Release Overview - Unimus 2.4.0

A new major Unimus release - 2.4.0 is finally here! With it come new features, reworks and improvements, new device support, and as always, bug fixes. This article is dedicated to the highlights of the 2.4.0 release, and the full Changelog is available at the bottom.

We have also published a video overview on our YouTube channel:


Mass Config Push macros overhaul

Mass Config Push is a powerful Unimus feature for automation made even more versatile when used with macros. Macros (modifiers, actions and user variables) allow you to build complex configuration deployments, firmware upgrade procedures or maintenance tasks.

In 2.4.0 the modifier syntax was changed to a "$(modifier-name yes/no)" format in order to minimize overall ambiguity and new modifiers "fail-on-error" and "wait-echo" were added. Format used for all actions is now "$(action-name value)". A new delay "action" was also introduced which simply waits for a specified time. Positions within a line for modifiers and actions are now enforced. Check out the wiki for more info.


NMS Sync enhancements

0:00
/

The old NMS Sync logic served well for three long years, though it wasn't without its shortcomings. The robust rework introduced in 2.4.0-Beta5 handles syncing from any combination of different systems or different instances of the same system.

We've introduced the concept of device orphaning in order to track changes on the NMS. A device becomes orphaned when it is no longer being provided by the NMS. This is useful in reflecting on Unimus the current state of the remote NMS that is being synced.

Two new settings were added to the NMS Sync Preset configuration to accommodate the flexibility of the Sync logic. Device Action policy controls creating new devices versus moving existing ones to a target Zone described by a Sync Preset Rule. With Orphaning policy Unimus can keep, unmanage or delete orphaned devices at the end of a Sync.

Tl;dr: NMS Sync now handles added, changed, removed and disabled devices in virtually any complex setup and will create / move / delete or disable local devices to reflect the state on the NMS. The full NMS Sync rework rundown can be found in this blog article and on our YouTube channel.


SSH handling support

Multiple improvements were made on the SSH connection establishment and session stability. Among few examples are:

  • Devices which don't play well when "none" SSH auth method is offered are now supported.
  • Login banner recognition has been adjusted to handle the quirkiest of banner types.
  • SSH version validation timeout can now be overridden to accommodate device types that need a little extra time to respond. Details in configuration documentation on our wiki.

Zabbix and LibreNMS connectors

By popular demand we've added an option to import Zabbix hosts by their assigned Templates and Tags, using '%' and '@' prefixes respectively. Existing Sync Presets will continue working as expected. More info in the Functionality > Import > Zabbix section on the wiki.

We have also added new "Address field priority" and "Description field priority" selectors for LibreNMS. These allow you to configure which fields from Libre are pulled into device information in Unimus.


Other features and new device type support

Minor features such as the obligatory NetXMS client library update, improved built-in backup filters, UI/UX touch-ups and Zone support hot-fix for APIv2 come included in the 2.4.0 package.

23 new device types joined the list of devices supported by Unimus in this release. Full Changelog below for more info.


Fixes of various shape and form

Wouldn't be a major release without a healthy dose of bug fixes. One to mention is Remote Core connections could be seen as up, even after they were closed, which prevented the same Remote Core to reconnect.

One security fix applied involved read-only users being able to add a new Zone.


Finally, here is the full 2.4.0 Changelog:

= Version 2.4.0 =
Features:
  Updated NetXMS client library to latest version (4.4.4)
  Added filtering of log messages inside Cisco SMB switch backups
  Added a built-in backup filter for new timestamp format in MikroTik RouterOS v7.10
  Improved built-in backup filters for newer versions of Ubiquiti EdgeSwitch X
  Improved handling of errors for Zones which use a NetXMS Agent as the Zone's proxy
  Added possibility to search by Credential Type in "Credentials > Device credentials" table
  Various minor UI and UX fixes and improvements
  Added support for devices which don't respond to the "none" SSH auth method
  Improved login banner recognition logic, more banner types are now supported
  If a DNS lookup for a device hostname fails, this will now be reported as an exact job failure reason
  Added support for session restoration prompts after login (for example on Cisco ISE)
  Added support for CLIs which don't echo the "?" when receiving commands like "show ?"
  Added the option to override the SSH version validation timeout (new "unimus.core.ssh-version-validation-timeout" setting)
  Added support for multi-partition backup on F5 devices
  Added support for all possible formats of user and root prompts in OPNsense
  Added support for output termination in newer versions of VyOS
  Added support for Cisco SMB switches which don't report their model on the CLI
  Added support for Linux shell login on netElastic vBGN
  Added support for output termination in paged output on netElastic vBGN
  Improved support for Adtran NetVanta devices
  Improved support for logins to JunOS in BSD mode
  Improved handling of quoted strings on MikroTik RouterOS v7
  Added support for paginated output on RAD devices
  Added support for backup multipliers in the Cisco WLC driver
  Improvements to the CLI mode change algorithm (better handling of specific edge cases)
  Improved handling of error messages when Unimus config file is missing

  Config Push modifiers were improved and reworked:
    - modifier syntax was changed to a "$(modifier-name yes/no)" format
    - enforced modifier and action positions within a line
    - added support for new modifiers "fail-on-error", "wait-echo" and their opposites (yes/no)
    - added support for a "delay" action, which simply waits for a specified time
    - all existing Config Push presets should be migrated to the new syntax automatically
    - full documentation: https://wiki.unimus.net/display/UNPUB/Mass+Config+Push

  Major improvements to NMS Sync:
    - devices no longer present in NMS can now be automatically Unmanaged / Deleted in Unimus
    - improved tracking of which local device corresponds to which NMS device, allowing to move devices locally when they are moved in the NMS
    - if a device is not found locally in the target Zone, you can now specify if Unimus looks for a candidate to move into the Zone, or creates a new device
    - allow specifying what scope Unimus searches in for move candidates when trying to move devices across Zones
    - fixed multiple issues that arose in setups where multiple NMSes were being imported from into the same Zone
    - more info at https://blog.unimus.net/new-nms-sync-logic-2-4-0/

  Improvements to the Zabbix NMS Sync connector:
    - added support for importing from Templates and Tags on top of existing options
    - introduced new prefixes for various import sources
    - existing Sync Presets should be migrated automatically, and continue working as expected
    - full documentation: https://wiki.unimus.net/display/UNPUB/Zabbix+importer

  Improvements to the LibreNMS NMS Sync connector:
    - added "Address field priority" selector, allowing to specify how Unimus pulls device addresses from Libre
    - added "Description field priority" selectors, allowing to specify how Unimus pulls device descriptions from Libre

  APIv2 improvements:
    - add optional query param to select zone for the "findByAddress" endpoint at "api/v2/devices/"
    - add option to specify Zone for the "createDevice" endpoint at "api/v2/devices"
    - add option to specify Managed State for the "createDevice" endpoint at "api/v2/devices"
    - add option to specify Managed State for multiple GET and UPDATE endpoints at "api/v2/devices"

  APIv3 improvements:
    - added possibility to search by "usedByDevices", "boundToDevices" and "credentialsTypes" in "api/v3/credentials" endpoint

  Added support for:
    - Adtran NetVanta chassis
    - ADVA FSP 1xx series
    - AricentOS devices
    - more variants of the Aruba Mobility Controller
    - Calix AXOS
    - Calix E7-2
    - Cambium cnPilot
    - Casa vCCAP
    - Cisco Catalyst 1200 series switches
    - Cisco ISE
    - ComNet Switches (based on CNGE11FX3TX8MS)
    - EdgeCore 7316
    - EdgeCore CSR320
    - Ericsson IPOS (SSR series)
    - Ericsson SGSN
    - F5 multi-partition
    - Grandstream GWN7800 series switches
    - improved netElastic vBGN support
    - Opengear Operations Manager
    - Radware Alteon
    - Ruckus vSZ-D
    - Ruckus vSZ-E
    - TRENDnet TI switches
    - Westermo L110
    - Westermo Lynx-5512
    - Westermo RedFox-5728
    - Westermo WeOS

Fixes:
  Fixed inter-connection delay was not applied for Telnet service availability check
  Fixed logs present in backups on Cisco SMB switches (would trigger new change-points and change notifications on every backup)
  Fixed NMS Sync from Zabbix versions 6.2.1 and newer within 6.2 was not working (6.4 and older than 6.2 worked properly)
  Fixed for Zones which use a NetXMS Agent as a proxy all tasks within a job would fail if a single tasks failed
  Fixed inter-connection delay was not applied for NetXMS TCP proxy connections
  Fixed elements in combo box sometimes appearing multiple times in multiple screens across the application
  Fixed elements in combo box sometimes missing in multiple screens across the application
  Fixed beginning of lines could be truncated in diff the view on specific browser configurations
  Fixed reporting wrong Last Job Status for unmanaged devices over API (multiple APIv2 "/devices" endpoints)
  Fixed attempting to input a very long FQDN into the DB address during the Deploy Wizard was not possible
  Fixed Credential usage could be counted twice if a credential was used for both for SSH and Telnet (Credential > Usage screen)
  Fixed CLI Mode Change password usage could be counted twice if a credential was used for both for SSH and Telnet (Credential > Usage screen)
  Fixed an error that could occur if you switched screens while multiple popup windows were opened
  Fixed the possibility to input extremely long strings into dropdowns, which would eventually trigger an error
  Fixed Config Push triggered via API with an empty device ID string would create a wrong entry in Push results
  Fixed Delete Push Job History retention job was not re-scheduled when default schedule is changed
  Fixed issues with Config Push presets being deleted while they were opened in another browser window
  Fixed various minor UI and UX issues and inconsistencies
  Fixed jobs using Telnet could randomly fail
  Fixed login to devices could fail if certain login banners were used
  Fixed Remote Core would not be able to reconnect to the Server in specific cases
  Fixed Remote Core connections could be considered still alive even after the connection was closed
  Fixed jobs on Cambium 450i would always fail
  Fixed jobs on newer versions of VyOS failing
  Fixed login failing on specific Palo Alto devices
  Fixed specific commands on Aruba Mobility Controller (ArubaMM) could cause a Config Push to fail
  Fixed backups could fail on Cisco WLC under heavy load, or with very large configs
  Fixed jobs on specific Moxa switch types could randomly fail
  Fixed jobs on specific RAD devices would fail
  Fixed jobs on specific Adtran NetVanta devices would fail
  Fixed discovery failing on OPNsense with specific account and shell type combinations
  Fixed discovery would fail on JunOS devices with specific BSD prompt format
  Fixed discovery would fail for specific versions of the Aruba Mobility Controller
  Fixed sporadic config change notifications on MikroTik RouterOS v7

Security fixes:
  Fixed read-only users could add a new Zone
  Fixed Credentials and CLI Mode change passwords could be printed to the log file in cleartext on specific API calls

Embedded Core version:
  2.4.0

Migration warnings:
  On MikroTik RouterOS v7, you can get a single config change notification due to changes in how quoted strings
  are handled in our ROSv7 driver. This config change should only happen on the first backup job after upgrade
  and can be ignored.