[rancid] Re: F5 load balancer support

Lance rancid at gheek.net
Mon Jul 16 22:22:15 UTC 2007


Nice that should be helpful. I just wish I had access to an F5 still. 2
years ago I did, now I don't as I changed companies. hehe.

-Lance

> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: john heasley <heas at shrubbery.net>
> Date: Mon, July 16, 2007 2:55 pm
> To: Sam Munzani <smunzani at comcast.net>
> Cc: rancid-discuss at shrubbery.net
> 
> A user gave me access to a f5, but I ran out of time and access was
> removed.
> So, I have a nearly complete script for it that I'd like to be completed.
> I'll send it to you separately.
> 
> Mon, Jul 16, 2007 at 01:00:04PM -0500, Sam Munzani:
> > Lance,
> > 
> > That makes perfect sense. Thanks a lot for a very good logical
> explanation.
> > 
> > BTW, this is what I did in f5rancid(a copy of rancid). Modified it
> as below.
> > 
> > # This routine processes a "write term"
> > sub BList {
> >    print STDERR "    In BList: $_" if ($debug);
> >    my($lineauto,$comment,$linecnt) = (0,0,0);
> >       
> >    while (<INPUT>) {
> >        tr/\015//d;
> >        last if(/^$prompt/);
> >        return(-1) if (/command not found/i);      
> >        $linecnt++;                 
> >        $lineauto = 0 if (/^[^ ]/);                 
> >        # some versions have other crap mixed in with the bits in the
> >       
> >    }
> >    # The ContentEngine lacks a definitive "end of config" marker. 
> If we
> >    # know that it is a CE and we have seen at least 5 lines of b list
> >    # o/p, we can be reasonably sure that we got the config.
> >    if ($linecnt > 5) {
> >        $found_end = 1;
> >        return(1);
> >    }
> > 
> >    return(0);
> > }
> >   
> > # dummy function  
> > sub DoNothing {print STDOUT;}
> > 
> > # Main
> > %commands=(
> >        'b list'                => "BList"
> > );
> > # keys() doesnt return things in the order entered and the order of the
> > # cmds is important (show version first and write term last). pita
> > @commands=(
> >        "b list"
> > );
> > $cisco_cmds=join(";", at commands);
> > $cmds_regexp=join("|", at commands);
> > 
> > All I did was changed "write term" to "b list" and changed function
> name 
> > too. I also changed a little bit around finding the end of input 
> > variable. However it still doesn't work. I get following in my logs.
> > 
> > starting: Mon Jul 16 12:49:05 CDT 2007
> > 
> > 
> > 
> > Trying to get all of the configs.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 1.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 2.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 3.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 4.
> > test-f5-01: End of run not found
> > !
> > 
> > cvs diff: Diffing .
> > cvs diff: Diffing configs
> > cvs diff: cannot find configs/test-f5-01
> > cvs commit: Examining .
> > cvs commit: Examining configs
> > cvs commit: Up-to-date check failed for `configs/test-f5-01'
> > cvs [commit aborted]: correct above errors first!
> > ls: test-f5-01: No such file or directory
> > 
> > ending: Mon Jul 16 12:49:32 CDT 2007
> > 
> > Any hints would be appreciated.
> > 
> > Thanks,
> > Sam
> > >Sam,
> > >
> > >What bldshgalsjd is the prompt is looks for before it sends the
> > >username.
> > >
> > >Example, if the the device prompted you for a username like so, you
> > >would use the following.
> > >
> > >Your User name: 
> > >
> > >#.cloginrc line
> > >add userprompt f5* "Your User name:"
> > >
> > >This would only send your username if it found the prompt of "Your
> User
> > >name:" (minus the ""). So the likely hood that it will find
> bldshgalsjd
> > >would be slim to almost impossible.
> > >
> > >-lance
> > >
> > >  
> > >>-------- Original Message --------
> > >>Subject: Re: [rancid] Re: F5 load balancer support
> > >>From: Sam Munzani <smunzani at comcast.net>
> > >>Date: Mon, July 16, 2007 9:48 am
> > >>To: David Croft <david at infotrek.co.uk>
> > >>Cc: Lance <rancid at gheek.net>,   rancid-discuss at shrubbery.net
> > >>
> > >>David,
> > >>
> > >>Thanks a lot for the tip. This worked well. Now f5login goes much
> more 
> > >>cleaner and the "root" doesn't set sent again. I still have other
> issues 
> > >>where rancid-run is backing up config properly but I am still 
> > >>troubleshooting it.
> > >>
> > >>Now here is a question. What does "bldshgalsjd" mean and how does
> it do 
> > >>this miracle?
> > >>
> > >>Thanks,
> > >>Sam
> > >>    
> > >>>Thanks for this tip, turns out that this is also the reason the
> > >>>username gets entered at a prompt on the cisco IPS devices. Since
> it's
> > >>>using SSH and therefore doesn't need a username prompt, solution was
> > >>>to simply add in .cloginrc:
> > >>>
> > >>>add userprompt ids* bldshgalsjd  (<- something that won't get sent 
> > >>>during login)
> > >>>
> > >>>Regards,
> > >>>
> > >>>David
> > >>>
> > >>>On 14/07/07, Lance <rancid at gheek.net> wrote:
> > >>>      
> > >>>>Sam,
> > >>>>
> > >>>>Have you tried using telnet to login, if the f5 has it enabled.
> > >>>>You may also want to set auto enable in your .cloginrc for this
> device
> > >>>>as it looks to clogin as you are already in a cisco equivalent
> > >>>>        
> > >>equal to
> > >>    
> > >>>>enable since your prompt has a # sign in it.
> > >>>>
> > >>>>Looking at your next email along with this one it looks like you
> are
> > >>>>already in a cisco equivalent of enable after you login. f5login
> seems
> > >>>>to be sending your username of root as a command after you get
> > >>>>        
> > >>connected
> > >>    
> > >>>>because it sees this line "Last login: Fri Jul 13 14:38:03 2007
> from
> > >>>>172.24.100.12" and it matches on the word "Login". See below.
> > >>>>
> > >>>>"(Username|Login|login|user name):"? yes
> > >>>>
> > >>>>expect: set expect_out(0,string) "login:"
> > >>>>
> > >>>>expect: set expect_out(1,string) "login"
> > >>>>
> > >>>>expect: set expect_out(spawn_id) "exp4"
> > >>>>
> > >>>>expect: set expect_out(buffer) " \r\nLast login:"
> > >>>>
> > >>>>send: sending "root\r" to { exp4 }
> > >>>>
> > >>>>expect: continuing expect
> > >>>>
> > >>>>You are just using a Cisco login/parsing script so it expects
> prompts
> > >>>>from a Cisco device and in this case you have a *nix SSH banner
> that
> > >>>>gets interrupted. I know you can use RANCID to backup *nix
> systems. So
> > >>>>it knows how to understand connecting to a *nix system. You
> might want
> > >>>>to try this email thread which asks about backing up Linux conifgs.
> > >>>>"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> > >>>>        
> > >>>>Or you could modify the existing f5login like so.
> > >>>>
> > >>>>I think you have to use the carrot before the () to work. I haven't
> > >>>>checked this as I am at home and not on a UNIX system right now.
> Sorry
> > >>>>to lazy to check it out right now. You might want to uncomment the
> > >>>>        
> > >>line
> > >>    
> > >>>>below 3. and comment out the line below 2. and see if that
> works. This
> > >>>>is the only point in the code that I see it look for login in any
> > >>>>        
> > >>line.
> > >>    
> > >>>>If that doesn't work send me back the debug and I will see what
> I can
> > >>>>do. I am sure some people that use expect more often then I can
> > >>>>        
> > >>probably
> > >>    
> > >>>>quickly tell you what to use as syntax there.
> > >>>>
> > >>>># Figure out prompts
> > >>>>   set u_prompt [find userprompt $router
> > >>>>if { "$u_prompt" == "" } {
> > >>>>       #1. ORIGINAL
> > >>>>       #set u_prompt "^(Username|Login|login|user name):"
> > >>>>       #2. Modified to read for a line beginning with 
> > >>>>Username,Login,login, or
> > >>>>user name.
> > >>>>       set u_prompt "^(Username|Login|login|user name):"
> > >>>>       #3. Modified to read for a line beginning with Login or
> login. 
> > >>>>but I
> > >>>>may be wrong
> > >>>>       #set u_prompt "^(Username|^Login|^login|user name):"
> > >>>>   } else {
> > >>>>       set u_prompt [join [lindex $u_prompt 0] ""]
> > >>>>
> > >>>>
> > >>>>Let me know if this works for you.
> > >>>>
> > >>>>-Lance
> > >>>>
> > >>>>        
> > >>>>>-------- Original Message --------
> > >>>>>Subject: Re: [rancid]  F5 load balancer support
> > >>>>>From: Sam Munzani <smunzani at comcast.net>
> > >>>>>Date: Fri, July 13, 2007 2:30 pm
> > >>>>>To: Lance <rancid at gheek.net>
> > >>>>>Cc: rancid-discuss at shrubbery.net
> > >>>>>
> > >>>>>Lance,
> > >>>>>
> > >>>>>F5 login works fine with a minor error.
> > >>>>>
> > >>>>>$ f5login test-f5-01
> > >>>>>test-f5-01
> > >>>>>spawn ssh -c 3des -x -l root test-f5-01
> > >>>>>Password:
> > >>>>>Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> > >>>>>root
> > >>>>>[root at test-f5-01:Active] config # root
> > >>>>>-bash: root: command not found
> > >>>>>[root at test-f5-01:Active] config #
> > >>>>>[root at test-f5-01:Active] config #
> > >>>>>[root at test-f5-01:Active] config #
> > >>>>>
> > >>>>>I don't know how to debug otherwise I would turn on debug too. If
> > >>>>>          
> > >>you
> > >>    
> > >>>>>can provide some hints on debug, I would appreciate it.
> > >>>>>
> > >>>>>Thanks,
> > >>>>>Sam
> > >>>>>          
> > >>>>>>What error(s) do you get when you try to run your f5rancid?
> > >>>>>>
> > >>>>>>Where does it fail if you debug your f5login?
> > >>>>>>
> > >>>>>>
> > >>>>>>-lance
> > >>>>>>
> > >>>>>>
> > >>>>>>            
> > >>>>>>>-------- Original Message --------
> > >>>>>>>Subject: [rancid]  F5 load balancer support
> > >>>>>>>From: Sam Munzani <smunzani at comcast.net>
> > >>>>>>>Date: Fri, July 13, 2007 12:45 pm
> > >>>>>>>To: rancid-discuss at shrubbery.net
> > >>>>>>>
> > >>>>>>>Hi,
> > >>>>>>>
> > >>>>>>>Did anybody happened to hack one of Cisco scripts to support 
> > >>>>>>>              
> > >>>>BigIP F5
> > >>>>        
> > >>>>>>>boxes? It should be pretty simple. All I want to do is login and
> > >>>>>>>              
> > >>>>>type "b
> > >>>>>          
> > >>>>>>>list" which is equivalent of "show run" on cisco.
> > >>>>>>>
> > >>>>>>>However for some reason things not working. All I did was copied
> > >>>>>>>              
> > >>>>>clogin
> > >>>>>          
> > >>>>>>>to f5login, copied rancid to f5rancid and added following to
> > >>>>>>>              
> > >>>>>rancid-fe.
> > >>>>>          
> > >>>>>>>elsif ($vendor =~ /^f5$/i)              { exec('f5rancid', 
> > >>>>>>>              
> > >>>>$router); }
> > >>>>        
> > >>>>>>>Then modified f5 rancid file and kept only one command in
> list of
> > >>>>>>>commands "b list".
> > >>>>>>>
> > >>>>>>>For some reason its not working. I can post my configs here if
> > >>>>>>>              
> > >>>>>somebody
> > >>>>>          
> > >>>>>>>like to see them.
> > >>>>>>>
> > >>>>>>>Thanks,
> > >>>>>>>Sam
> > >>>>>>>_______________________________________________
> > >>>>>>>Rancid-discuss mailing list
> > >>>>>>>Rancid-discuss at shrubbery.net
> > >>>>>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >>>>>>>
> > >>>>>>>              
> > >>>>>>
> > >>>>>>            
> > >>>>_______________________________________________
> > >>>>Rancid-discuss mailing list
> > >>>>Rancid-discuss at shrubbery.net
> > >>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >>>>
> > >>>>        
> > >
> > >
> > >  
> > 
> 
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



More information about the Rancid-discuss mailing list