From 747a2b15e5e0e7dbeb43c4b451dec706a34f9ad5 Mon Sep 17 00:00:00 2001 From: lmiranda Date: Fri, 30 Jan 2026 17:21:21 -0500 Subject: [PATCH] refactor(cmdb-assistant): extract skills and slim commands - Extract 9 skill files from command knowledge: - mcp-tools-reference.md: Complete NetBox MCP tools reference - system-discovery.md: Bash commands for system info gathering - device-registration.md: Device registration workflow - sync-workflow.md: Machine sync process - audit-workflow.md: Data quality audit checks - ip-management.md: IP/prefix management and conflict detection - topology-generation.md: Mermaid diagram generation - change-audit.md: NetBox change audit workflow - visual-header.md: Standard visual header pattern - Slim all 11 commands to under 60 lines: - cmdb-sync.md: 348 -> 57 lines - cmdb-register.md: 334 -> 51 lines - ip-conflicts.md: 238 -> 58 lines - cmdb-audit.md: 207 -> 58 lines - cmdb-topology.md: 194 -> 54 lines - initial-setup.md: 176 -> 74 lines - change-audit.md: 175 -> 57 lines - cmdb-site.md: 68 -> 50 lines - cmdb-ip.md: 65 -> 52 lines - cmdb-device.md: 64 -> 55 lines - cmdb-search.md: 46 lines (unchanged) - Update agent to reference skills for best practices - Preserve existing netbox-patterns skill Co-Authored-By: Claude Opus 4.5 --- .../cmdb-assistant/agents/cmdb-assistant.md | 193 ++-------- .../cmdb-assistant/commands/change-audit.md | 160 ++------ plugins/cmdb-assistant/commands/cmdb-audit.md | 201 ++-------- .../cmdb-assistant/commands/cmdb-device.md | 47 +-- plugins/cmdb-assistant/commands/cmdb-ip.md | 61 ++- .../cmdb-assistant/commands/cmdb-register.md | 327 ++-------------- plugins/cmdb-assistant/commands/cmdb-site.md | 60 ++- plugins/cmdb-assistant/commands/cmdb-sync.md | 349 ++---------------- .../cmdb-assistant/commands/cmdb-topology.md | 184 ++------- .../cmdb-assistant/commands/initial-setup.md | 192 +++------- .../cmdb-assistant/commands/ip-conflicts.md | 228 ++---------- plugins/cmdb-assistant/hooks/hooks.json | 8 +- .../cmdb-assistant/skills/audit-workflow.md | 163 ++++++++ plugins/cmdb-assistant/skills/change-audit.md | 130 +++++++ .../skills/device-registration.md | 177 +++++++++ .../cmdb-assistant/skills/ip-management.md | 162 ++++++++ .../skills/mcp-tools-reference.md | 281 ++++++++++++++ .../cmdb-assistant/skills/sync-workflow.md | 191 ++++++++++ .../cmdb-assistant/skills/system-discovery.md | 101 +++++ .../skills/topology-generation.md | 155 ++++++++ .../cmdb-assistant/skills/visual-header.md | 32 ++ 21 files changed, 1690 insertions(+), 1712 deletions(-) create mode 100644 plugins/cmdb-assistant/skills/audit-workflow.md create mode 100644 plugins/cmdb-assistant/skills/change-audit.md create mode 100644 plugins/cmdb-assistant/skills/device-registration.md create mode 100644 plugins/cmdb-assistant/skills/ip-management.md create mode 100644 plugins/cmdb-assistant/skills/mcp-tools-reference.md create mode 100644 plugins/cmdb-assistant/skills/sync-workflow.md create mode 100644 plugins/cmdb-assistant/skills/system-discovery.md create mode 100644 plugins/cmdb-assistant/skills/topology-generation.md create mode 100644 plugins/cmdb-assistant/skills/visual-header.md diff --git a/plugins/cmdb-assistant/agents/cmdb-assistant.md b/plugins/cmdb-assistant/agents/cmdb-assistant.md index 7fb3b13..f091371 100644 --- a/plugins/cmdb-assistant/agents/cmdb-assistant.md +++ b/plugins/cmdb-assistant/agents/cmdb-assistant.md @@ -1,21 +1,20 @@ # CMDB Assistant Agent -You are an infrastructure management assistant specialized in NetBox CMDB operations. You help users query, document, and manage their network infrastructure. +You are an infrastructure management assistant specialized in NetBox CMDB operations. -## Visual Output Requirements +## Skills to Load -**MANDATORY: Display header at start of every response.** +- `skills/visual-header.md` +- `skills/netbox-patterns/SKILL.md` +- `skills/mcp-tools-reference.md` -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · Infrastructure Management │ -└──────────────────────────────────────────────────────────────────┘ -``` +## Visual Output + +Execute `skills/visual-header.md` with context "Infrastructure Management". ## Capabilities -You have full access to NetBox via MCP tools covering: - +Full access to NetBox via MCP tools covering: - **DCIM**: Sites, locations, racks, devices, interfaces, cables, power - **IPAM**: IP addresses, prefixes, VLANs, VRFs, ASNs, services - **Circuits**: Providers, circuits, terminations @@ -29,183 +28,66 @@ You have full access to NetBox via MCP tools covering: ### Query Operations - Start with list operations to find objects -- Use filters to narrow results (name, status, site_id, etc.) -- Follow up with get operations for detailed information -- Present results in clear, organized format +- Use filters to narrow results +- Follow up with get operations for details ### Create Operations -- Always confirm required fields with user before creating -- Look up related object IDs (device_type, role, site) first -- Provide the created object details after success -- Suggest follow-up actions (add interfaces, assign IPs, etc.) +- Confirm required fields before creating +- Look up related object IDs first +- Suggest follow-up actions after success ### Update Operations - Show current values before updating - Confirm changes with user -- Report what was changed after success ### Delete Operations -- ALWAYS ask for explicit confirmation before deleting -- Show what will be deleted -- Warn about dependent objects that may be affected - -## Common Workflows - -### Document a New Server -1. Create device with `dcim_create_device` -2. Add interfaces with `dcim_create_interface` -3. Assign IPs with `ipam_create_ip_address` -4. Add journal entry with `extras_create_journal_entry` - -### Allocate IP Space -1. Find available prefixes with `ipam_list_available_prefixes` -2. Create prefix with `ipam_create_prefix` or `ipam_create_available_prefix` -3. Allocate IPs with `ipam_create_available_ip` - -### Audit Infrastructure -1. List recent changes with `extras_list_object_changes` -2. Review devices by site with `dcim_list_devices` -3. Check IP utilization with prefix operations - -### Cable Management -1. List interfaces with `dcim_list_interfaces` -2. Create cable with `dcim_create_cable` -3. Verify connectivity - -## Response Format - -When presenting data: -- Use tables for lists -- Highlight key fields (name, status, IPs) -- Include IDs for reference in follow-up operations -- Suggest next steps when appropriate - -## Error Handling - -- If an operation fails, explain why clearly -- Suggest corrective actions -- For permission errors, note what access is needed -- For validation errors, explain required fields/formats +- ALWAYS ask for explicit confirmation +- Warn about dependent objects ## Data Quality Validation -**IMPORTANT:** Load the `netbox-patterns` skill for best practice reference. +Reference `skills/netbox-patterns/SKILL.md` for best practices: -Before ANY create or update operation, validate against NetBox best practices: +### Before VM Operations +1. Cluster/Site assignment required +2. Recommend tenant if not provided +3. Check naming convention -### VM Operations +### Before Device Operations +1. Site is REQUIRED +2. Recommend platform +3. Check naming convention +4. Offer to set primary IP after creation -**Required checks before `virt_create_vm` or `virt_update_vm`:** +### Before Creating Roles +1. List existing roles first +2. Recommend consolidation if >10 specific roles -1. **Cluster/Site Assignment** - VMs must have either cluster or site -2. **Tenant Assignment** - Recommend if not provided -3. **Platform Assignment** - Recommend for OS tracking -4. **Naming Convention** - Check against `{env}-{app}-{number}` pattern -5. **Role Assignment** - Recommend appropriate role - -**If user provides no site/tenant, ASK:** - -> "This VM has no site or tenant assigned. NetBox best practices recommend: -> - **Site**: For location-based queries and power budgeting -> - **Tenant**: For resource isolation and ownership tracking -> -> Would you like me to: -> 1. Assign to an existing site/tenant (list available) -> 2. Create new site/tenant first -> 3. Proceed without (not recommended for production use)" - -### Device Operations - -**Required checks before `dcim_create_device` or `dcim_update_device`:** - -1. **Site is REQUIRED** - Fail without it -2. **Platform Assignment** - Recommend for OS tracking -3. **Naming Convention** - Check against `{role}-{location}-{number}` pattern -4. **Role Assignment** - Ensure appropriate role selected -5. **After Creation** - Offer to set primary IP - -### Cluster Operations - -**Required checks before `virt_create_cluster`:** - -1. **Site Scope** - Recommend assigning to site -2. **Cluster Type** - Ensure appropriate type selected -3. **Device Association** - Recommend linking to host device - -### Role Management - -**Before creating a new device role:** - -1. List existing roles with `dcim_list_device_roles` -2. Check if a more general role already exists -3. Recommend role consolidation if >10 specific roles exist - -**Example guidance:** - -> "You're creating role 'nginx-web-server'. An existing 'web-server' role exists. -> Consider using 'web-server' and tracking nginx via the platform field instead. -> This reduces role fragmentation and improves maintainability." - -## Dependency Order Enforcement - -When creating multiple objects, follow this order: +## Dependency Order +Follow order from `skills/netbox-patterns/SKILL.md`: ``` -1. Regions → Sites → Locations → Racks -2. Tenant Groups → Tenants -3. Manufacturers → Device Types +1. Regions -> Sites -> Locations -> Racks +2. Tenant Groups -> Tenants +3. Manufacturers -> Device Types 4. Device Roles, Platforms 5. Devices (with site, role, type) 6. Clusters (with type, optional site) 7. VMs (with cluster) -8. Interfaces → IP Addresses → Primary IP assignment +8. Interfaces -> IP Addresses -> Primary IP ``` -**CRITICAL Rules:** -- NEVER create a VM before its cluster exists -- NEVER create a device before its site exists -- NEVER create an interface before its device exists -- NEVER create an IP before its interface exists (if assigning) - -## Naming Convention Enforcement - -When user provides a name, check against patterns: - -| Object Type | Pattern | Example | -|-------------|---------|---------| -| Device | `{role}-{site}-{number}` | `web-dc1-01` | -| VM | `{env}-{app}-{number}` or `{prefix}_{service}` | `prod-api-01` | -| Cluster | `{site}-{type}` | `dc1-vmware`, `home-docker` | -| Prefix | Include purpose in description | "Production /24 for web tier" | - -**If name doesn't match patterns, warn:** - -> "The name 'HotServ' doesn't follow naming conventions. -> Suggested: `prod-hotserv-01` or `hotserv-cloud-01`. -> Consistent naming improves searchability and automation compatibility. -> Proceed with original name? [Y/n]" - ## Duplicate Prevention -Before creating objects, always check for existing duplicates: - +Before creating, check for existing: ``` -# Before creating device dcim_list_devices name= - -# Before creating VM virt_list_vms name= - -# Before creating prefix ipam_list_prefixes prefix= ``` -If duplicate found, inform user and suggest update instead of create. - ## Available Commands -Users can invoke these commands for structured workflows: - | Command | Purpose | |---------|---------| | `/cmdb-search ` | Search across all CMDB objects | @@ -215,3 +97,6 @@ Users can invoke these commands for structured workflows: | `/cmdb-audit [scope]` | Data quality analysis | | `/cmdb-register` | Register current machine | | `/cmdb-sync` | Sync machine state with NetBox | +| `/cmdb-topology ` | Generate infrastructure diagrams | +| `/change-audit [filters]` | Audit NetBox changes | +| `/ip-conflicts [scope]` | Detect IP conflicts | diff --git a/plugins/cmdb-assistant/commands/change-audit.md b/plugins/cmdb-assistant/commands/change-audit.md index 1c4de44..83636f9 100644 --- a/plugins/cmdb-assistant/commands/change-audit.md +++ b/plugins/cmdb-assistant/commands/change-audit.md @@ -4,20 +4,14 @@ description: Audit NetBox changes with filtering by date, user, or object type # CMDB Change Audit -## Visual Output - -When executing this command, display the plugin header: - -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · Change Audit │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the audit. - Query and analyze the NetBox audit log for change tracking and compliance. +## Skills to Load + +- `skills/visual-header.md` +- `skills/change-audit.md` +- `skills/mcp-tools-reference.md` + ## Usage ``` @@ -33,142 +27,30 @@ Query and analyze the NetBox audit log for change tracking and compliance. ## Instructions -You are a change auditor that queries NetBox's object change log and generates audit reports. +Execute `skills/visual-header.md` with context "Change Audit". -### MCP Tools +Execute `skills/change-audit.md` which covers: +1. Parse user request for filters +2. Query object changes via MCP +3. Enrich data with detailed records +4. Analyze patterns +5. Generate report -Use these tools to query the audit log: - -- `extras_list_object_changes` - List changes with filters: - - `user_id` - Filter by user ID - - `changed_object_type` - Filter by object type (e.g., "dcim.device", "ipam.ipaddress") - - `action` - Filter by action: "create", "update", "delete" - -- `extras_get_object_change` - Get detailed change record by ID - -### Common Object Types - -| Category | Object Types | -|----------|--------------| -| DCIM | `dcim.device`, `dcim.interface`, `dcim.site`, `dcim.rack`, `dcim.cable` | -| IPAM | `ipam.ipaddress`, `ipam.prefix`, `ipam.vlan`, `ipam.vrf` | -| Virtualization | `virtualization.virtualmachine`, `virtualization.cluster` | -| Tenancy | `tenancy.tenant`, `tenancy.contact` | - -### Workflow - -1. **Parse user request** to determine filters -2. **Query object changes** using `extras_list_object_changes` -3. **Enrich data** by fetching detailed records if needed -4. **Analyze patterns** in the changes -5. **Generate report** in structured format - -### Report Format - -```markdown -## NetBox Change Audit Report - -**Generated:** [timestamp] -**Period:** [date range or "All time"] -**Filters:** [applied filters] - -### Summary - -| Metric | Count | -|--------|-------| -| Total Changes | X | -| Creates | Y | -| Updates | Z | -| Deletes | W | -| Unique Users | N | -| Object Types | M | - -### Changes by Action - -#### Created Objects (Y) - -| Time | User | Object Type | Object | Details | -|------|------|-------------|--------|---------| -| 2024-01-15 14:30 | admin | dcim.device | server-01 | Created device | -| ... | ... | ... | ... | ... | - -#### Updated Objects (Z) - -| Time | User | Object Type | Object | Changed Fields | -|------|------|-------------|--------|----------------| -| 2024-01-15 15:00 | john | ipam.ipaddress | 10.0.1.50/24 | status, description | -| ... | ... | ... | ... | ... | - -#### Deleted Objects (W) - -| Time | User | Object Type | Object | Details | -|------|------|-------------|--------|---------| -| 2024-01-14 09:00 | admin | dcim.interface | eth2 | Removed from server-01 | -| ... | ... | ... | ... | ... | - -### Changes by User - -| User | Creates | Updates | Deletes | Total | -|------|---------|---------|---------|-------| -| admin | 5 | 10 | 2 | 17 | -| john | 3 | 8 | 0 | 11 | - -### Changes by Object Type - -| Object Type | Creates | Updates | Deletes | Total | -|-------------|---------|---------|---------|-------| -| dcim.device | 2 | 5 | 0 | 7 | -| ipam.ipaddress | 4 | 3 | 1 | 8 | - -### Timeline - -``` -2024-01-15: ████████ 8 changes -2024-01-14: ████ 4 changes -2024-01-13: ██ 2 changes -``` - -### Notable Patterns - -- **Bulk operations:** [Identify if many changes happened in short time] -- **Unusual activity:** [Flag unexpected deletions or after-hours changes] -- **Missing audit trail:** [Note if expected changes are not logged] - -### Recommendations - -1. [Any security or process recommendations based on findings] -``` - -### Time Period Handling - -When user specifies "last N days": -- The NetBox API may not have direct date filtering in `extras_list_object_changes` -- Fetch recent changes and filter client-side by the `time` field -- Note any limitations in the report - -### Enriching Change Details - -For detailed audit, use `extras_get_object_change` with the change ID to see: -- `prechange_data` - Object state before change -- `postchange_data` - Object state after change -- `request_id` - Links related changes in same request - -### Security Audit Mode +## Security Audit Mode If user asks for "security audit" or "compliance report": -1. Focus on deletions and permission-sensitive changes -2. Highlight changes to critical objects (firewalls, VRFs, prefixes) -3. Flag changes outside business hours -4. Identify users with high change counts +- Focus on deletions and permission-sensitive changes +- Highlight changes to critical objects (firewalls, VRFs, prefixes) +- Flag changes outside business hours +- Identify users with high change counts ## Examples -- `/change-audit` - Show recent changes (last 24 hours) -- `/change-audit last 7 days` - Changes in past week -- `/change-audit by admin` - All changes by admin user +- `/change-audit` - Recent changes (last 24 hours) +- `/change-audit last 7 days` - Past week +- `/change-audit by admin` - All changes by admin - `/change-audit type dcim.device` - Device changes only - `/change-audit action delete` - All deletions -- `/change-audit object server-01` - Changes to server-01 ## User Request diff --git a/plugins/cmdb-assistant/commands/cmdb-audit.md b/plugins/cmdb-assistant/commands/cmdb-audit.md index 0832484..67ff7f5 100644 --- a/plugins/cmdb-assistant/commands/cmdb-audit.md +++ b/plugins/cmdb-assistant/commands/cmdb-audit.md @@ -4,20 +4,15 @@ description: Audit NetBox data quality and identify consistency issues # CMDB Data Quality Audit -## Visual Output - -When executing this command, display the plugin header: - -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · Data Quality Audit │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the audit. - Analyze NetBox data for quality issues and best practice violations. +## Skills to Load + +- `skills/visual-header.md` +- `skills/audit-workflow.md` +- `skills/netbox-patterns/SKILL.md` +- `skills/mcp-tools-reference.md` + ## Usage ``` @@ -33,174 +28,30 @@ Analyze NetBox data for quality issues and best practice violations. ## Instructions -You are a data quality auditor for NetBox. Your job is to identify consistency issues and best practice violations. +Execute `skills/visual-header.md` with context "Data Quality Audit". -**IMPORTANT:** Load the `netbox-patterns` skill for best practice reference. +Execute `skills/audit-workflow.md` which covers: +1. Data collection via MCP +2. Quality checks by severity (CRITICAL, HIGH, MEDIUM, LOW) +3. Naming convention analysis +4. Role fragmentation analysis +5. Report generation with recommendations -### Phase 1: Data Collection +## Scope-Specific Focus -Run these MCP tool calls to gather data for analysis: +| Scope | Focus | +|-------|-------| +| `all` | Full audit across all categories | +| `vms` | Virtual Machine checks only | +| `devices` | Device checks only | +| `naming` | Naming convention analysis | +| `roles` | Role fragmentation analysis | -``` -1. virt_list_vms (no filters - get all) -2. dcim_list_devices (no filters - get all) -3. virt_list_clusters (no filters) -4. dcim_list_sites -5. tenancy_list_tenants -6. dcim_list_device_roles -7. dcim_list_platforms -``` +## Examples -Store the results for analysis. - -### Phase 2: Quality Checks - -Analyze collected data for these issues by severity: - -#### CRITICAL Issues (must fix immediately) - -| Check | Detection | -|-------|-----------| -| VMs without cluster | `cluster` field is null AND `site` field is null | -| Devices without site | `site` field is null | -| Active devices without primary IP | `status=active` AND `primary_ip4` is null AND `primary_ip6` is null | - -#### HIGH Issues (should fix soon) - -| Check | Detection | -|-------|-----------| -| VMs without site | VM has no site (neither direct nor via cluster.site) | -| VMs without tenant | `tenant` field is null | -| Devices without platform | `platform` field is null | -| Clusters not scoped to site | `site` field is null on cluster | -| VMs without role | `role` field is null | - -#### MEDIUM Issues (plan to address) - -| Check | Detection | -|-------|-----------| -| Inconsistent naming | Names don't match patterns: devices=`{role}-{site}-{num}`, VMs=`{env}-{app}-{num}` | -| Role fragmentation | More than 10 device roles with <3 assignments each | -| Missing tags on production | Active resources without any tags | -| Mixed naming separators | Some names use `_`, others use `-` | - -#### LOW Issues (informational) - -| Check | Detection | -|-------|-----------| -| Docker containers as VMs | Cluster type is "Docker Compose" - document this modeling choice | -| VMs without description | `description` field is empty | -| Sites without physical address | `physical_address` is empty | -| Devices without serial | `serial` field is empty | - -### Phase 3: Naming Convention Analysis - -For naming scope, analyze patterns: - -1. **Extract naming patterns** from existing objects -2. **Identify dominant patterns** (most common conventions) -3. **Flag outliers** that don't match dominant patterns -4. **Suggest standardization** based on best practices - -**Expected Patterns:** -- Devices: `{role}-{location}-{number}` (e.g., `web-dc1-01`) -- VMs: `{prefix}_{service}` or `{env}-{app}-{number}` (e.g., `prod-api-01`) -- Clusters: `{site}-{type}` (e.g., `home-docker`) - -### Phase 4: Role Analysis - -For roles scope, analyze fragmentation: - -1. **List all device roles** with assignment counts -2. **Identify single-use roles** (only 1 device/VM) -3. **Identify similar roles** that could be consolidated -4. **Suggest consolidation** based on patterns - -**Red Flags:** -- More than 15 highly specific roles -- Roles with technology in name (use platform instead) -- Roles that duplicate functionality - -### Phase 5: Report Generation - -Present findings in this structure: - -```markdown -## CMDB Data Quality Audit Report - -**Generated:** [timestamp] -**Scope:** [scope parameter] - -### Summary - -| Metric | Count | -|--------|-------| -| Total VMs | X | -| Total Devices | Y | -| Total Clusters | Z | -| **Total Issues** | **N** | - -| Severity | Count | -|----------|-------| -| Critical | A | -| High | B | -| Medium | C | -| Low | D | - -### Critical Issues - -[List each with specific object names and IDs] - -**Example:** -- VM `HotServ` (ID: 1) - No cluster or site assignment -- Device `server-01` (ID: 5) - No site assignment - -### High Issues - -[List each with specific object names] - -### Medium Issues - -[Grouped by category with counts] - -### Recommendations - -1. **[Most impactful fix]** - affects N objects -2. **[Second priority]** - affects M objects -... - -### Quick Fixes - -Commands to fix common issues: - -``` -# Assign site to VM -virt_update_vm id=X site=Y - -# Assign platform to device -dcim_update_device id=X platform=Y -``` - -### Next Steps - -- Run `/cmdb-register` to properly register new machines -- Use `/cmdb-sync` to update existing registrations -- Consider bulk updates via NetBox web UI for >10 items -``` - -## Scope-Specific Instructions - -### For `vms` scope: -Focus only on Virtual Machine checks. Skip device and role analysis. - -### For `devices` scope: -Focus only on Device checks. Skip VM and cluster analysis. - -### For `naming` scope: -Focus on naming convention analysis across all objects. Generate detailed pattern report. - -### For `roles` scope: -Focus on role fragmentation analysis. Generate consolidation recommendations. +- `/cmdb-audit` - Full audit +- `/cmdb-audit vms` - VM-specific checks +- `/cmdb-audit naming` - Naming conventions ## User Request diff --git a/plugins/cmdb-assistant/commands/cmdb-device.md b/plugins/cmdb-assistant/commands/cmdb-device.md index 42dd7e5..ccdc748 100644 --- a/plugins/cmdb-assistant/commands/cmdb-device.md +++ b/plugins/cmdb-assistant/commands/cmdb-device.md @@ -1,18 +1,11 @@ # CMDB Device Management -## Visual Output +Manage network devices in NetBox. -When executing this command, display the plugin header: +## Skills to Load -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · Device Management │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the operation. - -Manage network devices in NetBox - create, view, update, or delete. +- `skills/visual-header.md` +- `skills/mcp-tools-reference.md` ## Usage @@ -22,42 +15,40 @@ Manage network devices in NetBox - create, view, update, or delete. ## Instructions -You are a device management assistant with full CRUD access to NetBox devices. +Execute `skills/visual-header.md` with context "Device Management". ### Actions **List/View:** -- `list` or `show all` - List all devices using `dcim_list_devices` -- `show ` - Get device details using `dcim_list_devices` with name filter, then `dcim_get_device` -- `at ` - List devices at a specific site +- `list` or `show all` - List all devices: `dcim_list_devices` +- `show ` - Get device details: `dcim_get_device` +- `at ` - List devices at site **Create:** -- `create ` - Create a new device +- `create ` - Create new device - Required: name, device_type, role, site -- Use `dcim_list_device_types`, `dcim_list_device_roles`, `dcim_list_sites` to help user find IDs -- Then use `dcim_create_device` +- Use `dcim_list_device_types`, `dcim_list_device_roles`, `dcim_list_sites` to find IDs **Update:** - `update ` - Update device properties -- First get the device ID, then use `dcim_update_device` +- Get device ID first, then use `dcim_update_device` **Delete:** -- `delete ` - Delete a device (ask for confirmation first) -- Use `dcim_delete_device` +- `delete ` - Delete device (ask confirmation first) ### Related Operations After creating a device, offer to: -- Add interfaces with `dcim_create_interface` -- Assign IP addresses with `ipam_create_ip_address` -- Add to a rack with `dcim_update_device` +- Add interfaces: `dcim_create_interface` +- Assign IP addresses: `ipam_create_ip_address` +- Add to rack: `dcim_update_device` ## Examples -- `/cmdb-device list` - Show all devices -- `/cmdb-device show core-router-01` - Get details for specific device -- `/cmdb-device create web-server-03` - Create a new device -- `/cmdb-device at headquarters` - List devices at headquarters site +- `/cmdb-device list` +- `/cmdb-device show core-router-01` +- `/cmdb-device create web-server-03` +- `/cmdb-device at headquarters` ## User Request diff --git a/plugins/cmdb-assistant/commands/cmdb-ip.md b/plugins/cmdb-assistant/commands/cmdb-ip.md index f1826e7..751af23 100644 --- a/plugins/cmdb-assistant/commands/cmdb-ip.md +++ b/plugins/cmdb-assistant/commands/cmdb-ip.md @@ -1,19 +1,13 @@ # CMDB IP Management -## Visual Output - -When executing this command, display the plugin header: - -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · IP Management │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the operation. - Manage IP addresses and prefixes in NetBox. +## Skills to Load + +- `skills/visual-header.md` +- `skills/ip-management.md` +- `skills/mcp-tools-reference.md` + ## Usage ``` @@ -22,43 +16,36 @@ Manage IP addresses and prefixes in NetBox. ## Instructions -You are an IP address management (IPAM) assistant with access to NetBox. +Execute `skills/visual-header.md` with context "IP Management". + +Execute operations from `skills/ip-management.md`. ### Actions **Prefixes:** -- `prefixes` - List all prefixes using `ipam_list_prefixes` -- `prefix ` - Get prefix details or find prefix containing address -- `available in ` - Show available IPs in a prefix using `ipam_list_available_ips` -- `create prefix ` - Create new prefix using `ipam_create_prefix` +- `prefixes` - List all prefixes +- `prefix ` - Get prefix details +- `available in ` - Show available IPs +- `create prefix ` - Create new prefix **IP Addresses:** -- `list` - List all IP addresses using `ipam_list_ip_addresses` +- `list` - List all IP addresses - `show
