[rancid] Re: F5 load balancer support
Sam Munzani
smunzani at comcast.net
Mon Jul 16 18:00:04 UTC 2007
Lance,
That makes perfect sense. Thanks a lot for a very good logical explanation.
BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below.
# This routine processes a "write term"
sub BList {
print STDERR " In BList: $_" if ($debug);
my($lineauto,$comment,$linecnt) = (0,0,0);
while (<INPUT>) {
tr/\015//d;
last if(/^$prompt/);
return(-1) if (/command not found/i);
$linecnt++;
$lineauto = 0 if (/^[^ ]/);
# some versions have other crap mixed in with the bits in the
}
# The ContentEngine lacks a definitive "end of config" marker. If we
# know that it is a CE and we have seen at least 5 lines of b list
# o/p, we can be reasonably sure that we got the config.
if ($linecnt > 5) {
$found_end = 1;
return(1);
}
return(0);
}
# dummy function
sub DoNothing {print STDOUT;}
# Main
%commands=(
'b list' => "BList"
);
# keys() doesnt return things in the order entered and the order of the
# cmds is important (show version first and write term last). pita
@commands=(
"b list"
);
$cisco_cmds=join(";", at commands);
$cmds_regexp=join("|", at commands);
All I did was changed "write term" to "b list" and changed function name
too. I also changed a little bit around finding the end of input
variable. However it still doesn't work. I get following in my logs.
starting: Mon Jul 16 12:49:05 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
!
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 12:49:32 CDT 2007
Any hints would be appreciated.
Thanks,
Sam
> Sam,
>
> What bldshgalsjd is the prompt is looks for before it sends the
> username.
>
> Example, if the the device prompted you for a username like so, you
> would use the following.
>
> Your User name:
>
> #.cloginrc line
> add userprompt f5* "Your User name:"
>
> This would only send your username if it found the prompt of "Your User
> name:" (minus the ""). So the likely hood that it will find bldshgalsjd
> would be slim to almost impossible.
>
> -lance
>
>
>> -------- Original Message --------
>> Subject: Re: [rancid] Re: F5 load balancer support
>> From: Sam Munzani <smunzani at comcast.net>
>> Date: Mon, July 16, 2007 9:48 am
>> To: David Croft <david at infotrek.co.uk>
>> Cc: Lance <rancid at gheek.net>, rancid-discuss at shrubbery.net
>>
>> David,
>>
>> Thanks a lot for the tip. This worked well. Now f5login goes much more
>> cleaner and the "root" doesn't set sent again. I still have other issues
>> where rancid-run is backing up config properly but I am still
>> troubleshooting it.
>>
>> Now here is a question. What does "bldshgalsjd" mean and how does it do
>> this miracle?
>>
>> Thanks,
>> Sam
>>
>>> Thanks for this tip, turns out that this is also the reason the
>>> username gets entered at a prompt on the cisco IPS devices. Since it's
>>> using SSH and therefore doesn't need a username prompt, solution was
>>> to simply add in .cloginrc:
>>>
>>> add userprompt ids* bldshgalsjd (<- something that won't get sent
>>> during login)
>>>
>>> Regards,
>>>
>>> David
>>>
>>> On 14/07/07, Lance <rancid at gheek.net> wrote:
>>>
>>>> Sam,
>>>>
>>>> Have you tried using telnet to login, if the f5 has it enabled.
>>>> You may also want to set auto enable in your .cloginrc for this device
>>>> as it looks to clogin as you are already in a cisco equivalent
>>>>
>> equal to
>>
>>>> enable since your prompt has a # sign in it.
>>>>
>>>> Looking at your next email along with this one it looks like you are
>>>> already in a cisco equivalent of enable after you login. f5login seems
>>>> to be sending your username of root as a command after you get
>>>>
>> connected
>>
>>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
>>>> 172.24.100.12" and it matches on the word "Login". See below.
>>>>
>>>> "(Username|Login|login|user name):"? yes
>>>>
>>>> expect: set expect_out(0,string) "login:"
>>>>
>>>> expect: set expect_out(1,string) "login"
>>>>
>>>> expect: set expect_out(spawn_id) "exp4"
>>>>
>>>> expect: set expect_out(buffer) " \r\nLast login:"
>>>>
>>>> send: sending "root\r" to { exp4 }
>>>>
>>>> expect: continuing expect
>>>>
>>>> You are just using a Cisco login/parsing script so it expects prompts
>>>> from a Cisco device and in this case you have a *nix SSH banner that
>>>> gets interrupted. I know you can use RANCID to backup *nix systems. So
>>>> it knows how to understand connecting to a *nix system. You might want
>>>> to try this email thread which asks about backing up Linux conifgs.
>>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>>>>
>>>> Or you could modify the existing f5login like so.
>>>>
>>>> I think you have to use the carrot before the () to work. I haven't
>>>> checked this as I am at home and not on a UNIX system right now. Sorry
>>>> to lazy to check it out right now. You might want to uncomment the
>>>>
>> line
>>
>>>> below 3. and comment out the line below 2. and see if that works. This
>>>> is the only point in the code that I see it look for login in any
>>>>
>> line.
>>
>>>> If that doesn't work send me back the debug and I will see what I can
>>>> do. I am sure some people that use expect more often then I can
>>>>
>> probably
>>
>>>> quickly tell you what to use as syntax there.
>>>>
>>>> # Figure out prompts
>>>> set u_prompt [find userprompt $router
>>>> if { "$u_prompt" == "" } {
>>>> #1. ORIGINAL
>>>> #set u_prompt "^(Username|Login|login|user name):"
>>>> #2. Modified to read for a line beginning with
>>>> Username,Login,login, or
>>>> user name.
>>>> set u_prompt "^(Username|Login|login|user name):"
>>>> #3. Modified to read for a line beginning with Login or login.
>>>> but I
>>>> may be wrong
>>>> #set u_prompt "^(Username|^Login|^login|user name):"
>>>> } else {
>>>> set u_prompt [join [lindex $u_prompt 0] ""]
>>>>
>>>>
>>>> Let me know if this works for you.
>>>>
>>>> -Lance
>>>>
>>>>
>>>>> -------- Original Message --------
>>>>> Subject: Re: [rancid] F5 load balancer support
>>>>> From: Sam Munzani <smunzani at comcast.net>
>>>>> Date: Fri, July 13, 2007 2:30 pm
>>>>> To: Lance <rancid at gheek.net>
>>>>> Cc: rancid-discuss at shrubbery.net
>>>>>
>>>>> Lance,
>>>>>
>>>>> F5 login works fine with a minor error.
>>>>>
>>>>> $ f5login test-f5-01
>>>>> test-f5-01
>>>>> spawn ssh -c 3des -x -l root test-f5-01
>>>>> Password:
>>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
>>>>> root
>>>>> [root at test-f5-01:Active] config # root
>>>>> -bash: root: command not found
>>>>> [root at test-f5-01:Active] config #
>>>>> [root at test-f5-01:Active] config #
>>>>> [root at test-f5-01:Active] config #
>>>>>
>>>>> I don't know how to debug otherwise I would turn on debug too. If
>>>>>
>> you
>>
>>>>> can provide some hints on debug, I would appreciate it.
>>>>>
>>>>> Thanks,
>>>>> Sam
>>>>>
>>>>>> What error(s) do you get when you try to run your f5rancid?
>>>>>>
>>>>>> Where does it fail if you debug your f5login?
>>>>>>
>>>>>>
>>>>>> -lance
>>>>>>
>>>>>>
>>>>>>
>>>>>>> -------- Original Message --------
>>>>>>> Subject: [rancid] F5 load balancer support
>>>>>>> From: Sam Munzani <smunzani at comcast.net>
>>>>>>> Date: Fri, July 13, 2007 12:45 pm
>>>>>>> To: rancid-discuss at shrubbery.net
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Did anybody happened to hack one of Cisco scripts to support
>>>>>>>
>>>> BigIP F5
>>>>
>>>>>>> boxes? It should be pretty simple. All I want to do is login and
>>>>>>>
>>>>> type "b
>>>>>
>>>>>>> list" which is equivalent of "show run" on cisco.
>>>>>>>
>>>>>>> However for some reason things not working. All I did was copied
>>>>>>>
>>>>> clogin
>>>>>
>>>>>>> to f5login, copied rancid to f5rancid and added following to
>>>>>>>
>>>>> rancid-fe.
>>>>>
>>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>>>>>>>
>>>> $router); }
>>>>
>>>>>>> Then modified f5 rancid file and kept only one command in list of
>>>>>>> commands "b list".
>>>>>>>
>>>>>>> For some reason its not working. I can post my configs here if
>>>>>>>
>>>>> somebody
>>>>>
>>>>>>> like to see them.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Sam
>>>>>>> _______________________________________________
>>>>>>> Rancid-discuss mailing list
>>>>>>> Rancid-discuss at shrubbery.net
>>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>
>>>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/dfdac047/attachment.html
More information about the Rancid-discuss
mailing list