From Todd at equivoice.com Mon Feb 2 17:53:54 2009 From: Todd at equivoice.com (Todd Heide) Date: Mon, 2 Feb 2009 11:53:54 -0600 Subject: [rancid] Setting up a hosts file for Rancid Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220015AD84B@exchange.Equivoice.local> Hi List, I am looking for a way to set up a hosts record, whether using DNS or whatever so that I can put the host name of the router into Rancid instead of the IP address, and make it easy for others here who are not DNS, or hosts savvy to add a device to Rancid. Currently Rancid is in a state of influx as it has all IP's and no names, so if we try to locate a config, we need to look up the IP of the router and hope we have the right one. I use a web front for all admin(except .cloginrc) of Rancid, so if I need to setup a host file for it to resolve off of, I can create a script for that as well. I currently tried to create an internal zone off the DNS server, but did something wrong so it didn't work. I can do it on a Windoze box, but we don't have one for Rancid to use. The DNS zone I created was domain.hosts.zone, but got SOA and NS errors, so the zone was ignored. Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090202/9a3f8f39/attachment.html From rancid at ale.cx Mon Feb 2 18:50:17 2009 From: rancid at ale.cx (alex) Date: Mon, 2 Feb 2009 18:50:17 +0000 Subject: [rancid] Re: Setting up a hosts file for Rancid In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220015AD84B@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220015AD84B@exchange.Equivoice.local> Message-ID: <200902021850.18029.rancid@ale.cx> On Monday 02 February 2009 17:53:54 Todd Heide wrote: > Hi List, I am looking for a way to set up a hosts record, whether using > DNS or whatever so that I can put the host name of the router into > Rancid instead of the IP address, and make it easy for others here who > are not DNS, or hosts savvy to add a device to Rancid. /etc/hosts works fine for me, although I must admit a script that hit all the config files for me would be great. alexd From heas at shrubbery.net Mon Feb 2 19:18:16 2009 From: heas at shrubbery.net (john heasley) Date: Mon, 2 Feb 2009 11:18:16 -0800 Subject: [rancid] Re: Issues with cat5 In-Reply-To: <4920e0b40901301013t2b21a28ak964cd425c0d7b32e@mail.gmail.com> References: <4920e0b40901281512p3fc77b75xf2d3ea109bb0c231@mail.gmail.com> <4981A992.1050407@redhat.com> <4920e0b40901290612v6f87f92awd2a3197a544933a9@mail.gmail.com> <32c3e1da0901300845g2d276a6bk37000fb1af936211@mail.gmail.com> <498333B3.30202@redhat.com> <4920e0b40901301013t2b21a28ak964cd425c0d7b32e@mail.gmail.com> Message-ID: <20090202191816.GB1851@shrubbery.net> Fri, Jan 30, 2009 at 06:13:26PM +0000, Ryan DeBerry: > Yep, it works on a8. I just downgraded and all is good. grumble. There isnt enough info here to determine what the problem is. Could someone set NOPIPE=YES in your environment and run cat5rancid from a9 with -d to produce a hostname.raw file. that should provide some indication of where the failure is. > On Fri, Jan 30, 2009 at 5:06 PM, Michael Stefaniuc wrote: > > > Sreekanth K wrote: > > > Me too have the same problem... I am on 2.3.2a9... Can someone help!!! > > I'm still on a8 and it works there. It was fixed in a5 or a6 time frame > > when the two patches went in. I might upgrade to a9 but I'm pretty busy > > at the moment and don't have time for that. > > > > bye > > michael > > > > > On Thu, Jan 29, 2009 at 7:42 PM, Ryan DeBerry > > wrote: > > > > > >> Yes, I am using cat5 as the device type. I can run clogin and it works > > >> fine. rancid-run produces the following log. > > >> > > >> missed cmd(s): write term all,show port ifindex,show module,dir > > >> sup-microcode:,dir sup-bootflash:,dir bootflash:,dir slot0:,show > > >> version,show flash,show running-config,write term,show boot,dir > > slot1:,show > > >> inventory raw > > >> : End of run not found > > >> > > >> > > >> Below is a link to old thread. > > >> > > >> http://osdir.com/ml/network.rancid/2008-06/msg00018.html > > >> > > >> > > >> On Thu, Jan 29, 2009 at 1:05 PM, Michael Stefaniuc > >wrote: > > >> > > >>> Ryan DeBerry wrote: > > >>>> I have seen many posts in the archives with the same issue but I have > > >>> not > > >>>> seen a resolution. > > >>> Which rancid version are you using? I have submitted patches to fix the > > >>> problem and those were accepted (in a modified) form upstream. I use > > >>> rancid-2.3.2a8 and the only CatOS specific patch I have is to kill the > > >>> bogus "set portcost" config lines. > > >>> > > >>>> clogin works just fine but rancid-run spits out error timeout reached > > >>> Btw. what device type are you using for the CatOS devices: "cisco" or > > >>> "cat5"? "cat5" is the correct type. > > > > > > > > -- > > Michael Stefaniuc Tel.: +49-711-96437-199 > > Consulting Communications Engineer Fax.: +49-711-96437-111 > > -------------------------------------------------------------------- > > Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei > > Muenchen > > Handelsregister: Amtsgericht Muenchen HRB 153243 > > Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, > > Werner Knoblich > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Mon Feb 2 19:19:35 2009 From: heas at shrubbery.net (john heasley) Date: Mon, 2 Feb 2009 11:19:35 -0800 Subject: [rancid] Re: CVS changes with ASA In-Reply-To: References: <4920e0b40901281515m6735f621p978e071d2f2e23da@mail.gmail.com> <200901291927.49233.rancid@ale.cx> Message-ID: <20090202191935.GC1851@shrubbery.net> What is changing? Thu, Jan 29, 2009 at 11:56:28AM -0800, Peter Serwe: > Correction. Occasionally I see this behavior. > > I have an email from Rancid as of 53 minutes ago with this change. > > I'm currently running 2.3.2a8 against 7.2(4). > > Peter > > On Thu, Jan 29, 2009 at 11:54 AM, Peter Serwe wrote: > > I'm running 7.2(4) and I don't see this behavior either. > > > > Peter > > > > On Thu, Jan 29, 2009 at 11:27 AM, alex wrote: > >> On Wednesday 28 January 2009 23:15:15 Ryan DeBerry wrote: > >>> I am able to backup ASA config but the config changes on every rancid-run. > >>> The only change is the timestamp when the config was written on the > >>> rancid-run. Is there a way to prevent this behavior? > >> > >> Interesting. I am backing up several ASAs and don't see this. What release are > >> you running? Most of mine are on 8.x. > >> > >> alexd > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > > > > > > > > -- > > ???? > > > > > > -- > ???? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rdeberry at gmail.com Mon Feb 2 19:29:12 2009 From: rdeberry at gmail.com (Ryan DeBerry) Date: Mon, 2 Feb 2009 19:29:12 +0000 Subject: [rancid] Re: CVS changes with ASA In-Reply-To: <20090202191935.GC1851@shrubbery.net> References: <4920e0b40901281515m6735f621p978e071d2f2e23da@mail.gmail.com> <200901291927.49233.rancid@ale.cx> <20090202191935.GC1851@shrubbery.net> Message-ID: <4920e0b40902021129x38a9c7d3jc27c5694a25b01a7@mail.gmail.com> every rancid-run I would get an email for a diff the diff was 1 line with the Written by admin at 07:57:36.960 UTC Wed Jan 28 2009 the only thing that was different was the time So rancid-run was logging in performing a write mem and then exiting. So everytime you ran it, the config was different because it was always saving the config. This behavior does show up on a8. On Mon, Feb 2, 2009 at 7:19 PM, john heasley wrote: > What is changing? > > Thu, Jan 29, 2009 at 11:56:28AM -0800, Peter Serwe: > > Correction. Occasionally I see this behavior. > > > > I have an email from Rancid as of 53 minutes ago with this change. > > > > I'm currently running 2.3.2a8 against 7.2(4). > > > > Peter > > > > On Thu, Jan 29, 2009 at 11:54 AM, Peter Serwe > wrote: > > > I'm running 7.2(4) and I don't see this behavior either. > > > > > > Peter > > > > > > On Thu, Jan 29, 2009 at 11:27 AM, alex wrote: > > >> On Wednesday 28 January 2009 23:15:15 Ryan DeBerry wrote: > > >>> I am able to backup ASA config but the config changes on every > rancid-run. > > >>> The only change is the timestamp when the config was written on the > > >>> rancid-run. Is there a way to prevent this behavior? > > >> > > >> Interesting. I am backing up several ASAs and don't see this. What > release are > > >> you running? Most of mine are on 8.x. > > >> > > >> alexd > > >> _______________________________________________ > > >> Rancid-discuss mailing list > > >> Rancid-discuss at shrubbery.net > > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > >> > > > > > > > > > > > > -- > > > ???? > > > > > > > > > > > -- > > ???? > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090202/cc1fceb8/attachment.html From heas at shrubbery.net Mon Feb 2 20:20:34 2009 From: heas at shrubbery.net (john heasley) Date: Mon, 2 Feb 2009 12:20:34 -0800 Subject: [rancid] Re: CVS changes with ASA In-Reply-To: <4920e0b40902021129x38a9c7d3jc27c5694a25b01a7@mail.gmail.com> References: <4920e0b40901281515m6735f621p978e071d2f2e23da@mail.gmail.com> <200901291927.49233.rancid@ale.cx> <20090202191935.GC1851@shrubbery.net> <4920e0b40902021129x38a9c7d3jc27c5694a25b01a7@mail.gmail.com> Message-ID: <20090202202034.GF1851@shrubbery.net> Mon, Feb 02, 2009 at 07:29:12PM +0000, Ryan DeBerry: > every rancid-run I would get an email for a diff > > the diff was 1 line with the > > Written by admin at 07:57:36.960 UTC Wed Jan 28 2009 > > the only thing that was different was the time > > So rancid-run was logging in performing a write mem and then exiting. it uses write term, not write mem, so it should not be writing the config unless Cisco does something unusual on this device. But, we should just filter this line like we do for IOS devices. Where does the line appear? > So everytime you ran it, the config was different because it was always > saving the config. > > This behavior does show up on a8. > > On Mon, Feb 2, 2009 at 7:19 PM, john heasley wrote: > > > What is changing? > > > > Thu, Jan 29, 2009 at 11:56:28AM -0800, Peter Serwe: > > > Correction. Occasionally I see this behavior. > > > > > > I have an email from Rancid as of 53 minutes ago with this change. > > > > > > I'm currently running 2.3.2a8 against 7.2(4). > > > > > > Peter > > > > > > On Thu, Jan 29, 2009 at 11:54 AM, Peter Serwe > > wrote: > > > > I'm running 7.2(4) and I don't see this behavior either. > > > > > > > > Peter > > > > > > > > On Thu, Jan 29, 2009 at 11:27 AM, alex wrote: > > > >> On Wednesday 28 January 2009 23:15:15 Ryan DeBerry wrote: > > > >>> I am able to backup ASA config but the config changes on every > > rancid-run. > > > >>> The only change is the timestamp when the config was written on the > > > >>> rancid-run. Is there a way to prevent this behavior? > > > >> > > > >> Interesting. I am backing up several ASAs and don't see this. What > > release are > > > >> you running? Most of mine are on 8.x. > > > >> > > > >> alexd > > > >> _______________________________________________ > > > >> Rancid-discuss mailing list > > > >> Rancid-discuss at shrubbery.net > > > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > >> > > > > > > > > > > > > > > > > -- > > > > ???? > > > > > > > > > > > > > > > > -- > > > ???? > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From jethro.binks at strath.ac.uk Mon Feb 2 20:37:05 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon, 2 Feb 2009 20:37:05 +0000 (GMT) Subject: [rancid] Re: CVS changes with ASA In-Reply-To: <20090202202034.GF1851@shrubbery.net> References: <4920e0b40901281515m6735f621p978e071d2f2e23da@mail.gmail.com> <200901291927.49233.rancid@ale.cx> <20090202191935.GC1851@shrubbery.net> <4920e0b40902021129x38a9c7d3jc27c5694a25b01a7@mail.gmail.com> <20090202202034.GF1851@shrubbery.net> Message-ID: On Mon, 2 Feb 2009, john heasley wrote: > > So rancid-run was logging in performing a write mem and then exiting. > > it uses write term, not write mem, so it should not be writing the > config unless Cisco does something unusual on this device. But, we > should just filter this line like we do for IOS devices. Where does the > line appear? I'm investigating several PIX/ASA related difficulties with rancid at the moment, and having moved to 2.3.2a8 rancid and clogin I also see this. I started to reply to this thread but got bogged down in looking into other problems, but here's what I'd written on this particular issue: Is this the "Written by rancid at ..." line you are seeing? Having moved to using clogin and rancid from 2.3.2a8, I see this too: it seems to be as a result of using the output of "more system:running-config" specifically, which is relatively new. A simple patch fixes it (applying by hand should be trivial, look for line 1551): --- rancid.1.252 Fri Jan 23 09:07:50 2009 +++ rancid.1.252.mod Sun Feb 1 17:28:10 2009 @@ -1551,6 +1551,7 @@ # some versions have other crap mixed in with the bits in the # block above /^! (Last configuration|NVRAM config last)/ && next; /^: (Written by rancid at|Saved)/ && next; # skip consecutive comment lines to avoid oscillating extra comment # line on some access servers. grrr. Here's some sample .raw output: asa1# more system:running-config Cryptochecksum: 92e99914 e1bd90fa d62353b8 1881f920 : Saved : Written by rancid at 22:47:44.539 UTC Sun Feb 1 2009 ! ASA Version 7.2(4) ! hostname asa1 domain-name net.strath.ac.uk ... Jethro. > > > So everytime you ran it, the config was different because it was always > > saving the config. > > > > This behavior does show up on a8. > > > > On Mon, Feb 2, 2009 at 7:19 PM, john heasley wrote: > > > > > What is changing? > > > > > > Thu, Jan 29, 2009 at 11:56:28AM -0800, Peter Serwe: > > > > Correction. Occasionally I see this behavior. > > > > > > > > I have an email from Rancid as of 53 minutes ago with this change. > > > > > > > > I'm currently running 2.3.2a8 against 7.2(4). > > > > > > > > Peter > > > > > > > > On Thu, Jan 29, 2009 at 11:54 AM, Peter Serwe > > > wrote: > > > > > I'm running 7.2(4) and I don't see this behavior either. > > > > > > > > > > Peter > > > > > > > > > > On Thu, Jan 29, 2009 at 11:27 AM, alex wrote: > > > > >> On Wednesday 28 January 2009 23:15:15 Ryan DeBerry wrote: > > > > >>> I am able to backup ASA config but the config changes on every > > > rancid-run. > > > > >>> The only change is the timestamp when the config was written on the > > > > >>> rancid-run. Is there a way to prevent this behavior? > > > > >> > > > > >> Interesting. I am backing up several ASAs and don't see this. What > > > release are > > > > >> you running? Most of mine are on 8.x. > > > > >> > > > > >> alexd > > > > >> _______________________________________________ > > > > >> Rancid-discuss mailing list > > > > >> Rancid-discuss at shrubbery.net > > > > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > >> > > > > > > > > > > > > > > > > > > > > -- > > > > > ???? > > > > > > > > > > > > > > > > > > > > > -- > > > > ???? > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From jethro.binks at strath.ac.uk Mon Feb 2 20:48:18 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon, 2 Feb 2009 20:48:18 +0000 (GMT) Subject: [rancid] Re: CVS changes with ASA In-Reply-To: References: <4920e0b40901281515m6735f621p978e071d2f2e23da@mail.gmail.com> <200901291927.49233.rancid@ale.cx> <20090202191935.GC1851@shrubbery.net> <4920e0b40902021129x38a9c7d3jc27c5694a25b01a7@mail.gmail.com> <20090202202034.GF1851@shrubbery.net> Message-ID: On Mon, 2 Feb 2009, Jethro R Binks wrote: > I'm investigating several PIX/ASA related difficulties with rancid at the > moment ... Since we're looking at these in detail at the moment, here's two more things: As another note, it would be useful to send "term pager 0" as well, to prevent output paging: --- clogin.1.118 Fri Jan 30 19:40:20 2009 +++ clogin.1.118.mod Fri Jan 30 21:01:26 2009 @@ -603,6 +603,8 @@ set command "set logging session disable;$command" } else { send "term length 0\r" + # ASA 7.x takes this instead: + send "term pager 0\r" } # escape any parens in the prompt, such as "(enable)" regsub -all {[)(]} $prompt {\\&} reprompt The other thing is that parsing of the serial numbers/hardware revisions isn't correct. I haven't looked at this in detail yet, but what you get is garbled, for example: !Slot 0/: type ASA 5550 Adaptive !Slot 0/: part Security, serial Appliance !Slot 0/: hvers ASA5550 !Slot 0: hvers 2.0, firmware 1.0(11)2, sw 7.2(4) ! !Slot 1: hvers 1.0, firmware 1.0(0)8, sw 1.0(0)10 ! !Slot 1/0: type SSM-4GE Included with ASA !Slot 1/0: part 5550, serial System !Slot 1/0: hvers SSM-4GE-INC I suppose the output generated by PIX/ASA doesn't match the usual IOS output. If no-one else gets to it, I will take a closer look in a few days hopefully. One other things I would note: I find getting configs out of my PIX/ASAs is much more reliable (but not perfect) if I only let rancid run one of "more system:running-config", "write terminal", or "show running-config". If two or three run, the output gets a bit garbled, and rancid fails to find the end. I speculate this is something to do with the box producing the output, but asynchronously returning the prompt, or some such. At this point, can I also suggest this small patch, which helped me to narrow down the cause of failure in a couple of cases (sorry no line numbers for this one, but it is right at the end of 'rancid'): - print STDERR "$host: End of run not found\n" if ($debug); + print STDERR "$host: End of run not found ", + "(clean_run=$clean_run, found_end=$found_end)\n" if ($debug); Jethro. -- . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From heas at shrubbery.net Mon Feb 2 21:35:30 2009 From: heas at shrubbery.net (john heasley) Date: Mon, 2 Feb 2009 13:35:30 -0800 Subject: [rancid] Re: CVS changes with ASA In-Reply-To: <20090202213152.E6F9011CEA3@ni.shrubbery.net> References: <20090202213152.E6F9011CEA3@ni.shrubbery.net> <4920e0b40901281515m6735f621p978e071d2f2e23da@mail.gmail.com> <200901291927.49233.rancid@ale.cx> <20090202191935.GC1851@shrubbery.net> <4920e0b40902021129x38a9c7d3jc27c5694a25b01a7@mail.gmail.com> <20090202202034.GF1851@shrubbery.net> Message-ID: <20090202213530.GK1851@shrubbery.net> Mon, Feb 02, 2009 at 08:37:05PM +0000, Jethro R Binks: > On Mon, 2 Feb 2009, john heasley wrote: > > > > So rancid-run was logging in performing a write mem and then exiting. > > > > it uses write term, not write mem, so it should not be writing the > > config unless Cisco does something unusual on this device. But, we > > should just filter this line like we do for IOS devices. Where does the > > line appear? > > I'm investigating several PIX/ASA related difficulties with rancid at the > moment, and having moved to 2.3.2a8 rancid and clogin I also see this. I > started to reply to this thread but got bogged down in looking into other > problems, but here's what I'd written on this particular issue: > > Is this the "Written by rancid at ..." line you are seeing? Having moved > to using clogin and rancid from 2.3.2a8, I see this too: it seems to be as > a result of using the output of "more system:running-config" specifically, > which is relatively new. A simple patch fixes it (applying by hand should > be trivial, look for line 1551): > > --- rancid.1.252 Fri Jan 23 09:07:50 2009 > +++ rancid.1.252.mod Sun Feb 1 17:28:10 2009 > @@ -1551,6 +1551,7 @@ > # some versions have other crap mixed in with the bits in the > # block above > /^! (Last configuration|NVRAM config last)/ && next; > /^: (Written by rancid at|Saved)/ && next; > > # skip consecutive comment lines to avoid oscillating extra comment > # line on some access servers. grrr. > > > > Here's some sample .raw output: > > asa1# more system:running-config > Cryptochecksum: 92e99914 e1bd90fa d62353b8 1881f920 > : Saved > : Written by rancid at 22:47:44.539 UTC Sun Feb 1 2009 > ! > ASA Version 7.2(4) > ! > hostname asa1 > domain-name net.strath.ac.uk > ... > I think the following patch will take care of these and the checksum line that peter mentioned in private. > Jethro. > > > > > > > So everytime you ran it, the config was different because it was > always > > > saving the config. > > > > > > This behavior does show up on a8. > > > > > > On Mon, Feb 2, 2009 at 7:19 PM, john heasley wrote: > > > > > > > What is changing? > > > > > > > > Thu, Jan 29, 2009 at 11:56:28AM -0800, Peter Serwe: > > > > > Correction. Occasionally I see this behavior. > > > > > > > > > > I have an email from Rancid as of 53 minutes ago with this change. > > > > > > > > > > I'm currently running 2.3.2a8 against 7.2(4). > > > > > > > > > > Peter > > > > > > > > > > On Thu, Jan 29, 2009 at 11:54 AM, Peter Serwe > > > > wrote: > > > > > > I'm running 7.2(4) and I don't see this behavior either. > > > > > > > > > > > > Peter > > > > > > > > > > > > On Thu, Jan 29, 2009 at 11:27 AM, alex wrote: > > > > > >> On Wednesday 28 January 2009 23:15:15 Ryan DeBerry wrote: > > > > > >>> I am able to backup ASA config but the config changes on every > > > > rancid-run. > > > > > >>> The only change is the timestamp when the config was written on the > > > > > >>> rancid-run. Is there a way to prevent this behavior? > > > > > >> > > > > > >> Interesting. I am backing up several ASAs and don't see this. What > > > > release are > > > > > >> you running? Most of mine are on 8.x. > > > > > >> > > > > > >> alexd > > > > > >> _______________________________________________ > > > > > >> Rancid-discuss mailing list > > > > > >> Rancid-discuss at shrubbery.net > > > > > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > ???? > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > ???? > > > > > _______________________________________________ > > > > > Rancid-discuss mailing list > > > > > Rancid-discuss at shrubbery.net > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > -- > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss Index: rancid.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/rancid.in,v retrieving revision 1.252 diff -d -u -r1.252 rancid.in --- rancid.in 29 Nov 2008 23:10:58 -0000 1.252 +++ rancid.in 2 Feb 2009 21:31:16 -0000 @@ -1551,6 +1551,8 @@ # some versions have other crap mixed in with the bits in the # block above /^! (Last configuration|NVRAM config last)/ && next; + # and for the ASA + /^: (Written by \w+ at|Saved)/ && next; # skip consecutive comment lines to avoid oscillating extra comment # line on some access servers. grrr. @@ -1824,7 +1826,7 @@ next; } - /^Cryptochecksum:/ && next; + /^ *Cryptochecksum:/ && next; # catch anything that wasnt matched above. ProcessHistory("","","","$_"); From heas at shrubbery.net Mon Feb 2 21:44:22 2009 From: heas at shrubbery.net (john heasley) Date: Mon, 2 Feb 2009 13:44:22 -0800 Subject: [rancid] Re: CVS changes with ASA In-Reply-To: References: <4920e0b40901281515m6735f621p978e071d2f2e23da@mail.gmail.com> <200901291927.49233.rancid@ale.cx> <20090202191935.GC1851@shrubbery.net> <4920e0b40902021129x38a9c7d3jc27c5694a25b01a7@mail.gmail.com> <20090202202034.GF1851@shrubbery.net> Message-ID: <20090202214422.GM1851@shrubbery.net> Mon, Feb 02, 2009 at 08:48:18PM +0000, Jethro R Binks: > On Mon, 2 Feb 2009, Jethro R Binks wrote: > > > I'm investigating several PIX/ASA related difficulties with rancid at the > > moment ... > > Since we're looking at these in detail at the moment, here's two more > things: > > As another note, it would be useful to send "term pager 0" as well, to > prevent output paging: > > --- clogin.1.118 Fri Jan 30 19:40:20 2009 > +++ clogin.1.118.mod Fri Jan 30 21:01:26 2009 > @@ -603,6 +603,8 @@ > set command "set logging session disable;$command" > } else { > send "term length 0\r" > + # ASA 7.x takes this instead: > + send "term pager 0\r" > } > # escape any parens in the prompt, such as "(enable)" > regsub -all {[)(]} $prompt {\\&} reprompt > > > > The other thing is that parsing of the serial numbers/hardware revisions > isn't correct. I haven't looked at this in detail yet, but what you get > is garbled, for example: > > !Slot 0/: type ASA 5550 Adaptive > !Slot 0/: part Security, serial Appliance > !Slot 0/: hvers ASA5550 > !Slot 0: hvers 2.0, firmware 1.0(11)2, sw 7.2(4) > ! > !Slot 1: hvers 1.0, firmware 1.0(0)8, sw 1.0(0)10 > ! > !Slot 1/0: type SSM-4GE Included with ASA > !Slot 1/0: part 5550, serial System > !Slot 1/0: hvers SSM-4GE-INC > > > I suppose the output generated by PIX/ASA doesn't match the usual IOS > output. If no-one else gets to it, I will take a closer look in a few > days hopefully. > > One other things I would note: I find getting configs out of my PIX/ASAs > is much more reliable (but not perfect) if I only let rancid run one of > "more system:running-config", "write terminal", or "show running-config". > If two or three run, the output gets a bit garbled, and rancid fails to > find the end. I speculate this is something to do with the box producing > the output, but asynchronously returning the prompt, or some such. I think it is time that ASA/PIX became a separate script. Trying to wedge it in with IOS and IOX is becoming painful. > At this point, can I also suggest this small patch, which helped me to > narrow down the cause of failure in a couple of cases (sorry no line > numbers for this one, but it is right at the end of 'rancid'): > > - print STDERR "$host: End of run not found\n" if ($debug); > + print STDERR "$host: End of run not found ", > + "(clean_run=$clean_run, found_end=$found_end)\n" if ($debug); > > Jethro. > > -- > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Mon Feb 2 22:20:51 2009 From: heas at shrubbery.net (john heasley) Date: Mon, 2 Feb 2009 14:20:51 -0800 Subject: [rancid] Re: Extreme Switches with Unsaved Configs In-Reply-To: References: <20090127054114.GJ28039@shrubbery.net> <20090127213910.GC950@shrubbery.net> Message-ID: <20090202222051.GU1851@shrubbery.net> Wed, Jan 28, 2009 at 09:41:36AM -0500, Hahues, Sven: > Extremeware > Copyright (C) 1996-2006 Extreme Networks. All rights reserved. > Protected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,914,905; 5,694,436 > ============================================================================================================================= > > Press the key at any time for completions. ^ this is the problem. > Remember to save your configuration changes. > * 300e48-0.45-HH-IDF:1 # right here: > expect: does " \r\n\r\nExtremeware\r\nCopyright (C) 1996-2006 Extreme Networks. All rights reserved.\r\nProtected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,914,905; 5,694,436\r\n=============================================================================================================================\r\n\r\nPress the key at any time for completions.\r\nRemember to save your configuration changes.\r\n* 300e48-0.45-HH-IDF:1 # " (spawn_id exp4) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > ">"? yes > expect: set expect_out(0,string) ">" > expect: set expect_out(spawn_id) "exp4" > expect: set expect_out(buffer) " \r\n\r\nExtremeware\r\nCopyright (C) 1996-2006 Extreme Networks. All rights reserved.\r\nProtected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,914,905; 5,694,436\r\n=============================================================================================================================\r\n\r\nPress the " > send: sending "enable\r" to { exp4 } grumble. I think this hack will fix it. Index: clogin.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/clogin.in,v retrieving revision 1.129 diff -d -u -r1.129 clogin.in --- clogin.in 12 Nov 2008 00:59:04 -0000 1.129 +++ clogin.in 2 Feb 2009 22:19:41 -0000 @@ -529,6 +529,9 @@ -re "Last login:" { exp_continue } + -re "Press the key \[^\r\n]+\[\r\n]+" { + exp_continue + } -re "@\[^\r\n]+ $p_prompt" { # ssh pwd prompt sleep 1 From dan at gconnect.net Tue Feb 3 14:18:44 2009 From: dan at gconnect.net (Dan Massey) Date: Tue, 03 Feb 2009 14:18:44 +0000 Subject: [rancid] Small diff problem Message-ID: Hi List Im new to Rancid, so forgive my lack of understanding please. When I do a 'show run' on the router I get the 'Last configuration change' (shown below), however this info is not included in the diff from rancid. Is there a way to ensure this is included? ==== EXAMPLE ==== Current configuration : 15576 bytes ! ! Last configuration change at 22:22:23 GMT Mon Feb 2 2009 by abc ! NVRAM config last updated at 04:18:01 GMT Tue Feb 3 2009 ! version 12.3 no parser cache service tcp-keepalives-in Etc... ==== END ==== Thanks for your help Dan Gconnect From mohacsi at niif.hu Tue Feb 3 16:42:01 2009 From: mohacsi at niif.hu (Mohacsi Janos) Date: Tue, 3 Feb 2009 17:42:01 +0100 (CET) Subject: [rancid] Re: [Ticket#2009013010000513] FreeBSD Port: rancid-2.3.1_3 / Re: Submit BUG report to FreeBSD for RANCID port with PATCH (fwd) Message-ID: Dear All, As a maintainer of FreeBSD port of rancid I received the following report. I believe this should be addressed in the main distibution level. Janos Mohacsi Network Engineer, Research Associate, Head of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 ---------- Forwarded message ---------- Date: Mon, 2 Feb 2009 12:54:29 -0500 From: Network Infrastructure Support To: janos.mohacsi at bsd.hu Cc: ports at FreeBSD.org Subject: Re: [Ticket#2009013010000513] FreeBSD Port: rancid-2.3.1_3 / Re: Submit BUG report to FreeBSD for RANCID port with PATCH The following patches, taken from 'http://blog.glinskiy.com/2007/03/rancid-and-netscreen-firewall.html' address some issues with netscreen firewalls. Please see inline patches below. Thanks! Your Ticket-Team Michael Joyner -- Edward Waters College Information Technology Tookes Building - 1660 Kings Road, Jacksonville, FL 32209 USA Email: support at otrs.ewc.edu - Web: http://otrs.ewc.edu/otrs/customer.pl -- ---- Forwarded message from Network Infrastructure Support --- From: Network Infrastructure Support To: it-group at listserv.ewc.edu Subject: [Ticket#2009013010000513] Submit BUG report to FreeBSD for RANCID port with PATCH Created: 01/30/2009 13:11:56 http://blog.glinskiy.com/2007/03/rancid-and-netscreen-firewall.html ================= [root at netdisco /usr/local/libexec/rancid]# diff -u -C 5 nlogin.dist nlogin *** nlogin.dist Fri Jan 30 12:46:12 2009 --- nlogin Fri Jan 30 12:54:43 2009 *************** *** 483,500 **** # Login to the firewall if {[login $firewall $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { continue } ! if { $enable } { ! if {[do_enable $enauser $enapasswd]} { ! if { $do_command || $do_script } { ! close; wait ! continue ! } ! } ! } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^.+$prompt" { set junk $expect_out(0,string); --- 483,500 ---- # Login to the firewall if {[login $firewall $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { continue } ! # if { $enable } { ! # if {[do_enable $enauser $enapasswd]} { ! # if { $do_command || $do_script } { ! # close; wait ! # continue ! # } ! # } ! # } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^.+$prompt" { set junk $expect_out(0,string); [root at netdisco /usr/local/libexec/rancid]# diff -u -C 5 nrancid.dist nrancid *** nrancid.dist Fri Jan 30 12:54:49 2009 --- nrancid Fri Jan 30 12:55:01 2009 *************** *** 195,204 **** --- 195,205 ---- if (/^set admin user (\S+) password (\S+) privilege (\S+)$/ && $filter_pwds >= 1) { ProcessHistory("ADMIN","","", "!set admin user $1 password privilege $3\n"); next; + } ProcessHistory("","","","$_"); } $found_end=1; return(1); } Your Ticket-Team Michael Joyner From mohacsi at niif.hu Tue Feb 3 16:43:27 2009 From: mohacsi at niif.hu (Mohacsi Janos) Date: Tue, 3 Feb 2009 17:43:27 +0100 (CET) Subject: [rancid] Re: [Ticket#2009020210000574] FreeBSD Port: rancid-2.3.1_3 / modification to nlogoin patch to fix hang at password prompt / nlogi [...] (fwd) Message-ID: Dear All, As a maintainer of FreeBSD port of rancid I received the following report. I believe this should be addressed in the main distibution level. Best Regards, Janos Mohacsi Network Engineer, Research Associate, Head of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 ---------- Forwarded message ---------- Date: Mon, 2 Feb 2009 14:09:08 -0500 From: Network Infrastructure Support To: janos.mohacsi at bsd.hu Cc: ports at FreeBSD.org Subject: Re: [Ticket#2009020210000574] FreeBSD Port: rancid-2.3.1_3 / modification to nlogoin patch to fix hang at password prompt / nlogi [...] Created: 02/02/2009 13:37:50 --- nlogin.dist 2009-01-30 12:46:12.000000000 -0500 +++ nlogin 2009-02-02 13:33:41.000000000 -0500 @@ -353,21 +353,12 @@ set uprompt_seen 1 exp_continue } - "@\[^\r\n]+\[Pp]assword:" { + "password:" { # ssh pwd prompt sleep 1 send "$userpswd\r" exp_continue } - "\[Pp]assword:" { - sleep 1; - if {$uprompt_seen == 1} { - send "$userpswd\r" - } else { - send "$passwd\r" - } - exp_continue - } "$prompt" { break; } } } @@ -485,14 +476,14 @@ if {[login $firewall $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { continue } - if { $enable } { - if {[do_enable $enauser $enapasswd]} { - if { $do_command || $do_script } { - close; wait - continue - } - } - } +# if { $enable } { +# if {[do_enable $enauser $enapasswd]} { +# if { $do_command || $do_script } { +# close; wait +# continue +# } +# } +# } # we are logged in, now figure out the full prompt send "\r" expect { From asmirnoff at office.beeline.ru Tue Feb 3 12:20:25 2009 From: asmirnoff at office.beeline.ru (Smirnoff Alexander) Date: Tue, 3 Feb 2009 15:20:25 +0300 Subject: [rancid] cvs commit: `configs/x.x.x.x' should be removed and is still there (or is back again) Message-ID: <986544234AB0A44BADE40DF502E2012A014C51C3@SPBMAIL.spb.sovintel.net> Hello! I'am running rancid with three groups of devices, and one of them have this errors in log: cvs commit: `configs/42.85.242.22' should be removed and is still there (or is back again) cvs commit: `configs/42.85.242.24' should be removed and is still there (or is back again) cvs commit: Up-to-date check failed for `configs/42.85.242.3' cvs commit: `configs/42.85.242.4' should be removed and is still there (or is back again) cvs commit: `configs/42.85.242.6' should be removed and is still there (or is back again) cvs commit: `configs/42.85.242.7' should be removed and is still there (or is back again) cvs commit: `configs/42.85.242.9' should be removed and is still there (or is back again) cvs commit: Up-to-date check failed for `configs/62.141.71.241' cvs commit: Up-to-date check failed for `configs/62.141.71.247' cvs commit: Up-to-date check failed for `configs/81.211.75.178' cvs commit: Examining configs/sz-reg-routers cvs commit: Examining configs/sz-reg-routers/configs cvs commit: Up-to-date check failed for `configs/sz-reg-routers/configs/10.4.100.1' cvs commit: file `configs/sz-reg-routers/configs/192.16.2.1' had a conflict and has not been modified cvs commit: file `configs/sz-reg-routers/configs/192.16.71.254' had a conflict and has not been modified cvs commit: file `configs/sz-reg-routers/configs/174.7.50.23' had a conflict and has not been modified cvs commit: file `configs/sz-reg-routers/configs/237.44.131.248' had a conflict and has not been modified cvs commit: file `configs/sz-reg-routers/configs/42.85.242.16' had a conflict and has not been modified cvs [commit aborted]: correct above errors first! How I can fix this errors? -- Regards, Alexandr Smirnov +7(837)3468600 # 54682 Head of Data Transmission Networks Monitoring Service mailto:asmirnoff at gldn.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090203/1a0e0d0b/attachment.html From heas at shrubbery.net Tue Feb 3 17:09:09 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 3 Feb 2009 09:09:09 -0800 Subject: [rancid] Re: [Ticket#2009020210000574] FreeBSD Port: rancid-2.3.1_3 / modification to nlogoin patch to fix hang at password prompt / nlogi [...] (fwd) In-Reply-To: References: Message-ID: <20090203170909.GD19619@shrubbery.net> It appears to me that both of these problems are fixed in 2.3.2a9. Please try that. Tue, Feb 03, 2009 at 05:43:27PM +0100, Mohacsi Janos: > Dear All, > > As a maintainer of FreeBSD port of rancid I received the following > report. I believe this should be addressed in the main distibution level. > > Best Regards, > > Janos Mohacsi > Network Engineer, Research Associate, Head of Network Planning and Projects > NIIF/HUNGARNET, HUNGARY > Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 > > ---------- Forwarded message ---------- > Date: Mon, 2 Feb 2009 14:09:08 -0500 > From: Network Infrastructure Support > To: janos.mohacsi at bsd.hu > Cc: ports at FreeBSD.org > Subject: Re: [Ticket#2009020210000574] FreeBSD Port: rancid-2.3.1_3 / > modification to nlogoin patch to fix hang at password prompt / nlogi [...] > > > > Created: > 02/02/2009 13:37:50 > --- nlogin.dist 2009-01-30 12:46:12.000000000 -0500 > +++ nlogin 2009-02-02 13:33:41.000000000 -0500 > @@ -353,21 +353,12 @@ > set uprompt_seen 1 > exp_continue > } > - "@\[^\r\n]+\[Pp]assword:" { > + "password:" { > # ssh pwd prompt > sleep 1 > send "$userpswd\r" > exp_continue > } > - "\[Pp]assword:" { > - sleep 1; > - if {$uprompt_seen == 1} { > - send "$userpswd\r" > - } else { > - send "$passwd\r" > - } > - exp_continue > - } > "$prompt" { break; } > } > } > @@ -485,14 +476,14 @@ > if {[login $firewall $ruser $userpswd $passwd $enapasswd $prompt $cmethod > $cyphertype]} { > continue > } > - if { $enable } { > - if {[do_enable $enauser $enapasswd]} { > - if { $do_command || $do_script } { > - close; wait > - continue > - } > - } > - } > +# if { $enable } { > +# if {[do_enable $enauser $enapasswd]} { > +# if { $do_command || $do_script } { > +# close; wait > +# continue > +# } > +# } > +# } > # we are logged in, now figure out the full prompt > send "\r" > expect { > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From daniel.medina at gmail.com Tue Feb 3 16:43:46 2009 From: daniel.medina at gmail.com (Daniel Medina) Date: Tue, 3 Feb 2009 11:43:46 -0500 Subject: [rancid] Re: Small diff problem In-Reply-To: References: Message-ID: <20090203164345.GA42895@monkey.local> On Tue, Feb 03, 2009 at 02:18:44PM +0000, Dan Massey wrote: > Im new to Rancid, so forgive my lack of understanding please. When I do a > 'show run' on the router I get the 'Last configuration change' (shown > below), however this info is not included in the diff from rancid. > > Is there a way to ensure this is included? You could comment out (with "#") /^! (Last configuration|NVRAM config last)/ && next; in your rancid script. The reason these lines are skipped is to avoid "false diffs", as the lines could change because someone entered configure mode without actually changing anything. If you're using that to attribute a change to a particular person you may also find that you're picking up changes in the diffs made by someone else as well. See the threads at http://www.shrubbery.net/pipermail/rancid-discuss/2008-September/003254.html http://www.shrubbery.net/pipermail/rancid-discuss/2008-September/003255.html for some more info. > ==== EXAMPLE ==== > Current configuration : 15576 bytes > ! > ! Last configuration change at 22:22:23 GMT Mon Feb 2 2009 by abc > ! NVRAM config last updated at 04:18:01 GMT Tue Feb 3 2009 > ! > version 12.3 > no parser cache > service tcp-keepalives-in > Etc... > ==== END ==== -- Daniel Medina From kenneth.w.sain at accenture.com Tue Feb 3 18:44:34 2009 From: kenneth.w.sain at accenture.com (kenneth.w.sain at accenture.com) Date: Tue, 3 Feb 2009 12:44:34 -0600 Subject: [rancid] f5 bigIP issue Message-ID: <4CA41E6E02F664448C893BB678E2C76356948F@AMRXM2122.dir.svc.accenture.com> According to the list archives, this issue should have been resolved back around August 2007: http://www.shrubbery.net/pipermail/rancid-discuss/2007-August/002436.htm l However, I am experiencing the same exact problem using the newer f5rancid (instead of the mentioned f5login) from rancid-2.3.2a9. The only similar code I see in bin/f5rancid is where TERM gets set to vt100 (lines 63-64). I don't see where TERM is ever sent during the login process, so I end up with a login timeout error. A manual clogin test confirms the login process hangs at the TERM type question from the bigIP device. Any ideas? This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090203/056237c0/attachment.html From kenneth.w.sain at accenture.com Tue Feb 3 19:35:41 2009 From: kenneth.w.sain at accenture.com (kenneth.w.sain at accenture.com) Date: Tue, 3 Feb 2009 13:35:41 -0600 Subject: [rancid] f5 bigIP issue-resolved Message-ID: <4CA41E6E02F664448C893BB678E2C7635694AE@AMRXM2122.dir.svc.accenture.com> I figured out that f5login no longer exists and by manually adding the diff provided for f5login into clogin, the login process if now successful. Ken Sain Accenture @ MyFloridaMarketPlace (850) 414-7580 (office) (850) 508-4227 (cell) kensainwork on Yahoo/AOL IM This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090203/4e00956c/attachment.html From kenneth.w.sain at accenture.com Tue Feb 3 21:10:14 2009 From: kenneth.w.sain at accenture.com (kenneth.w.sain at accenture.com) Date: Tue, 3 Feb 2009 15:10:14 -0600 Subject: [rancid] f5 bigIP part 2 Message-ID: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> Using rancid--2.3.2a9 on freebsd 7.1, I can successfully clogin into the device. Getting anything off the device via bin/rancid or bin/control-rancid is another story. I'm getting timeout errors and I've tried timeouts of 180s and 300s. Neither of which change the outcome. I did have to tweak bin/clogin to fix an issue from this post: http://www.shrubbery.net/pipermail/rancid-discuss/2007-August/002437.htm l. I'm using the defined f5 device type in router.db. Any ideas? Below is a sh -x output from control_rancid on my defined network list. sh -x bin/control_rancid /usr/home/rancid/var/SSRC_test/ + alt_mailrcpt=0 + [ 1 -ge 1 ] + [ 1 ] + break + [ 1 -lt 1 ] + GROUP=/usr/home/rancid/var/SSRC_test/ + DIR=//usr/home/rancid/var/SSRC_test/ + TMP=/tmp/rancid./usr/home/rancid/var/SSRC_test/.39201 + trap rm -fr $TMP; 1 2 15 + unset noclobber + RCSSYS=cvs + [ cvs != cvs -a cvs != svn ] + mailrcpt=rancid-/usr/home/rancid/var/SSRC_test/ + export mailrcpt + adminmailrcpt=rancid-admin-/usr/home/rancid/var/SSRC_test/ + export adminmailrcpt + set + grep MAILHEADERS= + [ 1 -ne 0 ] + MAILHEADERS=Precedence: bulk\n + export MAILHEADERS + PAR_COUNT=5 + MAX_ROUNDS=4 + [ 4 -lt 1 ] + [ ! -d //usr/home/rancid/var/SSRC_test/ ] + cd //usr/home/rancid/var/SSRC_test/ + [ ! -f .cvsignore ] + cvs update router.db bin/control_rancid: cannot create /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201: No such file or directory + grep ^C /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201 grep: /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201: No such file or directory + [ 2 -eq 0 ] + rm -f /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201 + [ ! -f //usr/home/rancid/var/SSRC_test//router.db ] + cd //usr/home/rancid/var/SSRC_test/ + trap rm -fr routers.db routers.all.new routers.down.new routers.up.new \ routers.mail routers.added routers.deleted $TMP; 1 2 15 + sed -e /^#/d -e s/^ *// -e s/ *$// -e s/ *: */:/g router.db + sort -u + cut -d: -f1,2 routers.db + [ ! -f routers.all ] + diff -u -4 routers.all routers.all.new + RALL=0 + perl5 -F: -ane {($F[0] =~ tr at A-Z@a-z@,print $_) if ($F[2] !~ /^up$/i);} routers.db + [ ! -f routers.down ] + diff -u -4 routers.down routers.down.new + RDOWN=0 + perl5 -F: -ane {($F[0] =~ tr at A-Z@a-z@,print "$F[0]:$F[1]\n") if ($F[2] =~ /^up$/i);} routers.db + [ ! -f routers.up ] + diff -u -4 routers.up routers.up.new + RUP=0 + [ 0 -ne 0 -o 0 -ne 0 -o 0 -ne 0 ] + mv -f routers.all.new routers.all + [ 0 -ne 0 ] + mv -f routers.down.new routers.down + [ 0 -ne 0 ] + mv -f routers.up.new routers.up + [ 0 -ne 0 ] + rm -f routers.db + trap rm -fr $TMP; 1 2 15 + cd //usr/home/rancid/var/SSRC_test//configs + cut -d: -f1 ../routers.up + [ cvs = cvs ] + cvs status bigip01 + grep -i status: unknown + [ 1 -eq 0 ] + [ cvs = cvs ] + cvs status ns50 + grep -i status: unknown + [ 1 -eq 0 ] + [ cvs = cvs ] + cvs status swt01 + grep -i status: unknown + [ 1 -eq 0 ] + [ cvs = cvs ] + cvs status swt02 + grep -i status: unknown + [ 1 -eq 0 ] + echo + find . ( -name *.new -prune -o -name CVS -prune -o -name .svn -prune ) -o -type f -print + sed -e s/^.\/// + grep -i ^ns50: ../router.db + [ 0 -eq 1 ] + grep -i ^swt01: ../router.db + [ 0 -eq 1 ] + grep -i ^swt02: ../router.db + [ 0 -eq 1 ] + grep -i ^bigip01: ../router.db + [ 0 -eq 1 ] + cd //usr/home/rancid/var/SSRC_test/ + [ ! -s routers.up ] + [ X != X ] + devlistfile=//usr/home/rancid/var/SSRC_test//routers.up + cd //usr/home/rancid/var/SSRC_test//configs + echo + echo Trying to get all of the configs. Trying to get all of the configs. + par -q -n 5 -c rancid-fe {} //usr/home/rancid/var/SSRC_test//routers.up bigip01: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,bigpipe route static show,bigpipe base list,bigpipe db show,bigpipe monitor list all,ls --full-time --color=never /config/ssl/ssl.key,bigpipe profile list,bigpipe list bigip01: End of run not found # Error: TIMEOUT reached Ken Sain Accenture @ MyFloridaMarketPlace (850) 414-7580 (office) (850) 508-4227 (cell) kensainwork on Yahoo/AOL IM This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090203/13738f9d/attachment.html From jethro.binks at strath.ac.uk Tue Feb 3 21:27:35 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 3 Feb 2009 21:27:35 +0000 (GMT) Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> Message-ID: On Tue, 3 Feb 2009, kenneth.w.sain at accenture.com wrote: > Using rancid--2.3.2a9 on freebsd 7.1, I can successfully clogin into the > device. > > Getting anything off the device via bin/rancid or bin/control-rancid is > another story. ... Don't worry about control-rancid etc just now, just concentrate on running rancid by hand. When I want to know what it is really doing, I might do: env NOPIPE=y PATH=${PATH}:/usr/local/libexec/rancid rancid -d devicename (modify PATH to taste). This will leave devicename.raw and devicename.new files in your current working dir. The raw file is the output of the session for connecting and sending the commands. Take a look through it: presumably the timeout is occurring because rancid isn't detecting a prompt after a command run, or something is confusing expect. It may or not be obvious, but take a look and see. If you see where it breaks down but don't understand why, repost the relevant part of the output. Jethro. -- . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From mashcraft at omniture.com Tue Feb 3 21:37:41 2009 From: mashcraft at omniture.com (Mike Ashcraft) Date: Tue, 3 Feb 2009 14:37:41 -0700 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> Message-ID: <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> Looks rancid is not setting the term type properly on the F5. Two options: If you don't terminate SSL connections on the F5 (Or don't want rancid to track ssl certificate changes) drop those two ls commands from f5rancid. Fix rancid to set the term type on the F5 to vt100. Mike From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of kenneth.w.sain at accenture.com Sent: Tuesday, February 03, 2009 2:10 PM To: rancid-discuss at shrubbery.net Subject: [rancid] f5 bigIP part 2 Using rancid--2.3.2a9 on freebsd 7.1, I can successfully clogin into the device. Getting anything off the device via bin/rancid or bin/control-rancid is another story. I'm getting timeout errors and I've tried timeouts of 180s and 300s. Neither of which change the outcome. I did have to tweak bin/clogin to fix an issue from this post: http://www.shrubbery.net/pipermail/rancid-discuss/2007-August/002437.html. I'm using the defined f5 device type in router.db. Any ideas? Below is a sh -x output from control_rancid on my defined network list. sh -x bin/control_rancid /usr/home/rancid/var/SSRC_test/ + alt_mailrcpt=0 + [ 1 -ge 1 ] + [ 1 ] + break + [ 1 -lt 1 ] + GROUP=/usr/home/rancid/var/SSRC_test/ + DIR=//usr/home/rancid/var/SSRC_test/ + TMP=/tmp/rancid./usr/home/rancid/var/SSRC_test/.39201 + trap rm -fr $TMP; 1 2 15 + unset noclobber + RCSSYS=cvs + [ cvs != cvs -a cvs != svn ] + mailrcpt=rancid-/usr/home/rancid/var/SSRC_test/ + export mailrcpt + adminmailrcpt=rancid-admin-/usr/home/rancid/var/SSRC_test/ + export adminmailrcpt + set + grep MAILHEADERS= + [ 1 -ne 0 ] + MAILHEADERS=Precedence: bulk\n + export MAILHEADERS + PAR_COUNT=5 + MAX_ROUNDS=4 + [ 4 -lt 1 ] + [ ! -d //usr/home/rancid/var/SSRC_test/ ] + cd //usr/home/rancid/var/SSRC_test/ + [ ! -f .cvsignore ] + cvs update router.db bin/control_rancid: cannot create /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201: No such file or directory + grep ^C /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201 grep: /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201: No such file or directory + [ 2 -eq 0 ] + rm -f /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201 + [ ! -f //usr/home/rancid/var/SSRC_test//router.db ] + cd //usr/home/rancid/var/SSRC_test/ + trap rm -fr routers.db routers.all.new routers.down.new routers.up.new \ routers.mail routers.added routers.deleted $TMP; 1 2 15 + sed -e /^#/d -e s/^ *// -e s/ *$// -e s/ *: */:/g router.db + sort -u + cut -d: -f1,2 routers.db + [ ! -f routers.all ] + diff -u -4 routers.all routers.all.new + RALL=0 + perl5 -F: -ane {($F[0] =~ tr at A-Z@a-z@,print $_) if ($F[2] !~ /^up$/i);} routers.db + [ ! -f routers.down ] + diff -u -4 routers.down routers.down.new + RDOWN=0 + perl5 -F: -ane {($F[0] =~ tr at A-Z@a-z@,print "$F[0]:$F[1]\n") if ($F[2] =~ /^up$/i);} routers.db + [ ! -f routers.up ] + diff -u -4 routers.up routers.up.new + RUP=0 + [ 0 -ne 0 -o 0 -ne 0 -o 0 -ne 0 ] + mv -f routers.all.new routers.all + [ 0 -ne 0 ] + mv -f routers.down.new routers.down + [ 0 -ne 0 ] + mv -f routers.up.new routers.up + [ 0 -ne 0 ] + rm -f routers.db + trap rm -fr $TMP; 1 2 15 + cd //usr/home/rancid/var/SSRC_test//configs + cut -d: -f1 ../routers.up + [ cvs = cvs ] + cvs status bigip01 + grep -i status: unknown + [ 1 -eq 0 ] + [ cvs = cvs ] + cvs status ns50 + grep -i status: unknown + [ 1 -eq 0 ] + [ cvs = cvs ] + cvs status swt01 + grep -i status: unknown + [ 1 -eq 0 ] + [ cvs = cvs ] + cvs status swt02 + grep -i status: unknown + [ 1 -eq 0 ] + echo + find . ( -name *.new -prune -o -name CVS -prune -o -name .svn -prune ) -o -type f -print + sed -e s/^.\/// + grep -i ^ns50: ../router.db + [ 0 -eq 1 ] + grep -i ^swt01: ../router.db + [ 0 -eq 1 ] + grep -i ^swt02: ../router.db + [ 0 -eq 1 ] + grep -i ^bigip01: ../router.db + [ 0 -eq 1 ] + cd //usr/home/rancid/var/SSRC_test/ + [ ! -s routers.up ] + [ X != X ] + devlistfile=//usr/home/rancid/var/SSRC_test//routers.up + cd //usr/home/rancid/var/SSRC_test//configs + echo + echo Trying to get all of the configs. Trying to get all of the configs. + par -q -n 5 -c rancid-fe {} //usr/home/rancid/var/SSRC_test//routers.up bigip01: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,bigpipe route static show,bigpipe base list,bigpipe db show,bigpipe monitor list all,ls --full-time --color=never /config/ssl/ssl.key,bigpipe profile list,bigpipe list bigip01: End of run not found # Error: TIMEOUT reached Ken Sain Accenture @ MyFloridaMarketPlace (850) 414-7580 (office) (850) 508-4227 (cell) kensainwork on Yahoo/AOL IM This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090203/7cf75d5f/attachment.html From kenneth.w.sain at accenture.com Tue Feb 3 21:50:42 2009 From: kenneth.w.sain at accenture.com (kenneth.w.sain at accenture.com) Date: Tue, 3 Feb 2009 15:50:42 -0600 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> Message-ID: <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> Hrm, I already hardcoded clogin to provide vt100, just like the other poster in the URL I provided. And I've confirmed that it works via a bin/clogin bigip01. $ bin/clogin bigip01 bigip01 spawn ssh -c 3des -x -l admin bigip01 admin at bigip01's password: Last login: Tue Feb 3 16:44:12 2009 from Terminal type? [xterm] vt100 Terminal type is vt100. bigip01:~# bigip01:~# For testing, I removed the two ls check commands, and re-ran sh -x bin/control-rancid. Still hangs up on the par line. + echo Trying to get all of the configs. Trying to get all of the configs. + par -q -n 5 -c rancid-fe {} //usr/home/rancid/var/SSRC_test//routers.up bigip01: missed cmd(s): bigpipe monitor list all Any other ideas? Ken Sain ________________________________ From: Mike Ashcraft [mailto:mashcraft at omniture.com] Sent: Tuesday, February 03, 2009 4:38 PM To: Sain, Kenneth W.; rancid-discuss at shrubbery.net Subject: RE: f5 bigIP part 2 Looks rancid is not setting the term type properly on the F5. Two options: If you don't terminate SSL connections on the F5 (Or don't want rancid to track ssl certificate changes) drop those two ls commands from f5rancid. Fix rancid to set the term type on the F5 to vt100. Mike From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of kenneth.w.sain at accenture.com Sent: Tuesday, February 03, 2009 2:10 PM To: rancid-discuss at shrubbery.net Subject: [rancid] f5 bigIP part 2 Using rancid--2.3.2a9 on freebsd 7.1, I can successfully clogin into the device. Getting anything off the device via bin/rancid or bin/control-rancid is another story. I'm getting timeout errors and I've tried timeouts of 180s and 300s. Neither of which change the outcome. I did have to tweak bin/clogin to fix an issue from this post: http://www.shrubbery.net/pipermail/rancid-discuss/2007-August/002437.htm l. I'm using the defined f5 device type in router.db. Any ideas? Below is a sh -x output from control_rancid on my defined network list. sh -x bin/control_rancid /usr/home/rancid/var/SSRC_test/ + alt_mailrcpt=0 + [ 1 -ge 1 ] + [ 1 ] + break + [ 1 -lt 1 ] + GROUP=/usr/home/rancid/var/SSRC_test/ + DIR=//usr/home/rancid/var/SSRC_test/ + TMP=/tmp/rancid./usr/home/rancid/var/SSRC_test/.39201 + trap rm -fr $TMP; 1 2 15 + unset noclobber + RCSSYS=cvs + [ cvs != cvs -a cvs != svn ] + mailrcpt=rancid-/usr/home/rancid/var/SSRC_test/ + export mailrcpt + adminmailrcpt=rancid-admin-/usr/home/rancid/var/SSRC_test/ + export adminmailrcpt + set + grep MAILHEADERS= + [ 1 -ne 0 ] + MAILHEADERS=Precedence: bulk\n + export MAILHEADERS + PAR_COUNT=5 + MAX_ROUNDS=4 + [ 4 -lt 1 ] + [ ! -d //usr/home/rancid/var/SSRC_test/ ] + cd //usr/home/rancid/var/SSRC_test/ + [ ! -f .cvsignore ] + cvs update router.db bin/control_rancid: cannot create /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201: No such file or directory + grep ^C /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201 grep: /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201: No such file or directory + [ 2 -eq 0 ] + rm -f /tmp/rancid./usr/home/rancid/var/SSRC_test/.39201 + [ ! -f //usr/home/rancid/var/SSRC_test//router.db ] + cd //usr/home/rancid/var/SSRC_test/ + trap rm -fr routers.db routers.all.new routers.down.new routers.up.new \ routers.mail routers.added routers.deleted $TMP; 1 2 15 + sed -e /^#/d -e s/^ *// -e s/ *$// -e s/ *: */:/g router.db + sort -u + cut -d: -f1,2 routers.db + [ ! -f routers.all ] + diff -u -4 routers.all routers.all.new + RALL=0 + perl5 -F: -ane {($F[0] =~ tr at A-Z@a-z@,print $_) if ($F[2] !~ /^up$/i);} routers.db + [ ! -f routers.down ] + diff -u -4 routers.down routers.down.new + RDOWN=0 + perl5 -F: -ane {($F[0] =~ tr at A-Z@a-z@,print "$F[0]:$F[1]\n") if ($F[2] =~ /^up$/i);} routers.db + [ ! -f routers.up ] + diff -u -4 routers.up routers.up.new + RUP=0 + [ 0 -ne 0 -o 0 -ne 0 -o 0 -ne 0 ] + mv -f routers.all.new routers.all + [ 0 -ne 0 ] + mv -f routers.down.new routers.down + [ 0 -ne 0 ] + mv -f routers.up.new routers.up + [ 0 -ne 0 ] + rm -f routers.db + trap rm -fr $TMP; 1 2 15 + cd //usr/home/rancid/var/SSRC_test//configs + cut -d: -f1 ../routers.up + [ cvs = cvs ] + cvs status bigip01 + grep -i status: unknown + [ 1 -eq 0 ] + [ cvs = cvs ] + cvs status ns50 + grep -i status: unknown + [ 1 -eq 0 ] + [ cvs = cvs ] + cvs status swt01 + grep -i status: unknown + [ 1 -eq 0 ] + [ cvs = cvs ] + cvs status swt02 + grep -i status: unknown + [ 1 -eq 0 ] + echo + find . ( -name *.new -prune -o -name CVS -prune -o -name .svn -prune ) -o -type f -print + sed -e s/^.