super duper network config management and monitoring tool
Currently, the rancid tool is more like a framework of different expect and tcl scripts that grew out of a plain old cisco switch /router configuration management tool originally. So, there's a rancid script for each thing, there's not much code reuse (like nrancid or nsrancid or crancid for each device). It "does it wrong"; telnet and ssh logins parse prompts and attempt to match text using expect, and the resulting code is ugly and constantly runs into weird corner cases.
I'd like to write a tool that could simply "scp" configuration files (so it avoids weird terminal linewrap issues) and stores them into version control that tries to be a happy medium, leaning on svn modules and not relying on something that's inflexible like an external tool like ViewVC.
I would provide a nice web interface that would allow a netadmin to input their device's info and match it up with a profile to set up unprivileged users and generates ssh keys w/ a generated random password or whatever the best practice would be for any class of device. This logic and framework should be easily maintained, but would and should be the place where most people in the Community at large would contribute (though the Gold Standard would be a totally device "profile-less" environment were the task of exploring a device is made into a generic task... since each device can be configured in ways that would really fuck up any expected behavior, anyway.)
The configuration polling daemon should run opportunistically and on multiple switches, and the goal would be a single tool to manage the changes of 200 devices per instance (medium-large sized shops).
by the end of the project we should try to attack the massive enterprise level of bullshit, with all sorts of weird security hazards, asinine snmpv3 security and all that jazz, either by chaining monitoring daemons or whatever way of getting around that sort of shit- though chaining would be the way to go to scale this stuff up anyway, so might as well do it.
moar features
* "fast" setup using default management profile: you quite literally type out an ip or hostname and this tool attempts to connect via snmp, telnet and/or ssh and attempts auto-identification and setup by dumping configs, creating unprivileged users, etc based on whatever credentials you use throughout your network (common snmp community string, ssh key, simple master password, etc). this is the only place where crazy "expect" logic makes sense, since it's all too common that a network admin is thrown into a rat's nest of machines. if all else fails the interface prompts the netadmin for explicit login instructions or to walk through a new device profile. * auto-device discovery: tons of ways to do this, one clever way is to find additional devices through methods on a "root" device such as "show cdp neighbors" and "arp"... we'd then literally crawl through the chain and run the tool to start auto-populating the database with fresh hosts to manage. * note all this stuff should be somewhat stateless, so that you can hit some "master refresh" button that can re-discover things without blowing away current data, just merge it all intelligently. this is where parallel tasklets are going to come in handy, for speed and for cool-factor, and also where the challenge is. cacti doesn't do this, it sucks in that way.... DON'T BE LIKE CACTI
references
http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
drill down milestones
v0.1
* auto build svn repo * connect to a cisco switch and pull its config using scp, commit to svn repo
v0.2
* email notifications upon change, build in threshold and config sanitation (passwords and dates)
v0.3
* make it pretty using templating * make svn repo management more robust, isolate from user assfuckery
v0.5
make TACACS+ pointless by centralizing user management; directory services are for losers lol single point of failure change configuration from within the interface and push upstream start exploring device logs and who else is on the tool
v1.0
session management (build to scale to cluster), save working state to shelf() per "n" seconds work with IOS, CatOS, Netscaler and NetScreen make recommended changes to config*
v2.0
use cacti cli to downgrade cacti to a viewing interface and banish its retarded admin panel from relevance do fibre channel device management do h/w management (APCs, DRACs, cyclades) device management generate graphical representation of network (oooh hard)
.