Discussion:
[rancid] francid on MLX and edge case behaviors.
Nick Buraglio
2009-02-25 23:28:09 UTC
Permalink
This began on the f-nsp list here: http://www.mail-archive.com/foundry-***@puck.nether.net/msg01603.html
Anyway, I was having trouble getting flogin to work against MLX code
3.9.00a over ssh. Long story short, the user I had set up had lower
privilege and couldn't support the "skip-page-display" command that
francid was expecting. Since I have more experience with pretty much
every network vendor other than foundry, I thought this may just be
what I like to call a "foundry-ism". Anyway, I solved this (possibly
not the best way) by just changing flogin to call "terminal length 0"
since the MLX code supports it and there are no foundries managed by
this instance of rancid that don't.


If anyone happens to have the one-off problems that I had, here is a
simple fix:

- --- flogin.orig 2009-02-25 17:07:12.000000000 -0600
+++ flogin 2009-02-25 15:58:49.000000000 -0600
@@ -506,7 +506,8 @@
global in_proc
set in_proc 1

- - send "skip-page-display\r"
+# send "skip-page-display\r"
+ send "terminal length 0\r"
expect -re "$prompt" {}

set commands [split $command \;]
@@ -677,7 +678,8 @@
}
} elseif { $do_script } {
# fucking foundry
- - send "skip-page-display\r"
+ #send "skip-page-display\r"
+ send "terminal length 0\r"
expect -re $prompt {}
source $sfile
catch {close};



I thought I'd just post what I did, even if it is suboptimal, just in
case it could help someone else down the line.


- ---
Nick Buraglio
Network Engineer, CITES, University of Illinois
GPG key 0x2E5B44F4
Phone: 217.244.6428
***@illinois.edu
Jethro R Binks
2009-02-26 09:17:47 UTC
Permalink
Post by Nick Buraglio
Anyway, I was having trouble getting flogin to work against MLX code
3.9.00a over ssh. Long story short, the user I had set up had lower
privilege and couldn't support the "skip-page-display" command that
francid was expecting. Since I have more experience with pretty much
every network vendor other than foundry, I thought this may just be what
I like to call a "foundry-ism". Anyway, I solved this (possibly not the
best way) by just changing flogin to call "terminal length 0" since the
MLX code supports it and there are no foundries managed by this instance
of rancid that don't.
Sorry I meant to respond to your message on f-nsp :)

Anyway, I can confirm that "terminal length 0" also works on at least the
BigIrons and Super-X related models, although they also support
"skip-page-display" anyway (I do not have any MLX). It may be suitable to
just send both commands and hope one works.

However, I would add the following note, which may or may not be relevant
to your environment. I use a special user for the rancid stuff, which is
priv level 5:

username rouser privilege 5 password .....

In order for skip-page-display to work, I need to change specify that I
can run the command at this (lower) priv level:

privilege exec level 5 skip-page-display

It turns out if I wanted to use "terminal length 0" I would also need:

privilege exec level 5 terminal

(I do similar things for a Cisco ASA too).

Working out the variants in command lines on different models or code revs
even for the same vendor is the most difficult area, and even the most
innocuous change can break things for someone else ('expect' is pretty
fragile anyway *cough* Net::Appliance::Session (maybe) *cough*). Once
you've actually bagged a copy of the config though, by whatever means, the
rest of rancid works great!

One potential improvement to make rancid more flexible might be to
abstract some of these model/code-specific aspects, so that the
appropriate command to "turn off paging" (if there is one) is determined
in advance based on the vendor/model/version (with a default otherwise),
then just the correct one sent. Then tweaking for other models is a
matter of modifying the "commands to send" table, and the bulk of the code
can remain the same, untouched, and hopefully not broken. There are
already some tests modifying behaviour based on platform ("if { [ string
compare "extreme" "$platform" ] }"). However, having said all that, it
may well not simplify the bulk of the code enough to make the effort
worthwhile ... (*cough* Net::Appliance::Session again (maybe) *cough*).

A niggle I have is that clogin has been copied to a multitude of other
*login modules for different vendors, some of which aren't really that
different, and which don't all necessarily get useful changes made to
clogin merged back into them. Some work to reduce this duplication would
also be beneficial. I have vaguely looked at the potential for this from
time to time, but not with any real committment so far.

(Aside: These texts are from Net::Appliance::Session and related modules
(which has a number of other dependencies like YAML):

"Various models of network device, either from one vendor such as Cisco or
between vendors, will naturally use alternate command and command prompt
syntax. Net::Appliance::Session does not hard-code any of these commands
or pattern matches in its source. They are all loaded at run-time from an
external phrasebook (a.k.a. dictionary), which you may of course
override."

"In the world of network appliances, vendors will sometimes change the
commands used in or even the appearance of the command line interface.
This might happen between software version releases, or as a new product
line is released. However, typically there is an ancestry to all these
interfaces, so we can base a new product's dictionary on an existing
dictionary whilst overriding some entries with new values."

I wonder if, by using w(rap)rancid, it would be possible to investigate
the use of Net::Appliance::Session, without having to touch rancid itself
...

Jethro.
--
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
Loading...