Changelog¶
1.6.0 (2017-03-08)¶
Enhancements¶
- Remote execution on devices running Cumulus Linux is now officially supported.
- A new configuration setting
DEFAULT_ADMIN_STATUS
has been added that defaults toPRODUCTION
that is used to popoulate theadminStatus
field onNetDevice
objects that do not have that field populated. - CLI-tool
gnng
now uses PTable instead of the old indent function. - [Feature] #312: Added -a/–listen-address option to the XMLRPC Server Twisted’s default of 0.0.0.0 has been preserved, but now if you supply -a to twistd you can have it listen on a different address.
Backwards-incompatible changes¶
- PyCrypto has been replaced with the cryptography library.
- The default NetDevices loader is now
JSONLoader
. - ACL support is now disabled by default. This means that
WITH_ACLS = False
is now the global default. - The
conf
directory at the repository root containing sample configurations has been renamed toconfigs
to avoid confusiong with theconf
library.
Bug Fixes¶
- Fixed a bug in Cumulus Linux prompt patterns.
- Also disabled execution of
sudo vtysh
by default on Cumulus. It will now be left up to operators to do this for themselves. Cumulus Linux.
- Also disabled execution of
- Bugfixes for handling esoteric SSH server implementations.
- Bugfixes for the TextFSM parsed results bucket.
- Fixed a bug on Arista EOS devices that would sometimes cause the prompt to be included in the results from commands with no output.
- [Bug] #313: Use pyparsing~=2.2.0 for compat w/ setuptools>=34.0.0 which was causing install to fail
1.5.10 (2016-04-18)¶
Bug Fixes¶
- Extended prompt detection for IOS-like devices to include interstitial space
(
\s
) or carriage return (\r
) characters which is sometimes seen on Arista EOS devices, and would cause asynchronous execution to sometimes hang and result in aCommandTimeout
error. - [Bug] #269: - Bugfix in
bin/load_acl
that preventsqueue.complete()
from being called when using the--no-db
flag. Previously, anAttributeError
attribute error was raised due to attempting to callcomplete
onqueue
, which is set toNone
when passing--no-db
. - [Bug] #266: - Cleaned up network.utils.ping, removed hostname validation code
- [Bug] #271: - Bugfix in
ping()
where a file descriptor wasn’t closed cleanly. - [Bug] #167: - Bugfix in
bin/gnng
that printed device names before any tables, resulting in potentially confusing results. Devices names are now printed with the corresponding table. - [Bug] #257: - Bugfix in
bin/gnng
that allows the--filter-on-type
to function as expected. - Update documentation of
gnng
‘s-N
/--nonprod
flag. - [Bug] #89: - Bugfix in
bin/gnng
that allowsgnng
to fail gracefully when a device isn’t found. - Bugfix in
bin/gnng --all
that was causing many device vendors to be skipped entirely because the filter was too specific. This vendor filter has been removed and will now fallback toNetACLInfo()
internal knowledge of supported platforms.
1.5.9 (2016-04-01)¶
Bug Fixes¶
- [Bug] #258: - Bugfix in
gorc
where init commands would be sent before a prompt was even available on the remote device. - [Bug] #259: - Bugfix in
pretty_time()
wherepytz
was being referenced but not imported. - Extended prompt detection for IOS-like devices to include backspace
characters (
\b
or\x08
) which is sometimes seen on Cisco NX-OS devices, and would cause asynchronous execution to sometimes hang and result in aCommandTimeout
error.
- Improved the internal grouping logic for
load_acl
to be more permissive and if grouping fails it will just not group devices. - Fixed a bug that would prevent ACL staging from working when using default global settings.
- Fixed bugs in the default global callables for
get_current_oncall()
andcreate_tm_ticket()
that would preventlod_acl
from working. They now default to a disabled state that does not require customization just to utilize core load_acl functionality. - Updated the sample
settings.py
(configs/trigger_settings.py
) to utilize the updated default callables. - Fixed a bug in default global callable for
get_tftp_source()
to properly perform lookup ofVIPS
- Fixed a bug in default global callable for
stage_acls()
to properly perform lookup ofFIREWALL_DIR
andTFTPROOT_DIR
.
1.5.8 (2016-03-08)¶
1.5.7 (2016-02-18)¶
Enhancements¶
- Added TextFSM parser to process unstructured CLI output.
- Added a new prompt pattern to
settings.CONTINUE_PROMPTS
. - New continue prompts no longer need to be lower-cased.
- Clarified the error text when an enable password is required but not provided when connecting to a device to make it a little more clear on how to proceed.
1.5.6 (2016-02-16)¶
Bug Fixes¶
- [Bug] #153: Added
-f/--force-cli
torun_cmds
to allow CLI execution on Juniper devices or any vendor platform where API support is enabled by default, fixing an underlying bug where CLI output would result in a crash. - [Bug] #193: Multiple commands can now be sent to Juniper devices w/
run_cmds
. - Updated the Juniper CLI prompt pattern to work when a hostname isn’t set
that would result in a
CommandTimeout
causing execution to fail.
1.5.5 (2016-02-04)¶
Bug Fixes¶
- Bugfix in
match()
where keyword arguments were not properly filtering out devices that matched, sometimes resulting in a confusing union of matching devices.
1.5.4 (2016-01-29)¶
Bug Fixes¶
- Bugfix when using
match()
to lookup devices by attribute/value, which will no longer result in aKeyError
if any device is missing the desired attribute. This means that besides the minimum required attributes,NetDevice
objects:- Are no longer required to have uniform attributes;
- If an attribute does it exist it may have a value of
None
.
1.5.3 (2016-01-19)¶
New Features¶
- Remote execution on Avocent console servers is now officially supported.
- Example normalizer
project added to the
examples
directory at the root of the repository.
Enhancements¶
- An identity test for
NetDevice
objects has been added that can be used to check whether a devices is a Cisco Nexus. You may utilize it by callingis_cisco_nexus()
on anyNetDevice
object. - Support for parsing interfaces on Cisco Nexus devices has been added.
- A new global setting now defines what to do when a device object does not
have a manufacturer defined (See:
FALLBACK_MANUFACTURER
) which defaults to the valueUNKNOWN
. - [Feature] #212: The
twister
module is now PEP8-compliant.
Bug Fixes¶
- Fixed a bug where devices w/ mixed case names aren’t properly detected by
Commando
subclasses, sinceNetDevices
normalizes the hostname on load. - [Bug] #236: Fixed a bug in
changemgmt
so that Trigger can use the current version ofpytz
. - [Bug] #238: Fixed a bug where sending an enable password to a device in a low latency environment (sub 1 ms) would result in the password being sent before the password prompt is displayed by the device.
