[rancid] Re: F5 load balancer support
Lance
rancid at gheek.net
Tue Jul 17 18:00:25 UTC 2007
Mike,
Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".
-Lance
> -------- Original Message --------
> Subject: RE: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> Date: Tue, July 17, 2007 10:49 am
> To: <sam at munzani.com>, "Lance" <rancid at gheek.net>
> Cc: <rancid-discuss at shrubbery.net>
>
> I have been on vacation for the last couple of weeks or I would have
> posted this sooner and possibly saved some of you a bit of effort.
>
> It sounds like Lance and Sam have put together a working f5rancid with
> basic functionality which Sam posted last night. I have attached my
> f5rancid which I have been running for a few months. Installation
> instructions are included as comments in the file. This version uses
> clogin so that a separate f5login script is not required.
>
> This version formats and processes the output to make it more usable.
> As far as what is captured, I based this on the F5 equivalent of a tech
> out. It grabs a copy of all the configuration files, hardware
> configuration and software version as well as the timestamps and file
> sizes for SSL certs hosted on the device. This facilitates rebuilding
> from scratch as quickly as possible if this is ever needed.
>
> I was able to resolve the bug I mentioned yesterday by increasing the
> clogin timeout. On a small number of devices it failed to process the
> last few commands when running from cron but always worked properly from
> the command line on all devices [making it difficult to track down]. I
> mention this because it may be an appropriate fix for other intermittent
> problems sometimes discussed on this list.
>
> Any feedback is appreciated. I hope to get f5 support added to future
> releases of rancid.
>
> Thanks,
>
> Mike
>
>
>
> ________________________________
>
> From: Sam Munzani [mailto:sam at munzani.com]
> Sent: Monday, July 16, 2007 7:49 PM
> To: Lance
> Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: F5 load balancer support
>
>
> Lance,
>
> Thanks a lot for all your help. Pretty much you did all the work while I
> watched what you are doing :-)..
>
> Attached are cleaned up files. In f5rancid file, I have left some basic
> functions(non platform specific) just in case we expand this script to
> do a lot more than just "b list" output. In rancid-fe, we defined a new
> device type "f5", f5login was copied from clogin and remarked some "term
> length" statements we don't need on F5.
>
> All 3 files are attached and working great. Please be aware, we are not
> parsing anything at all. All its doing is basic function of running "b
> list" command and capturing its output. As I expand more on this, I will
> be sure to share with the audience here.
>
> Again, thanks a lot for all your help today.
>
> Regards,
> Sam
>
>
> I have helped Sam get a working f5rancid which requires a
> f5login (only
> because it doesn't recognize the prompt with a space and exit,
> unless
> you enter a return before the exit). He is cleaning up all the
> unused
> functions and will post it.
>
> Once John H. sends out his script I will look at it and see how
> it
> differs from the one I did with Sam. I will even help Sam get it
> working
> for his setup. We will let you know when it is all working.
>
> -lance
>
>
>
> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> <mailto:mashcraft at omniture.com>
> Date: Mon, July 16, 2007 11:48 am
> To: <sam at munzani.com> <mailto:sam at munzani.com>
> Cc: rancid-discuss at shrubbery.net
>
> Sam,
>
> I have a working f5rancid that I have been using for a
> number of months
> now. I have one minor bug related to tracking
> installed SSL certs
> which you probably don't care about. Other than that,
> it works great.
>
> I did encounter and solve all the problems you have been
> discussing on
> the list.
>
> Let me know if you are interested in trying what I have.
> I have tested
> it with Big-IP 9.1.2.
>
> Mike
>
> ________________________________
>
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
> Of Sam Munzani
> Sent: Monday, July 16, 2007 10:58 AM
> To: smunzani at comcast.net
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: F5 load balancer support
>
>
> BTW, this is what I see in the log when I do rancid-run
> now. That means
> the f5rancid file(hacked copy of rancid) is still
> missing something.
>
> more nfl.20070716.114842
> starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
> 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for
> `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 11:49:41 CDT 2007
>
> Thanks,
> Sam
>
>
> David,
>
> Thanks a lot for the tip. This worked well. Now
> f5login goes
> much more
> cleaner and the "root" doesn't set sent again. I
> still have
> other issues
> where rancid-run is backing up config properly
> but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd"
> mean and how
> does it do
> this miracle?
>
> Thanks,
> Sam
>
>
> Thanks for this tip, turns out that this
> is also the
> reason the
> username gets entered at a prompt on the
> cisco IPS
> devices. Since it's
> using SSH and therefore doesn't need a
> username prompt,
> solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<-
> something that
> won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance <rancid at gheek.net>
> <mailto:rancid at gheek.net>
> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
> wrote:
>
>
> Sam,
>
> Have you tried using telnet to
> login, if the f5
> has it enabled.
