Mailing List Archive

Extreme switch policy backup.
We've just gotten a few Extreme switches (model X440-G2) and I've gotten them set up in Rancid. But while I get the configs, I have a few policies as well. They're kept as .pol files on the switch. Is there a way to include the policy files in the backup that Rancid takes? It would be particularly helpful. I've done some searching, and seen folks ask about it. But no real answers. Lots of modifications to commands from 4 years ago but nothing current. There's a command that will print it all out, just not sure how to add it into the mix. Don't like to modify something like Rancid if there's already a way within the system to make it happen.

Thanks.
Chris
Re: Extreme switch policy backup. [ In reply to ]
Tue, Jul 09, 2019 at 09:55:56PM +0000, Chris Davis:
> We've just gotten a few Extreme switches (model X440-G2) and I've gotten them set up in Rancid. But while I get the configs, I have a few policies as well. They're kept as .pol files on the switch. Is there a way to include the policy files in the backup that Rancid takes? It would be particularly helpful. I've done some searching, and seen folks ask about it. But no real answers. Lots of modifications to commands from 4 years ago but nothing current. There's a command that will print it all out, just not sure how to add it into the mix. Don't like to modify something like Rancid if there's already a way within the system to make it happen.

what is the command to display the policy? can you provide an example of
the command and output, from prompt to the next prompt? is the output
format and order stable?

i see an incomplete example here;
http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: Extreme switch policy backup. [ In reply to ]
Hi

We had a patch to 2.3's xrancid which we were running at some stage in
the past N years that did this already - but can't I find it, and we
aren't running it on our current rancid system either. Thanks to Chris'
E-mail at least I've been reminded of that.

It wasn't a hard thing to add.

On 12/07/2019 20:15, john heasley wrote:
> Tue, Jul 09, 2019 at 09:55:56PM +0000, Chris Davis:
>> We've just gotten a few Extreme switches (model X440-G2) and I've gotten them set up in Rancid. But while I get the configs, I have a few policies as well. They're kept as .pol files on the switch. Is there a way to include the policy files in the backup that Rancid takes? It would be particularly helpful. I've done some searching, and seen folks ask about it. But no real answers. Lots of modifications to commands from 4 years ago but nothing current. There's a command that will print it all out, just not sure how to add it into the mix. Don't like to modify something like Rancid if there's already a way within the system to make it happen.
>
> what is the command to display the policy? can you provide an example of
> the command and output, from prompt to the next prompt? is the output
> format and order stable?
>
> i see an incomplete example here;
> http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html

The format isn't great. The switch basically outputs
Policies at Policy Server:
Policy: <name of policy>
<the policy file itself>
Number of clients bound to policy: <n>
Client: <info on what is using policy>

My hunch would be not to try and parse this lot at all, but just execute
the 'show policy detail' and wait for the prompt to come back. I'm
pretty sure that's all we did; I remember it just diffed everything and
you saw quickly if a policy was added/removed just as easily.
It is theoretically possible for someone to have a prompt matching
string in the policy file as a comment, but lets ignore that madness for
now.

This example shows three policies as an example:

* ag1.hbr.2 # dis clip
* ag1.hbr.3 # show policy detail
Policies at Policy Server:
Policy: as65001-in-v4
entry term10 {
if match all {
nlri 185.0.0.0/23 exact ;
nlri 185.0.2.0/24 exact ;
nlri 185.0.3.0/24 exact ;
}
then {
local-preference 500 ;
community add "65301:200" ;
permit ;
}
}
entry term999 {
if match all {
}
then {
deny ;
}
}
Number of clients bound to policy: 1
Client: bgp bound once

Policy: as65001-in-v6
entry term10 {
if match all {
nlri 2001:db8:0::/45 ;
}
then {
local-preference 500 ;
community add "65301:200" ;
permit ;
}
}
entry term999 {
if match all {
}
then {
deny ;
}
}
Number of clients bound to policy: 1
Client: bgp bound once