- [Bug] #241: Pin Twisted version to 15.4.0 so that py2.6 unit tests succeed. (Twisted 15.5.0 dropped support for Python 2.6)
1.5.2¶
New Features¶
NetDevices
can now be properly subclassed and extended.- A disable paging command has been added for Citrix NetScaler devices.
- String patterns used for detecting continue prompts is now globally
configurable. (See
CONTINUE_PROMPTS
)
1.5.1¶
New Features¶
- The SSH authentication order is now a configurable setting. Public key is now
the last method by default, but this is now easily configured in
settings.py
using the newSSH_AUTHENTICATION_ORDER
setting. - The
command_interval
argument may now be passed toCommando
and its subclasses. This allows you to specify a delay time in seconds to wait between sending commands to devices.
Enhancements¶
- The example script the Trigger XMLRPC service has been improved to check the
pid file and kill the existing
twistd
process by process id.
1.5¶
Warning
This release has introduced a change the Commando.parse()
method that
WILL require a minor change to any subclasses of Commando in your
applications.
You will need to modify any custom from_{vendor}
methods to take an
optional commands
argument. It is recommended that you add
commands=None
.
1.4.9¶
New Features¶
- Support for Pica8 routers and switches has been added!
- [Feature] #135: Support for SSH public key authentication has been added!
- An ehancement to
select_next_device()
to support skipping aNetDevice
object for selection. If you overload this method in a subclass and want to skip the device, just returnNone
!
1.4.8¶
New Features¶
Cisco ASA firewall now supported as a NetDevice. To begin using, ensure that
FIREWALL
is added in your settings.py as a supported cisco platform.oFor it to enable properly, either the netdevice attribute
enablePW
needs to be set or the environment variableTRIGGER_ENABLEPW
does. For now, I typically accomplish this via:>>> from trigger.conf import settings >>> from trigger import tacacsrc >>> settings.DEFAULT_REALM = 'MyRealm' >>> os.environ['TRIGGER_ENABLEPW'] = \ tacacsrc.get_device_password(settings.DEFAULT_REALM).password >>> # Then the rest of my program
ACL parsing for ASA is not implemented yet. NetACLInfo will generate the proper command, but will currently just add a message warning about future support
1.4.6¶
1.4.5¶
New Features¶
- There is now a MongoDB loader for
NetDevices
. - [Feature] #140: There is a new
ReactorlessCommando
that allows for running multipleCommando
instances in the same program under the same reactor by preventing the instances from doing it themselves. - [Feature] #182:
bin/run_cmds
will now log all activity to a logfile in/tmp
- [Feature] #195: The
acl
library has been refactored to be more modular, breaking out vendor-specific grammar details into their own modules (ios
,junos
).
Documentation¶
- Improved the documentation for Managing Credentials with .tacacsrc.
- The Installation page now includes instructions for using
bounce.py
to configure maintenance windows.
Bug Fixes¶
- Make sure Juniper SRX devices are not categorized as being NetScreen devices
- Bugfix in
is_netscreen()
to account for when.make
isNone
- Minor bugfix in
start_xmlrpc.sh
example script
1.4.4¶
Enhancements¶
- Client connectings (such as those made by
bin/load_acl
, for example) will now raise an error when it is detected that an enable password is required and one is not provided. - [Feature] #181: Added SSH support for confirmation prompts
- Added
'[confirm]'
as one of those prompts
- Added
Bug Fixes¶
- [Bug] #172: Added ability to specify remote port for NetDevice objects
- Add defaults in settings.py for SSH (SSH_PORT) and Telnet (SSH_TELNET) ports
- Added documentation for SSH_PORT and TELNET_PORT in settings.py
- [Bug] #180: Fix prompt patterns to include optional space and hard line-endings.
- [Bug] #184: Pin pytz<=2014.2 to fix unit tests for time being (no pun intended).
- Fix a minor bug causing
bin/gong
send the enable password when it shouldn’t. - Bugfix when passwords are passed in to make sure they are not unicode
bin/gong
will now mark a device as enabled when auto-enable is detected.
1.4.3¶
New Features¶
- Added a new
bin/check_syntax
tool to determine if an ACL passes a syntax check. - Acceptance tests can now be run standalone from within a clone of the Trigger repo.
- [Feature] #142:
bin/gong
now enables on login if the enable password is provided by way ofTRIGGER_ENABLEPW
.
Enhancements¶
- Improvements to user-experience within
bin/acl
- Help text greatly improved and expanded to be more helpful
-l
and-m
args now print a message when load queue is empty- Clarified help text for
-a
and-r
args
- It now requires users to explicitly ask for associations instead of it being default.
- The wording on the status output has been improved for clarity and conciseness.
- Help text greatly improved and expanded to be more helpful
bin/load_acl
will now validate.tacacsrc
before work begins
Bug Fixes¶
- Bugfix in
Tacacsrc
in which saving a password longer than a certain length could cause the encrypted password hash to contain newlines and therefore become unreadable. - [Bug] #163: Bugfix to copy startup commands from a device when creating a channel base, otherwise they will get consumed directly from the device, and connections after the first will not send any startup commands.
- [Bug] #157: Bugfix in which
TriggerTelnetClientFactory
was missing thedevice
attribute. - Fix a bug causing a crash when using
gnng --dotty
- Bugfix in
pty_connect()
to check for telnet fallback before attempting to telnet over pty that would cause a race condition resulting in a crash if neither telnet or SSH are available. - Catch invalid hostnames before they bleed through in stderr output
when using
ping
- Bugfix to catch exceptions for bad netdevices data in
bin/netdev
. - Fix bugs in auto-enable and remote execution on certain devices
- The correct delimiter is now mapped out by vendor/platform and attached to the NetDevice object at runtime.
- Fixed a bug when executing commands remotely on NetScreen devices running ScreenOS that was causing them to be treated as Juniper routers/switches if the NetDevice attributes vendor=juniper and deviceType=netscreen.
- [Bug] #151: Gong now uses chosen dev. from multiple when updating
.tacacsrc
. - [Bug] #90: Bugfix causing
CSVLoader
for netdevices to always succeed.
1.4.2¶
Warnings¶
- With this update, load_acl and acl no longer assume ACL and filter files
begin with ‘acl.’. There are two options for updating your deployment to
work with this code:
- Move files in settings.FIREWALL_DIR to files without the prepended ‘acl.’.
