On small teams, typically network changes are both visible and communicated effectively. However, as your team grows, you may grow to a point where there are so many network changes happening that pull based backups are no longer as effective as they should be.
If you'd like to capture every change you have a few options:
- Vendor specific solutions (juniper system archival)
- Syslog based solutions (saltstack)
Below I explore an interesting (bad) idea I thought of recently using Juniper commit scripts. The idea involves a juniper running a Python script after every commit which triggers a backup via an API HTTP call. In practicality, you probably don't want to run this in production. Running event based backups off of log messages is not only vendor agnostic but more secure and scalable.
The meat
The script above gathers the local Juniper's hostname and uses it as the primary key in the Oxidized Rest API call. The 'requests' library is available to use with Juniper on-box scripts without any additional installations.
-
Update the script to use your Oxidized IP
-
Update your juniper to support transfering files and commit scripts
set system service ssh sftp-server
set system scripts language python3 commit file /var/db/scripts/commit/{script}
-
Transfer file to Juniper
scp {script} {user}@{juniper}:/var/db/scripts/commit
-
Update the permissions
start shell
(while in the juniper)
chown root:wheel /var/db/scripts/commit/{script}
-
Commit a configuration and see that Oxidized begins a backup.