[rancid] Nexus 1000v switch-router

Discussion:

Charles T. Brooks

2016-06-30 14:34:05 UTC

Hullo all

I've poked around the list archives and haven't found any information about using RANCiD with the Cisco 1000V virtualized switch/router. (Information on that product here - http://www.cisco.com/c/en/us/products/collateral/switches/nexus-1000v-switch-vmware-vsphere/data_sheet_c78-492971.html)

If I use a device type of "cisco" it works, but has the same minor but annoying problems that you get when monitoring a Nexus 5K with device type cisco. If I use device type "cisco-nx" it simply does not work at all - after 24 hours I start getting the "unable to connect to device" emails every hour. Has anyone else run into this yet, or am I the first?

--Charlie

PS: I implemented rancid with git and gitweb a month ago and set up monitoring and automatic remote git a month or so ago and it's FANTASTIC... saves me a lot of work and the price is right. Thank you Mr. Heasley and co-conspirators!

--C
------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the
intended recipient(s) and may contain privileged confidential information
protected by law. Any unauthorized review, use, disclosure or distribution
of this message is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------

heasley

2016-06-30 15:43:56 UTC

Permalink

Thu, Jun 30, 2016 at 02:34:05PM +0000, Charles T. Brooks:
> Hullo all
>
> I've poked around the list archives and haven't found any information about using RANCiD with the Cisco 1000V virtualized switch/router. (Information on that product here - http://www.cisco.com/c/en/us/products/collateral/switches/nexus-1000v-switch-vmware-vsphere/data_sheet_c78-492971.html)
>
> If I use a device type of "cisco" it works, but has the same minor but annoying problems that you get when monitoring a Nexus 5K with device type cisco. If I use device type "cisco-nx" it simply does not work at all - after 24 hours I start getting the "unable to connect to device" emails every hour. Has anyone else run into this yet, or am I the first?

which are what?

I do not know what would be particular about the 1000v over other nexus,
besides perhaps environmentals, which was fixed in rancid 3.3. Assuming
you have rancid 3.3 or newer, would you send the output of

rancid -t cisco-nx -d hostname

Charles T. Brooks

2016-06-30 16:48:25 UTC

Permalink

I'm using rancid v3.4.1, which I think is the latest? Anyway, I had to add /usr/libexec/rancid to my PATH, but then I got this:

-bash-4.2$ rancid -t cisco-nx -d nx1k-03.hbcs.org
loadtype: device type cisco-nx
loadtype: found device type cisco-nx in /etc/rancid/rancid.types.base
executing clogin -t 90 -c"term no monitor-force;show version;show version build-info all;show license;show license usage;show license host-id;show system redundancy status;show environment clock;show environment fan;show environment fex all fan;show environment temperature;show environment power;show boot;dir bootflash:;dir debug:;dir logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show module xbar;show inventory;show vtp status;show vlan;show debug;show cores vdc-all;show processes log vdc-all;show module fex;show fex;show running-config" nx1k-03.hbcs.org
PROMPT MATCH: nx1k-03#
HIT COMMAND:nx1k-03# term no monitor-force
In RunCommand: nx1k-03# term no monitor-force
HIT COMMAND:nx1k-03# show version
In ShowVersion: nx1k-03# show version
TYPE = NXOS
HIT COMMAND:nx1k-03# show version build-info all
In ShowVersionBuild: nx1k-03# show version build-info all
HIT COMMAND:nx1k-03# show license
In ShowLicense: nx1k-03# show license
HIT COMMAND:nx1k-03# show license usage
In ShowLicense: nx1k-03# show license usage
HIT COMMAND:nx1k-03# show license host-id
In ShowLicense: nx1k-03# show license host-id
HIT COMMAND:nx1k-03# show system redundancy status
In ShowRedundancy: nx1k-03# show system redundancy status
HIT COMMAND:nx1k-03# show environment clock
In ShowEnv: nx1k-03# show environment clock
HIT COMMAND:nx1k-03# show environment fan
In ShowEnv: nx1k-03# show environment fan
HIT COMMAND:nx1k-03# show environment fex all fan
In ShowEnv: nx1k-03# show environment fex all fan
HIT COMMAND:nx1k-03# show environment temperature
In ShowEnvTemp: nx1k-03# show environment temperature
nx1k-03.hbcs.org: show environment temperature failed: -1
nx1k-03.hbcs.org: missed cmd(s): show module,dir usb1:,dir debug:,show debug,show cores vdc-all,show vtp status,show module xbar,show environment power,show inventory,dir usb2:,show vlan,dir volatile:,dir bootflash:,dir slot0:,show module fex,show processes log vdc-all,dir logflash:,show fex,show running-config,show boot
nx1k-03.hbcs.org: missed cmd(s): show module,dir usb1:,dir debug:,show debug,show cores vdc-all,show vtp status,show module xbar,show environment power,show inventory,dir usb2:,show vlan,dir volatile:,dir bootflash:,dir slot0:,show module fex,show processes log vdc-all,dir logflash:,show fex,show running-config,show boot
nx1k-03.hbcs.org: End of run not found
nx1k-03.hbcs.org: End of run not found
!Env: ^
-bash-4.2$

