From zmousm at noc.grnet.gr Thu Dec 1 01:41:02 2011 From: zmousm at noc.grnet.gr (Zenon Mousmoulas) Date: Thu, 01 Dec 2011 03:41:02 +0200 Subject: [rancid] [PATCH 1/2] Better support for subversion repositories In-Reply-To: <20111130215934.GT6099@shrubbery.net> References: <1322487387-1336-1-zmousm@noc.grnet.gr> <1322487387-1336-2-zmousm@noc.grnet.gr> <20111129222838.GA23935@shrubbery.net> <329eddb2b2808988fa6768a6692fadf7@noc.grnet.gr> <20111130215934.GT6099@shrubbery.net> Message-ID: <63ca6be8850f6e8d51d9d1b5714a168f@noc.grnet.gr> On Wed, 30 Nov 2011 21:59:34 +0000, john heasley wrote: > Wed, Nov 30, 2011 at 08:10:28PM +0200, Zenon Mousmoulas: >> On Tue, 29 Nov 2011 22:28:38 +0000, john heasley >> wrote: >> > Mon, Nov 28, 2011 at 03:36:45PM +0200, Zenon Mousmoulas: >> >> Improve subversion support: >> >> - Support arbitrary subversion URLs as (pre-provisioned) repositories. >> >> - Do not overwrite an existing local repository. >> >> - Avoid "svn: Directory '' is out of date" message. >> >> Included for completeness, copied from Debian patch >> >> by Nicolas DEFFAYET : >> >> >> http://patch-tracker.debian.org/patch/series/dl/rancid/2.3.6-1/09_svn.dpatch >> >> >> >> +++ rancid-2.3.6-grnet/bin/control_rancid.in 2011-11-26 >> >> 00:12:08.000000000 +0200 >> >> @@ -167,6 +167,12 @@ >> >> fi >> >> fi >> >> >> >> +# svn update to avoid 'Out of date' error >> >> +if [ $RCSSYS = svn ] >> >> +then >> >> + svn update >> >> +fi >> > >> > why is this necessary? it should never be out of date, unless someone >> has >> > altered the repository, in which case you want to be alerted to that. >> >> We "inherited" this due to merging with the Debian patch I >> mentioned earlier, while forward porting our changes to 2.3.6. Since >> we initially tried to apply our changes on top of the Debian package >> for 2.3.6 (rather than vanilla 2.3.6), we had a conflict with the >> other hunk from this Debian patch: >> >> --- rancid~/bin/rancid-cvs.in >> +++ rancid/bin/rancid-cvs.in >> @@ -131,6 +131,8 @@ >> svn import -m "$GROUP" . file:///$CVSROOT/$GROUP >> cd $BASEDIR >> svn checkout file:///$CVSROOT/$GROUP $GROUP >> + cd $DIR >> + svn update >> fi >> fi >> cd $DIR >> >> So rather than sending only this change (which is required and has >> been tested) we opted for merging with the Debian patch. >> >> I am not sure however when the change you noted would be necessary and >> I certainly can not object to your reasoning against it. Therefore I >> suppose we can drop this hunk. > > there are three cases that i am aware of - 1) someone changes the > respository > from another working set, 2) host crashes leaving files mangled (rare), or > 3) when svn:ignore property is altered. i dont understand why changing > that > property on the directory requires an update, but it does and that was > added > to 2.3.6. Got it, OK. >> I can send an updated patch if you are OK with the rest of the >> changes. ? From zmousm at noc.grnet.gr Thu Dec 1 01:44:32 2011 From: zmousm at noc.grnet.gr (Zenon Mousmoulas) Date: Thu, 01 Dec 2011 03:44:32 +0200 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS In-Reply-To: <20111130215110.GS6099@shrubbery.net> References: <20111129225146.GB23935@shrubbery.net> <43d94f7f9105774c2727e493af738b87@noc.grnet.gr> <20111130215110.GS6099@shrubbery.net> Message-ID: On Wed, 30 Nov 2011 21:51:10 +0000, john heasley wrote: > Wed, Nov 30, 2011 at 08:12:43PM +0200, Zenon Mousmoulas: >> On Tue, 29 Nov 2011 22:51:46 +0000, john heasley >> wrote: >> > Mon, Nov 28, 2011 at 03:36:45PM +0200, Zenon Mousmoulas: >> >> Improve support for Extreme Networks devices running XOS: >> >> - The pager can be disabled per session since XOS 12.3, try to do that >> >> in order to avoid struggling with pager prompts and ANSI sequences >> >> altogether (clogin). >> > >> >> +++ rancid-2.3.6-grnet/bin/clogin.in 2011-11-26 00:15:17.000000000 >> +0200 >> >> @@ -610,11 +610,9 @@ >> >> global do_saveconfig in_proc platform >> >> set in_proc 1 >> >> >> >> - # If the prompt is (enable), then we are on a switch and the >> >> - # command is "set length 0"; otherwise its "terminal length 0". >> >> - # skip if its an extreme (since the pager can not be disabled on >> >> a >> >> - # per-vty basis). >> >> if { [ string compare "extreme" "$platform" ] } { >> >> + # If the prompt is (enable), then we are on a switch and the >> >> + # command is "set length 0"; otherwise its "terminal length >> 0". >> >> if [ regexp -- ".*> .*enable" "$prompt" ] { >> >> send "set length 0\r" >> >> # This is ugly, but reduces code duplication, allowing the >> >> @@ -631,7 +629,12 @@ >> >> -re "\[\n\r]+" { exp_continue } >> >> } >> >> } else { >> >> + send "disable clipaging\r" >> >> set reprompt $prompt >> >> + expect { >> >> + -re $reprompt {} >> >> + -re "\[\n\r]+" { exp_continue } >> >> + } >> >> } >> >> >> >> # this is the only way i see to get rid of more prompts in >> >> o/p..grrrrr >> >> @@ -640,11 +643,14 @@ >> >> set commands [split $command \;] >> >> set num_commands [llength $commands] >> >> # the pager can not be turned off on the PIX, so we have to look >> >> - # for the "More" prompt. the extreme is equally obnoxious, with >> >> a >> >> - # global switch in the config. >> >> + # for the "More" prompt. >> > >> > i think this what you really want: >> >> The following diff seems to be against some version of clogin (other >> than 2.3.6) I don't have access to (is there a public source code repo >> for rancid, btw?) so I can not apply/try it and therefore I'm not sure >> if it is what I really want. > > attached I tried it. The part about "disable clipaging" looks good. However there's still a problem in this version with buffered output from the extreme. After login, when you send "\r", the following expect catches the first prompt, not the one after "\r". This becomes evident later on, when the expect statement in the loop within run_commands catches "disable clipaging\r\n\" rather than the command echoed and its' output. So you're always one step behind, until the end, where you erroneously see a prompt after sending "quit\r" so you also send -h "exit\r". This obviously messes up xrancid parsing as well. See the attached clogin log for more evidence (with exp_internal added after login). The following snippet from our patch addresses this issue, admittedly not very elegantly, but we saw no way to deal with this other than waiting for the extreme to send everything up to the first prompt. Actually, according to my tests, the same thing can also happen on a cisco if you configure a very very large exec banner. So this is generally useful, though not as much/often as for extreme. + # Get all (output after login) you can eat in 1s + # (hopefully up to and including the first prompt). + # This is mostly necessary to work around + # stoopid extreme output buffering. + expect { + -timeout 1 + -re "\[\n\r]+" { exp_continue } + -re "\[^\n\r]+" { exp_continue -continue_timer } + timeout {} + } >> > Index: bin/clogin.in >> > =================================================================== >> > --- bin/clogin.in (revision 2340) >> > +++ bin/clogin.in (working copy) >> > @@ -633,8 +633,8 @@ >> > set commands [split $command \;] >> > set num_commands [llength $commands] >> > # the pager can not be turned off on the PIX, so we have to look >> > - # for the "More" prompt. the extreme is equally obnoxious, with a >> > - # global switch in the config. >> > + # for the "More" prompt. the extreme is equally obnoxious in >> > pre-12.3 XOS, >> > + # with a global switch in the config. >> >> Actually I am not sure this last statement is true: we had not found >> such a "global switch" in pre-12.3 XOS, as far as we can remember. > > What came before XOS? has it always been called XOS? the old extreme > boxes > had a global knob, IIRC. Dunno, ExtremeWare? Fortunately we did not get a chance to see that. Anyway, we didn't see such a knob in any version of XOS 12.x. From zmousm at noc.grnet.gr Thu Dec 1 01:47:56 2011 From: zmousm at noc.grnet.gr (Zenon Mousmoulas) Date: Thu, 01 Dec 2011 03:47:56 +0200 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS In-Reply-To: References: <20111129225146.GB23935@shrubbery.net> <43d94f7f9105774c2727e493af738b87@noc.grnet.gr> <20111130215110.GS6099@shrubbery.net> Message-ID: <15d40d0ca3e858a8dbf0320559ad528f@noc.grnet.gr> On Thu, 01 Dec 2011 03:44:32 +0200, Zenon Mousmoulas wrote: > [...] > However there's still a problem in this version with buffered output from > the extreme. After login, when you send "\r", the following expect > catches the first prompt, not the one after "\r". This becomes evident > later on, when the expect statement in the loop within run_commands > catches > "disable clipaging\r\n\" rather than the command echoed and > its' output. So you're always one step behind, until the end, where you > erroneously see a prompt after sending "quit\r" so you also > send -h "exit\r". This obviously messes up xrancid parsing as > well. See the attached clogin log for more evidence (with exp_internal > added after login). Plus the attachment, sorry. -------------- next part -------------- [snip] password: ExtremeXOS Copyright (C) 2000-2011 Extreme Networks. All rights reserved. Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; 6,980,550; 6,981,174; 7,003,705; 7,017,082; 7,046,665; 7,126,923; 7,142,509; 7,149,217; 7,152,124; 7,154,861; 7,245,619; 7,245,629; 7,269,135. ============================================================================== Press the or '?' key at any time for completions. Remember to save your configuration changes. send: sending "\r" to { exp6 } Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^(.+[:.])1 ((>|#| \(enable\)))' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^.+(>|#| \(enable\))' is ''. Not usable, disabling the performance booster. expect: does " or '?' key at any time for completions.\r\nRemember to save your configuration changes.\r\n\r\n\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " or '?' key at any time for completions.\r\n" expect: continuing expect expect: does "Remember to save your configuration changes.\r\n\r\n\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n\r\n\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Remember to save your configuration changes.\r\n\r\n\r\n" expect: continuing expect expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no duth-asw.grnet.gr.1 # expect: does "duth-asw.grnet.gr.1 # " (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "duth-asw.grnet.gr.1 #" expect: set expect_out(1,string) "duth-asw.grnet.gr." expect: set expect_out(2,string) "#" expect: set expect_out(3,string) "#" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "duth-asw.grnet.gr.1 #" send: sending "disable clipaging\r" to { exp6 } Gate keeper glob pattern for '.? ?duth-asw.grnet.gr.[0-9]+ #' is '*duth-asw?grnet?gr* #'. Activating booster. expect: does " " (spawn_id exp6) match regular expression ".? ?duth-asw.grnet.gr.[0-9]+ #"? Gate "*duth-asw?grnet?gr* #"? gate=no duth-asw.grnet.gr.1 # expect: does " \r\n\rduth-asw.grnet.gr.1 # " (spawn_id exp6) match regular expression ".? ?duth-asw.grnet.gr.[0-9]+ #"? Gate "*duth-asw?grnet?gr* #"? gate=yes re=yes expect: set expect_out(0,string) "\rduth-asw.grnet.gr.1 #" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \r\n\rduth-asw.grnet.gr.1 #" send: sending "show version\r" to { exp6 } Gate keeper glob pattern for '+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^[^ *]*.? ?duth-asw.grnet.gr.[0-9]+ #' is '*duth-asw?grnet?gr* #'. Activating booster. Gate keeper glob pattern for '^[^ ]*.? ?duth-asw.grnet.gr.[0-9]+ #.' is '*duth-asw?grnet?gr* #?'. Activating booster. Gate keeper glob pattern for '^--More--[ ]+' is '--More--*'. Activating booster. Gate keeper glob pattern for '[^ ]*[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '[^ ]*Press to cont[^ ]*' is '*Press to cont*'. Activating booster. Gate keeper glob pattern for '^ *--More--[^ ]*' is '*--More--*'. Activating booster. Gate keeper glob pattern for '^<-+ More -+>[^ ]*' is ''. Not usable, disabling the performance booster. expect: does " " (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*.? ?duth-asw.grnet.gr.[0-9]+ #"? Gate "*duth-asw?grnet?gr* #"? gate=no "^[^\n\r]*.? ?duth-asw.grnet.gr.[0-9]+ #."? Gate "*duth-asw?grnet?gr* #?"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[^\r\n]*[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no expect: does " disable clipaging\r\n\rduth-asw.grnet.gr.2 # " (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*.? ?duth-asw.grnet.gr.[0-9]+ #"? Gate "*duth-asw?grnet?gr* #"? gate=yes re=no "^[^\n\r]*.? ?duth-asw.grnet.gr.[0-9]+ #."? Gate "*duth-asw?grnet?gr* #?"? gate=yes re=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[^\r\n]*[\n\r]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) " disable clipaging\r\n\r" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " disable clipaging\r\n\r" disable clipaging expect: continuing expect expect: does "duth-asw.grnet.gr.2 # " (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*.? ?duth-asw.grnet.gr.[0-9]+ #"? Gate "*duth-asw?grnet?gr* #"? gate=yes re=yes expect: set expect_out(0,string) "duth-asw.grnet.gr.2 #" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "duth-asw.grnet.gr.2 #" duth-asw.grnet.gr.2 # show version Switch : 800242-00-03 0839G-81096 Rev 3.0 BootROM: 1.0.5.5 IMG: 12.5.4.5 XGM2-1 : Image : ExtremeXOS version 12.5.4.5 v1254b5 by release-manager on Tue Jun 28 10:10:40 PDT 2011 BootROM : 1.0.5.5 duth-asw.grnet.gr.3 # show memory System Memory Information ------------------------- Total DRAM (KB): 262144 System (KB): 7476 User (KB): 122892 Free (KB): 131776 Memory Utilization Statistics ----------------------------- show diag Process Name Memory (KB) ----------------------------- aaa 2392 acl 2824 cfgmgr 2208 cli 34772 devmgr 2172 dirser 1520 dosprotect 1648 dot1ag 2288 eaps 2356 edp 2016 elrp 2040 elsm 1940 ems 3284 epm 2716 esrp 2348 ethoam 1996 etmon 3964 exacl 0 exdhcpsnoop 0 exdos 0 exfib 0 exosipv6 0 exosmc 0 exosnvram 0 exosq 0 exsflow 0 exsnoop 0 exvlan 0 fdb 3040 hal 8428 hclag 1980 idMgr 3420 ipSecurity 2564 ipfix 2072 lacp 1964 lldp 2264 mcmgr 3456 msgsrv 1404 netLogin 2308 netTools 2708 nettx 0 nodemgr 1676 poe 1980 polMgr 1788 rtmgr 3112 snmpMaster 3436 snmpSubagent 4492 stp 2792 telnetd 1984 tftpd 1560 thttpd 1904 vlan 3420 vmt 2200 vsm 2288 xmlc 1948 xmld 4536 duth-asw.grnet.gr.4 # show diag show switch Diagnostics never ran duth-asw.grnet.gr.5 # show switch [snip] tduth-asw.grnet.gr.9 # quit Connection closed by foreign host. exit From lists at quux.de Thu Dec 1 08:28:28 2011 From: lists at quux.de (Jens Link) Date: Thu, 01 Dec 2011 09:28:28 +0100 Subject: [rancid] RANCID, CRS and SDR Message-ID: <87r50oitlf.fsf@pc8.berlin.quux.de> Hi, I'm having some problems with RANCID when querying CRS SDRs (Secure Domain Router). RANCID is running once an hour and every time RANCID finds some differences in the hardware configuration. Here is an example: This moring a 7 o'clock: - !NAME: "0/0/* - host - Inlet0", DESCR: "Temperature Sensor" - !VID: N/A - !NAME: "0/0/* - host - Inlet1", DESCR: "Temperature Sensor" And at 8 o'clock + !NAME: "0/0/* - host - Inlet0", DESCR: "Temperature Sensor" + !VID: N/A + !NAME: "0/0/* - host - Inlet1", DESCR: "Temperature Sensor" This is not on related to sensors, I've also seen fan trays, interface cards, ... appearing and disappearing. Any ideas? Querying the actual (hardware) CRS works fine. Regards Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- From tyler at tolaris.com Thu Dec 1 09:01:13 2011 From: tyler at tolaris.com (Tyler J. Wagner) Date: Thu, 01 Dec 2011 09:01:13 +0000 Subject: [rancid] RANCID, CRS and SDR In-Reply-To: <87r50oitlf.fsf@pc8.berlin.quux.de> References: <87r50oitlf.fsf@pc8.berlin.quux.de> Message-ID: <4ED74259.4070701@tolaris.com> Jens, I have the same problem with one of my Cisco Catalyst 6509, when querying via telnet. It removes and adds hardware seemingly at whim. However, the same behaviour is visible when testing with clogin myself - it seems to be the real output. I'd prefer to fix it, or have RANCID ignore it. Right now, I have neither solution. Tyler On 2011-12-01 08:28, Jens Link wrote: > Hi, > > I'm having some problems with RANCID when querying CRS SDRs (Secure > Domain Router). RANCID is running once an hour and every time RANCID > finds some differences in the hardware configuration. > > Here is an example: > > This moring a 7 o'clock: > - !NAME: "0/0/* - host - Inlet0", DESCR: "Temperature Sensor" > - !VID: N/A > - !NAME: "0/0/* - host - Inlet1", DESCR: "Temperature Sensor" > > And at 8 o'clock > + !NAME: "0/0/* - host - Inlet0", DESCR: "Temperature Sensor" > + !VID: N/A > + !NAME: "0/0/* - host - Inlet1", DESCR: "Temperature Sensor" > > This is not on related to sensors, I've also seen fan trays, interface > cards, ... appearing and disappearing. Any ideas? Querying the actual > (hardware) CRS works fine. > > Regards > > Jens -- "Complaining about ionizing radiation on your way to a plane flight is like complaining about a TSA pat-down on your way to Caligula's palace." -- Soren Ragsdale From misch at schwartzkopff.org Thu Dec 1 14:06:42 2011 From: misch at schwartzkopff.org (Michael Schwartzkopff) Date: Thu, 1 Dec 2011 15:06:42 +0100 Subject: [rancid] RANCID, CRS and SDR In-Reply-To: <4ED74259.4070701@tolaris.com> References: <87r50oitlf.fsf@pc8.berlin.quux.de> <4ED74259.4070701@tolaris.com> Message-ID: <201112011506.42770.misch@schwartzkopff.org> > Jens, > > I have the same problem with one of my Cisco Catalyst 6509, when querying > via telnet. It removes and adds hardware seemingly at whim. However, the > same behaviour is visible when testing with clogin myself - it seems to be > the real output. > > I'd prefer to fix it, or have RANCID ignore it. Right now, I have neither > solution. > > Tyler > > On 2011-12-01 08:28, Jens Link wrote: > > Hi, > > > > I'm having some problems with RANCID when querying CRS SDRs (Secure > > Domain Router). RANCID is running once an hour and every time RANCID > > finds some differences in the hardware configuration. > > > > Here is an example: > > > > This moring a 7 o'clock: > > - !NAME: "0/0/* - host - Inlet0", DESCR: "Temperature Sensor" > > - !VID: N/A > > - !NAME: "0/0/* - host - Inlet1", DESCR: "Temperature Sensor" > > > > And at 8 o'clock > > + !NAME: "0/0/* - host - Inlet0", DESCR: "Temperature Sensor" > > + !VID: N/A > > + !NAME: "0/0/* - host - Inlet1", DESCR: "Temperature Sensor" > > > > This is not on related to sensors, I've also seen fan trays, interface > > cards, ... appearing and disappearing. Any ideas? Querying the actual > > (hardware) CRS works fine. > > > > Regards > > > > Jens Hi, possible this behavior is related to the fact, that the output is formatted different every run. Especially we found no way to tell the devices not to add line breaks at will. And yes, we tried "term length 0" already. Greetings, -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 M?nchen Tel: (0163) 172 50 98 Fax: (089) 620 304 13 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From heas at shrubbery.net Thu Dec 1 16:29:45 2011 From: heas at shrubbery.net (john heasley) Date: Thu, 1 Dec 2011 16:29:45 +0000 Subject: [rancid] RANCID, CRS and SDR In-Reply-To: <4ED74259.4070701@tolaris.com> References: <87r50oitlf.fsf@pc8.berlin.quux.de> <4ED74259.4070701@tolaris.com> Message-ID: <20111201162945.GB15868@shrubbery.net> Thu, Dec 01, 2011 at 09:01:13AM +0000, Tyler J. Wagner: > Jens, > > I have the same problem with one of my Cisco Catalyst 6509, when querying > via telnet. It removes and adds hardware seemingly at whim. However, the > same behaviour is visible when testing with clogin myself - it seems to be > the real output. > > I'd prefer to fix it, or have RANCID ignore it. Right now, I have neither > solution. it is most likely a problem with the IOS/IOX or the hardware. we've seen both, though not yet on IOX; requiring reseating the LC or a s/w fix. Its not likely a problem with rancid. as you've mentioned, you see it with clogin too. From daniel.schmidt at wyo.gov Thu Dec 1 16:48:31 2011 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Thu, 1 Dec 2011 09:48:31 -0700 Subject: [rancid] RANCID, CRS and SDR In-Reply-To: <20111201162945.GB15868@shrubbery.net> References: <87r50oitlf.fsf@pc8.berlin.quux.de> <4ED74259.4070701@tolaris.com> <20111201162945.GB15868@shrubbery.net> Message-ID: <8c59c46d7d911cae4611b9518ff88de3@mail.gmail.com> You may consider editing your local rancid to ignore things like these that continually change; it's not difficult to do. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley Sent: Thursday, December 01, 2011 9:30 AM To: Tyler J. Wagner Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] RANCID, CRS and SDR Thu, Dec 01, 2011 at 09:01:13AM +0000, Tyler J. Wagner: > Jens, > > I have the same problem with one of my Cisco Catalyst 6509, when > querying via telnet. It removes and adds hardware seemingly at whim. > However, the same behaviour is visible when testing with clogin myself > - it seems to be the real output. > > I'd prefer to fix it, or have RANCID ignore it. Right now, I have > neither solution. it is most likely a problem with the IOS/IOX or the hardware. we've seen both, though not yet on IOX; requiring reseating the LC or a s/w fix. Its not likely a problem with rancid. as you've mentioned, you see it with clogin too. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss E-Mail to and from me, in connection with the transaction of public business,is subject to the Wyoming Public Records Act, and may be disclosed to third parties. From tyler at tolaris.com Thu Dec 1 17:16:17 2011 From: tyler at tolaris.com (Tyler J. Wagner) Date: Thu, 01 Dec 2011 17:16:17 +0000 Subject: [rancid] RANCID, CRS and SDR In-Reply-To: <8c59c46d7d911cae4611b9518ff88de3@mail.gmail.com> References: <87r50oitlf.fsf@pc8.berlin.quux.de> <4ED74259.4070701@tolaris.com> <20111201162945.GB15868@shrubbery.net> <8c59c46d7d911cae4611b9518ff88de3@mail.gmail.com> Message-ID: <4ED7B661.4040104@tolaris.com> On 2011-12-01 16:48, Daniel Schmidt wrote: > You may consider editing your local rancid to ignore things like these > that continually change; it's not difficult to do. I have very seriously considered that. However, I don't know how to edit it to ignore "show inventory raw" for just this host. Other suggestions welcome. Regards, Tyler -- "Offending fundamentalists isn't my goal ? but if it is an inevitable side-effect of defending human rights, so be it." -- Johann Hari From heas at shrubbery.net Thu Dec 1 17:52:54 2011 From: heas at shrubbery.net (john heasley) Date: Thu, 1 Dec 2011 17:52:54 +0000 Subject: [rancid] RANCID, CRS and SDR In-Reply-To: <4ED7B661.4040104@tolaris.com> References: <87r50oitlf.fsf@pc8.berlin.quux.de> <4ED74259.4070701@tolaris.com> <20111201162945.GB15868@shrubbery.net> <8c59c46d7d911cae4611b9518ff88de3@mail.gmail.com> <4ED7B661.4040104@tolaris.com> Message-ID: <20111201175254.GF15868@shrubbery.net> Thu, Dec 01, 2011 at 05:16:17PM +0000, Tyler J. Wagner: > On 2011-12-01 16:48, Daniel Schmidt wrote: > > You may consider editing your local rancid to ignore things like these > > that continually change; it's not difficult to do. > > I have very seriously considered that. However, I don't know how to edit it > to ignore "show inventory raw" for just this host. Other suggestions welcome. ignoring it for all is easy; for one, less so. you'd have to match the prompt to exclude the output. please please please bitch at your vendor about the problem for the benefit of all. From m.erlich at pomona.fr Fri Dec 2 15:19:55 2011 From: m.erlich at pomona.fr (Michel ERLICH) Date: Fri, 2 Dec 2011 16:19:55 +0100 Subject: [rancid] Manual configuration "download". Message-ID: An HTML attachment was scrubbed... URL: From rwest at zyedge.com Fri Dec 2 15:23:25 2011 From: rwest at zyedge.com (Ryan West) Date: Fri, 2 Dec 2011 15:23:25 +0000 Subject: [rancid] Manual configuration "download". In-Reply-To: References: Message-ID: <5DC4853C6CC3EE4788779E0726E034DDEAD7A8@zy-ex1.zyedge.local> Rancid-run -r From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Michel ERLICH Sent: Friday, December 02, 2011 10:20 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Manual configuration "download". Hello everyone. I just installed Rancid and i'm a bit new to CVS, and I was wondering if it was possible to manually "download" a configuration file from Rancid. Let me explain myslef: Let's suppose 192.168.1.1 is my Rancid Server, and 192.168.1.2 is a switch among other ones. What can i do from the Rancid Server to get only 192.168.1.2's configuration into CVS updated/added, is there a command like "rancid-run 192.168.1.2" ? I tried my best by mysels but couldn't succeed to find my own answer. Thanks in advance. Michel. _____________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From pelle at hemmop.com Sun Dec 4 01:21:29 2011 From: pelle at hemmop.com (Per Carlson) Date: Sun, 4 Dec 2011 02:21:29 +0100 Subject: [rancid] RANCID, CRS and SDR In-Reply-To: <87r50oitlf.fsf@pc8.berlin.quux.de> References: <87r50oitlf.fsf@pc8.berlin.quux.de> Message-ID: Hi Jens. > I'm having some problems with RANCID when querying CRS SDRs (Secure > Domain Router). RANCID is running once an hour and every time RANCID > finds some differences in the hardware configuration. > > Here is an example: > > This moring a 7 o'clock: > - !NAME: "0/0/* - host - Inlet0", DESCR: "Temperature Sensor" > - !VID: N/A > - !NAME: "0/0/* - host - Inlet1", DESCR: "Temperature Sensor" > > And at 8 o'clock > + !NAME: "0/0/* - host - Inlet0", DESCR: "Temperature Sensor" > + !VID: N/A > + !NAME: "0/0/* - host - Inlet1", DESCR: "Temperature Sensor" > > This is not on related to sensors, I've also seen fan trays, interface > cards, ... appearing and disappearing. Any ideas? Querying the actual > (hardware) CRS works fine. I've seen spurios "non-printables" mess up the diff on both IOS and IOS-XR devices. Can't recall from memory if that occurred in "show inventory" on XR. Any way, I do have a substantial code change for xrrancid hanging around at GitHub[0]. *One* of the differences with the stock 2.3.6 code are filtering of "non-printables". If you would like some more info of the changes, checkout the command table at the end of bin/xrrancid.in[1]. You are welcome to give it a try if you like. If you have any suggestions for improvements or other changes, I'm listening. [0] https://github.com/hemmop/rancid/tree/xrrancid [1] https://github.com/hemmop/rancid/blob/xrrancid/bin/xrrancid.in#L836 -- Pelle RFC1925, truth 11: ?Every old idea will be proposed again with a different name and ?a different presentation, regardless of whether it works. From Michael.Boll at SSRC.myflorida.com Mon Dec 5 02:17:58 2011 From: Michael.Boll at SSRC.myflorida.com (Boll, Michael) Date: Sun, 4 Dec 2011 21:17:58 -0500 Subject: [rancid] Has anyone used RANCID to get a copy of the show configuration expanded noprompts on a BlueCoat SG Proxy Message-ID: <814CA7C986123448AD7399C539154D9D04BF9D62@dit00sesmail01.services.ds.state.fl.us> If so, could you tell me how you configured your device type file? Thanks, Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at quux.de Wed Dec 7 13:33:48 2011 From: lists at quux.de (Jens Link) Date: Wed, 07 Dec 2011 14:33:48 +0100 Subject: [rancid] RANCID, CRS and SDR In-Reply-To: (Per Carlson's message of "Sun, 4 Dec 2011 02:21:29 +0100") References: <87r50oitlf.fsf@pc8.berlin.quux.de> Message-ID: <87vcpswloj.fsf@pc8.berlin.quux.de> Per Carlson writes: Hi, > Any way, I do have a substantial code change for xrrancid hanging > around at GitHub[0]. > [1] https://github.com/hemmop/rancid/blob/xrrancid/bin/xrrancid.in#L836 Still the same. One hour the hardware is reported missing, an hour later it there again. :-( I'll keep looking. JEns -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- From heas at shrubbery.net Wed Dec 7 22:38:54 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 7 Dec 2011 22:38:54 +0000 Subject: [rancid] Fortigate rancid issues In-Reply-To: <6581768FDA03C94BB585650903B4F1EB056FDFC0@zamdc02101> References: <6581768FDA03C94BB585650903B4F1EB056FDFC0@zamdc02101> Message-ID: <20111207223854.GA12782@shrubbery.net> Mon, Nov 07, 2011 at 06:55:30AM +0000, Drikus Brits: > Hi all, > > I've recently added a couple of fortigates onto rancid , and seems to work without issues , however , every couple of hours I get some firewalls diffs with stupid changes it picks up somewhere. > > Example : > > > > set av-failopen pass > > - set av-failopen-session disable > > + set av-failopen-session disable > > set batch-cmdb enable > > > Or > > > > config system amc-slot > > - edit "sw1" > > + edit > > + "sw1" > > next > > > && > > Then the next hour : > > > end > > config system amc-slot > > - edit > > - "sw1" > > + edit "sw1" > > next > > end > > > > Any ideas what the problem might be as to why it picks up some commands as 2 lines , and then suddenly as 1 ? > > Thanks Could you try this patch? http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html and, a superset of that (from "Andy") is below. i'd like some confirmation if these work before committing the change. Index: bin/fnlogin.in =================================================================== --- bin/fnlogin.in (revision 2343) +++ bin/fnlogin.in (working copy) @@ -451,6 +451,10 @@ expect -re $prompt; send -- "end\r" expect -re $prompt; +# see http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html + # this is the only way i see to get rid of more prompts in o/p..grrrrr + log_user 0 + set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { @@ -459,10 +463,12 @@ -re "$prompt" { send "\r" sleep 0.5 } - -gl "--More--" { send " " + -gl "--More--\[^\n\r]*" { send " " exp_continue - -re "\[\n\r]+" { exp_continue } } + -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" + exp_continue + } } } expect { @@ -573,8 +579,12 @@ } } elseif { $do_script } { # Disable output paging. + send "config global\r" + expect -re $prompt {} send "config system console\r" + expect -re $prompt {} send "set output standard\r" + expect -re $prompt {} send "end\r" expect -re $prompt {} source $sfile From heas at shrubbery.net Wed Dec 7 23:15:07 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 7 Dec 2011 23:15:07 +0000 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS In-Reply-To: <15d40d0ca3e858a8dbf0320559ad528f@noc.grnet.gr> References: <20111129225146.GB23935@shrubbery.net> <43d94f7f9105774c2727e493af738b87@noc.grnet.gr> <20111130215110.GS6099@shrubbery.net> <15d40d0ca3e858a8dbf0320559ad528f@noc.grnet.gr> Message-ID: <20111207231507.GD12782@shrubbery.net> Thu, Dec 01, 2011 at 03:47:56AM +0200, Zenon Mousmoulas: > On Thu, 01 Dec 2011 03:44:32 +0200, Zenon Mousmoulas > wrote: > > [...] > > However there's still a problem in this version with buffered output > from > > the extreme. After login, when you send "\r", the following expect > > catches the first prompt, not the one after "\r". This becomes evident > > later on, when the expect statement in the loop within run_commands > > catches > > "disable clipaging\r\n\" rather than the command echoed and > > its' output. So you're always one step behind, until the end, where you > > erroneously see a prompt after sending "quit\r" so you also > > send -h "exit\r". This obviously messes up xrancid parsing as > > well. See the attached clogin log for more evidence (with exp_internal > > added after login). > > Plus the attachment, sorry. some data missing there. could you send a complete login to me? clogin -s 'show version' host From mwlucas at blackhelicopters.org Thu Dec 8 17:22:46 2011 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Thu, 8 Dec 2011 12:22:46 -0500 Subject: [rancid] Mikrotik slow exports Message-ID: <20111208172246.GA67987@bewilderbeast.blackhelicopters.org> Hi, I'm using rancid-2.3.3 on FreeBSD, along with mtrancid from http://falz.net/static/rancid/mtrancid The Mikrotik scripts are working erratically. I thought at first this was because an "export" takes quite a while on my border device, but it happens even when I run it against a single small 750 (called "barn"). I can SSH to this small router just fine. If I run "rancid-run -r barn" the log shows the usual "End of run not found." Running mtlogin -d barn %mtrancid -d barn executing mtlogin -t 90 -c"system package print detail;system routerboard print;system license print;export" barn PROMPT MATCH: ] > HIT COMMAND:[admin at MikroTik] > system package print detail In SystemPackagePrintDetail: [admin at MikroTik] > system package print detail [considerable hang here] barn: missed cmd(s): system license print,system routerboard print,export barn: missed cmd(s): system license print,system routerboard print,export barn: End of run not found barn: End of run not found # Any suggestions on what's gone wrong here, or how to debug this? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor From heas at shrubbery.net Thu Dec 8 17:34:27 2011 From: heas at shrubbery.net (john heasley) Date: Thu, 8 Dec 2011 17:34:27 +0000 Subject: [rancid] Mikrotik slow exports In-Reply-To: <20111208172246.GA67987@bewilderbeast.blackhelicopters.org> References: <20111208172246.GA67987@bewilderbeast.blackhelicopters.org> Message-ID: <20111208173426.GH28436@shrubbery.net> Thu, Dec 08, 2011 at 12:22:46PM -0500, Michael W. Lucas: > Hi, > > I'm using rancid-2.3.3 on FreeBSD, along with mtrancid from > http://falz.net/static/rancid/mtrancid > > The Mikrotik scripts are working erratically. I thought at first this > was because an "export" takes quite a while on my border device, but > it happens even when I run it against a single small 750 (called > "barn"). I can SSH to this small router just fine. > > If I run "rancid-run -r barn" the log shows the usual "End of run not found." > > Running mtlogin -d barn > > %mtrancid -d barn > executing mtlogin -t 90 -c"system package print detail;system routerboard print;system license print;export" barn > PROMPT MATCH: ] > > HIT COMMAND:[admin at MikroTik] > system package print detail > In SystemPackagePrintDetail: [admin at MikroTik] > system package print detail > > [considerable hang here] > > barn: missed cmd(s): system license print,system routerboard print,export > barn: missed cmd(s): system license print,system routerboard print,export > barn: End of run not found > barn: End of run not found > # > > Any suggestions on what's gone wrong here, or how to debug this? grab rancid 2.3.7 and use mtlogin -d -c 'commands;command;...' to collect what the expect is really doing/waiting for. From mwlucas at blackhelicopters.org Thu Dec 8 19:56:40 2011 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Thu, 8 Dec 2011 14:56:40 -0500 Subject: [rancid] Mikrotik slow exports In-Reply-To: <20111208173426.GH28436@shrubbery.net> References: <20111208172246.GA67987@bewilderbeast.blackhelicopters.org> <20111208173426.GH28436@shrubbery.net> Message-ID: <20111208195640.GA68960@bewilderbeast.blackhelicopters.org> On Thu, Dec 08, 2011 at 05:34:27PM +0000, john heasley wrote: > > grab rancid 2.3.7 and use > mtlogin -d -c 'commands;command;...' > to collect what the expect is really doing/waiting for. I'm probably missing the obvious, but: I can't find 2.3.7 anywhere. The latest on the FTP site is 2.3.6, and I don't see any links for public access to the dev repository. Can you point me to the download/repo/whatever? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor From jbaird at follett.com Thu Dec 8 19:59:23 2011 From: jbaird at follett.com (Baird, Josh) Date: Thu, 8 Dec 2011 13:59:23 -0600 Subject: [rancid] Mikrotik slow exports In-Reply-To: <20111208195640.GA68960@bewilderbeast.blackhelicopters.org> References: <20111208172246.GA67987@bewilderbeast.blackhelicopters.org><20111208173426.GH28436@shrubbery.net> <20111208195640.GA68960@bewilderbeast.blackhelicopters.org> Message-ID: Michael, Are you using mtrancid with MT RouterOS 5.x? Josh -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Michael W. Lucas Sent: Thursday, December 08, 2011 2:57 PM To: john heasley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Mikrotik slow exports On Thu, Dec 08, 2011 at 05:34:27PM +0000, john heasley wrote: > > grab rancid 2.3.7 and use > mtlogin -d -c 'commands;command;...' > to collect what the expect is really doing/waiting for. I'm probably missing the obvious, but: I can't find 2.3.7 anywhere. The latest on the FTP site is 2.3.6, and I don't see any links for public access to the dev repository. Can you point me to the download/repo/whatever? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Thu Dec 8 20:06:19 2011 From: heas at shrubbery.net (john heasley) Date: Thu, 8 Dec 2011 20:06:19 +0000 Subject: [rancid] Mikrotik slow exports In-Reply-To: <20111208195640.GA68960@bewilderbeast.blackhelicopters.org> References: <20111208172246.GA67987@bewilderbeast.blackhelicopters.org> <20111208173426.GH28436@shrubbery.net> <20111208195640.GA68960@bewilderbeast.blackhelicopters.org> Message-ID: <20111208200619.GR28436@shrubbery.net> Thu, Dec 08, 2011 at 02:56:40PM -0500, Michael W. Lucas: > On Thu, Dec 08, 2011 at 05:34:27PM +0000, john heasley wrote: > > > > grab rancid 2.3.7 and use > > mtlogin -d -c 'commands;command;...' > > to collect what the expect is really doing/waiting for. > > I'm probably missing the obvious, but: > > I can't find 2.3.7 anywhere. The latest on the FTP site is 2.3.6, and > I don't see any links for public access to the dev repository. Can > you point me to the download/repo/whatever? sorry; 2.3.6 - have 2.3.7 on the brain; trying to wrap a few more patches into it before packaging. From mwlucas at blackhelicopters.org Thu Dec 8 20:32:41 2011 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Thu, 8 Dec 2011 15:32:41 -0500 Subject: [rancid] Mikrotik slow exports In-Reply-To: References: <20111208195640.GA68960@bewilderbeast.blackhelicopters.org> Message-ID: <20111208203241.GB69128@bewilderbeast.blackhelicopters.org> Yes. 5.4 and up. On Thu, Dec 08, 2011 at 01:59:23PM -0600, Baird, Josh wrote: > Michael, > > Are you using mtrancid with MT RouterOS 5.x? > > Josh > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Michael W. > Lucas > Sent: Thursday, December 08, 2011 2:57 PM > To: john heasley > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Mikrotik slow exports > > On Thu, Dec 08, 2011 at 05:34:27PM +0000, john heasley wrote: > > > > grab rancid 2.3.7 and use > > mtlogin -d -c 'commands;command;...' > > to collect what the expect is really doing/waiting for. > > I'm probably missing the obvious, but: > > I can't find 2.3.7 anywhere. The latest on the FTP site is 2.3.6, and > I don't see any links for public access to the dev repository. Can > you point me to the download/repo/whatever? > > Thanks, > ==ml > > -- > Michael W. Lucas > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ > mwlucas at BlackHelicopters.org, Twitter @mwlauthor > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor From timoid at timoid.org Thu Dec 8 22:49:56 2011 From: timoid at timoid.org (Tim Warnock) Date: Fri, 9 Dec 2011 08:49:56 +1000 Subject: [rancid] Mikrotik slow exports In-Reply-To: <20111208203241.GB69128@bewilderbeast.blackhelicopters.org> References: <20111208195640.GA68960@bewilderbeast.blackhelicopters.org> <20111208203241.GB69128@bewilderbeast.blackhelicopters.org> Message-ID: <018f01ccb5fb$b7ba4b40$272ee1c0$@timoid.org> Any chance you're carrying bulk amounts of ipv4 routes? > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Michael W. Lucas > Sent: Friday, 9 December 2011 6:33 AM > To: Baird, Josh > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Mikrotik slow exports > > > Yes. 5.4 and up. > > On Thu, Dec 08, 2011 at 01:59:23PM -0600, Baird, Josh wrote: > > Michael, > > > > Are you using mtrancid with MT RouterOS 5.x? > > > > Josh > > > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net > > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Michael W. > > Lucas > > Sent: Thursday, December 08, 2011 2:57 PM > > To: john heasley > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Mikrotik slow exports > > > > On Thu, Dec 08, 2011 at 05:34:27PM +0000, john heasley wrote: > > > > > > grab rancid 2.3.7 and use > > > mtlogin -d -c 'commands;command;...' > > > to collect what the expect is really doing/waiting for. > > > > I'm probably missing the obvious, but: > > > > I can't find 2.3.7 anywhere. The latest on the FTP site is 2.3.6, and > > I don't see any links for public access to the dev repository. Can > > you point me to the download/repo/whatever? > > > > Thanks, > > ==ml > > > > -- > > Michael W. Lucas > > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > > Latest book: Network Flow Analysis > http://www.networkflowanalysis.com/ > > mwlucas at BlackHelicopters.org, Twitter @mwlauthor > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- > Michael W. Lucas > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ > mwlucas at BlackHelicopters.org, Twitter @mwlauthor > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From mwlucas at blackhelicopters.org Fri Dec 9 15:45:09 2011 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Fri, 9 Dec 2011 10:45:09 -0500 Subject: [rancid] Mikrotik slow exports In-Reply-To: <20111208200619.GR28436@shrubbery.net> References: <20111208172246.GA67987@bewilderbeast.blackhelicopters.org> <20111208173426.GH28436@shrubbery.net> <20111208195640.GA68960@bewilderbeast.blackhelicopters.org> <20111208200619.GR28436@shrubbery.net> Message-ID: <20111209154509.GA73882@bewilderbeast.blackhelicopters.org> On Thu, Dec 08, 2011 at 08:06:19PM +0000, john heasley wrote: > Thu, Dec 08, 2011 at 02:56:40PM -0500, Michael W. Lucas: > > On Thu, Dec 08, 2011 at 05:34:27PM +0000, john heasley wrote: > > > > > > grab rancid 2.3.7 and use > > > mtlogin -d -c 'commands;command;...' > > > to collect what the expect is really doing/waiting for. > > > > I'm probably missing the obvious, but: > > > > I can't find 2.3.7 anywhere. The latest on the FTP site is 2.3.6, and > > I don't see any links for public access to the dev repository. Can > > you point me to the download/repo/whatever? > > sorry; 2.3.6 - have 2.3.7 on the brain; trying to wrap a few more patches > into it before packaging. Upgraded to 2.3.6, added the mt* scripts, and everything seems to work fine. I didn't know there were concerns with RouterOS 5, but even my slow-exporting border routers go into CVS just fine with the newer RANCID. ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor From GMourani at prival.ca Mon Dec 12 15:19:07 2011 From: GMourani at prival.ca (Gerhard Mourani) Date: Mon, 12 Dec 2011 10:19:07 -0500 Subject: [rancid] Fortigate rancid issues In-Reply-To: <20111207223854.GA12782@shrubbery.net> References: <6581768FDA03C94BB585650903B4F1EB056FDFC0@zamdc02101> <20111207223854.GA12782@shrubbery.net> Message-ID: Hello, Even with provided patch, I receive every day diff related to VPN connection crypto keys like the following with my FortiGate 80C: !set password ENC !set password ENC set private-key "-----BEGIN RSA PRIVATE KEY----- set private-key "-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FAEBFA3BD9D852E2 DEK-Info: DES-EDE3-CBC,C7650C0C4F6C6104 88melT42IuRmujhlBChB+P/EsRUYA4C5HDEspCCTkawDt5MsIoKIqkx+/afEGCKh 0xk8R9ypKFjgVZtIs+aZjwzotLjg4EHBMunqJUju7b1HJ9NQLCSuQTPom4Cx6sxE gfqtbliorSZN4hbaFr3TambNuOWy32M1rAsYRbmR4g2PW9k02yAktQQsBIWSciM9 5s9Ust2KISMSsMggDmLVDsSXfPFVSxdOoipMu1AklnhJDBGEwACSqycm2eNVAm4U fvYIqSDZO6e733S0iikFoya9n0mcEYZilBk46fOzSRdoPEiAuUtc4zCB/uvQLwrk BSt8jPkX1akEHvyCUBSzqaiG2NMmK5MQaZ4434S8VHEWt1RiWfbDzV3QrQZl4AcZ hJNSuC87AbE9iG0ohvYQgok/xLIPDYdbGLyYK0iBgLDd6qYIzwkINZ1hkNYfyKmx ex/XeQva24dzLFNxurLFYN7BQdUSCQpe3APpjMfjEfEtTKIt+YHf1fUd6jrmpjeX vnIzCTyZsTlgIXm6DRlVnFi7bDrUho5y/S9jQrdj2jEUrgZfVnULqfa9A7k145o/ DC/XrG3IfyDSmv0XdZWbFq1b3fuXuSJ2b8PqYkmho9DqU8eegfcxP3F5jiDKz087 ImBnn7zsKPfpQyc8IXPL+OWUwaCdIkaI8/QHCfJk6tZZfQ0YSfjjhVyeGUo8iB2 TsZIsw7ituk5BTqSHj6iy9HViJ/zLeevmEV6WEgcjD4Uz4UvGTyuws/tHJ3F/gH5 njlVCUWd/U8CGk64FuH311lNBSsWpUNWKBlPiCJfssUDRco1JIgn1Jl3jk3qe4kY sinmPC6EGkNLUwKhTdBRIQ0cLBOI25lpfI3dNLc3oRHmi6Spb7W0VUic3b5eRtuN z6q2e7lPc1FMM70ljRsq7sMhAXrAZNOe890MIzNtDqtMQJph3AiHPPXcWJhfxFym QpDyCfYGX7LYliSnxIBZ34G/YcbgUOJjGvcvhJMR8arVH3V09yS5jD2DTthY3dWI Gerhard, -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley Sent: December-07-11 5:39 PM To: Drikus Brits Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Fortigate rancid issues Mon, Nov 07, 2011 at 06:55:30AM +0000, Drikus Brits: > Hi all, > > I've recently added a couple of fortigates onto rancid , and seems to work without issues , however , every couple of hours I get some firewalls diffs with stupid changes it picks up somewhere. > > Example : > > > > set av-failopen pass > > - set av-failopen-session disable > > + set av-failopen-session disable > > set batch-cmdb enable > > > Or > > > > config system amc-slot > > - edit "sw1" > > + edit > > + "sw1" > > next > > > && > > Then the next hour : > > > end > > config system amc-slot > > - edit > > - "sw1" > > + edit "sw1" > > next > > end > > > > Any ideas what the problem might be as to why it picks up some commands as 2 lines , and then suddenly as 1 ? > > Thanks Could you try this patch? http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html and, a superset of that (from "Andy") is below. i'd like some confirmation if these work before committing the change. Index: bin/fnlogin.in =================================================================== --- bin/fnlogin.in (revision 2343) +++ bin/fnlogin.in (working copy) @@ -451,6 +451,10 @@ expect -re $prompt; send -- "end\r" expect -re $prompt; +# see http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html + # this is the only way i see to get rid of more prompts in o/p..grrrrr + log_user 0 + set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { @@ -459,10 +463,12 @@ -re "$prompt" { send "\r" sleep 0.5 } - -gl "--More--" { send " " + -gl "--More--\[^\n\r]*" { send " " exp_continue - -re "\[\n\r]+" { exp_continue } } + -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" + exp_continue + } } } expect { @@ -573,8 +579,12 @@ } } elseif { $do_script } { # Disable output paging. + send "config global\r" + expect -re $prompt {} send "config system console\r" + expect -re $prompt {} send "set output standard\r" + expect -re $prompt {} send "end\r" expect -re $prompt {} source $sfile _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Drikus.Brits at vodacom.co.za Mon Dec 12 15:25:29 2011 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Mon, 12 Dec 2011 15:25:29 +0000 Subject: [rancid] Fortigate rancid issues In-Reply-To: References: <6581768FDA03C94BB585650903B4F1EB056FDFC0@zamdc02101> <20111207223854.GA12782@shrubbery.net> Message-ID: <6581768FDA03C94BB585650903B4F1EB05736B1F@zamdc02101> HI, Hehe, the below won't fix the certificate that is changing the whole time, if you want to get rid of that you need to make the following changes : fnrancid @209,9 # -- http://www.shrubbery.net/pipermail/rancid-discuss/2011-February/005488.html # -- spot the start of an RSA private key $priv_key = 1 if(/^\s*set private-key "-----BEGIN RSA PRIVATE KEY-----/); # spot the end of an RSA private key $priv_key = 0 && next if(/^\s*-----END RSA PRIVATE KEY-----"/); next if($priv_key == 1); ## end of hack It works well. As for the patch from john & andy, it seems to be working, as I have not yet had some of those fortigate issues. I'd like to monitor till the end of the week before I'd say go ahead with the changes. d. -----Original Message----- From: Gerhard Mourani [mailto:GMourani at prival.ca] Sent: Monday, December 12, 2011 5:19 PM To: john heasley; Drikus Brits Cc: rancid-discuss at shrubbery.net Subject: RE: [rancid] Fortigate rancid issues Hello, Even with provided patch, I receive every day diff related to VPN connection crypto keys like the following with my FortiGate 80C: !set password ENC !set password ENC set private-key "-----BEGIN RSA PRIVATE KEY----- set private-key "-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FAEBFA3BD9D852E2 DEK-Info: DES-EDE3-CBC,C7650C0C4F6C6104 88melT42IuRmujhlBChB+P/EsRUYA4C5HDEspCCTkawDt5MsIoKIqkx+/afEGCKh 0xk8R9ypKFjgVZtIs+aZjwzotLjg4EHBMunqJUju7b1HJ9NQLCSuQTPom4Cx6sxE gfqtbliorSZN4hbaFr3TambNuOWy32M1rAsYRbmR4g2PW9k02yAktQQsBIWSciM9 5s9Ust2KISMSsMggDmLVDsSXfPFVSxdOoipMu1AklnhJDBGEwACSqycm2eNVAm4U fvYIqSDZO6e733S0iikFoya9n0mcEYZilBk46fOzSRdoPEiAuUtc4zCB/uvQLwrk BSt8jPkX1akEHvyCUBSzqaiG2NMmK5MQaZ4434S8VHEWt1RiWfbDzV3QrQZl4AcZ hJNSuC87AbE9iG0ohvYQgok/xLIPDYdbGLyYK0iBgLDd6qYIzwkINZ1hkNYfyKmx ex/XeQva24dzLFNxurLFYN7BQdUSCQpe3APpjMfjEfEtTKIt+YHf1fUd6jrmpjeX vnIzCTyZsTlgIXm6DRlVnFi7bDrUho5y/S9jQrdj2jEUrgZfVnULqfa9A7k145o/ DC/XrG3IfyDSmv0XdZWbFq1b3fuXuSJ2b8PqYkmho9DqU8eegfcxP3F5jiDKz087 ImBnn7zsKPfpQyc8IXPL+OWUwaCdIkaI8/QHCfJk6tZZfQ0YSfjjhVyeGUo8iB2 TsZIsw7ituk5BTqSHj6iy9HViJ/zLeevmEV6WEgcjD4Uz4UvGTyuws/tHJ3F/gH5 njlVCUWd/U8CGk64FuH311lNBSsWpUNWKBlPiCJfssUDRco1JIgn1Jl3jk3qe4kY sinmPC6EGkNLUwKhTdBRIQ0cLBOI25lpfI3dNLc3oRHmi6Spb7W0VUic3b5eRtuN z6q2e7lPc1FMM70ljRsq7sMhAXrAZNOe890MIzNtDqtMQJph3AiHPPXcWJhfxFym QpDyCfYGX7LYliSnxIBZ34G/YcbgUOJjGvcvhJMR8arVH3V09yS5jD2DTthY3dWI Gerhard, -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley Sent: December-07-11 5:39 PM To: Drikus Brits Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Fortigate rancid issues Mon, Nov 07, 2011 at 06:55:30AM +0000, Drikus Brits: > Hi all, > > I've recently added a couple of fortigates onto rancid , and seems to work without issues , however , every couple of hours I get some firewalls diffs with stupid changes it picks up somewhere. > > Example : > > > > set av-failopen pass > > - set av-failopen-session disable > > + set av-failopen-session disable > > set batch-cmdb enable > > > Or > > > > config system amc-slot > > - edit "sw1" > > + edit > > + "sw1" > > next > > > && > > Then the next hour : > > > end > > config system amc-slot > > - edit > > - "sw1" > > + edit "sw1" > > next > > end > > > > Any ideas what the problem might be as to why it picks up some commands as 2 lines , and then suddenly as 1 ? > > Thanks Could you try this patch? http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html and, a superset of that (from "Andy") is below. i'd like some confirmation if these work before committing the change. Index: bin/fnlogin.in =================================================================== --- bin/fnlogin.in (revision 2343) +++ bin/fnlogin.in (working copy) @@ -451,6 +451,10 @@ expect -re $prompt; send -- "end\r" expect -re $prompt; +# see http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html + # this is the only way i see to get rid of more prompts in o/p..grrrrr + log_user 0 + set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { @@ -459,10 +463,12 @@ -re "$prompt" { send "\r" sleep 0.5 } - -gl "--More--" { send " " + -gl "--More--\[^\n\r]*" { send " " exp_continue - -re "\[\n\r]+" { exp_continue } } + -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" + exp_continue + } } } expect { @@ -573,8 +579,12 @@ } } elseif { $do_script } { # Disable output paging. + send "config global\r" + expect -re $prompt {} send "config system console\r" + expect -re $prompt {} send "set output standard\r" + expect -re $prompt {} send "end\r" expect -re $prompt {} source $sfile _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " From GMourani at prival.ca Mon Dec 12 15:32:26 2011 From: GMourani at prival.ca (Gerhard Mourani) Date: Mon, 12 Dec 2011 10:32:26 -0500 Subject: [rancid] Fortigate rancid issues In-Reply-To: <6581768FDA03C94BB585650903B4F1EB05736B1F@zamdc02101> References: <6581768FDA03C94BB585650903B4F1EB056FDFC0@zamdc02101> <20111207223854.GA12782@shrubbery.net> <6581768FDA03C94BB585650903B4F1EB05736B1F@zamdc02101> Message-ID: Thanks, I've applied the changes and will let all know if this work for me too after some days. -----Original Message----- From: Drikus Brits [mailto:Drikus.Brits at vodacom.co.za] Sent: December-12-11 10:25 AM To: Gerhard Mourani; john heasley Cc: rancid-discuss at shrubbery.net Subject: RE: [rancid] Fortigate rancid issues HI, Hehe, the below won't fix the certificate that is changing the whole time, if you want to get rid of that you need to make the following changes : fnrancid @209,9 # -- http://www.shrubbery.net/pipermail/rancid-discuss/2011-February/005488.html # -- spot the start of an RSA private key $priv_key = 1 if(/^\s*set private-key "-----BEGIN RSA PRIVATE KEY-----/); # spot the end of an RSA private key $priv_key = 0 && next if(/^\s*-----END RSA PRIVATE KEY-----"/); next if($priv_key == 1); ## end of hack It works well. As for the patch from john & andy, it seems to be working, as I have not yet had some of those fortigate issues. I'd like to monitor till the end of the week before I'd say go ahead with the changes. d. -----Original Message----- From: Gerhard Mourani [mailto:GMourani at prival.ca] Sent: Monday, December 12, 2011 5:19 PM To: john heasley; Drikus Brits Cc: rancid-discuss at shrubbery.net Subject: RE: [rancid] Fortigate rancid issues Hello, Even with provided patch, I receive every day diff related to VPN connection crypto keys like the following with my FortiGate 80C: !set password ENC !set password ENC set private-key "-----BEGIN RSA PRIVATE KEY----- set private-key "-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FAEBFA3BD9D852E2 DEK-Info: DES-EDE3-CBC,C7650C0C4F6C6104 88melT42IuRmujhlBChB+P/EsRUYA4C5HDEspCCTkawDt5MsIoKIqkx+/afEGCKh 0xk8R9ypKFjgVZtIs+aZjwzotLjg4EHBMunqJUju7b1HJ9NQLCSuQTPom4Cx6sxE gfqtbliorSZN4hbaFr3TambNuOWy32M1rAsYRbmR4g2PW9k02yAktQQsBIWSciM9 5s9Ust2KISMSsMggDmLVDsSXfPFVSxdOoipMu1AklnhJDBGEwACSqycm2eNVAm4U fvYIqSDZO6e733S0iikFoya9n0mcEYZilBk46fOzSRdoPEiAuUtc4zCB/uvQLwrk BSt8jPkX1akEHvyCUBSzqaiG2NMmK5MQaZ4434S8VHEWt1RiWfbDzV3QrQZl4AcZ hJNSuC87AbE9iG0ohvYQgok/xLIPDYdbGLyYK0iBgLDd6qYIzwkINZ1hkNYfyKmx ex/XeQva24dzLFNxurLFYN7BQdUSCQpe3APpjMfjEfEtTKIt+YHf1fUd6jrmpjeX vnIzCTyZsTlgIXm6DRlVnFi7bDrUho5y/S9jQrdj2jEUrgZfVnULqfa9A7k145o/ DC/XrG3IfyDSmv0XdZWbFq1b3fuXuSJ2b8PqYkmho9DqU8eegfcxP3F5jiDKz087 ImBnn7zsKPfpQyc8IXPL+OWUwaCdIkaI8/QHCfJk6tZZfQ0YSfjjhVyeGUo8iB2 TsZIsw7ituk5BTqSHj6iy9HViJ/zLeevmEV6WEgcjD4Uz4UvGTyuws/tHJ3F/gH5 njlVCUWd/U8CGk64FuH311lNBSsWpUNWKBlPiCJfssUDRco1JIgn1Jl3jk3qe4kY sinmPC6EGkNLUwKhTdBRIQ0cLBOI25lpfI3dNLc3oRHmi6Spb7W0VUic3b5eRtuN z6q2e7lPc1FMM70ljRsq7sMhAXrAZNOe890MIzNtDqtMQJph3AiHPPXcWJhfxFym QpDyCfYGX7LYliSnxIBZ34G/YcbgUOJjGvcvhJMR8arVH3V09yS5jD2DTthY3dWI Gerhard, -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley Sent: December-07-11 5:39 PM To: Drikus Brits Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Fortigate rancid issues Mon, Nov 07, 2011 at 06:55:30AM +0000, Drikus Brits: > Hi all, > > I've recently added a couple of fortigates onto rancid , and seems to work without issues , however , every couple of hours I get some firewalls diffs with stupid changes it picks up somewhere. > > Example : > > > > set av-failopen pass > > - set av-failopen-session disable > > + set av-failopen-session disable > > set batch-cmdb enable > > > Or > > > > config system amc-slot > > - edit "sw1" > > + edit > > + "sw1" > > next > > > && > > Then the next hour : > > > end > > config system amc-slot > > - edit > > - "sw1" > > + edit "sw1" > > next > > end > > > > Any ideas what the problem might be as to why it picks up some commands as 2 lines , and then suddenly as 1 ? > > Thanks Could you try this patch? http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html and, a superset of that (from "Andy") is below. i'd like some confirmation if these work before committing the change. Index: bin/fnlogin.in =================================================================== --- bin/fnlogin.in (revision 2343) +++ bin/fnlogin.in (working copy) @@ -451,6 +451,10 @@ expect -re $prompt; send -- "end\r" expect -re $prompt; +# see http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html + # this is the only way i see to get rid of more prompts in o/p..grrrrr + log_user 0 + set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { @@ -459,10 +463,12 @@ -re "$prompt" { send "\r" sleep 0.5 } - -gl "--More--" { send " " + -gl "--More--\[^\n\r]*" { send " " exp_continue - -re "\[\n\r]+" { exp_continue } } + -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" + exp_continue + } } } expect { @@ -573,8 +579,12 @@ } } elseif { $do_script } { # Disable output paging. + send "config global\r" + expect -re $prompt {} send "config system console\r" + expect -re $prompt {} send "set output standard\r" + expect -re $prompt {} send "end\r" expect -re $prompt {} source $sfile _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " From GMourani at prival.ca Wed Dec 14 21:27:51 2011 From: GMourani at prival.ca (Gerhard Mourani) Date: Wed, 14 Dec 2011 16:27:51 -0500 Subject: [rancid] Fortigate rancid issues In-Reply-To: References: <6581768FDA03C94BB585650903B4F1EB056FDFC0@zamdc02101> <20111207223854.GA12782@shrubbery.net> <6581768FDA03C94BB585650903B4F1EB05736B1F@zamdc02101> Message-ID: Guys, Just to let you know that the provided patches worked for me with our FortiGate. Big thanks to you. Also since it`s working now, it should be interesting to improve it again and add support for FortiAnalyzer and FortiWeb too which are wildly used now. Regards, -----Original Message----- From: Gerhard Mourani Sent: December-12-11 10:32 AM To: 'Drikus Brits'; john heasley Cc: rancid-discuss at shrubbery.net Subject: RE: [rancid] Fortigate rancid issues Thanks, I've applied the changes and will let all know if this work for me too after some days. -----Original Message----- From: Drikus Brits [mailto:Drikus.Brits at vodacom.co.za] Sent: December-12-11 10:25 AM To: Gerhard Mourani; john heasley Cc: rancid-discuss at shrubbery.net Subject: RE: [rancid] Fortigate rancid issues HI, Hehe, the below won't fix the certificate that is changing the whole time, if you want to get rid of that you need to make the following changes : fnrancid @209,9 # -- http://www.shrubbery.net/pipermail/rancid-discuss/2011-February/005488.html # -- spot the start of an RSA private key $priv_key = 1 if(/^\s*set private-key "-----BEGIN RSA PRIVATE KEY-----/); # spot the end of an RSA private key $priv_key = 0 && next if(/^\s*-----END RSA PRIVATE KEY-----"/); next if($priv_key == 1); ## end of hack It works well. As for the patch from john & andy, it seems to be working, as I have not yet had some of those fortigate issues. I'd like to monitor till the end of the week before I'd say go ahead with the changes. d. -----Original Message----- From: Gerhard Mourani [mailto:GMourani at prival.ca] Sent: Monday, December 12, 2011 5:19 PM To: john heasley; Drikus Brits Cc: rancid-discuss at shrubbery.net Subject: RE: [rancid] Fortigate rancid issues Hello, Even with provided patch, I receive every day diff related to VPN connection crypto keys like the following with my FortiGate 80C: !set password ENC !set password ENC set private-key "-----BEGIN RSA PRIVATE KEY----- set private-key "-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FAEBFA3BD9D852E2 DEK-Info: DES-EDE3-CBC,C7650C0C4F6C6104 88melT42IuRmujhlBChB+P/EsRUYA4C5HDEspCCTkawDt5MsIoKIqkx+/afEGCKh 0xk8R9ypKFjgVZtIs+aZjwzotLjg4EHBMunqJUju7b1HJ9NQLCSuQTPom4Cx6sxE gfqtbliorSZN4hbaFr3TambNuOWy32M1rAsYRbmR4g2PW9k02yAktQQsBIWSciM9 5s9Ust2KISMSsMggDmLVDsSXfPFVSxdOoipMu1AklnhJDBGEwACSqycm2eNVAm4U fvYIqSDZO6e733S0iikFoya9n0mcEYZilBk46fOzSRdoPEiAuUtc4zCB/uvQLwrk BSt8jPkX1akEHvyCUBSzqaiG2NMmK5MQaZ4434S8VHEWt1RiWfbDzV3QrQZl4AcZ hJNSuC87AbE9iG0ohvYQgok/xLIPDYdbGLyYK0iBgLDd6qYIzwkINZ1hkNYfyKmx ex/XeQva24dzLFNxurLFYN7BQdUSCQpe3APpjMfjEfEtTKIt+YHf1fUd6jrmpjeX vnIzCTyZsTlgIXm6DRlVnFi7bDrUho5y/S9jQrdj2jEUrgZfVnULqfa9A7k145o/ DC/XrG3IfyDSmv0XdZWbFq1b3fuXuSJ2b8PqYkmho9DqU8eegfcxP3F5jiDKz087 ImBnn7zsKPfpQyc8IXPL+OWUwaCdIkaI8/QHCfJk6tZZfQ0YSfjjhVyeGUo8iB2 TsZIsw7ituk5BTqSHj6iy9HViJ/zLeevmEV6WEgcjD4Uz4UvGTyuws/tHJ3F/gH5 njlVCUWd/U8CGk64FuH311lNBSsWpUNWKBlPiCJfssUDRco1JIgn1Jl3jk3qe4kY sinmPC6EGkNLUwKhTdBRIQ0cLBOI25lpfI3dNLc3oRHmi6Spb7W0VUic3b5eRtuN z6q2e7lPc1FMM70ljRsq7sMhAXrAZNOe890MIzNtDqtMQJph3AiHPPXcWJhfxFym QpDyCfYGX7LYliSnxIBZ34G/YcbgUOJjGvcvhJMR8arVH3V09yS5jD2DTthY3dWI Gerhard, -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley Sent: December-07-11 5:39 PM To: Drikus Brits Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Fortigate rancid issues Mon, Nov 07, 2011 at 06:55:30AM +0000, Drikus Brits: > Hi all, > > I've recently added a couple of fortigates onto rancid , and seems to work without issues , however , every couple of hours I get some firewalls diffs with stupid changes it picks up somewhere. > > Example : > > > > set av-failopen pass > > - set av-failopen-session disable > > + set av-failopen-session disable > > set batch-cmdb enable > > > Or > > > > config system amc-slot > > - edit "sw1" > > + edit > > + "sw1" > > next > > > && > > Then the next hour : > > > end > > config system amc-slot > > - edit > > - "sw1" > > + edit "sw1" > > next > > end > > > > Any ideas what the problem might be as to why it picks up some commands as 2 lines , and then suddenly as 1 ? > > Thanks Could you try this patch? http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html and, a superset of that (from "Andy") is below. i'd like some confirmation if these work before committing the change. Index: bin/fnlogin.in =================================================================== --- bin/fnlogin.in (revision 2343) +++ bin/fnlogin.in (working copy) @@ -451,6 +451,10 @@ expect -re $prompt; send -- "end\r" expect -re $prompt; +# see http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html + # this is the only way i see to get rid of more prompts in o/p..grrrrr + log_user 0 + set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { @@ -459,10 +463,12 @@ -re "$prompt" { send "\r" sleep 0.5 } - -gl "--More--" { send " " + -gl "--More--\[^\n\r]*" { send " " exp_continue - -re "\[\n\r]+" { exp_continue } } + -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" + exp_continue + } } } expect { @@ -573,8 +579,12 @@ } } elseif { $do_script } { # Disable output paging. + send "config global\r" + expect -re $prompt {} send "config system console\r" + expect -re $prompt {} send "set output standard\r" + expect -re $prompt {} send "end\r" expect -re $prompt {} source $sfile _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " From m.erlich at pomona.fr Mon Dec 19 15:06:43 2011 From: m.erlich at pomona.fr (Michel ERLICH) Date: Mon, 19 Dec 2011 16:06:43 +0100 Subject: [rancid] Manual versionning Message-ID: An HTML attachment was scrubbed... URL: From m.erlich at pomona.fr Mon Dec 19 15:35:11 2011 From: m.erlich at pomona.fr (Michel ERLICH) Date: Mon, 19 Dec 2011 16:35:11 +0100 Subject: [rancid] Manual versionning In-Reply-To: <20111219101901.I1132@dust.noc.drexel.edu> References: , <20111219101901.I1132@dust.noc.drexel.edu> Message-ID: An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Image.1324308909996.gif Type: image/gif Size: 1829 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Image.1324308909997.gif Type: image/gif Size: 2408 bytes Desc: not available URL: From jethro.binks at strath.ac.uk Tue Dec 20 09:08:45 2011 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 20 Dec 2011 09:08:45 +0000 (GMT) Subject: [rancid] Manual versionning In-Reply-To: References: , <20111219101901.I1132@dust.noc.drexel.edu> Message-ID: On Mon, 19 Dec 2011, Michel ERLICH wrote: > It's not the real purpose of my question, but I'd say menu driven 3com > devices like > > -3Com SuperStack 3 Switch 4200- > > which display : > > Menu options: --------------3Com SuperStack 3 Switch 4200--------------- > ?bridge???????????? - Administer bridge-wide parameters > ?gettingStarted???? - Basic device configuration > ?logout???????????? - Logout of the Command Line Interface > ?physicalInterface? - Administer physical interfaces > ?protocol?????????? - Administer protocols > ?security?????????? - Administer security > ?system???????????? - Administer system-level functions > ?trafficManagement? - Administer traffic management > > Type? ? for help > > Actually, I already backed up the configuration file, and I just want > CVS to "treat" it like if it was coming from a Cisco switch, (look up if > it is different from the previous version, display it on CvsWeb, etc.) ? wraprancid might be helpful: http://sites.google.com/site/jrbinks/code/rancid/wraprancid (note: while I modified Michael Stefaniuc's original wrancid, I don't actually use wraprancid day to day :). Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From phalenor at gmail.com Wed Dec 21 21:37:10 2011 From: phalenor at gmail.com (Andy Cobaugh) Date: Wed, 21 Dec 2011 16:37:10 -0500 (EST) Subject: [rancid] Problem with hpuifilter on RHEL6 and glibc-2.12-1.47.el6.x86_64 Message-ID: Hey folks. We recently saw a problem crop up with hpuifilter on RHEL6 (well, Scientific Linux 6.1) when glibc/glibc-common got updated. We're running RANCID 2.3.6 with git extensions. The problem only happens with HP switches, so I'm thinking this is a problem in hpuifilter somewhere, but maybe it's in tcl/expect/ssh. The problem exists with glibc-2.12-1.47.el6.x86_64, but not with glibc-2.12-1.25.el6.x86_64, which came from 6.1 FCS. I'm not sure what version we were running before the update. The diff outputs we're seeing look something like this: -aaa port-access authenticator 8 client-limit 1 -aaa port-access authenticator 9 quiet-period 30 +aaa port-access authenticator 8 client-laaa poaaa port-access authenticator 9 quiet-period 30 -;Image: stamp: /sw/code/build/cod(cod11) +;Image: ^[[24magemage stamp: /sw/code/build/cod(cod11) -ip default-gatew.1.1 -sntp sesntp server 128.118.25.3 +ip default-gateway 10.1.1.1 +sntp server 128.118.25.3 It's completely random which switches show this behavior, but all of them tend to flip-flop between ok and not ok, and we have enough switches that we get an email every time RANCID runs. I'm not sure where else to look. Open to suggestions. --andy From heas at shrubbery.net Fri Dec 23 19:46:35 2011 From: heas at shrubbery.net (heasley) Date: Fri, 23 Dec 2011 19:46:35 +0000 Subject: [rancid] Problem with hpuifilter on RHEL6 and glibc-2.12-1.47.el6.x86_64 In-Reply-To: References: Message-ID: <20111223194635.GQ54677@shrubbery.net> Wed, Dec 21, 2011 at 04:37:10PM -0500, Andy Cobaugh: > > Hey folks. > > We recently saw a problem crop up with hpuifilter on RHEL6 (well, > Scientific Linux 6.1) when glibc/glibc-common got updated. > > We're running RANCID 2.3.6 with git extensions. The problem only happens > with HP switches, so I'm thinking this is a problem in hpuifilter > somewhere, but maybe it's in tcl/expect/ssh. > > The problem exists with glibc-2.12-1.47.el6.x86_64, but not with > glibc-2.12-1.25.el6.x86_64, which came from 6.1 FCS. I'm not sure what > version we were running before the update. > > The diff outputs we're seeing look something like this: > > -aaa port-access authenticator 8 client-limit 1 > -aaa port-access authenticator 9 quiet-period 30 > +aaa port-access authenticator 8 client-laaa poaaa port-access authenticator 9 quiet-period 30 > > -;Image: stamp: /sw/code/build/cod(cod11) > +;Image: ^[[24magemage stamp: /sw/code/build/cod(cod11) > > -ip default-gatew.1.1 > -sntp sesntp server 128.118.25.3 > +ip default-gateway 10.1.1.1 > +sntp server 128.118.25.3 > > > It's completely random which switches show this behavior, but all of them > tend to flip-flop between ok and not ok, and we have enough switches that > we get an email every time RANCID runs. > > I'm not sure where else to look. Open to suggestions. are you sure that your have rancid 2.3.6? hpuifilter had been patched to avoid some internationalized string functions which didnt like the 8 bit chars of the screen handling codes. perhaps something else has contracted this disease, but first please check that you really have 2.3.6. From phalenor at gmail.com Fri Dec 23 19:54:33 2011 From: phalenor at gmail.com (Andy Cobaugh) Date: Fri, 23 Dec 2011 14:54:33 -0500 (EST) Subject: [rancid] Problem with hpuifilter on RHEL6 and glibc-2.12-1.47.el6.x86_64 In-Reply-To: <20111223194635.GQ54677@shrubbery.net> References: <20111223194635.GQ54677@shrubbery.net> Message-ID: On 2011-12-23 at 19:46, heasley ( heas at shrubbery.net ) said: > > are you sure that your have rancid 2.3.6? hpuifilter had been patched to > avoid some internationalized string functions which didnt like the 8 bit > chars of the screen handling codes. perhaps something else has contracted > this disease, but first please check that you really have 2.3.6. That's what I thought at first, and we were running 2.3.3 before, so I upgraded to 2.3.6 and saw the same behavior. And indeed, we are running 2.3.6 in production: $ /afs/bx.psu.edu/service/rancid/prod/bin/hpuifilter -v hpuifilter: rancid version 2.3.6 $ /afs/bx.psu.edu/service/rancid/prod/bin/rancid-run -V rancid 2.3.6 --andy