From jeff at terida.com Thu Jul 2 14:09:37 2015 From: jeff at terida.com (Jeff MacDonald) Date: Thu, 2 Jul 2015 11:09:37 -0300 Subject: [rancid] Git.. first time config In-Reply-To: <20150630193609.GF51241@shrubbery.net> References: <66A0C0B5-0488-4C4A-BD25-763E93E96869@terida.com> <20150630193609.GF51241@shrubbery.net> Message-ID: <96E68FEC-1E0A-4BF9-8DEE-38B23B4E8C37@terida.com> Thanks, all good. ? Jeff MacDonald > On Jun 30, 2015, at 4:36 PM, heasley wrote: > > Tue, Jun 30, 2015 at 04:28:36PM -0300, Jeff MacDonald: >> Hi, >> >> I find the docs? lacking and I?m trying to set rancid up with git. >> >> Do I just >> >> - ensure all ssh keys are in place >> - do a clone of a repo I?ve already created and then point CVSROOT to the .git directory inside my clone > > create empty and git add router.db and dir configs > >> - set RCSSYS to git > >> - run rancid-cvs > > this won't do anything; it does not support remote repos. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeff at terida.com Fri Jul 3 14:02:39 2015 From: jeff at terida.com (Jeff MacDonald) Date: Fri, 3 Jul 2015 11:02:39 -0300 Subject: [rancid] Git.. first time config In-Reply-To: <20150630193609.GF51241@shrubbery.net> References: <66A0C0B5-0488-4C4A-BD25-763E93E96869@terida.com> <20150630193609.GF51241@shrubbery.net> Message-ID: > On Jun 30, 2015, at 4:36 PM, heasley wrote: > > Tue, Jun 30, 2015 at 04:28:36PM -0300, Jeff MacDonald: >> Hi, >> >> I find the docs? lacking and I?m trying to set rancid up with git. >> >> Do I just >> >> - ensure all ssh keys are in place >> - do a clone of a repo I?ve already created and then point CVSROOT to the .git directory inside my clone > > create empty and git add router.db and dir configs > >> - set RCSSYS to git > >> - run rancid-cvs > > this won't do anything; it does not support remote repos. I got this in my logs fatal: No configured push destination. Either specify the URL from the command-line or configure a remote repository using Indicting that remote repos are supported by Git. So I?m a bit confused by your statement. Jeff. From heas at shrubbery.net Fri Jul 3 16:04:35 2015 From: heas at shrubbery.net (heasley) Date: Fri, 3 Jul 2015 16:04:35 +0000 Subject: [rancid] Git.. first time config In-Reply-To: References: <66A0C0B5-0488-4C4A-BD25-763E93E96869@terida.com> <20150630193609.GF51241@shrubbery.net> Message-ID: <20150703160435.GE39336@shrubbery.net> Fri, Jul 03, 2015 at 11:02:39AM -0300, Jeff MacDonald: > >> - run rancid-cvs > > > > this won't do anything; it does not support remote repos. > > I got this in my logs > > fatal: No configured push destination. > Either specify the URL from the command-line or configure a remote repository using > > Indicting that remote repos are supported by Git. So I?m a bit confused by your statement. rancid-cvs does not support remotes - meaning that to use a remote you must do what rancid-cvs would have. same for cvs and svn. From wilby.sanchez at gmail.com Fri Jul 3 11:44:22 2015 From: wilby.sanchez at gmail.com (Wilby Sanchez) Date: Fri, 3 Jul 2015 04:44:22 -0700 (PDT) Subject: [rancid] Interesting problem, HP procurve 2800s work fine, 2500s config won't download In-Reply-To: <4D508436.7070801@gmail.com> References: <4D42FF3D.1040400@gmail.com> <4D508436.7070801@gmail.com> Message-ID: I had rancid version 3.1 runing on CentOS 6.6 and CentOS 7.1, and when i runing that: [rancid at CentRancid CVS]$ /usr/libexec/rancid/hrancid -d 192.168.100.85 executing hlogin -t 90 -c"show version;show flash;show system information;show stack;show tech tran5 sh: hlogin: no se encontr? la orden 192.168.100.85: missed cmd(s): all commands 192.168.100.85: End of run not found 192.168.100.85: End of run not found ; [rancid at CentRancid CVS]$ *********************************** the command the file "hrancid" have it is that: # Main @commandtable = ( {'show version' => 'ShowVersion'}, {'show flash' => 'ShowFlash'}, # {'show system-information' => 'ShowSystem'}, {'show system information' => 'ShowSystem'}, # {'show module' => 'ShowModule'}, {'show stack' => 'ShowStack'}, {'show tech transceivers' => 'ShowTechTransceivers'}, {'show config files' => 'ShowConfigFiles'}, {'show config status' => 'ShowConfigStatus'}, {'write term' => 'WriteTerm'} ); El martes, 8 de febrero de 2011, 0:45:58 (UTC+1), Joe McDonagh escribi?: > > FYI, upgrading to 2.3.6 solved this issue. Working beautifully now, and > fixed some stuff with the ASAs diffing files that it shouldn't have been. > > On 01/28/2011 12:39 PM, Joe McDonagh wrote: > > hlogin works fine to both these sets of routers, however the config for > > 2500s never gets downloaded and I get this trace back: > > > > Getting missed routers: round 4. > > write(spawn_id=1): broken pipe > > while executing > > "send_user -- "$expect_out(buffer)"" > > invoked from within > > "expect -nobrace -re {^[^ > > *]*x699-25250G-24-PoE-01#} { send_user -- "$expect_out(buffer)" > > } -re {^[^ > > ]*x699-25250G-24-PoE-01#.} { send_user --..." > > invoked from within > > "expect { > > -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" > > } > > -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" > > ..." > > invoked from within > > "if [ string match "*\;*" "$command" ] { > > set commands [split $command \;] > > set num_commands [llength $commands] > > # the pager can not be turned off on ..." > > (procedure "run_commands" line 15) > > invoked from within > > "run_commands $prompt $command" > > ("foreach" body line 139) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > send_user "$router\n" > > > > # Figure out prompt. > > # Since autoena..." > > (file "/usr/lib/rancid/bin/hlogin" line 583) > > 10.5.30.4: missed cmd(s): show stack,show module,write term > > 10.5.30.4: End of run not found > > ; > > > > > -- > Joe McDonagh > AIM: YoosingYoonickz > IRC: joe-mac on freenode > L'ennui est contre-r?volutionnaire > > _______________________________________________ > Rancid-discuss mailing list > Rancid-... at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matta at surveymonkey.com Tue Jul 7 23:14:39 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Tue, 7 Jul 2015 23:14:39 +0000 Subject: [rancid] How to remove fan speed from f5rancid output? Message-ID: Well, I had thought I had fixed this, but it was just not running for our f5s for a while. Oopps. Anyway, my perl-fu isn?t very good. Can someone quickly tell me what I need to change in this code to remove the fan speed(rpm) values from the output below: ## $Id: f5rancid.in 2279 2011-01-31 22:41:00Z heas $ sub ShowHardware { print STDERR " In ShowHardware: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); s/\d+rpm//ig; s/^\|//; s/^\ \ ([0-9]+)(\ +).*up.*[0-9]/ $1$2up REMOVED/i; s/^\ \ ([0-9]+)(\ +).*Air\ Inlet/ $1$2REMOVED Air Inlet/i; s/^\ \ ([0-9]+)(\ +).*HSBe/ $1$2REMOVED HSBe/i; s/^\ \ ([0-9]+)(\ +).*TMP421 on die/ $1$2REMOVED TMP421 on die/i; s/^\ \ ([0-9]+)(\ +)[0-9]+\ +[0-9]+ +[0-9]+/ $1$2REMOVED REMOVED REMOVED/; /Type: / && ProcessHistory("COMMENTS","keysort","A0", "#Chassis type: $'"); ProcessHistory("COMMENTS","keysort","B1","#$_") && next; } return(0); } [user at mt-lb03:Active:In Sync] ~ # tmsh show sys hardware Sys::Hardware Chassis Fan Status Index Status Low Limit(rpm) Fan Speed(rpm) 1 up 3000 10227 2 up 3000 10887 3 up 3000 10546 Chassis Information Maximum MAC Count 2 Registration Key - Chassis Power Supply Status Index Status Current 1 up NA 2 not-present NA Chassis Temperature Status Index Lo Limit(C) Temp(degC) Hi Limit(C) Location 1 5 22 55 Air Inlet If there?s a more updated f5rancid that fully supports TMSH on 11.6.0 HF3, I?d love to have a copy. Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From bhart at unifiedbrands.net Tue Jul 7 17:41:19 2015 From: bhart at unifiedbrands.net (Hart, Benjamin) Date: Tue, 7 Jul 2015 17:41:19 +0000 Subject: [rancid] Missed cmd(s): all commands / clogin error: Error: extra characters after close-brace Message-ID: I have searched and I know the usual cause for this.. but my cloginrc file seriously has all the proper close-braces, see below: Add password x.x.x.x {[password]} {[password]} Add user x.x.x.x {admin} Add method x.x.x.x {ssh} Add password x.x.x.x {[password]} {[password]} Add user x.x.x.x {root} Add method x.x.x.x {telnet} The two specific IP's stated in the log file is seriously, and 100% triple verified to only have the text above. Yes my passwords include a bracket which worked for the initial diff polling. My issue today is that I made changes to a single switch, those changes were not polled by rancid. Only the initial 'new router' entry is seen. No config changes have been done to the rancid server either. No security changes have been done to the switches either. Did the syntax for the .cloginrc file change? Hell in the examples it shows how the user and method values are not wrapped in braces however after testing that by removing the braces around mine I still get the same error. Calgon, take me away. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jul 7 23:28:32 2015 From: heas at shrubbery.net (Calgon) Date: Tue, 7 Jul 2015 23:28:32 +0000 Subject: [rancid] Missed cmd(s): all commands / clogin error: Error: extra characters after close-brace In-Reply-To: References: Message-ID: <20150707232832.GD74274@shrubbery.net> Tue, Jul 07, 2015 at 05:41:19PM +0000, Hart, Benjamin: > I have searched and I know the usual cause for this.. but my cloginrc file seriously has all the proper close-braces, see below: > > > > Add password x.x.x.x {[password]} {[password]} > Add user x.x.x.x {admin} > Add method x.x.x.x {ssh} > > Add password x.x.x.x {[password]} {[password]} > Add user x.x.x.x {root} > Add method x.x.x.x {telnet} > > The two specific IP's stated in the log file is seriously, and 100% triple verified to only have the text above. Yes my passwords include a bracket which worked for the initial diff polling. My issue today is that I made changes to a single switch, those changes were not polled by rancid. Only the initial 'new router' entry is seen. No config changes have been done to the rancid server either. No security changes have been done to the switches either. > > Did the syntax for the .cloginrc file change? Hell in the examples it shows how the user and method values are not wrapped in braces however after testing that by removing the braces around mine I still get the same error. > > Calgon, take me away. The first two questions will always be: does the login scripts work for an interactive login to the device? if yes, then does a command (-c) work. From alan.mckinnon at gmail.com Wed Jul 8 07:11:57 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 8 Jul 2015 09:11:57 +0200 Subject: [rancid] How to remove fan speed from f5rancid output? In-Reply-To: References: Message-ID: <559CCD3D.3030302@gmail.com> On 08/07/2015 01:14, Matt Almgren wrote: > Well, I had thought I had fixed this, but it was just not running for > our f5s for a while. Oopps. > > Anyway, my perl-fu isn?t very good. Can someone quickly tell me what I > need to change in this code to remove the fan speed(rpm) values from the > output below: > > > ## $Id: f5rancid.in 2279 2011-01-31 22:41:00Z heas $ > > sub ShowHardware { > print STDERR " In ShowHardware: $_" if ($debug); > > while () { > tr/\015//d; > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*)$/); > return(1) if /^\s*\^\s*$/; > return(1) if /(Invalid input detected|Type help or )/; > return(-1) if (/command authorization failed/i); > > s/\d+rpm//ig; > s/^\|//; > s/^\ \ ([0-9]+)(\ +).*up.*[0-9]/ $1$2up REMOVED/i; ^^^^ ^^ This is the code that is intended to do what you want. But there's no need to escape the spaces in that regex. Replace with literal spaces, or preferrably \s for any whitespace: s/^\s+([0-9]+)(\s+).*up.*[0-9]/ $1$2up REMOVED/i; Tweak and adjust it to your liking depending on what you want the output line to be transformed into. You don't need much perl-fu for this, you do however need quite a bit of regex-fu. The Llama Book (google it) has very good perl regex tutorials at just the right level to get you going. Alan -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Wed Jul 8 14:07:52 2015 From: heas at shrubbery.net (Calgon) Date: Wed, 8 Jul 2015 14:07:52 +0000 Subject: [rancid] Missed cmd(s): all commands / clogin error: Error: extra characters after close-brace In-Reply-To: References: <20150707232832.GD74274@shrubbery.net> Message-ID: <20150708140752.GB12820@shrubbery.net> Wed, Jul 08, 2015 at 01:39:09PM +0000, Hart, Benjamin: > Actually no, the script did not. Clogin x.x.x.x gave the same error. I got fed up though and created a new .cloginrc file late last night and this file works. But what's weird is that I even went through the original file and removed every single line of the sample info to where all that was left was my entries, but still error'd out. you can try the attached clogin; i've added [-m|M] to help finding errors/matches. -------------- next part -------------- #! /usr/local/bin/expect -- ## ## $Id: clogin.in 3115 2015-05-13 12:55:56Z heas $ ## ## rancid 3.2.99 ## Copyright (c) 1997-2015 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. ## ## It is the request of the authors, but not a condition of license, that ## parties packaging or redistributing RANCID NOT distribute altered versions ## of the etc/rancid.types.base file nor alter how this file is processed nor ## when in relation to etc/rancid.types.conf. The goal of this is to help ## suppress our support costs. If it becomes a problem, this could become a ## condition of license. # # The expect login scripts were based on Erik Sherk's gwtn, by permission. # # The original looking glass software was written by Ed Kern, provided by # permission and modified beyond recognition. # # clogin - Cisco login # # Most options are intuitive for logging into a Cisco router. # The default is to enable (thus -noenable). Some folks have # setup tacacs to have a user login at priv-lvl = 15 (enabled) # so the -autoenable flag was added for this case (don't go through # the process of enabling and the prompt will be the "#" prompt. # The default username password is the same as the vty password. # # Sometimes routers take awhile to answer (the default is 10 sec) set timeoutdflt 45 # Some CLIs having problems if we write too fast (Extreme, PIX, Cat) set send_human {.2 .1 .4 .2 1} # env(CLOGIN) may contain: # x == do not set xterm banner or name # Find the user in the ENV, or use the unix userid. if {[info exists env(CISCO_USER)]} { set default_user $env(CISCO_USER) } elseif {[info exists env(USER)]} { set default_user $env(USER) } elseif {[info exists env(LOGNAME)]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [catch {exec id} reason] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[info exists env(CLOGINRC)]} { set password_file $env(CLOGINRC) } # Usage line set usage "Usage: $argv0 \[-dhSV\] \[-m|M\] \[-autoenable\] \[-noenable\] \ \[-c command\] \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \ \[-p user-password\] \[-r passphrase\] \[-s script-file\] \[-t timeout\] \ \[-u username\] \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # Save config, if prompted set do_saveconfig 0 # cloginrc debugging knob set do_cloginrcdbg 0 # intialize cloginrc parsing stacks set int_file {} set int_lineno {} # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Expect debug mode -d* { exp_internal 1 # Help } -h* { send_user "$usage" exit 0 # Command to run. } -c* { if {! [regexp .\[cC\](.+) $arg ignore command]} { incr i set command [lindex $argv $i] } set do_command 1 # Environment variable to pass to -s scripts } -E* { if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # alternate cloginrc file } -f* { if {! [regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [lindex $argv $i] } # VTY Password } -p* { if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [lindex $argv $i] } set do_passwd 0 # cloginrc debugging knobs } -m* { set do_cloginrcdbg 1 } -M* { set do_cloginrcdbg 2 # ssh passphrase } -r* { if {! [regexp .\[rR\](.+) $arg ignore passphrase]} { incr i set avpassphrase [lindex $argv $i] } # Expect script to run. } -s* { if {! [regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [lindex $argv $i] } if { ! [file readable $sfile] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # save config on exit } -S* { set do_saveconfig 1 # Timeout } -t* { if {! [regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeoutdflt [lindex $argv $i] } # Username } -u* { if {! [regexp .\[uU\](.+) $arg ignore user]} { incr i set username [lindex $argv $i] } # VTY Password } -v* { # some scripts ignore -v, like jlogin if {! [regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [lindex $argv $i] } set do_passwd 0 # Version string } -V* { send_user "@PACKAGE@ @VERSION@\n" exit 0 # Enable Username } -w* { if {! [regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [lindex $argv $i] } # Enable Password } -e* { if {! [regexp .\[e\](.+) $arg ignore enapasswd]} { incr i set enapasswd [lindex $argv $i] } set do_enapasswd 0 # 'ssh -c' cypher type } -y* { if {! [regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [lindex $argv $i] } # Command file } -x* { if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [lindex $argv $i] } if [catch {set cmd_fd [open $cmd_file r]} reason] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_file int_lineno int_$var set file [lindex $int_file 0] set lineno [lindex $int_lineno 0] lappend int_$var "$var:$file:$lineno: $args" } proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [regexp "^/" $args ignore] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { global do_cloginrcdbg upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match -nocase [lindex $line 1] $router] } { if { $do_cloginrcdbg > 0 } { send_error -- [join [list [lindex $line 0] [lindex $line 1 end] "\r\n"]] } if { $do_cloginrcdbg == 2 } { # save return value if {! [info exists result]} { set result [lrange $line 2 end] } } else { return [lrange $line 2 end] } } } } if { $do_cloginrcdbg == 2 } { if {[info exists result]} { return $result } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { file } { global env int_file int_lineno if { ! [file exists $file] } { send_user "\nError: password file ($file) does not exist\n" exit 1 } file stat $file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $file must not be world readable/writable\n" exit 1 } if [catch {set fd [open $file "r"]} reason] { send_user "\nError: $reason\n" exit 1 } set int_file [linsert $int_file 0 $file] set int_lineno [linsert $int_lineno 0 0] while { [gets $fd line] >= 0 } { set tmp [lindex $int_lineno 0]; incr tmp lset int_lineno 0 $tmp eval $line } set int_file [lrange $int_file 1 end] set int_lineno [lrange $int_lineno 1 end] close $fd } # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { global command spawn_id in_proc do_command do_script platform passphrase global prompt prompt_match u_prompt p_prompt e_prompt sshcmd set in_proc 1 set uprompt_seen 0 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog methcmd suffix port if {"$port" == ""} { set retval [catch {spawn telnet $router} reason] } else { set retval [catch {spawn telnet $router $port} reason] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif [string match "ssh*" $prog] { # ssh to the router & try to login with or without an identfile. regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port set cmd $sshcmd if {"$port" != ""} { set cmd "$cmd -p $port" } if {"$identfile" != ""} { set cmd "$cmd -i $identfile" } set retval [catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason] if { $retval } { send_user "\nError: $cmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { if { ! $do_command } { if { [llength $cmethod] == 1 } { send_user "\nError: rsh is an invalid method for -x and " send_user "interactive logins\n" } if { $progs == 0 } { return 1 } continue; } # handle escaped ;s in commands, and ;; and ^; regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand regsub {^;} $esccommand "\u002;" command set sep "\\1\u001" regsub -all {([^\\])\;} $command "$sep" esccommand set sep "\u001" set commands [split $esccommand $sep] set num_commands [llength $commands] set rshfail 0 for {set i 0} {$i < $num_commands && !