[rancid] Things to consider for next version of nxrancid.

Per-Olof Olsson peo at chalmers.se
Fri Feb 17 16:34:45 UTC 2012 

Have done some work to understand, test and update nxrancid.
This special version is only tested on nexus 5000 os: 4.2(1)N2(1a)
but I hoop that part of this can be get input to next versions of nxrancid.



1. Time to clean up and remove "comment away" IOS code from nxrancid?

2. "term no monitor-force" can't find this command.
    Only found "terminal no monitor" in NXos manuals
    Isn't terminal settings reset for each new session? Not needed.

3. Removed some none-NXos error texts, in parsing subroutines.

4. Try to make a more common error handler for subroutine parsing data.

5  Let switch-admin control what "show" and "dir" commands that are
    permitted when logon to a "read only" restricted user.
    Have to change 'return(-1)' "abort" to 'return(1)' "continue" when
    parsing "% Permission denied".

    Mandatory commands to define in rancid_role:
       "terminal *" to fix terminal settings at login (rule 1).
       "show running-config" to backup config. (rule 2)

    Rest of show and dir commands is up to admin to permit when
    defining role.

------from nexus config---------------
role name rancid_role
   description rancid restricted access
   rule 4 permit command dir *
   rule 3 permit command show *
   rule 2 permit command terminal *
   rule 1 permit command show running-config
username rancid password 5 <pwd removed>  role rancid_role
username rancid sshkey ssh-rsa <ssh-key removed>
---------------------------------------------

6. Looks like a bug when login in to restricted user for
    "show debug" command. It return two "Permission denied"!
    Can't test if this is solved in later NX versions.
    Only have two nexus switches in full production.
    Just add a fix for it, in my version of nxrancid.
-------
nx-switch# show debug

% Permission denied
Debug level is set to Minor(1)
% Permission denied

nx-switch#
-------------------


/Peo
----------------------------------------------------------
Per-Olof Olsson               Email: peo at chalmers.se
Chalmers tekniska högskola    IT-service
Hörsalsvägen 5                412 96 Göteborg
Tel: 031/772 6738  Fax: 031/772 8680
----------------------------------------------------------
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: nxrancid.in
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20120217/c3bcfcc5/attachment.ksh>

More information about the Rancid-discuss mailing list