If the craptacular mail agent my employers force me to use has garbaged this up, I can send you a text file.

As I mentioned earlier, the 1000V runs NX-OS, but it's running inside a virtual environment provided by Cisco UCS.

--Charlie

________________________________________
From: heasley [***@shrubbery.net]
Sent: Thursday, June 30, 2016 11:43 AM
To: Charles T. Brooks
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Nexus 1000v switch-router

Thu, Jun 30, 2016 at 02:34:05PM +0000, Charles T. Brooks:
> Hullo all
>
> I've poked around the list archives and haven't found any information about using RANCiD with the Cisco 1000V virtualized switch/router. (Information on that product here - http://www.cisco.com/c/en/us/products/collateral/switches/nexus-1000v-switch-vmware-vsphere/data_sheet_c78-492971.html)
>
> If I use a device type of "cisco" it works, but has the same minor but annoying problems that you get when monitoring a Nexus 5K with device type cisco. If I use device type "cisco-nx" it simply does not work at all - after 24 hours I start getting the "unable to connect to device" emails every hour. Has anyone else run into this yet, or am I the first?

which are what?

I do not know what would be particular about the 1000v over other nexus,
besides perhaps environmentals, which was fixed in rancid 3.3. Assuming
you have rancid 3.3 or newer, would you send the output of

rancid -t cisco-nx -d hostname
------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the
intended recipient(s) and may contain privileged confidential information
protected by law. Any unauthorized review, use, disclosure or distribution
of this message is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------

heasley

2016-06-30 17:21:29 UTC

Permalink

Thu, Jun 30, 2016 at 04:48:25PM +0000, Charles T. Brooks:
> I'm using rancid v3.4.1, which I think is the latest? Anyway, I had to add /usr/libexec/rancid to my PATH, but then I got this:

or ". rancid.conf" will set the PERL5LIB for you.

> HIT COMMAND:nx1k-03# show environment temperature
> In ShowEnvTemp: nx1k-03# show environment temperature
> nx1k-03.hbcs.org: show environment temperature failed: -1

would you show me the error that the cli produces for this command?

Charles T. Brooks

2016-06-30 19:08:47 UTC

Permalink

Thanks for the . /etc/rancid/rancid.conf trick! I should have thought of that. I'm new to RANCiD and to Cisco UCS and this particular switch, but I know Cisco's other routers and switches pretty well, and I can code.

>would you show me the error that the cli produces for this command?

nx1k-03# show environment temperature
^
% Invalid command at '^' marker.
nx1k-03#

The Nexus 1000V switch is virtual, so it lives in a cloudy spoogeball of UCS virtuosity, and sort of floats around the redundant UCS chassis without having any specific environment or hardware. I think Cisco ripped out all the "show environment" commands completely; they don't show up in the help if I do "show ?" despite using the admin account/network-admin role.

BTW, you're absolutely right that the commands listed /etc/rancid/rancid.types.base include "show vlan" for both the cisco and cisco-nx device types. However, in practice, I can look at the configs stored in git and when I use the cisco device type the output of show vlan is present (prefixed with !VLAN) and when I use the cisco-nx device type that output is entirely missing, and there is no !VLAN prefix to be found. Hold on, I'll grep it to be sure I'm not blind - nope, there is no !VLAN prefix in the config retrieved by rancid 3.4.1 using device type cisco-nx. And that's a good thing, a desirable behavior in my opinion.

--Charlie
________________________________________
From: heasley [***@shrubbery.net]
Sent: Thursday, June 30, 2016 1:21 PM
To: Charles T. Brooks
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Nexus 1000v switch-router

Thu, Jun 30, 2016 at 04:48:25PM +0000, Charles T. Brooks:
> I'm using rancid v3.4.1, which I think is the latest? Anyway, I had to add /usr/libexec/rancid to my PATH, but then I got this:

or ". rancid.conf" will set the PERL5LIB for you.

> HIT COMMAND:nx1k-03# show environment temperature
> In ShowEnvTemp: nx1k-03# show environment temperature
> nx1k-03.hbcs.org: show environment temperature failed: -1

would you show me the error that the cli produces for this command?
------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the
intended recipient(s) and may contain privileged confidential information
protected by law. Any unauthorized review, use, disclosure or distribution
of this message is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------

Charles T. Brooks

2016-06-30 16:59:05 UTC

Permalink

Well, it works with device-type cisco, but not with device-type cisco-nx, so I'm pretty sure the transport layer is fine.

When you use device-type cisco with an NX-os device like a Nexus switch, each time a port is assigned you will get a great deal of spurious output. This is because the NX-os devices report VLAN configurations like this:

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
100 VLAN0100 active Po3, Po4, Po5, Po6, Po7, Po8
Veth1, Veth2, Veth4, Veth7
Veth9, Veth10, Veth13, Veth14
Veth15, Veth16, Veth17, Veth18
Veth21, Veth22, Veth23, Veth24
Veth25, Veth26, Veth29, Veth30
(etc. to arbitrary number of ports)

If, in the example above, I delete virtual ethernet port #2 (Veth2) it will cause changes in roughly 24 lines, because NX-os will rejigger every single line for this vlan by "bumping up" the ports into the four-ports per line form. Does that make sense? Anyway, somebody moves one or two ports, and instead of getting the actual one or two line config change I get 40 or fifty lines of noise emailed to all the netadmins.

The cisco-nx device type addresses this problem (although frankly I don't know how; I suspect it just doesn't do a "show vlan" command).

--Charlie

________________________________________
From: Josh Hildebrand [***@newgistics.com]
Sent: Thursday, June 30, 2016 10:57 AM
To: Charles T. Brooks
Subject: RE: Nexus 1000v switch-router

Sounds like an SSH or vty access-list issue, honestly..
Test with "clogin <hostname>" on the command line.. if it doesn't work, then RANCID has no chance of working..

-----Original Message-----
From: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Charles T. Brooks
Sent: Thursday, June 30, 2016 9:34 AM
To: rancid-***@shrubbery.net
Subject: [rancid] Nexus 1000v switch-router

Hullo all

I've poked around the list archives and haven't found any information about using RANCiD with the Cisco 1000V virtualized switch/router. (Information on that product here - http://www.cisco.com/c/en/us/products/collateral/switches/nexus-1000v-switch-vmware-vsphere/data_sheet_c78-492971.html)

If I use a device type of "cisco" it works, but has the same minor but annoying problems that you get when monitoring a Nexus 5K with device type cisco. If I use device type "cisco-nx" it simply does not work at all - after 24 hours I start getting the "unable to connect to device" emails every hour. Has anyone else run into this yet, or am I the first?

--Charlie

PS: I implemented rancid with git and gitweb a month ago and set up monitoring and automatic remote git a month or so ago and it's FANTASTIC... saves me a lot of work and the price is right. Thank you Mr. Heasley and co-conspirators!

--C
------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Confidentiality Notice: This email and any attachments accompanying this electronic transmission may contain confidential and privileged information. The information is intended for the sole use of the intended recipient(s) and entity named above. If you are not the intended recipient, you are hereby notified that any further distribution, disclosure, copying, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and destroy all copies of the original message.
------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the
intended recipient(s) and may contain privileged confidential information
protected by law. Any unauthorized review, use, disclosure or distribution
of this message is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------

heasley

2016-06-30 17:25:49 UTC

Permalink

Thu, Jun 30, 2016 at 04:59:05PM +0000, Charles T. Brooks:
> When you use device-type cisco with an NX-os device like a Nexus switch, each time a port is assigned you will get a great deal of spurious output. This is because the NX-os devices report VLAN configurations like this:
>
>
> VLAN Name Status Ports
> ---- -------------------------------- --------- -------------------------------
> 1 default active
> 100 VLAN0100 active Po3, Po4, Po5, Po6, Po7, Po8
> Veth1, Veth2, Veth4, Veth7
> Veth9, Veth10, Veth13, Veth14
> Veth15, Veth16, Veth17, Veth18
> Veth21, Veth22, Veth23, Veth24
> Veth25, Veth26, Veth29, Veth30
> (etc. to arbitrary number of ports)
>
> If, in the example above, I delete virtual ethernet port #2 (Veth2) it will cause changes in roughly 24 lines, because NX-os will rejigger every single line for this vlan by "bumping up" the ports into the four-ports per line form. Does that make sense? Anyway, somebody moves one or two ports, and instead of getting the actual one or two line config change I get 40 or fifty lines of noise emailed to all the netadmins.

ios does the same thing and the same format on 6500/etc. rancid mostly just
takes the output of the commands as-is.

> The cisco-nx device type addresses this problem (although frankly I don't know how; I suspect it just doesn't do a "show vlan" command).

the command is there; see etc/rancid.types.base or rancid -t cisco-nx -C
but it is not reformatting or filtering in any special manner, so the
behavior should be the same.

heasley

2016-06-30 19:46:39 UTC

Permalink

Thu, Jun 30, 2016 at 07:08:47PM +0000, Charles T. Brooks:
> Thanks for the . /etc/rancid/rancid.conf trick! I should have thought of that. I'm new to RANCiD and to Cisco UCS and this particular switch, but I know Cisco's other routers and switches pretty well, and I can code.
>
> >would you show me the error that the cli produces for this command?
>
> nx1k-03# show environment temperature
> ^
> % Invalid command at '^' marker.
> nx1k-03#
>
> The Nexus 1000V switch is virtual, so it lives in a cloudy spoogeball of UCS virtuosity, and sort of floats around the redundant UCS chassis without having any specific environment or hardware. I think Cisco ripped out all the "show environment" commands completely; they don't show up in the help if I do "show ?" despite using the admin account/network-admin role.

I think this will fix the problem with show environment temperature

Index: lib/nxos.pm.in
===================================================================
--- lib/nxos.pm.in (revision 3413)
+++ lib/nxos.pm.in (working copy)
@@ -325,7 +325,7 @@
return(1) if /Line has invalid autocommand /;
return(1) if /(Invalid input detected|Type help or )/;
return(1) if (/No token match at /); # 1000v
- return(-1) if (/\% Invalid command at /);
+ return(1) if (/\% Invalid command at /);# 1000v has no support
return(-1) if (/\% Permission denied/);
return(-1) if (/command authorization failed/i);

>
> BTW, you're absolutely right that the commands listed /etc/rancid/rancid.types.base include "show vlan" for both the cisco and cisco-nx device types. However, in practice, I can look at the configs stored in git and when I use the cisco device type the output of show vlan is present (prefixed with !VLAN) and when I use the cisco-nx device type that output is entirely missing, and there is no !VLAN prefix to be found. Hold on, I'll grep it to be sure I'm not blind - nope, there is no !VLAN prefix in the config retrieved by rancid 3.4.1 using device type cisco-nx. And that's a good thing, a desirable behavior in my opinion.

Does the platform, 1000v or 5000 (etc), support show vtp status? And, does it
produce a line like:
VTP Operating Mode\s+:\s+(Transparent|Server)

Charles T. Brooks

2016-06-30 22:46:52 UTC

Permalink

Hmmmm... I'll answer the second question first. No, neither the nexus 5K nor the 1000v has "show vtp status". It's possible that we don't have a feature licensed/loaded that would enable this, I don't really know. The NX-OS version on the 5K I looked at is not the very latest greatest but it's not terribly old, either.

As for the patch, this is what my ShowEnv subroutine in nxos.pm looks like in rancid 3.4.1:

tr/\015//d;
last if (/^$prompt/);
next if (/^(\s*|\s*$cmd\s*)$/);
next if (/^\s*\^\s*$/);
return(1) if /Line has invalid autocommand /;
return(1) if /(Invalid input detected|Type help or )/;
return(1) if (/\% Invalid command at /);
return(1) if (/No token match at /); # 1000v
return(-1) if (/\% Permission denied/);
return(-1) if (/command authorization failed/i);

Does not quite match your diff. But I can change the return to -1 and report back tomorrow!

Good night all,
--Charlie

________________________________________
From: heasley [***@shrubbery.net]
Sent: Thursday, June 30, 2016 3:46 PM
To: Charles T. Brooks
Cc: heasley; rancid-***@shrubbery.net
Subject: Re: [rancid] Nexus 1000v switch-router

I think this will fix the problem with show environment temperature

Index: lib/nxos.pm.in
===================================================================
--- lib/nxos.pm.in (revision 3413)
+++ lib/nxos.pm.in (working copy)
@@ -325,7 +325,7 @@
return(1) if /Line has invalid autocommand /;
return(1) if /(Invalid input detected|Type help or )/;
return(1) if (/No token match at /); # 1000v
- return(-1) if (/\% Invalid command at /);
+ return(1) if (/\% Invalid command at /);# 1000v has no support
return(-1) if (/\% Permission denied/);
return(-1) if (/command authorization failed/i);

Does the platform, 1000v or 5000 (etc), support show vtp status? And, does it
produce a line like:
VTP Operating Mode\s+:\s+(Transparent|Server)
------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the
intended recipient(s) and may contain privileged confidential information
protected by law. Any unauthorized review, use, disclosure or distribution
of this message is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------

heasley

2016-07-01 04:55:26 UTC

Permalink

Thu, Jun 30, 2016 at 10:46:52PM +0000, Charles T. Brooks:
> Hmmmm... I'll answer the second question first. No, neither the nexus 5K nor the 1000v has "show vtp status". It's possible that we don't have a feature licensed/loaded that would enable this, I don't really know. The NX-OS version on the 5K I looked at is not the very latest greatest but it's not terribly old, either.
>

Does this restore the show vlan output?

Index: lib/nxos.pm.in
===================================================================
--- lib/nxos.pm.in (revision 3417)
+++ lib/nxos.pm.in (working copy)
@@ -53,7 +53,7 @@
$C0 = 0; # output formatting control
$E0 = 0;
$H0 = 0;
- $DO_SHOW_VLAN = 0;
+ $DO_SHOW_VLAN = 1;

# add content lines and separators
ProcessHistory("","","","!RANCID-CONTENT-TYPE: $devtype\n!\n");
@@ -613,8 +613,8 @@
s/^$1\s{$len}//;
}

- if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
- $DO_SHOW_VLAN = 1;
+ if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
+ $DO_SHOW_VLAN = 0;
}
ProcessHistory("COMMENTS","","","!VTP: $_");
}

Charles T. Brooks

2016-07-01 21:55:49 UTC

Permalink

OK, I'm not sure what's going on, so bear with me.... I made these changes to rancid 3.4.1 on RHEL 7:

[***@git ~]# diff /usr/share/perl5/vendor_perl/rancid/nxos.pm /usr/share/perl5/vendor_perl/rancid/nxos.pm.2016-06-29

103c103
< $DO_SHOW_VLAN = 1;
---
> $DO_SHOW_VLAN = 0;
339c339
< return(-1) if (/\% Invalid command at /); # CTB for Heasley
---
> return(1) if (/\% Invalid command at /);
663,664c663,664
< if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
< $DO_SHOW_VLAN = 0;
---
> if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
> $DO_SHOW_VLAN = 1;

I then changed the device-type for the Cisco 1000v from "cisco" to "cisco-nx" and let it run the usual hourly scheduled stuff.

Rancid correctly reported the change of device type via email, and /var/log/maillog is all copacetic. However, it does not show any changes in the archive other than the line in router.db, nor have I been mailed any diffs.

I will let it run over the weekend and report back Tuesday.

--Charlie
________________________________________
From: heasley [***@shrubbery.net]
Sent: Friday, July 01, 2016 12:55 AM
To: Charles T. Brooks
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Nexus 1000v switch-router

Thu, Jun 30, 2016 at 10:46:52PM +0000, Charles T. Brooks:
> Hmmmm... I'll answer the second question first. No, neither the nexus 5K nor the 1000v has "show vtp status". It's possible that we don't have a feature licensed/loaded that would enable this, I don't really know. The NX-OS version on the 5K I looked at is not the very latest greatest but it's not terribly old, either.
>

Does this restore the show vlan output?

Index: lib/nxos.pm.in
===================================================================
--- lib/nxos.pm.in (revision 3417)
+++ lib/nxos.pm.in (working copy)
@@ -53,7 +53,7 @@
$C0 = 0; # output formatting control
$E0 = 0;
$H0 = 0;
- $DO_SHOW_VLAN = 0;
+ $DO_SHOW_VLAN = 1;

# add content lines and separators
ProcessHistory("","","","!RANCID-CONTENT-TYPE: $devtype\n!\n");
@@ -613,8 +613,8 @@
s/^$1\s{$len}//;
}

- if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
- $DO_SHOW_VLAN = 1;
+ if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
+ $DO_SHOW_VLAN = 0;
}
ProcessHistory("COMMENTS","","","!VTP: $_");
}

------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the
intended recipient(s) and may contain privileged confidential information
protected by law. Any unauthorized review, use, disclosure or distribution
of this message is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------

Charles T. Brooks

2016-07-05 16:21:06 UTC

Permalink

Inverting the VTP logic and changing the return for "Invalid Command" to -1 resulted in all nexus switch backups failing, but I am very new to rancid so I wasn't sure that was actually happening until after 24 hours, at which point I started getting emails about it.

I reverted the change to the VTP logic and kept the other change, and that didn't fix it, so I did the vice-versa, and that restored the original behavior - 5K are backed up, 1Kv are not.

One thing I can say regarding the VTP stuff - on a Nexus 5K, there are exactly zero references to VTP in the configuration if you do not have "feature vtp" turned on. So, testing for VTP operating mode should probably be something that only happens *after* testing for feature vtp. The 1000v does not have feature vtp at this time, so it will always fail this test, unless a later release of the software brings the feature in.

BTW, the Nexus 5000 has 40 available features. The Nexus 1000V has 16. Of these, only 10 are the same on both devices; attached is a text file containing the list of features for each (linux/unix raw text, newlines only).

At this point I figure I'll make a new NX-os device type strictly for virtual devices, that eliminates the hardware probing. I need to make one for the Ironport mail hub anyway, so I already have to learn how ;).

Thanks,
--Charlie

________________________________________
From: heasley [***@shrubbery.net]
Sent: Friday, July 01, 2016 6:38 PM
To: Charles T. Brooks
Subject: Re: [rancid] Nexus 1000v switch-router

Fri, Jul 01, 2016 at 09:55:49PM +0000, Charles T. Brooks:
> OK, I'm not sure what's going on, so bear with me.... I made these changes to rancid 3.4.1 on RHEL 7:
>
> [***@git ~]# diff /usr/share/perl5/vendor_perl/rancid/nxos.pm /usr/share/perl5/vendor_perl/rancid/nxos.pm.2016-06-29
>
> 103c103
> < $DO_SHOW_VLAN = 1;
> ---
> > $DO_SHOW_VLAN = 0;
> 339c339
> < return(-1) if (/\% Invalid command at /); # CTB for Heasley
> ---
> > return(1) if (/\% Invalid command at /);
> 663,664c663,664
> < if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
> < $DO_SHOW_VLAN = 0;
> ---
> > if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
> > $DO_SHOW_VLAN = 1;
>
> I then changed the device-type for the Cisco 1000v from "cisco" to "cisco-nx" and let it run the usual hourly scheduled stuff.
>
> Rancid correctly reported the change of device type via email, and /var/log/maillog is all copacetic. However, it does not show any changes in the archive other than the line in router.db, nor have I been mailed any diffs.
>
> I will let it run over the weekend and report back Tuesday.

are there errors in the group log? is the timestamp on the saved file
being updated?
------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the
intended recipient(s) and may contain privileged confidential information
protected by law. Any unauthorized review, use, disclosure or distribution
of this message is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------

Charles T. Brooks

2016-07-05 16:42:17 UTC

Permalink

Correction to previous email: inverting the VTP logic *does* result in the 5Ks having "show vlan" output in their rancid config files. So, since that's apparently the desired behavior you'll probably want to keep that.

I'll probably take the "show vlan" command out of my own config, since I find it generates too much noise in my infrastructure and I've got all the vlan information in "show running-config" anyway.

The other change, though, (return -1 on invalid command) broke all Nexus backups. You don't want that one!

