From Matthew.Johnson1 at med.ge.com Tue Sep 2 15:33:14 2008 From: Matthew.Johnson1 at med.ge.com (Johnson, Matt (GE Healthcare)) Date: Tue, 2 Sep 2008 11:33:14 -0400 Subject: [rancid] Control rancid had problems parsing my routers.db file Message-ID: Hi everyone. I'm a new user of rancid. In setting up my installation, I was going batty trying to figure out why all the entries in my router.db file ended up in the routers.down file. I started monkeying around in control_rancid and discovered that I needed to add the \r* to the following lines: perl -F: -ane '{($F[0] =~ tr at A-Z@a-z@,print $_) if ($F[2] !~ /^up\r*$/i);}' routers.db > routers.down.new perl -F: -ane '{($F[0] =~ tr at A-Z@a-z@,print "$F[0]:$F[1]\n") if ($F[2] =~ /^up\r*$/i);}' routers.db > routers.up.new I have only used vim to edit the router.db file (albiet both on windows and linux) so didn't expect to have issues with goofy line feeds that sometimes creep up when using things like windows wordpad. I post this to the users on the list to see if I'm just doing something wrong, and also to give this simple fix to anyone else having problems with their routers ending up in the routers.down file. I'm running perl v5.8.8 on Ubuntu 8.0.4. Thanks everyone. Its a pretty slick tool once I got it going. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080902/3122d5a0/attachment.html From cgauthier at mapscu.com Tue Sep 2 16:09:36 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Tue, 2 Sep 2008 09:09:36 -0700 Subject: [rancid] Re: [SPAM] - Control rancid had problems parsing my routers.db file - Bayesian Filter detected spam In-Reply-To: References: Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F3381294DF4B@mshin01.mapscu.com> I, too, am running 8.04 LTS Server and rancid 2.3.2a7 (I think that is the right numbers). Where did you edit the files, Windows or Linux? That part makes a difference. Windows, by default, stores using a , where Linux (and all *nix variants, as I understand) only record the . If you used Windows, check your editor to make sure it is saving in a Unix-style format (ie, not CR-LF). (shamless plug) I use EditPad Pro (they have a Lite version) and love it! http://www.editpadpro.com/ Chris From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Johnson, Matt (GE Healthcare) Sent: Tuesday, September 02, 2008 8:33 AM To: rancid-discuss at shrubbery.net Subject: [SPAM] - [rancid] Control rancid had problems parsing my routers.db file - Bayesian Filter detected spam Hi everyone. I'm a new user of rancid. In setting up my installation, I was going batty trying to figure out why all the entries in my router.db file ended up in the routers.down file. I started monkeying around in control_rancid and discovered that I needed to add the \r* to the following lines: perl -F: -ane '{($F[0] =~ tr at A-Z@a-z@,print $_) if ($F[2] !~ /^up\r*$/i);}' routers.db > routers.down.new perl -F: -ane '{($F[0] =~ tr at A-Z@a-z@,print "$F[0]:$F[1]\n") if ($F[2] =~ /^up\r*$/i);}' routers.db > routers.up.new I have only used vim to edit the router.db file (albiet both on windows and linux) so didn't expect to have issues with goofy line feeds that sometimes creep up when using things like windows wordpad. I post this to the users on the list to see if I'm just doing something wrong, and also to give this simple fix to anyone else having problems with their routers ending up in the routers.down file. I'm running perl v5.8.8 on Ubuntu 8.0.4. Thanks everyone. Its a pretty slick tool once I got it going. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080902/04a3c80a/attachment.html From Matthew.Johnson1 at med.ge.com Tue Sep 2 16:37:13 2008 From: Matthew.Johnson1 at med.ge.com (Johnson, Matt (GE Healthcare)) Date: Tue, 2 Sep 2008 12:37:13 -0400 Subject: [rancid] Re: [SPAM] - Control rancid had problems parsing my routers.db file - Bayesian Filter detected spam In-Reply-To: <0A9A5A2BC1C0A94C981AF5FCF2D2F3381294DF4B@mshin01.mapscu.com> References: <0A9A5A2BC1C0A94C981AF5FCF2D2F3381294DF4B@mshin01.mapscu.com> Message-ID: You are correct. My vim installation on windows wasn't doing what I thought it was. Would it be a bad idea to patch control_rancid so that it wouldn't matter which file format it would be in? Thanks for your help Chris. ________________________________ From: Chris Gauthier [mailto:cgauthier at mapscu.com] Sent: Tuesday, September 02, 2008 11:10 AM To: Johnson, Matt (GE Healthcare); rancid-discuss at shrubbery.net Subject: RE: [SPAM] - [rancid] Control rancid had problems parsing my routers.db file - Bayesian Filter detected spam I, too, am running 8.04 LTS Server and rancid 2.3.2a7 (I think that is the right numbers). Where did you edit the files, Windows or Linux? That part makes a difference. Windows, by default, stores using a , where Linux (and all *nix variants, as I understand) only record the . If you used Windows, check your editor to make sure it is saving in a Unix-style format (ie, not CR-LF). (shamless plug) I use EditPad Pro (they have a Lite version) and love it! http://www.editpadpro.com/ Chris From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Johnson, Matt (GE Healthcare) Sent: Tuesday, September 02, 2008 8:33 AM To: rancid-discuss at shrubbery.net Subject: [SPAM] - [rancid] Control rancid had problems parsing my routers.db file - Bayesian Filter detected spam Hi everyone. I'm a new user of rancid. In setting up my installation, I was going batty trying to figure out why all the entries in my router.db file ended up in the routers.down file. I started monkeying around in control_rancid and discovered that I needed to add the \r* to the following lines: perl -F: -ane '{($F[0] =~ tr at A-Z@a-z@,print $_) if ($F[2] !~ /^up\r*$/i);}' routers.db > routers.down.new perl -F: -ane '{($F[0] =~ tr at A-Z@a-z@,print "$F[0]:$F[1]\n") if ($F[2] =~ /^up\r*$/i);}' routers.db > routers.up.new I have only used vim to edit the router.db file (albiet both on windows and linux) so didn't expect to have issues with goofy line feeds that sometimes creep up when using things like windows wordpad. I post this to the users on the list to see if I'm just doing something wrong, and also to give this simple fix to anyone else having problems with their routers ending up in the routers.down file. I'm running perl v5.8.8 on Ubuntu 8.0.4. Thanks everyone. Its a pretty slick tool once I got it going. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080902/a058bba0/attachment.html From bgmilne at staff.telkomsa.net Thu Sep 4 10:05:57 2008 From: bgmilne at staff.telkomsa.net (Buchan Milne) Date: Thu, 4 Sep 2008 12:05:57 +0200 Subject: [rancid] Contents of nvram alternating Message-ID: <200809041205.58144.bgmilne@staff.telkomsa.net> On some of our 6500's, and one 7600, I see something like this: !Flash: 1672932 bytes available (30308636 bytes used) ! + !Flash: nvram: Directory of nvram:/ + !Flash: nvram: 382 -rw- 34497 startup-config + !Flash: nvram: 383 ---- 1932 private-config + !Flash: nvram: 384 -rw- 34497 underlying-config + !Flash: nvram: 2 ---- 47 persistent-data + !Flash: nvram: 3 ---- 4 rf_cold_starts + !Flash: nvram: 391160 bytes total (351607 bytes free) + ! !Flash: bootflash: Directory of bootflash:/ then on the next run: !Flash: 1672932 bytes available (30308636 bytes used) ! !Flash: nvram: Directory of nvram:/ - !Flash: nvram: 382 -rw- 34497 startup-config - !Flash: nvram: 383 ---- 1932 private-config - !Flash: nvram: 384 -rw- 34497 underlying-config - !Flash: nvram: 2 ---- 47 persistent-data - !Flash: nvram: 3 ---- 4 rf_cold_starts + !Flash: nvram: No files in directory !Flash: nvram: 391160 bytes total (351607 bytes free) ! !Flash: bootflash: Directory of bootflash:/ and the next run: !Flash: 1672932 bytes available (30308636 bytes used) ! - !Flash: nvram: Directory of nvram:/ - !Flash: nvram: No files in directory - !Flash: nvram: 391160 bytes total (351607 bytes free) - ! !Flash: bootflash: Directory of bootflash:/ The network engineer claims there is nothing wrong with this device ... Has anyone seen this? Is there anything I can do about it besides removing the nvram directory listing from rancid? Regards, Buchan From NMaio at guesswho.com Thu Sep 4 12:02:45 2008 From: NMaio at guesswho.com (NMaio at guesswho.com) Date: Thu, 4 Sep 2008 08:02:45 -0400 Subject: [rancid] PIX Unnecessary Changes Message-ID: Hi, I am pretty sure I have seen this question on the list before but I am having a difficult time finding the answer. On our PIX running 7.2 code if we make a change to one item there will be multiple lines in the diff that are changed but as you can see they are not really new or removed commands: - crypto isakmp policy 60 - authentication pre-share - encryption des - hash md5 - group 2 - lifetime 14400 . . . . - split-tunnel-policy tunnelspecified + split-tunnel-policy tunnelspecified split-tunnel-network-list value Part-Time_splitTunnelAcl ..... ..... - dns-server value 192.168.7.100 192.168.7.47 + dns-server value 192.168.7.100 192.168.7.47 ...... ...... - wins-server value 192.168.7.100 + wins-server value 192.168.7.100 Does anyone know of a fix for this? Thanks in advance. Nick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080904/81bd562e/attachment.html From daniel.medina at gmail.com Thu Sep 4 13:08:33 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Thu, 4 Sep 2008 09:08:33 -0400 Subject: [rancid] Re: cisco Last configuration change by In-Reply-To: <986544234AB0A44BADE40DF502E2012A0199692A@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net> <20080822152332.GA354@monkey.local> <986544234AB0A44BADE40DF502E2012A0199692A@SPBMAIL.spb.sovintel.net> Message-ID: <20080904130833.GA38402@monkey.local> On Thu, Sep 04, 2008 at 11:16:57AM +0400, Smirnoff Alexander wrote: > Ok, I found another variant - can rancid add this line, when another > configuration changes coming - to identity who made it? You could just comment out the line from rancid that skips over this information: # /^! (Last configuration|NVRAM config last)/ && next; But a better way to track who makes changes is to use some kind of AAA like Tacacs so you can identify what commands are being issued. -- Dan From daniel.medina at gmail.com Thu Sep 4 14:43:11 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Thu, 4 Sep 2008 10:43:11 -0400 Subject: [rancid] Re: cisco Last configuration change by In-Reply-To: <986544234AB0A44BADE40DF502E2012A019969DF@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net> <20080822152332.GA354@monkey.local> <986544234AB0A44BADE40DF502E2012A0199692A@SPBMAIL.spb.sovintel.net> <20080904130833.GA38402@monkey.local> <986544234AB0A44BADE40DF502E2012A019969DF@SPBMAIL.spb.sovintel.net> Message-ID: <20080904144311.GB38402@monkey.local> On Thu, Sep 04, 2008 at 06:13:17PM +0400, Smirnoff Alexander wrote: > I track with AAA, but in case with rancid I will receive changes and who > made it in one place. This is the problem: 1. Dan makes a change, X, wr mem 2. Bogdan makes a change, Y, wr mem 3. rancid runs, collects the configs, mails the diffs - you see changes X + Y - you see a line that says the config and NVRAM was last changed by Bodgan -- Dan From cgauthier at mapscu.com Thu Sep 4 16:40:18 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Thu, 4 Sep 2008 09:40:18 -0700 Subject: [rancid] Re: cisco Last configuration change by In-Reply-To: <20080904144311.GB38402@monkey.local> References: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net><20080822152332.GA354@monkey.local><986544234AB0A44BADE40DF502E2012A0199692A@SPBMAIL.spb.sovintel.net><20080904130833.GA38402@monkey.local><986544234AB0A44BADE40DF502E2012A019969DF@SPBMAIL.spb.sovintel.net> <20080904144311.GB38402@monkey.local> Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812982BF7@mshin01.mapscu.com> Not exactly the answer you want to hear, but "Go buy a Juniper". Their routers have the ability to log every command and who performed it. I don't know, other than using AAA Accounting, how you would get that granular of change information, especially if you are pulling info from the router and not pushing it to the server. Chris -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Daniel Medina Sent: Thursday, September 04, 2008 7:43 AM To: Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: cisco Last configuration change by On Thu, Sep 04, 2008 at 06:13:17PM +0400, Smirnoff Alexander wrote: > I track with AAA, but in case with rancid I will receive changes and who > made it in one place. This is the problem: 1. Dan makes a change, X, wr mem 2. Bogdan makes a change, Y, wr mem 3. rancid runs, collects the configs, mails the diffs - you see changes X + Y - you see a line that says the config and NVRAM was last changed by Bodgan -- Dan _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From asmirnoff at office.beeline.ru Thu Sep 4 07:16:57 2008 From: asmirnoff at office.beeline.ru (Smirnoff Alexander) Date: Thu, 4 Sep 2008 11:16:57 +0400 Subject: [rancid] Re: cisco Last configuration change by In-Reply-To: <20080822152332.GA354@monkey.local> References: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net> <20080822152332.GA354@monkey.local> Message-ID: <986544234AB0A44BADE40DF502E2012A0199692A@SPBMAIL.spb.sovintel.net> Ok, I found another variant - can rancid add this line, when another configuration changes coming - to identity who made it? -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Daniel Medina Sent: Friday, August 22, 2008 7:24 PM To: Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: cisco Last configuration change by On Thu, Aug 21, 2008 at 01:14:13PM +0400, Smirnoff Alexander wrote: > Rancid collect cisco configuration using show running-config command, > but why he not show config lines about last configuration changes like > this : > > ! Last configuration change at 11:54:34 MSD Thu Aug 21 2008 by asmirnov > ! NVRAM config last updated at 11:54:43 MSD Thu Aug 21 2008 by asmirnov Because those lines may change regardless of whether the config was actually changed. For example, just do a "conf t" and then exit config mode and you'll see the "Last configuration change" value update. -- Dan _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From asmirnoff at office.beeline.ru Thu Sep 4 14:13:17 2008 From: asmirnoff at office.beeline.ru (Smirnoff Alexander) Date: Thu, 4 Sep 2008 18:13:17 +0400 Subject: [rancid] Re: cisco Last configuration change by In-Reply-To: <20080904130833.GA38402@monkey.local> References: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net> <20080822152332.GA354@monkey.local> <986544234AB0A44BADE40DF502E2012A0199692A@SPBMAIL.spb.sovintel.net> <20080904130833.GA38402@monkey.local> Message-ID: <986544234AB0A44BADE40DF502E2012A019969DF@SPBMAIL.spb.sovintel.net> I track with AAA, but in case with rancid I will receive changes and who made it in one place. -----Original Message----- From: Daniel Medina [mailto:daniel.medina at gmail.com] Sent: Thursday, September 04, 2008 5:09 PM To: Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: cisco Last configuration change by On Thu, Sep 04, 2008 at 11:16:57AM +0400, Smirnoff Alexander wrote: > Ok, I found another variant - can rancid add this line, when another > configuration changes coming - to identity who made it? You could just comment out the line from rancid that skips over this information: # /^! (Last configuration|NVRAM config last)/ && next; But a better way to track who makes changes is to use some kind of AAA like Tacacs so you can identify what commands are being issued. -- Dan From heas at shrubbery.net Thu Sep 4 17:19:38 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 4 Sep 2008 17:19:38 +0000 Subject: [rancid] Re: Contents of nvram alternating In-Reply-To: <200809041205.58144.bgmilne@staff.telkomsa.net> References: <200809041205.58144.bgmilne@staff.telkomsa.net> Message-ID: <20080904171938.GD23097@shrubbery.net> This is probably a Cisco bug; I see this on a 7200 which has limited free memory (and leaks a bit). check the syslog for errors. Thu, Sep 04, 2008 at 12:05:57PM +0200, Buchan Milne: > On some of our 6500's, and one 7600, I see something like this: > > > !Flash: 1672932 bytes available (30308636 bytes used) > ! > + !Flash: nvram: Directory of nvram:/ > + !Flash: nvram: 382 -rw- 34497 > startup-config > + !Flash: nvram: 383 ---- 1932 > private-config > + !Flash: nvram: 384 -rw- 34497 > underlying-config > + !Flash: nvram: 2 ---- 47 > persistent-data > + !Flash: nvram: 3 ---- 4 > rf_cold_starts > + !Flash: nvram: 391160 bytes total (351607 bytes free) > + ! > !Flash: bootflash: Directory of bootflash:/ > > then on the next run: > !Flash: 1672932 bytes available (30308636 bytes used) > ! > !Flash: nvram: Directory of nvram:/ > - !Flash: nvram: 382 -rw- 34497 > startup-config > - !Flash: nvram: 383 ---- 1932 > private-config > - !Flash: nvram: 384 -rw- 34497 > underlying-config > - !Flash: nvram: 2 ---- 47 > persistent-data > - !Flash: nvram: 3 ---- 4 > rf_cold_starts > + !Flash: nvram: No files in directory > !Flash: nvram: 391160 bytes total (351607 bytes free) > ! > !Flash: bootflash: Directory of bootflash:/ > > > and the next run: > !Flash: 1672932 bytes available (30308636 bytes used) > ! > - !Flash: nvram: Directory of nvram:/ > - !Flash: nvram: No files in directory > - !Flash: nvram: 391160 bytes total (351607 bytes free) > - ! > !Flash: bootflash: Directory of bootflash:/ > > > The network engineer claims there is nothing wrong with this device ... > > Has anyone seen this? Is there anything I can do about it besides removing the > nvram directory listing from rancid? > > Regards, > Buchan > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From smunzani at comcast.net Thu Sep 4 17:55:30 2008 From: smunzani at comcast.net (Sam Munzani) Date: Thu, 04 Sep 2008 12:55:30 -0500 Subject: [rancid] Re: cisco Last configuration change by In-Reply-To: <20080904144311.GB38402@monkey.local> References: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net> <20080822152332.GA354@monkey.local> <986544234AB0A44BADE40DF502E2012A0199692A@SPBMAIL.spb.sovintel.net> <20080904130833.GA38402@monkey.local> <986544234AB0A44BADE40DF502E2012A019969DF@SPBMAIL.spb.sovintel.net> <20080904144311.GB38402@monkey.local> Message-ID: <48C02112.1040507@comcast.net> I haven't done this my self but one of guy during my last training class mentioned that they developed something in house that does following. 