> You may also want to set auto
> enable in your
> .cloginrc for this device
> as it looks to clogin as you are
> already in a
> cisco equivalent equal to
> enable since your prompt has a #
> sign in it.
>
> Looking at your next email along
> with this one
> it looks like you are
> already in a cisco equivalent of
> enable after
> you login. f5login seems
> to be sending your username of
> root as a command
> after you get connected
> because it sees this line "Last
> login: Fri Jul
> 13 14:38:03 2007 from
> 172.24.100.12" and it matches on
> the word
> "Login". See below.
>
> "(Username|Login|login|user
> name):"? yes
>
> expect: set expect_out(0,string)
> "login:"
>
> expect: set expect_out(1,string)
> "login"
>
> expect: set expect_out(spawn_id)
> "exp4"
>
> expect: set expect_out(buffer) "
> \r\nLast
> login:"
>
> send: sending "root\r" to { exp4
> }
>
> expect: continuing expect
>
> You are just using a Cisco
> login/parsing script
> so it expects prompts
> from a Cisco device and in this
> case you have a
> *nix SSH banner that
> gets interrupted. I know you can
> use RANCID to
> backup *nix systems. So
> it knows how to understand
> connecting to a *nix
> system. You might want
> to try this email thread which
> asks about
> backing up Linux conifgs.
>
>
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml"
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
>
> Or you could modify the existing
> f5login like
> so.
>
> I think you have to use the
> carrot before the ()
> to work. I haven't
> checked this as I am at home and
> not on a UNIX
> system right now. Sorry
> to lazy to check it out right
> now. You might
> want to uncomment the line
> below 3. and comment out the
> line below 2. and
> see if that works. This
> is the only point in the code
> that I see it look
> for login in any line.
> If that doesn't work send me
> back the debug and
> I will see what I can
> do. I am sure some people that
> use expect more
> often then I can probably
> quickly tell you what to use as
> syntax there.
>
> # Figure out prompts
> set u_prompt [find userprompt
> $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt
> "^(Username|Login|login|user name):"
> #2. Modified to read for
> a line beginning
> with
> Username,Login,login, or
> user name.
> set u_prompt
> "^(Username|Login|login|user
> name):"
> #3. Modified to read for
> a line beginning
> with Login or login.
> but I
> may be wrong
> #set u_prompt
> "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join
> [lindex $u_prompt 0]
> ""]
>
>
> Let me know if this works for
> you.
>
> -Lance
>
>
>
> -------- Original
> Message --------
> Subject: Re: [rancid]
> F5 load balancer
> support
> From: Sam Munzani
> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007
> 2:30 pm
> To: Lance
> <rancid at gheek.net> <mailto:rancid at gheek.net>
> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
> Cc:
> rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with
> a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l
> root test-f5-01
> Password:
> Last login: Fri Jul 13
> 14:26:28 2007
> from 172.24.100.12
> root
> [root at test-f5-01:Active]
> config # root
> -bash: root: command not
> found
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
>
> I don't know how to
> debug otherwise I
> would turn on debug too. If you
> can provide some hints
> on debug, I would
> appreciate it.
>
> Thanks,
> Sam
>
>
> What error(s) do you get
> when you try to
> run your f5rancid?
>
> Where does it fail if
> you debug your
> f5login?
>
>
> -lance
>
>
>
>
> -------- Original
> Message --------
> Subject: [rancid] F5
> load balancer
> support
> From: Sam Munzani
> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007
> 12:45 pm
> To:
> rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to
> hack one of
> Cisco scripts to support
>
>
> BigIP F5
>
>
> boxes? It should be
> pretty simple. All I
> want to do is login and
>
>
> type "b
>
>
> list" which is
> equivalent of "show run"
> on cisco.
>
> However for some reason
> things not
> working. All I did was copied
>
>
> clogin
>
>
> to f5login, copied
> rancid to f5rancid
> and added following to
>
>
> rancid-fe.
>
>
> elsif ($vendor =~
> /^f5$/i)
> { exec('f5rancid',
>
>
> $router); }
>
>
> Then modified f5 rancid
> file and kept
> only one command in list of
> commands "b list".
>
> For some reason its not
> working. I can
> post my configs here if
>
>
> somebody
>
>
> like to see them.
>
> Thanks,
> Sam
>
> _______________________________________________
> Rancid-discuss mailing
> list
>
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
> _______________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
More information about the Rancid-discuss
mailing list