[c-nsp] Config management
Phil Mayers
p.mayers at imperial.ac.uk
Sat Oct 27 05:16:30 EDT 2012
On 10/26/2012 08:51 PM, Dan Letkeman wrote:
> Hello,
>
> Curious as to what everyone is using for config management for
> switches. I have a few hundred 2960's and 3560's to manage on a
> regular basis, and I would like to have something that can make mass
> config changes.
One thing that's particularly handy for this is the SCP server in IOS,
which allows you to copy to "running-config":
cat >CFG <<EOF
no vlan 10
vlan 20
...
end
EOF
scp CFG admin at switch:running-config
Generally when I want to make mass changes, I write a small python
script to walk over the IOS configs and output the changes I need to a
per-switch config file, inspect all (or a representative portion if
there are a lot) for sanity, then fire off a parallel SCP of the files.
This is really just a snazzier version of loading a config fragment from
TFTP, but ends up being quite a bit more usable.
Of course, if Cisco weren't a bunch of halfwits, we'd have Netconf
support on all the platforms, and if they *really* wanted to push the
boat out, the Netconf implementation would hook into the actual
parser/NVGEN and "show" command *backends* - as opposed to the current
implementation, which uses a separate "grammar" file to transform the
line-based data (config and show commands) into and from XML. Then you
wouldn't have the "hilarious" situation of a Netconf implementation that
can't actually operate the CLI on the box, because the one guy who wrote
it has left or moved on, and the grammar file is out of sync...
</rant>
For all their faults, the one thing Juniper *own* is a structured way to
talk to the box. It's 2012, Cisco - man up and get this crap sorted.
More information about the cisco-nsp
mailing list