[rancid] Re: F5 load balancer support

Mike Ashcraft mashcraft at omniture.com
Mon Jul 16 17:21:51 UTC 2007 

Sam,

I've been working on a f5rancid script for some time now.  One of my
targets was to work with the standard cisco login script [clogin]. 

The .clogninrc configuration I use with the clogin script for F5 Big-IP
is as follows:

add user hostname	username

add userprompt hostname sshONLYnoPrompt  #Any string without a match
works 

add autoenable hostname 1 

add method hostname ssh add password hostname password



Hope this helps,

Mike 

-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:49 AM
To: David Croft
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support

David,

Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.

Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?

Thanks,
Sam
> Thanks for this tip, turns out that this is also the reason the 
> username gets entered at a prompt on the cisco IPS devices. Since it's

> using SSH and therefore doesn't need a username prompt, solution was 
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd  (<- something that won't get sent 
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance <rancid at gheek.net> wrote:
>> Sam,
>>
>> Have you tried using telnet to login, if the f5 has it enabled.
>> You may also want to set auto enable in your .cloginrc for this 
>> device as it looks to clogin as you are already in a cisco equivalent

>> equal to enable since your prompt has a # sign in it.
>>
>> Looking at your next email along with this one it looks like you are 
>> already in a cisco equivalent of enable after you login. f5login 
>> seems to be sending your username of root as a command after you get 
>> connected because it sees this line "Last login: Fri Jul 13 14:38:03 
>> 2007 from 172.24.100.12" and it matches on the word "Login". See
below.
>>
>> "(Username|Login|login|user name):"? yes
>>
>> expect: set expect_out(0,string) "login:"
>>
>> expect: set expect_out(1,string) "login"
>>
>> expect: set expect_out(spawn_id) "exp4"
>>
>> expect: set expect_out(buffer) " \r\nLast login:"
>>
>> send: sending "root\r" to { exp4 }
>>
>> expect: continuing expect
>>
>> You are just using a Cisco login/parsing script so it expects prompts

>> from a Cisco device and in this case you have a *nix SSH banner that 
>> gets interrupted. I know you can use RANCID to backup *nix systems. 
>> So it knows how to understand connecting to a *nix system. You might 
>> want to try this email thread which asks about backing up Linux
conifgs.
>>
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml" 
>>
>> Or you could modify the existing f5login like so.
>>
>> I think you have to use the carrot before the () to work. I haven't 
>> checked this as I am at home and not on a UNIX system right now. 
>> Sorry to lazy to check it out right now. You might want to uncomment 
>> the line below 3. and comment out the line below 2. and see if that 
>> works. This is the only point in the code that I see it look for
login in any line.
>> If that doesn't work send me back the debug and I will see what I can

>> do. I am sure some people that use expect more often then I can 
>> probably quickly tell you what to use as syntax there.
>>
>> # Figure out prompts
>>    set u_prompt [find userprompt $router if { "$u_prompt" == "" } {
>>        #1. ORIGINAL
>>        #set u_prompt "^(Username|Login|login|user name):"
>>        #2. Modified to read for a line beginning with 
>> Username,Login,login, or user name.
>>        set u_prompt "^(Username|Login|login|user name):"
>>        #3. Modified to read for a line beginning with Login or login.

>> but I
>> may be wrong
>>        #set u_prompt "^(Username|^Login|^login|user name):"
>>    } else {
>>        set u_prompt [join [lindex $u_prompt 0] ""]
>>
>>
>> Let me know if this works for you.
>>
>> -Lance
>>
>> > -------- Original Message --------
>> > Subject: Re: [rancid]  F5 load balancer support
>> > From: Sam Munzani <smunzani at comcast.net>
>> > Date: Fri, July 13, 2007 2:30 pm
>> > To: Lance <rancid at gheek.net>
>> > Cc: rancid-discuss at shrubbery.net
>> >
>> > Lance,
>> >
>> > F5 login works fine with a minor error.
>> >
>> > $ f5login test-f5-01
>> > test-f5-01
>> > spawn ssh -c 3des -x -l root test-f5-01
>> > Password:
>> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root 
>> > [root at test-f5-01:Active] config # root
>> > -bash: root: command not found
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> >
>> > I don't know how to debug otherwise I would turn on debug too. If 
>> > you can provide some hints on debug, I would appreciate it.
>> >
>> > Thanks,
>> > Sam
>> > > What error(s) do you get when you try to run your f5rancid?
>> > >
>> > > Where does it fail if you debug your f5login?
>> > >
>> > >
>> > > -lance
>> > >
>> > >
>> > >> -------- Original Message --------
>> > >> Subject: [rancid]  F5 load balancer support
>> > >> From: Sam Munzani <smunzani at comcast.net>
>> > >> Date: Fri, July 13, 2007 12:45 pm
>> > >> To: rancid-discuss at shrubbery.net
>> > >>
>> > >> Hi,
>> > >>
>> > >> Did anybody happened to hack one of Cisco scripts to support
>> BigIP F5
>> > >> boxes? It should be pretty simple. All I want to do is login and
>> > type "b
>> > >> list" which is equivalent of "show run" on cisco.
>> > >>
>> > >> However for some reason things not working. All I did was copied
>> > clogin
>> > >> to f5login, copied rancid to f5rancid and added following to
>> > rancid-fe.
>> > >> elsif ($vendor =~ /^f5$/i)              { exec('f5rancid', 
>> $router); }
>> > >>
>> > >> Then modified f5 rancid file and kept only one command in list 
>> > >> of commands "b list".
>> > >>
>> > >> For some reason its not working. I can post my configs here if
>> > somebody
>> > >> like to see them.
>> > >>
>> > >> Thanks,
>> > >> Sam
>> > >> _______________________________________________
>> > >> Rancid-discuss mailing list
>> > >> Rancid-discuss at shrubbery.net
>> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>> > >>
>> > >
>> > >
>> > >
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list