[rancid] Need some Help - F5's in RANCID

Krzysztof Zygmunt krzysztof.zygmunt at gmail.com
Fri Jun 24 06:13:20 UTC 2011 

Hi,

I'm asking because I wanted to get bigips configs using rancid but not
giving him (rancid) privileges to do everything (root account).

There are some ways we can try:
- login and jump directly to bigpipe shell (we can not dowload certain
files then)
- login and jump directly to tmsh (the same as above)
- login and get root privileges but to limit what rancid script can do
(use sudo)

and what sudo is,   eg.:
http://linux.about.com/od/commands/l/blcmdl8_sudo.htm

On Thu, Jun 23, 2011 at 9:12 AM, Krzysztof Zygmunt
<krzysztof.zygmunt at gmail.com> wrote:
> Hi,
>
> Kind of off topic but ...
>
> Is there any way to make rancid work (getting configs from bigips
> using "sudo") ?
> That'd be great !
>
> 2011/6/22 Eric Jagaeus <eric at rebtel.com>:
>>> Chris,
>>
>>>
>>
>>> You're doing anything wrong.  You'll probably find that you can
>>> 'rancid-run -r <dev name>' and have it backup properly.  I would recommend
>>> getting a good backup of the keys once and then comment out the lines in the
>>> command table.
>>
>>
>>
>> why?  what is special about the keys?
>>
>>
>>
>>> -ryan
>>
>>>
>>
>>> -----Original Message-----
>>
>>> From: rancid-discuss-bounces at shrubbery.net
>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Moody
>>
>>> Sent: Monday, January 31, 2011 3:29 PM
>>
>>> To: rancid-discuss at shrubbery.net
>>
>>> Subject: [rancid] Need some Help - F5's in RANCID
>>
>>>
>>
>>> I need a second set of eyes to help me figure out what I'm missing or
>>> doing wrong.
>>
>>>
>>
>>> I have a number of F5 LTM Load-Balancers that I'm trying to back up with
>>
>>> RANCID.    The trouble I'm running into is that they were backing up
>>
>>> fine for a short while, but have recently stopped backing up and continue
>>> showing the following in the logs:
>>
>>> =====================================
>>
>>> Getting missed routers: round 4.
>>
>>> xxxx.yyyy.com: missed cmd(s): ls --full-time --color=never
>>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>>
>>> zzzz.yyyy.com: missed cmd(s): ls --full-time --color=never
>>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>>
>>>
>>
>>> I've been debugging and have verified the following:
>>
>>> - I have valid and functioning credentials in the .cloginrc file
>>
>>> - I have the devices listed in a 'load-balancer' group's router.db file
>>> with the keyword 'f5' and the flag 'up'
>>
>>> - I have tested the login via clogin  - works fine
>>
>>>     (I have run clogin with the '-c' command list that f5rancid
>>> issues...and everything works fine)
>>
>>> - I have run f5rancid in debug mode - works fine
>>
>>>     (when I run this I see that all the commands run and see a "HIT
>>> COMMAND" next to every command issued)
>>
>>>
>>
>>> I am running version '2.3.2' (I have plans to upgrade to '2.3.6' soon)
>>
>>>
>>
>>> Anyone run into this kind of behavior with F5's?
>>
>>>
>>
>>> Any insights, hints, comments or criticisms welcome.
>>
>>> -Chris
>>
>>
>>
>> Hi Chris,
>>
>>
>>
>> Got exactly the same issue when we deployed some new F5's running 10.x
>>
>>
>>
>> What version of Big-IP are you running? Got these errors with BIG-IP 10.2.1
>> Build 297.0 Final but not in 9.x.
>>
>>
>>
>> Removing the commands from f5rancid solved it, but I'd like to know why it
>> fails.
>>
>>
>>
>> --- /usr/libexec/rancid/f5rancid        2011-06-22 12:11:48.000000000 +0000
>>
>> +++ /usr/libexec/rancid/f5rancid.org    2011-06-22 11:58:27.000000000 +0000
>>
>> @@ -524,8 +524,8 @@
>>
>>         {'bigpipe base list'            => 'ShowBaseRun'},
>>
>>         {'bigpipe db show'              => 'ShowDb'},
>>
>>         {'bigpipe route static show'    => 'ShowRouteStatic'},
>>
>> -       #{'ls --full-time --color=never /config/ssl/ssl.crt' =>
>> 'ShowSslCrt'},
>>
>> -       #{'ls --full-time --color=never /config/ssl/ssl.key' =>
>> 'ShowSslKey'},
>>
>> +       {'ls --full-time --color=never /config/ssl/ssl.crt' =>
>> 'ShowSslCrt'},
>>
>> +       {'ls --full-time --color=never /config/ssl/ssl.key' =>
>> 'ShowSslKey'},
>>
>>         {'bigpipe list'                 => 'WriteTerm'}
>>
>> );
>>
>>
>>
>>
>>
>>
>>
>> Eric Jagaeus
>> Rebtel Networks AB
>> Augustendalsvägen 19, 7th floor
>> Box 1182
>> 131 27 Nacka Strand
>> Sweden
>> Mobile:   +46 70 7885989
>> eric.jagaeus at rebtel.com
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>

More information about the Rancid-discuss mailing list