1. On rancid box, load and configure net-snmp trap receiver. 2. Configure snmptrapd.conf with proper trap-handler like below. traphandle OID-of-config-change-trap /usr/local/bin/rancid-run-wrapper.sh What this did is whenever he received a config trap it triggered rancid wrapper script that just executes rancid-run to that perticular device only. I don't have such needs so I never tried it my self but he claimed it worked well for him. Catch-22: If somebody goes "config t" and exits, it will generate a trap and trigger rancid regardless of if he made any changes or not. However he didn't care about it because his environment was pretty static and rarely people logged in. Something to think about. Sam > On Thu, Sep 04, 2008 at 06:13:17PM +0400, Smirnoff Alexander wrote: > >> I track with AAA, but in case with rancid I will receive changes and who >> made it in one place. >> > > This is the problem: > > 1. Dan makes a change, X, wr mem > > 2. Bogdan makes a change, Y, wr mem > > 3. rancid runs, collects the configs, mails the diffs > > - you see changes X + Y > > - you see a line that says the config and NVRAM was last changed by Bodgan > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080904/8ad61d43/attachment.html From jwardlaw at CAYUGAMED.org Thu Sep 4 20:52:28 2008 From: jwardlaw at CAYUGAMED.org (Wardlaw, Jeff) Date: Thu, 4 Sep 2008 16:52:28 -0400 Subject: [rancid] Re: cisco Last configuration change by In-Reply-To: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812982BF7@mshin01.mapscu.com> References: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net><20080822152332.GA354@monkey.local><986544234AB0A44BADE40DF502E2012A0199692A@SPBMAIL.spb.sovintel.net><20080904130833.GA38402@monkey.local><986544234AB0A44BADE40DF502E2012A019969DF@SPBMAIL.spb.sovintel.net><20080904144311.GB38402@monkey.local> <0A9A5A2BC1C0A94C981AF5FCF2D2F33812982BF7@mshin01.mapscu.com> Message-ID: Cisco can log who does what. Set up a syslog box. Configure your cisco device like so: ! archive log config logging enable logging size 500 notify syslog hidekeys ! This will log all command to your syslog box. Alternatively you can 'show archive log config all' to see the 500 lines it's seen and who's done it. CH_NAME_RTR# show archive log config all idx sess user at line Logged command 1 1 david at vty0 | logging enable 2 1 david at vty0 | logging size 200 3 2 david at vty0 |hostname CH_NAME_RTR 4 2 david at vty0 |enable secret ***** (this is hidden because of hidekeys command) 5 2 david at vty0 |interface FastEthernet0/0 6 2 david at vty0 | bandwidth 100000 Link: http://itknowledgeexchange.techtarget.com/cisco/tracking-configuration-c hanges-with-the-cisco-ios-built-in-using-the-archive-command/ -- Jeff > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > Chris Gauthier > Sent: Thursday, September 04, 2008 12:40 > To: Daniel Medina; Smirnoff Alexander > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: cisco Last configuration change by > > Not exactly the answer you want to hear, but "Go buy a > Juniper". Their routers have the ability to log every > command and who performed it. > > I don't know, other than using AAA Accounting, how you would > get that granular of change information, especially if you > are pulling info from the router and not pushing it to the server. > > Chris > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > Daniel Medina > Sent: Thursday, September 04, 2008 7:43 AM > To: Smirnoff Alexander > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: cisco Last configuration change by > > On Thu, Sep 04, 2008 at 06:13:17PM +0400, Smirnoff Alexander wrote: > > I track with AAA, but in case with rancid I will receive changes and > who > > made it in one place. > > This is the problem: > > 1. Dan makes a change, X, wr mem > > 2. Bogdan makes a change, Y, wr mem > > 3. rancid runs, collects the configs, mails the diffs > > - you see changes X + Y > > - you see a line that says the config and NVRAM was last > changed by Bodgan > > -- > Dan > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Graham.Fleming at bdwalk.biz Thu Sep 4 22:56:37 2008 From: Graham.Fleming at bdwalk.biz (Graham Fleming) Date: Thu, 4 Sep 2008 18:56:37 -0400 Subject: [rancid] Download configs from one router through another Message-ID: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> Hello all, I've tried researching this but, to be honest, haven't been able to find any concrete steps that make sense to me-please bear with me as I'm very new to the whole RANCID/CVS/ViewVC thing although I have plenty Cisco and Linux experience. I have many clients with routers and switches on an internal network that I can access either via VPN or by Cisco CLI by logging into their public WAN-facing router and then drilling through the network that way. I think I understand that I need to patch RANCID to allow this behavior. So, here is my question: How do I get this patch and how do I apply the patch to enable RANCID to hop from one router to another? Thank you so much for any help or points in the right direction! Regards, Graham -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080904/4e12b367/attachment.html From jonathan at 23andme.com Thu Sep 4 20:44:56 2008 From: jonathan at 23andme.com (Jonathan Hansen) Date: Thu, 4 Sep 2008 13:44:56 -0700 Subject: [rancid] Filtering files pre-checkin Message-ID: <79DC4023-8243-4A82-AF4C-E0EC60C75171@23andme.com> I am trying to find a way to filter a few lines like temperature and up time from the SVN checkin so that I only see actual changes. I have been able to filter them in the update emails, but not the checkin itself. Anyone have a suggestion on how to do this? Thanks, Jonathan From shekhar at mos.com.np Fri Sep 5 03:41:50 2008 From: shekhar at mos.com.np (Shekhar Basnet) Date: Fri, 5 Sep 2008 09:26:50 +0545 Subject: [rancid] Re: cisco Last configuration change by In-Reply-To: References: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net><20080822152332.GA354@monkey.local><986544234AB0A44BADE40DF502E2012A0199692A@SPBMAIL.spb.sovintel.net><20080904130833.GA38402@monkey.local><986544234AB0A44BADE40DF502E2012A019969DF@SPBMAIL.spb.sovintel.net><20080904144311.GB38402@monkey.local><0A9A5A2BC1C0A94C981AF5FCF2D2F33812982BF7@mshin01.mapscu.com> Message-ID: <006101c90f09$55a5a090$af0aa8c0@mos111> This is a very nice tip. Thank you for sharing. Best regards, Shekhar. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wardlaw, Jeff Sent: Friday, September 05, 2008 2:37 AM To: Chris Gauthier; Daniel Medina; Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: cisco Last configuration change by Cisco can log who does what. Set up a syslog box. Configure your cisco device like so: ! archive log config logging enable logging size 500 notify syslog hidekeys ! This will log all command to your syslog box. Alternatively you can 'show archive log config all' to see the 500 lines it's seen and who's done it. CH_NAME_RTR# show archive log config all idx sess user at line Logged command 1 1 david at vty0 | logging enable 2 1 david at vty0 | logging size 200 3 2 david at vty0 |hostname CH_NAME_RTR 4 2 david at vty0 |enable secret ***** (this is hidden because of hidekeys command) 5 2 david at vty0 |interface FastEthernet0/0 6 2 david at vty0 | bandwidth 100000 Link: http://itknowledgeexchange.techtarget.com/cisco/tracking-configuration-c hanges-with-the-cisco-ios-built-in-using-the-archive-command/ -- Jeff > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > Chris Gauthier > Sent: Thursday, September 04, 2008 12:40 > To: Daniel Medina; Smirnoff Alexander > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: cisco Last configuration change by > > Not exactly the answer you want to hear, but "Go buy a > Juniper". Their routers have the ability to log every > command and who performed it. > > I don't know, other than using AAA Accounting, how you would > get that granular of change information, especially if you > are pulling info from the router and not pushing it to the server. > > Chris > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > Daniel Medina > Sent: Thursday, September 04, 2008 7:43 AM > To: Smirnoff Alexander > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: cisco Last configuration change by > > On Thu, Sep 04, 2008 at 06:13:17PM +0400, Smirnoff Alexander wrote: > > I track with AAA, but in case with rancid I will receive changes and > who > > made it in one place. > > This is the problem: > > 1. Dan makes a change, X, wr mem > > 2. Bogdan makes a change, Y, wr mem > > 3. rancid runs, collects the configs, mails the diffs > > - you see changes X + Y > > - you see a line that says the config and NVRAM was last > changed by Bodgan > > -- > Dan > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Experience Fully featured web mail through http://fulbari.mos.com.np __________ Information from ESET Smart Security, version of virus signature database 3416 (20080904) __________ The message was checked by ESET Smart Security. - is OK http://www.eset.com -- Experience Fully featured web mail through http://fulbari.mos.com.np From mashcraft at omniture.com Fri Sep 5 04:42:28 2008 From: mashcraft at omniture.com (Mike Ashcraft) Date: Thu, 4 Sep 2008 22:42:28 -0600 Subject: [rancid] Re: Filtering files pre-checkin In-Reply-To: <79DC4023-8243-4A82-AF4C-E0EC60C75171@23andme.com> References: <79DC4023-8243-4A82-AF4C-E0EC60C75171@23andme.com> Message-ID: <45EB285310B55542A513F93230F0A5330724F4CD@EXCHANGE0.orm.omniture.com> The issue at hand is that rancid can't be everything for everyone out of the box. There are too many opinions out there as to what should/should not be included. And everyone has valid reasoning for their position. This leaves the admin to make a few code adjustments on their own which are easily accomplished. You can modify bin/rancid (or the appropriate script if your device is not a cisco) so that lines are not output based on regular expression matches. You could also comment out the router command that generates the undesired output. There are a number of these exceptions already in the code if you need a sample code snippet. Some common exceptions are even triggered by environmental variables to make them easy to turn on/off. Another option would be to add some code to bin/control_rancid to strip the undesired content before the diff is generated (to prevent e-mail) or before the file is checked in. Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jonathan Hansen Sent: Thursday, September 04, 2008 2:45 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Filtering files pre-checkin I am trying to find a way to filter a few lines like temperature and up time from the SVN checkin so that I only see actual changes. I have been able to filter them in the update emails, but not the checkin itself. Anyone have a suggestion on how to do this? Thanks, Jonathan _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at ale.cx Fri Sep 5 11:38:11 2008 From: rancid at ale.cx (Alex Dekker) Date: Fri, 5 Sep 2008 12:38:11 +0100 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> Message-ID: <200809051238.11741.rancid@ale.cx> On Thursday 04 September 2008 23:56:37 Graham Fleming wrote: > I have many clients with routers and switches on an internal network > that I can access either via VPN or by Cisco CLI by logging into their > public WAN-facing router and then drilling through the network that way. I'm in a similar position to yourself, and I'm sure when I asked this I was told it wasn't going to happen. > I think I understand that I need to patch RANCID to allow this behavior. > So, here is my question: > > How do I get this patch and how do I apply the patch to enable RANCID to > hop from one router to another? You're assuming the patch exists, although I assumed RANCID would do this before I looked into it also. If you do find it, please let me know. alexd From david+rancid at luyer.net Fri Sep 5 17:31:34 2008 From: david+rancid at luyer.net (David Luyer) Date: Fri, 5 Sep 2008 10:31:34 -0700 (PDT) Subject: [rancid] hpuifilter - TTY support (for SSH) Message-ID: <8589.65.57.245.11.1220635894.squirrel@www.luyer.net> G'day, As has been mentioned on this list in the (distant?) past, hpuifilter often does not work properly with SSH, as SSH will attempt to read the password from /dev/tty which will sometimes successfully get the password from the expect script, but sometimes the hpuifilter process will drain this password out of the TTY before the SSH process gets it, and write it to the SSH process STDIN, resulting in the SSH process hanging (waiting for the password on it's /dev/tty file descriptor). For more hilarity, often the SSH process gets the first character or two via /dev/tty, and the hpuifilter process gets the rest and passes it in via STDIN. Fortunately, this is relatively easily solved. The attached patch adds a "-t" option to hpuifilter, which makes it use its own TTY. This means you end up burning two TTYs when talking to a HP via SSH (one for expect, one for hpuifilter), so you want to make sure you only use this option for HPs you're using SSH with, and not HPs you're using telnet with. Anyway: please find patch attached. Thanks, David. -- David Luyer Google, Inc -------------- next part -------------- A non-text attachment was scrubbed... Name: hpuifilter.patch Type: text/x-patch Size: 2378 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080905/7ccb1a8b/attachment.bin From rspeed at gmail.com Fri Sep 5 15:05:49 2008 From: rspeed at gmail.com (ryan speed) Date: Fri, 5 Sep 2008 08:05:49 -0700 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <200809051238.11741.rancid@ale.cx> References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> <200809051238.11741.rancid@ale.cx> Message-ID: Maybe I'm crazy but I've been lurking on this list for years and I'm almost certain I've seen the patch discussed a couple times over the years... On Fri, Sep 5, 2008 at 4:38 AM, Alex Dekker wrote: > On Thursday 04 September 2008 23:56:37 Graham Fleming wrote: > >> I have many clients with routers and switches on an internal network >> that I can access either via VPN or by Cisco CLI by logging into their >> public WAN-facing router and then drilling through the network that way. > > I'm in a similar position to yourself, and I'm sure when I asked this I was > told it wasn't going to happen. > >> I think I understand that I need to patch RANCID to allow this behavior. >> So, here is my question: >> >> How do I get this patch and how do I apply the patch to enable RANCID to >> hop from one router to another? > > You're assuming the patch exists, although I assumed RANCID would do this > before I looked into it also. If you do find it, please let me know. > > alexd > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From rancid at ale.cx Fri Sep 5 19:38:17 2008 From: rancid at ale.cx (Alex Dekker) Date: Fri, 5 Sep 2008 20:38:17 +0100 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> <200809051238.11741.rancid@ale.cx> Message-ID: <200809052038.18178.rancid@ale.cx> On Friday 05 September 2008 16:05:49 ryan speed wrote: > Maybe I'm crazy but I've been lurking on this list for years and I'm > almost certain I've seen the patch discussed a couple times over the > years... The problem here isn't a lack of data [the patch and discussion about it may well exist], it is what do we search for? What is a commonly-used term for remotely accessing a device on a network that you don't have access to, using a device on the edge of that network? I'm sure if I knew the right search terms, I'd find it in no time :-) alexd From rspeed at gmail.com Fri Sep 5 19:52:00 2008 From: rspeed at gmail.com (ryan speed) Date: Fri, 5 Sep 2008 12:52:00 -0700 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> <200809051238.11741.rancid@ale.cx> <200809052038.18178.rancid@ale.cx> Message-ID: this may be what we're looking for [rancid] patch for "out of band" access to devices http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html or Using rancid to hop from router to router http://www.shrubbery.net/pipermail/rancid-discuss/2004-November/000905.html On Fri, Sep 5, 2008 at 12:44 PM, ryan speed wrote: > the term I would use and have based my searches on is a bastion host/device > > On Fri, Sep 5, 2008 at 12:38 PM, Alex Dekker wrote: >> On Friday 05 September 2008 16:05:49 ryan speed wrote: >>> Maybe I'm crazy but I've been lurking on this list for years and I'm >>> almost certain I've seen the patch discussed a couple times over the >>> years... >> >> The problem here isn't a lack of data [the patch and discussion about it may >> well exist], it is what do we search for? What is a commonly-used term for >> remotely accessing a device on a network that you don't have access to, using >> a device on the edge of that network? I'm sure if I knew the right search >> terms, I'd find it in no time :-) >> >> alexd >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > From rspeed at gmail.com Fri Sep 5 19:44:26 2008 From: rspeed at gmail.com (ryan speed) Date: Fri, 5 Sep 2008 12:44:26 -0700 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <200809052038.18178.rancid@ale.cx> References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> <200809051238.11741.rancid@ale.cx> <200809052038.18178.rancid@ale.cx> Message-ID: the term I would use and have based my searches on is a bastion host/device On Fri, Sep 5, 2008 at 12:38 PM, Alex Dekker wrote: > On Friday 05 September 2008 16:05:49 ryan speed wrote: >> Maybe I'm crazy but I've been lurking on this list for years and I'm >> almost certain I've seen the patch discussed a couple times over the >> years... > > The problem here isn't a lack of data [the patch and discussion about it may > well exist], it is what do we search for? What is a commonly-used term for > remotely accessing a device on a network that you don't have access to, using > a device on the edge of that network? I'm sure if I knew the right search > terms, I'd find it in no time :-) > > alexd > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From cstave at gmail.com Fri Sep 5 15:07:55 2008 From: cstave at gmail.com (Chris Stave) Date: Fri, 5 Sep 2008 11:07:55 -0400 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> Message-ID: <5471c93d0809050807w7350b6aeo4570dbb083d17880@mail.gmail.com> To do this you'd have to make significant changes in either clogin or rancid, which might be possible to get working, but much more difficult to make so that it works easily and productively, especially in a generic fashion. If you're going to attempt this, the two ways of going about it as far I as can guess in a few minutes are either change clogin to accept a second address as an argument (not forgetting the issue of usernames and passwords), or if you just want configs, change rancid itself so that there is a new type of router in there that parses additional commands that connect to the remote switches and get the configs that way. Either way, it is a significant change in the way that rancid and clogin would be working. Keep us updated if you add this functionality -- it seems some other people would like it as well. Chris On Thu, Sep 4, 2008 at 6:56 PM, Graham Fleming wrote: > Hello all, > > > > I've tried researching this but, to be honest, haven't been able to find > any concrete steps that make sense to me?please bear with me as I'm very new > to the whole RANCID/CVS/ViewVC thing although I have plenty Cisco and Linux > experience. > > > > I have many clients with routers and switches on an internal network that I > can access either via VPN or by Cisco CLI by logging into their public > WAN-facing router and then drilling through the network that way. I think I > understand that I need to patch RANCID to allow this behavior. So, here is > my question: > > > > How do I get this patch and how do I apply the patch to enable RANCID to > hop from one router to another? > > > Thank you so much for any help or points in the right direction! > > > > Regards, > > Graham > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080905/edb768a4/attachment.html From jeff at ocjtech.us Fri Sep 5 16:11:30 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Fri, 5 Sep 2008 11:11:30 -0500 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <200809051238.11741.rancid@ale.cx> References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> <200809051238.11741.rancid@ale.cx> Message-ID: <935ead450809050911r732b76d7p2a02486091ceec01@mail.gmail.com> On Fri, Sep 5, 2008 at 6:38 AM, Alex Dekker wrote: > On Thursday 04 September 2008 23:56:37 Graham Fleming wrote: > >> I have many clients with routers and switches on an internal network >> that I can access either via VPN or by Cisco CLI by logging into their >> public WAN-facing router and then drilling through the network that way. > > I'm in a similar position to yourself, and I'm sure when I asked this I was > told it wasn't going to happen. > >> I think I understand that I need to patch RANCID to allow this behavior. >> So, here is my question: >> >> How do I get this patch and how do I apply the patch to enable RANCID to >> hop from one router to another? > > You're assuming the patch exists, although I assumed RANCID would do this > before I looked into it also. If you do find it, please let me know. Ed Ravin developed just the thing you need a few years ago. I've attached a copy that I've re-based to apply against version 2.3.2a8. -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-patch-for-out-of-band-access-to-devices.patch Type: text/x-patch Size: 4879 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080905/d901529a/attachment.bin From shekhar at mos.com.np Sat Sep 6 05:20:17 2008 From: shekhar at mos.com.np (Shekhar Basnet) Date: Sat, 6 Sep 2008 11:05:17 +0545 (NPT) Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <200809052038.18178.rancid@ale.cx> References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> <200809051238.11741.rancid@ale.cx> <200809052038.18178.rancid@ale.cx> Message-ID: <2515.202.52.255.100.1220678417.squirrel@mail> Would you mean this??? From: "Sherrill, Justin" To: Ed Ravin Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: 'out of band' access script changes? Date: Mon, 27 Nov 2006 11:28:14 -0500 Alright, then to sum up for future people who may encounter this problem: If the target device for Rancid is on a separate network that can't be accessed directly from the machine Rancid is on, but can be accessed from a gateway device, here's the steps to reach that remote router. In .cloginrc: ?? add method 192.168.0.2 telnet ?? add user 192.168.0.2 your_gateway_router_username ?? add password 192.168.0.2 {your_gateway_router_password} ?? add method 172.18.0.1 {usercmd} ?? add user 172.18.0.1 your_remote_switch_username ?? add password 172.18.0.1 {your_ remote_switch_password} {your_ remote_switch_enable_password} ?? add usercmd 172.18.0.1 {clogin} {-noenable} {192.168.0.2} ?? add usercmd_chat 172.18.0.1 {>} {telnet far-router\r} {User Access Verification} {} clogin needs to be patched with Ed Ravin's changes here: http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html The {>} in the above example needs to be changed to match whatever shows up on the gateway system's prompt.? Credit goes to Ed Ravin for getting this all to work.? Ed, I owe you beer/cookies; mail me what brand/recipe you prefer and where to send them. ***CONFIDENTIALITY NOTICE*** The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this message from your system. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > On Friday 05 September 2008 16:05:49 ryan speed wrote: >> Maybe I'm crazy but I've been lurking on this list for years and I'm >> almost certain I've seen the patch discussed a couple times over the >> years... > > The problem here isn't a lack of data [the patch and discussion about it > may > well exist], it is what do we search for? What is a commonly-used term for > remotely accessing a device on a network that you don't have access to, > using > a device on the edge of that network? I'm sure if I knew the right search > terms, I'd find it in no time :-) > > alexd > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- > Experience Fully featured web mail through > http://fulbari.mos.com.np > > From sam_mailinglists at spacething.org Mon Sep 8 12:58:09 2008 From: sam_mailinglists at spacething.org (Sam Stickland) Date: Mon, 08 Sep 2008 13:58:09 +0100 Subject: [rancid] clogin: post-login pre-collection commands ? Message-ID: <48C52161.1020402@spacething.org> Hi, Is there an option to issue commands 'post login' but pre config collection? We have some isolated firewall service module contexts, so after logging into the admin context you have to enter "changeto context XXXX" before issuing the "show run" etc. Sam From sam_mailinglists at spacething.org Mon Sep 8 15:34:29 2008 From: sam_mailinglists at spacething.org (Sam Stickland) Date: Mon, 08 Sep 2008 16:34:29 +0100 Subject: [rancid] Re: clogin: post-login pre-collection commands ? In-Reply-To: <48C52161.1020402@spacething.org> References: <48C52161.1020402@spacething.org> Message-ID: <48C54605.5020503@spacething.org> Shortly after posting this message I saw the "Download configs from one router through another" and the patch against 2.3.2a8 posted there looks like it will help with this as well. Sam Sam Stickland wrote: > Hi, > > Is there an option to issue commands 'post login' but pre config collection? > > We have some isolated firewall service module contexts, so after logging > into the admin context you have to enter "changeto context XXXX" before > issuing the "show run" etc. > > Sam > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From eravin at panix.com Mon Sep 8 20:03:27 2008 From: eravin at panix.com (Ed Ravin) Date: Mon, 8 Sep 2008 16:03:27 -0400 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <935ead450809050911r732b76d7p2a02486091ceec01@mail.gmail.com> References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local> <200809051238.11741.rancid@ale.cx> <935ead450809050911r732b76d7p2a02486091ceec01@mail.gmail.com> Message-ID: <20080908200327.GB15750@panix.com> On Fri, Sep 05, 2008 at 11:11:30AM -0500, Jeffrey Ollie wrote: ... > Ed Ravin developed just the thing you need a few years ago. I've > attached a copy that I've re-based to apply against version 2.3.2a8. I'm not 100% happy with the way this patch works - it works fine if the bastion host is a device other than the kind you are trying to access. But if you are trying to access a Cisco from another Cisco, you need to jump through some hoops (like putting in a unique prompt or unique banner on one or both of them) to help the main clogin figure out when the second clogin has finished the "out of band" login. From Nicholas.Ritter at americantv.com Thu Sep 11 16:27:08 2008 From: Nicholas.Ritter at americantv.com (Ritter, Nicholas) Date: Thu, 11 Sep 2008 11:27:08 -0500 Subject: [rancid] rancid 2.3.2a7 and remote subversion Message-ID: I am new to RANCID and this list, please pardon my posting anything that has already been posted. I did a search of the list archives to get an answer to the question of RANCID and remote svn repo usage. I saw a posting: http://www.shrubbery.net/pipermail/rancid-discuss/2006-November/001883.h tml My question, given that the patches noted in the posting don't match up with RANCID 2.3.2a7, is can RANCID 2.3.2a7 be used to store configs to a remote subversion repo via a webdav HTTPS URL? My company wants to centralize all subversion repos onto one server, which my coworkers have setup using subversion, Apache, WebDAV, and Apache authenticaion. Does RANCID 2.3.2a7 support this, or are there patches? Nick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080911/b9fad9c9/attachment.html From bwindle at fint.org Thu Sep 11 17:11:34 2008 From: bwindle at fint.org (Burton Windle) Date: Thu, 11 Sep 2008 13:11:34 -0400 (EDT) Subject: [rancid] semi-OT: anybody use the Debian rancid packages? Message-ID: Is there anybody on-list who uses the Debian rancid package, especially the one from testing/unstable (2.3.2~a8-2)? I'm encoutering a Debian-specific bug*, and wanted to make sure it isn't specific to my server (rancid's temp directories aren't being removed from /tmp) * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497972 -- Burton Windle bwindle at fint.org From Anton.Yurchenko at elan.com Thu Sep 11 18:00:45 2008 From: Anton.Yurchenko at elan.com (Yurchenko, Anton) Date: Thu, 11 Sep 2008 11:00:45 -0700 Subject: [rancid] Login script for Riverbed Steelheads Message-ID: Hi, I am trying to make this work, what rancid script is to be used with this login script? Or does this tie in, into the "rancid" script itself, together with clogin somehow? Thanks!! ---- Tested and working on 200, 3010. Was looking for what people would be interested in capturing show configuration show licenses show hardware show info Any others. ------------ Anton Yurchenko Sr. Network Engineer, Elan Corporation anton.yurchenko at elan.com 1-650-794-4416 (desk) 1-650-228-3710 (mobile) ******************************************************** This communication and any files transmitted with it may contain information that is confidential, privileged and exempt from disclosure under applicable law. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender. Thank you for your co-operation. ******************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080911/2885e38f/attachment.html From Graham.Fleming at bdwalk.biz Thu Sep 11 18:52:38 2008 From: Graham.Fleming at bdwalk.biz (Graham Fleming) Date: Thu, 11 Sep 2008 14:52:38 -0400 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <20080908200327.GB15750@panix.com> References: <6993B856BF07F84CB536C3F62EFEFBB7D7CDB0@EX0004.AllstreamITS.local><200809051238.11741.rancid@ale.cx><935ead450809050911r732b76d7p2a02486091ceec01@mail.gmail.com> <20080908200327.GB15750@panix.com> Message-ID: <6993B856BF07F84CB536C3F62EFEFBB7E69D51@EX0004.AllstreamITS.local> Ed, thanks a lot for your patch. I got it working. Is there a way though, to use wildcards with the usercmd_chat? For instance, we log into a gateway router using a public IP address. We then specify a method to reach the internal routers using usercmd. All of the internal routers, let's say, are on the 10.0.0.0/24 network. Is there a way to add a universal method that would use the 10.0.0.0/24 network as a wildcard (ie 10.0.0.*) and then could we put in a {*} or something in the usercmd_chat so that any prompt is matched? This would save us from adding dozens of separate .cloginrc commands for the internal routers. Regards, Graham -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ed Ravin Sent: Monday, September 08, 2008 1:03 PM To: Jeffrey Ollie Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: Download configs from one router through another On Fri, Sep 05, 2008 at 11:11:30AM -0500, Jeffrey Ollie wrote: ... > Ed Ravin developed just the thing you need a few years ago. I've > attached a copy that I've re-based to apply against version 2.3.2a8. I'm not 100% happy with the way this patch works - it works fine if the bastion host is a device other than the kind you are trying to access. But if you are trying to access a Cisco from another Cisco, you need to jump through some hoops (like putting in a unique prompt or unique banner on one or both of them) to help the main clogin figure out when the second clogin has finished the "out of band" login. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From eravin at panix.com Thu Sep 11 20:17:45 2008 From: eravin at panix.com (Ed Ravin) Date: Thu, 11 Sep 2008 16:17:45 -0400 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <6993B856BF07F84CB536C3F62EFEFBB7E69D51@EX0004.AllstreamITS.local> References: <20080908200327.GB15750@panix.com> <6993B856BF07F84CB536C3F62EFEFBB7E69D51@EX0004.AllstreamITS.local> Message-ID: <20080911201745.GA18092@panix.com> On Thu, Sep 11, 2008 at 02:52:38PM -0400, Graham Fleming wrote: > Ed, thanks a lot for your patch. I got it working. Is there a way > though, to use wildcards with the usercmd_chat? > > For instance, we log into a gateway router using a public IP address. We > then specify a method to reach the internal routers using usercmd. All > of the internal routers, let's say, are on the 10.0.0.0/24 network. > > Is there a way to add a universal method that would use the 10.0.0.0/24 > network as a wildcard (ie 10.0.0.*) and then could we put in a {*} or > something in the usercmd_chat so that any prompt is matched? > > This would save us from adding dozens of separate .cloginrc commands for > the internal routers. I'm not sure I fully understand what you're trying to do - it would help if you posted a sanitized .cloginrc of what you're doing now, and then a wishful thinking .cloginrc of what you'd like to have. The "usercmd" definitions are matched the same way everything else is in the *login scripts, which would let you have a common usercmd for groups of routers. However, my patch doesn't add any fucntionality for unique content in the usercmd variable or expansion of variables other than what is already supported by clogin. There may be a way to use "$router" in the usercmd definition or some other extra coding in cloginrc to do what you want; it might require an extra "eval" in clogin when assigning the value of $usercmd. Perhaps someone more familiar with TCL and/or RANCID scripting could speak up with the details. -- Ed From Graham.Fleming at bdwalk.biz Fri Sep 12 18:04:46 2008 From: Graham.Fleming at bdwalk.biz (Graham Fleming) Date: Fri, 12 Sep 2008 14:04:46 -0400 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <20080911201745.GA18092@panix.com> References: <20080908200327.GB15750@panix.com> <6993B856BF07F84CB536C3F62EFEFBB7E69D51@EX0004.AllstreamITS.local> <20080911201745.GA18092@panix.com> Message-ID: <6993B856BF07F84CB536C3F62EFEFBB7EB5F4B@EX0004.AllstreamITS.local> Thanks for the reply, Ed. Here's a small snippet of the kind of thing we would be using your patch for. This would be one site where we log into the GATEWAY router and then from there we would log into the internal routers on the 172.16.0.0/24 network. This is a small example for three such routers and how I have it configured using your patch. The trouble is we have a few clients with dozens of routers so, as you can see, this could get quite tedious: add user 172.16.0.23 username1 add autoenable 172.16.0.23 1 add password 172.16.0.23 {password1} add method 172.16.0.23 {usercmd} add usercmd 172.16.0.23 {ssh} {username1 at public-ip.address} add usercmd_chat 172.16.0.23 {Password: } {password2\r} {GATEWAY-PROMPT#} {ssh 172.16.0.23\r} {Password: } {password1\r} {INTERNAL-PROMPT#} {\r} add user 172.16.0.34 username1 add autoenable 172.16.0.34 1 add password 172.16.0.34 {password1} add method 172.16.0.34 {usercmd} add usercmd 172.16.0.34 {ssh} {username1 at public-ip.address} add usercmd_chat 172.16.0.34 {Password: } {password2\r} {GATEWAY-PROMPT#} {ssh 172.16.0.34\r} {Password: } {password1\r} {INTERNAL-PROMPT#} {\r} add user 172.16.0.56 username1 add autoenable 172.16.0.56 1 add password 172.16.0.56 {password1} add method 172.16.0.56 {usercmd} add usercmd 172.16.0.56 {ssh} {username1 at public-ip.address} add usercmd_chat 172.16.0.56 {Password: } {password2\r} {GATEWAY-PROMPT#} {ssh 172.16.0.56\r} {Password: } {password1\r} {INTERNAL-PROMPT#} {\r} ... and so on.... So, what I'd love to be able to do is use wildcards with your patch, specifcally the 'usercmd_chat' portion. So instead of one statement for each router, we use one for all internal routers like so: add user 172.16.0.* username1 add autoenable 172.16.0.* 1 add password 172.16.0.* {password1} add method 172.16.0.* {usercmd} add usercmd 172.16.0.* {ssh} {username1 at public-ip.address} add usercmd_chat 172.16.0.* {Password: } {password2\r} {GATEWAY-PROMPT#} {ssh $INTERNAL_IP\r} {Password: } {password1\r} {$INTERNAL_PROMPT#} {\r} Where {ssh $INTERNAL_IP\r} would be the value for the wildcarded internal IP address and {ssh $INTERNAL_IP\r} could somehow be a wilcard value to match any prompt. I'm assuming this probably won't work though, as I have no idea how you'd pass the internal IP address to the ssh command on the gateway router using variables or whatnot. Similarly, is there a way to accept any value for the internal router's prompt so we don't need to use specific values for each router? Thanks a lot for all your help! Graham -----Original Message----- From: Ed Ravin [mailto:eravin at panix.com] Sent: Thursday, September 11, 2008 1:18 PM To: Graham Fleming Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Download configs from one router through another I'm not sure I fully understand what you're trying to do - it would help if you posted a sanitized .cloginrc of what you're doing now, and then a wishful thinking .cloginrc of what you'd like to have. The "usercmd" definitions are matched the same way everything else is in the *login scripts, which would let you have a common usercmd for groups of routers. However, my patch doesn't add any fucntionality for unique content in the usercmd variable or expansion of variables other than what is already supported by clogin. There may be a way to use "$router" in the usercmd definition or some other extra coding in cloginrc to do what you want; it might require an extra "eval" in clogin when assigning the value of $usercmd. Perhaps someone more familiar with TCL and/or RANCID scripting could speak up with the details. -- Ed From eravin at panix.com Mon Sep 15 01:14:25 2008 From: eravin at panix.com (Ed Ravin) Date: Sun, 14 Sep 2008 21:14:25 -0400 Subject: [rancid] Re: Download configs from one router through another In-Reply-To: <6993B856BF07F84CB536C3F62EFEFBB7EB5F4B@EX0004.AllstreamITS.local> References: <20080908200327.GB15750@panix.com> <6993B856BF07F84CB536C3F62EFEFBB7E69D51@EX0004.AllstreamITS.local> <20080911201745.GA18092@panix.com> <6993B856BF07F84CB536C3F62EFEFBB7EB5F4B@EX0004.AllstreamITS.local> Message-ID: <20080915011425.GA20846@panix.com> On Fri, Sep 12, 2008 at 02:04:46PM -0400, Graham Fleming wrote: > Thanks for the reply, Ed. Here's a small snippet of the kind of thing we > would be using your patch for. This would be one site where we log into > the GATEWAY router and then from there we would log into the internal > routers on the 172.16.0.0/24 network. [...] > So, what I'd love to be able to do is use wildcards with your patch, > specifcally the 'usercmd_chat' portion. So instead of one statement for > each router, we use one for all internal routers like so: > > add user 172.16.0.* username1 > add autoenable 172.16.0.* 1 > add password 172.16.0.* {password1} > add method 172.16.0.* {usercmd} > add usercmd 172.16.0.* {ssh} {username1 at public-ip.address} All of the above is already supported in RANCID, even without the usercmd patch. But what you really need is this: > add usercmd_chat 172.16.0.* {Password: } {password2\r} > {GATEWAY-PROMPT#} {ssh $INTERNAL_IP\r} {Password: } {password1\r} > {$INTERNAL_PROMPT#} {\r} > > Where {ssh $INTERNAL_IP\r} would be the value for the wildcarded > internal IP address and {ssh $INTERNAL_IP\r} could somehow be a wilcard > value to match any prompt. Not yet supported. Should be doable by creating escapes that evaluate to the current value of variables like $router, which corresponds to the "$INTERNAL_IP" that you want above. It's a bit harder for the prompt - if you are using IP addresses to connect to the router, if your DNS is set up properly then some new code could do a reverse lookup and use that to build the router prompt. It occurs to me that all this could be done with a new feature in cloginrc: the ability to specify that the string value should be evaluated when "find()" is called in clogin to look up the value, rather than when cloginrc is sourced. Maybe put a leading \ or @ or other unlikely escape character - then, when find() is called, if it sees the value has the escape character, it runs "eval" on the string, which could include variables like $router, function calls, etc. > ... Similarly, is there a way to accept > any value for the internal router's prompt so we don't need to use > specific values for each router? Yes, you could use a regexp pattern match that was indifferent to the name of the router - but it might match something in the login sequence and then you're stuck. Here's what might be a workaround - if you're not into programming tcl and changing clogin, you could write a script or program in any language to create a password file that is included into the run by your cloginrc. -- Ed From cgauthier at mapscu.com Mon Sep 15 19:21:43 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Mon, 15 Sep 2008 12:21:43 -0700 Subject: [rancid] Commands run? Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812A18129@mshin01.mapscu.com> I have been trying to locate the commands run by cloginrc. I searched the archives and tried to find this info in the cloginrc source code, but was not very successful. Can someone help me find a list of the commands it runs? Thanks, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080915/e5326dca/attachment.html From daniel.medina at gmail.com Mon Sep 15 19:31:22 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Mon, 15 Sep 2008 15:31:22 -0400 Subject: [rancid] Re: Commands run? In-Reply-To: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812A18129@mshin01.mapscu.com> References: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812A18129@mshin01.mapscu.com> Message-ID: <20080915193122.GA24829@monkey.local> On Mon, Sep 15, 2008 at 12:21:43PM -0700, Chris Gauthier wrote: > I have been trying to locate the commands run by cloginrc. I searched > the archives and tried to find this info in the cloginrc source code, > but was not very successful. Can someone help me find a list of the > commands it runs? Look at bin/rancid's @commandtable to find what I think you're looking for. -- Dan From rancid at gheek.net Mon Sep 15 19:31:33 2008 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 15 Sep 2008 12:31:33 -0700 Subject: [rancid] Re: Commands run? In-Reply-To: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812A18129@mshin01.mapscu.com> References: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812A18129@mshin01.mapscu.com> Message-ID: <8423e7bb0809151231u12e79322j6f4f09bc7bce12b8@mail.gmail.com> Chris, Look in the script called rancid. That is the perl piece of code. The cloginrc is the configuration file for you as a user for rancid. clogin is the cisco expect script. look for following in "/bin/rancid" and you will find what you are looking for. @commandtable = ( On Mon, Sep 15, 2008 at 12:21 PM, Chris Gauthier wrote: > I have been trying to locate the commands run by cloginrc. I searched the > archives and tried to find this info in the cloginrc source code, but was > not very successful. Can someone help me find a list of the commands it > runs? > > > > Thanks, > > > > Chris > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From hina at hina.fr Tue Sep 16 12:27:05 2008 From: hina at hina.fr (hina) Date: Tue, 16 Sep 2008 14:27:05 +0200 Subject: [rancid] Probleme with rancid-run with a normal user Message-ID: <20080916122705.GC11537@hina.fr> Hello I m very newbie in Rancid, and maybe it s stupid question. I m trying to create a user backup (on each cisco), without enable. This user is able to do show run via telnet. so in my loginrc I m trying to configure : noenable mode, with the user simple. But I have always errors (timeout) if I dont activate the enable mode. The user is correctly configure (can use the show run) on the cisco but on rancid, I don t know how I can built a login rc I try something like that : add user 10.4.10.17 backup add password 10.4.10.17 90bK09 90bK09 add method 10.4.10.17 telnet add enauser 10.4.10.17 backup but it doesnt work ... clogin timeout during the rancid-run ... Someone can help me ? I m sorry already if this question is stupid thanks Hina From daniel.medina at gmail.com Tue Sep 16 13:07:57 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Tue, 16 Sep 2008 09:07:57 -0400 Subject: [rancid] Re: Probleme with rancid-run with a normal user In-Reply-To: <20080916122705.GC11537@hina.fr> References: <20080916122705.GC11537@hina.fr> Message-ID: <20080916130757.GB24829@monkey.local> On Tue, Sep 16, 2008 at 02:27:05PM +0200, hina wrote: > I m very newbie in Rancid, and maybe it s stupid question. > I m trying to create a user backup (on each cisco), without enable. This user is able to do show run via telnet. > so in my loginrc I m trying to configure : noenable mode, with the user simple. But I have always errors (timeout) if I dont activate the enable mode. > The user is correctly configure (can use the show run) on the cisco > but on rancid, I don t know how I can built a login rc > I try something like that : I think you'd want something like: add user 10.4.10.17 backup add password 10.4.10.17 {90bK09} {90bK09} add autoenable 10.4.10.17 0 add noenable 10.4.10.17 1 add method 10.4.10.17 telnet Then test, $ clogin 10.4.10.17 and see if you get to an interactive prompt. > add user 10.4.10.17 backup > add password 10.4.10.17 90bK09 90bK09 > add method 10.4.10.17 telnet > add enauser 10.4.10.17 backup > > but it doesnt work ... clogin timeout during the rancid-run ... -- Dan From itsjasona at yahoo.com Mon Sep 15 13:00:39 2008 From: itsjasona at yahoo.com (JasonA) Date: Mon, 15 Sep 2008 06:00:39 -0700 (PDT) Subject: [rancid] Choosing what commands are run on collection Message-ID: <822839.43283.qm@web53102.mail.re2.yahoo.com> Hi all, I've searched around for the answer to this, but can't find any, so I'm hoping someone can help. We've set up RANCID at our work, and it's working very well. The only problem that he have is that on certain types of network switch, the information RANCID gets will include things like VLAN assignments, and spanning tree port costs, which will change dynamically through the day as different devices join/leave the network. This means that we frequently get messages on the hour about these insignificant changes, and the CVS version gets incremented when no actual "config change" has been made. Ideally, we would like to change this by getting RANCID to run just "show run" on the IOS switches, and "show config" on the CatOS switches. I've checked all the rancid, rancid-run, clogin, cloginrc etc man pages, but I've not managed to find an obvious way of doing this. Please let me know if this is something that we can do (or somehting that you've already done!) Many thanks, Jason From asmirnoff at office.beeline.ru Tue Sep 16 06:29:03 2008 From: asmirnoff at office.beeline.ru (Smirnoff Alexander) Date: Tue, 16 Sep 2008 10:29:03 +0400 Subject: [rancid] using RANCID for mass configuration changes Message-ID: <986544234AB0A44BADE40DF502E2012A014C4E0F@SPBMAIL.spb.sovintel.net> Hello! I want to use RANCID for mass configuration changing on routers, like set snmp or syslog server address. What best place in RANCID scripts for this commands ? -- Regards, Alexandr Smirnov +7(812)3468600 # 54682 Head of Data Transmission Networks Monitoring Service mailto:asmirnoff at gldn.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080916/74150f78/attachment.html From daniel.medina at gmail.com Tue Sep 16 16:25:58 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Tue, 16 Sep 2008 12:25:58 -0400 Subject: [rancid] Re: Choosing what commands are run on collection In-Reply-To: <822839.43283.qm@web53102.mail.re2.yahoo.com> References: <822839.43283.qm@web53102.mail.re2.yahoo.com> Message-ID: <20080916162558.GA29476@monkey.local> On Mon, Sep 15, 2008 at 06:00:39AM -0700, JasonA wrote: > Ideally, we would like to change this by getting RANCID to run just "show > run" on the IOS switches, and "show config" on the CatOS switches. I've > checked all the rancid, rancid-run, clogin, cloginrc etc man pages, but I've > not managed to find an obvious way of doing this. I think this came up yesterday; I believe you're looking for the same answer [rancid] Commands run? http://shrubbery.net/pipermail/rancid-discuss/2008-September/003285.html Check out the @commandtable list in bin/rancid and bin/cat5rancid. Comment out what displeases you by prepending the line with a pound character ("#") or modify as otherwise required. -- Dan From daniel.medina at gmail.com Tue Sep 16 16:32:28 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Tue, 16 Sep 2008 12:32:28 -0400 Subject: [rancid] Re: using RANCID for mass configuration changes In-Reply-To: <986544234AB0A44BADE40DF502E2012A014C4E0F@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A014C4E0F@SPBMAIL.spb.sovintel.net> Message-ID: <20080916163228.GB29476@monkey.local> On Tue, Sep 16, 2008 at 10:29:03AM +0400, Smirnoff Alexander wrote: > I want to use RANCID for mass configuration changing on routers, like > set snmp or syslog server address. > > What best place in RANCID scripts for this commands ? You could just use clogin. As a one-liner: $ clogin -c 'conf t; snmp-server host 1.1.1.1 public; end; wr mem' router1 router2 router3 Or put the commands in a file: $ cat /tmp/commands conf t snmp-server host 1.1.1.1 public end wr mem $ clogin -x /tmp/commands route1 router2 router3 Caveats apply (beware of commands which may prompt you back, for example). -- Dan From Atif.SIDDIQUI at HydroOne.com Tue Sep 16 18:12:41 2008 From: Atif.SIDDIQUI at HydroOne.com (Atif.SIDDIQUI at HydroOne.com) Date: Tue, 16 Sep 2008 14:12:41 -0400 Subject: [rancid] Vendors supported In-Reply-To: <986544234AB0A44BADE40DF502E2012A014C4E0F@SPBMAIL.spb.sovintel.net> Message-ID: <41BBAE5132ABA54BB2BA8716254F03D6F4289A@1104MILPEV.corp.hydroone.com> Are 'Rugged' routers and switched supported? I have this list as supported vendors are there others as well? 1. Alteon WebOS 2. Bay Networks (Nortel) 3. Cisco 4. ADC EZT3 5. Foundry 6. HP 7. Hitachi router 8. Juniper 9. Netscaler 10. Riverstone Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080916/a0514856/attachment.html From rancid at gheek.net Tue Sep 16 18:30:14 2008 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 16 Sep 2008 11:30:14 -0700 Subject: [rancid] Re: Vendors supported In-Reply-To: <41BBAE5132ABA54BB2BA8716254F03D6F4289A@1104MILPEV.corp.hydroone.com> References: <986544234AB0A44BADE40DF502E2012A014C4E0F@SPBMAIL.spb.sovintel.net> <41BBAE5132ABA54BB2BA8716254F03D6F4289A@1104MILPEV.corp.hydroone.com> Message-ID: <8423e7bb0809161130o4cee8706yd187f01f1dca6530@mail.gmail.com> Atif, Is the CLI similar to any of those listed? If it is it might just work. if not you can easily write your own if you have some basic programming experience. -lance On Tue, Sep 16, 2008 at 11:12 AM, wrote: > Are 'Rugged' routers and switched supported? > > > > I have this list as supported vendors are there others as well? > > > > Alteon WebOS > Bay Networks (Nortel) > Cisco > ADC EZT3 > Foundry > HP > Hitachi router > Juniper > Netscaler > Riverstone > > > > Thanks > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From ecables at gmail.com Tue Sep 16 17:32:35 2008 From: ecables at gmail.com (Eric Cables) Date: Tue, 16 Sep 2008 10:32:35 -0700 Subject: [rancid] Re: using RANCID for mass configuration changes In-Reply-To: <20080916163228.GB29476@monkey.local> References: <986544234AB0A44BADE40DF502E2012A014C4E0F@SPBMAIL.spb.sovintel.net> <20080916163228.GB29476@monkey.local> Message-ID: I wrote a very dirty script to do this a while back. I'm sure there is something better out there, but this suits my needs. You'll need a small framework in place for this to work, namely: - Create a directory called "device-lists" in the rancid homedir (or wherever you'd like, just update the script VAR) - Create a directory called "change-scripts" in the rancid homedir (or wherever you'd like, just update the script VAR) Once you've done the above, simply put a file with a list of devices (one per line) you'd like to make changes to into the device-lists folder "syslog-changes.dl" for example, and place a file with the changes you want to make (as you'd type them on the router) in the change-scripts folder "syslog-changes.cs" for example. -- Begin config-push.sh -- #!