- Update autoacls.py and explicit ACL associations to include the prepended ‘acl.’ prepend_acl_dot was included in tools/ to help update explicit ACL associations.
- Please note that either change above may have an impact on any non-trigger code.
New Features¶
- ACL staging and finding tftp server moved to global settings
- Allows for more site specific configuration
- Load_acl support for new vendors
- Force10
- Enhancements to various ACL-related CLI tools
- Moved staging and tftp server definitions to global settings to allow for site specific configuratons
- Added tftpy package to trigger.packages.tftpy (MIT License)
1.4.1¶
New Features¶
- Support for new vendors and platforms!!
- F5 BIG-IP application delivery controllers and server load-balancers
- MRV LX-series console servers
- New tool
bin/run_cmds
to run commands from the CLI!
Documentation Enhancements¶
- API documentation fixes for trigger.contrib and some logging fixes
Bug Fixes¶
- [Bug] #97: Bugfix that was causing NameError crash in
bin/optimizer
. - [Bug] #124: Bugfix in
pretty_time
where global timezone was hard-coded. - [Bug] #127: Bugfix to handle SSH protocol errors as if they are login failures instead of exiting with a cryptic error.
- Bugfix in Tacacsrc when updating credentials for a user.
- Tacacsrc will now truly enforce file permissions on the .tacacsrc when reading or writing the file
1.4¶
Trigger has a new home at https://github.com/trigger/trigger!
New Features¶
- Support for new vendors and platforms!!
- Aruba wireless controllers
- Cisco Nexus switches running NX-OS
- Force10 routers and switches
- Trigger now has a
contrib
package for optional extensions to core Trigger features.- A pluggable XMLRPC
server
that can be used as a long-running event loop. - Plugins for use w/ the XMLRPC server
- A pluggable XMLRPC
- Task
queue
now supports MySQL, PostgreSQL, or SQLite. See the Database settings for more information!- There’s a new
DATABASE_ENGINE
that allows you to specify. - New tool to initialize your database w/ ease:
init_task_db
- There’s a new
- All legacy unit tests have been fixed and Trigger is now fully integrated with Travis CI. All new functionality will be fully tested, and the existing unit testing suite will be continually improved.
- You may now globally disable ACL support by toggling
WITH_ACLS
insettings.py
. - All
execute()
methods andCommando
objects now support aforce_cli
argument to force commands to be sent as CLI commands and return human-readable output instead of structured output. Currently this is only relevant for Juniper devices, which return XML by default. - [Feature] #54: Commands allowed in
.gorc
can now be customized insettings.py
(SeeGORC_ALLOWED_COMMANDS
for more information) - Vastly expanded debug logging to include device hostname whenever possible. (You’re welcome!)
Bug fixes¶
- Fix AttributeError when trying to connect interactively causing logins to fail.
- [Bug] #74: - Bugfix in error-detection for NetScaler devices
- Bugfix in host lookup bug in
TriggerTelnet
causing telnet channels to crash. - Fix typo that was causing Cisco ACL parsing to generate an unhandled exception.
- Fix typos in
tools/tacacsrc2gpg.py
that were causing it to crash. - [Bug] #119: - Get custom importlib from trigger.utils vs. native (for supporting Python < 2.6).
- Replace all calls to
os.getlogin()
causing “Invalid argument” during unit tests where the value$USER
is not set. - Various bugfixes and improvements to the handling of async SSH execution.
- [Bug] #33: Console paging is now disabled by default for SSH Channels.
- [Bug] #49: Bugfix in ACL
parser
to omit src/dst ports if range is 0-65535. - Bugfix in ACL parser showing useless error when address fails to parse
- Bugfix in
RangeList
objects causing numeric collapsing/expanding to fail - Bugfix in
Commando
causing results from multiple Commando instances to collide with each other because they were inheriting an empty dictionary from the class object.
CLI Tools¶
bin/gnng
- Added flags to include un-numbered (-u) or disabled (-d) interfaces.
trigger.acl¶
- Minimal changes to support writing Dell ACLs
- Parser modifications to support negation of address objects in Junos ACLs. (Note that this relies on marking up ACLs with ‘trigger: make discard’ in term comments. This is undocmented functionality, currently used internally within AOL, and this code will only be used for Junos output.)
- [Feature] #47: Add parsing of ranges for
fragment-offset
in Juniper ACLs
trigger.changemgmt¶
- Refactored
BounceWindow
definition syntax to be truly usable by humans.
trigger.cmds¶
NetACLInfo
andbin/gnng
can now include disabled or un-addressed interfaces in their results.- Added
pyparsing
as a hard requirement until further notice so thatNetACLInfo
andbin/gnng
will behave as expected without confusing developers and users alike. - You may now pass login credentials to
Commando
using thecreds
argument.
trigger.tacacsrc¶
- Added a utility function
validate_credentials()
to ... validate credentials ... and return aCredentials
object.
trigger.twister¶
- The new default operating mode for SSH channels is to use shell + pty emulation.
- [Feature] #56: You may now optionally run “commit full” on Juniper
devices. (See
JUNIPER_FULL_COMMIT_FIELDS
for more information) - Added support for sending an enable password to IOS-like devices
when an enable prompt is detected.
- This can either be provided in your netdevices metadata by
populating the
enablePW
attribute, or by setting the environment variableTRIGGER_ENABLEPW
to the value of the enable password.
- This can either be provided in your netdevices metadata by
populating the
- Added error-detection for Brocade MLX routers.
Tacacrc()
is now only called once when creds aren’t provided upon creation of new clients.
trigger.utils¶
- New utility module
xmltodict
for convert XML into dictionaries, primarily so such objects can be serialized into JSON.
1.3.1¶
- General changes
- New contrib package for optional extensions to core Trigger
features,
CommandoApplication
being the first. - Remove legacy mtsync check from bin/fe.
- Conditionally import MySQLdb so we can still do testing without it.
- New contrib package for optional extensions to core Trigger
features,
- The following changes have been madw within
parser
, which provides Trigger’s support for parsing network access control lists (ACLs) and firewall policies: - The following changes have been made within
cmds
, which provides an extensible, developer-friendly interface to writing command exeuction adapters: - The following changes have been made within
netdevices
:
- Refactor how we id Brocade switches for startup/commit (fix #75)
- It’s assumed that all Brocade devices all act the same;
- Except in the case of the VDX, which is treated specially.
- Simplified how
startup_commands
are calculated- Disable SQLite loader if sqlite3 isn’t available for some reason.
- Prompt patterns are now bound to
Vendor
objects object whenNetDevices
is populated.Vendor
objects now have aprompt_pattern
attribute.- All prompt patterns are now defined in
settings.py
:
- Vendor-specific:
PROMPT_PATTERNS
- IOS-like:
IOSLIKE_PROMPT_PAT
- Fallback:
DEFAULT_PROMPT_PAT
- The following changes have been made within
twister
, which provides Trigger’s remote execution functionality:- Added CLI support for Palo Alto Networks firewalls!
- SSH Async now enabled by default for Arista, Brocade.
- [Feature] #54: Moved static definition of commands permitted to be
executed when specified in a users’
~/.gorc
file into a new configuration settingGORC_ALLOWED_COMMANDS
. The file location may now also be customized usingGORC_FILE
. - [Bug] #68: Fix host lookup bug in
TriggerTelnet
causing telnet channels to crash. - [Bug] #74: Fix error-detection for NetScaler devices.
- Enhanced logging within
twister
to include the device name where applicable and useful (such as in SSH channel debugging). - All
execute_
functions have been simplified to eliminate hard-coding of vendor checking wherever possible. - Beginnings of reworking of Generic vs. AsyncPTY SSH channels:
- Most vendors support async/pty with little problems.
- This will become the new default.
- New execute helper:
execute_async_pty_ssh
- New error helper:
has_juniper_error
- Arista now uses
execute_async_pty_ssh
- A
NetScalerCommandFailure
will now just be aCommandFailure
- Documentation
- Updated README to callout CSV support.
- Updated README to reflect branching model.
- Updated supported vendors, and no longer promising NETCONF support.
1.3.0¶
Warning
If you are upgrading from Trigger Before Upgrading from Trigger 1.2 or earlier, please heed these steps!
- Add
NETDEVICES_SOURCE = NETDEVICES_FILE
to yoursettings.py
. This variable has replacedNETDEVICES_FILE
. - Create your Bounce window mappings in
bounce.py
and put it in/etc/trigger/bounce.py
. Seeconfigs/bounce.py
in the source distribution for an example.
General changes
- All references to psyco have been removed as it doesn’t support 64-bit and was causing problems in Python 2.7.3.
- A new document, Adding New Vendors to Trigger, has been added to use as checklist for adding new vendor support to Trigger.
- Added Allan Feid as contributor for his crazed ideas.
[Feature] #10: The following changes have been made within
changemgmt
, which provides Trigger’s support for bounce windows and timezones, to move the bounce window settings into configurable data vs. static in the module code.- This module has been convertd into a package.
- The Bounce window API has been totally overhauled. Bounce windows are no
longer hard-coded in
changemgmt
and are now configured usingbounce.py
and specified usingBOUNCE_FILE
. The interface for creatingBounceWindow
objects was greatly simplified to improve readability and usage.
- Added sample
bounce.py
toconfigs/bounce.py
in the Trigger source distribution. - New setting variables in
settings.py
:BOUNCE_FILE
- The location of the bounce window mapping definitions. Defaults to/etc/trigger/bounce.py
.BOUNCE_DEFAULT_TZ
- Default timezone for bounce windows. Defaults to'US/Eastern'
.BOUNCE_DEFAULT_COLOR
- The default bounce risk-level status color. Defaults to'red'
.
[Feature] #55: The following changes have been made within
netdevices
to make it easier to populateNetDevices
from arbitrary sources by implementing pluggable loaders.- This module has been converted into a package.
- All hard-coded metadata parsing functions and associated imports have been replaced with loader plugin classes. Filesystem loaders provided by default for JSON, XML, Sqlite, Rancid, and new: CSV!). The bare minimum config for CSV is a newline-separated CSV file populated with “hostname,vendor”
- New configuration setting:
NETDEVICES_LOADERS
used to define a list of custom loader classes to try in turn. The first one to return data wins. - The configuration settings
SUPPORTED_FORMATS
andNETDEVICES_FORMAT
have been deprecated. - The configuration setting
NETDEVICES_SOURCE
has replacedNETDEVICES_FILE
. - The sample
settings.py
(found atconfigs/trigger_settings.py
in the source distribution) illustrates how one may useNETDEVICES_SOURCE
andNETDEVICES_LOADERS
to replace the deprecated settingsNETDEVICES_FORMAT
andNETDEVICES_FILE
.
The following changes have been made within
twister
, which provides Trigger’s remote execution functionality:- [Feature] #22: Added Aruba wireless controller and Brocade ADX/VDX support
for execute/pty in trigger.twister and any device that requires pty-req and
shell without actualling using a pty. The channel class for this
functionality is called
TriggerSSHAsyncPtyChannel
- Added a new
requires_async_pty
attribute toNetDevice
objects to help identify devices that require such channels. - Added a
force_cli
flag toexecute()
to force CLI execution on Juniper devices instead of Junoscript. - The default client factory (
TriggerClientFactory
) now callsvalidate_credentials()
instead of directly instantiatingTacacsrc
anytime credentials are populated automatically, resulting in only a single call toTacacsrc()
, when creds aren’t provided. - Added error-detection for Brocade MLX devices.
- [Feature] #22: Added Aruba wireless controller and Brocade ADX/VDX support
for execute/pty in trigger.twister and any device that requires pty-req and
shell without actualling using a pty. The channel class for this
functionality is called
The following changes have been made within
cmds
, which provides an extensible, developer-friendly interface to writing command exeuction adapters:- Added a
force_cli
flag toCommando
constructor to force CLI execution on Juniper devices instead of Junoscript. - The
timeout
value may now be set as a class variable inCommando
subclasses. Commando
now steps throughcommands
as iterables instead of assuming they are lists. The iterable is also now explicitly cast to a list when we need it be one.- A minor bugfix in
Commando
causing results from multiple Commando instances to collide with each other because they were inheriting an empty results{}
from the class object. Commando
now acceptscreds
as an optional argument. If not set, it will default to reading user credentials from.tacacsrc
.
- Added a
The following changes have been madw within
parser
, which provides Trigger’s support for parsing network access control lists (ACLs) and firewall policies.- [Feature] #12: Support has been added for parsing IPv6 addresses in Juniper firewall filters. (This does not include full IPv6 firewall support!)
- [Bug] #26: The ACL parers was modified to support negation of addresses
using the syntax
{ip} except;
in Juniper firewall filters. To facilitate this a custom IP address class was created:TIP
(which is a subclass ofIPy.IP
). - The prefix on /32 and /128 IPs in Juniper ACLs is now always displayed.
