[rancid] Re: F5 load balancer support
Mike Ashcraft
mashcraft at omniture.com
Tue Jul 17 17:49:18 UTC 2007
I have been on vacation for the last couple of weeks or I would have
posted this sooner and possibly saved some of you a bit of effort.
It sounds like Lance and Sam have put together a working f5rancid with
basic functionality which Sam posted last night. I have attached my
f5rancid which I have been running for a few months. Installation
instructions are included as comments in the file. This version uses
clogin so that a separate f5login script is not required.
This version formats and processes the output to make it more usable.
As far as what is captured, I based this on the F5 equivalent of a tech
out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device. This facilitates rebuilding
from scratch as quickly as possible if this is ever needed.
I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout. On a small number of devices it failed to process the
last few commands when running from cron but always worked properly from
the command line on all devices [making it difficult to track down]. I
mention this because it may be an appropriate fix for other intermittent
problems sometimes discussed on this list.
Any feedback is appreciated. I hope to get f5 support added to future
releases of rancid.
Thanks,
Mike
________________________________
From: Sam Munzani [mailto:sam at munzani.com]
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Re: F5 load balancer support
Lance,
Thanks a lot for all your help. Pretty much you did all the work while I
watched what you are doing :-)..
Attached are cleaned up files. In f5rancid file, I have left some basic
functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a new
device type "f5", f5login was copied from clogin and remarked some "term
length" statements we don't need on F5.
All 3 files are attached and working great. Please be aware, we are not
parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I will
be sure to share with the audience here.
Again, thanks a lot for all your help today.
Regards,
Sam
I have helped Sam get a working f5rancid which requires a
f5login (only
because it doesn't recognize the prompt with a space and exit,
unless
you enter a return before the exit). He is cleaning up all the
unused
functions and will post it.
Once John H. sends out his script I will look at it and see how
it
differs from the one I did with Sam. I will even help Sam get it
working
for his setup. We will let you know when it is all working.
-lance
-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
From: "Mike Ashcraft" <mashcraft at omniture.com>
<mailto:mashcraft at omniture.com>
Date: Mon, July 16, 2007 11:48 am
To: <sam at munzani.com> <mailto:sam at munzani.com>
Cc: rancid-discuss at shrubbery.net
Sam,
I have a working f5rancid that I have been using for a
number of months
now. I have one minor bug related to tracking
installed SSL certs
which you probably don't care about. Other than that,
it works great.
I did encounter and solve all the problems you have been
discussing on
the list.
Let me know if you are interested in trying what I have.
I have tested
it with Big-IP 9.1.2.
Mike
________________________________
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: smunzani at comcast.net
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support
BTW, this is what I see in the log when I do rancid-run
now. That means
the f5rancid file(hacked copy of rancid) is still
missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for
`configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
David,
Thanks a lot for the tip. This worked well. Now
f5login goes
much more
cleaner and the "root" doesn't set sent again. I
still have
other issues
where rancid-run is backing up config properly
but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd"
mean and how
does it do
this miracle?
Thanks,
Sam
Thanks for this tip, turns out that this
is also the
reason the
username gets entered at a prompt on the
cisco IPS
devices. Since it's
using SSH and therefore doesn't need a
username prompt,
solution was
to simply add in .cloginrc:
add userprompt ids* bldshgalsjd (<-
something that
won't get sent
during login)
Regards,
David
On 14/07/07, Lance <rancid at gheek.net>
<mailto:rancid at gheek.net>
<mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
wrote:
Sam,
Have you tried using telnet to
login, if the f5
has it enabled.
You may also want to set auto
enable in your
.cloginrc for this device
as it looks to clogin as you are
already in a
cisco equivalent equal to
enable since your prompt has a #
sign in it.
Looking at your next email along
with this one
it looks like you are
already in a cisco equivalent of
enable after
you login. f5login seems
to be sending your username of
root as a command
after you get connected
because it sees this line "Last
login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on
the word
"Login". See below.
"(Username|Login|login|user
name):"? yes
expect: set expect_out(0,string)
"login:"
expect: set expect_out(1,string)
"login"
expect: set expect_out(spawn_id)
"exp4"
expect: set expect_out(buffer) "
\r\nLast
login:"
send: sending "root\r" to { exp4
}
expect: continuing expect
You are just using a Cisco
login/parsing script
so it expects prompts
from a Cisco device and in this
case you have a
*nix SSH banner that
gets interrupted. I know you can
use RANCID to
backup *nix systems. So
it knows how to understand
connecting to a *nix
system. You might want
to try this email thread which
asks about
backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
Or you could modify the existing
f5login like
so.
I think you have to use the
carrot before the ()
to work. I haven't
checked this as I am at home and
not on a UNIX
system right now. Sorry
to lazy to check it out right
now. You might
want to uncomment the line
below 3. and comment out the
line below 2. and
see if that works. This
is the only point in the code
that I see it look
for login in any line.
If that doesn't work send me
back the debug and
I will see what I can
do. I am sure some people that
use expect more
often then I can probably
quickly tell you what to use as
syntax there.
# Figure out prompts
set u_prompt [find userprompt
$router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for
a line beginning
with
Username,Login,login, or
user name.
set u_prompt
"^(Username|Login|login|user
name):"
#3. Modified to read for
a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join
[lindex $u_prompt 0]
""]
Let me know if this works for
you.
-Lance
-------- Original
Message --------
Subject: Re: [rancid]
F5 load balancer
support
From: Sam Munzani
<smunzani at comcast.net> <mailto:smunzani at comcast.net>
<mailto:smunzani at comcast.net>
<mailto:smunzani at comcast.net>
Date: Fri, July 13, 2007
2:30 pm
To: Lance
<rancid at gheek.net> <mailto:rancid at gheek.net>
<mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
Cc:
rancid-discuss at shrubbery.net
Lance,
F5 login works fine with
a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l
root test-f5-01
Password:
Last login: Fri Jul 13
14:26:28 2007
from 172.24.100.12
root
[root at test-f5-01:Active]
config # root
-bash: root: command not
found
[root at test-f5-01:Active]
config #
[root at test-f5-01:Active]
config #
[root at test-f5-01:Active]
config #
I don't know how to
debug otherwise I
would turn on debug too. If you
can provide some hints
on debug, I would
appreciate it.
Thanks,
Sam
What error(s) do you get
when you try to
run your f5rancid?
Where does it fail if
you debug your
f5login?
-lance
-------- Original
Message --------
Subject: [rancid] F5
load balancer
support
From: Sam Munzani
<smunzani at comcast.net> <mailto:smunzani at comcast.net>
<mailto:smunzani at comcast.net>
<mailto:smunzani at comcast.net>
Date: Fri, July 13, 2007
12:45 pm
To:
rancid-discuss at shrubbery.net
Hi,
Did anybody happened to
hack one of
Cisco scripts to support
BigIP F5
boxes? It should be
pretty simple. All I
want to do is login and
type "b
list" which is
equivalent of "show run"
on cisco.
However for some reason
things not
working. All I did was copied
clogin
to f5login, copied
rancid to f5rancid
and added following to
rancid-fe.
elsif ($vendor =~
/^f5$/i)
{ exec('f5rancid',
$router); }
Then modified f5 rancid
file and kept
only one command in list of
commands "b list".
For some reason its not
working. I can
post my configs here if
somebody
like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing
list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
_______________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/dfa722e0/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: f5rancid
Type: application/octet-stream
Size: 8752 bytes
Desc: f5rancid
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/dfa722e0/attachment.obj
More information about the Rancid-discuss
mailing list