Policy: as65001-out-v4
entry term10 {
if match all {
nlri 0.0.0.0/0 exact ;
}
then {
permit ;
}
}
entry term999 {
if match all {
}
then {
deny ;
}
}
Number of clients bound to policy: 1
Client: bgp bound once

* ag1.hbr.3 #

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: Extreme switch policy backup. [ In reply to ]
Fri, Jul 12, 2019 at 08:30:28PM +0100, Paul Thornton:
> Hi
>
> We had a patch to 2.3's xrancid which we were running at some stage in
> the past N years that did this already - but can't I find it, and we
> aren't running it on our current rancid system either. Thanks to Chris'
> E-mail at least I've been reminded of that.
>
> It wasn't a hard thing to add.
>
> On 12/07/2019 20:15, john heasley wrote:
> > Tue, Jul 09, 2019 at 09:55:56PM +0000, Chris Davis:
> >> We've just gotten a few Extreme switches (model X440-G2) and I've gotten them set up in Rancid. But while I get the configs, I have a few policies as well. They're kept as .pol files on the switch. Is there a way to include the policy files in the backup that Rancid takes? It would be particularly helpful. I've done some searching, and seen folks ask about it. But no real answers. Lots of modifications to commands from 4 years ago but nothing current. There's a command that will print it all out, just not sure how to add it into the mix. Don't like to modify something like Rancid if there's already a way within the system to make it happen.
> >
> > what is the command to display the policy? can you provide an example of
> > the command and output, from prompt to the next prompt? is the output
> > format and order stable?
> >
> > i see an incomplete example here;
> > http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html
>
> The format isn't great. The switch basically outputs
> Policies at Policy Server:
> Policy: <name of policy>
> <the policy file itself>
> Number of clients bound to policy: <n>
> Client: <info on what is using policy>
>
> My hunch would be not to try and parse this lot at all, but just execute
> the 'show policy detail' and wait for the prompt to come back. I'm
> pretty sure that's all we did; I remember it just diffed everything and
> you saw quickly if a policy was added/removed just as easily.
> It is theoretically possible for someone to have a prompt matching
> string in the policy file as a comment, but lets ignore that madness for
> now.
>
> This example shows three policies as an example:
>
> * ag1.hbr.2 # dis clip
> * ag1.hbr.3 # show policy detail
> Policies at Policy Server:
> Policy: as65001-in-v4
> entry term10 {

Cool. Could you test this?

diff --git a/etc/rancid.types.base b/etc/rancid.types.base
index 18139479..6c3a80aa 100644
--- a/etc/rancid.types.base
+++ b/etc/rancid.types.base
@@ -381,6 +381,7 @@ extreme;command;exos::ShowMemory;show memory
extreme;command;exos::ShowDiag;show diag
extreme;command;exos::ShowSwitch;show switch
extreme;command;exos::ShowSlot;show slot
+extreme;command;exos::ShowPolicy;show policy detail
extreme;command;exos::WriteTerm;show configuration detail
extreme;command;exos::WriteTerm;show configuration
#
diff --git a/lib/exos.pm.in b/lib/exos.pm.in
index fd7d1482..710a5c0f 100644
--- a/lib/exos.pm.in
+++ b/lib/exos.pm.in
@@ -1,7 +1,5 @@
package exos;
##
-## $Id$
-##
## @PACKAGE@ @VERSION@
@copyright@
#
@@ -161,6 +159,21 @@ sub ShowDiag {
return(0);
}

+# This routine parses "show policy detail"
+sub ShowPolicy {
+ my($INPUT, $OUTPUT, $cmd) = @_;
+ print STDERR " In ShowPolicy: $_" if ($debug);
+
+ while (<$INPUT>) {
+ tr/\015//d;
+ last if (/^$prompt/);
+ next if (/^(\s*|\s*$cmd\s*)$/);
+
+ ProcessHistory("POLICY","","","# $_");
+ }
+ return(0);
+}
+
# This routine parses "show slot"
sub ShowSlot {
my($INPUT, $OUTPUT, $cmd) = @_;

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss