[rancid] Re: Oddities with Cisco ASA

Jethro R Binks jethro.binks at strath.ac.uk
Thu Mar 6 10:36:40 UTC 2008 

On Sun, 2 Mar 2008, Jethro R Binks wrote:

> On Wed, 16 Jan 2008, Jethro R Binks wrote:
> 
> > Despite reports on the list of people having no problems with Cisco ASAs, 
> > I am having some problems.  This with code 7.1(2).  Two problems are 
> > described here, forgive the length of this.
> 
> You may recall my message a while ago to this effect.  I have recently 
> made another observation, for which I have no explanation, but offer it as 
> merely as an additional data point.
> 
> I have been running rancid persistently against this particular ASA ever 
> since the above, and it persistently fails in the same way.  However I 
> lately upgraded the 7.1(2) to 7.2(3), and immediately afterwards rancid 
> was able to connect for the first time since whenever and retrieve the 
> config.  Hurrah!  I thought, problem fixed.  Unfortunately, it started 
> to fail again about 12 hours later, and that is the way it has remained 
> since :(.

I have made a little more progress.  Ultimately, the reason for the 
failure now is because it thinks there are still commands to run.

rancid tries to run these two commands, treated as equivalent:

        {'show running-config'          => 'WriteTerm'},
        {'write term'                   => 'WriteTerm'},

For some reason, at least with my ASA (see previous messages for detail), 
rancid isn't able to pick out the output of the second command, but it can 
process the output from the first, so it's not a problem; it sets 
$found_end and the command is deleted from the commands list:

        delete($commands{$cmd});

Then it tries to call WriteTerm for the second time, and it exits earlier 
because $found_end is already set:

        return(0) if ($found_end);              # Only do this routine once

I think what is happening is that this time:

    while (/#\s*($cmds_regexp)\s*$/) {

doesn't match, because it couldn't parse the output for the second 
command, and so:

        delete($commands{$cmd});

is never called, the command gets left in the command list, and rancid 
exits with failure:

missed cmd(s): write term

I suppose the solution is that if WriteTerm has been called once 
successfully, it removes all the commands that process that sub from the 
command list.  However I do not know if for some Cisco kit "show 
running-config" and "write term" are intrinsically different in some way.

As a short term fix, I have commented out "write term" from the list of 
commands to run, and rancid now works against my ASA.

Grateful for any thoughts on this interpretation.

Jethro.










rancid isn't able to see the output


In the case of the ASA, "show running-config" doesn't work (as a 
not-level-15 priv user

In my case, it seems both work, but when the output 
from the first is found, it notes that "show running-config" was 
successful, and doesn't run the second:


 
Unfortunately, the command is still in the command list (, and at the end 
of 
the loop it assumes a command failed because it wasn't removed from the 
command list.

I'm puzzled why others do not see this behaviour though ... I checked to 
see if I'd made other modifications but other than debugging statements, 
no.


I tried with rancid.in,v 1.174 2004/05/27, unmodified, 

and that did 
exactly the same.

J.

> 
> FWIW, I am now running rancid.in 1.234 and clogin 1.79.
> 
> Jethro.
> 
> 
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> Jethro R Binks
> Computing Officer, IT Services
> University Of Strathclyde, Glasgow, UK
> 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services
University Of Strathclyde, Glasgow, UK

More information about the Rancid-discuss mailing list