The following changes have been made within
tacacsrc
, which provides functionality to cache and retrieve user credentials:- Added a new function
validate_credentials()
to (you guessed it!) validate credentials. It supports input in the form 2-tuples (username, password), 3-tuples (username, password, realm), and dictionaries of the same and returns aCredentials
object.
- Added a new function
The following changes have been made to Trigger’s command-line utilities:
- [Feature] #60:
bin/load_acl
will now shutdown gracefully if initial the MySQL connection fails, using a try..except to display some information about the connection failure without a traceback. For other MySQL issues, we will leave as is (dumping the traceback) because they would represent coding or transient issues, and we should present as much information as we have. - [Feature] #20:
bin/gnng
(get_nets) In support of displaying Juniper ‘sp’ interfaces (which are un-numbered and were being skipped for this reason), we’ve added flags to include un-numbered (-u
) or disabled (-d
) interfaces for any device platform.
- [Feature] #60:
1.2.4¶
- The commands required to commit/save the configuration on a device are now
attached to
NetDevice
objects under thecommit_commands
attribute, to make it easier to execute these commands without having to determine them for yourself. - [Feature] #56: Added a way to optionally perform a
commit full
operation on Juniper devices by defining a dictionary of attributes and values for matching devices usingJUNIPER_FULL_COMMIT_FIELDS
. This modifies thecommit_commands
that are assigned when theNetDevice
object is created. - [Bug] #33: Console paging is now disabled by default for async SSH channels.
1.2.3¶
- [Feature] #47: Added parsing of ranges for
fragment-offset
statements in Juniper ACLs. - [Bug] #49: Changed ACL parser to omit src/dst ports if port range is
0-65535
. - [Bug] #50: Fix typo that was causing Cisco parsing to generate an unhandled
exception within
NetACLInfo
. - Minor bugfix when checking device names and printing a warning within
Commando
. - Updated docs to say we’re using a interactive Python interpreter and added OpenHatch profile to contact info.
1.2.2¶
- [Feature] #16: Arista support was added to
bin/load_acl
- [Bug] #45: Added “SSH-1.99” as a valid SSHv2 version in
test_ssh()
to fix a bug in which devices presenting this banner were errantly falling back to telnet and causing weird behavior during interactive sessions. - [Feature] #46: Changed
connect()
to pass the vendor name toget_init_commands()
so that it is more explicit when debugging. - [Feature] #29: Added an extensible event notification system
- A new pluggable notification system has been added in
notifications
, which defaults to email notifications. New event handlers and event types can be easily added and specified with the configuration usingNOTIFICATION_HANDLERS
. - The following changes have been made to
bin/load_acl
:- All alerts are now using the new notification system
email_users()
moved tosend_email()
- All calls to send failures now call
send_notification()
- All calls to send successes now calls
send_email()
- In support of the new notification system, the following config
settings have been added:
EMAIL_SENDER
- The default email senderNOTIFICATION_SENDER
- The default notification senderSUCCESS_RECIPIENTS
- Hosts/addresses to send successesFAILURE_RECIPIENTS
- Hosts/addresses to send failuresNOTIFICATION_HANDLERS
- A list of handler functions to process in order
- A new utility module has been added to import modules in
importlib
, andtrigger.conf.import_path()
was moved toimport_module_from_path()
to bring these import tools under one roof.
- A new pluggable notification system has been added in
1.2.1¶
- [Bug] #30: Bugfix in
bin/acl
where tftproot was hard-coded. It now reads fromTFTPROOT_DIR
. - [Feature] #37: Fixed misleading “make discard” output from
bin/check_access
, to use theTerm.extra
attribute to store a user-friendly comment to make it clear that the term’s action has been modified by the “make discard” keyword. - [Feature] #39: Call
create_cm_ticket()
in atry..commit
block so it can’t crashbin/load_acl
. - [Bug] #40: Update dot_gorc.example with
[init_commands]
. - [Bug] #43: Bugfix in bin/acl to address incorrect exception reference from when exceptions were cleaned up in release 1.2.
- Simplified basic
Commando
example indocs/index.rst
. - Simplified activity output in
Commando
base to/from methods - Replaced all calls to
time.sleep()
withreactor.callLater()
withintwister
support of thecommand_interval
argument to Twisted state machine constructors. - Added a way to do SSH version detection within
network
- Enhanced
test_tcp_port()
to support optionalcheck_result
andexpected_result
arguments. Ifcheck_result
is set, the first line of output is retreived from the connection and the starting characters must matchexpected_result
. - Added a
test_ssh()
function to shortcut to check port 22 for a banner. Defaults to SSHv2. - SSH auto-detection in
NetDevices
objects now usestest_ssh()
.
- Enhanced
- Added a new
crypt_md5()
password-hashing function. - Added proper argument signature to
get_netdevices
. - Updated misnamed
BadPolicerNameError
toBadPolicerName
- More and better documentation improvements, including new documentation for
bin/acl_script
.
1.2¶
- [Feature] #23: Commando API overhauled and support added for RANCID
- RANCID is now officially supported as a source for network device
metadata. A new RANCID compatibility module has been added at
rancid
, with support for either single or multiple instance configurations. Multiple instances support can be toggled by settingRANCID_RECURSE_SUBDIRS
toTrue
. - The following changes have been made to
netdevices
:NetDevices
can now import from RANCID- A new
Vendor
type has been added tonetdevices
to store canonical vendor names as determined by the new settingVENDOR_MAP
. - When
NetDevice
objects are created, the manufacturer attribute is mapped to a dynamic vendor attribute. This is intended to normalize the way that Trigger identifies vendors internally by a single lower-cased word. - All
NetDevice
objects now have avendor
attribute with their canonicalVendor
object attached to it. - If the
deviceType
attribute is not set, it is determined automatically based on thevendor
attribute. The default types for each vendor can be customized usingDEFAULT_TYPES
. If a vendor is not specified witihinDEFAULT_TYPES
,FALLBACK_TYPE
. will be used. - All logical comparisons that onced used the hard-coded value of the
manufacturer
attribute of a device now instead compare against thevendor
attribute. - You may now tell NetDevices not to fetch acls from AclsDB when instantiate you may also do the same for individual NetDevice objects that you manually create
- The following changes have been made to
cmds
:- The
Commando
class been completely redesigned to reduce boilerplate and simplify creation of new command adapters. This is leveraging the changes toNetDevice
objects, where the vendor name can be expected to always be normalized to a single, lower-cased word. Defining commands to send to devices is as simple as definiing ato_{vendor}
method, and parsing return results as simple asfrom_{vendor}
. - All dynamic method lookups are using the normalized vendor name (e.g. cisco, juniper).
