[rancid] DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION
Diego Ercolani
diego.ercolani at ssis.sm
Tue Jul 7 13:50:28 UTC 2009
Hello to all,
I finished modules for the archive of linux configuration.
It's a development version so please dear developer support it in the main
trunk
I wrote 2 modules:
llogin
lrancid
---------- LLOGIN --------------------
llogin is based on clogin 2.3.2 script, try to login via ssh and telnet. It
should login as root.
I did many modification to the clogin script, and I suppose a better check and
better diagnostic look.
The point of view I started from is that linux normally stores configurations
as files in the filesystem, every distribution use its own directory structure
and often, an entire backup of /etc directory is too redundant so I added a
new configuration parameter in the .cloginrc and a new "MetaCommand" that is
BackupFiles that is runned by llogin script using .cloginrc files to feed it.
The new parameter in the .cloginrc is "backupfile", so you need to add for
your linux machines at least a line in the .cloginrc file in the clogin
syntax:
add backupfile <glob host identifier> <path/filename> [path/filename] ...
if you want you can of course add new files in a new line; this is the reason
why I modified the clogin "add" procedure to feed correctly the
int_backupfiles global variable the llogin script is using.
I wrote a new procedure that is send_debug that, when called with a string as
parameter, prints a gren "Debug:" followed by the string, if debug is on.
(this of course is to increment visibility of check strings along the expect
debug stream.
--------- LRANCID ---------
lrancid is a modified version of rancid 2.3.2 that calls llogin with the
BackupFiles metacommand as command argument.
It have some hack to optimize the output of the llogin script, but is more or
less very similar to the rancid script
----------- rancid-fe -----------------
I of course modified the rancid-fe script to manage a new device category that
is "linux".
I'm attaching it to complete the contribution.
----------- sample .cloginrc ----------------------
here is my cloginrc file part that is regarded to the linux machine:
>>>>>>>>>>>> CUT >>>>>>>>>>>>>>
add method linux.machine.domain ssh rlogin
add user linux.machine.domain root
add password linux.machine.domain thepassword thepassword
add autoenable linux.machine.domain 1
add backupfile linux.machine.domain /etc/issue
add backupfile linux.machine.domain /etc/network/interfaces
#add backupfile linux.machine.domain /etc/network/interfaces
<<<<<<<<<<<<<< CUT <<<<<<<<<<<<<<<<
Hope this would help many of you
Diego Ercolani
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lrancid
Type: application/x-perl
Size: 10927 bytes
Desc: not available
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090707/65656dc8/attachment.bin
