[rancid] Re: F5 load balancer support
Lance
rancid at gheek.net
Tue Jul 17 00:32:01 UTC 2007
I have helped Sam get a working f5rancid which requires a f5login (only
because it doesn't recognize the prompt with a space and exit, unless
you enter a return before the exit). He is cleaning up all the unused
functions and will post it.
Once John H. sends out his script I will look at it and see how it
differs from the one I did with Sam. I will even help Sam get it working
for his setup. We will let you know when it is all working.
-lance
> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> Date: Mon, July 16, 2007 11:48 am
> To: <sam at munzani.com>
> Cc: rancid-discuss at shrubbery.net
>
> Sam,
>
> I have a working f5rancid that I have been using for a number of months
> now. I have one minor bug related to tracking installed SSL certs
> which you probably don't care about. Other than that, it works great.
>
> I did encounter and solve all the problems you have been discussing on
> the list.
>
> Let me know if you are interested in trying what I have. I have tested
> it with Big-IP 9.1.2.
>
> Mike
>
> ________________________________
>
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
> Sent: Monday, July 16, 2007 10:58 AM
> To: smunzani at comcast.net
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: F5 load balancer support
>
>
> BTW, this is what I see in the log when I do rancid-run now. That means
> the f5rancid file(hacked copy of rancid) is still missing something.
>
> more nfl.20070716.114842
> starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 11:49:41 CDT 2007
>
> Thanks,
> Sam
>
>
> David,
>
> Thanks a lot for the tip. This worked well. Now f5login goes
> much more
> cleaner and the "root" doesn't set sent again. I still have
> other issues
> where rancid-run is backing up config properly but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd" mean and how
> does it do
> this miracle?
>
> Thanks,
> Sam
>
>
> Thanks for this tip, turns out that this is also the
> reason the
> username gets entered at a prompt on the cisco IPS
> devices. Since it's
> using SSH and therefore doesn't need a username prompt,
> solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<- something that
> won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance <rancid at gheek.net>
> <mailto:rancid at gheek.net> wrote:
>
>
> Sam,
>
> Have you tried using telnet to login, if the f5
> has it enabled.
> You may also want to set auto enable in your
> .cloginrc for this device
> as it looks to clogin as you are already in a
> cisco equivalent equal to
> enable since your prompt has a # sign in it.
>
> Looking at your next email along with this one
> it looks like you are
> already in a cisco equivalent of enable after
> you login. f5login seems
> to be sending your username of root as a command
> after you get connected
> because it sees this line "Last login: Fri Jul
> 13 14:38:03 2007 from
> 172.24.100.12" and it matches on the word
> "Login". See below.
>
> "(Username|Login|login|user name):"? yes
>
> expect: set expect_out(0,string) "login:"
>
> expect: set expect_out(1,string) "login"
>
> expect: set expect_out(spawn_id) "exp4"
>
> expect: set expect_out(buffer) " \r\nLast
> login:"
>
> send: sending "root\r" to { exp4 }
>
> expect: continuing expect
>
> You are just using a Cisco login/parsing script
> so it expects prompts
> from a Cisco device and in this case you have a
> *nix SSH banner that
> gets interrupted. I know you can use RANCID to
> backup *nix systems. So
> it knows how to understand connecting to a *nix
> system. You might want
> to try this email thread which asks about
> backing up Linux conifgs.
>
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml"
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
>
> Or you could modify the existing f5login like
> so.
>
> I think you have to use the carrot before the ()
> to work. I haven't
> checked this as I am at home and not on a UNIX
> system right now. Sorry
> to lazy to check it out right now. You might
> want to uncomment the line
> below 3. and comment out the line below 2. and
> see if that works. This
> is the only point in the code that I see it look
> for login in any line.
> If that doesn't work send me back the debug and
> I will see what I can
> do. I am sure some people that use expect more
> often then I can probably
> quickly tell you what to use as syntax there.
>
> # Figure out prompts
> set u_prompt [find userprompt $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt
> "^(Username|Login|login|user name):"
> #2. Modified to read for a line beginning
> with
> Username,Login,login, or
> user name.
> set u_prompt "^(Username|Login|login|user
> name):"
> #3. Modified to read for a line beginning
> with Login or login.
> but I
> may be wrong
> #set u_prompt
> "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join [lindex $u_prompt 0]
> ""]
>
>
> Let me know if this works for you.
>
> -Lance
>
>
>
> -------- Original Message --------
> Subject: Re: [rancid] F5 load balancer
> support
> From: Sam Munzani <smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007 2:30 pm
> To: Lance <rancid at gheek.net>
> <mailto:rancid at gheek.net>
> Cc: rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l root test-f5-01
> Password:
> Last login: Fri Jul 13 14:26:28 2007
> from 172.24.100.12
> root
> [root at test-f5-01:Active] config # root
> -bash: root: command not found
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
>
> I don't know how to debug otherwise I
> would turn on debug too. If you
> can provide some hints on debug, I would
> appreciate it.
>
> Thanks,
> Sam
>
>
> What error(s) do you get when you try to
> run your f5rancid?
>
> Where does it fail if you debug your
> f5login?
>
>
> -lance
>
>
>
>
> -------- Original Message --------
> Subject: [rancid] F5 load balancer
> support
> From: Sam Munzani <smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007 12:45 pm
> To: rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to hack one of
> Cisco scripts to support
>
>
> BigIP F5
>
>
> boxes? It should be pretty simple. All I
> want to do is login and
>
>
> type "b
>
>
> list" which is equivalent of "show run"
> on cisco.
>
> However for some reason things not
> working. All I did was copied
>
>
> clogin
>
>
> to f5login, copied rancid to f5rancid
> and added following to
>
>
> rancid-fe.
>
>
> elsif ($vendor =~ /^f5$/i)
> { exec('f5rancid',
>
>
> $router); }
>
>
> Then modified f5 rancid file and kept
> only one command in list of
> commands "b list".
>
> For some reason its not working. I can
> post my configs here if
>
>
> somebody
>
>
> like to see them.
>
> Thanks,
> Sam
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
More information about the Rancid-discuss
mailing list