Automating Cisco Configuration though RANCID and BASH
A very powerful tool I would like to mention in this entry is Clogin. Clogin, or Cisco-Login, is a part of the RANCID toolkit, or the Really-Awesome-New-Cisco-Config-Differ, which is a suite of EXPECT scripts used to to monitor and manage a device's configuration. The RANCID suite is readily available on Debian-based distributions, as well as RHEL-based distributions:
sudo apt-get install rancid yum install rancid
Some distributions may have to look a little further to www.shrubbery.net to grab the source code. Once you have RANCID set up correctly, it is time to have a play around with Clogin.
Clogin can be used to login to your remote Cisco device, so long as your host has access. It will initially attempt to telnet to the hostname or IP address using the credentials specified in the clogin directory, and will proceed to SSH should that fail. Logging in is as simple as:
clogin 184.108.40.206 clogin hostname
Looking at the man page for Clogin, we can see some very useful flags available for the application. The
-c flag allows us to declare commands to be exectuted on the remote device:
clogin -c "show ver" 220.127.116.11
Multiple commands can be strung together seperated by semicolons:
clogin -c "conf t; int fa0/1; shut" 18.104.22.168
As you can see, the command can get a litle lengthy and difficult to proofcheck with multiple commands. Here the
-x flag can help, which reads commands from a specified file.
First we create a file, and let's name this example commands.txt:
[skyenet@linuxhost]$ more commands.txt conf t int fa0/1 shut
And then we instruct Clogin to read the commands from this file and execute on the remote device:
clogin -x commands.txt 22.214.171.124
If we have a series of remote devices that all require identical configuration, we can create a second list for our devices:
[skyenet@linuxhost]$ cat devices.txt 126.96.36.199 188.8.131.52 184.108.40.206
And we can
cat this file within our clogin command using our handy backticks:
clogin -x commands.txt `cat devices.txt`
We can even direct the output of this command to a local file for forwarding or viewing later:
clogin -x commands.txt `cat devices.txt` 2>&1> output.txt
Fantastic! Now we are are able to create our Cisco configuration scripts locally and use Clogin to execute the configuration for us. Now onto our next tool...
The AT command is used for scheduling commands at a specified time and date. AT supports an extensive range of time formats. You will have to "
man at" to find them all, but a few examples being:
at 5PM Feb 23 at 5PM + 7 days at 17:00 23.02.2018 at 3:30 AM tomorrow
Anyway, running your AT command will enter you into the AT prompt. Here you will enter your commands to be run at the specified date. These commands are run sequentially.
[skyenet@linuxhost]$ at now + 1 minute at> echo "hello world"
Use CTRL+D to commit the job, or CTRL+C to cancel.
Once commited, running
atq will list all pending jobs:
[skyenet@linuxhost]$ atq 29 Tue Feb 13 15:04:00 2018 a skyenet
This job has been designated JOB ID 29. We can cancel the job, should we need, with
atrm 29, with 29 being the Job ID.
Another way of creating AT jobs is with the
-f flag. This directs AT to read commands from a specified file:
echo 'echo "hello world"' > helloworld.txt at -f helloworld.txt now + 1 minute
This is a much more managable method, as it allows you contain all your commands within a file prior to execution. A practical side-effect is that you can make last second changes to your AT job commands before it runs, without the need to
atrm and re-create the job.
Combining Clogin with AT
Catastrophe! We have been asked to make some changes to several remote routers outide of business hours, but we also have a dinner party to attend!
1. Define our configuration script:
[skyenet@linuxhost]$ cat commands.txt conf t show ver show run show int des other commands....
2. Create a list of devices:
[skyenet@linuxhost]$ cat devices.txt 220.127.116.11 18.104.22.168 22.214.171.124
3. Create our AT job command file:
[skyenet@linuxhost]$ cat commands.txt clogin -x commands.txt `cat devices.txt` 2>&1> output.txt echo "Output attached" | mail -s "Job completed" -a output.txt -c firstname.lastname@example.org email@example.com
4. Schedule the AT job for tonight to read from our command file:
[skyenet@linuxhost]$ at -f commands.txt 8PM
5. Enjoy the dinner, and make sure not to get cheeky with the overtime pay.
And there we have it; a quick and easy way to manage our Cisco infrastructure from the comfort of our Linux terminal.