From randy at psg.com  Mon Mar  9 18:27:13 2026
From: randy at psg.com (Randy Bush)
Date: Mon, 09 Mar 2026 11:27:13 -0700
Subject: [rancid] frr/zebra more info
Message-ID: <m2y0k0x3i6.wl-randy@psg.com>

currently, for frr systems,
  o i use `zebra` in the `router.db` definition
  o the rancid user on the target is ssh keyed (with command
    restriction)
  o the `/etc/passwd` entry for rancid has the shell defined as
    `/home/rancid/do-vtysh`
  o that script simply does `sudo /bin/vtysh`

and that works for the `show running config`

but i would also like to capture, archive, and diff
  o `/etc/network/interfaces` and
  o `/etc/nftables.conf`

do i hack the `/home/rancid/do-vtysh` script to simply `cat` them to
stdout?  i dread creating a new, or augmenting existing, rancid device
type.

randy


From heas at shrubbery.net  Tue Mar 10 06:22:32 2026
From: heas at shrubbery.net (heasley)
Date: Tue, 10 Mar 2026 06:22:32 +0000
Subject: [rancid] frr/zebra more info
In-Reply-To: <m2y0k0x3i6.wl-randy@psg.com>
References: <m2y0k0x3i6.wl-randy@psg.com>
Message-ID: <aa-4qDaKXCDkbhrJ@shrubbery.net>

Mon, Mar 09, 2026 at 11:27:13AM -0700, Randy Bush:
> currently, for frr systems,
>   o i use `zebra` in the `router.db` definition
>   o the rancid user on the target is ssh keyed (with command
>     restriction)
>   o the `/etc/passwd` entry for rancid has the shell defined as
>     `/home/rancid/do-vtysh`
>   o that script simply does `sudo /bin/vtysh`
> 
> and that works for the `show running config`
> 
> but i would also like to capture, archive, and diff
>   o `/etc/network/interfaces` and
>   o `/etc/nftables.conf`
> 
> do i hack the `/home/rancid/do-vtysh` script to simply `cat` them to
> stdout?  i dread creating a new, or augmenting existing, rancid device
> type.

I doubt that will work.  I expect it will just be filtered.

Maybe adding to the command list like:
	<name>;command;rancid::<writefunc>;start-shell cat /etc/network/interfaces

does that command actually work?  docs imply that it does.


From randy at psg.com  Tue Mar 10 20:12:31 2026
From: randy at psg.com (Randy Bush)
Date: Tue, 10 Mar 2026 13:12:31 -0700
Subject: [rancid] frr/zebra more info
In-Reply-To: <aa-4qDaKXCDkbhrJ@shrubbery.net>
References: <m2y0k0x3i6.wl-randy@psg.com>
	<aa-4qDaKXCDkbhrJ@shrubbery.net>
Message-ID: <m27brjwij4.wl-randy@psg.com>

> Maybe adding to the command list like:
> 	<name>;command;rancid::<writefunc>;start-shell cat /etc/network/interfaces
> does that command actually work?  docs imply that it does.

made a new type in `/etc/raancid/rancid.types.conf`
```
frrx;script;rancid -t frr
frrx;login;clogin
frrx;module;frr
frrx;inloop;frr::inloop
frrx;command;frr::ShowVersion;show version
frrx;command;frr::WriteTerm;write term
frrx;command;rancid::WriteTerm;start-shell cat /etc/network/interfaces
frrx;command;rancid::WriteTerm;start-shell cat /etc/nftables.conf
```

and changer the `router.db` entry to that type

did not record that last two commands

log uninteresting except maybe for second line here
```
no changes added to commit (use "git add" and/or "git commit -a")
Added r42.foo.blarg.net
```

randy


From daniel.kerse at gmail.com  Wed Mar 11 21:52:58 2026
From: daniel.kerse at gmail.com (Dan Kerse)
Date: Wed, 11 Mar 2026 21:52:58 +0000
Subject: [rancid] frr/zebra more info
In-Reply-To: <m27brjwij4.wl-randy@psg.com>
References: <m2y0k0x3i6.wl-randy@psg.com>	<aa-4qDaKXCDkbhrJ@shrubbery.net>
 <m27brjwij4.wl-randy@psg.com>
Message-ID: <SI2PR04MB4848016E2C668EB847ED159AFF47A@SI2PR04MB4848.apcprd04.prod.outlook.com>

I think you need to add an x to the end of this line:
frrx;script;rancid -t frr
 Should read:
frrx;script;rancid -t frrx


ie the type that you pass to the rancid command needs to match the type defined in the configuration file.

________________________________
From: Rancid-discuss <rancid-discuss-bounces at www.shrubbery.net> on behalf of Randy Bush <randy at psg.com>
Sent: Wednesday, March 11, 2026 9:12:31 AM
To: heasley <heas at shrubbery.net>
Cc: RANCID Discuss <rancid-discuss at www.shrubbery.net>
Subject: Re: [rancid] frr/zebra more info

> Maybe adding to the command list like:
>        <name>;command;rancid::<writefunc>;start-shell cat /etc/network/interfaces
> does that command actually work?  docs imply that it does.

made a new type in `/etc/raancid/rancid.types.conf`
```
frrx;script;rancid -t frr
frrx;login;clogin
frrx;module;frr
frrx;inloop;frr::inloop
frrx;command;frr::ShowVersion;show version
frrx;command;frr::WriteTerm;write term
frrx;command;rancid::WriteTerm;start-shell cat /etc/network/interfaces
frrx;command;rancid::WriteTerm;start-shell cat /etc/nftables.conf
```

and changer the `router.db` entry to that type

did not record that last two commands

log uninteresting except maybe for second line here
```
no changes added to commit (use "git add" and/or "git commit -a")
Added r42.foo.blarg.net
```

randy

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20260311/3375638d/attachment.htm>

From randy at psg.com  Wed Mar 11 22:09:15 2026
From: randy at psg.com (Randy Bush)
Date: Wed, 11 Mar 2026 15:09:15 -0700
Subject: [rancid] frr/zebra more info
In-Reply-To: <SI2PR04MB4848016E2C668EB847ED159AFF47A@SI2PR04MB4848.apcprd04.prod.outlook.com>
References: <m2y0k0x3i6.wl-randy@psg.com> <aa-4qDaKXCDkbhrJ@shrubbery.net>
 <m27brjwij4.wl-randy@psg.com>
 <SI2PR04MB4848016E2C668EB847ED159AFF47A@SI2PR04MB4848.apcprd04.prod.outlook.com>
Message-ID: <m27briuigk.wl-randy@psg.com>

> I think you need to add an x to the end of this line:
> frrx;script;rancid -t frr
>  Should read:
> frrx;script;rancid -t frrx

ok.  makes sense.  but, as i said in a private email

> made a new type in `/etc/raancid/rancid.types.conf`
> ```
> frrx;script;rancid -t frr
> frrx;login;clogin
> frrx;module;frr
> frrx;inloop;frr::inloop
> frrx;command;frr::ShowVersion;show version
> frrx;command;frr::WriteTerm;write term
> frrx;command;rancid::WriteTerm;start-shell cat /etc/network/interfaces
> frrx;command;rancid::WriteTerm;start-shell cat /etc/nftables.conf
> ```
> 
> and changed the `router.db` entry to that type

on the target, the user rancid has a special shell, not bash/csh

rancid:x:1003:1003:Rancid User,,,:/home/rancid:/home/rancid/do-vtysh

which simply does `sudo vtysh` so rancid can issue vtysh commands

but, despite rumors, vtysh does not support `start-shell` or any
other way to `cat` a file

randy


From daniel.kerse at gmail.com  Thu Mar 12 05:19:38 2026
From: daniel.kerse at gmail.com (Dan Kerse)
Date: Thu, 12 Mar 2026 05:19:38 +0000
Subject: [rancid] frr/zebra more info
In-Reply-To: <m27briuigk.wl-randy@psg.com>
References: <m2y0k0x3i6.wl-randy@psg.com>	<aa-4qDaKXCDkbhrJ@shrubbery.net>
 <m27brjwij4.wl-randy@psg.com>
 <SI2PR04MB4848016E2C668EB847ED159AFF47A@SI2PR04MB4848.apcprd04.prod.outlook.com>
 <m27briuigk.wl-randy@psg.com>
Message-ID: <SI2PR04MB48480CA7816E38C5069EF704FF44A@SI2PR04MB4848.apcprd04.prod.outlook.com>

Hmm I wonder if the wrapper script could concatenate the file?

cat /etc/nftables.conf && sudo vtysh

Or something along these lines. You?re using a wrapper script as your login shell already, can?t you just extend it?

