Per-Olof Olsson
2012-02-17 16:34:45 UTC
Have done some work to understand, test and update nxrancid.
This special version is only tested on nexus 5000 os: 4.2(1)N2(1a)
but I hoop that part of this can be get input to next versions of nxrancid.
1. Time to clean up and remove "comment away" IOS code from nxrancid?
2. "term no monitor-force" can't find this command.
Only found "terminal no monitor" in NXos manuals
Isn't terminal settings reset for each new session? Not needed.
3. Removed some none-NXos error texts, in parsing subroutines.
4. Try to make a more common error handler for subroutine parsing data.
5 Let switch-admin control what "show" and "dir" commands that are
permitted when logon to a "read only" restricted user.
Have to change 'return(-1)' "abort" to 'return(1)' "continue" when
parsing "% Permission denied".
Mandatory commands to define in rancid_role:
"terminal *" to fix terminal settings at login (rule 1).
"show running-config" to backup config. (rule 2)
Rest of show and dir commands is up to admin to permit when
defining role.
------from nexus config---------------
role name rancid_role
description rancid restricted access
rule 4 permit command dir *
rule 3 permit command show *
rule 2 permit command terminal *
rule 1 permit command show running-config
username rancid password 5 <pwd removed> role rancid_role
username rancid sshkey ssh-rsa <ssh-key removed>
---------------------------------------------
6. Looks like a bug when login in to restricted user for
"show debug" command. It return two "Permission denied"!
Can't test if this is solved in later NX versions.
Only have two nexus switches in full production.
Just add a fix for it, in my version of nxrancid.
-------
nx-switch# show debug
% Permission denied
Debug level is set to Minor(1)
% Permission denied
nx-switch#
-------------------
/Peo
----------------------------------------------------------
Per-Olof Olsson Email: ***@chalmers.se
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------
This special version is only tested on nexus 5000 os: 4.2(1)N2(1a)
but I hoop that part of this can be get input to next versions of nxrancid.
1. Time to clean up and remove "comment away" IOS code from nxrancid?
2. "term no monitor-force" can't find this command.
Only found "terminal no monitor" in NXos manuals
Isn't terminal settings reset for each new session? Not needed.
3. Removed some none-NXos error texts, in parsing subroutines.
4. Try to make a more common error handler for subroutine parsing data.
5 Let switch-admin control what "show" and "dir" commands that are
permitted when logon to a "read only" restricted user.
Have to change 'return(-1)' "abort" to 'return(1)' "continue" when
parsing "% Permission denied".
Mandatory commands to define in rancid_role:
"terminal *" to fix terminal settings at login (rule 1).
"show running-config" to backup config. (rule 2)
Rest of show and dir commands is up to admin to permit when
defining role.
------from nexus config---------------
role name rancid_role
description rancid restricted access
rule 4 permit command dir *
rule 3 permit command show *
rule 2 permit command terminal *
rule 1 permit command show running-config
username rancid password 5 <pwd removed> role rancid_role
username rancid sshkey ssh-rsa <ssh-key removed>
---------------------------------------------
6. Looks like a bug when login in to restricted user for
"show debug" command. It return two "Permission denied"!
Can't test if this is solved in later NX versions.
Only have two nexus switches in full production.
Just add a fix for it, in my version of nxrancid.
-------
nx-switch# show debug
% Permission denied
Debug level is set to Minor(1)
% Permission denied
nx-switch#
-------------------
/Peo
----------------------------------------------------------
Per-Olof Olsson Email: ***@chalmers.se
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------