apc_aos: support SCP

- activate scp in the apc_aos model - Document how to get a working Net::SCP (fork on https://github.com/robertcheramy/net-scp) - Include the forked Net::SCP in the container image - Add a rake rule to build the container image locally - Closes #1802
ytti · Dec 16, 2024 · 392ec60 · 392ec60
1 parent 9254747
commit 392ec60
Show file tree

Hide file tree

Showing 7 changed files with 75 additions and 21 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ### Added
 - junos: add unit test (@systeembeheerder)
+- apc_aos: support for scp (@robertcheramy)
 
 ### Changed
 - sonicos: accept policy message. Fixes #3339 (@Steve-M-C, @robertcheramy)

diff --git a/Dockerfile b/Dockerfile
@@ -8,6 +8,10 @@ RUN apt-get update && apt-get install -y \
     build-essential \
     git \
     ruby-dev \
+    # Needed to build Net::SCP from https://github.com/robertcheramy/net-scp.git
+    # Can be removed after issue
+    # https://github.com/robertcheramy/net-scp/issues/1 is fixed
+    rubocop \
     && rm -rf /var/lib/apt/lists/*
 
 # create bundle directory
@@ -18,6 +22,13 @@ ENV GEM_HOME=/usr/local/bundle
 # Install the x25519 gem
 RUN gem install x25519 --no-document
 
+
+###################
+# build net-scp from https://github.com/robertcheramy/net-scp for APC devices
+WORKDIR /tmp/net-scp/
+RUN git clone -c advice.detachedHead=false --branch 4.0.3.fork --single-branch https://github.com/robertcheramy/net-scp.git /tmp/net-scp
+RUN rake build
+
 ###################
 # build oxidized
 COPY . /tmp/oxidized/
@@ -76,7 +87,7 @@ RUN apt-get -yq update \
     # Use ubuntu gems where possible
     # Gems needed by oxidized
     ruby-rugged ruby-slop ruby-psych \
-    ruby-net-telnet ruby-net-ssh ruby-net-ftp ruby-net-scp ruby-ed25519 \
+    ruby-net-telnet ruby-net-ssh ruby-net-ftp ruby-ed25519 \
     # Gem dependencies for inputs
     ruby-net-http-persistent ruby-mechanize \
     # Gem dependencies for sources
@@ -96,6 +107,10 @@ COPY --from=prebuilder /usr/local/bundle /usr/local/bundle
 ENV GEM_HOME="/usr/local/bundle"
 ENV PATH="$GEM_HOME/bin:$PATH"
 
+# Install previously built net-scp
+COPY --from=prebuilder /tmp/net-scp/pkg/net-scp-4.0.3.fork.gem /tmp/
+RUN gem install /tmp/net-scp-4.0.3.fork.gem
+
 # gems not available in ubuntu noble
 RUN gem install --no-document \
     # dependencies for hooks

diff --git a/Rakefile b/Rakefile
@@ -83,4 +83,31 @@ task :chmod do
   dirs.sort.uniq.each { |dir| File.chmod(0o0755, dir) }
 end
 
+# Build the container image with docker or podman
+def command_available?(command)
+  system("which #{command} > /dev/null 2>&1")
+end
+
+def docker_needs_root?
+  !system('docker info > /dev/null 2>&1')
+end
+
+desc 'Build the container image with docker or podman'
+task :build_container do
+  # Prefer podman if available as it runs rootless
+  if command_available?('podman')
+    sh 'podman build -t oxidized:`git describe --tags` -t oxidized:latest .'
+  elsif command_available?('docker')
+    if docker_needs_root?
+      puts 'docker needs root to build the image. Using sudo...'
+      sh 'sudo docker build -t oxidized:`git describe --tags` -t oxidized:latest .'
+    else
+      sh 'docker build -t oxidized:`git describe --tags` -t oxidized:latest .'
+    end
+  else
+    puts 'You need Podman or Docker to build the container image.'
+    exit 1
+  end
+end
+
 task default: :test
diff --git a/docs/Model-Notes/APC_AOS.md b/docs/Model-Notes/APC_AOS.md
@@ -1,29 +1,42 @@
 # APC AOS Configuration
 
-Currently, the configuration of APC Network Management Cards can be downloaded with FTP only.
+The configuration of APC Network Management Cards can be downloaded using FTP
+and SCP.
+
+To download with SCP, you need a
+[patch](https://github.com/net-ssh/net-scp/pull/71) to
+[Net::SCP](https://github.com/net-ssh/net-scp, which has been included
+upstream, but there is currently no new release of Net::SCP and its authors are
+unresponsive.
+
+To temporarily solve this,
+[@robertcheramy forked Net::SCP](https://github.com/robertcheramy/net-scp). You
+can build or download the gem there. This gem is already included in the
+oxidized container image (in the release coming after 0.31.0).
 
-A download of the configuration with SCP is [work in progress](https://github.com/ytti/oxidized/issues/1802).
-As the APC has an unusual behavior (the connection is closed without an exit-status), this has to be
-[fixed](https://github.com/net-ssh/net-scp/pull/71) upstream in [Net::SCP](https://github.com/net-ssh/net-scp).
-As soon as there is a release of Net::SCP supporting the behavior of APC OS, we will activate SCP in oxidized.
 
 ## Can I collect more information than just the configuration?
-APC OS does not have the ability to show the config.ini within an SSH-session. As oxidized can only get the
-configuration with one input type at a time, it is not possible to fetch config.ini via FTP/SCP and get the output of
-some commands via SSH at the same time.
+APC OS does not have the ability to show the config.ini within an SSH-session.
+As oxidized can only get the configuration with one input type at a time, it is
+not possible to fetch config.ini via FTP/SCP and get the output of
+some commands via SSH at the same time. Feature request #3334 has been opened
+to support multiple inputs in oxidized.
+
+A ticket has been opened with APC support in order to enable "cat config.ini"
+within an SSH-session, but APC is not willing to support this.
 
-A ticket has been opened with APC support in order to support "cat config.ini" within an SSH-session, but
-the chances it will be supported at some time are not very good, and older versions will still not support it.
 
-## How do I activate FTP input?
-In order to download the configuration with FTP (and in the future with SCP), you have to activate it as an
-input in the oxidized configuration. If you do not activate the input, oxidized will fail for the node with
-a rather unspecific error (`WARN -- : /apc status fail, retry attempt 1`).
+## How do I activate FTP/SCP input?
+In order to download the configuration with FTP or SCP, you have to activate it
+as an input in the oxidized configuration. If you do not activate the input,
+oxidized will fail for the node with a
+[rather unspecific error](https://github.com/ytti/oxidized/issues/3346)
+(`WARN -- : /apc status fail, retry attempt 1`).
 
 The configuration can be done either globally or only for the model apc_aos.
 
-The global configuration would look like this. Note that Oxidized will try every input type in the given order
-until it succeeds, or it will report a failure.
+The global configuration would look like this. Note that Oxidized will try every
+input type in the given order until it succeeds, or it will report a failure.
 ```yaml
 input:
   default: ssh, ftp, scp

diff --git a/examples/podman-compose/Makefile b/examples/podman-compose/Makefile
@@ -71,8 +71,7 @@ images: model-image gitserver-image oxidized-image
 
 # build the oxidized image from the curent repository
 oxidized-image:
-	podman image exists local/oxidized || \
-	  podman build -t local/oxidized ../../
+	  podman build -t oxidized:`git describe --tags` -t oxidized:latest ../../
 
 # removes the oxidized image
 oxidized-image-clean:

diff --git a/lib/oxidized/model/apc_aos.rb b/lib/oxidized/model/apc_aos.rb
@@ -6,6 +6,6 @@ class Apc_aos < Oxidized::Model # rubocop:disable Naming/ClassAndModuleCamelCase
     cfg
   end
 
-  cfg :ftp do
+  cfg :ftp, :scp do
   end
 end
diff --git a/spec/model/apc_aos_spec.rb b/spec/model/apc_aos_spec.rb
@@ -34,7 +34,6 @@
   end
 
   it "fetches the configuration with scp" do
-    skip "Work in Progress, see issue #1802"
     @node = Oxidized::Node.new(name:     'example.com',
                                input:    'scp',
                                output:   'file',
-Original file line number
+Diff line change
@@ Expand Up @@
         cfg
       end
-      cfg :ftp do
+      cfg :ftp, :scp do
       end
     end