[rancid] Re: Pulling down context configs from a Cisco FWSM

Ed Ravin eravin at panix.com
Wed Mar 28 19:18:16 UTC 2007


On Wed, Mar 28, 2007 at 10:38:42AM -0700, Lance wrote:
> It is possible to do it another way such as creating host entries in
> your /etc/host file for each context on each firewall, but that would
> be a great idea as it wouldn't scale well and wouldn't be completely
> dynamic as we like to have things these days.

How about creating a whole new RANCID group for the contexts of a
particular firewall?  Then your scripts could manage the router.db
for that group, adding entries when new contexts are discovered, and
create the appropriate config files for each context so that RANCID's
version control scripts think each context is a separate router config,
and do all the diffs and archiving the usual way.

You'd need new "contextrancid" and "contextlogin" scripts.  You'd also
need a parent script that would run "contextlogin" to get a list of
contexts on the router, then manage routers.db as needed.  Maybe that
script could be built into "contextrancid", and it would just have to
keep a statefile somewhere so it could figure out that it's being invoked
multiple times for the same router.

Oh yeah, and you'd need to use either my rancid-fe patches for configurable
device types (see the list archives for my hp4000m or ciscorsh scripts),
or hard-code a new device type in rancid-fe.



More information about the Rancid-discuss mailing list