Configuration backups are one of those operational tasks that every network team acknowledges is critical but often lacks a clean, automated solution for. OcNOS does not have built-in scheduled backup functionality, but it integrates cleanly with Ansible — making it straightforward to build a robust backup workflow using tools most network teams already have.
This guide covers three approaches from simple to full production-grade:
- Basic SSH backup using Ansible raw module
- NETCONF-based structured config retrieval
- Git-backed version history with drift detection
Approach 1: SSH Backup with Ansible
# backup-ocnos.yaml -- Simple Ansible playbook for OcNOS config backup
# Run via cron: ansible-playbook backup-ocnos.yaml
# Or schedule with Ansible AWX / AAP
- name: Backup OcNOS configurations
hosts: ocnos_nodes
gather_facts: false
vars:
backup_dir: "/opt/network-backups/ocnos"
timestamp: "{{ lookup('pipe', 'date +%Y%m%d-%H%M%S') }}"
tasks:
- name: Create backup directory per host
file:
path: "{{ backup_dir }}/{{ inventory_hostname }}"
state: directory
delegate_to: localhost
- name: Fetch running configuration
ansible.netcommon.cli_command:
command: show running-config
register: running_config
- name: Save configuration to file
copy:
content: "{{ running_config.stdout }}"
dest: "{{ backup_dir }}/{{ inventory_hostname }}/running-config-{{ timestamp }}.txt"
delegate_to: localhost
- name: Save latest symlink
file:
src: "{{ backup_dir }}/{{ inventory_hostname }}/running-config-{{ timestamp }}.txt"
dest: "{{ backup_dir }}/{{ inventory_hostname }}/running-config-latest.txt"
state: link
delegate_to: localhostApproach 2: NETCONF Structured Backup
# netconf-backup.yaml -- Retrieve config via NETCONF for structured storage
# Produces XML files that can be diff'd and fed back into NETCONF
- name: NETCONF configuration backup
hosts: ocnos_nodes
connection: netconf
gather_facts: false
tasks:
- name: Get full running configuration via NETCONF
netconf_get:
source: running
filter: |
<filter type="subtree">
<interfaces xmlns="http://openconfig.net/yang/interfaces"/>
<routing xmlns="urn:ietf:params:xml:ns:yang:ietf-routing"/>
<network-instances xmlns="http://openconfig.net/yang/network-instance"/>
</filter>
register: netconf_config
- name: Save NETCONF XML config
copy:
content: "{{ netconf_config.output }}"
dest: "/opt/network-backups/ocnos/{{ inventory_hostname }}/netconf-{{ timestamp }}.xml"
delegate_to: localhostApproach 3: Git-Backed Version Control with Drift Detection
# git-backup.yaml -- Full production backup with Git version history
# Detects configuration changes and alerts if drift is detected
- name: Git-backed OcNOS configuration backup
hosts: ocnos_nodes
gather_facts: false
vars:
git_repo: "/opt/network-configs"
tasks:
- name: Fetch running configuration
ansible.netcommon.cli_command:
command: show running-config
register: running_config
- name: Write config to Git working directory
copy:
content: "{{ running_config.stdout }}"
dest: "{{ git_repo }}/{{ inventory_hostname }}.cfg"
delegate_to: localhost
- name: Check for config changes (Git diff)
command: git -C {{ git_repo }} diff --name-only
register: git_diff
delegate_to: localhost
changed_when: git_diff.stdout != ""
- name: Commit changes if config drifted
shell: |
cd {{ git_repo }}
git add {{ inventory_hostname }}.cfg
git commit -m "Config change detected on {{ inventory_hostname }} at {{ timestamp }}"
delegate_to: localhost
when: git_diff.stdout != ""
- name: Alert on configuration drift
debug:
msg: "ALERT: Configuration change detected on {{ inventory_hostname }}"
when: git_diff.stdout != ""Scheduling Backups with Cron
# crontab -e -- Schedule daily backups at 2 AM
0 2 * * * /usr/bin/ansible-playbook /opt/ansible/git-backup.yaml -i /opt/ansible/inventory.yaml >> /var/log/ocnos-backup.log 2>&1
# Weekly full backup with retention cleanup (keep 90 days):
0 3 * * 0 find /opt/network-backups/ocnos -name "*.txt" -mtime +90 -delete- Automating Network Deployments with OcNOS
- gNMI Telemetry Guide
- IP Maestro — GUI Management for OcNOS
- Contacter IP Infusion
IP Infusion Engineering Team