\/// + grep -i ^ns50: ../router.db + [ 0 -eq 1 ] + grep -i ^swt01: ../router.db + [ 0 -eq 1 ] + grep -i ^swt02: ../router.db + [ 0 -eq 1 ] + grep -i ^bigip01: ../router.db + [ 0 -eq 1 ] + cd //usr/home/rancid/var/SSRC_test/ + [ ! -s routers.up ] + [ X != X ] + devlistfile=//usr/home/rancid/var/SSRC_test//routers.up + cd //usr/home/rancid/var/SSRC_test//configs + echo + echo Trying to get all of the configs. Trying to get all of the configs. + par -q -n 5 -c rancid-fe {} //usr/home/rancid/var/SSRC_test//routers.up bigip01: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,bigpipe route static show,bigpipe base list,bigpipe db show,bigpipe monitor list all,ls --full-time --color=never /config/ssl/ssl.key,bigpipe profile list,bigpipe list bigip01: End of run not found # Error: TIMEOUT reached Ken Sain Accenture @ MyFloridaMarketPlace (850) 414-7580 (office) (850) 508-4227 (cell) kensainwork on Yahoo/AOL IM This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090203/c1bd10a4/attachment.html From heas at shrubbery.net Wed Feb 4 03:15:36 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 3 Feb 2009 19:15:36 -0800 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> Message-ID: <20090204031536.GC24794@shrubbery.net> Tue, Feb 03, 2009 at 03:50:42PM -0600, kenneth.w.sain at accenture.com: > Hrm, I already hardcoded clogin to provide vt100, just like the other > poster in the URL I provided. And I've confirmed that it works via a > bin/clogin bigip01. any change like setting TERM should be done in f5rancid, NOT clogin. Let clogin inherit it. From heas at shrubbery.net Wed Feb 4 03:19:37 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 3 Feb 2009 19:19:37 -0800 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> Message-ID: <20090204031937.GD24794@shrubbery.net> Tue, Feb 03, 2009 at 03:50:42PM -0600, kenneth.w.sain at accenture.com: > bigip01:~# remind me; is this thing based on linux? From randy at psg.com Wed Feb 4 03:24:09 2009 From: randy at psg.com (Randy Bush) Date: Wed, 04 Feb 2009 12:24:09 +0900 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <20090204031937.GD24794@shrubbery.net> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> <20090204031937.GD24794@shrubbery.net> Message-ID: >> bigip01:~# > remind me; is this thing based on linux? dunno now, but used to be BSDOS randy From rancid at gheek.net Wed Feb 4 03:26:06 2009 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 3 Feb 2009 20:26:06 -0700 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> <20090204031937.GD24794@shrubbery.net> Message-ID: <8423e7bb0902031926i62e2842bq421eb30b47827414@mail.gmail.com> One of these days I will get back to the backup f5 scripts I am using. I have john's working one, but not sure what rancid version I have it implemented with. On Tue, Feb 3, 2009 at 8:24 PM, Randy Bush wrote: >>> bigip01:~# >> remind me; is this thing based on linux? > > dunno now, but used to be BSDOS > > randy > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From smunzani at comcast.net Wed Feb 4 04:57:10 2009 From: smunzani at comcast.net (Sam Munzani) Date: Tue, 03 Feb 2009 22:57:10 -0600 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> <20090204031937.GD24794@shrubbery.net> Message-ID: <49892026.5070600@comcast.net> Here is sanitized uname -a output from a bigup 6400 ltm box. Linux host-name 2.4.21-9.4.5.1049.0smp #2 SMP Wed May 14 12:50:53 PDT 2008 i686 athlon i386 GNU/Linux I guess its linux now. I remember it used to be FreeBSD. Thanks, sam >>> bigip01:~# >>> >> remind me; is this thing based on linux? >> > > dunno now, but used to be BSDOS > > randy > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090203/7b9e6bd3/attachment.html From heas at shrubbery.net Wed Feb 4 06:30:59 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 3 Feb 2009 22:30:59 -0800 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <8423e7bb0902031926i62e2842bq421eb30b47827414@mail.gmail.com> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> <20090204031937.GD24794@shrubbery.net> <8423e7bb0902031926i62e2842bq421eb30b47827414@mail.gmail.com> Message-ID: <20090204063059.GB21421@shrubbery.net> I think that if you take the script in the 2.3.2a9, but not installed, and change the login script to hlogin ... it might just work without any further changes. someone with an f5, please try this. Tue, Feb 03, 2009 at 08:26:06PM -0700, Lance Vermilion: > One of these days I will get back to the backup f5 scripts I am using. > I have john's working one, but not sure what rancid version I have it > implemented with. > > On Tue, Feb 3, 2009 at 8:24 PM, Randy Bush wrote: > >>> bigip01:~# > >> remind me; is this thing based on linux? > > > > dunno now, but used to be BSDOS > > > > randy > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From mstefani at redhat.com Wed Feb 4 13:17:58 2009 From: mstefani at redhat.com (Michael Stefaniuc) Date: Wed, 04 Feb 2009 14:17:58 +0100 Subject: [rancid] Re: Pinning Moving Config Lines In-Reply-To: <20090128194326.GG23935@shrubbery.net> References: <497EDF66.8070100@redhat.com> <20090127175048.GA3030@shrubbery.net> <49803DFE.2030701@redhat.com> <20090128194326.GG23935@shrubbery.net> Message-ID: <49899586.6090803@redhat.com> john heasley wrote: > Wed, Jan 28, 2009 at 12:14:06PM +0100, Michael Stefaniuc: >> john heasley wrote: >>> Tue, Jan 27, 2009 at 11:18:14AM +0100, Michael Stefaniuc: >>>> is there an easy way to assign a fixed position to config lines that >>>> move around during two invocations of "write term"? >>>> >>>> In the Cisco SAN-OS devices the "callhome" config line moves between the >>>> front and end of the "fcalias name" sections producing bogus change reports. >>> how so? please show an example of the moving. >>>> The solutions I see on a quick glance (none satisfactory): >>>> - The absolute easiest way would be to just drop the line but for this >>>> config line it doesn't seem like a wise idea. >>>> - In the WriteTerm function create a separate ProcessHistory >>>> "fcalias name" section with sorting and add "callhome" to that section >>>> too. Drawback is that I would have to parse the "fcalias name" >>>> sections correctly too. >>>> >>>> Does anybody know a nicer way to pin the moving config line down? >>> We'd normally just sort it. >> Yeah, will be a pita in this case. > > i really dislike ciscos for stuff like this. > > try adding a match for it like > /^callhome/ && > ProcessHistory("COMMENTS","keysort","Z0","$_") && next; That would have been too easy if it would have worked. But it doesn't; I tried it out but the "callhome" line still moves around. I'll hack something up as it is annoying; depending on the amount of "spare time" it will be a hack or a proper patch I can submit upstream. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Consulting Communications Engineer Fax.: +49-711-96437-111 -------------------------------------------------------------------- Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei Muenchen Handelsregister: Amtsgericht Muenchen HRB 153243 Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, Werner Knoblich From asmirnoff at office.beeline.ru Wed Feb 4 13:27:17 2009 From: asmirnoff at office.beeline.ru (Smirnoff Alexander) Date: Wed, 4 Feb 2009 16:27:17 +0300 Subject: [rancid] FW: cvs commit: `configs/x.x.x.x' should be removed and is still there (or is back again) Message-ID: <986544234AB0A44BADE40DF502E2012A014C51D0@SPBMAIL.spb.sovintel.net> Does you mean this QA: Q. I keep receiving the same diff for a (or set of) devices, but I know the data is not changing repeatedly. Why? A: If the Status is anything else, someone has most likely been touching the files manually. Sane state can be achieved by removing the file and running cvs update to get a fresh copy from the repository. Or some else? And if I need make cvs update, what is file ? For example in log I see cvs status: 10.4.242.129 should be removed and is still there File is exist: -rw-r----- 1 rancid rancid 10701 Feb 4 11:37 /home/rancid/var/sz-reg-routers/configs/10.4.242.129 But in CVS this config is absent: ls: /home/rancid/var/CVS/sz-reg-routers/configs/10.4.244.129,v: No such file or directory What I need to do for clearing this problem? -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Tuesday, February 03, 2009 8:10 PM To: Smirnoff Alexander Subject: Re: [rancid] cvs commit: `configs/x.x.x.x' should be removed and is still there (or is back again) Please see the cvs section of the FAQ. Tue, Feb 03, 2009 at 03:20:25PM +0300, Smirnoff Alexander: > Hello! > > > > I'am running rancid with three groups of devices, and one of them have > this errors in log: > > > > cvs commit: `configs/42.85.242.22' should be removed and is still there > (or is back again) > > cvs commit: `configs/42.85.242.24' should be removed and is still there > (or is back again) > > cvs commit: Up-to-date check failed for `configs/42.85.242.3' > > cvs commit: `configs/42.85.242.4' should be removed and is still there > (or is back again) > > cvs commit: `configs/42.85.242.6' should be removed and is still there > (or is back again) > > cvs commit: `configs/42.85.242.7' should be removed and is still there > (or is back again) > > cvs commit: `configs/42.85.242.9' should be removed and is still there > (or is back again) > > cvs commit: Up-to-date check failed for `configs/62.141.71.241' > > cvs commit: Up-to-date check failed for `configs/62.141.71.247' > > cvs commit: Up-to-date check failed for `configs/81.211.75.178' > > cvs commit: Examining configs/sz-reg-routers > > cvs commit: Examining configs/sz-reg-routers/configs > > cvs commit: Up-to-date check failed for > `configs/sz-reg-routers/configs/10.4.100.1' > > cvs commit: file `configs/sz-reg-routers/configs/192.16.2.1' had a > conflict and has not been modified > > cvs commit: file `configs/sz-reg-routers/configs/192.16.71.254' had a > conflict and has not been modified > > cvs commit: file `configs/sz-reg-routers/configs/174.7.50.23' had a > conflict and has not been modified > > cvs commit: file `configs/sz-reg-routers/configs/237.44.131.248' had a > conflict and has not been modified > > cvs commit: file `configs/sz-reg-routers/configs/42.85.242.16' had a > conflict and has not been modified > > cvs [commit aborted]: correct above errors first! > > > > How I can fix this errors? > > > > -- > Regards, > Alexandr Smirnov > +7(837)3468600 # 54682 > Head of Data Transmission Networks Monitoring Service > mailto:asmirnoff at gldn.net > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From kenneth.w.sain at accenture.com Wed Feb 4 14:06:42 2009 From: kenneth.w.sain at accenture.com (kenneth.w.sain at accenture.com) Date: Wed, 4 Feb 2009 08:06:42 -0600 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <20090204031536.GC24794@shrubbery.net> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> <20090204031536.GC24794@shrubbery.net> Message-ID: <4CA41E6E02F664448C893BB678E2C763569577@AMRXM2122.dir.svc.accenture.com> I'm not sure how that would be accomplished. f5rancid contains no expect send commands, it calls clogin to handle that work. I have no idea where or how I'd accomplish this inside bin/f5rancid. Interestingly, f5rancind does contain the lines: # force a terminal type so as not to confuse the POS $ENV{'TERM'} = "vt100"; But it doesn't seem to have any affect on the login process. I did find that some of the @commandtable entries had syntax errors for the older 4.5 bigIP code. Commenting those out and using the vt100 hack in clogin is working for me now. Ken Sain Accenture @ MyFloridaMarketPlace (850) 414-7580 (office) (850) 508-4227 (cell) kensainwork on Yahoo/AOL IM -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Tuesday, February 03, 2009 10:16 PM To: Sain, Kenneth W. Cc: mashcraft at omniture.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: f5 bigIP part 2 Tue, Feb 03, 2009 at 03:50:42PM -0600, kenneth.w.sain at accenture.com: > Hrm, I already hardcoded clogin to provide vt100, just like the other > poster in the URL I provided. And I've confirmed that it works via a > bin/clogin bigip01. any change like setting TERM should be done in f5rancid, NOT clogin. Let clogin inherit it. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. From kenneth.w.sain at accenture.com Wed Feb 4 14:12:37 2009 From: kenneth.w.sain at accenture.com (kenneth.w.sain at accenture.com) Date: Wed, 4 Feb 2009 08:12:37 -0600 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <20090204031937.GD24794@shrubbery.net> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> <20090204031937.GD24794@shrubbery.net> Message-ID: <4CA41E6E02F664448C893BB678E2C76356957C@AMRXM2122.dir.svc.accenture.com> I do believe the older 4.5 code was netbsd based, whilst their newer 9.x code is linux based. Not very helpful, but... bigip01:/# uname -ar BIG-IP bigip01 BIG-IP 4.5.14 BIG-IP Kernel 4.5.14 Build5 i386 Ken Sain -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Tuesday, February 03, 2009 10:20 PM To: Sain, Kenneth W. Cc: mashcraft at omniture.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: f5 bigIP part 2 Tue, Feb 03, 2009 at 03:50:42PM -0600, kenneth.w.sain at accenture.com: > bigip01:~# remind me; is this thing based on linux? This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. From teun at teun.tv Wed Feb 4 15:36:12 2009 From: teun at teun.tv (Teun Vink) Date: Wed, 04 Feb 2009 16:36:12 +0100 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <49892026.5070600@comcast.net> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> <20090204031937.GD24794@shrubbery.net> <49892026.5070600@comcast.net> Message-ID: <1233761772.7717.21.camel@moridin.office.bit.nl.office.bit.nl> On Tue, 2009-02-03 at 22:57 -0600, Sam Munzani wrote: > Here is sanitized uname -a output from a bigup 6400 ltm box. > > Linux host-name 2.4.21-9.4.5.1049.0smp #2 SMP Wed May 14 12:50:53 PDT > 2008 i686 athlon i386 GNU/Linux > > I guess its linux now. I remember it used to be FreeBSD. The LTM 9.x series are redhat-based. The old 4.x series were BSD. I run that rancid script, but get some strange diffs every run, which are getting quite annoying. It seems as if the commands are executed in a different order every time. Regards, Teun From jledford at biltmore.com Wed Feb 4 18:59:02 2009 From: jledford at biltmore.com (Jason Ledford) Date: Wed, 4 Feb 2009 13:59:02 -0500 Subject: [rancid] Login Problems Without Username Message-ID: <435CB3214F92FD4E8E5CEEB86A20440240D10F927E@MAILBOX.tbcnet.biltmore.com> So I have my previous problem sorted out, many thanks. Now I am having a problem logging in to routers that don't prompt for a username (the only diff I can see). These are predominatly 2600 series Cisco routers. I can telnet to the routers in question and am immediately prompted for a password, no username. I enter my password and can then #en and type the enable password and get my config. In my cloginrc file I have tried to use blank for add user and then just remove the add user line, and then :add password host password enpassword, and every time it tells me Error: no password for dc-c2600-internet in /var/lib/rancid/.cloginrc Even though in my cloginrc file I have the same add password line for it as I do for every other host. Any help or pointers for what to try? TIA -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090204/4db161ac/attachment.html From heas at shrubbery.net Wed Feb 4 21:29:15 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 4 Feb 2009 13:29:15 -0800 Subject: [rancid] Re: Login Problems Without Username In-Reply-To: <435CB3214F92FD4E8E5CEEB86A20440240D10F927E@MAILBOX.tbcnet.biltmore.com> References: <435CB3214F92FD4E8E5CEEB86A20440240D10F927E@MAILBOX.tbcnet.biltmore.com> Message-ID: <20090204212914.GN29339@shrubbery.net> Wed, Feb 04, 2009 at 01:59:02PM -0500, Jason Ledford: > So I have my previous problem sorted out, many thanks. Now I am having a problem logging in to routers that don't prompt for a username (the only diff I can see). These are predominatly 2600 series Cisco routers. I can telnet to the routers in question and am immediately prompted for a password, no username. I enter my password and can then #en and type the enable password and get my config. In my cloginrc file I have tried to use blank for add user and then just remove the add user line, and then :add password host password enpassword, and every time it tells me > Error: no password for dc-c2600-internet in /var/lib/rancid/.cloginrc > > Even though in my cloginrc file I have the same add password line for it as I do for every other host. > > Any help or pointers for what to try? you should have a cloginrc entry like add password hostglob {password} {enablepassword} if you need a username/password pair, use the same or this plus add userpassword hostglob {userspecificpassword} From heas at shrubbery.net Wed Feb 4 21:31:52 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 4 Feb 2009 13:31:52 -0800 Subject: [rancid] Re: Pinning Moving Config Lines In-Reply-To: <49899586.6090803@redhat.com> References: <497EDF66.8070100@redhat.com> <20090127175048.GA3030@shrubbery.net> <49803DFE.2030701@redhat.com> <20090128194326.GG23935@shrubbery.net> <49899586.6090803@redhat.com> Message-ID: <20090204213152.GO29339@shrubbery.net> Wed, Feb 04, 2009 at 02:17:58PM +0100, Michael Stefaniuc: > john heasley wrote: > > Wed, Jan 28, 2009 at 12:14:06PM +0100, Michael Stefaniuc: > >> john heasley wrote: > >>> Tue, Jan 27, 2009 at 11:18:14AM +0100, Michael Stefaniuc: > >>>> is there an easy way to assign a fixed position to config lines that > >>>> move around during two invocations of "write term"? > >>>> > >>>> In the Cisco SAN-OS devices the "callhome" config line moves between the > >>>> front and end of the "fcalias name" sections producing bogus change reports. > >>> how so? please show an example of the moving. > > >>>> The solutions I see on a quick glance (none satisfactory): > >>>> - The absolute easiest way would be to just drop the line but for this > >>>> config line it doesn't seem like a wise idea. > >>>> - In the WriteTerm function create a separate ProcessHistory > >>>> "fcalias name" section with sorting and add "callhome" to that section > >>>> too. Drawback is that I would have to parse the "fcalias name" > >>>> sections correctly too. > >>>> > >>>> Does anybody know a nicer way to pin the moving config line down? > >>> We'd normally just sort it. > >> Yeah, will be a pita in this case. > > > > i really dislike ciscos for stuff like this. > > > > try adding a match for it like > > /^callhome/ && > > ProcessHistory("COMMENTS","keysort","Z0","$_") && next; you might also try this with "" instead of "COMMENTS", or just filter it. > That would have been too easy if it would have worked. But it doesn't; I > tried it out but the "callhome" line still moves around. > > I'll hack something up as it is annoying; depending on the amount of > "spare time" it will be a hack or a proper patch I can submit upstream. > > bye > michael > -- > Michael Stefaniuc Tel.: +49-711-96437-199 > Consulting Communications Engineer Fax.: +49-711-96437-111 > -------------------------------------------------------------------- > Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei Muenchen > Handelsregister: Amtsgericht Muenchen HRB 153243 > Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, > Werner Knoblich From Todd at equivoice.com Wed Feb 4 22:18:29 2009 From: Todd at equivoice.com (Todd Heide) Date: Wed, 4 Feb 2009 16:18:29 -0600 Subject: [rancid] OK I'm confused, .cloginrc not working Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local> Seems like something isn't right. I have the same clogin file that has worked in the past, and I verified that I can ssh, or telnet to these deices, using the correct username and password combination, but none of the devices are authenticating, I get "clogin error: Error: Check your passwd for". Here is a sampling of my .cloginrc add password 10.1.3.58 {password} {otherpassword} add method 10.1.3.58 telnet add password 10.1.3.59 {password} {otherpassword} add method 10.1.3.59 telnet The above is for devices that are not on AAA, and for those on AAA add user * rancid add password * {rancidpassword} add autoenable * 1 I haven't checked against SSH or the ASA's yet, but they worked in the past also, and have not changed. add autoenable ip.ip.ip.ip 0 add user ip.ip.ip.ip rancid add cyphertype des add password ip.ip.ip.ip {password} {password} add method ip.ip.ip.ip ssh Is there a log file I can look at? Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090204/8af57d95/attachment.html From Todd at equivoice.com Wed Feb 4 22:22:16 2009 From: Todd at equivoice.com (Todd Heide) Date: Wed, 4 Feb 2009 16:22:16 -0600 Subject: [rancid] Re: OK I'm confused, .cloginrc not working In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220015ADAE2@exchange.Equivoice.local> Correction, I found I had ( instead of { for the all else password, so AAA appears to work, but the individuals are not working still. Thanks Todd Heide Equivoice Inc. CCSP CCNA CCDA 847-235-3308 Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Wednesday, February 04, 2009 4:18 PM To: rancid-discuss at shrubbery.net Subject: [rancid] OK I'm confused, .cloginrc not working Seems like something isn't right. I have the same clogin file that has worked in the past, and I verified that I can ssh, or telnet to these deices, using the correct username and password combination, but none of the devices are authenticating, I get "clogin error: Error: Check your passwd for". Here is a sampling of my .cloginrc add password 10.1.3.58 {password} {otherpassword} add method 10.1.3.58 telnet add password 10.1.3.59 {password} {otherpassword} add method 10.1.3.59 telnet The above is for devices that are not on AAA, and for those on AAA add user * rancid add password * {rancidpassword} add autoenable * 1 I haven't checked against SSH or the ASA's yet, but they worked in the past also, and have not changed. add autoenable ip.ip.ip.ip 0 add user ip.ip.ip.ip rancid add cyphertype des add password ip.ip.ip.ip {password} {password} add method ip.ip.ip.ip ssh Is there a log file I can look at? Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090204/4b7408da/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image001.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090204/4b7408da/attachment.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1443 bytes Desc: image002.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090204/4b7408da/attachment-0001.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1309 bytes Desc: image003.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090204/4b7408da/attachment-0002.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1510 bytes Desc: image004.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090204/4b7408da/attachment-0003.jpe From heas at shrubbery.net Wed Feb 4 22:40:39 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 4 Feb 2009 14:40:39 -0800 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <4CA41E6E02F664448C893BB678E2C763569577@AMRXM2122.dir.svc.accenture.com> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> <20090204031536.GC24794@shrubbery.net> <4CA41E6E02F664448C893BB678E2C763569577@AMRXM2122.dir.svc.accenture.com> Message-ID: <20090204224039.GZ29339@shrubbery.net> Wed, Feb 04, 2009 at 08:06:42AM -0600, kenneth.w.sain at accenture.com: > I'm not sure how that would be accomplished. > > f5rancid contains no expect send commands, it calls clogin to handle > that work. I have no idea where or how I'd accomplish this inside > bin/f5rancid. > > Interestingly, f5rancind does contain the lines: > # force a terminal type so as not to confuse the POS > $ENV{'TERM'} = "vt100"; > > But it doesn't seem to have any affect on the login process. telnet/rsh/ssh, variables such as TERM are normally exchanged with the server/daemon. so, why isnt it happening here? > I did find that some of the @commandtable entries had syntax errors for > the older 4.5 bigIP code. Commenting those out and using the vt100 hack > in clogin is working for me now. is that the old code? I was told by another user that the old code has antiquated and that folks could just upgrade. I'd rather not support the old code. > > Ken Sain > Accenture @ MyFloridaMarketPlace > (850) 414-7580 (office) > (850) 508-4227 (cell) > kensainwork on Yahoo/AOL IM > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Tuesday, February 03, 2009 10:16 PM > To: Sain, Kenneth W. > Cc: mashcraft at omniture.com; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: f5 bigIP part 2 > > Tue, Feb 03, 2009 at 03:50:42PM -0600, kenneth.w.sain at accenture.com: > > Hrm, I already hardcoded clogin to provide vt100, just like the other > > poster in the URL I provided. And I've confirmed that it works via a > > bin/clogin bigip01. > > any change like setting TERM should be done in f5rancid, NOT clogin. > Let > clogin inherit it. > > > > This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. From heas at shrubbery.net Wed Feb 4 22:43:38 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 4 Feb 2009 14:43:38 -0800 Subject: [rancid] Re: f5 bigIP part 2 In-Reply-To: <1233761772.7717.21.camel@moridin.office.bit.nl.office.bit.nl> References: <4CA41E6E02F664448C893BB678E2C7635694D3@AMRXM2122.dir.svc.accenture.com> <370BD08812250148A3EC9CFC41A6D601FA1C6B49@EXCHANGE1.orm.omniture.com> <4CA41E6E02F664448C893BB678E2C7635694EE@AMRXM2122.dir.svc.accenture.com> <20090204031937.GD24794@shrubbery.net> <49892026.5070600@comcast.net> <1233761772.7717.21.camel@moridin.office.bit.nl.office.bit.nl> Message-ID: <20090204224338.GB29339@shrubbery.net> Wed, Feb 04, 2009 at 04:36:12PM +0100, Teun Vink: > On Tue, 2009-02-03 at 22:57 -0600, Sam Munzani wrote: > > Here is sanitized uname -a output from a bigup 6400 ltm box. > > > > Linux host-name 2.4.21-9.4.5.1049.0smp #2 SMP Wed May 14 12:50:53 PDT > > 2008 i686 athlon i386 GNU/Linux > > > > I guess its linux now. I remember it used to be FreeBSD. > > > The LTM 9.x series are redhat-based. The old 4.x series were BSD. > I run that rancid script, but get some strange diffs every run, which > are getting quite annoying. It seems as if the commands are executed in > a different order every time. thats sounds like something in the o/p screwing up the login script such that prompt matching isn't functioning correctly. you could verify that with hlogin -d -c 'listofcommandsfromfrancid.in' host > debugoutput 2>&1 look at the output for inproper prompt matching. From heas at shrubbery.net Wed Feb 4 22:45:58 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 4 Feb 2009 14:45:58 -0800 Subject: [rancid] Re: OK I'm confused, .cloginrc not working In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220015ADAE2@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local> <082FEA82DC985B4F8A6B412D5AC4E220015ADAE2@exchange.Equivoice.local> Message-ID: <20090204224558.GC29339@shrubbery.net> Wed, Feb 04, 2009 at 04:22:16PM -0600, Todd Heide: > Correction, I found I had ( instead of { for the all else password, so > AAA appears to work, but the individuals are not working still. try clogin -d hostname and look for the password exchanges to verify the correct strings are being sent. my guess would be that you have an unquoted special char in one of your passwords. From cgauthier at mapscu.com Wed Feb 4 23:38:37 2009 From: cgauthier at mapscu.com (Chris Gauthier) Date: Wed, 4 Feb 2009 15:38:37 -0800 Subject: [rancid] correct version to use? Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F338134D1341@mshin01.mapscu.com> John, I am seeing several versions of rancid that people have said they are using right now. I am using 2.3.2a7. Others are on a8 or a9. What version is the best version to use and/or most stable at the moment? I am not looking to make a bunch of changes, but I also don't want to fall "behind the times", so to speak. Thanks, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090204/1f688b1a/attachment.html From heas at shrubbery.net Thu Feb 5 00:20:44 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 4 Feb 2009 16:20:44 -0800 Subject: [rancid] Re: correct version to use? In-Reply-To: <0A9A5A2BC1C0A94C981AF5FCF2D2F338134D1341@mshin01.mapscu.com> References: <0A9A5A2BC1C0A94C981AF5FCF2D2F338134D1341@mshin01.mapscu.com> Message-ID: <20090205002044.GA27167@shrubbery.net> Wed, Feb 04, 2009 at 03:38:37PM -0800, Chris Gauthier: > John, > > > > I am seeing several versions of rancid that people have said they are > using right now. I am using 2.3.2a7. Others are on a8 or a9. What > version is the best version to use and/or most stable at the moment? I > am not looking to make a bunch of changes, but I also don't want to fall > "behind the times", so to speak. please use 2.3.2a9. I'm trying to catch-up with patches and other bits folks have contributed, assuming that I can verify they are proper and functional. From Todd at equivoice.com Thu Feb 5 01:03:44 2009 From: Todd at equivoice.com (Todd Heide) Date: Wed, 4 Feb 2009 19:03:44 -0600 Subject: [rancid] Re: OK I'm confused, .cloginrc not working In-Reply-To: <20090204224558.GC29339@shrubbery.net> References: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local> <082FEA82DC985B4F8A6B412D5AC4E220015ADAE2@exchange.Equivoice.local> <20090204224558.GC29339@shrubbery.net> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220015ADAF5@exchange.Equivoice.local> bash: clogin: command not found Thanks Todd Heide Equivoice Inc. ?? CCSP CCNA CCDA 847-235-3308 ? Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Wednesday, February 04, 2009 4:46 PM To: Todd Heide Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working Wed, Feb 04, 2009 at 04:22:16PM -0600, Todd Heide: > Correction, I found I had ( instead of { for the all else password, so > AAA appears to work, but the individuals are not working still. try clogin -d hostname and look for the password exchanges to verify the correct strings are being sent. my guess would be that you have an unquoted special char in one of your passwords. From boheme at gmail.com Thu Feb 5 01:49:42 2009 From: boheme at gmail.com (Chris Knight) Date: Wed, 4 Feb 2009 17:49:42 -0800 Subject: [rancid] Re: OK I'm confused, .cloginrc not working In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220015ADAF5@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local> <082FEA82DC985B4F8A6B412D5AC4E220015ADAE2@exchange.Equivoice.local> <20090204224558.GC29339@shrubbery.net> <082FEA82DC985B4F8A6B412D5AC4E220015ADAF5@exchange.Equivoice.local> Message-ID: Your problem is that the rancid tools are not in your path. You either need to envoke clogin fully pathed (ie /usr/local/rancid/bin/clogin ) or you need to fix your path. You might want to make sure you understand how unix paths work, as this is something that will bite you again and again over the coming years: http://kb.iu.edu/data/acar.html -Chris On Wed, Feb 4, 2009 at 5:03 PM, Todd Heide wrote: > bash: clogin: command not found > > Thanks > Todd Heide > Equivoice Inc. > > CCSP CCNA CCDA > 847-235-3308 > > Nothing ever goes as planned, Its a hell of a notion, > Even pharaohs turn to sand, Like a drop in the ocean > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Wednesday, February 04, 2009 4:46 PM > To: Todd Heide > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working > > Wed, Feb 04, 2009 at 04:22:16PM -0600, Todd Heide: >> Correction, I found I had ( instead of { for the all else password, so >> AAA appears to work, but the individuals are not working still. > > try clogin -d hostname > > and look for the password exchanges to verify the correct strings are > being sent. my guess would be that you have an unquoted special char > in one of your passwords. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From arla at rn.dk Thu Feb 5 07:13:22 2009 From: arla at rn.dk (Arne Larsen / Region Nordjylland) Date: Thu, 5 Feb 2009 08:13:22 +0100 Subject: [rancid] vs clogin can't login Message-ID: <8D68760F464FFD40A01BF2FB374E4A280165524E274F@SRVEXC02.aas.its.nja.dk> Hi Folks. I've got a problem with login on cisco routers. If I do clogin -u rancid -p rancid -w rancid , I get an error on the enable password, but if I do it by hand it works fine. Can someone tell me what I'm doing wrong. /Arne From ram.dahal at gmail.com Fri Feb 6 02:09:29 2009 From: ram.dahal at gmail.com (Ram Dahal) Date: Fri, 6 Feb 2009 07:54:29 +0545 Subject: [rancid] New to rancid Message-ID: I am new to rancid. I started learning Perl and have installed rancid. Now my job is to create a rancid file which will authenticate the user in router. How do i create a rancid file in linux?? I am completely new to it. I expect help from somebody. Regards Ram -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090206/da612569/attachment.html From infotek at gmail.com Fri Feb 6 05:59:50 2009 From: infotek at gmail.com (Jason Ellison) Date: Thu, 5 Feb 2009 23:59:50 -0600 Subject: [rancid] Cisco Pix "Configuration last modified" random time stamp In-Reply-To: References: Message-ID: List, While using RANCID I have noticed that the pix "Configuration last modified" keeps changing even though the device has not been modified. This creates an email every time RANCID is run. I know this is not a RANCID problem, but I thought someone on this list has likely seen and maybe even solved this issue. I thought it may bee related to ntp drift being applied against the "last modified" time... but disabling the ntp server did not change this behavior. pix# sh ver Cisco PIX Security Appliance Software Version 7.2(4) Device Manager Version 5.2(4) Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz pix# show clock 23:08:02.091 CST Thu Feb 5 2009 pix# show ver | include modified Configuration last modified by enable_15 at 16:38:15.162 CST Wed Feb 4 2009 pix# show ver | include modified Configuration last modified by enable_15 at 16:38:14.792 CST Wed Feb 4 2009 pix# show ver | include modified Configuration last modified by enable_15 at 16:38:15.292 CST Wed Feb 4 2009 pix# show ver | include modified Configuration last modified by enable_15 at 16:38:14.872 CST Wed Feb 4 2009 pix# show ver | include modified Configuration last modified by enable_15 at 16:38:15.492 CST Wed Feb 4 2009 pix# show clock 23:11:53.380 CST Thu Feb 5 2009 pix# show ntp status Clock is synchronized, stratum 3, reference is 10.x.x.x nominal freq is 99.9984 Hz, actual freq is 99.9917 Hz, precision is 2**6 reference time is cd3649b5.fad0cce6 (23:31:33.979 CST Thu Feb 5 2009) clock offset is 13.9375 msec, root delay is 47.26 msec root dispersion is 100.78 msec, peer dispersion is 19.13 msec From infotek at gmail.com Fri Feb 6 06:15:20 2009 From: infotek at gmail.com (Jason Ellison) Date: Fri, 6 Feb 2009 00:15:20 -0600 Subject: [rancid] Cisco IOS versus Cisco PIX and term width 80 Message-ID: List, I have a problem with Cisco c1841 formating the screen differently. !VLAN: VLAN Name Status Ports !VLAN: ---- -------------------------------- --------- ------------------------------- !VLAN: 1 default active Fa0/0/0, Fa0/0/1, Fa0/0/2 !VLAN: Fa0/0/3 versus !VLAN: VLAN Name Status Ports !VLAN: ---- -------------------------------- --------- ------------------------------- !VLAN: 1 default active Fa0/0/0, Fa0/0/1, Fa0/0/2, Fa0/0/3 adding "term width 80" after "term len 0" in clogin seems to fix this... but this seems to break the PIX. Should I create a new class... for the PIX or maybe do some hostname matching. Are others having this same issue? -Jason Ellison From jethro.binks at strath.ac.uk Fri Feb 6 09:45:02 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Fri, 6 Feb 2009 09:45:02 +0000 (GMT) Subject: [rancid] Re: Cisco Pix "Configuration last modified" random time stamp In-Reply-To: References: Message-ID: On Thu, 5 Feb 2009, Jason Ellison wrote: > Cisco PIX Security Appliance Software Version 7.2(4) > Device Manager Version 5.2(4) > Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz > > pix# show ver | include modified > Configuration last modified by enable_15 at 16:38:15.162 CST Wed Feb 4 2009 > pix# show ver | include modified > Configuration last modified by enable_15 at 16:38:14.792 CST Wed Feb 4 2009 ... Wow, I'd never noticed that. If I do the same: asa1# sh ver | inc mod Configuration last modified by admin at 14:22:04.182 UTC Wed Feb 4 2009 asa1# sh ver | inc mod Configuration last modified by admin at 14:22:04.549 UTC Wed Feb 4 2009 asa1# sh ver | inc mod Configuration last modified by admin at 14:22:04.009 UTC Wed Feb 4 2009 asa1# sh ver | inc mod Configuration last modified by admin at 14:22:04.248 UTC Wed Feb 4 2009 asa1# sh ver | inc mod Configuration last modified by admin at 14:22:04.578 UTC Wed Feb 4 2009 asa1# sh ver | inc mod Configuration last modified by admin at 14:22:04.427 UTC Wed Feb 4 2009 it similarly changes (slightly), even though 14:22 Feb 4 was a couple of days ago. So it is broadly correct, but there's obviously some rounding or timing issue while calculating the fractions of a second. > While using RANCID I have noticed that the pix "Configuration last > modified" keeps changing even though the device has not been modified. > This creates an email every time RANCID is run. > > I know this is not a RANCID problem, but I thought someone on this list > has likely seen and maybe even solved this issue. I do not get this from rancid. The "Configuration last modified" line is not represented in the processed output at all: looking at the ShowVersion subroutine, it is very specific about which lines it is interested in and doesn't just verbatim reproduce all the "show version" output. Which version of rancid are you running? There have been many fixes for PIX/ASA in the last several alpha releases: 2.3.2a9 works much better for me and others. Jethro. -- . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From jethro.binks at strath.ac.uk Fri Feb 6 10:00:09 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Fri, 6 Feb 2009 10:00:09 +0000 (GMT) Subject: [rancid] Re: Cisco IOS versus Cisco PIX and term width 80 In-Reply-To: References: Message-ID: On Fri, 6 Feb 2009, Jason Ellison wrote: > I have a problem with Cisco c1841 formating the screen differently. > > !VLAN: VLAN Name Status Ports > !VLAN: ---- -------------------------------- --------- > ------------------------------- > !VLAN: 1 default active Fa0/0/0, Fa0/0/1, Fa0/0/2 > !VLAN: Fa0/0/3 > > versus > > !VLAN: VLAN Name Status Ports > !VLAN: ---- -------------------------------- --------- > ------------------------------- > !VLAN: 1 default active Fa0/0/0, > Fa0/0/1, Fa0/0/2, Fa0/0/3 > > adding "term width 80" after "term len 0" in clogin seems to fix this... > but this seems to break the PIX. Should I create a new class... for the > PIX or maybe do some hostname matching. Are others having this same > issue? "term width 80" certainly isn't a valid command for the PIX, however in what way does it "break" it? All I get if I add that is: asa1# term width 0 ^ ERROR: % Invalid input detected at '^' marker. which is duly ignored. I think it would be useful if rancid had a clue earlier on what sort of device it is going to be talking to, so it could modify its behaviour (particularly in clogin) accordingly. I have often pondered about expanding the information per device in router.db. A hint could be placed in there (for example, to distinguish the common case of a traditional IOS box vs. the PIX, which has become more similar over time but is still somewhat different in some respects). It may be preferable to do this, rather than write a whole new *rancid/*login for a device which is substantially very similar to an existing one, which helps avoid duplication and divergence. Jethro. -- . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From infotek at gmail.com Fri Feb 6 06:07:29 2009 From: infotek at gmail.com (Jason Ellison) Date: Fri, 6 Feb 2009 00:07:29 -0600 Subject: [rancid] hlogin support for HP Procurve 5406zl Message-ID: RANCID 2.3.2a9 does not login to the Procurve 5400zl switch correctly. I'm using radius... So this may have changed the prompt. ProCurve J8697A Switch 5406zl Software revision K.13.45 Please Enter Login Name: jellison Please Enter Password: switch00# sh run | include radius aaa authentication console login radius local aaa authentication console enable radius local aaa authentication telnet login radius aaa authentication telnet enable radius aaa authentication web login radius aaa authentication web enable radius aaa authentication ssh login radius aaa authentication ssh enable radius gnu patch generated via diff -uN --- bin/hlogin.original.2.3.2a9 2009-02-03 18:35:55.000000000 -0600 +++ bin/hlogin 2009-02-04 00:07:52.000000000 -0600 @@ -666,7 +671,9 @@ # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { - set u_prompt "(Username|login|user name):" + #added "Name" for 5406zl + #which has the prompt "Please Enter Login Name:" + set u_prompt "(Name|Username|login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } From James.LITTLEFIELD at 3ds.com Fri Feb 6 12:56:36 2009 From: James.LITTLEFIELD at 3ds.com (LITTLEFIELD James) Date: Fri, 6 Feb 2009 07:56:36 -0500 Subject: [rancid] Re: Cisco Pix "Configuration last modified" random time stamp In-Reply-To: References: Message-ID: <1CDE4CAD0B3D5A40827FFD8275E50F86634188@CORP-CLT-EXB01.ds> > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Jason Ellison > Sent: Friday, February 06, 2009 1:00 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Cisco Pix "Configuration last modified" random time > stamp > > List, > > While using RANCID I have noticed that the pix "Configuration last > modified" > keeps changing even though the device has not been modified. This > creates > an email every time RANCID is run. > > I know this is not a RANCID problem, but I thought someone on this list > has > likely seen and maybe even solved this issue. > > I thought it may bee related to ntp drift being applied against the > "last modified" time... but disabling the ntp server did not change > this behavior. I have the same problem here and I'm sure it isn't an NTP issue. Time to start poking around the code... Best regards, Jim LITTLEFIELD Information Technology Office: +1 401 276 4457 James.LITTLEFIELD at 3ds.com www.3ds.com Visit us at: www.simulia.com SIMULIA - Dassault Systemes Simulia Corp. 166 Valley Street - Providence, Rhode Island 02909 - United States From James.LITTLEFIELD at 3ds.com Fri Feb 6 13:01:49 2009 From: James.LITTLEFIELD at 3ds.com (LITTLEFIELD James) Date: Fri, 6 Feb 2009 08:01:49 -0500 Subject: [rancid] Re: Cisco Pix "Configuration last modified" random time stamp In-Reply-To: References: Message-ID: <1CDE4CAD0B3D5A40827FFD8275E50F86634189@CORP-CLT-EXB01.ds> > > I do not get this from rancid. The "Configuration last modified" line > is > not represented in the processed output at all: looking at the > ShowVersion > subroutine, it is very specific about which lines it is interested in > and > doesn't just verbatim reproduce all the "show version" output. Which > version of rancid are you running? There have been many fixes for > PIX/ASA > in the last several alpha releases: 2.3.2a9 works much better for me and > others. > > Jethro. This started for me after upgrading to 2.3.2a9. Best regards, Jim LITTLEFIELD Information Technology Office: +1 401 276 4457 James.LITTLEFIELD at 3ds.com www.3ds.com Visit us at: www.simulia.com SIMULIA - Dassault Systemes Simulia Corp. 166 Valley Street - Providence, Rhode Island 02909 - United States From infotek at gmail.com Fri Feb 6 15:57:45 2009 From: infotek at gmail.com (Jason Ellison) Date: Fri, 6 Feb 2009 09:57:45 -0600 Subject: [rancid] Re: hlogin support for HP Procurve 5406zl In-Reply-To: <986544234AB0A44BADE40DF502E2012A014C51E8@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A014C51E8@SPBMAIL.spb.sovintel.net> Message-ID: Alexander, Do you have two passwords after "add password" in ".cloginrc"? The second one is the enable password. I'm running "rancid-2.3.2a9". .cloginrc add method sw*.hq.example.org telnet add user sw*.hq.example.org {username} add enauser sw*.hq.example.org {username} add password sw*.hq.example.org {password} {enablepassword} On Fri, Feb 6, 2009 at 5:36 AM, Smirnoff Alexander wrote: > In addiction of you question I want ask about HP Procurve 2650 . I try > to collect configs via RANCID and normal procurve behaviour is like > this: > > -bash-3.1$ telnet 10.4.18.230 > Trying 10.4.18.230... > Connected to hp2650-kon-3fl-lw-1.spb (10.4.18.230). > Escape character is '^]'. > Please Enter Login Name: spbrancid > Please Enter Password: > hp2650-kon-3fl-lw-1> en > Please Enter Login Name: spbrancid > Please Enter Password: > hp2650-kon-3fl-lw-1# show config > > e.g. to log in enable mode, then I can show config I need write user and > password twice. But then I run > > -bash-3.1$ bin/hlogin 10. 4.18.230 > 10.4.18.230 > spawn hpuifilter -- telnet 10.4.18.230 > Trying 10.4.18.230... > Connected to hp2650-kon-3fl-lw-1.spb (10.4.18.230). > Escape character is '^]'. > ProCurve J4899C Switch 2650 > Software revision H.10.74 > > Copyright (C) 1991-2008 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to > restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical > Data and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > > Please register your products now at: www.ProCurve.com > > > Press any key to continuePlease Enter Login Name: spbrancid > Please Enter Password: > hp2650-kon-3fl-lw-1> > > RANCID not write en and user and password second time? How I can fix it? > Hlogin see in attachment > > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jason Ellison > Sent: Friday, February 06, 2009 9:07 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] hlogin support for HP Procurve 5406zl > > RANCID 2.3.2a9 does not login to the Procurve 5400zl switch correctly. > I'm using radius... So this may have changed the prompt. > > ProCurve J8697A Switch 5406zl > Software revision K.13.45 > > Please Enter Login Name: jellison > Please Enter Password: > > > switch00# sh run | include radius > aaa authentication console login radius local > aaa authentication console enable radius local > aaa authentication telnet login radius > aaa authentication telnet enable radius > aaa authentication web login radius > aaa authentication web enable radius > aaa authentication ssh login radius > aaa authentication ssh enable radius > > > gnu patch generated via diff -uN > > --- bin/hlogin.original.2.3.2a9 2009-02-03 18:35:55.000000000 -0600 > +++ bin/hlogin 2009-02-04 00:07:52.000000000 -0600 > @@ -666,7 +671,9 @@ > # Figure out prompts > set u_prompt [find userprompt $router] > if { "$u_prompt" == "" } { > - set u_prompt "(Username|login|user name):" > + #added "Name" for 5406zl > + #which has the prompt "Please Enter Login Name:" > + set u_prompt "(Name|Username|login|user name):" > } else { > set u_prompt [join [lindex $u_prompt 0] ""] > } > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Todd at equivoice.com Fri Feb 6 16:10:19 2009 From: Todd at equivoice.com (Todd Heide) Date: Fri, 6 Feb 2009 10:10:19 -0600 Subject: [rancid] Re: OK I'm confused, .cloginrc not working In-Reply-To: References: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local> <082FEA82DC985B4F8A6B412D5AC4E220015ADAE2@exchange.Equivoice.local> <20090204224558.GC29339@shrubbery.net> <082FEA82DC985B4F8A6B412D5AC4E220015ADAF5@exchange.Equivoice.local> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220015ADC6B@exchange.Equivoice.local> Yep DOH on my part. I ran it with -d and got an error Error: Unknown argument! -d Ran it as bin/clogin -f /usr/local/rancid/.cloginrc hostname, and it fails to authenticate. Escape character is '^]'. Password: % Authentication failed Password: Error: Check your passwd for Thanks Todd -----Original Message----- From: Chris Knight [mailto:boheme at gmail.com] Sent: Wednesday, February 04, 2009 7:50 PM To: Todd Heide; Rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working Your problem is that the rancid tools are not in your path. You either need to envoke clogin fully pathed (ie /usr/local/rancid/bin/clogin ) or you need to fix your path. You might want to make sure you understand how unix paths work, as this is something that will bite you again and again over the coming years: http://kb.iu.edu/data/acar.html -Chris On Wed, Feb 4, 2009 at 5:03 PM, Todd Heide wrote: > bash: clogin: command not found > > Thanks > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Wednesday, February 04, 2009 4:46 PM > To: Todd Heide > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working > > Wed, Feb 04, 2009 at 04:22:16PM -0600, Todd Heide: >> Correction, I found I had ( instead of { for the all else password, so >> AAA appears to work, but the individuals are not working still. > > try clogin -d hostname > > and look for the password exchanges to verify the correct strings are > being sent. my guess would be that you have an unquoted special char > in one of your passwords. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Todd at equivoice.com Fri Feb 6 16:44:13 2009 From: Todd at equivoice.com (Todd Heide) Date: Fri, 6 Feb 2009 10:44:13 -0600 Subject: [rancid] Re: OK I'm confused, .cloginrc not working In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220015ADC6B@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local><082FEA82DC985B4F8A6B412D5AC4E220015ADAE2@exchange.Equivoice.local><20090204224558.GC29339@shrubbery.net><082FEA82DC985B4F8A6B412D5AC4E220015ADAF5@exchange.Equivoice.local> <082FEA82DC985B4F8A6B412D5AC4E220015ADC6B@exchange.Equivoice.local> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220015ADC7D@exchange.Equivoice.local> Other than the telnet not working as below, I found the AAA one is working, problem is, CVS or Viewvc doesn't appear to be working. I can see the new routers from router.db listed as new router, but no new updates. If I go into the group Core_Routers/configs and cat an entry in there I can see the config from the router, so it has pulled the configs at some point, but has not committed them to CVS. Do I need to do something to get these to commit? Thanks Todd Heide Equivoice Inc. CCSP CCNA CCDA 847-235-3308 Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Friday, February 06, 2009 10:10 AM To: Rancid-discuss at shrubbery.net Subject: [rancid] Re: OK I'm confused, .cloginrc not working Yep DOH on my part. I ran it with -d and got an error Error: Unknown argument! -d Ran it as bin/clogin -f /usr/local/rancid/.cloginrc hostname, and it fails to authenticate. Escape character is '^]'. Password: % Authentication failed Password: Error: Check your passwd for Thanks Todd -----Original Message----- From: Chris Knight [mailto:boheme at gmail.com] Sent: Wednesday, February 04, 2009 7:50 PM To: Todd Heide; Rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working Your problem is that the rancid tools are not in your path. You either need to envoke clogin fully pathed (ie /usr/local/rancid/bin/clogin ) or you need to fix your path. You might want to make sure you understand how unix paths work, as this is something that will bite you again and again over the coming years: http://kb.iu.edu/data/acar.html -Chris On Wed, Feb 4, 2009 at 5:03 PM, Todd Heide wrote: > bash: clogin: command not found > > Thanks > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Wednesday, February 04, 2009 4:46 PM > To: Todd Heide > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working > > Wed, Feb 04, 2009 at 04:22:16PM -0600, Todd Heide: >> Correction, I found I had ( instead of { for the all else password, so >> AAA appears to work, but the individuals are not working still. > > try clogin -d hostname > > and look for the password exchanges to verify the correct strings are > being sent. my guess would be that you have an unquoted special char > in one of your passwords. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From tad1214 at aol.com Fri Feb 6 17:25:44 2009 From: tad1214 at aol.com (Thomas Donnelly) Date: Fri, 06 Feb 2009 11:25:44 -0600 Subject: [rancid] hlogin with SSH Message-ID: <498C7298.5090802@aol.com> I have found a few threads regarding hlogin with SSH but I have had no success yet in finding a solution Hlogin doesnt seem to work with ssh. It pulls a EOF with this error. %/usr/local/libexec/rancid/hlogin ss1.example.net ss1.example.net spawn hpuifilter -- 'ssh -c 3des -x -l SomeUser' ss1.example.net Error: Couldn't login Anyone found any working solutions? I read a couple of places its not sending the password with it? It breaks at line 370 here: eof { send_user "\nError: Couldn't login\n"; wait; return 1 } Thanks!!! -=Tom From heas at shrubbery.net Fri Feb 6 17:31:45 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 6 Feb 2009 09:31:45 -0800 Subject: [rancid] Re: hlogin with SSH In-Reply-To: <498C7298.5090802@aol.com> References: <498C7298.5090802@aol.com> Message-ID: <20090206173145.GA5538@shrubbery.net> Fri, Feb 06, 2009 at 11:25:44AM -0600, Thomas Donnelly: > I have found a few threads regarding hlogin with SSH but I have had no > success yet in finding a solution > > Hlogin doesnt seem to work with ssh. It pulls a EOF with this error. > > %/usr/local/libexec/rancid/hlogin ss1.example.net > ss1.example.net > spawn hpuifilter -- 'ssh -c 3des -x -l SomeUser' ss1.example.net > > Error: Couldn't login > > > Anyone found any working solutions? I read a couple of places its not > sending the password with it? > > It breaks at line 370 here: > > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > which o/s? which ssh client? what type of device? what version of rancid? you should be using 2.3.2a9 From heas at shrubbery.net Fri Feb 6 18:01:15 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 6 Feb 2009 10:01:15 -0800 Subject: [rancid] Re: OK I'm confused, .cloginrc not working In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220015ADC6B@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local> <082FEA82DC985B4F8A6B412D5AC4E220015ADAE2@exchange.Equivoice.local> <20090204224558.GC29339@shrubbery.net> <082FEA82DC985B4F8A6B412D5AC4E220015ADAF5@exchange.Equivoice.local> <082FEA82DC985B4F8A6B412D5AC4E220015ADC6B@exchange.Equivoice.local> Message-ID: <20090206180115.GK5538@shrubbery.net> Fri, Feb 06, 2009 at 10:10:19AM -0600, Todd Heide: > Yep DOH on my part. I ran it with -d and got an error > Error: Unknown argument! -d -d is right. if it does not accept it you are not running the latest. please install 2.3.2a9. then we can talk. Also, actually read what Chris posted and consider how it relates to the your post. > Ran it as bin/clogin -f /usr/local/rancid/.cloginrc hostname, and it > fails to authenticate. > > Escape character is '^]'. > > Password: > > % Authentication failed > > Password: > Error: Check your passwd for > > Thanks > Todd > > -----Original Message----- > From: Chris Knight [mailto:boheme at gmail.com] > Sent: Wednesday, February 04, 2009 7:50 PM > To: Todd Heide; Rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working > > Your problem is that the rancid tools are not in your path. You > either need to envoke clogin fully pathed (ie > /usr/local/rancid/bin/clogin ) or you need to fix your path. > > You might want to make sure you understand how unix paths work, as > this is something that will bite you again and again over the coming > years: http://kb.iu.edu/data/acar.html > > -Chris > > On Wed, Feb 4, 2009 at 5:03 PM, Todd Heide wrote: > > bash: clogin: command not found > > > > Thanks > > > > > > -----Original Message----- > > From: john heasley [mailto:heas at shrubbery.net] > > Sent: Wednesday, February 04, 2009 4:46 PM > > To: Todd Heide > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working > > > > Wed, Feb 04, 2009 at 04:22:16PM -0600, Todd Heide: > >> Correction, I found I had ( instead of { for the all else password, > so > >> AAA appears to work, but the individuals are not working still. > > > > try clogin -d hostname > > > > and look for the password exchanges to verify the correct strings are > > being sent. my guess would be that you have an unquoted special char > > in one of your passwords. > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From denyipanyany at gmail.com Fri Feb 6 14:08:18 2009 From: denyipanyany at gmail.com (Deny IP Any Any) Date: Fri, 6 Feb 2009 09:08:18 -0500 Subject: [rancid] Re: Cisco Pix "Configuration last modified" random time stamp In-Reply-To: <1CDE4CAD0B3D5A40827FFD8275E50F86634189@CORP-CLT-EXB01.ds> References: <1CDE4CAD0B3D5A40827FFD8275E50F86634189@CORP-CLT-EXB01.ds> Message-ID: On Fri, Feb 6, 2009 at 8:01 AM, LITTLEFIELD James wrote: >> >> I do not get this from rancid. The "Configuration last modified" line >> is >> not represented in the processed output at all: looking at the >> ShowVersion >> subroutine, it is very specific about which lines it is interested in >> and >> doesn't just verbatim reproduce all the "show version" output. Which >> version of rancid are you running? There have been many fixes for >> PIX/ASA >> in the last several alpha releases: 2.3.2a9 works much better for me and >> others. >> >> Jethro. > > > This started for me after upgrading to 2.3.2a9. > > > Best regards, > > Jim LITTLEFIELD > Information Technology > Office: +1 401 276 4457 > James.LITTLEFIELD at 3ds.com > www.3ds.com > Visit us at: www.simulia.com > SIMULIA - Dassault Systemes Simulia Corp. 166 Valley Street - Providence, Rhode Island 02909 - United States > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > This is a bug in the Cisco code, bug CSCsv80536. Fixed-In 8.0(4.13) 8.2(0.180) 7.1(2.80) 7.2(4.21) 8.1(2.7) 7.0(8.5 -- deny ip any any (4393649193 matches) From Todd at equivoice.com Fri Feb 6 19:38:20 2009 From: Todd at equivoice.com (Todd Heide) Date: Fri, 6 Feb 2009 13:38:20 -0600 Subject: [rancid] Re: OK I'm confused, .cloginrc not working In-Reply-To: <20090206180115.GK5538@shrubbery.net> References: <082FEA82DC985B4F8A6B412D5AC4E220015ADADF@exchange.Equivoice.local> <082FEA82DC985B4F8A6B412D5AC4E220015ADAE2@exchange.Equivoice.local> <20090204224558.GC29339@shrubbery.net> <082FEA82DC985B4F8A6B412D5AC4E220015ADAF5@exchange.Equivoice.local> <082FEA82DC985B4F8A6B412D5AC4E220015ADC6B@exchange.Equivoice.local> <20090206180115.GK5538@shrubbery.net> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220015ADCDA@exchange.Equivoice.local> When I upgrade this, should I do it as rancid user or root? Readme doesn't particularly say so. Thanks Todd -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Friday, February 06, 2009 12:01 PM To: Todd Heide Cc: Rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working Fri, Feb 06, 2009 at 10:10:19AM -0600, Todd Heide: > Yep DOH on my part. I ran it with -d and got an error > Error: Unknown argument! -d -d is right. if it does not accept it you are not running the latest. please install 2.3.2a9. then we can talk. Also, actually read what Chris posted and consider how it relates to the your post. > Ran it as bin/clogin -f /usr/local/rancid/.cloginrc hostname, and it > fails to authenticate. > > Escape character is '^]'. > > Password: > > % Authentication failed > > Password: > Error: Check your passwd for > > Thanks > Todd > > -----Original Message----- > From: Chris Knight [mailto:boheme at gmail.com] > Sent: Wednesday, February 04, 2009 7:50 PM > To: Todd Heide; Rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working > > Your problem is that the rancid tools are not in your path. You > either need to envoke clogin fully pathed (ie > /usr/local/rancid/bin/clogin ) or you need to fix your path. > > You might want to make sure you understand how unix paths work, as > this is something that will bite you again and again over the coming > years: http://kb.iu.edu/data/acar.html > > -Chris > > On Wed, Feb 4, 2009 at 5:03 PM, Todd Heide wrote: > > bash: clogin: command not found > > > > Thanks > > > > > > -----Original Message----- > > From: john heasley [mailto:heas at shrubbery.net] > > Sent: Wednesday, February 04, 2009 4:46 PM > > To: Todd Heide > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Re: OK I'm confused, .cloginrc not working > > > > Wed, Feb 04, 2009 at 04:22:16PM -0600, Todd Heide: > >> Correction, I found I had ( instead of { for the all else password, > so > >> AAA appears to work, but the individuals are not working still. > > > > try clogin -d hostname > > > > and look for the password exchanges to verify the correct strings are > > being sent. my guess would be that you have an unquoted special char > > in one of your passwords. > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Fri Feb 6 20:53:23 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 6 Feb 2009 12:53:23 -0800 Subject: [rancid] Re: Cisco Pix "Configuration last modified" random time stamp In-Reply-To: <1CDE4CAD0B3D5A40827FFD8275E50F86634188@CORP-CLT-EXB01.ds> References: <1CDE4CAD0B3D5A40827FFD8275E50F86634188@CORP-CLT-EXB01.ds> Message-ID: <20090206205323.GZ5538@shrubbery.net> Fri, Feb 06, 2009 at 07:56:36AM -0500, LITTLEFIELD James: > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > bounces at shrubbery.net] On Behalf Of Jason Ellison > > Sent: Friday, February 06, 2009 1:00 AM > > To: rancid-discuss at shrubbery.net > > Subject: [rancid] Cisco Pix "Configuration last modified" random time > > stamp > > > > List, > > > > While using RANCID I have noticed that the pix "Configuration last > > modified" > > keeps changing even though the device has not been modified. This > > creates > > an email every time RANCID is run. > > > > I know this is not a RANCID problem, but I thought someone on this list > > has > > likely seen and maybe even solved this issue. > > > > I thought it may bee related to ntp drift being applied against the > > "last modified" time... but disabling the ntp server did not change > > this behavior. > > I have the same problem here and I'm sure it isn't an NTP issue. Time to start poking around the code... I think this change, not in 2.3.2a9, will fix this problem. Index: rancid.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/rancid.in,v retrieving revision 1.251 retrieving revision 1.253 diff -d -u -r1.251 -r1.253 --- rancid.in 26 Nov 2008 17:43:41 -0000 1.251 +++ rancid.in 2 Feb 2009 21:40:14 -0000 1.253 @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: rancid.in,v 1.251 2008/11/26 17:43:41 heas Exp $ +## $Id: rancid.in,v 1.253 2009/02/02 21:40:14 heas Exp $ ## ## @PACKAGE@ @VERSION@ ## Copyright (c) 1997-2008 by Terrapin Communications, Inc. @@ -1522,6 +1522,7 @@ last if (/^$prompt/); return(1) if /Line has invalid autocommand /; return(1) if (/(Invalid input detected|Type help or )/i); + return(1) if /\%Error: No such file or directory/; return(0) if ($found_end); # Only do this routine once return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX @@ -1550,6 +1551,8 @@ # some versions have other crap mixed in with the bits in the # block above /^! (Last configuration|NVRAM config last)/ && next; + # and for the ASA + /^: (Written by \w+ at|Saved)/ && next; # skip consecutive comment lines to avoid oscillating extra comment # line on some access servers. grrr. @@ -1823,7 +1826,7 @@ next; } - /^Cryptochecksum:/ && next; + /^ *Cryptochecksum:/ && next; # catch anything that wasnt matched above. ProcessHistory("","","","$_"); From heas at shrubbery.net Fri Feb 6 23:27:41 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 6 Feb 2009 15:27:41 -0800 Subject: [rancid] Re: Cisco IOS versus Cisco PIX and term width 80 In-Reply-To: References: Message-ID: <20090206232741.GI5538@shrubbery.net> Fri, Feb 06, 2009 at 10:00:09AM +0000, Jethro R Binks: > On Fri, 6 Feb 2009, Jason Ellison wrote: > > > I have a problem with Cisco c1841 formating the screen differently. > > > > !VLAN: VLAN Name Status Ports > > !VLAN: ---- -------------------------------- --------- > > ------------------------------- > > !VLAN: 1 default active Fa0/0/0, Fa0/0/1, Fa0/0/2 > > !VLAN: Fa0/0/3 > > > > versus > > > > !VLAN: VLAN Name Status Ports > > !VLAN: ---- -------------------------------- --------- > > ------------------------------- > > !VLAN: 1 default active Fa0/0/0, > > Fa0/0/1, Fa0/0/2, Fa0/0/3 > > > > adding "term width 80" after "term len 0" in clogin seems to fix this... > > but this seems to break the PIX. Should I create a new class... for the > > PIX or maybe do some hostname matching. Are others having this same > > issue? I presume that you added it incorrectly. But, this does bring us back to the question of whether this command, or term width 132 or term width 0, break any of the devices that clogin supports. Maybe PIX does not have this command, which is one case, but for the cases where the device does support the command, such as a catalyst, does it break or act erradically? I do not have catalysts to test, nor PIX or ASA, etc. I've asked before, has anyone with catalysts or others tried this change to clogin? > "term width 80" certainly isn't a valid command for the PIX, however in > what way does it "break" it? All I get if I add that is: > > asa1# term width 0 > ^ > ERROR: % Invalid input detected at '^' marker. > > which is duly ignored. > > I think it would be useful if rancid had a clue earlier on what sort of > device it is going to be talking to, so it could modify its behaviour > (particularly in clogin) accordingly. I have often pondered about > expanding the information per device in router.db. A hint could be placed > in there (for example, to distinguish the common case of a traditional IOS > box vs. the PIX, which has become more similar over time but is still > somewhat different in some respects). > > It may be preferable to do this, rather than write a whole new > *rancid/*login for a device which is substantially very similar to an > existing one, which helps avoid duplication and divergence. > > Jethro. > > -- > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Sat Feb 7 08:13:18 2009 From: heas at shrubbery.net (john heasley) Date: Sat, 7 Feb 2009 08:13:18 +0000 Subject: [rancid] Re: hlogin support for HP Procurve 5406zl In-Reply-To: References: Message-ID: <20090207081318.GD10264@shrubbery.net> Fri, Feb 06, 2009 at 12:07:29AM -0600, Jason Ellison: > RANCID 2.3.2a9 does not login to the Procurve 5400zl switch correctly. > I'm using radius... So this may have changed the prompt. does your AAA server set this prompt? is that possible with radius? > ProCurve J8697A Switch 5406zl > Software revision K.13.45 > > Please Enter Login Name: jellison > Please Enter Password: > > > switch00# sh run | include radius > aaa authentication console login radius local > aaa authentication console enable radius local > aaa authentication telnet login radius > aaa authentication telnet enable radius > aaa authentication web login radius > aaa authentication web enable radius > aaa authentication ssh login radius > aaa authentication ssh enable radius > > > gnu patch generated via diff -uN > > --- bin/hlogin.original.2.3.2a9 2009-02-03 18:35:55.000000000 -0600 > +++ bin/hlogin 2009-02-04 00:07:52.000000000 -0600 > @@ -666,7 +671,9 @@ > # Figure out prompts > set u_prompt [find userprompt $router] > if { "$u_prompt" == "" } { > - set u_prompt "(Username|login|user name):" > + #added "Name" for 5406zl > + #which has the prompt "Please Enter Login Name:" > + set u_prompt "(Name|Username|login|user name):" > } else { > set u_prompt [join [lindex $u_prompt 0] ""] > } > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From infotek at gmail.com Sat Feb 7 22:45:52 2009 From: infotek at gmail.com (Jason Ellison) Date: Sat, 7 Feb 2009 16:45:52 -0600 Subject: [rancid] Re: Cisco IOS versus Cisco PIX and term width 80 In-Reply-To: <20090206232741.GI5538@shrubbery.net> References: <20090206232741.GI5538@shrubbery.net> Message-ID: On Fri, Feb 6, 2009 at 5:27 PM, john heasley wrote: > Fri, Feb 06, 2009 at 10:00:09AM +0000, Jethro R Binks: >> On Fri, 6 Feb 2009, Jason Ellison wrote: >> >> > I have a problem with Cisco c1841 formating the screen differently. >> > >> > !VLAN: VLAN Name Status Ports >> > !VLAN: ---- -------------------------------- --------- >> > ------------------------------- >> > !VLAN: 1 default active Fa0/0/0, Fa0/0/1, Fa0/0/2 >> > !VLAN: Fa0/0/3 >> > >> > versus >> > >> > !VLAN: VLAN Name Status Ports >> > !VLAN: ---- -------------------------------- --------- >> > ------------------------------- >> > !VLAN: 1 default active Fa0/0/0, >> > Fa0/0/1, Fa0/0/2, Fa0/0/3 >> > >> > adding "term width 80" after "term len 0" in clogin seems to fix this... >> > but this seems to break the PIX. Should I create a new class... for the >> > PIX or maybe do some hostname matching. Are others having this same >> > issue? > > I presume that you added it incorrectly. > > But, this does bring us back to the question of whether this command, > or term width 132 or term width 0, break any of the devices that clogin > supports. > > Maybe PIX does not have this command, which is one case, but for the > cases where the device does support the command, such as a catalyst, > does it break or act erradically? I do not have catalysts to test, > nor PIX or ASA, etc. > > I've asked before, has anyone with catalysts or others tried this > change to clogin? > >> "term width 80" certainly isn't a valid command for the PIX, however in >> what way does it "break" it? All I get if I add that is: >> >> asa1# term width 0 >> ^ >> ERROR: % Invalid input detected at '^' marker. >> >> which is duly ignored. >> >> I think it would be useful if rancid had a clue earlier on what sort of >> device it is going to be talking to, so it could modify its behaviour >> (particularly in clogin) accordingly. I have often pondered about >> expanding the information per device in router.db. A hint could be placed >> in there (for example, to distinguish the common case of a traditional IOS >> box vs. the PIX, which has become more similar over time but is still >> somewhat different in some respects). >> >> It may be preferable to do this, rather than write a whole new >> *rancid/*login for a device which is substantially very similar to an >> existing one, which helps avoid duplication and divergence. >> >> Jethro. >> >> -- >> . . . . . . . . . . . . . . . . . . . . . . . . . >> Jethro R Binks >> Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > About the modification breaking my pix monitoring... Here is my modification to clogin root at monitor:/usr/local/rancid# diff -uN /usr/local/src/rancid-2.3.2a9/bin/clogin bin/clogin --- /usr/local/src/rancid-2.3.2a9/bin/clogin 2009-02-03 18:19:46.000000000 -0600 +++ bin/clogin 2009-02-07 15:24:16.000000000 -0600 @@ -610,6 +610,7 @@ set command "set logging session disable;$command" } else { send "terminal length 0\r" + send "terminal width 80\r" } # escape any parens in the prompt, such as "(enable)" regsub -all {[)(]} $prompt {\\&} reprompt @@ -875,6 +876,7 @@ send "set logging session disable\r" } else { send "terminal length 0\r" + send "terminal width 80\r" } expect -re $prompt {} source $sfile TCP stream of rancid connecting to the pix (cleaned)... <--CUT--> Username: ..&..&........... ..!.."..'........&..&........... ..!.."..'......user ... Password: ..$user .******** Type help or '?' for a list of available commands. .pix> enable .enable Password: password .******** .pix# . .pix# terminal length 0 .terminal width 80 .terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. .pix# terminal width 80 ^ ERROR: % Invalid input detected at '^' marker. .pix# admin show version .ashow version .dmin show version ^ ERROR: % Invalid input detected at '^' marker. .pix# show redundancy secondary .show version <--CUT--> <--CUT--> .pix# more system:running-config .show running-config .more system:running-config Cryptochecksum: bce13d29 c20a9f99 eaaddf54 9f6a8121 : Saved : Written by enable_15 at 15:54:21.835 CST Sat Feb 7 2009 ! PIX Version 7.2(4) ! hostname fw domain-name example.org enable password xxxxxxxx encrypted passwd xxxxxxxxxxx encrypted names dns-guard ! interface Ethernet0 nameif outside security-level 0 ip address 000.000.000.000 255.255.255.252 ! interface Ethernet1 nameif inside <--- More ---> . . . security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet2 <--CUT--> <--CUT--> service-policy global_policy global prompt hostname context Cryptochecksum:bce13d29c20a9f99eaaddf549f6a8121 : end .pix# write term .write term : Saved : PIX Version 7.2(4) ! hostname fw01 <--CUT--> <--CUT--> Cryptochecksum:bce13d29c20a9f99eaaddf549f6a8121 : end <--- More ---> . .[OK] .pix# eexxiitt . Logoff <--CUT--> The Log of the above run root at monitor:/usr/local/rancid# cat var/logs/group.20090207.152420 starting: Sat Feb 7 15:24:20 CST 2009 Trying to get all of the configs. fw01.example.org: missed cmd(s): show redundancy secondary,show running-config ===================================== Getting missed routers: round 1. fw01.example.org: missed cmd(s): show redundancy secondary,show running-config ===================================== Getting missed routers: round 2. fw01.example.org: missed cmd(s): show redundancy secondary,show running-config ===================================== Getting missed routers: round 3. fw01.example.org: missed cmd(s): show redundancy secondary,show running-config ===================================== Getting missed routers: round 4. fw01.example.org: missed cmd(s): show redundancy secondary,show running-config cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ending: Sat Feb 7 15:25:35 CST 2009 From heas at shrubbery.net Mon Feb 9 23:13:28 2009 From: heas at shrubbery.net (john heasley) Date: Mon, 9 Feb 2009 15:13:28 -0800 Subject: [rancid] Re: Cisco IOS versus Cisco PIX and term width 80 In-Reply-To: References: <20090206232741.GI5538@shrubbery.net> Message-ID: <20090209231328.GR26723@shrubbery.net> Sat, Feb 07, 2009 at 04:45:52PM -0600, Jason Ellison: > About the modification breaking my pix monitoring... > > Here is my modification to clogin > > root at monitor:/usr/local/rancid# diff -uN > /usr/local/src/rancid-2.3.2a9/bin/clogin bin/clogin > --- /usr/local/src/rancid-2.3.2a9/bin/clogin 2009-02-03 > 18:19:46.000000000 -0600 > +++ bin/clogin 2009-02-07 15:24:16.000000000 -0600 > @@ -610,6 +610,7 @@ > set command "set logging session disable;$command" > } else { > send "terminal length 0\r" > + send "terminal width 80\r" > } > # escape any parens in the prompt, such as "(enable)" > regsub -all {[)(]} $prompt {\\&} reprompt > @@ -875,6 +876,7 @@ > send "set logging session disable\r" > } else { > send "terminal length 0\r" > + send "terminal width 80\r" > } > expect -re $prompt {} > source $sfile > because it is important that the login script keep track of prompts to avoid, among other things, matching things in output that look like prompts, you must match prompts that you trigger and you haven't done that here. this is most likely why it fails. > TCP stream of rancid connecting to the pix (cleaned)... *login -d host is normally far more useful output for debugging the login scripts. From oglumavd at gmail.com Tue Feb 10 07:00:26 2009 From: oglumavd at gmail.com (Oglum AVD) Date: Mon, 9 Feb 2009 23:00:26 -0800 Subject: [rancid] Re: New to rancid In-Reply-To: References: Message-ID: Hi Ram, Here's basic Rancid setup/config; http://resume.demirdesign.com/pub_kdb_list_det.php?kdb_id=8 On Thu, Feb 5, 2009 at 6:09 PM, Ram Dahal wrote: > I am new to rancid. I started learning Perl and have installed rancid. Now > my job is to create a rancid file which will authenticate the user in > router. How do i create a rancid file in linux?? I am completely new to it. > I expect help from somebody. > > > Regards > Ram > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090209/08435cd1/attachment.html From mick at w4.co.uk Tue Feb 10 10:49:53 2009 From: mick at w4.co.uk (Mick Burke) Date: Tue, 10 Feb 2009 10:49:53 -0000 Subject: [rancid] CVS Command Not Found When Using SVN Message-ID: Hi all, I am trying to configure RANCID to work properly. My company uses an SVN server, and I found a patch that is supposed to get RANCID to work with an SVN server. The patch was made by Karsten Heymann, and I found it here: http://www.shrubbery.net/pipermail/rancid-discuss/2008-December/003489.html I?ve installed this patch, and RANCID does work to a point. When I run the bin/rancid-cvs command, it creates a log file in var/logs, and this is the contents of all the log files it has created: ------------------------------------------------------------------------------------------------------------------------ starting: Mon Feb 9 07:01:01 GMT 2009 /usr/local/rancid/bin/control_rancid: line 353: cvs: command not found ending: Mon Feb 9 07:01:02 GMT 2009 ------------------------------------------------------------------------------------------------------------------------ I have also declared RCSSYS environment variable as SVN, and SVN is working on the server RANCID is installed on. I have looked all over Google and I haven?t managed to find an answer to this question. Could someone please help me out? Many Thanks, Mick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090210/de26d548/attachment.html From jledford at biltmore.com Tue Feb 10 19:07:44 2009 From: jledford at biltmore.com (Jason Ledford) Date: Tue, 10 Feb 2009 14:07:44 -0500 Subject: [rancid] Re: CVS Command Not Found When Using SVN In-Reply-To: References: Message-ID: <435CB3214F92FD4E8E5CEEB86A20440240D10F9992@MAILBOX.tbcnet.biltmore.com> Can you make a symlink for /usr/bin/cvs that points to svn, like /usr/bin/svn or whatever it is (sorry, I don't use svn)? From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Mick Burke Sent: Tuesday, February 10, 2009 5:50 AM To: rancid-discuss at shrubbery.net Subject: [rancid] CVS Command Not Found When Using SVN Hi all, I am trying to configure RANCID to work properly. My company uses an SVN server, and I found a patch that is supposed to get RANCID to work with an SVN server. The patch was made by Karsten Heymann, and I found it here: http://www.shrubbery.net/pipermail/rancid-discuss/2008-December/003489.html I've installed this patch, and RANCID does work to a point. When I run the bin/rancid-cvs command, it creates a log file in var/logs, and this is the contents of all the log files it has created: ------------------------------------------------------------------------------------------------------------------------ starting: Mon Feb 9 07:01:01 GMT 2009 /usr/local/rancid/bin/control_rancid: line 353: cvs: command not found ending: Mon Feb 9 07:01:02 GMT 2009 ------------------------------------------------------------------------------------------------------------------------ I have also declared RCSSYS environment variable as SVN, and SVN is working on the server RANCID is installed on. I have looked all over Google and I haven't managed to find an answer to this question. Could someone please help me out? Many Thanks, Mick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090210/4e7bf90d/attachment.html From cgauthier at mapscu.com Tue Feb 10 19:27:57 2009 From: cgauthier at mapscu.com (Chris Gauthier) Date: Tue, 10 Feb 2009 11:27:57 -0800 Subject: [rancid] Re: CVS Command Not Found When Using SVN In-Reply-To: <435CB3214F92FD4E8E5CEEB86A20440240D10F9992@MAILBOX.tbcnet.biltmore.com> References: <435CB3214F92FD4E8E5CEEB86A20440240D10F9992@MAILBOX.tbcnet.biltmore.com> Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F3381352A9A0@mshin01.mapscu.com> That might work, except that svn and cvs may have different command-line arguments? I would imagine some decision-making logic would need to be added to the code. Chris From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jason Ledford Sent: Tuesday, February 10, 2009 11:08 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: CVS Command Not Found When Using SVN Can you make a symlink for /usr/bin/cvs that points to svn, like /usr/bin/svn or whatever it is (sorry, I don't use svn)? From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Mick Burke Sent: Tuesday, February 10, 2009 5:50 AM To: rancid-discuss at shrubbery.net Subject: [rancid] CVS Command Not Found When Using SVN Hi all, I am trying to configure RANCID to work properly. My company uses an SVN server, and I found a patch that is supposed to get RANCID to work with an SVN server. The patch was made by Karsten Heymann, and I found it here: http://www.shrubbery.net/pipermail/rancid-discuss/2008-December/003489.h tml I've installed this patch, and RANCID does work to a point. When I run the bin/rancid-cvs command, it creates a log file in var/logs, and this is the contents of all the log files it has created: ------------------------------------------------------------------------ ------------------------------------------------ starting: Mon Feb 9 07:01:01 GMT 2009 /usr/local/rancid/bin/control_rancid: line 353: cvs: command not found ending: Mon Feb 9 07:01:02 GMT 2009 ------------------------------------------------------------------------ ------------------------------------------------ I have also declared RCSSYS environment variable as SVN, and SVN is working on the server RANCID is installed on. I have looked all over Google and I haven't managed to find an answer to this question. Could someone please help me out? Many Thanks, Mick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090210/1d566ee9/attachment.html From heas at shrubbery.net Tue Feb 10 20:40:08 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 10 Feb 2009 20:40:08 +0000 Subject: [rancid] Re: CVS Command Not Found When Using SVN In-Reply-To: References: Message-ID: <20090210204008.GR22615@shrubbery.net> Tue, Feb 10, 2009 at 10:49:53AM -0000, Mick Burke: > Hi all, > > I am trying to configure RANCID to work properly. My company uses an SVN server, and I found a patch that is supposed to get RANCID to work with an SVN server. The patch was made by Karsten Heymann, and I found it here: http://www.shrubbery.net/pipermail/rancid-discuss/2008-December/003489.html > > I?ve installed this patch, and RANCID does work to a point. When I run the bin/rancid-cvs command, it creates a log file in var/logs, and this is the contents of all the log files it has created: > > ------------------------------------------------------------------------------------------------------------------------ > > starting: Mon Feb 9 07:01:01 GMT 2009 > > /usr/local/rancid/bin/control_rancid: line 353: cvs: command not found > > ending: Mon Feb 9 07:01:02 GMT 2009 > > ------------------------------------------------------------------------------------------------------------------------ > > I have also declared RCSSYS environment variable as SVN, and SVN is working on the server RANCID is installed on. I have looked all over Google and I haven?t managed to find an answer to this question. Could someone please help me out? and what version of rancid are you using? From infotek at gmail.com Tue Feb 10 21:23:44 2009 From: infotek at gmail.com (Jason Ellison) Date: Tue, 10 Feb 2009 15:23:44 -0600 Subject: [rancid] Fwd: Re: Cisco IOS versus Cisco PIX and term width 80 In-Reply-To: References: <20090206232741.GI5538@shrubbery.net> <20090209231328.GR26723@shrubbery.net> <20090210061054.GJ2471@shrubbery.net> <20090210063951.GL2471@shrubbery.net> Message-ID: >>> >> I'm new to the community so I apologize for my ignorance. I saw >>> >> another spot in the expect script where to send commands were bundled >>> >> together. So, you are saying I need an expect $prompt to delay the >>> >> "term width" command? >>> > >>> > yes, but its not a 'delay'; its waiting for the prompt and flushing it >>> > from your input. I do not know what the other place in the code is >>> > that you're referring to, so i cant comment on why it'd be different. >>> > >>> >>> I understand that that by design expect is looking for a regexp before >> >> its either a regex or a glob, but that doesnt matter. >> >> if you send commands without waiting for the prompt you will confuse >> yourself (your script). thats just my experience and i'm guessing thats >> why your change doesnt work. >> > > again... I will review it. I'm sure you are right. I have not played > in expect land in over two years. You have a great project... I do > not mean to bother you with dumb problems. I'm not being facetious. > I think I made a mistake. > >>> sending. I will review my changes... Because, apparently, they do >>> not work. Sorry to trouble you. >>> >>> >> I did not know about the -d debug mode. But I did read through the >>> >> mail archives before I posted. >>> >> >>> >> -Jason Ellison >>> >> My previous patch was flawed. I was using "send" without an "expect"... The following patch seems to work without breaking my PIX monitoring. Thanks to John Heasley for catching the error. -Jason Ellison diff -uN /usr/local/src/rancid-2.3.2a9/bin/clogin bin/clogin --- /usr/local/src/rancid-2.3.2a9/bin/clogin 2009-02-03 18:19:46.000000000 -0600 +++ bin/clogin 2009-02-10 15:16:38.000000000 -0600 @@ -610,6 +610,9 @@ set command "set logging session disable;$command" } else { send "terminal length 0\r" + expect { + -re "$prompt" { send -- "terminal width 80\r";} + } } # escape any parens in the prompt, such as "(enable)" regsub -all {[)(]} $prompt {\\&} reprompt @@ -875,6 +878,9 @@ send "set logging session disable\r" } else { send "terminal length 0\r" + expect { + -re "$prompt" { send -- "terminal width 80\r";} + } } expect -re $prompt {} source $sfile From peter.serwe at gmail.com Tue Feb 10 21:23:51 2009 From: peter.serwe at gmail.com (Peter Serwe) Date: Tue, 10 Feb 2009 13:23:51 -0800 Subject: [rancid] Re: CVS Command Not Found When Using SVN In-Reply-To: <20090210204008.GR22615@shrubbery.net> References: <20090210204008.GR22615@shrubbery.net> Message-ID: I configured rancid right out of the box, both 2.3.2a7 and a8 using svn each time. I've never done it using cvs. It works perfectly. From rancid.conf in ~rancid/etc/: RCSSYS=svn; export RCSSYS I have never used anything but this section of the README in the base directory of the rancid source distribution as a guide to install rancid: Quick Installation Guide (an example): 1) ./configure [--prefix=] By default, rancid will be installed under /usr/local/rancid (the default "prefix"). This can be overridden with the --prefix option. E.g.: ./configure --prefix=/home/rancid Rancid uses autoconf's "localstatedir" as the location of it's logs, CVS or Subversion respository, and directories where it's groups are placed. The user who will run rancid (from cron, etc) will need write access to these directories. By default, this is /var, or /home/rancid/var following the example above. We realize that this is not optimal, but it follows the standards. We suggest that this be altered to include the package name, like so: ./configure --prefix=/home/rancid \ --localstatedir=/home/rancid/var/rancid The user who will run rancid must have write permission in "localstatedir". See ./configure --help for other configure options. 2) make install 3) Modify /rancid.conf (e.g.: /etc/rancid.conf). The variable LIST_OF_GROUPS is a space delimited list of router "groups". E.g.: LIST_OF_GROUPS="backbone aggregation switches" 4) Put .cloginrc in the home directory of the user who will run rancid. .cloginrc must be not be readable/writable/executable by "others", i.e.: .cloginrc must be mode 0600 or 0640. 5) Modify .cloginrc. Test to make sure that you can log into every router. Note: the juniper user you use *must* log into a cli shell (which is the default on a juniper). See the file cloginrc.sample, located in (/share/rancid), for examples and good starting point. Also take a look at the cloginrc manual page, 'man -M /man cloginrc'. 6) Modify /etc/aliases Rancid sends the diffs and other administrative emails to rancid- and problems to rancid-admin-, where is the "GROUP" of routers. This way you can separate your backbone routers from your access routers or separate based upon network etc... Different router uses forced different people being interested in router "groups" - thus this setup. Make sure email to rancid- works. /etc/aliases can be maintainable by Majordomo stuff, but make sure the user that runs rancid can post to the list. The Precedence header set to bulk or junk *hopefully* avoids replies from auto-responders and vacation type mail filters. The --enable-mail-plus option to configure will set each of the "rancid-" addresses mentioned above to "rancid+". See sendmail's operation manual for more information on handling of '+'. The --enable-adminmail-plus configure option will set each of the "rancid-admin-" addresses mentioned above to "rancid-admin+". If this option is not used, the value of --enable-mail-plus is assumed. That is, the addresses will be "rancid+", if it is specified. 7) Run rancid-cvs. This creates all of the necessary directories and config files for each of the groups in LIST_OF_GROUPS and imports them into CVS (or Subversion). This will also be run each time a new group is added. Do not create the directories or CVS repository manually, allow rancid-cvs do it. Also see 'man -M /man rancid-cvs'. 8) For each "group", modify the router.db file in the group directory. The file is of the form "router:mfg:state" where "router" is the name (we use FQDN) of the router, mfg is the manufacturer from the set of (cat5|cisco|juniper) (see router.db.5 for a complete list and description), and "state" is either up or down. Each router listed as "up" will have the configuration grabbed. Note: manufacturer cat5 is intended only for cisco catalyst switches running catalyst (not IOS) code. e.g.: //router.db: cisco-router.domain.com:cisco:up adc-mux.domain.com:ezt3:up foundry-switch-router.domain.com:foundry:up juniper-router.domain.com:juniper:up redback-dsl-router.domain.com:redback:down extreme-switch.domain.com:extreme:down 9) For first-time users or new installations, run bin/rancid-run (with no arguments) and check the resulting log file(s) (in logs/*) for errors. Repeat until there are no errors. Of note, might be the section where it mentions using rancid with svn requiring a special configure option: svn Code revision system, an alternative to cvs. Available from http://subversion.tigris.org/tarballs/. Use the configure option --enable-svn to configure for Subversion. And lastly, is svn actually installed on your system and available from the $PATH? Peter On Tue, Feb 10, 2009 at 12:40 PM, john heasley wrote: > Tue, Feb 10, 2009 at 10:49:53AM -0000, Mick Burke: >> Hi all, >> >> I am trying to configure RANCID to work properly. My company uses an SVN server, and I found a patch that is supposed to get RANCID to work with an SVN server. The patch was made by Karsten Heymann, and I found it here: http://www.shrubbery.net/pipermail/rancid-discuss/2008-December/003489.html >> >> I?ve installed this patch, and RANCID does work to a point. When I run the bin/rancid-cvs command, it creates a log file in var/logs, and this is the contents of all the log files it has created: >> >> ------------------------------------------------------------------------------------------------------------------------ >> >> starting: Mon Feb 9 07:01:01 GMT 2009 >> >> /usr/local/rancid/bin/control_rancid: line 353: cvs: command not found >> >> ending: Mon Feb 9 07:01:02 GMT 2009 >> >> ------------------------------------------------------------------------------------------------------------------------ >> >> I have also declared RCSSYS environment variable as SVN, and SVN is working on the server RANCID is installed on. I have looked all over Google and I haven?t managed to find an answer to this question. Could someone please help me out? > > and what version of rancid are you using? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- ???? From oscarfelipe30 at hotmail.com Wed Feb 11 03:12:36 2009 From: oscarfelipe30 at hotmail.com (Felipe) Date: Wed, 11 Feb 2009 03:12:36 +0000 Subject: [rancid] Troubles extreme swicthes login with rancid 2.3.1 Message-ID: hi i have a trouble with login Extreme switches summitx450a and BD8810 i have this trouble when i want to clogin it : rancid at serverbackup:~/bin$ clogin 10.10.45.2 10.10.45.2 spawn telnet 10.10.45.2 Trying 10.10.45.2... Connected to 10.10.45.2. Escape character is '^]'. telnet session telnet0 on /dev/ptyb0 login: rancid password: Login incorrect login: rancid1234 password: Login incorrect login: rancid1234 password: Login incorrect Maximum number of login attempts reached! Connection closed by foreign host. Error: Connection closed (telnet): 10.10.45.2 rancid at serverbackup:~/bin$ i test the password and user is correct and login without problem ,but when i login in the server with rancid at serverbackup:~/bin$ clogin 10.10.45.2 i can't login and don't make backup of extreme swicthes. thanks for your help in this case. Felipe _________________________________________________________________ See how Windows? connects the people, information, and fun that are part of your life http://clk.atdmt.com/MRT/go/119463819/direct/01/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090211/a782e0aa/attachment.html From oscarfelipe30 at hotmail.com Wed Feb 11 03:15:20 2009 From: oscarfelipe30 at hotmail.com (Felipe) Date: Wed, 11 Feb 2009 03:15:20 +0000 Subject: [rancid] FW: Troubles extreme swicthes login with rancid 2.3.1 In-Reply-To: References: Message-ID: From: oscarfelipe30 at hotmail.com To: rancid-discuss at shrubbery.net Date: Wed, 11 Feb 2009 03:12:36 +0000 Subject: [rancid] Troubles extreme swicthes login with rancid 2.3.1 hi i have a trouble with login Extreme switches summitx450a and BD8810 i have this trouble when i want to clogin it : rancid at serverbackup:~/bin$ clogin 10.10.45.2 10.10.45.2 spawn telnet 10.10.45.2 Trying 10.10.45.2... Connected to 10.10.45.2. Escape character is '^]'. telnet session telnet0 on /dev/ptyb0 login: rancid password: Login incorrect login: rancid1234 password: Login incorrect login: rancid1234 password: Login incorrect Maximum number of login attempts reached! Connection closed by foreign host. Error: Connection closed (telnet): 10.10.45.2 rancid at serverbackup:~/bin$ i test the password and user is correct and login without problem ,but when i login in the server with rancid at serverbackup:~/bin$ clogin 10.10.45.2 i can't login and don't make backup of extreme swicthes. thanks for your help in this case. Felipe See how Windows? connects the people, information, and fun that are part of your life _________________________________________________________________ See how Windows? connects the people, information, and fun that are part of your life http://clk.atdmt.com/MRT/go/119463819/direct/01/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090211/32c54d3a/attachment.html -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00000 Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090211/32c54d3a/attachment.ksh From shahues at fgcu.edu Wed Feb 11 14:03:43 2009 From: shahues at fgcu.edu (Hahues, Sven) Date: Wed, 11 Feb 2009 09:03:43 -0500 Subject: [rancid] Re: Troubles extreme swicthes login with rancid 2.3.1 In-Reply-To: References: Message-ID: Felipe, Double check your .cloginrc file and see if the username and password are correct for the host you have specified. I also found it helpful to put the password in { }. I had a $ in my password and that was causing it to fail. I have an 8810 that I am using with SSH and the ./clogin worked fine once I added "autoenable" to the router.db entry for the host. There is some quirkyness with it doffing the configs, but I think that is mostly extreme's fault, not rancid's. HTH, Sven -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Felipe Sent: Tuesday, February 10, 2009 10:13 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Troubles extreme swicthes login with rancid 2.3.1 hi i have a trouble with login Extreme switches summitx450a and BD8810 i have this trouble when i want to clogin it : rancid at serverbackup:~/bin$ clogin 10.10.45.2 10.10.45.2 spawn telnet 10.10.45.2 Trying 10.10.45.2... Connected to 10.10.45.2. Escape character is '^]'. telnet session telnet0 on /dev/ptyb0 login: rancid password: Login incorrect login: rancid1234 password: Login incorrect login: rancid1234 password: Login incorrect Maximum number of login attempts reached! Connection closed by foreign host. Error: Connection closed (telnet): 10.10.45.2 rancid at serverbackup:~/bin$ i test the password and user is correct and login without problem ,but when i login in the server with rancid at serverbackup:~/bin$ clogin 10.10.45.2 i can't login and don't make backup of extreme swicthes. thanks for your help in this case. Felipe ________________________________ See how Windows(r) connects the people, information, and fun that are part of your life From oscarfelipe30 at hotmail.com Wed Feb 11 15:50:28 2009 From: oscarfelipe30 at hotmail.com (Felipe) Date: Wed, 11 Feb 2009 15:50:28 +0000 Subject: [rancid] Re: Troubles extreme swicthes login with rancid 2.3.1 In-Reply-To: References:

Message-ID: Hi my Friend Sven my user is rancid and my password is rancid1234 and with this password log without problem this is ok. and i have the same problem with extreme swicthes the ip of swicthes extreme is 10.10.45.2 ,its my first time that install rancid but this login in cisco ,juniper very well in these devices i don't have problems i like that you send the correct configuration for its that i new user of rancid . it is my .cloginrc configuration : serverbackup:/home/rancid# more .cloginrc add method 172.1.255.1 ssh add method 172.1.255.2 ssh add method 172.1.255.3 ssh add method 10.10.200.1 ssh add method 10.10.45.9 telnet add autoenable 172.1.255.1 1 add autoenable 172.1.255.2 1 add autoenable 172.1.255.3 1 add autoenable 10.10.45.9 1 add noenable 10.10.200.1 0 add password * {rancid1234} add user * rancid add method * telnet add autoenable * 1 # comments are cool, as is whitespace # clogin supports a number of add directives: # password # user # userprompt # userpassword # passprompt # method # noenable # enauser # enableprompt # autoenable # cyphertype # identity # # Details on each of these follows. Also see cloginrc(5). # # add password # # add user # The default user is $USER (i.e.: the user running clogin). # # add userprompt # What the router prints to prompt for the username. # Default: {"(Username|login|user name):"} # # add userpassword # The password for user if different than the password set # using 'add password'. # # add passprompt # What the router prints to prompt for the password. # Default: {"(\[Pp]assword|passwd):"} # # add method {ssh} [...] # Defines, in order, which connection method(s) to use for a device # from the set {ssh,telnet,rsh}. e.g.: add method * {ssh} {telnet} {rsh} # will attempt ssh connection first. if ssh fails with connection # refused (i.e.: not due to authentication failure), then try telnet, # then rsh. # Default: {telnet} {ssh} # # add noenable # equivalent of -noenable on the cmd line to not enable at login. # # add enableprompt # What the router prints to prompt for the enable password. # Default: {"\[Pp]assword:"} # # add enauser # This is only needed if enable asks for a username and this # username is different from what user is set to. # # add autoenable <1/0> # This is used if you are automatically enabled by the login process. # # add cyphertype # Default is 3des. # # add identity # Default is your default ssh identity. # # include # include a secondary .cloginrc file # # # Note: The first match for a hostname takes precedence. #add password sl-bb*-dc cow24 #add password sl-gw*-dc geeks #add password sl* hank dog #add password at* pete cow #add password sdn* mujahid horse #add password icm* peter #add password * anything # #add user sl-gw*-dc twit #add user sdn* sdn_auto #add user sdn-bb* ops_eng #add user * $env(USER) add password * {rancid1234} add user * rancid # customer x # these routers ask for a username and password. we automatically get # enable access after successful authentication. add user *.custx.net roger add password *.custx.net {doger} add autoenable *.custx.net 1 # customer y # this is the normal cisco login. a password followed by and enable password. # try ssh first, then rlogin. add password *.custy.net {vector} {victor} add method *.custy.net ssh rlogin # customer z; they use ssh only. add user *.custz.net shirley add password *.custz.net {jive} {surely} add method *.custz.net ssh # the route-server's do not provide enable access. cmdline -noenable # equivalent. add noenable route-server* 1 # all our routers, i.e.: everything else add password * {clearance} {clarence} # set ssh encryption type, dflt: 3des add cyphertype * {3des} # set the username prompt to "router login:" #add userprompt * {"router login:"} # ssh identity for a juniper; used with jlogin add identity my.juniper $env(HOME)/.ssh/juniper # riverstone / enterasys / cabletron (rivlogin) example # these boxes are 'back-to-front' from cisco (i.e., ask # for vty password always, then tac+/radius if configured). # # vty password and last resort (enable) password for rivlogin add password rs3000 {vtypass} {lastresort} # if using tac+ or radius login, include these lines add user rs3000 {monster} add userpassword rs3000 {scary} add noenable cisco* add autoenable *1 serverbackup:/home/rancid# thank you my friend. Felipe > From: shahues at fgcu.edu > To: oscarfelipe30 at hotmail.com; rancid-discuss at shrubbery.net > Date: Wed, 11 Feb 2009 09:03:43 -0500 > Subject: RE: [rancid] Troubles extreme swicthes login with rancid 2.3.1 > > Felipe, > > Double check your .cloginrc file and see if the username and password are correct for the host you have specified. I also found it helpful to put the password in { }. I had a $ in my password and that was causing it to fail. > > I have an 8810 that I am using with SSH and the ./clogin worked fine once I added "autoenable" to the router.db entry for the host. There is some quirkyness with it doffing the configs, but I think that is mostly extreme's fault, not rancid's. > > HTH, > > Sven > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Felipe > Sent: Tuesday, February 10, 2009 10:13 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Troubles extreme swicthes login with rancid 2.3.1 > > hi i have a trouble with login Extreme switches summitx450a and BD8810 i have this trouble when i want to clogin it : > > rancid at serverbackup:~/bin$ clogin 10.10.45.2 > 10.10.45.2 > spawn telnet 10.10.45.2 > Trying 10.10.45.2... > Connected to 10.10.45.2. > Escape character is '^]'. > > telnet session telnet0 on /dev/ptyb0 > > login: rancid > password: > > Login incorrect > login: rancid1234 > password: > > Login incorrect > login: rancid1234 > password: > > Login incorrect > Maximum number of login attempts reached! > Connection closed by foreign host. > > Error: Connection closed (telnet): 10.10.45.2 rancid at serverbackup:~/bin$ > > i test the password and user is correct and login without problem ,but when i login in the server with rancid at serverbackup:~/bin$ clogin 10.10.45.2 i can't login and don't make backup of extreme swicthes. > > thanks for your help in this case. > > Felipe > > > ________________________________ > > See how Windows(r) connects the people, information, and fun that are part of your life _________________________________________________________________ Windows Live Hotmail now works up to 70% faster. http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090211/a44437cc/attachment.html From heas at shrubbery.net Thu Feb 12 19:34:28 2009 From: heas at shrubbery.net (john heasley) Date: Thu, 12 Feb 2009 19:34:28 +0000 Subject: [rancid] Re: Troubles extreme swicthes login with rancid 2.3.1 In-Reply-To: References:

Message-ID: <20090212193428.GB12747@shrubbery.net> Wed, Feb 11, 2009 at 03:50:28PM +0000, Felipe: > > hi i have a trouble with login Extreme switches summitx450a and BD8810 i have this trouble when i want to clogin it : > > > > rancid at serverbackup:~/bin$ clogin 10.10.45.2 > > 10.10.45.2 > > spawn telnet 10.10.45.2 > > Trying 10.10.45.2... > > Connected to 10.10.45.2. > > Escape character is '^]'. > > > > telnet session telnet0 on /dev/ptyb0 > > > > login: rancid > > password: > > > > Login incorrect > > login: rancid1234 the question is why did it send rancid1234 in reply to 'login:'. check that there are no special characters in your cloginrc for the 'user' (ie: ^M for example) or place {}s around the value. From Todd at equivoice.com Fri Feb 13 22:26:06 2009 From: Todd at equivoice.com (Todd Heide) Date: Fri, 13 Feb 2009 16:26:06 -0600 Subject: [rancid] ViewVC problem with new install/upgrade Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220015AE399@exchange.Equivoice.local> With the problems I had with the router configs not updating, and other various login problems, I decided to upgrade, and followed the instructions RE moving directories to /var/rancid, etc. That was my first attempt, did solve anything, so I wiped out the rancid directory and all its childs, and reinstalled Rancid from scratch. Good new is CVS is working once again, bad news is I get An Exception Has Occurred Rancid not found! The wrong path for this repository was configured, or the server on which the CVS tree lives may be down. Please try again in a few minutes. Python Traceback Traceback (most recent call last): File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 3665, in main request.run_viewvc() File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 234, in run_viewvc raise debug.ViewVCException( ViewVCException: ViewVC Unrecoverable Error: Rancid not found! The wrong path for this repository was configured, or the server on which the CVS tree lives may be down. Please try again in a few minutes. When I click on the link to the repository. I checked the viewvc.conf, it is pointing to /usr/local/rancid/var/CVS, same as it did before, the directories are still listed like this, and if I go into the CVS directory, and into one of the groups, I can see the ,v on the files, and the logs also indicate CVS is being updated, and the files are of current configs. Now if I change the location on viewvc.conf to /var/Rancid, I can see all the previous configs from the old setup. I checked permissions on the directories, and they are the same. There is one difference between this setup and the previous one, I used a new user for it, rancid instead of Rancid. I don't know if that has anything to do with it or not. Last time I ran into this it was a permissions issue with the directories. Here is a tail from a log indicating that it is doffing cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs Checking in configs/p.com; /usr/local/rancid/var/CVS/Core_Switches/configs/p.com,v <-- p.com new revision: 1.4; previous revision: 1.3 done Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090213/7fe0b6d9/attachment.html From rancid at gheek.net Wed Feb 18 00:41:33 2009 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 17 Feb 2009 17:41:33 -0700 Subject: [rancid] Is there a logo for RANCID? Message-ID: <8423e7bb0902171641p41c8c076qbc830d7242e9b512@mail.gmail.com> I would like to include a nice logo for RANCID in some documentation we are building. A lot of people associate logo's to companies/products. It is nice for marketing. -Lance From tex at off.org Wed Feb 18 06:08:32 2009 From: tex at off.org (Austin Schutz) Date: Tue, 17 Feb 2009 22:08:32 -0800 Subject: [rancid] Re: Is there a logo for RANCID? In-Reply-To: <8423e7bb0902171641p41c8c076qbc830d7242e9b512@mail.gmail.com> References: <8423e7bb0902171641p41c8c076qbc830d7242e9b512@mail.gmail.com> Message-ID: <20090217220832.4c0442f2@toskin.off.org> On Tue, 17 Feb 2009 17:41:33 -0700 Lance Vermilion wrote: > I would like to include a nice logo for RANCID in some documentation > we are building. A lot of people associate logo's to > companies/products. It is nice for marketing. > A big stinky cheese with "RANCID" in green lettering comes to mind, but that may not be so good for marketing. Austin From mhaney at ercbroadband.org Wed Feb 18 16:05:33 2009 From: mhaney at ercbroadband.org (Mark Haney) Date: Wed, 18 Feb 2009 11:05:33 -0500 Subject: [rancid] Netscreen firewall config Message-ID: <499C31CD.7010101@ercbroadband.org> I've been dickering with this for a while now and no luck. I did a search on the archives and found someone with a similar problem back in 2006 but no known resolution was posted. So I'm hoping someone here can help. I've got a Netscreen 25 that I want to backup with rancid, but I have this problem when running nlogin: Connected to erc-avl-fw2.net.ercbroadband.org (192.168.0.1). Escape character is '^]'. Remote Management Console login: root password: erc-avl-fw2-> can't read "enable": no such variable while executing "if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { close; wait continue } } }" ("foreach" body line 66) invoked from within "foreach firewall [lrange $argv $i end] { set firewall [string tolower $firewall] send_user "$firewall\n" set prompt ">" # Figure out..." (file "bin/nlogin" line 423) rancid at chestnut:~$ It seems that nlogin is looking for a '#' which it'll never get since it's 'enabled' on first login. I've tried 'autoenable' and 'noenable' in the .cloginrc file and from the command line and neither work. Any ideas? -- Frustra laborant quotquot se calculationibus fatigant pro inventione quadraturae circuli Mark Haney Sr. Systems Administrator ERC Broadband (828) 350-2415 Call (866) ERC-7110 for after hours support From dnewman at networktest.com Wed Feb 18 16:08:02 2009 From: dnewman at networktest.com (David Newman) Date: Wed, 18 Feb 2009 08:08:02 -0800 Subject: [rancid] random insertion in diff Message-ID: <499C3262.7040102@networktest.com> interesting diff: retrieving revision 1.5 diff -u -4 -r1.5 666.31.1.59 @@ -99,9 +99,9 @@ interface 8 name "patch10" exit interface 9 - name "patch11" + [24;1H name "patch11" exit Looking at the config on this switch, an HP Procurve 3500yl, there is no sign of that "[24;1H" string. What might cause that? thanks dn From jmoorse at gmail.com Wed Feb 18 20:43:12 2009 From: jmoorse at gmail.com (Jeff Moorse) Date: Wed, 18 Feb 2009 12:43:12 -0800 Subject: [rancid] Expect to match Fortigate View-only prompt Message-ID: <795645b20902181243x13b9ab08m896fa395bd00efd3@mail.gmail.com> I recently edited the fnlogin script per a forum posting to match the Fortigate prompt: 'Fortigate-400 # ' Now when logging in as a view-only user the prompt is 'Fortigate-400 $ ' and RANCID hangs until timeout.. The script matches "\[#\\$]" for a set prompt, which should match the $ as far as I can tell, although it never executes desired commands. Thoughts? Thanks, Jeff -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090218/1e49dcb1/attachment.html From wrjacqmein at gmail.com Wed Feb 18 23:57:44 2009 From: wrjacqmein at gmail.com (Bill Jacqmein) Date: Wed, 18 Feb 2009 18:57:44 -0500 Subject: [rancid] Re: Netscreen firewall config In-Reply-To: <499C31CD.7010101@ercbroadband.org> References: <499C31CD.7010101@ercbroadband.org> Message-ID: <3c9a5bae0902181557w7c66306fg17b806955171b3d@mail.gmail.com> Mark, Im retrieving the configuration from NS25s without the same issue. What version of Rancid are you using? Im currently running rancid 2.3.2a7 without an issue. Thanks, Bill On Wed, Feb 18, 2009 at 11:05 AM, Mark Haney wrote: > I've been dickering with this for a while now and no luck. I did a > search on the archives and found someone with a similar problem back in > 2006 but no known resolution was posted. So I'm hoping someone here can > help. > > I've got a Netscreen 25 that I want to backup with rancid, but I have > this problem when running nlogin: > > Connected to erc-avl-fw2.net.ercbroadband.org (192.168.0.1). > Escape character is '^]'. > Remote Management Console > login: root > password: > erc-avl-fw2-> can't read "enable": no such variable > while executing > "if { $enable } { > if {[do_enable $enauser $enapasswd]} { > if { $do_command || $do_script } { > close; wait > continue > } > } > }" > ("foreach" body line 66) > invoked from within > "foreach firewall [lrange $argv $i end] { > set firewall [string tolower $firewall] > send_user "$firewall\n" > > set prompt ">" > > # Figure out..." > (file "bin/nlogin" line 423) > rancid at chestnut:~$ > > > It seems that nlogin is looking for a '#' which it'll never get since > it's 'enabled' on first login. I've tried 'autoenable' and 'noenable' > in the .cloginrc file and from the command line and neither work. > > Any ideas? > > -- > Frustra laborant quotquot se calculationibus fatigant pro inventione > quadraturae circuli > > Mark Haney > Sr. Systems Administrator > ERC Broadband > (828) 350-2415 > > Call (866) ERC-7110 for after hours support > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From jackmarrow2 at gmail.com Mon Feb 23 16:14:46 2009 From: jackmarrow2 at gmail.com (jack marrow) Date: Mon, 23 Feb 2009 17:14:46 +0100 Subject: [rancid] Using rancid with an unknown switch Message-ID: Hello, I have a collection of switches connected to Fujitsu Siemens hardware. I'm not able to physically inspect them at the moment, but apparently they are Accton switches. The mac address agrees with this. The problem I am having is that the pager can't be disabled (or I can't see how to disable it), and the pager prompt is: ---More--- This triggers the timeout, and it rancid fails. Should I fix this by editing rancid, or is there a preferred way? Thanks James From Todd at equivoice.com Mon Feb 23 18:19:52 2009 From: Todd at equivoice.com (Todd Heide) Date: Mon, 23 Feb 2009 12:19:52 -0600 Subject: [rancid] Rancid-run appears hung Message-ID: <082FEA82DC985B4F8A6B412D5AC4E2200161D36E@exchange.Equivoice.local> I have 4 groups that run, I setup my core routers @ 1 hour intervals and they appear OK, the switches at 2 hours, customer switches at 3 hours and customer routers at 4 hours. It appears though that I had an overlap on the customer routers group. Since I kept getting overlaps on my previous Cron, which was setup to hourly, and I never could get a complete run on the Customer devices, I switched the hourly to staggered runs, and ran a manual on the Customer Routers, but it ran longer than expected and did another overlap and the manual run appears to be hung. I had to keep deleting the lock file to get it to run manually. How can I check to see if it is indeed still running, and how long does it take to do 300 devices, single run, with about half not authenticating yet? I need at least one good run to find all those that are still not authenticating properly. The tail on the log shows the last device in the router.db, and has been for the past 30 minutes. Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090223/cd959e0c/attachment.html From Todd at equivoice.com Tue Feb 24 13:52:06 2009 From: Todd at equivoice.com (Todd Heide) Date: Tue, 24 Feb 2009 07:52:06 -0600 Subject: [rancid] Broken pipes in rancid log Message-ID: <082FEA82DC985B4F8A6B412D5AC4E2200161D40C@exchange.Equivoice.local> I have been having some issues with the Customer_Routers group not completing, and thought I had made headway when one actually completed yesterday, but this morning I noticed it hasn't updated since then. I reviewed the last log before the lock file occurred and found what appears to be errors. write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re+ { exp_continue } -re {^[^ *]*CBCountyFar([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} { send_user -- "$expect_out(buffer)" } -re {..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprom..." (procedure "run_commands" line 41) invoked from within "run_commands $prompt $command" ("foreach" body line 152) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/usr/local/rancid/bin/clogin" line 715) write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re+ { exp_continue } -re {^[^ *]*CBWheaton-2([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} { send_user -- "$expect_out(buffer)" } -re {..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprom..." (procedure "run_commands" line 41) invoked from within "run_commands $prompt $command" ("foreach" body line 152) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/usr/local/rancid/bin/clogin" line 715) There are several more, not as much info as this, but pretty similar. Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090224/555b6416/attachment.html From rancid at gheek.net Tue Feb 24 16:31:50 2009 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 24 Feb 2009 09:31:50 -0700 Subject: [rancid] Re: Broken pipes in rancid log In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E2200161D40C@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E2200161D40C@exchange.Equivoice.local> Message-ID: <8423e7bb0902240831y48053bbt40cc4e5013388889@mail.gmail.com> Todd, Does it work with just clogin? Do you go straight to enable? Have you tried specifying the prompt in .cloginrc? -Lance On Tue, Feb 24, 2009 at 6:52 AM, Todd Heide wrote: > I have been having some issues with the Customer_Routers group not > completing, and thought I had made headway when one actually completed > yesterday, but this morning I noticed it hasn?t updated since then. I > reviewed the last log before the lock file occurred and found what appears > to be errors. > > > > write(spawn_id=1): broken pipe > > ??? while executing > > "send_user -- "$expect_out(buffer)"" > > ??? invoked from within > > "expect -nobrace -re+ { exp_continue } -re {^[^ > > ?*]*CBCountyFar([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} { send_user -- > "$expect_out(buffer)" > > ??????????????????????????????????????????? ????} -re {..." > > ??? invoked from within > > "expect { > > ??????????? -re "\b+"?????????????????????????? { exp_continue } > > ??????????? -re "^\[^\n\r *]*$reprompt"???????? { send_user -- > "$expect_out(buffer)" > > ??????????????????????????????????????????????? } > > ??????????? -re "^\[^\n\r]*$reprom..." > > ??? (procedure "run_commands" line 41) > > ??? invoked from within > > "run_commands $prompt $command" > > ??? ("foreach" body line 152) > > ??? invoked from within > > "foreach router [lrange $argv $i end] { > > ??? set router [string tolower $router] > > ??? # attempt at platform switching. > > ??? set platform "" > > ??? send_user ..." > > ??? (file "/usr/local/rancid/bin/clogin" line 715) > > write(spawn_id=1): broken pipe > > ??? while executing > > "send_user -- "$expect_out(buffer)"" > > ??? invoked from within > > "expect -nobrace -re+ { exp_continue } -re {^[^ > > ?*]*CBWheaton-2([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} { send_user -- > "$expect_out(buffer)" > > ??????????????????????????????????????????????? } -re {..." > > ??? invoked from within > > "expect { > > ??????????? -re "\b+"?????????????????????????? { exp_continue } > > ??????????? -re "^\[^\n\r *]*$reprompt"???????? { send_user -- > "$expect_out(buffer)" > > ??????????????????????????????????????????????? } > > ??????????? -re "^\[^\n\r]*$reprom..." > > ??? (procedure "run_commands" line 41) > > ??? invoked from within > > "run_commands $prompt $command" > > ??? ("foreach" body line 152) > > ??? invoked from within > > "foreach router [lrange $argv $i end] { > > ??? set router [string tolower $router] > > ??? # attempt at platform switching. > > ??? set platform "" > > ??? send_user ..." > > ??? (file "/usr/local/rancid/bin/clogin" line 715) > > > > There are several more, not as much info as this, but pretty similar. > > > > Thanks > > Todd > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Todd at equivoice.com Tue Feb 24 17:15:07 2009 From: Todd at equivoice.com (Todd Heide) Date: Tue, 24 Feb 2009 11:15:07 -0600 Subject: [rancid] Clogin per group possible? Message-ID: <082FEA82DC985B4F8A6B412D5AC4E2200161D49E@exchange.Equivoice.local> Since the majority of the switches and MPLS CPE's cat seem to reach to the ACS server, I was wondering if I can use a separate .cloginrc file for the switch group, and create a new group for MPLS VPN CPE's so I can use one login for them without having to create a whole new DNS child domain. Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090224/be7a91ff/attachment.html From Todd at equivoice.com Tue Feb 24 22:05:08 2009 From: Todd at equivoice.com (Todd Heide) Date: Tue, 24 Feb 2009 16:05:08 -0600 Subject: [rancid] Re: Broken pipes in rancid log In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E2200161D40C@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E2200161D40C@exchange.Equivoice.local> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E2200161D53E@exchange.Equivoice.local> Found the cause of the below problem, darned authorization, grr. I have a new one that hopefully someone has an answer for. I did a tail -f while I ran rancid-run Customer_Routers, and when the log stopped scrolling, I did a ^C in the window I did the run and got, Received signal - ending run (1). ===================================== Getting missed routers: round 1. Then when it reached the last router in the list again that it couldn't log into, I did ^C again and got, Received signal - ending run (1). cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs Checking in router.db; /usr/local/rancid/var/CVS/Customer_Routers/router.db,v <-- router.db new revision: 1.6; previous revision: 1.5 done Checking in configs/trinity-421-1841; /usr/local/rancid/var/CVS/Customer_Routers/configs/trinity-421-1841,v <-- trinity-421-1841 new revision: 1.2; previous revision: 1.1 done Checking in configs/trinity-532-1841; /usr/local/rancid/var/CVS/Customer_Routers/configs/trinity-532-1841,v <-- trinity-532-1841 new revision: 1.2; previous revision: 1.1 done ls: default-2611-park: No such file or directory ls: ave.hosts.equivoice.com: No such file or directory It seems to be waiting for something for some reason before it continues on. When I send control c it continues on again. It is only doing it for this group, the other groups seem to be OK. Could it be the amount of times it hits clogin error: Error: while running? When I do the ^C it has completed polling of all devices and I can see updates for all of them. Thanks Todd From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Tuesday, February 24, 2009 7:52 AM To: Rancid-discuss at shrubbery.net Subject: [rancid] Broken pipes in rancid log I have been having some issues with the Customer_Routers group not completing, and thought I had made headway when one actually completed yesterday, but this morning I noticed it hasn't updated since then. I reviewed the last log before the lock file occurred and found what appears to be errors. write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re+ { exp_continue } -re {^[^ *]*CBCountyFar([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} { send_user -- "$expect_out(buffer)" } -re {..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprom..." (procedure "run_commands" line 41) invoked from within "run_commands $prompt $command" ("foreach" body line 152) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/usr/local/rancid/bin/clogin" line 715) write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re+ { exp_continue } -re {^[^ *]*CBWheaton-2([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} { send_user -- "$expect_out(buffer)" } -re {..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprom..." (procedure "run_commands" line 41) invoked from within "run_commands $prompt $command" ("foreach" body line 152) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/usr/local/rancid/bin/clogin" line 715) There are several more, not as much info as this, but pretty similar. Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090224/c3e47a26/attachment.html From heas at shrubbery.net Wed Feb 25 08:09:25 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 25 Feb 2009 08:09:25 +0000 Subject: [rancid] Re: Clogin per group possible? In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E2200161D49E@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E2200161D49E@exchange.Equivoice.local> Message-ID: <20090225080925.GI2467@shrubbery.net> Tue, Feb 24, 2009 at 11:15:07AM -0600, Todd Heide: > Since the majority of the switches and MPLS CPE's cat seem to reach to > the ACS server, I was wondering if I can use a separate .cloginrc file > for the switch group, and create a new group for MPLS VPN CPE's so I can > use one login for them without having to create a whole new DNS child > domain. see CLOGINRC environment variable in clogin(1) From jackmarrow2 at gmail.com Wed Feb 25 09:08:48 2009 From: jackmarrow2 at gmail.com (jack marrow) Date: Wed, 25 Feb 2009 10:08:48 +0100 Subject: [rancid] Re: Using rancid with an unknown switch (patch wanted?) Message-ID: 2009/2/23 jack marrow : > Hello, > > I have a collection of switches connected to Fujitsu Siemens hardware. > I'm not able to physically inspect them at the moment, but apparently > they are Accton switches. The mac address agrees with this. > > The problem I am having is that the pager can't be disabled (or I > can't see how to disable it), and the pager prompt is: > ---More--- > > This triggers the timeout, and it rancid fails. > > Should I fix this by editing rancid, or is there a preferred way? > > Thanks > James > Should I send a patch against rancid to fix this? From meskander at perimeterwatch.com Wed Feb 25 20:00:16 2009 From: meskander at perimeterwatch.com (Mina Eskander) Date: Wed, 25 Feb 2009 15:00:16 -0500 Subject: [rancid] How to downgrade from 2.3.2a9 to 2.3.2a8 Message-ID: I am having problems contacting my catos switches, I have 2 6509's I have the type in my router.db as cat5, and clogin works fine, but when I run rancid or cat5rancid it just hangs after getting into enable mode. I have autoenable set to 0 so it has to enter the enable password. I read in another post that somebody downgraded to 2.3.2a8 and it works, but I need some help downgrading. Here is the post I read it in http://www.shrubbery.net/pipermail/rancid-discuss/2009-February/003637.html I am running Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) Please help Mina Eskander Perimeterwatch Technologies Direct: +1 (347) 448-2845 Mobile: +1 (347) 510-4102 meskander at perimeterwatch.com Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development _____________________________________________________________________ New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090225/fcdbfce4/attachment.html From heas at shrubbery.net Wed Feb 25 22:21:02 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 25 Feb 2009 14:21:02 -0800 Subject: [rancid] Re: How to downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: References: Message-ID: <20090225222102.GS13893@shrubbery.net> Wed, Feb 25, 2009 at 03:00:16PM -0500, Mina Eskander: > I am having problems contacting my catos switches, I have 2 6509's > I have the type in my router.db as cat5, and clogin works fine, but when I run rancid or cat5rancid it just hangs after getting into enable mode. > I have autoenable set to 0 so it has to enter the enable password. > > I read in another post that somebody downgraded to 2.3.2a8 and it works, but I need some help downgrading. > Here is the post I read it in http://www.shrubbery.net/pipermail/rancid-discuss/2009-February/003637.html or, you could collect this information needed to debug the problem. > I am running > Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) > > Please help > > > Mina Eskander > Perimeterwatch Technologies > Direct: +1 (347) 448-2845 > Mobile: +1 (347) 510-4102 > meskander at perimeterwatch.com > > Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development > _____________________________________________________________________ > New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Wed Feb 25 22:31:47 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 25 Feb 2009 14:31:47 -0800 Subject: [rancid] Re: Using rancid with an unknown switch (patch wanted?) In-Reply-To: References: Message-ID: <20090225223147.GY13893@shrubbery.net> Wed, Feb 25, 2009 at 10:08:48AM +0100, jack marrow: > 2009/2/23 jack marrow : > > Hello, > > > > I have a collection of switches connected to Fujitsu Siemens hardware. > > I'm not able to physically inspect them at the moment, but apparently > > they are Accton switches. The mac address agrees with this. > > > > The problem I am having is that the pager can't be disabled (or I > > can't see how to disable it), and the pager prompt is: > > ---More--- > > > > This triggers the timeout, and it rancid fails. > > > > Should I fix this by editing rancid, or is there a preferred way? > > > > Thanks > > James > > > > Should I send a patch against rancid to fix this? there isnt a script for any fujitsu hardware, so i'm not sure what you'd be patching. And, disabling the pager is far preferred, so it'd be worth spending some time with the manual to be sure it isnt possible. From meskander at perimeterwatch.com Wed Feb 25 23:18:19 2009 From: meskander at perimeterwatch.com (Mina Eskander) Date: Wed, 25 Feb 2009 18:18:19 -0500 Subject: [rancid] Re: How to downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: <20090225222102.GS13893@shrubbery.net> References: <20090225222102.GS13893@shrubbery.net> Message-ID: What information is needed to debug this problem? Do you want log files? Or output from rancid-run -d? Mina Eskander Perimeterwatch Technologies Direct: +1 (347) 448-2845 Mobile: +1 (347) 510-4102 meskander at perimeterwatch.com Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development _____________________________________________________________________ New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Wednesday, February 25, 2009 5:21 PM To: Mina Eskander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] How to downgrade from 2.3.2a9 to 2.3.2a8 Wed, Feb 25, 2009 at 03:00:16PM -0500, Mina Eskander: > I am having problems contacting my catos switches, I have 2 6509's > I have the type in my router.db as cat5, and clogin works fine, but when I run rancid or cat5rancid it just hangs after getting into enable mode. > I have autoenable set to 0 so it has to enter the enable password. > > I read in another post that somebody downgraded to 2.3.2a8 and it works, but I need some help downgrading. > Here is the post I read it in http://www.shrubbery.net/pipermail/rancid-discuss/2009-February/003637.html or, you could collect this information needed to debug the problem. > I am running > Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) > > Please help > > > Mina Eskander > Perimeterwatch Technologies > Direct: +1 (347) 448-2845 > Mobile: +1 (347) 510-4102 > meskander at perimeterwatch.com > > Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development > _____________________________________________________________________ > New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From buraglio at illinois.edu Wed Feb 25 23:28:09 2009 From: buraglio at illinois.edu (Nick Buraglio) Date: Wed, 25 Feb 2009 17:28:09 -0600 Subject: [rancid] francid on MLX and edge case behaviors. Message-ID: <7FC86789-5CDA-4157-91E7-C3F7F4DDAA69@illinois.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This began on the f-nsp list here: http://www.mail-archive.com/foundry-nsp at puck.nether.net/msg01603.html Anyway, I was having trouble getting flogin to work against MLX code 3.9.00a over ssh. Long story short, the user I had set up had lower privilege and couldn't support the "skip-page-display" command that francid was expecting. Since I have more experience with pretty much every network vendor other than foundry, I thought this may just be what I like to call a "foundry-ism". Anyway, I solved this (possibly not the best way) by just changing flogin to call "terminal length 0" since the MLX code supports it and there are no foundries managed by this instance of rancid that don't. If anyone happens to have the one-off problems that I had, here is a simple fix: - --- flogin.orig 2009-02-25 17:07:12.000000000 -0600 +++ flogin 2009-02-25 15:58:49.000000000 -0600 @@ -506,7 +506,8 @@ global in_proc set in_proc 1 - - send "skip-page-display\r" +# send "skip-page-display\r" + send "terminal length 0\r" expect -re "$prompt" {} set commands [split $command \;] @@ -677,7 +678,8 @@ } } elseif { $do_script } { # fucking foundry - - send "skip-page-display\r" + #send "skip-page-display\r" + send "terminal length 0\r" expect -re $prompt {} source $sfile catch {close}; I thought I'd just post what I did, even if it is suboptimal, just in case it could help someone else down the line. - --- Nick Buraglio Network Engineer, CITES, University of Illinois GPG key 0x2E5B44F4 Phone: 217.244.6428 buraglio at illinois.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkml1AkACgkQFOm2Sy5bRPQ9AQCfQER1BpUjn0RALvuwa+yVWXBi nmoAn1fccXtm0dIVjR4OG7ug4OZsLrGF =Ue0S -----END PGP SIGNATURE----- From meskander at perimeterwatch.com Wed Feb 25 19:09:24 2009 From: meskander at perimeterwatch.com (Mina Eskander) Date: Wed, 25 Feb 2009 14:09:24 -0500 Subject: [rancid] How do i downgrade from 2.3.2a9 to 2.3.2a8 Message-ID: I am having problems contacting my catos switches, I have 2 6509's I have the type in my router.db as cat5, and clogin works fine, but when I run rancid or cat5rancid it just hangs after getting into enable mode. I have autoenable set to 0 so it has to enter the enable password. I read in another post that somebody downgraded to 2.3.2a8 and it works, but I need some help downgrading. I am running Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) Please help Mina Eskander Perimeterwatch Technologies Direct: +1 (347) 448-2845 Mobile: +1 (347) 510-4102 meskander at perimeterwatch.com Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development _____________________________________________________________________ New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090225/36ca1edc/attachment.html From jethro.binks at strath.ac.uk Thu Feb 26 09:17:47 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu, 26 Feb 2009 09:17:47 +0000 (GMT) Subject: [rancid] Re: francid on MLX and edge case behaviors. In-Reply-To: <7FC86789-5CDA-4157-91E7-C3F7F4DDAA69@illinois.edu> References: <7FC86789-5CDA-4157-91E7-C3F7F4DDAA69@illinois.edu> Message-ID: On Wed, 25 Feb 2009, Nick Buraglio wrote: > This began on the f-nsp list here: > http://www.mail-archive.com/foundry-nsp at puck.nether.net/msg01603.html > Anyway, I was having trouble getting flogin to work against MLX code > 3.9.00a over ssh. Long story short, the user I had set up had lower > privilege and couldn't support the "skip-page-display" command that > francid was expecting. Since I have more experience with pretty much > every network vendor other than foundry, I thought this may just be what > I like to call a "foundry-ism". Anyway, I solved this (possibly not the > best way) by just changing flogin to call "terminal length 0" since the > MLX code supports it and there are no foundries managed by this instance > of rancid that don't. Sorry I meant to respond to your message on f-nsp :) Anyway, I can confirm that "terminal length 0" also works on at least the BigIrons and Super-X related models, although they also support "skip-page-display" anyway (I do not have any MLX). It may be suitable to just send both commands and hope one works. However, I would add the following note, which may or may not be relevant to your environment. I use a special user for the rancid stuff, which is priv level 5: username rouser privilege 5 password ..... In order for skip-page-display to work, I need to change specify that I can run the command at this (lower) priv level: privilege exec level 5 skip-page-display It turns out if I wanted to use "terminal length 0" I would also need: privilege exec level 5 terminal (I do similar things for a Cisco ASA too). Working out the variants in command lines on different models or code revs even for the same vendor is the most difficult area, and even the most innocuous change can break things for someone else ('expect' is pretty fragile anyway *cough* Net::Appliance::Session (maybe) *cough*). Once you've actually bagged a copy of the config though, by whatever means, the rest of rancid works great! One potential improvement to make rancid more flexible might be to abstract some of these model/code-specific aspects, so that the appropriate command to "turn off paging" (if there is one) is determined in advance based on the vendor/model/version (with a default otherwise), then just the correct one sent. Then tweaking for other models is a matter of modifying the "commands to send" table, and the bulk of the code can remain the same, untouched, and hopefully not broken. There are already some tests modifying behaviour based on platform ("if { [ string compare "extreme" "$platform" ] }"). However, having said all that, it may well not simplify the bulk of the code enough to make the effort worthwhile ... (*cough* Net::Appliance::Session again (maybe) *cough*). A niggle I have is that clogin has been copied to a multitude of other *login modules for different vendors, some of which aren't really that different, and which don't all necessarily get useful changes made to clogin merged back into them. Some work to reduce this duplication would also be beneficial. I have vaguely looked at the potential for this from time to time, but not with any real committment so far. (Aside: These texts are from Net::Appliance::Session and related modules (which has a number of other dependencies like YAML): "Various models of network device, either from one vendor such as Cisco or between vendors, will naturally use alternate command and command prompt syntax. Net::Appliance::Session does not hard-code any of these commands or pattern matches in its source. They are all loaded at run-time from an external phrasebook (a.k.a. dictionary), which you may of course override." "In the world of network appliances, vendors will sometimes change the commands used in or even the appearance of the command line interface. This might happen between software version releases, or as a new product line is released. However, typically there is an ancestry to all these interfaces, so we can base a new product's dictionary on an existing dictionary whilst overriding some entries with new values." I wonder if, by using w(rap)rancid, it would be possible to investigate the use of Net::Appliance::Session, without having to touch rancid itself ... Jethro. -- . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From rancid at gheek.net Thu Feb 26 15:55:25 2009 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 26 Feb 2009 08:55:25 -0700 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: References: Message-ID: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> 6509's typically run IOS now not CATOS. Paste back to us the version of your software that you are running on the 6509s. On Wed, Feb 25, 2009 at 12:09 PM, Mina Eskander wrote: > I am having problems contacting my catos switches, I have 2 6509?s > > I have the type in my router.db as cat5, and clogin works fine, but when I > run rancid or cat5rancid it just hangs after getting into enable mode. > > I have autoenable set to 0 so it has to enter the enable password. > > > > I read in another post that somebody downgraded to 2.3.2a8 and it works, but > I need some help downgrading. > > I am running > > Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) > (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) > > > > Please help > > > > Mina Eskander > > Perimeterwatch Technologies > > Direct:?? +1 (347) 448-2845 > > Mobile:?? +1 (347) 510-4102 > > meskander at perimeterwatch.com > > > > Network Security | Disaster Recovery | Business Continuity | IT Projects | > Application Development > > _____________________________________________________________________ > New York: (347) 448-2845 - 34-12 36th Street ? 2nd Floor - Astoria,?NY > 11106 > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From meskander at perimeterwatch.com Thu Feb 26 16:21:32 2009 From: meskander at perimeterwatch.com (Mina Eskander) Date: Thu, 26 Feb 2009 11:21:32 -0500 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> References: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> Message-ID: The 6509 is running in hybrid mode, the switching modules are running catos 6.4(11) and the routing modules are polling just fine. switch> (enable) sh ver WS-C6509 Software, Version NmpSW: 6.4(11) Mina Eskander Perimeterwatch Technologies Direct: +1 (347) 448-2845 Mobile: +1 (347) 510-4102 meskander at perimeterwatch.com Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development _____________________________________________________________________ New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion Sent: Thursday, February 26, 2009 10:55 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 6509's typically run IOS now not CATOS. Paste back to us the version of your software that you are running on the 6509s. On Wed, Feb 25, 2009 at 12:09 PM, Mina Eskander wrote: > I am having problems contacting my catos switches, I have 2 6509's > > I have the type in my router.db as cat5, and clogin works fine, but when I > run rancid or cat5rancid it just hangs after getting into enable mode. > > I have autoenable set to 0 so it has to enter the enable password. > > > > I read in another post that somebody downgraded to 2.3.2a8 and it works, but > I need some help downgrading. > > I am running > > Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) > (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) > > > > Please help > > > > Mina Eskander > > Perimeterwatch Technologies > > Direct: +1 (347) 448-2845 > > Mobile: +1 (347) 510-4102 > > meskander at perimeterwatch.com > > > > Network Security | Disaster Recovery | Business Continuity | IT Projects | > Application Development > > _____________________________________________________________________ > New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY > 11106 > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Thu Feb 26 16:30:04 2009 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 26 Feb 2009 09:30:04 -0700 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: References: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> Message-ID: <8423e7bb0902260830y39f67fc7m74d2625660217803@mail.gmail.com> When you login do you start off at the (enable) prompt? If so do you have autoenable 1 in your .cloginrc for that host? On Thu, Feb 26, 2009 at 9:21 AM, Mina Eskander wrote: > The 6509 is running in hybrid mode, the switching modules are running catos 6.4(11) and the routing modules are polling just fine. > > switch> (enable) sh ver > WS-C6509 Software, Version NmpSW: 6.4(11) > > Mina Eskander > Perimeterwatch Technologies > Direct: ? +1 (347) 448-2845 > Mobile: ? +1 (347) 510-4102 > meskander at perimeterwatch.com > > Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development > _____________________________________________________________________ > New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion > Sent: Thursday, February 26, 2009 10:55 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 > > 6509's typically run IOS now not CATOS. Paste back to us the version > of your software that you are running on the 6509s. > > On Wed, Feb 25, 2009 at 12:09 PM, Mina Eskander > wrote: >> I am having problems contacting my catos switches, I have 2 6509's >> >> I have the type in my router.db as cat5, and clogin works fine, but when I >> run rancid or cat5rancid it just hangs after getting into enable mode. >> >> I have autoenable set to 0 so it has to enter the enable password. >> >> >> >> I read in another post that somebody downgraded to 2.3.2a8 and it works, but >> I need some help downgrading. >> >> I am running >> >> Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) >> (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) >> >> >> >> Please help >> >> >> >> Mina Eskander >> >> Perimeterwatch Technologies >> >> Direct: ? +1 (347) 448-2845 >> >> Mobile: ? +1 (347) 510-4102 >> >> meskander at perimeterwatch.com >> >> >> >> Network Security | Disaster Recovery | Business Continuity | IT Projects | >> Application Development >> >> _____________________________________________________________________ >> New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY >> 11106 >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From meskander at perimeterwatch.com Thu Feb 26 16:38:32 2009 From: meskander at perimeterwatch.com (Mina Eskander) Date: Thu, 26 Feb 2009 11:38:32 -0500 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: <8423e7bb0902260830y39f67fc7m74d2625660217803@mail.gmail.com> References: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> <8423e7bb0902260830y39f67fc7m74d2625660217803@mail.gmail.com> Message-ID: I have autoenable set to 0, so rancid has to manually enter the enable password, when I do a clogin it logs in and gets into enable mode just fine. But when I run rancid -d I get the following output [rancid at pwsecLX bin]$ rancid -d executing clogin -t 90 -c"admin show version;show version;show redundancy secondary;show idprom backplane;show install active;admin show env all;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;admin show variables boot;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show diag;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;more system:running-config;show running-config;write term" clogin error: Error: TIMEOUT reached clogin error: Error: TIMEOUT reached : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: : End of run not found : End of run not found ! [rancid at pwsecLX bin]$ -----Original Message----- From: Lance Vermilion [mailto:rancid at gheek.net] Sent: Thursday, February 26, 2009 11:30 AM To: Mina Eskander; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 When you login do you start off at the (enable) prompt? If so do you have autoenable 1 in your .cloginrc for that host? On Thu, Feb 26, 2009 at 9:21 AM, Mina Eskander wrote: > The 6509 is running in hybrid mode, the switching modules are running catos 6.4(11) and the routing modules are polling just fine. > > switch> (enable) sh ver > WS-C6509 Software, Version NmpSW: 6.4(11) > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion > Sent: Thursday, February 26, 2009 10:55 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 > > 6509's typically run IOS now not CATOS. Paste back to us the version > of your software that you are running on the 6509s. > > On Wed, Feb 25, 2009 at 12:09 PM, Mina Eskander > wrote: >> I am having problems contacting my catos switches, I have 2 6509's >> >> I have the type in my router.db as cat5, and clogin works fine, but when I >> run rancid or cat5rancid it just hangs after getting into enable mode. >> >> I have autoenable set to 0 so it has to enter the enable password. >> >> >> >> I read in another post that somebody downgraded to 2.3.2a8 and it works, but >> I need some help downgrading. >> >> I am running >> >> Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) >> (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) >> >> >> >> Please