11
November 2013

The Files Menu

Andy Harris

This week we’ve been looking at an under-used but rather interesting corner of Osirium PAM, the files menu.

The files menu is a web served repository for files that are generated by tasks, and there are two types which are considered particularly useful:

The Backup

In general, we think of system backups as long processes that generate huge data volumes, when the fact is that, for most infrastructure devices, a backup is merely a record of the configuration which takes less than a second to generate and is often just 5-10K bytes. Tasks which automate changes to network switches, for example, can easily include a backup of the device. And, if these backups are made before and after each change, not only do we have a valid backup of the device, but we also have a restore point to revert to. This gives us a higher level of confidence when delegating privileged tasks to the help desk or outsourcing.

Here’s an example of a configuration backup added to a task:

show configuration %(local_backup_location)s/%(device_name)s/backup_%(O_TASK_UTC_STARTTIME)s.txt

In essence this task creates a file that is the text capture of the ‘show configuration’ command. It is stored with the device name and task start time in the file name.

The Techout

A techout is the process of gathering configuration, operational status and logs about a device or application. This is the data that the next line of support needs to analyse issues. Typically, the start of the process involves grabbing the same data for the same types of system. Osirium automates this so that techouts are consistent. Furthermore, this can be a delegated task. So, if the helpdesk find that they can’t solve a particular issue, they can grab the techout and send it to the support team.

Here’s an example of sub-task in a techout task:

find /home/%(username)s_*/ -name “capture.cap” %(local_backup_location)s/%(device_name)s/capture_%(O_TASK_UTC_STARTTIME)s.cap %(capture_filename)s rm %(capture_filename)s

This task copies the results of a TCP dump from a remote device to Osirium. It provides the extra sophistication of handling the condition where the capture fails, or is not available, by generating a human readable message to indicate what the failure was. A full techout would consist of a series of these tasks tailored to the device or application.

In summary, backups can be very useful and techouts are a great way of gathering consistent information for problem analysis. However, both are repetitive tasks requiring a high privilege level. With Osirium, both can be packaged up and delegated to better utilise resources and create cost efficiencies.