[rancid] Re: clogin on extreme X450

Fri Nov 16 15:06:31 UTC 2007

From: john heasley [mailto:heas at shrubbery.net]

>Thu, Nov 15, 2007 at 10:20:07AM +0100, Joachim Jerberg Jensen:
>> >From: john heasley [mailto:heas at shrubbery.net]
>> >
>> > I do not see why clogin would not have worked, unless you have a rogue
>> > userpassword else where in your cloginrc.  you can add "exp_internal 1"
>> > just before the main loop to see what it is doing.
>>
>> You are absolutely right.. So I started the expect script in debug mode..
>> And it seems like it does not match the first "login:" prompt, even though the regexp. should match.!?
>>
>> 3. time it tries to login, it matches, if I add a "sleep 1" timer just before.
>
>I see the problem.  It prompts for the username, the username is sent, THEN
>it sends the vt code to clear the line, re-prints the username prompt [and
>echos part of the username], the username is sent again (since it sent the
>prompt again), then it echos the rest of the username and prompts for the
>password....but too late.

Aaaah yes.. I get it.

>
>ie: when the username is sent a second time, the switch consumes it as
>the password...hrm, how to hack this?  one way would be to change the
>login prompt regex to "$u_prompt[^a-zA-Z0-9]" and the default u_prompt to
>"(Username|Login|login|user name): ?", which assumes that usernames begin
>with those characters and still is not fool proof since it relies upon
>timing/luck.

That could be a way. I will try it out.
Thanx for the hint!

> Another way would be to test for (without consuming) more
>data from the telnet after matching the login.  I'm not sure how to do
>that in expect...and it too is reliant upon timing/luck.  Blech!
>
>I hate these extremes.  you should open a customer support ticket about
>what a PITA it is to automate configuration on their switches....or stick
>a knife in their trachea.

I realy do hate them as well.. But fortunately we are phasing them out within a reasonable time :)
So I don't think I will make a call, but just live with the "hacks" I had to make for so long.
Even that clogin only works with username logins, as I have to manually set the "uprompt_seen 1" as well..

>
>> I also had to change the xrancid script, because the $found_end never becomes set.
>
>damn it.  is there any reliable end-of-config marker on these crappy-CLI
>switches?  It used to be that all those comments were in the config,
>regardless of whether the subsystem was in use.

Nope there is no "end-of-config" markers to match at all.
But the VRRP configuration is the last line of the generic configuration always printed out, so I am just matching on that.

Best regards

Joachim Jerberg Jensen

>
>>         if (/^# Module vrrp configuration./i) {
>>             printf STDERR "    End WriteTerm: $_" if ($debug);
>>             $found_end = 1;
>>             return(0);
>>         }
>>
>> Fortunately I don't use vrrp :-)
>>
>> Br
>> Joachim Jerberg Jensen
>>
>> This is the debug output:
>>