This document describes the Network device Configuration Management System (NetCMS): a system for tracking Cisco router and switch configurations.
NetCMS is a Network Configuration Management System for network devices. Currently it supports only Cisco routers and switches. The underlying router "getcnf" utility have been tested with approximately 200 Cisco routers (2500, 3000, 4500, 7000 and 7500 series) running IOS versions 9.x through 11.25. The switch "e-getcnf" utility currently supports only Cisco's Catalyst 5000, and optionally installed ATM modules (where the Catalyst 5000 is operating as an ATM "edge" device).
NetCMS is implemented as an RCS and make(1)-based project. Essentially, NetCMS is a revision control system for network device configurations. Also, NetCMS generates summary reports (e-mailed as MIME attachments) containing such information as:
The Network device Configuration Management System is a make and RCS-based project. The NetCMS working directory, specified using the --prefix= and --project= options to configure at install time, is where everything resides and procudures such as updating network device (ie. routers and switches) configurations are performed.
This diagram summarizes the relationships amongst components of this system. For instance, it indicates that the network of routers is an input to everything. Also, the hosts file is input to all the normal user procedures (make new and make update) and the scheduled e-mail report generation (make clean mailout).
_______
( )
.---( Network )---> make ...hosts ---> ...hosts ---> make edit ---> hosts,v ---.
| (_______) |
| |
| .---------------------------------------------------------------------<---'
| |
| |
+--->+---> make new ---> device.conf,v ---------------.
| | |
| | .---------------------<---------------------+
| | | |
+--->+--->+---> make update ---> device.conf,v --->---'
| | |
| | |
| | |
`--->+--->+---> make clean mailout ---> ...configurations, ...*.mailout --->---.
|
[e-mail reports] <---+
|
make mailout <----+
|
make rlog <-------+
|
make somediff <---'
NetCMS/
| Makefile, hosts, *.conf,v, ...*
|
`--...configurations
|--RCS/
| *.conf
|
|--flash/
| *.conf
|
`--running/
*.conf
This is the primary working directory and is where makes are performed.
This is a temporary directory.
This is a temporary directory where the most recent RCS revision is written while generating reports.
This is a temporary directory where the most recently downloaded flash configurations are written.
This is a temporary directory where the most recently downloaded running configurations are written.
NetCMS can be run using an interactive menu. It is invoked by simply running make, with no arguments in the directory.
Use this option to update an existing device's configuration. This option can also be used at any time to check whether or not the current flash configuration has been stored in the RCS device.conf,v file.
Use this option to add a new device's configuration to RCS. Before this option is used, it must exist in the hand-maintained hosts file. (You can add an entry to the hosts file using "make edit".)
Use this option interactively if you wish to regenerate the e-mail. You will be given the option to change the To: and Subject: and the message body itself. (mutt, the MUA which is used to compose the e-mail, will require you to change the message content in some way, otherwise it will think that you don't want to send it.)
Hopefully this is self-explanatory.
Edit the NetCMS hosts file. This would be used, for instance, to add a new device before running new or to modify the IP address or name of an existing device. (In the latter case, the RCS revision file (,v) for that device should be renamed as well.)
Show recent changes that have been logged using NetCMS. By recent we mean changes since the last time the NetCMS e-mail reports have been generated.
This is the default target. It is for interactive use only and produces a menu of choices.
This target, for interactive use, is used to add a new device to NetCMS. You will be prompted for the device name.
This target, for interactive use, is used to edit the NetCMS hosts file. Because this file is stored sorted by IP address, you show use this target rather than editing the file manually so that unnecessary differences do not show up in the hosts-diff report.
This target, for interactive use, is used to get all the configurations for the device configuration files that are currently locked out by you. It's primary purpose is to simplify the process of doing the same modification to a number of device at once. (It would done following a manual co -l and preceding the ci of the list of device.conf files on which you wish to operate.)
This target, for interactive use, is used to update an existing device's configuration in NetCMS. You will be prompted for the device name.
This default rule, for internal use only, is responsible for performing the actual update logic. The quickest way to update a device is to do this:
$ make device.update
This is default rule, for internal use only. It tells make how to retrieve a configuration file from RCS.
This target, for internal use only, tells make how to retrieve the hand-maintained hosts file from RCS.
This target will cause make to rebuild a current impression of the hosts file. If the hosts file is out of date, you can use the content of ...hosts when you update the hosts file manually.
This target will cause make to build a sub-directory (called ...configurations) containing the current flash and running configurations from the device defined in ...hosts.
This target will cause make to produce an rlog-based report (to standard output) of all RCS log comments in the device configuration version files since the last time they were generated by the ...rlog.mailout targer.
This target will make rlog and pipe it to $PAGER.
This target, for both interactive and internal use, generates diff output showing differences between the configuration checked into RCS as the head revision vs. the configuration in flash.
This target, for both interactive and internal use, generates diff output showing differences between the device' configuration in flash vs. running configuration.
This target, for both interactive and internal use, generates diff output between the hand-maintained hosts file and the automatically generated hosts file: ...hosts.
This target, for both interactive and internal use, generates rlog ouput showing which NetCMS files are currently locked out.
These targets are for internal use by the mailout target. Primarily they simply create files to be used as e-mail attachments by recursively invoking make on the targets of the corresponding names.
