/plugin:routerconfigs

The line "and give the apache server and the tftp server permissions to access it" wasn't totally clear, which user should have permissions? ATM it's just root but with 777.
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

Post by netniV »

777 grants everyone full write access. Did you read through the TFTP link I posted earlier that goes through how to setup TFTP? You might have to change things slightly if that isn't your exact OS but it should give you the pointers. Also, you may want to check whatever logs the TFTP server writes to as it might be complaining itself.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

Looked at your link some more and noticed some parts that the install hadn't added, so I made a few changes and now it's copying.

Though instead of editing the selinux config file I just did setenforce 0 and then found the context for TFTP and updated the fcontext DB with a line to put that context on my mountpoint recursively.

Though oddly the config that was copied shows the owner as "nobody"
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

Ok so now the TFTP part seems to be working, but when Cacti tries to do a backup it still fails.

Under Configuration->settings->Router Backups
I have the TFTP directory under TFTP Backup Directory Path
And I have another directory under Archive Directory Path
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

Post by netniV »

Now that you have access to the TFTP folder, enable the debug option in settings and do a manual backup. You can do this through the GUI or using:

sudo -u <website user> php <cacti>/plugins/routerconfigs/router_download.php -h <id> -d
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

Where will the debug log be?

Also which one of the settings should be used to enable debug? Just to be sure.
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

Ok I think I found the right things and found these two lines.

2018/May/03 07:28:44 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Follow the installation instructions in the official manual at http://www.php.net/manual/en/ssh2.installation.php
2018/May/03 07:28:44 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: PHP doesn't have the ssh2 module installed
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

So after doing the following as per http://www.php.net/manual/en/ssh2.installation.php
yum install libssh2.x86_64 php-pecl-ssh2.x86_64
systemctl restart httpd

Now it has this error. (I've removed the IP, username, and edited the device name in this post.)

2018/May/03 07:42:43 - RCONFIG NOTICE: Failed to download for LAN
2018/May/03 07:42:43 - RCONFIG ERROR: Failed to Connect to Device 'LAN' using connection type: ssh
2018/May/03 07:42:43 - DBCALL DEVEL: SQL Exec: "UPDATE plugin_routerconfigs_devices SET lasterror = ? WHERE id = ?"
2018/May/03 07:42:43 - RCONFIG 10.250.114.1 (SSH) -> WARNING: Unable to open ssh network connection
2018/May/03 07:42:43 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Setting sleep time to 125000 microsecond(s)
2018/May/03 07:42:43 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Setting timeout to 30 second(s)
2018/May/03 07:42:43 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Creating SSH(Server: (IP), User: (USERNAME), Password: (17 chars), Enablepw: (Not Set), Devicetype: {"id":"1","name":"Cisco IOS","username":"username:","password":"password:","copytftp":"copy run tftp","version":"show version","confirm":"y","sleep":null,"timeout":null,"forceconfirm":"","checkendinconfig":"on"}
2018/May/03 07:42:43 - RCONFIG (IP) -> DEBUG: Attempting to connect via SSH
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

Post by netniV »

And you can manually SSH onto the device?
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

yes I can manually SSH from the Cacti server to the device.

I just tried "setenforce 0" and running another backup and it looks like it got more info, Cacti says failed, but it looks like it managed to SSH and copy to tftp.
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

Ok I gathered what I think are all the entries specific to the backup attempt, and did the same edits I mentioned before.

2018/May/03 08:06:03 - RCONFIG STATS: Time:35.79 Downloaded:0 Failed:1
2018/May/03 08:06:03 - RCONFIG DEBUG: 1 devices failed to backup.
2018/May/03 08:06:03 - RCONFIG DEBUG: 0 devices backed up successfully.
2018/May/03 08:06:03 - RCONFIG WARNING: 0 Devices Backed Up, 1 Devices Failed, 0 Disabled (ignored) in 36 seconds
2018/May/03 08:06:03 - RCONFIG NOTICE: Failed to download for LAN
2018/May/03 08:06:03 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Timeout of 30 seconds has been reached
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: --> exit
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: checking end in config
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Attempting to open file at /u01/Config-Backups/LAN
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Checking for valid incoming file at /u01/Config-Backups/LAN
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Result: (0)
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Line: LAN#
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Line: 24639 bytes copied in 3.880 secs (6350 bytes/sec)
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Line: !!
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Line: LAN
2018/May/03 08:05:33 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Found Prompt (Enabled)
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: --> LAN
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> NOTICE: Sending Filename (Destination): LAN
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Question found
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Result: (0)
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Line: Destination filename [LAN-confg]?
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Line: (IP)
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Found Prompt (Question)
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: --> (IP)
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> NOTICE: Sending Server: (IP)
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Question found
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Result: (0)
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Line: Address or name of remote host []?
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Line: copy run tftp
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Found Prompt (Question)
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: --> copy run tftp
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> Process is now enabled
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Attempt 1 of 10 to find prompt
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Found Prompt (Enabled)
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: -->
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> NOTICE: Ensuring process is enabled
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Connected via ssh
2018/May/03 08:05:29 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: okay: logged in...
2018/May/03 08:05:27 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Setting sleep time to 125000 microsecond(s)
2018/May/03 08:05:27 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Setting timeout to 30 second(s)
2018/May/03 08:05:27 - RCONFIG 10.250.114.1 (SSH) -> DEBUG: Creating SSH(Server: (Dev-IP), User: (USER), Password: (17 chars), Enablepw: (Not Set), Devicetype: {"id":"1","name":"Cisco IOS","username":"username:","password":"password:","copytftp":"copy run tftp","version":"show version","confirm":"y","sleep":null,"timeout":null,"forceconfirm":"","checkendinconfig":"on"}
2018/May/03 08:05:27 - RCONFIG 10.250.114.1 -> DEBUG: Attempting to connect via SSH
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

So for the SeLinux part of the issue I found this.

https://stackoverflow.com/questions/245 ... ide-apache
So i did
"getsebool -a | grep httpd_can_network_connect"
Which showed it was currently set to off so as the post in the link suggested I then did
"setsebool -P httpd_can_network_connect=1"

Now SeLinux is able to remain enforcing and it gets to the longer set of log messages.
BTW after it "fails" I do see that it was successful at copying the config to the TFTP server.
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

Post by netniV »

It looks like your device is not reporting that the connection is closed after issuing the exit. Thus we can't be sure that we have properly exited the router. I suppose we could add an option to say whether to issue an exit or to simply close the connection.

Can you open an issue requesting that option on Github and i'll get it done tomorrow?
https://github.com/cacti/plugin_routerconfigs/issues
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

Post by DarkLogix »

netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

Post by netniV »

And I was bored so I've implemented a quick solution for you already :)
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests