<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3132" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV dir=ltr align=left><SPAN class=625044318-16072007><FONT face=Arial
color=#0000ff size=2>Sam,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=625044318-16072007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=625044318-16072007><FONT face=Arial
color=#0000ff size=2>I have a working f5rancid that I have been using for a
number of months now. I have one minor bug related to tracking
installed SSL certs which you probably don't care about. Other than that,
it works great.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=625044318-16072007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=625044318-16072007><FONT face=Arial
color=#0000ff size=2>I did encounter and solve all the problems you
have been discussing on the list.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=625044318-16072007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=625044318-16072007><FONT face=Arial
color=#0000ff size=2>Let me know if you are interested in trying what I
have. I have tested it with Big-IP 9.1.2. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=625044318-16072007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=625044318-16072007><FONT face=Arial
color=#0000ff size=2>Mike</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> rancid-discuss-bounces@shrubbery.net
[mailto:rancid-discuss-bounces@shrubbery.net] <B>On Behalf Of </B>Sam
Munzani<BR><B>Sent:</B> Monday, July 16, 2007 10:58 AM<BR><B>To:</B>
smunzani@comcast.net<BR><B>Cc:</B>
rancid-discuss@shrubbery.net<BR><B>Subject:</B> [rancid] Re: F5 load balancer
support<BR></FONT><BR></DIV>
<DIV></DIV>BTW, this is what I see in the log when I do rancid-run now. That
means the f5rancid file(hacked copy of rancid) is still missing
something.<BR><BR>more nfl.20070716.114842<BR>starting: Mon Jul 16 11:48:42 CDT
2007<BR><BR><BR><BR>Trying to get all of the configs.<BR>test-f5-01: End of run
not found<BR>-bash: write: command not
found<BR>=====================================<BR>Getting missed routers: round
1.<BR>test-f5-01: End of run not found<BR>-bash: write: command not
found<BR>=====================================<BR>Getting missed routers: round
2.<BR>test-f5-01: End of run not found<BR>-bash: write: command not
found<BR>=====================================<BR>Getting missed routers: round
3.<BR>test-f5-01: End of run not found<BR>-bash: write: command not
found<BR>=====================================<BR>Getting missed routers: round
4.<BR>test-f5-01: End of run not found<BR>-bash: write: command not
found<BR><BR>cvs diff: Diffing .<BR>cvs diff: Diffing
configs<BR>nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
2007<BR><BR><BR><BR>Trying to get all of the configs.<BR>test-f5-01: End of run
not found<BR>-bash: write: command not
found<BR>=====================================<BR>Getting missed routers: round
1.<BR>test-f5-01: End of run not found<BR>-bash: write: command not
found<BR>=====================================<BR>Getting missed routers: round
2.<BR>test-f5-01: End of run not found<BR>-bash: write: command not
found<BR>=====================================<BR>Getting missed routers: round
3.<BR>test-f5-01: End of run not found<BR>-bash: write: command not
found<BR>=====================================<BR>Getting missed routers: round
4.<BR>test-f5-01: End of run not found<BR>-bash: write: command not
found<BR><BR>cvs diff: Diffing .<BR>cvs diff: Diffing configs<BR>cvs diff:
cannot find configs/test-f5-01<BR>cvs commit: Examining .<BR>cvs commit:
Examining configs<BR>cvs commit: Up-to-date check failed for
`configs/test-f5-01'<BR>cvs [commit aborted]: correct above errors first!<BR>ls:
test-f5-01: No such file or directory<BR><BR>ending: Mon Jul 16 11:49:41 CDT
2007<BR><BR>Thanks,<BR>Sam<BR>
<BLOCKQUOTE cite=mid:469BA174.1050902@comcast.net type="cite"><PRE wrap="">David,
Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?
Thanks,
Sam
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">Thanks for this tip, turns out that this is also the reason the
username gets entered at a prompt on the cisco IPS devices. Since it's
using SSH and therefore doesn't need a username prompt, solution was
to simply add in .cloginrc:
add userprompt ids* bldshgalsjd (<- something that won't get sent
during login)
Regards,
David
On 14/07/07, Lance <A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net"><rancid@gheek.net></A> wrote:
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">Sam,
Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
<A class=moz-txt-link-rfc2396E href="http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html">"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"</A>
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with
Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login.
but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">-------- Original Message --------
Subject: Re: [rancid] F5 load balancer support
From: Sam Munzani <A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net"><smunzani@comcast.net></A>
Date: Fri, July 13, 2007 2:30 pm
To: Lance <A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net"><rancid@gheek.net></A>
Cc: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</A>
Lance,
F5 login works fine with a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Password:
Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
root
[root@test-f5-01:Active] config # root
-bash: root: command not found
[root@test-f5-01:Active] config #
[root@test-f5-01:Active] config #
[root@test-f5-01:Active] config #
I don't know how to debug otherwise I would turn on debug too. If you
can provide some hints on debug, I would appreciate it.
Thanks,
Sam
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">-------- Original Message --------
Subject: [rancid] F5 load balancer support
From: Sam Munzani <A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net"><smunzani@comcast.net></A>
Date: Fri, July 13, 2007 12:45 pm
To: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</A>
Hi,
Did anybody happened to hack one of Cisco scripts to support
</PRE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE><PRE wrap="">BigIP F5
</PRE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><PRE wrap="">boxes? It should be pretty simple. All I want to do is login and
</PRE></BLOCKQUOTE></BLOCKQUOTE><PRE wrap="">type "b
</PRE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><PRE wrap="">list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied
</PRE></BLOCKQUOTE></BLOCKQUOTE><PRE wrap="">clogin
</PRE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><PRE wrap="">to f5login, copied rancid to f5rancid and added following to
</PRE></BLOCKQUOTE></BLOCKQUOTE><PRE wrap="">rancid-fe.
</PRE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><PRE wrap="">elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
</PRE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE><PRE wrap="">$router); }
</PRE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><PRE wrap="">Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if
</PRE></BLOCKQUOTE></BLOCKQUOTE><PRE wrap="">somebody
</PRE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><PRE wrap="">like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
<A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</A>
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
</PRE></BLOCKQUOTE><PRE wrap="">
</PRE></BLOCKQUOTE></BLOCKQUOTE><PRE wrap="">_______________________________________________
Rancid-discuss mailing list
<A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</A>
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
</PRE></BLOCKQUOTE></BLOCKQUOTE><PRE wrap=""><!---->
_______________________________________________
Rancid-discuss mailing list
<A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</A>
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
</PRE></BLOCKQUOTE><BR></BODY></HTML>