[rancid] Role Privileges for Nexus 9k

heasley heas at shrubbery.net
Fri Feb 23 02:23:37 UTC 2018

Wed, Feb 07, 2018 at 11:05:19AM -0800, Pico Leto:
> Hi,
> I seem to be having some troubles backing up my configs for a ASR9k
> (C93108TC-EX) running NXOS 7.0.3.I4.4.  My current version of rancid is 3.7
> I thought I created the correct role for rancid to run under however my
> debug seems to end after 'system redundancy status'.  The command is
> actually available however you have to be in config term mode to see the
> output.
> Role: rancid
>   Description: rancid restricted access
>   Vlan policy: permit (default)
>   Interface policy: permit (default)
>   Vrf policy: permit (default)
>   -------------------------------------------------------------------
>   Rule    Perm    Type        Scope               Entity
>   -------------------------------------------------------------------
>   4       permit  command                         dir *
>   3       permit  command                         show *
>   2       permit  command                         terminal *
>   1       permit  command                         show running-config
> Debug:
> rancid -t cisco-nx -d host.xx.xx
> loadtype: device type cisco-nx
> loadtype: found device type cisco-nx in
> /usr/local/rancid/etc/rancid.types.base
> executing clogin -t 90 -c"term no monitor-force;show version;show version
> build-info all;show license;show license usage;show license
> host.xx.xx-id;show system redundancy status;show environment clock;show
> environment fan;show environment fex all fan;show environment
> temperature;show environment power;show boot;dir bootflash:;dir debug:;dir
> logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show
> module xbar;show inventory;show vtp status;show vlan;show debug;show cores
> vdc-all;show processes log vdc-all;show module fex;show fex;show
> running-config" host.xx.xx
> PROMPT MATCH: host.xx#
> HIT COMMAND:host.xx#  term no monitor-force
>     In RunCommand: host.xx#  term no monitor-force
> HIT COMMAND:host.xx# show version
>     In ShowVersion: host.xx# show version
> HIT COMMAND:host.xx# show version build-info all
>     In ShowVersionBuild: host.xx# show version build-info all
> HIT COMMAND:host.xx# show license
>     In ShowLicense: host.xx# show license
> HIT COMMAND:host.xx# show license usage
>     In ShowLicense: host.xx# show license usage
> HIT COMMAND:host.xx# show license host.xx.xx-id
>     In ShowLicense: host.xx# show license host.xx.xx-id
> HIT COMMAND:host.xx# show system redundancy status
>     In ShowRedundancy: host.xx# show system redundancy status
> host.xx.xx: show system redundancy status failed: -1
> host.xx.xx: missed cmd(s): show environment clock, show environment fan,

There was a recent change for show red and show env fex recently:

        nxos.pm: filter show redundancy/show env fex when unsupported

which you can grab here:

Weylin's good advice aside, perhaps try running it as a user whose account
is not limited to ensure that it is not a failure of rancid itself due to
some caveat of the platform.  You can also look at the output of what
rancid collects and look for authorization falures:
	rancid -t cisco-nx -C device
will give you the full command that rancid would run.

> show environment fex all fan, show environment temperature, show
> environment power, show boot, dir bootflash:, dir debug:, dir logflash:,
> dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module
> xbar, show inventory, show vtp status, show vlan, show debug, show cores
> vdc-all, show processes log vdc-all, show module fex, show fex
> host.xx.xx: End of run not found
> host.xx.xx: clean_run is false
> host.xx.xx: found_end is false

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

More information about the Rancid-discuss mailing list