[rancid] Re: Download configs from one router through another

Mon Sep 15 01:14:25 UTC 2008

On Fri, Sep 12, 2008 at 02:04:46PM -0400, Graham Fleming wrote:
> Thanks for the reply, Ed. Here's a small snippet of the kind of thing we
> would be using your patch for. This would be one site where we log into
> the GATEWAY router and then from there we would log into the internal
> routers on the 172.16.0.0/24 network.
[...]
> So, what I'd love to be able to do is use wildcards with your patch,
> specifcally the 'usercmd_chat' portion. So instead of one statement for
> each router, we use one for all internal routers like so:
> 
> add user 172.16.0.*            username1
> add autoenable 172.16.0.*      1
> add password 172.16.0.*        {password1}
> add method 172.16.0.*          {usercmd}
> add usercmd 172.16.0.*        {ssh} {username1 at public-ip.address}

All of the above is already supported in RANCID, even without the usercmd
patch.  But what you really need is this:

> add usercmd_chat 172.16.0.*    {Password: } {password2\r}
> {GATEWAY-PROMPT#} {ssh $INTERNAL_IP\r} {Password: } {password1\r}
> {$INTERNAL_PROMPT#} {\r}
> 
> Where  {ssh $INTERNAL_IP\r} would be the value for the wildcarded
> internal IP address and {ssh $INTERNAL_IP\r} could somehow be a wilcard
> value to match any prompt.

Not yet supported.  Should be doable by creating escapes that evaluate
to the current value of variables like $router, which corresponds to the
"$INTERNAL_IP" that you want above.  It's a bit harder for the prompt -
if you are using IP addresses to connect to the router, if your DNS
is set up properly then some new code could do a reverse lookup and
use that to build the router prompt.

It occurs to me that all this could be done with a new feature in cloginrc:
the ability to specify that the string value should be evaluated when
"find()" is called in clogin to look up the value, rather than when 
cloginrc is sourced.  Maybe put a leading \ or @ or other unlikely
escape character - then, when find() is called, if it sees the value
has the escape character, it runs "eval" on the string, which could
include variables like $router, function calls, etc.

> ... Similarly, is there a way to accept
> any value for the internal router's prompt so we don't need to use
> specific values for each router?

Yes, you could use a regexp pattern match that was indifferent to
the name of the router - but it might match something in the login
sequence and then you're stuck.

Here's what might be a workaround - if you're not into programming tcl
and changing clogin, you could write a script or program in any language
to create a password file that is included into the run by your cloginrc.

	-- Ed