From cedric.bassaget.ml at gmail.com Tue Jul 3 08:56:55 2018 From: cedric.bassaget.ml at gmail.com (=?UTF-8?Q?BASSAGET_C=C3=A9dric?=) Date: Tue, 3 Jul 2018 10:56:55 +0200 Subject: [rancid] HP problem after upgrade to rancid 3.7 [BUG REPORT ?] Message-ID: Hello, Since I upgraded to rancid 3.7, i'm not able to rancid my old procurve switches. hlogin goes to timeout after a "no page" command : rancid at jersey:~$ PATH=$PATH:/usr/bin/local/rancid bin/hlogin -c "show version" sw-hp-hits-haut sw-hp-hits-haut spawn hpuifilter -- ssh -x -l admin sw-hp-hits-haut ... banner ... Press any key to continueHP 2510G-24 Hits (haut)# HP 2510G-24 Hits (haut)# no page HP 2510G-24 Hits (haut)# Error: TIMEOUT reached hrancid does this : rancid at jersey:~$ PATH=$PATH:/usr/local/rancid/bin/ bin/hrancid -d -t hp sw-hp-hits-haut executing hlogin -t 90 -c"show version;show flash;show system-information;show system information;show module;show stack;show tech transceivers;show config files;show config status;write term" sw-hp-hits-haut sw-hp-hits-haut clogin error: Error: TIMEOUT reached sw-hp-hits-haut clogin error: Error: TIMEOUT reached sw-hp-hits-haut: missed cmd(s): all commands sw-hp-hits-haut: End of run not found sw-hp-hits-haut: clean_run is false sw-hp-hits-haut: found_end is false ; After I change the hostname of my switch to "hp-hits-haut" it worked like a charm. So I guess there's something wrong with parenthesis. Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From nandhakumar.a0519 at gmail.com Fri Jul 13 01:13:43 2018 From: nandhakumar.a0519 at gmail.com (nandhakumar a) Date: Fri, 13 Jul 2018 09:13:43 +0800 Subject: [rancid] Router config diffs Message-ID: Hi, In every one hour log I can see that there is a router config diffs, along with that I need to remove a private key which is receiving through email also. In router config diffs email I can see that, there is nothing much it's a just a space only changed. Help me to fix the issue -------------- next part -------------- An HTML attachment was scrubbed... URL: From doug.hughes at keystonenap.com Fri Jul 13 02:19:51 2018 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Thu, 12 Jul 2018 22:19:51 -0400 Subject: [rancid] Router config diffs In-Reply-To: References: Message-ID: <47c04e31-75ac-1734-c7d5-448e521d43d3@keystonenap.com> Please provide your device type. On 7/12/2018 9:13 PM, nandhakumar a wrote: > Hi,? > > In every one hour log I can see that there is a router config diffs, > along with that I need to remove a private key which is receiving > through email also. > > In router config diffs email I can see that, there is nothing much > it's a just a space only changed. Help me to fix the issue > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From nandhakumar.a0519 at gmail.com Mon Jul 16 02:59:40 2018 From: nandhakumar.a0519 at gmail.com (nandhakumar a) Date: Mon, 16 Jul 2018 10:59:40 +0800 Subject: [rancid] Rancid-discuss Digest, Vol 93, Issue 2 In-Reply-To: References: Message-ID: I am using juniper device, do let me know exactly what you need. On Sat, Jul 14, 2018, 4:00 AM wrote: > Send Rancid-discuss mailing list submissions to > rancid-discuss at shrubbery.net > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > or, via email, send a message with subject or body 'help' to > rancid-discuss-request at shrubbery.net > > You can reach the person managing the list at > rancid-discuss-owner at shrubbery.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Rancid-discuss digest..." > > > Today's Topics: > > 1. Router config diffs (nandhakumar a) > 2. Re: Router config diffs (Doug Hughes) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 13 Jul 2018 09:13:43 +0800 > From: nandhakumar a > To: rancid-discuss at shrubbery.net > Subject: [rancid] Router config diffs > Message-ID: > m_af6CDEC+gw at mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hi, > > In every one hour log I can see that there is a router config diffs, along > with that I need to remove a private key which is receiving through email > also. > > In router config diffs email I can see that, there is nothing much it's a > just a space only changed. Help me to fix the issue > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180713/f9701eb4/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Thu, 12 Jul 2018 22:19:51 -0400 > From: Doug Hughes > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Router config diffs > Message-ID: <47c04e31-75ac-1734-c7d5-448e521d43d3 at keystonenap.com> > Content-Type: text/plain; charset="utf-8" > > Please provide your device type. > > > On 7/12/2018 9:13 PM, nandhakumar a wrote: > > Hi,? > > > > In every one hour log I can see that there is a router config diffs, > > along with that I need to remove a private key which is receiving > > through email also. > > > > In router config diffs email I can see that, there is nothing much > > it's a just a space only changed. Help me to fix the issue > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- > Doug Hughes > Keystone NAP > Fairless Hills, PA > 1.844.KEYBLOCK (539.2562) > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180712/356e593c/attachment-0001.html > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: keystone-nap.png > Type: image/png > Size: 3476 bytes > Desc: not available > URL: < > http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180712/356e593c/attachment-0001.png > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > ------------------------------ > > End of Rancid-discuss Digest, Vol 93, Issue 2 > ********************************************* > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chenyu.lee at noaa.gov Tue Jul 17 20:21:58 2018 From: chenyu.lee at noaa.gov (Chenyu Lee - NOAA Affiliate) Date: Tue, 17 Jul 2018 16:21:58 -0400 Subject: [rancid] Backup nothing: Dell Force10 MXL Switches Message-ID: rancid version: 3.7 I can run *dllogin* to the switch. $ ./dllogin spawn ssh -c aes128-ctr -x -l rancid-check rancid-check@'s password: FTOS# FTOS# But it backed up nothing for the two configurations in *router.db*. ;*force10*;up ;*dell*;up Please provide any suggestions. ?Thanks , ?Chris? -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jul 17 20:56:43 2018 From: heas at shrubbery.net (heasley) Date: Tue, 17 Jul 2018 20:56:43 +0000 Subject: [rancid] Backup nothing: Dell Force10 MXL Switches In-Reply-To: References: Message-ID: <20180717205642.GC67364@shrubbery.net> Tue, Jul 17, 2018 at 04:21:58PM -0400, Chenyu Lee - NOAA Affiliate: > rancid version: 3.7 > > I can run *dllogin* to the switch. > > $ ./dllogin > > spawn ssh -c aes128-ctr -x -l rancid-check > rancid-check@'s password: > FTOS# > FTOS# > > > But it backed up nothing for the two configurations in *router.db*. > > ;*force10*;up > ;*dell*;up > > Please provide any suggestions. force10 uses clogin, not dlllogin. see etc/rancid.types.base. plogin will choose based on the router.db files. look in the group's log files for errors. From doug.hughes at keystonenap.com Wed Jul 18 12:28:31 2018 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Wed, 18 Jul 2018 08:28:31 -0400 Subject: [rancid] Rancid-discuss Digest, Vol 93, Issue 2 In-Reply-To: References: Message-ID: <2d3e8126-8155-f667-7777-8bdef6393e8c@keystonenap.com> If you paste an example in the diff format, we can probably be of better assistance. It should be easy to filter it out. On 7/15/2018 10:59 PM, nandhakumar a wrote: > I am using juniper device, do let me know exactly what you need. > > On Sat, Jul 14, 2018, 4:00 AM > wrote: > > Send Rancid-discuss mailing list submissions to > rancid-discuss at shrubbery.net > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > or, via email, send a message with subject or body 'help' to > rancid-discuss-request at shrubbery.net > > > You can reach the person managing the list at > rancid-discuss-owner at shrubbery.net > > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Rancid-discuss digest..." > > > Today's Topics: > > ? ?1. Router config diffs (nandhakumar a) > ? ?2. Re: Router config diffs (Doug Hughes) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 13 Jul 2018 09:13:43 +0800 > From: nandhakumar a > > To: rancid-discuss at shrubbery.net > Subject: [rancid] Router config diffs > Message-ID: > ? ? ? ? > > > Content-Type: text/plain; charset="utf-8" > > Hi, > > In every one hour log I can see that there is a router config > diffs, along > with that I need to remove a private key which is receiving > through email > also. > > In router config diffs email I can see that, there is nothing much > it's a > just a space only changed. Help me to fix the issue > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > > ------------------------------ > > Message: 2 > Date: Thu, 12 Jul 2018 22:19:51 -0400 > From: Doug Hughes > > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Router config diffs > Message-ID: <47c04e31-75ac-1734-c7d5-448e521d43d3 at keystonenap.com > > > Content-Type: text/plain; charset="utf-8" > > Please provide your device type. > > > On 7/12/2018 9:13 PM, nandhakumar a wrote: > > Hi,? > > > > In every one hour log I can see that there is a router config diffs, > > along with that I need to remove a private key which is receiving > > through email also. > > > > In router config diffs email I can see that, there is nothing much > > it's a just a space only changed. Help me to fix the issue > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- > Doug Hughes > Keystone NAP > Fairless Hills, PA > 1.844.KEYBLOCK (539.2562) > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: keystone-nap.png > Type: image/png > Size: 3476 bytes > Desc: not available > URL: > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > ------------------------------ > > End of Rancid-discuss Digest, Vol 93, Issue 2 > ********************************************* > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (439.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: From chenyu.lee at noaa.gov Wed Jul 18 14:58:26 2018 From: chenyu.lee at noaa.gov (Chenyu Lee - NOAA Affiliate) Date: Wed, 18 Jul 2018 10:58:26 -0400 Subject: [rancid] Backup nothing: Dell Force10 MXL Switches In-Reply-To: <20180717205642.GC67364@shrubbery.net> References: <20180717205642.GC67364@shrubbery.net> Message-ID: I set ";dell;up" in router.db and get the below errors. Trying to get all of the configs. : End of run not found % Error: Invalid input at "^" marker. ===================================== Getting missed routers: round 1. : End of run not found % Error: Invalid input at "^" marker. ===================================== Getting missed routers: round 2. : End of run not found % Error: Invalid input at "^" marker. ===================================== Getting missed routers: round 3. : End of run not found % Error: Invalid input at "^" marker. ===================================== Getting missed routers: round 4. : End of run not found % Error: Invalid input at "^" marker. Then I try to execute the command stated in "etc/rancid.types.base", it seems the command incorrect. FTOS# FTOS#show switch ^ % Error: Invalid input at "^" marker. FTOS# Best, Chenyu Lee Princeton Office: 609-452- 5335 On Tue, Jul 17, 2018 at 4:56 PM, heasley wrote: > Tue, Jul 17, 2018 at 04:21:58PM -0400, Chenyu Lee - NOAA Affiliate: > > rancid version: 3.7 > > > > I can run *dllogin* to the switch. > > > > $ ./dllogin > > > > spawn ssh -c aes128-ctr -x -l rancid-check > > rancid-check@'s password: > > FTOS# > > FTOS# > > > > > > But it backed up nothing for the two configurations in *router.db*. > > > > ;*force10*;up > > ;*dell*;up > > > > Please provide any suggestions. > > force10 uses clogin, not dlllogin. see etc/rancid.types.base. plogin > will choose based on the router.db files. > > look in the group's log files for errors. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From RMarles at trojanuv.com Wed Jul 18 12:14:52 2018 From: RMarles at trojanuv.com (Marles, Rob) Date: Wed, 18 Jul 2018 12:14:52 +0000 Subject: [rancid] Username sent after login Message-ID: Hi All Working with an ASA version 9.8(2), am able to get the login to work, and have the ASA set to auto-enable. For some reason, the username is sent following the successful login, and I think it's messing up the script - I get the errors 'missed cmd(s)' and 'End of run not found' in the logfiles. ./cloginrc: add user add method ssh add password (note, no enable pw here) add autoenable 0 I've tried 'autoenable 1', 'autoenable 0', 'noenable 1', it continues to send the username as follows: [rancid@ bin]$ ./clogin spawn ssh -x -l THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only. @'s password: User logged in to Logins over the last 2 days: 138. Last login: 07:59:26 EDT Jul 18 2018 from Failed logins since the last login: 0. Type help or '?' for a list of available commands. # ^ ERROR: % Invalid input detected at '^' marker. # # exit Thanks in advance Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dan.w.anderson at gmail.com Wed Jul 18 16:10:45 2018 From: dan.w.anderson at gmail.com (Dan Anderson) Date: Wed, 18 Jul 2018 12:10:45 -0400 Subject: [rancid] Username sent after login In-Reply-To: References: Message-ID: Please look through the archives. This has been discussed several times in the last few months. You need to either hack clogin or disable the ?last successful login? banner on the ASA. On Wed, Jul 18, 2018 at 11:49 AM Marles, Rob wrote: > Hi All > > > > Working with an ASA version 9.8(2), am able to get the login to work, and > have the ASA set to auto-enable. > > > > For some reason, the username is sent following the successful login, and > I think it?s messing up the script ? I get the errors ?missed cmd(s)? and > ?End of run not found? in the logfiles. > > > > ./cloginrc: > > add user > > add method ssh > > add password (note, no enable pw here) > > add autoenable 0 > > > > I?ve tried ?autoenable 1?, ?autoenable 0?, ?noenable 1?, it continues to > send the username as follows: > > > > [rancid@ bin]$ ./clogin > > > > spawn ssh -x -l > > > > THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only. > > > > @'s password: > > User logged in to > > Logins over the last 2 days: 138. Last login: 07:59:26 EDT Jul 18 2018 > from > > Failed logins since the last login: 0. > > Type help or '?' for a list of available commands. > > # > > ^ > > ERROR: % Invalid input detected at '^' marker. > > # > > # exit > > > > Thanks in advance > Please be advised that this email may contain confidential information. If > you are not the intended recipient, please notify us by email by replying > to the sender and delete this message. The sender disclaims that the > content of this email constitutes an offer to enter into, or the acceptance > of, any agreement; provided that the foregoing does not invalidate the > binding effect of any digital or other electronic reproduction of a manual > signature that is included in any attachment. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From RMarles at trojanuv.com Wed Jul 18 18:18:44 2018 From: RMarles at trojanuv.com (Marles, Rob) Date: Wed, 18 Jul 2018 18:18:44 +0000 Subject: [rancid] Username sent after login In-Reply-To: References: Message-ID: Thanks Dan I was asking because I had searched and kept seeing articles that were close, but not quite the same. Your hint allowed me to find the post http://www.shrubbery.net/pipermail/rancid-discuss/2018-June/010255.html I issued a ?no aaa authentication login-history? and things appear to log in without passing the second username. Oddly, it still shows ?missed cmd(s): show running-config view full, show running-config?, ?End of run not found?. I guess it wasn?t related afterall. From: Dan Anderson [mailto:dan.w.anderson at gmail.com] Sent: Wednesday, July 18, 2018 12:11 PM To: Marles, Rob Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Username sent after login Please look through the archives. This has been discussed several times in the last few months. You need to either hack clogin or disable the ?last successful login? banner on the ASA. On Wed, Jul 18, 2018 at 11:49 AM Marles, Rob > wrote: Hi All Working with an ASA version 9.8(2), am able to get the login to work, and have the ASA set to auto-enable. For some reason, the username is sent following the successful login, and I think it?s messing up the script ? I get the errors ?missed cmd(s)? and ?End of run not found? in the logfiles. ./cloginrc: add user add method ssh add password (note, no enable pw here) add autoenable 0 I?ve tried ?autoenable 1?, ?autoenable 0?, ?noenable 1?, it continues to send the username as follows: [rancid@ bin]$ ./clogin spawn ssh -x -l THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only. @'s password: User logged in to Logins over the last 2 days: 138. Last login: 07:59:26 EDT Jul 18 2018 from Failed logins since the last login: 0. Type help or '?' for a list of available commands. # ^ ERROR: % Invalid input detected at '^' marker. # # exit Thanks in advance Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Dan Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment. -------------- next part -------------- An HTML attachment was scrubbed... URL: From c.o.hopkins at gmail.com Fri Jul 20 09:19:38 2018 From: c.o.hopkins at gmail.com (Craig Hopkins) Date: Fri, 20 Jul 2018 10:19:38 +0100 Subject: [rancid] backing up ubiquiti edgerouter Message-ID: Hi all, Does anybody know the syntax for cloginrc and router.db for edgerouters? I've tried various permutations and either: - it won't log in because there isn't an enable password - if I set autoenable to 1, it will log in but fail to back up: $ clogin -t edgerouter MYDEVICE MYDEVICE spawn ssh -x -l ubnt MYDEVICE Welcome to EdgeOS By logging in, accessing, or using the Ubiquiti product, you acknowledge that you have read and understood the Ubiquiti License Agreement (available in the Web UI at, by default, http://192.168.1.1) and agree to be bound by its terms. Linux MYDEVICE 3.10.107-UBNT #1 SMP Mon Mar 5 18:18:48 UTC 2018 mips64 Welcome to EdgeOS Last login: Tue Apr 28 05:41:57 2015 from 2a00:my:ip:went::here Error: TIMEOUT reached -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Jul 20 14:16:48 2018 From: heas at shrubbery.net (heasley) Date: Fri, 20 Jul 2018 14:16:48 +0000 Subject: [rancid] backing up ubiquiti edgerouter In-Reply-To: References: Message-ID: <20180720141647.GB98759@shrubbery.net> Fri, Jul 20, 2018 at 10:19:38AM +0100, Craig Hopkins: > Hi all, > > Does anybody know the syntax for cloginrc and router.db for edgerouters? > > I've tried various permutations and either: > - it won't log in because there isn't an enable password > - if I set autoenable to 1, it will log in but fail to back up: > > $ clogin -t edgerouter MYDEVICE ulogin > MYDEVICE > spawn ssh -x -l ubnt MYDEVICE > Welcome to EdgeOS > > By logging in, accessing, or using the Ubiquiti product, you > acknowledge that you have read and understood the Ubiquiti > License Agreement (available in the Web UI at, by default, > http://192.168.1.1) and agree to be bound by its terms. > > Linux MYDEVICE 3.10.107-UBNT #1 SMP Mon Mar 5 18:18:48 UTC 2018 mips64 > Welcome to EdgeOS > Last login: Tue Apr 28 05:41:57 2015 from 2a00:my:ip:went::here > > Error: TIMEOUT reached > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Fri Jul 20 14:31:48 2018 From: heas at shrubbery.net (heasley) Date: Fri, 20 Jul 2018 14:31:48 +0000 Subject: [rancid] Username sent after login In-Reply-To: References: Message-ID: <20180720143148.GD98759@shrubbery.net> Wed, Jul 18, 2018 at 06:18:44PM +0000, Marles, Rob: > Thanks Dan > > I was asking because I had searched and kept seeing articles that were close, but not quite the same. > > Your hint allowed me to find the post http://www.shrubbery.net/pipermail/rancid-discuss/2018-June/010255.html > > > I issued a ?no aaa authentication login-history? and things appear to log in without passing the second username. > > Oddly, it still shows ?missed cmd(s): show running-config view full, show running-config?, ?End of run not found?. I guess it wasn?t related afterall. grab the current alpha rancid tarball, that fixes this. That will become rancid 3.8 at some point today. From c.o.hopkins at gmail.com Fri Jul 20 14:22:34 2018 From: c.o.hopkins at gmail.com (Craig Hopkins) Date: Fri, 20 Jul 2018 15:22:34 +0100 Subject: [rancid] backing up ubiquiti edgerouter In-Reply-To: <20180720141647.GB98759@shrubbery.net> References: <20180720141647.GB98759@shrubbery.net> Message-ID: On Fri, 20 Jul 2018 at 15:16, heasley wrote: > Fri, Jul 20, 2018 at 10:19:38AM +0100, Craig Hopkins: > > Hi all, > > > > Does anybody know the syntax for cloginrc and router.db for edgerouters? > > > > I've tried various permutations and either: > > - it won't log in because there isn't an enable password > > - if I set autoenable to 1, it will log in but fail to back up: > > > > $ clogin -t edgerouter MYDEVICE > > ulogin > That's only part of it, though. I still need the right .cloginrc commands. If I use ulogin, then: $ ulogin MYDEVICE MYDEVICE spawn ssh -x -l ubnt MYDEVICE Welcome to EdgeOS By logging in, accessing, or using the Ubiquiti product, you acknowledge that you have read and understood the Ubiquiti License Agreement (available in the Web UI at, by default, http://192.168.1.1) and agree to be bound by its terms. Linux MYDEVICE 3.10.107-UBNT #1 SMP Fri Jun 22 14:27:52 UTC 2018 mips64 Welcome to EdgeOS Last login: Fri Jul 20 09:09:49 2018 from MY.IP.GOES.HERE ubnt ubnt at MYDEVICE:~$ ubnt -vbash: ubnt: command not found ubnt at MYDEVICE:~$ Where is that extra "ubnt" coming from? > > > MYDEVICE > > spawn ssh -x -l ubnt MYDEVICE > > Welcome to EdgeOS > > > > By logging in, accessing, or using the Ubiquiti product, you > > acknowledge that you have read and understood the Ubiquiti > > License Agreement (available in the Web UI at, by default, > > http://192.168.1.1) and agree to be bound by its terms. > > > > Linux MYDEVICE 3.10.107-UBNT #1 SMP Mon Mar 5 18:18:48 UTC 2018 mips64 > > Welcome to EdgeOS > > Last login: Tue Apr 28 05:41:57 2015 from 2a00:my:ip:went::here > > > > Error: TIMEOUT reached > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From RMarles at trojanuv.com Fri Jul 20 14:49:18 2018 From: RMarles at trojanuv.com (Marles, Rob) Date: Fri, 20 Jul 2018 14:49:18 +0000 Subject: [rancid] Username sent after login In-Reply-To: <20180720143148.GD98759@shrubbery.net> References: <20180720143148.GD98759@shrubbery.net> Message-ID: Oh cool, willdo. Thanks for the advice! -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Friday, July 20, 2018 10:32 AM To: Marles, Rob Cc: Dan Anderson ; rancid-discuss at shrubbery.net Subject: Re: [rancid] Username sent after login Wed, Jul 18, 2018 at 06:18:44PM +0000, Marles, Rob: > Thanks Dan > > I was asking because I had searched and kept seeing articles that were close, but not quite the same. > > Your hint allowed me to find the post > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.shrubbery.net_ > pipermail_rancid-2Ddiscuss_2018-2DJune_010255.html&d=DwIDaQ&c=9mghv0de > YPYDGP-W745IEdQLV1kHpn4XJRvR6xMRXtA&r=x9_zgdN80M-A0QNHMNDxOo4Peu_T3eQs > LpxHIwFskhg&m=t5uEF5fQei1yZ-_2pkUkk2EMl-F40opf3rtoMFu-zls&s=WrERGv7IrK > pJFZnKMtBBxkIkpg71fUNzOmjTEkn7U60&e= > > > I issued a ?no aaa authentication login-history? and things appear to log in without passing the second username. > > Oddly, it still shows ?missed cmd(s): show running-config view full, show running-config?, ?End of run not found?. I guess it wasn?t related afterall. grab the current alpha rancid tarball, that fixes this. That will become rancid 3.8 at some point today. Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment. From rancid at ale.cx Fri Jul 20 15:53:09 2018 From: rancid at ale.cx (Alex DEKKER) Date: Fri, 20 Jul 2018 16:53:09 +0100 Subject: [rancid] backing up ubiquiti edgerouter In-Reply-To: References: <20180720141647.GB98759@shrubbery.net> Message-ID: <67a90eaa-587b-b917-81bf-4d5fff4258a2@ale.cx> On 20/07/18 15:22, Craig Hopkins wrote: > > > That's only part of it, though. I still need the right .cloginrc > commands. If I use ulogin, then: > > $ ulogin MYDEVICE > MYDEVICE > spawn ssh -x -l ubnt MYDEVICE > Welcome to EdgeOS > > By logging in, accessing, or using the Ubiquiti product, you > acknowledge that you have read and understood the Ubiquiti > License Agreement (available in the Web UI at, by default, > http://192.168.1.1) and agree to be bound by its terms. > > Linux MYDEVICE 3.10.107-UBNT #1 SMP Fri Jun 22 14:27:52 UTC 2018 mips64 > Welcome to EdgeOS > Last login: Fri Jul 20 09:09:49 2018 from MY.IP.GOES.HERE > ubnt > ubnt at MYDEVICE:~$ ubnt > -vbash: ubnt: command not found > ubnt at MYDEVICE:~$ > > Where is that extra "ubnt" coming from? I expect the "Last login:" message is confusing ulogin and that's why it sends the username again. alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Jul 20 16:09:05 2018 From: heas at shrubbery.net (heasley) Date: Fri, 20 Jul 2018 16:09:05 +0000 Subject: [rancid] backing up ubiquiti edgerouter In-Reply-To: <20180720160813.CBD1E2864ED@sea.shrubbery.net> <67a90eaa-587b-b917-81bf-4d5fff4258a2@ale.cx> Message-ID: <20180720160905.GG98759@shrubbery.net> Fri, Jul 20, 2018 at 04:53:09PM +0100, Alex DEKKER: > On 20/07/18 15:22, Craig Hopkins wrote: > > > > > > That's only part of it, though. I still need the right .cloginrc > > commands. If I use ulogin, then: > > > > $ ulogin MYDEVICE > > MYDEVICE > > spawn ssh -x -l ubnt MYDEVICE > > Welcome to EdgeOS > > > > By logging in, accessing, or using the Ubiquiti product, you > > acknowledge that you have read and understood the Ubiquiti > > License Agreement (available in the Web UI at, by default, > > http://192.168.1.1) and agree to be bound by its terms. > > > > Linux MYDEVICE 3.10.107-UBNT #1 SMP Fri Jun 22 14:27:52 UTC 2018 mips64 > > Welcome to EdgeOS > > Last login: Fri Jul 20 09:09:49 2018 from MY.IP.GOES.HERE > > ubnt > > ubnt at MYDEVICE:~$ ubnt > > -vbash: ubnt: command not found > > ubnt at MYDEVICE:~$ > > > > Where is that extra "ubnt" coming from? > > I expect the "Last login:" message is confusing ulogin and that's why it > sends the username again. probably; thats new. this ought to address that. Index: bin/ulogin.in =================================================================== --- bin/ulogin.in (revision 3831) +++ bin/ulogin.in (working copy) @@ -170,6 +170,12 @@ -nocase -re "^warning: remote host denied authentication agent forwarding." { exp_continue; } + -nocase -re "last login:" { + exp_continue + } + -nocase -re "failed login:" { + exp_continue + } eof { send_user "\nError: Couldn't login\n"; wait; return 1 } -nocase "unknown host\r" { catch {close}; catch {wait}; From c.o.hopkins at gmail.com Tue Jul 24 08:40:03 2018 From: c.o.hopkins at gmail.com (Craig Hopkins) Date: Tue, 24 Jul 2018 09:40:03 +0100 Subject: [rancid] backing up ubiquiti edgerouter In-Reply-To: <20180720160905.GG98759@shrubbery.net> References: <20180720160813.CBD1E2864ED@sea.shrubbery.net> <67a90eaa-587b-b917-81bf-4d5fff4258a2@ale.cx> <20180720160905.GG98759@shrubbery.net> Message-ID: I'm dependent on the debian releases, but I've added the changes you've made to our running version of ulogin, and it works fine now. Thanks for your help. On Fri, 20 Jul 2018 at 17:09, heasley wrote: > Fri, Jul 20, 2018 at 04:53:09PM +0100, Alex DEKKER: > > On 20/07/18 15:22, Craig Hopkins wrote: > > > > > > > > > That's only part of it, though. I still need the right .cloginrc > > > commands. If I use ulogin, then: > > > > > > $ ulogin MYDEVICE > > > MYDEVICE > > > spawn ssh -x -l ubnt MYDEVICE > > > Welcome to EdgeOS > > > > > > By logging in, accessing, or using the Ubiquiti product, you > > > acknowledge that you have read and understood the Ubiquiti > > > License Agreement (available in the Web UI at, by default, > > > http://192.168.1.1) and agree to be bound by its terms. > > > > > > Linux MYDEVICE 3.10.107-UBNT #1 SMP Fri Jun 22 14:27:52 UTC 2018 mips64 > > > Welcome to EdgeOS > > > Last login: Fri Jul 20 09:09:49 2018 from MY.IP.GOES.HERE > > > ubnt > > > ubnt at MYDEVICE:~$ ubnt > > > -vbash: ubnt: command not found > > > ubnt at MYDEVICE:~$ > > > > > > Where is that extra "ubnt" coming from? > > > > I expect the "Last login:" message is confusing ulogin and that's why it > > sends the username again. > > probably; thats new. this ought to address that. > > Index: bin/ulogin.in > =================================================================== > --- bin/ulogin.in (revision 3831) > +++ bin/ulogin.in (working copy) > @@ -170,6 +170,12 @@ > -nocase -re "^warning: remote host denied authentication agent > forwarding." { > exp_continue; > } > + -nocase -re "last login:" { > + exp_continue > + } > + -nocase -re "failed login:" { > + exp_continue > + } > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > -nocase "unknown host\r" { > catch {close}; catch {wait}; > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From james_dit at hotmail.com Thu Jul 26 01:34:06 2018 From: james_dit at hotmail.com (james Di Trapani) Date: Thu, 26 Jul 2018 01:34:06 +0000 Subject: [rancid] xilogin, stuck on system-view Message-ID: Hi All, Using latest version of Rancid and xilogin to connect to Huawei AR169's, when trying to pass the command 'system-view' it appears that xilogin gets stuck and cannot interpret the prompt changing from '>' to ']', has anyone else experienced this? Regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From weylin at bu.edu Thu Jul 26 21:13:43 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Thu, 26 Jul 2018 21:13:43 +0000 Subject: [rancid] Cisco WLC 8540 Message-ID: <12F20041-75F8-4BD2-A51E-E8E3A99E54BE@bu.edu> Hello, Anyone know why I?m having an issue? Weylin [rancid at nsgv-prod-59 ~]$ rancid -V rancid 3.4.1 [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ rancid -d -t cisco-wlc4 cumm111-wism-aca01.bu.edu loadtype: device type cisco-wlc4 loadtype: found device type cisco-wlc4 in /usr/local/rancid/etc/rancid.types.base executing wlogin -t 90 -c"show udi;show sysinfo;show runnning-config" cumm111-wism-aca01.bu.edu PROMPT MATCH: \(cumm111-wism-aca01\) > HIT COMMAND:(cumm111-wism-aca01) >show udi In ShowUdi: (cumm111-wism-aca01) >show udi ShowUdi Data: NAME: "Chassis" , DESCR: "Cisco 8540 Wireless Controller" ShowUdi Data: PID: AIR-CT8540-K9, VID: V01, SN: FCH2117V2A3 Exiting ShowSysinfo: (cumm111-wism-aca01) >show sysinfo HIT COMMAND:(cumm111-wism-aca01) >show sysinfo In ShowSysinfo: (cumm111-wism-aca01) >show sysinfo ShowSysinfo Data: Manufacturer's Name.............................. Cisco Systems Inc. ShowSysinfo Data: Product Name..................................... Cisco Controller ShowSysinfo Data: Product Version.................................. 8.2.166.0 ShowSysinfo Data: RTOS Version..................................... 8.2.166.0 ShowSysinfo Data: Bootloader Version............................... 8.1.102.0 ShowSysinfo Data: Emergency Image Version.......................... 8.1.102.0 ShowSysinfo Data: Build Type....................................... DATA + WPS ShowSysinfo Data: System Name...................................... cumm111-wism-aca01 ShowSysinfo Data: System Location.................................. 111 Cummington St., Room B05 ShowSysinfo Data: System Contact................................... Network Operations Center ShowSysinfo Data: System ObjectID.................................. 1.3.6.1.4.1.9.1.2171 ShowSysinfo Data: Redundancy Mode.................................. SSO ShowSysinfo Data: IP Address....................................... 10.123.18.254 ShowSysinfo Data: IPv6 Address..................................... :: ShowSysinfo Data: System Timezone Location......................... ShowSysinfo Data: System Stats Realtime Interval................... 5 ShowSysinfo Data: System Stats Normal Interval..................... 