From jmarr at twmaine.com Mon Jul 30 03:17:05 2001 From: jmarr at twmaine.com (Joe Marr) Date: Sun, 29 Jul 2001 23:17:05 -0400 Subject: problems with rancid and catalyst Message-ID: <008a01c118a6$1c14d690$43dea73f@joemobileq> Ive been using rancid in various forms for over a year now, but I have never been able to have it successfully acquire the config from a catalyst 5505 (or a older 2900). I always get the following error: ===================================== Getting missed routers: round 4. ! ptldme-swt01.maine.rr.com clogin error: Error: TIMEOUT reached missed cmd(s): write term,dir slot0:,dir bootflash:,dir slot1:,show port ifindex,show boot,show module,show flash,show version End of run not found ! ptldme-swt02.maine.rr.com clogin error: Error: TIMEOUT reached missed cmd(s): write term,dir slot0:,dir bootflash:,dir slot1:,show port ifindex,show boot,show module,show flash,show version End of run not found Im not sure what I may be doing wrong, I will include the portions that are relevant from the router.db and .cloginrc ptldme-swt01.maine.rr.com:cat5:up ptldme-swt02.maine.rr.com:cat5:up add user ptldme-swt* XXXX add enableprompt ptldme-swt* Enter password: add password ptldme-swt* {XXXXXXX} {XXXXXX} I currently have about 30+ other devices on this (all IOS driven) but have never been able to get cats to work, Can anyone help me. Joe Marr Network Engineer Roadrunner "I do not hate my enemies. After all, I made them." - Red Skelton From asp at partan.com Mon Jul 30 04:01:51 2001 From: asp at partan.com (Andrew Partan) Date: Mon, 30 Jul 2001 00:01:51 -0400 (EDT) Subject: problems with rancid and catalyst In-Reply-To: <008a01c118a6$1c14d690$43dea73f@joemobileq> from "Joe Marr" at Jul 29, 1 11:17:05 pm Message-ID: <200107300401.AAA07034@tower.partan.com> > Ive been using rancid in various forms for over a year now, but I have > never been able to have it successfully acquire the config from a > catalyst 5505 (or a older 2900). My usual diagnositic procedure for this sort of thing is: - Make sure that the appropriate *login (clogin for cat5s) works. This tests to make sure you don't have routing or firewall types of issues, or dns or hostname errors, and that your .cloginrc settings are correct. - See if you can send commands to the router - something like clogin -c "command1;command2" This makes sure that the this basic function of clogin is working. Typical problems here are where clogin does not recognize the router prompt correctly. - Then see if the correct rancid commands works against the router - "cat5rancid router" in this case. You should get a router.new file if it does. Otherwise try "cat5rancid -d router" and see if you can figure out what is going wrong. If all of this works, then make sure that you have the correct router name in router.db and check the log file for errors. In any case, I suspect the problem is in your .cloginrc. I always put things like passwords & the like inside of {} to get around expect goo. [expect is a rather fragile program.] > add user ptldme-swt* XXXX > add enableprompt ptldme-swt* Enter password: > add password ptldme-swt* {XXXXXXX} {XXXXXX} I'd change these to: add user ptldme-swt* {XXXX} add enableprompt ptldme-swt* {Enter password:} add password ptldme-swt* {XXXXXXX} {XXXXXX} I'm also not sure if you need to set the enableprompt; I've not done that on the cat5s I've had. --asp From jmarr at twmaine.com Mon Jul 30 17:48:49 2001 From: jmarr at twmaine.com (Joe Marr) Date: Mon, 30 Jul 2001 13:48:49 -0400 Subject: problems with rancid and catalyst In-Reply-To: <200107300401.AAA07034@tower.partan.com> Message-ID: <002601c1191f$e4247680$f144d2cc@joemobileq> I tried the clogin test, clogin -c "show ver" ptldme-swt01 It accesses the router and sits the prompt, which would lead me to believe that it doesn't recognize the prompt. What's the best way to approach this, what should the prompt be? Currently its ptldme-swt01: Joe Marr Network Engineer Roadrunner "I do not hate my enemies. After all, I made them." - Red Skelton -----Original Message----- From: owner-rancid-discuss at shrubbery.net [mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of Andrew Partan Sent: Monday, July 30, 2001 12:02 AM To: jmarr at twmaine.com Cc: rancid-discuss at shrubbery.net Subject: Re: problems with rancid and catalyst > Ive been using rancid in various forms for over a year now, but I have > never been able to have it successfully acquire the config from a > catalyst 5505 (or a older 2900). My usual diagnositic procedure for this sort of thing is: - Make sure that the appropriate *login (clogin for cat5s) works. This tests to make sure you don't have routing or firewall types of issues, or dns or hostname errors, and that your .cloginrc settings are correct. - See if you can send commands to the router - something like clogin -c "command1;command2" This makes sure that the this basic function of clogin is working. Typical problems here are where clogin does not recognize the router prompt correctly. - Then see if the correct rancid commands works against the router - "cat5rancid router" in this case. You should get a router.new file if it does. Otherwise try "cat5rancid -d router" and see if you can figure out what is going wrong. If all of this works, then make sure that you have the correct router name in router.db and check the log file for errors. In any case, I suspect the problem is in your .cloginrc. I always put things like passwords & the like inside of {} to get around expect goo. [expect is a rather fragile program.] > add user ptldme-swt* XXXX > add enableprompt ptldme-swt* Enter password: > add password ptldme-swt* {XXXXXXX} {XXXXXX} I'd change these to: add user ptldme-swt* {XXXX} add enableprompt ptldme-swt* {Enter password:} add password ptldme-swt* {XXXXXXX} {XXXXXX} I'm also not sure if you need to set the enableprompt; I've not done that on the cat5s I've had. --asp From dbt at meat.net Mon Jul 30 17:57:27 2001 From: dbt at meat.net (David Terrell) Date: Mon, 30 Jul 2001 10:57:27 -0700 Subject: rancid in a push configuration? Message-ID: <20010730105727.B14235@pianosa.catch22.org> Anybody ever used rancid or a similar tool in a push configuration? i.e. make changes to the cvs repository and rancid updates the router with that instead of vice versa. We'd like to have useful committer names and commit logs... -- David Terrell | "If NNTP had a protocol extension for dbt at meat.net | administering a spanking (long overdue if Nebcorp Prime Minister | you ask me), you'd be yelping right now." http://wwn.nebcorp.com/ | - Miguel Cruz From david_laporte at harvard.edu Mon Jul 30 18:06:08 2001 From: david_laporte at harvard.edu (David LaPorte) Date: Mon, 30 Jul 2001 14:06:08 -0400 Subject: problems with rancid and catalyst In-Reply-To: <002601c1191f$e4247680$f144d2cc@joemobileq> Message-ID: I had a similar problem - try setting your path to ptldme-swt01> rancid appears to expect a ">" suffix on the prompt. Dave LaPorte -- David LaPorte Network Engineer Harvard University Network Operations Center -------------------------------------------- Email: david_laporte at harvard.edu Phone: (617) 496-7462 Mobile: (617) 429-8458 > -----Original Message----- > From: owner-rancid-discuss at shrubbery.net > [mailto:owner-rancid-discuss at shrubbery.net]On Behalf Of Joe Marr > Sent: Monday, July 30, 2001 1:49 PM > To: 'Andrew Partan' > Cc: rancid-discuss at shrubbery.net > Subject: RE: problems with rancid and catalyst > > > I tried the clogin test, clogin -c "show ver" ptldme-swt01 > > It accesses the router and sits the prompt, which would lead me to > believe that it doesn't recognize the prompt. > > What's the best way to approach this, what should the prompt be? > Currently its ptldme-swt01: > > Joe Marr > Network Engineer > Roadrunner > > "I do not hate my enemies. After all, I made them." - Red Skelton > > > -----Original Message----- > From: owner-rancid-discuss at shrubbery.net > [mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of Andrew Partan > Sent: Monday, July 30, 2001 12:02 AM > To: jmarr at twmaine.com > Cc: rancid-discuss at shrubbery.net > Subject: Re: problems with rancid and catalyst > > > Ive been using rancid in various forms for over a year now, but I have > > never been able to have it successfully acquire the config from a > > catalyst 5505 (or a older 2900). > > My usual diagnositic procedure for this sort of thing is: > > - Make sure that the appropriate *login (clogin for cat5s) works. > This tests to make sure you don't have routing or firewall types > of issues, or dns or hostname errors, and that your .cloginrc > settings are correct. > > - See if you can send commands to the router - something like > clogin -c "command1;command2" > This makes sure that the this basic function of clogin is working. > Typical problems here are where clogin does not recognize the > router prompt correctly. > > - Then see if the correct rancid commands works against the router > - "cat5rancid router" in this case. You should get a router.new > file if it does. Otherwise try "cat5rancid -d router" and see > if you can figure out what is going wrong. > > If all of this works, then make sure that you have the correct > router name in router.db and check the log file for errors. > > In any case, I suspect the problem is in your .cloginrc. I always > put things like passwords & the like inside of {} to get around > expect goo. [expect is a rather fragile program.] > > > add user ptldme-swt* XXXX > > add enableprompt ptldme-swt* Enter password: > > add password ptldme-swt* {XXXXXXX} {XXXXXX} > > I'd change these to: > add user ptldme-swt* {XXXX} > add enableprompt ptldme-swt* {Enter password:} > add password ptldme-swt* {XXXXXXX} {XXXXXX} > > I'm also not sure if you need to set the enableprompt; I've not > done that on the cat5s I've had. > --asp > From ABochannek at yipes.com Mon Jul 30 18:32:01 2001 From: ABochannek at yipes.com (ABochannek at yipes.com) Date: Mon, 30 Jul 2001 11:32:01 -0700 Subject: rancid in a push configuration? Message-ID: <2C830A8269AD084CA51CBA07982BB03001DFAA98@sfoexh01.yipes.com> I'd like to second this request. In fact, I meant to send in a request like this today myself. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com From jlewis at packetnexus.com Mon Jul 30 18:46:38 2001 From: jlewis at packetnexus.com (Jason Lewis) Date: Mon, 30 Jul 2001 14:46:38 -0400 Subject: rancid in a push configuration? In-Reply-To: <20010730105727.B14235@pianosa.catch22.org> Message-ID: <002101c11927$f7c13d60$4d78a8c0@spinalcord> I have wondered about this also.... What about something similar to rancid for servers? I would need a big CVS box, but it would be handy to store machine configs in CVS. Has anyone seen anything like this? jas From heas at shrubbery.net Mon Jul 30 18:54:58 2001 From: heas at shrubbery.net (john heasley) Date: Mon, 30 Jul 2001 11:54:58 -0700 Subject: rancid in a push configuration? In-Reply-To: <2C830A8269AD084CA51CBA07982BB03001DFAA98@sfoexh01.yipes.com>; from ABochannek@yipes.com on Mon, Jul 30, 2001 at 11:32:01AM -0700 References: <2C830A8269AD084CA51CBA07982BB03001DFAA98@sfoexh01.yipes.com> Message-ID: <20010730115457.A20946@shrubbery.net> this is not what rancid was intended for. i am not saying that this functionality is not useful ... or not _required_ for sane config management! i believe that rancid is a configuration monitoring tool primarily and second a disaster recovery tool. that is, a baked config in the repository can be loaded (for exmaple, h/w-replacement -- after replacing passwords, etc) for fast recovery. writing a parser to determine changes, or rather commands necessary to apply those changes, is not only difficult, but a rapidly moving target. to this, i note the paramount importance of the IETD ops-nm WG draft (refer to internet drafts at www.ietf.org). configuration generation, loading, and change-application is best suited for a second tool (or suite of) with rancid integrated. where most information is stored in a database (which *any* complimentary tool can also utilize) and canonical configs are generated from this and templates (for multiple router/switch platforms). i have written such a tool for my employer, but can not release it. i have started a tool for free release ("pita" [because it is]) which i hope to mangle into a config generator (loader, etc), config monitoring (via rancid), NMS, and some other useful bits. making slow progress.... Mon, Jul 30, 2001 at 11:32:01AM -0700, ABochannek at yipes.com: > I'd like to second this request. In fact, I meant to send in a request like > this today myself. > > Alex Bochannek > Senior Unix/Network Engineer > Yipes ... that's fast! > (415) 901-2000 > (415) 901-2090 (direct) > www.yipes.com > > > -----Original Message----- > From: David Terrell [mailto:dbt at meat.net] > Sent: Monday, July 30, 2001 10:57 AM > To: rancid-discuss at shrubbery.net > Subject: rancid in a push configuration? > > Anybody ever used rancid or a similar tool in a push configuration? i.e. > make