- Base parse/generate lookup can be disabled explicitly in
Commando
subclasses or as an argument to the constructor. NetACLInfo
adapted to use Commando 2.0
- The
- The following changes have been made to Trigger’s exception handling
- All exceptions moved to
exceptions
and given docstrings trigger.acl.exceptions
has been removed- All calls to exceptions updated to new-style exceptions
- All exceptions moved to
- A new -v option has been added to
bin/netdev
to support vendor lookups
- RANCID is now officially supported as a source for network device
metadata. A new RANCID compatibility module has been added at
- [Feature] #4: Support for SSH auto-detection and pty/async improvements:
- The following changes have been made to
twister
:- Detection of remotely closed SSH connections so
bin/gong
users can be properly notified (e.g. ssh_exchange_identification errors) - New
execute
function to automatically choose the bestexecute_
function for a givenNetDevice
object, and is now attached to allNetDevice
objects execute_ioslike
now determines whether to use SSH or Telnet automatically- All pty connection logic moved out of
bin/gong
intotwister
and is exposed as theconnect
function and also attached to allNetDevice
objects - Interactive sessions may now be optionally logged to a file-like object by
passing the log_to argument to the
Interactor
constructor execute_junoscript
now usingexecute_generic_ssh
- Command interval added to Junoscript channels for consistency
- Global
NetDevices
import removed from twister; moved to only occur when a telnet channel is created
- Detection of remotely closed SSH connections so
- The following changes have been made to
netdevices
:- All
NetDevice
objects now have aexecute
method to perform async interaction - The
connect
function is now automatically attached to everyNetDevice
object; to get a pty it’s as simple asdev.connect()
. - New helper methods added to
NetDevice
objects:- SSH functionality methods:
has_ssh()
(port connection test),can_ssh_async()
(device supports async),can_ssh_pty()
(device supports pty) is_ioslike()
to test if a device is IOS-like as specified byIOSLIKE_VENDORS
.is_netscreen
to test if a device is a NetScreen firewallis_reachable
to test if a device responds to a ping
- SSH functionality methods:
- All
- The following changes have been made to
settings
:- A mapping of officially supported platforms has been defined at
SUPPORTED_PLATFORMS
VALID_VENDORS
has been renamed toSUPPORTED_VENDORS
- A mapping of officially supported device types has been defined at
SUPPORTED_TYPES
- You may now disable telnet fallback by toggling
TELNET_ENABLED
- You may now disable SSH for pty or async by vendor/type using
SSH_PTY_DISABLED
andSSH_ASYNC_DISABLED
respectively SSH_TYPES
has been removed as it is no longer needed
- A mapping of officially supported platforms has been defined at
Commando
experimentally using the newNetDevice.execute()
method- Two new helper functions added to
cli
:setup_tty_for_pty
andupdate_password_and_reconnect
, which modularize functionality that was in bin/gong that didn’t seem to fit anywhere else
- The following changes have been made to
- [Feature] #21: The following changes have been made to support A10 hardware
and to enhance handling of SSH channels:
- Added a new generic SSH channel. The NetScreen and A10 channels are based from this. Further abstraction needed to roll NetScaler channel into this as well.
- Added a new
execute_generic_ssh
factory function. - Refactored
execute_netscreen
to useexecute_generic_ssh
- Added a new
execute_ioslike_ssh
factory function utilizing the generic SSH channel to support SSH on IOS-like devices (Brocade, Cisco, Arista, A10, etc.). Works like a charm except for the Brocade VDX. - The
Commando
was updated to support A10, NetScreen. Brocade, Arista changed to use SSH vs. telnet. - All prompt-matching patterns moved to top of
trigger.twister
as constants - A10 added to
IOSLIKE_VENDORS
- [Feature] #24:
bin/gong
will now display the reason when it fails to connect to a device.
1.1¶
- All changes from release 1.0.0.100 (oh hey, duh) are officially part of this release
- [Bug] #9: Fixed missing imports from
bin/acl_script
and removed a bunch of duplicated code already within the Trigger libs. - Added new keywords to setup.py
- Some new utilities added to
tools
for merging new access into an existing ACL object - [Feature] #17:
RangeList
now sorts port range tuples when parsing access-lists. - [Bug] #8:
get_device_password
user-friendly message moved topty_connect
so it no longer bleeds into non-interactive usage. - [Bug] #15:
output_ios
updated to support optionalacl_name
argument for cases when you need to output aTerm
separately from anACL
object.check_access
,bin/check_access
, andbin/find_access
also had to be updated to utilize this new argument. - [Bug] #19:
check_access
updated to support ‘complicated’ checks against Juniper firewall terms with a ‘port’ statement defined.
1.0.0.100¶
conf
converted from a module to a package.- All global default settings are now baked into trigger.conf.settings
settings
andautoacl
may now be imported without the proper expected config files in place on disk. If the config files cannot be found, default versions of these objects will be returned.- All trigger modules can now be imported with default values (but don’t try instantiating any objects without following the install instructions!)
- [Bug] #2: Fixed a bug in
Tacacsrc
where newly-created .tacacsrc files were world-readable. Correct 0600 perms are now enforced on every write(). - [Feature] #3: Added the ability for :class:~trigger.twister.IoslikeSendExpect` to handle confirmation prompts (such as when a device asks you “are you sure? [y/N]:” by detecting common cases within the prompt-matching logic.
- [Feature] #5: Added ability for gong –oob to lookup devices by partial
hostnames using
device_match()
. - [Bug] #6: The
get_firewall_db_conn()
function was moved out ofsettings.py
and intoQueue
where it belongs. - [Feature] #7: Updated
has_ioslike_error()
to support Brocade VDX errors.
1.0.0.90¶
- Added support for .gorc file to specify commands to run when using gong to login to a device. Unique commands cand be specified for each vendor.
- Default realm for credentials within .tacacsrc can now be specified within settings.DEFAULT_REALM
- The following changes have been made to trigger.tacacsrc:
- New module-level update_credentials() function added to facilitate updating of cached user credentials by client applications (e.g. gong)
- Renamed the exceptions within trigger.tacacsrc to be more human-readable
- Tacacsrc._parse_old() completely redesigned with real error-handling for bad/missing passwords (GPG-parsing coming “Soon”)
- New Tacacsrc.update_creds() method used to facilitate update of stored credentials within .tacacsrc
- Realm is now stored as an attribute on Credentials objects to simplify loose-coupling of device/realm information while passing around credentials.
- prompt_credentials() refactored to be more user-friendly.
- Blank passwords can no longer be stored within .tacacsrc.
- The following changes have been made to trigger.twister:
- trigger.twister internals have been updated to support the passing of a list of initial_commands to execute on a device upon logging in.
- TriggerClientFactory now reads the default realm from settings.DEFAULT_REALM when populating credentials.
- TriggerClientFactory credentials detection improved
- All referencing of username/password from credentials by index replaced with attributes.
- Failed logins via telnet/ssh will now raise a LoginFailure exception that can be handled by client applications (such as gong)
- bin/gong now detects login failures and prompts users to update their cached password.
1.0.0.80¶
- Typo fix in sample configs/trigger_settings.py
- Explicit imports from trigger.acl and a little docstring cleanup in bin/optimizer
- trigger.acl.autoacl.autoacl() now takes optional explicit_acls as 2nd argument, a set of ACL names, so that we can reference explicit_acls within autoacl() implicit ACL logic, but we don’t have to rely on the internals.
- trigger.acl.db.AclsDB.get_acl_set() modified to populate explicit_acls before implicit_acls. autoacl() is now called with these explicit_acls as the 2nd argument.
- Sample autoacl.py in configs/autoacl.py updated to support explicit_acls and a simple example of how it could be used.
- Added support for Juniper “family inet” filters in trigger.acl.parser.
- ACL objects now have a family attribute to support this when constructed or parsed using the .output_junos() method.
1.0.0.70¶
- Minor bugfix in trigger.netdevices._parse_xml()
1.0.0.60¶
- New nd2json.py nad nd2sqlite.py tools for use in converting existing netdevices.xml implementations
- Added sample netdevices.json in configs/netdevices.json
- Added SQLite database schema for netdevices in configs/netdevices.sql
1.0.0.50¶
- New NetDevices device metadata source file support for JSON, XML, or SQLite3
- Companion changes made to configs/trigger_settings.py
- trigger.netdevice.NetDevice objects can now be created on their own and have the minimum set of attributes defaulted to None upon instantiation
1.0.0.40¶
- Public release!
- Arista and Dell command execution and interactive login support in trigger.twister!
Legacy Versions¶
Trigger was renumbered to version 1.0 when it was publicly released on April 2, 2012. This legacy version history is incomplete, but is kept here for posterity.
1.6.1¶
- Users credentials from tacacsrc.Tacacsrc are now stored as a namedtuple aptly named ‘Credentials’
1.6.0 - 2011-10-26¶
- Fixed missing acl.parse import in bin/find_access
- More documentation cleanup!
- The following changes have been made to trigger.cmds.Commando:
- Added parse/generate methods for Citrix NetScaler devices
- Renamed Commando.work to Commando.jobs to avoid confusing inside of Commando._add_worker()
- Added distinct parse/generate methods for each supported vendor type (new: Brocade, Foundry, Citrix)
- Generate methods are no longer called each time _setup_callback() is called; they are now called once an entry is popped from the jobs queue.
- All default parse/generate methods now reference base methods to follow DRY in this base class.
- Fixed incorrect IPy.IP import in bin/acl_script
- Trigger.twister.pty_connect will only prompt for distinct passwors on firewalls
- Added _cleanup() method to acl.parser.RangeList objects to allow for addition of lists of mixed lists/tuples/digits and still account for more complex types such as Protocol objects
- Performance tweak to Rangelist._expand() method for calculating ranges.
- Added parsing support for remark statements in IOS numbered ACLs
1.5.9 - 2011-08-17¶
- Tons and tons of documentation added into the docs folder including usage, API, and setup/install documentation.
- Tons of code docstrings added or clarified across the entire package.
- Added install_requires to setup() in setup.py; removed bdist_hcm install command.
- The following changes have been made to trigger.twister:
- Massive, massive refactoring.
- New base class for SSH channels.
- New NetScaler SSH channel. (Full NetScaler support!)
- New execute_netscaler() factory function.
- execute_netscreenlike() renamed to execute_netscreen().
- Every class method now has a docstring.
- Many, many things moved around and organized.
- Added doctsrings to trigger.netdevices.NetDevice class methods
- The following CLI scripts have been removed from Trigger packaging to an internal
repo & removed from setup.py. (These may be added back after further internal
code review.)
- bin/acl_mass_delete
- bin/acl_mass_insert
- bin/fang
- bin/get_session
- bin/merge_acls
- The following CLI scripts have had their documentation/attributions updated:
- bin/fe
- bin/gong
- bin/load_acl
- Restructuring within bin/load_acl to properly abstract fetching of on-call engineer data and CM ticket creation into trigger_settings.py.
- External release sanitization:
- Template for trigger_settings.py updated and internal references removed.
- Sanitized autoacl.py and added generic usage examples.
- The following items have been moved from bin/load_acl into trigger.utils.cli:
- NullDevice, print_severed_head, min_sec, pretty_time.
- Fixed a bug in trigger.utils.rcs.RCS that would cause RCS log printing to fail.
- Added REDIS_PORT, REDIS_DB to trigger_settings.py and tweaked trigger.acl.db to support it.
- Fixed bug in bin/netdev causing a false positive against search options.
- trigger.netscreen: Tweak EBNF slightly to parse policies for ScreenOS 6.x.
1.5.8 - 20011-06-08¶
- trigger.acl.parser fully supports Brocade ACLs now, including the ability to strip comments and properly include the “ip rebind-receive-acl” or “ip rebind-acl” commands.
- trigger.acl.Term objects have a new output_ios_brocade() method to support Brocade-special ACLs
- bin/load_acl will automatically strip comments from Brocade ACLs
1.5.7 - 2011-06-01¶
- Where possible replaced ElementTree with cElementTree for faster XML parsing
- New NetDevices.match() method allows for case-insensitive queries for devices.
- NetDevices.search() now accepts optional field argument but defaults to nodeName.
- New trigger.acl.ACL.strip_comments() method ... strips... comments... from ACL object.
- bin/fang:
- Now accepts hostnames as arguments
- Now really properly parses hops on Brocade devices.
- bin/load_acl:
- Now fully supports Brocade devices.
- Strips comments from Brocade ACLs prior to staging and load.
- Now displays temporary log file location to user.
- Removed jobi, orb, nms modules from Trigger; replaced with python-aol versions.
1.5.6 - 2011-05-24¶
- bin/acl: corrected excpetion catching, changes option help text and made -a and -r append
- bin/gnng, bin/netdev: Added -N flag to toggle production_only flag to NetDevices
- trigger.cmds/trigger.twister: Added support for ‘BROCADE’ vendor (it’s ioslike!)
- trigger.cmds.Commando: All generate_* methods are now passed a device object as the first argument to allow for better dynamic handling of commands to execute
- bin/fang: Can now properly parse hops on Brocade devices.
1.5.5 - 2011-04-27¶
- bin/acl: Will now tell you when something isn’t found
- bin/acl: Added -q flag to silence messages if needed
- get_terminal_width() moved to trigger.utils.cli
- trigger.tacacsrc: Fixed bogus AssertionError for bad .tacacsrc file. Clarified error.
- trigger.twister: Fixed bug in Dell password prompt matching in execute_ioslike()
- bin/fang: Increased default timeout to 30 seconds when collecting devices.
- trigger.cmds.Commando:
- Replaced all ‘__foo()’ with ‘_foo()’
- Removed Commando constructor args that are not used at this time
- Added production_only flag to Commando constructor
1.5.4 - 2011-03-09¶
- Fixed a bug in trigger.cmds.Commando that would prevent reactor loop from continuing after an exception was thrown.
- trigger.cmds.Commando now has configurable timeout value (defaults to 30 seconds)
- trigger.acl.tools now looks at acl comments for trigger: make discard
- fixed a bug with gong connecting to devices’ oob
1.5.3 - 2011-01-12¶
- Fixed a bug in trigger.cmds.NetACLInfo where verbosity was not correctly toggled.
- gong (go) will now connect to non-prod devices and throw a warning to the user
- gong can connect to a device through oob by passing the -o or –oob option.
- acl will make any device name lower case before associating an acl with it.
1.5.2 - 2010-11-03¶
- bin/find_access: Added -D and -S flags to exclude src/dst of ‘any’ from search results. Useful for when you need to report on inclusive networks but not quite as inclusive as 0.0.0.0/0.
- Fixed a bug in acls.db where a device without an explicit association would return None and throw a ValueError that would halt NetDevices construction.
- Added __hash__() to NetDevice objects so they can be serialized (pickled)
- Fixed a bug in explicit ACL associations that would sometimes return incorrect results
- trigger.cmds.NetACLInfo now has a verbosity toggle (defaults to quiet)
- Caught an exception thrown in NetACLInfo for some Cisco devices
1.5.1 - 2010-09-08¶
- trigger.conf: import_path() can now be re-used by other modules to load modules from file paths without needing to modify sys.path.
- autoacl can now be loaded from a location specified in settings.AUTOACL_FILE allowing us to keep the ever-changing business rules for acl/device mappings out of the Trigger packaging.
- netdevices:
- Slight optimization to NetDevice attribute population
- Added new fields to NetDevice.dump() output
- All incoming fields from netdevices.xml now normalized
- bin/netdev:
- added search option for Owning Team (-o)
- search opt for OnCall Team moved to -O
- search opt for Owning Org (cost center) moved to -C
- added search option for Budget Name (-B)
- refactored search argument parsing code
- bin/fang:
- will now not display information for ACLs found in settings.IGNORED_ACLS
1.5.0r2 - 2010-08-16¶
- Minor fix to warnings/shebang for bin/scripts
1.5.0 - 2010-08-04¶
- acl.db: renamed ExplicitACL to AclsDB, all references adjusted
- process_bulk_loads() moved to trigger.acl.tools
- get_bulk_acls() moved to trigger.acl.tdb
- get_all_acls(), get_netdevices(), populate_bulk_acls() added to trigger.acl.db
- load_acl: now imports bulk_acl functions from trigger.acl.tools
- load_acl: now uses trigger.acl.queue API vs. direct db queries
- load_acl: –bouncy now disables bulk acl thresholding
- load_acl: now displays CM ticket # upon successful completion
- process_bulk_loads() now uses device.bulk_acl associations, better performance
- device_match() now sorts and provides correct choices
- Juniper filter-chain support added to trigger.cmds.NetACLInfo
- gnng updated to use NetACLinfo
- Added proceed() utility function trigger.utils.cli
- Several ACL manipulation functions added to trigger.acl.tools:
- get_comment_matches() - returns ACL terms comments matching a pattern
- update_expirations() - updates expiration date for listed ACL terms
- write_tmpacl() - writes an ACL object to a tempfile
- diff_files() - returns a diff of two files
- worklog() - inserts a diff of ACL changes into the ACL worklog
- fang: patched to support Juniper filter-lists
1.4.9r2 - 2010-04-27¶
- find_access: Corrected missing import for IPy
- tacacsrc.py: Corrected bug with incorrect username association to .tacacsrc in sudo/su use-cases (such as with cron) where login uid differs from current uid.
1.4.9 - 2010-04-26¶
- You may now use gong (go) to connect to Dell devices (telnet only).
- Completely overhauled tacacsrc.py to support auto-detection of missing .tacacsrc
- Heavily documented all changes to tacacsrc.py
- Twister now imports from tacacsrc for device password fetching
- gen_tacacsrc.py now imports from tacacsrc for .tacacsrc generation
- load_acl now uses get_firewall_db_conn from global settings
- Added new search() method to NetDevices to search on name matches
- Added a new device_match() function to netdevices for use with gong
- gong now uses device_match() to present choices to users
- netdev now uses device_match() to present choices to users
1.4.8 - 2010-04-16¶
- acls.db replaced with redis key/value store found at trigger.acl.db
- trigger.acl converted to package
- all former trigger.acl functionality under trigger.acl.parser
- autoacls.py moved to trigger.acl.autoacls
- aclscript.py moved to trigger.acl.tools.py
- netdevices.py now using trigger.acl.db instead of flat files
- added trigger.netdevices.NetDevices.all() as shortcut to itervalues()
- You may now use gong (go) to connect to non-TACACS devices, such as OOB or unsupported devices using password authentication.
- The ACL parser has been reorganized slightly to make future modifications more streamlined.
- Load_acl now logs all activity to a location specified in Trigger config file.
- Added new ‘trigger.utils’ package to contain useful modules/operations
- ‘acl’ command moved into Trigger package
- ‘netdev’ command moved into Trigger package
- Merged trigger.commandscheduler into trigger.nms
- Basic trigger_settings.py provided in conf directory in source dist.