180 ShowSysinfo Data: Error: TIMEOUT reached Exiting ShowSysinfo: cumm111-wism-aca01.bu.edu: missed cmd(s): show runnning-config cumm111-wism-aca01.bu.edu: missed cmd(s): show runnning-config cumm111-wism-aca01.bu.edu: End of run not found cumm111-wism-aca01.bu.edu: End of run not found !WLC Show Sysinfo End [rancid at nsgv-prod-59 ~]$ -------------- next part -------------- An HTML attachment was scrubbed... URL: From weylin at bu.edu Thu Jul 26 21:17:27 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Thu, 26 Jul 2018 21:17:27 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> References: <20180122151528.F162D8FD22@sea.shrubbery.net> <8EA84DFC-11E4-4CB5-8C86-AC064F6BD0BF@bu.edu> <20180122151650.GE5283@shrubbery.net> <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> Message-ID: <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> Hi Heasley, I was finally able to try this out. Actually - more specifically, I tried the same command on this WISM2 that I tried a moment ago on the WLC 8540, and got 100% identical results. I don?t think this issue is in catching the logout, though if you want me to I can try your patch below. Weylin ?On 1/22/18, 1:01 PM, "Piegorsch, Weylin William" wrote: Thanks for the patch. I can?t test today, but I'll try it out tomorrow or Wednesday. If it doesn?t work, I'll also try with -d and NOPIPE=yes... forgot about that until now. weylin -----Original Message----- From: heasley Date: Monday, January 22, 2018 at 10:17 To: Weylin Piegorsch Cc: Daniel Schmidt , "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup Sun, Jan 21, 2018 at 05:43:23AM +0000, Piegorsch, Weylin William: > I?m running rancid v3.4.1. I have a number of Cisco WISM2 controller running 8.2.166.0. rancid is not able to acquire any of their configs. I?ve tried various types in router.db: cisco-wlc4, cisco-wlc5, and cisco, none of them work. The logs, copied below, show the results of cisco-wlc5 (all controllers were identical, I?ve trimmed down to just one). What could be causing this? Why would the results vary across the five rounds? And, which type should I be using? > > weylin does the patch below fix it? the patch is against HEAD, so there may be some fuzz. > [rancid at nsgv-prod-59 logs]$ cat wireless.20180119.142501 > starting: Fri Jan 19 14:25:01 EST 2018 > > > > Trying to get all of the configs. > controller: missed cmd(s): show run-config commands > controller: End of run not found > !WLC Show Sysinfo End > ===================================== > Getting missed routers: round 1. > controller: missed cmd(s): all commands > controller wlogin error: Error: Connection closed (ssh): controller > controller: End of run not found > ===================================== > Getting missed routers: round 2. > controller: missed cmd(s): show run-config commands > controller: End of run not found > ===================================== > Getting missed routers: round 3. > controller: missed cmd(s): all commands > controller wlogin error: Error: TIMEOUT reached > controller: End of run not found > ! > ===================================== > Getting missed routers: round 4. > controller: missed cmd(s): show run-config commands > controller: End of run not found > !WLC Show Sysinfo End > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs commit: Examining . > cvs commit: Examining configs > > ending: Fri Jan 19 14:39:59 EST 2018 > [rancid at nsgv-prod-59 logs]$ Index: lib/ciscowlc.pm.in =================================================================== --- lib/ciscowlc.pm.in (revision 3739) +++ lib/ciscowlc.pm.in (revision 3740) @@ -42,7 +42,7 @@ TOP: while(<$INPUT>) { tr/\015//d; - if (/^.*logout(Connection.*closed.)?$/) { + if (/^.*logout(\s*Connection.*closed.)?$/) { $clean_run = 1; last; } Index: CHANGES =================================================================== --- CHANGES (revision 3739) +++ CHANGES (revision 3740) @@ -1,4 +1,6 @@ 3.99.99 + ciscowlc.pm: handle variant of logout bug + fnrancid: update md5-keys filter for Fortigate 5.4.6 sros.pm: move show chassis power-supply o/p - Greg Hankins From weylin at bu.edu Thu Jul 26 21:20:42 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Thu, 26 Jul 2018 21:20:42 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> References: <20180122151528.F162D8FD22@sea.shrubbery.net> <8EA84DFC-11E4-4CB5-8C86-AC064F6BD0BF@bu.edu> <20180122151650.GE5283@shrubbery.net> <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> Message-ID: I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. weylin ?On 7/26/18, 5:17 PM, "Piegorsch, Weylin William" wrote: Hi Heasley, I was finally able to try this out. Actually - more specifically, I tried the same command on this WISM2 that I tried a moment ago on the WLC 8540, and got 100% identical results. I don?t think this issue is in catching the logout, though if you want me to I can try your patch below. Weylin On 1/22/18, 1:01 PM, "Piegorsch, Weylin William" wrote: Thanks for the patch. I can?t test today, but I'll try it out tomorrow or Wednesday. If it doesn?t work, I'll also try with -d and NOPIPE=yes... forgot about that until now. weylin -----Original Message----- From: heasley Date: Monday, January 22, 2018 at 10:17 To: Weylin Piegorsch Cc: Daniel Schmidt , "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup Sun, Jan 21, 2018 at 05:43:23AM +0000, Piegorsch, Weylin William: > I?m running rancid v3.4.1. I have a number of Cisco WISM2 controller running 8.2.166.0. rancid is not able to acquire any of their configs. I?ve tried various types in router.db: cisco-wlc4, cisco-wlc5, and cisco, none of them work. The logs, copied below, show the results of cisco-wlc5 (all controllers were identical, I?ve trimmed down to just one). What could be causing this? Why would the results vary across the five rounds? And, which type should I be using? > > weylin does the patch below fix it? the patch is against HEAD, so there may be some fuzz. > [rancid at nsgv-prod-59 logs]$ cat wireless.20180119.142501 > starting: Fri Jan 19 14:25:01 EST 2018 > > > > Trying to get all of the configs. > controller: missed cmd(s): show run-config commands > controller: End of run not found > !WLC Show Sysinfo End > ===================================== > Getting missed routers: round 1. > controller: missed cmd(s): all commands > controller wlogin error: Error: Connection closed (ssh): controller > controller: End of run not found > ===================================== > Getting missed routers: round 2. > controller: missed cmd(s): show run-config commands > controller: End of run not found > ===================================== > Getting missed routers: round 3. > controller: missed cmd(s): all commands > controller wlogin error: Error: TIMEOUT reached > controller: End of run not found > ! > ===================================== > Getting missed routers: round 4. > controller: missed cmd(s): show run-config commands > controller: End of run not found > !WLC Show Sysinfo End > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs commit: Examining . > cvs commit: Examining configs > > ending: Fri Jan 19 14:39:59 EST 2018 > [rancid at nsgv-prod-59 logs]$ Index: lib/ciscowlc.pm.in =================================================================== --- lib/ciscowlc.pm.in (revision 3739) +++ lib/ciscowlc.pm.in (revision 3740) @@ -42,7 +42,7 @@ TOP: while(<$INPUT>) { tr/\015//d; - if (/^.*logout(Connection.*closed.)?$/) { + if (/^.*logout(\s*Connection.*closed.)?$/) { $clean_run = 1; last; } Index: CHANGES =================================================================== --- CHANGES (revision 3739) +++ CHANGES (revision 3740) @@ -1,4 +1,6 @@ 3.99.99 + ciscowlc.pm: handle variant of logout bug + fnrancid: update md5-keys filter for Fortigate 5.4.6 sros.pm: move show chassis power-supply o/p - Greg Hankins From heas at shrubbery.net Thu Jul 26 22:43:16 2018 From: heas at shrubbery.net (heasley) Date: Thu, 26 Jul 2018 22:43:16 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: References: <20180122151528.F162D8FD22@sea.shrubbery.net> <8EA84DFC-11E4-4CB5-8C86-AC064F6BD0BF@bu.edu> <20180122151650.GE5283@shrubbery.net> <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> Message-ID: <20180726224316.GA25468@shrubbery.net> Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William: > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. > > weylin i dont see the problem in what you've provided; you'll have to share more output with me. eval `rancid -t cisco-wlc8 -C hostname` &> output From weylin at bu.edu Thu Jul 26 21:25:54 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Thu, 26 Jul 2018 21:25:54 +0000 Subject: [rancid] is there scripts for 3com router In-Reply-To: <20171227190216.GE45403@shrubbery.net> References: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> <20171030083223.GB82867@shrubbery.net> <993D67D2-9540-434F-A7F2-C66ECF6A3302@bu.edu> <20171227190216.GE45403@shrubbery.net> Message-ID: Hello, I tried the SMC script and, well... Weylin [rancid at nsgv-prod-59 ~]$ NOPIPE=yes rancid -d -t smc babc273-1032es02.bu.edu loadtype: device type smc loadtype: found device type smc in /usr/local/rancid/etc/rancid.types.base executing hlogin -t 90 -c"" babc273-1032es02.bu.edu inloop is not configured for device type smc at /usr/local/rancid/bin/rancid line 126. [rancid at nsgv-prod-59 ~]$ -----Original Message----- From: heasley Sent: Wednesday, December 27, 2017 2:02 PM To: Piegorsch, Weylin William Cc: heasley ; Adrian Dimitrov ; rancid-discuss at shrubbery.net Subject: Re: [rancid] is there scripts for 3com router Tue, Dec 26, 2017 at 04:39:09AM +0000, Piegorsch, Weylin William: > Would a script from v1 work in v3? That?s what we upgraded from; the old server was circa 2002 or so. it should, if the login script hasn't changed in an incompatible way with the device. to use a v1 or v2 script in v3, the device type must be added to your rancid.types.conf; see an existing v2 entry in rancid.types.base, such as smc. > Anyway, thanks for the SMC info; I?ll check that out. Our 3COMs are so old I doubt it (the oldest we have running were installed around 1990 I think, with further installations until sometime 1999 - 2002). But, it can?t hurt to check, maybe we can restore rancid?s service to some of them at least. > > weylin > > -----Original Message----- > From: heasley > Date: Monday, October 30, 2017 at 04:32 > To: Weylin Piegorsch > Cc: Adrian Dimitrov , > "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] is there scripts for 3com router > > Thu, Oct 26, 2017 at 08:13:10PM +0000, Piegorsch, Weylin William: > > There are no 3com scripts. My predecessor had configured an SNMP thing, but that stopped working when we upgraded to rancid v3. If you find one, let me know because I would love to use it. > > theres no reason that i can think of that a script from v2 would not work in > v3. > > anyway, some SMC swtiches were marketed under a 3com name, so the smc device > type may support it. > > > From: Adrian Dimitrov > > Date: Thursday, October 26, 2017 at 06:57 > > To: "rancid-discuss at shrubbery.net" > > Subject: [rancid] is there scripts for 3com router > > > > Hello team , > > > > Hope all of you guys are doing well. I have my rancid set up working perfectly fine for a long time now. I am backing up a lot of different devices successfully, but now I have to back up ?3COM? router and I can?t find scripts for this type of device. > > Is there someone who can help with this? > > > > Best Regards, > > Adrian Dimitrov > > System Administrator > > [Fellows-Mark-RGB_Sign] > > Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > From weylin at bu.edu Fri Jul 27 12:08:37 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Fri, 27 Jul 2018 12:08:37 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> References: <20180122151528.F162D8FD22@sea.shrubbery.net> <8EA84DFC-11E4-4CB5-8C86-AC064F6BD0BF@bu.edu> <20180122151650.GE5283@shrubbery.net> <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> <20180726224316.GA25468@shrubbery.net> <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> Message-ID: <0864E58E-95EA-4F33-AF85-19FE53E06A9C@bu.edu> I did some experimenting, issuing the "config paging disable" CLI command on initial login seems to eliminate the paging issue, similar to the ASA "terminal pager 0" or the IOS "terminal length 0". weylin ?On 7/27/18, 8:01 AM, "Piegorsch, Weylin William" wrote: When I login as myself and run the "show sysinfo" command, I get the below output. I notice that rancid (wlogin) gets stuck on the prompt at the end there. When expect sees the prompt, a would be the appropriate response. I'm not sure how to disable paging, unfortunately. Weylin (cumm111-wism-aca05) >show sysinfo Manufacturer's Name.............................. Cisco Systems Inc. Product Name..................................... Cisco Controller Product Version.................................. 8.2.166.0 Bootloader Version............................... 1.0.20 Field Recovery Image Version..................... 7.6.101.1 Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2 Build Type....................................... DATA + WPS System Name...................................... cumm111-wism-aca05 System Location.................................. 111 Cummington St., Room B05 System Contact................................... Network Operations Center System ObjectID.................................. 1.3.6.1.4.1.9.1.1293 Redundancy Mode.................................. SSO IP Address....................................... 10.123.18.234 IPv6 Address..................................... :: Last Reset....................................... Software reset System Up Time................................... 97 days 17 hrs 26 mins 34 secs System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada) System Stats Realtime Interval................... 5 System Stats Normal Interval..................... 180 --More-- or (q)uit On 7/26/18, 6:43 PM, "heasley" wrote: Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William: > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. > > weylin i dont see the problem in what you've provided; you'll have to share more output with me. eval `rancid -t cisco-wlc8 -C hostname` &> output From weylin at bu.edu Fri Jul 27 12:02:01 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Fri, 27 Jul 2018 12:02:01 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: <20180726224316.GA25468@shrubbery.net> References: <20180122151528.F162D8FD22@sea.shrubbery.net> <8EA84DFC-11E4-4CB5-8C86-AC064F6BD0BF@bu.edu> <20180122151650.GE5283@shrubbery.net> <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> <20180726224316.GA25468@shrubbery.net> Message-ID: <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> When I login as myself and run the "show sysinfo" command, I get the below output. I notice that rancid (wlogin) gets stuck on the prompt at the end there. When expect sees the prompt, a would be the appropriate response. I'm not sure how to disable paging, unfortunately. Weylin (cumm111-wism-aca05) >show sysinfo Manufacturer's Name.............................. Cisco Systems Inc. Product Name..................................... Cisco Controller Product Version.................................. 8.2.166.0 Bootloader Version............................... 1.0.20 Field Recovery Image Version..................... 7.6.101.1 Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2 Build Type....................................... DATA + WPS System Name...................................... cumm111-wism-aca05 System Location.................................. 111 Cummington St., Room B05 System Contact................................... Network Operations Center System ObjectID.................................. 1.3.6.1.4.1.9.1.1293 Redundancy Mode.................................. SSO IP Address....................................... 10.123.18.234 IPv6 Address..................................... :: Last Reset....................................... Software reset System Up Time................................... 97 days 17 hrs 26 mins 34 secs System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada) System Stats Realtime Interval................... 5 System Stats Normal Interval..................... 180 --More-- or (q)uit ?On 7/26/18, 6:43 PM, "heasley" wrote: Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William: > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. > > weylin i dont see the problem in what you've provided; you'll have to share more output with me. eval `rancid -t cisco-wlc8 -C hostname` &> output From me at falz.net Fri Jul 27 13:18:08 2018 From: me at falz.net (Chris Wopat) Date: Fri, 27 Jul 2018 08:18:08 -0500 Subject: [rancid] Juniper CLI prompts out of sync causing frequent changes Message-ID: Hi folks, Last year I commented on an issue we're seeing across many Juniper devices. I neglected to follow up on Heasley's response then but are seeing it a lot more frequently now, perhaps related to some OS upgrades or something else. Thread was here: http://www.shrubbery.net/pipermail/rancid-discuss/2017-October/009916.html http://www.shrubbery.net/pipermail/rancid-discuss/2017-October/009922.html Looking at the last week or so of these we've had, they're on devices running 14.1X53-D4*, which is primaraily QFX5100 but also a few EX4200. Here's output from a single diff, its like this on various commands nearly every run: Index: configs/r-kettlemoraine-hub =================================================================== retrieving revision 1.144 diff -u -4 -r1.144 r-kettlemoraine-hub @@ -1,7 +1,8 @@ #RANCID-CONTENT-TYPE: juniper # # r-kettlemoraine-hub> show chassis clocks + # show chassis environment # r-kettlemoraine-hub> show chassis environment # Class Item Status # Power FPC 0 Power Supply 0 OK # FPC 0 Power Supply 1 OK Index: configs/r-lacrossecity-hub =================================================================== retrieving revision 1.108 diff -u -4 -r1.108 r-lacrossecity-hub @@ -15,9 +15,8 @@ # FPC 0 Fan 2 OK # FPC 0 Fan 3 OK # # r-lacrossecity-hub> show chassis firmware - # show chassis fpc detail # Part Type Version # FPC 0 uboot U-Boot 1.1.6 (Jun 5 2012 - 02:24:53) 1.0.0 # loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4 # Index: configs/r-platteville-hub =================================================================== retrieving revision 1.274 diff -u -4 -r1.274 r-platteville-hub @@ -1,7 +1,8 @@ #RANCID-CONTENT-TYPE: juniper # # r-platteville-hub> show chassis clocks + # show chassis environment # r-platteville-hub> show chassis environment # Class Item Status # Power FPC 0 Power Supply 0 OK # FPC 0 Power Supply 1 OK Heasley, you chimed in saying the prompt may be out of sync. While I don't quite know what that means, you suggested sending output of: eval `rancid -Ct juniper device` Here that is, finally: jlogin -t 120 -c 'show chassis clocks;show chassis environment;show chassis firmware;show chassis fpc detail;show chassis hardware detail;show chassis hardware models;show chassis routing-engine;show chassis scb;show chassis sfm detail;show chassis ssb;show chassis feb detail;show chassis feb;show chassis cfeb;show chassis alarms;show system license;show system boot-messages;show system core-dumps;show version detail;show version invoke-on other-routing-engine;show configuration;file checksum md5 /var/db/scripts/*/*;file list recursive /var/db/scripts/' r-platteville-hub You may notice some additions at the end which help us track some slax scripts: file checksum md5 /var/db/scripts/*/*;file list recursive /var/db/scripts/' we've had those in place for quite some time (before this) so I'm unsure if those are related. Cheers, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From me at falz.net Fri Jul 27 13:02:28 2018 From: me at falz.net (Chris Wopat) Date: Fri, 27 Jul 2018 08:02:28 -0500 Subject: [rancid] Fortigate additional tweaks and device filters Message-ID: Hi Heasley and folks, Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to filter out some additional chattiness, see: http://www.shrubbery.net/pipermail/rancid-discuss/2017-September/009871.html http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html A few people chimed in seeming to be OK with the propsed changes, which are to filter these things: next if (/^\s*IPS-ETDB: .*/); next if (/^\s*APP-DB: .*/); next if (/^\s*IPS Malicious URL Database: .*/); next if (/^\s*Botnet DB: .*/); Mentioning this as 3.8 came out and i didn't notice any of these included. We have an additional fortigate tweak we make every time we update too, which to change from 'show full-configuration' to just 'show' in @commandtable. 'full-configuration' shows default config, just like the cisco 'full' command. It's really not necessary IMO. Cheers, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Jul 27 15:15:57 2018 From: heas at shrubbery.net (heasley) Date: Fri, 27 Jul 2018 15:15:57 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: <0864E58E-95EA-4F33-AF85-19FE53E06A9C@bu.edu> References: <20180122151528.F162D8FD22@sea.shrubbery.net> <8EA84DFC-11E4-4CB5-8C86-AC064F6BD0BF@bu.edu> <20180122151650.GE5283@shrubbery.net> <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> <20180726224316.GA25468@shrubbery.net> <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> <0864E58E-95EA-4F33-AF85-19FE53E06A9C@bu.edu> Message-ID: <20180727151557.GA39011@shrubbery.net> Fri, Jul 27, 2018 at 12:08:37PM +0000, Piegorsch, Weylin William: > I did some experimenting, issuing the "config paging disable" CLI command on initial login seems to eliminate the paging issue, similar to the ASA "terminal pager 0" or the IOS "terminal length 0". > weylin wlogin should have sent this command at the beginning. please look at the beginning of the transcript with the device. > ?On 7/27/18, 8:01 AM, "Piegorsch, Weylin William" wrote: > > When I login as myself and run the "show sysinfo" command, I get the below output. I notice that rancid (wlogin) gets stuck on the prompt at the end there. When expect sees the prompt, a would be the appropriate response. I'm not sure how to disable paging, unfortunately. > > Weylin > > (cumm111-wism-aca05) >show sysinfo > > Manufacturer's Name.............................. Cisco Systems Inc. > Product Name..................................... Cisco Controller > Product Version.................................. 8.2.166.0 > Bootloader Version............................... 1.0.20 > Field Recovery Image Version..................... 7.6.101.1 > Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2 > Build Type....................................... DATA + WPS > > System Name...................................... cumm111-wism-aca05 > System Location.................................. 111 Cummington St., Room B05 > System Contact................................... Network Operations Center > System ObjectID.................................. 1.3.6.1.4.1.9.1.1293 > Redundancy Mode.................................. SSO > IP Address....................................... 10.123.18.234 > IPv6 Address..................................... :: > Last Reset....................................... Software reset > System Up Time................................... 97 days 17 hrs 26 mins 34 secs > System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada) > System Stats Realtime Interval................... 5 > System Stats Normal Interval..................... 180 > > > --More-- or (q)uit > > > > > > On 7/26/18, 6:43 PM, "heasley" wrote: > > Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William: > > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. > > > > weylin > > i dont see the problem in what you've provided; you'll have to share more > output with me. > > eval `rancid -t cisco-wlc8 -C hostname` &> output > > > > From heas at shrubbery.net Fri Jul 27 15:56:14 2018 From: heas at shrubbery.net (heasley) Date: Fri, 27 Jul 2018 15:56:14 +0000 Subject: [rancid] is there scripts for 3com router In-Reply-To: References: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> <20171030083223.GB82867@shrubbery.net> <993D67D2-9540-434F-A7F2-C66ECF6A3302@bu.edu> <20171227190216.GE45403@shrubbery.net> Message-ID: <20180727155613.GB39011@shrubbery.net> Thu, Jul 26, 2018 at 09:25:54PM +0000, Piegorsch, Weylin William: > Hello, > > I tried the SMC script and, well... > > Weylin > > > [rancid at nsgv-prod-59 ~]$ NOPIPE=yes rancid -d -t smc babc273-1032es02.bu.edu > loadtype: device type smc > loadtype: found device type smc in /usr/local/rancid/etc/rancid.types.base > executing hlogin -t 90 -c"" babc273-1032es02.bu.edu > inloop is not configured for device type smc at /usr/local/rancid/bin/rancid line 126. have you altered the smc definition? It should be as follows: smc;script;srancid smc;login;hlogin and that works properly. you would add a definition similar this to etc/rancid.type.conf for your own v2-like (or v3) script. see the manpage. > [rancid at nsgv-prod-59 ~]$ > > > -----Original Message----- > From: heasley > Sent: Wednesday, December 27, 2017 2:02 PM > To: Piegorsch, Weylin William > Cc: heasley ; Adrian Dimitrov ; rancid-discuss at shrubbery.net > Subject: Re: [rancid] is there scripts for 3com router > > Tue, Dec 26, 2017 at 04:39:09AM +0000, Piegorsch, Weylin William: > > Would a script from v1 work in v3? That?s what we upgraded from; the old server was circa 2002 or so. > > it should, if the login script hasn't changed in an incompatible way with the device. to use a v1 or v2 script in v3, the device type must be added to your rancid.types.conf; see an existing v2 entry in rancid.types.base, such as smc. > > > Anyway, thanks for the SMC info; I?ll check that out. Our 3COMs are so old I doubt it (the oldest we have running were installed around 1990 I think, with further installations until sometime 1999 - 2002). But, it can?t hurt to check, maybe we can restore rancid?s service to some of them at least. > > > > weylin > > > > -----Original Message----- > > From: heasley > > Date: Monday, October 30, 2017 at 04:32 > > To: Weylin Piegorsch > > Cc: Adrian Dimitrov , > > "rancid-discuss at shrubbery.net" > > Subject: Re: [rancid] is there scripts for 3com router > > > > Thu, Oct 26, 2017 at 08:13:10PM +0000, Piegorsch, Weylin William: > > > There are no 3com scripts. My predecessor had configured an SNMP thing, but that stopped working when we upgraded to rancid v3. If you find one, let me know because I would love to use it. > > > > theres no reason that i can think of that a script from v2 would not work in > > v3. > > > > anyway, some SMC swtiches were marketed under a 3com name, so the smc device > > type may support it. > > > > > From: Adrian Dimitrov > > > Date: Thursday, October 26, 2017 at 06:57 > > > To: "rancid-discuss at shrubbery.net" > > > Subject: [rancid] is there scripts for 3com router > > > > > > Hello team , > > > > > > Hope all of you guys are doing well. I have my rancid set up working perfectly fine for a long time now. I am backing up a lot of different devices successfully, but now I have to back up ?3COM? router and I can?t find scripts for this type of device. > > > Is there someone who can help with this? > > > > > > Best Regards, > > > Adrian Dimitrov > > > System Administrator > > > [Fellows-Mark-RGB_Sign] > > > Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; > > > > > > > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > From heas at shrubbery.net Fri Jul 27 16:01:14 2018 From: heas at shrubbery.net (heasley) Date: Fri, 27 Jul 2018 16:01:14 +0000 Subject: [rancid] xilogin, stuck on system-view In-Reply-To: References: Message-ID: <20180727160114.GC39011@shrubbery.net> Thu, Jul 26, 2018 at 01:34:06AM +0000, james Di Trapani: > Hi All, > > > Using latest version of Rancid and xilogin to connect to Huawei AR169's, when trying to pass the command 'system-view' it appears that xilogin gets stuck and cannot interpret the prompt changing from '>' to ']', has anyone else experienced this? > is this a device that runs VRP? it was developed against VRP v5.170, which does not change the prompt as you describe; or at least not that I discovered. if it is not VRP, I likely can not help. if it does, I need a full transcript. eval `rancid -t vrp -C hostname` &> output From heas at shrubbery.net Fri Jul 27 17:00:37 2018 From: heas at shrubbery.net (heasley) Date: Fri, 27 Jul 2018 17:00:37 +0000 Subject: [rancid] Juniper CLI prompts out of sync causing frequent changes In-Reply-To: References: Message-ID: <20180727170036.GD39011@shrubbery.net> Fri, Jul 27, 2018 at 08:18:08AM -0500, Chris Wopat: > Hi folks, > > Last year I commented on an issue we're seeing across many Juniper devices. > I neglected to follow up on Heasley's response then but are seeing it a lot > more frequently now, perhaps related to some OS upgrades or something else. > > > Thread was here: > > http://www.shrubbery.net/pipermail/rancid-discuss/2017-October/009916.html > http://www.shrubbery.net/pipermail/rancid-discuss/2017-October/009922.html > > Looking at the last week or so of these we've had, they're on devices > running 14.1X53-D4*, which is primaraily QFX5100 but also a few EX4200. > > Here's output from a single diff, its like this on various commands nearly > every run: > > > > Index: configs/r-kettlemoraine-hub > =================================================================== > retrieving revision 1.144 > diff -u -4 -r1.144 r-kettlemoraine-hub > @@ -1,7 +1,8 @@ > #RANCID-CONTENT-TYPE: juniper > # > # r-kettlemoraine-hub> show chassis clocks > + # show chassis environment > # r-kettlemoraine-hub> show chassis environment > # Class Item Status > # Power FPC 0 Power Supply 0 OK > # FPC 0 Power Supply 1 OK > Index: configs/r-lacrossecity-hub > =================================================================== > retrieving revision 1.108 > diff -u -4 -r1.108 r-lacrossecity-hub > @@ -15,9 +15,8 @@ > # FPC 0 Fan 2 OK > # FPC 0 Fan 3 OK > # > # r-lacrossecity-hub> show chassis firmware > - # show chassis fpc detail > # Part Type Version > # FPC 0 uboot U-Boot 1.1.6 (Jun 5 2012 - > 02:24:53) 1.0.0 > # loader FreeBSD/PowerPC U-Boot bootstrap > loader 2.4 > # > Index: configs/r-platteville-hub > =================================================================== > retrieving revision 1.274 > diff -u -4 -r1.274 r-platteville-hub > @@ -1,7 +1,8 @@ > #RANCID-CONTENT-TYPE: juniper > # > # r-platteville-hub> show chassis clocks > + # show chassis environment > # r-platteville-hub> show chassis environment > # Class Item Status > # Power FPC 0 Power Supply 0 OK > # FPC 0 Power Supply 1 OK > > Heasley, you chimed in saying the prompt may be out of sync. While I don't > quite know what that means, you suggested sending output of: > > eval `rancid -Ct juniper device` > > Here that is, finally: > > jlogin -t 120 -c 'show chassis clocks;show chassis environment;show chassis > firmware;show chassis fpc detail;show chassis hardware detail;show chassis > hardware models;show chassis routing-engine;show chassis scb;show chassis > sfm detail;show chassis ssb;show chassis feb detail;show chassis feb;show > chassis cfeb;show chassis alarms;show system license;show system > boot-messages;show system core-dumps;show version detail;show version > invoke-on other-routing-engine;show configuration;file checksum md5 > /var/db/scripts/*/*;file list recursive /var/db/scripts/' r-platteville-hub > > You may notice some additions at the end which help us track some slax > scripts: > > file checksum md5 /var/db/scripts/*/*;file list recursive /var/db/scripts/' > > we've had those in place for quite some time (before this) so I'm unsure if > those are related. not likely. I presume you have a banner with something that looks like a prompt; like https://www.juniper.net/documentation/software/junos/junos93/swconfig-system-basics/configuring-a-system-login-message.html. if not, you'll have to share output with me. eval `rancid -t juniper -C hostname` &> output From me at falz.net Fri Jul 27 17:58:14 2018 From: me at falz.net (Chris Wopat) Date: Fri, 27 Jul 2018 12:58:14 -0500 Subject: [rancid] Juniper CLI prompts out of sync causing frequent changes In-Reply-To: <20180727170036.GD39011@shrubbery.net> References: <20180727170036.GD39011@shrubbery.net> Message-ID: We actually do not have a banner, but your mention of that reminds me that indeed, when doing some updates recently we enabled login-tip ( https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/login-tip-edit-system.html/) which is almost certainly putting something random in a banner-ish area upon each login. Here are 3 random examples from the same device: ======================================================== Password: --- JUNOS 14.1X53-D47.3 built 2018-05-10 21:38:01 UTC JUNOS tip: Use the 'no-more' CLI pipe to disable the CLI's more capability and let the multiple pages of output scroll without stopping. --- JUNOS 14.1X53-D47.3 built 2018-05-10 21:38:01 UTC JUNOS tip: Use ESC-/ in the CLI to expand strings into matching words from the command line history. Password: --- JUNOS 14.1X53-D47.3 built 2018-05-10 21:38:01 UTC JUNOS tip: Use the TAB key to autocomplete interface names in operational mode. ======================================================== Since they liberally use dashes, single quotes, forward slashes and so on- this seems to be the likely culprit? Would it be possible to filter out anything between "JUNOS tip" and the first valid prompt so we have a chance of leaving them enabled? --Chris On Fri, Jul 27, 2018 at 12:00 PM, heasley wrote: > Fri, Jul 27, 2018 at 08:18:08AM -0500, Chris Wopat: > > Hi folks, > > > > Last year I commented on an issue we're seeing across many Juniper > devices. > > I neglected to follow up on Heasley's response then but are seeing it a > lot > > more frequently now, perhaps related to some OS upgrades or something > else. > > > > > > Thread was here: > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2017- > October/009916.html > > http://www.shrubbery.net/pipermail/rancid-discuss/2017- > October/009922.html > > > > Looking at the last week or so of these we've had, they're on devices > > running 14.1X53-D4*, which is primaraily QFX5100 but also a few EX4200. > > > > Here's output from a single diff, its like this on various commands > nearly > > every run: > > > > > > > > Index: configs/r-kettlemoraine-hub > > =================================================================== > > retrieving revision 1.144 > > diff -u -4 -r1.144 r-kettlemoraine-hub > > @@ -1,7 +1,8 @@ > > #RANCID-CONTENT-TYPE: juniper > > # > > # r-kettlemoraine-hub> show chassis clocks > > + # show chassis environment > > # r-kettlemoraine-hub> show chassis environment > > # Class Item Status > > # Power FPC 0 Power Supply 0 OK > > # FPC 0 Power Supply 1 OK > > Index: configs/r-lacrossecity-hub > > =================================================================== > > retrieving revision 1.108 > > diff -u -4 -r1.108 r-lacrossecity-hub > > @@ -15,9 +15,8 @@ > > # FPC 0 Fan 2 OK > > # FPC 0 Fan 3 OK > > # > > # r-lacrossecity-hub> show chassis firmware > > - # show chassis fpc detail > > # Part Type Version > > # FPC 0 uboot U-Boot 1.1.6 (Jun 5 2012 - > > 02:24:53) 1.0.0 > > # loader FreeBSD/PowerPC U-Boot bootstrap > > loader 2.4 > > # > > Index: configs/r-platteville-hub > > =================================================================== > > retrieving revision 1.274 > > diff -u -4 -r1.274 r-platteville-hub > > @@ -1,7 +1,8 @@ > > #RANCID-CONTENT-TYPE: juniper > > # > > # r-platteville-hub> show chassis clocks > > + # show chassis environment > > # r-platteville-hub> show chassis environment > > # Class Item Status > > # Power FPC 0 Power Supply 0 OK > > # FPC 0 Power Supply 1 OK > > > > Heasley, you chimed in saying the prompt may be out of sync. While I > don't > > quite know what that means, you suggested sending output of: > > > > eval `rancid -Ct juniper device` > > > > Here that is, finally: > > > > jlogin -t 120 -c 'show chassis clocks;show chassis environment;show > chassis > > firmware;show chassis fpc detail;show chassis hardware detail;show > chassis > > hardware models;show chassis routing-engine;show chassis scb;show chassis > > sfm detail;show chassis ssb;show chassis feb detail;show chassis feb;show > > chassis cfeb;show chassis alarms;show system license;show system > > boot-messages;show system core-dumps;show version detail;show version > > invoke-on other-routing-engine;show configuration;file checksum md5 > > /var/db/scripts/*/*;file list recursive /var/db/scripts/' > r-platteville-hub > > > > You may notice some additions at the end which help us track some slax > > scripts: > > > > file checksum md5 /var/db/scripts/*/*;file list recursive > /var/db/scripts/' > > > > we've had those in place for quite some time (before this) so I'm unsure > if > > those are related. > > not likely. I presume you have a banner with something that looks like a > prompt; like https://www.juniper.net/documentation/software/junos/ > junos93/swconfig-system-basics/configuring-a-system-login-message.html. > if not, you'll have to share output with me. > > eval `rancid -t juniper -C hostname` &> output > -------------- next part -------------- An HTML attachment was scrubbed... URL: From weylin at bu.edu Fri Jul 27 22:29:19 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Fri, 27 Jul 2018 22:29:19 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: <20180727151557.GA39011@shrubbery.net> References: <20180122151528.F162D8FD22@sea.shrubbery.net> <8EA84DFC-11E4-4CB5-8C86-AC064F6BD0BF@bu.edu> <20180122151650.GE5283@shrubbery.net> <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> <20180726224316.GA25468@shrubbery.net> <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> <0864E58E-95EA-4F33-AF85-19FE53E06A9C@bu.edu> <20180727151557.GA39011@shrubbery.net> Message-ID: Ah; thanks, I see it there. Something is amiss with that. "eval... ; cat -v" output below. Weylin [rancid at nsgv-prod-59 ~]$ eval `rancid -t cisco-wlc5 -C cumm111-wism-aca05.bu.edu` &> output [rancid at nsgv-prod-59 ~]$ cat -v output? cumm111-wism-aca05.bu.edu spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid cumm111-wism-aca05.bu.edu^M ^M Access to this system is permitted for authorized persons only.? All connections are logged and monitored.? By accessing this system, you acknowledge that use of this and any other technology at Boston University is subject to the terms of the Boston University Conditions of Use and Policy on Computing Ethics; please see: http://www.bu.edu/computing/ethics for details.^M (cumm111-wism-aca05) ^M User: rancid^M Password:*******^M (cumm111-wism-aca05) >^M (cumm111-wism-aca05) >config paging disable^M ^M Incorrect usage.? Use the '?' or key to list commands.^M ^M (cumm111-wism-aca05) >show udi^M ^MNAME: "Chassis"? ? , DESCR: "Cisco Wireless Services Module 2" ^MPID: WS-SVC-WISM2-K9,? VID: V01,? SN: SAL172893FZ^M ^M (cumm111-wism-aca05) >show sysinfo^M ^M Manufacturer's Name.............................. Cisco Systems Inc.^M Product Name..................................... Cisco Controller^M Product Version.................................. 8.2.166.0^M Bootloader Version............................... 1.0.20^M Field Recovery Image Version..................... 7.6.101.1^M Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2^M Build Type....................................... DATA + WPS ^M System Name...................................... cumm111-wism-aca05^M System Location.................................. 111 Cummington St., Room B05^M System Contact................................... Network Operations Center^M System ObjectID.................................. 1.3.6.1.4.1.9.1.1293^M Redundancy Mode.................................. SSO^M IP Address....................................... 10.123.18.234^M IPv6 Address..................................... ::^M Last Reset....................................... Software reset^M System Up Time................................... 98 days 3 hrs 47 mins 5 secs^M System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)^M System Stats Realtime Interval................... 5^M System Stats Normal Interval..................... 180 ^M ^M Error: TIMEOUT reached [rancid at nsgv-prod-59 ~]$ ?On 7/27/18, 11:16 AM, "heasley" wrote: Fri, Jul 27, 2018 at 12:08:37PM +0000, Piegorsch, Weylin William: > I did some experimenting, issuing the "config paging disable" CLI command on initial login seems to eliminate the paging issue, similar to the ASA "terminal pager 0" or the IOS "terminal length 0". > weylin wlogin should have sent this command at the beginning. please look at the beginning of the transcript with the device. > On 7/27/18, 8:01 AM, "Piegorsch, Weylin William" wrote: > > When I login as myself and run the "show sysinfo" command, I get the below output. I notice that rancid (wlogin) gets stuck on the prompt at the end there. When expect sees the prompt, a would be the appropriate response. I'm not sure how to disable paging, unfortunately. > > Weylin > > (cumm111-wism-aca05) >show sysinfo > > Manufacturer's Name.............................. Cisco Systems Inc. > Product Name..................................... Cisco Controller > Product Version.................................. 8.2.166.0 > Bootloader Version............................... 1.0.20 > Field Recovery Image Version..................... 7.6.101.1 > Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2 > Build Type....................................... DATA + WPS > > System Name...................................... cumm111-wism-aca05 > System Location.................................. 111 Cummington St., Room B05 > System Contact................................... Network Operations Center > System ObjectID.................................. 1.3.6.1.4.1.9.1.1293 > Redundancy Mode.................................. SSO > IP Address....................................... 10.123.18.234 > IPv6 Address..................................... :: > Last Reset....................................... Software reset > System Up Time................................... 97 days 17 hrs 26 mins 34 secs > System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada) > System Stats Realtime Interval................... 5 > System Stats Normal Interval..................... 180 > > > --More-- or (q)uit > > > > > > On 7/26/18, 6:43 PM, "heasley" wrote: > > Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William: > > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. > > > > weylin > > i dont see the problem in what you've provided; you'll have to share more > output with me. > > eval `rancid -t cisco-wlc8 -C hostname` &> output > > > > From weylin at bu.edu Fri Jul 27 22:30:53 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Fri, 27 Jul 2018 22:30:53 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: References: <20180122151528.F162D8FD22@sea.shrubbery.net> <8EA84DFC-11E4-4CB5-8C86-AC064F6BD0BF@bu.edu> <20180122151650.GE5283@shrubbery.net> <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> <20180726224316.GA25468@shrubbery.net> <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> <0864E58E-95EA-4F33-AF85-19FE53E06A9C@bu.edu> <20180727151557.GA39011@shrubbery.net> Message-ID: <4F748F05-1C24-4F5C-AF0F-583831D13422@bu.edu> This might be a tacacs issue. When I log in as a normal user, the config paging disable command appears when I type "?". I'll play around with that over the weekend. Weylin (cumm111-wism-aca05) >? debug Manages system debug options. exit grep Print lines matching a pattern. help Help linktest Perform a link test to a specified MAC address. logout Exit this session. Any unsaved changes are lost. show Display switch options and settings. (cumm111-wism-aca05) > ?On 7/27/18, 6:29 PM, "Piegorsch, Weylin William" wrote: Ah; thanks, I see it there. Something is amiss with that. "eval... ; cat -v" output below. Weylin [rancid at nsgv-prod-59 ~]$ eval `rancid -t cisco-wlc5 -C cumm111-wism-aca05.bu.edu` &> output [rancid at nsgv-prod-59 ~]$ cat -v output cumm111-wism-aca05.bu.edu spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid cumm111-wism-aca05.bu.edu^M ^M Access to this system is permitted for authorized persons only. All connections are logged and monitored. By accessing this system, you acknowledge that use of this and any other technology at Boston University is subject to the terms of the Boston University Conditions of Use and Policy on Computing Ethics; please see: http://www.bu.edu/computing/ethics for details.^M (cumm111-wism-aca05) ^M User: rancid^M Password:*******^M (cumm111-wism-aca05) >^M (cumm111-wism-aca05) >config paging disable^M ^M Incorrect usage. Use the '?' or key to list commands.^M ^M (cumm111-wism-aca05) >show udi^M ^MNAME: "Chassis" , DESCR: "Cisco Wireless Services Module 2" ^MPID: WS-SVC-WISM2-K9, VID: V01, SN: SAL172893FZ^M ^M (cumm111-wism-aca05) >show sysinfo^M ^M Manufacturer's Name.............................. Cisco Systems Inc.^M Product Name..................................... Cisco Controller^M Product Version.................................. 8.2.166.0^M Bootloader Version............................... 1.0.20^M Field Recovery Image Version..................... 7.6.101.1^M Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2^M Build Type....................................... DATA + WPS ^M System Name...................................... cumm111-wism-aca05^M System Location.................................. 111 Cummington St., Room B05^M System Contact................................... Network Operations Center^M System ObjectID.................................. 1.3.6.1.4.1.9.1.1293^M Redundancy Mode.................................. SSO^M IP Address....................................... 10.123.18.234^M IPv6 Address..................................... ::^M Last Reset....................................... Software reset^M System Up Time................................... 98 days 3 hrs 47 mins 5 secs^M System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)^M System Stats Realtime Interval................... 5^M System Stats Normal Interval..................... 180 ^M ^M Error: TIMEOUT reached [rancid at nsgv-prod-59 ~]$ On 7/27/18, 11:16 AM, "heasley" wrote: Fri, Jul 27, 2018 at 12:08:37PM +0000, Piegorsch, Weylin William: > I did some experimenting, issuing the "config paging disable" CLI command on initial login seems to eliminate the paging issue, similar to the ASA "terminal pager 0" or the IOS "terminal length 0". > weylin wlogin should have sent this command at the beginning. please look at the beginning of the transcript with the device. > On 7/27/18, 8:01 AM, "Piegorsch, Weylin William" wrote: > > When I login as myself and run the "show sysinfo" command, I get the below output. I notice that rancid (wlogin) gets stuck on the prompt at the end there. When expect sees the prompt, a would be the appropriate response. I'm not sure how to disable paging, unfortunately. > > Weylin > > (cumm111-wism-aca05) >show sysinfo > > Manufacturer's Name.............................. Cisco Systems Inc. > Product Name..................................... Cisco Controller > Product Version.................................. 8.2.166.0 > Bootloader Version............................... 1.0.20 > Field Recovery Image Version..................... 7.6.101.1 > Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2 > Build Type....................................... DATA + WPS > > System Name...................................... cumm111-wism-aca05 > System Location.................................. 111 Cummington St., Room B05 > System Contact................................... Network Operations Center > System ObjectID.................................. 1.3.6.1.4.1.9.1.1293 > Redundancy Mode.................................. SSO > IP Address....................................... 10.123.18.234 > IPv6 Address..................................... :: > Last Reset....................................... Software reset > System Up Time................................... 97 days 17 hrs 26 mins 34 secs > System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada) > System Stats Realtime Interval................... 5 > System Stats Normal Interval..................... 