--Charlie
________________________________________
From: Rancid-discuss [rancid-discuss-***@shrubbery.net] on behalf of Charles T. Brooks
Sent: Tuesday, July 05, 2016 12:21 PM
To: heasley
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Nexus 1000v switch-router

Inverting the VTP logic and changing the return for "Invalid Command" to -1 resulted in all nexus switch backups failing, but I am very new to rancid so I wasn't sure that was actually happening until after 24 hours, at which point I started getting emails about it.

I reverted the change to the VTP logic and kept the other change, and that didn't fix it, so I did the vice-versa, and that restored the original behavior - 5K are backed up, 1Kv are not.

One thing I can say regarding the VTP stuff - on a Nexus 5K, there are exactly zero references to VTP in the configuration if you do not have "feature vtp" turned on. So, testing for VTP operating mode should probably be something that only happens *after* testing for feature vtp. The 1000v does not have feature vtp at this time, so it will always fail this test, unless a later release of the software brings the feature in.

BTW, the Nexus 5000 has 40 available features. The Nexus 1000V has 16. Of these, only 10 are the same on both devices; attached is a text file containing the list of features for each (linux/unix raw text, newlines only).

At this point I figure I'll make a new NX-os device type strictly for virtual devices, that eliminates the hardware probing. I need to make one for the Ironport mail hub anyway, so I already have to learn how ;).

Thanks,
--Charlie

________________________________________
From: heasley [***@shrubbery.net]
Sent: Friday, July 01, 2016 6:38 PM
To: Charles T. Brooks
Subject: Re: [rancid] Nexus 1000v switch-router

Fri, Jul 01, 2016 at 09:55:49PM +0000, Charles T. Brooks:
> OK, I'm not sure what's going on, so bear with me.... I made these changes to rancid 3.4.1 on RHEL 7:
>
> [***@git ~]# diff /usr/share/perl5/vendor_perl/rancid/nxos.pm /usr/share/perl5/vendor_perl/rancid/nxos.pm.2016-06-29
>
> 103c103
> < $DO_SHOW_VLAN = 1;
> ---
> > $DO_SHOW_VLAN = 0;
> 339c339
> < return(-1) if (/\% Invalid command at /); # CTB for Heasley
> ---
> > return(1) if (/\% Invalid command at /);
> 663,664c663,664
> < if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
> < $DO_SHOW_VLAN = 0;
> ---
> > if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
> > $DO_SHOW_VLAN = 1;
>
> I then changed the device-type for the Cisco 1000v from "cisco" to "cisco-nx" and let it run the usual hourly scheduled stuff.
>
> Rancid correctly reported the change of device type via email, and /var/log/maillog is all copacetic. However, it does not show any changes in the archive other than the line in router.db, nor have I been mailed any diffs.
>
> I will let it run over the weekend and report back Tuesday.

are there errors in the group log? is the timestamp on the saved file
being updated?
------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the
intended recipient(s) and may contain privileged confidential information
protected by law. Any unauthorized review, use, disclosure or distribution
of this message is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------
------------------ CONFIDENTIALITY NOTICE ---------------

This message, including any attachments, is for the sole use of the
intended recipient(s) and may contain privileged confidential information
protected by law. Any unauthorized review, use, disclosure or distribution
of this message is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of this message.

------------------ CONFIDENTIALITY NOTICE ---------------

heasley

2016-07-06 00:28:23 UTC

Permalink

Tue, Jul 05, 2016 at 04:42:17PM +0000, Charles T. Brooks:
> Correction to previous email: inverting the VTP logic *does* result in the 5Ks having "show vlan" output in their rancid config files. So, since that's apparently the desired behavior you'll probably want to keep that.

great.

> The other change, though, (return -1 on invalid command) broke all Nexus backups. You don't want that one!

I think that you misread the diff; i should be to change the -1 to 1.

Index: lib/nxos.pm.in
===================================================================
--- lib/nxos.pm.in (revision 3413)
+++ lib/nxos.pm.in (working copy)
@@ -325,7 +325,7 @@
return(1) if /Line has invalid autocommand /;
return(1) if /(Invalid input detected|Type help or )/;
return(1) if (/No token match at /); # 1000v
- return(-1) if (/\% Invalid command at /);
+ return(1) if (/\% Invalid command at /);# 1000v has no support
return(-1) if (/\% Permission denied/);
return(-1) if (/command authorization failed/i);