[rancid] Re: F5 load balancer support
Sam Munzani
sam at munzani.com
Mon Jul 16 16:57:33 UTC 2007
BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
> David,
>
> Thanks a lot for the tip. This worked well. Now f5login goes much more
> cleaner and the "root" doesn't set sent again. I still have other issues
> where rancid-run is backing up config properly but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd" mean and how does it do
> this miracle?
>
> Thanks,
> Sam
>
>> Thanks for this tip, turns out that this is also the reason the
>> username gets entered at a prompt on the cisco IPS devices. Since it's
>> using SSH and therefore doesn't need a username prompt, solution was
>> to simply add in .cloginrc:
>>
>> add userprompt ids* bldshgalsjd (<- something that won't get sent
>> during login)
>>
>> Regards,
>>
>> David
>>
>> On 14/07/07, Lance <rancid at gheek.net> wrote:
>>
>>> Sam,
>>>
>>> Have you tried using telnet to login, if the f5 has it enabled.
>>> You may also want to set auto enable in your .cloginrc for this device
>>> as it looks to clogin as you are already in a cisco equivalent equal to
>>> enable since your prompt has a # sign in it.
>>>
>>> Looking at your next email along with this one it looks like you are
>>> already in a cisco equivalent of enable after you login. f5login seems
>>> to be sending your username of root as a command after you get connected
>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
>>> 172.24.100.12" and it matches on the word "Login". See below.
>>>
>>> "(Username|Login|login|user name):"? yes
>>>
>>> expect: set expect_out(0,string) "login:"
>>>
>>> expect: set expect_out(1,string) "login"
>>>
>>> expect: set expect_out(spawn_id) "exp4"
>>>
>>> expect: set expect_out(buffer) " \r\nLast login:"
>>>
>>> send: sending "root\r" to { exp4 }
>>>
>>> expect: continuing expect
>>>
>>> You are just using a Cisco login/parsing script so it expects prompts
>>> from a Cisco device and in this case you have a *nix SSH banner that
>>> gets interrupted. I know you can use RANCID to backup *nix systems. So
>>> it knows how to understand connecting to a *nix system. You might want
>>> to try this email thread which asks about backing up Linux conifgs.
>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>>>
>>> Or you could modify the existing f5login like so.
>>>
>>> I think you have to use the carrot before the () to work. I haven't
>>> checked this as I am at home and not on a UNIX system right now. Sorry
>>> to lazy to check it out right now. You might want to uncomment the line
>>> below 3. and comment out the line below 2. and see if that works. This
>>> is the only point in the code that I see it look for login in any line.
>>> If that doesn't work send me back the debug and I will see what I can
>>> do. I am sure some people that use expect more often then I can probably
>>> quickly tell you what to use as syntax there.
>>>
>>> # Figure out prompts
>>> set u_prompt [find userprompt $router
>>> if { "$u_prompt" == "" } {
>>> #1. ORIGINAL
>>> #set u_prompt "^(Username|Login|login|user name):"
>>> #2. Modified to read for a line beginning with
>>> Username,Login,login, or
>>> user name.
>>> set u_prompt "^(Username|Login|login|user name):"
>>> #3. Modified to read for a line beginning with Login or login.
>>> but I
>>> may be wrong
>>> #set u_prompt "^(Username|^Login|^login|user name):"
>>> } else {
>>> set u_prompt [join [lindex $u_prompt 0] ""]
>>>
>>>
>>> Let me know if this works for you.
>>>
>>> -Lance
>>>
>>>
>>>> -------- Original Message --------
>>>> Subject: Re: [rancid] F5 load balancer support
>>>> From: Sam Munzani <smunzani at comcast.net>
>>>> Date: Fri, July 13, 2007 2:30 pm
>>>> To: Lance <rancid at gheek.net>
>>>> Cc: rancid-discuss at shrubbery.net
>>>>
>>>> Lance,
>>>>
>>>> F5 login works fine with a minor error.
>>>>
>>>> $ f5login test-f5-01
>>>> test-f5-01
>>>> spawn ssh -c 3des -x -l root test-f5-01
>>>> Password:
>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
>>>> root
>>>> [root at test-f5-01:Active] config # root
>>>> -bash: root: command not found
>>>> [root at test-f5-01:Active] config #
>>>> [root at test-f5-01:Active] config #
>>>> [root at test-f5-01:Active] config #
>>>>
>>>> I don't know how to debug otherwise I would turn on debug too. If you
>>>> can provide some hints on debug, I would appreciate it.
>>>>
>>>> Thanks,
>>>> Sam
>>>>
>>>>> What error(s) do you get when you try to run your f5rancid?
>>>>>
>>>>> Where does it fail if you debug your f5login?
>>>>>
>>>>>
>>>>> -lance
>>>>>
>>>>>
>>>>>
>>>>>> -------- Original Message --------
>>>>>> Subject: [rancid] F5 load balancer support
>>>>>> From: Sam Munzani <smunzani at comcast.net>
>>>>>> Date: Fri, July 13, 2007 12:45 pm
>>>>>> To: rancid-discuss at shrubbery.net
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Did anybody happened to hack one of Cisco scripts to support
>>>>>>
>>> BigIP F5
>>>
>>>>>> boxes? It should be pretty simple. All I want to do is login and
>>>>>>
>>>> type "b
>>>>
>>>>>> list" which is equivalent of "show run" on cisco.
>>>>>>
>>>>>> However for some reason things not working. All I did was copied
>>>>>>
>>>> clogin
>>>>
>>>>>> to f5login, copied rancid to f5rancid and added following to
>>>>>>
>>>> rancid-fe.
>>>>
>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>>>>>>
>>> $router); }
>>>
>>>>>> Then modified f5 rancid file and kept only one command in list of
>>>>>> commands "b list".
>>>>>>
>>>>>> For some reason its not working. I can post my configs here if
>>>>>>
>>>> somebody
>>>>
>>>>>> like to see them.
>>>>>>
>>>>>> Thanks,
>>>>>> Sam
>>>>>> _______________________________________________
>>>>>> Rancid-discuss mailing list
>>>>>> Rancid-discuss at shrubbery.net
>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>>
>>>>>>
>>>>>
>>>>>
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/36447911/attachment.html
More information about the Rancid-discuss
mailing list