[rancid] Re: F5 load balancer support
Sam Munzani
sam at munzani.com
Tue Jul 17 19:59:35 UTC 2007
Mike,
I am curious how did you get around using clogin without any changes.
Lance and I ran in to "term length" command issue. clogin was trying to
run that command on f5 which set errors and F5 never declared it a clean
run until we remarked out "term length" line. That's why we thought
having a separate f5login was good idea to filter out cisco specific
login routines :-)
BTW, your script is working great and I have started using it. Your
script do a little more than "b list" I had. Specially "cat
bigip_base.conf" which is needed to rebuild the box.
Thanks,
Sam
> Lance,
>
> Thanks for the feedback.
>
> "b list" and "cat bigip.conf" are equivalent with the exception that b
> list may reflect changes made in the cli that are not saved and will be
> lost on reboot. Changes made using the web configuration tool are
> automatically saved. "b list" may also limit what the rancid user can
> see to a partial view if the user is not given sufficient rights. This
> file has the software configuration.
>
> The other file, bigip_base.conf contains interface configuration,
> management IP addresses, routing, VLANs etc.
>
> One could debate whether the f5rancid script should get the saved
> configuration files or the running config or both. For cisco devices,
> rancid obtains both. I'll look at adding both.
>
> Mike
>
> -----Original Message-----
> From: Lance [mailto:rancid at gheek.net]
> Sent: Tuesday, July 17, 2007 12:00 PM
> To: Mike Ashcraft
> Cc: rancid-discuss at shrubbery.net; sam at munzani.com
> Subject: RE: [rancid] Re: F5 load balancer support
>
> Mike,
>
> Looks really nice. I am guessing the bigip.conf or the other file is
> what is displayed with "b list".
>
> -Lance
>
>
>> -------- Original Message --------
>> Subject: RE: [rancid] Re: F5 load balancer support
>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>> Date: Tue, July 17, 2007 10:49 am
>> To: <sam at munzani.com>, "Lance" <rancid at gheek.net>
>> Cc: <rancid-discuss at shrubbery.net>
>>
>> I have been on vacation for the last couple of weeks or I would have
>> posted this sooner and possibly saved some of you a bit of effort.
>>
>> It sounds like Lance and Sam have put together a working f5rancid with
>> basic functionality which Sam posted last night. I have attached my
>> f5rancid which I have been running for a few months. Installation
>> instructions are included as comments in the file. This version uses
>> clogin so that a separate f5login script is not required.
>>
>> This version formats and processes the output to make it more usable.
>> As far as what is captured, I based this on the F5 equivalent of a
>>
> tech
>
>> out. It grabs a copy of all the configuration files, hardware
>> configuration and software version as well as the timestamps and file
>> sizes for SSL certs hosted on the device. This facilitates rebuilding
>> from scratch as quickly as possible if this is ever needed.
>>
>> I was able to resolve the bug I mentioned yesterday by increasing the
>> clogin timeout. On a small number of devices it failed to process the
>> last few commands when running from cron but always worked properly
>>
> from
>
>> the command line on all devices [making it difficult to track down].
>>
> I
>
>> mention this because it may be an appropriate fix for other
>>
> intermittent
>
>> problems sometimes discussed on this list.
>>
>> Any feedback is appreciated. I hope to get f5 support added to future
>> releases of rancid.
>>
>> Thanks,
>>
>> Mike
>>
>>
>>
>> ________________________________
>>
>> From: Sam Munzani [mailto:sam at munzani.com]
>> Sent: Monday, July 16, 2007 7:49 PM
>> To: Lance
>> Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
>> Subject: Re: [rancid] Re: F5 load balancer support
>>
>>
>> Lance,
>>
>> Thanks a lot for all your help. Pretty much you did all the work while
>>
> I
>
>> watched what you are doing :-)..
>>
>> Attached are cleaned up files. In f5rancid file, I have left some
>>
> basic
>
>> functions(non platform specific) just in case we expand this script to
>> do a lot more than just "b list" output. In rancid-fe, we defined a
>>
> new
>
>> device type "f5", f5login was copied from clogin and remarked some
>>
> "term
>
>> length" statements we don't need on F5.
>>
>> All 3 files are attached and working great. Please be aware, we are
>>
> not
>
>> parsing anything at all. All its doing is basic function of running "b
>> list" command and capturing its output. As I expand more on this, I
>>
> will
>
>> be sure to share with the audience here.
>>
>> Again, thanks a lot for all your help today.
>>
>> Regards,
>> Sam
>>
>>
>> I have helped Sam get a working f5rancid which requires a
>> f5login (only
>> because it doesn't recognize the prompt with a space and exit,
>> unless
>> you enter a return before the exit). He is cleaning up all the
>> unused
>> functions and will post it.