` - Get IP details -- `allocate from ` - Auto-allocate next available IP using `ipam_create_available_ip` -- `create
` - Create specific IP using `ipam_create_ip_address` -- `assign to ` - Assign IP to device interface +- `allocate from ` - Auto-allocate next available +- `create
` - Create specific IP +- `assign to ` - Assign IP to interface -**VLANs:** -- `vlans` - List VLANs using `ipam_list_vlans` +**VLANs and VRFs:** +- `vlans` - List VLANs - `vlan ` - Get VLAN details - -**VRFs:** -- `vrfs` - List VRFs using `ipam_list_vrfs` - -### Workflow Examples - -**Allocate IP to new server:** -1. Find available IPs in target prefix -2. Create the IP address -3. Assign to device interface +- `vrfs` - List VRFs ## Examples -- `/cmdb-ip prefixes` - List all prefixes -- `/cmdb-ip available in 10.0.1.0/24` - Show available IPs -- `/cmdb-ip allocate from 10.0.1.0/24` - Get next available IP -- `/cmdb-ip assign 10.0.1.50/24 to web-server-01 eth0` - Assign IP to interface +- `/cmdb-ip prefixes` +- `/cmdb-ip available in 10.0.1.0/24` +- `/cmdb-ip allocate from 10.0.1.0/24` +- `/cmdb-ip assign 10.0.1.50/24 to web-server-01 eth0` ## User Request diff --git a/plugins/cmdb-assistant/commands/cmdb-register.md b/plugins/cmdb-assistant/commands/cmdb-register.md index 3cd4a1d..1e0fcdb 100644 --- a/plugins/cmdb-assistant/commands/cmdb-register.md +++ b/plugins/cmdb-assistant/commands/cmdb-register.md @@ -4,19 +4,15 @@ description: Register the current machine into NetBox with all running applicati # CMDB Machine Registration -## Visual Output +Register the current machine into NetBox, including hardware info, network interfaces, and running applications. -When executing this command, display the plugin header: +## Skills to Load -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · Machine Registration │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the registration. - -Register the current machine into NetBox, including hardware info, network interfaces, and running applications (Docker containers, services). +- `skills/visual-header.md` +- `skills/device-registration.md` +- `skills/system-discovery.md` +- `skills/netbox-patterns/SKILL.md` +- `skills/mcp-tools-reference.md` ## Usage @@ -31,303 +27,24 @@ Register the current machine into NetBox, including hardware info, network inter ## Instructions -You are registering the current machine into NetBox. This is a multi-phase process that discovers local system information and creates corresponding NetBox objects. - -**IMPORTANT:** Load the `netbox-patterns` skill for best practice reference. - -### Phase 1: System Discovery (via Bash) - -Gather system information using these commands: - -#### 1.1 Basic Device Info - -```bash -# Hostname -hostname - -# OS/Platform info -cat /etc/os-release 2>/dev/null || uname -a - -# Hardware model (varies by system) -# Raspberry Pi: -cat /proc/device-tree/model 2>/dev/null || echo "Unknown" - -# x86 systems: -cat /sys/class/dmi/id/product_name 2>/dev/null || echo "Unknown" - -# Serial number -# Raspberry Pi: -cat /proc/device-tree/serial-number 2>/dev/null || cat /proc/cpuinfo | grep Serial | cut -d: -f2 | tr -d ' ' 2>/dev/null - -# x86 systems: -cat /sys/class/dmi/id/product_serial 2>/dev/null || echo "Unknown" - -# CPU info -nproc - -# Memory (MB) -free -m | awk '/Mem:/ {print $2}' - -# Disk (GB, root filesystem) -df -BG / | awk 'NR==2 {print $2}' | tr -d 'G' -``` - -#### 1.2 Network Interfaces - -```bash -# Get interfaces with IPs (JSON format) -ip -j addr show 2>/dev/null || ip addr show - -# Get default gateway interface -ip route | grep default | awk '{print $5}' | head -1 - -# Get MAC addresses -ip -j link show 2>/dev/null || ip link show -``` - -#### 1.3 Running Applications - -```bash -# Docker containers (if docker available) -docker ps --format '{"name":"{{.Names}}","image":"{{.Image}}","status":"{{.Status}}","ports":"{{.Ports}}"}' 2>/dev/null || echo "Docker not available" - -# Docker Compose projects (check common locations) -find ~/apps /home/*/apps -name "docker-compose.yml" -o -name "docker-compose.yaml" 2>/dev/null | head -20 - -# Systemd services (running) -systemctl list-units --type=service --state=running --no-pager --plain 2>/dev/null | grep -v "^UNIT" | head -30 -``` - -### Phase 2: Pre-Registration Checks (via MCP) - -Before creating objects, verify prerequisites: - -#### 2.1 Check if Device Already Exists - -``` -dcim_list_devices name= -``` - -**If device exists:** -- Inform user and suggest `/cmdb-sync` instead -- Ask if they want to proceed with re-registration (will update existing) - -#### 2.2 Verify/Create Site - -If `--site` provided: -``` -dcim_list_sites name= -``` - -If site doesn't exist, ask user if they want to create it. - -If no site provided, list available sites and ask user to choose: -``` -dcim_list_sites -``` - -#### 2.3 Verify/Create Platform - -Based on OS detected, check if platform exists: -``` -dcim_list_platforms name= -``` - -**Platform naming:** -- `Raspberry Pi OS (Bookworm)` for Raspberry Pi -- `Ubuntu 24.04 LTS` for Ubuntu -- `Debian 12` for Debian -- Use format: `{OS Name} {Version}` - -If platform doesn't exist, create it: -``` -dcim_create_platform name= slug= -``` - -#### 2.4 Verify/Create Device Role - -Based on detected services: -- If Docker containers found → `Docker Host` -- If only basic services → `Server` -- If specific role specified → Use that - -``` -dcim_list_device_roles name= -``` - -### Phase 3: Device Registration (via MCP) - -#### 3.1 Get/Create Manufacturer and Device Type - -For Raspberry Pi: -``` -dcim_list_manufacturers name="Raspberry Pi Foundation" -dcim_list_device_types manufacturer_id=X model="Raspberry Pi 4 Model B" -``` - -Create if not exists. - -For generic x86: -``` -dcim_list_manufacturers name= -``` - -#### 3.2 Create Device - -``` -dcim_create_device - name= - device_type= - role= - site= - platform= - tenant= # if provided - serial= - description="Registered via cmdb-assistant" -``` - -#### 3.3 Create Interfaces - -For each network interface discovered: -``` -dcim_create_interface - device= - name= # eth0, wlan0, tailscale0, etc. - type= # 1000base-t, virtual, other - mac_address= - enabled=true -``` - -**Interface type mapping:** -- `eth*`, `enp*` → `1000base-t` -- `wlan*` → `ieee802.11ax` (or appropriate wifi type) -- `tailscale*`, `docker*`, `br-*` → `virtual` -- `lo` → skip (loopback) - -#### 3.4 Create IP Addresses - -For each IP on each interface: -``` -ipam_create_ip_address - address= # e.g., "192.168.1.100/24" - assigned_object_type="dcim.interface" - assigned_object_id= - status="active" - description="Discovered via cmdb-register" -``` - -#### 3.5 Set Primary IP - -Identify primary IP (interface with default route): -``` -dcim_update_device - id= - primary_ip4= -``` - -### Phase 4: Container Registration (via MCP) - -If Docker containers were discovered: - -#### 4.1 Create/Get Cluster Type - -``` -virt_list_cluster_types name="Docker Compose" -``` - -Create if not exists: -``` -virt_create_cluster_type name="Docker Compose" slug="docker-compose" -``` - -#### 4.2 Create Cluster - -For each Docker Compose project directory found: -``` -virt_create_cluster - name= # e.g., "apps-hotport" - type= - site= - description="Docker Compose stack on " -``` - -#### 4.3 Create VMs for Containers - -For each running container: -``` -virt_create_vm - name= - cluster= - site= - role= # Map container function to role - status="active" - vcpus= # Default 1.0 if unknown - memory= # Default 256 if unknown - disk= # Default 5 if unknown - description= - comments= -``` - -**Container role mapping:** -- `*caddy*`, `*nginx*`, `*traefik*` → "Reverse Proxy" -- `*db*`, `*postgres*`, `*mysql*`, `*redis*` → "Database" -- `*webui*`, `*frontend*` → "Web Application" -- Others → Infer from image name or use generic "Container" - -### Phase 5: Documentation - -#### 5.1 Add Journal Entry - -``` -extras_create_journal_entry - assigned_object_type="dcim.device" - assigned_object_id= - comments="Device registered via /cmdb-register command\n\nDiscovered:\n- X network interfaces\n- Y IP addresses\n- Z Docker containers" -``` - -### Phase 6: Summary Report - -Present registration summary: - -```markdown -## Machine Registration Complete - -### Device Created -- **Name:** -- **Site:** -- **Platform:** -- **Role:** -- **ID:** -- **URL:** https://netbox.example.com/dcim/devices// - -### Network Interfaces -| Interface | Type | MAC | IP Address | -|-----------|------|-----|------------| -| eth0 | 1000base-t | aa:bb:cc:dd:ee:ff | 192.168.1.100/24 | -| tailscale0 | virtual | - | 100.x.x.x/32 | - -### Primary IP: 192.168.1.100 - -### Docker Containers Registered (if applicable) -**Cluster:** (ID: ) - -| Container | Role | vCPUs | Memory | Status | -|-----------|------|-------|--------|--------| -| media_jellyfin | Media Server | 2.0 | 2048MB | Active | -| media_sonarr | Media Management | 1.0 | 512MB | Active | - -### Next Steps -- Run `/cmdb-sync` periodically to keep data current -- Run `/cmdb-audit` to check data quality -- Add tags for classification (env:*, team:*, etc.) -``` +Execute `skills/visual-header.md` with context "Machine Registration". + +Execute `skills/device-registration.md` which covers: +1. System discovery via Bash (use `skills/system-discovery.md`) +2. Pre-registration checks (device exists?, site?, platform?, role?) +3. Device creation via MCP +4. Interface and IP creation +5. Container registration (if Docker found) +6. Journal entry documentation ## Error Handling -- **Device already exists:** Suggest `/cmdb-sync` or ask to proceed -- **Site not found:** List available sites, offer to create new -- **Docker not available:** Skip container registration, note in summary -- **Permission denied:** Note which operations failed, suggest fixes +| Error | Action | +|-------|--------| +| Device already exists | Suggest `/cmdb-sync` or ask to proceed | +| Site not found | List available sites, offer to create new | +| Docker not available | Skip container registration, note in summary | +| Permission denied | Note which operations failed, suggest fixes | ## User Request diff --git a/plugins/cmdb-assistant/commands/cmdb-site.md b/plugins/cmdb-assistant/commands/cmdb-site.md index 1b9dbf0..68fcfc5 100644 --- a/plugins/cmdb-assistant/commands/cmdb-site.md +++ b/plugins/cmdb-assistant/commands/cmdb-site.md @@ -1,19 +1,12 @@ # CMDB Site Management -## Visual Output - -When executing this command, display the plugin header: - -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · Site Management │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the operation. - Manage sites and locations in NetBox. +## Skills to Load + +- `skills/visual-header.md` +- `skills/mcp-tools-reference.md` + ## Usage ``` @@ -22,46 +15,35 @@ Manage sites and locations in NetBox. ## Instructions -You are a site/location management assistant with access to NetBox. +Execute `skills/visual-header.md` with context "Site Management". ### Actions **Sites:** -- `list` - List all sites using `dcim_list_sites` -- `show ` - Get site details using `dcim_get_site` -- `create ` - Create new site using `dcim_create_site` -- `update ` - Update site using `dcim_update_site` +- `list` - List all sites: `dcim_list_sites` +- `show ` - Get site details: `dcim_get_site` +- `create ` - Create new site: `dcim_create_site` +- `update ` - Update site: `dcim_update_site` - `delete ` - Delete site (with confirmation) -**Locations (within sites):** -- `locations at ` - List locations using `dcim_list_locations` -- `create location at ` - Create location using `dcim_create_location` +**Locations:** +- `locations at ` - List locations: `dcim_list_locations` +- `create location at ` - Create location **Racks:** -- `racks at ` - List racks using `dcim_list_racks` -- `create rack at ` - Create rack using `dcim_create_rack` +- `racks at ` - List racks: `dcim_list_racks` +- `create rack at ` - Create rack **Regions:** -- `regions` - List regions using `dcim_list_regions` -- `create region ` - Create region using `dcim_create_region` - -### Site Properties - -When creating/updating sites: -- name (required) -- slug (required, auto-generated if not provided) -- status: active, planned, staging, decommissioning, retired -- region: parent region ID -- facility: datacenter/building name -- physical_address, shipping_address -- time_zone +- `regions` - List regions: `dcim_list_regions` +- `create region ` - Create region ## Examples -- `/cmdb-site list` - Show all sites -- `/cmdb-site show headquarters` - Get HQ site details -- `/cmdb-site create branch-office-nyc` - Create new site -- `/cmdb-site racks at headquarters` - List racks at HQ +- `/cmdb-site list` +- `/cmdb-site show headquarters` +- `/cmdb-site create branch-office-nyc` +- `/cmdb-site racks at headquarters` ## User Request diff --git a/plugins/cmdb-assistant/commands/cmdb-sync.md b/plugins/cmdb-assistant/commands/cmdb-sync.md index e5db01a..1119aff 100644 --- a/plugins/cmdb-assistant/commands/cmdb-sync.md +++ b/plugins/cmdb-assistant/commands/cmdb-sync.md @@ -4,19 +4,14 @@ description: Synchronize current machine state with existing NetBox record # CMDB Machine Sync -## Visual Output +Update an existing NetBox device record with the current machine state. -When executing this command, display the plugin header: +## Skills to Load -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · Machine Sync │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the synchronization. - -Update an existing NetBox device record with the current machine state. Compares local system information with NetBox and applies changes. +- `skills/visual-header.md` +- `skills/sync-workflow.md` +- `skills/system-discovery.md` +- `skills/mcp-tools-reference.md` ## Usage @@ -30,318 +25,32 @@ Update an existing NetBox device record with the current machine state. Compares ## Instructions -You are synchronizing the current machine's state with its NetBox record. This involves comparing current system state with stored data and updating differences. - -**IMPORTANT:** Load the `netbox-patterns` skill for best practice reference. - -### Phase 1: Device Lookup (via MCP) - -First, find the existing device record: - -```bash -# Get current