Re: [gentoo-user] Re: minimal web server

[Alan McKinnon <alan.mckinnon@gmail.com>]

On Sat, 5 May 2012 16:29:47 +0000 (UTC)
James <wireless@tampabay.rr.com> wrote:

> Alan McKinnon <alan.mckinnon <at> gmail.com> writes:
> 
> 
> > > #copy running-config [http | https] <url>
> 
> > How many routers are you backing up and what are your needs?
> 
> It varies. I seem to 'inherit' networks that are not populated
> by humans (mostly machines & controls). I like to first copy
> the running configurations to my laptop as often the routers are old
> and nobody seems to know much about them. (yea as an old linux_hag
> I get work on stuff that most other will not touch).....
> As a PE in Controls, I seem to get lucky and am able
> to patch, enhance or replace equipment, with minimal
> disturbances to the myriad of protocols and legacy
> heuristics that inhabit these plants. It's a situation
> where if you break it, you own the problem. I try very
> hard to keep Microsoft based technologies out of the plants.
> Microsoft(anything) is mostly a disaster in the Process
> Controls space. I often prove this to a customer, by dropping
> in a sniffer here and there and show them the myriad of
> shit_traffic that Microsoft(anything) generates just to move
> a few bits around. Besides, if you don't believe me,
> just ask the IRANIANS how wonderful MS is (think stuxnet virus).
> 
> (enough background?)
> 
> I use a laptop, as often the sites do not have any remote 
> access or it is blocked. I grab a config and then figure
> out a fix, only to return later, sometimes with drop in 
> replacement hardware. Too often, I'm content to just hack
> at the old existing (shit) hardware. Industrial folks are not 
> so robust on their nets that control machines and such.Often, 
> Poor practices and little of a structured management system exist. 
> Still, I get to avoid humans, so I trudge along, meeking out a
> living....
> 
> 
> > https://www.shrubbery.net/rancid
> 
> Rancid  looks interesting enough to explore. Do you have an
> unofficial ebuild somewhere, or do you just hack the install on
> gentoo?

Our rancid stuff runs on FreeBSD (I banned Gentoo from all new
production installs 3 years ago...) so we mostly don't bother with
packages. Good old "./configure && make && make install" is what works
for us.

rancid is awesome for what it does, but I doubt it will suit your
needs. Because it logs int a device periodically, it needs direct
access somehow. And considering the age of some of the stuff you
have[1] most of it won't support ssh properly, so you need telnet.
There goes any idea of polling devices for backup purposes and we're
back to grabbing the config off the router on-site. Like several others
said already, I'd go for ftp rather than http for this, it's just
easier.

[1] lemme guess - you deal with actual live networks right? Real ones
that people built. Not the kind of mythical networks described in
Gartner white papers and Cisco training manual where everything is
somehow supposed to all just magically work out the box (but
doesn't...)?

-- 
Alan McKinnnon
alan.mckinnon@gmail.com