[rancid] Re: Modify rancid scripts to enter on Cisco devices level 7 (enable 7 command)
Jethro R Binks
jethro.binks at strath.ac.uk
Wed Jun 9 20:52:40 UTC 2010
On Wed, 9 Jun 2010, john heasley wrote:
> > If the facility to change it ever gets added in via .cloginrc, I at least
> > had part of the framework there, and in the meantime it reminds me to
> > think about it again every so often.
> i'd have created a separate script for that one, especially because its a
> 3com. yes, i won't hide my disdain for 3com.
:) But I did: h3clogin. That's where I put the simple framework, Just In
> but, 'enablecmd' is what i was thinking about. however, because folks
> would be inclined to do things like julian is, it affects authorization
> for other commands and quickly becomes far more complicated.
I was just thinking about the general case of "a device where the enable
command isn't literally 'enable'", rather than Julian's more specialised
case where he is specifying a particular priv level, but you are correct
that in that case it can get complicated.
As it happens, my rancid logs into a ASA/PIX with a user of lower priv
level; I did have to make some of the commands available to the lower priv
My 'framework', such as it was, was really an example of my continuing
view (mentioned before) that the more system-specific detail can be
abstracted out from the scripts themselves, then the less different the
scripts become. It then becomes much easier to:
1. abstract common functions out from the scripts;
2. make updates to general functionality across all the scripts;
3. write a script for a new device, concentrating on just the stuff that
really is different rather than trying to cobble something together
comparing different scripts for other different devices
Obviously some devices really are quite different, or pernikity, but if
you can abstract even the simple things like "what's the command to run to
get to privileged mode", and "how do i turn off paging" to the clogin
level, or a simple config file listing the vendors and the equivalent
commands, then you might get some way down that road.
Net::Appliance::Session attempts to do something like this, by the use of
vendor-specific 'phrasebooks', e.g.:
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
More information about the Rancid-discuss