From AElliott at xo.com Wed Jan 2 18:31:49 2008 From: AElliott at xo.com (Elliott, Andrew) Date: Wed, 2 Jan 2008 13:31:49 -0500 Subject: [rancid] Cisco CRS/IOS XR Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5303C427DB@VARESTMAIL03.mail.inthosts.net> Is anyone running rancid on Cisco devices running IOS XR? We just deployed a bunch of CRS's with IOS XR and I have them backing up to rancid, but wanted to know if there were any specific issues that anyone has run into with running rancid against IOS XR. (or anything specific to IOS XR or CRS that anyone has added which helped out) Thanks, --- (o< Andrew Elliott desk: 989.758.6987 //\ Tier II Data cell: 989.213.5794 V_/_ XO Communications -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "Don't EVER cross the streams." From michael at lyngbol.dk Wed Jan 2 19:24:14 2008 From: michael at lyngbol.dk (Michael =?iso-8859-1?Q?Lyngb=F8l?=) Date: Wed, 2 Jan 2008 20:24:14 +0100 Subject: [rancid] Re: Cisco CRS/IOS XR In-Reply-To: <3B715C4683E2F54DBC36ECDD2CA70F5303C427DB@VARESTMAIL03.mail.inthosts.net> References: <3B715C4683E2F54DBC36ECDD2CA70F5303C427DB@VARESTMAIL03.mail.inthosts.net> Message-ID: <20080102192414.GV37966@freesbee.wheel.dk> On 02.01.2008 13:31:49 -0500, Elliott, Andrew wrote: > Is anyone running rancid on Cisco devices running IOS XR? Yes. > We just deployed a bunch of CRS's with IOS XR and I have them backing up > to rancid, but wanted to know if there were any specific issues that > anyone has run into with running rancid against IOS XR. (or anything > specific to IOS XR or CRS that anyone has added which helped out) You'll need 2.3.2a for XR support. Works great here. /Michael -- Michael Lyngb?l -- michael at lyngbol dot dk Network Architect, AS3292 TDC, IP?backbone From cmoody at qualcomm.com Wed Jan 2 19:41:04 2008 From: cmoody at qualcomm.com (Chris Moody) Date: Wed, 02 Jan 2008 11:41:04 -0800 Subject: [rancid] Re: Rancid troubleshooting In-Reply-To: References: Message-ID: <477BE8D0.3060508@qualcomm.com> This is SSH telling you that the host key is different than the one SSH has stored (via prior connections). SSH tells you what to do to rectify the problem in the message that it printed. If this is a valid host, but the SSH key has changed, just remove the particular line from the file it mentions (/opt/rancid/home/.ssh/known_hosts) and you're all set. Rancid will automatically ack the 'yes/no' prompt when the new key is imported. If this is a system that is a "failover" configuration, like a PIX/FWSM, etc ...where the end-host that answers on a given IP may change if one or the other system is active, you can run a cronjob to remove the known_hosts file on a periodic basis to avoid these kinds of failures. Sure, your SSH keychain validity is decreased, but hopefully you're in control of what you're logging into to back-up anyway. Cheers, -Chris Shane Haslem wrote: > Hi all, > > > > I am getting the following: > > > > Any ideas? > > > > > > > > Error: Couldn't login: nics066-ce01-2821 > > -sh-3.1$ /opt/rancid/bin/clogin nics082-ce01-2821 > > nics082-ce01-2821 > > spawn ssh -c 3des -x -l rancidaccess nics082-ce01-2821 > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > > It is also possible that the RSA host key has just been changed. > > The fingerprint for the RSA key sent by the remote host is > > ee:a1:54:7e:16:9d:f7:c9:ac:56:af:ad:7f:40:d7:56. > > Please contact your system administrator. > > Add correct host key in /opt/rancid/home/.ssh/known_hosts to get rid of > this message. > > Offending key in /opt/rancid/home/.ssh/known_hosts:12 > > RSA host key for nics082-ce01-2821 has changed and you have requested > strict checking. > > Host key verification failed. > > > > Error: The host key for nics082-ce01-2821 has changed. Update the SSH > known_hosts file accordingly. > > > > > > > > *Shane Haslem* > > *Eircom NI* > > *Alexandra House* > > *283 Upper Newtownards Road* > > *Belfast* > > *BT4 3JH* > > *Phone: (+44) 02890 002135* > > *Mob: (+44) 07791539378* > > > > > > > The information contained in this e-mail and any files transmitted with > it is confidential and may be subject to legal professional privilege. > It is intended solely for the use of the addressee(s). If you are not > the intended recipient of this e-mail, please note that any review, > dissemination, disclosure, alteration, printing, copying or transmission > of this e-mail and/or any file transmitted with it, is prohibited and > may be unlawful. If you have received this e-mail by mistake, please > promptly inform the sender by reply e-mail and delete the material. > Whilst this e-mail message has been swept for the presence of computer > viruses, eircom (UK) Limited does not, except as required by law, > represent, warrant and/or guarantee that the integrity of this > communication has been maintained nor that the communication is free of > errors, viruses, interception or interference. eircom (UK) Limited. > Private Company Limited by Shares. Registered in England and Wales. > Registration Number 03478971. Registered Office - South Quay, Plaza 2, > 183 Marsh Wall, London, E14 9SH. > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From peter.serwe at gmail.com Fri Jan 4 04:05:35 2008 From: peter.serwe at gmail.com (Peter Serwe) Date: Thu, 3 Jan 2008 20:05:35 -0800 Subject: [rancid] Acme Packet session director. Message-ID: I've been attempting to get my acme packet devices up and running in rancid, and found the following issues. 1) hlogin actually gets me to the enabled privilege prompt, clogin doesn't because you have to put in three passwords. 2) #1 doesn't matter because an unprivileged user can still use 'show running-config'. 3) hlogin works for a procurve switch, but pretty much won't do anything except login, because the cli has about three cisco-like features and none of the HP ones. ;) 4) At some point, screwing around with it, I actually got rancid to save out a config file, but it choked when the config exceeded 102400 bytes. 5) blogin worked as far as an unprivileged user, but when I attempted to set the type in my router.db to 'baynet' rancid choked, claiming 'invalid type'. Basically, that's where I'm at with it. Let me say fairly loudly that the CLI for these devices blows goats(I have proof), but aside from that, I'd like to get them into the rancid fold. There are a few questions that come to mind. A) How can I increase the size of the file rancid can yank down and store in svn? B) How can I extend rancid's capability, i.e., string hlogin together with the cisco show running-config so I can capture and diff the output? C) Along the lines of question A), has anyone ever stored the flash images off any of these devices for the purpose of at least keeping the versions going back? Peter -- ???? From Brad.Fox at bdk.com Fri Jan 4 13:59:25 2008 From: Brad.Fox at bdk.com (Fox, Brad) Date: Fri, 4 Jan 2008 08:59:25 -0500 Subject: [rancid] WAE devices Message-ID: Gentlemen, Is anyone currently catching configurations for Cisco Wide Area Application Engine's? I attempted a while back but because the EOF for WAE boxes is different of that of other Cisco devices I have since excluded them from Rancid. Thanks, >From WAAS: exit ! ! ! ! End of WAAS configuration >From Cisco Router: End Anyone know where to change "end" to "exit" Brad A. Fox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080104/9acb30aa/attachment.html From joaje at dongenergy.dk Fri Jan 4 15:16:00 2008 From: joaje at dongenergy.dk (Joachim Jerberg Jensen) Date: Fri, 4 Jan 2008 16:16:00 +0100 Subject: [rancid] Re: WAE devices In-Reply-To: References: Message-ID: <8DBE4A01414BDD409232EF0C48A87E1B01B80A81@CLU01EX.de-prod.dk> >From: Fox, Brad ;Sent: Friday, January 04, 2008 2:59 PM > >Gentlemen, > >Is anyone currently catching configurations for Cisco Wide Area Application Engine's? I attempted a while back but because the EOF for WAE boxes is different of that of other Cisco >devices I have since excluded them from Rancid. Thanks, > > >From WAAS: > >exit > >! End of WAAS configuration Try to edit rancid. Go to line 1402 Replace: if (/^(: +)?end$/) { With: if (/^End of WAAS configuration/i) { This should set $found_end = 1; when it detects " End of WAAS configuration". It's a hack that means backup of some other cisco stuff will fail, but try to test it. (you can always add it) I haven't tried it on WAE's, but I did something similar on some Extreme boxes to make it work. BR Joachim Jerberg Jensen From tex at off.org Sat Jan 5 22:55:57 2008 From: tex at off.org (Austin Schutz) Date: Sat, 5 Jan 2008 14:55:57 -0800 Subject: [rancid] Re: Acme Packet session director. In-Reply-To: References: Message-ID: <20080105225557.GU11577@gblx.net> On Thu, Jan 03, 2008 at 08:05:35PM -0800, Peter Serwe wrote: > I've been attempting to get my acme packet devices up and running in > rancid, and found the following issues. > > 1) hlogin actually gets me to the enabled privilege prompt, clogin > doesn't because you have to put in three passwords. > > 2) #1 doesn't matter because an unprivileged user can still use 'show > running-config'. > > 3) hlogin works for a procurve switch, but pretty much won't do > anything except login, because the cli has about three cisco-like > features and none of the HP ones. ;) > > 4) At some point, screwing around with it, I actually got rancid to > save out a config file, but it choked when the config exceeded 102400 > bytes. This is not a rancid issue. This is an artifact of the Acme CLI blowing goats. You can get around this by logging in via the console, then issuing carriage returns until the entire config is displayed. This seems to be fixed in their current firmware, you might try upgrading. > C) Along the lines of question A), has anyone ever stored the flash > images off any of these devices for the purpose of at least keeping > the versions going back? I haven't. Austin From Emmanuel.Halbwachs at obspm.fr Mon Jan 7 18:25:49 2008 From: Emmanuel.Halbwachs at obspm.fr (Emmanuel Halbwachs) Date: Mon, 7 Jan 2008 19:25:49 +0100 Subject: [rancid] HP Procurve (hlogin): interaction in configure mode: possible? Message-ID: <20080107182549.GB9627@sioling.obspm.fr> Hi Everybody, I'm a newbie on this list. I'm happily using rancid (2.3.1, the one in Debian stable etch) for several monthes, but till now only for pushing/retrieving some info with {c,h}login. I plan to use version control for config later. My point: I am trying to change some config parameters in ~50 HP Procurve with some commands like this: $ hlogin -v foo -e bar -c "conf t; foobar; wr mem" $switch The output then hangs after the "conf t" command: switch> enable Password: switch# switch# no page switch# conf t -> hang :-( When using hlogin without entering in configure mode, everything works just fine. I tried to massage the -c command with "\n" without any results. I understand that dealing with the HP CLI seems to be a PIA (thus hpuifilter), but is there a way to enter some commands in configure mode? TIA for any hint, -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX From cgauthie at pcc.edu Mon Jan 7 18:32:34 2008 From: cgauthie at pcc.edu (Chris Gauthier) Date: Mon, 07 Jan 2008 10:32:34 -0800 Subject: [rancid] Eliminating two lines from foundry output Message-ID: <47827042.6000009@pcc.edu> Hello, I am a happy user of rancid for my Foundry switches (except the EdgeIron line, which needs support, but I haven't worked on that yet), but have become annoyed in the past weeks because I get an email nearly every time rancid checks one switch. It is because it displays the temp. Here is the output: Index: configs/10.x.x.x =================================================================== retrieving revision 1.1031 diff -U4 -r1.1031 10.x.x.x @@ -22,9 +22,9 @@ ! ! Fan 1 ok, speed (auto): 1<->2<->[[3]] ! Fan 2 ok, speed (auto): 1<->2<->[[3]] ! - ! Fan controlled temperature: 35.0 deg-C + ! Fan controlled temperature: 35.5 deg-C ! ! Fan speed switching temperature thresholds: ! Speed 1: NM<----->30 deg-C ! Speed 2: 25<----->40 deg-C My problem is that I want to eliminate the "Fan controlled temperature lines" so I don't get an email every 1/2 hour (as I have rancid configured to poll). Any thoughts on how to do this? Thanks, Chris -- Chris Gauthier, CCNA, Network+, A+ Network Administration Team Portland Community College Portland, Oregon "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." --Leonardo da Vinci From mashcraft at omniture.com Mon Jan 7 18:44:14 2008 From: mashcraft at omniture.com (Mike Ashcraft) Date: Mon, 7 Jan 2008 11:44:14 -0700 Subject: [rancid] Re: Eliminating two lines from foundry output In-Reply-To: <47827042.6000009@pcc.edu> References: <47827042.6000009@pcc.edu> Message-ID: <45EB285310B55542A513F93230F0A53303795F79@EXCHANGE0.orm.omniture.com> Chris, This is a fairly simple modification to francid. I don't have a Foundry handy to figure this out but the following steps should get you there quickly. open francid with an editor and find the line that starts with @commandtable After this are the commands run on the switch followed by the name of the subroutine that processes the output. Find the name of the subroutine that processes the output you want to eliminate and modify that subroutine to skip the desired line. If my guesses are right, you will find the following line which eliminates TEMPERATURE output but doesn't match on this specific switch: if (/(POWERS|TEMPERATURE READINGS)/) { You can add 'temperature' to this line like: if (/(POWERS|TEMPERATURE READINGS|temperature)/) { Or otherwise modify the subroutine to skip this output. Good luck, Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Monday, January 07, 2008 11:33 AM To: 'rancid-discuss at shrubbery.net' Subject: [rancid] Eliminating two lines from foundry output Hello, I am a happy user of rancid for my Foundry switches (except the EdgeIron line, which needs support, but I haven't worked on that yet), but have become annoyed in the past weeks because I get an email nearly every time rancid checks one switch. It is because it displays the temp. Here is the output: Index: configs/10.x.x.x =================================================================== retrieving revision 1.1031 diff -U4 -r1.1031 10.x.x.x @@ -22,9 +22,9 @@ ! ! Fan 1 ok, speed (auto): 1<->2<->[[3]] ! Fan 2 ok, speed (auto): 1<->2<->[[3]] ! - ! Fan controlled temperature: 35.0 deg-C + ! Fan controlled temperature: 35.5 deg-C ! ! Fan speed switching temperature thresholds: ! Speed 1: NM<----->30 deg-C ! Speed 2: 25<----->40 deg-C My problem is that I want to eliminate the "Fan controlled temperature lines" so I don't get an email every 1/2 hour (as I have rancid configured to poll). Any thoughts on how to do this? Thanks, Chris -- Chris Gauthier, CCNA, Network+, A+ Network Administration Team Portland Community College Portland, Oregon "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." --Leonardo da Vinci _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From atonns at corsis.com Mon Jan 7 20:28:39 2008 From: atonns at corsis.com (Anthony Tonns) Date: Mon, 7 Jan 2008 15:28:39 -0500 Subject: [rancid] netscaler support? Message-ID: <2627F8DAA3B0C8438E8FC1BAAFBC06810509D7C8@CORSIS-EXCH.corsisny.com> Any updates on using rancid with Netscaler? Posts to the list within the last year haven't been very promising. I have a pair of NS6.1 boxes I'd like to get config backups for, but need the tweaks to make it work. All assistance is welcome. Thanks, Tony From atonns at corsis.com Mon Jan 7 22:05:16 2008 From: atonns at corsis.com (Anthony Tonns) Date: Mon, 7 Jan 2008 17:05:16 -0500 Subject: [rancid] Re: netscaler support? In-Reply-To: <2627F8DAA3B0C8438E8FC1BAAFBC06810509D7C8@CORSIS-EXCH.corsisny.com> References: <2627F8DAA3B0C8438E8FC1BAAFBC06810509D7C8@CORSIS-EXCH.corsisny.com> Message-ID: <2627F8DAA3B0C8438E8FC1BAAFBC06810509D7FF@CORSIS-EXCH.corsisny.com> > Subject: [rancid] netscaler support? > > Any updates on using rancid with Netscaler? Posts to the list within the > last year haven't been very promising. I have a pair of NS6.1 boxes I'd > like to get config backups for, but need the tweaks to make it work. All > assistance is welcome. All-in-all, a successful fishing trip :-). One reply with a version of nslogin (no nsrancid), another that said "watch out if your netscaler config is too big" and finally a working nslogin/nsrancid combo. Thanks go to Andy for the working nslogin/nsrancid. Tony From Todd at equivoice.com Tue Jan 8 21:51:35 2008 From: Todd at equivoice.com (Todd Heide) Date: Tue, 8 Jan 2008 15:51:35 -0600 Subject: [rancid] Latest version Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220B3834D@exchange.Equivoice.local> What is the latest version and how can I find out which I am running? I need to build a new box and want to get as up to date as possible running on Fedora. Thanks CCSP CCNA CCDA Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080108/07d0e5a6/attachment.html From rancid at gheek.net Tue Jan 8 22:08:35 2008 From: rancid at gheek.net (Lance) Date: Tue, 08 Jan 2008 15:08:35 -0700 Subject: [rancid] Re: Latest version Message-ID: <20080108150835.8e114e4890519e5179c192e02d6bca26.d7c290823e.wbe@email.secureserver.net> Todd, You will want to check the versions of every script inside of "/bin" to make sure you know all your existing versions. You should download the latest alpha if you want the latest greatest, but remember this is alpha, not production. A while back I posted a script called PSV that will append all script versions that are used when collecting your configs. You should be able to do a search for "rancid PSV" and it should return the thread. Here is an example of what gets added to each of your configs. Example of what it adds to the file. !RANCID-CONTENT-TYPE: cisco-cat ! !RANCID-SCRIPT-TYPE: [rancid-fe.in (v 1.37)] !RANCID-SCRIPT-TYPE: [rancid-run.in (v 1.32)] !RANCID-SCRIPT-TYPE: [control_rancid.in (v 1.76)] !RANCID-SCRIPT-TYPE: [par.in (v 1.11)] !RANCID-SCRIPT-TYPE: [clogin.in (v 1.94)] !RANCID-SCRIPT-TYPE: [cat5rancid.in (v 1.45)] This is one of the posts for it. http://www.shrubbery.net/pipermail/rancid-discuss/2006-September/001777.html -lance > -------- Original Message -------- > Subject: [rancid] Latest version > From: "Todd Heide" > Date: Tue, January 08, 2008 2:51 pm > To: > What is the latest version and how can I find out which I am running? I > need to build a new box and want to get as up to date as possible > running on Fedora. > > Thanks > CCSP CCNA CCDA > > Nothing ever goes as planned, Its a hell of a notion, > Even pharaohs turn to sand, Like a drop in the ocean
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Anton.Yurchenko at elan.com Tue Jan 8 22:54:38 2008 From: Anton.Yurchenko at elan.com (Yurchenko, Anton) Date: Tue, 8 Jan 2008 15:54:38 -0700 Subject: [rancid] Getting configs from CSS Message-ID: Hi All, I have an issue getting configs from Cisco CSS loadbalancers. I have verified that clogin into the device works successfully. But when I run rancid-run it is not able to collect configs, and in the logs I see messages that commands "term len 65535" and "sh run" are not recognized. Same commands work from regular CLI of course. Any advice would be appreciated. Thanks, ******************************************************** This communication and any files transmitted with it may contain information that is confidential, privileged and exempt from disclosure under applicable law. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender. Thank you for your co-operation. ******************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080108/7a118275/attachment.html From cmoody at qualcomm.com Tue Jan 8 23:26:03 2008 From: cmoody at qualcomm.com (Chris Moody) Date: Tue, 08 Jan 2008 15:26:03 -0800 Subject: [rancid] Re: Getting configs from CSS In-Reply-To: References: Message-ID: <4784068B.90200@qualcomm.com> You need to set the device type to "css" in the router.db file. ex> rcomp2-css1.qualcomm.com:css:up Cheers, -Chris Yurchenko, Anton wrote: > Hi All, > > > > I have an issue getting configs from Cisco CSS loadbalancers. I have > verified that clogin into the device works successfully. But when I run > rancid-run it is not able to collect configs, and in the logs I see > messages that commands ?term len 65535? and ?sh run? are not recognized. > Same commands work from regular CLI of course. > > Any advice would be appreciated. > > > > Thanks, > > > > ******************************************************** > > This communication and any files transmitted with it > > may contain information that is confidential, privileged > > and exempt from disclosure under applicable law. It is > > intended solely for the use of the individual or entity > > to which it is addressed. If you are not the intended > > recipient, you are hereby notified that any use, > > dissemination or copying of this communication is > > strictly prohibited. If you have received this > > communication in error, please notify the sender. > > Thank you for your co-operation. > > ******************************************************** > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jeff at ocjtech.us Tue Jan 8 22:03:38 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Tue, 8 Jan 2008 16:03:38 -0600 Subject: [rancid] Re: Latest version In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220B3834D@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220B3834D@exchange.Equivoice.local> Message-ID: <935ead450801081403l788ebdddr19f77bc27d307e51@mail.gmail.com> On 1/8/08, Todd Heide wrote: > > What is the latest version and how can I find out which I am running? I need > to build a new box and want to get as up to date as possible running on > Fedora. I periodically check the FTP site. The main web page doesn't always get updated promptly. Ignore the 'alpha' designation and get 2.3.2a7. ftp://ftp.shrubbery.net/pub/rancid/ Jeff From mohacsi at niif.hu Wed Jan 9 09:02:56 2008 From: mohacsi at niif.hu (Mohacsi Janos) Date: Wed, 9 Jan 2008 10:02:56 +0100 (CET) Subject: [rancid] Re: Latest version In-Reply-To: <935ead450801081403l788ebdddr19f77bc27d307e51@mail.gmail.com> References: <082FEA82DC985B4F8A6B412D5AC4E220B3834D@exchange.Equivoice.local> <935ead450801081403l788ebdddr19f77bc27d307e51@mail.gmail.com> Message-ID: <20080109100204.Q10680@mignon.ki.iif.hu> On Tue, 8 Jan 2008, Jeffrey Ollie wrote: > On 1/8/08, Todd Heide wrote: >> >> What is the latest version and how can I find out which I am running? I need >> to build a new box and want to get as up to date as possible running on >> Fedora. > > I periodically check the FTP site. The main web page doesn't always > get updated promptly. Ignore the 'alpha' designation and get 2.3.2a7. > > ftp://ftp.shrubbery.net/pub/rancid/ By the way, when the final 2.3.2 will be released? Regards, Janos Mohacsi From rancid at gheek.net Wed Jan 9 18:10:49 2008 From: rancid at gheek.net (Lance) Date: Wed, 09 Jan 2008 11:10:49 -0700 Subject: [rancid] Re: sonicwall and big-ip Message-ID: <20080109111049.8e114e4890519e5179c192e02d6bca26.a241ea26ef.wbe@email.secureserver.net> Mike, Great work on making it perfect so far. I did need more options so i added them. I find these a requirement to track and also very handy when restoring/duplicating configs. You might want to note that people need to make this addition to rancid-fe too. #rancid-run 'f5' => 'f5rancid', I added lines 198,251-254 to r5rancid. #f5rancid Line188: # sub ConfFile 31-Jan-2007 Mike Ashcraft mashcraft at omniture.com Line189: # This routine parses "cat filename" Line190: sub ConfFile { Line191: print STDERR " In ConfFile: $_" if ($debug); Line192: Line193: ProcessHistory("COMMENTS","","BO","!\n!\n! #### Running $cmd\n!\n!\n"); Line194: Line195: while () { Line196: tr/\015//d; Line197: last if (/^$prompt/); Line198: next if ($cmd =~ /config sync show/ && !/^\s+Status/); Line199: ProcessHistory("","","$cmd","$_"); Line200: } Line201: $found_end = 1; Line202: return(0); Line203:} ... ... Line243: # Main Line244: @commandtable = ( Line245: {'TERM=xterm' => 'NoOutput'}, Line246: {'export TERM' => 'NoOutput'}, Line247: {'bigpipe platform' => 'Platform'}, Line248: {'bigpipe version' => 'ConfFile'}, Line249: {'bigpipe list' => 'ConfFile'}, Line250: {'bigpipe base list' => 'ConfFile'}, Line251: {'bigpipe profile list' => 'ConfFile'}, Line252: {'bigpipe monitor list' => 'ConfFile'}, Line253: {'bigpipe config sync show | grep Status' => 'ConfFile'}, Line254: {'cat /config/RegKey.license' => 'ConfFile'}, Line255: {'bigpipe route static show' => 'ConfFile'}, Line256: {'ls --full-time --color=never /config/ssl/ssl.crt' => 'DirList'}, Line257: {'ls --full-time --color=never /config/ssl/ssl.key' => 'DirList'}, Line258: ); -Lance > -------- Original Message -------- > Subject: [rancid] Re: sonicwall and big-ip > From: "Mike Ashcraft" > Date: Tue, November 27, 2007 10:09 am > To: "Shon Hender" , > > I posted rancid scripts for F5 big-ip to the list back in July. Since > then, I have fixed all the known issues and sent it to a few individuals > for testing. Let me know how these work for you. Installation > instructions are in the comments at the top of f5rancid. > Mike > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Shon Hender > Sent: Tuesday, November 27, 2007 9:37 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] sonicwall and big-ip > Does anyone have login scripts for sonicwall and/or big-ip devices? > Thanks, > -Shon > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From cgauthie at pcc.edu Wed Jan 9 22:08:25 2008 From: cgauthie at pcc.edu (Chris Gauthier) Date: Wed, 09 Jan 2008 14:08:25 -0800 Subject: [rancid] Re: Eliminating two lines from foundry output In-Reply-To: <45EB285310B55542A513F93230F0A53303795F79@EXCHANGE0.orm.omniture.com> References: <47827042.6000009@pcc.edu> <45EB285310B55542A513F93230F0A53303795F79@EXCHANGE0.orm.omniture.com> Message-ID: <478545D9.7050005@pcc.edu> That did the trick, though I have one other trick I need to pull out of my sleeve (after I learn it). I still am getting config changes, even though nothing actually changes... Exerpt: - ! Fan 1 ok, speed (auto): 1<->2<->[[3]] - ! Fan 2 ok, speed (auto): 1<->2<->[[3]] + ! Fan 1 ok, speed (auto): 1<->[[2]]<->3 + ! Fan 2 ok, speed (auto): 1<->[[2]]<->3 What I want to do is preserve the "Fan X ok" or "Fan X failed", but with out the fan speed information. Why? Because the temperature hangs right at the threshold between the two fan speeds, so it goes up and down several times per day. Is there a way to be that granular in my string processing without bogging everything down? Chris Mike Ashcraft wrote: > Chris, > > This is a fairly simple modification to francid. > > I don't have a Foundry handy to figure this out but the following steps > should get you there quickly. > > open francid with an editor and find the line that starts with > @commandtable > After this are the commands run on the switch followed by the name of > the subroutine that processes the output. > > Find the name of the subroutine that processes the output you want to > eliminate and modify that subroutine to skip the desired line. > > If my guesses are right, you will find the following line which > eliminates TEMPERATURE output but doesn't match on this specific switch: > > if (/(POWERS|TEMPERATURE READINGS)/) { > > You can add 'temperature' to this line like: > > if (/(POWERS|TEMPERATURE READINGS|temperature)/) { > > Or otherwise modify the subroutine to skip this output. > > Good luck, > > Mike > > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris > Gauthier > Sent: Monday, January 07, 2008 11:33 AM > To: 'rancid-discuss at shrubbery.net' > Subject: [rancid] Eliminating two lines from foundry output > > Hello, > > I am a happy user of rancid for my Foundry switches (except the EdgeIron > > line, which needs support, but I haven't worked on that yet), but have > become annoyed in the past weeks because I get an email nearly every > time rancid checks one switch. It is because it displays the temp. > Here is the output: > > Index: configs/10.x.x.x > =================================================================== > retrieving revision 1.1031 > diff -U4 -r1.1031 10.x.x.x > @@ -22,9 +22,9 @@ > ! > ! Fan 1 ok, speed (auto): 1<->2<->[[3]] > ! Fan 2 ok, speed (auto): 1<->2<->[[3]] > ! > - ! Fan controlled temperature: 35.0 deg-C > + ! Fan controlled temperature: 35.5 deg-C > ! > ! Fan speed switching temperature thresholds: > ! Speed 1: NM<----->30 deg-C > ! Speed 2: 25<----->40 deg-C > > > My problem is that I want to eliminate the "Fan controlled temperature > lines" so I don't get an email every 1/2 hour (as I have rancid > configured to poll). > > Any thoughts on how to do this? > > Thanks, > > Chris > > -- Chris Gauthier, CCNA, Network+, A+ Network Administration Team Portland Community College Portland, Oregon "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." --Leonardo da Vinci From jeremys at rickyninja.net Wed Jan 9 22:32:57 2008 From: jeremys at rickyninja.net (Jeremy Singletary) Date: Wed, 9 Jan 2008 15:32:57 -0700 Subject: [rancid] Re: Eliminating two lines from foundry output In-Reply-To: <478545D9.7050005@pcc.edu> References: <47827042.6000009@pcc.edu> <45EB285310B55542A513F93230F0A53303795F79@EXCHANGE0.orm.omniture.com> <478545D9.7050005@pcc.edu> Message-ID: <20080109223257.GA14557@pegasus.billn.net> #!/usr/bin/perl use strict; use warnings; while () { if (/^!\s+Fan\s+\d+/) { $_ = (split /:/, $_)[0] . "\n"; } print; } __DATA__ ! ! Fan 1 ok, speed (auto): 1<->2<->[[3]] ! Fan 2 ok, speed (auto): 1<->2<->[[3]] ! ! Fan controlled temperature: 35.0 deg-C ! Fan controlled temperature: 35.5 deg-C ! ! Fan speed switching temperature thresholds: ! Speed 1: NM<----->30 deg-C ! Speed 2: 25<----->40 deg-C On 01/09/08, Chris Gauthier said: > That did the trick, though I have one other trick I need to pull out of > my sleeve (after I learn it). > > I still am getting config changes, even though nothing actually changes... > > Exerpt: > > - ! Fan 1 ok, speed (auto): 1<->2<->[[3]] > - ! Fan 2 ok, speed (auto): 1<->2<->[[3]] > + ! Fan 1 ok, speed (auto): 1<->[[2]]<->3 > + ! Fan 2 ok, speed (auto): 1<->[[2]]<->3 > > What I want to do is preserve the "Fan X ok" or "Fan X failed", but with > out the fan speed information. Why? Because the temperature hangs > right at the threshold between the two fan speeds, so it goes up and > down several times per day. > > Is there a way to be that granular in my string processing without > bogging everything down? > > Chris > > > Mike Ashcraft wrote: > > Chris, > > > > This is a fairly simple modification to francid. > > > > I don't have a Foundry handy to figure this out but the following steps > > should get you there quickly. > > > > open francid with an editor and find the line that starts with > > @commandtable > > After this are the commands run on the switch followed by the name of > > the subroutine that processes the output. > > > > Find the name of the subroutine that processes the output you want to > > eliminate and modify that subroutine to skip the desired line. > > > > If my guesses are right, you will find the following line which > > eliminates TEMPERATURE output but doesn't match on this specific switch: > > > > if (/(POWERS|TEMPERATURE READINGS)/) { > > > > You can add 'temperature' to this line like: > > > > if (/(POWERS|TEMPERATURE READINGS|temperature)/) { > > > > Or otherwise modify the subroutine to skip this output. > > > > Good luck, > > > > Mike > > > > > > > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net > > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris > > Gauthier > > Sent: Monday, January 07, 2008 11:33 AM > > To: 'rancid-discuss at shrubbery.net' > > Subject: [rancid] Eliminating two lines from foundry output > > > > Hello, > > > > I am a happy user of rancid for my Foundry switches (except the EdgeIron > > > > line, which needs support, but I haven't worked on that yet), but have > > become annoyed in the past weeks because I get an email nearly every > > time rancid checks one switch. It is because it displays the temp. > > Here is the output: > > > > Index: configs/10.x.x.x > > =================================================================== > > retrieving revision 1.1031 > > diff -U4 -r1.1031 10.x.x.x > > @@ -22,9 +22,9 @@ > > ! > > ! Fan 1 ok, speed (auto): 1<->2<->[[3]] > > ! Fan 2 ok, speed (auto): 1<->2<->[[3]] > > ! > > - ! Fan controlled temperature: 35.0 deg-C > > + ! Fan controlled temperature: 35.5 deg-C > > ! > > ! Fan speed switching temperature thresholds: > > ! Speed 1: NM<----->30 deg-C > > ! Speed 2: 25<----->40 deg-C > > > > > > My problem is that I want to eliminate the "Fan controlled temperature > > lines" so I don't get an email every 1/2 hour (as I have rancid > > configured to poll). > > > > Any thoughts on how to do this? > > > > Thanks, > > > > Chris > > > > > > -- > Chris Gauthier, CCNA, Network+, A+ > Network Administration Team > Portland Community College > Portland, Oregon > > "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." > --Leonardo da Vinci > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From ecables at gmail.com Wed Jan 9 18:30:22 2008 From: ecables at gmail.com (Eric Cables) Date: Wed, 9 Jan 2008 10:30:22 -0800 Subject: [rancid] Re: Latest version In-Reply-To: <20080109100204.Q10680@mignon.ki.iif.hu> References: <082FEA82DC985B4F8A6B412D5AC4E220B3834D@exchange.Equivoice.local> <935ead450801081403l788ebdddr19f77bc27d307e51@mail.gmail.com> <20080109100204.Q10680@mignon.ki.iif.hu> Message-ID: What were the changes between a6 and a7? I'm running a6 now, but unless the changes to a7 are noteworthy I was just going to delay upgrading until the next major release (assuming there is one). The CHANGES file does not indicate sub-version changes, just major version changes. Thanks, On Jan 9, 2008 1:02 AM, Mohacsi Janos wrote: > > > > On Tue, 8 Jan 2008, Jeffrey Ollie wrote: > > > On 1/8/08, Todd Heide wrote: > >> > >> What is the latest version and how can I find out which I am running? I > need > >> to build a new box and want to get as up to date as possible running on > >> Fedora. > > > > I periodically check the FTP site. The main web page doesn't always > > get updated promptly. Ignore the 'alpha' designation and get 2.3.2a7. > > > > ftp://ftp.shrubbery.net/pub/rancid/ > > By the way, when the final 2.3.2 will be released? > > Regards, > Janos Mohacsi > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- Eric Cables -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080109/1214ba86/attachment.html From heas at shrubbery.net Thu Jan 10 00:41:24 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 10 Jan 2008 00:41:24 +0000 Subject: [rancid] Re: Latest version In-Reply-To: <20080109100204.Q10680@mignon.ki.iif.hu> References: <082FEA82DC985B4F8A6B412D5AC4E220B3834D@exchange.Equivoice.local> <935ead450801081403l788ebdddr19f77bc27d307e51@mail.gmail.com> <20080109100204.Q10680@mignon.ki.iif.hu> Message-ID: <20080110004124.GJ18583@shrubbery.net> Wed, Jan 09, 2008 at 10:02:56AM +0100, Mohacsi Janos: > > > > On Tue, 8 Jan 2008, Jeffrey Ollie wrote: > > > On 1/8/08, Todd Heide wrote: > >> > >> What is the latest version and how can I find out which I am running? I need > >> to build a new box and want to get as up to date as possible running on > >> Fedora. > > > > I periodically check the FTP site. The main web page doesn't always > > get updated promptly. Ignore the 'alpha' designation and get 2.3.2a7. > > > > ftp://ftp.shrubbery.net/pub/rancid/ > > By the way, when the final 2.3.2 will be released? I have 3 things to get done before rolling 2.3.2...languishing as they may be; test 1 new module, whats-his-name's CSC patch, and *login exit value patch. From laichenkang at gmail.com Thu Jan 10 04:26:48 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Thu, 10 Jan 2008 12:26:48 +0800 Subject: [rancid] changing the from for emails Message-ID: <47859E88.4010401@gmail.com> Hi all I am rather new to linux and not sure if this is the right place to post this. I want the email to be from hostname at mydomain.com. However what I am getting is rancid at hostname.mydomain.com. Any idea how I can configure this? Lai From justin at justinshore.com Thu Jan 10 12:14:28 2008 From: justin at justinshore.com (Justin Shore) Date: Thu, 10 Jan 2008 06:14:28 -0600 Subject: [rancid] Re: changing the from for emails In-Reply-To: <47859E88.4010401@gmail.com> References: <47859E88.4010401@gmail.com> Message-ID: <47860C24.6020301@justinshore.com> Lai, Is MAILDOMAIN defined in your etc/rancid.conf? Justin Lai Chen Kang wrote: > Hi all > > I am rather new to linux and not sure if this is the right place to post this. I want the email to be from > hostname at mydomain.com. However what I am getting is rancid at hostname.mydomain.com. Any idea how I can configure this? From laichenkang at gmail.com Thu Jan 10 12:26:52 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Thu, 10 Jan 2008 20:26:52 +0800 Subject: [rancid] Re: changing the from for emails In-Reply-To: <47860C24.6020301@justinshore.com> References: <47859E88.4010401@gmail.com> <47860C24.6020301@justinshore.com> Message-ID: <47860F0C.3070601@gmail.com> it is. I've put in @mydomain.com Justin Shore wrote: > Lai, > > Is MAILDOMAIN defined in your etc/rancid.conf? > > Justin > > Lai Chen Kang wrote: >> Hi all >> >> I am rather new to linux and not sure if this is the right place to >> post this. I want the email to be from hostname at mydomain.com. However >> what I am getting is rancid at hostname.mydomain.com. Any idea how I can >> configure this? > From lerik at nolink.net Thu Jan 10 13:26:40 2008 From: lerik at nolink.net (Lars Erik Gullerud) Date: Thu, 10 Jan 2008 14:26:40 +0100 (CET) Subject: [rancid] Rancid/Expect failing on FreeBSD/SMP systems Message-ID: <20080110132211.D75682@electra.nolink.net> My apologies for posting this both to the Rancid list and FreeBSD-STABLE, however I am not sure where to start troubleshooting this issue - I am suspecting it is a FreeBSD issue, but I am thinking we are probably not the only shop running RANCID (ports/net-mgmt/rancid) on FreeBSD (since it is quite popular in ISP environments), so hopefully someone can look at it from the RANCID angle and give some helpful input on how to troubleshoot this further. The problem: After finally giving in and starting to phase out some of our oldest FreeBSD 4.11 servers and replace them with FreeBSD 6.x on some fresh hardware, I got around to start moving our RANCID server. This however, has been the start of a real nightmare. I don't think the problems I am seeing are in RANCID itself, however it can be reliable reproduced every time i run RANCID and I have not been able to reproduce it in any other way with pure expect test-cases directly. What happens: Expect processes "hang" during RANCID runs, and go into infinite loops eating 100% CPU (on one CPU core). The problem is reliably reproduced everytime we do a full rancid-run, but the actual device it chokes on varies between runs so it is not device-related. It does seem to happen most often when collecting Juniper M-series gear with large configurations though, using jrancid and ssh. We can NOT seem to reproduce it by running jrancid (or any other) on a single device at at time - which is somewhat confusing at is DOES happen when setting PAR_COUNT to 1 and doing a rancid-run (which should IMHO be pretty much the same as doing sequential single device runs...) Our environment: We run RANCID extensively to collect a few hundred devices, including Cisco, Cisco-CatOS, Juniper, Extreme, Extreme-XOS, Riverstone, FortiNet/FortiGate, etc. We want to start storing CPE configs in addition to our own core gear in RANCID now, which means we will be putting several thousand routers into RANCID, which also explains the need for fresher hardware... RANCID version does not seem to matter, I have tested with both some ancient 2.3.0 scripts and 2.3.2a7, same behaviour. Using the same RANCID instance (I have tarballed it up and installed it on a bunch of servers, i.e. using the same CVS and the same router.db files etc.), it fails on: FreeBSD 7.0-BETA4, amd64, SMP kernel, 8 x CPU cores (2 x quad Xeon 5335) FreeBSD 6.2-STABLE, i386, SMP kernel, 2 x CPU cores (2 x single-core Xeon) Both have perl-5.8.8_1, expect 5.43.0_3 and tcl-8.4.16,1 built from ports. It however seems to work fine on: Linux CentOS 4.5 x86-64, 4 x CPU cores (2 x dual Xeon 5130) FreeBSD 4.11 i386, UP kernel, 1 x CPU core (1 x single-core Xeon) FreeBSD 7.0-RC1, i386, UP kernel, 1 x CPU core (1 x P4) (Linux box has Expect 5.42 and Tcl 8.3...) So it only seems to be on newer FreeBSD with SMP. (If anyone have RANCID working okay on FreeBSD 6.x/7.x on SMP systems at all, please let me know...) Now, for some details, if anyone has any ideas. What is actually happening is this, when truss'ing the stuck Expect-process: fcntl(4,F_GETFL,) = 0 (0x0) fcntl(4,F_SETFL,0x0) ERR#25 'Inappropriate ioctl for device' fcntl(4,F_GETFL,) = 0 (0x0) fcntl(4,F_SETFL,0x0) ERR#25 'Inappropriate ioctl for device' So, which device is it trying to fcntl, and what is it trying to do? lsof shows the following: expect 1417 rancid cwd VDIR 0,86 2048 7607662 /local/rancid/var/core/configs expect 1417 rancid rtd VDIR 0,81 512 2 / expect 1417 rancid 0r VCHR 0,24 0t0 24 /dev/null expect 1417 rancid 2r VCHR 0,24 0t0 24 /dev/null expect 1417 rancid 3r VCHR 0,24 0t0 24 /dev/null expect 1417 rancid 4r VCHR 0,24 0t0 24 /dev/null file descriptor 4 is /dev/null. Why is it trying to F_SETFL /dev/null to BLOCKING mode (which is failing)? Why should it be playing with /dev/null at all? Well, digging a little, this is what the lsof output looked like 10 seconds earlier: expect 1417 rancid cwd VDIR 0,86 2048 7607662 /local/rancid/var/core/configs expect 1417 rancid rtd VDIR 0,81 512 2 / expect 1417 rancid 0r VCHR 0,24 0t0 24 /dev/null expect 1417 rancid 1u PIPE 0x38bfcf8 0 ->0xffffff00038bfba0 expect 1417 rancid 2w VREG 0,86 76 7583772 /local (/dev/mfid0s1f) expect 1417 rancid 3u VCHR 0,108 0t0 108 /dev/ttyp2 expect 1417 rancid 4u VCHR 0,117 0t45 117 /dev/ptyp7 ssh 1418 rancid cwd VDIR 0,86 2048 7607662 /local/rancid/var/core/configs ssh 1418 rancid rtd VDIR 0,81 512 2 / ssh 1418 rancid txt unknown file system type: 8\xb9^_^B\xff\xff\xff^Xb\xab)^B\xff\xff\xffE ssh 1418 rancid 0u VCHR 0,118 0t0 118 /dev/ttyp7 ssh 1418 rancid 1u VCHR 0,118 0t0 118 /dev/ttyp7 ssh 1418 rancid 2u VCHR 0,118 0t0 118 /dev/ttyp7 ssh 1418 rancid 3w VREG 0,86 76 7583772 /local (/dev/mfid0s1f) ssh 1418 rancid 4u IPv4 0xffffff008c030240 0t0 TCP *:27776->*:49323 ssh 1418 rancid 5u VCHR 0,118 0t45 118 /dev/ttyp7 Here, fd 4 is actually a pty (pty7), which seems to be a fork to PID 1418, the ssh session to the router, and everything seems to be normal. PID 1418 is no longer there on the most recent lsof, so 1418 seems to have died(?) and PID 1417 now has /dev/null on its file descriptor 4. I don't know why that is, but why is it trying to fcntl it to Blocking I/O mode? Here is a gdb attach to the PID and a backtrace: (gdb) bt #0 0x0000000800aefc9c in fcntl () from /lib/libc.so.7 #1 0x00000000004072c5 in ?? () #2 0x00000008006a8c18 in StackSetBlockMode () from /usr/local/lib/libtcl84.so.1 #3 0x00000008006a8c54 in SetBlockMode () from /usr/local/lib/libtcl84.so.1 #4 0x00000008006acf75 in Tcl_SetChannelOption () from /usr/local/lib/libtcl84.so.1 #5 0x00000008006aeda0 in TclFinalizeIOSubsystem () from /usr/local/lib/libtcl84.so.1 #6 0x0000000800697f74 in Tcl_FinalizeThread () from /usr/local/lib/libtcl84.so.1 #7 0x0000000800698081 in Tcl_Finalize () from /usr/local/lib/libtcl84.so.1 #8 0x000000080069833a in Tcl_Exit () from /usr/local/lib/libtcl84.so.1 #9 0x0000000000409610 in ?? () #10 0x00000008006742be in TclInvokeStringCommand () from /usr/local/lib/libtcl84.so.1 #11 0x0000000800675944 in TclEvalObjvInternal () from /usr/local/lib/libtcl84.so.1 #12 0x0000000800675dff in Tcl_EvalEx () from /usr/local/lib/libtcl84.so.1 #13 0x00000008006b55d9 in Tcl_FSEvalFile () from /usr/local/lib/libtcl84.so.1 #14 0x00000008006b5690 in Tcl_EvalFile () from /usr/local/lib/libtcl84.so.1 #15 0x0000000000404f58 in ?? () #16 0x0000000000404d47 in ?? () >From the functions it is running in Tcl, it seems it is Tcl's cleanup code that is failing, when it is trying to restore a Tcl "channel" to normal mode during an exit event. This is where my clue runs out, and I am at a loss as to how to proceed from here. I have tried digging in both Tcl and Expect source code to see if can catch anything obvious, but alas, this is somewhat outside my area of expertise (I am a networking guy, not a programmer)... Any suggestions on how to proceed to find and fix this issue would be welcome, as the only other option for us is to abandon FreeBSD and go with Linux on the server, and we have already replaced too many FreeBSD boxes with Linux for my liking, I don't want to see yet another one go... Regards, Lars Erik Gullerud From Todd at equivoice.com Thu Jan 10 14:06:15 2008 From: Todd at equivoice.com (Todd Heide) Date: Thu, 10 Jan 2008 08:06:15 -0600 Subject: [rancid] Re: Latest version In-Reply-To: <20080110004124.GJ18583@shrubbery.net> References: <082FEA82DC985B4F8A6B412D5AC4E220B3834D@exchange.Equivoice.local> <935ead450801081403l788ebdddr19f77bc27d307e51@mail.gmail.com> <20080109100204.Q10680@mignon.ki.iif.hu> <20080110004124.GJ18583@shrubbery.net> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220B3842A@exchange.Equivoice.local> CSC patch, as in the CSC module in the ASA? Thanks CCSP CCNA CCDA Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Wednesday, January 09, 2008 6:41 PM To: Mohacsi Janos Cc: Jeffrey Ollie; Todd Heide; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Latest version Wed, Jan 09, 2008 at 10:02:56AM +0100, Mohacsi Janos: > > > > On Tue, 8 Jan 2008, Jeffrey Ollie wrote: > > > On 1/8/08, Todd Heide wrote: > >> > >> What is the latest version and how can I find out which I am running? I need > >> to build a new box and want to get as up to date as possible running on > >> Fedora. > > > > I periodically check the FTP site. The main web page doesn't always > > get updated promptly. Ignore the 'alpha' designation and get 2.3.2a7. > > > > ftp://ftp.shrubbery.net/pub/rancid/ > > By the way, when the final 2.3.2 will be released? I have 3 things to get done before rolling 2.3.2...languishing as they may be; test 1 new module, whats-his-name's CSC patch, and *login exit value patch. From mohacsi at niif.hu Thu Jan 10 15:04:02 2008 From: mohacsi at niif.hu (Mohacsi Janos) Date: Thu, 10 Jan 2008 16:04:02 +0100 (CET) Subject: [rancid] Re: Rancid/Expect failing on FreeBSD/SMP systems In-Reply-To: <20080110132211.D75682@electra.nolink.net> References: <20080110132211.D75682@electra.nolink.net> Message-ID: <20080110160036.A40486@mignon.ki.iif.hu> Hi Lars, You should use expect-devel port to avoid hunging on pty have a look at http://www.freebsd.org/cgi/query-pr.cgi?pr=118452 Janos Mohacsi Network Engineer, Research Associate, Head of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Thu, 10 Jan 2008, Lars Erik Gullerud wrote: > My apologies for posting this both to the Rancid list and FreeBSD-STABLE, > however I am not sure where to start troubleshooting this issue - I am > suspecting it is a FreeBSD issue, but I am thinking we are probably not > the only shop running RANCID (ports/net-mgmt/rancid) on FreeBSD (since it > is quite popular in ISP environments), so hopefully someone can look at > it from the RANCID angle and give some helpful input on how to > troubleshoot this further. > > The problem: After finally giving in and starting to phase out some of our > oldest FreeBSD 4.11 servers and replace them with FreeBSD 6.x on some > fresh hardware, I got around to start moving our RANCID server. This > however, has been the start of a real nightmare. I don't think the > problems I am seeing are in RANCID itself, however it can be reliable > reproduced every time i run RANCID and I have not been able to reproduce > it in any other way with pure expect test-cases directly. > > What happens: > > Expect processes "hang" during RANCID runs, and go into infinite loops > eating 100% CPU (on one CPU core). The problem is reliably reproduced > everytime we do a full rancid-run, but the actual device it chokes on > varies between runs so it is not device-related. It does seem to happen > most often when collecting Juniper M-series gear with large configurations > though, using jrancid and ssh. > > We can NOT seem to reproduce it by running jrancid (or any other) on a > single device at at time - which is somewhat confusing at is DOES happen > when setting PAR_COUNT to 1 and doing a rancid-run (which > should IMHO be pretty much the same as doing sequential single device > runs...) > > Our environment: > > We run RANCID extensively to collect a few hundred devices, including > Cisco, Cisco-CatOS, Juniper, Extreme, Extreme-XOS, Riverstone, > FortiNet/FortiGate, etc. We want to start storing CPE configs in addition > to our own core gear in RANCID now, which means we will be putting several > thousand routers into RANCID, which also explains the need for fresher > hardware... > > RANCID version does not seem to matter, I have tested with both some > ancient 2.3.0 scripts and 2.3.2a7, same behaviour. > > Using the same RANCID instance (I have tarballed it up and installed it on > a bunch of servers, i.e. using the same CVS and the same router.db files > etc.), it fails on: > > FreeBSD 7.0-BETA4, amd64, SMP kernel, 8 x CPU cores (2 x quad Xeon 5335) > FreeBSD 6.2-STABLE, i386, SMP kernel, 2 x CPU cores (2 x single-core Xeon) > > Both have perl-5.8.8_1, expect 5.43.0_3 and tcl-8.4.16,1 built from ports. > > It however seems to work fine on: > > Linux CentOS 4.5 x86-64, 4 x CPU cores (2 x dual Xeon 5130) > FreeBSD 4.11 i386, UP kernel, 1 x CPU core (1 x single-core Xeon) > FreeBSD 7.0-RC1, i386, UP kernel, 1 x CPU core (1 x P4) > > (Linux box has Expect 5.42 and Tcl 8.3...) > > So it only seems to be on newer FreeBSD with SMP. (If anyone have RANCID > working okay on FreeBSD 6.x/7.x on SMP systems at all, please let me > know...) > > Now, for some details, if anyone has any ideas. What is actually > happening is this, when truss'ing the stuck Expect-process: > > fcntl(4,F_GETFL,) = 0 (0x0) > fcntl(4,F_SETFL,0x0) ERR#25 'Inappropriate ioctl for device' > fcntl(4,F_GETFL,) = 0 (0x0) > fcntl(4,F_SETFL,0x0) ERR#25 'Inappropriate ioctl for device' > > > So, which device is it trying to fcntl, and what is it trying to do? lsof > shows the following: > > expect 1417 rancid cwd VDIR 0,86 2048 7607662 /local/rancid/var/core/configs > expect 1417 rancid rtd VDIR 0,81 512 2 / > expect 1417 rancid 0r VCHR 0,24 0t0 24 /dev/null > expect 1417 rancid 2r VCHR 0,24 0t0 24 /dev/null > expect 1417 rancid 3r VCHR 0,24 0t0 24 /dev/null > expect 1417 rancid 4r VCHR 0,24 0t0 24 /dev/null > > file descriptor 4 is /dev/null. Why is it trying to F_SETFL /dev/null to > BLOCKING mode (which is failing)? Why should it be playing with /dev/null > at all? Well, digging a little, this is what the lsof output looked like > 10 seconds earlier: > > expect 1417 rancid cwd VDIR 0,86 2048 7607662 /local/rancid/var/core/configs > expect 1417 rancid rtd VDIR 0,81 512 2 / > expect 1417 rancid 0r VCHR 0,24 0t0 24 /dev/null > expect 1417 rancid 1u PIPE 0x38bfcf8 0 ->0xffffff00038bfba0 > expect 1417 rancid 2w VREG 0,86 76 7583772 /local (/dev/mfid0s1f) > expect 1417 rancid 3u VCHR 0,108 0t0 108 /dev/ttyp2 > expect 1417 rancid 4u VCHR 0,117 0t45 117 /dev/ptyp7 > ssh 1418 rancid cwd VDIR 0,86 2048 7607662 /local/rancid/var/core/configs > ssh 1418 rancid rtd VDIR 0,81 512 2 / > ssh 1418 rancid txt unknown file system type: 8\xb9^_^B\xff\xff\xff^Xb\xab)^B\xff\xff\xffE > ssh 1418 rancid 0u VCHR 0,118 0t0 118 /dev/ttyp7 > ssh 1418 rancid 1u VCHR 0,118 0t0 118 /dev/ttyp7 > ssh 1418 rancid 2u VCHR 0,118 0t0 118 /dev/ttyp7 > ssh 1418 rancid 3w VREG 0,86 76 7583772 /local (/dev/mfid0s1f) > ssh 1418 rancid 4u IPv4 0xffffff008c030240 0t0 TCP *:27776->*:49323 > ssh 1418 rancid 5u VCHR 0,118 0t45 118 /dev/ttyp7 > > Here, fd 4 is actually a pty (pty7), which seems to be a fork to PID 1418, > the ssh session to the router, and everything seems to be normal. > > PID 1418 is no longer there on the most recent lsof, so 1418 seems to > have died(?) and PID 1417 now has /dev/null on its file descriptor 4. I > don't know why that is, but why is it trying to fcntl it to Blocking I/O > mode? Here is a gdb attach to the PID and a backtrace: > > (gdb) bt > #0 0x0000000800aefc9c in fcntl () from /lib/libc.so.7 > #1 0x00000000004072c5 in ?? () > #2 0x00000008006a8c18 in StackSetBlockMode () > from /usr/local/lib/libtcl84.so.1 > #3 0x00000008006a8c54 in SetBlockMode () from > /usr/local/lib/libtcl84.so.1 > #4 0x00000008006acf75 in Tcl_SetChannelOption () > from /usr/local/lib/libtcl84.so.1 > #5 0x00000008006aeda0 in TclFinalizeIOSubsystem () > from /usr/local/lib/libtcl84.so.1 > #6 0x0000000800697f74 in Tcl_FinalizeThread () > from /usr/local/lib/libtcl84.so.1 > #7 0x0000000800698081 in Tcl_Finalize () from > /usr/local/lib/libtcl84.so.1 > #8 0x000000080069833a in Tcl_Exit () from /usr/local/lib/libtcl84.so.1 > #9 0x0000000000409610 in ?? () > #10 0x00000008006742be in TclInvokeStringCommand () > from /usr/local/lib/libtcl84.so.1 > #11 0x0000000800675944 in TclEvalObjvInternal () > from /usr/local/lib/libtcl84.so.1 > #12 0x0000000800675dff in Tcl_EvalEx () from /usr/local/lib/libtcl84.so.1 > #13 0x00000008006b55d9 in Tcl_FSEvalFile () from > /usr/local/lib/libtcl84.so.1 > #14 0x00000008006b5690 in Tcl_EvalFile () from > /usr/local/lib/libtcl84.so.1 > #15 0x0000000000404f58 in ?? () > #16 0x0000000000404d47 in ?? () > >> From the functions it is running in Tcl, it seems it is Tcl's cleanup > code that is failing, when it is trying to restore a Tcl "channel" to > normal mode during an exit event. > > This is where my clue runs out, and I am at a loss as to how to proceed > from here. I have tried digging in both Tcl and Expect source code to see > if can catch anything obvious, but alas, this is somewhat outside my area > of expertise (I am a networking guy, not a programmer)... > > Any suggestions on how to proceed to find and fix this issue would be > welcome, as the only other option for us is to abandon FreeBSD and go with > Linux on the server, and we have already replaced too many FreeBSD boxes > with Linux for my liking, I don't want to see yet another one go... > > Regards, > Lars Erik Gullerud > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From paris.stone at gmail.com Fri Jan 4 13:34:47 2008 From: paris.stone at gmail.com (Paris Stone) Date: Fri, 4 Jan 2008 08:34:47 -0500 Subject: [rancid] F5 login & F5 rancid files Message-ID: <281dadb30801040534n75df5284wb9f7fe2bfc66fa75@mail.gmail.com> I have been looking for login&rancid files that would support getting F5, BigIPs configs. I have seen some postings, and diffs, discussion like that, but haven't actually seen the files. Could someone reply with a link for downloading them, please? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080104/fbb444f0/attachment.html From heas at shrubbery.net Thu Jan 10 16:45:09 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 10 Jan 2008 16:45:09 +0000 Subject: [rancid] Re: changing the from for emails In-Reply-To: <47860C24.6020301@justinshore.com> References: <47859E88.4010401@gmail.com> <47860C24.6020301@justinshore.com> Message-ID: <20080110164509.GA9159@shrubbery.net> That does not affect the From, an indeed some MTAs do not permit unprivleged users to set From. This should be corrected in the MTA configuration. In postfix that'd be the myorigin knob. Thu, Jan 10, 2008 at 06:14:28AM -0600, Justin Shore: > Lai, > > Is MAILDOMAIN defined in your etc/rancid.conf? > > Justin > > Lai Chen Kang wrote: > > Hi all > > > > I am rather new to linux and not sure if this is the right place to post this. I want the email to be from > > hostname at mydomain.com. However what I am getting is rancid at hostname.mydomain.com. Any idea how I can configure this? > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Thu Jan 10 17:12:45 2008 From: rancid at gheek.net (Lance) Date: Thu, 10 Jan 2008 10:12:45 -0700 Subject: [rancid] Re: F5 login & F5 rancid files Message-ID: <20080110101245.8e114e4890519e5179c192e02d6bca26.28fc615eba.wbe@email.secureserver.net> Paris, I would point you to one link if I could find it asap. But the fastest way for me was to post what Mike Ashcraft did for the F5. The version I just posted has a few additions I just added. http://www.gheek.net/scripts/perl/f5rancid_pl.txt http://www.gheek.net/scripts/expect/f5login_exp.txt Here is the post I just sent about Mikes last version and what needs to be added (which is in the version I just posted on my site) to make it work. http://www.shrubbery.net/pipermail/rancid-discuss/2008-January/002662.html Bah, I did the search and here is mikes post as well. http://www.shrubbery.net/pipermail/rancid-discuss/2007-November/002601.html -lance > -------- Original Message -------- > Subject: [rancid] F5 login & F5 rancid files > From: "Paris Stone" > Date: Fri, January 04, 2008 6:34 am > To: rancid-discuss at shrubbery.net > I have been looking for login&rancid files that would support getting F5, > BigIPs configs. I have seen some postings, and diffs, discussion like that, > but haven't actually seen the files. > Could someone reply with a link for downloading them, please?
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From AElliott at xo.com Thu Jan 10 21:17:49 2008 From: AElliott at xo.com (Elliott, Andrew) Date: Thu, 10 Jan 2008 16:17:49 -0500 Subject: [rancid] IFBrief no longer reporting for Cisco gear with 2.3.2a7 Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5303C42816@VARESTMAIL03.mail.inthosts.net> Hello, Is there any plans to include the IFBrief output in future releases or patches? Since moving to 2.3.2a7, that portion of the output is no longer included in the backups. Is there an easy way to edit bin/rancid to add the support back in? --- (o< Andrew Elliott desk: 989.758.6987 //\ Tier II Data cell: 989.213.5794 V_/_ XO Communications -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "Don't EVER cross the streams." From laichenkang at gmail.com Fri Jan 11 10:01:20 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Fri, 11 Jan 2008 18:01:20 +0800 Subject: [rancid] Re: changing the from for emails In-Reply-To: <20080110164509.GA9159@shrubbery.net> References: <47859E88.4010401@gmail.com> <47860C24.6020301@justinshore.com> <20080110164509.GA9159@shrubbery.net> Message-ID: <47873E70.1000302@gmail.com> I am using sendmail. Any idea how I can configure this in sendmail? john heasley wrote: > That does not affect the From, an indeed some MTAs do not permit unprivleged > users to set From. This should be corrected in the MTA configuration. In > postfix that'd be the myorigin knob. > > Thu, Jan 10, 2008 at 06:14:28AM -0600, Justin Shore: >> Lai, >> >> Is MAILDOMAIN defined in your etc/rancid.conf? >> >> Justin >> >> Lai Chen Kang wrote: >>> Hi all >>> >>> I am rather new to linux and not sure if this is the right place to post this. I want the email to be from >>> hostname at mydomain.com. However what I am getting is rancid at hostname.mydomain.com. Any idea how I can configure this? >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From stsimb at irc.gr Fri Jan 11 14:09:24 2008 From: stsimb at irc.gr (Sotiris Tsimbonis) Date: Fri, 11 Jan 2008 16:09:24 +0200 Subject: [rancid] Re: changing the from for emails In-Reply-To: <47873E70.1000302@gmail.com> References: <47859E88.4010401@gmail.com> <47860C24.6020301@justinshore.com> <20080110164509.GA9159@shrubbery.net> <47873E70.1000302@gmail.com> Message-ID: <47877894.2090806@irc.gr> Lai Chen Kang wrote: > I am using sendmail. Any idea how I can configure this in sendmail? > You need to do masquerading in your .mc file and generate a new sendmail.cf .. http://www.sendmail.org/m4/masquerading.html Sot. > john heasley wrote: >> That does not affect the From, an indeed some MTAs do not permit unprivleged >> users to set From. This should be corrected in the MTA configuration. In >> postfix that'd be the myorigin knob. >> >> Thu, Jan 10, 2008 at 06:14:28AM -0600, Justin Shore: >>> Lai, >>> >>> Is MAILDOMAIN defined in your etc/rancid.conf? >>> >>> Justin >>> >>> Lai Chen Kang wrote: >>>> Hi all >>>> >>>> I am rather new to linux and not sure if this is the right place to post this. I want the email to be from >>>> hostname at mydomain.com. However what I am getting is rancid at hostname.mydomain.com. Any idea how I can configure this? >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From heas at shrubbery.net Fri Jan 11 19:52:14 2008 From: heas at shrubbery.net (john heasley) Date: Fri, 11 Jan 2008 19:52:14 +0000 Subject: [rancid] Re: IFBrief no longer reporting for Cisco gear with 2.3.2a7 In-Reply-To: <3B715C4683E2F54DBC36ECDD2CA70F5303C42816@VARESTMAIL03.mail.inthosts.net> References: <3B715C4683E2F54DBC36ECDD2CA70F5303C42816@VARESTMAIL03.mail.inthosts.net> Message-ID: <20080111195214.GD21882@shrubbery.net> I do not understand what it is that you're calling "IFBrief output." Thu, Jan 10, 2008 at 04:17:49PM -0500, Elliott, Andrew: > Hello, > > Is there any plans to include the IFBrief output in future releases or > patches? Since moving to 2.3.2a7, that portion of the output is no > longer included in the backups. > > Is there an easy way to edit bin/rancid to add the support back in? > > --- > (o< Andrew Elliott desk: 989.758.6987 > //\ Tier II Data cell: 989.213.5794 > V_/_ XO Communications > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > "Don't EVER cross the streams." > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From AElliott at xo.com Fri Jan 11 20:06:27 2008 From: AElliott at xo.com (Elliott, Andrew) Date: Fri, 11 Jan 2008 15:06:27 -0500 Subject: [rancid] Re: IFBrief no longer reporting for Cisco gear with 2.3.2a7 References: <3B715C4683E2F54DBC36ECDD2CA70F5303C42816@VARESTMAIL03.mail.inthosts.net> <20080111195214.GD21882@shrubbery.net> Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5303C4281E@VARESTMAIL03.mail.inthosts.net> With the older version of rancid, the output of "show ip interface brief" was included in the backups (preceeded in the output by "IFBrief: etc..." Since moving to 2.3.2a7, that output is missing from the backups. --- Andrew Elliott Tier II Data XO Communications desk: 989.758.6987 cell: 989.213.5794 > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Friday, January 11, 2008 2:52 PM > To: Elliott, Andrew > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] IFBrief no longer reporting for Cisco > gear with 2.3.2a7 > > I do not understand what it is that you're calling "IFBrief output." > > Thu, Jan 10, 2008 at 04:17:49PM -0500, Elliott, Andrew: > > Hello, > > > > Is there any plans to include the IFBrief output in future > releases or > > patches? Since moving to 2.3.2a7, that portion of the output is no > > longer included in the backups. > > > > Is there an easy way to edit bin/rancid to add the support back in? > > > > --- > > (o< Andrew Elliott desk: 989.758.6987 > > //\ Tier II Data cell: 989.213.5794 > > V_/_ XO Communications > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > "Don't EVER cross the streams." > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From heas at shrubbery.net Fri Jan 11 20:09:18 2008 From: heas at shrubbery.net (john heasley) Date: Fri, 11 Jan 2008 20:09:18 +0000 Subject: [rancid] Re: IFBrief no longer reporting for Cisco gear with 2.3.2a7 In-Reply-To: <3B715C4683E2F54DBC36ECDD2CA70F5303C4281E@VARESTMAIL03.mail.inthosts.net> References: <3B715C4683E2F54DBC36ECDD2CA70F5303C42816@VARESTMAIL03.mail.inthosts.net> <20080111195214.GD21882@shrubbery.net> <3B715C4683E2F54DBC36ECDD2CA70F5303C4281E@VARESTMAIL03.mail.inthosts.net> Message-ID: <20080111200918.GH21882@shrubbery.net> Fri, Jan 11, 2008 at 03:06:27PM -0500, Elliott, Andrew: > With the older version of rancid, the output of "show ip interface > brief" was included in the backups (preceeded in the output by "IFBrief: > etc..." No, that was never collected. You had a local modification. > Since moving to 2.3.2a7, that output is missing from the backups. > > --- > Andrew Elliott > Tier II Data > XO Communications > desk: 989.758.6987 > cell: 989.213.5794 > > > > > -----Original Message----- > > From: john heasley [mailto:heas at shrubbery.net] > > Sent: Friday, January 11, 2008 2:52 PM > > To: Elliott, Andrew > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] IFBrief no longer reporting for Cisco > > gear with 2.3.2a7 > > > > I do not understand what it is that you're calling "IFBrief output." > > > > Thu, Jan 10, 2008 at 04:17:49PM -0500, Elliott, Andrew: > > > Hello, > > > > > > Is there any plans to include the IFBrief output in future > > releases or > > > patches? Since moving to 2.3.2a7, that portion of the output is no > > > longer included in the backups. > > > > > > Is there an easy way to edit bin/rancid to add the support back in? > > > > > > --- > > > (o< Andrew Elliott desk: 989.758.6987 > > > //\ Tier II Data cell: 989.213.5794 > > > V_/_ XO Communications > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > "Don't EVER cross the streams." > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From AElliott at xo.com Fri Jan 11 20:19:00 2008 From: AElliott at xo.com (Elliott, Andrew) Date: Fri, 11 Jan 2008 15:19:00 -0500 Subject: [rancid] Re: IFBrief no longer reporting for Cisco gear with 2.3.2a7 References: <3B715C4683E2F54DBC36ECDD2CA70F5303C42816@VARESTMAIL03.mail.inthosts.net> <20080111195214.GD21882@shrubbery.net> <3B715C4683E2F54DBC36ECDD2CA70F5303C4281E@VARESTMAIL03.mail.inthosts.net> <20080111200918.GH21882@shrubbery.net> Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5303C42820@VARESTMAIL03.mail.inthosts.net> John, Thanks so much for the answer! I tried to add it myself by adding this line to the commandtable: {'show ip interface brief' => "ShowIFBrief"}, And this routine: sub ShowIFBrief { print STDERR " In ShowIFBrief: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); ProcessHistory("COMMENTS","","","!IFBrief: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } --- Andrew Elliott Tier II Data XO Communications desk: 989.758.6987 cell: 989.213.5794 > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Friday, January 11, 2008 3:09 PM > To: Elliott, Andrew > Cc: john heasley; rancid-discuss at shrubbery.net > Subject: Re: [rancid] IFBrief no longer reporting for Cisco > gear with 2.3.2a7 > > Fri, Jan 11, 2008 at 03:06:27PM -0500, Elliott, Andrew: > > With the older version of rancid, the output of "show ip interface > > brief" was included in the backups (preceeded in the output > by "IFBrief: > > etc..." > > No, that was never collected. You had a local modification. > > > Since moving to 2.3.2a7, that output is missing from the backups. > > > > --- > > Andrew Elliott > > Tier II Data > > XO Communications > > desk: 989.758.6987 > > cell: 989.213.5794 > > > > > > > > > -----Original Message----- > > > From: john heasley [mailto:heas at shrubbery.net] > > > Sent: Friday, January 11, 2008 2:52 PM > > > To: Elliott, Andrew > > > Cc: rancid-discuss at shrubbery.net > > > Subject: Re: [rancid] IFBrief no longer reporting for Cisco > > > gear with 2.3.2a7 > > > > > > I do not understand what it is that you're calling > "IFBrief output." > > > > > > Thu, Jan 10, 2008 at 04:17:49PM -0500, Elliott, Andrew: > > > > Hello, > > > > > > > > Is there any plans to include the IFBrief output in future > > > releases or > > > > patches? Since moving to 2.3.2a7, that portion of the > output is no > > > > longer included in the backups. > > > > > > > > Is there an easy way to edit bin/rancid to add the > support back in? > > > > > > > > --- > > > > (o< Andrew Elliott desk: 989.758.6987 > > > > //\ Tier II Data cell: 989.213.5794 > > > > V_/_ XO Communications > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > > "Don't EVER cross the streams." > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > From heas at shrubbery.net Fri Jan 11 20:26:10 2008 From: heas at shrubbery.net (john heasley) Date: Fri, 11 Jan 2008 20:26:10 +0000 Subject: [rancid] Re: IFBrief no longer reporting for Cisco gear with 2.3.2a7 In-Reply-To: <3B715C4683E2F54DBC36ECDD2CA70F5303C42820@VARESTMAIL03.mail.inthosts.net> References: <3B715C4683E2F54DBC36ECDD2CA70F5303C42816@VARESTMAIL03.mail.inthosts.net> <20080111195214.GD21882@shrubbery.net> <3B715C4683E2F54DBC36ECDD2CA70F5303C4281E@VARESTMAIL03.mail.inthosts.net> <20080111200918.GH21882@shrubbery.net> <3B715C4683E2F54DBC36ECDD2CA70F5303C42820@VARESTMAIL03.mail.inthosts.net> Message-ID: <20080111202610.GJ21882@shrubbery.net> Fri, Jan 11, 2008 at 03:19:00PM -0500, Elliott, Andrew: > John, > > Thanks so much for the answer! > > I tried to add it myself by adding this line to the commandtable: > > {'show ip interface brief' => "ShowIFBrief"}, > > And this routine: > > sub ShowIFBrief { > print STDERR " In ShowIFBrief: $_" if ($debug); > > while () { > tr/\015//d; > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*)$/); > return(-1) if (/command authorization failed/i); > ProcessHistory("COMMENTS","","","!IFBrief: $_"); > } > ProcessHistory("COMMENTS","","","!\n"); > return(0); > } > I'm trying to add a way to make local additions (and omissions) like this easier. but it will not be ready until after 2.3.2. From NPabon at archstonesmith.com Fri Jan 11 20:31:47 2008 From: NPabon at archstonesmith.com (Pabon, Nestor) Date: Fri, 11 Jan 2008 13:31:47 -0700 Subject: [rancid] Searching for Half-duplex Interfaces Message-ID: <58B7A531794E6A49B3BAD57E3332254402968821@engexc11.archstonesmith.com> First of all I want to thank the developers for such a great tool. I need to discover in a network of 200+ routers, which ones have FastEthernet interfaces; either 0/0 or 0/1 set to "Half-duplex". Can someone help me script this query? My objective is to investigate why they are set to Half-duplex, and then change them to full or hard code them where appropriate. Regards, Nestor -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080111/ad8b7f22/attachment.html From rancid at gheek.net Fri Jan 11 20:56:24 2008 From: rancid at gheek.net (Lance) Date: Fri, 11 Jan 2008 13:56:24 -0700 Subject: [rancid] Re: Searching for Half-duplex Interfaces Message-ID: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net> use clogin and do a sho int for each interface. the look for half somewhere in the output of the show interface. > -------- Original Message -------- > Subject: [rancid] Searching for Half-duplex Interfaces > From: "Pabon, Nestor" > Date: Fri, January 11, 2008 1:31 pm > To: > First of all I want to thank the developers for such a great tool. > > I need to discover in a network of 200+ routers, which ones have > FastEthernet interfaces; either 0/0 or 0/1 set to "Half-duplex". > > Can someone help me script this query? > > My objective is to investigate why they are set to Half-duplex, and then > change them to full or hard code them where appropriate. > > Regards, > Nestor
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Fri Jan 11 21:29:39 2008 From: heas at shrubbery.net (john heasley) Date: Fri, 11 Jan 2008 21:29:39 +0000 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <58B7A531794E6A49B3BAD57E3332254402968821@engexc11.archstonesmith.com> References: <58B7A531794E6A49B3BAD57E3332254402968821@engexc11.archstonesmith.com> Message-ID: <20080111212939.GK21882@shrubbery.net> Fri, Jan 11, 2008 at 01:31:47PM -0700, Pabon, Nestor: > First of all I want to thank the developers for such a great tool. > > > > I need to discover in a network of 200+ routers, which ones have > FastEthernet interfaces; either 0/0 or 0/1 set to "Half-duplex". > > > > Can someone help me script this query? an snmpwalk of interfaces seems like a better approach. however... for rtr in ...list...; do clogin -c 'show interfaces | in (line protocol|duplex|speed)' $rtr \ >>output 2>&1 done or xargs or whatever your fancy. then perl/awk/human/whatever you like to exclude the uninteresting stuff from the output. From NPabon at archstonesmith.com Fri Jan 11 21:33:32 2008 From: NPabon at archstonesmith.com (Pabon, Nestor) Date: Fri, 11 Jan 2008 14:33:32 -0700 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net> References: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net> Message-ID: <58B7A531794E6A49B3BAD57E333225440296885D@engexc11.archstonesmith.com> I'm not sure I conveyed my goal correctly. If I use clogin or log directly into the router I know I can query issuing the following: "sh interface | i Half-duplex" But this will only return something like: "Half-duplex, 10Mb/s, 100BaseTX/FX" I rather do a: "show int" And have the output go to a file named "show-duplex" And then somehow get a report which will give the device name which had an interface set to Half-duplex". Hope this helps. Regards, Nestor -----Original Message----- From: Lance [mailto:rancid at gheek.net] Sent: Friday, January 11, 2008 1:56 PM To: Pabon, Nestor Cc: rancid-discuss at shrubbery.net Subject: RE: [rancid] Searching for Half-duplex Interfaces use clogin and do a sho int for each interface. the look for half somewhere in the output of the show interface. > -------- Original Message -------- > Subject: [rancid] Searching for Half-duplex Interfaces > From: "Pabon, Nestor" > Date: Fri, January 11, 2008 1:31 pm > To: > First of all I want to thank the developers for such a great tool. > > I need to discover in a network of 200+ routers, which ones have > FastEthernet interfaces; either 0/0 or 0/1 set to "Half-duplex". > > Can someone help me script this query? > > My objective is to investigate why they are set to Half-duplex, and then > change them to full or hard code them where appropriate. > > Regards, > Nestor
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From NPabon at archstonesmith.com Fri Jan 11 22:02:22 2008 From: NPabon at archstonesmith.com (Pabon, Nestor) Date: Fri, 11 Jan 2008 15:02:22 -0700 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <20080111212939.GK21882@shrubbery.net> References: <58B7A531794E6A49B3BAD57E3332254402968821@engexc11.archstonesmith.com> <20080111212939.GK21882@shrubbery.net> Message-ID: <58B7A531794E6A49B3BAD57E3332254402968876@engexc11.archstonesmith.com> This looks interesting. Got to figure out how to script it. -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Friday, January 11, 2008 2:30 PM To: Pabon, Nestor Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Searching for Half-duplex Interfaces Fri, Jan 11, 2008 at 01:31:47PM -0700, Pabon, Nestor: > First of all I want to thank the developers for such a great tool. > > > > I need to discover in a network of 200+ routers, which ones have > FastEthernet interfaces; either 0/0 or 0/1 set to "Half-duplex". > > > > Can someone help me script this query? an snmpwalk of interfaces seems like a better approach. however... for rtr in ...list...; do clogin -c 'show interfaces | in (line protocol|duplex|speed)' $rtr \ >>output 2>&1 done or xargs or whatever your fancy. then perl/awk/human/whatever you like to exclude the uninteresting stuff from the output. From eravin at panix.com Fri Jan 11 22:29:16 2008 From: eravin at panix.com (Ed Ravin) Date: Fri, 11 Jan 2008 17:29:16 -0500 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <58B7A531794E6A49B3BAD57E333225440296885D@engexc11.archstonesmith.com> References: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net> <58B7A531794E6A49B3BAD57E333225440296885D@engexc11.archstonesmith.com> Message-ID: <20080111222916.GA18828@panix.com> On Fri, Jan 11, 2008 at 02:33:32PM -0700, Pabon, Nestor wrote: > I'm not sure I conveyed my goal correctly. > > If I use clogin or log directly into the router I know I can query > issuing the following: > > "sh interface | i Half-duplex" > > But this will only return something like: > > "Half-duplex, 10Mb/s, 100BaseTX/FX" But if you followed John's instructions (repeated below, with slight edits for clarity), you would get something much better than that. Note the regexp which will match things like: FastEthernet0/0/0 is up, line protocol is up So you'll see the interface names, and then their duplex settings if they are Ethernet-based. -------- for rtr in ...list... do clogin -c 'show interfaces | inc (line protocol|duplex|speed)' $rtr >>output.file 2>&1 done From NPabon at archstonesmith.com Fri Jan 11 23:19:42 2008 From: NPabon at archstonesmith.com (Pabon, Nestor) Date: Fri, 11 Jan 2008 16:19:42 -0700 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <20080111222916.GA18828@panix.com> References: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net> <58B7A531794E6A49B3BAD57E333225440296885D@engexc11.archstonesmith.com> <20080111222916.GA18828@panix.com> Message-ID: <58B7A531794E6A49B3BAD57E33322544029688CC@engexc11.archstonesmith.com> So the list of routers is in: /opt/rancid/data/mpls-routers Does this mean that "for rtr in ...list..." Becomes "for rtr in /opt/rancid/data/mpls-routers/router.db" Regards, Nestor -----Original Message----- From: Ed Ravin [mailto:eravin at panix.com] Sent: Friday, January 11, 2008 3:29 PM To: Pabon, Nestor Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces On Fri, Jan 11, 2008 at 02:33:32PM -0700, Pabon, Nestor wrote: > I'm not sure I conveyed my goal correctly. > > If I use clogin or log directly into the router I know I can query > issuing the following: > > "sh interface | i Half-duplex" > > But this will only return something like: > > "Half-duplex, 10Mb/s, 100BaseTX/FX" But if you followed John's instructions (repeated below, with slight edits for clarity), you would get something much better than that. Note the regexp which will match things like: FastEthernet0/0/0 is up, line protocol is up So you'll see the interface names, and then their duplex settings if they are Ethernet-based. -------- for rtr in ...list... do clogin -c 'show interfaces | inc (line protocol|duplex|speed)' $rtr >>output.file 2>&1 done From mashcraft at omniture.com Fri Jan 11 23:28:21 2008 From: mashcraft at omniture.com (Mike Ashcraft) Date: Fri, 11 Jan 2008 16:28:21 -0700 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <58B7A531794E6A49B3BAD57E33322544029688CC@engexc11.archstonesmith.com> References: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net><58B7A531794E6A49B3BAD57E333225440296885D@engexc11.archstonesmith.com><20080111222916.GA18828@panix.com> <58B7A531794E6A49B3BAD57E33322544029688CC@engexc11.archstonesmith.com> Message-ID: <45EB285310B55542A513F93230F0A533039A3391@EXCHANGE0.orm.omniture.com> Close. You need to trim the data in router.db for rtr in $(cat router.db | cut -d: -f1); do clogin $rtr ... ; done Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Pabon, Nestor Sent: Friday, January 11, 2008 4:20 PM To: Ed Ravin Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: Searching for Half-duplex Interfaces So the list of routers is in: /opt/rancid/data/mpls-routers Does this mean that "for rtr in ...list..." Becomes "for rtr in /opt/rancid/data/mpls-routers/router.db" Regards, Nestor -----Original Message----- From: Ed Ravin [mailto:eravin at panix.com] Sent: Friday, January 11, 2008 3:29 PM To: Pabon, Nestor Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces On Fri, Jan 11, 2008 at 02:33:32PM -0700, Pabon, Nestor wrote: > I'm not sure I conveyed my goal correctly. > > If I use clogin or log directly into the router I know I can query > issuing the following: > > "sh interface | i Half-duplex" > > But this will only return something like: > > "Half-duplex, 10Mb/s, 100BaseTX/FX" But if you followed John's instructions (repeated below, with slight edits for clarity), you would get something much better than that. Note the regexp which will match things like: FastEthernet0/0/0 is up, line protocol is up So you'll see the interface names, and then their duplex settings if they are Ethernet-based. -------- for rtr in ...list... do clogin -c 'show interfaces | inc (line protocol|duplex|speed)' $rtr >>output.file 2>&1 done _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From cmoody at qualcomm.com Fri Jan 11 23:42:44 2008 From: cmoody at qualcomm.com (Chris Moody) Date: Fri, 11 Jan 2008 15:42:44 -0800 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <58B7A531794E6A49B3BAD57E33322544029688CC@engexc11.archstonesmith.com> References: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net> <58B7A531794E6A49B3BAD57E333225440296885D@engexc11.archstonesmith.com> <20080111222916.GA18828@panix.com> <58B7A531794E6A49B3BAD57E33322544029688CC@engexc11.archstonesmith.com> Message-ID: <4787FEF4.8050708@qualcomm.com> You can use the shell routine I gave you. ./rancid-config-apply.sh Put the commands you want to issue to the device into the location defined in the COMMANDSFILEPATH variable...and then just answer the prompts. ex> rancid at fittipaldi ~ $ cat command-scripts/interface-duplex show interfaces | inc (line protocol|duplex|speed) ##### rancid at fittipaldi ~ $ ./scripts/bash/rancid-config-apply.sh =====[ Rancid Config Apply Script ]===== Please enter the nodegroup: mpls-routers Please enter name of commands-file: interface-duplex ... ##### and the routine will take off from there...only logging into devices that are flagged as "up" in rancid. Cheers, -Chris Pabon, Nestor wrote: > So the list of routers is in: > > /opt/rancid/data/mpls-routers > > Does this mean that > > "for rtr in ...list..." > > Becomes > > "for rtr in /opt/rancid/data/mpls-routers/router.db" > > Regards, > Nestor > > > > -----Original Message----- > From: Ed Ravin [mailto:eravin at panix.com] > Sent: Friday, January 11, 2008 3:29 PM > To: Pabon, Nestor > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces > > On Fri, Jan 11, 2008 at 02:33:32PM -0700, Pabon, Nestor wrote: >> I'm not sure I conveyed my goal correctly. >> >> If I use clogin or log directly into the router I know I can query >> issuing the following: >> >> "sh interface | i Half-duplex" >> >> But this will only return something like: >> >> "Half-duplex, 10Mb/s, 100BaseTX/FX" > > But if you followed John's instructions (repeated below, with slight > edits > for clarity), you would get something much better than that. Note the > regexp which will match things like: > > FastEthernet0/0/0 is up, line protocol is up > > So you'll see the interface names, and then their duplex settings if > they are Ethernet-based. > > -------- > > for rtr in ...list... > do > clogin -c 'show interfaces | inc (line protocol|duplex|speed)' > $rtr >>output.file 2>&1 > done > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From NPabon at archstonesmith.com Fri Jan 11 23:51:39 2008 From: NPabon at archstonesmith.com (Pabon, Nestor) Date: Fri, 11 Jan 2008 16:51:39 -0700 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <4787FEF4.8050708@qualcomm.com> References: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net> <58B7A531794E6A49B3BAD57E333225440296885D@engexc11.archstonesmith.com> <20080111222916.GA18828@panix.com> <58B7A531794E6A49B3BAD57E33322544029688CC@engexc11.archstonesmith.com> <4787FEF4.8050708@qualcomm.com> Message-ID: <58B7A531794E6A49B3BAD57E33322544029688D9@engexc11.archstonesmith.com> Hi Chris; I'm trying to incorporate your script, and it is working. The part I'm lost in is how end up with a file containing the output. Regards, Nestor -----Original Message----- From: Chris Moody [mailto:cmoody at qualcomm.com] Sent: Friday, January 11, 2008 4:43 PM To: Pabon, Nestor Cc: Ed Ravin; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces You can use the shell routine I gave you. ./rancid-config-apply.sh Put the commands you want to issue to the device into the location defined in the COMMANDSFILEPATH variable...and then just answer the prompts. ex> rancid at fittipaldi ~ $ cat command-scripts/interface-duplex show interfaces | inc (line protocol|duplex|speed) ##### rancid at fittipaldi ~ $ ./scripts/bash/rancid-config-apply.sh =====[ Rancid Config Apply Script ]===== Please enter the nodegroup: mpls-routers Please enter name of commands-file: interface-duplex ... ##### and the routine will take off from there...only logging into devices that are flagged as "up" in rancid. Cheers, -Chris Pabon, Nestor wrote: > So the list of routers is in: > > /opt/rancid/data/mpls-routers > > Does this mean that > > "for rtr in ...list..." > > Becomes > > "for rtr in /opt/rancid/data/mpls-routers/router.db" > > Regards, > Nestor > > > > -----Original Message----- > From: Ed Ravin [mailto:eravin at panix.com] > Sent: Friday, January 11, 2008 3:29 PM > To: Pabon, Nestor > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces > > On Fri, Jan 11, 2008 at 02:33:32PM -0700, Pabon, Nestor wrote: >> I'm not sure I conveyed my goal correctly. >> >> If I use clogin or log directly into the router I know I can query >> issuing the following: >> >> "sh interface | i Half-duplex" >> >> But this will only return something like: >> >> "Half-duplex, 10Mb/s, 100BaseTX/FX" > > But if you followed John's instructions (repeated below, with slight > edits > for clarity), you would get something much better than that. Note the > regexp which will match things like: > > FastEthernet0/0/0 is up, line protocol is up > > So you'll see the interface names, and then their duplex settings if > they are Ethernet-based. > > -------- > > for rtr in ...list... > do > clogin -c 'show interfaces | inc (line protocol|duplex|speed)' > $rtr >>output.file 2>&1 > done > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From cmoody at qualcomm.com Fri Jan 11 23:57:23 2008 From: cmoody at qualcomm.com (Chris Moody) Date: Fri, 11 Jan 2008 15:57:23 -0800 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <58B7A531794E6A49B3BAD57E33322544029688D9@engexc11.archstonesmith.com> References: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net> <58B7A531794E6A49B3BAD57E333225440296885D@engexc11.archstonesmith.com> <20080111222916.GA18828@panix.com> <58B7A531794E6A49B3BAD57E33322544029688CC@engexc11.archstonesmith.com> <4787FEF4.8050708@qualcomm.com> <58B7A531794E6A49B3BAD57E33322544029688D9@engexc11.archstonesmith.com> Message-ID: <47880263.5090106@qualcomm.com> Bash shell scripting 101. [ http://tldp.org/LDP/abs/html/ ] Edit 3 lines of the code. Insert this after the "read COMMANDSFILE" line: --- echo "Please enter the name of the file you want to store this data in:" read OUTPUTFILE --- and then edit this line: --- $CLOGINPATH -f $CREDENTIALS -x $COMMANDSFILEPATH/$COMMANDSFILE $i --- to look like this: --- $CLOGINPATH -f $CREDENTIALS -x $COMMANDSFILEPATH/$COMMANDSFILE $i >> $OUTPUTFILE --- For anyone else wondering what I'm referring to, I wrote a shell wrapper routine for Nestor a few weeks back. It's only like a 30-second quick rough draft... [ http://www.siliconhotrod.com/files/rancid-config-apply.sh ] Cheers, -Chris Pabon, Nestor wrote: > Hi Chris; > > I'm trying to incorporate your script, and it is working. The part I'm > lost in is how end up with a file containing the output. > > Regards, > Nestor > > -----Original Message----- > From: Chris Moody [mailto:cmoody at qualcomm.com] > Sent: Friday, January 11, 2008 4:43 PM > To: Pabon, Nestor > Cc: Ed Ravin; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces > > You can use the shell routine I gave you. > > ./rancid-config-apply.sh > > Put the commands you want to issue to the device into the location > defined in the COMMANDSFILEPATH variable...and then just answer the > prompts. > > ex> > rancid at fittipaldi ~ $ cat command-scripts/interface-duplex > show interfaces | inc (line protocol|duplex|speed) > > ##### > rancid at fittipaldi ~ $ ./scripts/bash/rancid-config-apply.sh > =====[ Rancid Config Apply Script ]===== > > Please enter the nodegroup: > mpls-routers > Please enter name of commands-file: > interface-duplex > ... > ##### > > and the routine will take off from there...only logging into devices > that are flagged as "up" in rancid. > > Cheers, > -Chris > > > Pabon, Nestor wrote: >> So the list of routers is in: >> >> /opt/rancid/data/mpls-routers >> >> Does this mean that >> >> "for rtr in ...list..." >> >> Becomes >> >> "for rtr in /opt/rancid/data/mpls-routers/router.db" >> >> Regards, >> Nestor >> >> >> >> -----Original Message----- >> From: Ed Ravin [mailto:eravin at panix.com] >> Sent: Friday, January 11, 2008 3:29 PM >> To: Pabon, Nestor >> Cc: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces >> >> On Fri, Jan 11, 2008 at 02:33:32PM -0700, Pabon, Nestor wrote: >>> I'm not sure I conveyed my goal correctly. >>> >>> If I use clogin or log directly into the router I know I can query >>> issuing the following: >>> >>> "sh interface | i Half-duplex" >>> >>> But this will only return something like: >>> >>> "Half-duplex, 10Mb/s, 100BaseTX/FX" >> But if you followed John's instructions (repeated below, with slight >> edits >> for clarity), you would get something much better than that. Note the >> regexp which will match things like: >> >> FastEthernet0/0/0 is up, line protocol is up >> >> So you'll see the interface names, and then their duplex settings if >> they are Ethernet-based. >> >> -------- >> >> for rtr in ...list... >> do >> clogin -c 'show interfaces | inc (line protocol|duplex|speed)' >> $rtr >>output.file 2>&1 >> done >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> > > From NPabon at archstonesmith.com Sat Jan 12 00:37:52 2008 From: NPabon at archstonesmith.com (Pabon, Nestor) Date: Fri, 11 Jan 2008 17:37:52 -0700 Subject: [rancid] Re: Searching for Half-duplex Interfaces In-Reply-To: <47880263.5090106@qualcomm.com> References: <20080111135624.8e114e4890519e5179c192e02d6bca26.f4076e1b84.wbe@email.secureserver.net> <58B7A531794E6A49B3BAD57E333225440296885D@engexc11.archstonesmith.com> <20080111222916.GA18828@panix.com> <58B7A531794E6A49B3BAD57E33322544029688CC@engexc11.archstonesmith.com> <4787FEF4.8050708@qualcomm.com> <58B7A531794E6A49B3BAD57E33322544029688D9@engexc11.archstonesmith.com> <47880263.5090106@qualcomm.com> Message-ID: <58B7A531794E6A49B3BAD57E33322544029688FB@engexc11.archstonesmith.com> Worked like a charm. Thank you. Regards, Nestor -----Original Message----- From: Chris Moody [mailto:cmoody at qualcomm.com] Sent: Friday, January 11, 2008 4:57 PM To: Pabon, Nestor Cc: Ed Ravin; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces Bash shell scripting 101. [ http://tldp.org/LDP/abs/html/ ] Edit 3 lines of the code. Insert this after the "read COMMANDSFILE" line: --- echo "Please enter the name of the file you want to store this data in:" read OUTPUTFILE --- and then edit this line: --- $CLOGINPATH -f $CREDENTIALS -x $COMMANDSFILEPATH/$COMMANDSFILE $i --- to look like this: --- $CLOGINPATH -f $CREDENTIALS -x $COMMANDSFILEPATH/$COMMANDSFILE $i >> $OUTPUTFILE --- For anyone else wondering what I'm referring to, I wrote a shell wrapper routine for Nestor a few weeks back. It's only like a 30-second quick rough draft... [ http://www.siliconhotrod.com/files/rancid-config-apply.sh ] Cheers, -Chris Pabon, Nestor wrote: > Hi Chris; > > I'm trying to incorporate your script, and it is working. The part I'm > lost in is how end up with a file containing the output. > > Regards, > Nestor > > -----Original Message----- > From: Chris Moody [mailto:cmoody at qualcomm.com] > Sent: Friday, January 11, 2008 4:43 PM > To: Pabon, Nestor > Cc: Ed Ravin; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces > > You can use the shell routine I gave you. > > ./rancid-config-apply.sh > > Put the commands you want to issue to the device into the location > defined in the COMMANDSFILEPATH variable...and then just answer the > prompts. > > ex> > rancid at fittipaldi ~ $ cat command-scripts/interface-duplex > show interfaces | inc (line protocol|duplex|speed) > > ##### > rancid at fittipaldi ~ $ ./scripts/bash/rancid-config-apply.sh > =====[ Rancid Config Apply Script ]===== > > Please enter the nodegroup: > mpls-routers > Please enter name of commands-file: > interface-duplex > ... > ##### > > and the routine will take off from there...only logging into devices > that are flagged as "up" in rancid. > > Cheers, > -Chris > > > Pabon, Nestor wrote: >> So the list of routers is in: >> >> /opt/rancid/data/mpls-routers >> >> Does this mean that >> >> "for rtr in ...list..." >> >> Becomes >> >> "for rtr in /opt/rancid/data/mpls-routers/router.db" >> >> Regards, >> Nestor >> >> >> >> -----Original Message----- >> From: Ed Ravin [mailto:eravin at panix.com] >> Sent: Friday, January 11, 2008 3:29 PM >> To: Pabon, Nestor >> Cc: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Re: Searching for Half-duplex Interfaces >> >> On Fri, Jan 11, 2008 at 02:33:32PM -0700, Pabon, Nestor wrote: >>> I'm not sure I conveyed my goal correctly. >>> >>> If I use clogin or log directly into the router I know I can query >>> issuing the following: >>> >>> "sh interface | i Half-duplex" >>> >>> But this will only return something like: >>> >>> "Half-duplex, 10Mb/s, 100BaseTX/FX" >> But if you followed John's instructions (repeated below, with slight >> edits >> for clarity), you would get something much better than that. Note the >> regexp which will match things like: >> >> FastEthernet0/0/0 is up, line protocol is up >> >> So you'll see the interface names, and then their duplex settings if >> they are Ethernet-based. >> >> -------- >> >> for rtr in ...list... >> do >> clogin -c 'show interfaces | inc (line protocol|duplex|speed)' >> $rtr >>output.file 2>&1 >> done >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> > > From heas at shrubbery.net Sat Jan 12 18:08:43 2008 From: heas at shrubbery.net (john heasley) Date: Sat, 12 Jan 2008 18:08:43 +0000 Subject: [rancid] Re: HP Procurve (hlogin): interaction in configure mode: possible? In-Reply-To: <20080107182549.GB9627@sioling.obspm.fr> References: <20080107182549.GB9627@sioling.obspm.fr> Message-ID: <20080112180843.GH19074@shrubbery.net> Mon, Jan 07, 2008 at 07:25:49PM +0100, Emmanuel Halbwachs: > Hi Everybody, > > I'm a newbie on this list. > > I'm happily using rancid (2.3.1, the one in Debian stable etch) for > several monthes, but till now only for pushing/retrieving some info > with {c,h}login. I plan to use version control for config later. > > My point: > > I am trying to change some config parameters in ~50 HP Procurve with > some commands like this: > > $ hlogin -v foo -e bar -c "conf t; foobar; wr mem" $switch two things; 1) your string of commands would leave cli in configuration mode, and hlogin would run "exit;exit" then leaving it at the un-enabled cli. you need -c "conf t; foo; exit" 2) it appears that hlogin has difficulty with the prompt changing. A change was applied to clogin to make this work, but apparently not applied to hlogin. you should be able to work-around it using the -x method. > The output then hangs after the "conf t" command: > > switch> enable > Password: > switch# > switch# no page > switch# conf t > > -> hang :-( > > > When using hlogin without entering in configure mode, everything works > just fine. > > I tried to massage the -c command with "\n" without any results. > > I understand that dealing with the HP CLI seems to be a PIA (thus > hpuifilter), but is there a way to enter some commands in configure > mode? > > TIA for any hint, > > -- > Emmanuel Halbwachs > Resp. R?seau/S?curit? Observatoire de Paris-Meudon > tel : (+33)1 45 07 75 54 5 Place Jules Janssen > fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Mon Jan 14 17:13:59 2008 From: rancid at gheek.net (Lance) Date: Mon, 14 Jan 2008 10:13:59 -0700 Subject: [rancid] Re: F5 login & F5 rancid files Message-ID: <20080114101358.8e114e4890519e5179c192e02d6bca26.14e72002f5.wbe@email.secureserver.net> Hey All, I repackaged the rancid distro with the F5 scripts in case anyone wants them already installed as part of the package. I have attached them here and also put them up on my site. http://www.gheek.net/scripts/misc/rancid-2.3.2a7.1.tar.gz John, I edited all the make files/etc so this should be a complete add. Please make sure it makes it to the next alpha/major release. -Lance > -------- Original Message -------- > Subject: RE: [rancid] F5 login & F5 rancid files > From: Lance > Date: Thu, January 10, 2008 10:12 am > To: Paris Stone > Cc: rancid-discuss at shrubbery.net > Paris, > I would point you to one link if I could find it asap. But the fastest > way for me was to post what Mike Ashcraft did for the F5. The version I > just posted has a few additions I just added. > http://www.gheek.net/scripts/perl/f5rancid_pl.txt > http://www.gheek.net/scripts/expect/f5login_exp.txt > Here is the post I just sent about Mikes last version and what needs to > be added (which is in the version I just posted on my site) to make it > work. > http://www.shrubbery.net/pipermail/rancid-discuss/2008-January/002662.html > Bah, I did the search and here is mikes post as well. > http://www.shrubbery.net/pipermail/rancid-discuss/2007-November/002601.html > -lance > > -------- Original Message -------- > > Subject: [rancid] F5 login & F5 rancid files > > From: "Paris Stone" > > Date: Fri, January 04, 2008 6:34 am > > To: rancid-discuss at shrubbery.net > > I have been looking for login&rancid files that would support getting F5, > > BigIPs configs. I have seen some postings, and diffs, discussion like that, > > but haven't actually seen the files. > > Could someone reply with a link for downloading them, please?
_______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid-2.3.2a7.1.tar.gz Type: application/x-gzip Size: 316248 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080114/effd4658/attachment.bin From jean.benoit at crc.u-strasbg.fr Mon Jan 14 18:09:56 2008 From: jean.benoit at crc.u-strasbg.fr (Jean BENOIT) Date: Mon, 14 Jan 2008 19:09:56 +0100 Subject: [rancid] jlogin timeout Message-ID: <20080114180955.GC7144@crc.u-strasbg.fr> Hello, jlogin stopped working after I upgraded expect. I am using expect-devel from the FreeBSD ports, which is based on expect 5.44.1 (reasons for upgrading expect : http://www.shrubbery.net/pipermail/rancid-discuss/2008-January/002672.html ) While doing a ssh password authentication on a Juniper router, expect finds no matching expression. Previous version of expect was tolerant with this line : "\[Pp]assword:" { sleep 1; send "$passwd\r" exp_continue } The "-re" flag should be provided for this line to work. -- Jean -------------- next part -------------- A non-text attachment was scrubbed... Name: jlogin.diff Type: text/x-diff Size: 452 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080114/77a2e972/attachment.bin From smunzani at comcast.net Mon Jan 14 18:54:12 2008 From: smunzani at comcast.net (Sam Munzani) Date: Mon, 14 Jan 2008 12:54:12 -0600 Subject: [rancid] Leveraging rancid framework for unix Message-ID: <478BAFD4.5020508@comcast.net> Hi, Did anybody ever explored leveraging rancid frame work for unix login and mass changes? I have a need to make edit some files on 200+ servers. I was thinking to take F5 rancid files, hack it a bit(to do sudo instead of cisco enable) and share with a team. However if somebody already worked on this aspect, why reinvent the wheel? I can carry forward and tune(if any required) and share with the team. Thanks, Sam Munzani From smitha at byui.edu Mon Jan 14 18:56:51 2008 From: smitha at byui.edu (Aaron Smith) Date: Mon, 14 Jan 2008 11:56:51 -0700 Subject: [rancid] Re: Leveraging rancid framework for unix In-Reply-To: <478BAFD4.5020508@comcast.net> References: <478BAFD4.5020508@comcast.net> Message-ID: <1200337011.7531.69.camel@preto> On Mon, 2008-01-14 at 12:54 -0600, Sam Munzani wrote: > Hi, > > Did anybody ever explored leveraging rancid frame work for unix login > and mass changes? I have a need to make edit some files on 200+ servers. > I was thinking to take F5 rancid files, hack it a bit(to do sudo instead > of cisco enable) and share with a team. However if somebody already > worked on this aspect, why reinvent the wheel? I can carry forward and > tune(if any required) and share with the team. How about "for a in $LIST; do ssh $a $CMD; done"? I think trying to use rancid might be reinventing the wheel for something SSH might already be capable of doing. -- @@ron Smith IT Infrastructure BYU Idaho From smunzani at comcast.net Mon Jan 14 19:09:43 2008 From: smunzani at comcast.net (Sam Munzani) Date: Mon, 14 Jan 2008 13:09:43 -0600 Subject: [rancid] Re: Leveraging rancid framework for unix In-Reply-To: <1200337011.7531.69.camel@preto> References: <478BAFD4.5020508@comcast.net> <1200337011.7531.69.camel@preto> Message-ID: <478BB377.2080503@comcast.net> Aaron, The goal is not to just run one line command but feed a command-list file like we typically do on rancid. An example below of my command list. sed -e 's/x.x.x.x/y.y.y.y/g' srcfile1 > tmpfile mv tmpfile srcfile1 sed -e 's/snmp-community/xyz/g' srcfile2 > tmpfile mv tmpfile srcfile2 There are many commands like that. In short, I need to mass change snmp agent configuration file on all servers with new trap destination, new snmp string etc. This is just an example but the changes I need takes roughly 18 commands. If this could be achieved by the ssh syntax you suggested, I am all up for that. Thanks, sam > On Mon, 2008-01-14 at 12:54 -0600, Sam Munzani wrote: > >> Hi, >> >> Did anybody ever explored leveraging rancid frame work for unix login >> and mass changes? I have a need to make edit some files on 200+ servers. >> I was thinking to take F5 rancid files, hack it a bit(to do sudo instead >> of cisco enable) and share with a team. However if somebody already >> worked on this aspect, why reinvent the wheel? I can carry forward and >> tune(if any required) and share with the team. >> > > How about "for a in $LIST; do ssh $a $CMD; done"? I think trying to use > rancid might be reinventing the wheel for something SSH might already be > capable of doing. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080114/49308f52/attachment.html From cmoody at qualcomm.com Mon Jan 14 19:36:04 2008 From: cmoody at qualcomm.com (Chris Moody) Date: Mon, 14 Jan 2008 11:36:04 -0800 Subject: [rancid] Re: Leveraging rancid framework for unix In-Reply-To: <478BB377.2080503@comcast.net> References: <478BAFD4.5020508@comcast.net> <1200337011.7531.69.camel@preto> <478BB377.2080503@comcast.net> Message-ID: <478BB9A4.6090909@qualcomm.com> Just a thought, but why not have the systems scp/wget down their new config(s) from a central location. That way you would only need to do something like this: --- for i in `cat serverlist`; do for x in `cat files-to-copy`; do ssh user@$i "wget http://fileserver/$x ." ; done Cheers, -Chris Sam Munzani wrote: > Aaron, > > The goal is not to just run one line command but feed a command-list > file like we typically do on rancid. An example below of my command list. > > sed -e 's/x.x.x.x/y.y.y.y/g' srcfile1 > tmpfile > mv tmpfile srcfile1 > sed -e 's/snmp-community/xyz/g' srcfile2 > tmpfile > mv tmpfile srcfile2 > > There are many commands like that. In short, I need to mass change snmp > agent configuration file on all servers with new trap destination, new > snmp string etc. This is just an example but the changes I need takes > roughly 18 commands. If this could be achieved by the ssh syntax you > suggested, I am all up for that. > > Thanks, > sam >> On Mon, 2008-01-14 at 12:54 -0600, Sam Munzani wrote: >> >>> Hi, >>> >>> Did anybody ever explored leveraging rancid frame work for unix login >>> and mass changes? I have a need to make edit some files on 200+ servers. >>> I was thinking to take F5 rancid files, hack it a bit(to do sudo instead >>> of cisco enable) and share with a team. However if somebody already >>> worked on this aspect, why reinvent the wheel? I can carry forward and >>> tune(if any required) and share with the team. >>> >> >> How about "for a in $LIST; do ssh $a $CMD; done"? I think trying to use >> rancid might be reinventing the wheel for something SSH might already be >> capable of doing. >> >> > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jsidwell at perisys.net Mon Jan 14 19:49:52 2008 From: jsidwell at perisys.net (Joshua Sidwell) Date: Mon, 14 Jan 2008 12:49:52 -0700 Subject: [rancid] Trouble with rancid-run when working from command line Message-ID: <518c26420801141149t66c633y30ac82e20075370f@mail.gmail.com> any help with following output would be greatly appreciated. This is brand new (reinstall) on an fc8 box. [rancid at rancid logs]$ tail -f `ls -tr | tail -1` starting: Mon Jan 14 12:27:01 MST 2008 Trying to get all of the configs. can not find channel named "exp5" while executing "close" ("foreach" body line 117) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/home/rancid/bin/clogin" line 616) 10.0.0.1 clogin error: Error: EOF received 10.0.0.1: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr .... [truncated output] /all nvram:,show version,show redundancy secondary,show running-config,show c7200,dir /all slot1: 10.0.0.1: End of run not found ! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080114/50366b12/attachment.html From rancid at gheek.net Mon Jan 14 20:20:13 2008 From: rancid at gheek.net (Lance) Date: Mon, 14 Jan 2008 13:20:13 -0700 Subject: [rancid] Re: Leveraging rancid framework for unix Message-ID: <20080114132013.8e114e4890519e5179c192e02d6bca26.f5f35069d9.wbe@email.secureserver.net> Sam, You could always use Ed Ravins wrapper script to most things. I have only used it to scrap configs not change configs. At works sam you migt want to check out NDCC. They claim to work with unix/linux...not sure if it is just config collection or what. -lance > -------- Original Message -------- > Subject: [rancid] Re: Leveraging rancid framework for unix > From: Chris Moody > Date: Mon, January 14, 2008 12:36 pm > To: smunzani at comcast.net > Cc: rancid-discuss at shrubbery.net > Just a thought, but why not have the systems scp/wget down their new > config(s) from a central location. > That way you would only need to do something like this: > --- > for i in `cat serverlist`; do for x in `cat files-to-copy`; do ssh > user@$i "wget http://fileserver/$x ." ; done > Cheers, > -Chris > Sam Munzani wrote: > > Aaron, > > > > The goal is not to just run one line command but feed a command-list > > file like we typically do on rancid. An example below of my command list. > > > > sed -e 's/x.x.x.x/y.y.y.y/g' srcfile1 > tmpfile > > mv tmpfile srcfile1 > > sed -e 's/snmp-community/xyz/g' srcfile2 > tmpfile > > mv tmpfile srcfile2 > > > > There are many commands like that. In short, I need to mass change snmp > > agent configuration file on all servers with new trap destination, new > > snmp string etc. This is just an example but the changes I need takes > > roughly 18 commands. If this could be achieved by the ssh syntax you > > suggested, I am all up for that. > > > > Thanks, > > sam > >> On Mon, 2008-01-14 at 12:54 -0600, Sam Munzani wrote: > >> > >>> Hi, > >>> > >>> Did anybody ever explored leveraging rancid frame work for unix login > >>> and mass changes? I have a need to make edit some files on 200+ servers. > >>> I was thinking to take F5 rancid files, hack it a bit(to do sudo instead > >>> of cisco enable) and share with a team. However if somebody already > >>> worked on this aspect, why reinvent the wheel? I can carry forward and > >>> tune(if any required) and share with the team. > >>> > >> > >> How about "for a in $LIST; do ssh $a $CMD; done"? I think trying to use > >> rancid might be reinventing the wheel for something SSH might already be > >> capable of doing. > >> > >> > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From smunzani at comcast.net Mon Jan 14 20:45:50 2008 From: smunzani at comcast.net (Sam Munzani) Date: Mon, 14 Jan 2008 14:45:50 -0600 Subject: [rancid] Re: Leveraging rancid framework for unix In-Reply-To: <478BB9A4.6090909@qualcomm.com> References: <478BAFD4.5020508@comcast.net> <1200337011.7531.69.camel@preto> <478BB377.2080503@comcast.net> <478BB9A4.6090909@qualcomm.com> Message-ID: <478BC9FE.4050806@comcast.net> It doesn't work either. Each system agent file has some server specific information so pushing a file doesn't work. Only the choice is either manually edit the files or do automation on changes with sed. Thanks, Sam > Just a thought, but why not have the systems scp/wget down their new > config(s) from a central location. > > That way you would only need to do something like this: > --- > for i in `cat serverlist`; do for x in `cat files-to-copy`; do ssh > user@$i "wget http://fileserver/$x ." ; done > > Cheers, > -Chris > > Sam Munzani wrote: >> Aaron, >> >> The goal is not to just run one line command but feed a command-list >> file like we typically do on rancid. An example below of my command >> list. >> >> sed -e 's/x.x.x.x/y.y.y.y/g' srcfile1 > tmpfile >> mv tmpfile srcfile1 >> sed -e 's/snmp-community/xyz/g' srcfile2 > tmpfile >> mv tmpfile srcfile2 >> >> There are many commands like that. In short, I need to mass change >> snmp agent configuration file on all servers with new trap >> destination, new snmp string etc. This is just an example but the >> changes I need takes roughly 18 commands. If this could be achieved >> by the ssh syntax you suggested, I am all up for that. >> >> Thanks, >> sam >>> On Mon, 2008-01-14 at 12:54 -0600, Sam Munzani wrote: >>> >>>> Hi, >>>> >>>> Did anybody ever explored leveraging rancid frame work for unix >>>> login and mass changes? I have a need to make edit some files on >>>> 200+ servers. I was thinking to take F5 rancid files, hack it a >>>> bit(to do sudo instead of cisco enable) and share with a team. >>>> However if somebody already worked on this aspect, why reinvent the >>>> wheel? I can carry forward and tune(if any required) and share with >>>> the team. >>>> >>> >>> How about "for a in $LIST; do ssh $a $CMD; done"? I think trying to >>> use >>> rancid might be reinventing the wheel for something SSH might >>> already be >>> capable of doing. >>> >>> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From smitha at byui.edu Mon Jan 14 21:34:08 2008 From: smitha at byui.edu (Aaron Smith) Date: Mon, 14 Jan 2008 14:34:08 -0700 Subject: [rancid] Re: Leveraging rancid framework for unix In-Reply-To: <478BB377.2080503@comcast.net> References: <478BAFD4.5020508@comcast.net> <1200337011.7531.69.camel@preto> <478BB377.2080503@comcast.net> Message-ID: <1200346448.7531.75.camel@preto> On Mon, 2008-01-14 at 13:09 -0600, Sam Munzani wrote: > Aaron, > > The goal is not to just run one line command but feed a command-list > file like we typically do on rancid. An example below of my command > list. > > sed -e 's/x.x.x.x/y.y.y.y/g' srcfile1 > tmpfile > mv tmpfile srcfile1 > sed -e 's/snmp-community/xyz/g' srcfile2 > tmpfile > mv tmpfile srcfile2 > > There are many commands like that. In short, I need to mass change > snmp agent configuration file on all servers with new trap > destination, new snmp string etc. This is just an example but the > changes I need takes roughly 18 commands. If this could be achieved by > the ssh syntax you suggested, I am all up for that. > Perhaps something like this: for a in $LIST; do scp $SCRIPTFILE $a: ; ssh $a ./$SCRIPTFILE; done ...where $SCRIPTFILE contains all the commands you need to execute. -- @@ron Smith IT Infrastructure BYU Idaho From rancid at gheek.net Mon Jan 14 22:41:31 2008 From: rancid at gheek.net (Lance) Date: Mon, 14 Jan 2008 15:41:31 -0700 Subject: [rancid] Re: F5 login & F5 rancid files Message-ID: <20080114154131.8e114e4890519e5179c192e02d6bca26.cdefa025b9.wbe@email.secureserver.net> All, I did miss one thing in the package I sent out. It is corrected in the one on the website. You just need to modify bin/f5rancid.in change the very first line to: #! @PERLV_PATH@ from #! @EXPECT_PATH@ -- BTW, I am also attempting to add the wrancid stuff to that distro as well so it will be current with some nice extensions. -Lance > -------- Original Message -------- > Subject: RE: [rancid] F5 login & F5 rancid files > From: Lance > Date: Mon, January 14, 2008 10:13 am > To: Lance > Cc: rancid-discuss at shrubbery.net, Paris Stone > Hey All, > I repackaged the rancid distro with the F5 scripts in case anyone wants > them already installed as part of the package. > I have attached them here and also put them up on my site. > http://www.gheek.net/scripts/misc/rancid-2.3.2a7.1.tar.gz > John, > I edited all the make files/etc so this should be a complete add. Please > make sure it makes it to the next alpha/major release. > -Lance > > -------- Original Message -------- > > Subject: RE: [rancid] F5 login & F5 rancid files > > From: Lance > > Date: Thu, January 10, 2008 10:12 am > > To: Paris Stone > > Cc: rancid-discuss at shrubbery.net > > Paris, > > I would point you to one link if I could find it asap. But the fastest > > way for me was to post what Mike Ashcraft did for the F5. The version I > > just posted has a few additions I just added. > > http://www.gheek.net/scripts/perl/f5rancid_pl.txt > > http://www.gheek.net/scripts/expect/f5login_exp.txt > > Here is the post I just sent about Mikes last version and what needs to > > be added (which is in the version I just posted on my site) to make it > > work. > > http://www.shrubbery.net/pipermail/rancid-discuss/2008-January/002662.html > > Bah, I did the search and here is mikes post as well. > > http://www.shrubbery.net/pipermail/rancid-discuss/2007-November/002601.html > > -lance > > > -------- Original Message -------- > > > Subject: [rancid] F5 login & F5 rancid files > > > From: "Paris Stone" > > > Date: Fri, January 04, 2008 6:34 am > > > To: rancid-discuss at shrubbery.net > > > I have been looking for login&rancid files that would support getting F5, > > > BigIPs configs. I have seen some postings, and diffs, discussion like that, > > > but haven't actually seen the files. > > > Could someone reply with a link for downloading them, please?
_______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Mon Jan 14 23:00:03 2008 From: rancid at gheek.net (Lance) Date: Mon, 14 Jan 2008 16:00:03 -0700 Subject: [rancid] Re: Leveraging rancid framework for unix Message-ID: <20080114160003.8e114e4890519e5179c192e02d6bca26.5572a599b6.wbe@email.secureserver.net> YIKES!!! Many appologies to Michael Stefaniuc @ Redhat. The script was written by Michael and not Ed. http://www.shrubbery.net/pipermail/rancid-discuss/2005-November/001276.html -Lance > -------- Original Message -------- > Subject: [rancid] Re: Leveraging rancid framework for unix > From: Lance > Date: Mon, January 14, 2008 1:20 pm > To: Chris Moody > Cc: rancid-discuss at shrubbery.net > Sam, > You could always use Ed Ravins wrapper script to most things. > I have only used it to scrap configs not change configs. > At works sam you migt want to check out NDCC. They claim to work with > unix/linux...not sure if it is just config collection or what. > -lance > > -------- Original Message -------- > > Subject: [rancid] Re: Leveraging rancid framework for unix > > From: Chris Moody > > Date: Mon, January 14, 2008 12:36 pm > > To: smunzani at comcast.net > > Cc: rancid-discuss at shrubbery.net > > Just a thought, but why not have the systems scp/wget down their new > > config(s) from a central location. > > That way you would only need to do something like this: > > --- > > for i in `cat serverlist`; do for x in `cat files-to-copy`; do ssh > > user@$i "wget http://fileserver/$x ." ; done > > Cheers, > > -Chris > > Sam Munzani wrote: > > > Aaron, > > > > > > The goal is not to just run one line command but feed a command-list > > > file like we typically do on rancid. An example below of my command list. > > > > > > sed -e 's/x.x.x.x/y.y.y.y/g' srcfile1 > tmpfile > > > mv tmpfile srcfile1 > > > sed -e 's/snmp-community/xyz/g' srcfile2 > tmpfile > > > mv tmpfile srcfile2 > > > > > > There are many commands like that. In short, I need to mass change snmp > > > agent configuration file on all servers with new trap destination, new > > > snmp string etc. This is just an example but the changes I need takes > > > roughly 18 commands. If this could be achieved by the ssh syntax you > > > suggested, I am all up for that. > > > > > > Thanks, > > > sam > > >> On Mon, 2008-01-14 at 12:54 -0600, Sam Munzani wrote: > > >> > > >>> Hi, > > >>> > > >>> Did anybody ever explored leveraging rancid frame work for unix login > > >>> and mass changes? I have a need to make edit some files on 200+ servers. > > >>> I was thinking to take F5 rancid files, hack it a bit(to do sudo instead > > >>> of cisco enable) and share with a team. However if somebody already > > >>> worked on this aspect, why reinvent the wheel? I can carry forward and > > >>> tune(if any required) and share with the team. > > >>> > > >> > > >> How about "for a in $LIST; do ssh $a $CMD; done"? I think trying to use > > >> rancid might be reinventing the wheel for something SSH might already be > > >> capable of doing. > > >> > > >> > > > > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From joaje at dongenergy.dk Tue Jan 15 08:06:46 2008 From: joaje at dongenergy.dk (Joachim Jerberg Jensen) Date: Tue, 15 Jan 2008 09:06:46 +0100 Subject: [rancid] Re: Leveraging rancid framework for unix In-Reply-To: <478BC9FE.4050806@comcast.net> References: <478BAFD4.5020508@comcast.net> <1200337011.7531.69.camel@preto> <478BB377.2080503@comcast.net> <478BB9A4.6090909@qualcomm.com> <478BC9FE.4050806@comcast.net> Message-ID: <8DBE4A01414BDD409232EF0C48A87E1B01DE0466@CLU01EX.de-prod.dk> >On Monday, January 14, 2008 9:46 PM Sam Munzani wrote: > > It doesn't work either. Each system agent file has some server specific > information so pushing a file doesn't work. Only the choice is either > manually edit the files or do automation on changes with sed. Have you checked out CFengine? http://www.cfengine.org/ It should be able to do stuff like that. Br Joachim Jerberg Jensen From Emmanuel.Halbwachs at obspm.fr Tue Jan 15 13:28:20 2008 From: Emmanuel.Halbwachs at obspm.fr (Emmanuel Halbwachs) Date: Tue, 15 Jan 2008 14:28:20 +0100 Subject: [rancid] Re: HP Procurve (hlogin): interaction in configure mode: possible? In-Reply-To: <20080112180843.GH19074@shrubbery.net> References: <20080107182549.GB9627@sioling.obspm.fr> <20080112180843.GH19074@shrubbery.net> Message-ID: <20080115132820.GT29935@sioling.obspm.fr> Hello, First, thank you very much for your answer. john heasley a ?crit (Sat, Jan 12, 2008 at 06:08:43PM +0000) : > you need > -c "conf t; foo; exit" Yes, you're right, it was missing in my example. > 2) it appears that hlogin has difficulty with the prompt changing. A change > was applied to clogin to make this work, but apparently not applied > to hlogin. you should be able to work-around it using the -x > method. Well, I tried this as well (I forgot to tell it) and it hangs the same way: root at sionet:~# cat ~eh/rancid/rancid-cmd conf t sh sys exit root at sionet:~# /usr/lib/rancid/bin/hlogin -v foo -e bar -x ~eh/rancid/rancid-cmd switch switch spawn hpuifilter -- telnet switch Trying 145.238.x.y... Connected to switch.obspm.fr. Escape character is '^]'. HP J4899B ProCurve Switch 2650 Firmware revision H.08.60 Copyright (C) 1991-2005 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Password: switch> enable Password: switch# switch# no page switch# conf t -> hang Error: TIMEOUT reached I will try rancid 2.3.2a7 to see if it give some improvement on the subject. Nevertheless, I am still open to any hint with HP and configure mode ;-) -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX From lance at gheek.net Mon Jan 14 22:26:46 2008 From: lance at gheek.net (Lance Vermilion) Date: Mon, 14 Jan 2008 15:26:46 -0700 Subject: [rancid] Re: Leveraging rancid framework for unix Message-ID: <20080114152646.8e114e4890519e5179c192e02d6bca26.9993a15897.wbe@email.secureserver.net> YIKES!!! Many appologies to Michael Stefaniuc @ Redhat. The script was written by Michael and not Ed. http://www.shrubbery.net/pipermail/rancid-discuss/2005-November/001276.html -Lance > -------- Original Message -------- > Subject: [rancid] Re: Leveraging rancid framework for unix > From: Lance > Date: Mon, January 14, 2008 1:20 pm > To: Chris Moody > Cc: rancid-discuss at shrubbery.net > Sam, > You could always use Ed Ravins wrapper script to most things. > I have only used it to scrap configs not change configs. > At works sam you migt want to check out NDCC. They claim to work with > unix/linux...not sure if it is just config collection or what. > -lance > > -------- Original Message -------- > > Subject: [rancid] Re: Leveraging rancid framework for unix > > From: Chris Moody > > Date: Mon, January 14, 2008 12:36 pm > > To: smunzani at comcast.net > > Cc: rancid-discuss at shrubbery.net > > Just a thought, but why not have the systems scp/wget down their new > > config(s) from a central location. > > That way you would only need to do something like this: > > --- > > for i in `cat serverlist`; do for x in `cat files-to-copy`; do ssh > > user@$i "wget http://fileserver/$x ." ; done > > Cheers, > > -Chris > > Sam Munzani wrote: > > > Aaron, > > > > > > The goal is not to just run one line command but feed a command-list > > > file like we typically do on rancid. An example below of my command list. > > > > > > sed -e 's/x.x.x.x/y.y.y.y/g' srcfile1 > tmpfile > > > mv tmpfile srcfile1 > > > sed -e 's/snmp-community/xyz/g' srcfile2 > tmpfile > > > mv tmpfile srcfile2 > > > > > > There are many commands like that. In short, I need to mass change snmp > > > agent configuration file on all servers with new trap destination, new > > > snmp string etc. This is just an example but the changes I need takes > > > roughly 18 commands. If this could be achieved by the ssh syntax you > > > suggested, I am all up for that. > > > > > > Thanks, > > > sam > > >> On Mon, 2008-01-14 at 12:54 -0600, Sam Munzani wrote: > > >> > > >>> Hi, > > >>> > > >>> Did anybody ever explored leveraging rancid frame work for unix login > > >>> and mass changes? I have a need to make edit some files on 200+ servers. > > >>> I was thinking to take F5 rancid files, hack it a bit(to do sudo instead > > >>> of cisco enable) and share with a team. However if somebody already > > >>> worked on this aspect, why reinvent the wheel? I can carry forward and > > >>> tune(if any required) and share with the team. > > >>> > > >> > > >> How about "for a in $LIST; do ssh $a $CMD; done"? I think trying to use > > >> rancid might be reinventing the wheel for something SSH might already be > > >> capable of doing. > > >> > > >> > > > > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Jan 15 21:44:20 2008 From: heas at shrubbery.net (john heasley) Date: Tue, 15 Jan 2008 21:44:20 +0000 Subject: [rancid] Re: jlogin timeout In-Reply-To: <20080114180955.GC7144@crc.u-strasbg.fr> References: <20080114180955.GC7144@crc.u-strasbg.fr> Message-ID: <20080115214420.GL19455@shrubbery.net> Mon, Jan 14, 2008 at 07:09:56PM +0100, Jean BENOIT: > Hello, > > jlogin stopped working after I upgraded expect. > I am using expect-devel from the FreeBSD ports, > which is based on expect 5.44.1 > (reasons for upgrading expect : > http://www.shrubbery.net/pipermail/rancid-discuss/2008-January/002672.html > ) > > While doing a ssh password authentication on a > Juniper router, expect finds no matching expression. > Previous version of expect was tolerant with this line : > > "\[Pp]assword:" { > sleep 1; send "$passwd\r" > exp_continue > } > > The "-re" flag should be provided for this line to work. I don't think that should be necessary, since [] are valid in globs, which is the default pattern matching and is cheaper than regex. I've tested it with tcl 8.4.14 and expect 8.4.7 and it works as expected and has worked with 8.3 in the past. So, there is another tcl regression. You should open a freebsd ports ticket; I suspect this is a general problem with their build of the tcl83 port. From forums at triadbiz.rr.com Tue Jan 15 22:03:31 2008 From: forums at triadbiz.rr.com (Joshua Krause) Date: Tue, 15 Jan 2008 17:03:31 -0500 Subject: [rancid] cloginrc Message-ID: <007b01c857c2$77164800$6542d800$@rr.com> I have a question about the .cloginrc file. I have a number of switches that I am currently backing up the configs with and would like to add my pix firewalls. Currently I have this in my cloginrc file: ## Routers and Switches add user * user add password * {password} add autoenable * 1 And I was going to add this for the pix firewalls that used ssh: ## Pix Firewalls add password gsonc-spg-pix* {radius pass} {enablepass} add method gsonc-spg-pix* ssh add password *501 {radius pass} {enablepass} add method *501 ssh So my config looks like this now: ## Routers and Switches add user * user add password * {password} add autoenable * 1 ## Pix Firewalls add password gsonc-spg-pix* {radius pass} {enablepass} add method gsonc-spg-pix* ssh add password *501 {radius pass} {enablepass} add method *501 ssh But my logfile says that the pixes are timeing out at login. Can someone help me out with this? Thanks, Josh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080115/1e0b05b6/attachment.html From smunzani at comcast.net Tue Jan 15 22:12:49 2008 From: smunzani at comcast.net (Sam Munzani) Date: Tue, 15 Jan 2008 16:12:49 -0600 Subject: [rancid] Re: cloginrc In-Reply-To: <007b01c857c2$77164800$6542d800$@rr.com> References: <007b01c857c2$77164800$6542d800$@rr.com> Message-ID: <478D2FE1.7070004@comcast.net> Joshua, move the "*" section at the end. More specific regex should go 1st otherwise it will match at your 1st wild card and never evaluate the others. Sam > > I have a question about the .cloginrc file. I have a number of > switches that I am currently backing up the configs with and would > like to add my pix firewalls. Currently I have this in my cloginrc file: > > > > ## Routers and Switches > > add user * user > > add password * {password} > > add autoenable * 1 > > > > And I was going to add this for the pix firewalls that used ssh: > > ## Pix Firewalls > > add password gsonc-spg-pix* {radius pass} {enablepass} > > add method gsonc-spg-pix* ssh > > > > add password *501 {radius pass} {enablepass} > > add method *501 ssh > > > > So my config looks like this now: > > ## Routers and Switches > > add user * user > > add password * {password} > > add autoenable * 1 > > > > ## Pix Firewalls > > add password gsonc-spg-pix* {radius pass} {enablepass} > > add method gsonc-spg-pix* ssh > > > > add password *501 {radius pass} {enablepass} > > add method *501 ssh > > > > > > But my logfile says that the pixes are timeing out at login. Can > someone help me out with this? > > > > Thanks, > > > > Josh > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080115/c8c65184/attachment.html From cmoody at qualcomm.com Tue Jan 15 22:20:48 2008 From: cmoody at qualcomm.com (Chris Moody) Date: Tue, 15 Jan 2008 14:20:48 -0800 Subject: [rancid] Re: cloginrc In-Reply-To: <007b01c857c2$77164800$6542d800$@rr.com> References: <007b01c857c2$77164800$6542d800$@rr.com> Message-ID: <478D31C0.3010309@qualcomm.com> You have to put your more-specific matches higher in the list...before the wildcard "*" matches you have. It should look like this: ------------------------ add user hostxxx {username} add password hostxxx {password} {enable_password} add method hostxxx {ssh} add cyphertype hostxxx {3des} <--- only really necessary for DES add user * {username} add password * {password} {enable_password} ... and so on What's happening is that you're matching on the wildcard pattern before ever getting to the more specific lines. Cheers, -Chris Joshua Krause wrote: > I have a question about the .cloginrc file. I have a number of switches > that I am currently backing up the configs with and would like to add my > pix firewalls. Currently I have this in my cloginrc file: > > > > ## Routers and Switches > > add user * user > > add password * {password} > > add autoenable * 1 > > > > And I was going to add this for the pix firewalls that used ssh: > > ## Pix Firewalls > > add password gsonc-spg-pix* {radius pass} {enablepass} > > add method gsonc-spg-pix* ssh > > > > add password *501 {radius pass} {enablepass} > > add method *501 ssh > > > > So my config looks like this now: > > ## Routers and Switches > > add user * user > > add password * {password} > > add autoenable * 1 > > > > ## Pix Firewalls > > add password gsonc-spg-pix* {radius pass} {enablepass} > > add method gsonc-spg-pix* ssh > > > > add password *501 {radius pass} {enablepass} > > add method *501 ssh > > > > > > But my logfile says that the pixes are timeing out at login. Can > someone help me out with this? > > > > Thanks, > > > > Josh > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jethro.binks at strath.ac.uk Wed Jan 16 00:17:30 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed, 16 Jan 2008 00:17:30 +0000 (GMT) Subject: [rancid] Oddities with Cisco ASA Message-ID: <20080115233734.G62092@defjam.cc.strath.ac.uk> Despite reports on the list of people having no problems with Cisco ASAs, I am having some problems. This with code 7.1(2). Two problems are described here, forgive the length of this. My main issue at the moment is that rancid (2.3.1), does not check in the new config into CVS because it does not believe that a clean run has happened. I have run in debugging mode, and I can see the expected content for both "show running-config" and "write term" in the .raw file. I think my concern is with this line: while (/#\s*($cmds_regexp)\s*$/) { in the main part of the 'rancid' code (line 1625 for rancid.in 1.174) which tries to match an executed command after the prompt symbol. Unfortunately, for my ASA, in the raw output from clogin, I see the following: ... privilege clear level 3 mode configure command aaa-server Cryptochecksum:14ed48d4686a8722efaf076dcd4d820c : end asa5500-cu#term : Saved : ASA Version 7.1(2) ... This is the end of "show running-config", and the start of "write term". But see that only "term" is at the prompt, the rest has been swallowed somewhere; rancid does not find a match for the command, and so it decides that this is not a clean run. Anyone else seen this behaviour? Here is a related query. A little further on in 'rancid', there is this code: ... $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; last TOP; ... Should that really be 'last'? I am finding on my ASA that for some of the subroutines executed for commands that are not appropriate for this platform (many of the "dir" commands, "show env all", and so on) return -1, and it bails out at this point and does not process output from later commands. When I change 'last' to 'next', it carries on processing output from subsequent commands. Is the retval of -1 supposed to be a fatal 'cannot continue' indicator? In which case, I have a problem with the frequent occurences of: return(-1) if (/command authorization failed/i); as the ASA seems to say this anyway even for subcommands that it doesn't understand (see below for notes on privilege level of the user): asa5500-cu# show rubbish ^ ERROR: % Invalid input detected at '^' marker. ERROR: Command authorization failed I may of course be completely misunderstanding what is supposed to be happening here, but this is the nearest explanation I have got after several evenings of squinting - however I find it odd that no-one else has noticed this. Other information: FreeBSD 6.1, SMP kernel, expect-5.44.1.4 from lang/expect-devel, I have read http://www.freebsd.org/cgi/query-pr.cgi?pr=118452 Cisco Adaptive Security Appliance Software Version 7.1(2) Device Manager Version 5.1(2) Hardware: ASA5550, 3968 MB RAM, CPU Pentium 4 3000 MHz The user on the ASA is privilege level 7, and I have set the following: privilege cmd level 7 mode exec command dir privilege cmd level 7 mode exec command write privilege cmd level 7 mode exec command terminal privilege show level 7 mode exec command running-config privilege show level 7 mode exec command version privilege show level 7 mode exec command bootvar privilege show level 7 mode exec command vlan privilege show level 7 mode exec command module which seem to be sufficient. I don't get different results with a user of priv level 15, for what it is worth. Thanks for any comments, Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From jethro.binks at strath.ac.uk Wed Jan 16 01:01:01 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed, 16 Jan 2008 01:01:01 +0000 (GMT) Subject: [rancid] Cisco ASA pagination Message-ID: <20080116004652.O62092@defjam.cc.strath.ac.uk> Maybe useful to someone: To disable pagination for the session (I think) on Cisco ASA 7.1(2), you can send "term pager 0", so I added it after line 784 in clogin.in 1.79. send "term pager 0\r" Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From rancid at gheek.net Wed Jan 16 01:53:32 2008 From: rancid at gheek.net (Lance) Date: Tue, 15 Jan 2008 18:53:32 -0700 Subject: [rancid] Re: Oddities with Cisco ASA Message-ID: <20080115185332.8e114e4890519e5179c192e02d6bca26.ffb1b8832e.wbe@email.secureserver.net> Jethro, I was running rancid on 7.1(2) at a previous job if I am not mistaken. None the less I have yet to find any issues with running rancid on the ASAs. The extra commands can be run and a message is displayed but that should not stop rancid from continueing. You might want to check the most recent alpha to see if it includes the same versions that you have and the same lines. Other than that it sounds like you have a fix for your issue. -lance > -------- Original Message -------- > Subject: [rancid] Oddities with Cisco ASA > From: Jethro R Binks > Date: Tue, January 15, 2008 5:17 pm > To: rancid-discuss at shrubbery.net > Despite reports on the list of people having no problems with Cisco ASAs, > I am having some problems. This with code 7.1(2). Two problems are > described here, forgive the length of this. > My main issue at the moment is that rancid (2.3.1), does not check in the > new config into CVS because it does not believe that a clean run has > happened. I have run in debugging mode, and I can see the expected > content for both "show running-config" and "write term" in the .raw file. > I think my concern is with this line: > while (/#\s*($cmds_regexp)\s*$/) { > in the main part of the 'rancid' code (line 1625 for rancid.in 1.174) > which tries to match an executed command after the prompt symbol. > Unfortunately, for my ASA, in the raw output from clogin, I see the > following: > ... > privilege clear level 3 mode configure command aaa-server > Cryptochecksum:14ed48d4686a8722efaf076dcd4d820c > : end > asa5500-cu#term > : Saved > : > ASA Version 7.1(2) > ... > This is the end of "show running-config", and the start of "write term". > But see that only "term" is at the prompt, the rest has been swallowed > somewhere; rancid does not find a match for the command, and so it decides > that this is not a clean run. > Anyone else seen this behaviour? > Here is a related query. A little further on in 'rancid', there is this > code: > ... > $rval = &{$commands{$cmd}}; > delete($commands{$cmd}); > if ($rval == -1) { > $clean_run = 0; > last TOP; > ... > Should that really be 'last'? I am finding on my ASA that for some of the > subroutines executed for commands that are not appropriate for this > platform (many of the "dir" commands, "show env all", and so on) return > -1, and it bails out at this point and does not process output from later > commands. > When I change 'last' to 'next', it carries on processing output from > subsequent commands. Is the retval of -1 supposed to be a fatal 'cannot > continue' indicator? In which case, I have a problem with the frequent > occurences of: > return(-1) if (/command authorization failed/i); > as the ASA seems to say this anyway even for subcommands that it doesn't > understand (see below for notes on privilege level of the user): > asa5500-cu# show rubbish > ^ > ERROR: % Invalid input detected at '^' marker. > ERROR: Command authorization failed > I may of course be completely misunderstanding what is supposed to be > happening here, but this is the nearest explanation I have got after > several evenings of squinting - however I find it odd that no-one else has > noticed this. > Other information: > FreeBSD 6.1, SMP kernel, expect-5.44.1.4 from lang/expect-devel, I have > read http://www.freebsd.org/cgi/query-pr.cgi?pr=118452 > Cisco Adaptive Security Appliance Software Version 7.1(2) > Device Manager Version 5.1(2) > Hardware: ASA5550, 3968 MB RAM, CPU Pentium 4 3000 MHz > The user on the ASA is privilege level 7, and I have set the following: > privilege cmd level 7 mode exec command dir > privilege cmd level 7 mode exec command write > privilege cmd level 7 mode exec command terminal > privilege show level 7 mode exec command running-config > privilege show level 7 mode exec command version > privilege show level 7 mode exec command bootvar > privilege show level 7 mode exec command vlan > privilege show level 7 mode exec command module > which seem to be sufficient. I don't get different results with a user of > priv level 15, for what it is worth. > Thanks for any comments, > Jethro. > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jean.benoit at crc.u-strasbg.fr Thu Jan 17 03:24:23 2008 From: jean.benoit at crc.u-strasbg.fr (Jean BENOIT) Date: Thu, 17 Jan 2008 04:24:23 +0100 Subject: [rancid] Re: jlogin timeout In-Reply-To: <20080115214420.GL19455@shrubbery.net> References: <20080114180955.GC7144@crc.u-strasbg.fr> <20080115214420.GL19455@shrubbery.net> Message-ID: <20080117032423.GL11182@crc.u-strasbg.fr> On Tue, Jan 15, 2008 at 09:44:20PM +0000, john heasley wrote: > Mon, Jan 14, 2008 at 07:09:56PM +0100, Jean BENOIT: > > I am using expect-devel from the FreeBSD ports, > > http://www.shrubbery.net/pipermail/rancid-discuss/2008-January/002672.html [...] > > "\[Pp]assword:" { > > The "-re" flag should be provided for this line to work. > > I don't think that should be necessary, since [] are valid in globs, which > is the default pattern matching and is cheaper than regex. I've tested it You are right. The expect-devel ports uses the latest version of exp_glob.c from the expect cvs (rev. 5.34, dated 2007/07/17) which definitely has an issue. This simple example : exp_internal 1 ; spawn sh -c "echo a && cat" ; expect {[a]} {puts ok} times out with : expect: does "a\r\n" (spawn_id exp6) match glob pattern "[a]"? no expect: timed out There is even debug code in exp_glob.c. I am not sure this code has been really tested and is supposed to work ... I didn't have time to locate the bug precisely. I submitted a bug in the Sourceforge Expect bug tracker. > with tcl 8.4.14 and expect 8.4.7 and it works as expected and has worked > with 8.3 in the past. > So, there is another tcl regression. You should open a freebsd ports > ticket; I suspect this is a general problem with their build of the tcl83 > port. It has nothing to do with a tcl regression. The problem is in expect. Suggesting expect-devel as a solution to the pty problem was probably not a wise move. -- Jean Benoit Centre R?seau Communication Universit? Louis Pasteur, Strasbourg, France From heas at shrubbery.net Fri Jan 18 00:14:59 2008 From: heas at shrubbery.net (john heasley) Date: Fri, 18 Jan 2008 00:14:59 +0000 Subject: [rancid] Re: HP Procurve (hlogin): interaction in configure mode: possible? In-Reply-To: <20080115132820.GT29935@sioling.obspm.fr> References: <20080107182549.GB9627@sioling.obspm.fr> <20080112180843.GH19074@shrubbery.net> <20080115132820.GT29935@sioling.obspm.fr> Message-ID: <20080118001459.GR14943@shrubbery.net> Tue, Jan 15, 2008 at 02:28:20PM +0100, Emmanuel Halbwachs: > Hello, > > First, thank you very much for your answer. > > john heasley a ?crit (Sat, Jan 12, 2008 at 06:08:43PM +0000) : > > you need > > -c "conf t; foo; exit" > > Yes, you're right, it was missing in my example. > > > 2) it appears that hlogin has difficulty with the prompt changing. A change > > was applied to clogin to make this work, but apparently not applied > > to hlogin. you should be able to work-around it using the -x > > method. the attached patch should fix both issues; -c and -x. > Well, I tried this as well (I forgot to tell it) and it hangs the same > way: > > root at sionet:~# cat ~eh/rancid/rancid-cmd > conf t > sh sys > exit > > root at sionet:~# /usr/lib/rancid/bin/hlogin -v foo -e bar -x ~eh/rancid/rancid-cmd switch > switch > spawn hpuifilter -- telnet switch > Trying 145.238.x.y... > Connected to switch.obspm.fr. > Escape character is '^]'. > HP J4899B ProCurve Switch 2650 > Firmware revision H.08.60 > > Copyright (C) 1991-2005 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > > Password: > > switch> enable > Password: > switch# > switch# no page > switch# conf t > > -> hang > > Error: TIMEOUT reached > > I will try rancid 2.3.2a7 to see if it give some improvement on the > subject. > > Nevertheless, I am still open to any hint with HP and configure mode > ;-) > > > -- > Emmanuel Halbwachs > Resp. R?seau/S?curit? Observatoire de Paris-Meudon > tel : (+33)1 45 07 75 54 5 Place Jules Janssen > fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX -------------- next part -------------- Index: hlogin.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/hlogin.in,v retrieving revision 1.43 diff -d -u -r1.43 hlogin.in --- hlogin.in 16 Nov 2007 02:22:53 -0000 1.43 +++ hlogin.in 18 Jan 2008 00:12:46 -0000 @@ -503,7 +503,8 @@ # Turn off the pager and escape regex meta characters in the $prompt send "no page\r" - regsub -all "\[)(]" $prompt {\\&} reprompt + regsub -all {[)(]} $prompt {\\&} reprompt + regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } From laichenkang at gmail.com Fri Jan 18 01:19:14 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Fri, 18 Jan 2008 09:19:14 +0800 Subject: [rancid] Weird email problem Message-ID: <478FFE92.1080809@gmail.com> Hi all I have intentionally made modification to one of my switches. I want rancid to generate a mail and sent it to me. Below is a snippet from /var/log/maillog Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: from=rancid, size=5978, class=-60, nrcpts=1, msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, relay=rancid at localhost Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: from=, size=6286, class=-60, nrcpts=1, msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg [127.0.0.1] Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 Message accepted for delivery) Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: to=laichenkang at transmarket.com.sg, ctladdr= (500/500), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, stat=Sent /etc/aliases rancid-admin-routers: laichenkang at transmarket.com.sg rancid-routers: laichenkang at transmarket.com.sg rancid-admin-switches: laichenkang at transmarket.com.sg rancid-switches: laichenkang at transmarket.com.sg rancid-admin-firewalls: laichenkang at transmarket.com.sg rancid-firewalls: laichenkang at transmarket.com.sg Problem is I never got the mail. Even when the last line is stat=Sent. Any ideas? From jsidwell at perisys.net Thu Jan 17 20:32:23 2008 From: jsidwell at perisys.net (Joshua Sidwell) Date: Thu, 17 Jan 2008 13:32:23 -0700 Subject: [rancid] all connections through clogin are timing out... Message-ID: <00ff01c85948$14289360$1f12fea9@arcthrift.local> Ok, has anyone seen this before? I can manually telnet into each of these routers and use the userid that is setup for rancid and it all works. When I do a clogin to the same router, it logs in correctly, then if I type any command it times out. This happens on all of my routers. This is a rebuild of an older rancid server (v 2.3.1 we just updated linux os version) that worked for these routers before. I am using FC8 and rancid 2.3.1 (unpatched). Please, any and all help appreciated! Josh [rancid at rancid ~]$ bin/clogin 65.47.xxx.xxx 65.47.xxx.xxx spawn telnet 65.47.xxx.xxx Trying 65.47.xxx.xxx... Connected to 65.47.xxx.xxx. Escape character is '^]'. User Access Verification Username: rancid Password: [name removed]#sh run Error: TIMEOUT reached [rancid at rancid ~]$ sh run sh: run: No such file or directory [rancid at rancid ~]$ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080117/b83d23bb/attachment.html From laichenkang at gmail.com Fri Jan 18 03:31:40 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Fri, 18 Jan 2008 11:31:40 +0800 Subject: [rancid] Re: Weird email problem In-Reply-To: <20080118023154.GF14943@shrubbery.net> References: <478FFE92.1080809@gmail.com> <20080118023154.GF14943@shrubbery.net> Message-ID: <47901D9C.9060604@gmail.com> Sorry for this stupid question but how does one "use aliases manually"? john heasley wrote: > try using your aliases manually. the receiving host must be trashing the mail. > > Fri, Jan 18, 2008 at 09:19:14AM +0800, Lai Chen Kang: >> Hi all >> >> I have intentionally made modification to one of my switches. I want >> rancid to generate a mail and sent it to me. Below is a snippet from >> /var/log/maillog >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >> from=rancid, size=5978, class=-60, nrcpts=1, >> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >> relay=rancid at localhost >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: >> from=, size=6286, class=-60, >> nrcpts=1, >> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >> proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg [127.0.0.1] >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >> to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), >> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, >> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 >> Message accepted for delivery) >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: >> to=laichenkang at transmarket.com.sg, >> ctladdr= (500/500), >> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, >> stat=Sent >> >> /etc/aliases >> >> rancid-admin-routers: laichenkang at transmarket.com.sg >> rancid-routers: laichenkang at transmarket.com.sg >> rancid-admin-switches: laichenkang at transmarket.com.sg >> rancid-switches: laichenkang at transmarket.com.sg >> rancid-admin-firewalls: laichenkang at transmarket.com.sg >> rancid-firewalls: laichenkang at transmarket.com.sg >> >> Problem is I never got the mail. Even when the last line is stat=Sent. >> >> Any ideas? >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jlewis at lewis.org Fri Jan 18 04:06:40 2008 From: jlewis at lewis.org (Jon Lewis) Date: Thu, 17 Jan 2008 23:06:40 -0500 (EST) Subject: [rancid] Re: Weird email problem In-Reply-To: <47901D9C.9060604@gmail.com> References: <478FFE92.1080809@gmail.com> <20080118023154.GF14943@shrubbery.net> <47901D9C.9060604@gmail.com> Message-ID: I think he means send an email yourself to the address. Is it possible you have some spam filter that thinks rancid is a spammer? On Fri, 18 Jan 2008, Lai Chen Kang wrote: > Sorry for this stupid question but how does one "use aliases manually"? > > john heasley wrote: >> try using your aliases manually. the receiving host must be trashing the mail. >> >> Fri, Jan 18, 2008 at 09:19:14AM +0800, Lai Chen Kang: >>> Hi all >>> >>> I have intentionally made modification to one of my switches. I want >>> rancid to generate a mail and sent it to me. Below is a snippet from >>> /var/log/maillog >>> >>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >>> from=rancid, size=5978, class=-60, nrcpts=1, >>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >>> relay=rancid at localhost >>> >>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: >>> from=, size=6286, class=-60, >>> nrcpts=1, >>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >>> proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg [127.0.0.1] >>> >>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >>> to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), >>> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, >>> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 >>> Message accepted for delivery) >>> >>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: >>> to=laichenkang at transmarket.com.sg, >>> ctladdr= (500/500), >>> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, >>> stat=Sent >>> >>> /etc/aliases >>> >>> rancid-admin-routers: laichenkang at transmarket.com.sg >>> rancid-routers: laichenkang at transmarket.com.sg >>> rancid-admin-switches: laichenkang at transmarket.com.sg >>> rancid-switches: laichenkang at transmarket.com.sg >>> rancid-admin-firewalls: laichenkang at transmarket.com.sg >>> rancid-firewalls: laichenkang at transmarket.com.sg >>> >>> Problem is I never got the mail. Even when the last line is stat=Sent. >>> >>> Any ideas? >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From laichenkang at gmail.com Fri Jan 18 04:43:45 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Fri, 18 Jan 2008 12:43:45 +0800 Subject: [rancid] Re: Weird email problem In-Reply-To: References: <478FFE92.1080809@gmail.com> <20080118023154.GF14943@shrubbery.net> <47901D9C.9060604@gmail.com> Message-ID: <47902E81.70907@gmail.com> I am using qmailtoaster as the mailserver. I believe I have it setup correctly as I can receive mails from other servers namely backuppc and zenoss. This may not be the right place but where in qmailtoaster should I be looking? Jon Lewis wrote: > I think he means send an email yourself to the address. > > Is it possible you have some spam filter that thinks rancid is a spammer? > > On Fri, 18 Jan 2008, Lai Chen Kang wrote: > >> Sorry for this stupid question but how does one "use aliases manually"? >> >> john heasley wrote: >>> try using your aliases manually. the receiving host must be trashing >>> the mail. >>> >>> Fri, Jan 18, 2008 at 09:19:14AM +0800, Lai Chen Kang: >>>> Hi all >>>> >>>> I have intentionally made modification to one of my switches. I want >>>> rancid to generate a mail and sent it to me. Below is a snippet from >>>> /var/log/maillog >>>> >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >>>> from=rancid, size=5978, class=-60, nrcpts=1, >>>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >>>> relay=rancid at localhost >>>> >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: >>>> from=, size=6286, class=-60, >>>> nrcpts=1, >>>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >>>> proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg >>>> [127.0.0.1] >>>> >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >>>> to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), >>>> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, >>>> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 >>>> Message accepted for delivery) >>>> >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: >>>> to=laichenkang at transmarket.com.sg, >>>> ctladdr= (500/500), >>>> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, >>>> stat=Sent >>>> >>>> /etc/aliases >>>> >>>> rancid-admin-routers: laichenkang at transmarket.com.sg >>>> rancid-routers: laichenkang at transmarket.com.sg >>>> rancid-admin-switches: laichenkang at transmarket.com.sg >>>> rancid-switches: laichenkang at transmarket.com.sg >>>> rancid-admin-firewalls: laichenkang at transmarket.com.sg >>>> rancid-firewalls: laichenkang at transmarket.com.sg >>>> >>>> Problem is I never got the mail. Even when the last line is stat=Sent. >>>> >>>> Any ideas? >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > ---------------------------------------------------------------------- > Jon Lewis | I route > Senior Network Engineer | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From david+rancid at luyer.net Fri Jan 18 06:09:14 2008 From: david+rancid at luyer.net (David Luyer) Date: Thu, 17 Jan 2008 22:09:14 -0800 (PST) Subject: [rancid] Re: Weird email problem In-Reply-To: <478FFE92.1080809@gmail.com> References: <478FFE92.1080809@gmail.com> Message-ID: <53950.208.106.97.227.1200636554.squirrel@www.luyer.net> It says mailer=local on that line, and the other line was sending to 127.0.0.1 - presumably the MSA to MTA handoff. Is this maillog from your mail server or your rancid server? Or is rancid running on your mail server? It seems possible that you've configured your rancid server to think it is a final mail server for your domain, so your email is ending up in /var/spool/mail/$USER on the rancid server, when it should be being sent off to a different server. David. > Hi all > > I have intentionally made modification to one of my switches. I want > rancid to generate a mail and sent it to me. Below is a snippet from > /var/log/maillog > > Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: > from=rancid, size=5978, class=-60, nrcpts=1, > msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, > relay=rancid at localhost > > Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: > from=, size=6286, class=-60, > nrcpts=1, > msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, > proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg > [127.0.0.1] > > Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: > to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), > delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, > relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 > Message accepted for delivery) > > Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: > to=laichenkang at transmarket.com.sg, > ctladdr= (500/500), > delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, > stat=Sent > > /etc/aliases > > rancid-admin-routers: laichenkang at transmarket.com.sg > rancid-routers: laichenkang at transmarket.com.sg > rancid-admin-switches: laichenkang at transmarket.com.sg > rancid-switches: laichenkang at transmarket.com.sg > rancid-admin-firewalls: laichenkang at transmarket.com.sg > rancid-firewalls: laichenkang at transmarket.com.sg > > Problem is I never got the mail. Even when the last line is stat=Sent. > > Any ideas? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From laichenkang at gmail.com Fri Jan 18 07:12:52 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Fri, 18 Jan 2008 15:12:52 +0800 Subject: [rancid] Re: Weird email problem In-Reply-To: <53950.208.106.97.227.1200636554.squirrel@www.luyer.net> References: <478FFE92.1080809@gmail.com> <53950.208.106.97.227.1200636554.squirrel@www.luyer.net> Message-ID: <47905174.7020209@gmail.com> this maillog is from the rancid server. mail server is on a separate server. I think you are right. David Luyer wrote: > It says mailer=local on that line, and the other line was sending > to 127.0.0.1 - presumably the MSA to MTA handoff. > > Is this maillog from your mail server or your rancid server? > Or is rancid running on your mail server? > > It seems possible that you've configured your rancid server to > think it is a final mail server for your domain, so your email > is ending up in /var/spool/mail/$USER on the rancid server, when > it should be being sent off to a different server. > > David. > > > >> Hi all >> >> I have intentionally made modification to one of my switches. I want >> rancid to generate a mail and sent it to me. Below is a snippet from >> /var/log/maillog >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >> from=rancid, size=5978, class=-60, nrcpts=1, >> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >> relay=rancid at localhost >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: >> from=, size=6286, class=-60, >> nrcpts=1, >> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >> proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg >> [127.0.0.1] >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >> to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), >> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, >> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 >> Message accepted for delivery) >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: >> to=laichenkang at transmarket.com.sg, >> ctladdr= (500/500), >> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, >> stat=Sent >> >> /etc/aliases >> >> rancid-admin-routers: laichenkang at transmarket.com.sg >> rancid-routers: laichenkang at transmarket.com.sg >> rancid-admin-switches: laichenkang at transmarket.com.sg >> rancid-switches: laichenkang at transmarket.com.sg >> rancid-admin-firewalls: laichenkang at transmarket.com.sg >> rancid-firewalls: laichenkang at transmarket.com.sg >> >> Problem is I never got the mail. Even when the last line is stat=Sent. >> >> Any ideas? >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > From Emmanuel.Halbwachs at obspm.fr Fri Jan 18 07:27:39 2008 From: Emmanuel.Halbwachs at obspm.fr (Emmanuel Halbwachs) Date: Fri, 18 Jan 2008 08:27:39 +0100 Subject: [rancid] Re: HP Procurve (hlogin): interaction in configure mode: possible? In-Reply-To: <20080118001459.GR14943@shrubbery.net> References: <20080107182549.GB9627@sioling.obspm.fr> <20080112180843.GH19074@shrubbery.net> <20080115132820.GT29935@sioling.obspm.fr> <20080118001459.GR14943@shrubbery.net> Message-ID: <20080118072739.GA18112@sioling.obspm.fr> Hello, john heasley a ?crit (Fri, Jan 18, 2008 at 12:14:59AM +0000) : > the attached patch should fix both issues; -c and -x. > > # Turn off the pager and escape regex meta characters in the $prompt > send "no page\r" > - regsub -all "\[)(]" $prompt {\\&} reprompt > + regsub -all {[)(]} $prompt {\\&} reprompt > + regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt > expect { > -re $reprompt {} > -re "\[\n\r]+" { exp_continue } Works like a charm, tested with -c and -x Thanks a lot! -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX From laichenkang at gmail.com Fri Jan 18 07:35:15 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Fri, 18 Jan 2008 15:35:15 +0800 Subject: [rancid] Re: Weird email problem In-Reply-To: <53950.208.106.97.227.1200636554.squirrel@www.luyer.net> References: <478FFE92.1080809@gmail.com> <53950.208.106.97.227.1200636554.squirrel@www.luyer.net> Message-ID: <479056B3.4060006@gmail.com> I have removed the user, laichenkang (actually myself) from the rancid server. Hoping that it will be sent to the mail server but it didn't. Below is the maillog from the rancid server. Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16088]: m0I7VG8m016088: from=rancid, size=1363, class=-60, nrcpts=1, msgid=<200801180731.m0I7VG8m016088 at STMGSINMANAGE2.transmarket.com.sg>, relay=rancid at localhost Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16090]: m0I7VGw0016090: from=, size=1705, class=-60, nrcpts=1, msgid=<200801180731.m0I7VG8m016088 at STMGSINMANAGE2.transmarket.com.sg>, proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg [127.0.0.1] Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16088]: m0I7VG8m016088: to=rancid-switches, ctladdr=rancid (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=139363, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0I7VGw0016090 Message accepted for delivery) Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016090: to=laichenkang at transmarket.com.sg, ctladdr= (8/0), delay=00:00:00, mailer=local, pri=229705, dsn=5.1.1, stat=User unknown Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016090: m0I7VGw0016091: DSN: User unknown Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016091: to=, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30000, dsn=2.0.0, stat=Sent It seems that the mailer being local is not sending it over the network. David Luyer wrote: > It says mailer=local on that line, and the other line was sending > to 127.0.0.1 - presumably the MSA to MTA handoff. > > Is this maillog from your mail server or your rancid server? > Or is rancid running on your mail server? > > It seems possible that you've configured your rancid server to > think it is a final mail server for your domain, so your email > is ending up in /var/spool/mail/$USER on the rancid server, when > it should be being sent off to a different server. > > David. > > > >> Hi all >> >> I have intentionally made modification to one of my switches. I want >> rancid to generate a mail and sent it to me. Below is a snippet from >> /var/log/maillog >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >> from=rancid, size=5978, class=-60, nrcpts=1, >> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >> relay=rancid at localhost >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: >> from=, size=6286, class=-60, >> nrcpts=1, >> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >> proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg >> [127.0.0.1] >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >> to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), >> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, >> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 >> Message accepted for delivery) >> >> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: >> to=laichenkang at transmarket.com.sg, >> ctladdr= (500/500), >> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, >> stat=Sent >> >> /etc/aliases >> >> rancid-admin-routers: laichenkang at transmarket.com.sg >> rancid-routers: laichenkang at transmarket.com.sg >> rancid-admin-switches: laichenkang at transmarket.com.sg >> rancid-switches: laichenkang at transmarket.com.sg >> rancid-admin-firewalls: laichenkang at transmarket.com.sg >> rancid-firewalls: laichenkang at transmarket.com.sg >> >> Problem is I never got the mail. Even when the last line is stat=Sent. >> >> Any ideas? >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > From stsimb at irc.gr Fri Jan 18 08:30:30 2008 From: stsimb at irc.gr (Sotiris Tsimbonis) Date: Fri, 18 Jan 2008 10:30:30 +0200 Subject: [rancid] Re: Weird email problem In-Reply-To: <479056B3.4060006@gmail.com> References: <478FFE92.1080809@gmail.com> <53950.208.106.97.227.1200636554.squirrel@www.luyer.net> <479056B3.4060006@gmail.com> Message-ID: <479063A6.6070900@irc.gr> On 01/18/2008 09:35 AM, Lai Chen Kang wrote: > I have removed the user, laichenkang (actually myself) from the rancid server. Hoping that it will be sent to the mail > server but it didn't. Below is the maillog from the rancid server. > > Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16088]: m0I7VG8m016088: from=rancid, size=1363, class=-60, nrcpts=1, > msgid=<200801180731.m0I7VG8m016088 at STMGSINMANAGE2.transmarket.com.sg>, relay=rancid at localhost > Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16090]: m0I7VGw0016090: from=, > size=1705, class=-60, nrcpts=1, msgid=<200801180731.m0I7VG8m016088 at STMGSINMANAGE2.transmarket.com.sg>, proto=ESMTP, > daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg [127.0.0.1] > Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16088]: m0I7VG8m016088: to=rancid-switches, ctladdr=rancid (500/500), > delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=139363, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent > (m0I7VGw0016090 Message accepted for delivery) > Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016090: to=laichenkang at transmarket.com.sg, > ctladdr= (8/0), delay=00:00:00, mailer=local, pri=229705, dsn=5.1.1, > stat=User unknown > Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016090: m0I7VGw0016091: DSN: User unknown > Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016091: to=, > delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30000, dsn=2.0.0, stat=Sent > > It seems that the mailer being local is not sending it over the network. > As David already pointed out, sendmail uses mailer=local to deliver this mail. That's probably because STMGSINMANAGE2's sendmail has been instructed to accept transmarket.com.sg mails, believes the domain is local and knows all its users (that's why now that you removed the local user you get User Unknown).. I would suggest either that you remove transmarket.com.sg from sendmail's local domains in STMGSINMANAGE2, or that you set a SmartHost in sendmail and have it deliver all email traffic to your other smtp server.. Sot. > > > > David Luyer wrote: >> It says mailer=local on that line, and the other line was sending >> to 127.0.0.1 - presumably the MSA to MTA handoff. >> >> Is this maillog from your mail server or your rancid server? >> Or is rancid running on your mail server? >> >> It seems possible that you've configured your rancid server to >> think it is a final mail server for your domain, so your email >> is ending up in /var/spool/mail/$USER on the rancid server, when >> it should be being sent off to a different server. >> >> David. >> >> >> >>> Hi all >>> >>> I have intentionally made modification to one of my switches. I want >>> rancid to generate a mail and sent it to me. Below is a snippet from >>> /var/log/maillog >>> >>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >>> from=rancid, size=5978, class=-60, nrcpts=1, >>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >>> relay=rancid at localhost >>> >>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: >>> from=, size=6286, class=-60, >>> nrcpts=1, >>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >>> proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg >>> [127.0.0.1] >>> >>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >>> to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), >>> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, >>> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 >>> Message accepted for delivery) >>> >>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: >>> to=laichenkang at transmarket.com.sg, >>> ctladdr= (500/500), >>> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, >>> stat=Sent >>> >>> /etc/aliases >>> >>> rancid-admin-routers: laichenkang at transmarket.com.sg >>> rancid-routers: laichenkang at transmarket.com.sg >>> rancid-admin-switches: laichenkang at transmarket.com.sg >>> rancid-switches: laichenkang at transmarket.com.sg >>> rancid-admin-firewalls: laichenkang at transmarket.com.sg >>> rancid-firewalls: laichenkang at transmarket.com.sg >>> >>> Problem is I never got the mail. Even when the last line is stat=Sent. >>> >>> Any ideas? >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From laichenkang at gmail.com Fri Jan 18 09:54:31 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Fri, 18 Jan 2008 17:54:31 +0800 Subject: [rancid] Re: Weird email problem In-Reply-To: <479063A6.6070900@irc.gr> References: <478FFE92.1080809@gmail.com> <53950.208.106.97.227.1200636554.squirrel@www.luyer.net> <479056B3.4060006@gmail.com> <479063A6.6070900@irc.gr> Message-ID: <47907757.2040603@gmail.com> Thank you all for the help. I finally got it sorted. Sotiris Tsimbonis wrote: > On 01/18/2008 09:35 AM, Lai Chen Kang wrote: >> I have removed the user, laichenkang (actually myself) from the rancid server. Hoping that it will be sent to the mail >> server but it didn't. Below is the maillog from the rancid server. >> >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16088]: m0I7VG8m016088: from=rancid, size=1363, class=-60, nrcpts=1, >> msgid=<200801180731.m0I7VG8m016088 at STMGSINMANAGE2.transmarket.com.sg>, relay=rancid at localhost >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16090]: m0I7VGw0016090: from=, >> size=1705, class=-60, nrcpts=1, msgid=<200801180731.m0I7VG8m016088 at STMGSINMANAGE2.transmarket.com.sg>, proto=ESMTP, >> daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg [127.0.0.1] >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16088]: m0I7VG8m016088: to=rancid-switches, ctladdr=rancid (500/500), >> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=139363, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent >> (m0I7VGw0016090 Message accepted for delivery) >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016090: to=laichenkang at transmarket.com.sg, >> ctladdr= (8/0), delay=00:00:00, mailer=local, pri=229705, dsn=5.1.1, >> stat=User unknown >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016090: m0I7VGw0016091: DSN: User unknown >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016091: to=, >> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30000, dsn=2.0.0, stat=Sent >> >> It seems that the mailer being local is not sending it over the network. >> > > As David already pointed out, sendmail uses mailer=local to deliver this > mail. That's probably because STMGSINMANAGE2's sendmail has been > instructed to accept transmarket.com.sg mails, believes the domain is > local and knows all its users (that's why now that you removed the local > user you get User Unknown).. > > I would suggest either that you remove transmarket.com.sg from > sendmail's local domains in STMGSINMANAGE2, or that you set a SmartHost > in sendmail and have it deliver all email traffic to your other smtp > server.. > > Sot. > >> >> >> David Luyer wrote: >>> It says mailer=local on that line, and the other line was sending >>> to 127.0.0.1 - presumably the MSA to MTA handoff. >>> >>> Is this maillog from your mail server or your rancid server? >>> Or is rancid running on your mail server? >>> >>> It seems possible that you've configured your rancid server to >>> think it is a final mail server for your domain, so your email >>> is ending up in /var/spool/mail/$USER on the rancid server, when >>> it should be being sent off to a different server. >>> >>> David. >>> >>> >>> >>>> Hi all >>>> >>>> I have intentionally made modification to one of my switches. I want >>>> rancid to generate a mail and sent it to me. Below is a snippet from >>>> /var/log/maillog >>>> >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >>>> from=rancid, size=5978, class=-60, nrcpts=1, >>>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >>>> relay=rancid at localhost >>>> >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: >>>> from=, size=6286, class=-60, >>>> nrcpts=1, >>>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, >>>> proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg >>>> [127.0.0.1] >>>> >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: >>>> to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), >>>> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, >>>> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 >>>> Message accepted for delivery) >>>> >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: >>>> to=laichenkang at transmarket.com.sg, >>>> ctladdr= (500/500), >>>> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, >>>> stat=Sent >>>> >>>> /etc/aliases >>>> >>>> rancid-admin-routers: laichenkang at transmarket.com.sg >>>> rancid-routers: laichenkang at transmarket.com.sg >>>> rancid-admin-switches: laichenkang at transmarket.com.sg >>>> rancid-switches: laichenkang at transmarket.com.sg >>>> rancid-admin-firewalls: laichenkang at transmarket.com.sg >>>> rancid-firewalls: laichenkang at transmarket.com.sg >>>> >>>> Problem is I never got the mail. Even when the last line is stat=Sent. >>>> >>>> Any ideas? >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From shane.haslem at eircomni.co.uk Fri Jan 18 15:34:29 2008 From: shane.haslem at eircomni.co.uk (Shane Haslem) Date: Fri, 18 Jan 2008 15:34:29 -0000 Subject: [rancid] Rancid - High CPU on PE's and CE's Message-ID: Hi all, I have a problem with high CPU utilization on CE's and Pe's that are being captured via rancid. Is this symptomatic of too many commands being issued? Regards The information contained in this e-mail and any files transmitted with it is confidential and may be subject to legal professional privilege. It is intended solely for the use of the addressee(s). If you are not the intended recipient of this e-mail, please note that any review, dissemination, disclosure, alteration, printing, copying or transmission of this e-mail and/or any file transmitted with it, is prohibited and may be unlawful. If you have received this e-mail by mistake, please promptly inform the sender by reply e-mail and delete the material. Whilst this e-mail message has been swept for the presence of computer viruses, eircom (UK) Limited does not, except as required by law, represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, viruses, interception or interference. eircom (UK) Limited. Private Company Limited by Shares. Registered in England and Wales. Registration Number 03478971. Registered Office - South Quay, Plaza 2, 183 Marsh Wall, London, E14 9SH. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080118/291fd5a7/attachment.html From thecomputerking at gmail.com Fri Jan 18 16:13:39 2008 From: thecomputerking at gmail.com (Riley Tompkins) Date: Fri, 18 Jan 2008 11:13:39 -0500 Subject: [rancid] Re: Weird email problem In-Reply-To: <47907757.2040603@gmail.com> References: <478FFE92.1080809@gmail.com> <53950.208.106.97.227.1200636554.squirrel@www.luyer.net> <479056B3.4060006@gmail.com> <479063A6.6070900@irc.gr> <47907757.2040603@gmail.com> Message-ID: <337a72540801180813o1de6b274n887e933296b61723@mail.gmail.com> You could also use sendmail masquerading to re-write the local server domain with your domain and when your rancid server queries your domain's MX record it would get sent to the proper mail server. -Charles On 1/18/08, Lai Chen Kang wrote: > Thank you all for the help. I finally got it sorted. > > Sotiris Tsimbonis wrote: > > On 01/18/2008 09:35 AM, Lai Chen Kang wrote: > >> I have removed the user, laichenkang (actually myself) from the rancid > server. Hoping that it will be sent to the mail > >> server but it didn't. Below is the maillog from the rancid server. > >> > >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16088]: m0I7VG8m016088: > from=rancid, size=1363, class=-60, nrcpts=1, > >> msgid=<200801180731.m0I7VG8m016088 at STMGSINMANAGE2.transmarket.com.sg>, > relay=rancid at localhost > >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16090]: m0I7VGw0016090: > from=, > >> size=1705, class=-60, nrcpts=1, > msgid=<200801180731.m0I7VG8m016088 at STMGSINMANAGE2.transmarket.com.sg>, > proto=ESMTP, > >> daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg [127.0.0.1] > >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16088]: m0I7VG8m016088: > to=rancid-switches, ctladdr=rancid (500/500), > >> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=139363, > relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent > >> (m0I7VGw0016090 Message accepted for delivery) > >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016090: > to=laichenkang at transmarket.com.sg, > >> ctladdr= (8/0), > delay=00:00:00, mailer=local, pri=229705, dsn=5.1.1, > >> stat=User unknown > >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016090: > m0I7VGw0016091: DSN: User unknown > >> Jan 18 15:31:16 STMGSINMANAGE2 sendmail[16091]: m0I7VGw0016091: > to=, > >> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30000, dsn=2.0.0, > stat=Sent > >> > >> It seems that the mailer being local is not sending it over the network. > >> > > > > As David already pointed out, sendmail uses mailer=local to deliver this > > mail. That's probably because STMGSINMANAGE2's sendmail has been > > instructed to accept transmarket.com.sg mails, believes the domain is > > local and knows all its users (that's why now that you removed the local > > user you get User Unknown).. > > > > I would suggest either that you remove transmarket.com.sg from > > sendmail's local domains in STMGSINMANAGE2, or that you set a SmartHost > > in sendmail and have it deliver all email traffic to your other smtp > > server.. > > > > Sot. > > > >> > >> > >> David Luyer wrote: > >>> It says mailer=local on that line, and the other line was sending > >>> to 127.0.0.1 - presumably the MSA to MTA handoff. > >>> > >>> Is this maillog from your mail server or your rancid server? > >>> Or is rancid running on your mail server? > >>> > >>> It seems possible that you've configured your rancid server to > >>> think it is a final mail server for your domain, so your email > >>> is ending up in /var/spool/mail/$USER on the rancid server, when > >>> it should be being sent off to a different server. > >>> > >>> David. > >>> > >>> > >>> > >>>> Hi all > >>>> > >>>> I have intentionally made modification to one of my switches. I want > >>>> rancid to generate a mail and sent it to me. Below is a snippet from > >>>> /var/log/maillog > >>>> > >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: > >>>> from=rancid, size=5978, class=-60, nrcpts=1, > >>>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, > >>>> relay=rancid at localhost > >>>> > >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8430]: m0H40L55008430: > >>>> from=, size=6286, class=-60, > >>>> nrcpts=1, > >>>> msgid=<200801170400.m0H40LbF008428 at STMGSINMANAGE2.transmarket.com.sg>, > >>>> proto=ESMTP, daemon=MTA, relay=STMGSINMANAGE2.transmarket.com.sg > >>>> [127.0.0.1] > >>>> > >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8428]: m0H40LbF008428: > >>>> to=rancid-switches at transmarket.com.sg, ctladdr=rancid (500/500), > >>>> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=143978, > >>>> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0H40L55008430 > >>>> Message accepted for delivery) > >>>> > >>>> Jan 17 12:00:21 STMGSINMANAGE2 sendmail[8431]: m0H40L55008430: > >>>> to=laichenkang at transmarket.com.sg, > >>>> ctladdr= (500/500), > >>>> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=144550, dsn=2.0.0, > >>>> stat=Sent > >>>> > >>>> /etc/aliases > >>>> > >>>> rancid-admin-routers: laichenkang at transmarket.com.sg > >>>> rancid-routers: laichenkang at transmarket.com.sg > >>>> rancid-admin-switches: laichenkang at transmarket.com.sg > >>>> rancid-switches: laichenkang at transmarket.com.sg > >>>> rancid-admin-firewalls: laichenkang at transmarket.com.sg > >>>> rancid-firewalls: laichenkang at transmarket.com.sg > >>>> > >>>> Problem is I never got the mail. Even when the last line is stat=Sent. > >>>> > >>>> Any ideas? > >>>> _______________________________________________ > >>>> Rancid-discuss mailing list > >>>> Rancid-discuss at shrubbery.net > >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- Sent from Gmail for mobile | mobile.google.com From jsidwell at perisys.net Fri Jan 18 19:45:28 2008 From: jsidwell at perisys.net (Joshua Sidwell) Date: Fri, 18 Jan 2008 12:45:28 -0700 Subject: [rancid] HELP! Message-ID: <008301c85a0a$af823ce0$0e86b6a0$@net> Can anyone please help me. I have been messaging the list now for a few days looking for help. I had a previous install of rancid on 3.2.1 that worked perfectly, but now that I have rebuilt the server, I am getting timeouts on the connections to the different devices. I can logon as the rancid user as before, but when I attempt to run clogin, it times out! I cannot imagine what could be causing this. I have verified the configs (based on the sysadmin install which I used before), and the permissions. Please, any help is greatly appreciated! Josh Sidwell, CISSP Perimeter Systems Inc. 720-259-5374 (office) 303-668-3291 (cell) No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.6/1231 - Release Date: 1/18/2008 11:55 AM -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080118/492802f5/attachment.html From mashcraft at omniture.com Fri Jan 18 22:29:53 2008 From: mashcraft at omniture.com (Mike Ashcraft) Date: Fri, 18 Jan 2008 15:29:53 -0700 Subject: [rancid] Re: HELP! In-Reply-To: <008301c85a0a$af823ce0$0e86b6a0$@net> References: <008301c85a0a$af823ce0$0e86b6a0$@net> Message-ID: <45EB285310B55542A513F93230F0A53303B22594@EXCHANGE0.orm.omniture.com> Josh, >From your previous post, it looks like you do not have autoenable set correctly in your .cloginrc file. That would cause clogin to hang trying to complete the login process, even though it had already succeeded, and matches the screenshot you included. If that doesn't fix it, search the archives of this mailing list for details needed to verify you have the right version of expect. Some versions don't work properly. Once that is done, if you are still having problems. Provide full details in your request to this list so that better help can be provided. Good luck, Mike ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Joshua Sidwell Sent: Friday, January 18, 2008 12:45 PM To: rancid-discuss at shrubbery.net Subject: [rancid] HELP! Can anyone please help me. I have been messaging the list now for a few days looking for help. I had a previous install of rancid on 3.2.1 that worked perfectly, but now that I have rebuilt the server, I am getting timeouts on the connections to the different devices. I can logon as the rancid user as before, but when I attempt to run clogin, it times out! I cannot imagine what could be causing this. I have verified the configs (based on the sysadmin install which I used before), and the permissions. Please, any help is greatly appreciated! Josh Sidwell, CISSP Perimeter Systems Inc. 720-259-5374 (office) 303-668-3291 (cell) No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.6/1231 - Release Date: 1/18/2008 11:55 AM From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Joshua Sidwell Sent: Thursday, January 17, 2008 1:32 PM To: rancid-discuss at shrubbery.net Subject: [rancid] all connections through clogin are timing out... Ok, has anyone seen this before? I can manually telnet into each of these routers and use the userid that is setup for rancid and it all works. When I do a clogin to the same router, it logs in correctly, then if I type any command it times out. This happens on all of my routers. This is a rebuild of an older rancid server (v 2.3.1 we just updated linux os version) that worked for these routers before. I am using FC8 and rancid 2.3.1 (unpatched). Please, any and all help appreciated! Josh [rancid at rancid ~]$ bin/clogin 65.47.xxx.xxx 65.47.xxx.xxx spawn telnet 65.47.xxx.xxx Trying 65.47.xxx.xxx... Connected to 65.47.xxx.xxx. Escape character is '^]'. User Access Verification Username: rancid Password: [name removed]#sh run Error: TIMEOUT reached [rancid at rancid ~]$ sh run sh: run: No such file or directory [rancid at rancid ~]$ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080118/3f0620b6/attachment.html From andrew.brennan at drexel.edu Fri Jan 18 16:09:48 2008 From: andrew.brennan at drexel.edu (Andrew Brennan) Date: Fri, 18 Jan 2008 11:09:48 -0500 (EST) Subject: [rancid] Re: Rancid - High CPU on PE's and CE's In-Reply-To: References: Message-ID: <20080118110646.Y74863@dust.noc.drexel.edu> The commands are sequential, so you might see a spike over an interval of time when 10-15 commands are executed in a minute or two. My guess is it is a few specific commands that are cpu-bound, though. You could cut the command list back to the bare essentials and reduce the CPU effects? On Fri, 18 Jan 2008, Shane Haslem wrote: > I have a problem with high CPU utilization on CE's and Pe's that are > being captured via rancid. Is this symptomatic of too many commands > being issued? > > Regards > > > > > > > > > > > The information contained in this e-mail and any files transmitted with it is confidential and may be subject to legal professional privilege. It is intended solely for the use of the addressee(s). If you are not the intended recipient of this e-mail, please note that any review, dissemination, disclosure, alteration, printing, copying or transmission of this e-mail and/or any file transmitted with it, is prohibited and may be unlawful. If you have received this e-mail by mistake, please promptly inform the sender by reply e-mail and delete the material. Whilst this e-mail message has been swept for the presence of computer viruses, eircom (UK) Limited does not, except as required by law, represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, viruses, interception or interference. eircom (UK) Limited. Private Company Limited by Shares. Registered in England and Wales. Registration Number 03478971. Registered Office - South Quay, Plaza 2, 183 Marsh Wall, London, E14 9SH. > From heas at shrubbery.net Sat Jan 19 17:27:56 2008 From: heas at shrubbery.net (john heasley) Date: Sat, 19 Jan 2008 17:27:56 +0000 Subject: [rancid] Re: Rancid - High CPU on PE's and CE's In-Reply-To: <20080118110646.Y74863@dust.noc.drexel.edu> References: <20080118110646.Y74863@dust.noc.drexel.edu> Message-ID: <20080119172756.GD13007@shrubbery.net> sure, some commands consume cpu, whether run by rancid or a user. show run on a cisco with a bunch of pppoe is a perfect example. its the generation of the output, nothing else, that is costly for the router. if you want to limit it, collect less frequently. Fri, Jan 18, 2008 at 11:09:48AM -0500, Andrew Brennan: > The commands are sequential, so you might see a spike over an interval of > time when 10-15 commands are executed in a minute or two. My guess is it > is a few specific commands that are cpu-bound, though. You could cut the > command list back to the bare essentials and reduce the CPU effects? > > On Fri, 18 Jan 2008, Shane Haslem wrote: > > > I have a problem with high CPU utilization on CE's and Pe's that are > > being captured via rancid. Is this symptomatic of too many commands > > being issued? > > > > Regards > > > > > > > > > > > > > > > > > > > > > > The information contained in this e-mail and any files transmitted > with it is confidential and may be subject to legal professional > privilege. It is intended solely for the use of the addressee(s). > If you are not the intended recipient of this e-mail, please note > that any review, dissemination, disclosure, alteration, printing, > copying or transmission of this e-mail and/or any file transmitted > with it, is prohibited and may be unlawful. > If you have received this e-mail by mistake, please promptly > inform the sender by reply e-mail and delete the material. > Whilst this e-mail message has been swept for the presence of > computer viruses, eircom (UK) Limited does not, except as required by law, > represent, warrant and/or guarantee that the integrity > of this communication has been maintained nor that > the communication is free of errors, viruses, interception or > interference. > > eircom (UK) Limited. Private Company Limited by Shares. > Registered in England and Wales. Registration Number 03478971. > Registered Office - South Quay, Plaza 2, 183 Marsh Wall, London, E14 9SH. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From shane.haslem at eircomni.co.uk Mon Jan 21 14:09:33 2008 From: shane.haslem at eircomni.co.uk (Shane Haslem) Date: Mon, 21 Jan 2008 14:09:33 -0000 Subject: [rancid] Re: Rancid - High CPU on PE's and CE's In-Reply-To: <20080119172756.GD13007@shrubbery.net> References: <20080118110646.Y74863@dust.noc.drexel.edu> <20080119172756.GD13007@shrubbery.net> Message-ID: Hi John, Can you advise how to decrease the number of commands to just ' show running-config'. In otherwards, where I find the commands that are run and remove redundant ones from the config. thanks -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: 19 January 2008 17:28 To: Andrew Brennan Cc: Shane Haslem; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Rancid - High CPU on PE's and CE's sure, some commands consume cpu, whether run by rancid or a user. show run on a cisco with a bunch of pppoe is a perfect example. its the generation of the output, nothing else, that is costly for the router. if you want to limit it, collect less frequently. Fri, Jan 18, 2008 at 11:09:48AM -0500, Andrew Brennan: > The commands are sequential, so you might see a spike over an interval of > time when 10-15 commands are executed in a minute or two. My guess is it > is a few specific commands that are cpu-bound, though. You could cut the > command list back to the bare essentials and reduce the CPU effects? > > On Fri, 18 Jan 2008, Shane Haslem wrote: > > > I have a problem with high CPU utilization on CE's and Pe's that are > > being captured via rancid. Is this symptomatic of too many commands > > being issued? > > > > Regards > > > > > > > > > > > > > > > > > > > > > > The information contained in this e-mail and any files transmitted > with it is confidential and may be subject to legal professional > privilege. It is intended solely for the use of the addressee(s). > If you are not the intended recipient of this e-mail, please note > that any review, dissemination, disclosure, alteration, printing, > copying or transmission of this e-mail and/or any file transmitted > with it, is prohibited and may be unlawful. > If you have received this e-mail by mistake, please promptly > inform the sender by reply e-mail and delete the material. > Whilst this e-mail message has been swept for the presence of > computer viruses, eircom (UK) Limited does not, except as required by law, > represent, warrant and/or guarantee that the integrity > of this communication has been maintained nor that > the communication is free of errors, viruses, interception or > interference. > > eircom (UK) Limited. Private Company Limited by Shares. > Registered in England and Wales. Registration Number 03478971. > Registered Office - South Quay, Plaza 2, 183 Marsh Wall, London, E14 9SH. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this e-mail and any files transmitted with it is confidential and may be subject to legal professional privilege. It is intended solely for the use of the addressee(s). If you are not the intended recipient of this e-mail, please note that any review, dissemination, disclosure, alteration, printing, copying or transmission of this e-mail and/or any file transmitted with it, is prohibited and may be unlawful. If you have received this e-mail by mistake, please promptly inform the sender by reply e-mail and delete the material. Whilst this e-mail message has been swept for the presence of computer viruses, eircom (UK) Limited does not, except as required by law, represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, viruses, interception or interference. eircom (UK) Limited. Private Company Limited by Shares. Registered in England and Wales. Registration Number 03478971. Registered Office - South Quay, Plaza 2, 183 Marsh Wall, London, E14 9SH. From john at atrust.com Mon Jan 21 17:36:31 2008 From: john at atrust.com (John Phelps) Date: Mon, 21 Jan 2008 10:36:31 -0700 (MST) Subject: [rancid] Using RANCID with an SSH tunnel In-Reply-To: <11304157.211581200936793441.JavaMail.root@leopard.atrust.com> Message-ID: <4140192.211631200936991355.JavaMail.root@leopard.atrust.com> Hello, I am trying to find a way to retrieve a config from a router that is on a network that our RANCID box does not have a route to. Unfortunately, in this situation, I can't add a route to allow the networks to talk to each other. The only way that the 2 networks have access to each other is through a dual-homed server that has a NIC on each network. Below is a simple diagram of the network: RANCID server--------------------Dual-homed server-----------------------Router 10.0.0.1 10.0.0.2 192.168.0.2 192.168.0.1 Both servers in question are running RHEL. Now I am no Linux expert, but I have been playing around with SSH port forwarding and I am thinking the best way to accomplish this is to create a shell script to open a tunnel to the 192.168.0.0 network before the RANCID job executes. A coworker suggested creating a perl script that RANCID would call to open the tunnel then grab the config, but I am not familiar with perl and having trouble finding examples of how to integrate a perl script into RANCID. If anyone has a better idea of how to pull this off or can point me towards examples of perl scripts for RANCID I'd appreciate it! Thanks, -- John F. Phelps, CCNA From tuosu29 at yahoo.com Mon Jan 21 18:50:26 2008 From: tuosu29 at yahoo.com (adam amith) Date: Mon, 21 Jan 2008 10:50:26 -0800 (PST) Subject: [rancid] Foundry Switches Message-ID: <349147.95396.qm@web56013.mail.re3.yahoo.com> Hello, I am having problem with foundry configuration backup using RANCID - Foundry - FES12GCF Software version - 03.5 I am able to use the flogin and go directly to enable mode. When i run - ./rancid-run and then check the logs i get the following message - cvs status: cannot open CVS/Entries for reading: No such file or directory cvs status: use `cvs add' to create an entry for 172.26.144.67 cvs add: in directory .: cvs [add aborted]: there is no version here; do 'cvs checkout' first CVS added missing router 172.26.144.67 Trying to get all of the configs. 172.26.144.67: End of run not found Error: TIMEOUT reached ===================================== Getting missed routers: round 1. 172.26.144.67: End of run not found Error: TIMEOUT reached ===================================== Getting missed routers: round 2. 172.26.144.67: End of run not found Error: TIMEOUT reached ===================================== Getting missed routers: round 3. 172.26.144.67: End of run not found Error: TIMEOUT reached ===================================== Getting missed routers: round 4. 172.26.144.67: End of run not found Error: TIMEOUT reached cvs diff: in directory .: cvs [diff aborted]: there is no version here; run 'cvs checkout' first cvs commit: in directory .: cvs [commit aborted]: there is no version here; run 'cvs checkout' first when i go to the config folder there file is empty. On the foundry device itself i see that RANCID has loged in through telnet and logged out through telnet. Please help since i saw some foundry related issue with temperature settings. Thanks, --------------------------------- Never miss a thing. Make Yahoo your homepage. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080121/c0c481c9/attachment.html From Anton.Yurchenko at elan.com Mon Jan 21 22:26:39 2008 From: Anton.Yurchenko at elan.com (Yurchenko, Anton) Date: Mon, 21 Jan 2008 15:26:39 -0700 Subject: [rancid] Riverbed WAN accelerators Message-ID: Hi, Anybody tried using RANCID for managing the Riverbed WAN accelerators? Their config structure and CLI interface are somewhat similar to Cisco IOS. Clogin command works, but before jumping in though maybe somebody already has some experience with this. Thanks, ******************************************************** This communication and any files transmitted with it may contain information that is confidential, privileged and exempt from disclosure under applicable law. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender. Thank you for your co-operation. ******************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080121/5bb9d0d0/attachment.html From cgauthie at pcc.edu Tue Jan 22 22:35:21 2008 From: cgauthie at pcc.edu (Chris Gauthier) Date: Tue, 22 Jan 2008 14:35:21 -0800 Subject: [rancid] Re: Using RANCID with an SSH tunnel In-Reply-To: <4140192.211631200936991355.JavaMail.root@leopard.atrust.com> References: <4140192.211631200936991355.JavaMail.root@leopard.atrust.com> Message-ID: <47966FA9.8070507@pcc.edu> I'm not sure how well using Perl to set up your ssh tunnel then execute rancid would work. I think you might do better if you wrote an expect script or some form of a shell script that then called rancid. I am not a programmer by trade, so I m certainly not the most expert person here, but those are my opinion of how you might be more efficient. Btw, rancid is written using the Perl and Expect languages. Chris John Phelps wrote: > Hello, > > I am trying to find a way to retrieve a config from a router that is on a network that our RANCID box does not have a route to. Unfortunately, in this situation, I can't add a route to allow the networks to talk to each other. The only way that the 2 networks have access to each other is through a dual-homed server that has a NIC on each network. Below is a simple diagram of the network: > > RANCID server--------------------Dual-homed server-----------------------Router > 10.0.0.1 10.0.0.2 192.168.0.2 192.168.0.1 > > Both servers in question are running RHEL. Now I am no Linux expert, but I have been playing around with SSH port forwarding and I am thinking the best way to accomplish this is to create a shell script to open a tunnel to the 192.168.0.0 network before the RANCID job executes. A coworker suggested creating a perl script that RANCID would call to open the tunnel then grab the config, but I am not familiar with perl and having trouble finding examples of how to integrate a perl script into RANCID. > > If anyone has a better idea of how to pull this off or can point me towards examples of perl scripts for RANCID I'd appreciate it! > > Thanks, > > -- Chris Gauthier, CCNA, Network+, A+ Network Administration Team Portland Community College Portland, Oregon "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." --Leonardo da Vinci From jethro.binks at strath.ac.uk Tue Jan 22 22:56:58 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 22 Jan 2008 22:56:58 +0000 (GMT) Subject: [rancid] Small patch for francid (to better permit minimally privileged rancid user) Message-ID: <20080122224753.C46769@defjam.cc.strath.ac.uk> I have been playing with using a minimally-privileged user on Foundry gear for rancid. I have had some success so far, and I will continue to look into it. In the meantime, here is a small patch against francid 1.42 which is equivalent to some code in the Cisco rancid to run either of "show running-config" or "write term", whichever works - currently francid only tries to run the latter, but by default a priv level 5 ("read only") user can run little more than "show" commands. I could use the "privilege" command to re-assign "write term" to priv level 5, but since "show running-config" already works anyway, and there is a precedent in (cisco) rancid, why bother? (Hint for anyone else interested in pursuing this: you will need to: hostname(config)# privilege exec level 5 skip-page-display or perhaps some TACACS+ magic to permit it) Jethro. --- francid.1.42 Mon Jan 21 22:55:12 2008 +++ francid Mon Jan 21 23:22:34 2008 @@ -255,6 +255,8 @@ while () { tr/\015//d; last if (/^$prompt/); + return(1) if (/Invalid input ->/); + return(0) if ($found_end); # Only do this routine once /Current configuration:/i && next; /^ver \d+\.\d+/ && next; @@ -378,7 +380,8 @@ {'show chassis' => 'ShowChassis'}, {'show module' => 'ShowModule'}, {'show flash' => 'ShowFlash'}, - {'write term' => 'WriteTerm'} + {'write term' => 'WriteTerm'}, + {'show running-config' => "WriteTerm"}, ); # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From eravin at panix.com Tue Jan 22 23:20:47 2008 From: eravin at panix.com (Ed Ravin) Date: Tue, 22 Jan 2008 18:20:47 -0500 Subject: [rancid] Re: Using RANCID with an SSH tunnel In-Reply-To: <4140192.211631200936991355.JavaMail.root@leopard.atrust.com> References: <11304157.211581200936793441.JavaMail.root@leopard.atrust.com> <4140192.211631200936991355.JavaMail.root@leopard.atrust.com> Message-ID: <20080122232046.GA19146@panix.com> On Mon, Jan 21, 2008 at 10:36:31AM -0700, John Phelps wrote: > I am trying to find a way to retrieve a config from a router that > is on a network that our RANCID box does not have a route to. > Unfortunately, in this situation, I can't add a route to allow the > networks to talk to each other. Why not? I'm asking because if it's a company security policy issue, they might not like the workarounds that I'm going to suggest below. > The only way that the 2 networks > have access to each other is through a dual-homed server that has > a NIC on each network. Below is a simple diagram of the network: > > RANCID server---------------Dual-homed server------------------Router > 10.0.0.1 10.0.0.2 192.168.0.2 192.168.0.1 > > Both servers in question are running RHEL. > ... I have been playing around with SSH port forwarding and I am > thinking the best way to accomplish this is to create a shell script > to open a tunnel to the 192.168.0.0 network before the RANCID job > executes. That would work - you would use "ssh -L" on your rancid server to forward, say, port localhost:12345 to Router:23. When your main RANCID script runs, you could hack it to run ssh in the background, save the pid, and kill the ssh when you're done. A bit clumsy, but it should work. You would need to set up an authorized_keys file so the RANCID server could log in without providing a password. You can set up the ssh config for the user on the "dual homed server" side to not allow any useful commands to be run, which would improve the security of that setup if that's an issue. If you want to invoke the tunnel in a less clumsy fashion, search for my "out of band" patches in the archives of this mailing list - they would let you invoke ssh to the dual-homed server and then telnet from there to the router by setting things up in .cloginrc. There would be no need for port forwarding, just set up the ssh authorization so you can run telnet (or, for better security, a single script that calls telnet with the desired options). You would then define the connection method in cloginrc to be something like "ssh dualhomebox telnet router". Another way would be to set up netcat running on the dual-homed host via inetd/xinetd. Use TCP wrappers or whatever is supported to make sure only the RANCID server can connect to that particular port, and then netcat makes an outgoing connection to the router. Here's an example of how to do it with inetd.conf: 12345 stream tcp nowait nobody /usr/local/bin/netcat netcat myrouter 23 This would fork off a new netcat to the router every time the RANCID server connection to port 12345 on the dual-homed host. Catch is, netcat isn't the brightest bulb in the chandelier when it comes to detecting timeouts, so after a while you'll find a few dozen netcat processes lounging around doing nothing, tying up resources. It's an easy shell script to write to wake up once a day (or week) and kill them, though. You could also do it by running an OpenVPN tunnel between the two Linux boxes, and have OpenVPN on the dual-homed server also route and perform NAT to let you reach the router. That does resemble routing the networks together, but it requires host authentication and you have complete control of what kind of traffic is allowed through the tunnel. -- Ed From matt.hope at nicta.com.au Wed Jan 23 11:23:51 2008 From: matt.hope at nicta.com.au (Matt Hope) Date: Wed, 23 Jan 2008 22:23:51 +1100 Subject: [rancid] Re: Using RANCID with an SSH tunnel In-Reply-To: <4140192.211631200936991355.JavaMail.root@leopard.atrust.com> References: <4140192.211631200936991355.JavaMail.root@leopard.atrust.com> Message-ID: <479723C7.90707@nicta.com.au> John Phelps wrote: > Hello, > > I am trying to find a way to retrieve a config from a router that is on a network that our RANCID box does not have a route to. Unfortunately, in this situation, I can't add a route to allow the networks to talk to each other. The only way that the 2 networks have access to each other is through a dual-homed server that has a NIC on each network. Below is a simple diagram of the network: > > RANCID server--------------------Dual-homed server-----------------------Router > 10.0.0.1 10.0.0.2 192.168.0.2 192.168.0.1 > > Both servers in question are running RHEL. Now I am no Linux expert, but I have been playing around with SSH port forwarding and I am thinking the best way to accomplish this is to create a shell script to open a tunnel to the 192.168.0.0 network before the RANCID job executes. A coworker suggested creating a perl script that RANCID would call to open the tunnel then grab the config, but I am not familiar with perl and having trouble finding examples of how to integrate a perl script into RANCID. > > If anyone has a better idea of how to pull this off or can point me towards examples of perl scripts for RANCID I'd appreciate it! > > Thanks, > I'd suggest setting up your SSH client so that you can type 'ssh 192.168.0.1' from rancid server, and that way rancid will just work [tm]. The easiest way I've found to achieve this is to do something like the following: - create a ~rancid/.ssh/config file - drop something like the following into it: -----8<------- host 192.168.0.1 proxycommand ssh 10.0.0.2 /bin/nc -q 0 %h %p -----8<------- - install 'nc' (netcat) onto your dual-homed server, and setup ssh keys or similar so rancid can log into it without a password. After you do this, you should be able to type "ssh 192.168.0.1" when logged into rancid and get a prompt for 192.168.0.1's password. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080123/5416122c/attachment.bin From heas at shrubbery.net Thu Jan 24 21:32:35 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 24 Jan 2008 21:32:35 +0000 Subject: [rancid] Re: Small patch for francid (to better permit minimally privileged rancid user) In-Reply-To: <20080122224753.C46769@defjam.cc.strath.ac.uk> References: <20080122224753.C46769@defjam.cc.strath.ac.uk> Message-ID: <20080124213235.GV3867@shrubbery.net> Tue, Jan 22, 2008 at 10:56:58PM +0000, Jethro R Binks: > I have been playing with using a minimally-privileged user on Foundry gear > for rancid. I have had some success so far, and I will continue to look > into it. > > In the meantime, here is a small patch against francid 1.42 which is > equivalent to some code in the Cisco rancid to run either of "show > running-config" or "write term", whichever works - currently francid only > tries to run the latter, but by default a priv level 5 ("read only") user > can run little more than "show" commands. I could use the "privilege" > command to re-assign "write term" to priv level 5, but since "show > running-config" already works anyway, and there is a precedent in (cisco) > rancid, why bother? old versions of the foundry code did not support 'show running', iirc. The same for cisco. > (Hint for anyone else interested in pursuing this: you will need to: > > hostname(config)# privilege exec level 5 skip-page-display > > or perhaps some TACACS+ magic to permit it) > > Jethro. > > > --- francid.1.42 Mon Jan 21 22:55:12 2008 > +++ francid Mon Jan 21 23:22:34 2008 > @@ -255,6 +255,8 @@ > while () { > tr/\015//d; > last if (/^$prompt/); > + return(1) if (/Invalid input ->/); > + return(0) if ($found_end); # Only do this routine once > > /Current configuration:/i && next; > /^ver \d+\.\d+/ && next; > @@ -378,7 +380,8 @@ > {'show chassis' => 'ShowChassis'}, > {'show module' => 'ShowModule'}, > {'show flash' => 'ShowFlash'}, > - {'write term' => 'WriteTerm'} > + {'write term' => 'WriteTerm'}, > + {'show running-config' => "WriteTerm"}, > ); > # Use an array to preserve the order of the commands and a hash for mapping > # commands to the subroutine and track commands that have been completed. > > > > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jethro.binks at strath.ac.uk Thu Jan 24 21:58:56 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu, 24 Jan 2008 21:58:56 +0000 (GMT) Subject: [rancid] Re: Small patch for francid (to better permit minimally privileged rancid user) In-Reply-To: <20080124213235.GV3867@shrubbery.net> References: <20080122224753.C46769@defjam.cc.strath.ac.uk> <20080124213235.GV3867@shrubbery.net> Message-ID: <20080124215809.W46769@defjam.cc.strath.ac.uk> On Thu, 24 Jan 2008, john heasley wrote: > > In the meantime, here is a small patch against francid 1.42 which is > > equivalent to some code in the Cisco rancid to run either of "show > > running-config" or "write term", whichever works - currently francid only > > tries to run the latter, but by default a priv level 5 ("read only") user > > can run little more than "show" commands. I could use the "privilege" > > command to re-assign "write term" to priv level 5, but since "show > > running-config" already works anyway, and there is a precedent in (cisco) > > rancid, why bother? > > old versions of the foundry code did not support 'show running', iirc. > The same for cisco. Must be very old! I've had BigIrons and others since around 2002 and I've always used "show run". But anyway, there you go. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From heas at shrubbery.net Thu Jan 24 22:26:51 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 24 Jan 2008 22:26:51 +0000 Subject: [rancid] Re: Small patch for francid (to better permit minimally privileged rancid user) In-Reply-To: <20080124215809.W46769@defjam.cc.strath.ac.uk> References: <20080122224753.C46769@defjam.cc.strath.ac.uk> <20080124213235.GV3867@shrubbery.net> <20080124215809.W46769@defjam.cc.strath.ac.uk> Message-ID: <20080124222650.GY3867@shrubbery.net> Thu, Jan 24, 2008 at 09:58:56PM +0000, Jethro R Binks: > On Thu, 24 Jan 2008, john heasley wrote: > > > > In the meantime, here is a small patch against francid 1.42 which is > > > equivalent to some code in the Cisco rancid to run either of "show > > > running-config" or "write term", whichever works - currently francid only > > > tries to run the latter, but by default a priv level 5 ("read only") user > > > can run little more than "show" commands. I could use the "privilege" > > > command to re-assign "write term" to priv level 5, but since "show > > > running-config" already works anyway, and there is a precedent in (cisco) > > > rancid, why bother? > > > > old versions of the foundry code did not support 'show running', iirc. > > The same for cisco. > > Must be very old! I've had BigIrons and others since around 2002 and I've > always used "show run". maybe I have memory rot....or maybe it just doesn't matter anymore. anyone? They're such an administrative PITA that we've stopped using them. > But anyway, there you go. > > Jethro. > > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK From DylanV at semaphore.com Fri Jan 25 00:59:01 2008 From: DylanV at semaphore.com (Dylan Vanderhoof) Date: Thu, 24 Jan 2008 16:59:01 -0800 Subject: [rancid] Sonicwall? Message-ID: Does anybody have a swlogin script or similar? I see an old post about it in the archives, but the reply only appears to address BigIPs. Thanks, Dylan From rancid at gheek.net Fri Jan 25 16:39:46 2008 From: rancid at gheek.net (Lance) Date: Fri, 25 Jan 2008 09:39:46 -0700 Subject: [rancid] Re: Sonicwall? Message-ID: <20080125093945.8e114e4890519e5179c192e02d6bca26.5c3289e1e2.wbe@email.secureserver.net> Dylan, The sonicwalls should be very similar to the cisco prompt. I used clogin at my former employer if I remember remember correctly. I just had to change what it looked for when it logged out and of course had to create a custom rancid script to execute commands. Did you try the one posted? -Lance > -------- Original Message -------- > Subject: [rancid] Sonicwall? > From: Dylan Vanderhoof > Date: Thu, January 24, 2008 5:59 pm > To: "rancid-discuss at shrubbery.net" > Does anybody have a swlogin script or similar? I see an old post about it in the archives, but the reply only appears to address BigIPs. > Thanks, > Dylan > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From DylanV at semaphore.com Fri Jan 25 17:19:35 2008 From: DylanV at semaphore.com (Dylan Vanderhoof) Date: Fri, 25 Jan 2008 09:19:35 -0800 Subject: [rancid] Re: Sonicwall? In-Reply-To: <20080125093945.8e114e4890519e5179c192e02d6bca26.5c3289e1e2.wbe@email.secureserver.net> Message-ID: I didn't see one posted for sonicwall in the archives, only one for bigips in the same post asking about it. I'll take a look and see if I can make clogin work for starters. Thanks! -D > -----Original Message----- > From: Lance [mailto:rancid at gheek.net] > Sent: Friday, January 25, 2008 8:40 AM > To: Dylan Vanderhoof > Cc: rancid-discuss at shrubbery.net > Subject: RE: [rancid] Sonicwall? > > > Dylan, > > The sonicwalls should be very similar to the cisco prompt. I > used clogin > at my former employer if I remember remember correctly. I just had to > change what it looked for when it logged out and of course > had to create > a custom rancid script to execute commands. > > Did you try the one posted? > > -Lance > > > -------- Original Message -------- > > Subject: [rancid] Sonicwall? > > From: Dylan Vanderhoof > > Date: Thu, January 24, 2008 5:59 pm > > To: "rancid-discuss at shrubbery.net" > > Does anybody have a swlogin script or similar? I see an > old post about it in the archives, but the reply only appears > to address BigIPs. > > Thanks, > > Dylan > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From jheyer at real.com Sun Jan 27 06:35:51 2008 From: jheyer at real.com (John Heyer) Date: Sat, 26 Jan 2008 22:35:51 -0800 Subject: [rancid] Changing Device Type Message-ID: <003601c860ae$dc94bb90$7f41a8c0@corp.real.com> I have a fairly simple problem, although I don't sure how common it is. We just replaced about 100 Extreme switches with Cisco's, and I've changed the device type in RANCID accordingly. "clogin " works fine, however RANCID can't do anything for the hosts. My guess is it's trying to compare the old versions with the new, sees they're 100% different, then craps out. We've already archived the old configs so it's fine to blow them away. Is there a way to completely reset the backend so it's like they never existed? Thanks so much, John Heyer Network Engineer jheyer at real.com (206) 892-6578 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080126/f9f0ae1e/attachment.html From jheyer at real.com Sun Jan 27 07:57:00 2008 From: jheyer at real.com (John Heyer) Date: Sat, 26 Jan 2008 23:57:00 -0800 Subject: [rancid] Re: Changing Device Type In-Reply-To: <003601c860ae$dc94bb90$7f41a8c0@corp.real.com> References: <003601c860ae$dc94bb90$7f41a8c0@corp.real.com> Message-ID: <004101c860ba$32b5d4e0$7f41a8c0@corp.real.com> Got it.these were set to use RADIUS and were missing this line: aaa authorization exec default group radius local John Heyer Network Engineer jheyer at real.com (206) 892-6578 _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of John Heyer Sent: Saturday, January 26, 2008 10:36 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Changing Device Type I have a fairly simple problem, although I don't sure how common it is. We just replaced about 100 Extreme switches with Cisco's, and I've changed the device type in RANCID accordingly. "clogin " works fine, however RANCID can't do anything for the hosts. My guess is it's trying to compare the old versions with the new, sees they're 100% different, then craps out. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080126/30623ad5/attachment.html From shane.haslem at yahoo.co.uk Sun Jan 27 12:00:03 2008 From: shane.haslem at yahoo.co.uk (shane Haslem) Date: Sun, 27 Jan 2008 12:00:03 +0000 (GMT) Subject: [rancid] High CPU Utilization on routers during Rancid capture Message-ID: <246025.82387.qm@web25913.mail.ukl.yahoo.com> Hi all, Can anyone advise if they have experienced high CPU Utilization on routers during config capture, I am using SSH to login, would this be a factor? Regards __________________________________________________________ Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080127/feb5efb0/attachment.html From cgauthie at pcc.edu Sun Jan 27 17:00:18 2008 From: cgauthie at pcc.edu (Chris Gauthier) Date: Sun, 27 Jan 2008 09:00:18 -0800 Subject: [rancid] Re: High CPU Utilization on routers during Rancid capture In-Reply-To: <246025.82387.qm@web25913.mail.ukl.yahoo.com> References: <246025.82387.qm@web25913.mail.ukl.yahoo.com> Message-ID: <479CB8A2.3040009@pcc.edu> Can you be more specific? There are many different brands and models of routers/switches/ out there. Thanks, Chris shane Haslem wrote: > Hi all, > Can anyone advise if they have experienced high CPU Utilization on > routers during config capture, I am using SSH to login, would this be > a factor? > Regards > > ------------------------------------------------------------------------ > Sent from Yahoo! > > - a smarter inbox. > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Chris Gauthier, CCNA, Network+, A+ Network Administration Team Portland Community College Portland, Oregon "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." --Leonardo da Vinci -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080127/ea4634c1/attachment.html From justin at justinshore.com Sun Jan 27 21:11:27 2008 From: justin at justinshore.com (Justin Shore) Date: Sun, 27 Jan 2008 15:11:27 -0600 Subject: [rancid] Re: High CPU Utilization on routers during Rancid capture In-Reply-To: <246025.82387.qm@web25913.mail.ukl.yahoo.com> References: <246025.82387.qm@web25913.mail.ukl.yahoo.com> Message-ID: <479CF37F.9030109@justinshore.com> Of course. I have 2 3660s and one 7206 (G1) that spike at 100% every hour on the hour. It's not RANCID's fault. It happens anytime I do a sh run. The 7206 has about 13k lines in its config. One 3660 has just under 6k lines. The other 3660 has over 17k config lines. That 3660's load stays at 100% for well over a minute. A high load is expected given the sheer size of the config. SSH has a higher load than telnet of course but that's no reason to not use SSH. Justin shane Haslem wrote: > Hi all, > Can anyone advise if they have experienced high CPU Utilization on > routers during config capture, I am using SSH to login, would this be a > factor? > Regards From frnkblk at iname.com Sun Jan 27 22:04:16 2008 From: frnkblk at iname.com (Frank Bulk - iNAME) Date: Sun, 27 Jan 2008 16:04:16 -0600 Subject: [rancid] Re: High CPU Utilization on routers during Rancid capture In-Reply-To: <479CF37F.9030109@justinshore.com> References: <246025.82387.qm@web25913.mail.ukl.yahoo.com> <479CF37F.9030109@justinshore.com> Message-ID: I'm guess you're terminating PPPoX on there: have you looked into the range command to slim down the config a bit? Or is that not possible with your requirements? Frank -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Justin Shore Sent: Sunday, January 27, 2008 3:11 PM To: shane Haslem Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: High CPU Utilization on routers during Rancid capture Of course. I have 2 3660s and one 7206 (G1) that spike at 100% every hour on the hour. It's not RANCID's fault. It happens anytime I do a sh run. The 7206 has about 13k lines in its config. One 3660 has just under 6k lines. The other 3660 has over 17k config lines. That 3660's load stays at 100% for well over a minute. A high load is expected given the sheer size of the config. SSH has a higher load than telnet of course but that's no reason to not use SSH. Justin shane Haslem wrote: > Hi all, > Can anyone advise if they have experienced high CPU Utilization on > routers during config capture, I am using SSH to login, would this be a > factor? > Regards _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From justin at justinshore.com Mon Jan 28 00:31:35 2008 From: justin at justinshore.com (Justin Shore) Date: Sun, 27 Jan 2008 18:31:35 -0600 Subject: [rancid] Re: High CPU Utilization on routers during Rancid capture In-Reply-To: References: <246025.82387.qm@web25913.mail.ukl.yahoo.com> <479CF37F.9030109@justinshore.com> Message-ID: <479D2267.7060205@justinshore.com> Frank, No PPPoE here but you're thinking along the right track. I have about 1200 PVCs configured for RBE DSL termination on the 3660. The best design I can think of would have been VTIs or some other template mechanism, one per speed package we offer. Unfortunately this is what I inherited. ADSL is being phased out and being replaced with FTTH and ADSL2+ on distributed IP DSLAMs instead of centralized routers in the core. These routers will breathe easier when the DSL load is taken off of them. Slightly off-topic but still related is a problem I first encountered a couple years ago. RANCID can help alert you to a low memory problem if you know what signs to look for. This same 3660 started generating RANCID diffs every day or two. A PVC or 2 would disappear and then reappear the next time RANCID ran. It was always there when I checked by hand (sh run int ATMa/b.xyz). I figured it was a fluke, that perhaps RANCID couldn't handle configs this big. I ignored the diffs for months, even setting up Outlook to mark diffs related to that router as read. Over time the number of PVCs disappearing and reappearing grew larger, up to hundreds at a time. The time between occurences also shortened until it happened on every RANCID run. The router was running fine so we never gave it a second thought. One day the router was reported as down in RANCID. I checked and the router was still up. However I could not do a sh run; it just returned me to the command prompt. I figured out then what was going on. The router was running out of RAM. I tried all sorts of methods of getting the config, dumping it to tftp, etc before our scheduled maintenance window (just in case). Nothing worked. About 4 hours before the window the router went offline. Once onsite I consoled in and found that OSPF had died (not enough RAM). I rebooted without writing (which I was sure would jack the config if I wrote it). It came up and ran ok. I diffed the current config against one a few months back and found I was missing about 12k lines of config. Woo! I spent the rest of the morning pasting in config from a RANCID diff over a year old (before the problem first showed up). It worked but seriously screwed up our carrier system. The field techs spent most of the day driving around and resetting cards manually. I've since seen this exact problem come up twice now with 2 completely unrelated pieces of equipment. Both had a memory leak. I managed to reboot them without incident since I caught the problem so quickly. So, to make a long story short, if you see anything like what I describe above DO NOT WRITE THE CONFIG and schedule a maintenance window for a reboot ASAP. Learn from my mistake. Justin Frank Bulk - iNAME wrote: > I'm guess you're terminating PPPoX on there: have you looked into the range > command to slim down the config a bit? Or is that not possible with your > requirements? > > Frank > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Justin Shore > Sent: Sunday, January 27, 2008 3:11 PM > To: shane Haslem > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: High CPU Utilization on routers during Rancid capture > > Of course. I have 2 3660s and one 7206 (G1) that spike at 100% every > hour on the hour. It's not RANCID's fault. It happens anytime I do a > sh run. The 7206 has about 13k lines in its config. One 3660 has just > under 6k lines. The other 3660 has over 17k config lines. That 3660's > load stays at 100% for well over a minute. A high load is expected > given the sheer size of the config. SSH has a higher load than telnet > of course but that's no reason to not use SSH. > > Justin > > shane Haslem wrote: >> Hi all, >> Can anyone advise if they have experienced high CPU Utilization on >> routers during config capture, I am using SSH to login, would this be a >> factor? >> Regards > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From heas at shrubbery.net Mon Jan 28 18:11:15 2008 From: heas at shrubbery.net (john heasley) Date: Mon, 28 Jan 2008 10:11:15 -0800 Subject: [rancid] Re: High CPU Utilization on routers during Rancid capture In-Reply-To: <479D2267.7060205@justinshore.com> References: <246025.82387.qm@web25913.mail.ukl.yahoo.com> <479CF37F.9030109@justinshore.com> <479D2267.7060205@justinshore.com> Message-ID: <20080128181115.GA16454@shrubbery.net> Sun, Jan 27, 2008 at 06:31:35PM -0600, Justin Shore: > the config if I wrote it). It came up and ran ok. I diffed the current > config against one a few months back and found I was missing about 12k > lines of config. Woo! I spent the rest of the morning pasting in > config from a RANCID diff over a year old (before the problem first > showed up). It worked but seriously screwed up our carrier system. The > field techs spent most of the day driving around and resetting cards > manually. if you know when the last good config was collected, then you can make rancid & cvs do a lot of this work for you. for example; if you know it was last successfully (and with a proper config) collected on thursday at 5pm, then you can look at 'cvs log configfile' for that date (also see cvs's -D option for many of the cvs commands). you can then checkout that version cvs co -p -r rev /configs/configfile > /tftpboot/configfile edit it for passwords removed and so forth, then load it directly to the device's start-up config and reload the box (without saving). if you know that changes many have been applied between the last successful collection and the reboot, then run rancid against the device rancid-run -r devicename_from_router.db and diff the two files cvs diff -r rev -r HEAD configfile this can probably easily be greped/awked/edited into something that you can load like copy tftp: running not that I expect you did it differently, but others might get the idea from your "applying diffs" note that that arduous task would be manual. From bi at rackpeople.dk Tue Jan 29 11:20:15 2008 From: bi at rackpeople.dk (Brian Ipsen) Date: Tue, 29 Jan 2008 12:20:15 +0100 Subject: [rancid] Cisco PIX / ASA Activation key ? Message-ID: Hi Looking through the code, I can see, that there are something listed with activations keys - but these are not listed as comments in my PIX/ASA configuration dumps... Is it possible to get the activation keys stores as a comment in the config dump as well ?? Med venlig hilsen / Kind regards Brian Ipsen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080129/f28466d5/attachment.html From bi at rackpeople.dk Tue Jan 29 11:55:12 2008 From: bi at rackpeople.dk (Brian Ipsen) Date: Tue, 29 Jan 2008 12:55:12 +0100 Subject: [rancid] Re: Cisco PIX / ASA Activation key ? In-Reply-To: References: Message-ID: Hi, The pix is running 6.3(5) My dump file for this device looks like: !RANCID-CONTENT-TYPE: cisco ! !Chassis type: PIX-501 - a PIX !CPU: Am5x86 133 MHz ! !Memory: 16 MB RAM !This PIX has a Restricted (R) license. !Serial Number: xxxxxxxxxxxxxxxxxxxxxxx ! ! ! !Image: Compiled: on Thu 04-Aug-05 21:40 by morlee ! ! ! !Flash: flash file system: version:3 magic:0x12345679 !Flash: file 0: origin: 0 length:1978424 !Flash: file 1: origin: 2097152 length:6650 !Flash: file 2: origin: 2228224 length:1925 !Flash: file 3: origin: 2359296 length:3152452 !Flash: file 4: origin: 0 length:0 !Flash: file 5: origin: 7864320 length:308 ! ! : Saved : Show version reveals: Running Activation Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa And for Cisco ASA: !RANCID-CONTENT-TYPE: cisco ! !Chassis type: ASA5510 - a PIX !CPU: Pentium 4 Celeron 1600 MHz ! !Memory: 256 MB RAM !Serial Number:xxxxxxxxxx ! ! ! !Image: Compiled: on Wed 22-Nov-06 14:16 by builders !Image: disk0:/asa722-k8.bin ! ! ! ! !BootFlash: BOOT variable = disk0:/asa722-k8.bin !BootFlash: Current BOOT variable = disk0:/asa722-k8.bin !BootFlash: CONFIG_FILE variable = !BootFlash: Current CONFIG_FILE variable = ! !BootFlash: BOOT variable = disk0:/asa722-k8.bin !BootFlash: Current BOOT variable = disk0:/asa722-k8.bin !BootFlash: CONFIG_FILE variable = !BootFlash: Current CONFIG_FILE variable = ! !Flash: -#- --length-- -----date/time------ path !Flash: 8 8312832 Dec 04 2006 07:00:14 asa722-k8.bin !Flash: 9 5623108 Dec 04 2006 07:07:22 asdm-522.bin !Flash: 241418240 bytes available (14008320 bytes used) ! !Flash: disk0: Directory of disk0:/ !Flash: disk0: 8 -rw- 8312832 07:00:14 Dec 04 2006 asa722-k8.bin !Flash: disk0: 9 -rw- 5623108 07:07:22 Dec 04 2006 asdm-522.bin !Flash: disk0: 255426560 bytes total (241418240 bytes free) ! ! !Slot 0: hvers 1.1, firmware 1.0(11)2, sw 7.2(2) ! And "Show version" for the ASA: Running Activation Key: 0xbbbbbbbbb 0xbbbbbbbb 0xbbbbbbbb 0xbbbbbbbb 0xbbbbbbbb Med venlig hilsen / Kind regards Brian Ipsen RackPeople ApS Dynamovej 11C, 2 sal DK-2730 Herlev Mobil: +45 25 41 49 13 Tel: +45 70 25 35 90 Fax: +45 70 25 35 91 Support: +45 70 26 27 02 Internet: www.rackpeople.dk Email: bi at rackpeople.dk ___________________________________ -----Original Message----- From: Regnar Bang Lyngs? [mailto:regnar.lyngso at aak.com] Sent: 29. januar 2008 12:50 To: Brian Ipsen Cc: rancid-discuss at shrubbery.net; rancid-discuss-bounces at shrubbery.net Subject: Re: [rancid] Cisco PIX / ASA Activation key ? rancid-discuss-bounces at shrubbery.net wrote on 29-01-2008 12:20:15: > Looking through the code, I can see, that there are something > listed with activations keys ? but these are not listed as comments > in my PIX/ASA configuration dumps? Using which version of rancid? Which PIX version? On PIX 6.3: !RANCID-CONTENT-TYPE: cisco !This PIX has an Unrestricted (UR) license. !Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa Rancid parses the information from the command "show version". Is the activation code listed as "Activation Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa" when issuing "show version" on your platform/software version? Regards, -- Regnar Bang Lyngs?, Network Administrator AarhusKarlshamn Denmark A/S M.P. Bruuns Gade 27, DK-8000 ?rhus C, Denmark Email: mailto:regnar.lyngso at aak.com Phone: +45 87 30 61 65 Mobile: +45 40 45 08 89 Registered office: Aarhus Reg. no: 15672099 From justin at justinshore.com Tue Jan 29 14:34:18 2008 From: justin at justinshore.com (Justin Shore) Date: Tue, 29 Jan 2008 08:34:18 -0600 Subject: [rancid] Re: High CPU Utilization on routers during Rancid capture In-Reply-To: <20080128181115.GA16454@shrubbery.net> References: <246025.82387.qm@web25913.mail.ukl.yahoo.com> <479CF37F.9030109@justinshore.com> <479D2267.7060205@justinshore.com> <20080128181115.GA16454@shrubbery.net> Message-ID: <479F396A.9070503@justinshore.com> john heasley wrote: > Sun, Jan 27, 2008 at 06:31:35PM -0600, Justin Shore: >> the config if I wrote it). It came up and ran ok. I diffed the current >> config against one a few months back and found I was missing about 12k >> lines of config. Woo! I spent the rest of the morning pasting in >> config from a RANCID diff over a year old (before the problem first >> showed up). It worked but seriously screwed up our carrier system. The >> field techs spent most of the day driving around and resetting cards >> manually. > > if you know when the last good config was collected, then you can make > rancid & cvs do a lot of this work for you. > > not that I expect you did it differently, but others might get the idea > from your "applying diffs" note that that arduous task would be manual. Right. I don't want them to think that they have to do it the hard way too. My situation though required me to go back over a year to get a complete working config. After spending an hour trying to find a version of the config from the weeks and months of diffs prior to the failure that didn't have missing PVCs I finally said to hell with it. I went back to shortly after I set up RANCID for that router and used that config. I hadn't added any PVCs so the only thing I was going to lose was UBR changes that I could recreate later. Recreating the PVCs at least let me get all my users back online even if their speeds weren't accurate. It was not a fun morning. For the other 99% of the time I can simply pull the latest RANCID config for rapid recovery of a failed stick of flash or CF card. Works like a champ. Justin From firaz at qatar.net.qa Tue Jan 29 05:31:58 2008 From: firaz at qatar.net.qa (Firaz) Date: Tue, 29 Jan 2008 08:31:58 +0300 Subject: [rancid] all connections through clogin are timing out... Message-ID: <000001c86238$444ce5c0$cce6b140$@net.qa> Hi .. Any body has a solution for this issue . I am also facing the same . Regards, Firaz.M.A Firaz at qatar.net.qa -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080129/c01f54c6/attachment.html From regnar.lyngso at aak.com Tue Jan 29 11:50:27 2008 From: regnar.lyngso at aak.com (=?ISO-8859-1?Q?Regnar_Bang_Lyngs=F8?=) Date: Tue, 29 Jan 2008 12:50:27 +0100 Subject: [rancid] Re: Cisco PIX / ASA Activation key ? In-Reply-To: Message-ID: rancid-discuss-bounces at shrubbery.net wrote on 29-01-2008 12:20:15: > Looking through the code, I can see, that there are something > listed with activations keys ? but these are not listed as comments > in my PIX/ASA configuration dumps? Using which version of rancid? Which PIX version? On PIX 6.3: !RANCID-CONTENT-TYPE: cisco !This PIX has an Unrestricted (UR) license. !Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa Rancid parses the information from the command "show version". Is the activation code listed as "Activation Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa" when issuing "show version" on your platform/software version? Regards, -- Regnar Bang Lyngs?, Network Administrator AarhusKarlshamn Denmark A/S M.P. Bruuns Gade 27, DK-8000 ?rhus C, Denmark Email: mailto:regnar.lyngso at aak.com Phone: +45 87 30 61 65 Mobile: +45 40 45 08 89 Registered office: Aarhus Reg. no: 15672099 From smunzani at comcast.net Tue Jan 29 17:12:49 2008 From: smunzani at comcast.net (Sam Munzani) Date: Tue, 29 Jan 2008 11:12:49 -0600 Subject: [rancid] Re: Cisco PIX / ASA Activation key ? In-Reply-To: References: Message-ID: <479F5E91.2020007@comcast.net> Do you ever wonder why in the world you care about backing up the activation keys? Its not something that gets lost how many times you wipe your firewall config. The old key doesn't do you any good on replacement hardware if your hardware is dead and you need it replaced. In my mind, its useless information and one should not care about it. Don't get me wrong here. The output of "show version" has value here because it gives a lot of other valuable info. e.g. uptime, last configuration modification timestamp etc. Thanks, Sam > rancid-discuss-bounces at shrubbery.net wrote on 29-01-2008 12:20:15: > > >> Looking through the code, I can see, that there are something >> listed with activations keys ? but these are not listed as comments >> in my PIX/ASA configuration dumps? >> > > Using which version of rancid? Which PIX version? > > On PIX 6.3: > > !RANCID-CONTENT-TYPE: cisco > !This PIX has an Unrestricted (UR) license. > !Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa > > Rancid parses the information from the command "show version". Is the > activation code listed as "Activation Key: 0xaaaaaaaa 0xaaaaaaaa > 0xaaaaaaaa 0xaaaaaaaa" when issuing "show version" on your > platform/software version? > > Regards, > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080129/0477006a/attachment.html From bi at rackpeople.dk Tue Jan 29 21:35:37 2008 From: bi at rackpeople.dk (Brian Ipsen) Date: Tue, 29 Jan 2008 22:35:37 +0100 Subject: [rancid] Re: Cisco PIX / ASA Activation key ? In-Reply-To: <479F5E91.2020007@comcast.net> References: <479F5E91.2020007@comcast.net> Message-ID: Hi The reason for my question is that I just had an ASA5505, which (for some weird reason) corrupted the flash drive, so I had to reformat/initialize it. When booting the device, the activation key was zeroized... Not a problem for the specific device, since it is a 10-user without any additional features... But it would have been disappointing, if it had been an unlimited users version, maybe with the software that also allows trunking etc (since there's a cost for the software license).. Med venlig hilsen / Kind regards Brian Ipsen ___________________________________ From: Sam Munzani [mailto:smunzani at comcast.net] Sent: 29. januar 2008 18:13 To: Regnar Bang Lyngs? Cc: Brian Ipsen; rancid-discuss-bounces at shrubbery.net; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Cisco PIX / ASA Activation key ? Do you ever wonder why in the world you care about backing up the activation keys? Its not something that gets lost how many times you wipe your firewall config. The old key doesn't do you any good on replacement hardware if your hardware is dead and you need it replaced. In my mind, its useless information and one should not care about it. Don't get me wrong here. The output of "show version" has value here because it gives a lot of other valuable info. e.g. uptime, last configuration modification timestamp etc. Thanks, Sam rancid-discuss-bounces at shrubbery.net wrote on 29-01-2008 12:20:15: Looking through the code, I can see, that there are something listed with activations keys ? but these are not listed as comments in my PIX/ASA configuration dumps? Using which version of rancid? Which PIX version? On PIX 6.3: !RANCID-CONTENT-TYPE: cisco !This PIX has an Unrestricted (UR) license. !Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa Rancid parses the information from the command "show version". Is the activation code listed as "Activation Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa" when issuing "show version" on your platform/software version? Regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080129/3e75f6e6/attachment.html From smunzani at comcast.net Tue Jan 29 21:53:06 2008 From: smunzani at comcast.net (Sam Munzani) Date: Tue, 29 Jan 2008 15:53:06 -0600 Subject: [rancid] Re: Cisco PIX / ASA Activation key ? In-Reply-To: References: <479F5E91.2020007@comcast.net> Message-ID: <479FA042.7050105@comcast.net> I understand your point and it saves hassle. However if you request license key again from CCO login, it doesn't cost anything. It an automated process that emails you your license key(whatever you paid for as per their database). I had such case in past and all I had to do was request a 3DES key from the CCO URL below. http://www.cisco.com/go/license But again, if you had it backed up, you could refer to rancid config file for this key since its part of the "show ver" command rancid does. Thanks, Sam > > Hi > > > > The reason for my question is that I just had an ASA5505, which (for > some weird reason) corrupted the flash drive, so I had to > reformat/initialize it. When booting the device, the activation key > was zeroized... Not a problem for the specific device, since it is a > 10-user without any additional features... But it would have been > disappointing, if it had been an unlimited users version, maybe with > the software that also allows trunking etc (since there's a cost for > the software license).. > > > > Med venlig hilsen / Kind regards > > *Brian Ipsen* > > > > ___________________________________ > > > > *From:* Sam Munzani [mailto:smunzani at comcast.net] > *Sent:* 29. januar 2008 18:13 > *To:* Regnar Bang Lyngs? > *Cc:* Brian Ipsen; rancid-discuss-bounces at shrubbery.net; > rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Re: Cisco PIX / ASA Activation key ? > > > > Do you ever wonder why in the world you care about backing up the > activation keys? Its not something that gets lost how many times you > wipe your firewall config. The old key doesn't do you any good on > replacement hardware if your hardware is dead and you need it > replaced. In my mind, its useless information and one should not care > about it. > > Don't get me wrong here. The output of "show version" has value here > because it gives a lot of other valuable info. e.g. uptime, last > configuration modification timestamp etc. > > Thanks, > Sam > > rancid-discuss-bounces at shrubbery.net wrote on 29-01-2008 12:20:15: > > > > Looking through the code, I can see, that there are something > > listed with activations keys ? but these are not listed as comments > > in my PIX/ASA configuration dumps? > > > > > Using which version of rancid? Which PIX version? > > On PIX 6.3: > > !RANCID-CONTENT-TYPE: cisco > !This PIX has an Unrestricted (UR) license. > !Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa > > Rancid parses the information from the command "show version". Is the > activation code listed as "Activation Key: 0xaaaaaaaa 0xaaaaaaaa > 0xaaaaaaaa 0xaaaaaaaa" when issuing "show version" on your > platform/software version? > > Regards, > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080129/64fd50e3/attachment.html From jjackson at aninetworks.com Thu Jan 31 00:26:48 2008 From: jjackson at aninetworks.com (Joseph Jackson) Date: Wed, 30 Jan 2008 16:26:48 -0800 Subject: [rancid] Change of internal mail. Message-ID: <52e40b5d0801301626x33e5fe3ua02afe1d9568d27c@mail.gmail.com> Hey all, We recently changed over from an in house ms exchange mail server setup to a hosted email solution from google.com. After the change I of course stopped getting my rancid emails. I've gone through the configs but I can't seem to find anywhere that it points to a mail server for relaying. Any tips would be helpful. Thanks Joseph -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080130/8ee5249b/attachment.html From justin at justinshore.com Thu Jan 31 02:28:20 2008 From: justin at justinshore.com (Justin Shore) Date: Wed, 30 Jan 2008 20:28:20 -0600 Subject: [rancid] Re: Change of internal mail. In-Reply-To: <52e40b5d0801301626x33e5fe3ua02afe1d9568d27c@mail.gmail.com> References: <52e40b5d0801301626x33e5fe3ua02afe1d9568d27c@mail.gmail.com> Message-ID: <47A13244.7050200@justinshore.com> The recipient addresses are automatically generated based on the group names. Check /etc/aliases or /etc/mail/aliases. Remember to run newaliases if you edit the aliases file (as root). Justin Joseph Jackson wrote: > Hey all, > > We recently changed over from an in house ms exchange mail server setup > to a hosted email solution from google.com . After > the change I of course stopped getting my rancid emails. I've gone > through the configs but I can't seem to find anywhere > that it points to a mail server for relaying. Any tips would be helpful. > > > Thanks > > Joseph > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From david+rancid at luyer.net Thu Jan 31 17:30:19 2008 From: david+rancid at luyer.net (David Luyer) Date: Thu, 31 Jan 2008 09:30:19 -0800 (PST) Subject: [rancid] Re: Change of internal mail. In-Reply-To: <52e40b5d0801301626x33e5fe3ua02afe1d9568d27c@mail.gmail.com> References: <52e40b5d0801301626x33e5fe3ua02afe1d9568d27c@mail.gmail.com> Message-ID: <51228.2001:5a8:4:4280:219:e3ff:fe04:b570.1201800619.squirrel@www.luyer.net> If your RANCID server is pointing at another server as a relay, that would be in your (sendmail/postfix/qmail/exim/??) configuration. For example sendmail you'd probably update sendmail.mc then regenerate sendmail.cf (exact command line depends on what OS and distribution you're using). Other MTAs would be different. David. > Hey all, > > We recently changed over from an in house ms exchange mail server setup to > a > hosted email solution from google.com. After the change I of course > stopped > getting my rancid emails. I've gone through the configs but I can't seem > to > find anywhere > that it points to a mail server for relaying. Any tips would be helpful. > > > Thanks > > Joseph > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss