[rancid] Role Privileges for Nexus 9k
heasley
heas at shrubbery.net
Fri Feb 23 02:23:37 UTC 2018
Wed, Feb 07, 2018 at 11:05:19AM -0800, Pico Leto:
> Hi,
>
> I seem to be having some troubles backing up my configs for a ASR9k
> (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7
>
> I thought I created the correct role for rancid to run under however my
> debug seems to end after 'system redundancy status'. The command is
> actually available however you have to be in config term mode to see the
> output.
>
> Role: rancid
> Description: rancid restricted access
> Vlan policy: permit (default)
> Interface policy: permit (default)
> Vrf policy: permit (default)
> -------------------------------------------------------------------
> Rule Perm Type Scope Entity
> -------------------------------------------------------------------
> 4 permit command dir *
> 3 permit command show *
> 2 permit command terminal *
> 1 permit command show running-config
>
> Debug:
>
> rancid -t cisco-nx -d host.xx.xx
> loadtype: device type cisco-nx
> loadtype: found device type cisco-nx in
> /usr/local/rancid/etc/rancid.types.base
> executing clogin -t 90 -c"term no monitor-force;show version;show version
> build-info all;show license;show license usage;show license
> host.xx.xx-id;show system redundancy status;show environment clock;show
> environment fan;show environment fex all fan;show environment
> temperature;show environment power;show boot;dir bootflash:;dir debug:;dir
> logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show
> module xbar;show inventory;show vtp status;show vlan;show debug;show cores
> vdc-all;show processes log vdc-all;show module fex;show fex;show
> running-config" host.xx.xx
> PROMPT MATCH: host.xx#
> HIT COMMAND:host.xx# term no monitor-force
> In RunCommand: host.xx# term no monitor-force
> HIT COMMAND:host.xx# show version
> In ShowVersion: host.xx# show version
> TYPE = NXOS
> HIT COMMAND:host.xx# show version build-info all
> In ShowVersionBuild: host.xx# show version build-info all
> HIT COMMAND:host.xx# show license
> In ShowLicense: host.xx# show license
> HIT COMMAND:host.xx# show license usage
> In ShowLicense: host.xx# show license usage
> HIT COMMAND:host.xx# show license host.xx.xx-id
> In ShowLicense: host.xx# show license host.xx.xx-id
> HIT COMMAND:host.xx# show system redundancy status
> In ShowRedundancy: host.xx# show system redundancy status
> host.xx.xx: show system redundancy status failed: -1
> host.xx.xx: missed cmd(s): show environment clock, show environment fan,
There was a recent change for show red and show env fex recently:
nxos.pm: filter show redundancy/show env fex when unsupported
which you can grab here:
http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/lib/nxos.pm.in
Weylin's good advice aside, perhaps try running it as a user whose account
is not limited to ensure that it is not a failure of rancid itself due to
some caveat of the platform. You can also look at the output of what
rancid collects and look for authorization falures:
rancid -t cisco-nx -C device
will give you the full command that rancid would run.
> show environment fex all fan, show environment temperature, show
> environment power, show boot, dir bootflash:, dir debug:, dir logflash:,
> dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module
> xbar, show inventory, show vtp status, show vlan, show debug, show cores
> vdc-all, show processes log vdc-all, show module fex, show fex
> host.xx.xx: End of run not found
> host.xx.xx: clean_run is false
> host.xx.xx: found_end is false
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
More information about the Rancid-discuss
mailing list