help >> >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From rancid at gheek.net Thu Feb 26 16:54:33 2009 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 26 Feb 2009 09:54:33 -0700 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: References: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> <8423e7bb0902260830y39f67fc7m74d2625660217803@mail.gmail.com> Message-ID: <8423e7bb0902260854m26163a5ew8467d07f230f1ec4@mail.gmail.com> You might want to source the conf file in "/etc/rancid.conf" to make sure you have all the same environment variables when you use clogin by default. It is timing out for a reason and I am not 100% sure why. I would think because it can't recognize the prompt correctly, or maybe you have some characters like "#" in your login/banner motd that it is seeing. paste back to the list clogin -c "show time" On Thu, Feb 26, 2009 at 9:38 AM, Mina Eskander wrote: > I have autoenable set to 0, so rancid has to manually enter the enable password, when I do a clogin it logs in and gets into enable mode just fine. > But when I run rancid -d I get the following output > > [rancid at pwsecLX bin]$ rancid -d > executing clogin -t 90 -c"admin show version;show version;show redundancy secondary;show idprom backplane;show install active;admin show env all;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;admin show variables boot;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show diag;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;more system:running-config;show running-config;write term" > clogin error: Error: TIMEOUT reached > clogin error: Error: TIMEOUT reached > : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: > : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: > : End of run not found > : End of run not found > ! > [rancid at pwsecLX bin]$ > > > -----Original Message----- > From: Lance Vermilion [mailto:rancid at gheek.net] > Sent: Thursday, February 26, 2009 11:30 AM > To: Mina Eskander; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 > > When you login do you start off at the (enable) prompt? If so do you > have autoenable 1 in your .cloginrc for that host? > > On Thu, Feb 26, 2009 at 9:21 AM, Mina Eskander > wrote: >> The 6509 is running in hybrid mode, the switching modules are running catos 6.4(11) and the routing modules are polling just fine. >> >> switch> (enable) sh ver >> WS-C6509 Software, Version NmpSW: 6.4(11) >> >> >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion >> Sent: Thursday, February 26, 2009 10:55 AM >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 >> >> 6509's typically run IOS now not CATOS. Paste back to us the version >> of your software that you are running on the 6509s. >> >> On Wed, Feb 25, 2009 at 12:09 PM, Mina Eskander >> wrote: >>> I am having problems contacting my catos switches, I have 2 6509's >>> >>> I have the type in my router.db as cat5, and clogin works fine, but when I >>> run rancid or cat5rancid it just hangs after getting into enable mode. >>> >>> I have autoenable set to 0 so it has to enter the enable password. >>> >>> >>> >>> I read in another post that somebody downgraded to 2.3.2a8 and it works, but >>> I need some help downgrading. >>> >>> I am running >>> >>> Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) >>> (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) >>> >>> >>> >>> Please help >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > From meskander at perimeterwatch.com Thu Feb 26 17:03:26 2009 From: meskander at perimeterwatch.com (Mina Eskander) Date: Thu, 26 Feb 2009 12:03:26 -0500 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: <8423e7bb0902260854m26163a5ew8467d07f230f1ec4@mail.gmail.com> References: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> <8423e7bb0902260830y39f67fc7m74d2625660217803@mail.gmail.com> <8423e7bb0902260854m26163a5ew8467d07f230f1ec4@mail.gmail.com> Message-ID: [rancid at pwsecLX bin]$ clogin -c "show time" spawn telnet Trying ... Connected to . Escape character is '^]'. Cisco Systems Console WARNING!!! This system is solely for the use of authorized users for official purposes. You have no expectation of privacy in its use and to ensure that the system is functioning properly, individuals using this computer system are subject to having all of their activities monitored and recorded by system personnel. Use of this system evidences an express consent to such monitoring and agreement that if such monitoring reveals evidence of possible abuse or criminal activity, system personnel may provide the results of such monitoring to appropriate officials. Username: Password: switch> enable Enter password: switch> (enable) switch> (enable) set length 0 Screen length for this session set to 0. switch> (enable) Error: TIMEOUT reached [rancid at pwsecLX bin]$ Mina Eskander Perimeterwatch Technologies Direct: +1 (347) 448-2845 Mobile: +1 (347) 510-4102 meskander at perimeterwatch.com Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development _____________________________________________________________________ New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 -----Original Message----- From: Lance Vermilion [mailto:rancid at gheek.net] Sent: Thursday, February 26, 2009 11:55 AM To: Mina Eskander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 You might want to source the conf file in "/etc/rancid.conf" to make sure you have all the same environment variables when you use clogin by default. It is timing out for a reason and I am not 100% sure why. I would think because it can't recognize the prompt correctly, or maybe you have some characters like "#" in your login/banner motd that it is seeing. paste back to the list clogin -c "show time" On Thu, Feb 26, 2009 at 9:38 AM, Mina Eskander wrote: > I have autoenable set to 0, so rancid has to manually enter the enable password, when I do a clogin it logs in and gets into enable mode just fine. > But when I run rancid -d I get the following output > > [rancid at pwsecLX bin]$ rancid -d > executing clogin -t 90 -c"admin show version;show version;show redundancy secondary;show idprom backplane;show install active;admin show env all;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;admin show variables boot;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show diag;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;more system:running-config;show running-config;write term" > clogin error: Error: TIMEOUT reached > clogin error: Error: TIMEOUT reached > : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: > : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: > : End of run not found > : End of run not found > ! > [rancid at pwsecLX bin]$ > > > -----Original Message----- > From: Lance Vermilion [mailto:rancid at gheek.net] > Sent: Thursday, February 26, 2009 11:30 AM > To: Mina Eskander; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 > > When you login do you start off at the (enable) prompt? If so do you > have autoenable 1 in your .cloginrc for that host? > > On Thu, Feb 26, 2009 at 9:21 AM, Mina Eskander > wrote: >> The 6509 is running in hybrid mode, the switching modules are running catos 6.4(11) and the routing modules are polling just fine. >> >> switch> (enable) sh ver >> WS-C6509 Software, Version NmpSW: 6.4(11) >> >> >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion >> Sent: Thursday, February 26, 2009 10:55 AM >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 >> >> 6509's typically run IOS now not CATOS. Paste back to us the version >> of your software that you are running on the 6509s. >> >> On Wed, Feb 25, 2009 at 12:09 PM, Mina Eskander >> wrote: >>> I am having problems contacting my catos switches, I have 2 6509's >>> >>> I have the type in my router.db as cat5, and clogin works fine, but when I >>> run rancid or cat5rancid it just hangs after getting into enable mode. >>> >>> I have autoenable set to 0 so it has to enter the enable password. >>> >>> >>> >>> I read in another post that somebody downgraded to 2.3.2a8 and it works, but >>> I need some help downgrading. >>> >>> I am running >>> >>> Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) >>> (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) >>> >>> >>> >>> Please help >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > From rancid at gheek.net Thu Feb 26 17:14:11 2009 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 26 Feb 2009 10:14:11 -0700 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: References: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> <8423e7bb0902260830y39f67fc7m74d2625660217803@mail.gmail.com> <8423e7bb0902260854m26163a5ew8467d07f230f1ec4@mail.gmail.com> Message-ID: <8423e7bb0902260914y2628601fp4515b88b2cf113a1@mail.gmail.com> Mina, I am assuming with user interaction it works just fine versus running the command as a passed in argument. John, Any idea why it would recognize the prompt enough to send set term length 0 but not recognize it afterwards? On Thu, Feb 26, 2009 at 10:03 AM, Mina Eskander wrote: > [rancid at pwsecLX bin]$ clogin -c "show time" > > spawn telnet > Trying ... > Connected to . > Escape character is '^]'. > > > Cisco Systems Console > > > WARNING!!! > This system is solely for the use of authorized users for official purposes. > You have no expectation of privacy in its use and to ensure that the system > is functioning properly, individuals using this computer system are subject > to having all of their activities monitored and recorded by system > personnel. Use of this system evidences an express consent to such > monitoring and agreement that if such monitoring reveals evidence of > possible abuse or criminal activity, system personnel may provide the results > of such monitoring to appropriate officials. > > > > Username: > > Password: > switch> enable > > Enter password: > switch> (enable) > switch> (enable) set length 0 > Screen length for this session set to 0. > switch> (enable) > Error: TIMEOUT reached > [rancid at pwsecLX bin]$ > > Mina Eskander > Perimeterwatch Technologies > Direct: ? +1 (347) 448-2845 > Mobile: ? +1 (347) 510-4102 > meskander at perimeterwatch.com > > Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development > _____________________________________________________________________ > New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 > > > -----Original Message----- > From: Lance Vermilion [mailto:rancid at gheek.net] > Sent: Thursday, February 26, 2009 11:55 AM > To: Mina Eskander > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 > > You might want to source the conf file in " home>/etc/rancid.conf" to make sure you have all the same environment > variables when you use clogin by default. > > It is timing out for a reason and I am not 100% sure why. I would > think because it can't recognize the prompt correctly, or maybe you > have some characters like "#" in your login/banner motd that it is > seeing. > > paste back to the list > > ?clogin -c "show time" > > On Thu, Feb 26, 2009 at 9:38 AM, Mina Eskander > wrote: >> I have autoenable set to 0, so rancid has to manually enter the enable password, when I do a clogin it logs in and gets into enable mode just fine. >> But when I run rancid -d I get the following output >> >> [rancid at pwsecLX bin]$ rancid -d >> executing clogin -t 90 -c"admin show version;show version;show redundancy secondary;show idprom backplane;show install active;admin show env all;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;admin show variables boot;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show diag;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;more system:running-config;show running-config;write term" >> clogin error: Error: TIMEOUT reached >> clogin error: Error: TIMEOUT reached >> : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: >> : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: >> : End of run not found >> : End of run not found >> ! >> [rancid at pwsecLX bin]$ >> >> >> -----Original Message----- >> From: Lance Vermilion [mailto:rancid at gheek.net] >> Sent: Thursday, February 26, 2009 11:30 AM >> To: Mina Eskander; rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 >> >> When you login do you start off at the (enable) prompt? If so do you >> have autoenable 1 in your .cloginrc for that host? >> >> On Thu, Feb 26, 2009 at 9:21 AM, Mina Eskander >> wrote: >>> The 6509 is running in hybrid mode, the switching modules are running catos 6.4(11) and the routing modules are polling just fine. >>> >>> switch> (enable) sh ver >>> WS-C6509 Software, Version NmpSW: 6.4(11) >>> >>> >>> -----Original Message----- >>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion >>> Sent: Thursday, February 26, 2009 10:55 AM >>> To: rancid-discuss at shrubbery.net >>> Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 >>> >>> 6509's typically run IOS now not CATOS. Paste back to us the version >>> of your software that you are running on the 6509s. >>> >>> On Wed, Feb 25, 2009 at 12:09 PM, Mina Eskander >>> wrote: >>>> I am having problems contacting my catos switches, I have 2 6509's >>>> >>>> I have the type in my router.db as cat5, and clogin works fine, but when I >>>> run rancid or cat5rancid it just hangs after getting into enable mode. >>>> >>>> I have autoenable set to 0 so it has to enter the enable password. >>>> >>>> >>>> >>>> I read in another post that somebody downgraded to 2.3.2a8 and it works, but >>>> I need some help downgrading. >>>> >>>> I am running >>>> >>>> Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) >>>> (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) >>>> >>>> >>>> >>>> Please help >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >> > From meskander at perimeterwatch.com Thu Feb 26 17:18:43 2009 From: meskander at perimeterwatch.com (Mina Eskander) Date: Thu, 26 Feb 2009 12:18:43 -0500 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: <8423e7bb0902260914y2628601fp4515b88b2cf113a1@mail.gmail.com> References: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> <8423e7bb0902260830y39f67fc7m74d2625660217803@mail.gmail.com> <8423e7bb0902260854m26163a5ew8467d07f230f1ec4@mail.gmail.com> <8423e7bb0902260914y2628601fp4515b88b2cf113a1@mail.gmail.com> Message-ID: If I run clogin -c "show time" it will do the set length 0 and it looks like its waiting for something. While its waiting I try to type show run, and it just freezes on me and times out. If I just do clogin than I can enter whatever I want and there are no timeouts Mina Eskander Perimeterwatch Technologies Direct: +1 (347) 448-2845 Mobile: +1 (347) 510-4102 meskander at perimeterwatch.com Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development _____________________________________________________________________ New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 -----Original Message----- From: Lance Vermilion [mailto:rancid at gheek.net] Sent: Thursday, February 26, 2009 12:14 PM To: Mina Eskander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 Mina, I am assuming with user interaction it works just fine versus running the command as a passed in argument. John, Any idea why it would recognize the prompt enough to send set term length 0 but not recognize it afterwards? On Thu, Feb 26, 2009 at 10:03 AM, Mina Eskander wrote: > [rancid at pwsecLX bin]$ clogin -c "show time" > > spawn telnet > Trying ... > Connected to . > Escape character is '^]'. > > > Cisco Systems Console > > > WARNING!!! > This system is solely for the use of authorized users for official purposes. > You have no expectation of privacy in its use and to ensure that the system > is functioning properly, individuals using this computer system are subject > to having all of their activities monitored and recorded by system > personnel. Use of this system evidences an express consent to such > monitoring and agreement that if such monitoring reveals evidence of > possible abuse or criminal activity, system personnel may provide the results > of such monitoring to appropriate officials. > > > > Username: > > Password: > switch> enable > > Enter password: > switch> (enable) > switch> (enable) set length 0 > Screen length for this session set to 0. > switch> (enable) > Error: TIMEOUT reached > [rancid at pwsecLX bin]$ > > Mina Eskander > Perimeterwatch Technologies > Direct: +1 (347) 448-2845 > Mobile: +1 (347) 510-4102 > meskander at perimeterwatch.com > > Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development > _____________________________________________________________________ > New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 > > > -----Original Message----- > From: Lance Vermilion [mailto:rancid at gheek.net] > Sent: Thursday, February 26, 2009 11:55 AM > To: Mina Eskander > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 > > You might want to source the conf file in " home>/etc/rancid.conf" to make sure you have all the same environment > variables when you use clogin by default. > > It is timing out for a reason and I am not 100% sure why. I would > think because it can't recognize the prompt correctly, or maybe you > have some characters like "#" in your login/banner motd that it is > seeing. > > paste back to the list > > clogin -c "show time" > > On Thu, Feb 26, 2009 at 9:38 AM, Mina Eskander > wrote: >> I have autoenable set to 0, so rancid has to manually enter the enable password, when I do a clogin it logs in and gets into enable mode just fine. >> But when I run rancid -d I get the following output >> >> [rancid at pwsecLX bin]$ rancid -d >> executing clogin -t 90 -c"admin show version;show version;show redundancy secondary;show idprom backplane;show install active;admin show env all;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;admin show variables boot;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show diag;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;more system:running-config;show running-config;write term" >> clogin error: Error: TIMEOUT reached >> clogin error: Error: TIMEOUT reached >> : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: >> : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: >> : End of run not found >> : End of run not found >> ! >> [rancid at pwsecLX bin]$ >> >> >> -----Original Message----- >> From: Lance Vermilion [mailto:rancid at gheek.net] >> Sent: Thursday, February 26, 2009 11:30 AM >> To: Mina Eskander; rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 >> >> When you login do you start off at the (enable) prompt? If so do you >> have autoenable 1 in your .cloginrc for that host? >> >> On Thu, Feb 26, 2009 at 9:21 AM, Mina Eskander >> wrote: >>> The 6509 is running in hybrid mode, the switching modules are running catos 6.4(11) and the routing modules are polling just fine. >>> >>> switch> (enable) sh ver >>> WS-C6509 Software, Version NmpSW: 6.4(11) >>> >>> >>> -----Original Message----- >>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion >>> Sent: Thursday, February 26, 2009 10:55 AM >>> To: rancid-discuss at shrubbery.net >>> Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 >>> >>> 6509's typically run IOS now not CATOS. Paste back to us the version >>> of your software that you are running on the 6509s. >>> >>> On Wed, Feb 25, 2009 at 12:09 PM, Mina Eskander >>> wrote: >>>> I am having problems contacting my catos switches, I have 2 6509's >>>> >>>> I have the type in my router.db as cat5, and clogin works fine, but when I >>>> run rancid or cat5rancid it just hangs after getting into enable mode. >>>> >>>> I have autoenable set to 0 so it has to enter the enable password. >>>> >>>> >>>> >>>> I read in another post that somebody downgraded to 2.3.2a8 and it works, but >>>> I need some help downgrading. >>>> >>>> I am running >>>> >>>> Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) >>>> (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) >>>> >>>> >>>> >>>> Please help >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >> > From meskander at perimeterwatch.com Thu Feb 26 17:32:13 2009 From: meskander at perimeterwatch.com (Mina Eskander) Date: Thu, 26 Feb 2009 12:32:13 -0500 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: <8423e7bb0902260929i615ecb72s984deb1995c33d26@mail.gmail.com> References: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> <8423e7bb0902260830y39f67fc7m74d2625660217803@mail.gmail.com> <8423e7bb0902260854m26163a5ew8467d07f230f1ec4@mail.gmail.com> <8423e7bb0902260914y2628601fp4515b88b2cf113a1@mail.gmail.com> <8423e7bb0902260929i615ecb72s984deb1995c33d26@mail.gmail.com> Message-ID: [rancid at pwsecLX ~]$ source etc/rancid.conf [rancid at pwsecLX ~]$ echo $TERM network -----Original Message----- From: Lance Vermilion [mailto:rancid at gheek.net] Sent: Thursday, February 26, 2009 12:30 PM To: Mina Eskander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 I would guess it is something with how the passed ARGs is being understood. "source /etc/rancid.conf" and do a "echo $TERM" and see what that returns. it should return "network" if you actually loaded the "rancid.conf" file. On Thu, Feb 26, 2009 at 10:18 AM, Mina Eskander wrote: > If I run clogin -c "show time" it will do the set length 0 and it looks like its waiting for something. > While its waiting I try to type show run, and it just freezes on me and times out. > > If I just do clogin than I can enter whatever I want and there are no timeouts > > -----Original Message----- > From: Lance Vermilion [mailto:rancid at gheek.net] > Sent: Thursday, February 26, 2009 12:14 PM > To: Mina Eskander > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 > > Mina, > > I am assuming with user interaction it works just fine versus running > the command as a passed in argument. > > John, > > Any idea why it would recognize the prompt enough to send set term > length 0 but not recognize it afterwards? > > On Thu, Feb 26, 2009 at 10:03 AM, Mina Eskander > wrote: >> [rancid at pwsecLX bin]$ clogin -c "show time" >> >> spawn telnet >> Trying ... >> Connected to . >> Escape character is '^]'. >> >> >> Cisco Systems Console >> >> >> WARNING!!! >> This system is solely for the use of authorized users for official purposes. >> You have no expectation of privacy in its use and to ensure that the system >> is functioning properly, individuals using this computer system are subject >> to having all of their activities monitored and recorded by system >> personnel. Use of this system evidences an express consent to such >> monitoring and agreement that if such monitoring reveals evidence of >> possible abuse or criminal activity, system personnel may provide the results >> of such monitoring to appropriate officials. >> >> >> >> Username: >> >> Password: >> switch> enable >> >> Enter password: >> switch> (enable) >> switch> (enable) set length 0 >> Screen length for this session set to 0. >> switch> (enable) >> Error: TIMEOUT reached >> [rancid at pwsecLX bin]$ >> >> Mina Eskander >> Perimeterwatch Technologies >> Direct: +1 (347) 448-2845 >> Mobile: +1 (347) 510-4102 >> meskander at perimeterwatch.com >> >> Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development >> _____________________________________________________________________ >> New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 >> >> >> -----Original Message----- >> From: Lance Vermilion [mailto:rancid at gheek.net] >> Sent: Thursday, February 26, 2009 11:55 AM >> To: Mina Eskander >> Cc: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 >> >> You might want to source the conf file in "> home>/etc/rancid.conf" to make sure you have all the same environment >> variables when you use clogin by default. >> >> It is timing out for a reason and I am not 100% sure why. I would >> think because it can't recognize the prompt correctly, or maybe you >> have some characters like "#" in your login/banner motd that it is >> seeing. >> >> paste back to the list >> >> clogin -c "show time" >> >> On Thu, Feb 26, 2009 at 9:38 AM, Mina Eskander >> wrote: >>> I have autoenable set to 0, so rancid has to manually enter the enable password, when I do a clogin it logs in and gets into enable mode just fine. >>> But when I run rancid -d I get the following output >>> >>> [rancid at pwsecLX bin]$ rancid -d >>> executing clogin -t 90 -c"admin show version;show version;show redundancy secondary;show idprom backplane;show install active;admin show env all;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;admin show variables boot;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show diag;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;more system:running-config;show running-config;write term" >>> clogin error: Error: TIMEOUT reached >>> clogin error: Error: TIMEOUT reached >>> : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: >>> : missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: >>> : End of run not found >>> : End of run not found >>> ! >>> [rancid at pwsecLX bin]$ >>> >>> >>> -----Original Message----- >>> From: Lance Vermilion [mailto:rancid at gheek.net] >>> Sent: Thursday, February 26, 2009 11:30 AM >>> To: Mina Eskander; rancid-discuss at shrubbery.net >>> Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 >>> >>> When you login do you start off at the (enable) prompt? If so do you >>> have autoenable 1 in your .cloginrc for that host? >>> >>> On Thu, Feb 26, 2009 at 9:21 AM, Mina Eskander >>> wrote: >>>> The 6509 is running in hybrid mode, the switching modules are running catos 6.4(11) and the routing modules are polling just fine. >>>> >>>> switch> (enable) sh ver >>>> WS-C6509 Software, Version NmpSW: 6.4(11) >>>> >>>> >>>> -----Original Message----- >>>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion >>>> Sent: Thursday, February 26, 2009 10:55 AM >>>> To: rancid-discuss at shrubbery.net >>>> Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 >>>> >>>> 6509's typically run IOS now not CATOS. Paste back to us the version >>>> of your software that you are running on the 6509s. >>>> >>>> On Wed, Feb 25, 2009 at 12:09 PM, Mina Eskander >>>> wrote: >>>>> I am having problems contacting my catos switches, I have 2 6509's >>>>> >>>>> I have the type in my router.db as cat5, and clogin works fine, but when I >>>>> run rancid or cat5rancid it just hangs after getting into enable mode. >>>>> >>>>> I have autoenable set to 0 so it has to enter the enable password. >>>>> >>>>> >>>>> >>>>> I read in another post that somebody downgraded to 2.3.2a8 and it works, but >>>>> I need some help downgrading. >>>>> >>>>> I am running >>>>> >>>>> Linux version 2.6.23.12-52.fc7 (mockbuild at xenbuilder4.fedora.phx.redhat.com) >>>>> (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) >>>>> >>>>> >>>>> >>>>> Please help >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Rancid-discuss mailing list >>>>> Rancid-discuss at shrubbery.net >>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>>> >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >>> >> > From rancid at gheek.net Thu Feb 26 17:29:43 2009 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 26 Feb 2009 10:29:43 -0700 Subject: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 In-Reply-To: References: <8423e7bb0902260755x3f531f1aq536b35e3f0a67bec@mail.gmail.com> <8423e7bb0902260830y39f67fc7m74d2625660217803@mail.gmail.com> <8423e7bb0902260854m26163a5ew8467d07f230f1ec4@mail.gmail.com> <8423e7bb0902260914y2628601fp4515b88b2cf113a1@mail.gmail.com> Message-ID: <8423e7bb0902260929i615ecb72s984deb1995c33d26@mail.gmail.com> I would guess it is something with how the passed ARGs is being understood. "source /etc/rancid.conf" and do a "echo $TERM" and see what that returns. it should return "network" if you actually loaded the "rancid.conf" file. On Thu, Feb 26, 2009 at 10:18 AM, Mina Eskander wrote: > If I run clogin -c "show time" it will do the set length 0 and it looks like its waiting for something. > While its waiting I try to type show run, and it just freezes on me and times out. > > If I just do clogin than I can enter whatever I want and there are no timeouts > > Mina Eskander > Perimeterwatch Technologies > Direct: ? +1 (347) 448-2845 > Mobile: ? +1 (347) 510-4102 > meskander at perimeterwatch.com > > Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development > _____________________________________________________________________ > New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 > > > -----Original Message----- > From: Lance Vermilion [mailto:rancid at gheek.net] > Sent: Thursday, February 26, 2009 12:14 PM > To: Mina Eskander > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: How do i downgrade from 2.3.2a9 to 2.3.2a8 > > Mina, > > I am assuming with user interaction it works just fine versus running > the command as a passed in argument. > > John, > > Any idea why it would recognize the prompt enough to send set term > length 0 but not recognize it afterwards? > > On Thu, Feb 26, 2009 at 10:03 AM, Mina Eskander > wrote: >> [rancid at pwsecLX bin]$ clogin -c "show time" >>