Managing IOS Configuration Snippets
Erik Muller
erikm at buh.org
Thu Feb 27 17:04:57 UTC 2014
On 2/26/14, 16:22 , Ryan Shea wrote:
> Howdy network operator cognoscenti,
>
> I'd love to hear your creative and workable solutions for a way to track
> in-line the configuration revisions you have on your cisco-like devices.
...
>
> Assume that this version encoding perfectly captures what is on the router
> and that no person is monkeying with the config... version 77 of the
> control plane filter is the same everywhere.
At a previous job, our roll-your-own solution was a template based
system(*) generating full configs; all the version history for template
sections, per-router local tweaks, and generated results was kept in RCS,
and the actual last-configured version, plus any incremental changes, was
kept in the login banner.
So at login you'd see something like:
blah blah authorized users blah blah
$Id: routername-confg,v 1.23 2013/08/20 03:07:16 username Exp
INCR: 1.2,1.3,1.4,1.5,1.6
and that version tracking made its way through to rancid for easy offline
auditing. This made it nice and easy to tell when and what had been
updated, though it still would take a couple steps to identify what exact
subsections had been changed over time (since the incremental version tags
were specific deltas in per-device configurations. You could probably do
it in a more global way too - git commit ids, maybe? - but you also don't
want to make the version string too wordy either).
-e
* based on ftp://ftp.cac.washington.edu/pub/config-generator/, but
substantially enhanced beyond the last public domain version. I know I'd
be really happy if the current version was ever open-sourced...
More information about the NANOG
mailing list