Hi Pico,

(Also, read Chris’s reply.)

Thanks; so, we’re dealing with a Nexus 9k, and basically the same version NX-OS 
I have running on my N9k.  Therefor, cisco-nx is the correct type.  In reading 
further into the details of what you posted, you said rancid was having an 
issue with the command “system redundancy status”.  I checked, and I also don’t 
have this command:


cumm111-0b05es63# system red?

                   ^

% Invalid command at '^' marker.

cumm111-0b05es63# system red

Then I dug further and I realized you’re talking “show system redundancy 
status”:

cumm111-0b05es63# show system redundancy status
Redundancy mode
---------------
      administrative:   HA
         operational:   None

This supervisor (sup-1)
-----------------------
    Redundancy state:   Active, SC not present
    Supervisor state:   Active
      Internal state:   Active with no standby

Other supervisor (sup-1)
------------------------
    Redundancy state:   Not present
cumm111-0b05es63#

Since “rule 3 permit command show *” is already included in your role 
definition, I might suggest this:

  1.  Log in as a user whose role is “rancid”, run the command, and see what 
the output is.
  2.  If you’re having an issue running the command, open a TAC case.
  3.  If the command runs just fine from the CLI when role=rancid, that’s 
something for this list.

You can verify the role the account has through the command “show user-account 
<acct_name>”.  there will be a line “roles:<list>” that will show all the roles 
applied to your account (see yellow highlighting below).  Be mindful of other 
roles the user has; a “deny” statement in one of the other role definitions 
might possibly cause this.

Also, if there’s a AAA server (RADIUS, Tacacs+, LDAP… possibly Kerberos or AD 
but I’m not sure those are supported), the AAA server might also have some 
server-side config blocking successful execution (server-side AAA is how I 
enforce this kind of policy on rancid).

cumm111-0b05es63# show user-account weylin
user:weylin
        roles:network-admin vdc-admin
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user
account
Local login not possible
cumm111-0b05es63#


Weylin

From: Pico Leto <picoleto...@gmail.com>
Date: Monday, February 12, 2018 at 11:39 AM
To: "Gauthier, Chris" <cgauth...@comscore.com>
Cc: Weylin Piegorsch <wey...@bu.edu>, "rancid-discuss@shrubbery.net" 
<rancid-discuss@shrubbery.net>
Subject: Re: [rancid] Role Privileges for Nexus 9k

Show inventory is below:

sw1# show version | include hassis ; show version | include ersion
  cisco Nexus9000 C93108TC-EX chassis
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0  or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
  BIOS: version 07.59
  NXOS: version 7.0(3)I4(4)
  System version: 7.0(3)I5(1)

# show inventory
NAME: "Chassis",  DESCR: "Nexus9000 C93108TC-EX chassis"
PID: N9K-C93108TC-EX     ,  VID: V01 ,  SN: FDO20261CKV

NAME: "Slot 1",  DESCR: "48x10GT + 6x40G/100G Ethernet Module"
PID: N9K-C93108TC-EX     ,  VID: V01 ,  SN: FDO20261CKV

NAME: "Power Supply 1",  DESCR: "Nexus9000 C93108TC-EX chassis Power Supply"
PID: NXA-PAC-650W-PE     ,  VID: V01 ,  SN: LIT20130ZDY

NAME: "Power Supply 2",  DESCR: "Nexus9000 C93108TC-EX chassis Power Supply"
PID: NXA-PAC-650W-PE     ,  VID: V01 ,  SN: LIT20130ZDU

NAME: "Fan 1",  DESCR: "Nexus9000 C93108TC-EX chassis Fan Module"
PID: NXA-FAN-30CFM-F     ,  VID: V01 ,  SN: N/A

NAME: "Fan 2",  DESCR: "Nexus9000 C93108TC-EX chassis Fan Module"
PID: NXA-FAN-30CFM-F     ,  VID: V01 ,  SN: N/A

NAME: "Fan 3",  DESCR: "Nexus9000 C93108TC-EX chassis Fan Module"
PID: NXA-FAN-30CFM-F     ,  VID: V01 ,  SN: N/A

NAME: "Fan 4",  DESCR: "Nexus9000 C93108TC-EX chassis Fan Module"
PID: NXA-FAN-30CFM-F     ,  VID: V01 ,  SN: N/A

On Fri, Feb 9, 2018 at 9:58 AM, Gauthier, Chris 
<cgauth...@comscore.com<mailto:cgauth...@comscore.com>> wrote:
Or just run “show inventory”

Chris

Gauthier

 Senior Network Engineer

 |

comScore, Inc.



t +1 (503) 331-2704<tel:(503)%20331-2704>

 |

cgauth...@comscore.com<mailto:cgauth...@comscore.com>



317<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>
 
SW<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>
 
Alder<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>
 
Street,<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>
 
Suite<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>
 
700<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>

 
|<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>

Portland,<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>
 
OR<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>
 
97204<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>

 
United<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>
 
States<https://maps.google.com/?q=317%C2%A0SW%C2%A0Alder%C2%A0Street,%C2%A0Suite%C2%A0700%C2%A0%7C%C2%A0Portland,%C2%A0OR%C2%A097204%C2%A0%C2%A0United%C2%A0States&entry=gmail&source=g>




comscore.com<http://www.comscore.com/>



​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.







From: Rancid-discuss 
<rancid-discuss-boun...@shrubbery.net<mailto:rancid-discuss-boun...@shrubbery.net>>
 on behalf of "Piegorsch, Weylin William" <wey...@bu.edu<mailto:wey...@bu.edu>>
Date: Thursday, February 8, 2018 at 9:54 PM
To: Pico Leto <picoleto...@gmail.com<mailto:picoleto...@gmail.com>>

Cc: "rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>" 
<rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>>
Subject: Re: [rancid] Role Privileges for Nexus 9k

If it’s made by Cisco and its running NX-OS, it can’t be an ASR9k:
https://www.cisco.com/c/en/us/products/ios-nx-os-software/nx-os/index.html
(The non-advertised thing is that UCS also runs NX-OS under the hood.)

If it’s a “C93108TC-EX”, then it’s likely a Nexus 93108TC-EX:
https://www.cisco.com/c/en/us/support/switches/nexus-93108tc-ex-switch/model.html

Are you running it in ACI or NXOS mode?  Actually nevermind, 7-point-anything 
is non-ACI.



To make certain about the hardware type, can you do a “show version | include 
hassis ; show version | inc ersion” (yes, with those first letters missing to 
avoid capitalization issues) and send the output?  This is what I get one of my 
ASR 9k:




RP/0/RSP0/CPU0:Comm595-bdr-gw01#show version | include hassis ; show version | 
include ersion

#sh ver | include hassis



Fri Feb  9 00:36:45.478 EST

ASR-9001 Chassis



#show ver | inc ersion



Fri Feb  9 00:36:53.058 EST

Cisco IOS XR Software, Version 5.3.3[Default]

ROM: System Bootstrap, Version 2.04(20140227:092320) [ASR9K ROMMON],

RP/0/RSP0/CPU0:Comm595-bdr-gw01#



And one of my Nexus 9k:



cumm111-0b05es63# show version | include hassis ; show version | include ersion
  cisco Nexus9000 C9372PX chassis
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0  or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
  BIOS: version 07.59
  NXOS: version 7.0(3)I5(2)
  System version: 7.0(3)I5(2)
cumm111-0b05es63#



weylin

From: Pico Leto <picoleto...@gmail.com<mailto:picoleto...@gmail.com>>
Date: Friday, February 9, 2018 at 12:17 AM
To: Weylin Piegorsch <wey...@bu.edu<mailto:wey...@bu.edu>>
Cc: "rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>" 
<rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>>
Subject: Re: [rancid] Role Privileges for Nexus 9k

Hi,

I'm definitely running NX-OS however running the debug under cisco-xr gives me 
better results, with the exception that the end of run isn't found

$ rancid -t cisco-xr -d host.xx.
loadtype: device type cisco-xr
loadtype: found device type cisco-xr in /usr/local/rancid/etc/rancid.types.base
executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt 
no-timestamp;admin show version;admin show install summary;admin show license 
udi;admin show license;admin show variables boot;admin show hw-module fpd 
location all;show redundancy secondary;show install active;admin show env 
all;dir /all nvram:;dir /all bootflash:;dir /all compactflash:;dir /all 
compactflasha:;dir /all slot0:;dir /all disk0:;dir /all disk0a:;dir /all 
slot1:;dir /all disk1:;dir /all disk1a:;dir /all slot2:;dir /all disk2:;dir 
/all harddisk:;dir /all harddiska:;dir /all harddiskb:;show controllers;admin 
show diag;admin show inventory raw;show vlan;show debug;show rpl maximum;admin 
show running;show running-config" host.xx.
PROMPT MATCH: host.xx#
HIT COMMAND:host.xx#  terminal no-timestamp
    In RunCommand: host.xx#  terminal no-timestamp
HIT COMMAND:host.xx# terminal exec prompt no-timestamp
    In RunCommand: host.xx# terminal exec prompt no-timestamp
HIT COMMAND:host.xx# admin show version
    In ShowVersion: host.xx# admin show version
HIT COMMAND:host.xx# admin show install summary
    In ShowInstallSummary: host.xx# admin show install summary
HIT COMMAND:host.xx# admin show license u
    In ShowLicense: host.xx# admin show license udi
HIT COMMAND:host.xx# admin show license
    In ShowLicense: host.xx# admin show license
HIT COMMAND:host.xx# admin show variables boot
    In ShowBootVar: host.xx# admin show variables boot
HIT COMMAND:host.xx# admin show hw-module fpd location all
    In ShowRunning: host.xx# admin show hw-module fpd location all
HIT COMMAND:host.xx# show redundancy secondary
    In ShowRedundancy: host.xx# show redundancy secondary
HIT COMMAND:host.xx# show install active
    In ShowInstallActive: host.xx# show install active
HIT COMMAND:host.xx# admin show env all
    In ShowEnv: host.xx# admin show env all
HIT COMMAND:host.xx# dir /all nvram:
    In DirSlotN: host.xx# dir /all nvram:
HIT COMMAND:host.xx# dir /all bootflash:
    In DirSlotN: host.xx# dir /all bootflash:
HIT COMMAND:host.xx# dir /all compactflash:
    In DirSlotN: host.xx# dir /all compactflash:
HIT COMMAND:host.xx# dir /all compactflasha:
    In DirSlotN: host.xx# dir /all compactflasha:
HIT COMMAND:host.xx# dir /all slot0:
    In DirSlotN: host.xx# dir /all slot0:
HIT COMMAND:host.xx# dir /all disk0:
    In DirSlotN: host.xx# dir /all disk0:
HIT COMMAND:host.xx# dir /all disk0a:
    In DirSlotN: host.xx# dir /all disk0a:
HIT COMMAND:host.xx# dir /all slot1:
    In DirSlotN: host.xx# dir /all slot1:
HIT COMMAND:host.xx# dir /all disk1:
    In DirSlotN: host.xx# dir /all disk1:
HIT COMMAND:host.xx# dir /all disk1a:
    In DirSlotN: host.xx# dir /all disk1a:
HIT COMMAND:host.xx# dir /all slot2:
    In DirSlotN: host.xx# dir /all slot2:
HIT COMMAND:host.xx# dir /all disk2:
    In DirSlotN: host.xx# dir /all disk2:
HIT COMMAND:host.xx# dir /all harddisk:
    In DirSlotN: host.xx# dir /all harddisk:
HIT COMMAND:host.xx# dir /all harddiska:
    In DirSlotN: host.xx# dir /all harddiska:
HIT COMMAND:host.xx# dir /all harddiskb:
    In DirSlotN: host.xx# dir /all harddiskb:
HIT COMMAND:host.xx# show controllers
    In ShowContAll: host.xx# show controllers
HIT COMMAND:host.xx# admin show diag
    In ShowDiag: host.xx# admin show diag
HIT COMMAND:host.xx# admin show inventory raw
    In ShowInventory: host.xx# admin show inventory raw
HIT COMMAND:host.xx# show vlan
    In ShowVLAN: host.xx# show vlan
HIT COMMAND:host.xx# show debug
    In ShowDebug: host.xx# show debug
HIT COMMAND:host.xx# show rpl maximum
    In ShowRPL: host.xx# show rpl maximum
HIT COMMAND:host.xx# admin show running
    In ShowRunning: host.xx# admin show running
HIT COMMAND:host.xx# show running-config
    In WriteTerm: host.xx# show running-config
host.xx.: End of run not found
host.xx.: found_end is false




On Thu, Feb 8, 2018 at 1:33 PM, Piegorsch, Weylin William 
<wey...@bu.edu<mailto:wey...@bu.edu>> wrote:
Doesn’t ASR9k run IOS XR (rancid type “ios-xr”)?  I didn’t think it supported 
NX-OS.  I’ve only seen NX-OS on Nexus (including N9k), MDS, and UCS devices.
weylin

From: Pico Leto <picoleto...@gmail.com<mailto:picoleto...@gmail.com>>
Date: Wednesday, February 7, 2018 at 2:05 PM
To: <rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>>
Subject: [rancid] Role Privileges for Nexus 9k

Hi,

I seem to be having some troubles backing up my configs for a ASR9k 
(C93108TC-EX) running NXOS 7.0.3.I4.4.  My current version of rancid is 3.7

I thought I created the correct role for rancid to run under however my debug 
seems to end after 'system redundancy status'.  The command is actually 
available however you have to be in config term mode to see the output.

Role: rancid
  Description: rancid restricted access
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity
  -------------------------------------------------------------------
  4       permit  command                         dir *
  3       permit  command                         show *
  2       permit  command                         terminal *
  1       permit  command                         show running-config

Debug:

rancid -t cisco-nx -d host.xx.xx
loadtype: device type cisco-nx
loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid.types.base
executing clogin -t 90 -c"term no monitor-force;show version;show version 
build-info all;show license;show license usage;show license host.xx.xx-id;show 
system redundancy status;show environment clock;show environment fan;show 
environment fex all fan;show environment temperature;show environment 
power;show boot;dir bootflash:;dir debug:;dir logflash:;dir slot0:;dir 
usb1:;dir usb2:;dir volatile:;show module;show module xbar;show inventory;show 
vtp status;show vlan;show debug;show cores vdc-all;show processes log 
vdc-all;show module fex;show fex;show running-config" host.xx.xx
PROMPT MATCH: host.xx#
HIT COMMAND:host.xx#  term no monitor-force
    In RunCommand: host.xx#  term no monitor-force
HIT COMMAND:host.xx# show version
    In ShowVersion: host.xx# show version
TYPE = NXOS
HIT COMMAND:host.xx# show version build-info all
    In ShowVersionBuild: host.xx# show version build-info all
HIT COMMAND:host.xx# show license
    In ShowLicense: host.xx# show license
HIT COMMAND:host.xx# show license usage
    In ShowLicense: host.xx# show license usage
HIT COMMAND:host.xx# show license host.xx.xx-id
    In ShowLicense: host.xx# show license host.xx.xx-id
HIT COMMAND:host.xx# show system redundancy status
    In ShowRedundancy: host.xx# show system redundancy status
host.xx.xx: show system redundancy status failed: -1
host.xx.xx: missed cmd(s): show environment clock, show environment fan, show 
environment fex all fan, show environment temperature, show environment power, 
show boot, dir bootflash:, dir debug:, dir logflash:, dir slot0:, dir usb1:, 
dir usb2:, dir volatile:, show module, show module xbar, show inventory, show 
vtp status, show vlan, show debug, show cores vdc-all, show processes log 
vdc-all, show module fex, show fex
host.xx.xx: End of run not found
host.xx.xx: clean_run is false
host.xx.xx: found_end is false


_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Reply via email to