-------------- next part --------------
#! /usr/bin/expect --
##
## llogin 1.0.2 2009/07/07
## based on clogin.in,v 1.136 2009/04/22 18:59:04
##
## rancid 2.3.2
## Copyright (c) 1997-2009 by Terrapin Communications, Inc.
## All rights reserved.
## llogin (c) Diego Ercolani - SSIS S.p.A. - San Marino
##
## This code is derived from software contributed to and maintained by
## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan,
## Pete Whiting, Austin Schutz, and Andrew Fort.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
## 1. Redistributions of source code must retain the above copyright
## notice, this list of conditions and the following disclaimer.
## 2. Redistributions in binary form must reproduce the above copyright
## notice, this list of conditions and the following disclaimer in the
## documentation and/or other materials provided with the distribution.
## 3. All advertising materials mentioning features or use of this software
## must display the following acknowledgement:
## This product includes software developed by Terrapin Communications,
## Inc. and its contributors for RANCID.
## 4. Neither the name of Terrapin Communications, Inc. nor the names of its
## contributors may be used to endorse or promote products derived from
## this software without specific prior written permission.
## 5. It is requested that non-binding fixes and modifications be contributed
## back to Terrapin Communications, Inc.
##
## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS
## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS
## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
## POSSIBILITY OF SUCH DAMAGE.
#
# The expect login scripts were based on Erik Sherk's gwtn, by permission.
#
# llogin - Linux Login
#
# Most options are intuitive for logging into a Cisco router.
# The default is to enable (thus -noenable). Some folks have
# setup tacacs to have a user login at priv-lvl = 15 (enabled)
# so the -autoenable flag was added for this case (don't go through
# the process of enabling and the prompt will be the "#" prompt.
# The default username password is the same as the vty password.
#
# Usage line
set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c command\] \
\[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \
\[-s script-file\] \[-t timeout\] \[-u username\] \
\[-v vty-password\] \[-w enable-username\] \[-x command-file\] \
\[-y ssh_cypher_type\] router \[router...\]\n"
# env(CLOGIN) may contain:
# x == do not set xterm banner or name
# Password file
set password_file $env(HOME)/.cloginrc
# Default is to login to the router
set do_command 0
set do_script 0
# The default is to automatically enable
set avenable 1
# The default is that you login non-enabled (tacacs can have you login already
# enabled)
set avautoenable 0
# The default is to look in the password file to find the passwords. This
# tracks if we receive them on the command line.
set do_passwd 1
set do_enapasswd 1
# Save config, if prompted
set do_saveconfig 0
#
set send_human {.4 .4 .7 .3 5}
# Find the user in the ENV, or use the unix userid.
if {[ info exists env(CISCO_USER) ]} {
set default_user $env(CISCO_USER)
} elseif {[ info exists env(USER) ]} {
set default_user $env(USER)
} elseif {[ info exists env(LOGNAME) ]} {
set default_user $env(LOGNAME)
} else {
# This uses "id" which I think is portable. At least it has existed
# (without options) on all machines/OSes I've been on recently -
# unlike whoami or id -nu.
if [ catch {exec id} reason ] {
send_error "\nError: could not exec id: $reason\n"
exit 1
}
regexp {\(([^)]*)} "$reason" junk default_user
}
if {[ info exists env(CLOGINRC) ]} {
set password_file $env(CLOGINRC)
}
# Sometimes routers take awhile to answer (the default is 10 sec)
set timeout 45
# Process the command line
for {set i 0} {$i < $argc} {incr i} {
set arg [lindex $argv $i]
switch -glob -- $arg {
# Expect debug mode
-d* {
exp_internal 1
# Username
} -u* {
if {! [regexp .\[uU\](.+) $arg ignore user]} {
incr i
set username [ lindex $argv $i ]
}
# VTY Password
} -p* {
if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} {
incr i
set userpasswd [ lindex $argv $i ]
}
set do_passwd 0
# VTY Password
} -v* {
if {! [regexp .\[vV\](.+) $arg ignore passwd]} {
incr i
set passwd [ lindex $argv $i ]
}
set do_passwd 0
# Version string
} -V* {
send_user "rancid 2.3.2\n"
exit 0
# Enable Username
} -w* {
if {! [regexp .\[wW\](.+) $arg ignore enauser]} {
incr i
set enausername [ lindex $argv $i ]
}
# Environment variable to pass to -s scripts
} -E* {
if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
set E$varname $varvalue
} else {
send_user "\nError: invalid format for -E in $arg\n"
exit 1
}
# Enable Password
} -e* {
if {! [regexp .\[e\](.+) $arg ignore enapasswd]} {
incr i
set enapasswd [ lindex $argv $i ]
}
set do_enapasswd 0
# Command to run.
} -c* {
if {! [regexp .\[cC\](.+) $arg ignore command]} {
incr i
set command [ lindex $argv $i ]
}
set do_command 1
# Expect script to run.
} -s* {
if {! [regexp .\[sS\](.+) $arg ignore sfile]} {
incr i
set sfile [ lindex $argv $i ]
}
if { ! [ file readable $sfile ] } {
send_user "\nError: Can't read $sfile\n"
exit 1
}
set do_script 1
# save config on exit
} -S* {
set do_saveconfig 1
# 'ssh -c' cypher type
} -y* {
if {! [regexp .\[eE\](.+) $arg ignore cypher]} {
incr i
set cypher [ lindex $argv $i ]
}
# alternate cloginrc file
} -f* {
if {! [regexp .\[fF\](.+) $arg ignore password_file]} {
incr i
set password_file [ lindex $argv $i ]
}
# Timeout
} -t* {
if {! [regexp .\[tT\](.+) $arg ignore timeout]} {
incr i
set timeout [ lindex $argv $i ]
}
# Command file
} -x* {
if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} {
incr i
set cmd_file [ lindex $argv $i ]
}
if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
send_user "\nError: $reason\n"
exit 1
}
set cmd_text [read $cmd_fd]
close $cmd_fd
set command [join [split $cmd_text \n] \;]
set do_command 1
# Do we enable?
} -noenable {
set avenable 0
# Does tacacs automatically enable us?
} -autoenable {
set avautoenable 1
set avenable 0
} -* {
send_user "\nError: Unknown argument! $arg\n"
send_user $usage
exit 1
} default {
break
}
}
}
# Process routers...no routers listed is an error.
if { $i == $argc } {
send_user "\nError: $usage"
}
# Only be quiet if we are running a script (it can log its output
# on its own)
if { $do_script } {
log_user 0
} else {
log_user 1
}
#
# Done configuration/variable setting. Now run with it...
#
# Sets Xterm title if interactive...if its an xterm and the user cares
proc label { host } {
global env
# if CLOGIN has an 'x' in it, don't set the xterm name/banner
if [info exists env(CLOGIN)] {
if {[string first "x" $env(CLOGIN)] != -1} { return }
}
# take host from ENV(TERM)
if [info exists env(TERM)] {
if [ regexp \^(xterm|vs) $env(TERM) ignore ] {
send_user "\033]1;[lindex [split $host "."] 0]\a"
send_user "\033]2;$host\a"
}
}
}
# This is a helper function to make the password file easier to
# maintain. Using this the password file has the form:
# add password sl* pete cow
# add password at* steve
# add password * hanky-pie
# Add procedure has been modified to add elements of existant list
# if list exists and first list element is the same
proc add {var args} {
global int_$var ;
if { [info exists int_$var] } {
#search for the key element (the first after the name)
# that is the "glob" element
set variable [set int_$var]
set added 0
for {set i 0} {$i< [llength $variable]} {incr i} {
if { [string compare [lindex $args 0] [lindex [lindex $variable $i] 0]] == 0 } {
#first element of this subelement is equal so we have to add to this subelement
set args [lreplace $args 0 0] ;#delete 1st element of args as it is the glob
#puts "($args)-> [lindex $variable $i]"
set a [lindex $variable $i]
# if args is an array then add single element a time
foreach j $args {
lappend a $j
}
puts "a:$a"
set variable [lreplace $variable $i $i $a]
#puts "risultato: $a==[lindex $variable $i]"
set added 1
break ;#break loop as we added things to current sublist
}
}
if { $added == 1 } {
# we have a new list that have the new items
# so we must redefine the int_$var with the correct list
set int_$var $variable
} else {
# we didn't find any glob that matches the one we have, so
# new list element containing all the subelements
lappend int_$var $args
}
} else {
lappend int_$var $args
}
}
proc include {args} {
global env
regsub -all "(^{|}$)" $args {} args
if { [ regexp "^/" $args ignore ] == 0 } {
set args $env(HOME)/$args
}
source_password_file $args
}
proc find {var router} {
upvar int_$var list
#send_user "searching in $list occurrancies of $var in router $router\n"
if { [info exists list] } {
foreach line $list {
#send_user "$line\n"
if { [string match [lindex $line 0] $router ] } {
return [lrange $line 1 end]
}
}
} else { send_debug "Warning: int_$var list not found\n" }
return {}
}
# Loads the password file. Note that as this file is tcl, and that
# it is sourced, the user better know what to put in there, as it
# could install more than just password info... I will assume however,
# that a "bad guy" could just as easy put such code in the clogin
# script, so I will leave .cloginrc as just an extention of that script
proc source_password_file { password_file } {
global env
if { ! [file exists $password_file] } {
send_user "\nError: password file ($password_file) does not exist\n"
exit 1
}
file stat $password_file fileinfo
if { [expr ($fileinfo(mode) & 007)] != 0000 } {
send_user "\nError: $password_file must not be world readable/writable\n"
exit 1
}
if [ catch {source $password_file} reason ] {
send_user "\nError: $reason\n"
exit 1
}
}
# Log into the router.
# returns: 0 on success, 1 on failure, -1 if rsh was used successfully
proc login { router user userpswd passwd enapasswd cmethod cyphertype } {
global command spawn_id in_proc do_command do_script platform
global prompt u_prompt p_prompt e_prompt sshcmd
set in_proc 1
set uprompt_seen 0
send_debug "In login\n"
# try each of the connection methods in $cmethod until one is successful
set progs [llength $cmethod]
foreach prog [lrange $cmethod 0 end] {
incr progs -1
if [string match "telnet*" $prog] {
regexp {telnet(:([^[:space:]]+))*} $prog methcmd suffix port
if {"$port" == ""} {
set retval [ catch {spawn telnet $router} reason ]
} else {
set retval [ catch {spawn telnet $router $port} reason ]
}
if { $retval } {
send_user "\nError: telnet failed: $reason\n"
return 1
}
} elseif [string match "ssh*" $prog] {
regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port
if {"$port" == ""} {
set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ]
} else {
set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ]
}
if { $retval } {
send_user "\nError: $sshcmd failed: $reason\n"
return 1
}
} elseif ![string compare $prog "rsh"] {
if { ! $do_command } {
if { [llength $cmethod] == 1 } {
send_user "\nError: rsh is an invalid method for -x and "
send_user "interactive logins\n"
}
if { $progs == 0 } {
return 1
}
continue;
}
set commands [split $command \;]
set num_commands [llength $commands]
set rshfail 0
for {set i 0} {$i < $num_commands && !$rshfail} { incr i} {
log_user 0
set retval [ catch {spawn rsh $user@$router [lindex $commands $i] } reason ]
if { $retval } {
send_user "\nError: rsh failed: $reason\n"
log_user 1; return 1
}
send_user "$router# [lindex $commands $i]\n"
# rcmd does not get a pager and no prompts, so we just have to
# look for failures & lines.
expect {
"Connection refused" { catch {close}; catch {wait};
send_user "\nError: Connection\
Refused ($prog): $router\n"
set rshfail 1
}
-re "(Connection closed by|Connection to \[^\n\r]+ closed)" {
catch {close}; catch {wait};
send_user "\nError: Connection\
closed ($prog): $router\n"
set rshfail 1
}
"Host is unreachable" { catch {close}; catch {wait};
send_user "\nError: Host Unreachable:\
$router\n"
set rshfail 1
}
"No address associated with" {
catch {close}; catch {wait};
send_user "\nError: Unknown host\
$router\n"
set rshfail 1
}
-re "\b+" { exp_continue }
-re "\[\n\r]+" { send_user -- "$expect_out(buffer)"
exp_continue
}
timeout { catch {close}; catch {wait};
send_user "\nError: TIMEOUT reached\n"
set rshfail 1
}
eof { catch {close}; catch {wait}; }
}
log_user 1
}
if { $rshfail } {
if { !$progs } {
return 1
} else {
continue
}
}
# fake the end of the session for rancid.
send_user "$router# exit\n"
# return rsh "success"
return -1
} else {
send_user "\nError: unknown connection method: $prog\n"
return 1
}
sleep 0.3
# This helps cleanup each expect clause.
expect_after {
timeout {
send_user "\nError: TIMEOUT reached\n"
catch {close}; catch {wait};
if { $in_proc} {
return 1
} else {
continue
}
} eof {
send_user "\nError: EOF received\n"
catch {close}; catch {wait};
if { $in_proc} {
return 1
} else {
continue
}
}
}
# Here we get a little tricky. There are several possibilities:
# the router can ask for a username and passwd and then
# talk to the TACACS server to authenticate you, or if the
# TACACS server is not working, then it will use the enable
# passwd. Or, the router might not have TACACS turned on,
# then it will just send the passwd.
# if telnet fails with connection refused, try ssh
expect {
-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
catch {close}; catch {wait};
if !$progs {
send_user "\nError: Connection Refused ($prog): $router\n"
return 1
}
}
-re "(Connection closed by|Connection to \[^\n\r]+ closed)" {
catch {close}; catch {wait};
if !$progs {
send_user "\nError: Connection closed ($prog): $router\n"
return 1
}
}
eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 }
-nocase "unknown host\r" {
send_user "\nError: Unknown host $router\n";
catch {close}; catch {wait};
return 1
}
"Host is unreachable" {
send_user "\nError: Host Unreachable: $router\n";
catch {close}; catch {wait};
return 1
}
"No address associated with name" {
send_user "\nError: Unknown host $router\n";
catch {close}; catch {wait};
return 1
}
-re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" {
send "yes\r"
send_user "\nHost $router added to the list of known hosts.\n"
exp_continue
}
-re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" {
send "no\r"
send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n"
catch {close}; catch {wait};
return 1
}
-re "Offending key for .* \(yes\/no\)\?" {
send "no\r"
send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n"
catch {close}; catch {wait};
return 1
}
-re "(denied|Sorry)" {
send_user "\nError: Check your passwd for $router\n"
catch {close}; catch {wait}; return 1
}
"Login failed" {
send_user "\nError: Check your passwd for $router\n"
catch {close}; catch {wait}; return 1
}
-re "% (Bad passwords|Authentication failed)" {
send_user "\nError: Check your passwd for $router\n"
catch {close}; catch {wait}; return 1
}
"Press any key to continue" {
# send_user "Pressing the ANY key\n"
send "\r"
exp_continue
}
-re "Enter Selection: " {
# Catalyst 1900s have some lame menu. Enter
# K to reach a command-line.
send "K\r"
exp_continue
}
-re "Last login:" {
exp_continue
}
-re "@\[^\r\n]+ $p_prompt" {
# ssh pwd prompt
sleep 1
send -- "$userpswd\r"
exp_continue
}
-re "$u_prompt" {
send -- "$user\r"
set uprompt_seen 1
exp_continue
}
-re "$p_prompt" {
sleep 1
if {$uprompt_seen == 1} {
send -- "$userpswd\r"
} else {
send -- "$passwd\r"
}
exp_continue
}
-re "$prompt" { break; }
"Login invalid" {
send_user "\nError: Invalid login: $router\n";
catch {close}; catch {wait}; return 1
}
}
}
# remove usage of history for classic commands from rancid
# set default language (english)
send -- "export HISTIGNORE=\"&:cat *:exit*:export *\";export LANG=C\r"
expect {
-re "$prompt" { }
-re "\b+" { send_user "Error: $expect_out(buffer)"
}
}
set in_proc 0
return 0
}
# Enable
proc do_enable { enauser enapasswd } {
global do_saveconfig in_proc
global prompt u_prompt e_prompt
set in_proc 1
# Set bash answer in english
send "export LANG=C\r"
expect {
"#" { set prompt "#" }
-re "error" { send_user "\nError: check your appliance\n"
return 1
}
}
send "su -\r"
expect {
-re "$u_prompt" { send -- "$enauser\r"; exp_continue}
-re "$e_prompt" { send -- "$enapasswd\r"; exp_continue}
"#" { set prompt "#" }
-re "(denied|Sorry|Incorrect)" {
# % Access denied - from local auth and poss. others
send_user "\nError: Check your Enable passwd\n";
return 1
}
"% Error in authentication" {
send_user "\nError: Check your Enable passwd\n"
return 1
}
-re "(Authentication failure|incorrect password)" {
send_user "\nError: Check your Enable passwd\n"
return 1
}
}
# We set the prompt variable (above) so script files don't need
# to know what it is.
set in_proc 0
return 0
}
proc BackupFiles { host files prompt } {
send_debug "In BackupFiles host:$host files:$files prompt:$prompt\n"
send_user "\n$prompt\BackupFiles\n"
foreach item $files {
send_user "#rancid llogin : $item\n###########"
send -- "\r"
expect {
-re "$prompt" { send -- "cat $item\r"
exp_continue
}
-re "^cat $item\r" { }
-re "^cat: " { send_user -- "\nError: $expect_out(buffer)\n"
exit 1
}
}
expect {
-re "^bash: .*" {
send_user -- "\nError: $expect_out(buffer)\n"
exit 1
}
# word delimiter
-re "\b+" { send_user -- "$expect_out(buffer)"
exp_continue
}
-re "^\[^\r\n *]*$prompt" {
#send_user -- "$expect_out(buffer)"
}
-re "^\[^\r\n]*$prompt." {
#send_user -- "$expect_out(buffer)"
#exp_continue
}
-re "\[\r\n]+" { send_user -- "$expect_out(buffer)"
exp_continue
}
}
}
send_user "$prompt"
send -- "\r"
return 0
}
# Run commands given on the command line.
proc run_commands { host prompt command } {
global in_proc platform
# Every environment variable have to be declared! Variable Scope:
# If I call a procedure that uses a global variable I have also to declare global
# here! (int_backupfile is used when I call [find backupfile $host]
global password_file int_backupfile
set in_proc 1
set reprompt $prompt
# this is the only way i see to get rid of more prompts in o/p..grrrrr
log_user 0
set commands [split $command \;]
set num_commands [llength $commands]
# the pager can not be turned off on the PIX, so we have to look
# for the "More" prompt. the extreme is equally obnoxious, with a
# global switch in the config.
for {set i 0} {$i < $num_commands} { incr i} {
# If command is a "MetaCommand", call the handler procedure
# if it is not a "MetaCommand", passes the command "as is" to
# the console
# send_user "[subst [lindex $commands $i]]\n"
switch -glob -nocase [subst -nocommands [lindex $commands $i]] {
backupfiles {
set files [find backupfile $host]
if { [info exists files] && [llength $files] > 0 } {
BackupFiles $host $files $reprompt
} else {
send_user "\n\nPlease give some entries in $password_file: like this:\n"
send_user "add backupfile $host /etc/passwd /etc/resolv.conf\n\n"
}
}
* {
send -- "\r"
expect {
-re "^.*$reprompt" { send -- "[subst -nocommands [lindex $commands $i]]\r" }
}
expect {
-re "^bash: .*" { send_user -- "\nError: $expect_out(buffer)"
exit 1
}
# word delimiter
-re "\b+" { send_user -- "$expect_out(buffer)"
exp_continue }
-re "^\[^\r\n *]*$reprompt" { send_user -- "$expect_out(buffer)"
}
-re "^\[^\r\n]*$reprompt." { send_user -- "$expect_out(buffer)"
exp_continue
}
-re "\[\r\n]+" { send_user -- "$expect_out(buffer)"
exp_continue
}
}
} ;#end default
} ;#end switch
send_debug "\nEnd Switch\n"
}
log_user 1
send -- "exit\r"
expect {
-re "\b+" { exp_continue }
-re "Connection to .* closed" { return 0}
-re "^\[^\n\r *]*$reprompt" {
# the Cisco CE and Jnx ERX
# return to non-enabled mode
# on exit in enabled mode.
send -h "exit\r"
exp_continue;
}
-re "\[\n\r]+" { exp_continue }
timeout { catch {close}; catch {wait};
return 0
}
eof { return 0 }
}
set in_proc 0
}
proc send_debug { text } {
if { [ exp_internal -info ] == 1 } {
send_user "\033\[32mDebug:\033\[m$text"
}
}
#
# For each router... (this is main loop)
#
source_password_file $password_file
set in_proc 0
set exitval 0
foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user -- "$router\n"
# Figure out the prompt.
# autoenable is off by default. If we have it defined, it was done
# on the command line. If it is not specifically set on the command
# line, check the password file.
if $avautoenable {
set autoenable 1
set enable 0
set prompt ":~# "
} else {
set ae [find autoenable $router]
if { "$ae" == "1" } {
set autoenable 1
set enable 0
set prompt ":~# "
} else {
set autoenable 0
set enable $avenable
set prompt ":~> "
}
}
# look for noenable option in .cloginrc
if { [find noenable $router] != "" } {
set enable 0
}
# Figure out passwords
if { $do_passwd || $do_enapasswd } {
set pswd [find password $router]
if { [llength $pswd] == 0 } {
send_user -- "\nError: no password for $router in $password_file.\n"
continue
}
if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } {
send_user -- "\nError: no enable password for $router in $password_file.\n"
continue
}
set passwd [join [lindex $pswd 0] ""]
set enapasswd [join [lindex $pswd 1] ""]
} else {
set passwd $userpasswd
set enapasswd $enapasswd
}
# Figure out username
if {[info exists username]} {
# command line username
set ruser $username
} else {
set ruser [join [find user $router] ""]
if { "$ruser" == "" } { set ruser $default_user }
}
# Figure out username's password (if different from the vty password)
if {[info exists userpasswd]} {
# command line username
set userpswd $userpasswd
} else {
set userpswd [join [find userpassword $router] ""]
if { "$userpswd" == "" } { set userpswd $passwd }
}
# Figure out enable username
if {[info exists enausername]} {
# command line enausername
set enauser $enausername
} else {
set enauser [join [find enauser $router] ""]
if { "$enauser" == "" } { set enauser $ruser }
}
# Figure out prompts
set u_prompt [find userprompt $router]
if { "$u_prompt" == "" } {
set u_prompt "(Username|Login|login|user name|User):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
}
set p_prompt [find passprompt $router]
if { "$p_prompt" == "" } {
set p_prompt "(\[Pp]assword|passwd):"
} else {
set p_prompt [join [lindex $p_prompt 0] ""]
}
set e_prompt [find enableprompt $router]
if { "$e_prompt" == "" } {
set e_prompt "\[Pp]assword:"
} else {
set e_prompt [join [lindex $e_prompt 0] ""]
}
# Figure out cypher type
if {[info exists cypher]} {
# command line cypher type
set cyphertype $cypher
} else {
set cyphertype [find cyphertype $router]
if { "$cyphertype" == "" } { set cyphertype "3des" }
}
# Figure out connection method
set cmethod [find method $router]
if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} }
# Figure out the SSH executable name
set sshcmd [find sshcmd $router]
if { "$sshcmd" == "" } { set sshcmd {ssh} }
# Login to the router
if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} {
incr exitval
# if login failed or rsh was unsuccessful, move on to the next device
continue
}
send_debug "End of Login\n"
if { $enable } {
if {[do_enable $enauser $enapasswd]} {
if { $do_command || $do_script } {
incr exitval
catch {close}; catch {wait};
continue
}
}
send_debug "End Enable\n"
}
# we are logged in, now figure out the full prompt
send "\r"
expect {
-re "\[\r\n]+" { exp_continue; }
-re "^(.+\[:.])1 ($prompt)" { # stoopid extreme cmd-line numbers and
# prompt based on state of config changes,
# which may have an * at the beginning.
set junk $expect_out(1,string)
regsub -all "^\\\* " $expect_out(1,string) {} junk
regsub -all "\[\]\[\(\)]" $junk {\\&} junk;
set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)";
set platform "extreme"
}
-re "^.+$prompt" { set junk $expect_out(0,string);
regsub -all "\[\]\[\(\)]" $junk {\\&} prompt;
}
}
if { $do_command } {
if {[run_commands $router $prompt $command]} {
incr exitval
continue
}
} elseif { $do_script } {
# If the prompt is (enable), then we are on a switch and the
# command is "set length 0"; otherwise its "terminal length 0".
if [ regexp -- ".*> .*enable" "$prompt" ] {
send "set length 0\r"
expect -re $prompt {}
send "set logging session disable\r"
} else {
send "terminal length 0\r"
}
expect -re $prompt {}
source $sfile
catch {close};
} else {
label $router
log_user 1
interact
}
# End of for each router
catch {wait};
sleep 0.3
}
exit $exitval
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rancid-fe
Type: application/x-perl
Size: 3668 bytes
Desc: not available
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090707/65656dc8/attachment-0001.bin
More information about the Rancid-discuss
mailing list