<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3157" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2>Sam,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2>What version is on your old boxes? 4.x? I don't
know how well f5rancid will work on BIG-IP 4.x as I do not have it to
test. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2>That said, along with all disclaimers of fitness for any
purpose or any liability for anything that might happen, I gave it a
quick attempt. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2>Here is a diff for f5login that you can test.
This tries to send the TERM type from your environment and defaults to vt100 if
it is not set. It replaces a chunk of Cisco related code that is not
needed.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2>418,421c418,424<BR><
-re "Enter Selection: "
{<BR><
# Catalyst 1900s have some lame menu.
Enter<BR><
# K to reach a
command-line.<BR><
send "K\r"<BR>---<BR>> -re "Terminal
type\?"
{<BR>>
# v4.x asks for term
type<BR>>
if {[info exists env(TERM)]}
{<BR>>
send
"$env(TERM)\r"<BR>>
} else
{<BR>>
send
"vt100\r"<BR>>
}<BR></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2>If that does not work, adjust the regex to match the
actual prompt and hardcode vt100 if necessary. If that
fails, send a screen capture of the normal login process and the results of
an f5login for comparison. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=883190218-29082007><FONT face=Arial
color=#0000ff size=2>Mike </FONT></SPAN><BR></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Sam Munzani [mailto:sam@munzani.com]
<BR><B>Sent:</B> Wednesday, August 29, 2007 11:50 AM<BR><B>To:</B> Mike
Ashcraft<BR><B>Cc:</B> Lance; rancid-discuss@shrubbery.net<BR><B>Subject:</B>
Re: [rancid] Re: F5 load balancer support<BR></FONT><BR></DIV>
<DIV></DIV>Team,<BR><BR>I am sorry to reopen this old thread but the question I
have relates to this old thread.<BR>Attached 2 rancid login files work fine on
newer F5 boxes. However on old boxes, it prompts for "term type" at the ssh
login. I need to insert logic in the script to answer to this "term type"
question. What's best way to handle it?<BR><BR>Pass it as an argument
like<BR>f5login -t vt100 device-name<BR><BR>and then catch the variable and add
necessary logic for the expect?<BR><BR>Thanks,<BR>Sam<BR>
<BLOCKQUOTE
cite=mid:45EB285310B55542A513F93230F0A5330115DB4F@EXCHANGE0.orm.omniture.com
type="cite">
<META content="MSHTML 6.00.2900.3132" name=GENERATOR>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial
color=#0000ff size=2>I have been on vacation for the last couple
of weeks or I would have posted this sooner and possibly saved some of
you a bit of effort. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial
color=#0000ff size=2>It sounds like Lance and Sam have put together
a working f5rancid with basic functionality which Sam posted last
night. I have attached my f5rancid which I have been running for a
few months. Installation instructions are included as comments in
the file. This version uses clogin so that a separate f5login script is
not required.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007></SPAN><SPAN
class=308284916-17072007></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial
color=#0000ff size=2>This version formats and processes the output to
make it more usable. As far as what is captured, I based this on
the F5 equivalent of a tech out. It grabs a copy of all the
configuration files, hardware configuration and software version as well as
the timestamps and file sizes for SSL certs hosted on the device. This
facilitates rebuilding from scratch as quickly as possible if this is ever
needed.</FONT> <FONT face=Arial color=#0000ff
size=2> </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007></SPAN><SPAN
class=308284916-17072007></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial
color=#0000ff size=2>I was able to resolve the bug I mentioned yesterday
by increasing the clogin timeout. On a small number of devices
it failed to process the last few commands when running from cron but always
worked properly from the command line on all devices [making it difficult to
track down]. I mention this because it may be an appropriate fix
for other intermittent problems sometimes discussed on this
list.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial
color=#0000ff size=2>Any feedback is appreciated. I hope to get f5
support added to future releases of rancid. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial
color=#0000ff size=2>Thanks,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial
color=#0000ff size=2>Mike</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007></SPAN> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Sam Munzani [<A
class=moz-txt-link-freetext
href="mailto:sam@munzani.com">mailto:sam@munzani.com</A>] <BR><B>Sent:</B>
Monday, July 16, 2007 7:49 PM<BR><B>To:</B> Lance<BR><B>Cc:</B> Mike Ashcraft;
<A class=moz-txt-link-abbreviated
href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</A><BR><B>Subject:</B>
Re: [rancid] Re: F5 load balancer
support<BR></FONT><BR></DIV>Lance,<BR><BR>Thanks a lot for all your help.
Pretty much you did all the work while I watched what you are doing
:-)..<BR><BR>Attached are cleaned up files. In f5rancid file, I have left some
basic functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a new device
type "f5", f5login was copied from clogin and remarked some "term length"
statements we don't need on F5.<BR><BR>All 3 files are attached and working
great. Please be aware, we are not parsing anything at all. All its doing is
basic function of running "b list" command and capturing its output. As I
expand more on this, I will be sure to share with the audience
here.<BR><BR>Again, thanks a lot for all your help
today.<BR><BR>Regards,<BR>Sam<BR>
<BLOCKQUOTE
cite=mid:20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net
type="cite"><PRE wrap="">I have helped Sam get a working f5rancid which requires a f5login (only
because it doesn't recognize the prompt with a space and exit, unless
you enter a return before the exit). He is cleaning up all the unused
functions and will post it.
Once John H. sends out his script I will look at it and see how it
differs from the one I did with Sam. I will even help Sam get it working
for his setup. We will let you know when it is all working.
-lance
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
From: "Mike Ashcraft" <A class=moz-txt-link-rfc2396E href="mailto:mashcraft@omniture.com" moz-do-not-send="true"><mashcraft@omniture.com></A>
Date: Mon, July 16, 2007 11:48 am
To: <A class=moz-txt-link-rfc2396E href="mailto:sam@munzani.com" moz-do-not-send="true"><sam@munzani.com></A>
Cc: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net" moz-do-not-send="true">rancid-discuss@shrubbery.net</A>
Sam,
I have a working f5rancid that I have been using for a number of months
now. I have one minor bug related to tracking installed SSL certs
which you probably don't care about. Other than that, it works great.
I did encounter and solve all the problems you have been discussing on
the list.
Let me know if you are interested in trying what I have. I have tested
it with Big-IP 9.1.2.
Mike
________________________________
From: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss-bounces@shrubbery.net" moz-do-not-send="true">rancid-discuss-bounces@shrubbery.net</A>
[<A class=moz-txt-link-freetext href="mailto:rancid-discuss-bounces@shrubbery.net" moz-do-not-send="true">mailto:rancid-discuss-bounces@shrubbery.net</A>] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: <A class=moz-txt-link-abbreviated href="mailto:smunzani@comcast.net" moz-do-not-send="true">smunzani@comcast.net</A>
Cc: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net" moz-do-not-send="true">rancid-discuss@shrubbery.net</A>
Subject: [rancid] Re: F5 load balancer support
BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
        David,
        
