[rancid] issue with bigip rancid diff

heasley heas at shrubbery.net
Sat Dec 1 17:34:11 UTC 2012


Fri, Nov 30, 2012 at 09:38:33AM +0000, Shaun Krok:
> Hi there
> 
> Thanks for your reply.
> 
> The command on the F5 using tmsh is :
> 
> I am guessing and have not confirmed but I should just hash this command out of the F5rancid script ?
> 
> Thanks
> 
> Shaun
> 
> 
> (tmos)# list sys snmp users
> sys snmp {
>     users {
>         iENM_F5_SNMP_1 {
>             auth-password-encrypted "TI1P at K@kT::OA3<[Eik_\?_OIYSb=N7:_<c\\]2R4[\?Ck_A:m"
>             auth-protocol sha
>             oid-subset .1
>             privacy-password-encrypted "EX\\AHd:HY_QV/H2]a_Y,HS\\RH:=2g5A<TbP<>VGd>16^V9F"
>             privacy-protocol des
>             security-level auth-privacy
>             username ENM_F5_SNMP

it does not use that command; it uses these:

        {'bigpipe version'              => 'ShowVersion'}, 
        {'bigpipe platform'             => 'ShowPlatform'},
        {'cat /config/bigip.license'    => 'ShowLicense'},
        {'bigpipe monitor list all'     => 'ShowMonitor'}, 
        {'bigpipe profile list'         => 'ShowProfile'},
        {'bigpipe base list'            => 'ShowBaseRun'},
        {'bigpipe db show'              => 'ShowDb'},
        {'bigpipe route static show'    => 'ShowRouteStatic'},
        {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
        {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
        {'bigpipe list'                 => 'WriteTerm'}

> -----Original Message-----
> From: heasley [mailto:heas at shrubbery.net] 
> Sent: Friday, November 30, 2012 12:20 AM
> To: Shaun Krok
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] issue with bigip rancid diff
> 
> Thu, Nov 29, 2012 at 09:20:53AM +0000, Shaun Krok:
> > Hi there
> > 
> > Please could I ask if someone has some input as to how fix/stop the following issue.
> > Rancid and BIGIP boxes using tmsh F5 rancid script are working 100%
> > 
> > But the problem is that the cron which runs every hour is generating an email that shows the following :
> > The same is generated for every F5 device in that is being monitored by Rancid.
> > It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this.
> > 
> > Any help would be much appreciated ???
> 
> you would need to add a filter to the script.  i'm fairly ignorant of the F5; in the output of which command does this appear?
> 
> > 
> > // snip of email diff 
> > **********************************************************************
> > *******************
> > 
> >           iENM_F5_SNMP_1 {
> > 
> > -             auth-password-encrypted ";ZdCaD>7S2YO,J6I\\C<dSO;HMSK<,4uDl4AHPXXhcb8Ta>p"
> > 
> > +             auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a"
> > 
> >               auth-protocol sha
> > 
> >               oid-subset .1
> > 
> > -             privacy-password-encrypted @fG9HR]i^K4YOVM<g:jTAKFBWN1b,7_RA*mFq_5lg\\P2Z9h
> > 
> > +             privacy-password-encrypted "P;`P9[6`e1iD\\[>UbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o"
> > 
> >               privacy-protocol des
> > 
> >               security-level auth-privacy
> > 
> >               username ENM_F5_SNMP
> > 
> > 
> > Shaun Krok
> > IBM Networking and Security Department
> > 
> > [Description: cid:image001.png at 01CD8508.B733CBB0]
> > 13 Ha'amal St., P.O.Box 11793
> > Afek Industrial Park, Rosh-Ha'ayin 48092 Israel Office 
> > +972-73-790-2791 Mobile +972-54-2030399
> > 
> > 
> > 
> > 
> > 
> 
> 
> 
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 
> 


More information about the Rancid-discuss mailing list