[rancid] Re: F5 load balancer support
john heasley
heas at shrubbery.net
Mon Jul 16 21:55:57 UTC 2007
A user gave me access to a f5, but I ran out of time and access was removed.
So, I have a nearly complete script for it that I'd like to be completed.
I'll send it to you separately.
Mon, Jul 16, 2007 at 01:00:04PM -0500, Sam Munzani:
> Lance,
>
> That makes perfect sense. Thanks a lot for a very good logical explanation.
>
> BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below.
>
> # This routine processes a "write term"
> sub BList {
> print STDERR " In BList: $_" if ($debug);
> my($lineauto,$comment,$linecnt) = (0,0,0);
>
> while (<INPUT>) {
> tr/\015//d;
> last if(/^$prompt/);
> return(-1) if (/command not found/i);
> $linecnt++;
> $lineauto = 0 if (/^[^ ]/);
> # some versions have other crap mixed in with the bits in the
>
> }
> # The ContentEngine lacks a definitive "end of config" marker. If we
> # know that it is a CE and we have seen at least 5 lines of b list
> # o/p, we can be reasonably sure that we got the config.
> if ($linecnt > 5) {
> $found_end = 1;
> return(1);
> }
>
> return(0);
> }
>
> # dummy function
> sub DoNothing {print STDOUT;}
>
> # Main
> %commands=(
> 'b list' => "BList"
> );
> # keys() doesnt return things in the order entered and the order of the
> # cmds is important (show version first and write term last). pita
> @commands=(
> "b list"
> );
> $cisco_cmds=join(";", at commands);
> $cmds_regexp=join("|", at commands);
>
> All I did was changed "write term" to "b list" and changed function name
> too. I also changed a little bit around finding the end of input
> variable. However it still doesn't work. I get following in my logs.
>
> starting: Mon Jul 16 12:49:05 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> !
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 12:49:32 CDT 2007
>
> Any hints would be appreciated.
>
> Thanks,
> Sam
> >Sam,
> >
> >What bldshgalsjd is the prompt is looks for before it sends the
> >username.
> >
> >Example, if the the device prompted you for a username like so, you
> >would use the following.
> >
> >Your User name:
> >
> >#.cloginrc line
> >add userprompt f5* "Your User name:"
> >
> >This would only send your username if it found the prompt of "Your User
> >name:" (minus the ""). So the likely hood that it will find bldshgalsjd
> >would be slim to almost impossible.
> >
> >-lance
> >
> >
> >>-------- Original Message --------
> >>Subject: Re: [rancid] Re: F5 load balancer support
> >>From: Sam Munzani <smunzani at comcast.net>
> >>Date: Mon, July 16, 2007 9:48 am
> >>To: David Croft <david at infotrek.co.uk>
> >>Cc: Lance <rancid at gheek.net>, rancid-discuss at shrubbery.net
> >>
> >>David,
> >>
> >>Thanks a lot for the tip. This worked well. Now f5login goes much more
> >>cleaner and the "root" doesn't set sent again. I still have other issues
> >>where rancid-run is backing up config properly but I am still
> >>troubleshooting it.
> >>
> >>Now here is a question. What does "bldshgalsjd" mean and how does it do
> >>this miracle?
> >>
> >>Thanks,
> >>Sam
> >>
> >>>Thanks for this tip, turns out that this is also the reason the
> >>>username gets entered at a prompt on the cisco IPS devices. Since it's
> >>>using SSH and therefore doesn't need a username prompt, solution was
> >>>to simply add in .cloginrc:
> >>>
> >>>add userprompt ids* bldshgalsjd (<- something that won't get sent
> >>>during login)
> >>>
> >>>Regards,
> >>>
> >>>David
> >>>
> >>>On 14/07/07, Lance <rancid at gheek.net> wrote:
> >>>
> >>>>Sam,
> >>>>
> >>>>Have you tried using telnet to login, if the f5 has it enabled.
> >>>>You may also want to set auto enable in your .cloginrc for this device
> >>>>as it looks to clogin as you are already in a cisco equivalent
> >>>>
> >>equal to
> >>
> >>>>enable since your prompt has a # sign in it.
> >>>>
> >>>>Looking at your next email along with this one it looks like you are
> >>>>already in a cisco equivalent of enable after you login. f5login seems
> >>>>to be sending your username of root as a command after you get
> >>>>
> >>connected
> >>
> >>>>because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> >>>>172.24.100.12" and it matches on the word "Login". See below.
> >>>>
> >>>>"(Username|Login|login|user name):"? yes
> >>>>
> >>>>expect: set expect_out(0,string) "login:"
> >>>>
> >>>>expect: set expect_out(1,string) "login"
> >>>>
> >>>>expect: set expect_out(spawn_id) "exp4"
> >>>>
> >>>>expect: set expect_out(buffer) " \r\nLast login:"
> >>>>
> >>>>send: sending "root\r" to { exp4 }
> >>>>
> >>>>expect: continuing expect
> >>>>
> >>>>You are just using a Cisco login/parsing script so it expects prompts
> >>>>from a Cisco device and in this case you have a *nix SSH banner that
> >>>>gets interrupted. I know you can use RANCID to backup *nix systems. So
> >>>>it knows how to understand connecting to a *nix system. You might want
> >>>>to try this email thread which asks about backing up Linux conifgs.
> >>>>"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> >>>>
> >>>>Or you could modify the existing f5login like so.
> >>>>
> >>>>I think you have to use the carrot before the () to work. I haven't
> >>>>checked this as I am at home and not on a UNIX system right now. Sorry
> >>>>to lazy to check it out right now. You might want to uncomment the
> >>>>
> >>line
> >>
> >>>>below 3. and comment out the line below 2. and see if that works. This
> >>>>is the only point in the code that I see it look for login in any
> >>>>
> >>line.
> >>
> >>>>If that doesn't work send me back the debug and I will see what I can
> >>>>do. I am sure some people that use expect more often then I can
> >>>>
> >>probably
> >>
> >>>>quickly tell you what to use as syntax there.
> >>>>
> >>>># Figure out prompts
> >>>> set u_prompt [find userprompt $router
> >>>>if { "$u_prompt" == "" } {
> >>>> #1. ORIGINAL
> >>>> #set u_prompt "^(Username|Login|login|user name):"
> >>>> #2. Modified to read for a line beginning with
> >>>>Username,Login,login, or
> >>>>user name.
> >>>> set u_prompt "^(Username|Login|login|user name):"
> >>>> #3. Modified to read for a line beginning with Login or login.
> >>>>but I
> >>>>may be wrong
> >>>> #set u_prompt "^(Username|^Login|^login|user name):"
> >>>> } else {
> >>>> set u_prompt [join [lindex $u_prompt 0] ""]
> >>>>
> >>>>
> >>>>Let me know if this works for you.
> >>>>
> >>>>-Lance
> >>>>
> >>>>
> >>>>>-------- Original Message --------
> >>>>>Subject: Re: [rancid] F5 load balancer support
> >>>>>From: Sam Munzani <smunzani at comcast.net>
> >>>>>Date: Fri, July 13, 2007 2:30 pm
> >>>>>To: Lance <rancid at gheek.net>
> >>>>>Cc: rancid-discuss at shrubbery.net
> >>>>>
> >>>>>Lance,
> >>>>>
> >>>>>F5 login works fine with a minor error.
> >>>>>
> >>>>>$ f5login test-f5-01
> >>>>>test-f5-01
> >>>>>spawn ssh -c 3des -x -l root test-f5-01
> >>>>>Password:
> >>>>>Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> >>>>>root
> >>>>>[root at test-f5-01:Active] config # root
> >>>>>-bash: root: command not found
> >>>>>[root at test-f5-01:Active] config #
> >>>>>[root at test-f5-01:Active] config #
> >>>>>[root at test-f5-01:Active] config #
> >>>>>
> >>>>>I don't know how to debug otherwise I would turn on debug too. If
> >>>>>
> >>you
> >>
> >>>>>can provide some hints on debug, I would appreciate it.
> >>>>>
> >>>>>Thanks,
> >>>>>Sam
> >>>>>
> >>>>>>What error(s) do you get when you try to run your f5rancid?
> >>>>>>
> >>>>>>Where does it fail if you debug your f5login?
> >>>>>>
> >>>>>>
> >>>>>>-lance
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>-------- Original Message --------
> >>>>>>>Subject: [rancid] F5 load balancer support
> >>>>>>>From: Sam Munzani <smunzani at comcast.net>
> >>>>>>>Date: Fri, July 13, 2007 12:45 pm
> >>>>>>>To: rancid-discuss at shrubbery.net
> >>>>>>>
> >>>>>>>Hi,
> >>>>>>>
> >>>>>>>Did anybody happened to hack one of Cisco scripts to support
> >>>>>>>
> >>>>BigIP F5
> >>>>
> >>>>>>>boxes? It should be pretty simple. All I want to do is login and
> >>>>>>>
> >>>>>type "b
> >>>>>
> >>>>>>>list" which is equivalent of "show run" on cisco.
> >>>>>>>
> >>>>>>>However for some reason things not working. All I did was copied
> >>>>>>>
> >>>>>clogin
> >>>>>
> >>>>>>>to f5login, copied rancid to f5rancid and added following to
> >>>>>>>
> >>>>>rancid-fe.
> >>>>>
> >>>>>>>elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
> >>>>>>>
> >>>>$router); }
> >>>>
> >>>>>>>Then modified f5 rancid file and kept only one command in list of
> >>>>>>>commands "b list".
> >>>>>>>
> >>>>>>>For some reason its not working. I can post my configs here if
> >>>>>>>
> >>>>>somebody
> >>>>>
> >>>>>>>like to see them.
> >>>>>>>
> >>>>>>>Thanks,
> >>>>>>>Sam
> >>>>>>>_______________________________________________
> >>>>>>>Rancid-discuss mailing list
> >>>>>>>Rancid-discuss at shrubbery.net
> >>>>>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>_______________________________________________
> >>>>Rancid-discuss mailing list
> >>>>Rancid-discuss at shrubbery.net
> >>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>
> >>>>
> >
> >
> >
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
More information about the Rancid-discuss
mailing list