[rancid] Re: francid on MLX and edge case behaviors.

Jethro R Binks jethro.binks at strath.ac.uk
Thu Feb 26 09:17:47 UTC 2009 

On Wed, 25 Feb 2009, Nick Buraglio wrote:

> This began on the f-nsp list here: 
> http://www.mail-archive.com/foundry-nsp@puck.nether.net/msg01603.html 
> Anyway, I was having trouble getting flogin to work against MLX code 
> 3.9.00a over ssh.  Long story short, the user I had set up had lower 
> privilege and couldn't support the "skip-page-display" command that 
> francid was expecting.  Since I have more experience with pretty much 
> every network vendor other than foundry, I thought this may just be what 
> I like to call a "foundry-ism".  Anyway, I solved this (possibly not the 
> best way) by just changing flogin to call "terminal length 0"  since the 
> MLX code supports it and there are no foundries managed by this instance 
> of rancid that don't.

Sorry I meant to respond to your message on f-nsp :)

Anyway, I can confirm that "terminal length 0" also works on at least the 
BigIrons and Super-X related models, although they also support 
"skip-page-display" anyway (I do not have any MLX).  It may be suitable to 
just send both commands and hope one works.

However, I would add the following note, which may or may not be relevant 
to your environment.  I use a special user for the rancid stuff, which is 
priv level 5:

  username rouser privilege 5 password .....

In order for skip-page-display to work, I need to change specify that I 
can run the command at this (lower) priv level:

  privilege exec level 5 skip-page-display

It turns out if I wanted to use "terminal length 0" I would also need:

  privilege exec level 5 terminal

(I do similar things for a Cisco ASA too).

Working out the variants in command lines on different models or code revs 
even for the same vendor is the most difficult area, and even the most 
innocuous change can break things for someone else ('expect' is pretty 
fragile anyway *cough* Net::Appliance::Session (maybe) *cough*).  Once 
you've actually bagged a copy of the config though, by whatever means, the 
rest of rancid works great!

One potential improvement to make rancid more flexible might be to 
abstract some of these model/code-specific aspects, so that the 
appropriate command to "turn off paging" (if there is one) is determined 
in advance based on the vendor/model/version (with a default otherwise), 
then just the correct one sent.  Then tweaking for other models is a 
matter of modifying the "commands to send" table, and the bulk of the code 
can remain the same, untouched, and hopefully not broken.  There are 
already some tests modifying behaviour based on platform ("if { [ string 
compare "extreme" "$platform" ] }").  However, having said all that, it 
may well not simplify the bulk of the code enough to make the effort 
worthwhile ... (*cough* Net::Appliance::Session again (maybe) *cough*).

A niggle I have is that clogin has been copied to a multitude of other 
*login modules for different vendors, some of which aren't really that 
different, and which don't all necessarily get useful changes made to 
clogin merged back into them.  Some work to reduce this duplication would 
also be beneficial.  I have vaguely looked at the potential for this from 
time to time, but not with any real committment so far.

(Aside: These texts are from Net::Appliance::Session and related modules 
(which has a number of other dependencies like YAML):

"Various models of network device, either from one vendor such as Cisco or 
between vendors, will naturally use alternate command and command prompt 
syntax. Net::Appliance::Session does not hard-code any of these commands 
or pattern matches in its source. They are all loaded at run-time from an 
external phrasebook (a.k.a. dictionary), which you may of course 
override."

"In the world of network appliances, vendors will sometimes change the 
commands used in or even the appearance of the command line interface. 
This might happen between software version releases, or as a new product 
line is released.  However, typically there is an ancestry to all these 
interfaces, so we can base a new product's dictionary on an existing 
dictionary whilst overriding some entries with new values."

I wonder if, by using w(rap)rancid, it would be possible to investigate 
the use of Net::Appliance::Session, without having to touch rancid itself 
...

Jethro.

-- 
.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK

More information about the Rancid-discuss mailing list