automated config backups for SFTOS
Does anyone know of a method of automating config backups for force10 switches running SFTOS ? I've got an python expect script that works on our routers running FTOS, it uses a role account that can show the running configs without having to use the enable password. i could expand the script to use the enable password but i'm hesitant to have it lying around in a script Jon Heise
Deploy RANCID? On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon@smugmug.com> wrote:
Does anyone know of a method of automating config backups for force10 switches running SFTOS ? I've got an python expect script that works on our routers running FTOS, it uses a role account that can show the running configs without having to use the enable password. i could expand the script to use the enable password but i'm hesitant to have it lying around in a script
Jon Heise
-- Jason
Second rancid. If SFTOS supports per-command authorization (via RADIUS/TACACS), you can limit the script account to only be able to use 'show run' and whatever else it needs (even when it logs in). That said, if you're looking for on-the-cheap, I haven't seen a free TACACS+ server that does authorization and was stable, so you'll probably have to compromise and give your script more permissions than it needs just to get the job done. On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <jason@biel-tech.com> wrote:
Deploy RANCID?
On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon@smugmug.com> wrote:
Does anyone know of a method of automating config backups for force10 switches running SFTOS ? I've got an python expect script that works on our routers running FTOS, it uses a role account that can show the running configs without having to use the enable password. i could expand the script to use the enable password but i'm hesitant to have it lying around in a script
Jon Heise
-- Jason
-- ^[:wq^M
On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.harr@gmail.com> wrote:
Second rancid.
+3
If SFTOS supports per-command authorization (via RADIUS/TACACS), you can
it does
limit the script account to only be able to use 'show run' and whatever else it needs (even when it logs in).
you can
That said, if you're looking for on-the-cheap, I haven't seen a free TACACS+ server that does authorization and was stable, so you'll probably have to compromise and give your script more permissions than it needs just to get the job done.
the cisco tacplus src server is a basic example... shrubbery.net's tacplus server is quite workable (and heasley keeps the code working/clean/adding-features) a simple config for 'just permit show run' is certainly possible with the shrubbery.net server... if you want example config pipe up. -chris
On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <jason@biel-tech.com> wrote:
Deploy RANCID?
On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon@smugmug.com> wrote:
Does anyone know of a method of automating config backups for force10 switches running SFTOS ? I've got an python expect script that works on our routers running FTOS, it uses a role account that can show the running configs without having to use the enable password. i could expand the script to use the enable password but i'm hesitant to have it lying around in a script
Jon Heise
-- Jason
-- ^[:wq^M
On Thu, Nov 24, 2011 at 12:03 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.harr@gmail.com> wrote:
Second rancid.
+3
If SFTOS supports per-command authorization (via RADIUS/TACACS), you can
it does
limit the script account to only be able to use 'show run' and whatever else it needs (even when it logs in).
you can
That said, if you're looking for on-the-cheap, I haven't seen a free TACACS+ server that does authorization and was stable, so you'll probably have to compromise and give your script more permissions than it needs just to get the job done.
the cisco tacplus src server is a basic example... shrubbery.net's tacplus server is quite workable (and heasley keeps the code working/clean/adding-features)
a simple config for 'just permit show run' is certainly possible with the shrubbery.net server... if you want example config pipe up.
I should have included: <http://www.shrubbery.net/tac_plus/> and there are some decent example configs available (I think john payne had some posted/updated, this query seems to show a bunch of positive results: <https://www.google.com/search?client=ubuntu&channel=fs&q=john+payne+tacplus&ie=utf-8&oe=utf-8>
-chris
On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <jason@biel-tech.com> wrote:
Deploy RANCID?
On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon@smugmug.com> wrote:
Does anyone know of a method of automating config backups for force10 switches running SFTOS ? I've got an python expect script that works on our routers running FTOS, it uses a role account that can show the running configs without having to use the enable password. i could expand the script to use the enable password but i'm hesitant to have it lying around in a script
Jon Heise
-- Jason
-- ^[:wq^M
participants (4)
-
Christopher Morrow
-
James Harr
-
Jason Biel
-
Jon Heise