From john at sackheads.org Mon May 5 14:49:15 2008 From: john at sackheads.org (John Payne) Date: Mon, 5 May 2008 10:49:15 -0400 Subject: [rancid] corrupted bootflash bothering rancid Message-ID: <8DBE42E8-919A-4B55-9739-5512E95341CD@sackheads.org> Found a router with corrupted bootflash causing rancid to crap out. Whilst the rancid failure did draw attention to this, it probably should continue backing up and not just crapping out on this router. From the log file: Trying to get all of the configs. write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re ^H+ { exp_continue } -re {^[^ ^M *]*router1([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- "$expect_out(buffer)" } -re {^[..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send..." (procedure "run_commands" line 42) invoked from within "run_commands $prompt $command" ("foreach" body line 150) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/usr/local/rancid/bin/clogin" line 712)^M router1: missed cmd(s): dir /all sup-microcode:,dir /all slaveslot1:,show vlan,dir /all harddiskb:,dir /all slot1:,show diag,dir /all slavedisk1:,dir /all sec-slot1:,admin show diag,dir / all disk1:,show vtp status,show controllers,dir /all sec-disk1:,show debug,show diagbus,show inventory raw,dir /all slaveslot0:,dir /all slavenvram:,dir /all slaveslot2:,dir /all harddiska:,dir /all slot0:,show vlan-switch,show c7200,show module,write term,dir /all sup-bootflash:,dir /all slot2:,dir /all slavedisk0:,dir /all sec- slot0:,show controllers cbus,dir /all harddisk:,dir /all sec- nvram:,dir /all slavedisk2:,dir /all sec-slot2:,dir /all disk0:,dir / all disk2:,dir /all sec-disk0:,show spe version,dir /all slavesup- bootflash:,dir /all sec-disk2:,dir /all slavebootflash:,dir /all sec- bootflash:,show running-config router1: End of run not found !Flash: bootflash: Directory of bootflash:/ ===================================== running dir /all bootflash: gave me: router1#dir /all bootflash: Directory of bootflash:/ %Error calling getdents for bootflash:/ (Invalid created file header name) 32768000 bytes total (24870912 bytes free) formatting the bootflash allowed rancid to successfully complete. Should: return(-1) if /\%Error calling/; actually be: return(1) if /\%Error calling/; ? Thanks John From jeremy_keys at memorial.org Mon May 5 14:27:35 2008 From: jeremy_keys at memorial.org (Keys, Jeremy) Date: Mon, 05 May 2008 10:27:35 -0400 Subject: [rancid] Rancid-fe and wrancid wrapper with 2.3.2a7 Message-ID: <1209997655.9412.3.camel@islt005> I recently upgraded to rancid 2.3.2a7, and everything works great except for the wrancid modification (http://www.shrubbery.net/pipermail/rancid-discuss/2005-November/001276.html) posted a while back. Has anyone had any luck getting wrancid to work with 2.3.2a7? The format of the rancid-fe appears to have changed from 2.3.1. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080505/1f3f1eb7/attachment.html From ricardorey at infomed.sld.cu Thu May 1 09:05:44 2008 From: ricardorey at infomed.sld.cu (ricardo) Date: Thu, 01 May 2008 05:05:44 -0400 Subject: [rancid] Rancid and mail with who made the change Message-ID: <481987E8.4040406@infomed.sld.cu> I have a successful working rancid, but my boss want also that rancid when send the mail with the change send also the user who made the change, I searched on the web and the discussion list but don't saw any answer. Help me please and sorry if my English is not the best. From ricardorey at infomed.sld.cu Thu May 1 09:07:03 2008 From: ricardorey at infomed.sld.cu (ricardo) Date: Thu, 01 May 2008 05:07:03 -0400 Subject: [rancid] Rancid and mail with who made the change Message-ID: <48198837.9000208@infomed.sld.cu> I have a successful working rancid, but my boss want also that rancid when send the mail with the change send also the user who made the change, I searched on the web and the discussion list but don't saw any answer. Help me please and sorry if my English is not the best. From jhigham at epri.com Mon May 5 16:44:17 2008 From: jhigham at epri.com (Higham, Josh) Date: Mon, 5 May 2008 09:44:17 -0700 Subject: [rancid] Re: Rancid and mail with who made the change In-Reply-To: <481987E8.4040406@infomed.sld.cu> References: <481987E8.4040406@infomed.sld.cu> Message-ID: <4C3B8C75B5899943AEC675BA6DD46273E41F96@uspalex02.epri.com> Rancid itself cannot do this (to my knowledge). You could have rancid grab the log buffer, or better yet send it to a syslog server, but that doesn't match the user with the changes. I believe that there was some discussion about having a script monitor the syslog messages for changes, and then run rancid, which could do what you want with some customization. Thanks, Josh > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of ricardo > Sent: Thursday, May 01, 2008 2:06 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Rancid and mail with who made the change > > I have a successful working rancid, but my boss want also that rancid > when send the mail with the change send also the user who made the > change, I searched on the web and the discussion list but > don't saw any > answer. Help me please and sorry if my English is not the best. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From chunt at reachone.com Mon May 5 16:49:04 2008 From: chunt at reachone.com (Christopher Hunt) Date: Mon, 05 May 2008 09:49:04 -0700 Subject: [rancid] Re: Rancid and mail with who made the change In-Reply-To: <48198837.9000208@infomed.sld.cu> References: <48198837.9000208@infomed.sld.cu> Message-ID: <481F3A80.8030405@reachone.com> you can output the results of the cron script to email. See http://homepage.mac.com/duling/halfdozen/RANCID-Howto.html#email-aliases HTH Christopher ricardo wrote: > I have a successful working rancid, but my boss want also that rancid > when send the mail with the change send also the user who made the > change, I searched on the web and the discussion list but don't saw any > answer. Help me please and sorry if my English is not the best. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From secrookie at gmail.com Mon May 5 22:03:58 2008 From: secrookie at gmail.com (secrookie at gmail.com) Date: Tue, 6 May 2008 08:03:58 +1000 Subject: [rancid] RO/RW Message-ID: Does the rancid account need Read Only or Read/Write access to dump out the configs. I notice the wr term command is used so does this mean Read/Write is required? regards, secrookie From jethro.binks at strath.ac.uk Tue May 6 08:32:21 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 6 May 2008 09:32:21 +0100 (BST) Subject: [rancid] Re: Rancid-fe and wrancid wrapper with 2.3.2a7 In-Reply-To: <1209997655.9412.3.camel@islt005> References: <1209997655.9412.3.camel@islt005> Message-ID: <20080506092710.K25933@defjam.cc.strath.ac.uk> On Mon, 5 May 2008, Keys, Jeremy wrote: > I recently upgraded to rancid 2.3.2a7, and everything works great except > for the wrancid modification > (http://www.shrubbery.net/pipermail/rancid-discuss/2005-November/001276.html) > posted a while back. Has anyone had any luck getting wrancid to work > with 2.3.2a7? The format of the rancid-fe appears to have changed from > 2.3.1. Yes, I did that, and had some conversation with Michael, the original author. I will send something on privately, but maybe I should just publish it anyway. I did mention it to John Heasley, but I don't remember hearing back. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From mstefani at redhat.com Tue May 6 09:47:25 2008 From: mstefani at redhat.com (Michael Stefaniuc) Date: Tue, 06 May 2008 11:47:25 +0200 Subject: [rancid] Re: RO/RW In-Reply-To: References: Message-ID: <4820292D.7000405@redhat.com> secrookie at gmail.com wrote: > Does the rancid account need Read Only or Read/Write access to dump > out the configs. > > I notice the wr term command is used so does this mean Read/Write is required? write term is just an other way of saying "show running-config". rancid doesn't modify the config during the backup run. What it does modify are the per session settings like terminal size and to not log to the console. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Consulting Communications Engineer Fax.: +49-711-96437-111 -------------------------------------------------------------------- Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei Muenchen Handelsregister: Amtsgericht Muenchen HRB 153243 Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, Werner Knoblich From Nate.Beck at jivesoftware.com Tue May 6 18:51:35 2008 From: Nate.Beck at jivesoftware.com (Nate Beck) Date: Tue, 6 May 2008 18:51:35 +0000 Subject: [rancid] Palo Alto Networks Message-ID: Has anyone on the list worked with Palo Alto Network firewalls and Rancid? I was wondering if anyone has created a *login for them. Thanks ------------------- Nathan Beck Sr. IT Engineer Jive Software 503.972.9024 [cid:3292919495_689721] -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080506/bd6e34d9/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 6725 bytes Desc: image.png Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080506/bd6e34d9/attachment.png From danno at internet2.edu Wed May 14 04:44:44 2008 From: danno at internet2.edu (Dan Pritts) Date: Wed, 14 May 2008 00:44:44 -0400 Subject: [rancid] Re: RANCID with HP Procurve 4100g In-Reply-To: <000701c87728$7f8e79a0$7eab6ce0$@net> References: <000701c87728$7f8e79a0$7eab6ce0$@net> Message-ID: <20080514044444.GA32330@internet2.edu> going through old mail here but it looks like you never got an answer. You have to turn on "autoenable" in your cloginrc file if you are ssh'ing to the switch as an admin user. On Sun, Feb 24, 2008 at 04:01:58PM -0500, Andy Swanson wrote: > > > I know this is not a new topic as I have seem questions on this before... > However, I cant seem to get rancid to work with HP Procurve switches using > ssh. I am getting the infamous banner : > > HP J4887A ProCurve Switch 4104GL > Firmware revision G.07.70 > > Copyright (C) 1991-2005 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to > restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data > and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > > > > Press any key to continue > > > I know that the newer version of rancid is supposed to have fixed this but I > still cant get it to work... I have trying to get this to work for weeks but > it just will time out trying to get past this banner.. Does anybody have any > idea how I can get around this, so I can use ssh?? > > Thanks for any help!! > > Andrew > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss danno -- Dan Pritts, Sr. Systems Engineer Internet2 office: +1-734-352-4953 | mobile: +1-734-834-7224 Be part of the future! 