<div dir="ltr"><div><br></div><div><div class="gmail_quote"><div dir="ltr">On Tue, Sep 13, 2016 at 7:36 AM heasley <<a href="mailto:heas@shrubbery.net" target="_blank">heas@shrubbery.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Tue, Sep 13, 2016 at 12:40:10AM +1200, Daniel Kerse:<br>
> Hello Shaun <a href="http://et.al" rel="noreferrer" target="_blank">et.al</a>.,<br>
><br>
> Are you playing with the TERM environment variable at all?<br>
> Have you tried enabling debug on your cron job and then (re)checking:<br>
> 1. the logs?<br>
> 2. the resulting .raw files?<br>
><br>
> I'm also running version 3.2 (the latest available under EPEL) with<br>
> some F5s of various vintage.<br>
><br>
> Firstly to recap what is already known by this mailing list:<br>
> - circa BIG-IP v9.x -> v10.x the tmsh shell was introduced in addition<br>
> to the pre-existing bigpipe.<br>
> - circa BIG-IP v10.x -> v11.x the old bigpipe shell was removed.<br>
> - (At least for BIG-IP v11.x and earlier) you must set TERM=vt100-w in<br>
> order to run some commands. This problem would only become apparent<br>
<br>
Do you mean that it required that specific term type, or just that it<br>
required that term be set to something other than dumb or network?<br></blockquote><div><br></div><div>That specific terminal type is required in some cases. I think if the prompt plus the command gets longer than something like 80 characters you start getting control characters showing up in the middle of that line which causes a regex match to fail.</div><div><br></div><div>This has been the topic of previous discussion:</div><div><span style="line-height:1.5"><a href="http://www.shrubbery.net/pipermail/rancid-discuss/2014-July/007767.html">http://www.shrubbery.net/pipermail/rancid-discuss/2014-July/007767.html</a></span><br></div><div><div><a href="http://www.shrubbery.net/pipermail/rancid-discuss/2015-February/008038.html">http://www.shrubbery.net/pipermail/rancid-discuss/2015-February/008038.html</a></div></div><div><a href="http://www.shrubbery.net/pipermail/rancid-discuss/2015-July/008603.html">http://www.shrubbery.net/pipermail/rancid-discuss/2015-July/008603.html</a><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
> when running via CRON, When running rancid manually at the CLI<br>
> everything looks honky dory.. In my case the following commands would<br>
> fail (via CRON):<br>
> "ls --full-time --color=never /config/ssl/ssl.crt"<br>
> "ls --full-time --color=never /config/ssl/ssl.key"<br>
> "tmsh show /net route static"<br>
> - Someone mentioned that you need to run "tmsh -q -c 'cd / \;list<br>
> recursive" to get everything out of the partitions.<br>
> - Was this circa v11.x? I forget. I need to do more research here<br>
> as I've almost got around that issue that had people setting up shell<br>
> scripts on their F5s to make it work... more on that later.<br></blockquote><div><br></div><div>I believe the "cd / ; list recursive" might required on 11.x (and presumably later) with partitions.</div><div><a href="http://www.shrubbery.net/pipermail/rancid-discuss/2014-August/007790.html">http://www.shrubbery.net/pipermail/rancid-discuss/2014-August/007790.html</a><br></div><div>If I ever get this to fallback gracefully to "list" I'll let you know.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
><br>
><br>
> Now here's the interesting thing I've noticed on v12.x . Perhaps this<br>
> is widely known in the F5 community but I haven't read about it<br>
> anywhere.<br>
> - Somewhere around BIG-IP v11.x -> v12.x the vt100-w terminal started<br>
> misbehaving.<br>
> - If I have TERM set to vt100-w and enable debug I see this error<br>
> message in the logs:<br>
> "Warning, can't fully initialize terminal, TERM is set to<br>
> "vt100-w", status (0)"<br>
<br>
that implies that the type is unknown or there is no pty.<br></blockquote><div><br></div><div>I tend to agree. Maybe this type is unknown to more recent versions of BIG-IP despite working in older releases.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
> - Now I think again if you run via CLI it might appear to work OK<br>
> but not via CRON.<br>
><br>
><br>
> So now you end up in a difficult situation in BIG-IP v12:<br>
> - TERM=vt100-w fails via CRON because it's broken<br>
> - TERM=network (or similar) fails via CRON because some commands<br>
> require it to stop the junk showing up mid-line.<br>
> - Either case works via CLI.<br>
><br>
> So you can end up with a rather fiddly rancid.types.conf file.<br>
> Something like this (work in progress):<br>
><br>
> # F5s running 9.3.1 seem to lack tmsh support so we will use a<br>
> (slightly modified) version of f5rancid<br>
> bigip-v9;script;f5rancid-v9<br>
> bigip-v9;login;clogin<br>
><br>
> # F5s running 11.4.1 and 12.0.0 seem to lack bigpipe support.<br>
> # For some reason turning off debug flag causes problems for "tmsh -q<br>
> -c 'cd / \;list recursive'" I don't know why.<br>
> bigip-v10-11;script;rancid -t bigip-v10-11<br>
> bigip-v10-11;login;clogin<br>
> bigip-v10-11;module;bigip<br>
> bigip-v10-11;inloop;bigip::inloop<br>
> bigip-v10-11;command;bigip::ShowVersion;tmsh show /sys version<br>
> bigip-v10-11;command;bigip::ShowHardware;tmsh show /sys hardware<br>
> bigip-v10-11;command;bigip::ShowLicense;tmsh show /sys license<br>
> bigip-v10-11;command;bigip::ShowSslCrt;ls --full-time --color=never<br>
> /config/ssl/ssl.crt<br>
> bigip-v10-11;command;bigip::ShowSslKey;ls --full-time --color=never<br>
> /config/ssl/ssl.key<br>
> bigip-v10-11;command;bigip::ShowZebOSconf;cat /config/ZebOS.conf<br>
> bigip-v10-11;command;bigip::ShowZebOSsockets;lsof -i :179<br>
> bigip-v10-11;command;bigip::ShowRouteStatic;tmsh show /net route static<br>
> # This one seems to get confused<br>
> #bigip-v10-11;command;bigip::WriteTerm;tmsh -q -c 'cd / \;list recursive'<br>
> bigip-v10-11;command;bigip::WriteTerm;tmsh -q list<br>
><br>
> # F5s running 12.0.0 seem to lack support for vt100-w terminal type.<br>
> # Error Message:<br>
> # "Warning, can't fully initialize terminal, TERM is set to "vt100-w",<br>
> status (0)"<br>
> # As a result ShowSslCrt, ShowSslKey and ShowRouteStatic don't work.<br>
> # For some reason turning off debug flag causes problems for "tmsh -q<br>
> -c 'cd / \;list recursive'" I don't know why.<br>
> bigip-v12;script;rancid -dt bigip-v12<br>
> bigip-v12;login;clogin<br>
> bigip-v12;module;bigip12<br>
> bigip-v12;inloop;bigip12::inloop<br>
> bigip-v12;command;bigip12::ShowVersion;tmsh show /sys version<br>
> bigip-v12;command;bigip12::ShowHardware;tmsh show /sys hardware<br>
> bigip-v12;command;bigip12::ShowLicense;tmsh show /sys license<br>
> #bigip-v12;command;bigip12::ShowSslCrt;ls --full-time --color=never<br>
> /config/ssl/ssl.crt<br>
> #bigip-v12;command;bigip12::ShowSslKey;ls --full-time --color=never<br>
> /config/ssl/ssl.key<br>
> bigip-v12;command;bigip12::ShowZebOSconf;cat /config/ZebOS.conf<br>
> bigip-v12;command;bigip12::ShowZebOSsockets;lsof -i :179<br>
> #bigip-v12;command;bigip12::ShowRouteStatic;tmsh show /net route static<br>
> #bigip-v12;command;bigip12::WriteTerm;tmsh -q -c 'cd / \;list recursive'<br>
> bigip-v12;command;bigip12::WriteTerm;tmsh -q list<br>
><br>
> # Huawei support not provided out of the box, added after the fact.<br>
> # Let me know if you want me to post this, it's a bit OT for this thread..<br>
> huawei;script;rancid -t huawei<br>
> huawei;login;hulogin<br>
> huawei;module;huawei<br>
> huawei;inloop;huawei::inloop<br>
> huawei;command;huawei::DisplayVersion;display version<br>
> huawei;command;huawei::DisplayPatchInfo;display patch-information<br>
> huawei;command;huawei::DisplayDevice;display esn<br>
> huawei;command;huawei::DisplayDevice;display device<br>
> huawei;command;huawei::DisplayDevice;display device manufacture-info<br>
> huawei;command;huawei::DisplayDevice;display device pic-status<br>
> huawei;command;huawei::DisplayElabel;display device elabel<br>
> huawei;command;huawei::DisplayElabel;display elabel<br>
> huawei;command;huawei::DisplayTransceiver;display interface transceiver<br>
> huawei;command;huawei::DisplayLicense;display license<br>
> huawei;command;huawei::WriteTerm;display current-configuration<br>
><br>
> With also the following customizations:<br>
><br>
> 1) To make "tmsh -q -c 'cd / \;list recursive'" do something useful<br>
> the following change to <a href="http://rancid.pm" rel="noreferrer" target="_blank">rancid.pm</a> is required, otherwise the split is<br>
> too aggressive.<br>
> *******<br>
> < my($type, $directive, $value, $value2) = split('\;');<br>
> ---<br>
> > #my($type, $directive, $value, $value2) = split('\;');<br>
> > my($type, $directive, $value, $value2) = split('\;', $_, 4);<br>
> *******<br>
> 2) Following changes made to <a href="http://bigip.pm" rel="noreferrer" target="_blank">bigip.pm</a> (from rancid 3.5). There might<br>
> be a bug here still as uncommenting the ";tmsh -q -c 'cd / \;list<br>
> recursive'" line above seems to lead to unnecessary reattempts at<br>
> config collection - but only when debug is disabled for some reason.<br>
> *******<br>
> 5c5<br>
> < ## rancid 3.5<br>
> ---<br>
> > ## rancid 3.5 plus some customisations.<br>
> 66c66,67<br>
> < use rancid 3.5;<br>
> ---<br>
> > #use rancid 3.5;<br>
> > use rancid 3.2;<br>
> 74c75<br>
> < $ENV{'TERM'} = "vt100";<br>
> ---<br>
> > $ENV{'TERM'} = "vt100-w";<br>
> 183a185<br>
> > s/^\ \ ([0-9]+)(\ +).*Air\ Outlet/ $1$2REMOVED Air Outlet/i;<br>
> 184a187,188<br>
> > s/^\ \ ([0-9]+)(\ +).*ADM1026/ $1$2REMOVED ADM1026/i;<br>
> > s/^\ \ ([0-9]+)(\ +).*Main\ board(.*)$/ $1$2REMOVED Main board$3/i;<br>
> 185a190<br>
> > s/^\ \ ([0-9]+)(\ +)[0-9]+\ +[0-9]+\ +[0-9]+/ $1$2REMOVED REMOVED REMOVED/;<br>
> 218a224,272<br>
> > # This routine parses "ls --full-time --color=never /config/ssl/ssl.crt"<br>
> > sub ShowSslCrt {<br>
> > my($INPUT, $OUTPUT, $cmd) = @_;<br>
> > my($line) = (0);<br>
> > print STDERR " In ShowSslCrt: $_" if ($debug);<br>
> ><br>
> > while (<$INPUT>) {<br>
> > tr/\015//d;<br>
> > # v9 software license does not have CR at EOF<br>
> > s/^#-+($prompt.*)/$1/;<br>
> > last if (/^$prompt/);<br>
> > next if (/^(\s*|\s*$cmd\s*)$/);<br>
> > return(1) if /^\s*\^\s*$/;<br>
> > return(1) if /(Invalid input detected|Type help or )/;<br>
> > return(-1) if (/command authorization failed/i);<br>
> ><br>
> > if (!$line++) {<br>
> > ProcessHistory("ShowSslCrt","","","#\n#/config/ssl/ssl.crt:\n");<br>
> > }<br>
> > ProcessHistory("ShowSslCrt","","","# $_") && next;<br>
> > }<br>
> > return(0);<br>
> > }<br>
> ><br>
> > # This routine parses "ls --full-time --color=never /config/ssl/ssl.key"<br>
> > sub ShowSslKey {<br>
> > my($INPUT, $OUTPUT, $cmd) = @_;<br>
> > my($line) = (0);<br>
> > print STDERR " In ShowSslKey: $_" if ($debug);<br>
> ><br>
> > while (<$INPUT>) {<br>
> > tr/\015//d;<br>
> > # v9 software license does not have CR at EOF<br>
> > s/^#-+($prompt.*)/$1/;<br>
> > last if (/^$prompt/);<br>
> > next if (/^(\s*|\s*$cmd\s*)$/);<br>
> > return(1) if /^\s*\^\s*$/;<br>
> > return(1) if /(Invalid input detected|Type help or )/;<br>
> > return(-1) if (/command authorization failed/i);<br>
> ><br>
> > if (!$line++) {<br>
> > ProcessHistory("ShowSslKey","","","#\n#/config/ssl/ssl.key:\n");<br>
> > }<br>
> > ProcessHistory("ShowSslKey","","","# $_") && next;<br>
> > }<br>
> > return(0);<br>
> > }<br>
> ><br>
> ><br>
> 290a345,347<br>
> > return (1) if (/Syntax Error: unexpected argument/);<br>
> > return (0) if ($found_end); # Only run this routine once.<br>
> ><br>
> 297c354<br>
> < $found_end++;<br>
> ---<br>
> > $found_end = 1;<br>
><br>
> *******<br>
> Also:<br>
> *******<br>
> $ diff <a href="http://bigip.pm" rel="noreferrer" target="_blank">bigip.pm</a> <a href="http://bigip12.pm" rel="noreferrer" target="_blank">bigip12.pm</a><br>
> 1c1<br>
> < package bigip;<br>
> ---<br>
> > package bigip12;<br>
> 75c75<br>
> < $ENV{'TERM'} = "vt100-w";<br>
> ---<br>
> > $ENV{'TERM'} = "vt100";<br>
> *******<br>
> And:<br>
> *******<br>
> $ diff f5rancid f5rancid-v9<br>
> 64c64,65<br>
> < $ENV{'TERM'} = "vt100";<br>
> ---<br>
> > #$ENV{'TERM'} = "vt100";<br>
> > $ENV{'TERM'} = "vt100-w";<br>
> 186a188,191<br>
> > if (/^(\s*)community \S+/ && $filter_commstr) {<br>
> > ProcessHistory("SHOWBASE","","","# $1community <removed>\n");<br>
> > next;<br>
> > }<br>
> 190a196,199<br>
> > if (/^(\s*)password crypt \S+/) {<br>
> > ProcessHistory("SHOWBASE","","","# $1password crypt <removed>\n");<br>
> > next;<br>
> > }<br>
> 225c234,236<br>
> <<br>
> ---<br>
> > if (/^(.*)\.password = / && $filter_pwds >= 1) {<br>
> > ProcessHistory("SHOWDB","","","# $1.password = <removed>\n") && next;<br>
> > }<br>
> 269a281,286<br>
> > if (/^(\s*)monitor state (up|down)$/) {<br>
> > ProcessHistory("SHOWDB","","","# $1monitor state <removed>\n") && next;<br>
> > }<br>
> > if (/^(\s*)community \S+/ && $filter_commstr) {<br>
> > ProcessHistory("SHOWDB","","","# $1community <removed>\n") && next;<br>
> > }<br>
> 277c294<br>
> < if (/^(\s*)password / && $filter_pwds >= 1) {<br>
> ---<br>
> > if (/^(\s*)password (\w*)/ && $filter_pwds >= 1 && $2 ne "none") {<br>
> 427a445,447<br>
> > return (1) if (/BIGpipe:.*: syntax error/);<br>
> > return (0) if ($found_end); # Only do this routine once<br>
> ><br>
> 441a462,465<br>
> > if (/^(\s*)community \S+/ && $filter_commstr) {<br>
> > ProcessHistory("","","","# $1community <removed>\n") && next;<br>
> > }<br>
> ><br>
> 532a557<br>
> > {'bigpipe list all' => 'WriteTerm'},<br>
> *******<br></blockquote><div><br></div><div>Kind Regards, </div><div>Dan </div></div></div></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><p dir="ltr">Kind Regards,<br>
Dan Kerse<br>
+64 29 920 3745</p>
</div>