Event based Oxidized backups

On small teams, typically network changes are both visible and communicated effectively. However, as your team grows, you may grow to a point where there are so many network changes happening that pull based backups are no longer as effective as they should be.

If you'd like to capture every change you have a few options:

  1. Vendor specific solutions (juniper system archival)
  2. Syslog based solutions (saltstack)

Below I explore an interesting (bad) idea I thought of recently using Juniper commit scripts. The idea involves a juniper running a Python script after every commit which triggers a backup via an API HTTP call. In practicality, you probably don't want to run this in production. Running event based backups off of log messages is not only vendor agnostic but more secure and scalable.

The meat

Example commit script to call Oxidized API

The script above gathers the local Juniper's hostname and uses it as the primary key in the Oxidized Rest API call. The 'requests' library is available to use with Juniper on-box scripts without any additional installations.

  1. Update the script to use your Oxidized IP

  2. Update your juniper to support transfering files and commit scripts
    set system service ssh sftp-server
    set system scripts language python3 commit file /var/db/scripts/commit/{script}

  3. Transfer file to Juniper
    scp {script} {user}@{juniper}:/var/db/scripts/commit

  4. Update the permissions
    start shell (while in the juniper)
    chown root:wheel /var/db/scripts/commit/{script}

  5. Commit a configuration and see that Oxidized begins a backup.

Final warning that this is not a great idea, just an interesting one!
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Schy Networks.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.