<div dir="ltr">Indeed, the cron file that I've shared previously was the default one from the rpm /etc/cron.d/rancid.<br>I've already tried the rancid user specific crontab but that behaves exactly the same.<div><div>Given the format of the output from the .raw file (<i>set cli scripting</i><i>-mode on</i> for example is not on a single line), maybe rancid is having trouble parsing the output; I've tried adjusting the TERM and COLUMNS env vars and even changed the hostname to something very short but without success.</div>That's what's been puzzling me: on one hand it looks like an env issue but on the other even when run from the rancid user's crontab it still does not work and I cannot pinpoint what exactly fails.</div><div><br></div><div>Thanks,<br>Lucian Lepadatu<br class="gmail-Apple-interchange-newline"></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jul 27, 2023 at 6:02 AM Piegorsch, Weylin William <<a href="mailto:weylin@bu.edu">weylin@bu.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg4407485424228472911">
<div lang="EN-US" style="overflow-wrap: break-word;">
<div class="m_4407485424228472911WordSection1">
<p class="MsoNormal">From the CRON file you shared, it looks like you’re executing this in the crontab in /etc? I find it more reliable to execute system management tasks there (logrotate; updatedb; and so forth), but for rancid’s environment to be setup correctly
when using rancid’s personal CRON file.<u></u><u></u></p>
<p class="MsoNormal">“sudo su - rancid ; crontab -e” <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Just remember that in a user’s crontab you don’t need to specify the user.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<table border="0" cellspacing="0" cellpadding="0" align="left" width="98%" style="width:98%">
<tbody>
<tr>
<td width="13%" valign="top" style="width:13%;border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(204,204,204);padding:11.25pt 0in 0in">
<p class="MsoNormal">
<span style="color:rgb(0,32,96)"><img width="66" height="30" style="width: 0.6875in; height: 0.3125in;" id="m_4407485424228472911Picture_x0020_1" src="cid:1899708dfc44ce8e91" alt="signature_1593189312"></span><span style="font-size:12pt"><u></u><u></u></span></p>
<p class="MsoNormal">
<span style="color:rgb(0,32,96)"> </span><span style="font-size:12pt"><u></u><u></u></span></p>
</td>
<td width="86%" valign="top" style="width:86%;border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(204,204,204);padding:11.25pt 0in 0in 7.5pt">
<p class="MsoNormal">
<b><span style="color:rgb(0,32,96)">Weylin Piegorsch </span></b><span style="color:rgb(0,32,96)">| </span><span style="font-size:10pt;color:rgb(0,32,96)"> Manager, Network Engineering</span><span style="font-size:12pt"><u></u><u></u></span></p>
<p class="MsoNormal">
<span style="font-size:10pt;color:rgb(0,32,96)">Boston University Information Services & Technology<br>
<a href="mailto:weylin@bu.edu" target="_blank"><span style="color:rgb(5,99,193)">w</span><span style="font-size:11pt;color:rgb(5,99,193)">eylin</span><span style="color:rgb(5,99,193)">@bu.edu</span></a> | 617.353.8128 | <a href="http://www.bu.edu/tech" title="http://www.bu.edu/tech" target="_blank"><span style="color:rgb(149,79,114)">bu.edu/tech</span></a></span><span style="font-size:12pt"><u></u><u></u></span></p>
<p class="MsoNormal">
<b><span style="font-size:10pt;color:rgb(0,32,96)">Listen. Learn. Lead.</span></b><span style="font-size:12pt"><u></u><u></u></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0in 0in">
<p class="MsoNormal"><b>From:</b> Lucian-Ionut Lepadatu <<a href="mailto:lepadatu.lucian@gmail.com" target="_blank">lepadatu.lucian@gmail.com</a>>
<br>
<b>Sent:</b> Wednesday, July 26, 2023 9:47 AM<br>
<b>To:</b> <a href="mailto:rancid-discuss@www.shrubbery.net" target="_blank">rancid-discuss@www.shrubbery.net</a><br>
<b>Subject:</b> [rancid] rancid-run doesn't work from cron for panorama but works manually<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Hello,<br>
<br>
I am trying to make rancid pull the configs from a pair of Palo Alto Panorama devices.<u></u><u></u></p>
<div>
<p class="MsoNormal">I've installed it on an Alma Linux 9 box with the default package from epel (rancid.x86_64 3.13-7.el9).<br>
I have in router.db a list of Palo Alto firewalls and a pair of Panorama devices. Login to all devices works.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">If I login with the rancid user and run rancid-run from the shell ([rancid@rancidbox ~]$ /usr/libexec/rancid/rancid-run) it gets the config for all devices.<br>
If I login as root and run rancid run as the rancid user ("[rancid@rancidbox ~]# sudo -u rancid /usr/libexec/rancid/rancid-run") it also works for all devices.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">But if I try to run it from cron as the user rancid, it works for the firewalls but not for panorama.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12pt"><br>
The cron entry looks like this:<br>
<br>
<i>SHELL=/bin/bash<br>
PATH=/sbin:/bin:/usr/sbin:/usr/bin<br>
MAILTO=root<br>
HOME=/var/rancid<br>
<br>
0 */8 * * * rancid /usr/libexec/rancid/rancid-run</i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">In the rancid logs I see:<br>
<i>missed cmd(s): all commands<br>
End of run not found<br>
panlogin error: Error: TIMEOUT reached</i><br>
<br>
I've managed to capture the .raw and .new files for a panorama device when rancid-run was executed from cron and looks like it connects to the device but it gets stuck:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12pt"><br>
<i>[rancid@rancidbox ~]$ cat network-devices/configs/panorama_hostname.internal.domain.raw<br>
panorama_hostname.internal.domain<br>
spawn ssh -x -l rancid_login_user panorama_hostname.internal.domain<br>
*************************************************************************<br>
* *<br>
* WARNING! Access to this device is restricted *<br>
* to those individuals with specific *<br>
* permissions. If you are not an authorized user *<br>
* disconnect now. *<br>
* *<br>
* Any attempts to gain unauthorized access *<br>
* will be prosecuted to the fullest *<br>
* extent of the law. *<br>
* *<br>
*************************************************************************<br>
(<a href="mailto:rancid_login_user@panorama_hostname.internal.domain" target="_blank">rancid_login_user@panorama_hostname.internal.domain</a>) Password:
<br>
Last login: Wed Jul 26 11:51:59 2023 from IP.XXX.YYY.ZZZ<br>
No entry for terminal type "network";<br>
using dumb terminal settings.<br>
<br>
<br>
<br>
Number of failed attempts since last successful login: 0<br>
<br>
<br>
<br>
<a href="mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)" target="_blank">rancid_login_user@panorama_hostname.internal.domain(primary-active)</a>>
<br>
<a href="mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)" target="_blank">rancid_login_user@panorama_hostname.internal.domain(primary-active)</a>> set
<br>
<a href="mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)" target="_blank">rancid_login_user@panorama_hostname.internal.domain(primary-active)</a>> set cli
<br>
<a href="mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)" target="_blank">rancid_login_user@panorama_hostname.internal.domain(primary-active)</a>> set cli scripting<br>
-mode <br>
<a href="mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)" target="_blank">rancid_login_user@panorama_hostname.internal.domain(primary-active)</a>> set cli scripting<br>
-mode on<br>
<a href="mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)" target="_blank">rancid_login_user@panorama_hostname.internal.domain(primary-active)</a>> [rancid@rancidbox ~]$
<br>
<br>
<br>
<br>
<br>
[rancid@rancidbox ~]$ cat network-devices/configs/panorama_hostname.internal.domain.new<br>
#RANCID-CONTENT-TYPE: paloalto<br>
#</i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">If I try to run run rancid instead of rancid-run from cron for panorama it works (needs a PATH added to be able to find the panlogin script but other than that it succeeds)<br>
<br>
<i>PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/usr/libexec/rancid/:/usr/share/perl5/vendor_perl/rancid</i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>08 10 * * * rancid /usr/libexec/rancid/rancid -t paloalto -d panorama_hostname.internal.domain</i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12pt">I've also got a dump of all environment variables for the rancid user and put it in cron but same as before: rancid-run always fails for panorama but works for the firewalls. (it has the same content in the
.raw file every time)<br>
<br>
I was thinking that since invoking rancid from cron works but rancid-run fails, it might have something to do with how control_rancid or rancid-fe invokes rancid but couldn't see anything obvious in those scripts that might cause this behaviour.<br>
<br>
I am not sure what exactly fails. I appreciate any pointers you might have.<br>
<br>
Thanks,<br>
Lucian Lepadatu<br>
<br>
<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div></blockquote></div>