[rancid] Re: Question and potential feature request
john heasley
heas at shrubbery.net
Tue Mar 11 18:58:19 UTC 2008
The tool/computer should do the work for you, if possible.
I suppose there is no reason it couldn't do this, at least for cisco, and
procket. if it considers all the possible prompts and can determine which
are enabled and not enabled, then it should be ok.
Perhaps something like the attached.
Thu, Mar 06, 2008 at 08:57:34PM -0700, Lance Vermilion:
> All,
>
> Correct me if I am wrong but RANCID is suppose to backup your
> configurations. It does that very well. Having to all this extra
> figuring out etc can add extra fat in the scripts to make it figure
> what it should be doing and yet it still may not always work. If
> something fails you will get an email from RANCID. That should be a
> pretty good heads up that something has been changed. To me that is
> when I also go and verify nothing else has changed. As a network admin
> I like to know what is changing.
>
> Sam pointed a very simple solution to bring it front and center and
> allow it to get a ticket opened on it etc. Then again it does require
> some knowledge of programming.
>
> Just my two cents.
>
> -Lance
>
> On 3/6/08, Steve Snodgrass <ssnodgra at pheran.com> wrote:
> > Matthew Twomey wrote:
> > > Greetings,
> > >
> > > I have been a long time user of Rancid and I've always thought it was a
> > > fantastic tool. Recently I've been revamping our backups and that has gotten
> > > me to thinking about a couple of things:
> > >
> > > 1. We backup literally hundred of devices with Rancid and due to
> > > inconsistency across Cisco IOS releases we are struggling to keep ahead of
> > > the curve when it comes to specifying autoenable 1 or autoenable 0. I don't
> > > always manage the routers I backup, so an updated IOS often reverses this
> > > requirement (e.g. used to work with autoenable on and now it needs it off).
> > > This also often happens when router administrators enable/disable/make
> > > certain changes to tacacs. In any event I'm wondering if anyone has thought
> > > of a way to autodetect the autoenable state of a device?
> >
> > This might be nice for me too. I'm bringing up a rancid install for the
> > first time and I was banging my head on the wall today because I can't
> > figure out any way to get my ASAs to log directly into enable mode like
> > I do on the IOS boxes using a TACACS server. Obviously I could manually
> > specify autoenable 0 for the ASAs, but this would be a cool feature.
> >
> > --
> > Steve Snodgrass * ssnodgra at pheran.com * Network/Security/Linux/Perl Geek
> > "If you want to be somebody else, change your mind." -Sister Hazel
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
-------------- next part --------------
Index: bin/clogin.in
===================================================================
RCS file: /home/rancid/.CVS/rancid/bin/clogin.in,v
retrieving revision 1.123
diff -d -u -r1.123 clogin.in
--- bin/clogin.in 11 Mar 2008 18:40:21 -0000 1.123
+++ bin/clogin.in 11 Mar 2008 18:57:52 -0000
@@ -319,7 +319,7 @@
# returns: 0 on success, 1 on failure, -1 if rsh was used successfully
proc login { router user userpswd passwd enapasswd cmethod cyphertype } {
global command spawn_id in_proc do_command do_script platform
- global prompt u_prompt p_prompt e_prompt sshcmd
+ global prompt prompt_match u_prompt p_prompt e_prompt sshcmd
set in_proc 1
set uprompt_seen 0
@@ -542,7 +542,10 @@
}
exp_continue
}
- -re "$prompt" { break; }
+ -re "$prompt" {
+ set prompt_match $expect_out(0,string);
+ break;
+ }
"Login invalid" {
send_user "\nError: Invalid login: $router\n";
catch {close}; catch {wait}; return 1
@@ -731,32 +734,15 @@
source_password_file $password_file
set in_proc 0
set exitval 0
+set prompt_match ""
foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user -- "$router\n"
- # Figure out the prompt.
- # autoenable is off by default. If we have it defined, it was done
- # on the command line. If it is not specifically set on the command
- # line, check the password file.
- if $avautoenable {
- set autoenable 1
- set enable 0
- set prompt "(#| \\(enable\\))"
- } else {
- set ae [find autoenable $router]
- if { "$ae" == "1" } {
- set autoenable 1
- set enable 0
- set prompt "(#| \\(enable\\))"
- } else {
- set autoenable 0
- set enable $avenable
- set prompt ">"
- }
- }
+ # Default prompt.
+ set prompt "(>|#| \\(enable\\))"
# look for noenable option in .cloginrc
if { [find noenable $router] != "" } {
@@ -770,10 +756,6 @@
send_user -- "\nError: no password for $router in $password_file.\n"
continue
}
- if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } {
- send_user -- "\nError: no enable password for $router in $password_file.\n"
- continue
- }
set passwd [join [lindex $pswd 0] ""]
set enapasswd [join [lindex $pswd 1] ""]
} else {
@@ -851,7 +833,20 @@
# if login failed or rsh was unsuccessful, move on to the next device
continue
}
+ # Figure out the prompt.
+ if { [regexp -- "(#| \\(enable\\))" $prompt_match junk] == 1 } {
+ set enable 0
+ } elseif { $avenable } {
+ set enable 1
+ } else {
+ set enable 0
+ }
if { $enable } {
+ if { $do_enapasswd && [string bytelength $enapasswd] < 2 } {
+ send_user -- "\nError: $enapasswd\n"
+ send_user -- "\nError: no enable password for $router in $password_file.\n"
+ continue
+ }
if {[do_enable $enauser $enapasswd]} {
if { $do_command || $do_script } {
incr exitval
More information about the Rancid-discuss
mailing list