[rancid] race condition in ssh on CatOS

Michael Stefaniuc mstefani at redhat.com
Thu May 4 15:55:47 UTC 2006 

Hello,

in october 2004 there was a small thread about this problem "Bug when 
using SSH on CatOS devices" 
(http://www.shrubbery.net/pipermail/rancid-discuss/2004-October/000891.html) 
but it ended with a quick hack that worked for the older Extreme's but 
dosn't for CatOS 
(http://www.shrubbery.net/pipermail/rancid-discuss/2004-November/000898.html)
The problem with CatOS ssh is that it eats _sometimes_ the echoing of 
the last packet that made the connection to terminate unlike the Extreme 
that accordingly to the above was eating only the \n\r. As clogin does a
send "exit\r"
and that fits in one packet the CatOS ssh will forget to echo that back 
before terminating the connection. So one gets _sometimes_
Switch> (enable)Connection to switch.foo.bar closed by remote host.
Connection to switch.foo.bar closed.
I get that not only with cat5rancid but also directly with ssh.

Now adapting the proposed patch/hack:
   TOP: while(<INPUT>) {
        tr/\015//d;
        if (/> \(enable\) ?exit$/) {
              $clean_run=1;
              last;
        }
        # Check and see if it was a "less clean" run.
        elsif (/> \(enable\) ?exitConnection to (\S+) closed by remote 
host\./){
              $clean_run=1;
              last;
        }
   }
by ommiting "exit" isn't hard but is it safe? One can assume that getting
Switch> (enable) exitConnection to switch.foo.bar closed by remote host.
wont happen in the middle of a cat5run run ever. But is is very likely 
to get
Switch> (enable)Connection to switch.foo.bar closed by remote host.
between 2 commands. One cannot safely set $clean_run=1 in that case.
The method i used was to split up 'send "exit\r"' in clogin into
send "exit"
sleep 0.1
send "\r"
Alternatively using send -h "exit\r" and using the "hangover" human 
speed setting (see man expect) works too. This way i reduce the problem 
to detecting "Switch> (enable) exitConnection ...".

Is there a better way to achieve a reliable backup of CatOS devices with 
rancid using ssh besides having to patch clogin and cat5rancid? Not that 
patching would be a problem but having the right fix upstream makes 
future maintanance easier.

bye
	michael
-- 
Michael Stefaniuc               Tel.: +49-711-96437-199
Sr. Network Engineer            Fax.: +49-711-96437-111
Red Hat GmbH                    Email: mstefani at redhat.com
Hauptstaetterstr. 58            http://www.redhat.de/
D-70178 Stuttgart

More information about the Rancid-discuss mailing list