[rancid] Re: F5 load balancer support

Sam Munzani sam at munzani.com
Wed Aug 29 17:50:20 UTC 2007


Team,

I am sorry to reopen this old thread but the question I have relates to 
this old thread.
Attached 2 rancid login files work fine on newer F5 boxes. However on 
old boxes, it prompts for "term type" at the ssh login. I need to insert 
logic in the script to answer to this "term type" question. What's best 
way to handle it?

Pass it as an argument like
f5login -t vt100 device-name

and then catch the variable and add necessary logic for the expect?

Thanks,
Sam
> I have been on vacation for the last couple of weeks or I would have 
> posted this sooner and possibly saved some of you a bit of effort. 
>  
> It sounds like Lance and Sam have put together a working f5rancid 
> with basic functionality which Sam posted last night.  I have attached 
> my f5rancid which I have been running for a few months.  Installation 
> instructions are included as comments in the file.  This version uses 
> clogin so that a separate f5login script is not required.
>  
> This version formats and processes the output to make it more 
> usable.  As far as what is captured, I based this on the F5 equivalent 
> of a tech out.  It grabs a copy of all the configuration files, 
> hardware configuration and software version as well as the timestamps 
> and file sizes for SSL certs hosted on the device.  This facilitates 
> rebuilding from scratch as quickly as possible if this is ever needed.  
>  
> I was able to resolve the bug I mentioned yesterday by increasing the 
> clogin timeout.  On a small number of devices it failed to process the 
> last few commands when running from cron but always worked properly 
> from the command line on all devices [making it difficult to track 
> down].   I mention this because it may be an appropriate fix for other 
> intermittent problems sometimes discussed on this list.
>  
> Any feedback is appreciated.  I hope to get f5 support added to future 
> releases of rancid. 
>  
> Thanks,
>  
> Mike
>  
>  
>
> ------------------------------------------------------------------------
> *From:* Sam Munzani [mailto:sam at munzani.com]
> *Sent:* Monday, July 16, 2007 7:49 PM
> *To:* Lance
> *Cc:* Mike Ashcraft; rancid-discuss at shrubbery.net
> *Subject:* Re: [rancid] Re: F5 load balancer support
>
> Lance,
>
> Thanks a lot for all your help. Pretty much you did all the work while 
> I watched what you are doing :-)..
>
> Attached are cleaned up files. In f5rancid file, I have left some 
> basic functions(non platform specific) just in case we expand this 
> script to do a lot more than just "b list" output. In rancid-fe, we 
> defined a new device type "f5", f5login was copied from clogin and 
> remarked some "term length" statements we don't need on F5.
>
> All 3 files are attached and working great. Please be aware, we are 
> not parsing anything at all. All its doing is basic function of 
> running "b list" command and capturing its output. As I expand more on 
> this, I will be sure to share with the audience here.
>
> Again, thanks a lot for all your help today.
>
> Regards,
> Sam
>> I have helped Sam get a working f5rancid which requires a f5login (only
>> because it doesn't recognize the prompt with a space and exit, unless
>> you enter a return before the exit). He is cleaning up all the unused
>> functions and will post it.
>>
>> Once John H. sends out his script I will look at it and see how it
>> differs from the one I did with Sam. I will even help Sam get it working
>> for his setup. We will let you know when it is all working.
>>
>> -lance
>>
>>   
>>> -------- Original Message --------
>>> Subject: [rancid] Re: F5 load balancer support
>>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>>> Date: Mon, July 16, 2007 11:48 am
>>> To: <sam at munzani.com>
>>> Cc: rancid-discuss at shrubbery.net
>>>
>>> Sam,
>>>  
>>> I have a working f5rancid that I have been using for a number of months
>>> now.   I have one minor bug related to tracking installed SSL certs
>>> which you probably don't care about.  Other than that, it works great.
>>>  
>>> I did encounter and solve all the problems you have been discussing on
>>> the list.
>>>  
>>> Let me know if you are interested in trying what I have.  I have tested
>>> it with Big-IP 9.1.2.  
>>>  
>>> Mike
>>>
>>> ________________________________
>>>
>>> From: rancid-discuss-bounces at shrubbery.net
>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
>>> Sent: Monday, July 16, 2007 10:58 AM
>>> To: smunzani at comcast.net
>>> Cc: rancid-discuss at shrubbery.net
>>> Subject: [rancid] Re: F5 load balancer support
>>>
>>>
>>> BTW, this is what I see in the log when I do rancid-run now. That means
>>> the f5rancid file(hacked copy of rancid) is still missing something.
>>>
>>> more nfl.20070716.114842
>>> starting: Mon Jul 16 11:48:42 CDT 2007
>>>
>>>
>>>
>>> Trying to get all of the configs.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 1.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 2.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 3.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 4.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>>
>>> cvs diff: Diffing .
>>> cvs diff: Diffing configs
>>> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
>>>
>>>
>>>
>>> Trying to get all of the configs.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 1.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 2.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 3.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>> =====================================
>>> Getting missed routers: round 4.
>>> test-f5-01: End of run not found
>>> -bash: write: command not found
>>>
>>> cvs diff: Diffing .
>>> cvs diff: Diffing configs
>>> cvs diff: cannot find configs/test-f5-01
>>> cvs commit: Examining .
>>> cvs commit: Examining configs
>>> cvs commit: Up-to-date check failed for `configs/test-f5-01'
>>> cvs [commit aborted]: correct above errors first!
>>> ls: test-f5-01: No such file or directory
>>>
>>> ending: Mon Jul 16 11:49:41 CDT 2007
>>>
>>> Thanks,
>>> Sam
>>>
>>>
>>> 	David,
>>> 	
>>> 	Thanks a lot for the tip. This worked well. Now f5login goes
>>> much more 
>>> 	cleaner and the "root" doesn't set sent again. I still have
>>> other issues 
>>> 	where rancid-run is backing up config properly but I am still 
>>> 	troubleshooting it.
>>> 	
>>> 	Now here is a question. What does "bldshgalsjd" mean and how
>>> does it do 
>>> 	this miracle?
>>> 	
>>> 	Thanks,
>>> 	Sam
>>> 	  
>>>
>>> 		Thanks for this tip, turns out that this is also the
>>> reason the
>>> 		username gets entered at a prompt on the cisco IPS
>>> devices. Since it's
>>> 		using SSH and therefore doesn't need a username prompt,
>>> solution was
>>> 		to simply add in .cloginrc:
>>> 		
>>> 		add userprompt ids* bldshgalsjd  (<- something that
>>> won't get sent 
>>> 		during login)
>>> 		
>>> 		Regards,
>>> 		
>>> 		David
>>> 		
>>> 		On 14/07/07, Lance <rancid at gheek.net>
>>> <mailto:rancid at gheek.net>  wrote:
>>> 		    
>>>
>>> 			Sam,
>>> 			
>>> 			Have you tried using telnet to login, if the f5
>>> has it enabled.
>>> 			You may also want to set auto enable in your
>>> .cloginrc for this device
>>> 			as it looks to clogin as you are already in a
>>> cisco equivalent equal to
>>> 			enable since your prompt has a # sign in it.
>>> 			
>>> 			Looking at your next email along with this one
>>> it looks like you are
>>> 			already in a cisco equivalent of enable after
>>> you login. f5login seems
>>> 			to be sending your username of root as a command
>>> after you get connected
>>> 			because it sees this line "Last login: Fri Jul
>>> 13 14:38:03 2007 from
>>> 			172.24.100.12" and it matches on the word
>>> "Login". See below.
>>> 			
>>> 			"(Username|Login|login|user name):"? yes
>>> 			
>>> 			expect: set expect_out(0,string) "login:"
>>> 			
>>> 			expect: set expect_out(1,string) "login"
>>> 			
>>> 			expect: set expect_out(spawn_id) "exp4"
>>> 			
>>> 			expect: set expect_out(buffer) " \r\nLast
>>> login:"
>>> 			
>>> 			send: sending "root\r" to { exp4 }
>>> 			
>>> 			expect: continuing expect
>>> 			
>>> 			You are just using a Cisco login/parsing script
>>> so it expects prompts
>>> 			from a Cisco device and in this case you have a
>>> *nix SSH banner that
>>> 			gets interrupted. I know you can use RANCID to
>>> backup *nix systems. So
>>> 			it knows how to understand connecting to a *nix
>>> system. You might want
>>> 			to try this email thread which asks about
>>> backing up Linux conifgs.
>>> 	
>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>> ml"
>>> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>>> ml>  
>>> 			
>>> 			Or you could modify the existing f5login like
>>> so.
>>> 			
>>> 			I think you have to use the carrot before the ()
>>> to work. I haven't
>>> 			checked this as I am at home and not on a UNIX
>>> system right now. Sorry
>>> 			to lazy to check it out right now. You might
>>> want to uncomment the line
>>> 			below 3. and comment out the line below 2. and
>>> see if that works. This
>>> 			is the only point in the code that I see it look
>>> for login in any line.
>>> 			If that doesn't work send me back the debug and
>>> I will see what I can
>>> 			do. I am sure some people that use expect more
>>> often then I can probably
>>> 			quickly tell you what to use as syntax there.
>>> 			
>>> 			# Figure out prompts
>>> 			   set u_prompt [find userprompt $router
>>> 			if { "$u_prompt" == "" } {
>>> 			       #1. ORIGINAL
>>> 			       #set u_prompt
>>> "^(Username|Login|login|user name):"
>>> 			       #2. Modified to read for a line beginning
>>> with 
>>> 			Username,Login,login, or
>>> 			user name.
>>> 			       set u_prompt "^(Username|Login|login|user
>>> name):"
>>> 			       #3. Modified to read for a line beginning
>>> with Login or login. 
>>> 			but I
>>> 			may be wrong
>>> 			       #set u_prompt
>>> "^(Username|^Login|^login|user name):"
>>> 			   } else {
>>> 			       set u_prompt [join [lindex $u_prompt 0]
>>> ""]
>>> 			
>>> 			
>>> 			Let me know if this works for you.
>>> 			
>>> 			-Lance
>>> 			
>>> 			      
>>>
>>> 				-------- Original Message --------
>>> 				Subject: Re: [rancid]  F5 load balancer
>>> support
>>> 				From: Sam Munzani <smunzani at comcast.net>
>>> <mailto:smunzani at comcast.net> 
>>> 				Date: Fri, July 13, 2007 2:30 pm
>>> 				To: Lance <rancid at gheek.net>
>>> <mailto:rancid at gheek.net> 
>>> 				Cc: rancid-discuss at shrubbery.net
>>> 				
>>> 				Lance,
>>> 				
>>> 				F5 login works fine with a minor error.
>>> 				
>>> 				$ f5login test-f5-01
>>> 				test-f5-01
>>> 				spawn ssh -c 3des -x -l root test-f5-01
>>> 				Password:
>>> 				Last login: Fri Jul 13 14:26:28 2007
>>> from 172.24.100.12
>>> 				root
>>> 				[root at test-f5-01:Active] config # root
>>> 				-bash: root: command not found
>>> 				[root at test-f5-01:Active] config #
>>> 				[root at test-f5-01:Active] config #
>>> 				[root at test-f5-01:Active] config #
>>> 				
>>> 				I don't know how to debug otherwise I
>>> would turn on debug too. If you
>>> 				can provide some hints on debug, I would
>>> appreciate it.
>>> 				
>>> 				Thanks,
>>> 				Sam
>>> 				        
>>>
>>> 				What error(s) do you get when you try to
>>> run your f5rancid?
>>> 				
>>> 				Where does it fail if you debug your
>>> f5login?
>>> 				
>>> 				
>>> 				-lance
>>> 				
>>> 				
>>> 				          
>>>
>>> 				-------- Original Message --------
>>> 				Subject: [rancid]  F5 load balancer
>>> support
>>> 				From: Sam Munzani <smunzani at comcast.net>
>>> <mailto:smunzani at comcast.net> 
>>> 				Date: Fri, July 13, 2007 12:45 pm
>>> 				To: rancid-discuss at shrubbery.net
>>> 				
>>> 				Hi,
>>> 				
>>> 				Did anybody happened to hack one of
>>> Cisco scripts to support 
>>> 				            
>>>
>>> 			BigIP F5
>>> 			      
>>>
>>> 				boxes? It should be pretty simple. All I
>>> want to do is login and
>>> 				            
>>>
>>> 				type "b
>>> 				        
>>>
>>> 				list" which is equivalent of "show run"
>>> on cisco.
>>> 				
>>> 				However for some reason things not
>>> working. All I did was copied
>>> 				            
>>>
>>> 				clogin
>>> 				        
>>>
>>> 				to f5login, copied rancid to f5rancid
>>> and added following to
>>> 				            
>>>
>>> 				rancid-fe.
>>> 				        
>>>
>>> 				elsif ($vendor =~ /^f5$/i)
>>> { exec('f5rancid', 
>>> 				            
>>>
>>> 			$router); }
>>> 			      
>>>
>>> 				Then modified f5 rancid file and kept
>>> only one command in list of
>>> 				commands "b list".
>>> 				
>>> 				For some reason its not working. I can
>>> post my configs here if
>>> 				            
>>>
>>> 				somebody
>>> 				        
>>>
>>> 				like to see them.
>>> 				
>>> 				Thanks,
>>> 				Sam
>>> 	
>>> _______________________________________________
>>> 				Rancid-discuss mailing list
>>> 				Rancid-discuss at shrubbery.net
>>> 	
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>> 				
>>> 				            
>>>
>>> 				
>>> 				          
>>>
>>> 			_______________________________________________
>>> 			Rancid-discuss mailing list
>>> 			Rancid-discuss at shrubbery.net
>>> 	
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>> 			
>>> 			      
>>>
>>> 	
>>> 	_______________________________________________
>>> 	Rancid-discuss mailing list
>>> 	Rancid-discuss at shrubbery.net
>>> 	http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>     
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>   
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070829/a9aba213/attachment.html 


More information about the Rancid-discuss mailing list