[rancid] Re: Pulling down context configs from a Cisco FWSM

Rob Shepherd rob at techniumcast.com
Tue Mar 27 10:24:29 UTC 2007 

Lance Vermilion wrote:
> Justin,
> 
> Great idea. [...] I am not sure how the config looks for the admin view with
> multiple contexts, but we have only the admin and system contexts and
> the configs are the same that I can tell.
> 

Here is the output from my system with multiple contexts.

> cast-tec-mr2-c5-fsm1/cast# changeto system
> cast-tec-mr2-c5-fsm1# show context
> Context Name      Class      Interfaces           URL
> *cast             cast       vlan3,164,501,511    disk:/cast.cfg
>  university       university vlan216,316,416,501,511 disk:/university.cfg
>  inspired-broadcast inspired-b vlan217,317,417,501,511 disk:/inspired-broadcast.cfg
>  bdex             default    vlan218,318,418,501,511 disk:/bdex.cfg
>  cast-shared-servers cast       vlan102,511          disk:/cast-shared-servers.cfg
>  alcatel-ipt      alcatel-ip vlan511,601,616-626,632 disk:/alcatel-ipt.cfg
>  netability       netability vlan219,319,419,501,511 disk:/netability.cfg
>  etl              etl        vlan223,323,423,501,511 disk:/etl.cfg
>  celeritas        celeritas  vlan220,320,420,501,511 disk:/celeritas.cfg
>  brandsauce       brandsauce vlan221,321,421,501,511 disk:/brandsauce.cfg
>  eon              eon        vlan222,322,422,501,511 disk:/eon.cfg
>  neat3d           neat3d     vlan224,324,424,501,511 disk:/neat3d.cfg
>  lightwave-technologies lightwave- vlan225,325,425,501,511 disk:/lightwave-technologies.cfg
>  guest-networks   guest-netw vlan426,501,504-505,508,511 disk:/guest-networks.cfg
>  event-networks   event-netw vlan501,506-507,511  disk:/event-networks.cfg
>  wag              wag        vlan226,326,501,511  disk:/wag.cfg
> 
> Total active Security Contexts: 16
> cast-tec-mr2-c5-fsm1#

So, in through system context (*).....

login
enable
changeto system
show context | awk '{print $1}' | sed -e 's/\*//g' | while read CTXT
do
	changeto context $CTXT
	// normal RANCID operations
	changeto system
done

I would be very interested in having this functionality.
I would also be interested in helping to code up the changes necessary. However I've never coded in perl, so I can't understand most of rancid.

Does somebody who knows the architecture have the time to block diagram the required changes? And mock up the process by which multiple context 
outputs can go to different files in the repository, just like separate hosts.

I'm eager to get a reliable backup system for my multi context FWSMs.

I've also got Standby-Failover FWSMs, but that a headache for another day.....

Cheers

Rob


-- 
Rob Shepherd BEng PhD | Computer and Network Engineer | CAST Ltd
Technium CAST | LL57 4HJ | http://www.techniumcast.com
rob at techniumcast.com | 01248 675024 | 077988 72480

More information about the Rancid-discuss mailing list