2008 Internet2 Strategic Planning http://www.internet2.edu/strategicplanning From babydr at baby-dragons.com Wed May 14 21:06:41 2008 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Wed, 14 May 2008 13:06:41 -0800 (AKDT) Subject: [rancid] Re: RANCID with HP Procurve 4100g In-Reply-To: <20080514044444.GA32330@internet2.edu> References: <000701c87728$7f8e79a0$7eab6ce0$@net> <20080514044444.GA32330@internet2.edu> Message-ID: Hello Dan , On Wed, 14 May 2008, Dan Pritts wrote: > going through old mail here but it looks like you never got an > answer. > > You have to turn on "autoenable" in your cloginrc file if you are ssh'ing > to the switch as an admin user. With the sessions for switches set to autoenable , The 'press any key' still haunts getting access to the system . See below . Anything I can provide please ask . Tia , JimL HP J4813A ProCurve Switch 2524 Software revision F.05.59 Copyright (C) 1991-2007 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continue Error: TIMEOUT reached > On Sun, Feb 24, 2008 at 04:01:58PM -0500, Andy Swanson wrote: >> >> >> I know this is not a new topic as I have seem questions on this before... >> However, I cant seem to get rancid to work with HP Procurve switches using >> ssh. I am getting the infamous banner : >> >> HP J4887A ProCurve Switch 4104GL >> Firmware revision G.07.70 >> >> Copyright (C) 1991-2005 Hewlett-Packard Co. All Rights Reserved. >> >> RESTRICTED RIGHTS LEGEND >> >> Use, duplication, or disclosure by the Government is subject to >> restrictions >> as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data >> and >> Computer Software clause at 52.227-7013. >> >> HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 >> >> >> >> Press any key to continue >> >> >> I know that the newer version of rancid is supposed to have fixed this but I >> still cant get it to work... I have trying to get this to work for weeks but >> it just will time out trying to get past this banner.. Does anybody have any >> idea how I can get around this, so I can use ssh?? >> >> Thanks for any help!! >> >> Andrew >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > danno > -- > Dan Pritts, Sr. Systems Engineer > Internet2 > office: +1-734-352-4953 | mobile: +1-734-834-7224 > > Be part of the future! > 2008 Internet2 Strategic Planning > http://www.internet2.edu/strategicplanning > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ From gregoryzill at solutionary.com Wed May 14 21:18:47 2008 From: gregoryzill at solutionary.com (Gregory W Zill) Date: Wed, 14 May 2008 16:18:47 -0500 Subject: [rancid] Juniper ISG-1000 and nlogin? In-Reply-To: References: <000701c87728$7f8e79a0$7eab6ce0$@net> <20080514044444.GA32330@internet2.edu> Message-ID: <482B5737.2070206@solutionary.com> I am attempting to get a new Juniper ssg-1000 into our RANCID system. I have tried both nlogin and jlogin, for netscreen and juniper respectively. Our RANCID may be a little older, but I seem to be close. The nlogin seems to want to enable right after logging in: $ nlogin -c 'get conf' fw spawn ssh -c 3des -x -l user fw user at fw's password: Remote Management Console NSRPCLUSTER:fw(M)-> can't read "enable": no such variable while executing "if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { close; wait continue } } }" ("foreach" body line 66) invoked from within "foreach firewall [lrange $argv $i end] { set firewall [string tolower $firewall] send_user "$firewall\n" set prompt ">" # Figure out..." (file "/usr/local/rancid/bin/nlogin" line 423) And then jlogin sends back even less debug: $ jlogin -c 'get conf' fw spawn ssh -c 3des -x -l user fw fw at fw's password: Remote Management Console NSRPCLUSTER:fwcentrisA(M)-> NSRPCLUSTER:fwcentrisA(M)-> set cli complete-on-space off ^------unknown keyword cli -- gregory w zill, mba, cissp Information Security Engineer Managed Services Team ----------------------------- Solutionary, Inc. Making Security Manageable v: 402-361-3066 From rskoog at chrr.osu.edu Thu May 15 12:02:32 2008 From: rskoog at chrr.osu.edu (Rob Skoog) Date: Thu, 15 May 2008 08:02:32 -0400 Subject: [rancid] Re: Juniper ISG-1000 and nlogin? In-Reply-To: <482B5737.2070206@solutionary.com> References: <000701c87728$7f8e79a0$7eab6ce0$@net> <20080514044444.GA32330@internet2.edu> <482B5737.2070206@solutionary.com> Message-ID: <482C2658.5070606@chrr.osu.edu> You should update to the latest cvs version, I believe it is: ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a7.tar.gz I know even version 2.3.1 didn't work on our ISGs. (nlogin is the correct one.) Gregory W Zill wrote: > I am attempting to get a new Juniper ssg-1000 into our RANCID system. I > have tried both nlogin and jlogin, for netscreen and juniper > respectively. Our RANCID may be a little older, but I seem to be close. > > The nlogin seems to want to enable right after logging in: > > $ nlogin -c 'get conf' fw > > spawn ssh -c 3des -x -l user fw > user at fw's password: > Remote Management Console > NSRPCLUSTER:fw(M)-> can't read "enable": no such variable > while executing > "if { $enable } { > if {[do_enable $enauser $enapasswd]} { > if { $do_command || $do_script } { > close; wait > continue > } > } > }" > ("foreach" body line 66) > invoked from within > "foreach firewall [lrange $argv $i end] { > set firewall [string tolower $firewall] > send_user "$firewall\n" > > set prompt ">" > > # Figure out..." > (file "/usr/local/rancid/bin/nlogin" line 423) > > And then jlogin sends back even less debug: > > $ jlogin -c 'get conf' fw > > spawn ssh -c 3des -x -l user fw > fw at fw's password: > Remote Management Console > NSRPCLUSTER:fwcentrisA(M)-> > NSRPCLUSTER:fwcentrisA(M)-> set cli complete-on-space off > ^------unknown keyword cli > From babydr at baby-dragons.com Thu May 15 22:52:52 2008 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Thu, 15 May 2008 14:52:52 -0800 (AKDT) Subject: [rancid] Re: RANCID with HP Procurve 4100g In-Reply-To: References: <000701c87728$7f8e79a0$7eab6ce0$@net> <20080514044444.GA32330@internet2.edu> Message-ID: Hello Dan , On Wed, 14 May 2008, Mr. James W. Laferriere wrote: > On Wed, 14 May 2008, Dan Pritts wrote: >> going through old mail here but it looks like you never got an >> answer. >> >> You have to turn on "autoenable" in your cloginrc file if you are ssh'ing >> to the switch as an admin user. > With the sessions for switches set to autoenable , The 'press any key' > still haunts getting access to the system . See below . > Anything I can provide please ask . > Tia , JimL > > HP J4813A ProCurve Switch 2524 > Software revision F.05.59 > > Copyright (C) 1991-2007 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > > Press any key to continue > > Error: TIMEOUT reached Below is a patch & the patch is also attached , NOTE: this is for accessing the ProCurve Switch 2524's as the manager account ONLY , I will be trying to update this as time permits to do the operator -> manager via enable . Mind you the real difficulty is that on 'exit' these devices still require you to exit to operator mode & then when you exit that it askes; "Do you want to log out [y/n]?" , An interesting challenge , tho the time out will exit the session I'd still like to exit cleanly . Now HOPEFULLy someone knows howto get the ProCurse's to return to default mode of the CLI ? That would make this patch be moot . My Presen problem is , Trying to use the '-c "show interfaces 1"' , The command is not even get presented to the device command line . The time out happens & session is returned to the user . Anyone have any ideas where this might be going wrong ? Tia , JimL # diff -u flogin.orig-v1.47_20061208 flogin --- flogin.orig-v1.47_20061208 2008-05-13 14:40:59.000000000 -0800 +++ flogin 2008-05-15 14:19:40.000000000 -0800 @@ -436,6 +436,15 @@ } exp_continue } + -re "Press any key to continue" { + send "\r" + + expect "To select menu item" { + sleep 1 + send "5" + } + exp_continue + } "$prompt" { break; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; @@ -444,6 +453,7 @@ } } + set in_proc 0 return 0 } @@ -483,7 +493,7 @@ global in_proc set in_proc 1 - send "skip-page-display\r" + # send "skip-page-display\r" expect $prompt {} # Is this a multi-command? -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ -------------- next part -------------- --- flogin.orig-v1.47_20061208 2008-05-13 14:40:59.000000000 -0800 +++ flogin 2008-05-15 14:19:40.000000000 -0800 @@ -436,6 +436,15 @@ } exp_continue } + -re "Press any key to continue" { + send "\r" + + expect "To select menu item" { + sleep 1 + send "5" + } + exp_continue + } "$prompt" { break; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; @@ -444,6 +453,7 @@ } } + set in_proc 0 return 0 } @@ -483,7 +493,7 @@ global in_proc set in_proc 1 - send "skip-page-display\r" + # send "skip-page-display\r" expect $prompt {} # Is this a multi-command? From jwardlaw at CAYUGAMED.org Fri May 16 12:47:36 2008 From: jwardlaw at CAYUGAMED.org (Wardlaw, Jeff) Date: Fri, 16 May 2008 08:47:36 -0400 Subject: [rancid] autoenable in clogin Message-ID: I'm monitoring a cisco ASA and a couple of 2851s. I had the ASA working just fine, but when I added the 2851s, I had to enable autoenable on ~/bin/clogin: # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 1 Now, the 2851s are working, but I'm getting errors from rancid about the ASA: The following routers have not been successfully contacted for more than 4 hours. -rw-r----- 1 rancid rancid 47617 2008-05-15 16:45 asa1.cmc.internal output from clogin: rancid at cmc-rancid:~/bin$ clogin -c 'sh ru' asa1.cmc.internal asa1.cmc.internal spawn ssh -c 3des -x -l rancid asa1.cmc.internal rancid at asa1.cmc.internal's password: Type help or '?' for a list of available commands. asa1> Error: TIMEOUT reached rancid at cmc-rancid:~/bin$ Any hints? Thanks, -- Jeff From jwardlaw at CAYUGAMED.org Fri May 16 16:31:08 2008 From: jwardlaw at CAYUGAMED.org (Wardlaw, Jeff) Date: Fri, 16 May 2008 12:31:08 -0400 Subject: [rancid] Re: autoenable in clogin In-Reply-To: <20080516162934.GB24932@shrubbery.net> References: <20080516162934.GB24932@shrubbery.net> Message-ID: Great! Thanks! -- Jeff > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Friday, May 16, 2008 12:30 > To: Wardlaw, Jeff > Subject: Re: [rancid] autoenable in clogin > > set autoenable in cloginrc, not in clogin. > > Fri, May 16, 2008 at 08:47:36AM -0400, Wardlaw, Jeff: > > I'm monitoring a cisco ASA and a couple of 2851s. I had the ASA > > working just fine, but when I added the 2851s, I had to enable > > autoenable on > > ~/bin/clogin: > > # The default is that you login non-enabled (tacacs can > have you login > > already # enabled) set avautoenable 1 > > > > Now, the 2851s are working, but I'm getting errors from > rancid about > > the > > ASA: > > > > The following routers have not been successfully contacted for more > > than > > 4 hours. > > -rw-r----- 1 rancid rancid 47617 2008-05-15 16:45 asa1.cmc.internal > > > > output from clogin: > > rancid at cmc-rancid:~/bin$ clogin -c 'sh ru' asa1.cmc.internal > > asa1.cmc.internal spawn ssh -c 3des -x -l rancid asa1.cmc.internal > > rancid at asa1.cmc.internal's password: > > Type help or '?' for a list of available commands. > > asa1> > > Error: TIMEOUT reached > > rancid at cmc-rancid:~/bin$ > > > > > > Any hints? > > > > Thanks, > > > > -- > > Jeff > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From cstave at gmail.com Fri May 16 13:51:45 2008 From: cstave at gmail.com (Chris Stave) Date: Fri, 16 May 2008 09:51:45 -0400 Subject: [rancid] Re: Rancid and mail with who made the change In-Reply-To: <481987E8.4040406@infomed.sld.cu> References: <481987E8.4040406@infomed.sld.cu> Message-ID: <5471c93d0805160651n7855a0f8x35933ca3b916fc5a@mail.gmail.com> The easiest way to do this would be a policy that anyone making changes also modify a description or the hostname field with their initials. Chris On Thu, May 1, 2008 at 5:05 AM, ricardo wrote: > I have a successful working rancid, but my boss want also that rancid > when send the mail with the change send also the user who made the > change, I searched on the web and the discussion list but don't saw any > answer. Help me please and sorry if my English is not the best. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Todd at equivoice.com Fri May 16 19:40:41 2008 From: Todd at equivoice.com (Todd Heide) Date: Fri, 16 May 2008 14:40:41 -0500 Subject: [rancid] Re: Rancid and mail with who made the change In-Reply-To: <48198837.9000208@infomed.sld.cu> References: <48198837.9000208@infomed.sld.cu> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220E02C5C@exchange.Equivoice.local> Put Tacacs+ on the server and have the devices AAA from it. You will have an accounting record of who logs in when and does what to the device. Let me know if you would like the tarball of what I have been using now for the past few years. It runs on any linux platform that has MySql installed. Todd Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of ricardo Sent: Thursday, May 01, 2008 4:07 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and mail with who made the change I have a successful working rancid, but my boss want also that rancid when send the mail with the change send also the user who made the change, I searched on the web and the discussion list but don't saw any answer. Help me please and sorry if my English is not the best. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From babydr at baby-dragons.com Fri May 16 20:25:19 2008 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Fri, 16 May 2008 12:25:19 -0800 (AKDT) Subject: [rancid] Getting the HP Procurve 2534 J4813A Release #F.05.59 back to CLI , Howto In-Reply-To: References: <000701c87728$7f8e79a0$7eab6ce0$@net> <20080514044444.GA32330@internet2.edu> Message-ID: Hello All , As 'manager' account goto menu mode . Goto 'Run Setup' Press Goto 'Edit' , Press Goto 'Logon Default : ' Field , Hit 'Space bar' , <<< this toggles between modes >>> Press Goto 'Save' , Press Should take you back to the 'main menu' . After that it's all upto you . For this device & firmware version 'hlogin' is the program to use . Setup a 'manager' user & then add something like ... To .cloginrc . add autoenable *-sw* {1} add user *-sw* {ManagerUser} add password *-sw* {ManagerPassword} {nosuchpassword} add method *-sw* ssh telnet Hth , JimL ps: DISREGARD any previous patches to flogin as that was a BAD start . -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ From david.croft at infotrek.net Fri May 16 20:18:28 2008 From: david.croft at infotrek.net (David Croft) Date: Fri, 16 May 2008 22:18:28 +0200 Subject: [rancid] Re: Rancid and mail with who made the change In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220E02C5C@exchange.Equivoice.local> References: <48198837.9000208@infomed.sld.cu> <082FEA82DC985B4F8A6B412D5AC4E220E02C5C@exchange.Equivoice.local> Message-ID: Rancid's not really suited for reporting who did what since it runs on a schedule and multiple people could have logged in since the last run. If you don't use tacacs+ but you do have logging set up, I stumbled across this event manager script somewhere that records all executed commands to the system log. So if something bad happens you can go back through the logs to see who did it. Works fine for us to achieve the same accountability. event manager applet CLIaccounting event cli pattern ".*" sync no skip no action 1.0 syslog priority informational msg "$_cli_msg" set 2.0 _exit_status 1 ! David 2008/5/16 Todd Heide : > Put Tacacs+ on the server and have the devices AAA from it. You will > have an accounting record of who logs in when and does what to the > device. Let me know if you would like the tarball of what I have been > using now for the past few years. It runs on any linux platform that has > MySql installed. > > Todd > > > Nothing ever goes as planned, Its a hell of a notion, > Even pharaohs turn to sand, Like a drop in the ocean > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of ricardo > Sent: Thursday, May 01, 2008 4:07 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Rancid and mail with who made the change > > I have a successful working rancid, but my boss want also that rancid > when send the mail with the change send also the user who made the > change, I searched on the web and the discussion list but don't saw any > answer. Help me please and sorry if my English is not the best. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From danno at internet2.edu Mon May 19 20:15:34 2008 From: danno at internet2.edu (Dan Pritts) Date: Mon, 19 May 2008 16:15:34 -0400 Subject: [rancid] Re: RANCID with HP Procurve 4100g In-Reply-To: References: <000701c87728$7f8e79a0$7eab6ce0$@net> <20080514044444.GA32330@internet2.edu> Message-ID: <20080519201534.GA22051@internet2.edu> that's new, interesting. I'd approach this by get rid of autoenable tell rancid that it should look for "Press any key to continue" as its enable prompt make the enable password a single character, doesn't matter what. On Wed, May 14, 2008 at 01:06:41PM -0800, Mr. James W. Laferriere wrote: > Hello Dan , > > On Wed, 14 May 2008, Dan Pritts wrote: > >going through old mail here but it looks like you never got an > >answer. > > > >You have to turn on "autoenable" in your cloginrc file if you are ssh'ing > >to the switch as an admin user. > With the sessions for switches set to autoenable , The 'press any > key' still haunts getting access to the system . See below . > Anything I can provide please ask . > Tia , JimL > From babydr at baby-dragons.com Tue May 20 21:41:02 2008 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Tue, 20 May 2008 13:41:02 -0800 (AKDT) Subject: [rancid] Can someone tell me why the second expect isn't being executed ? Message-ID: Hello All , This one is not making sense to me , expect see's "$prompt" & and sends "show version\r" , But neither see's the regexp "^Image.stamp.*" nor (of course) follows up with the send ... Any insights are helpful . Tia , JimL send "\r" expect { "$prompt" { send "show version\r" } -re "^Image.stamp.*" { send "this stinks\r\n\n" } } Given the Following output ... VH-SW01# show version Image stamp: /sw/code/build/info(s02) Feb 26 2007 09:30:56 F.05.59 1194 VH-SW01# -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ From tex at off.org Tue May 20 22:01:22 2008 From: tex at off.org (Austin Schutz) Date: Tue, 20 May 2008 15:01:22 -0700 Subject: [rancid] Re: Can someone tell me why the second expect isn't being executed ? In-Reply-To: References: Message-ID: <20080520220122.GN3323@gblx.net> On Tue, May 20, 2008 at 01:41:02PM -0800, Mr. James W. Laferriere wrote: > Hello All , This one is not making sense to me , expect see's > "$prompt" & and sends "show version\r" , But neither see's the regexp > "^Image.stamp.*" nor (of course) follows up with the send ... > Any insights are helpful . Tia , JimL > > send "\r" > expect { > "$prompt" { send "show version\r" } > -re "^Image.stamp.*" { send "this stinks\r\n\n" } ^ I would suspect the anchor is probably not valid, since the buffer probably contains data before that. A health dose of the -d flag (sets exp_internal) would help show what is being matched. Austin From sbooze at infinityinternet.com Tue May 20 22:29:32 2008 From: sbooze at infinityinternet.com (Shawn Booze) Date: Tue, 20 May 2008 15:29:32 -0700 Subject: [rancid] Sonicwall 3060 Pro Message-ID: <30CD9C0C865BBE44B73D9A7903DA449E14BD4677@exchange-01.iinet.corp.local> Does anyone have a working *login and *rancid that supports Sonciwalls? I have reviewed the history and see mention of someone named Lance building one but I cannot find the files he was referring to. Any help would be greatly appreciated. --- Shawn Booze Network Engineering - Network Technician Infinity Internet Email: sbooze at infinityinternet.com 360-735-3700 LIVE Chat! http://support.iinet.com http://www.iinet.com From babydr at baby-dragons.com Wed May 21 00:00:09 2008 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Tue, 20 May 2008 16:00:09 -0800 (AKDT) Subject: [rancid] Maintainer hlogin , please review & comment . In-Reply-To: References: Message-ID: Hello (whomever, tho probaby) JohnH , I've made an attempt to check between switch & routers of the procurve persuasion with this patch to this script . There are probably better ways of doing this than I have implemented , Please comment with code (even pseudeo) . Find it attached to prevent mailer mangle . Tia , JimL -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ -------------- next part -------------- --- /usr/local/rancid/bin/hlogin-v1_40-20061208 2008-05-15 17:00:00.000000000 -0800 +++ /usr/local/rancid/bin/hlogin 2008-05-20 15:37:58.000000000 -0800 @@ -473,13 +473,52 @@ return 0 } +# Check (as best we can) if we are on a HP router or switch . +# Actually checking if is a router & saying otherwise it's a switch . +# +proc chk_rtr {in_proc prompt timeout} { + log_user 0 + set old_Timeout $timeout + set timeout 5 + global chk_rtrR + exp_send "show version\r" + expect { + -re "Image stamp" { + set Buffer $expect_out(0,string); + } + -re "Router" { + set Buffer $expect_out(0,string); + } + } + if { $Buffer eq "Image stamp" } { + # I'm a SWITCH ... + set chk_rtrR 1 + } + if { $Buffer eq "Router" } { + # I'm a ROUTER ... + set chk_rtrR 0 + } + if { $Buffer eq "" } { + # Default to (I think) I'm a ROUTER ... + set chk_rtrR 0 + } + set timeout $old_Timeout + log_user 1 + return +} + # Run commands given on the command line. -proc run_commands { prompt command } { +proc run_commands { prompt command chk_rtrR } { global in_proc platform set in_proc 1 - + + # see if we're a router or not and then ... # Turn off the pager and escape regex meta characters in the $prompt - send "terminal length 0\r" + if { $chk_rtrR == 0 } { + send "terminal length 0\r" + } else { + send "no page\r" + } regsub -all "\[)(]" $prompt {\\&} reprompt expect { -re $reprompt {} @@ -717,13 +756,21 @@ -re "^.+$prompt" { set prompt $expect_out(0,string); } } + # check if we are on a route or not . JimL + chk_rtr $in_proc $prompt $timeout + if { $do_command } { - if {[run_commands $prompt $command]} { + if {[run_commands $prompt $command $chk_rtrR]} { continue } } elseif { $do_script } { + # see if we're a router or not and then ... # disable the pager - send "terminal length 0\r" + if { $chk_rtrR == 0 } { + send "terminal length 0\r" + } else { + send "no page\r" + } expect -re $prompt {} source $sfile close From babydr at baby-dragons.com Wed May 21 18:09:23 2008 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Wed, 21 May 2008 10:09:23 -0800 (AKDT) Subject: [rancid] Re: Maintainer hlogin , please review & comment . In-Reply-To: References: Message-ID: Hello All , On Tue, 20 May 2008, Mr. James W. Laferriere wrote: > I've made an attempt to check between switch & routers of the > procurve persuasion with this patch to this script . > There are probably better ways of doing this than I have implemented > , Please comment with code (even pseudeo) . > Find it attached to prevent mailer mangle . An updated patch to try & shorten the path & make the checks a bit more portable for the varying hp devices . please comment . Again , Find it attached to prevent mailer mangle . Tia , JimL -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ -------------- next part -------------- --- /usr/local/rancid/bin/hlogin-v1_40-20061208 2008-05-15 17:00:00.000000000 -0800 +++ /usr/local/rancid/bin/hlogin 2008-05-21 09:30:25.000000000 -0800 @@ -473,13 +473,47 @@ return 0 } +# Check (as best we can) if we are on a HP router or switch . +# Actually checking if is a router & saying otherwise it's a switch . +# & Set the pageR off variable . +proc chk_rtr {in_proc prompt timeout} { + log_user 0 + set old_Timeout $timeout + set timeout 5 + global pageR + exp_send "show version\r" + expect { + -re "Image stamp" { + set Buffer $expect_out(0,string); + } + -re "Router" { + set Buffer $expect_out(0,string); + } + } + if { $Buffer eq "Image stamp" } { + # I'm a SWITCH ... + set pageR "no page" + } + if { $Buffer eq "Router" } { + # I'm a ROUTER ... + set pageR "terminal length 0" + } + if { $Buffer eq "." } { + # Default to (I think) I'm a ROUTER ... + set pageR "terminal length 0" + } + set timeout $old_Timeout + log_user 1 + return +} + # Run commands given on the command line. -proc run_commands { prompt command } { +proc run_commands { prompt command pageR } { global in_proc platform set in_proc 1 - + # Turn off the pager and escape regex meta characters in the $prompt - send "terminal length 0\r" + send "$pageR\r" regsub -all "\[)(]" $prompt {\\&} reprompt expect { -re $reprompt {} @@ -717,13 +751,17 @@ -re "^.+$prompt" { set prompt $expect_out(0,string); } } + # check if we are on a route or not , + # & Set pageR variable accordingly . JimL + chk_rtr $in_proc $prompt $timeout + if { $do_command } { - if {[run_commands $prompt $command]} { + if {[run_commands $prompt $command $pageR]} { continue } } elseif { $do_script } { # disable the pager - send "terminal length 0\r" + send "$pageR\r" expect -re $prompt {} source $sfile close From babydr at baby-dragons.com Wed May 21 20:26:47 2008 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Wed, 21 May 2008 12:26:47 -0800 (AKDT) Subject: [rancid] hlogin chomps off portion of 'show config' using -c . In-Reply-To: References: Message-ID: Hello All , Can someone among you's point at where in hlogin may be the culprit ? My diagnostic skill(s) are faded today , insufficient sleep . # hlogin -c "show run" vh-sw01a > hlogin-chomp.log The chomp off is quite visiable . Below is the part that is missing . I don't see anything in the output that might cause this to happen . This is with the patch I sent earier today , I'll try it without as well . Tia , JimL VH-SW01# sh run Running configuration: ; J4813A Configuration Editor; Created on release #F.05.59 hostname "VH-SW01" snmp-server contact "HelpDesk helpdesk at denalistatebank.com x300" snmp-server location "VH - switch room - 1st Fl -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ -------------- next part -------------- vh-sw01a spawn hpuifilter -- ssh -c 3des -x -l administrator vh-sw01a administrator at vh-sw01a's password: HP J4813A ProCurve Switch 2524 Software revision F.05.59 Copyright (C) 1991-2007 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continue VH-SW01# VH-SW01# no page VH-SW01#oor, Rack 01 front TOP" time timezone 540 time daylight-time-rule Alaska cdp run ip default-gateway 10.1.7.1 sntp server 10.1.1.51 timesync sntp sntp unicast snmp-server community "********" Operator vlan 1 name "Default" untagged 1-26 ip address 10.1.7.230 255.255.255.0 ip igmp exit vlan 10 name "DSB_Internal" exit vlan 20 name "AKOption_ATM" exit fault-finder bad-driver sensitivity high fault-finder bad-transceiver sensitivity high fault-finder bad-cable sensitivity high fault-finder too-long-cable sensitivity high fault-finder over-bandwidth sensitivity high fault-finder broadcast-storm sensitivity high fault-finder loss-of-link sensitivity high no stack ip ssh ip ssh key-size 1024 no aaa port-access authenticator active spanning-tree password manager password operator VH-SW01# exit VH-SW01> exit Do you want to log out [y/n]? y Connection to vh-sw01a closed. From babydr at baby-dragons.com Wed May 21 23:52:32 2008 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Wed, 21 May 2008 15:52:32 -0800 (AKDT) Subject: [rancid] Re: hlogin chomps off portion of 'show config' using -c . In-Reply-To: References: Message-ID: Hello All , On Wed, 21 May 2008, Mr. James W. Laferriere wrote: > Hello All , Can someone among you's point at where in hlogin may be > the culprit ? My diagnostic skill(s) are faded today , insufficient sleep . > > # hlogin -c "show run" vh-sw01a > hlogin-chomp.log > > The chomp off is quite visiable . Below is the part that is missing > . > I don't see anything in the output that might cause this to happen . > This is with the patch I sent earier today , I'll try it without as > well . An updated patch(attached) that (seems) to fix the chomp'ng . Please review & Comment . Tia , JimL -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ -------------- next part -------------- --- /usr/local/rancid/bin/hlogin-v1_40-20061208 2008-05-15 17:00:00.000000000 -0800 +++ /usr/local/rancid/bin/hlogin 2008-05-21 15:49:26.000000000 -0800 @@ -473,13 +473,45 @@ return 0 } +# Check (as best we can) if we are on a HP router or switch . +# Actually checking if is a router & saying otherwise it's a switch . +# & Set the pageR off variable . +proc chk_rtr {in_proc prompt timeout} { + set old_Timeout $timeout + set timeout 5 + global pageR + set Buffer "" + log_user 0 + exp_send "show version\r" + expect { + -re "Image stamp|Router" { + set Buffer $expect_out(0,string); + } + } + log_user 1 + if { $Buffer eq "Image stamp" } { + # I'm a SWITCH ... + set pageR "no page" + } + if { $Buffer eq "Router" } { + # I'm a ROUTER ... + set pageR "terminal length 0" + } + if { $Buffer eq "" } { + # Default to (hoping) I'm a ROUTER ... + set pageR "terminal length 0" + } + set timeout $old_Timeout + return +} + # Run commands given on the command line. -proc run_commands { prompt command } { + proc run_commands { prompt command pageR } { global in_proc platform set in_proc 1 - + # Turn off the pager and escape regex meta characters in the $prompt - send "terminal length 0\r" + send "$pageR\r" regsub -all "\[)(]" $prompt {\\&} reprompt expect { -re $reprompt {} @@ -716,14 +748,16 @@ -re "\[\r\n]+" { exp_continue; } -re "^.+$prompt" { set prompt $expect_out(0,string); } } - + # check if we are on a route or not , + # & Set pageR variable accordingly . + chk_rtr $in_proc $prompt $timeout if { $do_command } { - if {[run_commands $prompt $command]} { + if {[run_commands $prompt $command $pageR]} { continue } } elseif { $do_script } { # disable the pager - send "terminal length 0\r" + send "$pageR\r" expect -re $prompt {} source $sfile close From Todd at equivoice.com Thu May 22 14:55:06 2008 From: Todd at equivoice.com (Todd Heide) Date: Thu, 22 May 2008 09:55:06 -0500 Subject: [rancid] GRE & Rancid Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220E88C3C@exchange.Equivoice.local> Looks like I discovered a little hiccup with Rancid backing ASA's where GRE tunnels pass through. We have one customer with remote locations that GRE into a router behind the ASA over a 1:1 static mapping. On the 13th minute of every hour, the remote users were experiencing QOS issues with their IP phones. Turns out Rancid ran at exactly that time to the ASA. I set the ASA to down state in Rancid and the problem went away. Curious as to what Rancid is doing to cause this hiccup? Thanks Todd Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080522/b66bf6ba/attachment.html From smunzani at comcast.net Thu May 22 15:19:44 2008 From: smunzani at comcast.net (Sam Munzani) Date: Thu, 22 May 2008 10:19:44 -0500 Subject: [rancid] Re: GRE & Rancid In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220E88C3C@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220E88C3C@exchange.Equivoice.local> Message-ID: <48358F10.7010601@comcast.net> Todd, Rancid runs "show running" command which generates the running configuration real time from the device. May be ASA has a bug related to "show run" command. Do it manually to confirm. Run that command manually and see if it makes difference. Lately I am running more and more in to situations where people don't like to give enable password to rancid. Instead of that, they usually allow all show commands to rancid via setting up rancid account at priv 5 or something and allowing priv-5 to run all show commands. When that happens you can't run "show run" command but you can do "show config". In few of my recent rancid deployments, I ended up substituting "show run" command with "show config" in bin/rancid file's commands section. If your issue is related to "show run" commands, you can do the same. Hope this helps, Sam > > Looks like I discovered a little hiccup with Rancid backing ASA's > where GRE tunnels pass through. We have one customer with remote > locations that GRE into a router behind the ASA over a 1:1 static > mapping. On the 13^th minute of every hour, the remote users were > experiencing QOS issues with their IP phones. Turns out Rancid ran at > exactly that time to the ASA. I set the ASA to down state in Rancid > and the problem went away. Curious as to what Rancid is doing to cause > this hiccup? > > > > /*/Thanks/*/ > > Todd > > > > Nothing ever goes as planned, Its a hell of a notion, > > Even pharaohs turn to sand, Like a drop in the ocean > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080522/9cd12c19/attachment.html From kelly at websitesource.com Thu May 22 16:13:16 2008 From: kelly at websitesource.com (Kelly Shutt) Date: Thu, 22 May 2008 11:13:16 -0500 Subject: [rancid] subversion issues Message-ID: <48359B9C.7010905@websitesource.com> I just downloaded the latest 2.3.2a8 release and ran into the "Out of date" issue with subversion. I had to apply the patch from Vince Hoang manually to fix the problem, see http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001679.html. Is there a specific reason why this patch hasn't been integrated into the base source yet? Subversion does not work correctly without this patch. I spent hours trying to get it working and this patch fixed the problem instantly. Also, I was just trying to go to the website and I'm getting "File Not Found" errors on http://www.shrubbery.net/rancid/. Peace, Kelly Shutt Alentus Corporation From jethro.binks at strath.ac.uk Thu May 22 16:35:14 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu, 22 May 2008 17:35:14 +0100 (BST) Subject: [rancid] Rancid development, WAS: Re: subversion issues In-Reply-To: <48359B9C.7010905@websitesource.com> References: <48359B9C.7010905@websitesource.com> Message-ID: <20080522172901.I1394@defjam.cc.strath.ac.uk> On Thu, 22 May 2008, Kelly Shutt wrote: > Is there a specific reason why this patch hasn't been integrated into > the base source yet? There have been numerous patches floating around for a while for rancid, including some contributions from myself, but unfortunately John Heasley has been somehwat quiet of late. He was working through the patches from the list and received privately for a while. John, are you out there still? Are there other developers with source access available who can afford to spend some time pushing further releases? I think rancid is a great tool, especially if you live in a Cisco world, but outwith that there is still some considerable work to be done. I am keen that rancid doesn't die through lack of maintenance, or requires patches to be pulled from numerous sources to gain useful functionality. Can anyone offer any insight into Rancid's future? Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From hank at rem.com Thu May 22 16:57:03 2008 From: hank at rem.com (Hank Kilmer) Date: Thu, 22 May 2008 12:57:03 -0400 Subject: [rancid] Re: Rancid development, WAS: Re: subversion issues In-Reply-To: <20080522172901.I1394@defjam.cc.strath.ac.uk> References: <48359B9C.7010905@websitesource.com> <20080522172901.I1394@defjam.cc.strath.ac.uk> Message-ID: <4835A5DF.3050308@rem.com> Yes, there are more developers than just John. One of the problems we have with many of the patches is that people send them in with GNU or other copyright bits attached making incorporation impossible. Rancid development is still going on and some fairly large upgrades are currently being discussed. -Hank Jethro R Binks wrote: > On Thu, 22 May 2008, Kelly Shutt wrote: > >> Is there a specific reason why this patch hasn't been integrated into >> the base source yet? > > There have been numerous patches floating around for a while for rancid, > including some contributions from myself, but unfortunately John Heasley > has been somehwat quiet of late. He was working through the patches from > the list and received privately for a while. John, are you out there > still? Are there other developers with source access available who can > afford to spend some time pushing further releases? > > I think rancid is a great tool, especially if you live in a Cisco world, > but outwith that there is still some considerable work to be done. I am > keen that rancid doesn't die through lack of maintenance, or requires > patches to be pulled from numerous sources to gain useful functionality. > > Can anyone offer any insight into Rancid's future? > > Jethro. > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Thu May 22 19:39:42 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 22 May 2008 19:39:42 +0000 Subject: [rancid] Re: subversion issues In-Reply-To: <48359B9C.7010905@websitesource.com> References: <48359B9C.7010905@websitesource.com> Message-ID: <20080522193942.GH19682@shrubbery.net> Thu, May 22, 2008 at 11:13:16AM -0500, Kelly Shutt: > I just downloaded the latest 2.3.2a8 release and ran into the "Out of > date" issue with subversion. I had to apply the patch from Vince Hoang > manually to fix the problem, see > http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001679.html. > Is there a specific reason why this patch hasn't been integrated into > the base source yet? Subversion does not work correctly without this > patch. I spent hours trying to get it working and this patch fixed the > problem instantly. Because it is wrong, IMO. 1) the repository should never be out of date, unless there was a crash or some external party altered it, and the latter case is an problem (no external parties should alter rancid's repository), and 2) /localhost/ is bogus (though both syntax are acceptable per 1738), the problem there was a typo, a missing '/'. > Also, I was just trying to go to the website and I'm getting "File Not > Found" errors on http://www.shrubbery.net/rancid/. I see a few missing mailman logos and some rancid manpage links to system pages that are not there (from man2html), but otherwise see no missing pages. From heas at shrubbery.net Thu May 22 19:54:45 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 22 May 2008 19:54:45 +0000 Subject: [rancid] Re: Rancid development, WAS: Re: subversion issues In-Reply-To: <4835A5DF.3050308@rem.com> References: <48359B9C.7010905@websitesource.com> <20080522172901.I1394@defjam.cc.strath.ac.uk> <4835A5DF.3050308@rem.com> Message-ID: <20080522195445.GJ19682@shrubbery.net> It is also difficult to commit things which I can not test, or have been done half-assed, or not commented, or fix one device but are unclear if they affect another, and folks who do not reply when asked about their patch or to test a small variant, etc. Thu, May 22, 2008 at 12:57:03PM -0400, Hank Kilmer: > Yes, there are more developers than just John. One of the problems we > have with many of the patches is that people send them in with GNU or > other copyright bits attached making incorporation impossible. Rancid > development is still going on and some fairly large upgrades are > currently being discussed. > > -Hank > > Jethro R Binks wrote: > > On Thu, 22 May 2008, Kelly Shutt wrote: > > > >> Is there a specific reason why this patch hasn't been integrated into > >> the base source yet? > > > > There have been numerous patches floating around for a while for rancid, > > including some contributions from myself, but unfortunately John Heasley > > has been somehwat quiet of late. He was working through the patches from > > the list and received privately for a while. John, are you out there > > still? Are there other developers with source access available who can > > afford to spend some time pushing further releases? > > > > I think rancid is a great tool, especially if you live in a Cisco world, > > but outwith that there is still some considerable work to be done. I am > > keen that rancid doesn't die through lack of maintenance, or requires > > patches to be pulled from numerous sources to gain useful functionality. > > > > Can anyone offer any insight into Rancid's future? > > > > Jethro. > > > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > Jethro R Binks > > Computing Officer, IT Services > > University Of Strathclyde, Glasgow, UK > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jethro.binks at strath.ac.uk Thu May 22 17:47:37 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu, 22 May 2008 18:47:37 +0100 (BST) Subject: [rancid] Re: Rancid development, WAS: Re: subversion issues In-Reply-To: <4835A5DF.3050308@rem.com> References: <48359B9C.7010905@websitesource.com> <20080522172901.I1394@defjam.cc.strath.ac.uk> <4835A5DF.3050308@rem.com> Message-ID: <20080522183959.L1394@defjam.cc.strath.ac.uk> On Thu, 22 May 2008, Hank Kilmer wrote: > Yes, there are more developers than just John. One of the problems we > have with many of the patches is that people send them in with GNU or > other copyright bits attached making incorporation impossible. Rancid > development is still going on and some fairly large upgrades are > currently being discussed. Hello Hank, Thanks for the reply. I think it would be useful if there was some more public information on who is directly involved in rancid development, and a roadmap on where it is going. Perhaps more public discussion from the developers on the list would be good, and suggestions for where people can assist. The web pages generally could be improved, there are several files, hints, and utilities tucked away in the distribution that just don't get a mention on the web page. Regarding the licence, I realise that can be an issue: but in that case should be an explicit statement somewhere regarding what licences may or may not be acceptable for the developers. Even where patches are offered with a licence that you cannot accept, it may be useful for them to be listed so people can choose to apply them, usual caveats apply. In summary, I'd just like to see more signs of activity and information! Jethro. > > -Hank > > Jethro R Binks wrote: > > On Thu, 22 May 2008, Kelly Shutt wrote: > > > > > Is there a specific reason why this patch hasn't been integrated into the > > > base source yet? > > > > There have been numerous patches floating around for a while for rancid, > > including some contributions from myself, but unfortunately John Heasley has > > been somehwat quiet of late. He was working through the patches from the > > list and received privately for a while. John, are you out there still? > > Are there other developers with source access available who can afford to > > spend some time pushing further releases? > > > > I think rancid is a great tool, especially if you live in a Cisco world, but > > outwith that there is still some considerable work to be done. I am keen > > that rancid doesn't die through lack of maintenance, or requires patches to > > be pulled from numerous sources to gain useful functionality. > > > > Can anyone offer any insight into Rancid's future? > > > > Jethro. > > > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > Jethro R Binks > > Computing Officer, IT Services > > University Of Strathclyde, Glasgow, UK > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From cpatel at provident.com Fri May 23 19:49:10 2008 From: cpatel at provident.com (Chirayu Patel) Date: Fri, 23 May 2008 12:49:10 -0700 Subject: [rancid] Re: Device not issuing and "End" Message-ID: Anyone figure out a work around? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080523/f49fe4f7/attachment.html From saku+rancid at ytti.fi Mon May 26 11:43:38 2008 From: saku+rancid at ytti.fi (Saku Ytti) Date: Mon, 26 May 2008 14:43:38 +0300 Subject: [rancid] Re: Device not issuing and "End" In-Reply-To: References: Message-ID: <20080526114337.GA22652@mx.ytti.net> On (2008-05-23 12:49 -0700), Chirayu Patel wrote: > Anyone figure out a work around? Rancid already supports those nodes, with: if ($type =~ /^CE$/ && $linecnt > 5) { $found_end = 1; return(1); } Basically I don't think the end-of-run check is very useful anyhow. Just x lines + prompt seen again should do the trick and be more portable. Thanks, -- ++ytti From zarahel at iol.pt Mon May 26 13:10:32 2008 From: zarahel at iol.pt (zarahel at iol.pt) Date: Mon, 26 May 2008 14:10:32 +0100 Subject: [rancid] VLAN portion of rancid-run Message-ID: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> Good afternoon I need your help For some reason everytime my rancid runs I get new revisions in my Cisco equipments (even if there?s no changes in their configurations), due to the Vlan proportion of the config (the printscreen is anexed to this mail). I don?t know why this happens...is this some kind of bug in rancid? Does anybody know a fix for this? If not, how do I remove the show vlan portion in Rancid? Is there a file in the Rancid Folder that contains the vlan configuration lines?Which lines should I remove so that Rancid does not retrieve the Vlan config from the equipments? I apreciate any help Thkx ________________________________________________________________________________ Adira ? Sempre Seguros e POUPE no seu seguro autom?vel! PROMO??O: oferta vale combust?vel com o seu novo seguro. Ligue 808 200 600. http://www.iol.pt/correio/rodape.php?dst=0804301 -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid-vlan.JPG Type: image/pjpeg Size: 144102 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080526/b1daf382/attachment.bin From heas at shrubbery.net Tue May 27 16:14:57 2008 From: heas at shrubbery.net (john heasley) Date: Tue, 27 May 2008 09:14:57 -0700 Subject: [rancid] Re: Device not issuing and "End" In-Reply-To: <20080526114337.GA22652@mx.ytti.net> References: <20080526114337.GA22652@mx.ytti.net> Message-ID: <20080527161457.GA17186@shrubbery.net> Mon, May 26, 2008 at 02:43:38PM +0300, Saku Ytti: > On (2008-05-23 12:49 -0700), Chirayu Patel wrote: > > > Anyone figure out a work around? > > Rancid already supports those nodes, with: > > if ($type =~ /^CE$/ && $linecnt > 5) { > $found_end = 1; > return(1); > } > > > Basically I don't think the end-of-run check is very > useful anyhow. Just x lines + prompt seen again > should do the trick and be more portable. I disagree. merely receiving the prompt back has proven itself not a reliable indicator. if the box provides an end-of-config marker and we do not received it, then something is broken. if the box does not provide an end-of-config marker, then its broken and you should haggle your sales rep until they start to lose sleep. if it provides one and we cant't bothered to check for it, then we're broken. From zarahel at iol.pt Tue May 27 17:06:33 2008 From: zarahel at iol.pt (zarahel at iol.pt) Date: Tue, 27 May 2008 18:06:33 +0100 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080527161651.GB17186@shrubbery.net> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> <20080527161651.GB17186@shrubbery.net> Message-ID: <20080527180633.7ai0zckcg08kk04s@webmail.iol.pt> Good afterrnon Which file contains the show vlan command? Do you know what?s the file name that runs the script? Thkx for your reply ----- Mensagem de heas at shrubbery.net --------- Data: Tue, 27 May 2008 09:16:51 -0700 De: john heasley Assunto: Re: [rancid] VLAN portion of rancid-run Para: zarahel at iol.pt > Mon, May 26, 2008 at 02:10:32PM +0100, zarahel at iol.pt: >> Good afternoon >> >> I need your help >> >> For some reason everytime my rancid runs I get new revisions in my >> Cisco equipments (even if there?s no changes in their configurations), >> due to the Vlan proportion of the config (the printscreen is anexed to >> this mail). >> >> I don?t know why this happens...is this some kind of bug in rancid? >> >> Does anybody know a fix for this? > > turn off the auto vlan configuration thing. forget what its called off > the top. > >> If not, how do I remove the show vlan portion in Rancid? Is there a >> file in the Rancid Folder that contains the vlan configuration >> lines?Which lines should I remove so that Rancid does not retrieve the >> Vlan config from the equipments? > > ATM, look for show vlan command in the script, comment-out the line. > ________________________________________________________________________________ Adira ? Sempre Seguros e POUPE no seu seguro autom?vel! PROMO??O: oferta vale combust?vel com o seu novo seguro. Ligue 808 200 600. http://www.iol.pt/correio/rodape.php?dst=0804301 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080527/3a70c24a/attachment.html From saku+rancid at ytti.fi Wed May 28 09:05:02 2008 From: saku+rancid at ytti.fi (Saku Ytti) Date: Wed, 28 May 2008 12:05:02 +0300 Subject: [rancid] Re: Device not issuing and "End" In-Reply-To: <20080527161457.GA17186@shrubbery.net> References: <20080526114337.GA22652@mx.ytti.net> <20080527161457.GA17186@shrubbery.net> Message-ID: <20080528090502.GB4666@mx.ytti.net> On (2008-05-27 09:14 -0700), john heasley wrote: > I disagree. merely receiving the prompt back has proven itself not a > reliable indicator. if the box provides an end-of-config marker and we > do not received it, then something is broken. if the box does not provide > an end-of-config marker, then its broken and you should haggle your sales > rep until they start to lose sleep. if it provides one and we cant't > bothered to check for it, then we're broken. If we're talking IOS specifically, most other boxes do not have any magic marker for end-of-config. And many of these boxes, would work with 'cisco' style rancid just by removing end-of-config check. Anyhow, I'm not going to argue about. I'm happy with what rancid does today, as it's easy for me to hack the check away when needed, but it seems for some it seems to be big problem. Thanks, -- ++ytti From saku+rancid at ytti.fi Wed May 28 09:06:43 2008 From: saku+rancid at ytti.fi (Saku Ytti) Date: Wed, 28 May 2008 12:06:43 +0300 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> Message-ID: <20080528090643.GC4666@mx.ytti.net> On (2008-05-26 14:10 +0100), zarahel at iol.pt wrote: > equipments (even if there?s no changes in their configurations), due to > the Vlan proportion of the config (the printscreen is anexed to this > mail). > > I don?t know why this happens...is this some kind of bug in rancid? > > Does anybody know a fix for this? This seems to be FAQ, quick fix is to do add 'terminal width 0' where 'terminal length 0' is. Since the config change is caused by line-wrapping when some VLAN gets more/less ports. Thanks, -- ++ytti From oliver.gorwits at oucs.ox.ac.uk Wed May 28 16:56:43 2008 From: oliver.gorwits at oucs.ox.ac.uk (Oliver Gorwits) Date: Wed, 28 May 2008 17:56:43 +0100 Subject: [rancid] Script we use to "smartly" diff Cisco IOS configs Message-ID: <483D8ECB.5090007@oucs.ox.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, I have been persuaded that a script of ours to "smartly" diff two Cisco IOS configs might be useful to others. It's used here as the diff command, when RANCID runs, and generates more intelligible output (we feel). Anyway, these kind of things are usually personal taste, but feel free to tuck in and see if you like it: http://sites.google.com/a/gapps.oxuni.org.uk/oliver/ios-config-diff-script (page includes link to script and a small amount of user docs.) I hope this proves useful, regards, oliver. - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIPY7L2NPq7pwWBt4RAnYrAJoDuC5YP34XKGZtxEjvO4O5UDVEaQCfV6aJ R1UDXfNhaFPEGPGYIwvZwns= =Cais -----END PGP SIGNATURE----- From isma.ballo at gmail.com Wed May 28 13:58:56 2008 From: isma.ballo at gmail.com (Isma) Date: Wed, 28 May 2008 15:58:56 +0200 Subject: [rancid] @ip -> names Message-ID: <513bde910805280658m453d9fe7tab349d820e186c42@mail.gmail.com> Hi, We use rancid for some months now. In the beginning, we have used ip adresses of switches we monitored like this (routers.db) 192.168.50.107:cisco:up 192.168.50.108:cisco:up 192.168.50.109:cisco:up 192.168.50.110:cisco:up now I want to use : switch1:cisco:up switch2:cisco:up switch3:cisco:up switch4:cisco:up Now, I want to use their names What do I have to do to keep all the revisions ? Thanks in advance. From sean at craigslist.org Wed May 28 18:25:18 2008 From: sean at craigslist.org (Sean Knox) Date: Wed, 28 May 2008 11:25:18 -0700 Subject: [rancid] Re: @ip -> names In-Reply-To: <513bde910805280658m453d9fe7tab349d820e186c42@mail.gmail.com> References: <513bde910805280658m453d9fe7tab349d820e186c42@mail.gmail.com> Message-ID: <483DA38E.20200@craigslist.org> Check out http://www.shrubbery.net/rancid/FAQ, especially: Q. I am renaming a device but would like to retain the history in CVS. How is this done? sk Isma wrote: > Hi, > > We use rancid for some months now. > In the beginning, we have used ip adresses of switches we monitored like this > (routers.db) > > 192.168.50.107:cisco:up > 192.168.50.108:cisco:up > 192.168.50.109:cisco:up > 192.168.50.110:cisco:up > > now I want to use : > > switch1:cisco:up > switch2:cisco:up > switch3:cisco:up > switch4:cisco:up > > Now, I want to use their names > > What do I have to do to keep all the revisions ? > > Thanks in advance. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From randy at psg.com Wed May 28 18:33:03 2008 From: randy at psg.com (Randy Bush) Date: Wed, 28 May 2008 18:33:03 +0000 Subject: [rancid] svn patch Message-ID: <483DA55F.4000907@psg.com> can someone please direct me to Justin Grote's subversion patch? the temp url he announced is no longer operative. thanks. randy From heas at shrubbery.net Wed May 28 21:40:56 2008 From: heas at shrubbery.net (john heasley) Date: Wed, 28 May 2008 14:40:56 -0700 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080528090643.GC4666@mx.ytti.net> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> <20080528090643.GC4666@mx.ytti.net> Message-ID: <20080528214056.GI26391@shrubbery.net> Wed, May 28, 2008 at 12:06:43PM +0300, Saku Ytti: > On (2008-05-26 14:10 +0100), zarahel at iol.pt wrote: > > > equipments (even if there?s no changes in their configurations), due to > > the Vlan proportion of the config (the printscreen is anexed to this > > mail). > > > > I don?t know why this happens...is this some kind of bug in rancid? > > > > Does anybody know a fix for this? > > This seems to be FAQ, quick fix is to do add 'terminal width 0' where > 'terminal length 0' is. Since the config change is caused by line-wrapping > when some VLAN gets more/less ports. Adding 'terminal width' has concerned me; that it would reveal cisco/other platform bugs. The number of platforms that I have is limited. Who is using this change and with what platforms? From zarahel at iol.pt Wed May 28 22:51:36 2008 From: zarahel at iol.pt (Zarahel) Date: Wed, 28 May 2008 23:51:36 +0100 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080528214056.GI26391@shrubbery.net> Message-ID: <6ug0ut$fkf1i4@neti04smtpa.hdi.tvcabo> I?ve tried to add the 'terminal width 0' in the routers but everytime I log out from the router and login again the terminal width value changes. Anybody knows why? -----Mensagem original----- De: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] Em nome de john heasley Enviada: quarta-feira, 28 de Maio de 2008 22:41 Para: Saku Ytti Cc: rancid-discuss at shrubbery.net Assunto: [rancid] Re: VLAN portion of rancid-run Wed, May 28, 2008 at 12:06:43PM +0300, Saku Ytti: > On (2008-05-26 14:10 +0100), zarahel at iol.pt wrote: > > > equipments (even if there?s no changes in their configurations), due to > > the Vlan proportion of the config (the printscreen is anexed to this > > mail). > > > > I don?t know why this happens...is this some kind of bug in rancid? > > > > Does anybody know a fix for this? > > This seems to be FAQ, quick fix is to do add 'terminal width 0' where > 'terminal length 0' is. Since the config change is caused by line-wrapping > when some VLAN gets more/less ports. Adding 'terminal width' has concerned me; that it would reveal cisco/other platform bugs. The number of platforms that I have is limited. Who is using this change and with what platforms? _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Wed May 28 23:04:35 2008 From: rancid at gheek.net (Lance Vermilion) Date: Wed, 28 May 2008 16:04:35 -0700 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <6ug0ut$fkf1i4@neti04smtpa.hdi.tvcabo> References: <20080528214056.GI26391@shrubbery.net> <6ug0ut$fkf1i4@neti04smtpa.hdi.tvcabo> Message-ID: <8423e7bb0805281604y2968ba31l61c4d7481e0cac60@mail.gmail.com> This change in the past has fixed some IOS stuff has similar command for CatOS results in no fix. The bottom line is the rancid script runs from cron thus it always uses the same terminal and the output generated from a show run/etc should not differ on screen output. I can login 10 or more times using the same clogin script with from my screen and I don't see a single difference between the output..even if ran through diff. I would think the problem lies elsewhere. -Lance On Wed, May 28, 2008 at 3:51 PM, Zarahel wrote: > I?ve tried to add the 'terminal width 0' in the routers but everytime I log > out from the router and login again the terminal width value changes. > Anybody knows why? > > -----Mensagem original----- > De: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] Em nome de john heasley > Enviada: quarta-feira, 28 de Maio de 2008 22:41 > Para: Saku Ytti > Cc: rancid-discuss at shrubbery.net > Assunto: [rancid] Re: VLAN portion of rancid-run > > Wed, May 28, 2008 at 12:06:43PM +0300, Saku Ytti: > > On (2008-05-26 14:10 +0100), zarahel at iol.pt wrote: > > > > > equipments (even if there?s no changes in their configurations), due to > > > the Vlan proportion of the config (the printscreen is anexed to this > > > mail). > > > > > > I don?t know why this happens...is this some kind of bug in rancid? > > > > > > Does anybody know a fix for this? > > > > This seems to be FAQ, quick fix is to do add 'terminal width 0' where > > 'terminal length 0' is. Since the config change is caused by > line-wrapping > > when some VLAN gets more/less ports. > > Adding 'terminal width' has concerned me; that it would reveal cisco/other > platform bugs. The number of platforms that I have is limited. Who is > using this change and with what platforms? > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080528/55de75cc/attachment.html From tex at off.org Thu May 29 04:53:28 2008 From: tex at off.org (Austin Schutz) Date: Wed, 28 May 2008 21:53:28 -0700 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <8423e7bb0805281604y2968ba31l61c4d7481e0cac60@mail.gmail.com> References: <20080528214056.GI26391@shrubbery.net> <6ug0ut$fkf1i4@neti04smtpa.hdi.tvcabo> <8423e7bb0805281604y2968ba31l61c4d7481e0cac60@mail.gmail.com> Message-ID: <20080529045328.GJ3323@gblx.net> On Wed, May 28, 2008 at 04:04:35PM -0700, Lance Vermilion wrote: > This change in the past has fixed some IOS stuff has similar command for > CatOS results in no fix. The bottom line is the rancid script runs from cron > thus it always uses the same terminal and the output generated from a show > run/etc should not differ on screen output. I can login 10 or more times > using the same clogin script with from my screen and I don't see a single > difference between the output..even if ran through diff. I would think the > problem lies elsewhere. > Could it be some router config setting on a particular vty? Typically all vtys have identical setting, but if it _were_ different, one could imagine this sort of error. Austin From bwindle at fint.org Thu May 29 13:49:32 2008 From: bwindle at fint.org (Burton Windle) Date: Thu, 29 May 2008 09:49:32 -0400 (EDT) Subject: [rancid] OT: cvsweb and Perl 5.10 don't play nice together Message-ID: At least on my Debian Testing box, cvsweb broke* when I dist-upgrade'ed and Perl 5.10 was installed. Just a heads-up. * Now tosses out an error about failing to spawn rlog on the web-side, and emits "Use of uninitialized value in concatenation (.) or string at /var/www/cgi-bin/cvsweb.cgi line 3980." in the Apache error log. -- Burton Windle bwindle at fint.org From jhigham at epri.com Thu May 29 14:40:58 2008 From: jhigham at epri.com (Higham, Josh) Date: Thu, 29 May 2008 07:40:58 -0700 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <8423e7bb0805281604y2968ba31l61c4d7481e0cac60@mail.gmail.com> References: <20080528214056.GI26391@shrubbery.net><6ug0ut$fkf1i4@neti04smtpa.hdi.tvcabo> <8423e7bb0805281604y2968ba31l61c4d7481e0cac60@mail.gmail.com> Message-ID: <4C3B8C75B5899943AEC675BA6DD46273ECF5DA@uspalex02.epri.com> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion > This change in the past has fixed some IOS stuff has similar > command for CatOS results in no fix. The bottom line is the rancid > script runs from cron thus it always uses the same terminal and the > output generated from a show run/etc should not differ on screen output. > I can login 10 or more times using the same clogin script with from my > screen and I don't see a single difference between the output..even if > ran through diff. I would think the problem lies elsewhere. > > -Lance On a similar note, any time we make a change to our Cisco ASA, a lot of lines show up with a different indentation: @@ -910,13 +914,13 @@ group-object Service1 group-object Service2 group-object Service3 object-group service DM_INLINE_TCP_4 tcp - group-object Service4 + group-object Service4 group-object Service5 group-object Service6 object-group network DM_INLINE_NETWORK_9 - network-object host Host1 + network-object host Host1 network-object host Host2 network-object host Host3 object-group service DM_INLINE_SERVICE_1 group-object Service9 Is there a newline being lost somewhere that is causing this behaviour, and possibly a similar thing with the vlans? I haven't had time to look at this in depth yet. Thanks, Josh On Wed, May 28, 2008 at 3:51 PM, Zarahel wrote: I?ve tried to add the 'terminal width 0' in the routers but everytime I log out from the router and login again the terminal width value changes. Anybody knows why? -----Mensagem original----- De: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] Em nome de john heasley Enviada: quarta-feira, 28 de Maio de 2008 22:41 Para: Saku Ytti Cc: rancid-discuss at shrubbery.net Assunto: [rancid] Re: VLAN portion of rancid-run Wed, May 28, 2008 at 12:06:43PM +0300, Saku Ytti: > On (2008-05-26 14:10 +0100), zarahel at iol.pt wrote: > > > equipments (even if there?s no changes in their configurations), due to > > the Vlan proportion of the config (the printscreen is anexed to this > > mail). > > > > I don?t know why this happens...is this some kind of bug in rancid? > > > > Does anybody know a fix for this? > > This seems to be FAQ, quick fix is to do add 'terminal width 0' where > 'terminal length 0' is. Since the config change is caused by line-wrapping > when some VLAN gets more/less ports. Adding 'terminal width' has concerned me; that it would reveal cisco/other platform bugs. The number of platforms that I have is limited. Who is using this change and with what platforms? _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From zarahel at iol.pt Thu May 29 14:48:34 2008 From: zarahel at iol.pt (zarahel at iol.pt) Date: Thu, 29 May 2008 15:48:34 +0100 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <5471c93d0805290726h55458f07l5b0bbb4bc0415702@mail.gmail.com> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> <5471c93d0805290726h55458f07l5b0bbb4bc0415702@mail.gmail.com> Message-ID: <20080529154834.mjkdchkge808848s@webmail.iol.pt> It happens randomly (of course not so random...there?s gotta be a reason), either when Rancid is runned manually or by cronjob. Any other suggestions? Thkx ----- Mensagem de cstave at gmail.com --------- Data: Thu, 29 May 2008 10:26:19 -0400 De: Chris Stave Assunto: Re: [rancid] VLAN portion of rancid-run Para: zarahel at iol.pt Cc: rancid-discuss at shrubbery.net > Does it do this when rancid just runs on its own via a cron