>>
>> Once John H. sends out his script I will look at it and see how
>> it
>> differs from the one I did with Sam. I will even help Sam get it
>> working
>> for his setup. We will let you know when it is all working.
>>
>> -lance
>>
>>
>>
>> -------- Original Message --------
>> Subject: [rancid] Re: F5 load balancer support
>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>> <mailto:mashcraft at omniture.com>
>> Date: Mon, July 16, 2007 11:48 am
>> To: <sam at munzani.com> <mailto:sam at munzani.com>
>> Cc: rancid-discuss at shrubbery.net
>>
>> Sam,
>>
>> I have a working f5rancid that I have been using for a
>> number of months
>> now. I have one minor bug related to tracking
>> installed SSL certs
>> which you probably don't care about. Other than that,
>> it works great.
>>
>> I did encounter and solve all the problems you have been
>> discussing on
>> the list.
>>
>> Let me know if you are interested in trying what I have.
>> I have tested
>> it with Big-IP 9.1.2.
>>
>> Mike
>>
>> ________________________________
>>
>> From: rancid-discuss-bounces at shrubbery.net
>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
>> Of Sam Munzani
>> Sent: Monday, July 16, 2007 10:58 AM
>> To: smunzani at comcast.net
>> Cc: rancid-discuss at shrubbery.net
>> Subject: [rancid] Re: F5 load balancer support
>>
>>
>> BTW, this is what I see in the log when I do rancid-run
>> now. That means
>> the f5rancid file(hacked copy of rancid) is still
>> missing something.
>>
>> more nfl.20070716.114842
>> starting: Mon Jul 16 11:48:42 CDT 2007
>>
>>
>>
>> Trying to get all of the configs.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 1.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 2.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 3.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 4.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>>
>> cvs diff: Diffing .
>> cvs diff: Diffing configs
>> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
>> 2007
>>
>>
>>
>> Trying to get all of the configs.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 1.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 2.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 3.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 4.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>>
>> cvs diff: Diffing .
>> cvs diff: Diffing configs
>> cvs diff: cannot find configs/test-f5-01
>> cvs commit: Examining .
>> cvs commit: Examining configs
>> cvs commit: Up-to-date check failed for
>> `configs/test-f5-01'
>> cvs [commit aborted]: correct above errors first!
>> ls: test-f5-01: No such file or directory
>>
>> ending: Mon Jul 16 11:49:41 CDT 2007
>>
>> Thanks,
>> Sam
>>
>>
>> David,
>>
>> Thanks a lot for the tip. This worked well. Now
>> f5login goes
>> much more
>> cleaner and the "root" doesn't set sent again. I
>> still have
>> other issues
>> where rancid-run is backing up config properly
>> but I am still
>> troubleshooting it.
>>
>> Now here is a question. What does "bldshgalsjd"
>> mean and how
>> does it do
>> this miracle?
>>
>> Thanks,
>> Sam
>>
>>
>> Thanks for this tip, turns out that this
>> is also the
>> reason the
>> username gets entered at a prompt on the
>> cisco IPS
>> devices. Since it's
>> using SSH and therefore doesn't need a
>> username prompt,
>> solution was
>> to simply add in .cloginrc:
>>
>> add userprompt ids* bldshgalsjd (<-
>> something that
>> won't get sent
>> during login)
>>
>> Regards,
>>
>> David
>>
>> On 14/07/07, Lance <rancid at gheek.net>
>> <mailto:rancid at gheek.net>
>> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
>> wrote:
>>
>>
>> Sam,
>>
>> Have you tried using telnet to
>> login, if the f5
>> has it enabled.
>> You may also want to set auto
>> enable in your
>> .cloginrc for this device
>> as it looks to clogin as you are
>> already in a
>> cisco equivalent equal to
>> enable since your prompt has a #
>> sign in it.
>>
>> Looking at your next email along
>> with this one
>> it looks like you are
>> already in a cisco equivalent of
>> enable after
>> you login. f5login seems
>> to be sending your username of
>> root as a command
>> after you get connected
>> because it sees this line "Last
>> login: Fri Jul
>> 13 14:38:03 2007 from
>> 172.24.100.12" and it matches on
>> the word
>> "Login". See below.
>>
>> "(Username|Login|login|user
>> name):"? yes
>>
>> expect: set expect_out(0,string)
>> "login:"
>>
>> expect: set expect_out(1,string)
>> "login"
>>
>> expect: set expect_out(spawn_id)
>> "exp4"
>>
>> expect: set expect_out(buffer) "
>> \r\nLast
>> login:"
>>
>> send: sending "root\r" to { exp4
>> }
>>
>> expect: continuing expect
>>
>> You are just using a Cisco
>> login/parsing script
>> so it expects prompts
>> from a Cisco device and in this
>> case you have a
>> *nix SSH banner that
>> gets interrupted. I know you can
>> use RANCID to
>> backup *nix systems. So
>> it knows how to understand
>> connecting to a *nix
>> system. You might want
>> to try this email thread which
>> asks about
>> backing up Linux conifgs.
