[rancid] Re: Modify rancid scripts to enter on Cisco devices level 7 (enable 7 command)

Jethro R Binks jethro.binks at strath.ac.uk
Wed Jun 9 20:52:40 UTC 2010


On Wed, 9 Jun 2010, john heasley wrote:

> > If the facility to change it ever gets added in via .cloginrc, I at least 
> > had part of the framework there, and in the meantime it reminds me to 
> > think about it again every so often.
> 
> i'd have created a separate script for that one, especially because its a
> 3com.  yes, i won't hide my disdain for 3com.

:)  But I did: h3clogin.  That's where I put the simple framework, Just In 
Case.

> but, 'enablecmd' is what i was thinking about.  however, because folks 
> would be inclined to do things like julian is, it affects authorization 
> for other commands and quickly becomes far more complicated.

I was just thinking about the general case of "a device where the enable 
command isn't literally 'enable'", rather than Julian's more specialised 
case where he is specifying a particular priv level, but you are correct 
that in that case it can get complicated.

As it happens, my rancid logs into a ASA/PIX with a user of lower priv 
level; I did have to make some of the commands available to the lower priv 
level.

My 'framework', such as it was, was really an example of my continuing 
view (mentioned before) that the more system-specific detail can be 
abstracted out from the scripts themselves, then the less different the 
scripts become.  It then becomes much easier to:

1. abstract common functions out from the scripts;

2. make updates to general functionality across all the scripts;

3. write a script for a new device, concentrating on just the stuff that 
really is different rather than trying to cobble something together 
comparing different scripts for other different devices

Obviously some devices really are quite different, or pernikity, but if 
you can abstract even the simple things like "what's the command to run to 
get to privileged mode", and "how do i turn off paging" to the clogin 
level, or a simple config file listing the vendors and the equivalent 
commands, then you might get some way down that road.  
Net::Appliance::Session attempts to do something like this, by the use of 
vendor-specific 'phrasebooks', e.g.:

http://cpansearch.perl.org/src/OLIVER/Net-Appliance-Phrasebook-1.8/lib/Net/Appliance/Phrasebook/nas-pb.yml

Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK


More information about the Rancid-discuss mailing list