job, or only when rancid is manually run and when it goes back to running on its own? I've had it do similar things if I'm running it manually, but not just on its own. > > Chris > > On Mon, May 26, 2008 at 9:10 AM, wrote: > Good afternoon > > I need your help > > For some reason everytime my rancid runs I get new revisions in my Cisco equipments (even if there?s no changes in their configurations), due to the Vlan proportion of the config (the printscreen is anexed to this mail). > > I don?t know why this happens...is this some kind of bug in rancid? > > Does anybody know a fix for this? > > If not, how do I remove the show vlan portion in Rancid? Is there a file in the Rancid Folder that contains the vlan configuration lines?Which lines should I remove so that Rancid does not retrieve the Vlan config from the equipments? > > I apreciate any help > > Thkx > > ________________________________________________________________________________ > Adira ? Sempre Seguros e POUPE no seu seguro autom?vel! > PROMO??O: oferta vale combust?vel com o seu novo seguro. Ligue 808 200 600. > http://www.iol.pt/correio/rodape.php?dst=0804301[2] > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net[3] > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss[4] ----- Fim da mensagem de cstave at gmail.com ----- Liga??es: --------- [1] mailto:zarahel at iol.pt [2] http://www.iol.pt/correio/rodape.php?dst=0804301 [3] mailto:Rancid-discuss at shrubbery.net [4] http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ________________________________________________________________________________ COFIDIS Maxicredito. Ate' ?10.000 sem burocracias. Resposta on-line! Clique aqui para saber mais http://www.iol.pt/correio/rodape.php?dst=0802273 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080529/a78d0809/attachment.html From cstave at gmail.com Thu May 29 14:26:19 2008 From: cstave at gmail.com (Chris Stave) Date: Thu, 29 May 2008 10:26:19 -0400 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> Message-ID: <5471c93d0805290726h55458f07l5b0bbb4bc0415702@mail.gmail.com> Does it do this when rancid just runs on its own via a cron job, or only when rancid is manually run and when it goes back to running on its own? I've had it do similar things if I'm running it manually, but not just on its own. Chris On Mon, May 26, 2008 at 9:10 AM, wrote: > Good afternoon > > I need your help > > For some reason everytime my rancid runs I get new revisions in my Cisco > equipments (even if there?s no changes in their configurations), due to the > Vlan proportion of the config (the printscreen is anexed to this mail). > > I don?t know why this happens...is this some kind of bug in rancid? > > Does anybody know a fix for this? > > If not, how do I remove the show vlan portion in Rancid? Is there a file in > the Rancid Folder that contains the vlan configuration lines?Which lines > should I remove so that Rancid does not retrieve the Vlan config from the > equipments? > > I apreciate any help > > Thkx > > > ________________________________________________________________________________ > Adira ? Sempre Seguros e POUPE no seu seguro autom?vel! > PROMO??O: oferta vale combust?vel com o seu novo seguro. Ligue 808 200 600. > http://www.iol.pt/correio/rodape.php?dst=0804301 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080529/b91b0b03/attachment.html From heas at shrubbery.net Thu May 29 16:28:42 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 29 May 2008 09:28:42 -0700 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <5471c93d0805290726h55458f07l5b0bbb4bc0415702@mail.gmail.com> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> <5471c93d0805290726h55458f07l5b0bbb4bc0415702@mail.gmail.com> Message-ID: <20080529162842.GA24141@shrubbery.net> this would be caused by your terminal type (TERM). Thu, May 29, 2008 at 10:26:19AM -0400, Chris Stave: > Does it do this when rancid just runs on its own via a cron job, or only > when rancid is manually run and when it goes back to running on its own? > I've had it do similar things if I'm running it manually, but not just on > its own. > > Chris > > On Mon, May 26, 2008 at 9:10 AM, wrote: > > > Good afternoon > > > > I need your help > > > > For some reason everytime my rancid runs I get new revisions in my Cisco > > equipments (even if there?s no changes in their configurations), due to the > > Vlan proportion of the config (the printscreen is anexed to this mail). > > > > I don?t know why this happens...is this some kind of bug in rancid? > > > > Does anybody know a fix for this? > > > > If not, how do I remove the show vlan portion in Rancid? Is there a file in > > the Rancid Folder that contains the vlan configuration lines?Which lines > > should I remove so that Rancid does not retrieve the Vlan config from the > > equipments? > > > > I apreciate any help > > > > Thkx > > > > > > ________________________________________________________________________________ > > Adira ? Sempre Seguros e POUPE no seu seguro autom?vel! > > PROMO??O: oferta vale combust?vel com o seu novo seguro. Ligue 808 200 600. > > http://www.iol.pt/correio/rodape.php?dst=0804301 > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Bryan.D.Moorehead at Embarq.com Thu May 29 17:31:57 2008 From: Bryan.D.Moorehead at Embarq.com (Moorehead, Bryan D [EQ]) Date: Thu, 29 May 2008 12:31:57 -0500 Subject: [rancid] Rancid Ignore Devices Message-ID: Is it possible to instruct RANCID to ignore certain devices? We have wildcards in our .cloginrc device definitions, and I have a list of devices that for various reasons need to not be queried. Thanks, Bryan From saku+rancid at ytti.fi Thu May 29 18:03:21 2008 From: saku+rancid at ytti.fi (Saku Ytti) Date: Thu, 29 May 2008 21:03:21 +0300 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080528214056.GI26391@shrubbery.net> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> <20080528090643.GC4666@mx.ytti.net> <20080528214056.GI26391@shrubbery.net> Message-ID: <20080529180321.GB27405@mx.ytti.net> On (2008-05-28 14:40 -0700), john heasley wrote: > Adding 'terminal width' has concerned me; that it would reveal cisco/other > platform bugs. The number of platforms that I have is limited. Who is > using this change and with what platforms? I'm using it on thousands of boxes (>5k or so), covering virtually all devices running IOS and some running something similar enough to support terminal width. While of course I'd only need it on switching capable platforms, but didn't bother making the distinction. Quick search on (old) bugtool for 'terminal width': CSCdu07646 Fail to load acls via telnet-relay by endless zero-window acks CSCdm54100 Autoselect functions need to be allowed under line vty configuration CSCdi44586 tn3270 crash when using wide terminals CSCea17293 Extra line when using ? and output > term width because CSCdx17425 CSCea21120 SSH server incorrectly processes column size on pty request CSCdj90725 terminal width 0 has no effect. CSCec59007 Missing DRR info in the output of show cos if terminal width is 0 CSCdj43008 lines longer than terminal width break automore CSCei67424 Last 4 bytes of key displayed as dangling text in show crypto key CSCdw52822 ENH: Need long version of show mls ip command in Native Cherry picking the crash one: CSCdi44586 tn3270 crash when using wide terminals Found In: 11.0, Affected Versions: Fixed in: 11.0(4.4) 11.1(0.18)M 10.3(8.5) 10.3(9.1) The tn3270 feature may crash if a terminal width greater than 100characters is configured before connecting to a host application. So of course it does add risk, like every other command, but comparing it to amount of crashes caused by 'show run', it's quite safe. -- ++ytti From arnold at nipper.de Thu May 29 18:07:43 2008 From: arnold at nipper.de (Arnold Nipper) Date: Thu, 29 May 2008 20:07:43 +0200 Subject: [rancid] Re: Rancid Ignore Devices In-Reply-To: References: Message-ID: <483EF0EF.2080406@nipper.de> On 29.05.2008 19:31 Moorehead, Bryan D [EQ] wrote > Is it possible to instruct RANCID to ignore certain devices? We have > wildcards in our .cloginrc device definitions, and I have a list of > devices that for various reasons need to not be queried. > > .cloginrc tells clogin *how* to log into a device. *Which* device to walk through your devices is stored in ~rancid/*/router.db. Either omit them the devices which should be ignored or set their status to "down". Arnold -- Arnold Nipper, AN45 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080529/5c90fc0e/attachment.bin From andrew.brennan at drexel.edu Thu May 29 18:17:20 2008 From: andrew.brennan at drexel.edu (Andrew Brennan) Date: Thu, 29 May 2008 14:17:20 -0400 (EDT) Subject: [rancid] Re: Rancid Ignore Devices In-Reply-To: References: Message-ID: <20080529141658.C74863@dust.noc.drexel.edu> Simply leave them out of your router.db file? On Thu, 29 May 2008, Moorehead, Bryan D [EQ] wrote: > Is it possible to instruct RANCID to ignore certain devices? We have wildcards in our .cloginrc device definitions, and I have a list of devices that for various reasons need to not be queried. > > > Thanks, > Bryan > From Bryan.D.Moorehead at Embarq.com Thu May 29 18:30:00 2008 From: Bryan.D.Moorehead at Embarq.com (Moorehead, Bryan D [EQ]) Date: Thu, 29 May 2008 13:30:00 -0500 Subject: [rancid] Re: Rancid Ignore Devices In-Reply-To: <20080529141658.C74863@dust.noc.drexel.edu> References: <20080529141658.C74863@dust.noc.drexel.edu> Message-ID: Got it. I'm very new to RANCID ( if that is not already obvious ) and am trying to get a feel for it. From smunzani at comcast.net Thu May 29 20:23:01 2008 From: smunzani at comcast.net (Sam Munzani) Date: Thu, 29 May 2008 15:23:01 -0500 Subject: [rancid] Re: Rancid Ignore Devices In-Reply-To: <20080529141658.C74863@dust.noc.drexel.edu> References: <20080529141658.C74863@dust.noc.drexel.edu> Message-ID: <483F10A5.3040406@comcast.net> Not always the case. Some times you want them in router.db but flag them to down state because you know the device is going through maintenance and will not be reachable for some time. I usually do following # router.db content device-x:cisco:up device-y:cisco:down # this will be excluded from backup. Hope this helps, Sam > Simply leave them out of your router.db file? > > On Thu, 29 May 2008, Moorehead, Bryan D [EQ] wrote: > > >> Is it possible to instruct RANCID to ignore certain devices? We have wildcards in our .cloginrc device definitions, and I have a list of devices that for various reasons need to not be queried. >> >> >> Thanks, >> Bryan >> >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080529/a9e6d77a/attachment.html From gregoryzill at solutionary.com Thu May 29 20:30:05 2008 From: gregoryzill at solutionary.com (Gregory W Zill) Date: Thu, 29 May 2008 15:30:05 -0500 Subject: [rancid] Re: Rancid Ignore Devices In-Reply-To: <483F10A5.3040406@comcast.net> References: <20080529141658.C74863@dust.noc.drexel.edu> <483F10A5.3040406@comcast.net> Message-ID: <483F124D.6060001@solutionary.com> And since we distribute e-mails to the RANCID network engineering group, we add a fourth field, as in 1234-asa:cisco:up 1234-pix:cisco:down:fw upgrade to 1234-asa on 20080524 1234-juniper:netscreen:down:new fw implementation on 20080615 The router.db change will be broadcast to the group once. Sam Munzani wrote: >Some times you want them in router.db but flag them > to down state because you know the device is going through maintenance > and will not be reachable for some time. > > I usually do following > # router.db content > device-x:cisco:up > device-y:cisco:down # this will be excluded from backup. > -- gregory w zill, mba, cissp Information Security Engineer Managed Services Team ----------------------------- Solutionary, Inc. Making Security Manageable v: 402-361-3066 From heas at shrubbery.net Thu May 29 20:51:40 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 29 May 2008 13:51:40 -0700 Subject: [rancid] Re: PIX whitespace diffs Message-ID: <20080529205140.GC24141@shrubbery.net> Thu, May 29, 2008 at 07:40:58AM -0700, Higham, Josh: > On a similar note, any time we make a change to our Cisco ASA, a lot of lines show up with a different indentation: > > @@ -910,13 +914,13 @@ > group-object Service1 > group-object Service2 > group-object Service3 > object-group service DM_INLINE_TCP_4 tcp > - group-object Service4 > + group-object Service4 > group-object Service5 > group-object Service6 > object-group network DM_INLINE_NETWORK_9 > - network-object host Host1 > + network-object host Host1 > network-object host Host2 > network-object host Host3 > object-group service DM_INLINE_SERVICE_1 > group-object Service9 > > Is there a newline being lost somewhere that is causing this behaviour, and possibly a similar thing with the vlans? > > I haven't had time to look at this in depth yet. This is caused by the pager. Efforts have been made with clogin to fix this. If you're not using rancid-2.3.2a8, please try that. From heas at shrubbery.net Thu May 29 21:52:06 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 29 May 2008 14:52:06 -0700 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080529180321.GB27405@mx.ytti.net> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> <20080528090643.GC4666@mx.ytti.net> <20080528214056.GI26391@shrubbery.net> <20080529180321.GB27405@mx.ytti.net> Message-ID: <20080529215206.GJ24141@shrubbery.net> Thu, May 29, 2008 at 09:03:21PM +0300, Saku Ytti: > On (2008-05-28 14:40 -0700), john heasley wrote: > > > Adding 'terminal width' has concerned me; that it would reveal cisco/other > > platform bugs. The number of platforms that I have is limited. Who is > > using this change and with what platforms? > > I'm using it on thousands of boxes (>5k or so), covering virtually > all devices running IOS and some running something similar enough > to support terminal width. > While of course I'd only need it on switching capable platforms, > but didn't bother making the distinction. would setting it to something non-zero be a better choice? 128 for example. > Quick search on (old) bugtool for 'terminal width': > CSCdu07646 Fail to load acls via telnet-relay by endless zero-window acks > CSCdm54100 Autoselect functions need to be allowed under line vty configuration > CSCdi44586 tn3270 crash when using wide terminals > CSCea17293 Extra line when using ? and output > term width because CSCdx17425 > CSCea21120 SSH server incorrectly processes column size on pty request > CSCdj90725 terminal width 0 has no effect. > CSCec59007 Missing DRR info in the output of show cos if terminal width is 0 > CSCdj43008 lines longer than terminal width break automore > CSCei67424 Last 4 bytes of key displayed as dangling text in show crypto key > CSCdw52822 ENH: Need long version of show mls ip command in Native > > Cherry picking the crash one: > CSCdi44586 > tn3270 crash when using wide terminals > Found In: 11.0, Affected Versions: > Fixed in: 11.0(4.4) 11.1(0.18)M 10.3(8.5) 10.3(9.1) > The tn3270 feature may crash if a terminal width greater than 100characters is configured before connecting to a host application. > > So of course it does add risk, like every other command, but comparing it to amount of > crashes caused by 'show run', it's quite safe. > > -- > ++ytti > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Thu May 29 16:49:26 2008 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 29 May 2008 09:49:26 -0700 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080529162842.GA24141@shrubbery.net> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> <5471c93d0805290726h55458f07l5b0bbb4bc0415702@mail.gmail.com> <20080529162842.GA24141@shrubbery.net> Message-ID: <8423e7bb0805290949x21023fc9r2b804d137f8fa1f2@mail.gmail.com> John, Correct me if I am wrong but when rancid runs by cron it sets the TERM. I don't recall but does it set it to network? On Thu, May 29, 2008 at 9:28 AM, john heasley wrote: > this would be caused by your terminal type (TERM). > > Thu, May 29, 2008 at 10:26:19AM -0400, Chris Stave: > > Does it do this when rancid just runs on its own via a cron job, or only > > when rancid is manually run and when it goes back to running on its own? > > I've had it do similar things if I'm running it manually, but not just on > > its own. > > > > Chris > > > > On Mon, May 26, 2008 at 9:10 AM, wrote: > > > > > Good afternoon > > > > > > I need your help > > > > > > For some reason everytime my rancid runs I get new revisions in my > Cisco > > > equipments (even if there?s no changes in their configurations), due to > the > > > Vlan proportion of the config (the printscreen is anexed to this mail). > > > > > > I don?t know why this happens...is this some kind of bug in rancid? > > > > > > Does anybody know a fix for this? > > > > > > If not, how do I remove the show vlan portion in Rancid? Is there a > file in > > > the Rancid Folder that contains the vlan configuration lines?Which > lines > > > should I remove so that Rancid does not retrieve the Vlan config from > the > > > equipments? > > > > > > I apreciate any help > > > > > > Thkx > > > > > > > > > > ________________________________________________________________________________ > > > Adira ? Sempre Seguros e POUPE no seu seguro autom?vel! > > > PROMO??O: oferta vale combust?vel com o seu novo seguro. Ligue 808 200 > 600. > > > http://www.iol.pt/correio/rodape.php?dst=0804301 > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080529/2dde1896/attachment.html From saku+rancid at ytti.fi Fri May 30 06:32:20 2008 From: saku+rancid at ytti.fi (Saku Ytti) Date: Fri, 30 May 2008 09:32:20 +0300 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080529215206.GJ24141@shrubbery.net> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> <20080528090643.GC4666@mx.ytti.net> <20080528214056.GI26391@shrubbery.net> <20080529180321.GB27405@mx.ytti.net> <20080529215206.GJ24141@shrubbery.net> Message-ID: <20080530063220.GB31576@mx.ytti.net> On (2008-05-29 14:52 -0700), john heasley wrote: > > > Adding 'terminal width' has concerned me; that it would reveal cisco/other > > > platform bugs. The number of platforms that I have is limited. Who is > > > using this change and with what platforms? > > > > I'm using it on thousands of boxes (>5k or so), covering virtually > > all devices running IOS and some running something similar enough > > to support terminal width. > > While of course I'd only need it on switching capable platforms, > > but didn't bother making the distinction. > > would setting it to something non-zero be a better choice? 128 for example. I guess to answer this question, we'd need to take a peek at IOS source, to see how wrapping is done, and would non-wrapping of infinitely large string force infinitely large buffer. I'd like to think that it's designer lot better than that. What I do foresee with say 128 term len, is corner cases of people mailing rancid-ml about why on some of their boxes they get weird diffs, making it bit much harder to trace what's going on. Anyhow the concern is valid, and as rancid is hugely popular and typically upgraded without further testing internally, there is some pressure to release software that does not crash all of your network at once. I'm not sure what is best way to address this, one way is to stagnate the development 'we have what we need, and it works', one way is to just accept the risk in new versions and try to warn users about it and yet another would be to call for volunteers testing the changes in as heterogeneous networks as possible, to give some level of trust on the change before introduced to the wild. -- ++ytti From isma.ballo at gmail.com Fri May 30 07:47:06 2008 From: isma.ballo at gmail.com (Isma) Date: Fri, 30 May 2008 09:47:06 +0200 Subject: [rancid] @ip -> names Message-ID: <513bde910805300047s5af1acd0x7d75542c3b7d74d7@mail.gmail.com> Hi, We use rancid for some months now. In the beginning, we have used ip adresses of switches we monitored like this (routers.db) 192.168.50.107:cisco:up 192.168.50.108:cisco:up 192.168.50.109:cisco:up 192.168.50.110:cisco:up now I want to use : switch1:cisco:up switch2:cisco:up switch3:cisco:up switch4:cisco:up Now, I want to use their names What do I have to do to keep all the revisions ? Thanks in advance. From eravin at panix.com Fri May 30 13:32:27 2008 From: eravin at panix.com (Ed Ravin) Date: Fri, 30 May 2008 09:32:27 -0400 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080530063220.GB31576@mx.ytti.net> References: <20080526141032.84mu8pi044co0os8@webmail.iol.pt> <20080528090643.GC4666@mx.ytti.net> <20080528214056.GI26391@shrubbery.net> <20080529180321.GB27405@mx.ytti.net> <20080529215206.GJ24141@shrubbery.net> <20080530063220.GB31576@mx.ytti.net> Message-ID: <20080530133226.GB4452@panix.com> On Fri, May 30, 2008 at 09:32:20AM +0300, Saku Ytti wrote: > On (2008-05-29 14:52 -0700), john heasley wrote: > > > > > Adding 'terminal width' has concerned me; that it would reveal cisco/other > > > > platform bugs. The number of platforms that I have is limited. Who is > > > > using this change and with what platforms? [...] > Anyhow the concern is valid, and as rancid is hugely popular and > typically upgraded without further testing internally, there is some pressure > to release software that does not crash all of your network at once. > I'm not sure what is best way to address this, one way is to stagnate the > development 'we have what we need, and it works', one way is to just accept the > risk in new versions and try to warn users about it and yet another would be to > call for volunteers testing the changes But the best way would be to give RANCID a way to let the user easily change the commands sent to the device, so they could put in "terminal width " if it worked for them. The inability to customize RANCID to a site without hand-patching is RANCID's Achilles heel. From dc at dwichandra.info Fri May 30 10:50:34 2008 From: dc at dwichandra.info (Dwi Chandra) Date: Fri, 30 May 2008 03:50:34 -0700 Subject: [rancid] Nortel Passport Message-ID: Hi All, Just managed to get out from my routine tasks :-) I have a modified blogin and brancid into pplogin and pprancid (including adding 'passport' in rancid-fe as well). I claim to be the beginner at this case ;) Because somehow, the prancid keeps quitting due to 'end of run not found' I have tried changing several possible part in prancid as to what I could understand, but no luck. pplogin works like charm and I keep using it for several remote login tasks (several 12 - 15 passport 8600 is not easy to tame ;) ) If anyone would like to have a look, I'll be happy to post it tomorrow on those two (modified) scripts. Cheers, Dwi -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080530/d85f69bd/attachment.html From zarahel at iol.pt Sat May 31 13:44:05 2008 From: zarahel at iol.pt (Zarahel) Date: Sat, 31 May 2008 14:44:05 +0100 Subject: [rancid] Re: VLAN portion of rancid-run In-Reply-To: <20080530133226.GB4452@panix.com> Message-ID: <6ug0ut$fmiik1@neti04smtpa.hdi.tvcabo> Okay I?ve seen alot of inputs, but the problem remains. The Revisions continue to increase randomly because of Vlan terminal Output. I don?t know how to solve this.. I?ve tried to edit some rancid files and comment the show vlan portion of the script, but there?s 2 or 3 files with vlan settings, and I?m afraid of screw up Rancid afterwords... Does anybody know of any other solution for terminal width in cisco routers? Any more suggestions? Thkx -----Mensagem original----- De: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] Em nome de Ed Ravin Enviada: sexta-feira, 30 de Maio de 2008 14:32 Para: Saku Ytti Cc: rancid-discuss at shrubbery.net Assunto: [rancid] Re: VLAN portion of rancid-run On Fri, May 30, 2008 at 09:32:20AM +0300, Saku Ytti wrote: > On (2008-05-29 14:52 -0700), john heasley wrote: > > > > > Adding 'terminal width' has concerned me; that it would reveal cisco/other > > > > platform bugs. The number of platforms that I have is limited. Who is > > > > using this change and with what platforms? [...] > Anyhow the concern is valid, and as rancid is hugely popular and > typically upgraded without further testing internally, there is some pressure > to release software that does not crash all of your network at once. > I'm not sure what is best way to address this, one way is to stagnate the > development 'we have what we need, and it works', one way is to just accept the > risk in new versions and try to warn users about it and yet another would be to > call for volunteers testing the changes But the best way would be to give RANCID a way to let the user easily change the commands sent to the device, so they could put in "terminal width " if it worked for them. The inability to customize RANCID to a site without hand-patching is RANCID's Achilles heel. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss