5. Devices

devices.toml is structured as three separate dictionaries for devices, credentials, and proxies. All values are strings.

Routers

[router.'<name>']

'<name>' should be your routers hostname, or another way of uniquely identifying the devie.

Parameter Function
address IP address hyperglass will use to connect to the device.
asn ASN this device is a member of.
src_addr_ipv4 Source IPv4 address used for ping and traceroute queries.
src_addr_ipv6 Source IPv6 address used for ping and traceroute queries.
credential Name of credential (username & password) used to authenticate with the device. See Credentials for more information.
location Name of location/POP where this device resides.
display_name Device name that will be shown to the end user on the main hyperglass page.
port TCP port for SSH/HTTP connection to device.
type Device type/vendor name. See supported device types for a full list.
proxy Name of SSH proxy/jumpbox, if any, used for connecting to the device. If not using a proxy, specify an empty string, i.e. "".

Example

[router.'pop1']
address = "192.0.2.1"
asn = "65000"
src_addr_ipv4 = "192.0.2.251"
src_addr_ipv6 = "2001:db8::1"
credential = "default"
location = "pop1"
display_name = "Washington, DC"
port = "22"
type = "cisco_ios"
proxy = "jumpbox1"

[router.'pop2']
address = "192.0.2.2"
asn = "65000"
src_addr_ipv4 = "192.0.2.252"
src_addr_ipv6 = "2001:db8::2"
credential = "frr_api_pop2"
location = "pop2"
display_name = "Portland, OR"
port = "8080"
type = "frr"
proxy = ""

Credentials

The credential table stores the username and password for a device. SSH Key authentication is not yet supported. If using FRRouting and the hyperglass-frr API, the username can be any arbitrary value (it is not used), and the password is the PBKDF2 SHA256 hashed API key (not the API key itself).

Example

[credential.'default']
username = "hyperglass"
password = "secret_password"

[credential.'frr_api_pop2']
username = "doesntmatter"
password = "$pbkdf2-sha256$29000$bI0xJqQUQoixtjZGSAnhvA$FM0oUc.Y3kuvl9ilQmMuULTD1MjzD64Ax9rFNUgAl.c"

Security Warning

These values are stored in plain text, so make sure the accounts are restricted. Instructions for creating restricted accounts on common platforms can be found here.

Proxies

The proxy table stores the connection parameters for an SSH proxy.

When a proxy server is defined in the [router] table, the defined proxy name is matched to a configured proxy as shown above. When the connection to the device is initiated, the hyperglass server will first initiate an SSH connection to the proxy, and then initiate a second connection to the target device (router) from the proxy server. This can be helpful if you want to secure access to your routers.

Security Warning

These values are stored in plain text, so make sure the accounts are restricted.

Parameter Function
address IP address hyperglass will use to connect to the device.
username Username for SSH authentication to the proxy server/jumpbox. SSH Key authentication is not yet supported.
password Plain text password for SSH authentication to the proxy server/jumpbox.
type Device type/vendor name as recognized by Netmiko. See supported device types for a full list.
ssh_command Command used to initiate an SSH connection from the proxy server to the target device. {username} will map to the target device (router) username as defined in its associated credential mapping. {host} will map to the target device IP address as defined in devices.toml.

Example

[proxy.'jumpbox1']
address = "10.1.1.1"
username = "hyperglass"
password = "secret_password"
type = "linux_ssh"
ssh_command = "ssh -l {username} {host}"

[proxy.'jumpbox2']
address = "10.1.1.2"
username = "hyperglass"
password = "secret_password"
type = "linux_ssh"
ssh_command = "ssh -l {username} {host}"

Compatibility

hyperglass has only been tested with linux_ssh as of this writing.