hostname -hostname -``` - -``` -dcim_list_devices name= -``` - -**If device not found:** -- Inform user: "Device '' not found in NetBox" -- Suggest: "Run `/cmdb-register` to register this machine first" -- Exit sync - -**If device found:** -- Store device ID and all current field values -- Fetch interfaces: `dcim_list_interfaces device_id=` -- Fetch IPs: `ipam_list_ip_addresses device_id=` - -Also check for associated clusters/VMs: -``` -virt_list_clusters # Look for cluster associated with this device -virt_list_vms cluster= # If cluster found -``` - -### Phase 2: Current State Discovery (via Bash) - -Gather current system information (same as `/cmdb-register`): - -```bash -# Device info -hostname -cat /etc/os-release 2>/dev/null || uname -a -nproc -free -m | awk '/Mem:/ {print $2}' -df -BG / | awk 'NR==2 {print $2}' | tr -d 'G' - -# Network interfaces with IPs -ip -j addr show 2>/dev/null || ip addr show - -# Docker containers -docker ps --format '{"name":"{{.Names}}","image":"{{.Image}}","status":"{{.Status}}"}' 2>/dev/null || echo "[]" -``` - -### Phase 3: Comparison - -Compare discovered state with NetBox record: - -#### 3.1 Device Attributes - -| Field | Compare | -|-------|---------| -| Platform | OS version changed? | -| Status | Still active? | -| Serial | Match? | -| Description | Keep existing | - -#### 3.2 Network Interfaces - -| Change Type | Detection | -|-------------|-----------| -| New interface | Interface exists locally but not in NetBox | -| Removed interface | Interface in NetBox but not locally | -| Changed MAC | MAC address different | -| Interface type | Type mismatch | - -#### 3.3 IP Addresses - -| Change Type | Detection | -|-------------|-----------| -| New IP | IP exists locally but not in NetBox | -| Removed IP | IP in NetBox but not locally (on this device) | -| Primary IP changed | Default route interface changed | - -#### 3.4 Docker Containers - -| Change Type | Detection | -|-------------|-----------| -| New container | Container running locally but no VM in cluster | -| Stopped container | VM exists but container not running | -| Resource change | vCPUs/memory different (if trackable) | - -### Phase 4: Diff Report - -Present changes to user: - -```markdown -## Sync Diff Report - -**Device:** (ID: ) -**NetBox URL:** https://netbox.example.com/dcim/devices// - -### Device Attributes -| Field | NetBox Value | Current Value | Action | -|-------|--------------|---------------|--------| -| Platform | Ubuntu 22.04 | Ubuntu 24.04 | UPDATE | -| Status | active | active | - | - -### Network Interfaces - -#### New Interfaces (will create) -| Interface | Type | MAC | IPs | -|-----------|------|-----|-----| -| tailscale0 | virtual | - | 100.x.x.x/32 | - -#### Removed Interfaces (will mark offline) -| Interface | Type | Reason | -|-----------|------|--------| -| eth1 | 1000base-t | Not found locally | - -#### Changed Interfaces -| Interface | Field | Old | New | -|-----------|-------|-----|-----| -| eth0 | mac_address | aa:bb:cc:00:00:00 | aa:bb:cc:11:11:11 | - -### IP Addresses - -#### New IPs (will create) -- 192.168.1.150/24 on eth0 - -#### Removed IPs (will unassign) -- 192.168.1.100/24 from eth0 - -### Docker Containers - -#### New Containers (will create VMs) -| Container | Image | Role | -|-----------|-------|------| -| media_lidarr | linuxserver/lidarr | Media Management | - -#### Stopped Containers (will mark offline) -| Container | Last Status | -|-----------|-------------| -| media_bazarr | Exited | - -### Summary -- **Updates:** X -- **Creates:** Y -- **Removals/Offline:** Z -``` - -### Phase 5: User Confirmation - -If not `--dry-run`: - -``` -The following changes will be applied: -- Update device platform to "Ubuntu 24.04" -- Create interface "tailscale0" -- Create IP "100.x.x.x/32" on tailscale0 -- Create VM "media_lidarr" in cluster -- Mark VM "media_bazarr" as offline - -Proceed with sync? [Y/n] -``` - -**Use AskUserQuestion** to get confirmation. - -### Phase 6: Apply Updates (via MCP) - -Only if user confirms (or `--full` specified): - -#### 6.1 Device Updates - -``` -dcim_update_device - id= - platform= - # ... other changed fields -``` - -#### 6.2 Interface Updates - -**For new interfaces:** -``` -dcim_create_interface - device= - name= - type= - mac_address= - enabled=true -``` - -**For removed interfaces:** -``` -dcim_update_interface - id= - enabled=false - description="Marked offline by cmdb-sync - interface no longer present" -``` - -**For changed interfaces:** -``` -dcim_update_interface - id= - mac_address= -``` - -#### 6.3 IP Address Updates - -**For new IPs:** -``` -ipam_create_ip_address - address= - assigned_object_type="dcim.interface" - assigned_object_id= - status="active" -``` - -**For removed IPs:** -``` -ipam_update_ip_address - id= - assigned_object_type=null - assigned_object_id=null - description="Unassigned by cmdb-sync" -``` - -#### 6.4 Primary IP Update - -If primary IP changed: -``` -dcim_update_device - id= - primary_ip4= -``` - -#### 6.5 Container/VM Updates - -**For new containers:** -``` -virt_create_vm - name= - cluster= - status="active" - # ... other fields -``` - -**For stopped containers:** -``` -virt_update_vm - id= - status="offline" - description="Container stopped - detected by cmdb-sync" -``` - -### Phase 7: Journal Entry - -Document the sync: - -``` -extras_create_journal_entry - assigned_object_type="dcim.device" - assigned_object_id= - comments="Device synced via /cmdb-sync command\n\nChanges applied:\n- " -``` - -### Phase 8: Summary Report - -```markdown -## Sync Complete - -**Device:** -**Sync Time:** - -### Changes Applied -- Updated platform: Ubuntu 22.04 → Ubuntu 24.04 -- Created interface: tailscale0 (ID: X) -- Created IP: 100.x.x.x/32 (ID: Y) -- Created VM: media_lidarr (ID: Z) -- Marked VM offline: media_bazarr (ID: W) - -### Current State -- **Interfaces:** 4 (3 active, 1 offline) -- **IP Addresses:** 5 -- **Containers/VMs:** 8 (7 active, 1 offline) - -### Next Sync -Run `/cmdb-sync` again after: -- Adding/removing Docker containers -- Changing network configuration -- OS upgrades -``` - -## Dry Run Mode - -If `--dry-run` specified: -- Complete Phase 1-4 (lookup, discovery, compare, diff report) -- Skip Phase 5-8 (no confirmation, no updates, no journal) -- End with: "Dry run complete. No changes applied. Run without --dry-run to apply." - -## Full Sync Mode - -If `--full` specified: -- Skip user confirmation -- Update all fields even if unchanged (force refresh) -- Useful for ensuring NetBox matches current state exactly +Execute `skills/visual-header.md` with context "Machine Sync". + +Execute `skills/sync-workflow.md` which covers: +1. Device lookup via MCP +2. Current state discovery via Bash +3. Comparison of NetBox vs local state +4. Diff report generation +5. User confirmation (unless dry-run) +6. Apply updates via MCP +7. Journal entry creation + +## Modes + +| Mode | Behavior | +|------|----------| +| Default | Show diff, ask confirmation, apply changes | +| `--dry-run` | Show diff only, no changes applied | +| `--full` | Skip confirmation, update all fields | ## Error Handling -- **Device not found:** Suggest `/cmdb-register` -- **Permission denied on updates:** Note which failed, continue with others -- **Cluster not found:** Offer to create or skip container sync -- **API errors:** Log error, continue with remaining updates +| Error | Action | +|-------|--------| +| Device not found | Suggest `/cmdb-register` | +| Permission denied | Note which failed, continue others | +| Cluster not found | Offer to create or skip container sync | ## User Request diff --git a/plugins/cmdb-assistant/commands/cmdb-topology.md b/plugins/cmdb-assistant/commands/cmdb-topology.md index 9572370..d021dc1 100644 --- a/plugins/cmdb-assistant/commands/cmdb-topology.md +++ b/plugins/cmdb-assistant/commands/cmdb-topology.md @@ -4,20 +4,14 @@ description: Generate infrastructure topology diagrams from NetBox data # CMDB Topology Visualization -## Visual Output - -When executing this command, display the plugin header: - -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · Topology │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the visualization. - Generate Mermaid diagrams showing infrastructure topology from NetBox. +## Skills to Load + +- `skills/visual-header.md` +- `skills/topology-generation.md` +- `skills/mcp-tools-reference.md` + ## Usage ``` @@ -26,168 +20,34 @@ Generate Mermaid diagrams showing infrastructure topology from NetBox. **Views:** - `rack ` - Rack elevation showing devices and positions -- `network [site]` - Network topology showing device connections via cables +- `network [site]` - Network topology showing device connections - `site ` - Site overview with racks and device counts - `full` - Full infrastructure overview ## Instructions -You are a topology visualization assistant that queries NetBox and generates Mermaid diagrams. +Execute `skills/visual-header.md` with context "Topology". -### View: Rack Elevation +Execute `skills/topology-generation.md` which covers: +- Data collection via MCP for each view type +- Mermaid diagram generation with proper shapes +- Legend and data notes -Generate a rack view showing devices and their positions. - -**Data Collection:** -1. Use `dcim_list_racks` to find the rack by name -2. Use `dcim_list_devices` with `rack_id` filter to get devices in rack -3. For each device, note: `position`, `u_height`, `face`, `name`, `role` - -**Mermaid Output:** - -```mermaid -graph TB - subgraph rack["Rack: (U)"] - direction TB - u42["U42: empty"] - u41["U41: empty"] - u40["U40: server-01 (Server)"] - u39["U39: server-01 (cont.)"] - u38["U38: switch-01 (Switch)"] - %% ... continue for all units - end -``` - -**For devices spanning multiple U:** -- Mark the top U with device name and role -- Mark subsequent Us as "(cont.)" for the same device -- Empty Us should show "empty" - -### View: Network Topology - -Generate a network diagram showing device connections. - -**Data Collection:** -1. Use `dcim_list_sites` if no site specified (get all) -2. Use `dcim_list_devices` with optional `site_id` filter -3. Use `dcim_list_cables` to get all connections -4. Use `dcim_list_interfaces` for each device to understand port names - -**Mermaid Output:** - -```mermaid -graph TD - subgraph site1["Site: Home"] - router1[("core-router-01
Router")] - switch1[["dist-switch-01
Switch"]] - server1["web-server-01
Server"] - server2["db-server-01
Server"] - end - - router1 -->|"eth0 - eth1"| switch1 - switch1 -->|"gi0/1 - eth0"| server1 - switch1 -->|"gi0/2 - eth0"| server2 -``` - -**Node shapes by role:** -- Router: `[(" ")]` (cylinder/database shape) -- Switch: `[[ ]]` (double brackets) -- Server: `[ ]` (rectangle) -- Firewall: `{{ }}` (hexagon) -- Other: `[ ]` (rectangle) - -**Edge labels:** Show interface names on both ends (A-side - B-side) - -### View: Site Overview - -Generate a site-level view showing racks and summary counts. - -**Data Collection:** -1. Use `dcim_get_site` to get site details -2. Use `dcim_list_racks` with `site_id` filter -3. Use `dcim_list_devices` with `site_id` filter for counts per rack - -**Mermaid Output:** - -```mermaid -graph TB - subgraph site["Site: Headquarters"] - subgraph row1["Row 1"] - rack1["Rack A1
12/42 U used
5 devices"] - rack2["Rack A2
20/42 U used
8 devices"] - end - subgraph row2["Row 2"] - rack3["Rack B1
8/42 U used
3 devices"] - end - end -``` - -### View: Full Infrastructure - -Generate a high-level view of all sites and their relationships. - -**Data Collection:** -1. Use `dcim_list_regions` to get hierarchy -2. Use `dcim_list_sites` to get all sites -3. Use `dcim_list_devices` with status filter for counts - -**Mermaid Output:** - -```mermaid -graph TB - subgraph region1["Region: Americas"] - site1["Headquarters
3 racks, 25 devices"] - site2["Branch Office
1 rack, 5 devices"] - end - subgraph region2["Region: Europe"] - site3["EU Datacenter
10 racks, 100 devices"] - end - - site1 -.->|"WAN Link"| site3 -``` - -### Output Format +## Output Format Always provide: - -1. **Summary** - Brief description of what the diagram shows -2. **Mermaid Code Block** - The diagram code in a fenced code block -3. **Legend** - Explanation of shapes and colors used -4. **Data Notes** - Any data quality issues (e.g., devices without position, missing cables) - -**Example Output:** - -```markdown -## Network Topology: Home Site - -This diagram shows the network connections between 4 devices at the Home site. - -```mermaid -graph TD - router1[("core-router
Router")] - switch1[["main-switch
Switch"]] - server1["homelab-01
Server"] - - router1 -->|"eth0 - gi0/24"| switch1 - switch1 -->|"gi0/1 - eth0"| server1 -``` - -**Legend:** -- Cylinder shape: Routers -- Double brackets: Switches -- Rectangle: Servers - -**Data Notes:** -- 1 device (nas-01) has no cable connections documented -``` +1. **Summary** - Brief description +2. **Mermaid Code Block** - The diagram +3. **Legend** - Shape explanations +4. **Data Notes** - Quality issues found ## Examples -- `/cmdb-topology rack server-rack-01` - Show devices in server-rack-01 -- `/cmdb-topology network` - Show all network connections -- `/cmdb-topology network Home` - Show network topology for Home site only -- `/cmdb-topology site Headquarters` - Show rack overview for Headquarters -- `/cmdb-topology full` - Show full infrastructure overview +- `/cmdb-topology rack server-rack-01` - Rack elevation +- `/cmdb-topology network` - All network connections +- `/cmdb-topology network Home` - Network for Home site +- `/cmdb-topology site Headquarters` - Site overview +- `/cmdb-topology full` - Full infrastructure ## User Request diff --git a/plugins/cmdb-assistant/commands/initial-setup.md b/plugins/cmdb-assistant/commands/initial-setup.md index df189dc..e89758e 100644 --- a/plugins/cmdb-assistant/commands/initial-setup.md +++ b/plugins/cmdb-assistant/commands/initial-setup.md @@ -1,176 +1,74 @@ --- -description: Interactive setup wizard for cmdb-assistant plugin - configures NetBox MCP server +description: Interactive setup wizard for cmdb-assistant plugin --- # CMDB Assistant Setup Wizard -## Visual Output +Configure the cmdb-assistant plugin with NetBox integration. -When executing this command, display the plugin header: +## Skills to Load -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · Setup Wizard │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the setup. - -This command sets up the cmdb-assistant plugin with NetBox integration. +- `skills/visual-header.md` ## Important Context -- **This command uses Bash, Read, Write, and AskUserQuestion tools** - NOT MCP tools -- **MCP tools won't work until after setup + session restart** -- **Uses NetBox MCP server (separate from Gitea MCP)** +- **Uses Bash, Read, Write, AskUserQuestion tools** - NOT MCP tools +- **MCP tools unavailable until after setup + session restart** ---- +## Usage -## Phase 1: Environment Validation +``` +/initial-setup +``` -### Step 1.1: Check Python Version +## Instructions + +Execute `skills/visual-header.md` with context "Setup Wizard". + +### Phase 1: Environment Validation ```bash python3 --version ``` +If below 3.10, stop and inform user. -If below 3.10, stop setup and inform user. +### Phase 2: MCP Server Setup ---- +1. Locate NetBox MCP server in marketplace +2. Check virtual environment exists +3. Create venv if missing: `python3 -m venv .venv && pip install -r requirements.txt` -## Phase 2: MCP Server Setup +### Phase 3: System Configuration -### Step 2.1: Locate NetBox MCP Server +1. Create config directory: `mkdir -p ~/.config/claude` +2. Check `~/.config/claude/netbox.env` exists +3. If missing, ask user for NetBox API URL (must include `/api`) +4. Create config file with placeholder token +5. Instruct user to add API token manually -```bash -find ~/.claude ~/.config/claude -name "mcp_server" -path "*netbox*" 2>/dev/null | head -5 -``` +### Phase 4: Validation -If not found, ask user for marketplace location. +1. Test API connection if token was added +2. Report result (200=success, 403=invalid token) +3. Display completion summary +4. Remind user to restart session for MCP tools -### Step 2.2: Check Virtual Environment - -```bash -ls -la /path/to/mcp-servers/netbox/.venv/bin/python 2>/dev/null && echo "VENV_EXISTS" || echo "VENV_MISSING" -``` - -### Step 2.3: Create Virtual Environment (if missing) - -```bash -cd /path/to/mcp-servers/netbox && python3 -m venv .venv && source .venv/bin/activate && pip install --upgrade pip && pip install -r requirements.txt && deactivate -``` - ---- - -## Phase 3: System Configuration - -### Step 3.1: Create Config Directory - -```bash -mkdir -p ~/.config/claude -``` - -### Step 3.2: Check NetBox Configuration - -```bash -cat ~/.config/claude/netbox.env 2>/dev/null || echo "FILE_NOT_FOUND" -``` - -**If file exists with valid values:** Skip to Phase 4. -**If missing or has placeholders:** Continue. - -### Step 3.3: Gather NetBox Information - -Use AskUserQuestion: -- Question: "What is your NetBox API URL? (e.g., https://netbox.company.com/api)" -- Header: "NetBox URL" -- Options: - - "Other (I'll provide the URL)" - -Ask user to provide the URL. - -**Important:** The URL must include `/api` at the end. If the user provides a URL without `/api`, append it automatically. - -### Step 3.4: Create Configuration File - -```bash -cat > ~/.config/claude/netbox.env << 'EOF' -# NetBox API Configuration -# Generated by cmdb-assistant /initial-setup - -NETBOX_API_URL= -NETBOX_API_TOKEN=PASTE_YOUR_TOKEN_HERE -EOF -chmod 600 ~/.config/claude/netbox.env -``` - -### Step 3.5: Token Instructions - ---- - -**Action Required: Add Your NetBox API Token** - -I've created `~/.config/claude/netbox.env` but you need to add your API token manually. - -**Steps:** -1. Open: `nano ~/.config/claude/netbox.env` -2. Generate token in NetBox: Admin → API Tokens → Add Token -3. Replace `PASTE_YOUR_TOKEN_HERE` with your token -4. Save the file - ---- - -Use AskUserQuestion: -- Question: "Have you added your NetBox token?" -- Header: "Token" -- Options: - - "Yes, I've added the token" - - "Skip for now" - ---- - -## Phase 4: Validation - -### Step 4.1: Test Configuration (if token was added) - -```bash -source ~/.config/claude/netbox.env && curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Token $NETBOX_API_TOKEN" "$NETBOX_API_URL/" -``` - -**Note:** The URL already includes `/api`, so we just append `/` for the root API endpoint. - -Report result: -- 200: Success -- 403: Invalid token -- Other: Connection issue - -### Step 4.2: Summary +## Completion Summary ``` -╔════════════════════════════════════════════════════════════╗ -║ CMDB-ASSISTANT SETUP COMPLETE ║ -╠════════════════════════════════════════════════════════════╣ -║ MCP Server (NetBox): ✓ Ready ║ -║ System Config: ✓ ~/.config/claude/netbox.env ║ -╚════════════════════════════════════════════════════════════╝ +CMDB-ASSISTANT SETUP COMPLETE +MCP Server (NetBox): Ready +System Config: ~/.config/claude/netbox.env + +Restart your Claude Code session for MCP tools. + +After restart, try: +- /cmdb-device +- /cmdb-ip
+- /cmdb-site +- /cmdb-search ``` -### Step 4.3: Session Restart Notice +## User Request ---- - -**⚠️ Session Restart Required** - -Restart your Claude Code session for MCP tools to become available. - -**After restart, you can:** -- Run `/cmdb-device ` to look up a device -- Run `/cmdb-ip
` to look up an IP address -- Run `/cmdb-site ` to look up a site -- Run `/cmdb-search ` for general search - ---- - -## Note on Project Configuration - -cmdb-assistant does not require project-level configuration. The NetBox connection is system-wide and not tied to specific repositories. +$ARGUMENTS diff --git a/plugins/cmdb-assistant/commands/ip-conflicts.md b/plugins/cmdb-assistant/commands/ip-conflicts.md index 1d8d437..5f1e2b7 100644 --- a/plugins/cmdb-assistant/commands/ip-conflicts.md +++ b/plugins/cmdb-assistant/commands/ip-conflicts.md @@ -4,20 +4,14 @@ description: Detect IP address conflicts and overlapping prefixes in NetBox # CMDB IP Conflict Detection -## Visual Output - -When executing this command, display the plugin header: - -``` -┌──────────────────────────────────────────────────────────────────┐ -│ 🖥️ CMDB-ASSISTANT · IP Conflict Detection │ -└──────────────────────────────────────────────────────────────────┘ -``` - -Then proceed with the analysis. - Scan NetBox IPAM data to identify IP address conflicts and overlapping prefixes. +## Skills to Load + +- `skills/visual-header.md` +- `skills/ip-management.md` +- `skills/mcp-tools-reference.md` + ## Usage ``` @@ -33,205 +27,31 @@ Scan NetBox IPAM data to identify IP address conflicts and overlapping prefixes. ## Instructions -You are an IP conflict detection specialist that analyzes NetBox IPAM data for conflicts and issues. +Execute `skills/visual-header.md` with context "IP Conflict Detection". -### Conflict Types to Detect +Execute conflict detection from `skills/ip-management.md`: -#### 1. Duplicate IP Addresses +1. **Data Collection** - Fetch IPs, prefixes, VRFs via MCP +2. **Duplicate Detection** - Group by address+VRF, flag >1 record +3. **Overlap Detection** - Compare prefixes pairwise using CIDR math +4. **Orphan IP Detection** - Find IPs without containing prefix +5. **Generate Report** - Use template from skill -Multiple IP address records with the same address (within same VRF). +## Conflict Types -**Detection:** -1. Use `ipam_list_ip_addresses` to get all addresses -2. Group by address + VRF combination -3. Flag groups with more than one record - -**Exception:** Anycast addresses may legitimately appear multiple times - check the `role` field for "anycast". - -#### 2. Overlapping Prefixes - -Prefixes that contain the same address space (within same VRF). - -**Detection:** -1. Use `ipam_list_prefixes` to get all prefixes -2. For each prefix pair in the same VRF, check if one contains the other -3. Legitimate hierarchies should have proper parent-child relationships - -**Legitimate Overlaps:** -- Parent/child prefix hierarchy (e.g., 10.0.0.0/8 contains 10.0.1.0/24) -- Different VRFs (isolated routing tables) -- Marked as "container" status - -#### 3. IPs Outside Their Prefix - -IP addresses that don't fall within any defined prefix. - -**Detection:** -1. For each IP address, find the most specific prefix that contains it -2. Flag IPs with no matching prefix - -#### 4. Prefix Overlap Across VRFs (Informational) - -Same prefix appearing in multiple VRFs - not necessarily a conflict, but worth noting. - -### MCP Tools - -- `ipam_list_ip_addresses` - Get all IP addresses with filters: - - `address` - Filter by specific address - - `vrf_id` - Filter by VRF - - `parent` - Filter by parent prefix - - `status` - Filter by status - -- `ipam_list_prefixes` - Get all prefixes with filters: - - `prefix` - Filter by prefix CIDR - - `vrf_id` - Filter by VRF - - `within` - Find prefixes within a parent - - `contains` - Find prefixes containing an address - -- `ipam_list_vrfs` - List VRFs for context -- `ipam_get_ip_address` - Get detailed IP info including assigned device/interface -- `ipam_get_prefix` - Get detailed prefix info - -### Workflow - -1. **Data Collection** - - Fetch all IP addresses (or filtered set) - - Fetch all prefixes (or filtered set) - - Fetch VRFs for context - -2. **Duplicate Detection** - - Build address map: `{address+vrf: [records]}` - - Filter for entries with >1 record - -3. **Overlap Detection** - - For each VRF, compare prefixes pairwise - - Check using CIDR math: does prefix A contain prefix B or vice versa? - - Ignore legitimate hierarchies (status=container) - -4. **Orphan IP Detection** - - For each IP, find containing prefix - - Flag IPs with no prefix match - -5. **Generate Report** - -### Report Format - -```markdown -## IP Conflict Detection Report - -**Generated:** [timestamp] -**Scope:** [scope parameter] - -### Summary - -| Check | Status | Count | -|-------|--------|-------| -| Duplicate IPs | [PASS/FAIL] | X | -| Overlapping Prefixes | [PASS/FAIL] | Y | -| Orphan IPs | [PASS/FAIL] | Z | -| Total Issues | - | N | - -### Critical Issues - -#### Duplicate IP Addresses - -| Address | VRF | Count | Assigned To | -|---------|-----|-------|-------------| -| 10.0.1.50/24 | Global | 2 | server-01 (eth0), server-02 (eth0) | -| 192.168.1.100/24 | Global | 2 | router-01 (gi0/1), switch-01 (vlan10) | - -**Impact:** IP conflicts cause network connectivity issues. Devices will have intermittent connectivity. - -**Resolution:** -- Determine which device should have the IP -- Update or remove the duplicate assignment -- Consider IP reservation to prevent future conflicts - -#### Overlapping Prefixes - -| Prefix 1 | Prefix 2 | VRF | Type | -|----------|----------|-----|------| -| 10.0.0.0/24 | 10.0.0.0/25 | Global | Unstructured overlap | -| 192.168.0.0/16 | 192.168.1.0/24 | Production | Missing container flag | - -**Impact:** Overlapping prefixes can cause routing ambiguity and IP management confusion. - -**Resolution:** -- For legitimate hierarchies: Mark parent prefix as status="container" -- For accidental overlaps: Consolidate or re-address one prefix - -### Warnings - -#### IPs Without Prefix - -| Address | VRF | Assigned To | Nearest Prefix | -|---------|-----|-------------|----------------| -| 172.16.5.10/24 | Global | server-03 (eth0) | None found | - -**Impact:** IPs without a prefix bypass IPAM allocation controls. - -**Resolution:** -- Create appropriate prefix to contain the IP -- Or update IP to correct address within existing prefix - -### Informational - -#### Same Prefix in Multiple VRFs - -| Prefix | VRFs | Purpose | -|--------|------|---------| -| 10.0.0.0/24 | Global, DMZ, Internal | [Check if intentional] | - -### Statistics - -| Metric | Value | -|--------|-------| -| Total IP Addresses | X | -| Total Prefixes | Y | -| Total VRFs | Z | -| Utilization (IPs/Prefix space) | W% | - -### Remediation Commands - -``` -# Remove duplicate IP (keep server-01's assignment) -ipam_delete_ip_address id=123 - -# Mark prefix as container -ipam_update_prefix id=456 status=container - -# Create missing prefix for orphan IP -ipam_create_prefix prefix=172.16.5.0/24 status=active -``` -``` - -### CIDR Math Reference - -For overlap detection, use these rules: -- Prefix A **contains** Prefix B if: A.network <= B.network AND A.broadcast >= B.broadcast -- Two prefixes **overlap** if: A.network <= B.broadcast AND B.network <= A.broadcast - -**Example:** -- 10.0.0.0/8 contains 10.0.1.0/24 (legitimate hierarchy) -- 10.0.0.0/24 and 10.0.0.128/25 overlap (10.0.0.128/25 is within 10.0.0.0/24) - -### Severity Levels - -| Issue | Severity | Description | -|-------|----------|-------------| -| Duplicate IP (same interface type) | CRITICAL | Active conflict, causes outages | -| Duplicate IP (different roles) | HIGH | Potential conflict | -| Overlapping prefixes (same status) | HIGH | IPAM management issue | -| Overlapping prefixes (container ok) | LOW | May need status update | -| Orphan IP | MEDIUM | Bypasses IPAM controls | +| Type | Severity | +|------|----------| +| Duplicate IP (same interface type) | CRITICAL | +| Duplicate IP (different roles) | HIGH | +| Overlapping prefixes (same status) | HIGH | +| Overlapping prefixes (container ok) | LOW | +| Orphan IP | MEDIUM | ## Examples -- `/ip-conflicts` - Full scan for all conflicts -- `/ip-conflicts addresses` - Check only for duplicate IPs -- `/ip-conflicts prefixes` - Check only for overlapping prefixes -- `/ip-conflicts vrf Production` - Scan only Production VRF -- `/ip-conflicts prefix 10.0.0.0/8` - Scan within specific prefix range +- `/ip-conflicts` - Full scan +- `/ip-conflicts addresses` - Duplicate IPs only +- `/ip-conflicts vrf Production` - Scan specific VRF ## User Request diff --git a/plugins/cmdb-assistant/hooks/hooks.json b/plugins/cmdb-assistant/hooks/hooks.json index d90fb51..367453a 100644 --- a/plugins/cmdb-assistant/hooks/hooks.json +++ b/plugins/cmdb-assistant/hooks/hooks.json @@ -2,8 +2,12 @@ "hooks": { "SessionStart": [ { - "type": "command", - "command": "${CLAUDE_PLUGIN_ROOT}/hooks/startup-check.sh" + "hooks": [ + { + "type": "command", + "command": "${CLAUDE_PLUGIN_ROOT}/hooks/startup-check.sh" + } + ] } ], "PreToolUse": [ diff --git a/plugins/cmdb-assistant/skills/audit-workflow.md