[rancid] Re: F5 load balancer support
Sam Munzani
smunzani at comcast.net
Wed Aug 29 21:45:58 UTC 2007
Mike,
You are absolutely correct. My manual typing and ignoring expect syntax
rules had issues. This time I cut-pasted your code and it worked fine.
Thanks a lot,
Sam
> Sam,
>
> Glad you got it working.
>
> Your problem was that you inserted my patch manually and accidentally
> made a syntax error.
>
> In expect, you can not start a line with else, it has to be:
>
> } else {
>
> If you have a chance to make this change and try it out, please let me
> know.
>
>
> Mike
>
> ------------------------------------------------------------------------
> *From:* Sam Munzani [mailto:smunzani at comcast.net]
> *Sent:* Wednesday, August 29, 2007 3:06 PM
> *To:* Mike Ashcraft
> *Cc:* rancid-discuss at shrubbery.net
> *Subject:* Re: [rancid] Re: F5 load balancer support
>
> Mike,
>
> Yes. The code was 4.x. I ended up hard coding the term with vt100. The
> look gave me an error for some reason. Below is the code I added below
> Cat1900 code.
> When I added following code, I got error.
> -re "Terminal type\?" {
> if {[info exists env(TERM)]} {
> send "$env(TERM)\r"
> }
> else {
> send "vt100\r"
> }
> }
> ########## error output ########
> Terminal type? [xterm] invalid command name "else"
> while executing
> "else {
> send "vt100\r"
> }"
> invoked from within
> "expect -nobrace -re {(Connection refused|Secure connection [^
> ]+ refused)} {
> catch {close}; wait
> if !$progs {
> send_user "\nError: Connect..."
> invoked from within
> "expect {
> -re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
> catch {close}; wait
> if !$progs {
> send_user "\nError: Connection..."
> (procedure "login" line 73)
> invoked from within
> "login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype"
> ("foreach" body line 111)
> invoked from within
> "foreach router [lrange $argv $i end] {
> set router [string tolower $router]
> send_user "$router\n"
>
> ################################
>
> So I hard coded to vt100 like below
>
> -re "Terminal type\?" {
> send "vt100\r"
> }
>
> and things are working fine.
>
> Thanks,
> Sam
>> Sam,
>>
>> What version is on your old boxes? 4.x? I don't know how well
>> f5rancid will work on BIG-IP 4.x as I do not have it to test.
>>
>> That said, along with all disclaimers of fitness for any purpose or
>> any liability for anything that might happen, I gave it a
>> quick attempt.
>>
>> Here is a diff for f5login that you can test. This tries to send the
>> TERM type from your environment and defaults to vt100 if it is not
>> set. It replaces a chunk of Cisco related code that is not needed.
>>
>> 418,421c418,424
>> < -re "Enter Selection: " {
>> < # Catalyst 1900s have some lame
>> menu. Enter
>> < # K to reach a command-line.
>> < send "K\r"
>> ---
>> > -re "Terminal type\?" {
>> > # v4.x asks for term type
>> > if {[info exists env(TERM)]} {
>> > send "$env(TERM)\r"
>> > } else {
>> > send "vt100\r"
>> > }
>> If that does not work, adjust the regex to match the actual prompt
>> and hardcode vt100 if necessary. If that fails, send a screen
>> capture of the normal login process and the results of an f5login for
>> comparison.
>>
>> Mike
>> ------------------------------------------------------------------------
>> *From:* Sam Munzani [mailto:sam at munzani.com]
>> *Sent:* Wednesday, August 29, 2007 11:50 AM
>> *To:* Mike Ashcraft
>> *Cc:* Lance; rancid-discuss at shrubbery.net
>> *Subject:* Re: [rancid] Re: F5 load balancer support
>>
>> Team,
>>
>> I am sorry to reopen this old thread but the question I have relates
>> to this old thread.
>> Attached 2 rancid login files work fine on newer F5 boxes. However on
>> old boxes, it prompts for "term type" at the ssh login. I need to
>> insert logic in the script to answer to this "term type" question.
>> What's best way to handle it?
>>
>> Pass it as an argument like
>> f5login -t vt100 device-name
>>
>> and then catch the variable and add necessary logic for the expect?
>>
>> Thanks,
>> Sam
>>> I have been on vacation for the last couple of weeks or I would have
>>> posted this sooner and possibly saved some of you a bit of effort.
>>>
>>> It sounds like Lance and Sam have put together a working f5rancid
>>> with basic functionality which Sam posted last night. I have
>>> attached my f5rancid which I have been running for a few months.
>>> Installation instructions are included as comments in the file.
>>> This version uses clogin so that a separate f5login script is not
>>> required.
>>>
>>> This version formats and processes the output to make it more
>>> usable. As far as what is captured, I based this on the F5
>>> equivalent of a tech out. It grabs a copy of all the configuration
>>> files, hardware configuration and software version as well as the
>>> timestamps and file sizes for SSL certs hosted on the device. This
>>> facilitates rebuilding from scratch as quickly as possible if this
>>> is ever needed.
>>>
>>> I was able to resolve the bug I mentioned yesterday by increasing
>>> the clogin timeout. On a small number of devices it failed to
>>> process the last few commands when running from cron but always
>>> worked properly from the command line on all devices [making it
>>> difficult to track down]. I mention this because it may be an
>>> appropriate fix for other intermittent problems sometimes discussed
>>> on this list.
>>>
>>> Any feedback is appreciated. I hope to get f5 support added to
>>> future releases of rancid.
>>>
>>> Thanks,
>>>
>>> Mike
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Sam Munzani [mailto:sam at munzani.com]
>>> *Sent:* Monday, July 16, 2007 7:49 PM
>>> *To:* Lance
>>> *Cc:* Mike Ashcraft; rancid-discuss at shrubbery.net
>>> *Subject:* Re: [rancid] Re: F5 load balancer support
>>>
>>> Lance,
>>>
>>> Thanks a lot for all your help. Pretty much you did all the work
>>> while I watched what you are doing :-)..
>>>
>>> Attached are cleaned up files. In f5rancid file, I have left some
>>> basic functions(non platform specific) just in case we expand this
>>> script to do a lot more than just "b list" output. In rancid-fe, we
>>> defined a new device type "f5", f5login was copied from clogin and
>>> remarked some "term length" statements we don't need on F5.
>>>
>>> All 3 files are attached and working great. Please be aware, we are
>>> not parsing anything at all. All its doing is basic function of
>>> running "b list" command and capturing its output. As I expand more
>>> on this, I will be sure to share with the audience here.
>>>
>>> Again, thanks a lot for all your help today.
>>>
>>> Regards,
>>> Sam
>>>> I have helped Sam get a working f5rancid which requires a f5login (only
>>>> because it doesn't recognize the prompt with a space and exit, unless
>>>> you enter a return before the exit). He is cleaning up all the unused
>>>> functions and will post it.
>>>>
>>>> Once John H. sends out his script I will look at it and see how it
>>>> differs from the one I did with Sam. I will even help Sam get it working
>>>> for his setup. We will let you know when it is all working.
>>>>
>>>> -lance
>>>>
>>>>
>>>>> -------- Original Message --------
>>>>> Subject: [rancid] Re: F5 load balancer support
>>>>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>>>>> Date: Mon, July 16, 2007 11:48 am
>>>>> To: <sam at munzani.com>
>>>>> Cc: rancid-discuss at shrubbery.net
>>>>>
>>>>> Sam,
>>>>>
>>>>> I have a working f5rancid that I have been using for a number of months
>>>>> now. I have one minor bug related to tracking installed SSL certs
>>>>> which you probably don't care about. Other than that, it works great.
>>>>>
>>>>> I did encounter and solve all the problems you have been discussing on
>>>>> the list.
>>>>>
>>>>> Let me know if you are interested in trying what I have. I have tested
>>>>> it with Big-IP 9.1.2.
>>>>>
>>>>> Mike
>>>>>
>>>>> ________________________________
>>>>>
>>>>> From: rancid-discuss-bounces at shrubbery.net
>>>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
>>>>> Sent: Monday, July 16, 2007 10:58 AM
>>>>> To: smunzani at comcast.net
>>>>> Cc: rancid-discuss at shrubbery.net
>>>>> Subject: [rancid] Re: F5 load balancer support
>>>>>
>>>>>
>>>>> BTW, this is what I see in the log when I do rancid-run now. That means
>>>>> the f5rancid file(hacked copy of rancid) is still missing something.
>>>>>
>>>>> more nfl.20070716.114842
>>>>> starting: Mon Jul 16 11:48:42 CDT 2007
>>>>>
>>>>>
>>>>>
>>>>> Trying to get all of the configs.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 1.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 2.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 3.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 4.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>>
>>>>> cvs diff: Diffing .
>>>>> cvs diff: Diffing configs
>>>>> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
>>>>>
>>>>>
>>>>>
>>>>> Trying to get all of the configs.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 1.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 2.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 3.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 4.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>>
>>>>> cvs diff: Diffing .
>>>>> cvs diff: Diffing configs
>>>>> cvs diff: cannot find configs/test-f5-01
>>>>> cvs commit: Examining .
>>>>> cvs commit: Examining configs
>>>>> cvs commit: Up-to-date check failed for `configs/test-f5-01'
>>>>> cvs [commit aborted]: correct above errors first!
>>>>> ls: test-f5-01: No such file or directory
>>>>>
>>>>> ending: Mon Jul 16 11:49:41 CDT 2007
>>>>>
>>>>> Thanks,
>>>>> Sam
>>>>>
>>>>>
>>>>> David,
>>>>>
>>>>> Thanks a lot for the tip. This worked well. Now f5login goes
>>>>> much more
>>>>> cleaner and the "root" doesn't set sent again. I still have
>>>>> other issues
>>>>> where rancid-run is backing up config properly but I am still
>>>>> troubleshooting it.
>>>>>
>>>>> Now here is a question. What does "bldshgalsjd" mean and how
>>>>> does it do
>>>>> this miracle?
>>>>>
>>>>> Thanks,
>>>>> Sam
>>>>>
>>>>>
>>>>> Thanks for this tip, turns out that this is also the
>>>>> reason the
>>>>> username gets entered at a prompt on the cisco IPS
>>>>> devices. Since it's
>>>>> using SSH and therefore doesn't need a username prompt,
>>>>> solution was
>>>>> to simply add in .cloginrc:
>>>>>
>>>>> add userprompt ids* bldshgalsjd (<- something that
>>>>> won't get sent
>>>>> during login)
>>>>>
>>>>> Regards,
>>>>>
>>>>> David
>>>>>
>>>>> On 14/07/07, Lance <rancid at gheek.net>
>>>>> <mailto:rancid at gheek.net> wrote:
>>>>>
>>>>>
>>>>> Sam,
>>>>>
>>>>> Have you tried using telnet to login, if the f5
>>>>> has it enabled.
>>>>> You may also want to set auto enable in your
>>>>> .cloginrc for this device
>>>>> as it looks to clogin as you are already in a
>>>>> cisco equivalent equal to
>>>>> enable since your prompt has a # sign in it.
>>>>>
>>>>> Looking at your next email along with this one
>>>>> it looks like you are
>>>>> already in a cisco equivalent of enable after
>>>>> you login. f5login seems
>>>>> to be sending your username of root as a command
>>>>> after you get connected
>>>>> because it sees this line "Last login: Fri Jul
>>>>> 13 14:38:03 2007 from
>>>>> 172.24.100.12" and it matches on the word
>>>>> "Login". See below.
>>>>>
>>>>> "(Username|Login|login|user name):"? yes
>>>>>
>>>>> expect: set expect_out(0,string) "login:"
>>>>>
>>>>> expect: set expect_out(1,string) "login"
>>>>>
>>>>> expect: set expect_out(spawn_id) "exp4"
>>>>>
>>>>> expect: set expect_out(buffer) " \r\nLast
>>>>> login:"
>>>>>
>>>>> send: sending "root\r" to { exp4 }
>>>>>
>>>>> expect: continuing expect
>>>>>
>>>>> You are just using a Cisco login/parsing script
>>>>> so it expects prompts
>>>>> from a Cisco device and in this case you have a
>>>>> *nix SSH banner that
>>>>> gets interrupted. I know you can use RANCID to
>>>>> backup *nix systems. So
>>>>> it knows how to understand connecting to a *nix
>>>>> system. You might want
>>>>> to try this email thread which asks about
>>>>> backing up Linux conifgs.
>>>>>
>>>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>>>> ml"
>>>>> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>>>> ml>
>>>>>
>>>>> Or you could modify the existing f5login like
>>>>> so.
>>>>>
>>>>> I think you have to use the carrot before the ()
>>>>> to work. I haven't
>>>>> checked this as I am at home and not on a UNIX
>>>>> system right now. Sorry
>>>>> to lazy to check it out right now. You might
>>>>> want to uncomment the line
>>>>> below 3. and comment out the line below 2. and
>>>>> see if that works. This
>>>>> is the only point in the code that I see it look
>>>>> for login in any line.
>>>>> If that doesn't work send me back the debug and
>>>>> I will see what I can
>>>>> do. I am sure some people that use expect more
>>>>> often then I can probably
>>>>> quickly tell you what to use as syntax there.
>>>>>
>>>>> # Figure out prompts
>>>>> set u_prompt [find userprompt $router
>>>>> if { "$u_prompt" == "" } {
>>>>> #1. ORIGINAL
>>>>> #set u_prompt
>>>>> "^(Username|Login|login|user name):"
>>>>> #2. Modified to read for a line beginning
>>>>> with
>>>>> Username,Login,login, or
>>>>> user name.
>>>>> set u_prompt "^(Username|Login|login|user
>>>>> name):"
>>>>> #3. Modified to read for a line beginning
>>>>> with Login or login.
>>>>> but I
>>>>> may be wrong
>>>>> #set u_prompt
>>>>> "^(Username|^Login|^login|user name):"
>>>>> } else {
>>>>> set u_prompt [join [lindex $u_prompt 0]
>>>>> ""]
>>>>>
>>>>>
>>>>> Let me know if this works for you.
>>>>>
>>>>> -Lance
>>>>>
>>>>>
>>>>>
>>>>> -------- Original Message --------
>>>>> Subject: Re: [rancid] F5 load balancer
>>>>> support
>>>>> From: Sam Munzani <smunzani at comcast.net>
>>>>> <mailto:smunzani at comcast.net>
>>>>> Date: Fri, July 13, 2007 2:30 pm
>>>>> To: Lance <rancid at gheek.net>
>>>>> <mailto:rancid at gheek.net>
>>>>> Cc: rancid-discuss at shrubbery.net
>>>>>
>>>>> Lance,
>>>>>
>>>>> F5 login works fine with a minor error.
>>>>>
>>>>> $ f5login test-f5-01
>>>>> test-f5-01
>>>>> spawn ssh -c 3des -x -l root test-f5-01
>>>>> Password:
>>>>> Last login: Fri Jul 13 14:26:28 2007
>>>>> from 172.24.100.12
>>>>> root
>>>>> [root at test-f5-01:Active] config # root
>>>>> -bash: root: command not found
>>>>> [root at test-f5-01:Active] config #
>>>>> [root at test-f5-01:Active] config #
>>>>> [root at test-f5-01:Active] config #
>>>>>
>>>>> I don't know how to debug otherwise I
>>>>> would turn on debug too. If you
>>>>> can provide some hints on debug, I would
>>>>> appreciate it.
>>>>>
>>>>> Thanks,
>>>>> Sam
>>>>>
>>>>>
>>>>> What error(s) do you get when you try to
>>>>> run your f5rancid?
>>>>>
>>>>> Where does it fail if you debug your
>>>>> f5login?
>>>>>
>>>>>
>>>>> -lance
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------- Original Message --------
>>>>> Subject: [rancid] F5 load balancer
>>>>> support
>>>>> From: Sam Munzani <smunzani at comcast.net>
>>>>> <mailto:smunzani at comcast.net>
>>>>> Date: Fri, July 13, 2007 12:45 pm
>>>>> To: rancid-discuss at shrubbery.net
>>>>>
>>>>> Hi,
>>>>>
>>>>> Did anybody happened to hack one of
>>>>> Cisco scripts to support
>>>>>
>>>>>
>>>>> BigIP F5
>>>>>
>>>>>
>>>>> boxes? It should be pretty simple. All I
>>>>> want to do is login and
>>>>>
>>>>>
>>>>> type "b
>>>>>
>>>>>
>>>>> list" which is equivalent of "show run"
>>>>> on cisco.
>>>>>
>>>>> However for some reason things not
>>>>> working. All I did was copied
>>>>>
>>>>>
>>>>> clogin
>>>>>
>>>>>
>>>>> to f5login, copied rancid to f5rancid
>>>>> and added following to
>>>>>
>>>>>
>>>>> rancid-fe.
>>>>>
>>>>>
>>>>> elsif ($vendor =~ /^f5$/i)
>>>>> { exec('f5rancid',
>>>>>
>>>>>
>>>>> $router); }
>>>>>
>>>>>
>>>>> Then modified f5 rancid file and kept
>>>>> only one command in list of
>>>>> commands "b list".
>>>>>
>>>>> For some reason its not working. I can
>>>>> post my configs here if
>>>>>
>>>>>
>>>>> somebody
>>>>>
>>>>>
>>>>> like to see them.
>>>>>
>>>>> Thanks,
>>>>> Sam
>>>>>
>>>>> _______________________________________________
>>>>> Rancid-discuss mailing list
>>>>> Rancid-discuss at shrubbery.net
>>>>>
>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Rancid-discuss mailing list
>>>>> Rancid-discuss at shrubbery.net
>>>>>
>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Rancid-discuss mailing list
>>>>> Rancid-discuss at shrubbery.net
>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
>>>>> Rancid-discuss mailing list
>>>>> Rancid-discuss at shrubbery.net
>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>
>>>>
>>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070829/e3aab338/attachment.html
More information about the Rancid-discuss
mailing list