[rancid] Re: F5 load balancer support

Sam Munzani smunzani at comcast.net
Wed Aug 29 21:45:58 UTC 2007


Mike,

You are absolutely correct. My manual typing and ignoring expect syntax 
rules had issues. This time I cut-pasted your code and it worked fine.

Thanks a lot,
Sam
> Sam,
>  
> Glad you got it working. 
>  
> Your problem was that you inserted my patch manually and accidentally 
> made a syntax error.
>  
> In expect, you can not start a line with else, it has to be:
>  
>     } else {
>  
> If you have a chance to make this change and try it out, please let me 
> know. 
>  
>  
> Mike
>
> ------------------------------------------------------------------------
> *From:* Sam Munzani [mailto:smunzani at comcast.net]
> *Sent:* Wednesday, August 29, 2007 3:06 PM
> *To:* Mike Ashcraft
> *Cc:* rancid-discuss at shrubbery.net
> *Subject:* Re: [rancid] Re: F5 load balancer support
>
> Mike,
>
> Yes. The code was 4.x. I ended up hard coding the term with vt100. The 
> look gave me an error for some reason. Below is the code I added below 
> Cat1900 code.
> When I added following code, I got error.
>         -re "Terminal type\?"   {
>                                 if {[info exists env(TERM)]} {
>                                         send "$env(TERM)\r"
>                                         }
>                                 else { 
>                                         send "vt100\r"
>                                         }
>                                 }
> ########## error output ########
> Terminal type? [xterm] invalid command name "else"
>     while executing
> "else {
>                                         send "vt100\r"
>                                         }"
>     invoked from within
> "expect -nobrace -re {(Connection refused|Secure connection [^
> ]+ refused)} {
>             catch {close}; wait
>             if !$progs {
>                 send_user "\nError: Connect..."
>     invoked from within
> "expect {
>         -re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
>             catch {close}; wait
>             if !$progs {
>                 send_user "\nError: Connection..."
>     (procedure "login" line 73)
>     invoked from within
> "login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype"
>     ("foreach" body line 111)
>     invoked from within
> "foreach router [lrange $argv $i end] {
>     set router [string tolower $router]
>     send_user "$router\n"
>
> ################################
>
> So I hard coded to vt100 like below
>
>         -re "Terminal type\?"   {
>                                 send "vt100\r"
>                                 }
>
> and things are working fine.
>
> Thanks,
> Sam
>> Sam,
>>  
>> What version is on your old boxes?  4.x?  I don't know how well 
>> f5rancid will work on BIG-IP 4.x as I do not have it to test. 
>>  
>> That said, along with all disclaimers of fitness for any purpose or 
>> any liability for anything that might happen, I gave it a 
>> quick attempt. 
>>  
>> Here is a diff for f5login that you can test.  This tries to send the 
>> TERM type from your environment and defaults to vt100 if it is not 
>> set.  It replaces a chunk of Cisco related code that is not needed.
>>  
>> 418,421c418,424
>> <       -re "Enter Selection: " {
>> <                                 # Catalyst 1900s have some lame 
>> menu.  Enter
>> <                                 # K to reach a command-line.
>> <                                 send "K\r"
>> ---
>> >       -re "Terminal type\?" {
>> >                                 # v4.x asks for term type
>> >                                   if {[info exists env(TERM)]} {
>> >                                       send "$env(TERM)\r"
>> >                                 } else {
>> >                                 send "vt100\r"
>> >                                   }
>> If that does not work,  adjust the regex to match the actual prompt 
>> and hardcode vt100 if necessary.  If that fails, send a screen 
>> capture of the normal login process and the results of an f5login for 
>> comparison.
>>  
>> Mike 
>> ------------------------------------------------------------------------
>> *From:* Sam Munzani [mailto:sam at munzani.com]
>> *Sent:* Wednesday, August 29, 2007 11:50 AM
>> *To:* Mike Ashcraft
>> *Cc:* Lance; rancid-discuss at shrubbery.net
>> *Subject:* Re: [rancid] Re: F5 load balancer support
>>
>> Team,
>>
>> I am sorry to reopen this old thread but the question I have relates 
>> to this old thread.
