The hidden wealth of IOS Tcl « ipSpace.net blog

Monday, January 26, 2009 07:00 +0100

The hidden wealth of IOS Tcl

Another undocumented (and thus very probably unsupported) Tcl-on-IOS detail: numerous Tcl packages are bundled with IOS and available in the tmpsys:lib/tcl directory (the tmpsys: is a virtual file system mapped to a part of the IOS image).

The list of Tcl packages seems to be pretty stable; 12.2SRC and 12.4T have the same contents of the tmpsys:lib/tcl directory.

router#dir tmpsys:lib/tcl
Directory of tmpsys:lib/tcl/

   13  -r--       19226                    <no date>  auto.tcl
   23  -r--        2549                    <no date>  base.tcl
   25  -r--        7655                    <no date>  cli_lib.tcl
   26  -r--        2589                    <no date>  context_lib.tcl
    3  drw-           0                    <no date>  eem_scripts
   28  -r--         185                    <no date>  email_template_cfg.tm
   29  -r--         147                    <no date>  email_template_chs.tm
   30  -r--         154                    <no date>  email_template_cmd.tm
   31  -r--         156                    <no date>  email_template_dmp.tm
   32  -r--         144                    <no date>  email_template_sl.tm
   33  -r--         325                    <no date>  email_template_sm.tm
   34  -r--         135                    <no date>  email_template_wd.tm
   14  -r--        9135                    <no date>  history.tcl
   15  -r--       23558                    <no date>  http.tcl
   19  -r--       17725                    <no date>  init.tcl
   21  -r--        6932                    <no date>  ldAout.tcl
   24  -r--       33266                    <no date>  optparse.tcl
   16  -r--       19415                    <no date>  package.tcl
   20  -r--        1014                    <no date>  parray.tcl
   17  -r--       32649                    <no date>  safe.tcl
   27  -r--       10367                    <no date>  smtp_lib.tcl
   22  -r--       13659                    <no date>  tclIndex
   18  -r--        4499                    <no date>  word.tcl

For whatever weird incomprehensible reason, these packages are not made available to the Tclsh interpreter started from the command line. For example, if you want to use the HTTP package, you cannot execute the package require http command like you would in any normal Tcl environment, but have to use the source "tmpsys:lib/tcl/http.tcl" command.

If you want to safeguard against a potential change-of-mind of IOS Tclsh developers, use this construct:

if {[catch {package require http}]} { source "tmpsys:lib/tcl/http.tcl" }

5 comments:

AaronD 07 January 2010 17:25

I can run a simple tcl command at the command prompt such as:
3825-r01(tcl)#exec "sho run" | redirect tftp://192.168.10.20/data1
I'd like to copy a tcl script containing this command into the router's flash and have it run every day at
say 6AM. This should be simple but I can't find any posts about it.

Bryan 08 January 2010 18:53

Put your command in a file and copy it to the routers flash. You can create it in Notepad and copy using FTP/TFTP. Or there's a nifty trick on this site to write it directly via TCL...

As far as scheduling, you can register an EEM Applet which will trigger on a timer

event manager applet BackupRunning
event timer cron name BackupRunning cron-entry "0 23 * * 6"
action 1 cli command "enable"
action 2 cli command "tclsh flash:BackupRunning.tcl"

Note - In my limited but painful experience, AAA will kill you with TCL. So if you using AAA you're on your own with automating it... :-)

IOS v15 does have a new option when you register the applet to specify authorization bypass that may solve my AAA woes, but I haven't had a chance to test it out.

event manager applet BackupRunning authorization bypass

Ivan Pepelnjak 08 January 2010 19:28

Thanks, Bryan! BTW, this is how you solve the AAA problem:

http://blog.ioshints.info/2007/05/command-authorization-fails-with-eem.html

There was also a bug where AAA authorization would fail under weird circumstances. I know a bug report was filed, I'm not sure whether it was fixed or when.

Bryan 08 January 2010 22:39

Ivan -

Ah, curses you are right... :-) I had tried that and it didn't work at first so I moved on to trying to bypass AAA in other ways. I've revisited and determined that I needed both the cli username and the action "enable" to work (I didn't have that originally). Thank you very much for prompting the fresh look!

There was a bug with 12.4(22)T where TCL would only send a null username to AAA. That was fixed in 12.4(22)T2.

Here's my script and EEM config if it is helpful to anyone else. This is to backup flash on a CME router.

- Bryan

flash:CopyFlash.tcl
------------------------------------
proc get_dir {} {
set dir_flash [ exec "dir flash:\n" ]
foreach result $dir_flash {
#Match words ending in .xxx, exclude .bin
if [regexp -nocase {(\S+\.\w+[^bin]$)} $result] {
lappend dir_out $result
}
}
return $dir_out
}

#Replace ftp user/pass and server IP as appropriate
foreach f [get_dir] {
puts "$f"
typeahead "\n"; exec "copy $f ftp://cmehi-1-a:[email protected]\n"
}

EEM Config:
-------------------------------------
event manager session cli username "cmnq981"

event manager applet CopyFlash
event timer cron name CopyFlash cron-entry "0 23 * * 6" maxrun 1800
action 1 cli command "enable"
action 2 cli command "tclsh flash:CopyFlash.tcl"

mtimmsj 15 July 2010 10:40

One reason these packages are not available from Tclsh is because they are in the tmpsys file system which is controlled, managed and owned by the EEM development team at Cisco. The Tcl development team can't rely on the packages and libraries always being there since they don't own them. So they are not available to Tclsh as auto-loaded packages. At one point in time these packages were stored in the system file system but later they were moved. Such a change would have caused issues with Tclsh if they were still looking for them in system.

Recent posts in the same categories

Tcl

5 comments: