jethro.binks at strath
Feb 26, 2009, 1:17 AM
Post #2 of 2
(1235 views)
Permalink
|
|
Re: francid on MLX and edge case behaviors.
[In reply to]
|
|
On Wed, 25 Feb 2009, Nick Buraglio wrote:
> This began on the f-nsp list here:
> http://www.mail-archive.com/foundry-nsp [at] puck/msg01603.html
> Anyway, I was having trouble getting flogin to work against MLX code
> 3.9.00a over ssh. Long story short, the user I had set up had lower
> privilege and couldn't support the "skip-page-display" command that
> francid was expecting. Since I have more experience with pretty much
> every network vendor other than foundry, I thought this may just be what
> I like to call a "foundry-ism". Anyway, I solved this (possibly not the
> best way) by just changing flogin to call "terminal length 0" since the
> MLX code supports it and there are no foundries managed by this instance
> of rancid that don't.
Sorry I meant to respond to your message on f-nsp :)
Anyway, I can confirm that "terminal length 0" also works on at least the
BigIrons and Super-X related models, although they also support
"skip-page-display" anyway (I do not have any MLX). It may be suitable to
just send both commands and hope one works.
However, I would add the following note, which may or may not be relevant
to your environment. I use a special user for the rancid stuff, which is
priv level 5:
username rouser privilege 5 password .....
In order for skip-page-display to work, I need to change specify that I
can run the command at this (lower) priv level:
privilege exec level 5 skip-page-display
It turns out if I wanted to use "terminal length 0" I would also need:
privilege exec level 5 terminal
(I do similar things for a Cisco ASA too).
Working out the variants in command lines on different models or code revs
even for the same vendor is the most difficult area, and even the most
innocuous change can break things for someone else ('expect' is pretty
fragile anyway *cough* Net::Appliance::Session (maybe) *cough*). Once
you've actually bagged a copy of the config though, by whatever means, the
rest of rancid works great!
One potential improvement to make rancid more flexible might be to
abstract some of these model/code-specific aspects, so that the
appropriate command to "turn off paging" (if there is one) is determined
in advance based on the vendor/model/version (with a default otherwise),
then just the correct one sent. Then tweaking for other models is a
matter of modifying the "commands to send" table, and the bulk of the code
can remain the same, untouched, and hopefully not broken. There are
already some tests modifying behaviour based on platform ("if { [ string
compare "extreme" "$platform" ] }"). However, having said all that, it
may well not simplify the bulk of the code enough to make the effort
worthwhile ... (*cough* Net::Appliance::Session again (maybe) *cough*).
A niggle I have is that clogin has been copied to a multitude of other
*login modules for different vendors, some of which aren't really that
different, and which don't all necessarily get useful changes made to
clogin merged back into them. Some work to reduce this duplication would
also be beneficial. I have vaguely looked at the potential for this from
time to time, but not with any real committment so far.
(Aside: These texts are from Net::Appliance::Session and related modules
(which has a number of other dependencies like YAML):
"Various models of network device, either from one vendor such as Cisco or
between vendors, will naturally use alternate command and command prompt
syntax. Net::Appliance::Session does not hard-code any of these commands
or pattern matches in its source. They are all loaded at run-time from an
external phrasebook (a.k.a. dictionary), which you may of course
override."
"In the world of network appliances, vendors will sometimes change the
commands used in or even the appearance of the command line interface.
This might happen between software version releases, or as a new product
line is released. However, typically there is an ancestry to all these
interfaces, so we can base a new product's dictionary on an existing
dictionary whilst overriding some entries with new values."
I wonder if, by using w(rap)rancid, it would be possible to investigate
the use of Net::Appliance::Session, without having to touch rancid itself
...
Jethro.
--
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
|