        Thanks a lot for the tip. This worked well. Now f5login goes
much more
        cleaner and the "root" doesn't set sent again. I still have
other issues
        where rancid-run is backing up config properly but I am still
        troubleshooting it.
        
        Now here is a question. What does "bldshgalsjd" mean and how
does it do
        this miracle?
        
        Thanks,
        Sam
        
                Thanks for this tip, turns out that this is also the
reason the
                username gets entered at a prompt on the cisco IPS
devices. Since it's
                using SSH and therefore doesn't need a username prompt,
solution was
                to simply add in .cloginrc:
                
                add userprompt ids* bldshgalsjd (<- something that
won't get sent
                during login)
                
                Regards,
                
                David
                
                On 14/07/07, Lance <A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net" moz-do-not-send="true"><rancid@gheek.net></A>
<A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net" moz-do-not-send="true"><mailto:rancid@gheek.net></A> wrote:
                
                        Sam,
                        
                        Have you tried using telnet to login, if the f5
has it enabled.
                        You may also want to set auto enable in your
.cloginrc for this device
                        as it looks to clogin as you are already in a
cisco equivalent equal to
                        enable since your prompt has a # sign in it.
                        
                        Looking at your next email along with this one
it looks like you are
                        already in a cisco equivalent of enable after
you login. f5login seems
                        to be sending your username of root as a command
after you get connected
                        because it sees this line "Last login: Fri Jul
13 14:38:03 2007 from
                        172.24.100.12" and it matches on the word
"Login". See below.
                        
                        "(Username|Login|login|user name):"? yes
                        
                        expect: set expect_out(0,string) "login:"
                        
                        expect: set expect_out(1,string) "login"
                        
                        expect: set expect_out(spawn_id) "exp4"
                        
                        expect: set expect_out(buffer) " \r\nLast
login:"
                        
                        send: sending "root\r" to { exp4 }
                        
                        expect: continuing expect
                        
                        You are just using a Cisco login/parsing script
so it expects prompts
                        from a Cisco device and in this case you have a
*nix SSH banner that
                        gets interrupted. I know you can use RANCID to
backup *nix systems. So
                        it knows how to understand connecting to a *nix
system. You might want
                        to try this email thread which asks about
backing up Linux conifgs.
        
<A class=moz-txt-link-rfc2396E href="http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" moz-do-not-send="true">"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"</A>
<A class=moz-txt-link-rfc2396E href="http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" moz-do-not-send="true"><http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml></A>
                        
                        Or you could modify the existing f5login like
so.
                        
                        I think you have to use the carrot before the ()
to work. I haven't
                        checked this as I am at home and not on a UNIX
system right now. Sorry
                        to lazy to check it out right now. You might
want to uncomment the line
                        below 3. and comment out the line below 2. and
see if that works. This
                        is the only point in the code that I see it look
for login in any line.
                        If that doesn't work send me back the debug and
I will see what I can
                        do. I am sure some people that use expect more
often then I can probably
                        quickly tell you what to use as syntax there.
                        
                        # Figure out prompts
                         set u_prompt [find userprompt $router
                        if { "$u_prompt" == "" } {
                         #1. ORIGINAL
                         #set u_prompt
"^(Username|Login|login|user name):"
                         #2. Modified to read for a line beginning
with
                        Username,Login,login, or
                        user name.
                         set u_prompt "^(Username|Login|login|user
name):"
                         #3. Modified to read for a line beginning
with Login or login.
                        but I
                        may be wrong
                         #set u_prompt
"^(Username|^Login|^login|user name):"
                         } else {
                         set u_prompt [join [lindex $u_prompt 0]
""]
                        
                        
                        Let me know if this works for you.
                        
                        -Lance
                        
                        
                                -------- Original Message --------
                                Subject: Re: [rancid] F5 load balancer
support
                                From: Sam Munzani <A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net" moz-do-not-send="true"><smunzani@comcast.net></A>
<A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net" moz-do-not-send="true"><mailto:smunzani@comcast.net></A>
                                Date: Fri, July 13, 2007 2:30 pm
                                To: Lance <A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net" moz-do-not-send="true"><rancid@gheek.net></A>
<A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net" moz-do-not-send="true"><mailto:rancid@gheek.net></A>
                                Cc: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net" moz-do-not-send="true">rancid-discuss@shrubbery.net</A>
                                
                                Lance,
                                
                                F5 login works fine with a minor error.
                                
                                $ f5login test-f5-01
                                test-f5-01
                                spawn ssh -c 3des -x -l root test-f5-01
                                Password:
                                Last login: Fri Jul 13 14:26:28 2007
from 172.24.100.12
                                root
                                [root@test-f5-01:Active] config # root
                                -bash: root: command not found
                                [root@test-f5-01:Active] config #
                                [root@test-f5-01:Active] config #
                                [root@test-f5-01:Active] config #
                                
                                I don't know how to debug otherwise I
would turn on debug too. If you
                                can provide some hints on debug, I would
appreciate it.
                                
                                Thanks,
                                Sam
                                
                                What error(s) do you get when you try to
run your f5rancid?
                                
                                Where does it fail if you debug your
f5login?
                                
                                
                                -lance
                                
                                
                                
                                -------- Original Message --------
                                Subject: [rancid] F5 load balancer
support
                                From: Sam Munzani <A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net" moz-do-not-send="true"><smunzani@comcast.net></A>
<A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net" moz-do-not-send="true"><mailto:smunzani@comcast.net></A>
                                Date: Fri, July 13, 2007 12:45 pm
                                To: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net" moz-do-not-send="true">rancid-discuss@shrubbery.net</A>
                                
                                Hi,
                                
                                Did anybody happened to hack one of
Cisco scripts to support
                                
                        BigIP F5
                        
                                boxes? It should be pretty simple. All I
want to do is login and
                                
                                type "b
                                
                                list" which is equivalent of "show run"
on cisco.
                                
                                However for some reason things not
working. All I did was copied
                                
                                clogin
                                
                                to f5login, copied rancid to f5rancid
and added following to
                                
                                rancid-fe.
                                
                                elsif ($vendor =~ /^f5$/i)
{ exec('f5rancid',
                                
                        $router); }
                        
                                Then modified f5 rancid file and kept
only one command in list of
                                commands "b list".
                                
                                For some reason its not working. I can
post my configs here if
                                
                                somebody
                                
                                like to see them.
                                
                                Thanks,
                                Sam
        
_______________________________________________
                                Rancid-discuss mailing list
                                <A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net" moz-do-not-send="true">Rancid-discuss@shrubbery.net</A>
        
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" moz-do-not-send="true">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
                                
                                
                                
                                
                        _______________________________________________
                        Rancid-discuss mailing list
                        <A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net" moz-do-not-send="true">Rancid-discuss@shrubbery.net</A>
        
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" moz-do-not-send="true">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
                        
                        
        
        _______________________________________________
        Rancid-discuss mailing list
        <A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net" moz-do-not-send="true">Rancid-discuss@shrubbery.net</A>
        <A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" moz-do-not-send="true">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A><hr>_______________________________________________
Rancid-discuss mailing list
<A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net" moz-do-not-send="true">Rancid-discuss@shrubbery.net</A>
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" moz-do-not-send="true">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
</PRE></BLOCKQUOTE><PRE wrap=""><!---->
_______________________________________________
Rancid-discuss mailing list
<A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net" moz-do-not-send="true">Rancid-discuss@shrubbery.net</A>
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" moz-do-not-send="true">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
</PRE></BLOCKQUOTE><BR></BLOCKQUOTE><BR></BODY></HTML>