[rancid] Re: F5 load balancer support
Sam Munzani
smunzani at comcast.net
Wed Aug 29 21:06:21 UTC 2007
Mike,
Yes. The code was 4.x. I ended up hard coding the term with vt100. The
look gave me an error for some reason. Below is the code I added below
Cat1900 code.
When I added following code, I got error.
-re "Terminal type\?" {
if {[info exists env(TERM)]} {
send "$env(TERM)\r"
}
else {
send "vt100\r"
}
}
########## error output ########
Terminal type? [xterm] invalid command name "else"
while executing
"else {
send "vt100\r"
}"
invoked from within
"expect -nobrace -re {(Connection refused|Secure connection [^
]+ refused)} {
catch {close}; wait
if !$progs {
send_user "\nError: Connect..."
invoked from within
"expect {
-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
catch {close}; wait
if !$progs {
send_user "\nError: Connection..."
(procedure "login" line 73)
invoked from within
"login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype"
("foreach" body line 111)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
send_user "$router\n"
################################
So I hard coded to vt100 like below
-re "Terminal type\?" {
send "vt100\r"
}
and things are working fine.
Thanks,
Sam
> Sam,
>
> What version is on your old boxes? 4.x? I don't know how well
> f5rancid will work on BIG-IP 4.x as I do not have it to test.
>
> That said, along with all disclaimers of fitness for any purpose or
> any liability for anything that might happen, I gave it a quick attempt.
>
> Here is a diff for f5login that you can test. This tries to send the
> TERM type from your environment and defaults to vt100 if it is not
> set. It replaces a chunk of Cisco related code that is not needed.
>
> 418,421c418,424
> < -re "Enter Selection: " {
> < # Catalyst 1900s have some lame
> menu. Enter
> < # K to reach a command-line.
> < send "K\r"
> ---
> > -re "Terminal type\?" {
> > # v4.x asks for term type
> > if {[info exists env(TERM)]} {
> > send "$env(TERM)\r"
> > } else {
> > send "vt100\r"
> > }
> If that does not work, adjust the regex to match the actual prompt
> and hardcode vt100 if necessary. If that fails, send a screen capture
> of the normal login process and the results of an f5login for comparison.
>
> Mike
> ------------------------------------------------------------------------
> *From:* Sam Munzani [mailto:sam at munzani.com]
> *Sent:* Wednesday, August 29, 2007 11:50 AM
> *To:* Mike Ashcraft
> *Cc:* Lance; rancid-discuss at shrubbery.net
> *Subject:* Re: [rancid] Re: F5 load balancer support
>
> Team,
>
> I am sorry to reopen this old thread but the question I have relates
> to this old thread.
> Attached 2 rancid login files work fine on newer F5 boxes. However on
> old boxes, it prompts for "term type" at the ssh login. I need to
> insert logic in the script to answer to this "term type" question.
> What's best way to handle it?
>
> Pass it as an argument like
> f5login -t vt100 device-name
>
> and then catch the variable and add necessary logic for the expect?
>
> Thanks,
> Sam
>> I have been on vacation for the last couple of weeks or I would have
>> posted this sooner and possibly saved some of you a bit of effort.
>>
>> It sounds like Lance and Sam have put together a working f5rancid
>> with basic functionality which Sam posted last night. I have
>> attached my f5rancid which I have been running for a few months.
>> Installation instructions are included as comments in the file.
>> This version uses clogin so that a separate f5login script is not
>> required.
>>
>> This version formats and processes the output to make it more
>> usable. As far as what is captured, I based this on the F5
>> equivalent of a tech out. It grabs a copy of all the configuration
>> files, hardware configuration and software version as well as the
>> timestamps and file sizes for SSL certs hosted on the device. This
>> facilitates rebuilding from scratch as quickly as possible if this is
>> ever needed.
>>
>> I was able to resolve the bug I mentioned yesterday by increasing the
>> clogin timeout. On a small number of devices it failed to process
>> the last few commands when running from cron but always worked
>> properly from the command line on all devices [making it difficult to
>> track down]. I mention this because it may be an appropriate fix
>> for other intermittent problems sometimes discussed on this list.
>>
>> Any feedback is appreciated. I hope to get f5 support added to
>> future releases of rancid.
>>
>> Thanks,
>>
>> Mike
>>
>>
>>
>> ------------------------------------------------------------------------
>> *From:* Sam Munzani [mailto:sam at munzani.com]
>> *Sent:* Monday, July 16, 2007 7:49 PM
>> *To:* Lance
>> *Cc:* Mike Ashcraft; rancid-discuss at shrubbery.net
>> *Subject:* Re: [rancid] Re: F5 load balancer support
>>
>> Lance,
>>
>> Thanks a lot for all your help. Pretty much you did all the work
>> while I watched what you are doing :-)..
>>
>> Attached are cleaned up files. In f5rancid file, I have left some
>> basic functions(non platform specific) just in case we expand this
>> script to do a lot more than just "b list" output. In rancid-fe, we
>> defined a new device type "f5", f5login was copied from clogin and
>> remarked some "term length" statements we don't need on F5.
>>
>> All 3 files are attached and working great. Please be aware, we are
>> not parsing anything at all. All its doing is basic function of
>> running "b list" command and capturing its output. As I expand more
>> on this, I will be sure to share with the audience here.
>>
>> Again, thanks a lot for all your help today.
>>
>> Regards,
>> Sam
>>> I have helped Sam get a working f5rancid which requires a f5login (only
>>> because it doesn't recognize the prompt with a space and exit, unless
>>> you enter a return before the exit). He is cleaning up all the unused
>>> functions and will post it.
>>>
>>> Once John H. sends out his script I will look at it and see how it
>>> differs from the one I did with Sam. I will even help Sam get it working
>>> for his setup. We will let you know when it is all working.
>>>
>>> -lance
>>>
>>>
>>>> -------- Original Message --------
>>>> Subject: [rancid] Re: F5 load balancer support
>>>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>>>> Date: Mon, July 16, 2007 11:48 am
>>>> To: <sam at munzani.com>
>>>> Cc: rancid-discuss at shrubbery.net
>>>>
>>>> Sam,
>>>>
>>>> I have a working f5rancid that I have been using for a number of months
>>>> now. I have one minor bug related to tracking installed SSL certs
>>>> which you probably don't care about. Other than that, it works great.
>>>>
>>>> I did encounter and solve all the problems you have been discussing on
>>>> the list.
>>>>
>>>> Let me know if you are interested in trying what I have. I have tested
>>>> it with Big-IP 9.1.2.
>>>>
>>>> Mike
>>>>
>>>> ________________________________
>>>>
>>>> From: rancid-discuss-bounces at shrubbery.net
>>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
>>>> Sent: Monday, July 16, 2007 10:58 AM
>>>> To: smunzani at comcast.net
>>>> Cc: rancid-discuss at shrubbery.net
>>>> Subject: [rancid] Re: F5 load balancer support
>>>>
>>>>
>>>> BTW, this is what I see in the log when I do rancid-run now. That means
>>>> the f5rancid file(hacked copy of rancid) is still missing something.
>>>>
>>>> more nfl.20070716.114842
>>>> starting: Mon Jul 16 11:48:42 CDT 2007
>>>>
>>>>
>>>>
>>>> Trying to get all of the configs.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>> =====================================
>>>> Getting missed routers: round 1.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>> =====================================
>>>> Getting missed routers: round 2.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>> =====================================
>>>> Getting missed routers: round 3.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>> =====================================
>>>> Getting missed routers: round 4.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>>
>>>> cvs diff: Diffing .
>>>> cvs diff: Diffing configs
>>>> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
>>>>
>>>>
>>>>
>>>> Trying to get all of the configs.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>> =====================================
>>>> Getting missed routers: round 1.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>> =====================================
>>>> Getting missed routers: round 2.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>> =====================================
>>>> Getting missed routers: round 3.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>> =====================================
>>>> Getting missed routers: round 4.
>>>> test-f5-01: End of run not found
>>>> -bash: write: command not found
>>>>
>>>> cvs diff: Diffing .
>>>> cvs diff: Diffing configs
>>>> cvs diff: cannot find configs/test-f5-01
>>>> cvs commit: Examining .
>>>> cvs commit: Examining configs
>>>> cvs commit: Up-to-date check failed for `configs/test-f5-01'
>>>> cvs [commit aborted]: correct above errors first!
>>>> ls: test-f5-01: No such file or directory
>>>>
>>>> ending: Mon Jul 16 11:49:41 CDT 2007
>>>>
>>>> Thanks,
>>>> Sam
>>>>
>>>>
>>>> David,
>>>>
>>>> Thanks a lot for the tip. This worked well. Now f5login goes
>>>> much more
>>>> cleaner and the "root" doesn't set sent again. I still have
>>>> other issues
>>>> where rancid-run is backing up config properly but I am still
>>>> troubleshooting it.
>>>>
>>>> Now here is a question. What does "bldshgalsjd" mean and how
>>>> does it do
>>>> this miracle?
>>>>
>>>> Thanks,
>>>> Sam
>>>>
>>>>
>>>> Thanks for this tip, turns out that this is also the
>>>> reason the
>>>> username gets entered at a prompt on the cisco IPS
>>>> devices. Since it's
>>>> using SSH and therefore doesn't need a username prompt,
>>>> solution was
>>>> to simply add in .cloginrc:
>>>>
>>>> add userprompt ids* bldshgalsjd (<- something that
>>>> won't get sent
>>>> during login)
>>>>
>>>> Regards,
>>>>
>>>> David
>>>>
>>>> On 14/07/07, Lance <rancid at gheek.net>
>>>> <mailto:rancid at gheek.net> wrote:
>>>>
>>>>
>>>> Sam,
>>>>
>>>> Have you tried using telnet to login, if the f5
>>>> has it enabled.
>>>> You may also want to set auto enable in your
>>>> .cloginrc for this device
>>>> as it looks to clogin as you are already in a
>>>> cisco equivalent equal to
>>>> enable since your prompt has a # sign in it.
>>>>
>>>> Looking at your next email along with this one
>>>> it looks like you are
>>>> already in a cisco equivalent of enable after
>>>> you login. f5login seems
>>>> to be sending your username of root as a command
>>>> after you get connected
>>>> because it sees this line "Last login: Fri Jul
>>>> 13 14:38:03 2007 from
>>>> 172.24.100.12" and it matches on the word
>>>> "Login". See below.
>>>>
>>>> "(Username|Login|login|user name):"? yes
>>>>
>>>> expect: set expect_out(0,string) "login:"
>>>>
>>>> expect: set expect_out(1,string) "login"
>>>>
>>>> expect: set expect_out(spawn_id) "exp4"
>>>>
>>>> expect: set expect_out(buffer) " \r\nLast
>>>> login:"
>>>>
>>>> send: sending "root\r" to { exp4 }
>>>>
>>>> expect: continuing expect
>>>>
>>>> You are just using a Cisco login/parsing script
>>>> so it expects prompts
>>>> from a Cisco device and in this case you have a
>>>> *nix SSH banner that
>>>> gets interrupted. I know you can use RANCID to
>>>> backup *nix systems. So
>>>> it knows how to understand connecting to a *nix
>>>> system. You might want
>>>> to try this email thread which asks about
>>>> backing up Linux conifgs.
>>>>
>>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>>> ml"
>>>> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>>> ml>
>>>>
>>>> Or you could modify the existing f5login like
>>>> so.
>>>>
>>>> I think you have to use the carrot before the ()
>>>> to work. I haven't
>>>> checked this as I am at home and not on a UNIX
>>>> system right now. Sorry
>>>> to lazy to check it out right now. You might
>>>> want to uncomment the line
>>>> below 3. and comment out the line below 2. and
>>>> see if that works. This
>>>> is the only point in the code that I see it look
>>>> for login in any line.
>>>> If that doesn't work send me back the debug and
>>>> I will see what I can
>>>> do. I am sure some people that use expect more
>>>> often then I can probably
>>>> quickly tell you what to use as syntax there.
>>>>
>>>> # Figure out prompts
>>>> set u_prompt [find userprompt $router
>>>> if { "$u_prompt" == "" } {
>>>> #1. ORIGINAL
>>>> #set u_prompt
>>>> "^(Username|Login|login|user name):"
>>>> #2. Modified to read for a line beginning
>>>> with
>>>> Username,Login,login, or
>>>> user name.
>>>> set u_prompt "^(Username|Login|login|user
>>>> name):"
>>>> #3. Modified to read for a line beginning
>>>> with Login or login.
>>>> but I
>>>> may be wrong
>>>> #set u_prompt
>>>> "^(Username|^Login|^login|user name):"
>>>> } else {
>>>> set u_prompt [join [lindex $u_prompt 0]
>>>> ""]
>>>>
>>>>
>>>> Let me know if this works for you.
>>>>
>>>> -Lance
>>>>
>>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: Re: [rancid] F5 load balancer
>>>> support
>>>> From: Sam Munzani <smunzani at comcast.net>
>>>> <mailto:smunzani at comcast.net>
>>>> Date: Fri, July 13, 2007 2:30 pm
>>>> To: Lance <rancid at gheek.net>
>>>> <mailto:rancid at gheek.net>
>>>> Cc: rancid-discuss at shrubbery.net
>>>>
>>>> Lance,
>>>>
>>>> F5 login works fine with a minor error.
>>>>
>>>> $ f5login test-f5-01
>>>> test-f5-01
>>>> spawn ssh -c 3des -x -l root test-f5-01
>>>> Password:
>>>> Last login: Fri Jul 13 14:26:28 2007
>>>> from 172.24.100.12
>>>> root
>>>> [root at test-f5-01:Active] config # root
>>>> -bash: root: command not found
>>>> [root at test-f5-01:Active] config #
>>>> [root at test-f5-01:Active] config #
>>>> [root at test-f5-01:Active] config #
>>>>
>>>> I don't know how to debug otherwise I
>>>> would turn on debug too. If you
>>>> can provide some hints on debug, I would
>>>> appreciate it.
>>>>
>>>> Thanks,
>>>> Sam
>>>>
>>>>
>>>> What error(s) do you get when you try to
>>>> run your f5rancid?
>>>>
>>>> Where does it fail if you debug your
>>>> f5login?
>>>>
>>>>
>>>> -lance
>>>>
>>>>
>>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: [rancid] F5 load balancer
>>>> support
>>>> From: Sam Munzani <smunzani at comcast.net>
>>>> <mailto:smunzani at comcast.net>
>>>> Date: Fri, July 13, 2007 12:45 pm
>>>> To: rancid-discuss at shrubbery.net
>>>>
>>>> Hi,
>>>>
>>>> Did anybody happened to hack one of
>>>> Cisco scripts to support
>>>>
>>>>
>>>> BigIP F5
>>>>
>>>>
>>>> boxes? It should be pretty simple. All I
>>>> want to do is login and
>>>>
>>>>
>>>> type "b
>>>>
>>>>
>>>> list" which is equivalent of "show run"
>>>> on cisco.
>>>>
>>>> However for some reason things not
>>>> working. All I did was copied
>>>>
>>>>
>>>> clogin
>>>>
>>>>
>>>> to f5login, copied rancid to f5rancid
>>>> and added following to
>>>>
>>>>
>>>> rancid-fe.
>>>>
>>>>
>>>> elsif ($vendor =~ /^f5$/i)
>>>> { exec('f5rancid',
>>>>
>>>>
>>>> $router); }
>>>>
>>>>
>>>> Then modified f5 rancid file and kept
>>>> only one command in list of
>>>> commands "b list".
>>>>
>>>> For some reason its not working. I can
>>>> post my configs here if
>>>>
>>>>
>>>> somebody
>>>>
>>>>
>>>> like to see them.
>>>>
>>>> Thanks,
>>>> Sam
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>>
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>>
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>
>>>
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>>
>>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070829/6f29b367/attachment.html
More information about the Rancid-discuss
mailing list