oxidized icon indicating copy to clipboard operation
oxidized copied to clipboard
verified publisher icon ytti

Using git-crypt output with group-based repositories forces manual Git initialization and causes GET /node/fetch to return "node not found"

Open Mallamac74 opened this issue 11 months ago • 2 comments

I'm experiencing issues when configuring Oxidized to use the git-crypt output plugin with group-based repositories. Using plain git as the output works as expected (just a bare repository), but when I switch to git-crypt, I encounter two major problems (especially the second one):

1. Forced Manual Git Initialization: When using git-crypt as the output, Oxidized always complains that the working directory is not clean, forcing me to manually initialize (commit) the repository. For example, I see errors such as:

Error: Working directory not clean.
Please commit your changes or 'git stash' them before running 'git-crypt unlock'.

Even though I can manually perform an initial commit and the commit appears in the repository (with the file encrypted), I don't like this extra step. Is there a way to avoid it?

2. REST API "node not found" Error: Despite the node appearing correctly in the inventory (e.g., via GET /nodes?format=json), I receive a "node not found" error when I try to fetch the configuration with:

GET http://<oxidized-server>:8888/node/fetch/CISCO/ukldn-endc-cctv02

Here is the response of GET /nodes?format=json

[
  {
    "name": "ukldn-endc-cctv02",
    "full_name": "CISCO/ukldn-endc-cctv02",
    "ip": "10.255.47.5",
    "group": "CISCO",
    "model": "IOS",
    "last": { ... },
    "mtime": "2025-02-07 11:37:20 UTC",
    "status": "success",
    "time": "2025-02-07 11:37:19 UTC"
  }
]

Here are more details about the setup. Environment: Oxidized version: 0.31.0 Oxidized-web version: 0.14.0 OS: CentOS 9 Stream git and git-crypt: Installed via system packages (git 2.43.5, git-crypt 0.7.0 on my system) gem git: (2.3.3)

Config

output:
#  default: git
#  git:
#    user: Oxidized
#    email: [email protected]
#    repo: "/var/lib/oxidized/git-repos/default"
#    filename: ":group/:hostname"
  default: gitcrypt
  gitcrypt:
    user: Oxidized
    email: [email protected]
    repo: "/var/lib/oxidized/git-repos/default"
    #filename: ":group/:hostname"
    filename: ":hostname"
    users:
      - "0xC2B9FC86"
      - "0xE4BA21AE"

router.db:

ukldn-endc-cctv02:10.255.47.5:CISCO

Could you please advise if this is a known issue or if there is a configuration workaround to avoid manual Git initialization and to ensure that the /node/fetch// endpoint returns the decrypted configuration when using git-crypt with group-based repositories?

Any help or pointers to a fix would be greatly appreciated.

Mallamac74 avatar Feb 07 '25 12:02 Mallamac74

My thoughts after looking into this issue: output/gitcrypt.rb uses ruby-git, output/git.rb uses ruby-rugged The code ist almost the same, with gitcrypt.rb installing filters for git-crypt. gitcript was created 8 years ago, the author is not on github, maybe his email-address is still working and he stills uses gitcrypt.

The "right" solution would be to refactor the code, and work only with one codebase (Output::GitCrypt beeing a children of Output::Git).

Note that I won't help further on this issue: I don't use gitcrypt and as I have other priorities, I'm not willing to learn a second git library on top of rugged.

robertcheramy avatar Feb 13 '25 06:02 robertcheramy

This issue is stale because it has been open 90 days with no activity.

github-actions[bot] avatar May 15 '25 02:05 github-actions[bot]