[rancid] Reverse RANCID
Aaron Dudek
adudek16 at gmail.com
Wed Feb 11 15:49:33 UTC 2015
Isn't this kind of the function Tail-F was proposing?
On Wed, Feb 11, 2015 at 10:31 AM, Alan McKinnon <alan.mckinnon at gmail.com>
wrote:
> On 11/02/2015 14:02, James Bensley wrote:
> > Hi All,
> >
> > I am think about writing a web interface that uses RANCID in the
> > background to make configuration changes on devices. Since RANCID has
> > a bunch of scripts for various device types my thinking is a
> > simple-ish web interface in which I can paste in some config and then
> > use RANCID to log into the device and input the config, also though I
> > can specify some commands and RANCID will run though them and capture
> > output which can be passed to Bash/PERL/Python scripts to interogate
> > the output and check that the BGP sessions have come back up or that
> > the number of routes in a VRF is still the same etc.
> >
> > The goal is: Anything I do on the CLI when making changes to devices
> > can be automated.
> >
> > I know I can push config using the RANCID CLI wrapper scripts but I'm
> > wondering if anyone has done this before to extend RANCID to also run
> > "show" style commands and interogated the output to make checks to
> > valid the success of the change, and also if anyone has made a web
> > interface already (other than the CVS types for RANCID's normal
> > purpose of backing up rather than pushing config) ?
>
>
>
> It doesn't make sense to extend rancid in this way.
>
> Consider rancid's purpose: it logs in, captures the config, diffs it and
> stores the result. Then tells you what the diff is.
>
> None of that involves in any way changing the device in question and it
> is highly recommended that you lock down the rancid user to only the
> specific commands listed in @commands.
>
>
> There is one part of rancid that enables you to do config changes
> however: clogin
>
> Rather do something like this:
> Get the changes you want to make from the user, apply them using clogin
> and then write a framework that will do the double-checking you
> describe. Rancid itself has no code you can leverage to do any of that.
> It's best done in an entirely separate system, with the added benefit
> that rancid will come along in an hour and record the fact of a change
> made.
>
> All this depends however on your Risk department being OK with the idea.
> I know mine would shoot me at the very thought :-)
>
>
>
>
>
>
> --
> Alan McKinnon
> alan.mckinnon at gmail.com
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150211/e9ab71a8/attachment.html>
More information about the Rancid-discuss
mailing list