>> Attached 2 rancid login files work fine on newer F5 boxes. However on 
>> old boxes, it prompts for "term type" at the ssh login. I need to 
>> insert logic in the script to answer to this "term type" question. 
>> What's best way to handle it?
>>
>> Pass it as an argument like
>> f5login -t vt100 device-name
>>
>> and then catch the variable and add necessary logic for the expect?
>>
>> Thanks,
>> Sam
>>> I have been on vacation for the last couple of weeks or I would have 
>>> posted this sooner and possibly saved some of you a bit of effort. 
>>>  
>>> It sounds like Lance and Sam have put together a working f5rancid 
>>> with basic functionality which Sam posted last night.  I have 
>>> attached my f5rancid which I have been running for a few months. 
>>>  Installation instructions are included as comments in the file.  
>>> This version uses clogin so that a separate f5login script is not 
>>> required.
>>>  
>>> This version formats and processes the output to make it more 
>>> usable.  As far as what is captured, I based this on the F5 
>>> equivalent of a tech out.  It grabs a copy of all the configuration 
>>> files, hardware configuration and software version as well as the 
>>> timestamps and file sizes for SSL certs hosted on the device.  This 
>>> facilitates rebuilding from scratch as quickly as possible if this 
>>> is ever needed.  
>>>  
>>> I was able to resolve the bug I mentioned yesterday by increasing 
>>> the clogin timeout.  On a small number of devices it failed to 
>>> process the last few commands when running from cron but always 
>>> worked properly from the command line on all devices [making it 
>>> difficult to track down].   I mention this because it may be an 
>>> appropriate fix for other intermittent problems sometimes discussed 
>>> on this list.
>>>  
>>> Any feedback is appreciated.  I hope to get f5 support added to 
>>> future releases of rancid. 
>>>  
>>> Thanks,
>>>  
>>> Mike
>>>  
>>>  
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Sam Munzani [mailto:sam at munzani.com]
>>> *Sent:* Monday, July 16, 2007 7:49 PM
>>> *To:* Lance
>>> *Cc:* Mike Ashcraft; rancid-discuss at shrubbery.net
>>> *Subject:* Re: [rancid] Re: F5 load balancer support
>>>
>>> Lance,
>>>
>>> Thanks a lot for all your help. Pretty much you did all the work 
>>> while I watched what you are doing :-)..
>>>
>>> Attached are cleaned up files. In f5rancid file, I have left some 
>>> basic functions(non platform specific) just in case we expand this 
>>> script to do a lot more than just "b list" output. In rancid-fe, we 
>>> defined a new device type "f5", f5login was copied from clogin and 
>>> remarked some "term length" statements we don't need on F5.
>>>
>>> All 3 files are attached and working great. Please be aware, we are 
>>> not parsing anything at all. All its doing is basic function of 
>>> running "b list" command and capturing its output. As I expand more 
>>> on this, I will be sure to share with the audience here.
>>>
>>> Again, thanks a lot for all your help today.
>>>
>>> Regards,
>>> Sam
>>>> I have helped Sam get a working f5rancid which requires a f5login (only
>>>> because it doesn't recognize the prompt with a space and exit, unless
>>>> you enter a return before the exit). He is cleaning up all the unused
>>>> functions and will post it.
>>>>
>>>> Once John H. sends out his script I will look at it and see how it
>>>> differs from the one I did with Sam. I will even help Sam get it working
>>>> for his setup. We will let you know when it is all working.
>>>>
>>>> -lance
>>>>
>>>>   
>>>>> -------- Original Message --------
>>>>> Subject: [rancid] Re: F5 load balancer support
>>>>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>>>>> Date: Mon, July 16, 2007 11:48 am
>>>>> To: <sam at munzani.com>
>>>>> Cc: rancid-discuss at shrubbery.net
>>>>>
>>>>> Sam,
>>>>>  
>>>>> I have a working f5rancid that I have been using for a number of months
>>>>> now.   I have one minor bug related to tracking installed SSL certs
>>>>> which you probably don't care about.  Other than that, it works great.
>>>>>  
>>>>> I did encounter and solve all the problems you have been discussing on
>>>>> the list.
>>>>>  
>>>>> Let me know if you are interested in trying what I have.  I have tested
>>>>> it with Big-IP 9.1.2.  
>>>>>  
>>>>> Mike
>>>>>
>>>>> ________________________________
>>>>>
>>>>> From: rancid-discuss-bounces at shrubbery.net
>>>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
>>>>> Sent: Monday, July 16, 2007 10:58 AM
>>>>> To: smunzani at comcast.net
>>>>> Cc: rancid-discuss at shrubbery.net
>>>>> Subject: [rancid] Re: F5 load balancer support
>>>>>
>>>>>
>>>>> BTW, this is what I see in the log when I do rancid-run now. That means
>>>>> the f5rancid file(hacked copy of rancid) is still missing something.
>>>>>
>>>>> more nfl.20070716.114842
>>>>> starting: Mon Jul 16 11:48:42 CDT 2007
>>>>>
>>>>>
>>>>>
>>>>> Trying to get all of the configs.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 1.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 2.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 3.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 4.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>>
>>>>> cvs diff: Diffing .
>>>>> cvs diff: Diffing configs
>>>>> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
>>>>>
>>>>>
>>>>>
>>>>> Trying to get all of the configs.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 1.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 2.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 3.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>> =====================================
>>>>> Getting missed routers: round 4.
>>>>> test-f5-01: End of run not found
>>>>> -bash: write: command not found
>>>>>
>>>>> cvs diff: Diffing .
>>>>> cvs diff: Diffing configs
>>>>> cvs diff: cannot find configs/test-f5-01
>>>>> cvs commit: Examining .
>>>>> cvs commit: Examining configs
>>>>> cvs commit: Up-to-date check failed for `configs/test-f5-01'
>>>>> cvs [commit aborted]: correct above errors first!
>>>>> ls: test-f5-01: No such file or directory
>>>>>
>>>>> ending: Mon Jul 16 11:49:41 CDT 2007
>>>>>
>>>>> Thanks,
>>>>> Sam
>>>>>
>>>>>
>>>>> 	David,
>>>>> 	
>>>>> 	Thanks a lot for the tip. This worked well. Now f5login goes
>>>>> much more 
>>>>> 	cleaner and the "root" doesn't set sent again. I still have
>>>>> other issues 
>>>>> 	where rancid-run is backing up config properly but I am still 
>>>>> 	troubleshooting it.
>>>>> 	
>>>>> 	Now here is a question. What does "bldshgalsjd" mean and how
>>>>> does it do 
>>>>> 	this miracle?
>>>>> 	
>>>>> 	Thanks,
>>>>> 	Sam
>>>>> 	  
>>>>>
>>>>> 		Thanks for this tip, turns out that this is also the
>>>>> reason the
>>>>> 		username gets entered at a prompt on the cisco IPS
>>>>> devices. Since it's
>>>>> 		using SSH and therefore doesn't need a username prompt,
>>>>> solution was
>>>>> 		to simply add in .cloginrc:
>>>>> 		
>>>>> 		add userprompt ids* bldshgalsjd  (<- something that
>>>>> won't get sent 
>>>>> 		during login)
>>>>> 		
>>>>> 		Regards,
>>>>> 		
>>>>> 		David
>>>>> 		
>>>>> 		On 14/07/07, Lance <rancid at gheek.net>
>>>>> <mailto:rancid at gheek.net>  wrote:
>>>>> 		    
>>>>>
>>>>> 			Sam,
>>>>> 			
>>>>> 			Have you tried using telnet to login, if the f5
>>>>> has it enabled.
>>>>> 			You may also want to set auto enable in your
>>>>> .cloginrc for this device
>>>>> 			as it looks to clogin as you are already in a
>>>>> cisco equivalent equal to
>>>>> 			enable since your prompt has a # sign in it.
>>>>> 			
>>>>> 			Looking at your next email along with this one
>>>>> it looks like you are
>>>>> 			already in a cisco equivalent of enable after
>>>>> you login. f5login seems
>>>>> 			to be sending your username of root as a command
>>>>> after you get connected
>>>>> 			because it sees this line "Last login: Fri Jul
>>>>> 13 14:38:03 2007 from
>>>>> 			172.24.100.12" and it matches on the word
>>>>> "Login". See below.
>>>>> 			
>>>>> 			"(Username|Login|login|user name):"? yes
>>>>> 			
>>>>> 			expect: set expect_out(0,string) "login:"
>>>>> 			
>>>>> 			expect: set expect_out(1,string) "login"
>>>>> 			
>>>>> 			expect: set expect_out(spawn_id) "exp4"
>>>>> 			
>>>>> 			expect: set expect_out(buffer) " \r\nLast
>>>>> login:"
>>>>> 			
>>>>> 			send: sending "root\r" to { exp4 }
>>>>> 			
>>>>> 			expect: continuing expect
>>>>> 			
>>>>> 			You are just using a Cisco login/parsing script
>>>>> so it expects prompts
>>>>> 			from a Cisco device and in this case you have a
>>>>> *nix SSH banner that
>>>>> 			gets interrupted. I know you can use RANCID to
>>>>> backup *nix systems. So
>>>>> 			it knows how to understand connecting to a *nix
>>>>> system. You might want
>>>>> 			to try this email thread which asks about
>>>>> backing up Linux conifgs.
>>>>> 	
>>>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>>>> ml"
>>>>> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>>>> ml>  
>>>>> 			
>>>>> 			Or you could modify the existing f5login like
>>>>> so.
>>>>> 			
>>>>> 			I think you have to use the carrot before the ()
>>>>> to work. I haven't
>>>>> 			checked this as I am at home and not on a UNIX
>>>>> system right now. Sorry
>>>>> 			to lazy to check it out right now. You might
>>>>> want to uncomment the line
>>>>> 			below 3. and comment out the line below 2. and
>>>>> see if that works. This
>>>>> 			is the only point in the code that I see it look
>>>>> for login in any line.
>>>>> 			If that doesn't work send me back the debug and
>>>>> I will see what I can
>>>>> 			do. I am sure some people that use expect more
>>>>> often then I can probably
>>>>> 			quickly tell you what to use as syntax there.
>>>>> 			
>>>>> 			# Figure out prompts
>>>>> 			   set u_prompt [find userprompt $router
>>>>> 			if { "$u_prompt" == "" } {
>>>>> 			       #1. ORIGINAL
>>>>> 			       #set u_prompt
>>>>> "^(Username|Login|login|user name):"
>>>>> 			       #2. Modified to read for a line beginning
>>>>> with 
>>>>> 			Username,Login,login, or
>>>>> 			user name.
>>>>> 			       set u_prompt "^(Username|Login|login|user
>>>>> name):"
>>>>> 			       #3. Modified to read for a line beginning
>>>>> with Login or login. 
>>>>> 			but I
>>>>> 			may be wrong
>>>>> 			       #set u_prompt
>>>>> "^(Username|^Login|^login|user name):"
>>>>> 			   } else {
>>>>> 			       set u_prompt [join [lindex $u_prompt 0]
>>>>> ""]
>>>>> 			
>>>>> 			
>>>>> 			Let me know if this works for you.
>>>>> 			
>>>>> 			-Lance
>>>>> 			
>>>>> 			      
>>>>>
>>>>> 				-------- Original Message --------
>>>>> 				Subject: Re: [rancid]  F5 load balancer
>>>>> support
>>>>> 				From: Sam Munzani <smunzani at comcast.net>
>>>>> <mailto:smunzani at comcast.net> 
>>>>> 				Date: Fri, July 13, 2007 2:30 pm
>>>>> 				To: Lance <rancid at gheek.net>
>>>>> <mailto:rancid at gheek.net> 
>>>>> 				Cc: rancid-discuss at shrubbery.net
>>>>> 				
>>>>> 				Lance,
>>>>> 				
>>>>> 				F5 login works fine with a minor error.
>>>>> 				
>>>>> 				$ f5login test-f5-01
>>>>> 				test-f5-01
>>>>> 				spawn ssh -c 3des -x -l root test-f5-01
>>>>> 				Password:
>>>>> 				Last login: Fri Jul 13 14:26:28 2007
>>>>> from 172.24.100.12
>>>>> 				root
>>>>> 				[root at test-f5-01:Active] config # root
>>>>> 				-bash: root: command not found
>>>>> 				[root at test-f5-01:Active] config #
>>>>> 				[root at test-f5-01:Active] config #
>>>>> 				[root at test-f5-01:Active] config #
>>>>> 				
>>>>> 				I don't know how to debug otherwise I
>>>>> would turn on debug too. If you
>>>>> 				can provide some hints on debug, I would
>>>>> appreciate it.
>>>>> 				
>>>>> 				Thanks,
>>>>> 				Sam
>>>>> 				        
>>>>>
>>>>> 				What error(s) do you get when you try to
>>>>> run your f5rancid?
>>>>> 				
>>>>> 				Where does it fail if you debug your
>>>>> f5login?
>>>>> 				
>>>>> 				
>>>>> 				-lance
>>>>> 				
>>>>> 				
>>>>> 				          
>>>>>
>>>>> 				-------- Original Message --------
>>>>> 				Subject: [rancid]  F5 load balancer
>>>>> support
>>>>> 				From: Sam Munzani <smunzani at comcast.net>
>>>>> <mailto:smunzani at comcast.net> 
>>>>> 				Date: Fri, July 13, 2007 12:45 pm
>>>>> 				To: rancid-discuss at shrubbery.net
>>>>> 				
>>>>> 				Hi,
>>>>> 				
>>>>> 				Did anybody happened to hack one of
>>>>> Cisco scripts to support 
>>>>> 				            
>>>>>
>>>>> 			BigIP F5
>>>>> 			      
>>>>>
>>>>> 				boxes? It should be pretty simple. All I
>>>>> want to do is login and
>>>>> 				            
>>>>>
>>>>> 				type "b
>>>>> 				        
>>>>>
>>>>> 				list" which is equivalent of "show run"
>>>>> on cisco.
>>>>> 				
>>>>> 				However for some reason things not
>>>>> working. All I did was copied
>>>>> 				            
>>>>>
>>>>> 				clogin
>>>>> 				        
>>>>>
>>>>> 				to f5login, copied rancid to f5rancid
>>>>> and added following to
>>>>> 				            
>>>>>
>>>>> 				rancid-fe.
>>>>> 				        
>>>>>
>>>>> 				elsif ($vendor =~ /^f5$/i)
>>>>> { exec('f5rancid', 
>>>>> 				            
>>>>>
>>>>> 			$router); }
>>>>> 			      
>>>>>
>>>>> 				Then modified f5 rancid file and kept
>>>>> only one command in list of
>>>>> 				commands "b list".
>>>>> 				
>>>>> 				For some reason its not working. I can
>>>>> post my configs here if
>>>>> 				            
>>>>>
>>>>> 				somebody
>>>>> 				        
>>>>>
>>>>> 				like to see them.
>>>>> 				
>>>>> 				Thanks,
>>>>> 				Sam
>>>>> 	
>>>>> _______________________________________________
>>>>> 				Rancid-discuss mailing list
>>>>> 				Rancid-discuss at shrubbery.net
>>>>> 	
>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>> 				
>>>>> 				            
>>>>>
>>>>> 				
>>>>> 				          
>>>>>
>>>>> 			_______________________________________________
>>>>> 			Rancid-discuss mailing list
>>>>> 			Rancid-discuss at shrubbery.net
>>>>> 	
>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>> 			
>>>>> 			      
>>>>>
>>>>> 	
>>>>> 	_______________________________________________
>>>>> 	Rancid-discuss mailing list
>>>>> 	Rancid-discuss at shrubbery.net
>>>>> 	http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
>>>>> Rancid-discuss mailing list
>>>>> Rancid-discuss at shrubbery.net
>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>     
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>
>>>>   
>>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070829/e3aab338/attachment.html 


More information about the Rancid-discuss mailing list