[rancid] Re: F5 load balancer support
Mike Ashcraft
mashcraft at omniture.com
Mon Jul 16 15:39:59 UTC 2007
Sam,
I've been working on a f5rancid script for some time now. One of my
targets was to work with the standard cisco login script [clogin].
The .clogninrc configuration I use with the clogin script for F5 Big-IP
is as follows:
add user hostname username
add userprompt hostname sshONLYnoPrompt #Any string without a match
works
add autoenable hostname 1
add method hostname ssh
add password hostname password
Hope this helps,
Mike
-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance
Sent: Saturday, July 14, 2007 1:11 PM
To: smunzani at comcast.net
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support
Sam,
Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with
Username,Login,login, or user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login.
but I may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance
> -------- Original Message --------
> Subject: Re: [rancid] F5 load balancer support
> From: Sam Munzani <smunzani at comcast.net>
> Date: Fri, July 13, 2007 2:30 pm
> To: Lance <rancid at gheek.net>
> Cc: rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l root test-f5-01
> Password:
> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root
> [root at test-f5-01:Active] config # root
> -bash: root: command not found
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
>
> I don't know how to debug otherwise I would turn on debug too. If you
> can provide some hints on debug, I would appreciate it.
>
> Thanks,
> Sam
> > What error(s) do you get when you try to run your f5rancid?
> >
> > Where does it fail if you debug your f5login?
> >
> >
> > -lance
> >
> >
> >> -------- Original Message --------
> >> Subject: [rancid] F5 load balancer support
> >> From: Sam Munzani <smunzani at comcast.net>
> >> Date: Fri, July 13, 2007 12:45 pm
> >> To: rancid-discuss at shrubbery.net
> >>
> >> Hi,
> >>
> >> Did anybody happened to hack one of Cisco scripts to support BigIP
> >> F5 boxes? It should be pretty simple. All I want to do is login and
> type "b
> >> list" which is equivalent of "show run" on cisco.
> >>
> >> However for some reason things not working. All I did was copied
> clogin
> >> to f5login, copied rancid to f5rancid and added following to
> rancid-fe.
> >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
$router); }
> >>
> >> Then modified f5 rancid file and kept only one command in list of
> >> commands "b list".
> >>
> >> For some reason its not working. I can post my configs here if
> somebody
> >> like to see them.
> >>
> >> Thanks,
> >> Sam
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>
> >
> >
> >
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
More information about the Rancid-discuss
mailing list