________________________________
From: Randy Bush <randy at psg.com>
Sent: Thursday, March 12, 2026 11:09:15 AM
To: Dan Kerse <daniel.kerse at gmail.com>
Cc: heasley <heas at shrubbery.net>; RANCID Discuss <rancid-discuss at www.shrubbery.net>
Subject: Re: [rancid] frr/zebra more info

> I think you need to add an x to the end of this line:
> frrx;script;rancid -t frr
>  Should read:
> frrx;script;rancid -t frrx

ok.  makes sense.  but, as i said in a private email

> made a new type in `/etc/raancid/rancid.types.conf`
> ```
> frrx;script;rancid -t frr
> frrx;login;clogin
> frrx;module;frr
> frrx;inloop;frr::inloop
> frrx;command;frr::ShowVersion;show version
> frrx;command;frr::WriteTerm;write term
> frrx;command;rancid::WriteTerm;start-shell cat /etc/network/interfaces
> frrx;command;rancid::WriteTerm;start-shell cat /etc/nftables.conf
> ```
>
> and changed the `router.db` entry to that type

on the target, the user rancid has a special shell, not bash/csh

rancid:x:1003:1003:Rancid User,,,:/home/rancid:/home/rancid/do-vtysh

which simply does `sudo vtysh` so rancid can issue vtysh commands

but, despite rumors, vtysh does not support `start-shell` or any
other way to `cat` a file

randy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20260312/cafe2545/attachment.htm>

From randy at psg.com  Thu Mar 12 17:56:34 2026
From: randy at psg.com (Randy Bush)
Date: Thu, 12 Mar 2026 10:56:34 -0700
Subject: [rancid] frr/zebra more info
In-Reply-To: <SI2PR04MB48480CA7816E38C5069EF704FF44A@SI2PR04MB4848.apcprd04.prod.outlook.com>
References: <m2y0k0x3i6.wl-randy@psg.com> <aa-4qDaKXCDkbhrJ@shrubbery.net>
 <m27brjwij4.wl-randy@psg.com>
 <SI2PR04MB4848016E2C668EB847ED159AFF47A@SI2PR04MB4848.apcprd04.prod.outlook.com>
 <m27briuigk.wl-randy@psg.com>
 <SI2PR04MB48480CA7816E38C5069EF704FF44A@SI2PR04MB4848.apcprd04.prod.outlook.com>
Message-ID: <m21phpue25.wl-randy@psg.com>

> Hmm I wonder if the wrapper script could concatenate the file?
> 
> cat /etc/nftables.conf && sudo vtysh

seems to be a no-op

randy


From heas at shrubbery.net  Thu Mar 12 18:03:49 2026
From: heas at shrubbery.net (heasley)
Date: Thu, 12 Mar 2026 18:03:49 +0000
Subject: [rancid] frr/zebra more info
In-Reply-To: <m21phpue25.wl-randy@psg.com>
References: <m2y0k0x3i6.wl-randy@psg.com> <aa-4qDaKXCDkbhrJ@shrubbery.net>
 <m27brjwij4.wl-randy@psg.com>
 <SI2PR04MB4848016E2C668EB847ED159AFF47A@SI2PR04MB4848.apcprd04.prod.outlook.com>
 <m27briuigk.wl-randy@psg.com>
 <SI2PR04MB48480CA7816E38C5069EF704FF44A@SI2PR04MB4848.apcprd04.prod.outlook.com>
 <m21phpue25.wl-randy@psg.com>
Message-ID: <abMABTUuoICN17uj@shrubbery.net>

Thu, Mar 12, 2026 at 10:56:34AM -0700, Randy Bush:
> > Hmm I wonder if the wrapper script could concatenate the file?
> > 
> > cat /etc/nftables.conf && sudo vtysh

that would not work; that input would be discarded because it would not
be correlated to a command it had issued.


From randy at psg.com  Thu Mar 12 18:01:02 2026
From: randy at psg.com (Randy Bush)
Date: Thu, 12 Mar 2026 11:01:02 -0700
Subject: [rancid] frr/zebra more info
In-Reply-To: <abMABTUuoICN17uj@shrubbery.net>
References: <m2y0k0x3i6.wl-randy@psg.com> <aa-4qDaKXCDkbhrJ@shrubbery.net>
 <m27brjwij4.wl-randy@psg.com>
 <SI2PR04MB4848016E2C668EB847ED159AFF47A@SI2PR04MB4848.apcprd04.prod.outlook.com>
 <m27briuigk.wl-randy@psg.com>
 <SI2PR04MB48480CA7816E38C5069EF704FF44A@SI2PR04MB4848.apcprd04.prod.outlook.com>
 <m21phpue25.wl-randy@psg.com> <abMABTUuoICN17uj@shrubbery.net>
Message-ID: <m2zf4dsza9.wl-randy@psg.com>

>>> Hmm I wonder if the wrapper script could concatenate the file?
>>> cat /etc/nftables.conf && sudo vtysh
> that would not work; that input would be discarded because it would
> not be correlated to a command it had issued.

as one would guess.  but worth a cheap try.

randy