no_easy_shell.tcl question

Boyan Sotirov · ‎10-07-2013

The situation is the following. I've downloaded the Cisco Embedded Automation Systems Installer from the offical site

http://www.cisco.com/en/US/prod/iosswrel/ps6537/ps6555/ps10777/eas_sol_downloads.html

I copied it on one test system running IOS version 12.4(15)T15. Than I've downloaded the Remote Command Shell

http://www.cisco.com/assets/cdc_content_elements/docs/ios/eas/easy-shell.tar and just followed the instructions by the installer script. No issues there, the installation script has created alias for me and some additional directories on the flash.

Where's the issue, I can't start the Remote Command Shell script, or no_easy_shell.tcl as is the name of the TCL script.

I looked at the code and in the very beginning there's an example:

# This policy executes a specified "shell" script of commands on a remote

# device or the local device. Run the command:

#

# event manager run no_easy_shell.tcl --help

#

# For a list of options.

But when I try this I get an error:

SEC_BB3#event manager run no_easy_shell.tcl --help

^

% Invalid input detected at '^' marker.

When I execute the script wihout any arguments ather than the batch file which contains only one command "show running-config" I get the following output:

SEC_BB3#event manager run no_easy_shell.tcl

DEBUG: Trying to open batch file flash:/COMMANDS for reading.

can not find channel named "show running-config"

while executing

"close $result"

invoked from within

"$slave eval $Contents"

(procedure "eval_script" line 7)

invoked from within

"eval_script slave $scriptname"

invoked from within

"if {$security_level == 1} { #untrusted script

interp create -safe slave

interp share {} stdin slave

interp share {} stdout slave

..."

(file "tmpsys:/lib/tcl/base.tcl" line 50)

Tcl policy execute failed: can not find channel named "show running-config"

But still I can't use any of the options mentioned in the tcl code like: -h, -u, -p etc.

My understanding is that this script runns any command that is put into the batch file and the commands will be executed either locally or with the options -h I can give a remote address where the commands should be executed, -u is for username, -p is for password etc. But, none of the options works... What I'm doing wrong here? I'm also not able to locate any reference or an example on how to correctly use the script...

Joe Clarke · ‎10-08-2013

You may have a buggy version. Attached is an updated version.

Boyan Sotirov · ‎10-09-2013

Joseph,

I downloaded the tcl script. Just a short clarification... Should I just replace the .tcl file in router's file system? Or should I use the easy-installer script to uninstall it?

Joe Clarke · ‎10-09-2013

It would be easier just to replace the .tcl policy on the router.

Boyan Sotirov · ‎10-09-2013

I'm also wondering... looking at the aliases I've got:

alias exec easy-installer tclsh flash:/easy-installer-signed-1.5.tcl

alias exec easy_shell event manager run no_easy_shell.tcl

Is this the correct way to do it? I mean, one of the scripts I execute directly through the tclsh, and the other, which is actually failing is executed through the Event Manager... Is this the correct way to do it? If I remember it correctly, the second alias for the no_easy_shell.tcl was actually created by the easy-installer script itself...

Joe Clarke · ‎10-09-2013

The EEM policy is not a tclsh script. The installer is a tclsh script. So this is correct.

Boyan Sotirov · ‎10-09-2013

I just did that, here the result:

SEC_BB3#easy_shell

DEBUG: Trying to open batch file flash:/COMMANDS for reading.

can not find channel named "show running-config"

while executing

"close $result"

invoked from within

"$slave eval $Contents"

(procedure "eval_script" line 7)

invoked from within

"eval_script slave $scriptname"

invoked from within

"if {$security_level == 1} { #untrusted script

interp create -safe slave

interp share {} stdin slave

interp share {} stdout slave

..."

(file "tmpsys:/lib/tcl/base.tcl" line 50)

Tcl policy execute failed: can not find channel named "show running-config"

SEC_BB3#show flash:

-#- --length-- -----date/time------ path

1 53619780 Sep 19 2013 12:37:10 +03:00 c2800nm-adventerprisek9_ivs-mz.124-15.T15.bin

2 19 Oct 7 2013 18:57:42 +03:00 COMMANDS

3 41087 Oct 9 2013 17:58:46 +03:00 no_easy_shell.tcl

4 0 Oct 2 2013 19:28:56 +03:00 easy-shell

5 452 Oct 2 2013 19:28:56 +03:00 easy-shell/contents

6 2230 Oct 2 2013 19:28:56 +03:00 easy-shell/pkgconfig

7 236 Oct 2 2013 19:28:56 +03:00 easy-shell/descr

8 506 Oct 2 2013 19:28:58 +03:00 easy-shell/envvars

9 262 Oct 2 2013 19:28:58 +03:00 easy-shell/uninstall

10 114 Oct 2 2013 19:28:58 +03:00 easy-shell/message

11 99 Oct 2 2013 19:28:58 +03:00 pkgdb

12 45526 Oct 2 2013 19:20:24 +03:00 easy-installer-signed-1.5.tcl

10231808 bytes available (53751808 bytes used)

SEC_BB3#more flash:/COMMANDS

show running-config

SEC_BB3#

SEC_BB3#show run | sec event manager

alias exec easy_shell event manager run no_easy_shell.tcl

event manager environment __easy_PREFIX flash:/

event manager environment easy_shell_debug 1

event manager environment easy_shell_timeout 36

event manager environment easy_shell_alias easy_shell

event manager environment easy_shell_batch_file flash:/COMMANDS

event manager directory user policy "flash:/"

event manager policy no_easy_shell.tcl type user

SEC_BB3#

Joe Clarke · ‎10-09-2013

Once you replace the script file, you have to reregister it to get the changes to take effect. That means "no"'ing out the previous command then reconfiguring it:

no event manager policy no_easy_shell.tcl type user

event manager policy no_easy_shell.tcl type user

Boyan Sotirov · ‎10-11-2013

Joseph,

I've just tried that. Below the result:

SEC_BB3#easy_shell

DEBUG: Trying to open batch file flash:/COMMANDS for reading.

ERROR: Failed to read from batch file: 'can not find channel named ""'

SEC_BB3#