In article #001 and #002 you essentially created a NMaaS domain and enabled connectivity between your dedicated and isolated domain to your out of band management equipment network.


  • Completed #001
  • Completed #002
  • Basic knowledge related to configuration management 


We are going to deploy our first NMaaS service for your organisation: Oxidized

Article objective

This is done in 2 steps:

  1. Oxidized application deployment via the NMaaS portal
  2. Oxidized configuration specific to RARE domain  


NMaaS portal: Oxidized

[#003] - Cookbook

  • Having completed #001
  • Having completed #002
  • Once your domain is created and associated to your account, log into as in #001
  • select Oxidized application

  • select "Deploy"

  • choose a name for your service instance, in our case we chose: "p4-oxi-srv"

The name has a particular importance as it will dynamically create a FQDN for the NMaaS service in the form: <service_name>.<domain> 

In my example it is:

  • fill in the mandatory basic configuration information

  • Oxidized access username

we chose: oxidized

  • Oxidized access password

we chose: oxidized

  • Device access username (login used by Oxidized to access the equipment via SSH)

we chose: rare

  • Device access password (password used to access the equipment via SSH)

we chose: rare

  • Device (IP address)

we chose:,,, 

VPN Connectivity Warning

 It is important to note that you'll be connected inside a dedicated VPN so you'll be isolated from the outside world as if you were running your own Out of band management network. So we can assume that your domain is secured.

  • Congratulation. You should have completed Oxidized deployment

In the RARE domain we had a specific requirement that requires a specific profiles for the RARE network equipment.

We are using then NMaaS configuration feature (also refer to NMaaS configuration process), which actually will provide us the way to alter Oxidized configuration software.

  • From the NMaaS portal service instance page select "Update configuration" button

  • you should be provided a git command that will let you clone your Oxidized NMaaS configuration repository

From a terminal, clone oxidized configuration repository
git clone ssh://
cd rare-oxidized-210

ls -l
total 0
drwxr-xr-x  4 loui  staff  128 Jul 30 11:10 base
drwxr-xr-x  4 loui  staff  128 Jul 30 11:13 model
Oxidized base configuration
cd base 
ls -l
total 16
-rw-r--r--  1 loui  staff  734 Jul 30 11:12 config
-rw-r--r--  1 loui  staff  141 Jul 30 11:12 router.db
Oxidized config file sample
username: rare
password: rare
model: rare
interval: 600
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /([\w.@-]+[#>]\s?)$/
vars: {}
       ssh_port: 2001
pid: "/storage/pid"
  default: ssh
  debug: false
    secure: false
  default: git
    directory: "/storage/configs"
    single_repo: true
    user: oxidized
    repo: "/storage/oxidized.git"
  default: csv
    file: "/root/.config/oxidized/router.db"
    delimiter: !ruby/regexp /:/
      name: 0
      model: 1
      group: 2
  rare: rare
  cisco: ios
  juniper: junos
Oxidized rare.rb file sample
class RARE < Oxidized::Model
  prompt /([\w.@()-]+[#>]\s?)$/
  #prompt /^([\w.@()-]+[#>]\s?)$/
  comment '! '
  cmd :all do |cfg|
    # cfg.gsub! /\cH+\s{8}/, '' # example how to handle pager cfg.gsub! /\cH+/, '' # example how to handle pager get rid of errors for commands that don't work on some devices
    cfg.gsub! /^% Invalid input detected at '\^' marker\.$|^\s+\^$/, ''
  cmd :secret do |cfg|
    cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>'
    cfg.gsub! /^(snmp-server host \S+( vrf \S+)?( version (1|2c|3))?)\s+\S+((\s+\S*)*)\s*/, '\\1 <secret hidden> \\5'
    cfg.gsub! /^(username .+ (password|secret) \d) .+/, '\\1 <secret hidden>'
    cfg.gsub! /^(enable (password|secret)( level \d+)? \d) .+/, '\\1 <secret hidden>'
    cfg.gsub! /^(\s+(?:password|secret)) (?:\d )?\S+/, '\\1 <secret hidden>'
    cfg.gsub! /^(.*wpa-psk ascii \d) (\S+)/, '\\1 <secret hidden>'
    cfg.gsub! /^(.*key 7) (\d.+)/, '\\1 <secret hidden>'
    cfg.gsub! /^(tacacs-server (.+ )?key) .+/, '\\1 <secret hidden>'
    cfg.gsub! /^(crypto isakmp key) (\S+) (.*)/, '\\1 <secret hidden> \\3'
    cfg.gsub! /^(\s+ip ospf message-digest-key \d+ md5) .+/, '\\1 <secret hidden>'
    cfg.gsub! /^(\s+ip ospf authentication-key) .+/, '\\1 <secret hidden>'
    cfg.gsub! /^(\s+neighbor \S+ password) .+/, '\\1 <secret hidden>'
    cfg.gsub! /^(\s+vrrp \d+ authentication text) .+/, '\\1 <secret hidden>'
    cfg.gsub! /^(\s+standby \d+ authentication) .{1,8}$/, '\\1 <secret hidden>'
    cfg.gsub! /^(\s+standby \d+ authentication md5 key-string) .+?( timeout \d+)?$/, '\\1 <secret hidden> \\2'
    cfg.gsub! /^(\s+key-string) .+/, '\\1 <secret hidden>'
    cfg.gsub! /^((tacacs|radius) server [^\n]+\n(\s+[^\n]+\n)*\s+key) [^\n]+$/m, '\1 <secret hidden>'
  cmd 'show platform' do |cfg|
    comment "TEST: show platform"
    comments = []
    comments << cfg.lines.first
    lines = cfg.lines
    lines.each_with_index do |line, i|
      if line !~ /^mem:|^uptime:/
        comments << line.strip!
    comments << "\n"
    comment comments.join "\n"
  cmd 'show interfaces description' do |cfg|
    comment cfg
  cmd 'show running-config' do |cfg|
    cfg = cfg.each_line.to_a[3..-1]
    cfg = cfg.reject { |line| line.match /^ntp clock-period / }.join
    cfg.gsub! /^Current configuration : [^\n]*\n/, ''
    cfg.gsub! /^ tunnel mpls traffic-eng bandwidth[^\n]*\n*(
                  (?: [^\n]*\n*)*
                  tunnel mpls traffic-eng auto-bw)/mx, '\1'
  cfg :telnet do
    username /^Username:/i
    password /^Password:/i
  cfg :telnet, :ssh do
    # preferred way to handle additional passwords
    post_login do
      if vars(:enable) == true
        cmd "enable"
      elsif vars(:enable)
        cmd "enable", /^[pP]assword:/
        cmd vars(:enable)
    post_login 'terminal length 0'
    post_login 'terminal width 0'
    pre_logout 'exit'

Oxidized router.db file sample

Oxidized model files
cd model 
ls -l
total 16
-rw-r--r--  1 loui  staff  2977 Jul 30 11:13 rare.rb
-rw-r--r--  1 loui  staff    69 Jul 30 11:10 readme.txt

Oxidized model configuration

Oxidized has the property to associate a model file specific to your equipment. In RARE context we needed to define a specific profile specifying the prompt used and also the command of interest during configuration versioning process.


Congratulations! You have deployed your first NMaaS service specifically for your domain !


In this article you:

  • You have deployed a powerful CMDB software for your organisation
  • You have learned how to apply specific configurations to it in order to match your requirements

[ #003 ] NMaaS-101 - key take-away

  • Deploying a NMaaS service is as easy as deploying an application on your mobile phone, you just have to log into the NMaaS portal and of course have the sufficient privileges to deploy application for your domain
  • Deploying an application is a 2 steps process
    • deploy the application via the portal
    • configure the application via git tool
  • Even if Oxidized deployment by NMaaS is made easy, it is mandatory to have a strong knowledge of the tool implemented. In this case, it is of course essential to read documentation from Oxidized GitHub.

  • No labels