[rancid] Role Privileges for Nexus 9k

Gauthier, Chris cgauthier at comscore.com
Mon Feb 12 18:35:31 UTC 2018


So, I ran into some challenges with some commands not working in NX-OS.  My solution was, after reading the rancid.types.base file, to create a new profile in rancid.types.conf that was a clone (but with a diff name) of the cisco-nx.  There, I altered the commands to suit my environment, but the rancid.types.base was untouched and free to be updated by the developer later (per a comment at the head of the rancid.types.base file).

Give that a try.  It will take some debugging to find the right subset of commands for you, but it’s the most effective solution I can think of.

--Chris


Chris Gauthier Senior Network Engineer | comScore, Inc.
t +1 (503) 331-2704 | 
cgauthier at comscore.com
317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
comscore.com
​​​This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender.
From: Pico Leto <picoleto420 at gmail.com>
Date: Monday, February 12, 2018 at 8:39 AM
To: "Gauthier, Chris" <cgauthier at comscore.com>
Cc: "Piegorsch, Weylin William" <weylin at bu.edu>, "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] Role Privileges for Nexus 9k

Show inventory is below:

sw1# show version | include hassis ; show version | include ersion
  cisco Nexus9000 C93108TC-EX chassis
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0  or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
  BIOS: version 07.59
  NXOS: version 7.0(3)I4(4)
  System version: 7.0(3)I5(1)

# show inventory
NAME: "Chassis",  DESCR: "Nexus9000 C93108TC-EX chassis"
PID: N9K-C93108TC-EX     ,  VID: V01 ,  SN: FDO20261CKV

NAME: "Slot 1",  DESCR: "48x10GT + 6x40G/100G Ethernet Module"
PID: N9K-C93108TC-EX     ,  VID: V01 ,  SN: FDO20261CKV

NAME: "Power Supply 1",  DESCR: "Nexus9000 C93108TC-EX chassis Power Supply"
PID: NXA-PAC-650W-PE     ,  VID: V01 ,  SN: LIT20130ZDY

NAME: "Power Supply 2",  DESCR: "Nexus9000 C93108TC-EX chassis Power Supply"
PID: NXA-PAC-650W-PE     ,  VID: V01 ,  SN: LIT20130ZDU

NAME: "Fan 1",  DESCR: "Nexus9000 C93108TC-EX chassis Fan Module"
PID: NXA-FAN-30CFM-F     ,  VID: V01 ,  SN: N/A

NAME: "Fan 2",  DESCR: "Nexus9000 C93108TC-EX chassis Fan Module"
PID: NXA-FAN-30CFM-F     ,  VID: V01 ,  SN: N/A

NAME: "Fan 3",  DESCR: "Nexus9000 C93108TC-EX chassis Fan Module"
PID: NXA-FAN-30CFM-F     ,  VID: V01 ,  SN: N/A

NAME: "Fan 4",  DESCR: "Nexus9000 C93108TC-EX chassis Fan Module"
PID: NXA-FAN-30CFM-F     ,  VID: V01 ,  SN: N/A

On Fri, Feb 9, 2018 at 9:58 AM, Gauthier, Chris <cgauthier at comscore.com<mailto:cgauthier at comscore.com>> wrote:
Or just run “show inventory”

Chris

Gauthier

 Senior Network Engineer

 |

comScore, Inc.



t +1 (503) 331-2704<tel:(503)%20331-2704>

 |

cgauthier at comscore.com<mailto:cgauthier at comscore.com>



317<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g> SW<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g> Alder<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g> Street,<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g> Suite<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g> 700<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>

 |<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>

Portland,<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g> OR<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g> 97204<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>

 United<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g> States<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>




comscore.com<http://www.comscore.com/>



​​​This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender.







From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net<mailto:rancid-discuss-bounces at shrubbery.net>> on behalf of "Piegorsch, Weylin William" <weylin at bu.edu<mailto:weylin at bu.edu>>
Date: Thursday, February 8, 2018 at 9:54 PM
To: Pico Leto <picoleto420 at gmail.com<mailto:picoleto420 at gmail.com>>

Cc: "rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Subject: Re: [rancid] Role Privileges for Nexus 9k

If it’s made by Cisco and its running NX-OS, it can’t be an ASR9k:
https://www.cisco.com/c/en/us/products/ios-nx-os-software/nx-os/index.html
(The non-advertised thing is that UCS also runs NX-OS under the hood.)

If it’s a “C93108TC-EX”, then it’s likely a Nexus 93108TC-EX:
https://www.cisco.com/c/en/us/support/switches/nexus-93108tc-ex-switch/model.html

Are you running it in ACI or NXOS mode?  Actually nevermind, 7-point-anything is non-ACI.



To make certain about the hardware type, can you do a “show version | include hassis ; show version | inc ersion” (yes, with those first letters missing to avoid capitalization issues) and send the output?  This is what I get one of my ASR 9k:




RP/0/RSP0/CPU0:Comm595-bdr-gw01#show version | include hassis ; show version | include ersion

#sh ver | include hassis



Fri Feb  9 00:36:45.478 EST

ASR-9001 Chassis



#show ver | inc ersion



Fri Feb  9 00:36:53.058 EST

Cisco IOS XR Software, Version 5.3.3[Default]

ROM: System Bootstrap, Version 2.04(20140227:092320) [ASR9K ROMMON],

RP/0/RSP0/CPU0:Comm595-bdr-gw01#



And one of my Nexus 9k:



cumm111-0b05es63# show version | include hassis ; show version | include ersion
  cisco Nexus9000 C9372PX chassis
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0  or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
  BIOS: version 07.59
  NXOS: version 7.0(3)I5(2)
  System version: 7.0(3)I5(2)
cumm111-0b05es63#



weylin

From: Pico Leto <picoleto420 at gmail.com<mailto:picoleto420 at gmail.com>>
Date: Friday, February 9, 2018 at 12:17 AM
To: Weylin Piegorsch <weylin at bu.edu<mailto:weylin at bu.edu>>
Cc: "rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Subject: Re: [rancid] Role Privileges for Nexus 9k

Hi,

I'm definitely running NX-OS however running the debug under cisco-xr gives me better results, with the exception that the end of run isn't found

$ rancid -t cisco-xr -d host.xx.
loadtype: device type cisco-xr
loadtype: found device type cisco-xr in /usr/local/rancid/etc/rancid.types.base
executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt no-timestamp;admin show version;admin show install summary;admin show license udi;admin show license;admin show variables boot;admin show hw-module fpd location all;show redundancy secondary;show install active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;show controllers;admin show diag;admin show inventory raw;show vlan;show debug;show rpl maximum;admin show running;show running-config" host.xx.
PROMPT MATCH: host.xx#
HIT COMMAND:host.xx#  terminal no-timestamp
    In RunCommand: host.xx#  terminal no-timestamp
HIT COMMAND:host.xx# terminal exec prompt no-timestamp
    In RunCommand: host.xx# terminal exec prompt no-timestamp
HIT COMMAND:host.xx# admin show version
    In ShowVersion: host.xx# admin show version
HIT COMMAND:host.xx# admin show install summary
    In ShowInstallSummary: host.xx# admin show install summary
HIT COMMAND:host.xx# admin show license u
    In ShowLicense: host.xx# admin show license udi
HIT COMMAND:host.xx# admin show license
    In ShowLicense: host.xx# admin show license
HIT COMMAND:host.xx# admin show variables boot
    In ShowBootVar: host.xx# admin show variables boot
HIT COMMAND:host.xx# admin show hw-module fpd location all
    In ShowRunning: host.xx# admin show hw-module fpd location all
HIT COMMAND:host.xx# show redundancy secondary
    In ShowRedundancy: host.xx# show redundancy secondary
HIT COMMAND:host.xx# show install active
    In ShowInstallActive: host.xx# show install active
HIT COMMAND:host.xx# admin show env all
    In ShowEnv: host.xx# admin show env all
HIT COMMAND:host.xx# dir /all nvram:
    In DirSlotN: host.xx# dir /all nvram:
HIT COMMAND:host.xx# dir /all bootflash:
    In DirSlotN: host.xx# dir /all bootflash:
HIT COMMAND:host.xx# dir /all compactflash:
    In DirSlotN: host.xx# dir /all compactflash:
HIT COMMAND:host.xx# dir /all compactflasha:
    In DirSlotN: host.xx# dir /all compactflasha:
HIT COMMAND:host.xx# dir /all slot0:
    In DirSlotN: host.xx# dir /all slot0:
HIT COMMAND:host.xx# dir /all disk0:
    In DirSlotN: host.xx# dir /all disk0:
HIT COMMAND:host.xx# dir /all disk0a:
    In DirSlotN: host.xx# dir /all disk0a:
HIT COMMAND:host.xx# dir /all slot1:
    In DirSlotN: host.xx# dir /all slot1:
HIT COMMAND:host.xx# dir /all disk1:
    In DirSlotN: host.xx# dir /all disk1:
HIT COMMAND:host.xx# dir /all disk1a:
    In DirSlotN: host.xx# dir /all disk1a:
HIT COMMAND:host.xx# dir /all slot2:
    In DirSlotN: host.xx# dir /all slot2:
HIT COMMAND:host.xx# dir /all disk2:
    In DirSlotN: host.xx# dir /all disk2:
HIT COMMAND:host.xx# dir /all harddisk:
    In DirSlotN: host.xx# dir /all harddisk:
HIT COMMAND:host.xx# dir /all harddiska:
    In DirSlotN: host.xx# dir /all harddiska:
HIT COMMAND:host.xx# dir /all harddiskb:
    In DirSlotN: host.xx# dir /all harddiskb:
HIT COMMAND:host.xx# show controllers
    In ShowContAll: host.xx# show controllers
HIT COMMAND:host.xx# admin show diag
    In ShowDiag: host.xx# admin show diag
HIT COMMAND:host.xx# admin show inventory raw
    In ShowInventory: host.xx# admin show inventory raw
HIT COMMAND:host.xx# show vlan
    In ShowVLAN: host.xx# show vlan
HIT COMMAND:host.xx# show debug
    In ShowDebug: host.xx# show debug
HIT COMMAND:host.xx# show rpl maximum
    In ShowRPL: host.xx# show rpl maximum
HIT COMMAND:host.xx# admin show running
    In ShowRunning: host.xx# admin show running
HIT COMMAND:host.xx# show running-config
    In WriteTerm: host.xx# show running-config
host.xx.: End of run not found
host.xx.: found_end is false




On Thu, Feb 8, 2018 at 1:33 PM, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
Doesn’t ASR9k run IOS XR (rancid type “ios-xr”)?  I didn’t think it supported NX-OS.  I’ve only seen NX-OS on Nexus (including N9k), MDS, and UCS devices.
weylin

From: Pico Leto <picoleto420 at gmail.com<mailto:picoleto420 at gmail.com>>
Date: Wednesday, February 7, 2018 at 2:05 PM
To: <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Subject: [rancid] Role Privileges for Nexus 9k

Hi,

I seem to be having some troubles backing up my configs for a ASR9k (C93108TC-EX) running NXOS 7.0.3.I4.4.  My current version of rancid is 3.7

I thought I created the correct role for rancid to run under however my debug seems to end after 'system redundancy status'.  The command is actually available however you have to be in config term mode to see the output.

Role: rancid
  Description: rancid restricted access
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity
  -------------------------------------------------------------------
  4       permit  command                         dir *
  3       permit  command                         show *
  2       permit  command                         terminal *
  1       permit  command                         show running-config

Debug:

rancid -t cisco-nx -d host.xx.xx
loadtype: device type cisco-nx
loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid.types.base
executing clogin -t 90 -c"term no monitor-force;show version;show version build-info all;show license;show license usage;show license host.xx.xx-id;show system redundancy status;show environment clock;show environment fan;show environment fex all fan;show environment temperature;show environment power;show boot;dir bootflash:;dir debug:;dir logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show module xbar;show inventory;show vtp status;show vlan;show debug;show cores vdc-all;show processes log vdc-all;show module fex;show fex;show running-config" host.xx.xx
PROMPT MATCH: host.xx#
HIT COMMAND:host.xx#  term no monitor-force
    In RunCommand: host.xx#  term no monitor-force
HIT COMMAND:host.xx# show version
    In ShowVersion: host.xx# show version
TYPE = NXOS
HIT COMMAND:host.xx# show version build-info all
    In ShowVersionBuild: host.xx# show version build-info all
HIT COMMAND:host.xx# show license
    In ShowLicense: host.xx# show license
HIT COMMAND:host.xx# show license usage
    In ShowLicense: host.xx# show license usage
HIT COMMAND:host.xx# show license host.xx.xx-id
    In ShowLicense: host.xx# show license host.xx.xx-id
HIT COMMAND:host.xx# show system redundancy status
    In ShowRedundancy: host.xx# show system redundancy status
host.xx.xx: show system redundancy status failed: -1
host.xx.xx: missed cmd(s): show environment clock, show environment fan, show environment fex all fan, show environment temperature, show environment power, show boot, dir bootflash:, dir debug:, dir logflash:, dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module xbar, show inventory, show vtp status, show vlan, show debug, show cores vdc-all, show processes log vdc-all, show module fex, show fex
host.xx.xx: End of run not found
host.xx.xx: clean_run is false
host.xx.xx: found_end is false


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180212/895d6c28/attachment.html>


More information about the Rancid-discuss mailing list