Users are able to use configuration templates to configure certain functionality on their Opengear Nodes.
Initially, three types of template are supported:
- Authentication Templates
- Group Templates
- Script Templates
Authentication templates are used to configure the downstream Node's AAA settings. This template is used when the downstream nodes will be authenticating via an enterprise authentication server (such as TACACS+, RADIUS, or LDAP).
The above example shows configuration of a RADIUS server. There are two things to note here:
- There is an option to pre-populate the template from the Authentication configuration used on Lighthouse. Note that this is a copy operation; if the Lighthouse configuration changes, then the template will not be automatically updated.
- The Schemes are simpler than on the Opengear Nodes. Each scheme apart from Local is the same as xDownLocal setting on the Nodes (where x is Radius, TACACs, LDAP). To make more specific configurations, support for configuration scripting will be available in a future release.
Group templates are used to configure the group list on a downstream Node. This should be used in conjunction with an Authentication template, to allow remote groups to specify different access rights on the downstream nodes.
When applied, this group list will replace the group list on the downstream node (apart from system groups).
NOTE: As the legacy Opengear (CM71xx, ACM700x, IM72xx) utilize a different command line structure script templates for these platforms will not function properly on current Opengear products (OM120x, OM22xx, CM81xx). A detailed set of current Opengear script template examples will be available soon.
Script templates are a powerful way to run shell scripts on nodes, either automatically at enrollment time via Configure Nodes -> Node Enrollment -> Enrollment Bundles, or manually via Configure Nodes -> Configuration Templates -> Apply Templates.
Users may create and upload a Script Template that performs actions to configure the node, or create self installing scripts that may be called upon during remote events (refer faq409-Auto-Response-Alerts.html).
The sample script below will enable the 4G/LTE modem; enables ports 1 and 2 as console ports with both SSH and web terminal services on each along with a port name; and enables NTP to a server at 0.pool.ntp.org. The final statement applies the configurations set within the script.
#Enable Cellular Modem
#Configure console port 1
#Configure console port 2
#run all configurators
To apply templates, use the Apply Template wizard to do the following steps
- Select the template
- Select the nodes to apply the template to
- Run a pre-flight check to make sure the template will apply cleanly
- Push the template
The first two items are pretty simple, but the third and fourth need some explanation.
The preflight check process involves fetching the latest relevant configuration from the node, and testing that the new configuration will apply cleanly. If the node cannot be contacted, or the configuration will not apply cleanly, a warning will be shown. The preflight page will refresh, updating the preflight status for each node as preflighting completes. Nodes that have had warnings or errors will have been automatically unticked. When all nodes have be preflighted, the "Next - Push Configuration" button will become clickable.
Once this button is pushed, the config push will occur. The page will refresh with the template push status for each node.
For Example Scripts please visit: https://opengear.zendesk.com/hc/en-us/sections/360003937872-Lighthouse-Script-Templates