b/plugins/cmdb-assistant/skills/audit-workflow.md new file mode 100644 index 0000000..b504579 --- /dev/null +++ b/plugins/cmdb-assistant/skills/audit-workflow.md @@ -0,0 +1,163 @@ +# Audit Workflow Skill + +How to audit NetBox data quality. + +## Prerequisites + +Load these skills: +- `netbox-patterns` - Best practices reference +- `mcp-tools-reference` - MCP tool reference + +## Data Collection + +``` +virt_list_vms +dcim_list_devices +virt_list_clusters +dcim_list_sites +tenancy_list_tenants +dcim_list_device_roles +dcim_list_platforms +``` + +## Quality Checks by Severity + +### CRITICAL (must fix immediately) + +| Check | Detection | +|-------|-----------| +| VMs without cluster | `cluster` is null AND `site` is null | +| Devices without site | `site` is null | +| Active devices without primary IP | `status=active` AND `primary_ip4` is null AND `primary_ip6` is null | + +### HIGH (should fix soon) + +| Check | Detection | +|-------|-----------| +| VMs without site | No site (neither direct nor via cluster.site) | +| VMs without tenant | `tenant` is null | +| Devices without platform | `platform` is null | +| Clusters not scoped to site | `site` is null on cluster | +| VMs without role | `role` is null | + +### MEDIUM (plan to address) + +| Check | Detection | +|-------|-----------| +| Inconsistent naming | Names don't match patterns | +| Role fragmentation | >10 device roles with <3 assignments each | +| Missing tags on production | Active resources without tags | +| Mixed naming separators | Some `_`, others `-` | + +### LOW (informational) + +| Check | Detection | +|-------|-----------| +| Docker containers as VMs | Cluster type is "Docker Compose" | +| VMs without description | `description` is empty | +| Sites without physical address | `physical_address` is empty | +| Devices without serial | `serial` is empty | + +## Naming Convention Analysis + +### Expected Patterns + +| Object Type | Pattern | Example | +|-------------|---------|---------| +| Devices | `{role}-{location}-{number}` | `web-dc1-01` | +| VMs | `{env}-{app}-{number}` | `prod-api-01` | +| Clusters | `{site}-{type}` | `home-docker` | + +### Analysis Steps + +1. Extract naming patterns from existing objects +2. Identify dominant patterns (most common) +3. Flag outliers that don't match +4. Suggest standardization + +## Role Fragmentation Analysis + +### Red Flags + +- More than 15 highly specific roles +- Roles with technology in name (use platform instead) +- Roles that duplicate functionality +- Single-use roles (only 1 device/VM) + +### Recommended Consolidation + +Use general roles + platform/tags for specificity: +- Instead of `nginx-web-server`, use `web-server` + platform `nginx` + +## Report Template + +```markdown +## CMDB Data Quality Audit Report + +**Generated:** [timestamp] +**Scope:** [scope parameter] + +### Summary + +| Metric | Count | +|--------|-------| +| Total VMs | X | +| Total Devices | Y | +| Total Clusters | Z | +| **Total Issues** | **N** | + +| Severity | Count | +|----------|-------| +| Critical | A | +| High | B | +| Medium | C | +| Low | D | + +### Critical Issues + +[List each with specific object names and IDs] + +- VM `HotServ` (ID: 1) - No cluster or site assignment +- Device `server-01` (ID: 5) - No site assignment + +### High Issues + +[List each with specific object names] + +### Medium Issues + +[Grouped by category with counts] + +### Recommendations + +1. **[Most impactful fix]** - affects N objects +2. **[Second priority]** - affects M objects + +### Quick Fixes + +Commands to fix common issues: + +``` +# Assign site to VM +virt_update_vm id=X site=Y + +# Assign platform to device +dcim_update_device id=X platform=Y +``` + +### Next Steps + +- Run `/cmdb-register` to properly register new machines +- Use `/cmdb-sync` to update existing registrations +- Consider bulk updates via NetBox web UI for >10 items +``` + +## Scope-Specific Focus + +| Scope | Focus | +|-------|-------| +| `all` | Full audit across all categories | +| `vms` | Virtual Machine checks only | +| `devices` | Device checks only | +| `naming` | Naming convention analysis | +| `roles` | Role fragmentation analysis | diff --git a/plugins/cmdb-assistant/skills/change-audit.md b/plugins/cmdb-assistant/skills/change-audit.md new file mode 100644 index 0000000..9bc7acf --- /dev/null +++ b/plugins/cmdb-assistant/skills/change-audit.md @@ -0,0 +1,130 @@ +# Change Audit Skill + +Audit NetBox changes for tracking and compliance. + +## Prerequisites + +Load skill: `mcp-tools-reference` + +## MCP Tools + +| Tool | Purpose | Parameters | +|------|---------|------------| +| `extras_list_object_changes` | List changes | `user_id`, `changed_object_type`, `action` | +| `extras_get_object_change` | Get change details | `id` | + +## Common Object Types + +| Category | Object Types | +|----------|--------------| +| DCIM | `dcim.device`, `dcim.interface`, `dcim.site`, `dcim.rack`, `dcim.cable` | +| IPAM | `ipam.ipaddress`, `ipam.prefix`, `ipam.vlan`, `ipam.vrf` | +| Virtualization | `virtualization.virtualmachine`, `virtualization.cluster` | +| Tenancy | `tenancy.tenant`, `tenancy.contact` | + +## Audit Workflow + +1. **Parse user request** - Determine filters +2. **Query object changes** - `extras_list_object_changes` +3. **Enrich data** - Fetch detailed records if needed +4. **Analyze patterns** - Identify bulk operations, unusual activity +5. **Generate report** - Structured format + +## Report Template + +```markdown +## NetBox Change Audit Report + +**Generated:** [timestamp] +**Period:** [date range or "All time"] +**Filters:** [applied filters] + +### Summary + +| Metric | Count | +|--------|-------| +| Total Changes | X | +| Creates | Y | +| Updates | Z | +| Deletes | W | +| Unique Users | N | +| Object Types | M | + +### Changes by Action + +#### Created Objects (Y) + +| Time | User | Object Type | Object | Details | +|------|------|-------------|--------|---------| +| 2024-01-15 14:30 | admin | dcim.device | server-01 | Created device | + +#### Updated Objects (Z) + +| Time | User | Object Type | Object | Changed Fields | +|------|------|-------------|--------|----------------| +| 2024-01-15 15:00 | john | ipam.ipaddress | 10.0.1.50/24 | status, description | + +#### Deleted Objects (W) + +| Time | User | Object Type | Object | Details | +|------|------|-------------|--------|---------| +| 2024-01-14 09:00 | admin | dcim.interface | eth2 | Removed from server-01 | + +### Changes by User + +| User | Creates | Updates | Deletes | Total | +|------|---------|---------|---------|-------| +| admin | 5 | 10 | 2 | 17 | +| john | 3 | 8 | 0 | 11 | + +### Changes by Object Type + +| Object Type | Creates | Updates | Deletes | Total | +|-------------|---------|---------|---------|-------| +| dcim.device | 2 | 5 | 0 | 7 | +| ipam.ipaddress | 4 | 3 | 1 | 8 | + +### Timeline + +``` +2024-01-15: ######## 8 changes +2024-01-14: #### 4 changes +2024-01-13: ## 2 changes +``` + +### Notable Patterns + +- **Bulk operations:** [Many changes in short time] +- **Unusual activity:** [Unexpected deletions, after-hours changes] +- **Missing audit trail:** [Expected changes not logged] + +### Recommendations + +1. [Security or process recommendations based on findings] +``` + +## Enriching Change Details + +For detailed audit, use `extras_get_object_change` to see: +- `prechange_data` - Object state before change +- `postchange_data` - Object state after change +- `request_id` - Links related changes in same request + +## Security Audit Mode + +When user asks for "security audit" or "compliance report": + +1. Focus on deletions and permission-sensitive changes +2. Highlight changes to critical objects (firewalls, VRFs, prefixes) +3. Flag changes outside business hours +4. Identify users with high change counts + +## Filter Examples + +| Request | Filter | +|---------|--------| +| Recent changes | None (last 24 hours default) | +| Last 7 days | Filter by `time` field | +| By user | `user_id=` | +| Device changes | `changed_object_type=dcim.device` | +| All deletions | `action=delete` | diff --git a/plugins/cmdb-assistant/skills/device-registration.md b/plugins/cmdb-assistant/skills/device-registration.md new file mode 100644 index 0000000..9553d8a --- /dev/null +++ b/plugins/cmdb-assistant/skills/device-registration.md @@ -0,0 +1,177 @@ +# Device Registration Skill + +How to register devices into NetBox. + +## Prerequisites + +Load these skills: +- `system-discovery` - Bash commands for gathering system info +- `netbox-patterns` - Best practices for data quality +- `mcp-tools-reference` - MCP tool reference + +## Registration Workflow + +### Phase 1: System Discovery + +Use commands from `system-discovery` skill to gather: +- Hostname, OS, hardware model, serial number +- CPU, memory, disk +- Network interfaces with IPs +- Running Docker containers + +### Phase 2: Pre-Registration Checks + +1. **Check if device exists:** + ``` + dcim_list_devices name= + ``` + If exists, suggest `/cmdb-sync` instead. + +2. **Verify/Create site:** + ``` + dcim_list_sites name= + ``` + If not found, list available sites or offer to create. + +3. **Verify/Create platform:** + ``` + dcim_list_platforms name= + ``` + Create if not exists with `dcim_create_platform`. + +4. **Verify/Create device role:** + ``` + dcim_list_device_roles name= + ``` + +### Phase 3: Device Creation + +1. **Get/Create manufacturer and device type:** + ``` + dcim_list_manufacturers name="" + dcim_list_device_types manufacturer_id=X model="" + ``` + +2. **Create device:** + ``` + dcim_create_device + name= + device_type= + role= + site= + platform= + tenant= # if provided + serial= + description="Registered via cmdb-assistant" + ``` + +3. **Create interfaces:** + For each network interface: + ``` + dcim_create_interface + device= + name= + type= + mac_address= + enabled=true + ``` + +4. **Create IP addresses:** + For each IP: + ``` + ipam_create_ip_address + address= + assigned_object_type="dcim.interface" + assigned_object_id= + status="active" + ``` + +5. **Set primary IP:** + ``` + dcim_update_device + id= + primary_ip4= + ``` + +### Phase 4: Container Registration (if Docker) + +1. **Create/Get cluster type:** + ``` + virt_list_cluster_types name="Docker Compose" + virt_create_cluster_type name="Docker Compose" slug="docker-compose" + ``` + +2. **Create cluster:** + ``` + virt_create_cluster + name= + type= + site= + description="Docker Compose stack on " + ``` + +3. **Create VMs for containers:** + For each running container: + ``` + virt_create_vm + name= + cluster= + site= + role= + status="active" + vcpus= + memory= + disk= + ``` + +### Phase 5: Documentation + +Add journal entry: +``` +extras_create_journal_entry + assigned_object_type="dcim.device" + assigned_object_id= + comments="Device registered via /cmdb-register command\n\nDiscovered:\n- X network interfaces\n- Y IP addresses\n- Z Docker containers" +``` + +## Summary Report Template + +```markdown +## Machine Registration Complete + +### Device Created +- **Name:** +- **Site:** +- **Platform:** +- **Role:** +- **ID:** +- **URL:** https://netbox.example.com/dcim/devices// + +### Network Interfaces +| Interface | Type | MAC | IP Address | +|-----------|------|-----|------------| +| eth0 | 1000base-t | aa:bb:cc:dd:ee:ff | 192.168.1.100/24 | + +### Primary IP: 192.168.1.100 + +### Docker Containers Registered (if applicable) +**Cluster:** (ID: ) + +| Container | Role | vCPUs | Memory | Status | +|-----------|------|-------|--------|--------| +| media_jellyfin | Media Server | 2.0 | 2048MB | Active | + +### Next Steps +- Run `/cmdb-sync` periodically to keep data current +- Run `/cmdb-audit` to check data quality +- Add tags for classification +``` + +## Error Handling + +| Error | Action | +|-------|--------| +| Device already exists | Suggest `/cmdb-sync` or ask to proceed | +| Site not found | List available sites, offer to create new | +| Docker not available | Skip container registration, note in summary | +| Permission denied | Note which operations failed, suggest fixes | diff --git a/plugins/cmdb-assistant/skills/ip-management.md b/plugins/cmdb-assistant/skills/ip-management.md new file mode 100644 index 0000000..ae3e24b --- /dev/null +++ b/plugins/cmdb-assistant/skills/ip-management.md @@ -0,0 +1,162 @@ +# IP Management Skill + +IP address and prefix management in NetBox. + +## Prerequisites + +Load skill: `mcp-tools-reference` + +## IPAM Operations + +### Prefix Management + +| Action | Tool | Key Parameters | +|--------|------|----------------| +| List prefixes | `ipam_list_prefixes` | `prefix`, `vrf_id`, `within`, `contains` | +| Get details | `ipam_get_prefix` | `id` | +| Find available child | `ipam_list_available_prefixes` | `prefix_id` | +| Create prefix | `ipam_create_prefix` | `prefix`, `status`, `site`, `vrf` | +| Allocate child | `ipam_create_available_prefix` | `prefix_id`, `prefix_length` | + +### IP Address Management + +| Action | Tool | Key Parameters | +|--------|------|----------------| +| List IPs | `ipam_list_ip_addresses` | `address`, `vrf_id`, `device_id` | +| Get details | `ipam_get_ip_address` | `id` | +| Find available | `ipam_list_available_ips` | `prefix_id` | +| Create IP | `ipam_create_ip_address` | `address`, `assigned_object_type`, `assigned_object_id` | +| Allocate next | `ipam_create_available_ip` | `prefix_id` | +| Assign to interface | `ipam_update_ip_address` | `id`, `assigned_object_id` | + +### VLAN and VRF + +| Action | Tool | +|--------|------| +| List VLANs | `ipam_list_vlans` | +| Get VLAN | `ipam_get_vlan` | +| Create VLAN | `ipam_create_vlan` | +| List VRFs | `ipam_list_vrfs` | +| Get VRF | `ipam_get_vrf` | + +## IP Allocation Workflow + +1. **Find available IPs in target prefix:** + ``` + ipam_list_available_ips prefix_id= + ``` + +2. **Create the IP address:** + ``` + ipam_create_ip_address + address= + assigned_object_type="dcim.interface" + assigned_object_id= + status="active" + ``` + +3. **Set as primary (if needed):** + ``` + dcim_update_device id= primary_ip4= + ``` + +## IP Conflict Detection + +### Conflict Types + +1. **Duplicate IP Addresses** + - Multiple records with same address in same VRF + - Exception: Anycast addresses (check `role` field) + +2. **Overlapping Prefixes** + - Prefixes containing same address space in same VRF + - Legitimate: Parent/child hierarchy, different VRFs, "container" status + +3. **IPs Outside Prefix** + - IP addresses not within any defined prefix + +4. **Same Prefix in Multiple VRFs** (informational) + +### Detection Workflow + +1. **Duplicate Detection:** + - Get all addresses: `ipam_list_ip_addresses` + - Group by address + VRF + - Flag groups with >1 record + +2. **Overlap Detection:** + - Get all prefixes: `ipam_list_prefixes` + - For each VRF, compare prefixes pairwise + - Check if prefix A contains prefix B or vice versa + - Ignore legitimate hierarchies (status=container) + +3. **Orphan IP Detection:** + - For each IP, find containing prefix + - Flag IPs with no prefix match + +### CIDR Math Rules + +- Prefix A **contains** Prefix B if: `A.network <= B.network AND A.broadcast >= B.broadcast` +- Two prefixes **overlap** if: `A.network <= B.broadcast AND B.network <= A.broadcast` + +### Severity Levels + +| Issue | Severity | +|-------|----------| +| Duplicate IP (same interface type) | CRITICAL | +| Duplicate IP (different roles) | HIGH | +| Overlapping prefixes (same status) | HIGH | +| Overlapping prefixes (container ok) | LOW | +| Orphan IP | MEDIUM | + +## Conflict Report Template + +```markdown +## IP Conflict Detection Report + +**Generated:** [timestamp] +**Scope:** [scope parameter] + +### Summary + +| Check | Status | Count | +|-------|--------|-------| +| Duplicate IPs | [PASS/FAIL] | X | +| Overlapping Prefixes | [PASS/FAIL] | Y | +| Orphan IPs | [PASS/FAIL] | Z | + +### Critical Issues + +#### Duplicate IP Addresses + +| Address | VRF | Count | Assigned To | +|---------|-----|-------|-------------| +| 10.0.1.50/24 | Global | 2 | server-01, server-02 | + +**Resolution:** +- Determine which device should have the IP +- Update or remove the duplicate + +#### Overlapping Prefixes + +| Prefix 1 | Prefix 2 | VRF | Type | +|----------|----------|-----|------| +| 10.0.0.0/24 | 10.0.0.0/25 | Global | Unstructured | + +**Resolution:** +- For legitimate hierarchies: Mark parent as status="container" +- For accidental: Consolidate or re-address + +### Remediation Commands + +``` +# Remove duplicate IP +ipam_delete_ip_address id=123 + +# Mark prefix as container +ipam_update_prefix id=456 status=container + +# Create missing prefix +ipam_create_prefix prefix=172.16.5.0/24 status=active +``` +``` diff --git a/plugins/cmdb-assistant/skills/mcp-tools-reference.md b/plugins/cmdb-assistant/skills/mcp-tools-reference.md new file mode 100644 index 0000000..2cd38d4 --- /dev/null +++ b/plugins/cmdb-assistant/skills/mcp-tools-reference.md @@ -0,0 +1,281 @@ +# NetBox MCP Tools Reference + +Complete reference for NetBox MCP tools organized by category. + +## DCIM (Data Center Infrastructure Management) + +### Sites and Locations +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `dcim_list_sites` | List all sites | `name`, `status`, `region_id` | +| `dcim_get_site` | Get site details | `id` | +| `dcim_create_site` | Create new site | `name`, `slug`, `status` | +| `dcim_update_site` | Update site | `id`, fields to update | +| `dcim_delete_site` | Delete site | `id` | +| `dcim_list_locations` | List locations within sites | `site_id`, `parent_id` | +| `dcim_get_location` | Get location details | `id` | +| `dcim_create_location` | Create location | `name`, `slug`, `site` | +| `dcim_update_location` | Update location | `id`, fields to update | +| `dcim_delete_location` | Delete location | `id` | +| `dcim_list_regions` | List regions | `name` | +| `dcim_get_region` | Get region details | `id` | +| `dcim_create_region` | Create region | `name`, `slug` | +| `dcim_update_region` | Update region | `id`, fields to update | +| `dcim_delete_region` | Delete region | `id` | + +### Racks +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `dcim_list_racks` | List racks | `site_id`, `location_id`, `name` | +| `dcim_get_rack` | Get rack details | `id` | +| `dcim_create_rack` | Create rack | `name`, `site`, `u_height` | +| `dcim_update_rack` | Update rack | `id`, fields to update | +| `dcim_delete_rack` | Delete rack | `id` | + +### Devices +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `dcim_list_devices` | List devices | `name`, `site_id`, `role_id`, `status` | +| `dcim_get_device` | Get device details | `id` | +| `dcim_create_device` | Create device | `name`, `device_type`, `role`, `site` | +| `dcim_update_device` | Update device | `id`, `primary_ip4`, etc. | +| `dcim_delete_device` | Delete device | `id` | + +### Device Types and Roles +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `dcim_list_device_types` | List device types | `manufacturer_id`, `model` | +| `dcim_get_device_type` | Get type details | `id` | +| `dcim_create_device_type` | Create device type | `manufacturer`, `model`, `slug` | +| `dcim_update_device_type` | Update device type | `id`, fields | +| `dcim_delete_device_type` | Delete device type | `id` | +| `dcim_list_device_roles` | List device roles | `name` | +| `dcim_get_device_role` | Get role details | `id` | +| `dcim_create_device_role` | Create device role | `name`, `slug` | +| `dcim_update_device_role` | Update device role | `id`, fields | +| `dcim_delete_device_role` | Delete device role | `id` | + +### Manufacturers and Platforms +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `dcim_list_manufacturers` | List manufacturers | `name` | +| `dcim_get_manufacturer` | Get manufacturer details | `id` | +| `dcim_create_manufacturer` | Create manufacturer | `name`, `slug` | +| `dcim_update_manufacturer` | Update manufacturer | `id`, fields | +| `dcim_delete_manufacturer` | Delete manufacturer | `id` | +| `dcim_list_platforms` | List platforms | `name` | +| `dcim_get_platform` | Get platform details | `id` | +| `dcim_create_platform` | Create platform | `name`, `slug` | +| `dcim_update_platform` | Update platform | `id`, fields | +| `dcim_delete_platform` | Delete platform | `id` | + +### Interfaces and Cables +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `dcim_list_interfaces` | List interfaces | `device_id`, `name`, `type` | +| `dcim_get_interface` | Get interface details | `id` | +| `dcim_create_interface` | Create interface | `device`, `name`, `type` | +| `dcim_update_interface` | Update interface | `id`, `enabled`, `mac_address` | +| `dcim_delete_interface` | Delete interface | `id` | +| `dcim_list_cables` | List cables | `device_id`, `site_id` | +| `dcim_get_cable` | Get cable details | `id` | +| `dcim_create_cable` | Create cable | `a_terminations`, `b_terminations` | +| `dcim_update_cable` | Update cable | `id`, fields | +| `dcim_delete_cable` | Delete cable | `id` | + +### Power +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `dcim_list_power_panels` | List power panels | `site_id` | +| `dcim_get_power_panel` | Get panel details | `id` | +| `dcim_create_power_panel` | Create power panel | `name`, `site` | +| `dcim_list_power_feeds` | List power feeds | `power_panel_id` | +| `dcim_get_power_feed` | Get feed details | `id` | +| `dcim_create_power_feed` | Create power feed | `name`, `power_panel`, `supply` | + +### Other DCIM +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `dcim_list_virtual_chassis` | List virtual chassis | (varies) | +| `dcim_get_virtual_chassis` | Get virtual chassis | `id` | +| `dcim_list_inventory_items` | List inventory items | `device_id` | +| `dcim_get_inventory_item` | Get inventory item | `id` | + +## IPAM (IP Address Management) + +### Prefixes +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `ipam_list_prefixes` | List prefixes | `prefix`, `vrf_id`, `within`, `contains` | +| `ipam_get_prefix` | Get prefix details | `id` | +| `ipam_create_prefix` | Create prefix | `prefix`, `status`, `site`, `vrf` | +| `ipam_update_prefix` | Update prefix | `id`, `status`, etc. | +| `ipam_delete_prefix` | Delete prefix | `id` | +| `ipam_list_available_prefixes` | List available child prefixes | `prefix_id` | +| `ipam_create_available_prefix` | Allocate from parent | `prefix_id`, `prefix_length` | + +### IP Addresses +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `ipam_list_ip_addresses` | List IP addresses | `address`, `vrf_id`, `device_id`, `status` | +| `ipam_get_ip_address` | Get IP details | `id` | +| `ipam_create_ip_address` | Create IP address | `address`, `assigned_object_type`, `assigned_object_id` | +| `ipam_update_ip_address` | Update IP address | `id`, `status`, etc. | +| `ipam_delete_ip_address` | Delete IP address | `id` | +| `ipam_list_available_ips` | List available IPs in prefix | `prefix_id` | +| `ipam_create_available_ip` | Allocate next available | `prefix_id` | + +### VLANs and VRFs +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `ipam_list_vlans` | List VLANs | `vid`, `name`, `site_id` | +| `ipam_get_vlan` | Get VLAN details | `id` | +| `ipam_create_vlan` | Create VLAN | `vid`, `name`, `site` | +| `ipam_update_vlan` | Update VLAN | `id`, fields | +| `ipam_delete_vlan` | Delete VLAN | `id` | +| `ipam_list_vlan_groups` | List VLAN groups | `site_id` | +| `ipam_get_vlan_group` | Get VLAN group | `id` | +| `ipam_create_vlan_group` | Create VLAN group | `name`, `slug`, `scope_type` | +| `ipam_list_vrfs` | List VRFs | `name` | +| `ipam_get_vrf` | Get VRF details | `id` | +| `ipam_create_vrf` | Create VRF | `name`, `rd` | +| `ipam_update_vrf` | Update VRF | `id`, fields | +| `ipam_delete_vrf` | Delete VRF | `id` | + +### Other IPAM +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `ipam_list_asns` | List ASNs | (varies) | +| `ipam_get_asn` | Get ASN details | `id` | +| `ipam_create_asn` | Create ASN | `asn`, `rir` | +| `ipam_list_rirs` | List RIRs | `name` | +| `ipam_get_rir` | Get RIR details | `id` | +| `ipam_list_aggregates` | List aggregates | `prefix`, `rir_id` | +| `ipam_get_aggregate` | Get aggregate | `id` | +| `ipam_create_aggregate` | Create aggregate | `prefix`, `rir` | +| `ipam_list_services` | List services | `device_id`, `name` | +| `ipam_get_service` | Get service details | `id` | +| `ipam_create_service` | Create service | `name`, `ports`, `protocol` | + +## Virtualization + +### Clusters +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `virt_list_cluster_types` | List cluster types | `name` | +| `virt_get_cluster_type` | Get cluster type | `id` | +| `virt_create_cluster_type` | Create cluster type | `name`, `slug` | +| `virt_list_cluster_groups` | List cluster groups | `name` | +| `virt_get_cluster_group` | Get cluster group | `id` | +| `virt_create_cluster_group` | Create cluster group | `name`, `slug` | +| `virt_list_clusters` | List clusters | `name`, `site_id`, `type_id` | +| `virt_get_cluster` | Get cluster details | `id` | +| `virt_create_cluster` | Create cluster | `name`, `type`, `site` | +| `virt_update_cluster` | Update cluster | `id`, fields | +| `virt_delete_cluster` | Delete cluster | `id` | + +### Virtual Machines +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `virt_list_vms` | List VMs | `name`, `cluster_id`, `site_id`, `status` | +| `virt_get_vm` | Get VM details | `id` | +| `virt_create_vm` | Create VM | `name`, `cluster`, `site`, `status` | +| `virt_update_vm` | Update VM | `id`, `status`, etc. | +| `virt_delete_vm` | Delete VM | `id` | +| `virt_list_vm_ifaces` | List VM interfaces | `virtual_machine_id` | +| `virt_get_vm_iface` | Get VM interface | `id` | +| `virt_create_vm_iface` | Create VM interface | `virtual_machine`, `name` | + +## Circuits + +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `circuits_list_providers` | List providers | `name` | +| `circuits_get_provider` | Get provider | `id` | +| `circuits_create_provider` | Create provider | `name`, `slug` | +| `circuits_update_provider` | Update provider | `id`, fields | +| `circuits_delete_provider` | Delete provider | `id` | +| `circ_list_types` | List circuit types | `name` | +| `circ_get_type` | Get circuit type | `id` | +| `circ_create_type` | Create circuit type | `name`, `slug` | +| `circuits_list_circuits` | List circuits | `provider_id`, `type_id` | +| `circuits_get_circuit` | Get circuit | `id` | +| `circuits_create_circuit` | Create circuit | `cid`, `provider`, `type` | +| `circuits_update_circuit` | Update circuit | `id`, fields | +| `circuits_delete_circuit` | Delete circuit | `id` | +| `circ_list_terminations` | List terminations | `circuit_id` | +| `circ_get_termination` | Get termination | `id` | +| `circ_create_termination` | Create termination | `circuit`, `site`, `term_side` | + +## Tenancy + +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `tenancy_list_tenant_groups` | List tenant groups | `name` | +| `tenancy_get_tenant_group` | Get tenant group | `id` | +| `tenancy_create_tenant_group` | Create tenant group | `name`, `slug` | +| `tenancy_list_tenants` | List tenants | `name`, `group_id` | +| `tenancy_get_tenant` | Get tenant | `id` | +| `tenancy_create_tenant` | Create tenant | `name`, `slug` | +| `tenancy_update_tenant` | Update tenant | `id`, fields | +| `tenancy_delete_tenant` | Delete tenant | `id` | +| `tenancy_list_contacts` | List contacts | `name` | +| `tenancy_get_contact` | Get contact | `id` | +| `tenancy_create_contact` | Create contact | `name` | + +## VPN + +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `vpn_list_tunnels` | List VPN tunnels | `name` | +| `vpn_get_tunnel` | Get tunnel | `id` | +| `vpn_create_tunnel` | Create tunnel | `name`, `status` | +| `vpn_list_l2vpns` | List L2VPNs | `name` | +| `vpn_get_l2vpn` | Get L2VPN | `id` | +| `vpn_create_l2vpn` | Create L2VPN | `name`, `type` | +| `vpn_list_ike_policies` | List IKE policies | (varies) | +| `vpn_list_ipsec_policies` | List IPSec policies | (varies) | +| `vpn_list_ipsec_profiles` | List IPSec profiles | (varies) | + +## Wireless + +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `wlan_list_groups` | List WLAN groups | `name` | +| `wlan_get_group` | Get WLAN group | `id` | +| `wlan_create_group` | Create WLAN group | `name`, `slug` | +| `wlan_list_lans` | List WLANs | `ssid` | +| `wlan_get_lan` | Get WLAN | `id` | +| `wlan_create_lan` | Create WLAN | `ssid`, `group` | +| `wlan_list_links` | List wireless links | (varies) | +| `wlan_get_link` | Get wireless link | `id` | + +## Extras + +| Tool | Purpose | Key Parameters | +|------|---------|----------------| +| `extras_list_tags` | List tags | `name` | +| `extras_get_tag` | Get tag | `id` | +| `extras_create_tag` | Create tag | `name`, `slug`, `color` | +| `extras_update_tag` | Update tag | `id`, fields | +| `extras_delete_tag` | Delete tag | `id` | +| `extras_list_custom_fields` | List custom fields | `name` | +| `extras_get_custom_field` | Get custom field | `id` | +| `extras_list_webhooks` | List webhooks | `name` | +| `extras_get_webhook` | Get webhook | `id` | +| `extras_list_journal_entries` | List journal entries | `assigned_object_type`, `assigned_object_id` | +| `extras_get_journal_entry` | Get journal entry | `id` | +| `extras_create_journal_entry` | Create journal entry | `assigned_object_type`, `assigned_object_id`, `comments` | +| `extras_list_object_changes` | List audit log | `user_id`, `changed_object_type`, `action` | +| `extras_get_object_change` | Get change details | `id` | +| `extras_list_config_contexts` | List config contexts | `name` | +| `extras_get_config_context` | Get config context | `id` | + +## Common Object Types for Filtering + +| Category | Object Types | +|----------|--------------| +| DCIM | `dcim.device`, `dcim.interface`, `dcim.site`, `dcim.rack`, `dcim.cable` | +| IPAM | `ipam.ipaddress`, `ipam.prefix`, `ipam.vlan`, `ipam.vrf` | +| Virtualization | `virtualization.virtualmachine`, `virtualization.cluster` | +| Tenancy | `tenancy.tenant`, `tenancy.contact` | diff --git a/plugins/cmdb-assistant/skills/sync-workflow.md b/plugins/cmdb-assistant/skills/sync-workflow.md new file mode 100644 index 0000000..f6b053f --- /dev/null +++ b/plugins/cmdb-assistant/skills/sync-workflow.md @@ -0,0 +1,191 @@ +# Sync Workflow Skill + +How to synchronize machine state with NetBox. + +## Prerequisites + +Load these skills: +- `system-discovery` - Bash commands for system info +- `mcp-tools-reference` - MCP tool reference + +## Sync Workflow + +### Phase 1: Device Lookup + +``` +dcim_list_devices name= +``` + +If not found, suggest `/cmdb-register` first. + +If found: +- Store device ID and current field values +- Fetch interfaces: `dcim_list_interfaces device_id=` +- Fetch IPs: `ipam_list_ip_addresses device_id=` +- Check clusters/VMs: `virt_list_clusters`, `virt_list_vms cluster=` + +### Phase 2: Current State Discovery + +Use commands from `system-discovery` skill. + +### Phase 3: Comparison + +#### Device Attributes +| Field | Compare | +|-------|---------| +| Platform | OS version changed? | +| Status | Still active? | +| Serial | Match? | +| Description | Keep existing | + +#### Network Interfaces +| Change Type | Detection | +|-------------|-----------| +| New interface | Exists locally but not in NetBox | +| Removed interface | In NetBox but not locally | +| Changed MAC | MAC address different | +| Interface type | Type mismatch | + +#### IP Addresses +| Change Type | Detection | +|-------------|-----------| +| New IP | Exists locally but not in NetBox | +| Removed IP | In NetBox but not locally | +| Primary IP changed | Default route interface changed | + +#### Docker Containers +| Change Type | Detection | +|-------------|-----------| +| New container | Running locally but no VM in cluster | +| Stopped container | VM exists but container not running | +| Resource change | vCPUs/memory different | + +### Phase 4: Diff Report + +```markdown +## Sync Diff Report + +**Device:** (ID: ) +**NetBox URL:** https://netbox.example.com/dcim/devices// + +### Device Attributes +| Field | NetBox Value | Current Value | Action | +|-------|--------------|---------------|--------| +| Platform | Ubuntu 22.04 | Ubuntu 24.04 | UPDATE | + +### Network Interfaces + +#### New Interfaces (will create) +| Interface | Type | MAC | IPs | +|-----------|------|-----|-----| +| tailscale0 | virtual | - | 100.x.x.x/32 | + +#### Removed Interfaces (will mark offline) +| Interface | Type | Reason | +|-----------|------|--------| +| eth1 | 1000base-t | Not found locally | + +#### Changed Interfaces +| Interface | Field | Old | New | +|-----------|-------|-----|-----| +| eth0 | mac_address | aa:bb:cc:00:00:00 | aa:bb:cc:11:11:11 | + +### IP Addresses + +#### New IPs (will create) +- 192.168.1.150/24 on eth0 + +#### Removed IPs (will unassign) +- 192.168.1.100/24 from eth0 + +### Docker Containers + +#### New Containers (will create VMs) +| Container | Image | Role | +|-----------|-------|------| +| media_lidarr | linuxserver/lidarr | Media Management | + +### Summary +- **Updates:** X +- **Creates:** Y +- **Removals/Offline:** Z +``` + +### Phase 5: Apply Updates + +#### Device Updates +``` +dcim_update_device id= platform= +``` + +#### Interface Updates +New: +``` +dcim_create_interface device= name= type= +``` + +Removed (mark offline): +``` +dcim_update_interface id= enabled=false description="Marked offline by cmdb-sync" +``` + +Changed: +``` +dcim_update_interface id= mac_address= +``` + +#### IP Address Updates +New: +``` +ipam_create_ip_address address= assigned_object_type="dcim.interface" assigned_object_id= +``` + +Removed (unassign): +``` +ipam_update_ip_address id= assigned_object_type=null assigned_object_id=null +``` + +#### Primary IP Update +``` +dcim_update_device id= primary_ip4= +``` + +#### Container/VM Updates +New: +``` +virt_create_vm name= cluster= status="active" +``` + +Stopped: +``` +virt_update_vm id= status="offline" +``` + +### Phase 6: Journal Entry + +``` +extras_create_journal_entry + assigned_object_type="dcim.device" + assigned_object_id= + comments="Device synced via /cmdb-sync command\n\nChanges applied:\n- " +``` + +## Sync Modes + +### Dry Run Mode +- Complete phases 1-4 (lookup, discovery, compare, diff report) +- Skip phases 5-6 (no updates, no journal) +- End with: "Dry run complete. No changes applied." + +### Full Sync Mode +- Skip user confirmation +- Update all fields even if unchanged (force refresh) + +## Error Handling + +| Error | Action | +|-------|--------| +| Device not found | Suggest `/cmdb-register` | +| Permission denied | Note which failed, continue others | +| Cluster not found | Offer to create or skip container sync | +| API errors | Log error, continue with remaining | diff --git a/plugins/cmdb-assistant/skills/system-discovery.md b/plugins/cmdb-assistant/skills/system-discovery.md new file mode 100644 index 0000000..89cc80d --- /dev/null +++ b/plugins/cmdb-assistant/skills/system-discovery.md @@ -0,0 +1,101 @@ +# System Discovery Skill + +Bash commands for gathering system information from the current machine. + +## Basic Device Information + +```bash +# Hostname +hostname + +# OS/Platform info +cat /etc/os-release 2>/dev/null || uname -a + +# Hardware model - Raspberry Pi +cat /proc/device-tree/model 2>/dev/null || echo "Unknown" + +# Hardware model - x86 systems +cat /sys/class/dmi/id/product_name 2>/dev/null || echo "Unknown" + +# Serial number - Raspberry Pi +cat /proc/device-tree/serial-number 2>/dev/null || cat /proc/cpuinfo | grep Serial | cut -d: -f2 | tr -d ' ' 2>/dev/null + +# Serial number - x86 systems +cat /sys/class/dmi/id/product_serial 2>/dev/null || echo "Unknown" + +# CPU count +nproc + +# Memory in MB +free -m | awk '/Mem:/ {print $2}' + +# Disk size in GB (root filesystem) +df -BG / | awk 'NR==2 {print $2}' | tr -d 'G' +``` + +## Network Interfaces + +```bash +# Get interfaces with IPs (JSON format) +ip -j addr show 2>/dev/null || ip addr show + +# Get default gateway interface +ip route | grep default | awk '{print $5}' | head -1 + +# Get MAC addresses +ip -j link show 2>/dev/null || ip link show +``` + +## Running Applications + +```bash +# Docker containers (JSON format) +docker ps --format '{"name":"{{.Names}}","image":"{{.Image}}","status":"{{.Status}}","ports":"{{.Ports}}"}' 2>/dev/null || echo "Docker not available" + +# Docker Compose projects (find compose files) +find ~/apps /home/*/apps -name "docker-compose.yml" -o -name "docker-compose.yaml" 2>/dev/null | head -20 + +# Running systemd services +systemctl list-units --type=service --state=running --no-pager --plain 2>/dev/null | grep -v "^UNIT" | head -30 +``` + +## Interface Type Mapping + +| Interface Pattern | NetBox Type | +|-------------------|-------------| +| `eth*`, `enp*` | `1000base-t` | +| `wlan*` | `ieee802.11ax` | +| `tailscale*`, `docker*`, `br-*` | `virtual` | +| `lo` | Skip (loopback) | + +## Platform Detection + +Based on OS detected, determine platform name: + +| OS Detection | Platform Name | +|--------------|---------------| +| Raspberry Pi OS | `Raspberry Pi OS (Bookworm)` | +| Ubuntu | `Ubuntu {version} LTS` | +| Debian | `Debian {version}` | +| Default | `{OS Name} {Version}` | + +## Device Role Auto-Detection + +Based on detected services: + +| Detection | Suggested Role | +|-----------|----------------| +| Docker containers found | `Docker Host` | +| Only basic services | `Server` | +| Specific role specified | Use specified | + +## Container Role Mapping + +Map container names/images to roles: + +| Container Pattern | Role | +|-------------------|------| +| `*caddy*`, `*nginx*`, `*traefik*` | Reverse Proxy | +| `*db*`, `*postgres*`, `*mysql*`, `*redis*` | Database | +| `*webui*`, `*frontend*` | Web Application | +| Others | Infer from image or use "Container" | diff --git a/plugins/cmdb-assistant/skills/topology-generation.md b/plugins/cmdb-assistant/skills/topology-generation.md new file mode 100644 index 0000000..d5c5fa6 --- /dev/null +++ b/plugins/cmdb-assistant/skills/topology-generation.md @@ -0,0 +1,155 @@ +# Topology Generation Skill + +Generate Mermaid diagrams from NetBox data. + +## Prerequisites + +Load skill: `mcp-tools-reference` + +## View: Rack Elevation + +### Data Collection + +1. Find rack: `dcim_list_racks name=` +2. Get devices: `dcim_list_devices rack_id=` +3. Note for each: `position`, `u_height`, `face`, `name`, `role` + +### Mermaid Template + +```mermaid +graph TB + subgraph rack["Rack: (U)"] + direction TB + u42["U42: empty"] + u41["U41: empty"] + u40["U40: server-01 (Server)"] + u39["U39: server-01 (cont.)"] + u38["U38: switch-01 (Switch)"] + end +``` + +### Rules + +- Mark top U with device name and role +- Mark subsequent Us as "(cont.)" for multi-U devices +- Empty Us show "empty" + +## View: Network Topology + +### Data Collection + +1. List sites: `dcim_list_sites` +2. List devices: `dcim_list_devices site_id=` +3. List cables: `dcim_list_cables` +4. List interfaces: `dcim_list_interfaces device_id=` + +### Mermaid Template + +```mermaid +graph TD + subgraph site1["Site: Home"] + router1[("core-router-01
Router")] + switch1[["dist-switch-01
Switch"]] + server1["web-server-01
Server"] + server2["db-server-01
Server"] + end + + router1 -->|"eth0 - eth1"| switch1 + switch1 -->|"gi0/1 - eth0"| server1 + switch1 -->|"gi0/2 - eth0"| server2 +``` + +### Node Shapes by Role + +| Role | Shape | Mermaid Syntax | +|------|-------|----------------| +| Router | Cylinder | `[(" ")]` | +| Switch | Double brackets | `[[ ]]` | +| Server | Rectangle | `[ ]` | +| Firewall | Hexagon | `{{ }}` | +| Other | Rectangle | `[ ]` | + +### Edge Labels + +Show interface names: `A-side - B-side` + +## View: Site Overview + +### Data Collection + +1. Get site: `dcim_get_site id=` +2. List racks: `dcim_list_racks site_id=` +3. Count devices per rack: `dcim_list_devices rack_id=` + +### Mermaid Template + +```mermaid +graph TB + subgraph site["Site: Headquarters"] + subgraph row1["Row 1"] + rack1["Rack A1
12/42 U used
5 devices"] + rack2["Rack A2
20/42 U used
8 devices"] + end + subgraph row2["Row 2"] + rack3["Rack B1
8/42 U used
3 devices"] + end + end +``` + +## View: Full Infrastructure + +### Data Collection + +1. List regions: `dcim_list_regions` +2. List sites: `dcim_list_sites` +3. Count devices: `dcim_list_devices status=active` + +### Mermaid Template + +```mermaid +graph TB + subgraph region1["Region: Americas"] + site1["Headquarters
3 racks, 25 devices"] + site2["Branch Office
1 rack, 5 devices"] + end + subgraph region2["Region: Europe"] + site3["EU Datacenter
10 racks, 100 devices"] + end + + site1 -.->|"WAN Link"| site3 +``` + +## Output Format + +Always provide: + +1. **Summary** - Brief description of diagram content +2. **Mermaid Code Block** - The diagram code +3. **Legend** - Explanation of shapes and colors +4. **Data Notes** - Any data quality issues + +### Example Output + +```markdown +## Network Topology: Home Site + +This diagram shows network connections between 4 devices at Home site. + +```mermaid +graph TD + router1[("core-router
Router")] + switch1[["main-switch
Switch"]] + server1["homelab-01
Server"] + + router1 -->|"eth0 - gi0/24"| switch1 + switch1 -->|"gi0/1 - eth0"| server1 +``` + +**Legend:** +- Cylinder shape: Routers +- Double brackets: Switches +- Rectangle: Servers + +**Data Notes:** +- 1 device (nas-01) has no cable connections documented +``` diff --git a/plugins/cmdb-assistant/skills/visual-header.md b/plugins/cmdb-assistant/skills/visual-header.md new file mode 100644 index 0000000..0c726e8 --- /dev/null +++ b/plugins/cmdb-assistant/skills/visual-header.md @@ -0,0 +1,32 @@ +# Visual Header Skill + +Standard visual header for cmdb-assistant commands. + +## Header Template + +``` ++----------------------------------------------------------------------+ +| CMDB-ASSISTANT - [Context] | ++----------------------------------------------------------------------+ +``` + +## Context Values by Command + +| Command | Context | +|---------|---------| +| `/cmdb-search` | Search | +| `/cmdb-device` | Device Management | +| `/cmdb-ip` | IP Management | +| `/cmdb-site` | Site Management | +| `/cmdb-audit` | Data Quality Audit | +| `/cmdb-register` | Machine Registration | +| `/cmdb-sync` | Machine Sync | +| `/cmdb-topology` | Topology | +| `/change-audit` | Change Audit | +| `/ip-conflicts` | IP Conflict Detection | +| `/initial-setup` | Setup Wizard | +| Agent mode | Infrastructure Management | + +## Usage + +Display header at the start of every command response before proceeding with the operation.