>>
>>
>>
>>
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>
>> ml"
>>
>>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>
>> ml>
>>
>>
>>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>
>> ml>
>>
>>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>
>> ml>
>>
>> Or you could modify the existing
>> f5login like
>> so.
>>
>> I think you have to use the
>> carrot before the ()
>> to work. I haven't
>> checked this as I am at home and
>> not on a UNIX
>> system right now. Sorry
>> to lazy to check it out right
>> now. You might
>> want to uncomment the line
>> below 3. and comment out the
>> line below 2. and
>> see if that works. This
>> is the only point in the code
>> that I see it look
>> for login in any line.
>> If that doesn't work send me
>> back the debug and
>> I will see what I can
>> do. I am sure some people that
>> use expect more
>> often then I can probably
>> quickly tell you what to use as
>> syntax there.
>>
>> # Figure out prompts
>> set u_prompt [find userprompt
>> $router
>> if { "$u_prompt" == "" } {
>> #1. ORIGINAL
>> #set u_prompt
>> "^(Username|Login|login|user name):"
>> #2. Modified to read for
>> a line beginning
>> with
>> Username,Login,login, or
>> user name.
>> set u_prompt
>> "^(Username|Login|login|user
>> name):"
>> #3. Modified to read for
>> a line beginning
>> with Login or login.
>> but I
>> may be wrong
>> #set u_prompt
>> "^(Username|^Login|^login|user name):"
>> } else {
>> set u_prompt [join
>> [lindex $u_prompt 0]
>> ""]
>>
>>
>> Let me know if this works for
>> you.
>>
>> -Lance
>>
>>
>>
>> -------- Original
>> Message --------
>> Subject: Re: [rancid]
>> F5 load balancer
>> support
>> From: Sam Munzani
>> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> Date: Fri, July 13, 2007
>> 2:30 pm
>> To: Lance
>> <rancid at gheek.net> <mailto:rancid at gheek.net>
>> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
>> Cc:
>> rancid-discuss at shrubbery.net
>>
>> Lance,
>>
>> F5 login works fine with
>> a minor error.
>>
>> $ f5login test-f5-01
>> test-f5-01
>> spawn ssh -c 3des -x -l
>> root test-f5-01
>> Password:
>> Last login: Fri Jul 13
>> 14:26:28 2007
>> from 172.24.100.12
>> root
>> [root at test-f5-01:Active]
>> config # root
>> -bash: root: command not
>> found
>> [root at test-f5-01:Active]
>> config #
>> [root at test-f5-01:Active]
>> config #
>> [root at test-f5-01:Active]
>> config #
>>
>> I don't know how to
>> debug otherwise I
>> would turn on debug too. If you
>> can provide some hints
>> on debug, I would
>> appreciate it.
>>
>> Thanks,
>> Sam
>>
>>
>> What error(s) do you get
>> when you try to
>> run your f5rancid?
>>
>> Where does it fail if
>> you debug your
>> f5login?
>>
>>
>> -lance
>>
>>
>>
>>
>> -------- Original
>> Message --------
>> Subject: [rancid] F5
>> load balancer
>> support
>> From: Sam Munzani
>> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> Date: Fri, July 13, 2007
>> 12:45 pm
>> To:
>> rancid-discuss at shrubbery.net
>>
>> Hi,
>>
>> Did anybody happened to
>> hack one of
>> Cisco scripts to support
>>
>>
>> BigIP F5
>>
>>
>> boxes? It should be
>> pretty simple. All I
>> want to do is login and
>>
>>
>> type "b
>>
>>
>> list" which is
>> equivalent of "show run"
>> on cisco.
>>
>> However for some reason
>> things not
>> working. All I did was copied
>>
>>
>> clogin
>>
>>
>> to f5login, copied
>> rancid to f5rancid
>> and added following to
>>
>>
>> rancid-fe.
>>
>>
>> elsif ($vendor =~
>> /^f5$/i)
>> { exec('f5rancid',
>>
>>
>> $router); }
>>
>>
>> Then modified f5 rancid
>> file and kept
>> only one command in list of
>> commands "b list".
>>
>> For some reason its not
>> working. I can
>> post my configs here if
>>
>>
>> somebody
>>
>>
>> like to see them.
>>
>> Thanks,
>> Sam
>>
>> _______________________________________________
>> Rancid-discuss mailing
>> list
>>
>> Rancid-discuss at shrubbery.net
>>
>>
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>>
>>
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>>
>>
>>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
>
>> _______________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>>
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/b7342fe8/attachment.html
More information about the Rancid-discuss
mailing list