[rancid] Re: F5 load balancer support
Sam Munzani
smunzani at comcast.net
Wed Aug 29 18:03:49 UTC 2007
Team,
I am sorry to reopen this old thread but the question I have relates to
this old thread.
Attached 2 rancid login files work fine on newer F5 boxes. However on
old boxes, it prompts for "term type" at the ssh login. I need to insert
logic in the script to answer to this "term type" question. What's best
way to handle it?
Pass it as an argument like
f5login -t vt100 device-name
and then catch the variable and add necessary logic for the expect?
The interaction I am seeing is as below.
<< Some junk MOTB and Banner trimmed here >>
Terminal type? [xterm]
I just need to pass "vt100" at this prompt.
Thanks,
Sam
> I have been on vacation for the last couple of weeks or I would have
> posted this sooner and possibly saved some of you a bit of effort.
>
> It sounds like Lance and Sam have put together a working f5rancid
> with basic functionality which Sam posted last night. I have attached
> my f5rancid which I have been running for a few months. Installation
> instructions are included as comments in the file. This version uses
> clogin so that a separate f5login script is not required.
>
> This version formats and processes the output to make it more
> usable. As far as what is captured, I based this on the F5 equivalent
> of a tech out. It grabs a copy of all the configuration files,
> hardware configuration and software version as well as the timestamps
> and file sizes for SSL certs hosted on the device. This facilitates
> rebuilding from scratch as quickly as possible if this is ever needed.
>
> I was able to resolve the bug I mentioned yesterday by increasing the
> clogin timeout. On a small number of devices it failed to process the
> last few commands when running from cron but always worked properly
> from the command line on all devices [making it difficult to track
> down]. I mention this because it may be an appropriate fix for other
> intermittent problems sometimes discussed on this list.
>
> Any feedback is appreciated. I hope to get f5 support added to future
> releases of rancid.
>
> Thanks,
>
> Mike
>
>
>
> ------------------------------------------------------------------------
> *From:* Sam Munzani [mailto:sam at munzani.com]
> *Sent:* Monday, July 16, 2007 7:49 PM
> *To:* Lance
> *Cc:* Mike Ashcraft; rancid-discuss at shrubbery.net
> *Subject:* Re: [rancid] Re: F5 load balancer support
>
> Lance,
>
> Thanks a lot for all your help. Pretty much you did all the work while
> I watched what you are doing :-)..
>
> Attached are cleaned up files. In f5rancid file, I have left some
> basic functions(non platform specific) just in case we expand this
> script to do a lot more than just "b list" output. In rancid-fe, we
> defined a new device type "f5", f5login was copied from clogin and
> remarked some "term length" statements we don't need on F5.
>
> All 3 files are attached and working great. Please be aware, we are
> not parsing anything at all. All its doing is basic function of
> running "b list" command and capturing its output. As I expand more on
> this, I will be sure to share with the audience here.
>
> Again, thanks a lot for all your help today.
>
> Regards,
> Sam
>> I have helped Sam get a working f5rancid which requires a f5login (only
>> because it doesn't recognize the prompt with a space and exit, unless
>> you enter a return before the exit). He is cleaning up all the unused
>> functions and will post it.
>>
>> Once John H. sends out his script I will look at it and see how it
>> differs from the one I did with Sam. I will even help Sam get it working
>> for his setup. We will let you know when it is all working.
>>
>> -lance
>>
>>
>>> -------- Original Message --------
>>> Subject: [rancid] Re: F5 load balancer support
>>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>>> Date: Mon, July 16, 2007 11:48 am
>>> To: <sam at munzani.com>
>>> Cc: rancid-discuss at shrubbery.net
>>>
>>> Sam,
>>>
>>> I have a working f5rancid that I have been using for a number of months
>>> now. I have one minor bug related to tracking installed SSL certs
>>> which you probably don't care about. Other than that, it works great.
>>>
>>> I did encounter and solve all the problems you have been discussing on
>>> the list.
>>>
>>> Let me know if you are interested in trying what I have. I have tested
>>> it with Big-IP 9.1.2.
>>>
>>> Mike
>>>
>>> ________________________________
>>>
>>> From: rancid-discuss-bounces at shrubbery.net
>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
>>> Sent: Monday, July 16, 2007 10:58 AM
>>> To: smunzani at comcast.net
>>> Cc: rancid-discuss at shrubbery.net
>>> Subject: [rancid] Re: F5 load balancer support
>>>
>>>
>>> BTW, this is what I see in the log when I do rancid-run now. That means
>>> the f5rancid file(hacked copy of rancid) is still missing something.
>>>
>>> more nfl.20070716.114842
>>> starting: Mon Jul 16 11:48:42 CDT 2007
>>>
>>>
>>>
>>> Trying to get all of the configs.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 1.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 2.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 3.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 4.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>>
>>> cvs diff: Diffing .
>>> cvs diff: Diffing configs
>>> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
>>>
>>>
>>>
>>> Trying to get all of the configs.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 1.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 2.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 3.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 4.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>>
>>> cvs diff: Diffing .
>>> cvs diff: Diffing configs
>>> cvs diff: cannot find configs/test-f5-01
>>> cvs commit: Examining .
>>> cvs commit: Examining configs
>>> cvs commit: Up-to-date check failed for `configs/test-f5-01'
>>> cvs [commit aborted]: correct above errors first!
>>> ls: test-f5-01: No such file or directory
>>>
>>> ending: Mon Jul 16 11:49:41 CDT 2007
>>>
>>> Thanks,
>>> Sam
>>>
>>>
>>> David,
>>>
>>> Thanks a lot for the tip. This worked well. Now f5login goes
>>> much more
>>> cleaner and the "root" doesn't set sent again. I still have
>>> other issues
>>> where rancid-run is backing up config properly but I am still
>>> troubleshooting it.
>>>
>>> Now here is a question. What does "bldshgalsjd" mean and how
>>> does it do
>>> this miracle?
>>>
>>> Thanks,
>>> Sam
>>>
>>>
>>> Thanks for this tip, turns out that this is also the
>>> reason the
>>> username gets entered at a prompt on the cisco IPS
>>> devices. Since it's
>>> using SSH and therefore doesn't need a username prompt,
>>> solution was
>>> to simply add in .cloginrc:
>>>
>>> add userprompt ids* bldshgalsjd (<- something that
>>> won't get sent
>>> during login)
>>>
>>> Regards,
>>>
>>> David
>>>
>>> On 14/07/07, Lance <rancid at gheek.net>
>>> <mailto:rancid at gheek.net> wrote:
>>>
>>>
>>> Sam,
>>>
>>> Have you tried using telnet to login, if the f5
>>> has it enabled.
>>> You may also want to set auto enable in your
>>> .cloginrc for this device
>>> as it looks to clogin as you are already in a
>>> cisco equivalent equal to
>>> enable since your prompt has a # sign in it.
>>>
>>> Looking at your next email along with this one
>>> it looks like you are
>>> already in a cisco equivalent of enable after
>>> you login. f5login seems
>>> to be sending your username of root as a command
>>> after you get connected
>>> because it sees this line "Last login: Fri Jul
>>> 13 14:38:03 2007 from
>>> 172.24.100.12" and it matches on the word
>>> "Login". See below.
>>>
>>> "(Username|Login|login|user name):"? yes
>>>
>>> expect: set expect_out(0,string) "login:"
>>>
>>> expect: set expect_out(1,string) "login"
>>>
>>> expect: set expect_out(spawn_id) "exp4"
>>>
>>> expect: set expect_out(buffer) " \r\nLast
>>> login:"
>>>
>>> send: sending "root\r" to { exp4 }
>>>
>>> expect: continuing expect
>>>
>>> You are just using a Cisco login/parsing script
>>> so it expects prompts
>>> from a Cisco device and in this case you have a
>>> *nix SSH banner that
>>> gets interrupted. I know you can use RANCID to
>>> backup *nix systems. So
>>> it knows how to understand connecting to a *nix
>>> system. You might want
>>> to try this email thread which asks about
>>> backing up Linux conifgs.
>>>
>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>> ml"
>>> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>> ml>
>>>
>>> Or you could modify the existing f5login like
>>> so.
>>>
>>> I think you have to use the carrot before the ()
>>> to work. I haven't
>>> checked this as I am at home and not on a UNIX
>>> system right now. Sorry
>>> to lazy to check it out right now. You might
>>> want to uncomment the line
>>> below 3. and comment out the line below 2. and
>>> see if that works. This
>>> is the only point in the code that I see it look
>>> for login in any line.
>>> If that doesn't work send me back the debug and
>>> I will see what I can
>>> do. I am sure some people that use expect more
>>> often then I can probably
>>> quickly tell you what to use as syntax there.
>>>
>>> # Figure out prompts
>>> set u_prompt [find userprompt $router
>>> if { "$u_prompt" == "" } {
>>> #1. ORIGINAL
>>> #set u_prompt
>>> "^(Username|Login|login|user name):"
>>> #2. Modified to read for a line beginning
>>> with
>>> Username,Login,login, or
>>> user name.
>>> set u_prompt "^(Username|Login|login|user
>>> name):"
>>> #3. Modified to read for a line beginning
>>> with Login or login.
>>> but I
>>> may be wrong
>>> #set u_prompt
>>> "^(Username|^Login|^login|user name):"
>>> } else {
>>> set u_prompt [join [lindex $u_prompt 0]
>>> ""]
>>>
>>>
>>> Let me know if this works for you.
>>>
>>> -Lance
>>>
>>>
>>>
>>> -------- Original Message --------
>>> Subject: Re: [rancid] F5 load balancer
>>> support
>>> From: Sam Munzani <smunzani at comcast.net>
>>> <mailto:smunzani at comcast.net>
>>> Date: Fri, July 13, 2007 2:30 pm
>>> To: Lance <rancid at gheek.net>
>>> <mailto:rancid at gheek.net>
>>> Cc: rancid-discuss at shrubbery.net
>>>
>>> Lance,
>>>
>>> F5 login works fine with a minor error.
>>>
>>> $ f5login test-f5-01
>>> test-f5-01
>>> spawn ssh -c 3des -x -l root test-f5-01
>>> Password:
>>> Last login: Fri Jul 13 14:26:28 2007
>>> from 172.24.100.12
>>> root
>>> [root at test-f5-01:Active] config # root
>>> -bash: root: command not found
>>> [root at test-f5-01:Active] config #
>>> [root at test-f5-01:Active] config #
>>> [root at test-f5-01:Active] config #
>>>
>>> I don't know how to debug otherwise I
>>> would turn on debug too. If you
>>> can provide some hints on debug, I would
>>> appreciate it.
>>>
>>> Thanks,
>>> Sam
>>>
>>>
>>> What error(s) do you get when you try to
>>> run your f5rancid?
>>>
>>> Where does it fail if you debug your
>>> f5login?
>>>
>>>
>>> -lance
>>>
>>>
>>>
>>>
>>> -------- Original Message --------
>>> Subject: [rancid] F5 load balancer
>>> support
>>> From: Sam Munzani <smunzani at comcast.net>
>>> <mailto:smunzani at comcast.net>
>>> Date: Fri, July 13, 2007 12:45 pm
>>> To: rancid-discuss at shrubbery.net
>>>
>>> Hi,
>>>
>>> Did anybody happened to hack one of
>>> Cisco scripts to support
>>>
>>>
>>> BigIP F5
>>>
>>>
>>> boxes? It should be pretty simple. All I
>>> want to do is login and
>>>
>>>
>>> type "b
>>>
>>>
>>> list" which is equivalent of "show run"
>>> on cisco.
>>>
>>> However for some reason things not
>>> working. All I did was copied
>>>
>>>
>>> clogin
>>>
>>>
>>> to f5login, copied rancid to f5rancid
>>> and added following to
>>>
>>>
>>> rancid-fe.
>>>
>>>
>>> elsif ($vendor =~ /^f5$/i)
>>> { exec('f5rancid',
>>>
>>>
>>> $router); }
>>>
>>>
>>> Then modified f5 rancid file and kept
>>> only one command in list of
>>> commands "b list".
>>>
>>> For some reason its not working. I can
>>> post my configs here if
>>>
>>>
>>> somebody
>>>
>>>
>>> like to see them.
>>>
>>> Thanks,
>>> Sam
>>>
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>>
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>>
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070829/66238030/attachment.html
More information about the Rancid-discuss
mailing list