This target, for either interactive and batch use, is used to generate and e-mail a NetCMS status summary and set of reports as MIME attachments.
This target, primarily for batch use, is used to remove all ... targets. A typical use would be to clean things up before running make mailout in batch.
NetCMS requires the following packages:
The NetCMS Makefile rules are written in ksh syntax. If you are using a system without ksh, use the freely-available pdksh (installed ask ksh). Possibly even bash (linked to ksh) will suffice, although I have not tested NetCMS with it.
RCS is a Revision Control System for files. NetCMS uses RCS to maintain revisions of all its configuration files (such as the NetCMS hosts file) and the network device configuration (*.conf) files.
perl is used both by the NetCMS Makefile and by component scripts.
mutt, an MUA, is used to compose e-mail with MIME attachments both interactively and in "batch" mode, for NetCMS cron-scheduled reports.
getcnf, a perl script which uses IOSchat and is supplied with that distribution, is the utility which NetCMS uses to retrieve the configuration from Cisco routers.
e-getcnf, which requires Comm.pl, is the utility which NetCMS uses to retrieve the configuration from Cisco Catalyst 5000 switches, sometimes used as ATM edge devices (hence the prefix e-).
This install should be performed as a user as the group to which all users of NetCMS will belong. (NetCMS is implemented as an RCS project, so the working-directory created by the install will be group writable.)
$ gunzip -c NetCMSversion.tar.gz |tar xf -
$ ./configure --help # note --with-... options
$ ./configure --prefix=/opt/net --project=cms # for example
$ make
$ make -n install
$ make install
$ cd /opt/net/cms
$ make
1) update an existing device
2) new device
3) mailout
4) QUIT
5) edit NetCMS hosts file
6) show changes since last e-mail report
#? 5
$ cd /opt/net/cms
$ make
1) update an existing device
2) new device
3) mailout
4) QUIT
5) edit NetCMS hosts file
6) show changes since last e-mail report
#? 2
$ cd /opt/net/cms
$ make clean mailout
Since NetCMS is an RCS-based project, maintained in a shared directory, it is important that your shell environment is set up properly. For instance your umask should be 002 so that files you create, and are created by the NetCMS Makefile, have group read and write permission. If you use the Korn, POSIX, or Bourne Again, or Bourne shell this would be set up in your .profile:
umask 02If you're login group is not the group which owns the NetCMS project directory, you can use the newgrp command to change into that group before doing NetCMS work:
$ newgrp - wnstaffSomething like this might be useful in your .profile to set up conditional behavior based upon which group you are in (not that this is Bourne, Bourne again, Korn, or POSIX shell syntax):
case `id -gn` in
wnstaff)
cd /home/wiscnet
PATH=$PATH:/home/wiscnet/bin
umask 02
;;
*)
umask 022
;;
esac
Dave Plonka, Oct 15 1997
While in the NetCMS working directory, there are three ways to update the revision-controlled router configuration:
Using a menu:
$ make
$ make update
$ make router.updateThe makefile will invoke the co, ci, getcnf, diff, and rcsdiff commands for you. If changes have been made you will be prompted to enter a meaningful log message. Dave Plonka, Oct 15 1997
While in the NetCMS working directory... First, that router must exist in the NetCMS hosts file. If it is not already there the hosts file can be edited from the NetCMS menu or like this:
$ make editThen, do this:
$ make newDave Plonka, Oct 15 1997
To do this in one fell swoop, you'll need to know a bit more about RCS. Before you start it would be a good idea to be sure that there aren't other changes pending to be checked in:
$ make flash-diff |lessHere's a step-by-step example to update all routers:
$ co -l *.conf,v # lock out all router configurationsNow that all routers are "reserved" for your exclusive use, perform your updates, using a tool of your choice (eg. expect, perl with chat2.pl, perl with IOSchat.pm, etc.).
$ rm -f nohup.out && nohup make locked.getcnf &After that has completed, check that the differences are what you expect using rcsdiff. An invocation like this might be useful:
$ egrep 'strict;$' *.conf,v | grep -v 'locks;' |grep ${LOGNAME?} |cut -f1 -d: |xargs rcsdiff 2>&1 |less
If the changes are all part of your mass change, you could
check all the files in with the same log message:
$ egrep 'strict;$' *.conf,v | grep -v 'locks;' |grep ${LOGNAME?} |cut -f1 -d: |xargs ci -m'put a meaningful log message here!'
That's it! At this point, the flash and running
configuration files in the ...configuration
sub-directory are out of date. These files are that used for report
generation, under the mailout Makefile target.
This will be regenerated by the next
cron-scheduled make clean mailout.
Dave Plonka, Oct 16 1997
$ makeor
$ make showDave Plonka, Oct 16 1997
First use the RCS rlog(1) command to see a list of revisions stored in a given router's RCS revision file (router.conf,v):
$ rlog router.confThen, use the RCS co(1) command to rerieve that version:
$ co -rrevision_number router.confIf you'd like to retrieve the revision to a file other than the working file (ie. router.conf), use the -p option to send it to standard output. Eg.:
$ co -prevision_number router.conf |lessor
$ co -prevision_number router.conf >/tmp/router.conf.revision_numberPlease don't leave these temporary files in the NetCMS directory. Dave Plonka, Oct 24 1997
$Id: NetCMS.html,v 1.1 1997/12/17 17:14:49 plonka Exp $