/usr/local/bin/bash # # The purpose of this script is to automate configuration changes to a # large number of devices. The script identifies the device list, as well # as the change script, and then pushes the changes one by one. # CLOGINPATH="/usr/home/rancid/bin/clogin" CREDENTIALS="/usr/home/rancid/.cloginrc" DEVICELISTPATH="/usr/home/rancid/device-lists/" CHANGESCRIPTPATH="/usr/home/rancid/change-scripts/" CHANGELOG="/usr/home/rancid/logs/changelog-`date +%m-%d-%Y`.log" clear echo "=====[ Rancid Config Push Script ]=====" echo "" echo "Please enter the proposed device list:" echo "`ls $DEVICELISTPATH`" echo "--------------------------------------" echo -n "> " read DEVICELIST if [ -f $DEVICELISTPATH$DEVICELIST ] then echo "" echo "Device List = \"./device-lists/$DEVICELIST\" (confirmed)" else echo "" echo "Device list = \"./device-lists/$DEVICELIST\" (does not exist!)" echo "Aborting..." echo "" exit fi echo "" echo "Please enter name of change script:" echo "`ls $CHANGESCRIPTPATH | grep -v ".sh" | grep -v "device-lists"`" echo "-----------------------------------" echo -n "> " read CHANGESCRIPT if [ -f $CHANGESCRIPTPATH$CHANGESCRIPT ] then echo "" echo "Change Script = \"./change-scripts/$CHANGESCRIPT\" (confirmed)" echo "" else echo "Device list = \"./change-scripts/$CHANGESCRIPT\" (does not exist!)" echo "Aborting..." echo "" exit fi echo "-- Proposed Changes --" echo "`cat $CHANGESCRIPTPATH$CHANGESCRIPT`" echo "-- Proposed Changes --" echo "" echo "Are you sure you want to proceed? If so, type \"yes\":" echo -n "> " read AREYOUSURE if [ $AREYOUSURE != "yes" ] then echo "" echo "Aborting..." echo "" exit else echo "" echo "Implementing Changes..." echo "" fi #for i in `cat $DEVICELISTPATH$DEVICELIST` # do echo "===[ $i ]===" # $CLOGINPATH -f $CREDENTIALS -x $CHANGESCRIPTPATH$CHANGESCRIPT $i #done for DEVICE in `cat $DEVICELISTPATH$DEVICELIST` do echo "===[ $DEVICE ]===" echo "" >> $CHANGELOG echo "===[ $DEVICE ]===" >> $CHANGELOG echo "" >> $CHANGELOG OUTPUT=`$CLOGINPATH -f $CREDENTIALS -x $CHANGESCRIPTPATH$CHANGESCRIPT $DEVICE` echo "$OUTPUT" >> $CHANGELOG done -- end config-push.sh -- -- Eric Cables On Tue, Sep 16, 2008 at 9:32 AM, Daniel Medina wrote: > On Tue, Sep 16, 2008 at 10:29:03AM +0400, Smirnoff Alexander wrote: >> I want to use RANCID for mass configuration changing on routers, like >> set snmp or syslog server address. >> >> What best place in RANCID scripts for this commands ? > > You could just use clogin. > > As a one-liner: > > $ clogin -c 'conf t; snmp-server host 1.1.1.1 public; end; wr mem' router1 router2 router3 > > Or put the commands in a file: > > $ cat /tmp/commands > conf t > snmp-server host 1.1.1.1 public > end > wr mem > > $ clogin -x /tmp/commands route1 router2 router3 > > Caveats apply (beware of commands which may prompt you back, for example). > > -- > Dan > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Atif.SIDDIQUI at HydroOne.com Wed Sep 17 13:16:21 2008 From: Atif.SIDDIQUI at HydroOne.com (Atif.SIDDIQUI at HydroOne.com) Date: Wed, 17 Sep 2008 09:16:21 -0400 Subject: [rancid] Colleting SW & HW info In-Reply-To: <8423e7bb0809161130o4cee8706yd187f01f1dca6530@mail.gmail.com> Message-ID: <41BBAE5132ABA54BB2BA8716254F03D6F42984@1104MILPEV.corp.hydroone.com> How would we collect information like * IOS, Junos versions running on network devices, * HW: Linecards on GSR's; modules on routers Can we get this info from CVS repository? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080917/e30b33d7/attachment.html From itsjasona at yahoo.com Tue Sep 16 16:36:26 2008 From: itsjasona at yahoo.com (JasonA) Date: Tue, 16 Sep 2008 09:36:26 -0700 (PDT) Subject: [rancid] Re: Choosing what commands are run on collection Message-ID: <224594.76530.qm@web53109.mail.re2.yahoo.com> Perfect - just what I was looking for! And weird that it was only asked for the day before. Thanks a lot!! Jason ----- Original Message ---- From: Daniel Medina To: JasonA Cc: rancid-discuss at shrubbery.net Sent: Tuesday, 16 September, 2008 17:25:58 Subject: Re: [rancid] Choosing what commands are run on collection On Mon, Sep 15, 2008 at 06:00:39AM -0700, JasonA wrote: > Ideally, we would like to change this by getting RANCID to run just "show > run" on the IOS switches, and "show config" on the CatOS switches. I've > checked all the rancid, rancid-run, clogin, cloginrc etc man pages, but I've > not managed to find an obvious way of doing this. I think this came up yesterday; I believe you're looking for the same answer [rancid] Commands run? http://shrubbery.net/pipermail/rancid-discuss/2008-September/003285.html Check out the @commandtable list in bin/rancid and bin/cat5rancid. Comment out what displeases you by prepending the line with a pound character ("#") or modify as otherwise required. -- Dan From asmirnoff at office.beeline.ru Wed Sep 17 06:19:39 2008 From: asmirnoff at office.beeline.ru (Smirnoff Alexander) Date: Wed, 17 Sep 2008 10:19:39 +0400 Subject: [rancid] Re: using RANCID for mass configuration changes In-Reply-To: <20080916163228.GB29476@monkey.local> References: <986544234AB0A44BADE40DF502E2012A014C4E0F@SPBMAIL.spb.sovintel.net> <20080916163228.GB29476@monkey.local> Message-ID: <986544234AB0A44BADE40DF502E2012A014C4E19@SPBMAIL.spb.sovintel.net> Thanx a lot ! ;) -----Original Message----- From: Daniel Medina [mailto:daniel.medina at gmail.com] Sent: Tuesday, September 16, 2008 8:32 PM To: Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] using RANCID for mass configuration changes On Tue, Sep 16, 2008 at 10:29:03AM +0400, Smirnoff Alexander wrote: > I want to use RANCID for mass configuration changing on routers, like > set snmp or syslog server address. > > What best place in RANCID scripts for this commands ? You could just use clogin. As a one-liner: $ clogin -c 'conf t; snmp-server host 1.1.1.1 public; end; wr mem' router1 router2 router3 Or put the commands in a file: $ cat /tmp/commands conf t snmp-server host 1.1.1.1 public end wr mem $ clogin -x /tmp/commands route1 router2 router3 Caveats apply (beware of commands which may prompt you back, for example). -- Dan From rancid at gheek.net Wed Sep 17 17:20:05 2008 From: rancid at gheek.net (Lance Vermilion) Date: Wed, 17 Sep 2008 10:20:05 -0700 Subject: [rancid] Re: Colleting SW & HW info In-Reply-To: <41BBAE5132ABA54BB2BA8716254F03D6F42984@1104MILPEV.corp.hydroone.com> References: <8423e7bb0809161130o4cee8706yd187f01f1dca6530@mail.gmail.com> <41BBAE5132ABA54BB2BA8716254F03D6F42984@1104MILPEV.corp.hydroone.com> Message-ID: <8423e7bb0809171020j2dd30c10i831ba787d3c81822@mail.gmail.com> A lot of this type of info is already captured. Look at the commandtable in the rancid file. It will show all the commands that are run. Rancid also collects snmp ifindex info and some other stuff too. On Wed, Sep 17, 2008 at 6:16 AM, wrote: > > > > > How would we collect information like > > ? IOS, Junos versions running on network devices, > > ? HW: Linecards on GSR's; modules on routers > > > > Can we get this info from CVS repository? > > > > Thanks > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From twelcome at tenet.ac.za Thu Sep 18 09:23:05 2008 From: twelcome at tenet.ac.za (Traiano Welcome) Date: Thu, 18 Sep 2008 11:23:05 +0200 Subject: [rancid] Changing the Default Editor rancid uses Message-ID: Hi List Is it possible to change the default editor rancid uses by setting it in the rancid.conf file? How many places would it be possible to set the rancid editor for rancid (assuming a standard linux operating system like Debian or Ubuntu). Thanks, Traiano -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080918/1cfd0961/attachment.html From hina at hina.fr Thu Sep 18 12:30:43 2008 From: hina at hina.fr (hina) Date: Thu, 18 Sep 2008 14:30:43 +0200 Subject: [rancid] following problem Message-ID: <20080918123043.GB6266@hina.fr> Hi guys, the configuration you gave to me, is working perfectly.. I can login with a user and without enable it, try to start the backup .. BUt .... (of course, there is a "but" ) My network administrator gave us a user (toto) who has the right (level 1/15) to do "show run" and "show start". so I try, by clogin to test it .. look by yourself : $ clogin 10.0.10.XX scape character is '^]'. User Access Verification Username: toto Password: Sw_CCR_1>show start Using 3319 out of 32768 bytes ! ..... ..... line con 0 exec-timeout 0 0 line vty 0 4 password XXXXXXXX login XOXO line vty 5 15 password XXXXXXXX login XIXI ! end Sw_CCR_1>show run Building configuration... Current configuration : 13 bytes ! ! ! ! end Sw_CCR_1> The show run doesnt show any thing.. The show start is working. What is missing ? Which else binary are use during the show run. Can you help me again ? Many thx hina -------------- next part -------------- An embedded message was scrubbed... From: ben ben Subject: =?iso-8859-1?Q?RE:_Petit_pot_de_retour_pour_Hina_(ludivine_caf=E9)?= Date: Tue, 1 Jul 2008 16:01:18 +0200 Size: 3791 Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080918/69ff80a5/attachment.mht From cgauthier at mapscu.com Thu Sep 18 16:32:28 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Thu, 18 Sep 2008 09:32:28 -0700 Subject: [rancid] Re: following problem In-Reply-To: <20080918123043.GB6266@hina.fr> References: <20080918123043.GB6266@hina.fr> Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812A7B555@mshin01.mapscu.com> This sounds more like a permissions issue since clogin isn't running the commands rancid does. Try just logging in without using clogin and see if the same show commands work the same way. If they do, it's not a rancid problem at all (as I suspect). Chris -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of hina Sent: Thursday, September 18, 2008 5:31 AM To: rancid-discuss at shrubbery.net Subject: [rancid] following problem Hi guys, the configuration you gave to me, is working perfectly.. I can login with a user and without enable it, try to start the backup .. BUt .... (of course, there is a "but" ) My network administrator gave us a user (toto) who has the right (level 1/15) to do "show run" and "show start". so I try, by clogin to test it .. look by yourself : $ clogin 10.0.10.XX scape character is '^]'. User Access Verification Username: toto Password: Sw_CCR_1>show start Using 3319 out of 32768 bytes ! ..... ..... line con 0 exec-timeout 0 0 line vty 0 4 password XXXXXXXX login XOXO line vty 5 15 password XXXXXXXX login XIXI ! end Sw_CCR_1>show run Building configuration... Current configuration : 13 bytes ! ! ! ! end Sw_CCR_1> The show run doesnt show any thing.. The show start is working. What is missing ? Which else binary are use during the show run. Can you help me again ? Many thx hina From cgauthier at mapscu.com Thu Sep 18 16:34:45 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Thu, 18 Sep 2008 09:34:45 -0700 Subject: [rancid] Re: Changing the Default Editor rancid uses In-Reply-To: References: Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812A7B561@mshin01.mapscu.com> Rancid doesn't use an "editor." Can you clarify your question or describe what you are trying to do in a different way? Chris From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Traiano Welcome Sent: Thursday, September 18, 2008 2:23 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Changing the Default Editor rancid uses Hi List Is it possible to change the default editor rancid uses by setting it in the rancid.conf file? How many places would it be possible to set the rancid editor for rancid (assuming a standard linux operating system like Debian or Ubuntu). Thanks, Traiano -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080918/4d7ef9e4/attachment.html From daniel.medina at gmail.com Thu Sep 18 16:39:46 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Thu, 18 Sep 2008 12:39:46 -0400 Subject: [rancid] Re: Changing the Default Editor rancid uses In-Reply-To: References: Message-ID: <20080918163946.GD31715@monkey.local> On Thu, Sep 18, 2008 at 11:23:05AM +0200, Traiano Welcome wrote: > Is it possible to change the default editor rancid uses by setting it in the > rancid.conf file? How many places would it be possible to set the rancid > editor for rancid (assuming a standard linux operating system like Debian or > Ubuntu). The Rancid scripts doen't use $EDITOR anywhere that I've ever seen. If you want to change the value for the user you have running the scripts ("rancid" account or other), you can do that in the normal shell initialization scripts. -- Dan From twelcome at tenet.ac.za Fri Sep 19 08:20:57 2008 From: twelcome at tenet.ac.za (Traiano Welcome) Date: Fri, 19 Sep 2008 10:20:57 +0200 Subject: [rancid] Re: Changing the Default Editor rancid uses References: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812A7B561@mshin01.mapscu.com> Message-ID: Hi Chris (This particular question was answered earlier by members of the list) Basically, the question was: "Is it possible to set the EDITOR variable in the environment the rancid user uses by configuring it in the rancid.conf file, and would this have the same effect as setting it in the ".cshrc" for the the rancid user." Agreed that RANCID doesn't "use an editor" and that setting the EDITOR variable will have no effect whatsoever on the operation of RANCID. Thanks, Traiano -----Original Message----- From: Chris Gauthier [mailto:cgauthier at mapscu.com] Sent: Thu 9/18/2008 6:34 PM To: Traiano Welcome; rancid-discuss at shrubbery.net Subject: RE: [rancid] Changing the Default Editor rancid uses Rancid doesn't use an "editor." Can you clarify your question or describe what you are trying to do in a different way? Chris From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Traiano Welcome Sent: Thursday, September 18, 2008 2:23 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Changing the Default Editor rancid uses Hi List Is it possible to change the default editor rancid uses by setting it in the rancid.conf file? How many places would it be possible to set the rancid editor for rancid (assuming a standard linux operating system like Debian or Ubuntu). Thanks, Traiano -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080919/c7c77f90/attachment.html From twelcome at tenet.ac.za Fri Sep 19 08:39:13 2008 From: twelcome at tenet.ac.za (Traiano Welcome) Date: Fri, 19 Sep 2008 10:39:13 +0200 Subject: [rancid] RANCID as an Element of a CMDB System Message-ID: Hi All We've recently been tasked with putting together a CMDB system, and one aspect of this system is the storage (and further analysis) of router configurations. Currently, this is handled in the following way: 1. A rancid instance pulls router configs into the usual "config" directory, resulting in a collection of ,v files. 2. A "cmdb agent script" regularly polls the directory and extracts all new configs and changed router configs into a MySQL database schema. at this point the router configs are considered to be within the CMDB proper. 3. Staff with access to a php web interface can view the physical elements of routers (chassis, Slots, PSU, Processor, Feature Cards etc ...) and their serial and part numbers and thus conduct Asset Tracking and Stores Management. At this point, the system is functional, but a major problem I forsee is keeping the database schema up to date so that when new router models appear with new hardware element fields and formats I would have to modify the schema and some back-end import code to cater for new fields. Ideally, what I want is a pre-canned sql schema for each model router config (or a single generic one!) which would allow me to easily import a router config into a database. Does such a thing exist? Alternatively, is there a RANCID variant out there which already imports router configs to SQL databases? Thanks in Advance, Traiano -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080919/22849190/attachment.html From oliver.gorwits at oucs.ox.ac.uk Fri Sep 19 13:46:41 2008 From: oliver.gorwits at oucs.ox.ac.uk (Oliver Gorwits) Date: Fri, 19 Sep 2008 14:46:41 +0100 Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: References: Message-ID: <48D3AD41.1000900@oucs.ox.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Traiano, Traiano Welcome wrote: | what I want is a pre-canned sql schema for each | model router config (or a single generic one!) which would allow me | to easily import a router config into a database. If you were using SNMP, you could poll the ENTITY-MIB on the network devices. This would reveal their hardware configuration, and it uses a standardized language as described in section 3 of RFC 2737. Some systems such as Netdisco will do this, and insert it into an SQL database. The database schema is quite simple; the RFC uses a strict hierachical model for the physical entities. You could look at the Netdisco or SNMP::Info code for some ideas, perhaps, and translate them for your RANCID-based system. regards, oliver. - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI061B2NPq7pwWBt4RAi52AJ93VHcMrSvg5JBCNTkW1H7Kbh2wDACfUVmu h2KgL6cIfWtD7yfzw8x1rMI= =7Yay -----END PGP SIGNATURE----- From cgauthier at mapscu.com Fri Sep 19 15:58:08 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 19 Sep 2008 08:58:08 -0700 Subject: [rancid] Re: following problem In-Reply-To: <20080919142456.GA27338@hina.fr> References: <20080918123043.GB6266@hina.fr> <0A9A5A2BC1C0A94C981AF5FCF2D2F33812A7B555@mshin01.mapscu.com> <20080919142456.GA27338@hina.fr> Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812AB0E15@mshin01.mapscu.com> I was not referring to file permissions. I was referring to the permissions given to your account (toto) on the network device by your network administrator. This does not sound like a problem with rancid at all, in my opinion. Chris -----Original Message----- From: hina [mailto:hina at hina.fr] Sent: Friday, September 19, 2008 7:25 AM To: Chris Gauthier Subject: Re: [rancid] following problem On Thu, Sep 18, 2008 at 09:32:28AM -0700, Chris Gauthier wrote: Hi Chris Do you know which binaries are used by rancid-run , to check the permissions ? Many thanks hina > This sounds more like a permissions issue since clogin isn't running the > commands rancid does. Try just logging in without using clogin and see > if the same show commands work the same way. If they do, it's not a > rancid problem at all (as I suspect). > > Chris > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of hina > Sent: Thursday, September 18, 2008 5:31 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] following problem > > > Hi guys, the configuration you gave to me, is working perfectly.. > I can login with a user > and without enable it, try to start the backup .. > BUt .... (of course, there is a "but" ) My network administrator gave > us a user (toto) who has the right (level 1/15) to do "show run" and > "show start". > so I try, by clogin to test it .. > look by yourself : > > $ clogin 10.0.10.XX > scape character is '^]'. > > > User Access Verification > > Username: toto > Password: > Sw_CCR_1>show start > Using 3319 out of 32768 bytes > ! > ..... > ..... > line con 0 > exec-timeout 0 0 > line vty 0 4 > password XXXXXXXX > login XOXO > line vty 5 15 > password XXXXXXXX > login XIXI > ! > end > > Sw_CCR_1>show run > Building configuration... > > Current configuration : 13 bytes > ! > ! > ! > ! > end > > Sw_CCR_1> > The show run doesnt show any thing.. The show start is working. > What is missing ? Which else binary are use during the show run. Can > you help me again ? > Many thx > hina > From rancid at gheek.net Fri Sep 19 17:00:42 2008 From: rancid at gheek.net (Lance Vermilion) Date: Fri, 19 Sep 2008 10:00:42 -0700 Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: References: Message-ID: <8423e7bb0809191000l28e96cf7k7f0f54f00c84490c@mail.gmail.com> Traiano, There are commercial tools that do that (AlterPoint, Tripwire, etc). For opensource the only thing I know of off hand is a config collector for Cacti. It is very basic but it does work and it does store the config in mysql. As for Rancid doing what you want I don't think it would be all that hard to simply import the configs then inject them into mysql. To keep the mysql in sync with the rancid repo you could take good note of what rancid looks for and create the proper fields and tables to hold what you want. Rancid and grab what ever you want it to. Hell you can even make it do an snmp query to get info you want. -Lance On Fri, Sep 19, 2008 at 1:39 AM, Traiano Welcome wrote: > Hi All > > We've recently been tasked with putting together a CMDB system, and one > aspect of this system is the storage (and further analysis) of router > configurations. Currently, this is handled in the following way: > > 1. A rancid instance pulls router configs into the usual "config" directory, > resulting in a collection of ,v files. > 2. A "cmdb agent script" regularly polls the directory and extracts all new > configs and changed router configs into a MySQL database schema. at this > point the router configs are considered to be within the CMDB proper. > 3. Staff with access to a php web interface can view the physical elements > of routers (chassis, Slots, PSU, Processor, Feature Cards etc ...) and their > serial and part numbers and thus conduct Asset Tracking and Stores > Management. > > At this point, the system is functional, but a major problem I forsee is > keeping the database schema up to date so that when new router models appear > with new hardware element fields and formats I would have to modify the > schema and some back-end import code to cater for new fields. > Ideally, what I want is a pre-canned sql schema for each model router config > (or a single generic one!) which would allow me to easily import a router > config into a database. > > Does such a thing exist? Alternatively, is there a RANCID variant out there > which already imports router configs to SQL databases? > > Thanks in Advance, > Traiano > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From rancid at gheek.net Fri Sep 19 17:17:29 2008 From: rancid at gheek.net (Lance Vermilion) Date: Fri, 19 Sep 2008 10:17:29 -0700 Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: <8423e7bb0809191000l28e96cf7k7f0f54f00c84490c@mail.gmail.com> References: <8423e7bb0809191000l28e96cf7k7f0f54f00c84490c@mail.gmail.com> Message-ID: <8423e7bb0809191017p411d951i5cb551e4c320ea43@mail.gmail.com> Well I guess I should have checked the update on ziptie. It is already there. http://docs.ziptie.org/doku.php?id=dev:howto_postgresql On Fri, Sep 19, 2008 at 10:00 AM, Lance Vermilion wrote: > Traiano, > > There are commercial tools that do that (AlterPoint, Tripwire, etc). > For opensource the only thing I know of off hand is a config collector > for Cacti. It is very basic but it does work and it does store the > config in mysql. > > As for Rancid doing what you want I don't think it would be all that > hard to simply import the configs then inject them into mysql. To keep > the mysql in sync with the rancid repo you could take good note of > what rancid looks for and create the proper fields and tables to hold > what you want. Rancid and grab what ever you want it to. Hell you can > even make it do an snmp query to get info you want. > > -Lance > > On Fri, Sep 19, 2008 at 1:39 AM, Traiano Welcome wrote: >> Hi All >> >> We've recently been tasked with putting together a CMDB system, and one >> aspect of this system is the storage (and further analysis) of router >> configurations. Currently, this is handled in the following way: >> >> 1. A rancid instance pulls router configs into the usual "config" directory, >> resulting in a collection of ,v files. >> 2. A "cmdb agent script" regularly polls the directory and extracts all new >> configs and changed router configs into a MySQL database schema. at this >> point the router configs are considered to be within the CMDB proper. >> 3. Staff with access to a php web interface can view the physical elements >> of routers (chassis, Slots, PSU, Processor, Feature Cards etc ...) and their >> serial and part numbers and thus conduct Asset Tracking and Stores >> Management. >> >> At this point, the system is functional, but a major problem I forsee is >> keeping the database schema up to date so that when new router models appear >> with new hardware element fields and formats I would have to modify the >> schema and some back-end import code to cater for new fields. >> Ideally, what I want is a pre-canned sql schema for each model router config >> (or a single generic one!) which would allow me to easily import a router >> config into a database. >> >> Does such a thing exist? Alternatively, is there a RANCID variant out there >> which already imports router configs to SQL databases? >> >> Thanks in Advance, >> Traiano >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > From twelcome at tenet.ac.za Mon Sep 22 08:47:09 2008 From: twelcome at tenet.ac.za (Traiano Welcome) Date: Mon, 22 Sep 2008 10:47:09 +0200 Subject: [rancid] Re: RANCID as an Element of a CMDB System References: <48D3AD41.1000900@oucs.ox.ac.uk> Message-ID: Hi Oliver I've gone some way towards building the router schema based on ENTITY-MIB and others (quite labour intensive :-)). Netdisco seems to overlap a lot of what I've done, and offer a number of better features, so it might be worth looking at integrating it into the CMDB system I'm trying to build, as opposed to the custom stuff I've scripted. Many Thanks! Traiano -----Original Message----- From: rancid-discuss-bounces at shrubbery.net on behalf of Oliver Gorwits Sent: Fri 9/19/2008 3:46 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: RANCID as an Element of a CMDB System -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Traiano, Traiano Welcome wrote: | what I want is a pre-canned sql schema for each | model router config (or a single generic one!) which would allow me | to easily import a router config into a database. If you were using SNMP, you could poll the ENTITY-MIB on the network devices. This would reveal their hardware configuration, and it uses a standardized language as described in section 3 of RFC 2737. Some systems such as Netdisco will do this, and insert it into an SQL database. The database schema is quite simple; the RFC uses a strict hierachical model for the physical entities. You could look at the Netdisco or SNMP::Info code for some ideas, perhaps, and translate them for your RANCID-based system. regards, oliver. - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI061B2NPq7pwWBt4RAi52AJ93VHcMrSvg5JBCNTkW1H7Kbh2wDACfUVmu h2KgL6cIfWtD7yfzw8x1rMI= =7Yay -----END PGP SIGNATURE----- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080922/c248035d/attachment.html From rancid at gheek.net Mon Sep 22 16:47:50 2008 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 22 Sep 2008 09:47:50 -0700 Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> References: <48D3AD41.1000900@oucs.ox.ac.uk> <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> Message-ID: <8423e7bb0809220947udd13fdfp54f939cbc3731258@mail.gmail.com> Traiano, The biggest downfall to Netdisco is that it is not a simple install. I think that is what has plagued the project. The UI could use a little updating, but it gets the job done. On Mon, Sep 22, 2008 at 9:47 AM, Lance Vermilion wrote: > Traiano, > > The biggest downfall to Netdisco is that it is not a simple install. I > think that is what has plagued the project. The UI could use a little > updating, but it gets the job done. > > On Mon, Sep 22, 2008 at 1:47 AM, Traiano Welcome wrote: >> Hi Oliver >> >> I've gone some way towards building the router schema based on ENTITY-MIB >> and others (quite labour intensive :-)). Netdisco seems to overlap a lot of >> what I've done, and offer a number of better features, so it might be worth >> looking at integrating it into the CMDB system I'm trying to build, as >> opposed to the custom stuff I've scripted. >> >> Many Thanks! >> Traiano >> >> >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net on behalf of Oliver Gorwits >> Sent: Fri 9/19/2008 3:46 PM >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: RANCID as an Element of a CMDB System >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi Traiano, >> >> Traiano Welcome wrote: >> | what I want is a pre-canned sql schema for each >> | model router config (or a single generic one!) which would allow me >> | to easily import a router config into a database. >> >> If you were using SNMP, you could poll the ENTITY-MIB on the network >> devices. This would reveal their hardware configuration, and it uses a >> standardized language as described in section 3 of RFC 2737. >> >> Some systems such as Netdisco will do this, and insert it into an SQL >> database. The database schema is quite simple; the RFC uses a strict >> hierachical model for the physical entities. >> >> You could look at the Netdisco or SNMP::Info code for some ideas, >> perhaps, and translate them for your RANCID-based system. >> >> regards, >> oliver. >> - -- >> Oliver Gorwits, Network and Telecommunications Group, >> Oxford University Computing Services >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.6 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFI061B2NPq7pwWBt4RAi52AJ93VHcMrSvg5JBCNTkW1H7Kbh2wDACfUVmu >> h2KgL6cIfWtD7yfzw8x1rMI= >> =7Yay >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > From oliver.gorwits at oucs.ox.ac.uk Mon Sep 22 18:49:24 2008 From: oliver.gorwits at oucs.ox.ac.uk (Oliver Gorwits) Date: Mon, 22 Sep 2008 19:49:24 +0100 Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: <8423e7bb0809220947udd13fdfp54f939cbc3731258@mail.gmail.com> References: <48D3AD41.1000900@oucs.ox.ac.uk> <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> <8423e7bb0809220947udd13fdfp54f939cbc3731258@mail.gmail.com> Message-ID: <48D7E8B4.6020602@oucs.ox.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lance Vermilion wrote: > The biggest downfall to Netdisco is that it is not a simple > install. apt-get install netdisco-{frontend,backend} anyway Lance, it's open source so you can always help by letting the project developers know how they could simplify things for you :-) - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI1+i02NPq7pwWBt4RAtppAJ9AxALjKY2z+BkGfHB0UjxJZmwnhQCg11sd vLuEc5AFBW7oBS4AVR+GSiM= =Mpd/ -----END PGP SIGNATURE----- From rancid at gheek.net Mon Sep 22 19:00:11 2008 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 22 Sep 2008 12:00:11 -0700 Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: <48D7E8B4.6020602@oucs.ox.ac.uk> References: <48D3AD41.1000900@oucs.ox.ac.uk> <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> <8423e7bb0809220947udd13fdfp54f939cbc3731258@mail.gmail.com> <48D7E8B4.6020602@oucs.ox.ac.uk> Message-ID: <8423e7bb0809221200j35f46600v2a9a921d8dcc3a9f@mail.gmail.com> Already talked to them about it. Unless i am going to offer up the resources to do it, not likely. apt-get install netdisco....great idea but not functional for any redhat spinoff. On Mon, Sep 22, 2008 at 11:49 AM, Oliver Gorwits wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Lance Vermilion wrote: >> The biggest downfall to Netdisco is that it is not a simple >> install. > > apt-get install netdisco-{frontend,backend} > > anyway Lance, it's open source so you can always help by letting the > project developers know how they could simplify things for you :-) > > - -- > Oliver Gorwits, Network and Telecommunications Group, > Oxford University Computing Services > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFI1+i02NPq7pwWBt4RAtppAJ9AxALjKY2z+BkGfHB0UjxJZmwnhQCg11sd > vLuEc5AFBW7oBS4AVR+GSiM= > =Mpd/ > -----END PGP SIGNATURE----- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From smunzani at comcast.net Mon Sep 22 19:15:54 2008 From: smunzani at comcast.net (Sam Munzani) Date: Mon, 22 Sep 2008 14:15:54 -0500 Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: <8423e7bb0809221200j35f46600v2a9a921d8dcc3a9f@mail.gmail.com> References: <48D3AD41.1000900@oucs.ox.ac.uk> <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> <8423e7bb0809220947udd13fdfp54f939cbc3731258@mail.gmail.com> <48D7E8B4.6020602@oucs.ox.ac.uk> <8423e7bb0809221200j35f46600v2a9a921d8dcc3a9f@mail.gmail.com> Message-ID: <48D7EEEA.5060608@comcast.net> +1 Not an easy deployment on FreeBSD either. Sam > Already talked to them about it. Unless i am going to offer up the > resources to do it, not likely. > > apt-get install netdisco....great idea but not functional for any > redhat spinoff. > > On Mon, Sep 22, 2008 at 11:49 AM, Oliver Gorwits > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> Lance Vermilion wrote: >> >>> The biggest downfall to Netdisco is that it is not a simple >>> install. >>> >> apt-get install netdisco-{frontend,backend} >> >> anyway Lance, it's open source so you can always help by letting the >> project developers know how they could simplify things for you :-) >> >> - -- >> Oliver Gorwits, Network and Telecommunications Group, >> Oxford University Computing Services >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (Darwin) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFI1+i02NPq7pwWBt4RAtppAJ9AxALjKY2z+BkGfHB0UjxJZmwnhQCg11sd >> vLuEc5AFBW7oBS4AVR+GSiM= >> =Mpd/ >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080922/64d1311b/attachment.html From jethro.binks at strath.ac.uk Mon Sep 22 20:03:36 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon, 22 Sep 2008 21:03:36 +0100 (BST) Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: <48D7EEEA.5060608@comcast.net> References: <48D3AD41.1000900@oucs.ox.ac.uk> <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> <8423e7bb0809220947udd13fdfp54f939cbc3731258@mail.gmail.com> <48D7E8B4.6020602@oucs.ox.ac.uk> <8423e7bb0809221200j35f46600v2a9a921d8dcc3a9f@mail.gmail.com> <48D7EEEA.5060608@comcast.net> Message-ID: On Mon, 22 Sep 2008, Sam Munzani wrote: > +1 > > Not an easy deployment on FreeBSD either. "portinstall rancid" ? > > Sam > > Already talked to them about it. Unless i am going to offer up the > > resources to do it, not likely. > > > > apt-get install netdisco....great idea but not functional for any > > redhat spinoff. > > > > On Mon, Sep 22, 2008 at 11:49 AM, Oliver Gorwits > > wrote: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > > > > Lance Vermilion wrote: > > > > > > > The biggest downfall to Netdisco is that it is not a simple > > > > install. > > > > > > > apt-get install netdisco-{frontend,backend} > > > > > > anyway Lance, it's open source so you can always help by letting the > > > project developers know how they could simplify things for you :-) > > > > > > - -- > > > Oliver Gorwits, Network and Telecommunications Group, > > > Oxford University Computing Services > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.7 (Darwin) > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > > > iD8DBQFI1+i02NPq7pwWBt4RAtppAJ9AxALjKY2z+BkGfHB0UjxJZmwnhQCg11sd > > > vLuEc5AFBW7oBS4AVR+GSiM= > > > =Mpd/ > > > -----END PGP SIGNATURE----- > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From jethro.binks at strath.ac.uk Mon Sep 22 20:12:43 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon, 22 Sep 2008 21:12:43 +0100 (BST) Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: References: <48D3AD41.1000900@oucs.ox.ac.uk> <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> <8423e7bb0809220947udd13fdfp54f939cbc3731258@mail.gmail.com> <48D7E8B4.6020602@oucs.ox.ac.uk> <8423e7bb0809221200j35f46600v2a9a921d8dcc3a9f@mail.gmail.com> <48D7EEEA.5060608@comcast.net> Message-ID: On Mon, 22 Sep 2008, Jethro R Binks wrote: > On Mon, 22 Sep 2008, Sam Munzani wrote: > > > +1 > > > > Not an easy deployment on FreeBSD either. > > "portinstall rancid" And indeed, "portinstall netdisco" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK > > ? > > > > > > Sam > > > Already talked to them about it. Unless i am going to offer up the > > > resources to do it, not likely. > > > > > > apt-get install netdisco....great idea but not functional for any > > > redhat spinoff. > > > > > > On Mon, Sep 22, 2008 at 11:49 AM, Oliver Gorwits > > > wrote: > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA1 > > > > > > > > > > > > Lance Vermilion wrote: > > > > > > > > > The biggest downfall to Netdisco is that it is not a simple > > > > > install. > > > > > > > > > apt-get install netdisco-{frontend,backend} > > > > > > > > anyway Lance, it's open source so you can always help by letting the > > > > project developers know how they could simplify things for you :-) > > > > > > > > - -- > > > > Oliver Gorwits, Network and Telecommunications Group, > > > > Oxford University Computing Services > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: GnuPG v1.4.7 (Darwin) > > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > > > > > iD8DBQFI1+i02NPq7pwWBt4RAtppAJ9AxALjKY2z+BkGfHB0UjxJZmwnhQCg11sd > > > > vLuEc5AFBW7oBS4AVR+GSiM= > > > > =Mpd/ > > > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > From gnuisancev3 at gmail.com Mon Sep 22 19:20:07 2008 From: gnuisancev3 at gmail.com (anon anon) Date: Mon, 22 Sep 2008 15:20:07 -0400 Subject: [rancid] problem getting postfix to send to aliases Message-ID: I currently have rancid installed but it seems for the life of me I'm never going to get this system to send mails outside of this box. It's a Debian box, attempted exim at first and gave up on that and moved to postfix. I'm not 100% certain that even if I get postfix to do it's thing if rancid will use it correctly at this point. Unfortunately, I haven't been the only one on this project and many people have stuck their fingers in it without documenting what changes they have made. The problem I have those is I'll change the /etc/aliases file and do a "newaliases". In the /etc/postfix/main.cf I have the following: (mind you i'm editting out our domain name). alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = richxnet01.domain.com, localhost.domain.com, localhost mynetworks = 127.0.0.0/8 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all relayhost = my /etc/alias file looks like this: # /etc/aliases mailer-daemon: postmaster postmaster: root nobody: root hostmaster: root usenet: root news: root webmaster: root www: root ftp: root abuse: root noc: root security: root root: postmaster@ rancid-admin-Juniper: my-name at cavtel.com rancid-admin-Cisco: my-name at cavtel.com rancid-Cisco: my-name at cavtel.com racid-Test: my-name@ my /etc/mailname file looks like this: (again, domain editted) domainname.com and I will do the following to send a test message: *#telnet localhost 25* *Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 localhost ESMTP Postfix (Ubuntu)* *ehlo mail* *250-localhost 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250 8BITMIME* *mail from: * *250 Ok* *rcpt to: *(also have tried rancid-admin-Cisco) 250 Ok *data* *354 End data with . * *Subject: This is a test !* *Wake up please!* *.* *250 Ok: queued as BD8261C01D4* *quit* *Connection closed by foreign host.* Doing a tail /var/log/mail.log gets me the following: 1. Sep 22 14:39:16 RICHXNET01 postfix/smtpd[4552]: disconnect from localhost.localdomain[127.0.0.1] 2. Sep 22 14:45:01 RICHXNET01 postfix/smtpd[5114]: connect from localhost.localdomain[127.0.0.1] 3. Sep 22 14:45:15 RICHXNET01 postfix/smtpd[5114]: disconnect from localhost.localdomain[127.0.0.1] 4. Sep 22 14:45:22 RICHXNET01 postfix/smtpd[5114]: connect from localhost.localdomain[127.0.0.1] 5. Sep 22 14:45:44 RICHXNET01 postfix/smtpd[5114]: 2A3615B4F8: client=localhost.localdomain[127.0.0.1] 6. Sep 22 14:45:54 RICHXNET01 postfix/cleanup[5422]: 2A3615B4F8: message-id=<20080922184544.2A3615B4F8 at richxnet01.localdomain> 7. Sep 22 14:45:54 RICHXNET01 postfix/qmgr[31788]: 2A3615B4F8: from=< tst at tst.com>, size=367, nrcpt=1 (queue active) 8. Sep 22 14:45:55 RICHXNET01 postfix/smtp[5490]: 2A3615B4F8: to=< rancid-Test at my-domain.com>, orig_to=, relay=10.201.60.109[ 10.201.60.109]:25, delay=21, delays=20/0.01/0/0.09, dsn=2.6.0, status=sent (250 2.6.0 <20080922184544.2A3615B4F8 at richxnet01.localdomain> Queued mail for delivery) 9. Sep 22 14:45:55 RICHXNET01 postfix/qmgr[31788]: 2A3615B4F8: removed 10. Sep 22 14:45:56 RICHXNET01 postfix/smtpd[5114]: disconnect from localhost.localdomain[127.0.0.1] It seems the name i'm mailing to is simply getting the domain name appended to it and it's completely ignoring the alias file all together. Rancid is all setup, the cron jobs are good to go, but when i run "rancid-run" I do not recieve any mail. Excuse any ignorance I'm displaying, I've never played with rancid, postfix, or exim before at all. I've tried other avenues for assistance with the postfix folk, but haven't gotten much help. Anything anyone could provide would be greatly appreciated I've been going in circles with this for 2 weeks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080922/19f13075/attachment.html From bgmilne at staff.telkomsa.net Tue Sep 23 06:46:13 2008 From: bgmilne at staff.telkomsa.net (Buchan Milne) Date: Tue, 23 Sep 2008 08:46:13 +0200 Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: <8423e7bb0809221200j35f46600v2a9a921d8dcc3a9f@mail.gmail.com> References: <48D7E8B4.6020602@oucs.ox.ac.uk> <8423e7bb0809221200j35f46600v2a9a921d8dcc3a9f@mail.gmail.com> Message-ID: <200809230846.14618.bgmilne@staff.telkomsa.net> On Monday 22 September 2008 21:00:11 Lance Vermilion wrote: > Already talked to them about it. Unless i am going to offer up the > resources to do it, not likely. > > apt-get install netdisco....great idea but not functional for any > redhat spinoff. Well, the real question isn't the tool you use, but whether Fedora/RH/Centos have packaged all the bits ... [bgmilne at tiger ~]$ urpmi netdisco Running urpmi in restricted mode... In order to satisfy the 'postgresql-server-virtual' dependency, one of the following packages is needed: 1- postgresql8.3-server-8.3.4-1mdv2009.0.x86_64: The programs needed to create and run a PostgreSQL server (to install) 2- postgresql8.2-server-8.2.9-3mdv2009.0.x86_64: The programs needed to create and run a PostgreSQL server (to install) What is your choice? (1-2) 1 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Main") apache-base 2.2.9 12mdv2009.0 x86_64 apache-mod_perl 2.0.4 2mdv2009.0 x86_64 apache-mod_php 5.2.6 3mdv2009.0 x86_64 apache-mod_ssl 2.2.9 12mdv2009.0 x86_64 apache-modules 2.2.9 12mdv2009.0 x86_64 apache-mpm-prefork 2.2.9 12mdv2009.0 x86_64 distcache-server 1.5.1 13mdv2009.0 x86_64 (suggested) lib64distcache1 1.5.1 13mdv2009.0 x86_64 lib64ecpg8.3_6 8.3.4 1mdv2009.0 x86_64 lib64pq8.3_5 8.3.4 1mdv2009.0 x86_64 memcached 1.2.6 2mdv2009.0 x86_64 (suggested) perl-Apache-Test 1.31 2.689836.1md> noarch perl-BSD-Resource 1.29 2mdv2009.0 x86_64 perl-NetSNMP 5.4.2 2mdv2009.0 x86_64 php-ctype 5.2.6 17mdv2009.0 x86_64 php-dom 5.2.6 17mdv2009.0 x86_64 php-filter 5.2.6 17mdv2009.0 x86_64 php-ftp 5.2.6 17mdv2009.0 x86_64 php-gettext 5.2.6 17mdv2009.0 x86_64 php-hash 5.2.6 17mdv2009.0 x86_64 php-ini 5.2.6 2mdv2009.0 x86_64 php-json 5.2.6 17mdv2009.0 x86_64 php-openssl 5.2.6 17mdv2009.0 x86_64 php-posix 5.2.6 17mdv2009.0 x86_64 php-session 5.2.6 17mdv2009.0 x86_64 php-suhosin 0.9.27 1mdv2009.0 x86_64 php-sysvsem 5.2.6 17mdv2009.0 x86_64 php-sysvshm 5.2.6 17mdv2009.0 x86_64 php-tokenizer 5.2.6 17mdv2009.0 x86_64 php-xmlreader 5.2.6 17mdv2009.0 x86_64 php-xmlwriter 5.2.6 17mdv2009.0 x86_64 php-zlib 5.2.6 17mdv2009.0 x86_64 postgresql8.3 8.3.4 1mdv2009.0 x86_64 postgresql8.3-server 8.3.4 1mdv2009.0 x86_64 (medium "Main32") ccp 0.4.1 1mdv2009.0 noarch perl-IPC-Run 0.80 2mdv2009.0 noarch (medium "Contrib") apache-mod_apreq 2.08 15mdv2009.0 x86_64 lib64apreq2 2.08 15mdv2009.0 x86_64 mason 1.33 6mdv2008.1 noarch netdisco 0.95 8mdv2009.0 noarch perl-Apache-DBI 1.07 2mdv2009.0 noarch perl-Apache-ProxyRewrite 0.17 7mdv2009.0 noarch perl-Apache-Session 1.87 1mdv2009.0 noarch perl-Apache-Session-Wrapper 0.33 3mdv2009.0 noarch perl-Class-Container 0.12 5mdv2009.0 noarch perl-Graph 0.84 1mdv2008.1 noarch perl-GraphViz 2.03 3mdv2009.0 noarch perl-MasonX-Request-ExtendedC> 0.03 4mdv2009.0 noarch perl-MasonX-Request-ExtendedC> 0.03 4mdv2009.0 noarch perl-MasonX-Request-WithApach> 0.31 2mdv2009.0 noarch perl-SNMP-Info 2.00 1mdv2009.0 noarch perl-libapreq2 2.08 15mdv2009.0 x86_64 93MB of additional disk space will be used. 17MB of packages will be retrieved. Proceed with the installation of the 52 packages? (Y/n) From twelcome at tenet.ac.za Tue Sep 23 08:19:41 2008 From: twelcome at tenet.ac.za (Traiano Welcome) Date: Tue, 23 Sep 2008 10:19:41 +0200 Subject: [rancid] Re: RANCID as an Element of a CMDB System References: <48D3AD41.1000900@oucs.ox.ac.uk> <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> Message-ID: How easy would it be to use the database schema and backend code, possibly with a different UI, do you think? Well, it's worth a try, it's one of those ymmv things :-) -----Original Message----- From: Lance Vermilion [mailto:lavermil at gheek.net] Sent: Mon 9/22/2008 6:47 PM To: Traiano Welcome Cc: Oliver Gorwits; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: RANCID as an Element of a CMDB System Traiano, The biggest downfall to Netdisco is that it is not a simple install. I think that is what has plagued the project. The UI could use a little updating, but it gets the job done. On Mon, Sep 22, 2008 at 1:47 AM, Traiano Welcome wrote: > Hi Oliver > > I've gone some way towards building the router schema based on ENTITY-MIB > and others (quite labour intensive :-)). Netdisco seems to overlap a lot of > what I've done, and offer a number of better features, so it might be worth > looking at integrating it into the CMDB system I'm trying to build, as > opposed to the custom stuff I've scripted. > > Many Thanks! > Traiano > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net on behalf of Oliver Gorwits > Sent: Fri 9/19/2008 3:46 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: RANCID as an Element of a CMDB System > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Traiano, > > Traiano Welcome wrote: > | what I want is a pre-canned sql schema for each > | model router config (or a single generic one!) which would allow me > | to easily import a router config into a database. > > If you were using SNMP, you could poll the ENTITY-MIB on the network > devices. This would reveal their hardware configuration, and it uses a > standardized language as described in section 3 of RFC 2737. > > Some systems such as Netdisco will do this, and insert it into an SQL > database. The database schema is quite simple; the RFC uses a strict > hierachical model for the physical entities. > > You could look at the Netdisco or SNMP::Info code for some ideas, > perhaps, and translate them for your RANCID-based system. > > regards, > oliver. > - -- > Oliver Gorwits, Network and Telecommunications Group, > Oxford University Computing Services > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFI061B2NPq7pwWBt4RAi52AJ93VHcMrSvg5JBCNTkW1H7Kbh2wDACfUVmu > h2KgL6cIfWtD7yfzw8x1rMI= > =7Yay > -----END PGP SIGNATURE----- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080923/717c5989/attachment.html From twelcome at tenet.ac.za Tue Sep 23 08:22:15 2008 From: twelcome at tenet.ac.za (Traiano Welcome) Date: Tue, 23 Sep 2008 10:22:15 +0200 Subject: [rancid] Re: RANCID as an Element of a CMDB System References: <48D3AD41.1000900@oucs.ox.ac.uk> <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> <8423e7bb0809220947udd13fdfp54f939cbc3731258@mail.gmail.com> <48D7E8B4.6020602@oucs.ox.ac.uk> Message-ID: Hmmm. I wonder which apckage repositories have this (I'm using Ubuntu): --- traiano at diameter:~/$ sudo apt-get install netdisco-backend Reading package lists... Done Building dependency tree Reading state information... Done E: Couldn't find package netdisco-backend traiano at diameter:~/$ apt-cache search netdisco netdiscover - active/passive address scanner using arp requests --- -----Original Message----- From: rancid-discuss-bounces at shrubbery.net on behalf of Oliver Gorwits Sent: Mon 9/22/2008 8:49 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: RANCID as an Element of a CMDB System -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lance Vermilion wrote: > The biggest downfall to Netdisco is that it is not a simple > install. apt-get install netdisco-{frontend,backend} anyway Lance, it's open source so you can always help by letting the project developers know how they could simplify things for you :-) - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI1+i02NPq7pwWBt4RAtppAJ9AxALjKY2z+BkGfHB0UjxJZmwnhQCg11sd vLuEc5AFBW7oBS4AVR+GSiM= =Mpd/ -----END PGP SIGNATURE----- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080923/40773802/attachment.html From twelcome at tenet.ac.za Tue Sep 23 08:26:28 2008 From: twelcome at tenet.ac.za (Traiano Welcome) Date: Tue, 23 Sep 2008 10:26:28 +0200 Subject: [rancid] Re: RANCID as an Element of a CMDB System References: <48D3AD41.1000900@oucs.ox.ac.uk><8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com><8423e7bb0809220947udd13fdfp54f939cbc3731258@mail.gmail.com><48D7E8B4.6020602@oucs.ox.ac.uk> <8423e7bb0809221200j35f46600v2a9a921d8dcc3a9f@mail.gmail.com> Message-ID: Looking at the Netdisco web-page, they *really* are short-staffed! -----Original Message----- From: rancid-discuss-bounces at shrubbery.net on behalf of Lance Vermilion Sent: Mon 9/22/2008 9:00 PM To: Oliver Gorwits Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: RANCID as an Element of a CMDB System Already talked to them about it. Unless i am going to offer up the resources to do it, not likely. apt-get install netdisco....great idea but not functional for any redhat spinoff. On Mon, Sep 22, 2008 at 11:49 AM, Oliver Gorwits wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Lance Vermilion wrote: >> The biggest downfall to Netdisco is that it is not a simple >> install. > > apt-get install netdisco-{frontend,backend} > > anyway Lance, it's open source so you can always help by letting the > project developers know how they could simplify things for you :-) > > - -- > Oliver Gorwits, Network and Telecommunications Group, > Oxford University Computing Services > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFI1+i02NPq7pwWBt4RAtppAJ9AxALjKY2z+BkGfHB0UjxJZmwnhQCg11sd > vLuEc5AFBW7oBS4AVR+GSiM= > =Mpd/ > -----END PGP SIGNATURE----- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080923/a52ebc25/attachment.html From hina at hina.fr Tue Sep 23 15:17:35 2008 From: hina at hina.fr (hina) Date: Tue, 23 Sep 2008 17:17:35 +0200 Subject: [rancid] New problem with .... Dell Message-ID: <20080923151735.GB21951@hina.fr> Hi so I finaly stopped to search without the mode no-enable ... because I can t have the good right to show run via rancid-run So it's working perfectly, with cisco, redback ... but with dell .. I found on the network, some binairies (drancid, dlogin) and a update of rancid-fe(with dell) ok so let explain the first case I DONT UNDERSTAND for this one I try with the configuration IP:cisco:up or IP:dell:up with a configuration autoenable (.cloginrc) add user 10.4.33.7 backup add password 10.4.33.7 90bK09 90bK09 add method 10.4.33.7 telnet add autoenable 10.4.33.7 1 or add user 10.4.33.7 backup add password 10.4.33.7 90bK09 add method 10.4.33.7 telnet add autoenable 10.4.33.7 1 The both working with dlogin or clogin (IP:cisco or IP:dell) as manual .. But ... never work with the binary rancid-run ... I have always : 10.4.33.7 clogin error: Error: TIMEOUT reached What could it be ??? Because for this case, I have no clue, and I dont even understand why it s working with clogin but not with rancid-run ... which all configurations I can use in this case. all advices will be cool, my boss is waiting for that . and of course, we have a majority of dell switches ... thx for all back you can give hina From rancid at gheek.net Tue Sep 23 16:42:42 2008 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 23 Sep 2008 09:42:42 -0700 Subject: [rancid] Re: RANCID as an Element of a CMDB System In-Reply-To: References: <48D3AD41.1000900@oucs.ox.ac.uk> <8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> Message-ID: <8423e7bb0809230942m6066d4ebq3080ac7e2bc53170@mail.gmail.com> Traniano, I don't think it should be that hard. It will for sure take a little bit of research to come up with a set of common commands between all the systems that rancid supports. I would look at the commandtable and then create a table for each vendor that way it can remain fairly consistent and all your fields would match what you have in your rancid file. You could create a table for each general command and then just reference it via the nodeid. Different thoughts for sure one is more relational while one is more flat. Anyway you layout the database it is still going to be a result of what is captured from the commandtable. The above statement is the easy part, the not so fun part is changing up rancid to use that database. Writting it isn't tough, it will be getting it added to the distro so many can use all the hard work. On Tue, Sep 23, 2008 at 1:19 AM, Traiano Welcome wrote: > > How easy would it be to use the database schema and backend code, possibly > with a different UI, do you think? > Well, it's worth a try, it's one of those ymmv things :-) > > > > -----Original Message----- > From: Lance Vermilion [mailto:lavermil at gheek.net] > Sent: Mon 9/22/2008 6:47 PM > To: Traiano Welcome > Cc: Oliver Gorwits; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: RANCID as an Element of a CMDB System > > Traiano, > > The biggest downfall to Netdisco is that it is not a simple install. I > think that is what has plagued the project. The UI could use a little > updating, but it gets the job done. > > On Mon, Sep 22, 2008 at 1:47 AM, Traiano Welcome > wrote: >> Hi Oliver >> >> I've gone some way towards building the router schema based on ENTITY-MIB >> and others (quite labour intensive :-)). Netdisco seems to overlap a lot >> of >> what I've done, and offer a number of better features, so it might be >> worth >> looking at integrating it into the CMDB system I'm trying to build, as >> opposed to the custom stuff I've scripted. >> >> Many Thanks! >> Traiano >> >> >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net on behalf of Oliver Gorwits >> Sent: Fri 9/19/2008 3:46 PM >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: RANCID as an Element of a CMDB System >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi Traiano, >> >> Traiano Welcome wrote: >> | what I want is a pre-canned sql schema for each >> | model router config (or a single generic one!) which would allow me >> | to easily import a router config into a database. >> >> If you were using SNMP, you could poll the ENTITY-MIB on the network >> devices. This would reveal their hardware configuration, and it uses a >> standardized language as described in section 3 of RFC 2737. >> >> Some systems such as Netdisco will do this, and insert it into an SQL >> database. The database schema is quite simple; the RFC uses a strict >> hierachical model for the physical entities. >> >> You could look at the Netdisco or SNMP::Info code for some ideas, >> perhaps, and translate them for your RANCID-based system. >> >> regards, >> oliver. >> - -- >> Oliver Gorwits, Network and Telecommunications Group, >> Oxford University Computing Services >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.6 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFI061B2NPq7pwWBt4RAi52AJ93VHcMrSvg5JBCNTkW1H7Kbh2wDACfUVmu >> h2KgL6cIfWtD7yfzw8x1rMI= >> =7Yay >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > From rancid at gheek.net Tue Sep 23 16:48:01 2008 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 23 Sep 2008 09:48:01 -0700 Subject: [rancid] Re: New problem with .... Dell In-Reply-To: <20080923151735.GB21951@hina.fr> References: <20080923151735.GB21951@hina.fr> Message-ID: <8423e7bb0809230948k5dcb74e9gbec25f58f638e663@mail.gmail.com> You want to try and run this as the rancid user and source all the same files that are sourced when rancid-run is ran. That should help you narrow down the issue. You can also run rancid-run again just that host. I think i recall a debug switch being available too. On Tue, Sep 23, 2008 at 8:17 AM, hina wrote: > Hi > so I finaly stopped to search without the mode no-enable ... because I can t have the good right to show run via rancid-run > > So it's working perfectly, with cisco, redback ... > but with dell .. > I found on the network, some binairies (drancid, dlogin) and a update of rancid-fe(with dell) > ok > so let explain the first case I DONT UNDERSTAND > for this one I try with the configuration IP:cisco:up or IP:dell:up > with a configuration autoenable (.cloginrc) > add user 10.4.33.7 backup > add password 10.4.33.7 90bK09 90bK09 > add method 10.4.33.7 telnet > add autoenable 10.4.33.7 1 > > or > add user 10.4.33.7 backup > add password 10.4.33.7 90bK09 > add method 10.4.33.7 telnet > add autoenable 10.4.33.7 1 > > The both working with dlogin or clogin (IP:cisco or IP:dell) as manual .. > But ... never work with the binary rancid-run > ... > I have always : > 10.4.33.7 clogin error: Error: TIMEOUT reached > > What could it be ??? Because for this case, I have no clue, and I dont even understand why it s working with clogin but not with rancid-run ... which all configurations I can use in this case. > > all advices will be cool, my boss is waiting for that . > and of course, we have a majority of dell switches ... > thx for all back you can give > hina > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From twelcome at tenet.ac.za Wed Sep 24 17:54:00 2008 From: twelcome at tenet.ac.za (Traiano Welcome) Date: Wed, 24 Sep 2008 19:54:00 +0200 Subject: [rancid] Re: RANCID as an Element of a CMDB System References: <48D3AD41.1000900@oucs.ox.ac.uk><8423e7bb0809220947l6c8fe9a1kc06e3c569641a0ef@mail.gmail.com> <8423e7bb0809230942m6066d4ebq3080ac7e2bc53170@mail.gmail.com> Message-ID: Lance Quite true. Thanks for this advice, a number of those points are worth looking at. It suggests I should look at first creating a set of scripts to generate a schema (or an approximate schema) given standard configs from cisco/juniper, and then creating code generic enough to handle new schema adjustments. Time to hit that drawing board :-) Regards, Traiano ________________________________ From: lavermil at gheek.net on behalf of Lance Vermilion Sent: Tue 2008/09/23 06:42 PM To: Traiano Welcome Cc: Oliver Gorwits; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: RANCID as an Element of a CMDB System Traniano, I don't think it should be that hard. It will for sure take a little bit of research to come up with a set of common commands between all the systems that rancid supports. I would look at the commandtable and then create a table for each vendor that way it can remain fairly consistent and all your fields would match what you have in your rancid file. You could create a table for each general command and then just reference it via the nodeid. Different thoughts for sure one is more relational while one is more flat. Anyway you layout the database it is still going to be a result of what is captured from the commandtable. The above statement is the easy part, the not so fun part is changing up rancid to use that database. Writting it isn't tough, it will be getting it added to the distro so many can use all the hard work. On Tue, Sep 23, 2008 at 1:19 AM, Traiano Welcome wrote: > > How easy would it be to use the database schema and backend code, possibly > with a different UI, do you think? > Well, it's worth a try, it's one of those ymmv things :-) > > > > -----Original Message----- > From: Lance Vermilion [mailto:lavermil at gheek.net] > Sent: Mon 9/22/2008 6:47 PM > To: Traiano Welcome > Cc: Oliver Gorwits; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: RANCID as an Element of a CMDB System > > Traiano, > > The biggest downfall to Netdisco is that it is not a simple install. I > think that is what has plagued the project. The UI could use a little > updating, but it gets the job done. > > On Mon, Sep 22, 2008 at 1:47 AM, Traiano Welcome > wrote: >> Hi Oliver >> >> I've gone some way towards building the router schema based on ENTITY-MIB >> and others (quite labour intensive :-)). Netdisco seems to overlap a lot >> of >> what I've done, and offer a number of better features, so it might be >> worth >> looking at integrating it into the CMDB system I'm trying to build, as >> opposed to the custom stuff I've scripted. >> >> Many Thanks! >> Traiano >> >> >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net on behalf of Oliver Gorwits >> Sent: Fri 9/19/2008 3:46 PM >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: RANCID as an Element of a CMDB System >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi Traiano, >> >> Traiano Welcome wrote: >> | what I want is a pre-canned sql schema for each >> | model router config (or a single generic one!) which would allow me >> | to easily import a router config into a database. >> >> If you were using SNMP, you could poll the ENTITY-MIB on the network >> devices. This would reveal their hardware configuration, and it uses a >> standardized language as described in section 3 of RFC 2737. >> >> Some systems such as Netdisco will do this, and insert it into an SQL >> database. The database schema is quite simple; the RFC uses a strict >> hierachical model for the physical entities. >> >> You could look at the Netdisco or SNMP::Info code for some ideas, >> perhaps, and translate them for your RANCID-based system. >> >> regards, >> oliver. >> - -- >> Oliver Gorwits, Network and Telecommunications Group, >> Oxford University Computing Services >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.6 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFI061B2NPq7pwWBt4RAi52AJ93VHcMrSvg5JBCNTkW1H7Kbh2wDACfUVmu >> h2KgL6cIfWtD7yfzw8x1rMI= >> =7Yay >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080924/1b15a318/attachment.html From steve at host-it.co.uk Thu Sep 25 09:22:24 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Thu, 25 Sep 2008 10:22:24 +0100 Subject: [rancid] Errors on new category Message-ID: <096301c91ef0$385504d0$a8ff0e70$@co.uk> Hi All I have recently installed rancid on a new machine to backup a different (physical) site that we have. I have it backing up ASA's no problems, however none of the other CVS categories seem to have created properly. I think I bodged a solution to get the ASA's working because I needed it urgently, leaving the rest of the categories till now. I have tried backing up the switch category and I see the following in the log file for the switch category: rancid:/usr/local/rancid/var/logs# cat switch.20080925.110603 starting: Thu Sep 25 11:06:03 BST 2008 cvs commit: cannot open CVS/Entries for reading: No such file or directory cvs commit: nothing known about `router.db' cvs [commit aborted]: correct above errors first! Does anyone have any ideas how I go about solving this? Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080925/37c064b0/attachment.html From steve at host-it.co.uk Fri Sep 26 12:15:55 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Fri, 26 Sep 2008 13:15:55 +0100 Subject: [rancid] Cisco 2960 switch Message-ID: <0af101c91fd1$a077ee10$e167ca30$@co.uk> Hi All We have just got some Cisco 2960 switches that we need to backup. However when the backup runs on the switch, it simply misses the commands. I think I know why this is, and that is that when I log in with clogin, it logs in ok, and automatically displays the configuration, rather than waiting for Rancid to collect it. This also has problems with paging int hat when I clogin I see "-more-"at the bottom as though it's waiting for me to press space or enter, yet, when I press anything, it just sits there until the connection times out. Has anyone ever got a 2960 backing up ok? If so, did they experience this as well? Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080926/4143c192/attachment.html From SMartin at sourceinterlink.com Fri Sep 26 12:26:28 2008 From: SMartin at sourceinterlink.com (Martin, Seth) Date: Fri, 26 Sep 2008 08:26:28 -0400 Subject: [rancid] Re: Cisco 2960 switch In-Reply-To: <0af101c91fd1$a077ee10$e167ca30$@co.uk> References: <0af101c91fd1$a077ee10$e167ca30$@co.uk> Message-ID: <79B77295FBC9F247A32A6C98B67B1E1401B9F52B@srv-1exch01.sourceinterlink.com> We backup several dozen 2960's without an issue. We are running rancid-2.3.2a2 if that helps. Does rancid log in as a priv'd account or are you using an enable secret? What priv level did you give your rancid user? Are you using anything special for AAA like Tacacs or radius? _____________________________________________________________________ Seth Martin ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Friday, September 26, 2008 8:16 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Cisco 2960 switch Hi All We have just got some Cisco 2960 switches that we need to backup. However when the backup runs on the switch, it simply misses the commands. I think I know why this is, and that is that when I log in with clogin, it logs in ok, and automatically displays the configuration, rather than waiting for Rancid to collect it. This also has problems with paging int hat when I clogin I see "-more-"at the bottom as though it's waiting for me to press space or enter, yet, when I press anything, it just sits there until the connection times out. Has anyone ever got a 2960 backing up ok? If so, did they experience this as well? Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080926/9bcc6980/attachment.html From steve at host-it.co.uk Fri Sep 26 12:53:26 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Fri, 26 Sep 2008 13:53:26 +0100 Subject: [rancid] Re: Cisco 2960 switch In-Reply-To: <79B77295FBC9F247A32A6C98B67B1E1401B9F52B@srv-1exch01.sourceinterlink.com> References: <0af101c91fd1$a077ee10$e167ca30$@co.uk> <79B77295FBC9F247A32A6C98B67B1E1401B9F52B@srv-1exch01.sourceinterlink.com> Message-ID: <0b0d01c91fd6$de060a50$9a121ef0$@co.uk> Hi Martin I have asked a colleague the questions that you asked and the answers are as follows: > Does rancid log in as a priv'd account or are you using an enable secret? Yes, the config states: "username rancid privilege 15 secret 5 ********" > What priv level did you give your rancid user? As you can see from this, the rancid user has priv level 15. We also have: "username rancid autocommand show running" So that when the user "rancid" logs in, it automatically runs "show running". This works fine when I telnet to the switch from the rancid machine, I can page through the output. The reason we have this is so that Rancid can get the configs as an enabled user, but then if anyone gains access to the passwords for Rancid, all they can do is get the configs, and cannot actually change the configs at all. > Are you using anything special for AAA like Tacacs or radius? No we are not using anything special, just plain login and auto-run the command. Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: Martin, Seth [mailto:SMartin at sourceinterlink.com] Sent: 26 September 2008 13:26 To: Steve Ousley; rancid-discuss at shrubbery.net Subject: RE: [rancid] Cisco 2960 switch We backup several dozen 2960's without an issue. We are running rancid-2.3.2a2 if that helps. Does rancid log in as a priv'd account or are you using an enable secret? What priv level did you give your rancid user? Are you using anything special for AAA like Tacacs or radius? _____________________________________________________________________ Seth Martin _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Friday, September 26, 2008 8:16 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Cisco 2960 switch Hi All We have just got some Cisco 2960 switches that we need to backup. However when the backup runs on the switch, it simply misses the commands. I think I know why this is, and that is that when I log in with clogin, it logs in ok, and automatically displays the configuration, rather than waiting for Rancid to collect it. This also has problems with paging int hat when I clogin I see "-more-"at the bottom as though it's waiting for me to press space or enter, yet, when I press anything, it just sits there until the connection times out. Has anyone ever got a 2960 backing up ok? If so, did they experience this as well? Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080926/69582260/attachment.html From rancid at ale.cx Fri Sep 26 13:12:12 2008 From: rancid at ale.cx (Alex Dekker) Date: Fri, 26 Sep 2008 14:12:12 +0100 Subject: [rancid] Re: Cisco 2960 switch In-Reply-To: <0b0d01c91fd6$de060a50$9a121ef0$@co.uk> References: <0af101c91fd1$a077ee10$e167ca30$@co.uk> <79B77295FBC9F247A32A6C98B67B1E1401B9F52B@srv-1exch01.sourceinterlink.com> <0b0d01c91fd6$de060a50$9a121ef0$@co.uk> Message-ID: <200809261412.12166.rancid@ale.cx> On Friday 26 September 2008 13:53:26 Steve Ousley wrote: > We also have: > > "username rancid autocommand show running" > > So that when the user "rancid" logs in, it automatically runs "show > running". This works fine when I telnet to the switch from the rancid > machine, I can page through the output. That's your problem right there. Remove this and it'll work. alexd From SMartin at sourceinterlink.com Fri Sep 26 13:20:18 2008 From: SMartin at sourceinterlink.com (Martin, Seth) Date: Fri, 26 Sep 2008 09:20:18 -0400 Subject: [rancid] Re: Cisco 2960 switch In-Reply-To: <200809261412.12166.rancid@ale.cx> References: <0af101c91fd1$a077ee10$e167ca30$@co.uk><79B77295FBC9F247A32A6C98B67B1E1401B9F52B@srv-1exch01.sourceinterlink.com><0b0d01c91fd6$de060a50$9a121ef0$@co.uk> <200809261412.12166.rancid@ale.cx> Message-ID: <79B77295FBC9F247A32A6C98B67B1E1401B9F57A@srv-1exch01.sourceinterlink.com> If you are worried about Rancid having too much access, you should try restricting it using the privilege configurations in IOS. Maybe someone on here has one already written you can copy to avoid having to figure it all out. I like rancid to have full access to my devices because we use it to push out config. _____________________________________________________________________ Seth Martin -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alex Dekker Sent: Friday, September 26, 2008 9:12 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Cisco 2960 switch On Friday 26 September 2008 13:53:26 Steve Ousley wrote: > We also have: > > "username rancid autocommand show running" > > So that when the user "rancid" logs in, it automatically runs "show > running". This works fine when I telnet to the switch from the rancid > machine, I can page through the output. That's your problem right there. Remove this and it'll work. alexd _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From younes.chaouki at gmail.com Fri Sep 26 09:43:09 2008 From: younes.chaouki at gmail.com (chaouki Ben younes) Date: Fri, 26 Sep 2008 11:43:09 +0200 Subject: [rancid] Rancid SVN support available in 2.3.2a3 Message-ID: <1a16a3c00809260243j639bdd6fp69e53df8acae17db@mail.gmail.com> Hi, I'm looking for manuel of installation of Rancid under SVN Thanks to help me by sending me any mail that contain this kind of configuration Thanks a lot - - - - - - - - - - - - - - - - Cordialement Ben Younes Chaouki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080926/b7b937a6/attachment.html From jlewis at lewis.org Mon Sep 29 12:11:53 2008 From: jlewis at lewis.org (Jon Lewis) Date: Mon, 29 Sep 2008 08:11:53 -0400 (EDT) Subject: [rancid] odd cisco bug Message-ID: Anyone seen this before? We recently added a PA-FE to a 7206 running 12.2(14)S19. Every few runs, we get things like: !Slot 4: type 100BaseTX-ISL, 1 ports !Slot 4: hvers 1.4 rev B0 + !Slot 4: hvers 1.4 rev B0 + !Slot 4: part 73-1688-05, serial 22552957 !Slot 4: part 73-1688-05, serial 22552957 and then !Slot 4: type 100BaseTX-ISL, 1 ports !Slot 4: hvers 1.4 rev B0 - !Slot 4: hvers 1.4 rev B0 - !Slot 4: part 73-1688-05, serial 22552957 !Slot 4: part 73-1688-05, serial 22552957 i.e. the hvers and part lines keep having duplicate lines appear/disappear. The card was online inserted, but the router has been rebooted since. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From lucas.tobey at 1and1.com Mon Sep 29 22:03:48 2008 From: lucas.tobey at 1and1.com (Lucas Tobey) Date: Mon, 29 Sep 2008 18:03:48 -0400 Subject: [rancid] Foundry RANCID issues. Disappearing ACLs and route-maps?! Message-ID: <0MKpCa-1KkQqK3T9o-0005Vs@mrelay.perfora.net> Hello All, We are having some problems with our Foundry routers and RANCID. I'm wondering if anyone else is having these same issues or similar issues. We are noticing that RANCID is sending us a lot of garbage diffs from our configs. It states that ACL, route-maps, and even BGP configuration keeps disappearing and reappearing. Anyone have similar issues or know of a way we can fix this?? Thanks! -Lucas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080929/4efcdebb/attachment.bin