$rshfail} { incr i} { log_user 0 set retval [catch {spawn rsh $user@$router [lindex $commands $i] } reason] if { $retval } { send_user "\nError: rsh failed: $reason\n" log_user 1; return 1 } send_user "$router# [lindex $commands $i]\n" # rcmd does not get a pager and no prompts, so we just have to # look for failures & lines. expect { "Connection refused" { catch {close}; catch {wait}; send_user "\nError: Connection\ Refused ($prog): $router\n" set rshfail 1 } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; catch {wait}; send_user "\nError: Connection\ closed ($prog): $router\n" set rshfail 1 } "Host is unreachable" { catch {close}; catch {wait}; send_user "\nError: Host Unreachable:\ $router\n" set rshfail 1 } "No address associated with" { catch {close}; catch {wait}; send_user "\nError: Unknown host\ $router\n" set rshfail 1 } -re "\b+" { exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } timeout { catch {close}; catch {wait}; send_user "\nError: TIMEOUT reached\n" set rshfail 1 } eof { catch {close}; catch {wait}; } } log_user 1 } if { $rshfail } { if { !$progs } { return 1 } else { continue } } # fake the end of the session for rancid. send_user "$router# exit\n" # return rsh "success" return -1 } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "^<-+ More -+>\[^\n\r]*" { # ASA will use the pager for long banners send " "; exp_continue } -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } "Host is unreachable" { send_user "\nError: Host Unreachable: $router\n"; catch {close}; catch {wait}; return 1 } "No address associated with name" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } -re "(Host key not found |The authenticity of host .* be established).* \$yes/no\$\\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \$yes/no\$\\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "HOST IDENTIFICATION HAS CHANGED\[^\n\r]+" { send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \$yes/no\$\\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "(denied|Sorry)" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "Login failed" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } -re "% (Bad passwords|Authentication failed)" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "Press any key to continue" { # send_user "Pressing the ANY key\n" send "\r" exp_continue } -re "Enter Selection: " { # Catalyst 1900s have some lame menu. Enter # K to reach a command-line. send "K\r" exp_continue } -re "Last login:" { exp_continue } -re "Press the key \[^\r\n]+\[\r\n]+" { exp_continue } -re "@\[^\r\n]+ $p_prompt" { # ssh pwd prompt sleep 1 send -- "$userpswd\r" exp_continue } -re "Enter passphrase.*: " { # sleep briefly to allow time for stty -echo sleep .3 send -- "$passphrase\r" exp_continue } -re "$u_prompt" { send -- "$user\r" set uprompt_seen 1 exp_continue } -re "$p_prompt" { sleep 1 if {$uprompt_seen == 1} { send -- "$userpswd\r" } else { send -- "$passwd\r" } exp_continue } -re "$prompt" { set prompt_match $expect_out(0,string); break; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; catch {close}; catch {wait}; return 1 } -re "\[^\r\n]*\[\r\n]+" { exp_continue; } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global do_saveconfig in_proc global prompt u_prompt e_prompt enacmd set in_proc 1 send "$enacmd\r" expect { -re "$u_prompt" { send -- "$enauser\r"; exp_continue} -re "$e_prompt" { send -- "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> \$enable\$ " } "% Invalid input" { send_user "\nError: Unrecognized command, check your enable command\n"; return 1 } -re "(denied|Sorry|Incorrect)" { # % Access denied - from local auth and poss. others send_user "\nError: Check your Enable passwd\n"; return 1 } "% Error in authentication" { send_user "\nError: Check your Enable passwd\n" return 1 } "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global do_saveconfig in_proc platform set in_proc 1 if { [string compare "extreme" "$platform"] } { # match cisco config mode prompts too, such as router(config-if)#, # but catalyst does not change in this fashion. regsub -lineanchor -- {^(.{1,11}).*([#>])$} $prompt {\1} reprompt regsub -all -- {[\\]$} $reprompt {} reprompt append reprompt {([^#>\r\n]+)?[#>](\$[^)\\r\\n]+\$)?} } else { set reprompt $prompt } # this is the only way i see to get rid of more prompts in o/p..grrrrr log_user 0 # handle escaped ;s in commands, and ;; and ^; regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand regsub {^;} $esccommand "\u002;" command set sep "\\1\u001" regsub -all {([^\\]);} $command "$sep" esccommand set sep "\u001" set commands [split $esccommand $sep] set num_commands [llength $commands] # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. the extreme is equally obnoxious in pre-12.3 XOS, # with a global switch in the config. for {set i 0} {$i < $num_commands} { incr i} { if { [lindex $commands $i] == "\u002" } { send -- "\r" } else { send -- "[subst -nocommands [lindex $commands $i]]\r" } expect { -re "^\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "^--More--\[\r\n]+" { # specific match c1900 pager send " " exp_continue } -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " # bloody ^[[2K after " " expect { -re "^\[^\r\n]*\r" {} } exp_continue } -re "^ *--More--\[^\n\r]*" { send " " exp_continue } -re "^<-+ More -+>\[^\n\r]*" { send_user -- "$expect_out(buffer)" send " " exp_continue } } } log_user 1 if { [string compare "extreme" "$platform"] } { send -h "exit\r" } else { send -h "quit\r" } expect { -re "^\[^\n\r *]*$reprompt" { # the Cisco CE and Jnx ERX # return to non-enabled mode # on exit in enabled mode. send -h "exit\r" exp_continue; } "The system has unsaved changes" { # Force10 SFTOS if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } "Would you like to save them now" { # Force10 if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } -re "(Profile|Configuration) changes have occurred.*" { # Cisco CSS if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } "Do you wish to save your configuration changes" { if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } -re "\[\n\r]+" { exp_continue } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 set exitval 0 set prompt_match "" foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user -- "$router\n" # device timeout set timeout [find timeout $router] if { [llength $timeout] == 0 } { set timeout $timeoutdflt } # Default prompt. set prompt [join [find prompt $router] ""] if { [llength $prompt] == 0 } { set prompt "(>|#| \$enable\$)" } # look for autoenable option in .cloginrc & cmd-line set ae [find autoenable $router] if { "$ae" == "1" || $avautoenable } { set autoenable 1 } else { set autoenable 0 } # look for enable options in .cloginrc & cmd-line if { $avenable == 0 } { set enable 0 } else { set ne [find noenable $router] if { "$ne" == "1" || "$autoenable" == "1" } { set enable 0 } else { set enable 1 } } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user -- "\nError: no password for $router in $password_file.\n" continue } if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user -- "\nError: no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } else { set passwd $userpasswd set enapasswd $enapasswd } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] if { "$enauser" == "" } { set enauser $ruser } } # Figure out enable command set enacmd [join [find enablecmd $router] ""] if { "$enacmd" == "" } { set enacmd "enable" } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(\[Uu]sername|Login|login|user name|User):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+):" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } else { set e_prompt [join [lindex $e_prompt 0] ""] } # Figure out identity file to use set identfile [join [lindex [find identity $router] 0] ""] # Figure out passphrase to use if {[info exists avpassphrase]} { set passphrase $avpassphrase } else { set passphrase [join [lindex [find passphrase $router] 0] ""] } if { ! [string length "$passphrase"]} { set passphrase $passwd } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [join [lindex [find sshcmd $router] 0] ""] if { "$sshcmd" == "" } { set sshcmd {ssh} } # if [-mM], skip do not login if { $do_cloginrcdbg > 0 } { continue; } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { incr exitval # if login failed or rsh was unsuccessful, move on to the next device continue } # Figure out the prompt. if { [regexp -- "(#| \$enable\$)" $prompt_match junk] == 1 } { set enable 0 } if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { incr exitval catch {close}; catch {wait}; continue } } } # we are logged in, now figure out the full prompt send "\r" regsub -all {^(\^*)(.*)} $prompt {\2} reprompt expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+\[:.])1 ($reprompt)" { # stoopid extreme cmd-line numbers and # prompt based on state of config changes, # which may have an * at the beginning. set junk $expect_out(1,string) regsub -all "^\\\* " $expect_out(1,string) {} junk regsub -all "\[\]\[]" $junk {\\&} junk; set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"; set platform "extreme" } -re "^.+$reprompt" { set junk $expect_out(0,string); regsub -all "\[\]\[+]" $junk {\\&} prompt; } } if { $do_command || $do_script } { if { [string compare "extreme" "$platform"] } { # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "terminal length 0". if [regexp -- ".*> .*enable" "$prompt"] { send "set length 0\r" expect -re $prompt {} send "set width 132\r" expect -re $prompt {} send "set logging session disable\r" } else { send "terminal length 0\r" expect -re $prompt {} send "terminal width 132\r" } expect -re $prompt {} } else { send "disable clipaging\r" expect -re $prompt {} } } if { $do_command } { if {[run_commands $prompt $command]} { incr exitval continue } } elseif { $do_script } { source $sfile catch {close}; } else { label $router log_user 1 interact } # End of for each router catch {wait}; sleep 0.3 } exit $exitval From bhart at unifiedbrands.net Wed Jul 8 13:39:09 2015 From: bhart at unifiedbrands.net (Hart, Benjamin) Date: Wed, 8 Jul 2015 13:39:09 +0000 Subject: [rancid] Missed cmd(s): all commands / clogin error: Error: extra characters after close-brace In-Reply-To: <20150707232832.GD74274@shrubbery.net> References: <20150707232832.GD74274@shrubbery.net> Message-ID: Actually no, the script did not. Clogin x.x.x.x gave the same error. I got fed up though and created a new .cloginrc file late last night and this file works. But what's weird is that I even went through the original file and removed every single line of the sample info to where all that was left was my entries, but still error'd out. -----Original Message----- From: Calgon [mailto:heas at shrubbery.net] Sent: Tuesday, July 7, 2015 7:29 PM To: Hart, Benjamin Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Missed cmd(s): all commands / clogin error: Error: extra characters after close-brace Tue, Jul 07, 2015 at 05:41:19PM +0000, Hart, Benjamin: > I have searched and I know the usual cause for this.. but my cloginrc file seriously has all the proper close-braces, see below: > > > > Add password x.x.x.x {[password]} {[password]} > Add user x.x.x.x {admin} > Add method x.x.x.x {ssh} > > Add password x.x.x.x {[password]} {[password]} > Add user x.x.x.x {root} > Add method x.x.x.x {telnet} > > The two specific IP's stated in the log file is seriously, and 100% triple verified to only have the text above. Yes my passwords include a bracket which worked for the initial diff polling. My issue today is that I made changes to a single switch, those changes were not polled by rancid. Only the initial 'new router' entry is seen. No config changes have been done to the rancid server either. No security changes have been done to the switches either. > > Did the syntax for the .cloginrc file change? Hell in the examples it shows how the user and method values are not wrapped in braces however after testing that by removing the braces around mine I still get the same error. > > Calgon, take me away. The first two questions will always be: does the login scripts work for an interactive login to the device? if yes, then does a command (-c) work. From alan.mckinnon at gmail.com Wed Jul 8 16:05:02 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 8 Jul 2015 18:05:02 +0200 Subject: [rancid] Missed cmd(s): all commands / clogin error: Error: extra characters after close-brace In-Reply-To: References: <20150707232832.GD74274@shrubbery.net> Message-ID: <559D4A2E.3040802@gmail.com> On 08/07/2015 15:39, Hart, Benjamin wrote: > Actually no, the script did not. Clogin x.x.x.x gave the same error. I got fed up though and created a new .cloginrc file late last night and this file works. But what's weird is that I even went through the original file and removed every single line of the sample info to where all that was left was my entries, but still error'd out. I had that once where someone edited .cloginrc with an unusual editor. It added ^M at end-of-line which aren't normally visible in vim but can be seen with less. Might be worth checking out. > > -----Original Message----- > From: Calgon [mailto:heas at shrubbery.net] > Sent: Tuesday, July 7, 2015 7:29 PM > To: Hart, Benjamin > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Missed cmd(s): all commands / clogin error: Error: extra characters after close-brace > > Tue, Jul 07, 2015 at 05:41:19PM +0000, Hart, Benjamin: >> I have searched and I know the usual cause for this.. but my cloginrc file seriously has all the proper close-braces, see below: >> >> >> >> Add password x.x.x.x {[password]} {[password]} >> Add user x.x.x.x {admin} >> Add method x.x.x.x {ssh} >> >> Add password x.x.x.x {[password]} {[password]} >> Add user x.x.x.x {root} >> Add method x.x.x.x {telnet} >> >> The two specific IP's stated in the log file is seriously, and 100% triple verified to only have the text above. Yes my passwords include a bracket which worked for the initial diff polling. My issue today is that I made changes to a single switch, those changes were not polled by rancid. Only the initial 'new router' entry is seen. No config changes have been done to the rancid server either. No security changes have been done to the switches either. >> >> Did the syntax for the .cloginrc file change? Hell in the examples it shows how the user and method values are not wrapped in braces however after testing that by removing the braces around mine I still get the same error. >> >> Calgon, take me away. > > The first two questions will always be: does the login scripts work for an interactive login to the device? if yes, then does a command (-c) work. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From matta at surveymonkey.com Wed Jul 8 16:21:09 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Wed, 8 Jul 2015 16:21:09 +0000 Subject: [rancid] How to remove fan speed from f5rancid output? In-Reply-To: <559CCD3D.3030302@gmail.com> References: <559CCD3D.3030302@gmail.com> Message-ID: Thanks Alan for the tip. I used regexr.com to help with this. Man, I wish this site was around 10 years ago when I was writing regexps on a daily basis. I had forgotten most of it. This looks like it will work just fine: s/^\ \ ([0-9]+)(\ +)(.*up.*)\ +([0-9]+) /$1$2$3REMOVEDRPM/i; Thanks, Matt From: Alan McKinnon > Date: Wednesday, July 8, 2015 at 12:11 AM To: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] How to remove fan speed from f5rancid output? On 08/07/2015 01:14, Matt Almgren wrote: Well, I had thought I had fixed this, but it was just not running for our f5s for a while. Oopps. Anyway, my perl-fu isn?t very good. Can someone quickly tell me what I need to change in this code to remove the fan speed(rpm) values from the output below: ## $Id: f5rancid.in 2279 2011-01-31 22:41:00Z heas $ sub ShowHardware { print STDERR " In ShowHardware: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); s/\d+rpm//ig; s/^\|//; s/^\ \ ([0-9]+)(\ +).*up.*[0-9]/ $1$2up REMOVED/i; ^^^^ ^^ This is the code that is intended to do what you want. But there's no need to escape the spaces in that regex. Replace with literal spaces, or preferrably \s for any whitespace: s/^\s+([0-9]+)(\s+).*up.*[0-9]/ $1$2up REMOVED/i; Tweak and adjust it to your liking depending on what you want the output line to be transformed into. You don't need much perl-fu for this, you do however need quite a bit of regex-fu. The Llama Book (google it) has very good perl regex tutorials at just the right level to get you going. Alan -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From electric at multihost.no Thu Jul 9 14:08:24 2015 From: electric at multihost.no (Fredrik Lund) Date: Thu, 09 Jul 2015 16:08:24 +0200 Subject: [rancid] =?utf-8?q?Autodiscovery_using_CLOGIN=3F?= Message-ID: <45598b436249be2632ee3fb0a88f59a7@multihost.no> Hi Is there a way to get clogin to auto discovery a whole ip range? Lets say I have 10.1.1.0/24 is there a way to set router.db to discover new nodes? Or do i have to manually enter every node i want to backup? From alan.mckinnon at gmail.com Thu Jul 9 14:29:33 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 9 Jul 2015 16:29:33 +0200 Subject: [rancid] Autodiscovery using CLOGIN? In-Reply-To: <45598b436249be2632ee3fb0a88f59a7@multihost.no> References: <45598b436249be2632ee3fb0a88f59a7@multihost.no> Message-ID: <559E854D.30102@gmail.com> On 09/07/2015 16:08, Fredrik Lund wrote: > Hi > > Is there a way to get clogin to auto discovery a whole ip range? no > Lets say I have 10.1.1.0/24 is there a way to set router.db to discover > new nodes? no > > Or do i have to manually enter every node i want to backup? yes If you want discovery to happen, you'll have to write your own separate program to do it and generate new router.db files. -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Thu Jul 9 15:59:37 2015 From: heas at shrubbery.net (heasley) Date: Thu, 9 Jul 2015 15:59:37 +0000 Subject: [rancid] Autodiscovery using CLOGIN? In-Reply-To: <559E854D.30102@gmail.com> References: <45598b436249be2632ee3fb0a88f59a7@multihost.no> <559E854D.30102@gmail.com> Message-ID: <20150709155937.GA82719@shrubbery.net> Thu, Jul 09, 2015 at 04:29:33PM +0200, Alan McKinnon: > On 09/07/2015 16:08, Fredrik Lund wrote: > > Hi > > > > Is there a way to get clogin to auto discovery a whole ip range? > > no > > > Lets say I have 10.1.1.0/24 is there a way to set router.db to discover > > new nodes? > > no > > > > > Or do i have to manually enter every node i want to backup? > > yes > > > If you want discovery to happen, you'll have to write your own separate > program to do it and generate new router.db files. one could may be able to use nmap to do this. From gmourani at gmail.com Thu Jul 9 20:22:33 2015 From: gmourani at gmail.com (Gerhard Mourani) Date: Thu, 9 Jul 2015 16:22:33 -0400 Subject: [rancid] Cisco Small Business and Rancid 3.2 Message-ID: <6ADD0939-EE79-4A3F-AA55-B7E37532C7CC@gmail.com> Hello List, I?ve a problem to make Rancid 3.2 work with Cisco Small Business. I?ve started to use scripts available at this link -> http://www.itnotes.eu/?p=407 1) I?ve started to add the following lines into the /etc/rancid.types.conf file. cisco-sb;script;csbrancid cisco-sb;login;csblogin 2) Then added cisco-sb inside my /etc/rancid.conf file. 3) Created the /var/lib/rancid/cisco-sb directory with all required files by running the ?rancid-cvs? command. 4) And finally executing as rancid user the > rancid-run cisco-sb command. Here is my error reported inside rancid log file. exec(csbrancid) failed router manufacturer cisco-sb: No such file or directory Someone know what to do to fix this with Rancid 3.2 ? Gerhard, From grungelizard9 at hotmail.com Fri Jul 10 09:03:41 2015 From: grungelizard9 at hotmail.com (Daniel Shields) Date: Fri, 10 Jul 2015 05:03:41 -0400 Subject: [rancid] Cisco Small Business and Rancid 3.2 Message-ID: Hey Gerhard, You need to change the ; to : in rancid. conf. Sent via the Samsung GALAXY S?4, an AT&T 4G LTE smartphone -------- Original message -------- From: Gerhard Mourani Date: 07/09/2015 16:45 (GMT-05:00) To: rancid-discuss at shrubbery.net Subject: [rancid] Cisco Small Business and Rancid 3.2 Hello List, I?ve a problem to make Rancid 3.2 work with Cisco Small Business. I?ve started to use scripts available at this link -> http://www.itnotes.eu/?p=407 1) I?ve started to add the following lines into the /etc/rancid.types.conf file. cisco-sb;script;csbrancid cisco-sb;login;csblogin 2) Then added cisco-sb inside my /etc/rancid.conf file. 3) Created the /var/lib/rancid/cisco-sb directory with all required files by running the ?rancid-cvs? command. 4) And finally executing as rancid user the > rancid-run cisco-sb command. Here is my error reported inside rancid log file. exec(csbrancid) failed router manufacturer cisco-sb: No such file or directory Someone know what to do to fix this with Rancid 3.2 ? Gerhard, _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmourani at gmail.com Fri Jul 10 12:38:01 2015 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 10 Jul 2015 08:38:01 -0400 Subject: [rancid] Cisco Small Business and Rancid 3.2 In-Reply-To: References: Message-ID: Hello Daniel, Thanks for the reply. I?ve tried what you recommended without success, it returns "unknown router manufacturer?, seem to be something else. > On Jul 10, 2015, at 5:03 AM, Daniel Shields wrote: > > Hey Gerhard, > > You need to change the ; to : in rancid. conf. > > > > Sent via the Samsung GALAXY S?4, an AT&T 4G LTE smartphone > > > -------- Original message -------- > From: Gerhard Mourani > Date: 07/09/2015 16:45 (GMT-05:00) > To: rancid-discuss at shrubbery.net > Subject: [rancid] Cisco Small Business and Rancid 3.2 > > Hello List, > > I?ve a problem to make Rancid 3.2 work with Cisco Small Business. I?ve started to use scripts available at this link -> http://www.itnotes.eu/?p=407 > > 1) I?ve started to add the following lines into the /etc/rancid.types.conf file. > > cisco-sb;script;csbrancid > cisco-sb;login;csblogin > > 2) Then added cisco-sb inside my /etc/rancid.conf file. > > 3) Created the /var/lib/rancid/cisco-sb directory with all required files by running the ?rancid-cvs? command. > > 4) And finally executing as rancid user the > rancid-run cisco-sb command. > > Here is my error reported inside rancid log file. > > exec(csbrancid) failed router manufacturer cisco-sb: No such file or directory > > Someone know what to do to fix this with Rancid 3.2 ? > > Gerhard, > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick.nauwelaerts at aquafin.be Fri Jul 10 14:07:54 2015 From: nick.nauwelaerts at aquafin.be (Nick Nauwelaerts) Date: Fri, 10 Jul 2015 14:07:54 +0000 Subject: [rancid] Cisco Small Business and Rancid 3.2 In-Reply-To: References:

Message-ID: <361E14917FBECC43A4359C9B977FC4DB11EA482B@MBX2.aquafinad.aquafin.be> i'm guessing you placed the csblogin & csbrancid in a place thats not inside the $PATH specified in rancid.conf. what's your current PATH setting in rancid.conf? // nick From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gerhard Mourani Sent: Friday, July 10, 2015 14:38 To: Daniel Shields Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Cisco Small Business and Rancid 3.2 Hello Daniel, Thanks for the reply. I?ve tried what you recommended without success, it returns "unknown router manufacturer?, seem to be something else. On Jul 10, 2015, at 5:03 AM, Daniel Shields wrote: Hey Gerhard, You need to change the ; to : in rancid. conf. Sent via the Samsung GALAXY S?4, an AT&T 4G LTE smartphone -------- Original message -------- From: Gerhard Mourani Date: 07/09/2015 16:45 (GMT-05:00) To: rancid-discuss at shrubbery.net Subject: [rancid] Cisco Small Business and Rancid 3.2 Hello List, I?ve a problem to make Rancid 3.2 work with Cisco Small Business. I?ve started to use scripts available at this link -> http://www.itnotes.eu/?p=407 1) I?ve started to add the following lines into the /etc/rancid.types.conf file. cisco-sb;script;csbrancid cisco-sb;login;csblogin 2) Then added cisco-sb inside my /etc/rancid.conf file. 3) Created the /var/lib/rancid/cisco-sb directory with all required files by running the ?rancid-cvs? command. 4) And finally executing as rancid user the > rancid-run cisco-sb command. Here is my error reported inside rancid log file. exec(csbrancid) failed router manufacturer cisco-sb: No such file or directory Someone know what to do to fix this with Rancid 3.2 ? Gerhard, _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss ________________________________ Volg Aquafin op Facebook | Twitter | YouTube | LinkedIN Disclaimer: zie www.aquafin.be P Denk aan het milieu. Druk deze mail niet onnodig af. [http://www.aquafin.be/images/content/email/bigjump2015.jpg] From gmourani at gmail.com Fri Jul 10 14:18:54 2015 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 10 Jul 2015 10:18:54 -0400 Subject: [rancid] Cisco Small Business and Rancid 3.2 In-Reply-To: <361E14917FBECC43A4359C9B977FC4DB11EA482B@MBX2.aquafinad.aquafin.be> References:

<361E14917FBECC43A4359C9B977FC4DB11EA482B@MBX2.aquafinad.aquafin.be> Message-ID: <45612F2C-A03F-4763-8D5B-2BCDFCDE6685@gmail.com> PATH=/usr/bin:/usr/sbin:/bin:.:/usr/local/bin; export PATH csblogin & csbrancid are located under /usr/bin I think the problem comes from the csbrancid script which seem to be incompatible with Rancid 3.2. Here the output when you manually run the script: /usr/bin/csbrancid 192.168.1.65 Name "main::opt_l" used only once: possible typo at /usr/bin/csbrancid line 55. Name "main::logincmd" used only once: possible typo at /usr/bin/csbrancid line 396. Name "main::opt_d" used only once: possible typo at /usr/bin/csbrancid line 56. Name "main::opt_f" used only once: possible typo at /usr/bin/csbrancid line 57. Name "main::opt_V" used only once: possible typo at /usr/bin/csbrancid line 51. Use of uninitialized value $ENV{"ACLSORT"} in pattern match (m//) at /usr/bin/csbrancid line 334. Use of uninitialized value $ENV{"FILTER_PWDS"} in pattern match (m//) at /usr/bin/csbrancid line 345. Use of uninitialized value $ENV{"FILTER_PWDS"} in pattern match (m//) at /usr/bin/csbrancid line 347. Use of uninitialized value $hist_tag in string ne at /usr/bin/csbrancid line 74. Use of uninitialized value $command in string ne at /usr/bin/csbrancid line 74. ": no such file or directory 192.168.1.65: missed cmd(s): show version,show system,show startup-config 192.168.1.65: End of run not found Gerhard, > On Jul 10, 2015, at 10:07 AM, Nick Nauwelaerts wrote: > > i'm guessing you placed the csblogin & csbrancid in a place thats not inside the $PATH specified in rancid.conf. > > what's your current PATH setting in rancid.conf? > > > > // nick > > > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gerhard Mourani > Sent: Friday, July 10, 2015 14:38 > To: Daniel Shields > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Cisco Small Business and Rancid 3.2 > > Hello Daniel, > > Thanks for the reply. I?ve tried what you recommended without success, it returns "unknown router manufacturer?, seem to be something else. > > On Jul 10, 2015, at 5:03 AM, Daniel Shields wrote: > > Hey Gerhard, > > You need to change the ; to : in rancid. conf. > > > > Sent via the Samsung GALAXY S?4, an AT&T 4G LTE smartphone > > > -------- Original message -------- > From: Gerhard Mourani > Date: 07/09/2015 16:45 (GMT-05:00) > To: rancid-discuss at shrubbery.net > Subject: [rancid] Cisco Small Business and Rancid 3.2 > Hello List, > > I?ve a problem to make Rancid 3.2 work with Cisco Small Business. I?ve started to use scripts available at this link -> http://www.itnotes.eu/?p=407 > > 1) I?ve started to add the following lines into the /etc/rancid.types.conf file. > > cisco-sb;script;csbrancid > cisco-sb;login;csblogin > > 2) Then added cisco-sb inside my /etc/rancid.conf file. > > 3) Created the /var/lib/rancid/cisco-sb directory with all required files by running the ?rancid-cvs? command. > > 4) And finally executing as rancid user the > rancid-run cisco-sb command. > > Here is my error reported inside rancid log file. > > exec(csbrancid) failed router manufacturer cisco-sb: No such file or directory > > Someone know what to do to fix this with Rancid 3.2 ? > > Gerhard, > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > ________________________________ > > Volg Aquafin op Facebook | Twitter | YouTube | LinkedIN > > Disclaimer: zie www.aquafin.be P Denk aan het milieu. Druk deze mail niet onnodig af. > > [http://www.aquafin.be/images/content/email/bigjump2015.jpg] From nick.nauwelaerts at aquafin.be Fri Jul 10 14:56:00 2015 From: nick.nauwelaerts at aquafin.be (Nick Nauwelaerts) Date: Fri, 10 Jul 2015 14:56:00 +0000 Subject: [rancid] Cisco Small Business and Rancid 3.2 In-Reply-To: <45612F2C-A03F-4763-8D5B-2BCDFCDE6685@gmail.com> References:

<361E14917FBECC43A4359C9B977FC4DB11EA482B@MBX2.aquafinad.aquafin.be> <45612F2C-A03F-4763-8D5B-2BCDFCDE6685@gmail.com> Message-ID: <361E14917FBECC43A4359C9B977FC4DB11EA48EB@MBX2.aquafinad.aquafin.be> well, it's working for me with rancid 3.2. i have version 2.3.2a8 running but it also seems to work the the version from itnotes.eu. what does it say if you run with your switch: csbrancid -d 10.91.6.200 mine gives a decent: executing csblogin -t 90 -c"show system;show version;show startup-config" 10.91.6.200 HIT COMMAND:cisco302-Olsene#show system In ShowSystem: cisco302-Olsene#show system HIT COMMAND:cisco302-Olsene#show version In ShowVersion: cisco302-Olsene#show version HIT COMMAND:cisco302-Olsene#show startup-config In ShowStartupConfig: cisco302-Olsene#show startup-config 10.91.6.200: found exit i think it's just a type somewhere or some missing env variables. any idea where the error: ": no such file or directory comes from? thats most likely a good indicator. and if you havent reverted it yet, dont forget to use ";" with rancid 3.2 in rancid.types.conf // nick -----Original Message----- From: Gerhard Mourani [mailto:gmourani at gmail.com] Sent: Friday, July 10, 2015 16:19 To: Nick Nauwelaerts Cc: Daniel Shields; rancid-discuss at shrubbery.net Subject: Re: [rancid] Cisco Small Business and Rancid 3.2 PATH=/usr/bin:/usr/sbin:/bin:.:/usr/local/bin; export PATH csblogin & csbrancid are located under /usr/bin I think the problem comes from the csbrancid script which seem to be incompatible with Rancid 3.2. Here the output when you manually run the script: /usr/bin/csbrancid 192.168.1.65 Name "main::opt_l" used only once: possible typo at /usr/bin/csbrancid line 55. Name "main::logincmd" used only once: possible typo at /usr/bin/csbrancid line 396. Name "main::opt_d" used only once: possible typo at /usr/bin/csbrancid line 56. Name "main::opt_f" used only once: possible typo at /usr/bin/csbrancid line 57. Name "main::opt_V" used only once: possible typo at /usr/bin/csbrancid line 51. Use of uninitialized value $ENV{"ACLSORT"} in pattern match (m//) at /usr/bin/csbrancid line 334. Use of uninitialized value $ENV{"FILTER_PWDS"} in pattern match (m//) at /usr/bin/csbrancid line 345. Use of uninitialized value $ENV{"FILTER_PWDS"} in pattern match (m//) at /usr/bin/csbrancid line 347. Use of uninitialized value $hist_tag in string ne at /usr/bin/csbrancid line 74. Use of uninitialized value $command in string ne at /usr/bin/csbrancid line 74. ": no such file or directory 192.168.1.65: missed cmd(s): show version,show system,show startup-config 192.168.1.65: End of run not found Gerhard, > On Jul 10, 2015, at 10:07 AM, Nick Nauwelaerts wrote: > > i'm guessing you placed the csblogin & csbrancid in a place thats not inside the $PATH specified in rancid.conf. > > what's your current PATH setting in rancid.conf? > > > > // nick > > > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gerhard Mourani > Sent: Friday, July 10, 2015 14:38 > To: Daniel Shields > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Cisco Small Business and Rancid 3.2 > > Hello Daniel, > > Thanks for the reply. I?ve tried what you recommended without success, it returns "unknown router manufacturer?, seem to be something else. > > On Jul 10, 2015, at 5:03 AM, Daniel Shields wrote: > > Hey Gerhard, > > You need to change the ; to : in rancid. conf. > > > > Sent via the Samsung GALAXY S?4, an AT&T 4G LTE smartphone > > > -------- Original message -------- > From: Gerhard Mourani > Date: 07/09/2015 16:45 (GMT-05:00) > To: rancid-discuss at shrubbery.net > Subject: [rancid] Cisco Small Business and Rancid 3.2 > Hello List, > > I?ve a problem to make Rancid 3.2 work with Cisco Small Business. I?ve started to use scripts available at this link -> http://www.itnotes.eu/?p=407 > > 1) I?ve started to add the following lines into the /etc/rancid.types.conf file. > > cisco-sb;script;csbrancid > cisco-sb;login;csblogin > > 2) Then added cisco-sb inside my /etc/rancid.conf file. > > 3) Created the /var/lib/rancid/cisco-sb directory with all required files by running the ?rancid-cvs? command. > > 4) And finally executing as rancid user the > rancid-run cisco-sb command. > > Here is my error reported inside rancid log file. > > exec(csbrancid) failed router manufacturer cisco-sb: No such file or directory > > Someone know what to do to fix this with Rancid 3.2 ? > > Gerhard, > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > ________________________________ > > Volg Aquafin op Facebook | Twitter | YouTube | LinkedIN > > Disclaimer: zie www.aquafin.be P Denk aan het milieu. Druk deze mail niet onnodig af. > > [http://www.aquafin.be/images/content/email/bigjump2015.jpg] From alan.mckinnon at gmail.com Fri Jul 10 16:36:37 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 10 Jul 2015 18:36:37 +0200 Subject: [rancid] Cisco Small Business and Rancid 3.2 In-Reply-To: <361E14917FBECC43A4359C9B977FC4DB11EA48EB@MBX2.aquafinad.aquafin.be> References:

<361E14917FBECC43A4359C9B977FC4DB11EA482B@MBX2.aquafinad.aquafin.be> <45612F2C-A03F-4763-8D5B-2BCDFCDE6685@gmail.com> <361E14917FBECC43A4359C9B977FC4DB11EA48EB@MBX2.aquafinad.aquafin.be> Message-ID: <559FF495.4030508@gmail.com> On 10/07/2015 16:56, Nick Nauwelaerts wrote: > well, it's working for me with rancid 3.2. i have version 2.3.2a8 running but it also seems to work the the version from itnotes.eu. > > what does it say if you run with your switch: > csbrancid -d 10.91.6.200 > > mine gives a decent: > executing csblogin -t 90 -c"show system;show version;show startup-config" 10.91.6.200 > HIT COMMAND:cisco302-Olsene#show system > In ShowSystem: cisco302-Olsene#show system > HIT COMMAND:cisco302-Olsene#show version > In ShowVersion: cisco302-Olsene#show version > HIT COMMAND:cisco302-Olsene#show startup-config > In ShowStartupConfig: cisco302-Olsene#show startup-config > 10.91.6.200: found exit > > > i think it's just a type somewhere or some missing env variables. any idea where the error: > ": no such file or directory > comes from? thats most likely a good indicator. that comes from csblogin run it by itself, you'll see the error printed -- Alan McKinnon alan.mckinnon at gmail.com From gmourani at gmail.com Fri Jul 10 15:36:40 2015 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 10 Jul 2015 11:36:40 -0400 Subject: [rancid] Cisco Small Business and Rancid 3.2 In-Reply-To: <361E14917FBECC43A4359C9B977FC4DB11EA48EB@MBX2.aquafinad.aquafin.be> References:

<361E14917FBECC43A4359C9B977FC4DB11EA482B@MBX2.aquafinad.aquafin.be> <45612F2C-A03F-4763-8D5B-2BCDFCDE6685@gmail.com> <361E14917FBECC43A4359C9B977FC4DB11EA48EB@MBX2.aquafinad.aquafin.be> Message-ID: <0DC6C595-A202-4C06-A483-2BCBA1868C5E@gmail.com> Well good to know that it works with 3.2. Here is the result of my csbrancid -d 192.168.1.65 command: /usr/bin/csbrancid -d 192.168.1.65 Name "main::opt_l" used only once: possible typo at /usr/bin/csbrancid line 55. Name "main::logincmd" used only once: possible typo at /usr/bin/csbrancid line 396. Name "main::opt_d" used only once: possible typo at /usr/bin/csbrancid line 56. Name "main::opt_f" used only once: possible typo at /usr/bin/csbrancid line 57. Name "main::opt_V" used only once: possible typo at /usr/bin/csbrancid line 51. executing csblogin -t 90 -c"show system;show version;show startup-config" 130.1.0.65 Use of uninitialized value $ENV{"ACLSORT"} in pattern match (m//) at /usr/bin/csbrancid line 334. Use of uninitialized value $ENV{"FILTER_PWDS"} in pattern match (m//) at /usr/bin/csbrancid line 345. Use of uninitialized value $ENV{"FILTER_PWDS"} in pattern match (m//) at /usr/bin/csbrancid line 347. Use of uninitialized value $hist_tag in string ne at /usr/bin/csbrancid line 74. Use of uninitialized value $command in string ne at /usr/bin/csbrancid line 74. ": no such file or directory 192.168.1.65: missed cmd(s): show version,show system,show startup-config 192.168.1.65: missed cmd(s): show version,show system,show startup-config 192.168.1.65: End of run not found 192.168.1.65: End of run not found (clean_run=0, found_end=0) ! As you can see the result is the same. > any idea where the error: ": no such file or directory comes from? thats most likely a good indicator. No, I?ve tried to look inside the script but can?t see any reference or indicator to this error. > if you havent reverted it yet, dont forget to use ";" with rancid 3.2 in rancid.types.conf Yes, already reverted to this format :) You referred to a website from where I could download the script but can?t find anything, maybe if you send me your version of the script I can test it and see if I?ve more chance with it? Gerhard, > On Jul 10, 2015, at 10:56 AM, Nick Nauwelaerts wrote: > > well, it's working for me with rancid 3.2. i have version 2.3.2a8 running but it also seems to work the the version from itnotes.eu. > > what does it say if you run with your switch: > csbrancid -d 10.91.6.200 > > mine gives a decent: > executing csblogin -t 90 -c"show system;show version;show startup-config" 10.91.6.200 > HIT COMMAND:cisco302-Olsene#show system > In ShowSystem: cisco302-Olsene#show system > HIT COMMAND:cisco302-Olsene#show version > In ShowVersion: cisco302-Olsene#show version > HIT COMMAND:cisco302-Olsene#show startup-config > In ShowStartupConfig: cisco302-Olsene#show startup-config > 10.91.6.200: found exit > > > i think it's just a type somewhere or some missing env variables. any idea where the error: > ": no such file or directory > comes from? thats most likely a good indicator. > > and if you havent reverted it yet, dont forget to use ";" with rancid 3.2 in rancid.types.conf > > // nick > > -----Original Message----- > From: Gerhard Mourani [mailto:gmourani at gmail.com] > Sent: Friday, July 10, 2015 16:19 > To: Nick Nauwelaerts > Cc: Daniel Shields; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Cisco Small Business and Rancid 3.2 > > PATH=/usr/bin:/usr/sbin:/bin:.:/usr/local/bin; export PATH > csblogin & csbrancid are located under /usr/bin > > I think the problem comes from the csbrancid script which seem to be incompatible with Rancid 3.2. Here the output when you manually run the script: > > /usr/bin/csbrancid 192.168.1.65 > Name "main::opt_l" used only once: possible typo at /usr/bin/csbrancid line 55. > Name "main::logincmd" used only once: possible typo at /usr/bin/csbrancid line 396. > Name "main::opt_d" used only once: possible typo at /usr/bin/csbrancid line 56. > Name "main::opt_f" used only once: possible typo at /usr/bin/csbrancid line 57. > Name "main::opt_V" used only once: possible typo at /usr/bin/csbrancid line 51. > Use of uninitialized value $ENV{"ACLSORT"} in pattern match (m//) at /usr/bin/csbrancid line 334. > Use of uninitialized value $ENV{"FILTER_PWDS"} in pattern match (m//) at /usr/bin/csbrancid line 345. > Use of uninitialized value $ENV{"FILTER_PWDS"} in pattern match (m//) at /usr/bin/csbrancid line 347. > Use of uninitialized value $hist_tag in string ne at /usr/bin/csbrancid line 74. > Use of uninitialized value $command in string ne at /usr/bin/csbrancid line 74. > ": no such file or directory > 192.168.1.65: missed cmd(s): show version,show system,show startup-config > 192.168.1.65: End of run not found > > Gerhard, > >> On Jul 10, 2015, at 10:07 AM, Nick Nauwelaerts wrote: >> >> i'm guessing you placed the csblogin & csbrancid in a place thats not inside the $PATH specified in rancid.conf. >> >> what's your current PATH setting in rancid.conf? >> >> >> >> // nick >> >> >> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gerhard Mourani >> Sent: Friday, July 10, 2015 14:38 >> To: Daniel Shields >> Cc: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Cisco Small Business and Rancid 3.2 >> >> Hello Daniel, >> >> Thanks for the reply. I?ve tried what you recommended without success, it returns "unknown router manufacturer?, seem to be something else. >> >> On Jul 10, 2015, at 5:03 AM, Daniel Shields wrote: >> >> Hey Gerhard, >> >> You need to change the ; to : in rancid. conf. >> >> >> >> Sent via the Samsung GALAXY S?4, an AT&T 4G LTE smartphone >> >> >> -------- Original message -------- >> From: Gerhard Mourani >> Date: 07/09/2015 16:45 (GMT-05:00) >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] Cisco Small Business and Rancid 3.2 >> Hello List, >> >> I?ve a problem to make Rancid 3.2 work with Cisco Small Business. I?ve started to use scripts available at this link -> http://www.itnotes.eu/?p=407 >> >> 1) I?ve started to add the following lines into the /etc/rancid.types.conf file. >> >> cisco-sb;script;csbrancid >> cisco-sb;login;csblogin >> >> 2) Then added cisco-sb inside my /etc/rancid.conf file. >> >> 3) Created the /var/lib/rancid/cisco-sb directory with all required files by running the ?rancid-cvs? command. >> >> 4) And finally executing as rancid user the > rancid-run cisco-sb command. >> >> Here is my error reported inside rancid log file. >> >> exec(csbrancid) failed router manufacturer cisco-sb: No such file or directory >> >> Someone know what to do to fix this with Rancid 3.2 ? >> >> Gerhard, >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> >> >> ________________________________ >> >> Volg Aquafin op Facebook | Twitter | YouTube | LinkedIN >> >> Disclaimer: zie www.aquafin.be P Denk aan het milieu. Druk deze mail niet onnodig af. >> >> [http://www.aquafin.be/images/content/email/bigjump2015.jpg] > From b38911 at gmail.com Fri Jul 10 08:16:58 2015 From: b38911 at gmail.com (b38911 Zxc) Date: Fri, 10 Jul 2015 10:16:58 +0200 Subject: [rancid] PaloAlto backup not working Message-ID: Hello. I just configured RANCID 3.2. All is working fine for cisco devices. I tried to set up the backup for palo alto device, but it looks like it is not working, output files are empty. If I run # ./rancid -d -t paloalto paloaltofw I get the following result loadtype: device type paloalto loadtype: found device type paloalto in etc/rancid.types.base executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" paloaltofw swstapacf01: missed cmd(s): all commands swstapacf01: End of run not found swstapacf01: End of run not found If I try to run the panlogin script manually, the configuration is correctly retrieved # ./panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" paloaltofw Do you have an idea about the possible issue? Thanks. Cips -------------- next part -------------- An HTML attachment was scrubbed... URL: From Ehud.Gavron at Login.COM Sat Jul 11 23:51:55 2015 From: Ehud.Gavron at Login.COM (Ehud Gavron) Date: Sat, 11 Jul 2015 16:51:55 -0700 Subject: [rancid] Submission: Modification to MTLOGIN to allow port# selection and longer line width count (for system package detail print) Message-ID: <55A1AC1B.5010908@Login.COM> The following patch allows "add method ip.address.goes.here ssh:nnnn" for MikroTik routers. It also extends the line width so that wide line (200 characters) responses don't mess up rancid. Ehud Gavron --- /usr/libexec/rancid/mtlogin 2015-05-30 11:16:40.000000000 -0700 +++ /home/rancid2/bin/mtlogin 2015-05-15 15:14:01.923740909 -0700 @@ -309,9 +309,16 @@ send_user "\nError: telnet failed: $reason\n" return 1 } - } elseif ![string compare $prog "ssh"] { - if [ catch {spawn $sshcmd -c $cyphertype -x -l $user+ct $router} reason ] { - send_user "\nError: $sshcmd failed: $reason\n" + } elseif [string match "ssh*" $prog] { + regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port + set cmd $sshcmd + if {"$port" != ""} { + set retval [ catch {spawn $sshcmd -p $port -c $cyphertype -x -l $user+ct200w $router} reason ] + } else { + set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user+ct200w $router} reason ] + } + if { $retval } { + send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { @@ -382,7 +389,7 @@ return 1 } -re "$u_prompt" { - send -- "$user+ct\r" + send -- "$user+ct200w\r" set uprompt_seen 1 exp_continue } From matta at surveymonkey.com Mon Jul 13 17:31:49 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Mon, 13 Jul 2015 17:31:49 +0000 Subject: [rancid] Rancid isn't scanning the f5s from cron job. Message-ID: Very strange behavior here that I can?t pinpoint. When the cron job runs once per day, it doesn?t scan our f5s in multiple locations. But when I run ?rancid-run? manually (with no args) it picks them up ? no problem. Cron: 59 9 * * * /usr/lib/rancid/bin/rancid-run router.db: mt-lr01.endor.lan:juniper:up mt-lb03.endor.lan:f5:up mt-lb04.endor.lan:f5:up Files: -rw-r----- 1 rancid rancid 1072279 Jul 8 11:36 mt-lb04.endor.lan -rw-r----- 1 rancid rancid 1072475 Jul 8 11:36 mt-lb03.endor.lan -rw-r----- 1 rancid rancid 22647 Jul 10 10:01 mt-er01.endor.lan -rw-r----- 1 rancid rancid 22211 Jul 10 10:01 mt-er02.endor.lan Again, running manually, it works just fine. The logs from the cron job show me what I already know: Trying to get all of the configs. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key ===================================== Getting missed routers: round 1. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt ===================================== Getting missed routers: round 2. mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key ===================================== Getting missed routers: round 3. mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt ===================================== Getting missed routers: round 4. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key But when I run it manually: Trying to get all of the configs. All routers sucessfully completed. Anyone have any clues/ideas? Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott.granados at gmail.com Mon Jul 13 18:01:36 2015 From: scott.granados at gmail.com (Scott Granados) Date: Mon, 13 Jul 2015 14:01:36 -0400 Subject: [rancid] Rancid isn't scanning the f5s from cron job. In-Reply-To: References: Message-ID: <53AAA9BC-8005-41A4-AF60-2C29E36259A4@gmail.com> I?m not sure if this matters but I had to use ;s instead of :s in the router.db. This was a change that appeared fairly recently and popped up for me when I upgraded from 2.3.6 to 3.2. so you might try something like bigip;f5;up > On Jul 13, 2015, at 1:31 PM, Matt Almgren wrote: > > Very strange behavior here that I can?t pinpoint. > > When the cron job runs once per day, it doesn?t scan our f5s in multiple locations. But when I run ?rancid-run? manually (with no args) it picks them up ? no problem. > > Cron: 59 9 * * * /usr/lib/rancid/bin/rancid-run > > router.db: > > mt-lr01.endor.lan:juniper:up > mt-lb03.endor.lan:f5:up > mt-lb04.endor.lan:f5:up > > > Files: > -rw-r----- 1 rancid rancid 1072279 Jul 8 11:36 mt-lb04.endor.lan > -rw-r----- 1 rancid rancid 1072475 Jul 8 11:36 mt-lb03.endor.lan > -rw-r----- 1 rancid rancid 22647 Jul 10 10:01 mt-er01.endor.lan > -rw-r----- 1 rancid rancid 22211 Jul 10 10:01 mt-er02.endor.lan > > Again, running manually, it works just fine. > > The logs from the cron job show me what I already know: > > > Trying to get all of the configs. > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > ===================================== > Getting missed routers: round 1. > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt > ===================================== > Getting missed routers: round 2. > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > ===================================== > Getting missed routers: round 3. > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt > ===================================== > Getting missed routers: round 4. > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > > > But when I run it manually: > > > > Trying to get all of the configs. > All routers sucessfully completed. > > > > Anyone have any clues/ideas? > > Thanks, Matt > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From matta at surveymonkey.com Mon Jul 13 18:10:44 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Mon, 13 Jul 2015 18:10:44 +0000 Subject: [rancid] Rancid isn't scanning the f5s from cron job. In-Reply-To: <53AAA9BC-8005-41A4-AF60-2C29E36259A4@gmail.com> References: <53AAA9BC-8005-41A4-AF60-2C29E36259A4@gmail.com> Message-ID: Hi Scott, I?ll be moving to 3.x soon, but this is currently 2.3.8. All the other devices in the router.db run fine, just not our f5s in two different groups. Thanks, Matt From: Scott Granados > Date: Monday, July 13, 2015 at 11:01 AM To: Matt Almgren > Cc: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Rancid isn't scanning the f5s from cron job. I?m not sure if this matters but I had to use ;s instead of :s in the router.db. This was a change that appeared fairly recently and popped up for me when I upgraded from 2.3.6 to 3.2. so you might try something like bigip;f5;up On Jul 13, 2015, at 1:31 PM, Matt Almgren > wrote: Very strange behavior here that I can?t pinpoint. When the cron job runs once per day, it doesn?t scan our f5s in multiple locations. But when I run ?rancid-run? manually (with no args) it picks them up ? no problem. Cron: 59 9 * * * /usr/lib/rancid/bin/rancid-run router.db: mt-lr01.endor.lan:juniper:up mt-lb03.endor.lan:f5:up mt-lb04.endor.lan:f5:up Files: -rw-r----- 1 rancid rancid 1072279 Jul 8 11:36 mt-lb04.endor.lan -rw-r----- 1 rancid rancid 1072475 Jul 8 11:36 mt-lb03.endor.lan -rw-r----- 1 rancid rancid 22647 Jul 10 10:01 mt-er01.endor.lan -rw-r----- 1 rancid rancid 22211 Jul 10 10:01 mt-er02.endor.lan Again, running manually, it works just fine. The logs from the cron job show me what I already know: Trying to get all of the configs. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key ===================================== Getting missed routers: round 1. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt ===================================== Getting missed routers: round 2. mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key ===================================== Getting missed routers: round 3. mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt ===================================== Getting missed routers: round 4. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key But when I run it manually: Trying to get all of the configs. All routers sucessfully completed. Anyone have any clues/ideas? Thanks, Matt _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From gavron at wetwork.net Mon Jul 13 19:51:09 2015 From: gavron at wetwork.net (Ehud Gavron) Date: Mon, 13 Jul 2015 12:51:09 -0700 Subject: [rancid] Rancid isn't scanning the f5s from cron job. In-Reply-To: References: Message-ID: <55A416AD.3080909@wetwork.net> I've found that some of the older rancid scripts work great from a terminal logged in with an environment, but fail when run by cron. Specifically I have ensured that $HOME is defined for all rancid jobs, and have also set the terminal type. Debugging: in f5rancid, right after the creation of $host.new and $host.raw preserve those files, by adding cp $host.* /tmp/ That will give you a very good indication of - whether the login succeeded - what commands were sent - what commands got an expected response - what commands broke the script Note: if you want to try and figure out if it's an environmental variable, then before doing rancid-run clear all your environmental variables and try rancid-run then. If it fails, add them back in to figure out what it needs. Ehud On 07/13/2015 10:31 AM, Matt Almgren wrote: > Very strange behavior here that I can?t pinpoint. > > When the cron job runs once per day, it doesn?t scan our f5s in multiple locations. But when I run ?rancid-run? manually (with no > args) it picks them up ? no problem. > > Cron: 59 9 * * * /usr/lib/rancid/bin/rancid-run > > router.db: > > mt-lr01.endor.lan:juniper:up > mt-lb03.endor.lan:f5:up > mt-lb04.endor.lan:f5:up > > > Files: > -rw-r----- 1 rancid rancid 1072279 Jul 8 11:36 mt-lb04.endor.lan > -rw-r----- 1 rancid rancid 1072475 Jul 8 11:36 mt-lb03.endor.lan > -rw-r----- 1 rancid rancid 22647 Jul 10 10:01 mt-er01.endor.lan > -rw-r----- 1 rancid rancid 22211 Jul 10 10:01 mt-er02.endor.lan > > Again, running manually, it works just fine. > > The logs from the cron job show me what I already know: > > > Trying to get all of the configs. > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > ===================================== > Getting missed routers: round 1. > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never > /config/ssl/ssl.crt > ===================================== > Getting missed routers: round 2. > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > ===================================== > Getting missed routers: round 3. > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never > /config/ssl/ssl.crt > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never > /config/ssl/ssl.crt > ===================================== > Getting missed routers: round 4. > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never > /config/ssl/ssl.crt > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > > > But when I run it manually: > > > > Trying to get all of the configs. > All routers sucessfully completed. > > > > Anyone have any clues/ideas? > > Thanks, Matt > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > From alan.mckinnon at gmail.com Mon Jul 13 20:00:40 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 13 Jul 2015 22:00:40 +0200 Subject: [rancid] Rancid isn't scanning the f5s from cron job. In-Reply-To: <55A416AD.3080909@wetwork.net> References: <55A416AD.3080909@wetwork.net> Message-ID: <55A418E8.6010302@gmail.com> On 13/07/2015 21:51, Ehud Gavron wrote: > I've found that some of the older rancid scripts work great from a terminal > logged in with an environment, but fail when run by cron. This is highly likely to be the OP's root cause, it's a classic mistake when using cron. rancid probably can't find the *login scripts as /usr/lib/rancid/bin/ is unlikely to be in PATH. Golden rule: Always always always use fully qualified paths everywhere in scripts launched from cron, and never rely on handy features provided by the shell to make a user's life easier. $PATH is a user feature, not a system one. The system works best when $PATH is not set for cron and friends. > > Specifically I have ensured that $HOME is defined for all rancid jobs, and > have also set the terminal type. > > Debugging: in f5rancid, right after the creation of $host.new and $host.raw > preserve those files, by adding > cp $host.* /tmp/ > > That will give you a very good indication of > - whether the login succeeded > - what commands were sent > - what commands got an expected response > - what commands broke the script > > Note: if you want to try and figure out if it's an environmental variable, > then before doing rancid-run clear all your environmental variables and > try rancid-run then. If it fails, add them back in to figure out what it > needs. > > Ehud > > On 07/13/2015 10:31 AM, Matt Almgren wrote: >> Very strange behavior here that I can?t pinpoint. >> >> When the cron job runs once per day, it doesn?t scan our f5s in multiple locations. But when I run ?rancid-run? manually (with no >> args) it picks them up ? no problem. >> >> Cron: 59 9 * * * /usr/lib/rancid/bin/rancid-run >> >> router.db: >> >> mt-lr01.endor.lan:juniper:up >> mt-lb03.endor.lan:f5:up >> mt-lb04.endor.lan:f5:up >> >> >> Files: >> -rw-r----- 1 rancid rancid 1072279 Jul 8 11:36 mt-lb04.endor.lan >> -rw-r----- 1 rancid rancid 1072475 Jul 8 11:36 mt-lb03.endor.lan >> -rw-r----- 1 rancid rancid 22647 Jul 10 10:01 mt-er01.endor.lan >> -rw-r----- 1 rancid rancid 22211 Jul 10 10:01 mt-er02.endor.lan >> >> Again, running manually, it works just fine. >> >> The logs from the cron job show me what I already know: >> >> >> Trying to get all of the configs. >> mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never >> /config/ssl/ssl.key >> mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never >> /config/ssl/ssl.key >> ===================================== >> Getting missed routers: round 1. >> mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never >> /config/ssl/ssl.key >> mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never >> /config/ssl/ssl.crt >> ===================================== >> Getting missed routers: round 2. >> mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never >> /config/ssl/ssl.key >> mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never >> /config/ssl/ssl.key >> ===================================== >> Getting missed routers: round 3. >> mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never >> /config/ssl/ssl.crt >> mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never >> /config/ssl/ssl.crt >> ===================================== >> Getting missed routers: round 4. >> mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never >> /config/ssl/ssl.crt >> mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never >> /config/ssl/ssl.key >> >> >> But when I run it manually: >> >> >> >> Trying to get all of the configs. >> All routers sucessfully completed. >> >> >> >> Anyone have any clues/ideas? >> >> Thanks, Matt >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From matta at surveymonkey.com Mon Jul 13 20:02:52 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Mon, 13 Jul 2015 20:02:52 +0000 Subject: [rancid] Rancid isn't scanning the f5s from cron job. In-Reply-To: <55A416AD.3080909@wetwork.net> References: <55A416AD.3080909@wetwork.net> Message-ID: I could see that being a problem if it was an all-or-nothing type of scenario. But in my situation ? 40 devices are working just fine. But 4 are not. And the only thing they have in common is that they are f5. Are you saying this is specific to the f5rancid script? I?m trying to figure out if this has any thing to do with it "/config/ssl/ssl.key? that the log mentions? I?ll try the remove environment test and see what happens, but if that?s it ? how do I fix it for cron? ? Matt From: Ehud Gavron > Date: Monday, July 13, 2015 at 12:51 PM To: Matt Almgren >, "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Rancid isn't scanning the f5s from cron job. I've found that some of the older rancid scripts work great from a terminal logged in with an environment, but fail when run by cron. Specifically I have ensured that $HOME is defined for all rancid jobs, and have also set the terminal type. Debugging: in f5rancid, right after the creation of $host.new and $host.raw preserve those files, by adding cp $host.* /tmp/ That will give you a very good indication of - whether the login succeeded - what commands were sent - what commands got an expected response - what commands broke the script Note: if you want to try and figure out if it's an environmental variable, then before doing rancid-run clear all your environmental variables and try rancid-run then. If it fails, add them back in to figure out what it needs. Ehud On 07/13/2015 10:31 AM, Matt Almgren wrote: Very strange behavior here that I can?t pinpoint. When the cron job runs once per day, it doesn?t scan our f5s in multiple locations. But when I run ?rancid-run? manually (with no args) it picks them up ? no problem. Cron: 59 9 * * * /usr/lib/rancid/bin/rancid-run router.db: mt-lr01.endor.lan:juniper:up mt-lb03.endor.lan:f5:up mt-lb04.endor.lan:f5:up Files: -rw-r----- 1 rancid rancid 1072279 Jul 8 11:36 mt-lb04.endor.lan -rw-r----- 1 rancid rancid 1072475 Jul 8 11:36 mt-lb03.endor.lan -rw-r----- 1 rancid rancid 22647 Jul 10 10:01 mt-er01.endor.lan -rw-r----- 1 rancid rancid 22211 Jul 10 10:01 mt-er02.endor.lan Again, running manually, it works just fine. The logs from the cron job show me what I already know: Trying to get all of the configs. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key ===================================== Getting missed routers: round 1. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt ===================================== Getting missed routers: round 2. mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key ===================================== Getting missed routers: round 3. mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt ===================================== Getting missed routers: round 4. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key But when I run it manually: Trying to get all of the configs. All routers sucessfully completed. Anyone have any clues/ideas? Thanks, Matt _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Jul 13 22:01:01 2015 From: heas at shrubbery.net (heasley) Date: Mon, 13 Jul 2015 22:01:01 +0000 Subject: [rancid] Submission: Modification to MTLOGIN to allow port# selection and longer line width count (for system package detail print) In-Reply-To: <55A1AC1B.5010908@Login.COM> References: <55A1AC1B.5010908@Login.COM> Message-ID: <20150713220101.GG65441@shrubbery.net> Sat, Jul 11, 2015 at 04:51:55PM -0700, Ehud Gavron: > The following patch allows > "add method ip.address.goes.here ssh:nnnn" for MikroTik routers. > It also extends the line width so that wide line (200 characters) > responses don't mess up rancid. > > Ehud Gavron > > --- /usr/libexec/rancid/mtlogin 2015-05-30 11:16:40.000000000 -0700 > +++ /home/rancid2/bin/mtlogin 2015-05-15 15:14:01.923740909 -0700 > @@ -309,9 +309,16 @@ > send_user "\nError: telnet failed: $reason\n" > return 1 > } > - } elseif ![string compare $prog "ssh"] { > - if [ catch {spawn $sshcmd -c $cyphertype -x -l $user+ct $router} reason ] { > - send_user "\nError: $sshcmd failed: $reason\n" > + } elseif [string match "ssh*" $prog] { > + regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port > + set cmd $sshcmd > + if {"$port" != ""} { > + set retval [ catch {spawn $sshcmd -p $port -c $cyphertype -x -l $user+ct200w $router} reason ] > + } else { > + set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user+ct200w $router} reason ] > + } > + if { $retval } { > + send_user "\nError: $sshcmd failed: $reason\n" > return 1 > } > } elseif ![string compare $prog "rsh"] { we already have this for 3.2. copy attached. > @@ -382,7 +389,7 @@ > return 1 } > > -re "$u_prompt" { > - send -- "$user+ct\r" > + send -- "$user+ct200w\r" > set uprompt_seen 1 > exp_continue > } that is a bizarre platform. is it wrapping long lines, truncating or discarding? Is there any reason that this username feature may not be supported? eg: a minimum version, etc. -------------- next part -------------- #! /usr/local/bin/expect -- ## ## $Id: mtlogin.in 3128 2015-06-03 17:52:23Z heas $ ## ## rancid 3.2.99 ## Copyright (c) 1997-2015 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. ## ## It is the request of the authors, but not a condition of license, that ## parties packaging or redistributing RANCID NOT distribute altered versions ## of the etc/rancid.types.base file nor alter how this file is processed nor ## when in relation to etc/rancid.types.conf. The goal of this is to help ## suppress our support costs. If it becomes a problem, this could become a ## condition of license. # # The expect login scripts were based on Erik Sherk's gwtn, by permission. # # The original looking glass software was written by Ed Kern, provided by # permission and modified beyond recognition. # # mtlogin - MikroTik router login # # bootc at bootc.net wrote this (Chris Boot) # # Sometimes routers take awhile to answer (the default is 10 sec) set timeoutdflt 45 # Some CLIs having problems if we write too fast (Extreme, PIX, Cat) set send_human {.2 .1 .4 .2 1} # env(CLOGIN) may contain: # x == do not set xterm banner or name # Find the user in the ENV, or use the unix userid. if {[info exists env(CISCO_USER)]} { set default_user $env(CISCO_USER) } elseif {[info exists env(USER)]} { set default_user $env(USER) } elseif {[info exists env(LOGNAME)]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [catch {exec id} reason] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[info exists env(CLOGINRC)]} { set password_file $env(CLOGINRC) } # Usage line set usage "Usage: $argv0 \[-dhSV\] \[-m|M\] \[-autoenable\] \[-noenable\] \ \[-c command\] \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \ \[-p user-password\] \[-r passphrase\] \[-s script-file\] \[-t timeout\] \ \[-u username\] \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # Save config, if prompted set do_saveconfig 0 # cloginrc debugging knob set do_cloginrcdbg 0 # intialize cloginrc parsing stacks set int_file {} set int_lineno {} # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Expect debug mode -d* { exp_internal 1 # Help } -h* { send_user "$usage" exit 0 # Command to run. } -c* { if {! [regexp .\[cC\](.+) $arg ignore command]} { incr i set command [lindex $argv $i] } set do_command 1 # Environment variable to pass to -s scripts } -E* { if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # alternate cloginrc file } -f* { if {! [regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [lindex $argv $i] } # VTY Password } -p* { if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [lindex $argv $i] } set do_passwd 0 # cloginrc debugging knobs } -m* { set do_cloginrcdbg 1 } -M* { set do_cloginrcdbg 2 # ssh passphrase } -r* { if {! [regexp .\[rR\](.+) $arg ignore passphrase]} { incr i set avpassphrase [lindex $argv $i] } # Expect script to run. } -s* { if {! [regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [lindex $argv $i] } if { ! [file readable $sfile] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # save config on exit } -S* { set do_saveconfig 1 # Timeout } -t* { if {! [regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeoutdflt [lindex $argv $i] } # Username } -u* { if {! [regexp .\[uU\](.+) $arg ignore user]} { incr i set username [lindex $argv $i] } # VTY Password } -v* { # some scripts ignore -v, like jlogin if {! [regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [lindex $argv $i] } set do_passwd 0 # Version string } -V* { send_user "@PACKAGE@ @VERSION@\n" exit 0 # Enable Username } -w* { if {! [regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [lindex $argv $i] } # Enable Password } -e* { if {! [regexp .\[e\](.+) $arg ignore enapasswd]} { incr i set enapasswd [lindex $argv $i] } set do_enapasswd 0 # 'ssh -c' cypher type } -y* { if {! [regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [lindex $argv $i] } # Command file } -x* { if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [lindex $argv $i] } if [catch {set cmd_fd [open $cmd_file r]} reason] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_file int_lineno int_$var set file [lindex $int_file 0] set lineno [lindex $int_lineno 0] lappend int_$var "$var:$file:$lineno: $args" } proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [regexp "^/" $args ignore] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { global do_cloginrcdbg upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match -nocase [lindex $line 1] $router] } { if { $do_cloginrcdbg > 0 } { send_error -- [join [list [lindex $line 0] [lindex $line 1 end] "\r\n"]] } if { $do_cloginrcdbg == 2 } { # save return value if {! [info exists result]} { set result [lrange $line 2 end] } } else { return [lrange $line 2 end] } } } } if { $do_cloginrcdbg == 2 } { if {[info exists result]} { return $result } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { file } { global env int_file int_lineno if { ! [file exists $file] } { send_user "\nError: password file ($file) does not exist\n" exit 1 } file stat $file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $file must not be world readable/writable\n" exit 1 } if [catch {set fd [open $file "r"]} reason] { send_user "\nError: $reason\n" exit 1 } set int_file [linsert $int_file 0 $file] set int_lineno [linsert $int_lineno 0 0] while { [gets $fd line] >= 0 } { set tmp [lindex $int_lineno 0]; incr tmp lset int_lineno 0 $tmp eval $line } set int_file [lrange $int_file 1 end] set int_lineno [lrange $int_lineno 1 end] close $fd } # Log into the router. # returns: 0 on success, 1 on failure proc login { router user userpswd passwd prompt cmethod cyphertype identfile } { global spawn_id in_proc do_command do_script global u_prompt p_prompt sshcmd set in_proc 1 set uprompt_seen 0 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif [string match "ssh*" $prog] { # ssh to the router & try to login with or without an identfile. regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port set cmd $sshcmd if {"$port" != ""} { set cmd "$cmd -p $port" } if {"$identfile" != ""} { set cmd "$cmd -i $identfile" } set retval [catch {eval spawn [split "$cmd -c $cyphertype -x -l $user+ct $router" { }]} reason] if { $retval } { send_user "\nError: $cmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { send_error "\nError: unsupported method: rsh\n" if { $progs == 0 } { return 1 } continue; } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } } expect { "Connection refused" { catch {close}; catch {wait}; sleep 0.3 expect eof send_user "\nError: Connection Refused\n"; wait; return 1 } eof { send_user "\nError: Couldn't login\n"; wait; return 1 } "Unknown host\r\n" { expect eof send_user "\nError: Unknown host\n"; wait; return 1 } "Host is unreachable" { expect eof send_user "\nError: Host Unreachable!\n"; wait; return 1 } "No address associated with name" { expect eof send_user "\nError: Unknown host\n"; wait; return 1 } -re "(Host key not found |The authenticity of host .* be established).* \$yes/no\$\\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \$yes/no\$\\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "HOST IDENTIFICATION HAS CHANGED\[^\n\r]+" { send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \$yes/no\$\\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Enter passphrase.*: " { # sleep to allow time for stty -echo sleep .3 send -- "$passphrase\r" exp_continue } -re "$u_prompt" { send -- "$user+ct\r" set uprompt_seen 1 exp_continue } -re "$p_prompt" { sleep 1 if {$uprompt_seen == 1} { send -- "$userpswd\r" } else { send -- "$passwd\r" } exp_continue } -re "^Confirm seeing above note" { send "y\r" exp_continue } "Password incorrect" { send_user "\nError: Check your password for $router\n"; catch {close}; catch {wait}; return 1 } -re "$prompt" { break; } denied { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "\r\n" { exp_continue; } } } set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 # escape any parens in the prompt, such as "(enable)" regsub -all "\[)(]" $prompt {\\&} reprompt # handle escaped ;s in commands, and ;; and ^; regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand regsub {^;} $esccommand "\u002;" command set sep "\\1\u001" regsub -all {([^\\])\;} $command "$sep" esccommand set sep "\u001" set commands [split $esccommand $sep] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst -nocommands [lindex $commands $i]]\r" expect { -re "^\[^\n\r]*$reprompt" {} -re "^\[^\n\r ]*>>.*$reprompt" { exp_continue } -re "\[\n\r]+" { exp_continue } } } send "quit\r" expect { -re "^WARNING: There are unsaved configuration changes." { send "y\r" exp_continue } "\n" { exp_continue } "\[^\n\r *]*Session terminated" { return 0 } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 set exitval 0 # http://www.shrubbery.net/pipermail/rancid-discuss/2015-January/007984.html # if we have dont have a tty, we need some additional terminal settings if [catch {open /dev/tty w} ttyid] { # no tty, ie: cron set spawnopts "-nottycopy" set stty_init "cols 132" } else { catch {close ttyid} reason } foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. set prompt "] > " # alteon only "enables" based on the password used at login time set autoenable 1 set enable 0 # device timeout set timeout [find timeout $router] if { [llength $timeout] == 0 } { set timeout $timeoutdflt } # Figure out passwords if { $do_passwd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "\nError - no password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "Login:" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "\[Pp]assword:" } else { set p_prompt [join [lindex $p_prompt 0] ""] } # Figure out identity file to use set identfile [join [lindex [find identity $router] 0] ""] # Figure out passphrase to use if {[info exists avpassphrase]} { set passphrase $avpassphrase } else { set passphrase [join [lindex [find passphrase $router] 0] ""] } if { ! [string length "$passphrase"]} { set passphrase $passwd } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [join [lindex [find sshcmd $router] 0] ""] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype $identfile]} { incr exitval continue } if { $do_command } { if {[run_commands $prompt $command]} { incr exitval continue } } elseif { $do_script } { source $sfile catch {close}; } else { label $router log_user 1 interact } # End of for each router catch {wait}; sleep 0.3 } exit $exitval From gavron at wetwork.net Mon Jul 13 22:06:57 2015 From: gavron at wetwork.net (Ehud Gavron) Date: Mon, 13 Jul 2015 15:06:57 -0700 Subject: [rancid] Submission: Modification to MTLOGIN to allow port# selection and longer line width count (for system package detail print) In-Reply-To: <20150713220101.GG65441@shrubbery.net> References: <55A1AC1B.5010908@Login.COM> <20150713220101.GG65441@shrubbery.net> Message-ID: <55A43681.6050903@wetwork.net> Thanks! Sadly our RHEL6 and other servers are running 3.1... Next time I'll check your source tree before duplicating effort on a feature you've already added :) Thank you for the work! E On 07/13/2015 03:01 PM, heasley wrote: > Sat, Jul 11, 2015 at 04:51:55PM -0700, Ehud Gavron: >> The following patch allows >> "add method ip.address.goes.here ssh:nnnn" for MikroTik routers. >> It also extends the line width so that wide line (200 characters) >> responses don't mess up rancid. >> >> Ehud Gavron >> >> --- /usr/libexec/rancid/mtlogin 2015-05-30 11:16:40.000000000 -0700 >> +++ /home/rancid2/bin/mtlogin 2015-05-15 15:14:01.923740909 -0700 >> @@ -309,9 +309,16 @@ >> send_user "\nError: telnet failed: $reason\n" >> return 1 >> } >> - } elseif ![string compare $prog "ssh"] { >> - if [ catch {spawn $sshcmd -c $cyphertype -x -l $user+ct $router} reason ] { >> - send_user "\nError: $sshcmd failed: $reason\n" >> + } elseif [string match "ssh*" $prog] { >> + regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port >> + set cmd $sshcmd >> + if {"$port" != ""} { >> + set retval [ catch {spawn $sshcmd -p $port -c $cyphertype -x -l $user+ct200w $router} reason ] >> + } else { >> + set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user+ct200w $router} reason ] >> + } >> + if { $retval } { >> + send_user "\nError: $sshcmd failed: $reason\n" >> return 1 >> } >> } elseif ![string compare $prog "rsh"] { > we already have this for 3.2. copy attached. > >> @@ -382,7 +389,7 @@ >> return 1 } >> >> -re "$u_prompt" { >> - send -- "$user+ct\r" >> + send -- "$user+ct200w\r" >> set uprompt_seen 1 >> exp_continue >> } > that is a bizarre platform. is it wrapping long lines, truncating or > discarding? Is there any reason that this username feature may not be > supported? eg: a minimum version, etc. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From krok at krok.za.net Tue Jul 14 05:01:59 2015 From: krok at krok.za.net (Shaun Krok) Date: Tue, 14 Jul 2015 08:01:59 +0300 Subject: [rancid] issue with fortigate FW after upgrade Message-ID: <083f825be50751bc614456e12dbba832@krok.za.net> Hi Was hoping someone had come across this in recent days. We have several sites running fortigate FW cluster without issues. We then upgraded a site to a new version and now have the following "noise" issue Running version 3.0 of rancid and I have checked the fnrancid script and it does have the patch mentioned in the forum If anyone can help with this would be much appreciated ? Shaun ********************** Here is a snip ? sub GetConf { print STDERR " In GetConf: $_" if ($debug); while () { tr/\015//d; next if /^\s*$/; last if (/$prompt/); # System time is fortigate extraction time next if (/^\s*!System time:/); # remove occurrances of conf_file_ver next if (/^#?conf_file_ver=/); # filter cycling RSA private keys if (/^\s*set private-key "-----BEGIN RSA PRIVATE KEY-----/) { ProcessHistory("","","","#$_"); ProcessHistory("","","","# "); while () { tr/\015//d; last if (/$prompt/); if (/^\s*-----END RSA PRIVATE KEY-----"/) { ProcessHistory("","","","#$_"); last; } } } # filter cycling password encryption if (/^\s*(set [^\s]*)\s(enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) { ProcessHistory("ENC","","","#$1 ENC $3\n"); next; } ProcessHistory("","","","$_"); } $found_end = 1; return(1); } retrieving revision 1.510 diff -U 10 -r1.510 de-fw @@ -16047,35 +16047,35 @@ Z0nf1R7CqJgrTEeDgUwuRMLvyGPui3tbMfYmYb95HLCpTqnJUHvi -----END CERTIFICATE-----" set scep-url '' set source-ip 0.0.0.0 next end config vpn certificate local edit "Fortinet_Factory" #set password ENC set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- - MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHB+yEmeRPUsCAggA - MBQGCCqGSIb3DQMHBAgiWcwKklgTzQSCAoATyGNsZtmmKFswxEjAoX9nEm1La21g - ZlbBj0g4GP4hQwQZ+HTXRgQ+FqqQVst1Ylk6P4TYrSSHux4BXSgg4wCs3JM7d5j7 - g4tlQnvThXPynSTSzARB6fShDqBwSW1+uR3mD+wFoe0wFVW5RW62AaI1D1nvV6oH - j/71eQLS0Iv9bX3F9VWxnvUm0uQtH6a+L+n5hzsDUyWbfSGvmmmNVTuLzpKXLRaP - OH0JaIafUI5CNGu1Kvga3Ys++9cBObo+XLUlm4mPICtxOPNBG2rM6TxKHi4z6VZN - 8wfPzK7BPqKlqAFVpvqfhpNt/uQFCIO4VGIGiLEwI4nF4+pna0UFBv5IXXqRLnXp - nHDcRD3RA2AqdUUKihH9/WpryY2gu8gL32MJ6corIKOaPRlWKafc5ib4xNL37Qog - THYimDfTsw+Xo9ksI4pZyegXxI6IgG/tsrFqFTC7kS6Bd57lFN4ruWjB3k5Gb0dO - s5w0/A2QnQaSnkByAE8yjCcZylqPC3cKGYVWHrO6QlVuw99joS8wFxwuFQvly7Qh - A/YEr4o+dGe/hkbG9j8o1AFChJNlz1tAl0Q9zs1AgpdCJ4Qzv8ZRRBh4OqPrYFfU - JuzfVTxEq2BTmgWWCK3pjVuNOP3ezooofbV+Sag9z5PZ+NzY1hn2vJmOLh2iXDXD - vmLzcRrgttSI2SPYPXTfRjdB/rD+T8pJedz4JQgZfz6gOtarxV8vEHRk6/yyuCsD - UFxGMpkIriGKEcoPdOAb4Om236P3UOFMnPxKeSgzornVquURhLxR/P9C2+CL4DTB - TAcKdDuTmBM+mJHlokKvM2YfJGpHr/81vgvuoZLm6wJTtSafE87xU+R4 + MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6M+NicV3wgACAggA + MBQGCCqGSIb3DQMHBAgTVUNlqWeA9gSCAoC7WF+N85ZdPBwcPJB184UlU2HxL/7+ + yyTlczZioYo9hUl7P3aWrexeBnb9PRjNfguK9PvaB7TSJr4lmNMs9WINS/wYwPIW + RlUzcfEDTQyevlji7GNxVKaE945FjjIstKxYZK62FTGP4eF6GZfBcQNuTgfRFiKW + CIEGVD0hhTQ0OL6MPFjT4ILWF1VwaTEOYmw74lLhsPBsLfR8tK0rLrplJvFUqBxx + lJJZ3uKOoym7lUMIRbjXRU9ip13/1BnTM44AUvp4r56rbwzK0hpHSGNoKR3Dbpwo + XH2zZzufRT2oUu6ENVNkcz8iHGdfqnjqSn0qed0bsL+qPZtVvNV0UM+AX94rVzjI + ylhNBlZQjGBHIiAy13MaLe794TER3RGWTrUFw+rMQIRZwV/feK6NnNpo8uTLlU/w + 6PXLoifQgvUW95SDPiQnVDNtD7m0W/QTOfjk2m37SgehOf6uhZZ4ohgxxkWlItbz + Np6u9+Ep4U+16BURrGkDTDnawmudiJbR/48iVa8TfiAi90z5q1H9/0ONSWHWvl0Z + 41JzdWaENVnBIAM278Q0UKoplMk4pFORTfV6NNjn0MPGSoAHktqyE77BOhpREedG + HCSq3fgbENdXB3rmL5LlGeSD4xsMoHiR2/0O7nsvD1tjHz7AfPw5A7CGtRev+FKK + VeGFsebDD3D/RwaxN8WxWYm/NhKwgnIR4bBbIFg7dWcjK4gMsky7BWioPkrYVhqo + /GKE8gjmRvQZqKsGpfLdF28Yptn3PmB+Ooyl7iKiVlM2f64vsxijoND1aG1i5BzH + dGCaHYnC3uj2jICXbzSQ8RvhJjGIlaT7jz7mas6Aurl3MKL9V6ObPH4M -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIDDAYBMA0GCSqGSIb3DQEBBQUAMIGgMQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYD VQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAw DgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTAeFw0xMzAzMTExMDMwNTdaFw0zODAxMTkwMzE0MDdaMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREw DwYDVQQKEwhGb3J0aW5ldDESMBAGA1UECxMJRm9ydGlHYXRlMRkwFwYDVQQDExBG RzMwMEMzOTEzNjAzMTQ4MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 -- Shaun Krok Tel: 050 2424 381 From john.kougoulos at gmail.com Tue Jul 14 07:38:38 2015 From: john.kougoulos at gmail.com (John Kougoulos) Date: Tue, 14 Jul 2015 09:38:38 +0200 Subject: [rancid] Rancid isn't scanning the f5s from cron job. In-Reply-To: References: Message-ID: HI, try changing in f5rancid this one: $ENV{'TERM'} = "vt100"; to: $ENV{'TERM'} = "vt100-w"; Regards, John On Mon, Jul 13, 2015 at 7:31 PM, Matt Almgren wrote: > Very strange behavior here that I can?t pinpoint. > > When the cron job runs once per day, it doesn?t scan our f5s in multiple > locations. But when I run ?rancid-run? manually (with no args) it picks > them up ? no problem. > > Cron: 59 9 * * * /usr/lib/rancid/bin/rancid-run > > router.db: > > mt-lr01.endor.lan:juniper:up > mt-lb03.endor.lan:f5:up > mt-lb04.endor.lan:f5:up > > > Files: > -rw-r----- 1 rancid rancid 1072279 Jul 8 11:36 mt-lb04.endor.lan > -rw-r----- 1 rancid rancid 1072475 Jul 8 11:36 mt-lb03.endor.lan > -rw-r----- 1 rancid rancid 22647 Jul 10 10:01 mt-er01.endor.lan > -rw-r----- 1 rancid rancid 22211 Jul 10 10:01 mt-er02.endor.lan > > Again, running manually, it works just fine. > > The logs from the cron job show me what I already know: > > > Trying to get all of the configs. > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > ===================================== > Getting missed routers: round 1. > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.key,ls --full-time --color=never > /config/ssl/ssl.crt > ===================================== > Getting missed routers: round 2. > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > ===================================== > Getting missed routers: round 3. > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.key,ls --full-time --color=never > /config/ssl/ssl.crt > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.key,ls --full-time --color=never > /config/ssl/ssl.crt > ===================================== > Getting missed routers: round 4. > mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.key,ls --full-time --color=never > /config/ssl/ssl.crt > mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time > --color=never /config/ssl/ssl.crt,ls --full-time --color=never > /config/ssl/ssl.key > > > But when I run it manually: > > > > Trying to get all of the configs. > All routers sucessfully completed. > > > > Anyone have any clues/ideas? > > Thanks, Matt > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matta at surveymonkey.com Tue Jul 14 17:22:06 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Tue, 14 Jul 2015 17:22:06 +0000 Subject: [rancid] Rancid isn't scanning the f5s from cron job. In-Reply-To: References: Message-ID: That did the trick!! Thank you very much. Does that simply change the output to wide-mode or similar? ? Matt From: John Kougoulos > Date: Tuesday, July 14, 2015 at 12:38 AM To: Matt Almgren > Cc: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Rancid isn't scanning the f5s from cron job. HI, try changing in f5rancid this one: $ENV{'TERM'} = "vt100"; to: $ENV{'TERM'} = "vt100-w"; Regards, John On Mon, Jul 13, 2015 at 7:31 PM, Matt Almgren > wrote: Very strange behavior here that I can?t pinpoint. When the cron job runs once per day, it doesn?t scan our f5s in multiple locations. But when I run ?rancid-run? manually (with no args) it picks them up ? no problem. Cron: 59 9 * * * /usr/lib/rancid/bin/rancid-run router.db: mt-lr01.endor.lan:juniper:up mt-lb03.endor.lan:f5:up mt-lb04.endor.lan:f5:up Files: -rw-r----- 1 rancid rancid 1072279 Jul 8 11:36 mt-lb04.endor.lan -rw-r----- 1 rancid rancid 1072475 Jul 8 11:36 mt-lb03.endor.lan -rw-r----- 1 rancid rancid 22647 Jul 10 10:01 mt-er01.endor.lan -rw-r----- 1 rancid rancid 22211 Jul 10 10:01 mt-er02.endor.lan Again, running manually, it works just fine. The logs from the cron job show me what I already know: Trying to get all of the configs. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key ===================================== Getting missed routers: round 1. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt ===================================== Getting missed routers: round 2. mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key ===================================== Getting missed routers: round 3. mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt ===================================== Getting missed routers: round 4. mt-lb03.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt mt-lb04.corp.surveymonkey.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key But when I run it manually: Trying to get all of the configs. All routers sucessfully completed. Anyone have any clues/ideas? Thanks, Matt _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From gavron at wetwork.net Tue Jul 14 17:27:05 2015 From: gavron at wetwork.net (Ehud Gavron) Date: Tue, 14 Jul 2015 10:27:05 -0700 Subject: [rancid] Rancid isn't scanning the f5s from cron job. In-Reply-To: References: Message-ID: <55A54669.2000802@wetwork.net> vt100-w is wide mode - 132 characters. http://www.lehman.cuny.edu/cgi-bin/man-cgi?terminfo+4 E On 07/14/2015 10:22 AM, Matt Almgren wrote: > That did the trick!! Thank you very much. > > Does that simply change the output to wide-mode or similar? > > ? Matt > > > > > > > From: John Kougoulos > > Date: Tuesday, July 14, 2015 at 12:38 AM > To: Matt Almgren > > Cc: "rancid-discuss at shrubbery.net "

> > Subject: Re: [rancid] Rancid isn't scanning the f5s from cron job. > > HI, > > try changing in f5rancid this one: > $ENV{'TERM'} = "vt100"; > > to: > $ENV{'TERM'} = "vt100-w"; > > Regards, > John > > On Mon, Jul 13, 2015 at 7:31 PM, Matt Almgren > wrote: > > Very strange behavior here that I can?t pinpoint. > > When the cron job runs once per day, it doesn?t scan our f5s in multiple locations. But when I run ?rancid-run? manually (with > no args) it picks them up ? no problem. > > Cron: 59 9 * * * /usr/lib/rancid/bin/rancid-run > > router.db: > > mt-lr01.endor.lan:juniper:up > mt-lb03.endor.lan:f5:up > mt-lb04.endor.lan:f5:up > > > Files: > -rw-r----- 1 rancid rancid 1072279 Jul 8 11:36 mt-lb04.endor.lan > -rw-r----- 1 rancid rancid 1072475 Jul 8 11:36 mt-lb03.endor.lan > -rw-r----- 1 rancid rancid 22647 Jul 10 10:01 mt-er01.endor.lan > -rw-r----- 1 rancid rancid 22211 Jul 10 10:01 mt-er02.endor.lan > > Again, running manually, it works just fine. > > The logs from the cron job show me what I already know: > > > Trying to get all of the configs. > mt-lb03.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > mt-lb04.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > ===================================== > Getting missed routers: round 1. > mt-lb03.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > mt-lb04.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt > ===================================== > Getting missed routers: round 2. > mt-lb04.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > mt-lb03.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > ===================================== > Getting missed routers: round 3. > mt-lb04.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt > mt-lb03.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt > ===================================== > Getting missed routers: round 4. > mt-lb03.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.key,ls --full-time --color=never /config/ssl/ssl.crt > mt-lb04.corp.surveymonkey.com : missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > > > But when I run it manually: > > > > Trying to get all of the configs. > All routers sucessfully completed. > > > > Anyone have any clues/ideas? > > Thanks, Matt > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > From andrewm659 at gmail.com Mon Jul 13 21:15:20 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Mon, 13 Jul 2015 14:15:20 -0700 (PDT) Subject: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e Message-ID: For some reason 1 of the Pix 506e I have won't work with RANCID. I got it working on another. I'm not sure what is going on. When I try the clogin cmd it times out. Also, I'm trying to get it to use SSHv1. [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c "show run" 10.20.30.1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c "show run" 10.20.30.1 -1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -f .cloginrc -t 120 -c "show run" 10.20.30.1 -1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -x -1 -c "show run" 10.20.30.1 -1 Can someone tell me the syntax? I have it in the .cloginrc file but its not taking. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron.wasserott at viawest.com Tue Jul 14 22:21:03 2015 From: aaron.wasserott at viawest.com (Aaron Wasserott) Date: Tue, 14 Jul 2015 22:21:03 +0000 Subject: [rancid] FW: Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e References: Message-ID: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B9187F@mbx030-w1-co-6.exch030.domain.local> This is all I use to run simple one-liners and tests against a device: /usr/local/rancid/bin/clogin -c "show run" 10.20.30.1 Have you checked the log file for the device that doesn?t work? Rancid is usually pretty good about providing a hint as to the issue. When testing via clogin, make sure to test against the same hostname used in your router.db file. Helps to point out any DNS or stale SSH key issues that might be the cause. Another thing, if you switch to rancid using su you should use ? to ensure you get all the proper envvars ? that way you shouldn?t need to specify path to .cloginrc. From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Andrew Meyer Sent: Monday, July 13, 2015 3:15 PM To: rancid-discuss at googlegroups.com Subject: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e For some reason 1 of the Pix 506e I have won't work with RANCID. I got it working on another. I'm not sure what is going on. When I try the clogin cmd it times out. Also, I'm trying to get it to use SSHv1. [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c "show run" 10.20.30.1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c "show run" 10.20.30.1 -1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -f .cloginrc -t 120 -c "show run" 10.20.30.1 -1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -x -1 -c "show run" 10.20.30.1 -1 Can someone tell me the syntax? I have it in the .cloginrc file but its not taking. This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron.wasserott at viawest.com Tue Jul 14 23:27:00 2015 From: aaron.wasserott at viawest.com (Aaron Wasserott) Date: Tue, 14 Jul 2015 23:27:00 +0000 Subject: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e In-Reply-To: References: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B91861@mbx030-w1-co-6.exch030.domain.local> Message-ID: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B918D8@mbx030-w1-co-6.exch030.domain.local> Did you see this notice on the RANCID page? Sounds like that could be your issue. NOTE: For rancid >= 2.3, you must use expect >= 5.40. Versions prior to this appear to have a regex handling bug that affects the ability of clogin to parse CLI prompts. http://www.shrubbery.net/rancid/ From: Andrew Meyer [mailto:andrewm659 at gmail.com] Sent: Tuesday, July 14, 2015 4:25 PM To: Aaron Wasserott Cc: rancid-discuss at googlegroups.com Subject: Re: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e The issue is the pix i'm connecting to is using ssh 1.0 and is not working. Here is the output i'm getting [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -d -c "show run" 10.20.30.1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {35121} Gate keeper glob pattern for '^<-+ More -+>[^ ]*' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Connection refused|Secure connection [^ ]+ refused)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Connection closed by|Connection to [^ ]+ closed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established).* $yes/no$\?' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.* $yes/no$\?' is 'HOST IDENTIFICATION HAS CHANGED* (yes/no)\?'. Activating booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED[^ ]+' is 'HOST IDENTIFICATION HAS CHANGED*'. Activating booster. Gate keeper glob pattern for 'Offending key for .* $yes/no$\?' is 'Offending key for * (yes/no)\?'. Activating booster. Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. Activating booster. Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating booster. Gate keeper glob pattern for '@[^ ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: '. Activating booster. Gate keeper glob pattern for '(Username|Login|login|user name|User):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(>|#| $enable$)' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp6) match regular expression "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).* $yes/no$\?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* $yes/no$\?"? Gate "HOST IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS CHANGED*"? gate=no "Offending key for .* $yes/no$\?"? Gate "Offending key for * (yes/no)\?"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| $enable$)"? (No Gate, RE only) gate=yes re=no "Login invalid"? no expect: timed out Error: TIMEOUT reached Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Tue, Jul 14, 2015 at 5:20 PM, Aaron Wasserott > wrote: This is all I use to run simple one-liners and tests against a device: /usr/local/rancid/bin/clogin -c "show run" 10.20.30.1 Have you checked the log file for the device that doesn?t work? Rancid is usually pretty good about providing a hint as to the issue. When testing via clogin, make sure to test against the same hostname used in your router.db file. Helps to point out any DNS or stale SSH key issues that might be the cause. Another thing, if you switch to rancid using su you should use ? to ensure you get all the proper envvars ? that way you shouldn?t need to specify path to .cloginrc. From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Andrew Meyer Sent: Monday, July 13, 2015 3:15 PM To: rancid-discuss at googlegroups.com Subject: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e For some reason 1 of the Pix 506e I have won't work with RANCID. I got it working on another. I'm not sure what is going on. When I try the clogin cmd it times out. Also, I'm trying to get it to use SSHv1. [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c "show run" 10.20.30.1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c "show run" 10.20.30.1 -1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -f .cloginrc -t 120 -c "show run" 10.20.30.1 -1 10.20.30.1 spawn ssh -c 3des -x -l rancid 10.20.30.1 ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -x -1 -c "show run" 10.20.30.1 -1 Can someone tell me the syntax? I have it in the .cloginrc file but its not taking. This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message. This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message. -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at gmail.com Tue Jul 14 23:37:30 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Tue, 14 Jul 2015 18:37:30 -0500 Subject: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e In-Reply-To: References: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B91861@mbx030-w1-co-6.exch030.domain.local> <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B918D8@mbx030-w1-co-6.exch030.domain.local> Message-ID: hmmm....FreeBSD repo only has 5.43 as lowest. Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Tue, Jul 14, 2015 at 6:27 PM, Andrew Meyer wrote: > I saw it a while back and completely forgot. Going to fix. > > > Andrew Meyer > andrewm659 at gmail.com > ameyer at tsg2.com > 314-266-4837 > > On Tue, Jul 14, 2015 at 6:27 PM, Aaron Wasserott < > aaron.wasserott at viawest.com> wrote: > >> Did you see this notice on the RANCID page? Sounds like that could be >> your issue. >> >> >> >> *NOTE: For rancid >= 2.3, you must use expect >= 5.40. Versions prior to >> this appear to have a regex handling bug that affects the ability of clogin >> to parse CLI prompts.* >> >> >> >> http://www.shrubbery.net/rancid/ >> >> >> >> *From:* Andrew Meyer [mailto:andrewm659 at gmail.com] >> *Sent:* Tuesday, July 14, 2015 4:25 PM >> *To:* Aaron Wasserott >> *Cc:* rancid-discuss at googlegroups.com >> *Subject:* Re: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e >> >> >> >> The issue is the pix i'm connecting to is using ssh 1.0 and is not >> working. Here is the output i'm getting >> >> >> >> [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -d -c >> "show run" 10.20.30.1 >> >> 10.20.30.1 >> >> spawn ssh -c 3des -x -l rancid 10.20.30.1 >> >> parent: waiting for sync byte >> >> parent: telling child to go ahead >> >> parent: now unsynchronized from child >> >> spawn: returns {35121} >> >> Gate keeper glob pattern for '^<-+ More -+>[^ >> >> ]*' is ''. Not usable, disabling the performance booster. >> >> Gate keeper glob pattern for '(Connection refused|Secure connection [^ >> >> ]+ refused)' is ''. Not usable, disabling the performance booster. >> >> Gate keeper glob pattern for '(Connection closed by|Connection to [^ >> >> ]+ closed)' is ''. Not usable, disabling the performance booster. >> >> Gate keeper glob pattern for '(Host key not found |The authenticity of >> host .* be established).* $yes/no$\?' is ''. Not usable, disabling the >> performance booster. >> >> Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.* >> $yes/no$\?' is 'HOST IDENTIFICATION HAS CHANGED* (yes/no)\?'. Activating >> booster. >> >> Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED[^ >> >> ]+' is 'HOST IDENTIFICATION HAS CHANGED*'. Activating booster. >> >> Gate keeper glob pattern for 'Offending key for .* $yes/no$\?' is >> 'Offending key for * (yes/no)\?'. Activating booster. >> >> Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, >> disabling the performance booster. >> >> Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is >> ''. Not usable, disabling the performance booster. >> >> Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. >> Activating booster. >> >> Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating >> booster. >> >> Gate keeper glob pattern for '@[^ >> >> ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, >> disabling the performance booster. >> >> Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter >> passphrase*: '. Activating booster. >> >> Gate keeper glob pattern for '(Username|Login|login|user name|User):' is >> ''. Not usable, disabling the performance booster. >> >> Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ >> :]+):' is ''. Not usable, disabling the performance booster. >> >> Gate keeper glob pattern for '(>|#| $enable$)' is ''. Not usable, >> disabling the performance booster. >> >> >> >> expect: does "" (spawn_id exp6) match regular expression "^<-+ More >> -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no >> >> "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE >> only) gate=yes re=no >> >> "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE >> only) gate=yes re=no >> >> >> >> expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no >> >> >> >> expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? >> no >> >> "No address associated with name"? no >> >> "(Host key not found |The authenticity of host .* be established).* >> $yes/no$\?"? (No Gate, RE only) gate=yes re=no >> >> "HOST IDENTIFICATION HAS CHANGED.* $yes/no$\?"? Gate "HOST >> IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no >> >> "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS >> CHANGED*"? gate=no >> >> "Offending key for .* $yes/no$\?"? Gate "Offending key for * >> (yes/no)\?"? gate=no >> >> "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no >> >> "Login failed"? no >> >> "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes >> re=no >> >> "Press any key to continue"? no >> >> "Enter Selection: "? Gate "Enter Selection: "? gate=no >> >> "Last login:"? Gate "Last login:"? gate=no >> >> "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE >> only) gate=yes re=no >> >> "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no >> >> "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes >> re=no >> >> "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) >> gate=yes re=no >> >> "(>|#| $enable$)"? (No Gate, RE only) gate=yes re=no >> >> "Login invalid"? no >> >> expect: timed out >> >> >> >> Error: TIMEOUT reached >> >> >> >> >> >> Andrew Meyer >> andrewm659 at gmail.com >> ameyer at tsg2.com >> 314-266-4837 >> >> >> >> On Tue, Jul 14, 2015 at 5:20 PM, Aaron Wasserott < >> aaron.wasserott at viawest.com> wrote: >> >> This is all I use to run simple one-liners and tests against a device: >> >> >> >> /usr/local/rancid/bin/clogin -c "show run" 10.20.30.1 >> >> >> >> Have you checked the log file for the device that doesn?t work? Rancid is >> usually pretty good about providing a hint as to the issue. >> >> >> >> When testing via clogin, make sure to test against the same hostname used >> in your router.db file. Helps to point out any DNS or stale SSH key issues >> that might be the cause. >> >> >> >> Another thing, if you switch to rancid using su you should use ? to >> ensure you get all the proper envvars ? that way you shouldn?t need to >> specify path to .cloginrc. >> >> >> >> *From:* Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] *On >> Behalf Of *Andrew Meyer >> *Sent:* Monday, July 13, 2015 3:15 PM >> *To:* rancid-discuss at googlegroups.com >> *Subject:* [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e >> >> >> >> For some reason 1 of the Pix 506e I have won't work with RANCID. I got it >> working on another. I'm not sure what is going on. When I try the clogin >> cmd it times out. >> >> >> >> Also, I'm trying to get it to use SSHv1. >> >> >> >> [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c >> "show run" 10.20.30.1 >> >> 10.20.30.1 >> >> spawn ssh -c 3des -x -l rancid 10.20.30.1 >> >> ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 >> -c "show run" 10.20.30.1 -1 >> >> 10.20.30.1 >> >> spawn ssh -c 3des -x -l rancid 10.20.30.1 >> >> ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -f >> .cloginrc -t 120 -c "show run" 10.20.30.1 -1 >> >> 10.20.30.1 >> >> spawn ssh -c 3des -x -l rancid 10.20.30.1 >> >> ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 >> -x -1 -c "show run" 10.20.30.1 -1 >> >> >> >> >> >> Can someone tell me the syntax? I have it in the .cloginrc file but its >> not taking. >> >> This message contains information that may be confidential, privileged or >> otherwise protected by law from disclosure. It is intended for the >> exclusive use of the addressee(s). Unless you are the addressee or >> authorized agent of the addressee, you may not review, copy, distribute or >> disclose to anyone the message or any information contained within. If you >> have received this message in error, please contact the sender by >> electronic reply and immediately delete all copies of the message. >> >> >> This message contains information that may be confidential, privileged >> or otherwise protected by law from disclosure. It is intended for the >> exclusive use of the addressee(s). Unless you are the addressee or >> authorized agent of the addressee, you may not review, copy, distribute or >> disclose to anyone the message or any information contained within. If you >> have received this message in error, please contact the sender by >> electronic reply and immediately delete all copies of the message. >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at gmail.com Tue Jul 14 23:27:53 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Tue, 14 Jul 2015 18:27:53 -0500 Subject: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e In-Reply-To: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B918D8@mbx030-w1-co-6.exch030.domain.local> References: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B91861@mbx030-w1-co-6.exch030.domain.local> <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B918D8@mbx030-w1-co-6.exch030.domain.local> Message-ID: I saw it a while back and completely forgot. Going to fix. Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Tue, Jul 14, 2015 at 6:27 PM, Aaron Wasserott < aaron.wasserott at viawest.com> wrote: > Did you see this notice on the RANCID page? Sounds like that could be > your issue. > > > > *NOTE: For rancid >= 2.3, you must use expect >= 5.40. Versions prior to > this appear to have a regex handling bug that affects the ability of clogin > to parse CLI prompts.* > > > > http://www.shrubbery.net/rancid/ > > > > *From:* Andrew Meyer [mailto:andrewm659 at gmail.com] > *Sent:* Tuesday, July 14, 2015 4:25 PM > *To:* Aaron Wasserott > *Cc:* rancid-discuss at googlegroups.com > *Subject:* Re: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e > > > > The issue is the pix i'm connecting to is using ssh 1.0 and is not > working. Here is the output i'm getting > > > > [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -d -c "show > run" 10.20.30.1 > > 10.20.30.1 > > spawn ssh -c 3des -x -l rancid 10.20.30.1 > > parent: waiting for sync byte > > parent: telling child to go ahead > > parent: now unsynchronized from child > > spawn: returns {35121} > > Gate keeper glob pattern for '^<-+ More -+>[^ > > ]*' is ''. Not usable, disabling the performance booster. > > Gate keeper glob pattern for '(Connection refused|Secure connection [^ > > ]+ refused)' is ''. Not usable, disabling the performance booster. > > Gate keeper glob pattern for '(Connection closed by|Connection to [^ > > ]+ closed)' is ''. Not usable, disabling the performance booster. > > Gate keeper glob pattern for '(Host key not found |The authenticity of > host .* be established).* $yes/no$\?' is ''. Not usable, disabling the > performance booster. > > Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.* > $yes/no$\?' is 'HOST IDENTIFICATION HAS CHANGED* (yes/no)\?'. Activating > booster. > > Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED[^ > > ]+' is 'HOST IDENTIFICATION HAS CHANGED*'. Activating booster. > > Gate keeper glob pattern for 'Offending key for .* $yes/no$\?' is > 'Offending key for * (yes/no)\?'. Activating booster. > > Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling > the performance booster. > > Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is > ''. Not usable, disabling the performance booster. > > Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. > Activating booster. > > Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating > booster. > > Gate keeper glob pattern for '@[^ > > ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, > disabling the performance booster. > > Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: > '. Activating booster. > > Gate keeper glob pattern for '(Username|Login|login|user name|User):' is > ''. Not usable, disabling the performance booster. > > Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ > :]+):' is ''. Not usable, disabling the performance booster. > > Gate keeper glob pattern for '(>|#| $enable$)' is ''. Not usable, > disabling the performance booster. > > > > expect: does "" (spawn_id exp6) match regular expression "^<-+ More > -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no > > "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE > only) gate=yes re=no > > "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) > gate=yes re=no > > > > expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no > > > > expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? > no > > "No address associated with name"? no > > "(Host key not found |The authenticity of host .* be established).* > $yes/no$\?"? (No Gate, RE only) gate=yes re=no > > "HOST IDENTIFICATION HAS CHANGED.* $yes/no$\?"? Gate "HOST > IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no > > "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS > CHANGED*"? gate=no > > "Offending key for .* $yes/no$\?"? Gate "Offending key for * > (yes/no)\?"? gate=no > > "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no > > "Login failed"? no > > "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes > re=no > > "Press any key to continue"? no > > "Enter Selection: "? Gate "Enter Selection: "? gate=no > > "Last login:"? Gate "Last login:"? gate=no > > "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE > only) gate=yes re=no > > "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no > > "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no > > "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) > gate=yes re=no > > "(>|#| $enable$)"? (No Gate, RE only) gate=yes re=no > > "Login invalid"? no > > expect: timed out > > > > Error: TIMEOUT reached > > > > > > Andrew Meyer > andrewm659 at gmail.com > ameyer at tsg2.com > 314-266-4837 > > > > On Tue, Jul 14, 2015 at 5:20 PM, Aaron Wasserott < > aaron.wasserott at viawest.com> wrote: > > This is all I use to run simple one-liners and tests against a device: > > > > /usr/local/rancid/bin/clogin -c "show run" 10.20.30.1 > > > > Have you checked the log file for the device that doesn?t work? Rancid is > usually pretty good about providing a hint as to the issue. > > > > When testing via clogin, make sure to test against the same hostname used > in your router.db file. Helps to point out any DNS or stale SSH key issues > that might be the cause. > > > > Another thing, if you switch to rancid using su you should use ? to ensure > you get all the proper envvars ? that way you shouldn?t need to specify > path to .cloginrc. > > > > *From:* Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] *On > Behalf Of *Andrew Meyer > *Sent:* Monday, July 13, 2015 3:15 PM > *To:* rancid-discuss at googlegroups.com > *Subject:* [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e > > > > For some reason 1 of the Pix 506e I have won't work with RANCID. I got it > working on another. I'm not sure what is going on. When I try the clogin > cmd it times out. > > > > Also, I'm trying to get it to use SSHv1. > > > > [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c > "show run" 10.20.30.1 > > 10.20.30.1 > > spawn ssh -c 3des -x -l rancid 10.20.30.1 > > ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c > "show run" 10.20.30.1 -1 > > 10.20.30.1 > > spawn ssh -c 3des -x -l rancid 10.20.30.1 > > ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -f > .cloginrc -t 120 -c "show run" 10.20.30.1 -1 > > 10.20.30.1 > > spawn ssh -c 3des -x -l rancid 10.20.30.1 > > ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -x > -1 -c "show run" 10.20.30.1 -1 > > > > > > Can someone tell me the syntax? I have it in the .cloginrc file but its > not taking. > > This message contains information that may be confidential, privileged or > otherwise protected by law from disclosure. It is intended for the > exclusive use of the addressee(s). Unless you are the addressee or > authorized agent of the addressee, you may not review, copy, distribute or > disclose to anyone the message or any information contained within. If you > have received this message in error, please contact the sender by > electronic reply and immediately delete all copies of the message. > > > This message contains information that may be confidential, privileged > or otherwise protected by law from disclosure. It is intended for the > exclusive use of the addressee(s). Unless you are the addressee or > authorized agent of the addressee, you may not review, copy, distribute or > disclose to anyone the message or any information contained within. If you > have received this message in error, please contact the sender by > electronic reply and immediately delete all copies of the message. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at gmail.com Tue Jul 14 23:10:17 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Tue, 14 Jul 2015 18:10:17 -0500 Subject: [rancid] FW: Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e In-Reply-To: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B9187F@mbx030-w1-co-6.exch030.domain.local> References: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B9187F@mbx030-w1-co-6.exch030.domain.local> Message-ID: its weird, cause its not even working now...teh expect script is throwing errors. lots. I'll get the errors for you later. Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Tue, Jul 14, 2015 at 5:21 PM, Aaron Wasserott < aaron.wasserott at viawest.com> wrote: > This is all I use to run simple one-liners and tests against a device: > > > > /usr/local/rancid/bin/clogin -c "show run" 10.20.30.1 > > > > Have you checked the log file for the device that doesn?t work? Rancid is > usually pretty good about providing a hint as to the issue. > > > > When testing via clogin, make sure to test against the same hostname used > in your router.db file. Helps to point out any DNS or stale SSH key issues > that might be the cause. > > > > Another thing, if you switch to rancid using su you should use ? to ensure > you get all the proper envvars ? that way you shouldn?t need to specify > path to .cloginrc. > > > > *From:* Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net > ] *On Behalf Of *Andrew Meyer > *Sent:* Monday, July 13, 2015 3:15 PM > *To:* rancid-discuss at googlegroups.com > *Subject:* [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e > > > > For some reason 1 of the Pix 506e I have won't work with RANCID. I got it > working on another. I'm not sure what is going on. When I try the clogin > cmd it times out. > > > > Also, I'm trying to get it to use SSHv1. > > > > [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c > "show run" 10.20.30.1 > > 10.20.30.1 > > spawn ssh -c 3des -x -l rancid 10.20.30.1 > > ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c > "show run" 10.20.30.1 -1 > > 10.20.30.1 > > spawn ssh -c 3des -x -l rancid 10.20.30.1 > > ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -f > .cloginrc -t 120 -c "show run" 10.20.30.1 -1 > > 10.20.30.1 > > spawn ssh -c 3des -x -l rancid 10.20.30.1 > > ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -x > -1 -c "show run" 10.20.30.1 -1 > > > > > > Can someone tell me the syntax? I have it in the .cloginrc file but its > not taking. > This message contains information that may be confidential, privileged > or otherwise protected by law from disclosure. It is intended for the > exclusive use of the addressee(s). Unless you are the addressee or > authorized agent of the addressee, you may not review, copy, distribute or > disclose to anyone the message or any information contained within. If you > have received this message in error, please contact the sender by > electronic reply and immediately delete all copies of the message. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at foobar.org Wed Jul 15 09:00:38 2015 From: nick at foobar.org (Nick Hilliard) Date: Wed, 15 Jul 2015 10:00:38 +0100 Subject: [rancid] FW: Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e In-Reply-To: References: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B9187F@mbx030-w1-co-6.exch030.domain.local> Message-ID: <55A62136.9030503@foobar.org> On 15/07/2015 00:10, Andrew Meyer wrote: > its weird, cause its not even working now...teh expect script is throwing > errors. lots. I'll get the errors for you later. clogin works fine on freebsd 10.1 for asa 8.x and afair there are no substantial differences in vty behaviour between pixos 7.x and asa 8.x software, other than ssh support. If I were in your position, I'd first check that you can ssh to the device using the command-line ssh tool and if that works then I'd nuke the existing rancid + expect + tcl packages on freebsd and do a clean reinstall of all the package dependencies. Nick From andrewm659 at gmail.com Wed Jul 15 13:21:09 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Wed, 15 Jul 2015 08:21:09 -0500 Subject: [rancid] FW: Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e In-Reply-To: <55A62136.9030503@foobar.org> References: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B9187F@mbx030-w1-co-6.exch030.domain.local> <55A62136.9030503@foobar.org> Message-ID: pix os 6.3.5 Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Wed, Jul 15, 2015 at 4:00 AM, Nick Hilliard wrote: > On 15/07/2015 00:10, Andrew Meyer wrote: > > its weird, cause its not even working now...teh expect script is throwing > > errors. lots. I'll get the errors for you later. > > clogin works fine on freebsd 10.1 for asa 8.x and afair there are no > substantial differences in vty behaviour between pixos 7.x and asa 8.x > software, other than ssh support. If I were in your position, I'd first > check that you can ssh to the device using the command-line ssh tool and if > that works then I'd nuke the existing rancid + expect + tcl packages on > freebsd and do a clean reinstall of all the package dependencies. > > Nick > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at gmail.com Wed Jul 15 14:41:59 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Wed, 15 Jul 2015 09:41:59 -0500 Subject: [rancid] FW: Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e In-Reply-To: References: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B9187F@mbx030-w1-co-6.exch030.domain.local> <55A62136.9030503@foobar.org> Message-ID: The expect issue isn't in rancid 3.x is it? Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Wed, Jul 15, 2015 at 8:21 AM, Andrew Meyer wrote: > pix os 6.3.5 > > > Andrew Meyer > andrewm659 at gmail.com > ameyer at tsg2.com > 314-266-4837 > > On Wed, Jul 15, 2015 at 4:00 AM, Nick Hilliard wrote: > >> On 15/07/2015 00:10, Andrew Meyer wrote: >> > its weird, cause its not even working now...teh expect script is >> throwing >> > errors. lots. I'll get the errors for you later. >> >> clogin works fine on freebsd 10.1 for asa 8.x and afair there are no >> substantial differences in vty behaviour between pixos 7.x and asa 8.x >> software, other than ssh support. If I were in your position, I'd first >> check that you can ssh to the device using the command-line ssh tool and >> if >> that works then I'd nuke the existing rancid + expect + tcl packages on >> freebsd and do a clean reinstall of all the package dependencies. >> >> Nick >> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at foobar.org Wed Jul 15 15:06:17 2015 From: nick at foobar.org (Nick Hilliard) Date: Wed, 15 Jul 2015 16:06:17 +0100 Subject: [rancid] FW: Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e In-Reply-To: References: <1FD1A2FED7E41F4ABD1D2E2BDDEA519B05B9187F@mbx030-w1-co-6.exch030.domain.local> <55A62136.9030503@foobar.org>

Message-ID: <55A676E9.6040301@foobar.org> rancid 2.3.8 works without problems on freebsd 10.1. If you're having problems, it's either related to the fact that you're running an ancient and unsupported version of pixos (6.3.5 was released ~10 years ago) with a now unsupported ssh server version or else your freebsd rancid package or one of its dependencies is broken. In order to figure out which: 1. check that you can ssh to the device using the ssh command from the rancid account If this works, then ssh isn't the problem, so you should try this: 2. nuke your existing rancid + expect + tcl packages on freebsd and do a clean reinstall of rancid + all the package dependencies. Nick On 15/07/2015 15:41, Andrew Meyer wrote: > The expect issue isn't in rancid 3.x is it? > > > Andrew Meyer > andrewm659 at gmail.com > ameyer at tsg2.com > 314-266-4837 > > On Wed, Jul 15, 2015 at 8:21 AM, Andrew Meyer > wrote: > > pix os 6.3.5 > > > Andrew Meyer > andrewm659 at gmail.com > ameyer at tsg2.com > 314-266-4837 > > On Wed, Jul 15, 2015 at 4:00 AM, Nick Hilliard > wrote: > > On 15/07/2015 00:10, Andrew Meyer wrote: > > its weird, cause its not even working now...teh expect script is throwing > > errors. lots. I'll get the errors for you later. > > clogin works fine on freebsd 10.1 for asa 8.x and afair there are no > substantial differences in vty behaviour between pixos 7.x and asa 8.x > software, other than ssh support. If I were in your position, I'd > first > check that you can ssh to the device using the command-line ssh > tool and if > that works then I'd nuke the existing rancid + expect + tcl packages on > freebsd and do a clean reinstall of all the package dependencies. > > Nick > > > > From andrewm659 at gmail.com Fri Jul 17 00:08:52 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Thu, 16 Jul 2015 19:08:52 -0500 Subject: [rancid] rancid 3.2 freebsd Message-ID: So I went ahead and migrated to 3.2 on FreeBSD 10.1 and I got everything setup and then I went to test a login with and I get the following: $ /usr/local/libexec/rancid/clogin -t 120 -c "show run" 10.150.1.1 10.150.1.1 Error: no enable password for 10.150.1.1 in /usr/local/var/rancid/.cloginrc. $ Not sure why. Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 -------------- next part -------------- An HTML attachment was scrubbed... URL: From matta at surveymonkey.com Mon Jul 20 22:53:55 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Mon, 20 Jul 2015 22:53:55 +0000 Subject: [rancid] No email sent to MTA with 3.2 Message-ID: First off, there?s no problem with Rancid3.2 actually running. It finishes the run, logs the config, checks in the updated changes into CVS, but no email is sent. I?ve been paying attention to the problems others have had with 3.x. :) We use Ubuntu 14.0.4 with Exim4 and when rancid-run finishes, I don?t see anything going to the MTA in the exim logs. If I use mailx or mail to the alias I setup in the /etc/aliases file I receive the email and logs appropriately. Is there some trigger or config change that needs to tell rancid to enable email delivery? =================================================================== File: sjc-sw14.endor.lan Status: Up-to-date Working revision: 1.3 2015-07-20 15:50:53 ?0700 From matta at surveymonkey.com Mon Jul 20 23:10:35 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Mon, 20 Jul 2015 23:10:35 +0000 Subject: [rancid] No email sent to MTA with 3.2 In-Reply-To: References: Message-ID: Interesting? I see this in the logs. /home/rancid/var/CVS/SJC1/configs/sjc-sw14.endor.lan,v <-- configs/sjc-sw14.endor.lan new revision: 1.5; previous revision: 1.4 /home/rancid/bin/control_rancid: 642: /home/rancid/bin/control_rancid: -t: not found ending: Mon Jul 20 16:09:00 PDT 2015 rancid at sjc-nettools02:~/var/logs$ ls /home/rancid/bin/control_rancid /home/rancid/bin/control_rancid rancid at sjc-nettools02:~/var/logs$ It?s there, so why is it complaining? ? Matt From: Matt Almgren > Date: Monday, July 20, 2015 at 3:53 PM To: "rancid-discuss at shrubbery.net" > Subject: No email sent to MTA with 3.2 First off, there?s no problem with Rancid3.2 actually running. It finishes the run, logs the config, checks in the updated changes into CVS, but no email is sent. I?ve been paying attention to the problems others have had with 3.x. :) We use Ubuntu 14.0.4 with Exim4 and when rancid-run finishes, I don?t see anything going to the MTA in the exim logs. If I use mailx or mail to the alias I setup in the /etc/aliases file I receive the email and logs appropriately. Is there some trigger or config change that needs to tell rancid to enable email delivery? =================================================================== File: sjc-sw14.endor.lanStatus: Up-to-date Working revision: 1.3 2015-07-20 15:50:53 ?0700 From frnkblk at iname.com Wed Jul 22 03:50:02 2015 From: frnkblk at iname.com (Frank Bulk) Date: Tue, 21 Jul 2015 22:50:02 -0500 Subject: [rancid] issue with fortigate FW after upgrade In-Reply-To: <083f825be50751bc614456e12dbba832@krok.za.net> References: <083f825be50751bc614456e12dbba832@krok.za.net> Message-ID: <000f01d0c431$81cad660$85608320$@iname.com> Just adjust the match lines to include the block of data you want to ignore. Frank -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Shaun Krok Sent: Tuesday, July 14, 2015 12:02 AM To: Rancid Discuss Subject: [rancid] issue with fortigate FW after upgrade Hi Was hoping someone had come across this in recent days. We have several sites running fortigate FW cluster without issues. We then upgraded a site to a new version and now have the following "noise" issue Running version 3.0 of rancid and I have checked the fnrancid script and it does have the patch mentioned in the forum If anyone can help with this would be much appreciated ? Shaun ********************** Here is a snip ? sub GetConf { print STDERR " In GetConf: $_" if ($debug); while () { tr/\015//d; next if /^\s*$/; last if (/$prompt/); # System time is fortigate extraction time next if (/^\s*!System time:/); # remove occurrances of conf_file_ver next if (/^#?conf_file_ver=/); # filter cycling RSA private keys if (/^\s*set private-key "-----BEGIN RSA PRIVATE KEY-----/) { ProcessHistory("","","","#$_"); ProcessHistory("","","","# "); while () { tr/\015//d; last if (/$prompt/); if (/^\s*-----END RSA PRIVATE KEY-----"/) { ProcessHistory("","","","#$_"); last; } } } # filter cycling password encryption if (/^\s*(set [^\s]*)\s(enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) { ProcessHistory("ENC","","","#$1 ENC $3\n"); next; } ProcessHistory("","","","$_"); } $found_end = 1; return(1); } retrieving revision 1.510 diff -U 10 -r1.510 de-fw @@ -16047,35 +16047,35 @@ Z0nf1R7CqJgrTEeDgUwuRMLvyGPui3tbMfYmYb95HLCpTqnJUHvi -----END CERTIFICATE-----" set scep-url '' set source-ip 0.0.0.0 next end config vpn certificate local edit "Fortinet_Factory" #set password ENC set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- - MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHB+yEmeRPUsCAggA - MBQGCCqGSIb3DQMHBAgiWcwKklgTzQSCAoATyGNsZtmmKFswxEjAoX9nEm1La21g - ZlbBj0g4GP4hQwQZ+HTXRgQ+FqqQVst1Ylk6P4TYrSSHux4BXSgg4wCs3JM7d5j7 - g4tlQnvThXPynSTSzARB6fShDqBwSW1+uR3mD+wFoe0wFVW5RW62AaI1D1nvV6oH - j/71eQLS0Iv9bX3F9VWxnvUm0uQtH6a+L+n5hzsDUyWbfSGvmmmNVTuLzpKXLRaP - OH0JaIafUI5CNGu1Kvga3Ys++9cBObo+XLUlm4mPICtxOPNBG2rM6TxKHi4z6VZN - 8wfPzK7BPqKlqAFVpvqfhpNt/uQFCIO4VGIGiLEwI4nF4+pna0UFBv5IXXqRLnXp - nHDcRD3RA2AqdUUKihH9/WpryY2gu8gL32MJ6corIKOaPRlWKafc5ib4xNL37Qog - THYimDfTsw+Xo9ksI4pZyegXxI6IgG/tsrFqFTC7kS6Bd57lFN4ruWjB3k5Gb0dO - s5w0/A2QnQaSnkByAE8yjCcZylqPC3cKGYVWHrO6QlVuw99joS8wFxwuFQvly7Qh - A/YEr4o+dGe/hkbG9j8o1AFChJNlz1tAl0Q9zs1AgpdCJ4Qzv8ZRRBh4OqPrYFfU - JuzfVTxEq2BTmgWWCK3pjVuNOP3ezooofbV+Sag9z5PZ+NzY1hn2vJmOLh2iXDXD - vmLzcRrgttSI2SPYPXTfRjdB/rD+T8pJedz4JQgZfz6gOtarxV8vEHRk6/yyuCsD - UFxGMpkIriGKEcoPdOAb4Om236P3UOFMnPxKeSgzornVquURhLxR/P9C2+CL4DTB - TAcKdDuTmBM+mJHlokKvM2YfJGpHr/81vgvuoZLm6wJTtSafE87xU+R4 + MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6M+NicV3wgACAggA + MBQGCCqGSIb3DQMHBAgTVUNlqWeA9gSCAoC7WF+N85ZdPBwcPJB184UlU2HxL/7+ + yyTlczZioYo9hUl7P3aWrexeBnb9PRjNfguK9PvaB7TSJr4lmNMs9WINS/wYwPIW + RlUzcfEDTQyevlji7GNxVKaE945FjjIstKxYZK62FTGP4eF6GZfBcQNuTgfRFiKW + CIEGVD0hhTQ0OL6MPFjT4ILWF1VwaTEOYmw74lLhsPBsLfR8tK0rLrplJvFUqBxx + lJJZ3uKOoym7lUMIRbjXRU9ip13/1BnTM44AUvp4r56rbwzK0hpHSGNoKR3Dbpwo + XH2zZzufRT2oUu6ENVNkcz8iHGdfqnjqSn0qed0bsL+qPZtVvNV0UM+AX94rVzjI + ylhNBlZQjGBHIiAy13MaLe794TER3RGWTrUFw+rMQIRZwV/feK6NnNpo8uTLlU/w + 6PXLoifQgvUW95SDPiQnVDNtD7m0W/QTOfjk2m37SgehOf6uhZZ4ohgxxkWlItbz + Np6u9+Ep4U+16BURrGkDTDnawmudiJbR/48iVa8TfiAi90z5q1H9/0ONSWHWvl0Z + 41JzdWaENVnBIAM278Q0UKoplMk4pFORTfV6NNjn0MPGSoAHktqyE77BOhpREedG + HCSq3fgbENdXB3rmL5LlGeSD4xsMoHiR2/0O7nsvD1tjHz7AfPw5A7CGtRev+FKK + VeGFsebDD3D/RwaxN8WxWYm/NhKwgnIR4bBbIFg7dWcjK4gMsky7BWioPkrYVhqo + /GKE8gjmRvQZqKsGpfLdF28Yptn3PmB+Ooyl7iKiVlM2f64vsxijoND1aG1i5BzH + dGCaHYnC3uj2jICXbzSQ8RvhJjGIlaT7jz7mas6Aurl3MKL9V6ObPH4M -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIDDAYBMA0GCSqGSIb3DQEBBQUAMIGgMQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYD VQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAw DgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTAeFw0xMzAzMTExMDMwNTdaFw0zODAxMTkwMzE0MDdaMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREw DwYDVQQKEwhGb3J0aW5ldDESMBAGA1UECxMJRm9ydGlHYXRlMRkwFwYDVQQDExBG RzMwMEMzOTEzNjAzMTQ4MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 -- Shaun Krok Tel: 050 2424 381 _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From matta at surveymonkey.com Thu Jul 23 16:27:54 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Thu, 23 Jul 2015 16:27:54 +0000 Subject: [rancid] Missing Diff Change Summary in 3.2 Message-ID: Hi, in 2.3.8, the notification emails used to have the first few lines showing devices were changed, and of lines changed. But the new 3.2 version seems to have that stripped out ? which just means that I have to go through the entire email to see if there?s some device in there that I care about. Truth be told, our load balancers are so dynamic, I usually ignore those emails when I see only those devices have changed. I?m more interested in the network infrastructure that changes. I?d love to have the code changes that print the first three lines in bold below: # old mt-lb03.corp.surveymonkey.com | 71 ++++++++++++++++++++++++++++++++++---- mt-lb04.corp.surveymonkey.com | 77 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 129 insertions(+), 19 deletions(-) Index: configs/mt-lb03.corp.surveymonkey.com =================================================================== # new Index: configs/mt-lb03.corp.surveymonkey.com =================================================================== retrieving revision 1.3 diff -u -4 -r1.3 mt-lb03.corp.surveymonkey.com Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From matta at surveymonkey.com Sun Jul 26 01:27:46 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Sun, 26 Jul 2015 01:27:46 +0000 Subject: [rancid] Missing Diff Change Summary in 3.2 In-Reply-To: References: <2B9DE30F-5EE5-48F3-92FA-8318327E150C@shrubbery.net> Message-ID: Aha, found it. It?s diffstat! It?s included in 2.3.8, but not in 3.2: if [ $MAXSZ -eq 0 ] ; then ( echo "To: $mailrcpt" echo "Subject: $subject" echo "$MAILHEADERS" | awk '{L = "";LN = $0;while (LN ~ /\\n/) { I = index(LN,"\\n");L = L substr(LN,0,I-1) "\n";LN = substr(LN,I+2,length(LN)-I-1);}print L LN;}' echo "" + if which diffstat >/dev/null; then + diffstat $TMP.diff + fi cat $TMP.diff ) | /usr/sbin/sendmail -t $MAILOPTS else I installed diffstat then added the above and seems to work like 2.3.8. :) That was driving me nuts not having that. ? Matt From: Matt Almgren > Date: Thursday, July 23, 2015 at 3:48 PM To: John Heasley > Subject: Re: [rancid] Missing Diff Change Summary in 3.2 It?s CVS, not GIT. Would you know how to fix it? :) I tried to compare the control_rancid files between the two versions to see how we?re calling CVS, but there were too many difference to find out where we call CVS. Thanks, Matt From: John Heasley > Date: Thursday, July 23, 2015 at 3:45 PM To: Matt Almgren > Subject: Re: [rancid] Missing Diff Change Summary in 3.2 Am 23.07.2015 um 18:27 schrieb Matt Almgren >: Hi, in 2.3.8, the notification emails used to have the first few lines showing devices were changed, and of lines changed. But the new 3.2 version seems to have that stripped out ? which just means that I have to go through the entire email to see if there?s some device in there that I care about. Truth be told, our load balancers are so dynamic, I usually ignore those emails when I see only those devices have changed. I?m more interested in the network infrastructure that changes. Thats not from rancid, its from git. So you changed something or git did. I?d love to have the code changes that print the first three lines in bold below: # old mt-lb03.corp.surveymonkey.com | 71 ++++++++++++++++++++++++++++++++++---- mt-lb04.corp.surveymonkey.com | 77 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 129 insertions(+), 19 deletions(-) Index: configs/mt-lb03.corp.surveymonkey.com =================================================================== # new Index: configs/mt-lb03.corp.surveymonkey.com =================================================================== retrieving revision 1.3 diff -u -4 -r1.3 mt-lb03.corp.surveymonkey.com Thanks, Matt _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From matta at surveymonkey.com Wed Jul 29 20:48:08 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Wed, 29 Jul 2015 20:48:08 +0000 Subject: [rancid] 3.2 rancid-run not working with PAN devices Message-ID: I can run ?panlogin" and I can get output from our Palo Alto Firewall, but rancid-run fails: ??? rancid at sjc-nettools02:~$ bin/panlogin -t 90 -c"show system info" sjc-fw01-sec sjc-fw01-sec spawn ssh -c 3des -x -l rancid sjc-fw01-sec * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * * __________________________________________________________________________ /This computer system is the property of SurveyMonkey and may be accessed \ Password: Last login: Wed Jul 29 20:22:49 2015 from sjc-nettools02.endor.lan Welcome rancid. rancid at sjc-fw01-sec(active)> rancid at sjc-fw01-sec(active)> rancid at sjc-fw01-sec(active)> show system info hostname: sjc-fw01-sec family: 3000 model: PA-3020 multi-vsys: off rancid at sjc-fw01-sec(active)> exit Connection to sjc-fw01-sec closed. rancid at sjc-nettools02:~$ ??? The router.db: ? sjc-fw01-sec.endor.lan;paloalto;up ? The .clogin: # PAN add method sjc-fw01-sec ssh add passprompt sjc-fw01-sec {"\[Pp]assword:"} add user sjc-fw01-sec {rancid} add password sjc-fw01-sec {REDACTED!} add noenable sjc-fw01-sec 1 But when rancid-run kicks off, I get nothing. Logs show: ===================================== Getting missed routers: round 1. sjc-fw01-sec.endor.lan: missed cmd(s): all commands sjc-fw01-sec.endor.lan: End of run not found # ===================================== Getting missed routers: round 2. sjc-fw01-sec.endor.lan: missed cmd(s): all commands sjc-fw01-sec.endor.lan: End of run not found Etc? Debugs with rancid: expect: does "rancid at sjc-fw01-sec(active)> " (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+>)"? Gate "*>"? gate=yes re=yes expect: set expect_out(0,string) "rancid at sjc-fw01-sec(active)>" expect: set expect_out(1,string) "rancid at sjc-fw01-sec(active)>" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "rancid at sjc-fw01-sec(active)>" tty_raw_noecho: was raw = 0 echo = 1 spawn id exp0 sent <\r> spawn id exp6 sent <\r\n> spawn id exp6 sent > I noticed on some forums that there was a pan rancid file, but I don?t have on in the 3.2 install. I see in some notes that it was converted to a module, so I assume it?s not needed. Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: From matta at surveymonkey.com Thu Jul 30 15:23:16 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Thu, 30 Jul 2015 15:23:16 +0000 Subject: [rancid] [p@tristero.se: Re: 3.2 rancid-run not working with PAN devices] In-Reply-To: <20150730122818.GA3442@obsd.tristero.se> References: <20150730122818.GA3442@obsd.tristero.se> Message-ID: Hi Pavel, I do have that package in the lib/rancid directory: ## ## $Id: panos.pm.in 3019 2015-01-11 05:54:59Z heas $ ## ## rancid 3.2 But I also see a package ios. I downloaded the panrancid file and put it in the bin directory, then ran rancid-run and I?m still not getting the configs: > Trying to get all of the configs. > sjc-fw01-sec.endor.lan: missed cmd(s): all commands > sjc-fw01-sec.endor.lan: End of run not found Still running this manually, it works: bin/panlogin -t 90 -c"show system info" sjc-fw01-sec Any other tips? Thank you very much. ? Matt From: Pavel Korovin

> Date: Thursday, July 30, 2015 at 5:28 AM To: Matt Almgren > Subject: [p at tristero.se: Re: [rancid] 3.2 rancid-run not working with PAN devices] On 07/29, Matt Almgren wrote: I noticed on some forums that there was a pan rancid file, but I don?t have on in the 3.2 install. I see in some notes that it was converted to a module, so I assume it?s not needed. Any ideas? Make sure you have package panos; and not package ios; in lib/rancid/panos.pm (in my case it's /usr/local/lib/rancid/panos.pm). Patch file: ftp://ftp.shrubbery.net/pub/rancid/rancid-3.2.p5.gz -- With best regards, Pavel Korovin -------------- next part -------------- An HTML attachment was scrubbed... URL: From matta at surveymonkey.com Thu Jul 30 17:55:06 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Thu, 30 Jul 2015 17:55:06 +0000 Subject: [rancid] [p@tristero.se: Re: 3.2 rancid-run not working with PAN devices] In-Reply-To: <33EF2877-770A-42A9-86CE-C0EA6CA4801D@tristero.se> References: <20150730122818.GA3442@obsd.tristero.se> <5753E561-6DA7-48C8-8255-E0A62745EB7C@tristero.se> <33EF2877-770A-42A9-86CE-C0EA6CA4801D@tristero.se> Message-ID: I?m sorry, I totally misunderstood that the first time you said it. I thought you were talking about the directory listing. I wished that fixed the issue, but that didn?t help. But I did find the problem. By looking at the process list and running the command manually: /usr/bin/expect -- /home/rancid/bin/panlogin -t 90 -c "set cli scripting-mode on;set cli pager off;show system info;show config running" sjc-fw01-sec.endor.lan The ?set cli xxx? command was failing. Seems the rancid user in the PAN was set to ?Admin read-only? and the ?set? commands were failing, causing the config dump to wait for page break. Once I changed the account type to Device Admin, it works great now!! Now I think I need to tweak TAC+ to limit what that rancid user can do in the CLI. I?m sure having the other fixes in there helped as well, but the above was probably the biggest reason why the config wasn?t getting saved. Thanks for all your help!! Adding the list back in here in case others have similar issues. ? Matt From: Pavel Korovin

> Date: Thursday, July 30, 2015 at 9:23 AM To: Matt Almgren > Subject: Re: [p at tristero.se: Re: [rancid] 3.2 rancid-run not working with PAN devices] Matt, please replace the string "package ios;" with "package panos;" and it will be fixed. On July 30, 2015 7:00:58 PM GMT+03:00, Matt Almgren > wrote: rancid at sjc-nettools02:~/lib/rancid$ head -n 20 panos.pm package ios; ## ## $Id: panos.pm.in 3019 2015-01-11 05:54:59Z heas $ ## ## rancid 3.2 ## Copyright (c) 1997-2015 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. rancid at sjc-nettools02:~/lib/rancid$ From: Pavel Korovin

> Date: Thursday, July 30, 2015 at 8:59 AM To: Matt Almgren > Subject: Re: [p at tristero.se: Re: [rancid] 3.2 rancid-run not working with PAN devices] head -n 20 panos.pm -- With best regards, Pavel Korovin -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at gmail.com Fri Jul 31 04:01:00 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Thu, 30 Jul 2015 23:01:00 -0500 Subject: [rancid] migrating servers and cvs Message-ID: Does anyone have any tips on how to migrate the CVS on FreeBSD to a new FreeBSD. Still have the old 2.3.8 instance going and would like to keep all the old configs. Eventually I will move it all to subversion or git... Thanks, Andrew Meyer -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at foobar.org Fri Jul 31 10:18:01 2015 From: nick at foobar.org (Nick Hilliard) Date: Fri, 31 Jul 2015 11:18:01 +0100 Subject: [rancid] migrating servers and cvs In-Reply-To: References: Message-ID: <55BB4B59.9010004@foobar.org> On 31/07/2015 05:01, Andrew Meyer wrote: > Does anyone have any tips on how to migrate the CVS on FreeBSD to a new > FreeBSD. Still have the old 2.3.8 instance going and would like to keep > all the old configs. cp? Nick From andrewm659 at gmail.com Fri Jul 31 13:05:10 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Fri, 31 Jul 2015 08:05:10 -0500 Subject: [rancid] migrating servers and cvs In-Reply-To: <55BB4B59.9010004@foobar.org> References: <55BB4B59.9010004@foobar.org> Message-ID: I wasn't sure if there was a cvs backup command or something... Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Fri, Jul 31, 2015 at 5:18 AM, Nick Hilliard wrote: > On 31/07/2015 05:01, Andrew Meyer wrote: > > Does anyone have any tips on how to migrate the CVS on FreeBSD to a new > > FreeBSD. Still have the old 2.3.8 instance going and would like to keep > > all the old configs. > > cp? > > Nick > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at gmail.com Fri Jul 31 13:05:42 2015 From: andrewm659 at gmail.com (Andrew Meyer) Date: Fri, 31 Jul 2015 08:05:42 -0500 Subject: [rancid] migrating servers and cvs In-Reply-To: References: <55BB4B59.9010004@foobar.org> Message-ID: i've been researching it for a about a day and figured I would ask. for other options. Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Fri, Jul 31, 2015 at 8:05 AM, Andrew Meyer wrote: > I wasn't sure if there was a cvs backup command or something... > > > Andrew Meyer > andrewm659 at gmail.com > ameyer at tsg2.com > 314-266-4837 > > On Fri, Jul 31, 2015 at 5:18 AM, Nick Hilliard wrote: > >> On 31/07/2015 05:01, Andrew Meyer wrote: >> > Does anyone have any tips on how to migrate the CVS on FreeBSD to a new >> > FreeBSD. Still have the old 2.3.8 instance going and would like to keep >> > all the old configs. >> >> cp? >> >> Nick >> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at ena.com Fri Jul 31 13:16:46 2015 From: djones at ena.com (David Jones) Date: Fri, 31 Jul 2015 13:16:46 +0000 Subject: [rancid] migrating servers and cvs In-Reply-To: References: <55BB4B59.9010004@foobar.org> , Message-ID: I recently moved to a new Rancid server using CVS and it's pretty simple. Tar up or cp the CVS repo dir and move it over. I wanted to move the previous CVS data into an "archive" directory to start fresh since some of the CVS files were getting very large and sluggish to load. It turned out to be pretty simple to zap the CVS config files (Entries and *,v) with sed to move the files into the "archive" subdir. ________________________________ From: Rancid-discuss on behalf of Andrew Meyer Sent: Friday, July 31, 2015 8:05 AM To: Nick Hilliard Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] migrating servers and cvs i've been researching it for a about a day and figured I would ask. for other options. Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Fri, Jul 31, 2015 at 8:05 AM, Andrew Meyer > wrote: I wasn't sure if there was a cvs backup command or something... Andrew Meyer andrewm659 at gmail.com ameyer at tsg2.com 314-266-4837 On Fri, Jul 31, 2015 at 5:18 AM, Nick Hilliard > wrote: On 31/07/2015 05:01, Andrew Meyer wrote: > Does anyone have any tips on how to migrate the CVS on FreeBSD to a new > FreeBSD. Still have the old 2.3.8 instance going and would like to keep > all the old configs. cp? Nick -------------- next part -------------- An HTML attachment was scrubbed... URL: From pedrosi at millercanfield.com Fri Jul 31 18:11:25 2015 From: pedrosi at millercanfield.com (Pedrosi, Derek G.) Date: Fri, 31 Jul 2015 18:11:25 +0000 Subject: [rancid] Brocade TurboIron24 Message-ID: Greetings all, I have a few of Brocade's TI24s in my environment. I would like to intergrate them into Rancid with my Cisco gear, but I have not had any luck. Can someone possibly point my in the right direction? Many thanx, derek -------------- next part -------------- An HTML attachment was scrubbed... URL: From ahennen at co.kern.ca.us Mon Jul 27 19:56:46 2015 From: ahennen at co.kern.ca.us (Alex Hennen) Date: Mon, 27 Jul 2015 12:56:46 -0700 Subject: [rancid] DRancid and Dell Powerconnect N4032 Freezing on Dlogin Message-ID: <55B62A8E020000A70000BCED@itsgate.co.kern.ca.us> Hi, I've been trying to setup the DRancid extension to back up my Dell PowerConnect N4032 switch stack. I'm using Ubuntu Server 14.04, and Rancid 2.3.8-6. I've been using it to back up Cisco Routers and switches and it has been working great. I've added the DRancid and Dlogin files to /var/lib/rancid/bin, and modified rancid-fe to include the dell vendor definition. I can't seem to get it to work through rancid-run. If I just use dlogin, I can get logged in and enabled, as long as I put a blank enable password. I can pass commands through dlogin and that works as well. If i try to use the autoenable function, it seems to login, but before it enables, it gets stuck or frozen on the command prompt. I cannot enter any commands, and if I hit enter it just goes down to a blank line (no prompt). The only way I can get out of that is to ctrl-c. The log file shows a dlogin error of TIMEOUT REACHED. Here is the log file: Trying to get all of the configs. defined(%hash) is deprecated at /usr/lib/rancid/bin/drancid line 49. (Maybe you should just omit the defined()?) opened network stream from kcfd-hq-iscsi if () at /usr/lib/rancid/bin/drancid line 272. found_end = 0, clean_run = 0 kcfd-hq-iscsi dlogin error: Error: TIMEOUT reached kcfd-hq-iscsi: missed cmd(s): show version,show vlan,show running-config kcfd-hq-iscsi: End of run not found It does that for 4 rounds. I'm using the dlogin and drancid from this site. http://it.thelibrarie.com/weblog/2014/02/rancid-and-dell-switches/comment-page-1/ I tried the one directly from http://web.rickyninja.net:81/rancid/ and I was getting even more errors. I'm I using a bad copy of the files? I'm not really familiar with github, I tried copying the files from there but just copy/pasting the text, but it said to comment "show vlan" and I couldn't figure out what it was referring to because there was a bunch of those. Any help or pointers would be appreciated, Thanks! Alex Hennen -------------- next part -------------- An HTML attachment was scrubbed... URL: