[rancid] Re: F5 load balancer support
Mike Ashcraft
mashcraft at omniture.com
Mon Jul 16 18:48:35 UTC 2007
Sam,
I have a working f5rancid that I have been using for a number of months
now. I have one minor bug related to tracking installed SSL certs
which you probably don't care about. Other than that, it works great.
I did encounter and solve all the problems you have been discussing on
the list.
Let me know if you are interested in trying what I have. I have tested
it with Big-IP 9.1.2.
Mike
________________________________
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: smunzani at comcast.net
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support
BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
David,
Thanks a lot for the tip. This worked well. Now f5login goes
much more
cleaner and the "root" doesn't set sent again. I still have
other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how
does it do
this miracle?
Thanks,
Sam
Thanks for this tip, turns out that this is also the
reason the
username gets entered at a prompt on the cisco IPS
devices. Since it's
using SSH and therefore doesn't need a username prompt,
solution was
to simply add in .cloginrc:
add userprompt ids* bldshgalsjd (<- something that
won't get sent
during login)
Regards,
David
On 14/07/07, Lance <rancid at gheek.net>
<mailto:rancid at gheek.net> wrote:
Sam,
Have you tried using telnet to login, if the f5
has it enabled.
You may also want to set auto enable in your
.cloginrc for this device
as it looks to clogin as you are already in a
cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one
it looks like you are
already in a cisco equivalent of enable after
you login. f5login seems
to be sending your username of root as a command
after you get connected
because it sees this line "Last login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on the word
"Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast
login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script
so it expects prompts
from a Cisco device and in this case you have a
*nix SSH banner that
gets interrupted. I know you can use RANCID to
backup *nix systems. So
it knows how to understand connecting to a *nix
system. You might want
to try this email thread which asks about
backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
Or you could modify the existing f5login like
so.
I think you have to use the carrot before the ()
to work. I haven't
checked this as I am at home and not on a UNIX
system right now. Sorry
to lazy to check it out right now. You might
want to uncomment the line
below 3. and comment out the line below 2. and
see if that works. This
is the only point in the code that I see it look
for login in any line.
If that doesn't work send me back the debug and
I will see what I can
do. I am sure some people that use expect more
often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for a line beginning
with
Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user
name):"
#3. Modified to read for a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0]
""]
Let me know if this works for you.
-Lance
-------- Original Message --------
Subject: Re: [rancid] F5 load balancer
support
From: Sam Munzani <smunzani at comcast.net>
<mailto:smunzani at comcast.net>
Date: Fri, July 13, 2007 2:30 pm
To: Lance <rancid at gheek.net>
<mailto:rancid at gheek.net>
Cc: rancid-discuss at shrubbery.net
Lance,
F5 login works fine with a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Password:
Last login: Fri Jul 13 14:26:28 2007
from 172.24.100.12
root
[root at test-f5-01:Active] config # root
-bash: root: command not found
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #
I don't know how to debug otherwise I
would turn on debug too. If you
can provide some hints on debug, I would
appreciate it.
Thanks,
Sam
What error(s) do you get when you try to
run your f5rancid?
Where does it fail if you debug your
f5login?
-lance
-------- Original Message --------
Subject: [rancid] F5 load balancer
support
From: Sam Munzani <smunzani at comcast.net>
<mailto:smunzani at comcast.net>
Date: Fri, July 13, 2007 12:45 pm
To: rancid-discuss at shrubbery.net
Hi,
Did anybody happened to hack one of
Cisco scripts to support
BigIP F5
boxes? It should be pretty simple. All I
want to do is login and
type "b
list" which is equivalent of "show run"
on cisco.
However for some reason things not
working. All I did was copied
clogin
to f5login, copied rancid to f5rancid
and added following to
rancid-fe.
elsif ($vendor =~ /^f5$/i)
{ exec('f5rancid',
$router); }
Then modified f5 rancid file and kept
only one command in list of
commands "b list".
For some reason its not working. I can
post my configs here if
somebody
like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/788b0a25/attachment.html
More information about the Rancid-discuss
mailing list