changes to the cvs repository and rancid updates the router with > that instead of vice versa. > > We'd like to have useful committer names and commit logs... > > -- > David Terrell | "If NNTP had a protocol extension for > dbt at meat.net | administering a spanking (long overdue if > Nebcorp Prime Minister | you ask me), you'd be yelping right now." > http://wwn.nebcorp.com/ | - Miguel Cruz From heas at shrubbery.net Mon Jul 30 18:58:01 2001 From: heas at shrubbery.net (john heasley) Date: Mon, 30 Jul 2001 11:58:01 -0700 Subject: rancid in a push configuration? In-Reply-To: <002101c11927$f7c13d60$4d78a8c0@spinalcord>; from jlewis@packetnexus.com on Mon, Jul 30, 2001 at 02:46:38PM -0400 References: <20010730105727.B14235@pianosa.catch22.org> <002101c11927$f7c13d60$4d78a8c0@spinalcord> Message-ID: <20010730115801.C20946@shrubbery.net> Mon, Jul 30, 2001 at 02:46:38PM -0400, Jason Lewis: > I have wondered about this also.... What about something similar to rancid > for servers? I would need a big CVS box, but it would be handy to store > machine configs in CVS. Has anyone seen anything like this? if you can bake that idea a bit more (what to collect, etc), we're willing to listen and/or implement. > jas > > -----Original Message----- > From: owner-rancid-discuss at shrubbery.net > [mailto:owner-rancid-discuss at shrubbery.net]On Behalf Of David Terrell > Sent: Monday, July 30, 2001 1:57 PM > To: rancid-discuss at shrubbery.net > Subject: rancid in a push configuration? > > > Anybody ever used rancid or a similar tool in a push configuration? i.e. > make changes to the cvs repository and rancid updates the router with > that instead of vice versa. > > We'd like to have useful committer names and commit logs... > > -- > David Terrell | "If NNTP had a protocol extension for > dbt at meat.net | administering a spanking (long overdue if > Nebcorp Prime Minister | you ask me), you'd be yelping right now." > http://wwn.nebcorp.com/ | - Miguel Cruz From jmarr at twmaine.com Mon Jul 30 18:56:07 2001 From: jmarr at twmaine.com (Joe Marr) Date: Mon, 30 Jul 2001 14:56:07 -0400 Subject: problems with rancid and catalyst In-Reply-To: Message-ID: <004301c11929$4a68a4d0$f144d2cc@joemobileq> Great this works! Joe Marr Network Engineer Roadrunner "I do not hate my enemies. After all, I made them." - Red Skelton -----Original Message----- From: owner-rancid-discuss at shrubbery.net [mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of David LaPorte Sent: Monday, July 30, 2001 2:06 PM To: jmarr at twmaine.com; 'Andrew Partan' Cc: rancid-discuss at shrubbery.net Subject: RE: problems with rancid and catalyst I had a similar problem - try setting your path to ptldme-swt01> rancid appears to expect a ">" suffix on the prompt. Dave LaPorte -- David LaPorte Network Engineer Harvard University Network Operations Center -------------------------------------------- Email: david_laporte at harvard.edu Phone: (617) 496-7462 Mobile: (617) 429-8458 > -----Original Message----- > From: owner-rancid-discuss at shrubbery.net > [mailto:owner-rancid-discuss at shrubbery.net]On Behalf Of Joe Marr > Sent: Monday, July 30, 2001 1:49 PM > To: 'Andrew Partan' > Cc: rancid-discuss at shrubbery.net > Subject: RE: problems with rancid and catalyst > > > I tried the clogin test, clogin -c "show ver" ptldme-swt01 > > It accesses the router and sits the prompt, which would lead me to > believe that it doesn't recognize the prompt. > > What's the best way to approach this, what should the prompt be? > Currently its ptldme-swt01: > > Joe Marr > Network Engineer > Roadrunner > > "I do not hate my enemies. After all, I made them." - Red Skelton > > > -----Original Message----- > From: owner-rancid-discuss at shrubbery.net > [mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of Andrew Partan > Sent: Monday, July 30, 2001 12:02 AM > To: jmarr at twmaine.com > Cc: rancid-discuss at shrubbery.net > Subject: Re: problems with rancid and catalyst > > > Ive been using rancid in various forms for over a year now, but I have > > never been able to have it successfully acquire the config from a > > catalyst 5505 (or a older 2900). > > My usual diagnositic procedure for this sort of thing is: > > - Make sure that the appropriate *login (clogin for cat5s) works. > This tests to make sure you don't have routing or firewall types > of issues, or dns or hostname errors, and that your .cloginrc > settings are correct. > > - See if you can send commands to the router - something like > clogin -c "command1;command2" > This makes sure that the this basic function of clogin is working. > Typical problems here are where clogin does not recognize the > router prompt correctly. > > - Then see if the correct rancid commands works against the router > - "cat5rancid router" in this case. You should get a router.new > file if it does. Otherwise try "cat5rancid -d router" and see > if you can figure out what is going wrong. > > If all of this works, then make sure that you have the correct > router name in router.db and check the log file for errors. > > In any case, I suspect the problem is in your .cloginrc. I always > put things like passwords & the like inside of {} to get around > expect goo. [expect is a rather fragile program.] > > > add user ptldme-swt* XXXX > > add enableprompt ptldme-swt* Enter password: > > add password ptldme-swt* {XXXXXXX} {XXXXXX} > > I'd change these to: > add user ptldme-swt* {XXXX} > add enableprompt ptldme-swt* {Enter password:} > add password ptldme-swt* {XXXXXXX} {XXXXXX} > > I'm also not sure if you need to set the enableprompt; I've not > done that on the cat5s I've had. > --asp > From heas at shrubbery.net Mon Jul 30 19:57:49 2001 From: heas at shrubbery.net (john heasley) Date: Mon, 30 Jul 2001 12:57:49 -0700 Subject: problems with rancid and catalyst In-Reply-To: <004301c11929$4a68a4d0$f144d2cc@joemobileq>; from jmarr@twmaine.com on Mon, Jul 30, 2001 at 02:56:07PM -0400 References: <004301c11929$4a68a4d0$f144d2cc@joemobileq> Message-ID: <20010730125749.B22977@shrubbery.net> perhaps what we need is a .cloginrc switch which allows the prompt to be adjusted? Mon, Jul 30, 2001 at 02:56:07PM -0400, Joe Marr: > Great this works! > > Joe Marr > Network Engineer > Roadrunner > > "I do not hate my enemies. After all, I made them." - Red Skelton > > > -----Original Message----- > From: owner-rancid-discuss at shrubbery.net > [mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of David LaPorte > Sent: Monday, July 30, 2001 2:06 PM > To: jmarr at twmaine.com; 'Andrew Partan' > Cc: rancid-discuss at shrubbery.net > Subject: RE: problems with rancid and catalyst > > I had a similar problem - try setting your path to ptldme-swt01> > > rancid appears to expect a ">" suffix on the prompt. > > Dave LaPorte > > -- > David LaPorte > Network Engineer > Harvard University Network Operations Center > -------------------------------------------- > Email: david_laporte at harvard.edu > Phone: (617) 496-7462 > Mobile: (617) 429-8458 > > > -----Original Message----- > > From: owner-rancid-discuss at shrubbery.net > > [mailto:owner-rancid-discuss at shrubbery.net]On Behalf Of Joe Marr > > Sent: Monday, July 30, 2001 1:49 PM > > To: 'Andrew Partan' > > Cc: rancid-discuss at shrubbery.net > > Subject: RE: problems with rancid and catalyst > > > > > > I tried the clogin test, clogin -c "show ver" ptldme-swt01 > > > > It accesses the router and sits the prompt, which would lead me to > > believe that it doesn't recognize the prompt. > > > > What's the best way to approach this, what should the prompt be? > > Currently its ptldme-swt01: > > > > Joe Marr > > Network Engineer > > Roadrunner > > > > "I do not hate my enemies. After all, I made them." - Red Skelton > > > > > > -----Original Message----- > > From: owner-rancid-discuss at shrubbery.net > > [mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of Andrew Partan > > Sent: Monday, July 30, 2001 12:02 AM > > To: jmarr at twmaine.com > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: problems with rancid and catalyst > > > > > Ive been using rancid in various forms for over a year now, but I > have > > > never been able to have it successfully acquire the config from a > > > catalyst 5505 (or a older 2900). > > > > My usual diagnositic procedure for this sort of thing is: > > > > - Make sure that the appropriate *login (clogin for cat5s) works. > > This tests to make sure you don't have routing or firewall types > > of issues, or dns or hostname errors, and that your .cloginrc > > settings are correct. > > > > - See if you can send commands to the router - something like > > clogin -c "command1;command2" > > This makes sure that the this basic function of clogin is working. > > Typical problems here are where clogin does not recognize the > > router prompt correctly. > > > > - Then see if the correct rancid commands works against the router > > - "cat5rancid router" in this case. You should get a router.new > > file if it does. Otherwise try "cat5rancid -d router" and see > > if you can figure out what is going wrong. > > > > If all of this works, then make sure that you have the correct > > router name in router.db and check the log file for errors. > > > > In any case, I suspect the problem is in your .cloginrc. I always > > put things like passwords & the like inside of {} to get around > > expect goo. [expect is a rather fragile program.] > > > > > add user ptldme-swt* XXXX > > > add enableprompt ptldme-swt* Enter password: > > > add password ptldme-swt* {XXXXXXX} {XXXXXX} > > > > I'd change these to: > > add user ptldme-swt* {XXXX} > > add enableprompt ptldme-swt* {Enter password:} > > add password ptldme-swt* {XXXXXXX} {XXXXXX} > > > > I'm also not sure if you need to set the enableprompt; I've not > > done that on the cat5s I've had. > > --asp > > From jmarr at twmaine.com Mon Jul 30 20:01:11 2001 From: jmarr at twmaine.com (Joe Marr) Date: Mon, 30 Jul 2001 16:01:11 -0400 Subject: problems with rancid and catalyst In-Reply-To: <20010730125749.B22977@shrubbery.net> Message-ID: <005301c11932$623f7670$f144d2cc@joemobileq> That would be best, at some point Ill run into an issue with some other software that expects the prompt to be formatted a different way. Joe Marr Network Engineer Roadrunner "I do not hate my enemies. After all, I made them." - Red Skelton -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Monday, July 30, 2001 3:58 PM To: Joe Marr Cc: david_laporte at harvard.edu; 'Andrew Partan'; rancid-discuss at shrubbery.net Subject: Re: problems with rancid and catalyst perhaps what we need is a .cloginrc switch which allows the prompt to be adjusted? Mon, Jul 30, 2001 at 02:56:07PM -0400, Joe Marr: > Great this works! > > Joe Marr > Network Engineer > Roadrunner > > "I do not hate my enemies. After all, I made them." - Red Skelton > > > -----Original Message----- > From: owner-rancid-discuss at shrubbery.net > [mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of David LaPorte > Sent: Monday, July 30, 2001 2:06 PM > To: jmarr at twmaine.com; 'Andrew Partan' > Cc: rancid-discuss at shrubbery.net > Subject: RE: problems with rancid and catalyst > > I had a similar problem - try setting your path to ptldme-swt01> > > rancid appears to expect a ">" suffix on the prompt. > > Dave LaPorte > > -- > David LaPorte > Network Engineer > Harvard University Network Operations Center > -------------------------------------------- > Email: david_laporte at harvard.edu > Phone: (617) 496-7462 > Mobile: (617) 429-8458 > > > -----Original Message----- > > From: owner-rancid-discuss at shrubbery.net > > [mailto:owner-rancid-discuss at shrubbery.net]On Behalf Of Joe Marr > > Sent: Monday, July 30, 2001 1:49 PM > > To: 'Andrew Partan' > > Cc: rancid-discuss at shrubbery.net > > Subject: RE: problems with rancid and catalyst > > > > > > I tried the clogin test, clogin -c "show ver" ptldme-swt01 > > > > It accesses the router and sits the prompt, which would lead me to > > believe that it doesn't recognize the prompt. > > > > What's the best way to approach this, what should the prompt be? > > Currently its ptldme-swt01: > > > > Joe Marr > > Network Engineer > > Roadrunner > > > > "I do not hate my enemies. After all, I made them." - Red Skelton > > > > > > -----Original Message----- > > From: owner-rancid-discuss at shrubbery.net > > [mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of Andrew Partan > > Sent: Monday, July 30, 2001 12:02 AM > > To: jmarr at twmaine.com > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: problems with rancid and catalyst > > > > > Ive been using rancid in various forms for over a year now, but I > have > > > never been able to have it successfully acquire the config from a > > > catalyst 5505 (or a older 2900). > > > > My usual diagnositic procedure for this sort of thing is: > > > > - Make sure that the appropriate *login (clogin for cat5s) works. > > This tests to make sure you don't have routing or firewall types > > of issues, or dns or hostname errors, and that your .cloginrc > > settings are correct. > > > > - See if you can send commands to the router - something like > > clogin -c "command1;command2" > > This makes sure that the this basic function of clogin is working. > > Typical problems here are where clogin does not recognize the > > router prompt correctly. > > > > - Then see if the correct rancid commands works against the router > > - "cat5rancid router" in this case. You should get a router.new > > file if it does. Otherwise try "cat5rancid -d router" and see > > if you can figure out what is going wrong. > > > > If all of this works, then make sure that you have the correct > > router name in router.db and check the log file for errors. > > > > In any case, I suspect the problem is in your .cloginrc. I always > > put things like passwords & the like inside of {} to get around > > expect goo. [expect is a rather fragile program.] > > > > > add user ptldme-swt* XXXX > > > add enableprompt ptldme-swt* Enter password: > > > add password ptldme-swt* {XXXXXXX} {XXXXXX} > > > > I'd change these to: > > add user ptldme-swt* {XXXX} > > add enableprompt ptldme-swt* {Enter password:} > > add password ptldme-swt* {XXXXXXX} {XXXXXX} > > > > I'm also not sure if you need to set the enableprompt; I've not > > done that on the cat5s I've had. > > --asp > > From ABochannek at yipes.com Tue Jul 31 00:14:34 2001 From: ABochannek at yipes.com (ABochannek at yipes.com) Date: Mon, 30 Jul 2001 17:14:34 -0700 Subject: rancid in a push configuration? Message-ID: <2C830A8269AD084CA51CBA07982BB03001DFAA9E@sfoexh01.yipes.com> John, I understand that this isn't what Rancid wasn't meant to do, but you can't blame David or myself for trying ;-) Can you offer a more specific pointer to the IETF work you referred to? Are you talking about draft-ops-operator-req-mgmt-00.txt? Thanks. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Monday, July 30, 2001 11:55 AM To: Alex Bochannek Cc: dbt at meat.net; rancid-discuss at shrubbery.net Subject: Re: rancid in a push configuration? this is not what rancid was intended for. i am not saying that this functionality is not useful ... or not _required_ for sane config management! i believe that rancid is a configuration monitoring tool primarily and second a disaster recovery tool. that is, a baked config in the repository can be loaded (for exmaple, h/w-replacement -- after replacing passwords, etc) for fast recovery. writing a parser to determine changes, or rather commands necessary to apply those changes, is not only difficult, but a rapidly moving target. to this, i note the paramount importance of the IETD ops-nm WG draft (refer to internet drafts at www.ietf.org). configuration generation, loading, and change-application is best suited for a second tool (or suite of) with rancid integrated. where most information is stored in a database (which *any* complimentary tool can also utilize) and canonical configs are generated from this and templates (for multiple router/switch platforms). i have written such a tool for my employer, but can not release it. i have started a tool for free release ("pita" [because it is]) which i hope to mangle into a config generator (loader, etc), config monitoring (via rancid), NMS, and some other useful bits. making slow progress.... Mon, Jul 30, 2001 at 11:32:01AM -0700, ABochannek at yipes.com: > I'd like to second this request. In fact, I meant to send in a request like > this today myself. > > Alex Bochannek > Senior Unix/Network Engineer > Yipes ... that's fast! > (415) 901-2000 > (415) 901-2090 (direct) > www.yipes.com > > > -----Original Message----- > From: David Terrell [mailto:dbt at meat.net] > Sent: Monday, July 30, 2001 10:57 AM > To: rancid-discuss at shrubbery.net > Subject: rancid in a push configuration? > > Anybody ever used rancid or a similar tool in a push configuration? i.e. > make changes to the cvs repository and rancid updates the router with > that instead of vice versa. > > We'd like to have useful committer names and commit logs... > > -- > David Terrell | "If NNTP had a protocol extension for > dbt at meat.net | administering a spanking (long overdue if > Nebcorp Prime Minister | you ask me), you'd be yelping right now." > http://wwn.nebcorp.com/ | - Miguel Cruz From heas at shrubbery.net Tue Jul 31 00:44:49 2001 From: heas at shrubbery.net (john heasley) Date: Mon, 30 Jul 2001 17:44:49 -0700 Subject: rancid in a push configuration? In-Reply-To: <2C830A8269AD084CA51CBA07982BB03001DFAA9E@sfoexh01.yipes.com>; from ABochannek@yipes.com on Mon, Jul 30, 2001 at 05:14:34PM -0700 References: <2C830A8269AD084CA51CBA07982BB03001DFAA9E@sfoexh01.yipes.com> Message-ID: <20010730174449.Y22977@shrubbery.net> Mon, Jul 30, 2001 at 05:14:34PM -0700, ABochannek at yipes.com: > John, > > I understand that this isn't what Rancid wasn't meant to do, but you can't > blame David or myself for trying ;-) no blame being flung from here! perhaps maliciously trying to spark discussion. but, i believe rancid isnt the right place for config generation. i might even say impractical for that kind of jobs, but perhaps my expectation of such a system is greater than is necessary. > Can you offer a more specific pointer to the IETF work you referred to? Are > you talking about draft-ops-operator-req-mgmt-00.txt? yes, that is the draft and the maillist is (currently) ops-nm at ops.ietf.org (i think ops-nm-request@ works for subscription). From ABochannek at yipes.com Tue Jul 31 02:51:15 2001 From: ABochannek at yipes.com (ABochannek at yipes.com) Date: Mon, 30 Jul 2001 19:51:15 -0700 Subject: rancid in a push configuration? Message-ID: <2C830A8269AD084CA51CBA07982BB03001DFAAA4@sfoexh01.yipes.com> The particular job I was interested in is single configuration command submission to a list of devices. A simple change like the syslog destination comes to mind as an example. Full-fledged configuration generation is highly vendor-specific and not what I was looking for. I'll have a look at the ops-nm list and see what they are up to. Thanks. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com From afort at staff.webcentral.com.au Tue Jul 31 03:05:42 2001 From: afort at staff.webcentral.com.au (Andrew Fort) Date: Tue, 31 Jul 2001 13:05:42 +1000 Subject: rancid in a push configuration? Message-ID: <415DD4BF903BD311A3D900A0C99F902209607127@bnc.webcentral.com.au> Alex, Some of us do this the 'ugly way': $ cat hostlist bb1 bb2 $ cat syslog-change.scr no logging 1.2.3.4 no logging 5.6.7.8 no logging 11.12.13.14 logging 6.6.6.1 $ for i in `cat hostlist` ; do rcp syslog-change.scr $i:system:/running-config & ; done $ I think this is a fairly good example of why the ops-nm mailing list exists; to help eradicate evil things like the above. :) To Ciscos' credit, you could always setup an FTP server and use the CISCO-CONFIG-MIB, which should let you trigger the 'pull' of the configs from the devices themselves. If you're maintaining local devices where you can be 'happy' with rcp (they're on a private management VLAN, that VLAN is pruned to customers, you can guarantee (thru IGP auth) no prefix theft and spoofing, etc), you may find better performance with rcp than sending a few SNMP set to each device and then having it login to the FTP (or tftp, or rcp) server. Cisco now (12.2(2)T) support scp also, but no RSA authentication yet (as far as I can see), so it makes it not very useful for doing automated stuff. From asp at partan.com Tue Jul 31 03:18:17 2001 From: asp at partan.com (Andrew Partan) Date: Mon, 30 Jul 2001 23:18:17 -0400 (EDT) Subject: rancid in a push configuration? In-Reply-To: <2C830A8269AD084CA51CBA07982BB03001DFAAA4@sfoexh01.yipes.com> from "ABochannek@yipes.com" at Jul 30, 1 07:51:15 pm Message-ID: <200107310318.XAA19181@tower.partan.com> > The particular job I was interested in is single configuration command > submission to a list of devices. A simple change like the syslog destination > comes to mind as an example. You can also write an expect script that clogin can call to do this sort of thing. There is a script util/cisco-load.exp (comes as part of rancid) that loads cisco config files from a rcp server. Ditto cisco-reload.exp for rebooting routers. At one point (like 7 years ago) I had a collection of 50 some expect scripts that did various things to ciscos. --asp From ABochannek at yipes.com Tue Jul 31 03:30:16 2001 From: ABochannek at yipes.com (ABochannek at yipes.com) Date: Mon, 30 Jul 2001 20:30:16 -0700 Subject: rancid in a push configuration? Message-ID: <2C830A8269AD084CA51CBA07982BB03001DFAAA6@sfoexh01.yipes.com> Not a bad suggestion. I used to be at Cisco, actually, and we had our own Expect libraries which you could use to log in and execute commands on remote routers. That was extremely handy. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com From ABochannek at yipes.com Tue Jul 31 03:31:37 2001 From: ABochannek at yipes.com (ABochannek at yipes.com) Date: Mon, 30 Jul 2001 20:31:37 -0700 Subject: rancid in a push configuration? Message-ID: <2C830A8269AD084CA51CBA07982BB03001DFAAA7@sfoexh01.yipes.com> OK, that is indeed pretty evil ;-) I currently use the config MIB to pull configs, but that's what I want to replace with Rancid. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com From jlewis at packetnexus.com Tue Jul 31 03:44:39 2001 From: jlewis at packetnexus.com (Jason Lewis) Date: Mon, 30 Jul 2001 23:44:39 -0400 Subject: rancid in a push configuration? In-Reply-To: <2C830A8269AD084CA51CBA07982BB03001DFAAA6@sfoexh01.yipes.com> Message-ID: <000001c11973$209406f0$4d78a8c0@spinalcord> That is what I am looking for! I want to be able to change passwords quickly and easily. My current process is to login to each one. Passwords get changed on a regular basis and the time spent making the change is time I could be doing other stuff. Anyone have any expect scripts they would like to share? jas From heas at shrubbery.net Tue Jul 31 04:26:19 2001 From: heas at shrubbery.net (john heasley) Date: Mon, 30 Jul 2001 21:26:19 -0700 Subject: rancid in a push configuration? In-Reply-To: <200107310318.XAA19181@tower.partan.com>; from asp@partan.com on Mon, Jul 30, 2001 at 11:18:17PM -0400 References: <2C830A8269AD084CA51CBA07982BB03001DFAAA4@sfoexh01.yipes.com> <200107310318.XAA19181@tower.partan.com> Message-ID: <20010730212619.F22977@shrubbery.net> Mon, Jul 30, 2001 at 11:18:17PM -0400, Andrew Partan: > > The particular job I was interested in is single configuration command > > submission to a list of devices. A simple change like the syslog destination > > comes to mind as an example. > > You can also write an expect script that clogin can call to do this > sort of thing. > > There is a script util/cisco-load.exp (comes as part of rancid) > that loads cisco config files from a rcp server. Ditto cisco-reload.exp > for rebooting routers. just so no one goes off flailing trying to find these, neither of these are in the current release (or beta). i added those samples just a few weeks ago. From heas at shrubbery.net Tue Jul 31 04:29:18 2001 From: heas at shrubbery.net (john heasley) Date: Mon, 30 Jul 2001 21:29:18 -0700 Subject: rancid in a push configuration? In-Reply-To: <200107310344.XAA20992@tower.partan.com>; from asp@partan.com on Mon, Jul 30, 2001 at 11:44:07PM -0400 References: <2C830A8269AD084CA51CBA07982BB03001DFAAA6@sfoexh01.yipes.com> <200107310344.XAA20992@tower.partan.com> Message-ID: <20010730212917.G22977@shrubbery.net> Mon, Jul 30, 2001 at 11:44:07PM -0400, Andrew Partan: > > Not a bad suggestion. I used to be at Cisco, actually, and we had our own > > Expect libraries which you could use to log in and execute commands on > > remote routers. That was extremely handy. > > That is basically what clogin is. > --asp attached are the two samples. we're not quite ready for a 2.2 release. -------------- next part -------------- ## ## Copyright (C) 1997-2001 by Henry Kilmer. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed without ## fee for non-commerical purposes provided that this copyright notice is ## preserved intact on all copies and modified copies. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. # # this expect snipit is sourced by clogin (-s option) to load a configuration # file (named -confg into nvram from an rcp/tftp host. this is an # _example_ as it not guaranteed to work for all applications. PLEASE test # for your environment. # # it expects the following variables via the -E option: # rcphost ='host to rcp from' such as 'foo.org' or '192.168.0.1' # confgpath ='path under /tftpboot where configs are held' # # the config file is expected to be routername-confg, where routername is the # name as grok'd from the router's cmd-line prompt # # example usage: # % clogin -s ./cisco-load.exp -Ercphost=foo.shrubbery.net router # router # loading router config from foo.shrubbery.net # # keep in mind that it is important to NOT polute the global variable space. # particularly, do not use variables used within clogin. this may result in # indeterministic results. an easy way to avoid this is to use a variable # name prefix (like 'E' or '_'). # # useful variables from clogin global space: # router router name as provided on the cmd-line # prompt cmd-line prompt as determined by clogin # # note: the tcl/expect parser is extremely stoopid. comment lines are NOT # completely ignored!! so, a '{' or '}' in a comment might produce # unexpected results. ## # log_user 1 # exp_internal 1 # sometimes this is a bit slow. note: this overrides clogin -t set timeout 90 # take rcp host from -Ercphost='foo' if ([info exists Ercphost]) { #puts "CONFGHOST == $Ercphost" set confghost [string tolower $Ercphost] } else { send_error "ERROR: -Ercphost= was not set on the command-line.\n" exit } # # logout of the router # proc logout { ecode } { global prompt send "quit\r" expect { "$prompt" { logout $ecode } timeout { send_error "Error: timeout waiting for EOF after quit\n"} eof { send_user "\n" exit $ecode } } } # # erase the nvram # proc erase { } { global prompt send "\r" expect $prompt {} send "write erase\r" expect { -re " Continue\[^\n\]\*confirm\]" { send "\r" exp_continue } "$prompt" { } timeout { send_error "Error: timeout waiting for write erase.\n" logout 1 } eof { logout 1 } } } # # load a config via rcp into nvram # proc doload { confghost routername config retry } { global prompt # send a return just to be sure we have a prompt. send "\r" expect "$prompt" # start the copy and send the host to load from # use tftp if retry == 1 if { $retry == 0 } { send "copy tftp startup-config\r" } else { send "copy rcp startup-config\r" } expect { timeout { send_error "\nError: timeout exceeded waiting for rcp/tftp host prompt\r" logout 1 } "mbiguous command" { if { $retry == 0 } { send "copy tftp: startup-config\r" } else { send "copy rcp: startup-config\r" } exp_continue } -re "Host or network .*\]\?" { send "host\r" exp_continue } "\]\?" { send "$confghost\r" } } # # fill in the rest of the blanks. username (12.0), filename, dest, etc. # expect { -re "Source username .\*\]\?" { send "$routername\r"; exp_continue } -re "Source filename .\*\]\?" { send "$config\r"; exp_continue } -re "Name of configur.\*\]\?" { send "$config\r"; exp_continue } -re "Destination filename .\*\]\?" { send "startup-config\r"; exp_continue } -re "Configure using .\*confirm\]" { send "\r" } "proceed\? \\\[" { send "yes\r" } -re "Do you want to over write.\*confirm\]" { send "\r" } -re "Accessing (rcp|tftp):" { } timeout { send_error "\n\tError: timeout exceeded while matching load prompts\n"; send "" } } expect { timeout { send_error "Error: timeout exceeded while loading config\n" logout 1 } -re "\[^\n\]*Connection refused" { send_error "Error: $expect_out(0,string)\n" logout 1 } -re "\[^\n\]*Destination unreachable" { send_error "Error: $expect_out(0,string)\n" logout 1 } -re "\[^\n\]*Permission denied" { send_error "Error: $expect_out(0,string)\n" logout 1 } -re "\[^\n]*No such file or directory" { send_error "Error: $expect_out(0,string)\n" logout 1 } -re "\[^\n]*Error copying\[^\n]*Not enough space on device\[^\n]*\r" { send_error "Error: $expect_out(0,string)\n" if { $retry == 2 } { # erase stomps ssh rsa key # send_user "erasing nvram\n" # erase send_user "retrying load\n" doload $confghost $routername $config 1 } elseif { $retry == 1 } { # erase stomps ssh rsa key # send_user "erasing nvram\n" # erase send_user "retrying load with tftp.\n" doload $confghost $routername $config 0 } else { send_error "Error: $expect_out(0,string)\n" logout 1 } } -re "\[^\n]*.*configuration is too large.*\n" { send_error "Error: $expect_out(0,string)\n" expect { -re "\[^\n]*Truncate config.*:" { send "no\r" } } logout 1 } -re "\[^\n]*Error (opening|copying).*\r" { send_error "Error: $expect_out(0,string)\n" logout 1 } -nocase -re "\[^\n]* error\[^a-z\n]+\[^\n]*" { send_error "$expect_out(0,string)\n" logout 1 } "\n" { exp_continue } -re "^\[^ ]*\#" { send_user "load successful.\n" } } return 0; } send_user "loading $router config from $confghost\n"; # look for router hostname in prompt (ie: deal with fqdn) send "\r" expect { timeout { send_error "Error: did not receive prompt\n" exit } "\n" { exp_continue } -re "^(\[^ ]*)\#" { set routername $expect_out(1,string) } } # deal with config subdir? from Econfgpath if ([info exists confgpath]) { set config "$confgpath/$routername-confg" } else { set config "$routername-confg" } # load the config if { [doload $confghost $routername $config 1] != 0 } { logout 1 } logout 0 # these were my original transcripts of performing loads. it is a useful # example of info you may collect to get an idea of what needs to be handled # in the expect{}s # # pdx-oob# # pdx-oob#copy rcp start # Address of remote host [255.255.255.255]? 205.238.52.35 # Name of configuration file [a]? pdx-oob-confg # Configure using pdx-oob-confg from 205.238.52.35? [confirm] # # Connected to 205.238.52.35 # Loading 8131 byte file pdx-oob-confg: !!!! [OK] # Compressing configuration from 8131 bytes to 3886 bytes # [OK] # pdx-oob# # # 12.0S-isms # pao2#cop rcp sta # Address or name of remote host []? eng0 # Translating "eng0"...domain server (205.238.52.46) [OK] # # Source username [pao2]? # Source filename []? pao2-confg # Destination filename [startup-config]? # Warning: Copying this config directly into the nvram from a network server may # cause damage the the startup config. It is advisable to copy the file # into the running config first, and then save it using copy run start. # Do you wish to proceed? [no]: yes # Accessing rcp://pao2 at eng0/pao2-confg... # Connected to 205.238.52.35 # Loading 30138 byte file pao2-confg: !!!!!! [OK] # # 30138 bytes copied in 2.576 secs (15069 bytes/sec) # pao2# # OR IS IT # sea0#cop rcp sta # Address or name of remote host []? eng0 # Source username [sea0]? # Source filename []? sea0-confg # Destination filename [startup-config]? # Accessing rcp://sea0 at eng0/sea0-confg...!!!!!!!!!!!!!!!!!! # 89794 bytes copied in 0.704 secs # sea0#q # Connection closed by foreign host. # pdx-oob#copy rcp start # Address of remote host [255.255.255.255]? 205.238.52.35 # Name of configuration file [a]? pdx-oob-confg # Configure using pdx-oob-confg from 205.238.52.35? [confirm] # # Connected to 205.238.52.35 # Loading 8131 byte file pdx-oob-confg: !!!! [OK] # Compressing configuration from 8131 bytes to 3886 bytes # [OK] # pdx-oob#copy rcp start # Address of remote host [205.238.52.35]? 205.238.52.35 # Name of configuration file [pdx-oob-confg]? pdx-oob-confg # Configure using pdx-oob-confg from 205.238.52.35? [confirm] # # Connected to 205.238.52.35 # %rcp: /tftpboot/pdx-oob-confg: No such file or directory # pdx-oob# # # pdx-oob#copy rcp start # Address of remote host [205.238.52.35]? 205.238.52.35 # Name of configuration file [pdx-oob-confg]? pdx-oob-confg # Configure using pdx-oob-confg from 205.238.52.35? [confirm] # # Connected to 205.238.52.35 # %rcp: /tftpboot/pdx-oob-confg: Permission denied # pdx-oob# # # *** response from filtered pkt # pdx-oob#copy rcp sta # Address of remote host [205.238.52.35]? 205.238.1.94 # Name of configuration file [pdx-oob-confg]? # Configure using pdx-oob-confg from 205.238.1.94? [confirm] # % Destination unreachable; gateway or host down # # pdx-oob# # # *** response from host w/o rcp daemon # pdx-oob#cop rcp sta # Address of remote host [205.238.52.35]? 205.238.1.66 # Name of configuration file [pdx-oob-confg]? # Configure using pdx-oob-confg from 205.238.1.66? [confirm] # % Connection refused by remote host # # pdx-oob# # -------------- next part -------------- ## ## Copyright (C) 1997-2001 by Henry Kilmer. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed without ## fee for non-commerical purposes provided that this copyright notice is ## preserved intact on all copies and modified copies. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. # # this expect snipit is sourced by clogin (-s option) to issue a reload # command on a cisco router. it DOES NOT save the config if it has been # modified. this is an _example_ as it not guaranteed to work for all # applications. PLEASE test for your environment. # # it expects the following variables via the -E option: # reload_arg ='command argument' such as 'at 05:00' or 'cancel # # eg usage: # % clogin -s cisco-reload.exp -Ereload_arg='at 01:00' router # router # Reload scheduled for 01:00:00 UTC Sat Jun 23 2001 (in 7 hours and 16 minutes) # % clogin -s cisco-reload.exp -Ereload_arg='at cancel' router # router # % Ambiguous command: "reload at cancel" # # % clogin -s cisco-reload.exp -Ereload_arg='cancel' router # router # SHUTDOWN ABORTED # # # keep in mind that it is important to NOT polute the global variable space. # particularly, do not use variables used within clogin. this may result in # indeterministic results. an easy way to avoid this is to use a variable # name prefix (like 'E' or '_'). # # useful variables from clogin global space: # router router name as provided on the cmd-line # prompt cmd-line prompt as determined by clogin # # note: the tcl/expect parser is extremely stoopid. comment lines are NOT # completely ignored!! so, a '{' or '}' in a comment might produce # unexpected results. ## # exp_internal 1 # log_user 1 # take reload command from -Ereload_arg='at 05:00' if ([info exists Ereload_arg]) { #puts "reload_arg == $Ereload_arg" set reloadcmd "reload $Ereload_arg" } else { send_error "ERROR: -Ereload_arg= was not set on the command-line.\n" exit } #send_user "$router\n" send "\r" expect { timeout { send_error "Error: did not receive prompt\n" exit } -re "^.*$prompt" { send "$reloadcmd\r" expect * {} } } # look for response expect { -re "configuration has been modified.*no.:" { send "no\r"; exp_continue } -re "Reload scheduled .*\r" { set sched $expect_out(0,string) exp_continue } -re "SHUTDOWN ABORTED" { set sched $expect_out(0,string) } -re "Proceed with .*confirm\]" { send "\r" } -re "\n.*No reload " { set sched "no reload scheduled" send "\r" } -re "% Ambig\[^\n\r]*" { set sched $expect_out(0,string) } } send "\r" expect "$prompt" if ([info exists sched]) { send_user "\t$sched\n" } send "quit\r" expect { timeout { send_error "Error: timeout waiting for EOF after quit\n"} eof { exit 0 } } ## dennis#reload in ? ## Delay before reload (mmm or hhh:mm) ## ## dennis#reload in 100:10 ## ## System configuration has been modified. Save? [yes/no]: no ## Reload scheduled in 100 hours and 9 minutes ## Proceed with reload? [confirm] ## dennis#reload ca ## dennis#reload cancel ## dennis# ## ## ## *** ## *** --- SHUTDOWN ABORTED --- ## *** ## ## dennis#wr ## Building configuration... ## [OK] ## dennis#reload in 100:10 ## Reload scheduled in 100 hours and 10 minutes ## Proceed with reload? [confirm] ## dennis#rel ## dennis#reload can ## dennis#reload cancel ## dennis# ## ## ## *** ## *** --- SHUTDOWN ABORTED --- ## *** ## System configuration has been modified. Save? [yes/no]: no ## Reload scheduled for 11:51:48 PST Thu Dec 10 1998 (in 299 hours and 59 minutes) ## Proceed with reload? [confirm] ## ultra#reload can ## ultra# ## ## ## *** ## *** --- SHUTDOWN ABORTED --- ## *** ## ultra# reload at 8:10 10 dec ## ## System configuration has been modified. Save? [yes/no]: no ## Reload scheduled for 08:10:00 PST Thu Dec 10 1998 (in 296 hours and 17 minutes) ## Proceed with reload? [confirm] ## ultra# ## From afort at staff.webcentral.com.au Tue Jul 31 03:50:22 2001 From: afort at staff.webcentral.com.au (Andrew Fort) Date: Tue, 31 Jul 2001 13:50:22 +1000 Subject: rancid in a push configuration? Message-ID: <415DD4BF903BD311A3D900A0C99F902209607129@bnc.webcentral.com.au> >That is what I am looking for! > >I want to be able to change passwords quickly and easily. My current >process is to login to each one. Passwords get changed on a >regular basis >and the time spent making the change is time I could be doing >other stuff. OT: Is there a reason why using TACACS+ (or RADIUS) or unsuitable in your environment? back on topic: As mentioned by Andrew Partan, the contrib'd scripts in rancid distro (look for *.exp) provide the sort of stuff you're looking for. From asp at partan.com Tue Jul 31 04:38:43 2001 From: asp at partan.com (Andrew Partan) Date: Tue, 31 Jul 2001 00:38:43 -0400 (EDT) Subject: rancid in a push configuration? In-Reply-To: <000001c11973$209406f0$4d78a8c0@spinalcord> from "Jason Lewis" at Jul 30, 1 11:44:39 pm Message-ID: <200107310438.AAA22364@tower.partan.com> > I want to be able to change passwords quickly and easily. My current > process is to login to each one. Passwords get changed on a regular basis > and the time spent making the change is time I could be doing other stuff. The process I recall happening at a former job was that someone would generate the new password commands on a local router, get the encrypted passwords from that router's config, put them into a config file, and then use an expect script like cisco-load to push that config to all of the routers. > Anyone have any expect scripts they would like to share? If folks do have scripts they would like to share, we can add them to the rancid distribution. --asp