Release v1.3.2

Twiddle ssh auth, use password before --key-file flag before homedir before agent
Release v1.3.1
2025-07-13 22:23:20 +02:00 · 2025-07-13 22:21:27 +02:00 · 2025-07-07 09:10:08 +02:00 · 2025-07-07 09:06:20 +02:00 · 2025-07-07 09:02:41 +02:00 · 2025-07-07 01:11:49 +02:00
6 changed files with 155 additions and 48 deletions
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,26 @@
+ipng-router-backup (1.3.2) stable; urgency=low
+
+  * Fix --key-file authentication priority issue
+  * Prioritize explicit key file over SSH agent authentication
+
+ -- Pim van Pelt <pim@ipng.ch>  Sun, 13 Jul 2025 23:30:00 +0100
+
+ipng-router-backup (1.3.1) stable; urgency=low
+
+  * Fix golangci-lint issues, replace deprecated io/ioutil
+  * Add SSH key error messages with hostname prefix
+  * Independently validate sshkey, agent auth and password methods
+
+ -- Pim van Pelt <pim@ipng.ch>  Sun, 07 Jul 2025 23:30:00 +0100
+
+ipng-router-backup (1.3.0) stable; urgency=low
+
+  * Add --parallel flag for concurrent device processing (default: 10)
+  * Implement worker pool pattern for much faster multi-device backups
+  * Maintain atomic file operations and error handling in parallel mode
+
+ -- Pim van Pelt <pim@ipng.ch>  Sun, 07 Jul 2025 23:00:00 +0100
+
 ipng-router-backup (1.2.4) stable; urgency=low

  * Add regex exclude patterns to filter unwanted output lines per device type
--- a/docs/DETAILS.md
+++ b/docs/DETAILS.md
@@ -142,6 +142,7 @@ types:
 - **`--password`**: SSH password
 - **`--key-file`**: SSH private key file path
 - **`--port`**: SSH port (default: `22`)
+- **`--parallel`**: Maximum number of devices to process in parallel (default: `10`)

 ### Examples

@@ -160,6 +161,9 @@ ipng-router-backup --yaml config.yaml --output-dir /backup/network

 # With password authentication
 ipng-router-backup --yaml config.yaml --password mypassword
+
+# Process more devices in parallel
+ipng-router-backup --yaml config.yaml --parallel 20
 ```

 ## SSH Authentication
--- a/docs/ipng-router-backup.1
+++ b/docs/ipng-router-backup.1
@@ -35,6 +35,9 @@ SSH port number (default: 22)
 .BR --host " \fIHOSTNAME\fR"
 Specific host(s) or glob patterns to process (can be repeated, processes all if not specified)
 .TP
+.BR --parallel " \fINUMBER\fR"
+Maximum number of devices to process in parallel (default: 10)
+.TP
 .BR --help
 Show help message
 .SH CONFIGURATION
@@ -98,6 +101,11 @@ Process hosts matching patterns:
 .EX
 ipng-router-backup --yaml config.yaml --host "asw*" --host "*switch*"
 .EE
+.TP
+Process devices in parallel:
+.EX
+ipng-router-backup --yaml config.yaml --parallel 20
+.EE
 .SH FILES
 .TP
 .I /etc/ipng-router-backup/config.yaml.example
--- a/src/config.go
+++ b/src/config.go
@@ -4,7 +4,7 @@ package main

 import (
 	"fmt"
-	"io/ioutil"
+	"os"

 	"dario.cat/mergo"
 	"gopkg.in/yaml.v3"
@@ -29,7 +29,7 @@ type Device struct {
 }

 func readYAMLFile(path string) (map[string]interface{}, error) {
-	data, err := ioutil.ReadFile(path)
+	data, err := os.ReadFile(path)
 	if err != nil {
 		return nil, err
 	}
--- a/src/main.go
+++ b/src/main.go
@@ -7,19 +7,34 @@ import (
 	"log"
 	"os"
 	"path/filepath"
+	"sync"

 	"github.com/spf13/cobra"
 )

-const Version = "1.2.4"
+const Version = "1.3.2"

-// Config and SSH types are now in separate packages
+func processDevice(hostname string, deviceConfig Device, commands []string, excludePatterns []string, password, keyFile string, port int, outputDir string) bool {
+	// Create backup instance
+	backup := NewRouterBackup(hostname, deviceConfig.Address, deviceConfig.User, password, keyFile, port)

-// SSH connection methods are now in ssh.go
+	// Connect and backup
+	if err := backup.Connect(); err != nil {
+		fmt.Printf("%s: Failed to connect: %v\n", hostname, err)
+		return false
+	}

-// YAML processing is now handled by the config package
+	err := backup.BackupCommands(commands, excludePatterns, outputDir)
+	backup.Disconnect()

-// SSH helper functions are now in ssh.go
+	if err != nil {
+		fmt.Printf("%s: Backup failed: %v\n", hostname, err)
+		return false
+	} else {
+		fmt.Printf("%s: Backup completed\n", hostname)
+		return true
+	}
+}

 func main() {
 	var yamlFiles []string
@@ -28,6 +43,7 @@ func main() {
 	var port int
 	var outputDir string
 	var hostFilter []string
+	var parallel int

 	var rootCmd = &cobra.Command{
 		Use:     "ipng-router-backup",
@@ -57,17 +73,27 @@ func main() {
 			}

 			// Check authentication setup
-			if password == "" && keyFile == "" {
-				if os.Getenv("SSH_AUTH_SOCK") != "" {
-					fmt.Println("Using SSH agent for authentication")
-				} else {
-					keyFile = findDefaultSSHKey()
-					if keyFile == "" {
-						log.Fatal("No SSH key found and no password provided")
-					} else {
-						fmt.Printf("Using SSH key: %s\n", keyFile)
-					}
+			hasAuth := 0
+			if os.Getenv("SSH_AUTH_SOCK") != "" {
+				fmt.Println("Using SSH agent for authentication")
+				hasAuth++
+			}
+			if keyFile == "" {
+				keyFile = findDefaultSSHKey()
+				if keyFile != "" {
+					fmt.Printf("Using SSH key: %s\n", keyFile)
+					hasAuth++
 				}
+			} else {
+				fmt.Printf("Using specified SSH key: %s\n", keyFile)
+				hasAuth++
+			}
+			if password != "" {
+				fmt.Println("Using --password for authentication")
+				hasAuth++
+			}
+			if hasAuth == 0 {
+				log.Fatal("No authentication mechanisms found.")
 			}

 			// Process devices
@@ -93,12 +119,41 @@ func main() {
 				}
 			}

-			successCount := 0
 			totalCount := len(devicesToProcess)

-			for hostname, deviceConfig := range devicesToProcess {
-				fmt.Printf("\n%s: Processing device (type: %s)\n", hostname, deviceConfig.Type)
+			// Create channels for work distribution and result collection
+			type DeviceWork struct {
+				hostname        string
+				deviceConfig    Device
+				commands        []string
+				excludePatterns []string
+			}

+			type DeviceResult struct {
+				hostname string
+				success  bool
+			}
+
+			workChan := make(chan DeviceWork, totalCount)
+			resultChan := make(chan DeviceResult, totalCount)
+
+			// Start worker pool
+			var wg sync.WaitGroup
+			for i := 0; i < parallel; i++ {
+				wg.Add(1)
+				go func() {
+					defer wg.Done()
+					for work := range workChan {
+						fmt.Printf("%s: Processing device (type: %s)\n", work.hostname, work.deviceConfig.Type)
+
+						success := processDevice(work.hostname, work.deviceConfig, work.commands, work.excludePatterns, password, keyFile, port, outputDir)
+						resultChan <- DeviceResult{hostname: work.hostname, success: success}
+					}
+				}()
+			}
+
+			// Queue all work
+			for hostname, deviceConfig := range devicesToProcess {
 				user := deviceConfig.User
 				commands := deviceConfig.Commands
 				deviceType := deviceConfig.Type
@@ -122,27 +177,30 @@ func main() {
 					continue
 				}

-				// Create backup instance
-				backup := NewRouterBackup(hostname, deviceConfig.Address, user, password, keyFile, port)
-
-				// Connect and backup
-				if err := backup.Connect(); err != nil {
-					fmt.Printf("%s: Failed to connect: %v\n", hostname, err)
-					continue
+				workChan <- DeviceWork{
+					hostname:        hostname,
+					deviceConfig:    deviceConfig,
+					commands:        commands,
+					excludePatterns: excludePatterns,
 				}
+			}
+			close(workChan)

-				err = backup.BackupCommands(commands, excludePatterns, outputDir)
-				backup.Disconnect()
+			// Wait for all workers to finish
+			go func() {
+				wg.Wait()
+				close(resultChan)
+			}()

-				if err != nil {
-					fmt.Printf("%s: Backup failed: %v\n", hostname, err)
-				} else {
-					fmt.Printf("%s: Backup completed\n", hostname)
+			// Collect results
+			successCount := 0
+			for result := range resultChan {
+				if result.success {
 					successCount++
 				}
 			}

-			fmt.Printf("\nOverall summary: %d/%d devices processed successfully\n", successCount, totalCount)
+			fmt.Printf("Overall summary: %d/%d devices processed successfully\n", successCount, totalCount)

 			// Set exit code based on results
 			if successCount == 0 {
@@ -160,8 +218,11 @@ func main() {
 	rootCmd.Flags().IntVar(&port, "port", 22, "SSH port")
 	rootCmd.Flags().StringVar(&outputDir, "output-dir", "/tmp", "Output directory for command output files")
 	rootCmd.Flags().StringSliceVar(&hostFilter, "host", []string{}, "Specific host(s) to process (can be repeated, processes all if not specified)")
+	rootCmd.Flags().IntVar(&parallel, "parallel", 10, "Maximum number of devices to process in parallel")

-	rootCmd.MarkFlagRequired("yaml")
+	if err := rootCmd.MarkFlagRequired("yaml"); err != nil {
+		log.Fatal(err)
+	}

 	if err := rootCmd.Execute(); err != nil {
 		log.Fatal(err)
--- a/src/ssh.go
+++ b/src/ssh.go
@@ -4,7 +4,6 @@ package main

 import (
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@@ -104,11 +103,6 @@ func (rb *RouterBackup) Connect() error {
 		config.KeyExchanges = finalAlgorithms
 	}

-	// Note: Cipher overrides disabled - Go SSH library defaults work better
-	// if ciphers := ssh_config.Get(rb.hostname, "Ciphers"); ciphers != "" {
-	//	 config.Ciphers = ...
-	// }
-
 	if macs := ssh_config.Get(rb.hostname, "MACs"); macs != "" {
 		macList := strings.Split(macs, ",")
 		for i, mac := range macList {
@@ -127,15 +121,19 @@ func (rb *RouterBackup) Connect() error {
 		config.HostKeyAlgorithms = finalAlgorithms
 	}

-	// Try SSH agent first if available
+	// If explicit key file is provided, prioritize it over SSH agent
+	var keyFileAuth ssh.AuthMethod
+	var agentAuth ssh.AuthMethod
+
+	// Try SSH agent if available (but don't add to config.Auth yet)
 	if sshAuthSock := os.Getenv("SSH_AUTH_SOCK"); sshAuthSock != "" {
 		if conn, err := net.Dial("unix", sshAuthSock); err == nil {
 			agentClient := agent.NewClient(conn)
-			config.Auth = []ssh.AuthMethod{ssh.PublicKeysCallback(agentClient.Signers)}
+			agentAuth = ssh.PublicKeysCallback(agentClient.Signers)
 		}
 	}

-	// If SSH agent didn't work, try key file
+	// Try key file
 	if keyFile != "" {
 		// Expand ~ in keyFile path
 		if strings.HasPrefix(keyFile, "~/") {
@@ -145,17 +143,27 @@ func (rb *RouterBackup) Connect() error {
 			}
 		}

-		key, err := ioutil.ReadFile(keyFile)
+		key, err := os.ReadFile(keyFile)
 		if err == nil {
 			signer, err := ssh.ParsePrivateKey(key)
 			if err != nil {
-				fmt.Errorf("unable to parse private key: %v", err)
+				fmt.Printf("%s: Unable to parse private key: %v\n", rb.hostname, err)
 			} else {
-				config.Auth = append(config.Auth, ssh.PublicKeys(signer))
+				keyFileAuth = ssh.PublicKeys(signer)
 			}
 		}
 	}

+	// Prioritize auth methods: explicit key file first, then SSH agent
+	if keyFileAuth != nil {
+		config.Auth = []ssh.AuthMethod{keyFileAuth}
+		if agentAuth != nil {
+			config.Auth = append(config.Auth, agentAuth)
+		}
+	} else if agentAuth != nil {
+		config.Auth = []ssh.AuthMethod{agentAuth}
+	}
+
 	// Fall back to password if available
 	if rb.password != "" {
 		config.Auth = append(config.Auth, ssh.Password(rb.password))
@@ -268,7 +276,10 @@ func (rb *RouterBackup) BackupCommands(commands []string, excludePatterns []stri

 		fmt.Fprintf(file, "## COMMAND: %s\n", command)
 		filteredOutput := filterOutput(output, excludePatterns)
-		file.WriteString(filteredOutput)
+		if _, err := file.WriteString(filteredOutput); err != nil {
+			fmt.Printf("%s: Failed to write output: %v\n", rb.hostname, err)
+			hasErrors = true
+		}
 		file.Close()

 		successCount++
Author	SHA1	Message	Date
Pim van Pelt	57fc8d3630	Release v1.3.2	2025-07-13 22:23:20 +02:00
Pim van Pelt	64212fce8c	Twiddle ssh auth, use password before --key-file flag before homedir before agent	2025-07-13 22:21:27 +02:00
Pim van Pelt	83797aaa34	Release v1.3.1	2025-07-07 09:10:08 +02:00
Pim van Pelt	3da4de7711	Fix lint errors, ensure errors start with 'hostname:'	2025-07-07 09:06:20 +02:00
Pim van Pelt	9a2264e867	Remove old comments; Count auth mechanisms independently	2025-07-07 09:02:41 +02:00
Pim van Pelt	6c1993282c	Release v1.3.0	2025-07-07 01:11:49 +02:00
Pim van Pelt	53c7bca43e	Add parallelism	2025-07-07 01:08:42 +02:00