180 > > > --More-- or (q)uit > > > > > > On 7/26/18, 6:43 PM, "heasley" wrote: > > Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William: > > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. > > > > weylin > > i dont see the problem in what you've provided; you'll have to share more > output with me. > > eval `rancid -t cisco-wlc8 -C hostname` &> output > > > > From weylin at bu.edu Mon Jul 30 10:59:39 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Mon, 30 Jul 2018 10:59:39 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: <4F748F05-1C24-4F5C-AF0F-583831D13422@bu.edu> References: <20180122151528.F162D8FD22@sea.shrubbery.net> <8EA84DFC-11E4-4CB5-8C86-AC064F6BD0BF@bu.edu> <20180122151650.GE5283@shrubbery.net> <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> <20180726224316.GA25468@shrubbery.net> <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> <0864E58E-95EA-4F33-AF85-19FE53E06A9C@bu.edu> <20180727151557.GA39011@shrubbery.net> <4F748F05-1C24-4F5C-AF0F-583831D13422@bu.edu> Message-ID: Hi John, I'm still playing around with AAA. What I'm finding, is that the f*&^% WLC CLI authorization mechanism is all bork bork bork. I can set a read-only role, but that disables the ability to issue the "config pager disable" command since the entire "config *" command tree is not available. I can set a higher role, and perhaps the command will appear, but I'm struggling to figure out how to create a custom role definition (I suspect it might be impossible since the Cisco WLC is designed to be GUI-based). We can discuss another time allowing automation to make changes to the system - I'm fighting this battle internally but it's not going well, for now let's just say I need to demonstrate confidence that rancid will only get data, not change anything more complicated than a "last login" notice. In any event - so, this leaves me with the CLI role I have, and without the "config paging disable" to be used. I'm running rancid 3.4.1, I notice the latest 3.8 is slightly different in wlogin. But, they're relatively similar, and neither version (I think?) catches the specific prompts that might appear to prompt for paging. Might they possibly be added? See below what I did to wlogin v3.4.1 (aka my installation), let me know if I did this wrong (I'm an accomplished network engineer... but a poor excuse for a software engineer). Also, wlogin uses "exit" to close the CLI when -c or -x is specified; it needs to be "logout" instead regardless of user role. Where do I change this? I suppose I can do this in rancid.types.base (.conf?), but I'd prefer not to since I /do/ use *login with the -p and -u options on occasion with some simple BASH command-line scripts to accomplish manual campus-wide pre-planned changes. I tried grep'ing through some files, that didn't work too well. Weylin I modified 3.4.1 bin/wlogin on this line: for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst -nocommands [lindex $commands $i]]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "^--More--\[\r\n]+" { # specific match c1900 pager send " " exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } + -re "^--More-- .*" { send "q" # note the [[:space:]] between --More-- and the period + exp_continue + } } }} ?On 7/27/18, 6:30 PM, "Piegorsch, Weylin William" wrote: This might be a tacacs issue. When I log in as a normal user, the config paging disable command appears when I type "?". I'll play around with that over the weekend. Weylin (cumm111-wism-aca05) >? debug Manages system debug options. exit grep Print lines matching a pattern. help Help linktest Perform a link test to a specified MAC address. logout Exit this session. Any unsaved changes are lost. show Display switch options and settings. (cumm111-wism-aca05) > On 7/27/18, 6:29 PM, "Piegorsch, Weylin William" wrote: Ah; thanks, I see it there. Something is amiss with that. "eval... ; cat -v" output below. Weylin [rancid at nsgv-prod-59 ~]$ eval `rancid -t cisco-wlc5 -C cumm111-wism-aca05.bu.edu` &> output [rancid at nsgv-prod-59 ~]$ cat -v output cumm111-wism-aca05.bu.edu spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid cumm111-wism-aca05.bu.edu^M ^M Access to this system is permitted for authorized persons only. All connections are logged and monitored. By accessing this system, you acknowledge that use of this and any other technology at Boston University is subject to the terms of the Boston University Conditions of Use and Policy on Computing Ethics; please see: http://www.bu.edu/computing/ethics for details.^M (cumm111-wism-aca05) ^M User: rancid^M Password:*******^M (cumm111-wism-aca05) >^M (cumm111-wism-aca05) >config paging disable^M ^M Incorrect usage. Use the '?' or key to list commands.^M ^M (cumm111-wism-aca05) >show udi^M ^MNAME: "Chassis" , DESCR: "Cisco Wireless Services Module 2" ^MPID: WS-SVC-WISM2-K9, VID: V01, SN: SAL172893FZ^M ^M (cumm111-wism-aca05) >show sysinfo^M ^M Manufacturer's Name.............................. Cisco Systems Inc.^M Product Name..................................... Cisco Controller^M Product Version.................................. 8.2.166.0^M Bootloader Version............................... 1.0.20^M Field Recovery Image Version..................... 7.6.101.1^M Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2^M Build Type....................................... DATA + WPS ^M System Name...................................... cumm111-wism-aca05^M System Location.................................. 111 Cummington St., Room B05^M System Contact................................... Network Operations Center^M System ObjectID.................................. 1.3.6.1.4.1.9.1.1293^M Redundancy Mode.................................. SSO^M IP Address....................................... 10.123.18.234^M IPv6 Address..................................... ::^M Last Reset....................................... Software reset^M System Up Time................................... 98 days 3 hrs 47 mins 5 secs^M System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)^M System Stats Realtime Interval................... 5^M System Stats Normal Interval..................... 180 ^M ^M Error: TIMEOUT reached [rancid at nsgv-prod-59 ~]$ On 7/27/18, 11:16 AM, "heasley" wrote: Fri, Jul 27, 2018 at 12:08:37PM +0000, Piegorsch, Weylin William: > I did some experimenting, issuing the "config paging disable" CLI command on initial login seems to eliminate the paging issue, similar to the ASA "terminal pager 0" or the IOS "terminal length 0". > weylin wlogin should have sent this command at the beginning. please look at the beginning of the transcript with the device. > On 7/27/18, 8:01 AM, "Piegorsch, Weylin William" wrote: > > When I login as myself and run the "show sysinfo" command, I get the below output. I notice that rancid (wlogin) gets stuck on the prompt at the end there. When expect sees the prompt, a would be the appropriate response. I'm not sure how to disable paging, unfortunately. > > Weylin > > (cumm111-wism-aca05) >show sysinfo > > Manufacturer's Name.............................. Cisco Systems Inc. > Product Name..................................... Cisco Controller > Product Version.................................. 8.2.166.0 > Bootloader Version............................... 1.0.20 > Field Recovery Image Version..................... 7.6.101.1 > Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2 > Build Type....................................... DATA + WPS > > System Name...................................... cumm111-wism-aca05 > System Location.................................. 111 Cummington St., Room B05 > System Contact................................... Network Operations Center > System ObjectID.................................. 1.3.6.1.4.1.9.1.1293 > Redundancy Mode.................................. SSO > IP Address....................................... 10.123.18.234 > IPv6 Address..................................... :: > Last Reset....................................... Software reset > System Up Time................................... 97 days 17 hrs 26 mins 34 secs > System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada) > System Stats Realtime Interval................... 5 > System Stats Normal Interval..................... 180 > > > --More-- or (q)uit > > > > > > On 7/26/18, 6:43 PM, "heasley" wrote: > > Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William: > > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. > > > > weylin > > i dont see the problem in what you've provided; you'll have to share more > output with me. > > eval `rancid -t cisco-wlc8 -C hostname` &> output > > > > From heas at shrubbery.net Tue Jul 31 00:44:33 2018 From: heas at shrubbery.net (heasley) Date: Tue, 31 Jul 2018 00:44:33 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: References: <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> <20180726224316.GA25468@shrubbery.net> <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> <0864E58E-95EA-4F33-AF85-19FE53E06A9C@bu.edu> <20180727151557.GA39011@shrubbery.net> <4F748F05-1C24-4F5C-AF0F-583831D13422@bu.edu> Message-ID: <20180731004433.GA31150@shrubbery.net> Mon, Jul 30, 2018 at 10:59:39AM +0000, Piegorsch, Weylin William: > Hi John, > > I'm still playing around with AAA. What I'm finding, is that the f*&^% WLC CLI authorization mechanism is all bork bork bork. I can set a read-only role, but that disables the ability to issue the "config pager disable" command since the entire "config *" command tree is not available. I can set a higher role, and perhaps the command will appear, but I'm struggling to figure out how to create a custom role definition (I suspect it might be impossible since the Cisco WLC is designed to be GUI-based). We can discuss another time allowing automation to make changes to the system - I'm fighting this battle internally but it's not going well, for now let's just say I need to demonstrate confidence that rancid will only get data, not change anything more complicated than a "last login" notice. this is a(nother) design flaw in the o/s, imiho. as in ios, the pager should only affect the given vty, not the config of the device. not needing to manipulate the pager is very convenient. > In any event - so, this leaves me with the CLI role I have, and without the "config paging disable" to be used. you could also change the config to disabled the pager, if most folk just use the web UI. or try setting the stty rows to some large number before initiating the connection to the device; it might honor it, but i've seen many of these half-baked platforms ignore it if it doesn't lie within some unspoken acceptable range. > I'm running rancid 3.4.1, I notice the latest 3.8 is slightly different in wlogin. But, they're relatively similar, and neither version (I think?) catches the specific prompts that might appear to prompt for paging. Might they possibly be added? See below what I did to wlogin v3.4.1 (aka my installation), let me know if I did this wrong (I'm an accomplished network engineer... but a poor excuse for a software engineer). > > Also, wlogin uses "exit" to close the CLI when -c or -x is specified; it needs to be "logout" instead regardless of user role. Where do I change this? I suppose I can do this in rancid.types.base (.conf?), but I'd prefer not to since I /do/ use *login with the -p and -u options on occasion with some simple BASH command-line scripts to accomplish manual campus-wide pre-planned changes. I tried grep'ing through some files, that didn't work too well. you just need a newer wlogin; current is using logout. > Weylin > > I modified 3.4.1 bin/wlogin on this line: > > for {set i 0} {$i < $num_commands} { incr i} { > send -- "[subst -nocommands [lindex $commands $i]]\r" > expect { > -re "\b+" { exp_continue } > -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" > } > -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" > exp_continue > } > -re "^--More--\[\r\n]+" { # specific match c1900 pager > send " " > exp_continue > } > -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" > exp_continue > } > + -re "^--More-- .*" { send "q" # note the [[:space:]] between --More-- and the period > + exp_continue > + } difficult to say if that might cause problems with the output without seeing the raw input. it depends upon how the device manipulates the pager prompt. if that RE is matching too little/much, the line following the prompt will shift back & forth randomly. > } > }} > > > ?On 7/27/18, 6:30 PM, "Piegorsch, Weylin William" wrote: > > This might be a tacacs issue. When I log in as a normal user, the config paging disable command appears when I type "?". I'll play around with that over the weekend. > Weylin > > > (cumm111-wism-aca05) >? > > debug Manages system debug options. > exit > grep Print lines matching a pattern. > help Help > linktest Perform a link test to a specified MAC address. > logout Exit this session. Any unsaved changes are lost. > show Display switch options and settings. > > (cumm111-wism-aca05) > > > > > > > On 7/27/18, 6:29 PM, "Piegorsch, Weylin William" wrote: > > Ah; thanks, I see it there. Something is amiss with that. "eval... ; cat -v" output below. > Weylin > > > > > [rancid at nsgv-prod-59 ~]$ eval `rancid -t cisco-wlc5 -C cumm111-wism-aca05.bu.edu` &> output > [rancid at nsgv-prod-59 ~]$ cat -v output > cumm111-wism-aca05.bu.edu > spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid cumm111-wism-aca05.bu.edu^M > ^M > Access to this system is permitted for authorized persons only. All connections are logged and monitored. By accessing this system, you acknowledge that use of this and any other technology at Boston University is subject to the terms of the Boston University Conditions of Use and Policy on Computing Ethics; please see: http://www.bu.edu/computing/ethics for details.^M > (cumm111-wism-aca05) ^M > User: rancid^M > Password:*******^M > (cumm111-wism-aca05) >^M > (cumm111-wism-aca05) >config paging disable^M > ^M > Incorrect usage. Use the '?' or key to list commands.^M > ^M > (cumm111-wism-aca05) >show udi^M > > ^MNAME: "Chassis" , DESCR: "Cisco Wireless Services Module 2" > ^MPID: WS-SVC-WISM2-K9, VID: V01, SN: SAL172893FZ^M > ^M > (cumm111-wism-aca05) >show sysinfo^M > ^M > Manufacturer's Name.............................. Cisco Systems Inc.^M > Product Name..................................... Cisco Controller^M > Product Version.................................. 8.2.166.0^M > Bootloader Version............................... 1.0.20^M > Field Recovery Image Version..................... 7.6.101.1^M > Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2^M > Build Type....................................... DATA + WPS > ^M > System Name...................................... cumm111-wism-aca05^M > System Location.................................. 111 Cummington St., Room B05^M > System Contact................................... Network Operations Center^M > System ObjectID.................................. 1.3.6.1.4.1.9.1.1293^M > Redundancy Mode.................................. SSO^M > IP Address....................................... 10.123.18.234^M > IPv6 Address..................................... ::^M > Last Reset....................................... Software reset^M > System Up Time................................... 98 days 3 hrs 47 mins 5 secs^M > System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)^M > System Stats Realtime Interval................... 5^M > System Stats Normal Interval..................... 180 > ^M > ^M > > Error: TIMEOUT reached > [rancid at nsgv-prod-59 ~]$ > > > > > > On 7/27/18, 11:16 AM, "heasley" wrote: > > Fri, Jul 27, 2018 at 12:08:37PM +0000, Piegorsch, Weylin William: > > I did some experimenting, issuing the "config paging disable" CLI command on initial login seems to eliminate the paging issue, similar to the ASA "terminal pager 0" or the IOS "terminal length 0". > > weylin > > wlogin should have sent this command at the beginning. please look at > the beginning of the transcript with the device. > > > On 7/27/18, 8:01 AM, "Piegorsch, Weylin William" wrote: > > > > When I login as myself and run the "show sysinfo" command, I get the below output. I notice that rancid (wlogin) gets stuck on the prompt at the end there. When expect sees the prompt, a would be the appropriate response. I'm not sure how to disable paging, unfortunately. > > > > Weylin > > > > (cumm111-wism-aca05) >show sysinfo > > > > Manufacturer's Name.............................. Cisco Systems Inc. > > Product Name..................................... Cisco Controller > > Product Version.................................. 8.2.166.0 > > Bootloader Version............................... 1.0.20 > > Field Recovery Image Version..................... 7.6.101.1 > > Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2 > > Build Type....................................... DATA + WPS > > > > System Name...................................... cumm111-wism-aca05 > > System Location.................................. 111 Cummington St., Room B05 > > System Contact................................... Network Operations Center > > System ObjectID.................................. 1.3.6.1.4.1.9.1.1293 > > Redundancy Mode.................................. SSO > > IP Address....................................... 10.123.18.234 > > IPv6 Address..................................... :: > > Last Reset....................................... Software reset > > System Up Time................................... 97 days 17 hrs 26 mins 34 secs > > System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada) > > System Stats Realtime Interval................... 5 > > System Stats Normal Interval..................... 180 > > > > > > --More-- or (q)uit > > > > > > > > > > > > On 7/26/18, 6:43 PM, "heasley" wrote: > > > > Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William: > > > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. > > > > > > weylin > > > > i dont see the problem in what you've provided; you'll have to share more > > output with me. > > > > eval `rancid -t cisco-wlc8 -C hostname` &> output > > > > > > > > > > > > > > From weylin at bu.edu Tue Jul 31 12:13:48 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Tue, 31 Jul 2018 12:13:48 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: <20180731004433.GA31150@shrubbery.net> References: <80F727C1-7252-49B0-9ED2-C192CC18B935@bu.edu> <817ED5C7-EF9B-4955-B5D6-8193AFF5828C@bu.edu> <20180726224316.GA25468@shrubbery.net> <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> <0864E58E-95EA-4F33-AF85-19FE53E06A9C@bu.edu> <20180727151557.GA39011@shrubbery.net> <4F748F05-1C24-4F5C-AF0F-583831D13422@bu.edu> <20180731004433.GA31150@shrubbery.net> Message-ID: <9595FD09-B472-4F2E-A380-F49E2E192B9E@bu.edu> > this is a(nother) design flaw in the o/s, imiho. FULLY AGREE!!!!! "config pager disable" is a per-session setting, and has no permanence. I tried setting it, and it lasted the duration of my session, but once I logged out/in the CLI reverted to a paging behavior. And yet, it's not available to a read-only user. Grrrr.... I'll start working with the wlogin from 3.8, and either upgrade rancid (management depending), replace wlogin, copy wlogin to wlogin-3.8 and define a new WLC type in rancid.types.conf, or as a last resort copy/paste the appropriate change. Thanks for the help through this process. weylin ?-----Original Message----- From: heasley Date: Monday, July 30, 2018 at 8:45 PM To: Weylin Piegorsch Cc: heasley , Daniel Schmidt , "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup Mon, Jul 30, 2018 at 10:59:39AM +0000, Piegorsch, Weylin William: > Hi John, > > I'm still playing around with AAA. What I'm finding, is that the f*&^% WLC CLI authorization mechanism is all bork bork bork. I can set a read-only role, but that disables the ability to issue the "config pager disable" command since the entire "config *" command tree is not available. I can set a higher role, and perhaps the command will appear, but I'm struggling to figure out how to create a custom role definition (I suspect it might be impossible since the Cisco WLC is designed to be GUI-based). We can discuss another time allowing automation to make changes to the system - I'm fighting this battle internally but it's not going well, for now let's just say I need to demonstrate confidence that rancid will only get data, not change anything more complicated than a "last login" notice. this is a(nother) design flaw in the o/s, imiho. as in ios, the pager should only affect the given vty, not the config of the device. not needing to manipulate the pager is very convenient. > In any event - so, this leaves me with the CLI role I have, and without the "config paging disable" to be used. you could also change the config to disabled the pager, if most folk just use the web UI. or try setting the stty rows to some large number before initiating the connection to the device; it might honor it, but i've seen many of these half-baked platforms ignore it if it doesn't lie within some unspoken acceptable range. > I'm running rancid 3.4.1, I notice the latest 3.8 is slightly different in wlogin. But, they're relatively similar, and neither version (I think?) catches the specific prompts that might appear to prompt for paging. Might they possibly be added? See below what I did to wlogin v3.4.1 (aka my installation), let me know if I did this wrong (I'm an accomplished network engineer... but a poor excuse for a software engineer). > > Also, wlogin uses "exit" to close the CLI when -c or -x is specified; it needs to be "logout" instead regardless of user role. Where do I change this? I suppose I can do this in rancid.types.base (.conf?), but I'd prefer not to since I /do/ use *login with the -p and -u options on occasion with some simple BASH command-line scripts to accomplish manual campus-wide pre-planned changes. I tried grep'ing through some files, that didn't work too well. you just need a newer wlogin; current is using logout. > Weylin > > I modified 3.4.1 bin/wlogin on this line: > > for {set i 0} {$i < $num_commands} { incr i} { > send -- "[subst -nocommands [lindex $commands $i]]\r" > expect { > -re "\b+" { exp_continue } > -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" > } > -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" > exp_continue > } > -re "^--More--\[\r\n]+" { # specific match c1900 pager > send " " > exp_continue > } > -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" > exp_continue > } > + -re "^--More-- .*" { send "q" # note the [[:space:]] between --More-- and the period > + exp_continue > + } difficult to say if that might cause problems with the output without seeing the raw input. it depends upon how the device manipulates the pager prompt. if that RE is matching too little/much, the line following the prompt will shift back & forth randomly. > } > }} > > > On 7/27/18, 6:30 PM, "Piegorsch, Weylin William" wrote: > > This might be a tacacs issue. When I log in as a normal user, the config paging disable command appears when I type "?". I'll play around with that over the weekend. > Weylin > > > (cumm111-wism-aca05) >? > > debug Manages system debug options. > exit > grep Print lines matching a pattern. > help Help > linktest Perform a link test to a specified MAC address. > logout Exit this session. Any unsaved changes are lost. > show Display switch options and settings. > > (cumm111-wism-aca05) > > > > > > > On 7/27/18, 6:29 PM, "Piegorsch, Weylin William" wrote: > > Ah; thanks, I see it there. Something is amiss with that. "eval... ; cat -v" output below. > Weylin > > > > > [rancid at nsgv-prod-59 ~]$ eval `rancid -t cisco-wlc5 -C cumm111-wism-aca05.bu.edu` &> output > [rancid at nsgv-prod-59 ~]$ cat -v output > cumm111-wism-aca05.bu.edu > spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid cumm111-wism-aca05.bu.edu^M > ^M > Access to this system is permitted for authorized persons only. All connections are logged and monitored. By accessing this system, you acknowledge that use of this and any other technology at Boston University is subject to the terms of the Boston University Conditions of Use and Policy on Computing Ethics; please see: http://www.bu.edu/computing/ethics for details.^M > (cumm111-wism-aca05) ^M > User: rancid^M > Password:*******^M > (cumm111-wism-aca05) >^M > (cumm111-wism-aca05) >config paging disable^M > ^M > Incorrect usage. Use the '?' or key to list commands.^M > ^M > (cumm111-wism-aca05) >show udi^M > > ^MNAME: "Chassis" , DESCR: "Cisco Wireless Services Module 2" > ^MPID: WS-SVC-WISM2-K9, VID: V01, SN: SAL172893FZ^M > ^M > (cumm111-wism-aca05) >show sysinfo^M > ^M > Manufacturer's Name.............................. Cisco Systems Inc.^M > Product Name..................................... Cisco Controller^M > Product Version.................................. 8.2.166.0^M > Bootloader Version............................... 1.0.20^M > Field Recovery Image Version..................... 7.6.101.1^M > Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2^M > Build Type....................................... DATA + WPS > ^M > System Name...................................... cumm111-wism-aca05^M > System Location.................................. 111 Cummington St., Room B05^M > System Contact................................... Network Operations Center^M > System ObjectID.................................. 1.3.6.1.4.1.9.1.1293^M > Redundancy Mode.................................. SSO^M > IP Address....................................... 10.123.18.234^M > IPv6 Address..................................... ::^M > Last Reset....................................... Software reset^M > System Up Time................................... 98 days 3 hrs 47 mins 5 secs^M > System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)^M > System Stats Realtime Interval................... 5^M > System Stats Normal Interval..................... 180 > ^M > ^M > > Error: TIMEOUT reached > [rancid at nsgv-prod-59 ~]$ > > > > > > On 7/27/18, 11:16 AM, "heasley" wrote: > > Fri, Jul 27, 2018 at 12:08:37PM +0000, Piegorsch, Weylin William: > > I did some experimenting, issuing the "config paging disable" CLI command on initial login seems to eliminate the paging issue, similar to the ASA "terminal pager 0" or the IOS "terminal length 0". > > weylin > > wlogin should have sent this command at the beginning. please look at > the beginning of the transcript with the device. > > > On 7/27/18, 8:01 AM, "Piegorsch, Weylin William" wrote: > > > > When I login as myself and run the "show sysinfo" command, I get the below output. I notice that rancid (wlogin) gets stuck on the prompt at the end there. When expect sees the prompt, a would be the appropriate response. I'm not sure how to disable paging, unfortunately. > > > > Weylin > > > > (cumm111-wism-aca05) >show sysinfo > > > > Manufacturer's Name.............................. Cisco Systems Inc. > > Product Name..................................... Cisco Controller > > Product Version.................................. 8.2.166.0 > > Bootloader Version............................... 1.0.20 > > Field Recovery Image Version..................... 7.6.101.1 > > Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2 > > Build Type....................................... DATA + WPS > > > > System Name...................................... cumm111-wism-aca05 > > System Location.................................. 111 Cummington St., Room B05 > > System Contact................................... Network Operations Center > > System ObjectID.................................. 1.3.6.1.4.1.9.1.1293 > > Redundancy Mode.................................. SSO > > IP Address....................................... 10.123.18.234 > > IPv6 Address..................................... :: > > Last Reset....................................... Software reset > > System Up Time................................... 97 days 17 hrs 26 mins 34 secs > > System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada) > > System Stats Realtime Interval................... 5 > > System Stats Normal Interval..................... 180 > > > > > > --More-- or (q)uit > > > > > > > > > > > > On 7/26/18, 6:43 PM, "heasley" wrote: > > > > Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William: > > > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output. > > > > > > weylin > > > > i dont see the problem in what you've provided; you'll have to share more > > output with me. > > > > eval `rancid -t cisco-wlc8 -C hostname` &> output > > > > > > > > > > > > > > From heas at shrubbery.net Tue Jul 31 14:46:32 2018 From: heas at shrubbery.net (heasley) Date: Tue, 31 Jul 2018 14:46:32 +0000 Subject: [rancid] Juniper CLI prompts out of sync causing frequent changes In-Reply-To: References: <20180727170036.GD39011@shrubbery.net> Message-ID: <20180731144632.GC72511@shrubbery.net> Fri, Jul 27, 2018 at 12:58:14PM -0500, Chris Wopat: > We actually do not have a banner, but your mention of that reminds me that > indeed, when doing some updates recently we enabled login-tip ( > https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/login-tip-edit-system.html/) > which is almost certainly putting something random in a banner-ish area > upon each login. > > Here are 3 random examples from the same device: > > ======================================================== > Password: > --- JUNOS 14.1X53-D47.3 built 2018-05-10 21:38:01 UTC > JUNOS tip: > Use the 'no-more' CLI pipe to disable the CLI's more capability and > let the multiple pages of output scroll without stopping. > > > --- JUNOS 14.1X53-D47.3 built 2018-05-10 21:38:01 UTC > JUNOS tip: > Use ESC-/ in the CLI to expand strings into matching words from the > command line history. > > Password: > --- JUNOS 14.1X53-D47.3 built 2018-05-10 21:38:01 UTC > JUNOS tip: > Use the TAB key to autocomplete interface names in operational mode. > ======================================================== > > Since they liberally use dashes, single quotes, forward slashes and so on- > this seems to be the likely culprit? maybe; those do not look like prompts. > Would it be possible to filter out anything between "JUNOS tip" and the > first valid prompt so we have a chance of leaving them enabled? it is all about reliably identifying the valid prompt. if i could tell users and vendors not to use [\][[:space:])(_*\\<>] in their prompts, life would be easier - the regex would simply be ^[^PROMPTTERMINALCHAR\r\n ]+PROMPTTERMINALCHAR jlogin is looking for '>'. can you reproduce it reliably with a particular device? if you can share (with me only) the output of jlogin -d -c 'show version' hostname 2> output i expect that i can fix it, but i may need more output, like: jlogin -d -c 'show chassis clocks;show chassis environment;show chassis firmware;show chassis fpc detail' hostname 2> output > --Chris > > > > On Fri, Jul 27, 2018 at 12:00 PM, heasley wrote: > > > Fri, Jul 27, 2018 at 08:18:08AM -0500, Chris Wopat: > > > Hi folks, > > > > > > Last year I commented on an issue we're seeing across many Juniper > > devices. > > > I neglected to follow up on Heasley's response then but are seeing it a > > lot > > > more frequently now, perhaps related to some OS upgrades or something > > else. > > > > > > > > > Thread was here: > > > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2017- > > October/009916.html > > > http://www.shrubbery.net/pipermail/rancid-discuss/2017- > > October/009922.html > > > > > > Looking at the last week or so of these we've had, they're on devices > > > running 14.1X53-D4*, which is primaraily QFX5100 but also a few EX4200. > > > > > > Here's output from a single diff, its like this on various commands > > nearly > > > every run: > > > > > > > > > > > > Index: configs/r-kettlemoraine-hub > > > =================================================================== > > > retrieving revision 1.144 > > > diff -u -4 -r1.144 r-kettlemoraine-hub > > > @@ -1,7 +1,8 @@ > > > #RANCID-CONTENT-TYPE: juniper > > > # > > > # r-kettlemoraine-hub> show chassis clocks > > > + # show chassis environment > > > # r-kettlemoraine-hub> show chassis environment > > > # Class Item Status > > > # Power FPC 0 Power Supply 0 OK > > > # FPC 0 Power Supply 1 OK > > > Index: configs/r-lacrossecity-hub > > > =================================================================== > > > retrieving revision 1.108 > > > diff -u -4 -r1.108 r-lacrossecity-hub > > > @@ -15,9 +15,8 @@ > > > # FPC 0 Fan 2 OK > > > # FPC 0 Fan 3 OK > > > # > > > # r-lacrossecity-hub> show chassis firmware > > > - # show chassis fpc detail > > > # Part Type Version > > > # FPC 0 uboot U-Boot 1.1.6 (Jun 5 2012 - > > > 02:24:53) 1.0.0 > > > # loader FreeBSD/PowerPC U-Boot bootstrap > > > loader 2.4 > > > # > > > Index: configs/r-platteville-hub > > > =================================================================== > > > retrieving revision 1.274 > > > diff -u -4 -r1.274 r-platteville-hub > > > @@ -1,7 +1,8 @@ > > > #RANCID-CONTENT-TYPE: juniper > > > # > > > # r-platteville-hub> show chassis clocks > > > + # show chassis environment > > > # r-platteville-hub> show chassis environment > > > # Class Item Status > > > # Power FPC 0 Power Supply 0 OK > > > # FPC 0 Power Supply 1 OK > > > > > > Heasley, you chimed in saying the prompt may be out of sync. While I > > don't > > > quite know what that means, you suggested sending output of: > > > > > > eval `rancid -Ct juniper device` > > > > > > Here that is, finally: > > > > > > jlogin -t 120 -c 'show chassis clocks;show chassis environment;show > > chassis > > > firmware;show chassis fpc detail;show chassis hardware detail;show > > chassis > > > hardware models;show chassis routing-engine;show chassis scb;show chassis > > > sfm detail;show chassis ssb;show chassis feb detail;show chassis feb;show > > > chassis cfeb;show chassis alarms;show system license;show system > > > boot-messages;show system core-dumps;show version detail;show version > > > invoke-on other-routing-engine;show configuration;file checksum md5 > > > /var/db/scripts/*/*;file list recursive /var/db/scripts/' > > r-platteville-hub > > > > > > You may notice some additions at the end which help us track some slax > > > scripts: > > > > > > file checksum md5 /var/db/scripts/*/*;file list recursive > > /var/db/scripts/' > > > > > > we've had those in place for quite some time (before this) so I'm unsure > > if > > > those are related. > > > > not likely. I presume you have a banner with something that looks like a > > prompt; like https://www.juniper.net/documentation/software/junos/ > > junos93/swconfig-system-basics/configuring-a-system-login-message.html. > > if not, you'll have to share output with me. > > > > eval `rancid -t juniper -C hostname` &> output > > From heas at shrubbery.net Tue Jul 31 16:25:21 2018 From: heas at shrubbery.net (heasley) Date: Tue, 31 Jul 2018 16:25:21 +0000 Subject: [rancid] Unable to Conduct Cisco Wireless Controller Backup In-Reply-To: <9595FD09-B472-4F2E-A380-F49E2E192B9E@bu.edu> References: <20180726224316.GA25468@shrubbery.net> <56402173-7D20-4C40-9293-0B35E08F971D@bu.edu> <0864E58E-95EA-4F33-AF85-19FE53E06A9C@bu.edu> <20180727151557.GA39011@shrubbery.net> <4F748F05-1C24-4F5C-AF0F-583831D13422@bu.edu> <20180731004433.GA31150@shrubbery.net> <9595FD09-B472-4F2E-A380-F49E2E192B9E@bu.edu> Message-ID: <20180731162521.GF72511@shrubbery.net> Tue, Jul 31, 2018 at 12:13:48PM +0000, Piegorsch, Weylin William: > > this is a(nother) design flaw in the o/s, imiho. > > FULLY AGREE!!!!! "config pager disable" is a per-session setting, and has no permanence. I tried setting it, and it lasted the duration of my session, but once I logged out/in the CLI reverted to a paging behavior. And yet, it's not available to a read-only user. Grrrr.... if its not permanent, then its not changing the config. so your manglement shouldnt have a complaint. just use aaa authorization to allow only the commands that it needs. From daniel.schmidt at wyo.gov Tue Jul 31 17:30:04 2018 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 31 Jul 2018 11:30:04 -0600 Subject: [rancid] Cisco WLC 8540 In-Reply-To: <12F20041-75F8-4BD2-A51E-E8E3A99E54BE@bu.edu> References: <12F20041-75F8-4BD2-A51E-E8E3A99E54BE@bu.edu> Message-ID: Why are you using cisco-wlc4? Isn't that for really old controllers? On Thu, Jul 26, 2018 at 3:13 PM, Piegorsch, Weylin William wrote: > Hello, > > > > Anyone know why I?m having an issue? > > > > Weylin > > > > > > > > > > [rancid at nsgv-prod-59 ~]$ rancid -V > > rancid 3.4.1 > > [rancid at nsgv-prod-59 ~]$ > > [rancid at nsgv-prod-59 ~]$ > > [rancid at nsgv-prod-59 ~]$ > > [rancid at nsgv-prod-59 ~]$ > > [rancid at nsgv-prod-59 ~]$ > > [rancid at nsgv-prod-59 ~]$ > > [rancid at nsgv-prod-59 ~]$ rancid -d -t cisco-wlc4 cumm111-wism-aca01.bu.edu > > loadtype: device type cisco-wlc4 > > loadtype: found device type cisco-wlc4 in /usr/local/rancid/etc/rancid. > types.base > > executing wlogin -t 90 -c"show udi;show sysinfo;show runnning-config" > cumm111-wism-aca01.bu.edu > > PROMPT MATCH: \(cumm111-wism-aca01\) > > > HIT COMMAND:(cumm111-wism-aca01) >show udi > > In ShowUdi: (cumm111-wism-aca01) >show udi > > ShowUdi Data: NAME: "Chassis" , DESCR: "Cisco 8540 Wireless > Controller" > > ShowUdi Data: PID: AIR-CT8540-K9, VID: V01, SN: FCH2117V2A3 > > Exiting ShowSysinfo: (cumm111-wism-aca01) >show sysinfo > > HIT COMMAND:(cumm111-wism-aca01) >show sysinfo > > In ShowSysinfo: (cumm111-wism-aca01) >show sysinfo > > ShowSysinfo Data: Manufacturer's Name.............................. > Cisco Systems Inc. > > ShowSysinfo Data: Product Name..................................... > Cisco Controller > > ShowSysinfo Data: Product Version.................................. > 8.2.166.0 > > ShowSysinfo Data: RTOS Version..................................... > 8.2.166.0 > > ShowSysinfo Data: Bootloader Version............................... > 8.1.102.0 > > ShowSysinfo Data: Emergency Image Version.......................... > 8.1.102.0 > > ShowSysinfo Data: Build Type....................................... > DATA + WPS > > ShowSysinfo Data: System Name...................................... > cumm111-wism-aca01 > > ShowSysinfo Data: System Location.................................. > 111 Cummington St., Room B05 > > ShowSysinfo Data: System Contact................................... > Network Operations Center > > ShowSysinfo Data: System ObjectID.................................. > 1.3.6.1.4.1.9.1.2171 > > ShowSysinfo Data: Redundancy Mode.................................. > SSO > > ShowSysinfo Data: IP Address....................................... > 10.123.18.254 > > ShowSysinfo Data: IPv6 Address..................................... > :: > > ShowSysinfo Data: System Timezone Location......................... > > ShowSysinfo Data: System Stats Realtime Interval................... > 5 > > ShowSysinfo Data: System Stats Normal Interval..................... > 180 > > ShowSysinfo Data: Error: TIMEOUT reached > > Exiting ShowSysinfo: cumm111-wism-aca01.bu.edu: missed cmd(s): show > runnning-config > > cumm111-wism-aca01.bu.edu: missed cmd(s): show runnning-config > > cumm111-wism-aca01.bu.edu: End of run not found > > cumm111-wism-aca01.bu.edu: End of run not found > > !WLC Show Sysinfo End > > [rancid at nsgv-prod-59 ~]$ > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From weylin at bu.edu Tue Jul 31 17:36:11 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Tue, 31 Jul 2018 17:36:11 +0000 Subject: [rancid] Cisco WLC 8540 In-Reply-To: References: <12F20041-75F8-4BD2-A51E-E8E3A99E54BE@bu.edu> Message-ID: <46F81644-5B8A-4531-A826-56AFC8CC2F92@bu.edu> I tried both cisco-wlc4 and cisco-wlc5; I got identical behavior from both. 3.8 has a cisco-wlc8; I don?t know how that differs, but it?s not available to me in rancid 3.4.1. weylin From: Daniel Schmidt Date: Tuesday, July 31, 2018 at 1:30 PM To: Weylin Piegorsch Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Cisco WLC 8540 Why are you using cisco-wlc4? Isn't that for really old controllers? On Thu, Jul 26, 2018 at 3:13 PM, Piegorsch, Weylin William > wrote: Hello, Anyone know why I?m having an issue? Weylin [rancid at nsgv-prod-59 ~]$ rancid -V rancid 3.4.1 [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ [rancid at nsgv-prod-59 ~]$ rancid -d -t cisco-wlc4 cumm111-wism-aca01.bu.edu loadtype: device type cisco-wlc4 loadtype: found device type cisco-wlc4 in /usr/local/rancid/etc/rancid.types.base executing wlogin -t 90 -c"show udi;show sysinfo;show runnning-config" cumm111-wism-aca01.bu.edu PROMPT MATCH: \(cumm111-wism-aca01\) > HIT COMMAND:(cumm111-wism-aca01) >show udi In ShowUdi: (cumm111-wism-aca01) >show udi ShowUdi Data: NAME: "Chassis" , DESCR: "Cisco 8540 Wireless Controller" ShowUdi Data: PID: AIR-CT8540-K9, VID: V01, SN: FCH2117V2A3 Exiting ShowSysinfo: (cumm111-wism-aca01) >show sysinfo HIT COMMAND:(cumm111-wism-aca01) >show sysinfo In ShowSysinfo: (cumm111-wism-aca01) >show sysinfo ShowSysinfo Data: Manufacturer's Name.............................. Cisco Systems Inc. ShowSysinfo Data: Product Name..................................... Cisco Controller ShowSysinfo Data: Product Version.................................. 8.2.166.0 ShowSysinfo Data: RTOS Version..................................... 8.2.166.0 ShowSysinfo Data: Bootloader Version............................... 8.1.102.0 ShowSysinfo Data: Emergency Image Version.......................... 8.1.102.0 ShowSysinfo Data: Build Type....................................... DATA + WPS ShowSysinfo Data: System Name...................................... cumm111-wism-aca01 ShowSysinfo Data: System Location.................................. 111 Cummington St., Room B05 ShowSysinfo Data: System Contact................................... Network Operations Center ShowSysinfo Data: System ObjectID.................................. 1.3.6.1.4.1.9.1.2171 ShowSysinfo Data: Redundancy Mode.................................. SSO ShowSysinfo Data: IP Address....................................... 10.123.18.254 ShowSysinfo Data: IPv6 Address..................................... :: ShowSysinfo Data: System Timezone Location......................... ShowSysinfo Data: System Stats Realtime Interval................... 5 ShowSysinfo Data: System Stats Normal Interval..................... 180 ShowSysinfo Data: Error: TIMEOUT reached Exiting ShowSysinfo: cumm111-wism-aca01.bu.edu: missed cmd(s): show runnning-config cumm111-wism-aca01.bu.edu: missed cmd(s): show runnning-config cumm111-wism-aca01.bu.edu: End of run not found cumm111-wism-aca01.bu.edu: End of run not found !WLC Show Sysinfo End [rancid at nsgv-prod-59 ~]$ _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick.nauwelaerts at aquafin.be Tue Jul 31 20:16:00 2018 From: nick.nauwelaerts at aquafin.be (Nick Nauwelaerts) Date: Tue, 31 Jul 2018 20:16:00 +0000 Subject: [rancid] aerohive hiveos support Message-ID: heya, since we have around 200 aerohive devices and regretfully quite some issues related to hivemanager changing config settings due to bugs or inexperienced admins, i wanted to at least know what & when was changed. as such i'm trying to add support for hiveos (the operating system on aerohive access points). i borrowed erik muller's login script: ahlogin - https://github.com/ermuller/rancid-stuff/blob/master/ahrancid and set out to try & add the rest. at the moment configuration backups are working, as well as gathering some information on the devices. filtering of passwords/keys/snmp strings are done for the configs we're running, parsing the info might need some work but is fine for me. i'm making parsing more comprehensive based on the hiveos cli reverence in my spare time. the code can be found here: https://github.com/inphobia/rancid-aerohive-support it's based on a subversion checkout of rancid revision 3847. for a diff against rancid 3847 you can compare git branch 8147fec0ffa815e3c4ae6d3a63ef353b0b75f9cd to git branch master: https://github.com/inphobia/rancid-aerohive-support/compare/8147fec0ffa815e3c4ae6d3a63ef353b0b75f9cd...master for a console based version: git clone https://github.com/inphobia/rancid-aerohive-support.git git diff 8147fec0ffa815e3c4ae6d3a63ef353b0b75f9cd...master sidenote: even though the automake files (*.am) have been edited to add the newly added files, my automake version is giving me a hard time, so this has not been tested. tested on the following models/hardware model ap121, hiveos version 6.5r4 model ap121, hiveos version 6.5r8a model ap121, hiveos version 6.5r8b model ap121, hiveos version 6.5r9 model ap230, hiveos version 6.5r8b model ap250, hiveos version 8.0r1a model ap250, hiveos version 8.3r2 model ap250, hiveos version 8.3r5 anyone else out there using aerohive devices & willing to give this a spin? bonus question: it seems ahlogin is mostly clogin (rev 2376) with an extra regex added. clogin is general seems to have provisions for force10 & f5 devices. is there a guideline to fork clogin instead of adding to it? (i see positives & negatives in both approaches) thx in advance. // nick ________________________________ Volg Aquafin op Facebook | Twitter | YouTube | LinkedIN In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy. [https://www.aquafin.be/sites/aquafin/files/styles/paragraph_with_caption/public/2018-06/email_banner_web.jpg] P Denk aan het milieu. Druk deze mail niet onnodig af. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jul 31 21:14:20 2018 From: heas at shrubbery.net (heasley) Date: Tue, 31 Jul 2018 21:14:20 +0000 Subject: [rancid] Fortigate additional tweaks and device filters In-Reply-To: References: Message-ID: <20180731211419.GI72511@shrubbery.net> Fri, Jul 27, 2018 at 08:02:28AM -0500, Chris Wopat: > Hi Heasley and folks, > > Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to > filter out some additional chattiness, see: > > http://www.shrubbery.net/pipermail/rancid-discuss/2017-September/009871.html > http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html > > A few people chimed in seeming to be OK with the propsed changes, which are > to filter these things: > > next if (/^\s*IPS-ETDB: .*/); > next if (/^\s*APP-DB: .*/); > next if (/^\s*IPS Malicious URL Database: .*/); > next if (/^\s*Botnet DB: .*/); > > Mentioning this as 3.8 came out and i didn't notice any of these included. > > We have an additional fortigate tweak we make every time we update too, > which to change from 'show full-configuration' to just 'show' in > @commandtable. 'full-configuration' shows default config, just like the > cisco 'full' command. It's really not necessary IMO. This is from: r2258 | heas | 2010-10-11 20:49:05 +0000 (Mon, 11 Oct 2010) | 3 lines fnrancid: update recent fortinet software - Diego Ercolani Cleaned-up a little by me. afaict, the justification for full-configuration was so that VDOMs would be included in the output. perhaps this behavior has changed since this change?? I have none of these devices. From doug.hughes at keystonenap.com Tue Jul 31 21:17:42 2018 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Tue, 31 Jul 2018 17:17:42 -0400 Subject: [rancid] Fortigate additional tweaks and device filters In-Reply-To: <20180731211419.GI72511@shrubbery.net> References: <20180731211419.GI72511@shrubbery.net> Message-ID: <639c2aeb-8d74-8c38-39c0-e83b3f09c263@keystonenap.com> On 7/31/2018 5:14 PM, heasley wrote: > Fri, Jul 27, 2018 at 08:02:28AM -0500, Chris Wopat: >> Hi Heasley and folks, >> >> Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to >> filter out some additional chattiness, see: >> >> http://www.shrubbery.net/pipermail/rancid-discuss/2017-September/009871.html >> http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html >> >> A few people chimed in seeming to be OK with the propsed changes, which are >> to filter these things: >> >> next if (/^\s*IPS-ETDB: .*/); >> next if (/^\s*APP-DB: .*/); >> next if (/^\s*IPS Malicious URL Database: .*/); >> next if (/^\s*Botnet DB: .*/); >> >> Mentioning this as 3.8 came out and i didn't notice any of these included. >> >> We have an additional fortigate tweak we make every time we update too, >> which to change from 'show full-configuration' to just 'show' in >> @commandtable. 'full-configuration' shows default config, just like the >> cisco 'full' command. It's really not necessary IMO. > This is from: > r2258 | heas | 2010-10-11 20:49:05 +0000 (Mon, 11 Oct 2010) | 3 lines > > fnrancid: update recent fortinet software - Diego Ercolani > Cleaned-up a little by me. > > afaict, the justification for full-configuration was so that VDOMs would > be included in the output. perhaps this behavior has changed since this > change?? I have none of these devices. I think you are right.. I have a vague recollection of this as well. -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (439.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: