From michael at maymann.org Mon Jan 9 10:31:58 2012 From: michael at maymann.org (Michael Maymann) Date: Mon, 9 Jan 2012 11:31:58 +0100 Subject: [rancid] SSH public-keys Message-ID: Hi List, We have a setup where we have destributed 4096 bit RSA public-keys to all our equipment from a network-user for optimanl security. Our equipment is already in a DB and we have a scripting environment that figures out the vendor/model/type for us already. 1. Can I use rancid without using .cloginrc (e.g. directly from commandline) - how... ? 2. Alternatively, can I configure .cloginrc with ssh-keysharing - how... ? We will need to connect to HP ProCurve (hlogin) and Cisco (clogin)... Thanks in advance :-) ! ~maymann -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at maymann.org Mon Jan 9 14:14:50 2012 From: michael at maymann.org (Michael Maymann) Date: Mon, 9 Jan 2012 15:14:50 +0100 Subject: [rancid] SSH public-keys In-Reply-To: References: Message-ID: hlogin -w -c "sh ver" : --- spawn hpuifilter -- ssh -c 3des -x -l We'd like to keep you up to date about: * Software feature updates * New product announcements * Special events Please register your products now at: www.ProCurve.com ProCurve J8697A Switch 5406zl Software revision K.15.02.0005 Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continue# --- Just "hangs" there... ssh @: --- We'd like to keep you up to date about: * Software feature updates * New product announcements * Special events Please register your products now at: www.ProCurve.com ProCurve J8697A Switch 5406zl Software revision K.15.02.0005 Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continue # sh ver Image stamp: /sw/code/build/btm(K_15_02) Oct 20 2010 16:19:41 K.15.02.0005 121 Boot Image: Primary # logout Do you want to log out [y/n]? y Connection to closed. --- So SSH is working fine... I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in 2251 2010-10-01 19:26:36Z heas $ Could there be a problem with HP Procurve 5406zl hlogin script somewhere... or can someone actually confirm this to be working on their 5406zl ? Furthermore, I would like to run hlogin+clogin wihout having to configure anything inside .cloginrc... is this possible somehow ? Thanks in advance... :-) ! ~maymann 2012/1/9 Michael Maymann > Hi List, > > We have a setup where we have destributed 4096 bit RSA public-keys to all > our equipment from a network-user for optimanl security. > Our equipment is already in a DB and we have a scripting environment that > figures out the vendor/model/type for us already. > 1. Can I use rancid without using .cloginrc (e.g. directly from > commandline) - how... ? > 2. Alternatively, can I configure .cloginrc with ssh-keysharing - how... ? > > We will need to connect to HP ProCurve (hlogin) and Cisco (clogin)... > > > Thanks in advance :-) ! > > ~maymann > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at maymann.org Tue Jan 10 08:17:31 2012 From: michael at maymann.org (Michael Maymann) Date: Tue, 10 Jan 2012 09:17:31 +0100 Subject: [rancid] SSH public-keys In-Reply-To: References: Message-ID: I'm running on rhel-5u7-x64. Anyone...? Thanks in advance :-) ~maymann 2012/1/9 Michael Maymann > hlogin -w -c "sh ver" : > --- > > spawn hpuifilter -- ssh -c 3des -x -l > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > > Please register your products now at: www.ProCurve.com > > > ProCurve J8697A Switch 5406zl > Software revision K.15.02.0005 > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to > restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data > and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > > Press any key to continue# > --- > Just "hangs" there... > > > ssh @: > --- > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > > Please register your products now at: www.ProCurve.com > ProCurve J8697A Switch 5406zl > Software revision K.15.02.0005 > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to > restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data > and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > Press any key to continue > # sh ver > Image stamp: /sw/code/build/btm(K_15_02) > Oct 20 2010 16:19:41 > K.15.02.0005 > 121 > Boot Image: Primary > # logout > Do you want to log out [y/n]? y > Connection to closed. > --- > So SSH is working fine... > I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in 2251 2010-10-01 > 19:26:36Z heas $ > Could there be a problem with HP Procurve 5406zl hlogin script > somewhere... or can someone actually confirm this to be working on their > 5406zl ? > > Furthermore, I would like to run hlogin+clogin wihout having to configure > anything inside .cloginrc... is this possible somehow ? > > > Thanks in advance... :-) ! > ~maymann > > > 2012/1/9 Michael Maymann > >> Hi List, >> >> We have a setup where we have destributed 4096 bit RSA public-keys to all >> our equipment from a network-user for optimanl security. >> Our equipment is already in a DB and we have a scripting environment that >> figures out the vendor/model/type for us already. >> 1. Can I use rancid without using .cloginrc (e.g. directly from >> commandline) - how... ? >> 2. Alternatively, can I configure .cloginrc with ssh-keysharing - how... ? >> >> We will need to connect to HP ProCurve (hlogin) and Cisco (clogin)... >> >> >> Thanks in advance :-) ! >> >> ~maymann >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tyler at tolaris.com Tue Jan 10 09:26:02 2012 From: tyler at tolaris.com (Tyler J. Wagner) Date: Tue, 10 Jan 2012 09:26:02 +0000 Subject: [rancid] SSH public-keys In-Reply-To: References: Message-ID: <4F0C042A.8080008@tolaris.com> Michael, I've not tried using clogin/hlogin with SSH keys, but I know a great deal about SSH. Assuming that clogin will use a key if present (a big if): 1. Can you login with the SSH key using ssh as the root user? 2. Can you login with the SSH key using clogin as the root user? 3. What about as the rancid user? Regards, Tyler On 2012-01-10 08:17, Michael Maymann wrote: > I'm running on rhel-5u7-x64. > Anyone...? > > > Thanks in advance :-) > ~maymann > > 2012/1/9 Michael Maymann > > > hlogin -w -c "sh ver" : > --- > > spawn hpuifilter -- ssh -c 3des -x -l > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > > Please register your products now at: www.ProCurve.com > > > > ProCurve J8697A Switch 5406zl > Software revision K.15.02.0005 > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to > restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical > Data and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > > Press any key to continue# > --- > Just "hangs" there... > > > ssh @: > --- > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > > Please register your products now at: www.ProCurve.com > > ProCurve J8697A Switch 5406zl > Software revision K.15.02.0005 > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to > restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical > Data and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > Press any key to continue > # sh ver > Image stamp: /sw/code/build/btm(K_15_02) > Oct 20 2010 16:19:41 > K.15.02.0005 > 121 > Boot Image: Primary > # logout > Do you want to log out [y/n]? y > Connection to closed. > --- > So SSH is working fine... > I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in > 2251 2010-10-01 19:26:36Z heas $ > Could there be a problem with HP Procurve 5406zl hlogin script > somewhere... or can someone actually confirm this to be working on > their 5406zl ? > > Furthermore, I would like to run hlogin+clogin wihout having to > configure anything inside .cloginrc... is this possible somehow ? > > > Thanks in advance... :-) ! > ~maymann > > > 2012/1/9 Michael Maymann > > > Hi List, > > We have a setup where we have destributed 4096 bit RSA public-keys > to all our equipment from a network-user for optimanl security. > Our equipment is already in a DB and we have a scripting > environment that figures out the vendor/model/type for us already. > 1. Can I use rancid without using .cloginrc (e.g. directly from > commandline) - how... ? > 2. Alternatively, can I configure .cloginrc with ssh-keysharing - > how... ? > > We will need to connect to HP ProCurve (hlogin) and Cisco (clogin)... > > > Thanks in advance :-) ! > > ~maymann > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- "[...] we are not attacking the corporations, but endeavoring to do away with any evil in them. We are not hostile to them; we are merely determined that they shall be so handled as to subserve the public good. We draw the line against misconduct, not against wealth." -- Theodore Roosevelt From michael at maymann.org Tue Jan 10 13:11:54 2012 From: michael at maymann.org (Michael Maymann) Date: Tue, 10 Jan 2012 14:11:54 +0100 Subject: [rancid] SSH public-keys In-Reply-To: <4F0C042A.8080008@tolaris.com> References: <4F0C042A.8080008@tolaris.com> Message-ID: Hi Tyler, Thanks for your reply...:-) ! Same thing happens as for my network user...: 1. yes 2. no (clogin/hlogin requires a .cloginrc file with username/password to run) - and my best bet is that this is what it uses currently... so no ssh-keys using clogin/hlogin (from wither network user, root, rancid...). Furthermore prompt is also "hanging" and it doesn't parse the -c "sh ver" that works fine from normal ssh... 3. same as network user/root So key-sharing is working fine... but don't know how to utilize it/bypass .cloginrc in rancid... Just hoping that there is a way... - would'nt like to manually edit scripts every time i update Rancid... and I don't know expect that well either...:-) ! Thanks in advance :-) ! ~maymann 2012/1/10 Tyler J. Wagner > Michael, > > I've not tried using clogin/hlogin with SSH keys, but I know a great deal > about SSH. Assuming that clogin will use a key if present (a big if): > > 1. Can you login with the SSH key using ssh as the root user? > 2. Can you login with the SSH key using clogin as the root user? > 3. What about as the rancid user? > > Regards, > Tyler > > On 2012-01-10 08:17, Michael Maymann wrote: > > I'm running on rhel-5u7-x64. > > Anyone...? > > > > > > Thanks in advance :-) > > ~maymann > > > > 2012/1/9 Michael Maymann michael at maymann.org>> > > > > hlogin -w -c "sh ver" : > > --- > > > > spawn hpuifilter -- ssh -c 3des -x -l > > We'd like to keep you up to date about: > > * Software feature updates > > * New product announcements > > * Special events > > > > Please register your products now at: www.ProCurve.com > > > > > > > > ProCurve J8697A Switch 5406zl > > Software revision K.15.02.0005 > > > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > > > RESTRICTED RIGHTS LEGEND > > > > Use, duplication, or disclosure by the Government is subject to > > restrictions > > as set forth in subdivision (b) (3) (ii) of the Rights in Technical > > Data and > > Computer Software clause at 52.227-7013. > > > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA > 94303 > > > > Press any key to continue# > > --- > > Just "hangs" there... > > > > > > ssh @: > > --- > > We'd like to keep you up to date about: > > * Software feature updates > > * New product announcements > > * Special events > > > > Please register your products now at: www.ProCurve.com > > > > ProCurve J8697A Switch 5406zl > > Software revision K.15.02.0005 > > > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > > > RESTRICTED RIGHTS LEGEND > > > > Use, duplication, or disclosure by the Government is subject to > > restrictions > > as set forth in subdivision (b) (3) (ii) of the Rights in Technical > > Data and > > Computer Software clause at 52.227-7013. > > > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA > 94303 > > Press any key to continue > > # sh ver > > Image stamp: /sw/code/build/btm(K_15_02) > > Oct 20 2010 16:19:41 > > K.15.02.0005 > > 121 > > Boot Image: Primary > > # logout > > Do you want to log out [y/n]? y > > Connection to closed. > > --- > > So SSH is working fine... > > I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in > > 2251 2010-10-01 19:26:36Z heas $ > > Could there be a problem with HP Procurve 5406zl hlogin script > > somewhere... or can someone actually confirm this to be working on > > their 5406zl ? > > > > Furthermore, I would like to run hlogin+clogin wihout having to > > configure anything inside .cloginrc... is this possible somehow ? > > > > > > Thanks in advance... :-) ! > > ~maymann > > > > > > 2012/1/9 Michael Maymann michael at maymann.org>> > > > > Hi List, > > > > We have a setup where we have destributed 4096 bit RSA > public-keys > > to all our equipment from a network-user for optimanl security. > > Our equipment is already in a DB and we have a scripting > > environment that figures out the vendor/model/type for us > already. > > 1. Can I use rancid without using .cloginrc (e.g. directly from > > commandline) - how... ? > > 2. Alternatively, can I configure .cloginrc with ssh-keysharing - > > how... ? > > > > We will need to connect to HP ProCurve (hlogin) and Cisco > (clogin)... > > > > > > Thanks in advance :-) ! > > > > ~maymann > > > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- > "[...] we are not attacking the corporations, but endeavoring to do > away with any evil in them. We are not hostile to them; we are merely > determined that they shall be so handled as to subserve the public > good. We draw the line against misconduct, not against wealth." > -- Theodore Roosevelt > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at maymann.org Tue Jan 10 13:18:51 2012 From: michael at maymann.org (Michael Maymann) Date: Tue, 10 Jan 2012 14:18:51 +0100 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> Message-ID: Hi again..., guess this guy was having same problem... no solution though...yet...:-) http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005263.html Thanks in advance :-) ! ~maymann 2012/1/10 Michael Maymann > Hi Tyler, > > Thanks for your reply...:-) ! > > Same thing happens as for my network user...: > 1. yes > 2. no (clogin/hlogin requires a .cloginrc file with username/password to > run) - and my best bet is that this is what it uses currently... so no > ssh-keys using clogin/hlogin (from wither network user, root, rancid...). > Furthermore prompt is also "hanging" and it doesn't parse the -c "sh ver" > that works fine from normal ssh... > 3. same as network user/root > > So key-sharing is working fine... but don't know how to utilize it/bypass > .cloginrc in rancid... > Just hoping that there is a way... - would'nt like to manually edit > scripts every time i update Rancid... and I don't know expect that well > either...:-) ! > > Thanks in advance :-) ! > ~maymann > > 2012/1/10 Tyler J. Wagner > >> Michael, >> >> >> I've not tried using clogin/hlogin with SSH keys, but I know a great deal >> about SSH. Assuming that clogin will use a key if present (a big if): >> >> 1. Can you login with the SSH key using ssh as the root user? >> 2. Can you login with the SSH key using clogin as the root user? >> 3. What about as the rancid user? >> >> Regards, >> Tyler >> >> On 2012-01-10 08:17, Michael Maymann wrote: >> > I'm running on rhel-5u7-x64. >> > Anyone...? >> > >> > >> > Thanks in advance :-) >> > ~maymann >> > >> > 2012/1/9 Michael Maymann > michael at maymann.org>> >> > >> > hlogin -w -c "sh ver" : >> > --- >> > >> > spawn hpuifilter -- ssh -c 3des -x -l >> > We'd like to keep you up to date about: >> > * Software feature updates >> > * New product announcements >> > * Special events >> > >> > Please register your products now at: www.ProCurve.com >> > >> > >> > >> > ProCurve J8697A Switch 5406zl >> > Software revision K.15.02.0005 >> > >> > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. >> > >> > RESTRICTED RIGHTS LEGEND >> > >> > Use, duplication, or disclosure by the Government is subject to >> > restrictions >> > as set forth in subdivision (b) (3) (ii) of the Rights in Technical >> > Data and >> > Computer Software clause at 52.227-7013. >> > >> > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA >> 94303 >> > >> > Press any key to continue# >> > --- >> > Just "hangs" there... >> > >> > >> > ssh @: >> > --- >> > We'd like to keep you up to date about: >> > * Software feature updates >> > * New product announcements >> > * Special events >> > >> > Please register your products now at: www.ProCurve.com >> > >> > ProCurve J8697A Switch 5406zl >> > Software revision K.15.02.0005 >> > >> > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. >> > >> > RESTRICTED RIGHTS LEGEND >> > >> > Use, duplication, or disclosure by the Government is subject to >> > restrictions >> > as set forth in subdivision (b) (3) (ii) of the Rights in Technical >> > Data and >> > Computer Software clause at 52.227-7013. >> > >> > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA >> 94303 >> > Press any key to continue >> > # sh ver >> > Image stamp: /sw/code/build/btm(K_15_02) >> > Oct 20 2010 16:19:41 >> > K.15.02.0005 >> > 121 >> > Boot Image: Primary >> > # logout >> > Do you want to log out [y/n]? y >> > Connection to closed. >> > --- >> > So SSH is working fine... >> > I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in > > >> > 2251 2010-10-01 19:26:36Z heas $ >> > Could there be a problem with HP Procurve 5406zl hlogin script >> > somewhere... or can someone actually confirm this to be working on >> > their 5406zl ? >> > >> > Furthermore, I would like to run hlogin+clogin wihout having to >> > configure anything inside .cloginrc... is this possible somehow ? >> > >> > >> > Thanks in advance... :-) ! >> > ~maymann >> > >> > >> > 2012/1/9 Michael Maymann > michael at maymann.org>> >> > >> > Hi List, >> > >> > We have a setup where we have destributed 4096 bit RSA >> public-keys >> > to all our equipment from a network-user for optimanl security. >> > Our equipment is already in a DB and we have a scripting >> > environment that figures out the vendor/model/type for us >> already. >> > 1. Can I use rancid without using .cloginrc (e.g. directly from >> > commandline) - how... ? >> > 2. Alternatively, can I configure .cloginrc with ssh-keysharing >> - >> > how... ? >> > >> > We will need to connect to HP ProCurve (hlogin) and Cisco >> (clogin)... >> > >> > >> > Thanks in advance :-) ! >> > >> > ~maymann >> > >> > >> > >> > >> > >> > _______________________________________________ >> > Rancid-discuss mailing list >> > Rancid-discuss at shrubbery.net >> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> -- >> "[...] we are not attacking the corporations, but endeavoring to do >> away with any evil in them. We are not hostile to them; we are merely >> determined that they shall be so handled as to subserve the public >> good. We draw the line against misconduct, not against wealth." >> -- Theodore Roosevelt >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tyler at tolaris.com Tue Jan 10 13:29:57 2012 From: tyler at tolaris.com (Tyler J. Wagner) Date: Tue, 10 Jan 2012 13:29:57 +0000 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> Message-ID: <4F0C3D55.1000801@tolaris.com> Reading /usr/lib/rancid/bin/clogin, I don't see any intelligence for using SSH keys. Sorry, if you want that, you'll have to add it. Patches would no doubt be welcome. Tyler On 2012-01-10 13:11, Michael Maymann wrote: > Hi Tyler, > > Thanks for your reply...:-) ! > > Same thing happens as for my network user...: > 1. yes > 2. no (clogin/hlogin requires a .cloginrc file with username/password to > run) - and my best bet is that this is what it uses currently... so no > ssh-keys using clogin/hlogin (from wither network user, root, rancid...). > Furthermore prompt is also "hanging" and it doesn't parse the -c "sh ver" > that works fine from normal ssh... > 3. same as network user/root > > So key-sharing is working fine... but don't know how to utilize it/bypass > .cloginrc in rancid... > Just hoping that there is a way... - would'nt like to manually edit scripts > every time i update Rancid... and I don't know expect that well either...:-) ! > > Thanks in advance :-) ! > ~maymann > > 2012/1/10 Tyler J. Wagner > > > Michael, > > I've not tried using clogin/hlogin with SSH keys, but I know a great deal > about SSH. Assuming that clogin will use a key if present (a big if): > > 1. Can you login with the SSH key using ssh as the root user? > 2. Can you login with the SSH key using clogin as the root user? > 3. What about as the rancid user? > > Regards, > Tyler > > On 2012-01-10 08 :17, Michael Maymann wrote: > > I'm running on rhel-5u7-x64. > > Anyone...? > > > > > > Thanks in advance :-) > > ~maymann > > > > 2012/1/9 Michael Maymann >> > > > > hlogin -w -c "sh ver" : > > --- > > > > spawn hpuifilter -- ssh -c 3des -x -l > > We'd like to keep you up to date about: > > * Software feature updates > > * New product announcements > > * Special events > > > > Please register your products now at: www.ProCurve.com > > > > > > > > > ProCurve J8697A Switch 5406zl > > Software revision K.15.02.0005 > > > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > > > RESTRICTED RIGHTS LEGEND > > > > Use, duplication, or disclosure by the Government is subject to > > restrictions > > as set forth in subdivision (b) (3) (ii) of the Rights in Technical > > Data and > > Computer Software clause at 52.227-7013. > > > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA > 94303 > > > > Press any key to continue# > > --- > > Just "hangs" there... > > > > > > ssh @: > > --- > > We'd like to keep you up to date about: > > * Software feature updates > > * New product announcements > > * Special events > > > > Please register your products now at: www.ProCurve.com > > > > > ProCurve J8697A Switch 5406zl > > Software revision K.15.02.0005 > > > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > > > RESTRICTED RIGHTS LEGEND > > > > Use, duplication, or disclosure by the Government is subject to > > restrictions > > as set forth in subdivision (b) (3) (ii) of the Rights in Technical > > Data and > > Computer Software clause at 52.227-7013. > > > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA > 94303 > > Press any key to continue > > # sh ver > > Image stamp: /sw/code/build/btm(K_15_02) > > Oct 20 2010 16:19:41 > > K.15.02.0005 > > 121 > > Boot Image: Primary > > # logout > > Do you want to log out [y/n]? y > > Connection to closed. > > --- > > So SSH is working fine... > > I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in > > > 2251 2010-10-01 19:26:36Z heas $ > > Could there be a problem with HP Procurve 5406zl hlogin script > > somewhere... or can someone actually confirm this to be working on > > their 5406zl ? > > > > Furthermore, I would like to run hlogin+clogin wihout having to > > configure anything inside .cloginrc... is this possible somehow ? > > > > > > Thanks in advance... :-) ! > > ~maymann > > > > > > 2012/1/9 Michael Maymann >> > > > > Hi List, > > > > We have a setup where we have destributed 4096 bit RSA > public-keys > > to all our equipment from a network-user for optimanl security. > > Our equipment is already in a DB and we have a scripting > > environment that figures out the vendor/model/type for us > already. > > 1. Can I use rancid without using .cloginrc (e.g. directly from > > commandline) - how... ? > > 2. Alternatively, can I configure .cloginrc with ssh-keysharing - > > how... ? > > > > We will need to connect to HP ProCurve (hlogin) and Cisco > (clogin)... > > > > > > Thanks in advance :-) ! > > > > ~maymann > > > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- > "[...] we are not attacking the corporations, but endeavoring to do > away with any evil in them. We are not hostile to them; we are merely > determined that they shall be so handled as to subserve the public > good. We draw the line against misconduct, not against wealth." > -- Theodore Roosevelt > > -- "I respect you too much to respect your ridiculous ideas." -- Johann Hari From michael at maymann.org Tue Jan 10 13:33:22 2012 From: michael at maymann.org (Michael Maymann) Date: Tue, 10 Jan 2012 14:33:22 +0100 Subject: [rancid] SSH public-keys In-Reply-To: <4F0C3D55.1000801@tolaris.com> References: <4F0C042A.8080008@tolaris.com> <4F0C3D55.1000801@tolaris.com> Message-ID: Hi Tyler, ok... I will try to give it a shot... What about HP Procurve "Freeze"... can anyone help with this...? Thanks in advance :-)! ~maymann 2012/1/10 Tyler J. Wagner > Reading /usr/lib/rancid/bin/clogin, I don't see any intelligence for using > SSH keys. Sorry, if you want that, you'll have to add it. Patches would no > doubt be welcome. > > Tyler > > On 2012-01-10 13:11, Michael Maymann wrote: > > Hi Tyler, > > > > Thanks for your reply...:-) ! > > > > Same thing happens as for my network user...: > > 1. yes > > 2. no (clogin/hlogin requires a .cloginrc file with username/password to > > run) - and my best bet is that this is what it uses currently... so no > > ssh-keys using clogin/hlogin (from wither network user, root, rancid...). > > Furthermore prompt is also "hanging" and it doesn't parse the -c "sh ver" > > that works fine from normal ssh... > > 3. same as network user/root > > > > So key-sharing is working fine... but don't know how to utilize it/bypass > > .cloginrc in rancid... > > Just hoping that there is a way... - would'nt like to manually edit > scripts > > every time i update Rancid... and I don't know expect that well > either...:-) ! > > > > Thanks in advance :-) ! > > ~maymann > > > > 2012/1/10 Tyler J. Wagner > > > > > Michael, > > > > I've not tried using clogin/hlogin with SSH keys, but I know a great > deal > > about SSH. Assuming that clogin will use a key if present (a big if): > > > > 1. Can you login with the SSH key using ssh as the root user? > > 2. Can you login with the SSH key using clogin as the root user? > > 3. What about as the rancid user? > > > > Regards, > > Tyler > > > > On 2012-01-10 08 :17, Michael Maymann wrote: > > > I'm running on rhel-5u7-x64. > > > Anyone...? > > > > > > > > > Thanks in advance :-) > > > ~maymann > > > > > > 2012/1/9 Michael Maymann > > >> > > > > > > hlogin -w -c "sh ver" : > > > --- > > > > > > spawn hpuifilter -- ssh -c 3des -x -l > > > We'd like to keep you up to date about: > > > * Software feature updates > > > * New product announcements > > > * Special events > > > > > > Please register your products now at: www.ProCurve.com > > > > > > > > > > > > > > ProCurve J8697A Switch 5406zl > > > Software revision K.15.02.0005 > > > > > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights > Reserved. > > > > > > RESTRICTED RIGHTS LEGEND > > > > > > Use, duplication, or disclosure by the Government is subject > to > > > restrictions > > > as set forth in subdivision (b) (3) (ii) of the Rights in > Technical > > > Data and > > > Computer Software clause at 52.227-7013. > > > > > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, > CA > > 94303 > > > > > > Press any key to continue# > > > --- > > > Just "hangs" there... > > > > > > > > > ssh @: > > > --- > > > We'd like to keep you up to date about: > > > * Software feature updates > > > * New product announcements > > > * Special events > > > > > > Please register your products now at: www.ProCurve.com > > > > > > > > ProCurve J8697A Switch 5406zl > > > Software revision K.15.02.0005 > > > > > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights > Reserved. > > > > > > RESTRICTED RIGHTS LEGEND > > > > > > Use, duplication, or disclosure by the Government is subject > to > > > restrictions > > > as set forth in subdivision (b) (3) (ii) of the Rights in > Technical > > > Data and > > > Computer Software clause at 52.227-7013. > > > > > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, > CA > > 94303 > > > Press any key to continue > > > # sh ver > > > Image stamp: /sw/code/build/btm(K_15_02) > > > Oct 20 2010 16:19:41 > > > K.15.02.0005 > > > 121 > > > Boot Image: Primary > > > # logout > > > Do you want to log out [y/n]? y > > > Connection to closed. > > > --- > > > So SSH is working fine... > > > I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in > > > > > 2251 2010-10-01 19:26:36Z heas $ > > > Could there be a problem with HP Procurve 5406zl hlogin script > > > somewhere... or can someone actually confirm this to be > working on > > > their 5406zl ? > > > > > > Furthermore, I would like to run hlogin+clogin wihout having to > > > configure anything inside .cloginrc... is this possible > somehow ? > > > > > > > > > Thanks in advance... :-) ! > > > ~maymann > > > > > > > > > 2012/1/9 Michael Maymann > > >> > > > > > > Hi List, > > > > > > We have a setup where we have destributed 4096 bit RSA > > public-keys > > > to all our equipment from a network-user for optimanl > security. > > > Our equipment is already in a DB and we have a scripting > > > environment that figures out the vendor/model/type for us > > already. > > > 1. Can I use rancid without using .cloginrc (e.g. directly > from > > > commandline) - how... ? > > > 2. Alternatively, can I configure .cloginrc with > ssh-keysharing - > > > how... ? > > > > > > We will need to connect to HP ProCurve (hlogin) and Cisco > > (clogin)... > > > > > > > > > Thanks in advance :-) ! > > > > > > ~maymann > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > -- > > "[...] we are not attacking the corporations, but endeavoring to do > > away with any evil in them. We are not hostile to them; we are merely > > determined that they shall be so handled as to subserve the public > > good. We draw the line against misconduct, not against wealth." > > -- Theodore Roosevelt > > > > > > -- > "I respect you too much to respect your ridiculous ideas." > -- Johann Hari > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jan 10 16:19:58 2012 From: heas at shrubbery.net (heasley) Date: Tue, 10 Jan 2012 16:19:58 +0000 Subject: [rancid] SSH public-keys In-Reply-To: <4F0C3D55.1000801@tolaris.com> References: <4F0C042A.8080008@tolaris.com> <4F0C3D55.1000801@tolaris.com> Message-ID: <20120110161958.GE7866@shrubbery.net> Tue, Jan 10, 2012 at 01:29:57PM +0000, Tyler J. Wagner: > Reading /usr/lib/rancid/bin/clogin, I don't see any intelligence for using > SSH keys. Sorry, if you want that, you'll have to add it. Patches would no > doubt be welcome. does identity knob in cloginrc not do what you want? > > 2. no (clogin/hlogin requires a .cloginrc file with username/password to > > run) - and my best bet is that this is what it uses currently... so no > > ssh-keys using clogin/hlogin (from wither network user, root, rancid...). > > Furthermore prompt is also "hanging" and it doesn't parse the -c "sh ver" > > that works fine from normal ssh... if the key has no passphrase, you dont need a password or passphrase. > > 3. same as network user/root > > > > So key-sharing is working fine... but don't know how to utilize it/bypass > > .cloginrc in rancid... > > Just hoping that there is a way... - would'nt like to manually edit scripts > > every time i update Rancid... and I don't know expect that well either...:-) ! > > > > Thanks in advance :-) ! > > ~maymann > > > > 2012/1/10 Tyler J. Wagner > > > > > Michael, > > > > I've not tried using clogin/hlogin with SSH keys, but I know a great deal > > about SSH. Assuming that clogin will use a key if present (a big if): > > > > 1. Can you login with the SSH key using ssh as the root user? > > 2. Can you login with the SSH key using clogin as the root user? > > 3. What about as the rancid user? > > > > Regards, > > Tyler > > > > On 2012-01-10 08 :17, Michael Maymann wrote: > > > I'm running on rhel-5u7-x64. > > > Anyone...? > > > > > > > > > Thanks in advance :-) > > > ~maymann > > > > > > 2012/1/9 Michael Maymann > > >> > > > > > > hlogin -w -c "sh ver" : > > > --- > > > > > > spawn hpuifilter -- ssh -c 3des -x -l > > > We'd like to keep you up to date about: > > > * Software feature updates > > > * New product announcements > > > * Special events > > > > > > Please register your products now at: www.ProCurve.com > > > > > > > > > > > > > > ProCurve J8697A Switch 5406zl > > > Software revision K.15.02.0005 > > > > > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > > > > > RESTRICTED RIGHTS LEGEND > > > > > > Use, duplication, or disclosure by the Government is subject to > > > restrictions > > > as set forth in subdivision (b) (3) (ii) of the Rights in Technical > > > Data and > > > Computer Software clause at 52.227-7013. > > > > > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA > > 94303 > > > > > > Press any key to continue# > > > --- > > > Just "hangs" there... > > > > > > > > > ssh @: > > > --- > > > We'd like to keep you up to date about: > > > * Software feature updates > > > * New product announcements > > > * Special events > > > > > > Please register your products now at: www.ProCurve.com > > > > > > > > ProCurve J8697A Switch 5406zl > > > Software revision K.15.02.0005 > > > > > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > > > > > RESTRICTED RIGHTS LEGEND > > > > > > Use, duplication, or disclosure by the Government is subject to > > > restrictions > > > as set forth in subdivision (b) (3) (ii) of the Rights in Technical > > > Data and > > > Computer Software clause at 52.227-7013. > > > > > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA > > 94303 > > > Press any key to continue > > > # sh ver > > > Image stamp: /sw/code/build/btm(K_15_02) > > > Oct 20 2010 16:19:41 > > > K.15.02.0005 > > > 121 > > > Boot Image: Primary > > > # logout > > > Do you want to log out [y/n]? y > > > Connection to closed. > > > --- > > > So SSH is working fine... > > > I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in > > > > > 2251 2010-10-01 19:26:36Z heas $ > > > Could there be a problem with HP Procurve 5406zl hlogin script > > > somewhere... or can someone actually confirm this to be working on > > > their 5406zl ? > > > > > > Furthermore, I would like to run hlogin+clogin wihout having to > > > configure anything inside .cloginrc... is this possible somehow ? > > > > > > > > > Thanks in advance... :-) ! > > > ~maymann > > > > > > > > > 2012/1/9 Michael Maymann > > >> > > > > > > Hi List, > > > > > > We have a setup where we have destributed 4096 bit RSA > > public-keys > > > to all our equipment from a network-user for optimanl security. > > > Our equipment is already in a DB and we have a scripting > > > environment that figures out the vendor/model/type for us > > already. > > > 1. Can I use rancid without using .cloginrc (e.g. directly from > > > commandline) - how... ? > > > 2. Alternatively, can I configure .cloginrc with ssh-keysharing - > > > how... ? > > > > > > We will need to connect to HP ProCurve (hlogin) and Cisco > > (clogin)... > > > > > > > > > Thanks in advance :-) ! > > > > > > ~maymann > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > -- > > "[...] we are not attacking the corporations, but endeavoring to do > > away with any evil in them. We are not hostile to them; we are merely > > determined that they shall be so handled as to subserve the public > > good. We draw the line against misconduct, not against wealth." > > -- Theodore Roosevelt > > > > > > -- > "I respect you too much to respect your ridiculous ideas." > -- Johann Hari > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Jan 10 16:20:49 2012 From: heas at shrubbery.net (heasley) Date: Tue, 10 Jan 2012 16:20:49 +0000 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> Message-ID: <20120110162049.GF7866@shrubbery.net> Tue, Jan 10, 2012 at 02:18:51PM +0100, Michael Maymann: > Hi again..., > guess this guy was having same problem... no solution though...yet...:-) > http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005263.html i havent had time to look at that problem; i need a linux box to test it on. From tyler at tolaris.com Tue Jan 10 16:38:55 2012 From: tyler at tolaris.com (Tyler J. Wagner) Date: Tue, 10 Jan 2012 16:38:55 +0000 Subject: [rancid] SSH public-keys In-Reply-To: <20120110161958.GE7866@shrubbery.net> References: <4F0C042A.8080008@tolaris.com> <4F0C3D55.1000801@tolaris.com> <20120110161958.GE7866@shrubbery.net> Message-ID: <4F0C699F.7000701@tolaris.com> On 2012-01-10 16:19, heasley wrote: > Tue, Jan 10, 2012 at 01:29:57PM +0000, Tyler J. Wagner: >> Reading /usr/lib/rancid/bin/clogin, I don't see any intelligence for using >> SSH keys. Sorry, if you want that, you'll have to add it. Patches would no >> doubt be welcome. > > does identity knob in cloginrc not do what you want? Doh! I totally missed that. Regards, Tyler -- "The belief in immortality has always seemed cowardly to me. When very young I learned that all things die, and all that we wish of good must be won on this earth or not at all." -- Anne Smedley From erik at code.de Tue Jan 10 16:41:26 2012 From: erik at code.de (Erik Wenzel) Date: Tue, 10 Jan 2012 17:41:26 +0100 Subject: [rancid] xrrancid destroys ipv[46] ACLs Message-ID: <0654E66C-4029-4E5F-89F9-53134A10AEC5@code.de> regardless of setting ACLSORT in rancid.conf xrrancid is sorting an ACL like: ---snip--- #sh ipv4 access-lists eriktest-v4 ipv4 access-list eriktest-v4 1 remark erik 10 remark tests 100 remark acls 1000 deny ipv4 any any #sh ipv6 access-lists eriktest ipv6 access-list eriktest 1 remark erik 10 remark tests 100 remark acls 1000 deny ipv6 any any ---snip--- to: ---snip--- [?] deny ipv6 any any ipv6 access-list eriktest 1 remark erik 10 remark tests 100 remark acls [?] ! deny ipv4 any any ipv4 access-list eriktest-v4 1 remark erik 10 remark tests 100 remark acls ! [?] ---snip--- ? in rancid backup. This is completely useless. This can't be used in case of recovery. I urge everyone who uses xrrancid and sequence numbers to verify their ACLs in CVS. My workaround is to comment out line 1022-1037. Can someone who is using IOS-XR in this setup confirm this behavior? xrrancid version string: $Id: xrrancid.in 2264 2010-11-04 23:35:17Z heas $ -- Erik Wenzel erik at code.de From phalenor at gmail.com Tue Jan 10 17:26:36 2012 From: phalenor at gmail.com (Andy Cobaugh) Date: Tue, 10 Jan 2012 12:26:36 -0500 (EST) Subject: [rancid] Problem with hpuifilter on RHEL6 and glibc-2.12-1.47.el6.x86_64 In-Reply-To: <20111223194635.GQ54677@shrubbery.net> References: <20111223194635.GQ54677@shrubbery.net> Message-ID: On 2011-12-23 at 19:46, heasley ( heas at shrubbery.net ) said: > Wed, Dec 21, 2011 at 04:37:10PM -0500, Andy Cobaugh: >> >> Hey folks. >> >> We recently saw a problem crop up with hpuifilter on RHEL6 (well, >> Scientific Linux 6.1) when glibc/glibc-common got updated. >> >> We're running RANCID 2.3.6 with git extensions. The problem only happens >> with HP switches, so I'm thinking this is a problem in hpuifilter >> somewhere, but maybe it's in tcl/expect/ssh. >> >> The problem exists with glibc-2.12-1.47.el6.x86_64, but not with >> glibc-2.12-1.25.el6.x86_64, which came from 6.1 FCS. I'm not sure what >> version we were running before the update. >> >> The diff outputs we're seeing look something like this: >> >> -aaa port-access authenticator 8 client-limit 1 >> -aaa port-access authenticator 9 quiet-period 30 >> +aaa port-access authenticator 8 client-laaa poaaa port-access authenticator 9 quiet-period 30 >> >> -;Image: stamp: /sw/code/build/cod(cod11) >> +;Image: ^[[24magemage stamp: /sw/code/build/cod(cod11) >> >> -ip default-gatew.1.1 >> -sntp sesntp server 128.118.25.3 >> +ip default-gateway 10.1.1.1 >> +sntp server 128.118.25.3 >> >> >> It's completely random which switches show this behavior, but all of them >> tend to flip-flop between ok and not ok, and we have enough switches that >> we get an email every time RANCID runs. >> >> I'm not sure where else to look. Open to suggestions. > > are you sure that your have rancid 2.3.6? hpuifilter had been patched to > avoid some internationalized string functions which didnt like the 8 bit > chars of the screen handling codes. perhaps something else has contracted > this disease, but first please check that you really have 2.3.6. Ping. Anyone have a chance to look at this? We are definitely running the latest rancid, but the problem only exists with the newer glibc found on RHEL6. Older versions from a few months ago are fine. --andy From heas at shrubbery.net Tue Jan 10 17:36:44 2012 From: heas at shrubbery.net (heasley) Date: Tue, 10 Jan 2012 17:36:44 +0000 Subject: [rancid] xrrancid destroys ipv[46] ACLs In-Reply-To: <0654E66C-4029-4E5F-89F9-53134A10AEC5@code.de> References: <0654E66C-4029-4E5F-89F9-53134A10AEC5@code.de> Message-ID: <20120110173644.GK7866@shrubbery.net> Tue, Jan 10, 2012 at 05:41:26PM +0100, Erik Wenzel: > regardless of setting ACLSORT in rancid.conf xrrancid is sorting an ACL like: > ---snip--- > #sh ipv4 access-lists eriktest-v4 > ipv4 access-list eriktest-v4 > 1 remark erik > 10 remark tests > 100 remark acls > 1000 deny ipv4 any any > #sh ipv6 access-lists eriktest > ipv6 access-list eriktest > 1 remark erik > 10 remark tests > 100 remark acls > 1000 deny ipv6 any any > ---snip--- > to: > ---snip--- > [?] > deny ipv6 any any > ipv6 access-list eriktest > 1 remark erik > 10 remark tests > 100 remark acls > [?] > ! > deny ipv4 any any > ipv4 access-list eriktest-v4 > 1 remark erik > 10 remark tests > 100 remark acls > ! > [?] > ---snip--- > ? in rancid backup. This is completely useless. This can't be used in case of > recovery. I urge everyone who uses xrrancid and sequence numbers to verify their > ACLs in CVS. My workaround is to comment out line 1022-1037. Can someone who is > using IOS-XR in this setup confirm this behavior? i'm not sure if i understand what the behavior is that you are trying to describe. could you explain in more detail? > > xrrancid version string: $Id: xrrancid.in 2264 2010-11-04 23:35:17Z heas $ > > -- > Erik Wenzel > erik at code.de > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From erik at code.de Tue Jan 10 18:52:14 2012 From: erik at code.de (Erik Wenzel) Date: Tue, 10 Jan 2012 19:52:14 +0100 Subject: [rancid] xrrancid destroys ipv[46] ACLs In-Reply-To: <20120110173644.GK7866@shrubbery.net> References: <0654E66C-4029-4E5F-89F9-53134A10AEC5@code.de> <20120110173644.GK7866@shrubbery.net> Message-ID: <014B1488-2F21-432E-9D3B-3D3F54B2B497@code.de> Am 10.01.2012 um 18.36 schrieb heasley: > Tue, Jan 10, 2012 at 05:41:26PM +0100, Erik Wenzel: >> regardless of setting ACLSORT in rancid.conf xrrancid is sorting an ACL like: >> ---snip--- >> #sh ipv4 access-lists eriktest-v4 >> ipv4 access-list eriktest-v4 >> 1 remark erik >> 10 remark tests >> 100 remark acls >> 1000 deny ipv4 any any >> #sh ipv6 access-lists eriktest >> ipv6 access-list eriktest >> 1 remark erik >> 10 remark tests >> 100 remark acls >> 1000 deny ipv6 any any >> ---snip--- >> to: >> ---snip--- >> [?] >> deny ipv6 any any >> ipv6 access-list eriktest >> 1 remark erik >> 10 remark tests >> 100 remark acls >> [?] >> ! >> deny ipv4 any any >> ipv4 access-list eriktest-v4 >> 1 remark erik >> 10 remark tests >> 100 remark acls >> ! >> [?] >> ---snip--- >> ? in rancid backup. This is completely useless. This can't be used in case of >> recovery. I urge everyone who uses xrrancid and sequence numbers to verify their >> ACLs in CVS. My workaround is to comment out line 1022-1037. Can someone who is >> using IOS-XR in this setup confirm this behavior? > > i'm not sure if i understand what the behavior is that you are trying to > describe. could you explain in more detail? I want a working configuration backup. As you can see in the second snippet above the ACL is crippled. I extracted it from the checked out file from CVS. Why does xrrancid mess around with ACLs? I set ACLSORT to NO and still some code(line 1022-1037 in xrrancid) removes sequence numbers lines containing allow or deny from configuration. Is there a use case I do not see? > >> >> xrrancid version string: $Id: xrrancid.in 2264 2010-11-04 23:35:17Z heas $ >> >> -- >> Erik Wenzel >> erik at code.de >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From michael at maymann.org Tue Jan 10 18:56:12 2012 From: michael at maymann.org (Michael Maymann) Date: Tue, 10 Jan 2012 19:56:12 +0100 Subject: [rancid] SSH public-keys In-Reply-To: <20120110162049.GF7866@shrubbery.net> References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> Message-ID: Hi Heasley, Thanks for your kind replies... thought it would be possible somehow...:-) ! I would love to help fix the hlogin procurve "hang" problem... can you define a command that I run and send you some debug output (perhaps off-list), that can help solve this...? Can you give an example of .cloginrc identity knob config and perhaps hlogin command... at home at the moment, would like to test first thing in the morning if possible...:-) Thanks in advance :-) ! ~maymann 2012/1/10 heasley > Tue, Jan 10, 2012 at 02:18:51PM +0100, Michael Maymann: > > Hi again..., > > guess this guy was having same problem... no solution though...yet...:-) > > > http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005263.html > > i havent had time to look at that problem; i need a linux box to test it > on. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jan 10 19:40:25 2012 From: heas at shrubbery.net (heasley) Date: Tue, 10 Jan 2012 19:40:25 +0000 Subject: [rancid] xrrancid destroys ipv[46] ACLs In-Reply-To: <014B1488-2F21-432E-9D3B-3D3F54B2B497@code.de> References: <0654E66C-4029-4E5F-89F9-53134A10AEC5@code.de> <20120110173644.GK7866@shrubbery.net> <014B1488-2F21-432E-9D3B-3D3F54B2B497@code.de> Message-ID: <20120110194025.GT7866@shrubbery.net> Tue, Jan 10, 2012 at 07:52:14PM +0100, Erik Wenzel: > > Am 10.01.2012 um 18.36 schrieb heasley: > > > Tue, Jan 10, 2012 at 05:41:26PM +0100, Erik Wenzel: > >> regardless of setting ACLSORT in rancid.conf xrrancid is sorting an ACL like: > >> ---snip--- > >> #sh ipv4 access-lists eriktest-v4 > >> ipv4 access-list eriktest-v4 > >> 1 remark erik > >> 10 remark tests > >> 100 remark acls > >> 1000 deny ipv4 any any > >> #sh ipv6 access-lists eriktest > >> ipv6 access-list eriktest > >> 1 remark erik > >> 10 remark tests > >> 100 remark acls > >> 1000 deny ipv6 any any > >> ---snip--- > >> to: > >> ---snip--- > >> [?] > >> deny ipv6 any any > >> ipv6 access-list eriktest > >> 1 remark erik > >> 10 remark tests > >> 100 remark acls > >> [?] > >> ! > >> deny ipv4 any any > >> ipv4 access-list eriktest-v4 > >> 1 remark erik > >> 10 remark tests > >> 100 remark acls > >> ! > >> [?] > >> ---snip--- > >> ? in rancid backup. This is completely useless. This can't be used in case of > >> recovery. I urge everyone who uses xrrancid and sequence numbers to verify their > >> ACLs in CVS. My workaround is to comment out line 1022-1037. Can someone who is > >> using IOS-XR in this setup confirm this behavior? > > > > i'm not sure if i understand what the behavior is that you are trying to > > describe. could you explain in more detail? > I want a working configuration backup. As you can see in the second snippet above the ACL is crippled. I extracted it from the checked out file from CVS. Why does xrrancid mess around with ACLs? I set ACLSORT to NO and still some code(line 1022-1037 in xrrancid) removes sequence numbers lines containing allow or deny from configuration. Is there a use case I do not see? removing the sequence numbers is intentional - they're useless and cause diffs that obscure what actually changed. removing sequence numbers does not render the config for restoration. ACLSORT does not affect the removal of the sequence numbers, which you already know. but, i now understand the behavior and i'll fix it. > > > >> > >> xrrancid version string: $Id: xrrancid.in 2264 2010-11-04 23:35:17Z heas $ > >> > >> -- > >> Erik Wenzel > >> erik at code.de > >> > >> > >> > >> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Jan 10 20:00:05 2012 From: heas at shrubbery.net (heasley) Date: Tue, 10 Jan 2012 20:00:05 +0000 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> Message-ID: <20120110200005.GU7866@shrubbery.net> Tue, Jan 10, 2012 at 07:56:12PM +0100, Michael Maymann: > Hi Heasley, > > Thanks for your kind replies... thought it would be possible somehow...:-) ! > I would love to help fix the hlogin procurve "hang" problem... can you > define a command that I run and send you some debug output (perhaps > off-list), that can help solve this...? I can't; i suspect its related to string functions that have changed to support wide characters. > Can you give an example of .cloginrc identity knob config and perhaps > hlogin command... at home at the moment, would like to test first thing in > the morning if possible...:-) its just a filename. see the -i option of the ssh client. > Thanks in advance :-) ! > ~maymann > > > 2012/1/10 heasley > > > Tue, Jan 10, 2012 at 02:18:51PM +0100, Michael Maymann: > > > Hi again..., > > > guess this guy was having same problem... no solution though...yet...:-) > > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005263.html > > > > i havent had time to look at that problem; i need a linux box to test it > > on. > > From michael at maymann.org Tue Jan 10 20:32:53 2012 From: michael at maymann.org (Michael Maymann) Date: Tue, 10 Jan 2012 21:32:53 +0100 Subject: [rancid] SSH public-keys In-Reply-To: <20120110200005.GU7866@shrubbery.net> References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> Message-ID: Hi Heasley, perhaps if you send me a specially modified hlogin that will echo some specific variables and run in debug mode - wouldn't this be a feasible way to troubleshoot this quickly...? I will try to test this also on a 32bit system tomorrow... Thanks in advance :-) ! ~maymann 2012/1/10 heasley > Tue, Jan 10, 2012 at 07:56:12PM +0100, Michael Maymann: > > Hi Heasley, > > > > Thanks for your kind replies... thought it would be possible > somehow...:-) ! > > I would love to help fix the hlogin procurve "hang" problem... can you > > define a command that I run and send you some debug output (perhaps > > off-list), that can help solve this...? > > I can't; i suspect its related to string functions that have changed to > support wide characters. > > > Can you give an example of .cloginrc identity knob config and perhaps > > hlogin command... at home at the moment, would like to test first thing > in > > the morning if possible...:-) > > its just a filename. see the -i option of the ssh client. > > > Thanks in advance :-) ! > > ~maymann > > > > > > 2012/1/10 heasley > > > > > Tue, Jan 10, 2012 at 02:18:51PM +0100, Michael Maymann: > > > > Hi again..., > > > > guess this guy was having same problem... no solution > though...yet...:-) > > > > > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005263.html > > > > > > i havent had time to look at that problem; i need a linux box to test > it > > > on. > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shouldbeq931 at gmail.com Tue Jan 10 20:34:24 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Tue, 10 Jan 2012 20:34:24 +0000 Subject: [rancid] SSH public-keys In-Reply-To: <20120110200005.GU7866@shrubbery.net> References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> Message-ID: On Tue, Jan 10, 2012 at 8:00 PM, heasley wrote: > Tue, Jan 10, 2012 at 07:56:12PM +0100, Michael Maymann: >> Hi Heasley, >> >> Thanks for your kind replies... thought it would be possible somehow...:-) ! >> I would love to help fix the hlogin procurve "hang" problem... can you >> define a command that I run and send you some debug output (perhaps >> off-list), that can help solve this...? > > I can't; i suspect its related to string functions that have changed to > support wide characters. > >> Can you give an example of .cloginrc identity knob config and perhaps >> hlogin command... at home at the moment, would like to test first thing in >> the morning if possible...:-) > > its just a filename. ?see the -i option of the ssh client. > >> Thanks in advance :-) ! >> ~maymann >> >> >> 2012/1/10 heasley >> >> > Tue, Jan 10, 2012 at 02:18:51PM +0100, Michael Maymann: >> > > Hi again..., >> > > guess this guy was having same problem... no solution though...yet...:-) >> > > >> > http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005263.html >> > >> > i havent had time to look at that problem; i need a linux box to test it >> > on. >> > > _______________________________________________ Apologies if I have misunderstood, but have you edited as per http://www.hiddenone.net/hp-procurve/rancid-hp-procurve-equipment/ or is that no longer required on 2.3.6 ? I have rancid working quite nicely with several 5412 and 5406 switches, would be nice if the looking glass worked on them as well, but... From michael at maymann.org Tue Jan 10 20:47:48 2012 From: michael at maymann.org (Michael Maymann) Date: Tue, 10 Jan 2012 21:47:48 +0100 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> Message-ID: Hi Shouldbe, Thanks for your nice comment...:-) ! No, I haven't edited anything... maybe this is what is needed (if it's working for you, it seems so...!)...? Sorry for my ignorance - what is looking glass...?: "RANCID also includes looking glass software. It is based on Ed Kern's looking glass which was once used for http://nitrous.digex.net/, for the old-school folks who remember it. Our version has added functions, supports cisco, juniper, and foundry and uses the login scripts that come with rancid; so it can use telnet or ssh to connect to your devices(s)." I can't check this right now - but it will be my first thing tomorrow morning...! Heasley/anyone - do you know if this is also should be needed in 2.3.6 - or do we perhaps have the codefix right here...? Thanks in advance :-) ! ~maymann 2012/1/10 shouldbe q931 > On Tue, Jan 10, 2012 at 8:00 PM, heasley wrote: > > Tue, Jan 10, 2012 at 07:56:12PM +0100, Michael Maymann: > >> Hi Heasley, > >> > >> Thanks for your kind replies... thought it would be possible > somehow...:-) ! > >> I would love to help fix the hlogin procurve "hang" problem... can you > >> define a command that I run and send you some debug output (perhaps > >> off-list), that can help solve this...? > > > > I can't; i suspect its related to string functions that have changed to > > support wide characters. > > > >> Can you give an example of .cloginrc identity knob config and perhaps > >> hlogin command... at home at the moment, would like to test first thing > in > >> the morning if possible...:-) > > > > its just a filename. see the -i option of the ssh client. > > > >> Thanks in advance :-) ! > >> ~maymann > >> > >> > >> 2012/1/10 heasley > >> > >> > Tue, Jan 10, 2012 at 02:18:51PM +0100, Michael Maymann: > >> > > Hi again..., > >> > > guess this guy was having same problem... no solution > though...yet...:-) > >> > > > >> > > http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005263.html > >> > > >> > i havent had time to look at that problem; i need a linux box to test > it > >> > on. > >> > > > _______________________________________________ > > > Apologies if I have misunderstood, but have you edited as per > http://www.hiddenone.net/hp-procurve/rancid-hp-procurve-equipment/ > > or is that no longer required on 2.3.6 ? > > I have rancid working quite nicely with several 5412 and 5406 > switches, would be nice if the looking glass worked on them as well, > but... > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at maymann.org Tue Jan 10 20:55:31 2012 From: michael at maymann.org (Michael Maymann) Date: Tue, 10 Jan 2012 21:55:31 +0100 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> Message-ID: Nevermind LG: found info here...: http://www.shrubbery.net/rancid/man/lg_intro.1.html would be awesome with ProCurve support...:-) ! ~maymann 2012/1/10 Michael Maymann > Hi Shouldbe, > Thanks for your nice comment...:-) ! > > No, I haven't edited anything... maybe this is what is needed (if it's > working for you, it seems so...!)...? > Sorry for my ignorance - what is looking glass...?: > "RANCID also includes looking glass software. It is based on Ed Kern's > looking glass which was once used for http://nitrous.digex.net/, for the > old-school folks who remember it. Our version has added functions, supports > cisco, juniper, and foundry and uses the login scripts that come with > rancid; so it can use telnet or ssh to connect to your devices(s)." > > I can't check this right now - but it will be my first thing tomorrow > morning...! > Heasley/anyone - do you know if this is also should be needed in 2.3.6 - > or do we perhaps have the codefix right here...? > > > Thanks in advance :-) ! > ~maymann > > 2012/1/10 shouldbe q931 > >> On Tue, Jan 10, 2012 at 8:00 PM, heasley wrote: >> > Tue, Jan 10, 2012 at 07:56:12PM +0100, Michael Maymann: >> >> Hi Heasley, >> >> >> >> Thanks for your kind replies... thought it would be possible >> somehow...:-) ! >> >> I would love to help fix the hlogin procurve "hang" problem... can you >> >> define a command that I run and send you some debug output (perhaps >> >> off-list), that can help solve this...? >> > >> > I can't; i suspect its related to string functions that have changed to >> > support wide characters. >> > >> >> Can you give an example of .cloginrc identity knob config and perhaps >> >> hlogin command... at home at the moment, would like to test first >> thing in >> >> the morning if possible...:-) >> > >> > its just a filename. see the -i option of the ssh client. >> > >> >> Thanks in advance :-) ! >> >> ~maymann >> >> >> >> >> >> 2012/1/10 heasley >> >> >> >> > Tue, Jan 10, 2012 at 02:18:51PM +0100, Michael Maymann: >> >> > > Hi again..., >> >> > > guess this guy was having same problem... no solution >> though...yet...:-) >> >> > > >> >> > >> http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005263.html >> >> > >> >> > i havent had time to look at that problem; i need a linux box to >> test it >> >> > on. >> >> > >> > _______________________________________________ >> >> >> Apologies if I have misunderstood, but have you edited as per >> http://www.hiddenone.net/hp-procurve/rancid-hp-procurve-equipment/ >> >> or is that no longer required on 2.3.6 ? >> >> I have rancid working quite nicely with several 5412 and 5406 >> switches, would be nice if the looking glass worked on them as well, >> but... >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jan 10 22:13:04 2012 From: heas at shrubbery.net (heasley) Date: Tue, 10 Jan 2012 22:13:04 +0000 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> Message-ID: <20120110221303.GB7866@shrubbery.net> Tue, Jan 10, 2012 at 08:34:24PM +0000, shouldbe q931: > Apologies if I have misunderstood, but have you edited as per > http://www.hiddenone.net/hp-procurve/rancid-hp-procurve-equipment/ > > or is that no longer required on 2.3.6 ? > > I have rancid working quite nicely with several 5412 and 5406 > switches, would be nice if the looking glass worked on them as well, > but... current code runs both commands, so no edit should be necessary. From erik at code.de Wed Jan 11 10:11:02 2012 From: erik at code.de (Erik Wenzel) Date: Wed, 11 Jan 2012 11:11:02 +0100 Subject: [rancid] xrrancid destroys ipv[46] ACLs In-Reply-To: <20120110194025.GT7866@shrubbery.net> References: <0654E66C-4029-4E5F-89F9-53134A10AEC5@code.de> <20120110173644.GK7866@shrubbery.net> <014B1488-2F21-432E-9D3B-3D3F54B2B497@code.de> <20120110194025.GT7866@shrubbery.net> Message-ID: <6DBC3ED8-E174-4639-B323-356A7885910D@code.de> Am 10.01.2012 um 20.40 schrieb heasley: > Tue, Jan 10, 2012 at 07:52:14PM +0100, Erik Wenzel: >> >> Am 10.01.2012 um 18.36 schrieb heasley: >> >>> Tue, Jan 10, 2012 at 05:41:26PM +0100, Erik Wenzel: >>>> regardless of setting ACLSORT in rancid.conf xrrancid is sorting an ACL like: >>>> ---snip--- >>>> #sh ipv4 access-lists eriktest-v4 >>>> ipv4 access-list eriktest-v4 >>>> 1 remark erik >>>> 10 remark tests >>>> 100 remark acls >>>> 1000 deny ipv4 any any >>>> #sh ipv6 access-lists eriktest >>>> ipv6 access-list eriktest >>>> 1 remark erik >>>> 10 remark tests >>>> 100 remark acls >>>> 1000 deny ipv6 any any >>>> ---snip--- >>>> to: >>>> ---snip--- >>>> [?] >>>> deny ipv6 any any >>>> ipv6 access-list eriktest >>>> 1 remark erik >>>> 10 remark tests >>>> 100 remark acls >>>> [?] >>>> ! >>>> deny ipv4 any any >>>> ipv4 access-list eriktest-v4 >>>> 1 remark erik >>>> 10 remark tests >>>> 100 remark acls >>>> ! >>>> [?] >>>> ---snip--- >>>> ? in rancid backup. This is completely useless. This can't be used in case of >>>> recovery. I urge everyone who uses xrrancid and sequence numbers to verify their >>>> ACLs in CVS. My workaround is to comment out line 1022-1037. Can someone who is >>>> using IOS-XR in this setup confirm this behavior? >>> >>> i'm not sure if i understand what the behavior is that you are trying to >>> describe. could you explain in more detail? >> I want a working configuration backup. As you can see in the second snippet above the ACL is crippled. I extracted it from the checked out file from CVS. Why does xrrancid mess around with ACLs? I set ACLSORT to NO and still some code(line 1022-1037 in xrrancid) removes sequence numbers lines containing allow or deny from configuration. Is there a use case I do not see? > > removing the sequence numbers is intentional - they're useless and cause diffs > that obscure what actually changed. removing sequence numbers does not render > the config for restoration. Intentional? You do not expect an unchanged backup of your configuration from a rancid user point of view? I do. In my case I need exactly the same sequence number in the backup, because there is a meaning in each. > > ACLSORT does not affect the removal of the sequence numbers, which you already > know. > > but, i now understand the behavior and i'll fix it. If that fix means that the removal of sequence numbers depends on a ACLSORT=YES ... I think it is not a obvious solution, but it is one. Which is fine with me. -- Erik Wenzel erik at code.de From michael at maymann.org Wed Jan 11 11:21:36 2012 From: michael at maymann.org (Michael Maymann) Date: Wed, 11 Jan 2012 12:21:36 +0100 Subject: [rancid] SSH public-keys In-Reply-To: <20120110221303.GB7866@shrubbery.net> References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> <20120110221303.GB7866@shrubbery.net> Message-ID: Hi again, We don't even have a single 32bit linux server - all hosts (100+) are running 64bit...! Here is a nice easy linux distro (install on stick and go...): www.everydesk.org This is what I have now in my .cloginrc: --- add method * ssh add user * add identity * #add password {PASSWORD} {PASSWORD} --- This fails though: -bash-3.2$ /usr/libexec/rancid/hlogin -c "sh ver" --- Error: no password for in . --- I haven't assigned a passphrase to the key - and it works fine password-lessly with just: ssh Thanks in advance :-) ! ~maymann 2012/1/10 heasley > Tue, Jan 10, 2012 at 08:34:24PM +0000, shouldbe q931: > > Apologies if I have misunderstood, but have you edited as per > > http://www.hiddenone.net/hp-procurve/rancid-hp-procurve-equipment/ > > > > or is that no longer required on 2.3.6 ? > > > > I have rancid working quite nicely with several 5412 and 5406 > > switches, would be nice if the looking glass worked on them as well, > > but... > > current code runs both commands, so no edit should be necessary. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at maymann.org Wed Jan 11 11:26:42 2012 From: michael at maymann.org (Michael Maymann) Date: Wed, 11 Jan 2012 12:26:42 +0100 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> <20120110221303.GB7866@shrubbery.net> Message-ID: The codechange to hrancid, Shouldbe mentioned is like example in his link in my version still: @commandtable = ( {?show version? => ?ShowVersion?}, {?show flash? => ?ShowFlash?}, {?show system-information? => ?ShowSystem?}, {?show system information? => ?ShowSystem?}, {?show module? => ?ShowModule?}, {?show stack? => ?ShowStack?}, {?write term? => ?WriteTerm?} ); Is this ok..? Br. ~Maymann 2012/1/11 Michael Maymann > Hi again, > We don't even have a single 32bit linux server - all hosts (100+) are > running 64bit...! > Here is a nice easy linux distro (install on stick and go...): > www.everydesk.org > > This is what I have now in my .cloginrc: > --- > add method * ssh > add user * > add identity * > #add password {PASSWORD} {PASSWORD} > --- > > This fails though: > -bash-3.2$ /usr/libexec/rancid/hlogin -c "sh ver" > --- > > > Error: no password for in . > --- > > I haven't assigned a passphrase to the key - and it works fine > password-lessly with just: > ssh > > > Thanks in advance :-) ! > ~maymann > > 2012/1/10 heasley > >> Tue, Jan 10, 2012 at 08:34:24PM +0000, shouldbe q931: >> > Apologies if I have misunderstood, but have you edited as per >> > http://www.hiddenone.net/hp-procurve/rancid-hp-procurve-equipment/ >> > >> > or is that no longer required on 2.3.6 ? >> > >> > I have rancid working quite nicely with several 5412 and 5406 >> > switches, would be nice if the looking glass worked on them as well, >> > but... >> >> current code runs both commands, so no edit should be necessary. >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shouldbeq931 at gmail.com Wed Jan 11 15:12:21 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Wed, 11 Jan 2012 15:12:21 +0000 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> <20120110221303.GB7866@shrubbery.net> Message-ID: On Wed, Jan 11, 2012 at 11:26 AM, Michael Maymann wrote: > The codechange to hrancid, Shouldbe mentioned is like example in his link > in my version still: > @commandtable = ( > {?show version? => ?ShowVersion?}, > {?show flash? => ?ShowFlash?}, > {?show system-information? => ?ShowSystem?}, > {?show system information? => ?ShowSystem?}, > {?show module? => ?ShowModule?}, > {?show stack? => ?ShowStack?}, > {?write term? => ?WriteTerm?} > ); > > Is this ok..? > > Br. > ~Maymann Looks good, does it work ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at maymann.org Wed Jan 11 16:50:01 2012 From: michael at maymann.org (Michael Maymann) Date: Wed, 11 Jan 2012 17:50:01 +0100 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> <20120110221303.GB7866@shrubbery.net> Message-ID: Hi Shouldbe, Sorry for not stating this... busy day at work...: tried to change "show system-information" -> "show system" to hrancid but still: hlogin -c "sh ver" is "hanging"... So it seems I have run into 2 problems: 1. trying to use hlogin with ssh-key-share (add identity * id_rsa) configured to .cloginrc is still giving an error about password is missing in .cloginrc. "ssh user at host" is working fine with key-sharing (password-lessly)... 2. hlogin is "hanging" also if I use username/password directly in .cloginrc and even if I make the modifications to hrancid (stated above...) Am I using this wrong somehow, as it works for you...? Shouldbe: can you provide your .cloginrc and a tar of rancid-bin-dir (where hlogin/hrancid etc is located)... and perhaps give examples of how you use the tool to run commands on HP ProCurve equipment. Heasley: is this an easy/quick fix or can you recommend anything else that is working with both HP ProCurve and Cisco equipment... ? Thanks in advance :-) ! ~maymann 2012/1/11 shouldbe q931 > > > On Wed, Jan 11, 2012 at 11:26 AM, Michael Maymann wrote: > >> The codechange to hrancid, Shouldbe mentioned is like example in his link >> in my version still: >> @commandtable = ( >> {?show version? => ?ShowVersion?}, >> {?show flash? => ?ShowFlash?}, >> {?show system-information? => ?ShowSystem?}, >> {?show system information? => ?ShowSystem?}, >> {?show module? => ?ShowModule?}, >> {?show stack? => ?ShowStack?}, >> {?write term? => ?WriteTerm?} >> ); >> >> Is this ok..? >> >> Br. >> ~Maymann > > > Looks good, does it work ? > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shouldbeq931 at gmail.com Wed Jan 11 19:40:54 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Wed, 11 Jan 2012 19:40:54 +0000 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> <20120110221303.GB7866@shrubbery.net> Message-ID: On Wed, Jan 11, 2012 at 4:50 PM, Michael Maymann wrote: > Hi Shouldbe, > > Sorry for not stating this... busy day at work...: > tried to change "show system-information" -> "show system" to hrancid but > still: > hlogin -c "sh ver" > is "hanging"... > > So it seems I have run into 2 problems: > 1. trying to use hlogin with ssh-key-share (add identity * id_rsa) > configured to .cloginrc is still giving an error about password is missing > in .cloginrc. "ssh user at host" is working fine with key-sharing > (password-lessly)... > 2. hlogin is "hanging" also if I use username/password directly in .cloginrc > and even if I make the modifications to hrancid (stated above...) > > Am I using this wrong somehow, as it works for you...? > Shouldbe: can you provide your .cloginrc and a tar of rancid-bin-dir (where > hlogin/hrancid etc is located)... and perhaps give examples of how you use > the tool to run commands on HP ProCurve equipment. > Heasley: is this an easy/quick fix or can you recommend anything else that > is working with both HP ProCurve and Cisco equipment... ? > > > Thanks in advance :-) ! > ~maymann > > I've attached a copy of hrancid, and what we "see" via ViewVC on the rancid box I've had to slightly sanitise the output... -------------- next part -------------- cat /usr/local/rancid/bin/hrancid #! /usr/bin/perl ## ## $Id: hrancid.in 2246 2010-09-08 01:36:07Z heas $ ## ## rancid 2.3.6 ## Copyright (c) 1997-2008 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # Amazingly hacked version of Hank's rancid - this one tries to # deal with HP procurves. # # RANCID - Really Awesome New Cisco confIg Differ # # usage: rancid [-dV] [-l] [-f filename | hostname] # use Getopt::Std; getopts('dflV'); if ($opt_V) { print "rancid 2.3.6\n"; exit(0); } $log = $opt_l; $debug = $opt_d; $file = $opt_f; $host = $ARGV[0]; $clean_run = 0; $found_end = 0; # unused - hp lacks an end-of-config tag $timeo = 90; # hlogin timeout in seconds my(@commandtable, %commands, @commands);# command lists my($aclsort) = ("ipsort"); # ACL sorting mode my($filter_commstr); # SNMP community string filtering my($filter_pwds); # password filtering mode my($systeminfo) = 0; # show system-information # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string, at string) = (@_); if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && scalar(%history)) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} = "$history{$command_string}@string"; } else { $history{$command_string} = "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} = "@string"; } else { print "@string"; } $hist_tag = $new_hist_tag; $command = $new_command; 1; } sub numerically { $a <=> $b; } # This is a sort routine that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routine (ascending). sub numsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(-1) if /^(Invalid|Ambiguous) input:/i; s/^image//i; s/^\s*//g; ProcessHistory("COMMENTS","keysort","C1", ";Image: $_") && next; } return(0); } # This routine parses "show flash" sub ShowFlash { print STDERR " In ShowFlash: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(1) if /^(Invalid|Ambiguous) input:/i; return(1) if /^\s*\^\s*$/; ProcessHistory("COMMENTS","keysort","D0",";Flash: $_"); } return; } # This routine parses "show system-information" or "show system information" sub ShowSystem { print STDERR " In ShowSystem: $_" if ($debug); if ($systeminfo) { $_ = ; return(0); } while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(0) if /^(Invalid|Ambiguous) input:/i; if (/memory\s+-\s+total\s+:\s+(\S+)/i) { my($mem) = $1; $mem =~ s/,//g; $mem /= (1024 * 1024); ProcessHistory("COMMENTS","keysort","B0",";Memory: " . int($mem) . "M\n"); next; } /serial\s+number\s+:\s+(\S+)/i && ProcessHistory("COMMENTS","keysort","A1",";Serial Number: $1\n"); /firmware\s+revision\s+:\s+(\S+)/i && ProcessHistory("COMMENTS","keysort","C0",";Image: Firmware $1\n"); /rom\s+version\s+:\s+(\S+)/i && ProcessHistory("COMMENTS","keysort","C1",";Image: ROM $1\n"); } $systeminfo = 1; return(0); } # This routine parses "show module". sub ShowModule { print STDERR " In ShowModule: $_" if ($debug); my(@lines); my($slot); while () { tr/\015//d; return if (/^\s*\^$/); last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(1) if /^(Invalid|Ambiguous) input:/i; ProcessHistory("COMMENTS","keysort","E0","; $_") && next; } return(0); } # This routine parses "show stack" sub ShowStack { print STDERR " In ShowStack: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(1) if /^(Invalid|Ambiguous) input:/i; s/stacking - (Stacking Status).*/$1/i; s/\s*members unreachable .*$//i; ProcessHistory("COMMENTS","keysort","F0",";$_"); /auto grab/i && last; } return(0); } # This routine processes a "write term" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; s/^$/;/; # skip the crap /^running configuration:/i && next; # filter out any RCS/CVS tags to avoid confusing local CVS storage s/\$(Revision|Id):/ $1:/; /^; (\S+) configuration editor;/i && ProcessHistory("COMMENTS","keysort","A0",";Chassis type: $1\n") && next; # order logging statements - doesnt appear to do syslog as of right now /^logging (\d+\.\d+\.\d+\.\d+)/ && ProcessHistory("LOGGING","ipsort","$1","$_") && next; # no so sure this match is correct. show running doesnt seem to # actually o/p anything after "password (manager|operator)" if (/^(\s*)password (manager|operator)?/ && $filter_pwds >= 1) { ProcessHistory("LINE-PASS","","",";$1password $2 \n"); next; } if (/^(snmp-server community) (\S+)/) { if ($filter_commstr) { ProcessHistory("SNMPSERVERCOMM","keysort","$_", ";$1 $'") && next; } else { ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; } } # order/prune snmp-server host statements - it actually appears to do # the sortting for us, but just in case it changes ... # we only prune lines of the form # snmp-server host a.b.c.d if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { if ($filter_commstr) { my($ip) = $1; my($line) = "snmp-server host $ip"; my(@tokens) = split(' ', $'); my($token); while ($token = shift(@tokens)) { if ($token eq 'version') { $line .= " " . join(' ', ($token, shift(@tokens))); } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { $line .= " " . $token; } else { $line = ";$line " . join(' ', ("", join(' ', at tokens))); last; } } ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); } else { ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); } next; } # order/prune tacacs/radius server statements if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 key \n"); next; } if (/^(tacacs-server host \d+\.\S+) key / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 key \n"); next; } # prune passwords from stack member statements if (/^(stack member .* password )\S+/ && $filter_pwds >= 1) { ProcessHistory("","","",";$1$'"); next; } # order arp lists /^ip arp\s+(\d+\.\d+\.\d+\.\d+)/ && ProcessHistory("ARP","$aclsort","$1","$_") && next; /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && ProcessHistory("PACL $1 $3","$aclsort","$4","ip prefix-list $1 $3 $4$5\n") && next; # blech!!!! /^auto-tftp / && ProcessHistory("","","",";$_") && next; # the rest are from rancid (i.e.: cisco), but suspect they will someday # be applicable or close to it. /^tftp-server flash / && next; # kill any tftp remains /^ntp clock-period / && next; # kill ntp clock-period /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) { ProcessHistory("ENABLE","","",";$1$2 \n"); next; } if (/^username (\S+)(\s.*)? password /) { if ($filter_pwds >= 1) { ProcessHistory("USER","keysort","$1",";username $1$2 password \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } if (/^(ip ftp password) / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 \n"); next; } if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 \n"); next; } if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 \n"); next; } # sort route-maps if (/^route-map (\S+)/) { my($key) = $1; my($routemap) = $_; while () { tr/\015//d; last if (/^$prompt/ || ! /^(route-map |[ !])/); if (/^route-map (\S+)/) { ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); $key = $1; $routemap = $_; } else { $routemap .= $_; } } ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); } # order access-lists /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next; # order extended access-lists /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && ProcessHistory("EACL $1 $2","$aclsort","0.0.0.0","$_") && next; # order alias statements /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next; # delete ntp auth password if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 \n"); next; } # order ntp peers/servers if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); ProcessHistory("NTP","keysort",$sortkey,"$_"); next; } # order ip host line statements /^ip host line(\d+)/ && ProcessHistory("IPHOST","numsort","$1","$_") && next; # order ip nat source static statements /^ip nat (\S+) source static (\S+)/ && ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; # order ip rcmd lines /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; # catch anything that wasnt match above. ProcessHistory("","","","$_"); } return(0); } # dummy function sub DoNothing {print STDOUT;} # Main @commandtable = ( {'show version' => 'ShowVersion'}, {'show flash' => 'ShowFlash'}, {'show system' => 'ShowSystem'}, {'show system information' => 'ShowSystem'}, {'show module' => 'ShowModule'}, {'show stack' => 'ShowStack'}, {'write term' => 'WriteTerm'} ); # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. @commands = map(keys(%$_), @commandtable); %commands = map(%$_, @commandtable); $cisco_cmds=join(";", at commands); $cmds_regexp = join("|", map quotemeta($_), @commands); if (length($host) == 0) { if ($file) { print(STDERR "Too few arguments: file name required\n"); exit(1); } else { print(STDERR "Too few arguments: host name required\n"); exit(1); } } open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing hlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing hlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "hlogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "hlogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "hlogin failed for $host: $!\n"; } else { open(INPUT,"hlogin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; if (/$prompt\s*exit\s*$/i) { $clean_run=1; last; } if (/^Error:/) { print STDOUT ("$host clogin error: $_"); print STDERR ("$host clogin error: $_") if ($debug); $clean_run=0; last; } while (/#\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^#]+)/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; $prompt .= "[#>]"; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; last TOP; } } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$clean_run) { if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$clean_run) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); -------------- next part -------------- ;RANCID-CONTENT-TYPE: hp ; ;Chassis type: J8698A ;Serial Number: SG843SV10Q ; ;Memory: 122M ; ;Image: stamp: /sw/code/build/btm(K_15_06) ;Image: Oct 8 2011 17:39:18 ;Image: K.15.06.0008 ;Image: 85 ;Image: Boot Image: Primary ;Image: ROM K.15.19 ; ;Flash: Image Size (bytes) Date Version ;Flash: ----------------- ------------ -------- -------------------- ;Flash: Primary Image : 14844423 10/09/11 K.15.06.0008 ;Flash: Secondary Image : 14844423 10/09/11 K.15.06.0008 ;Flash: Boot ROM Version : K.15.19 ;Flash: Default Boot : Primary ; ; Status and Counters - Module Information ; Chassis: E5412zl J8698A! Serial Number: SG843SV10Q ; Allow V1 Modules: Yes ; Management Module: J8726A Serial Number: ID840AS027 Core Dump: YES ; Core Mod ; Slot Module Description Serial Number Status Dump Ver ; ---- -------------------------------------- -------------- -------- ----- --- ; A HP J8702A 24p Gig-T zl Module SG934AT1FD Up NO 1 ; B HP J8702A 24p Gig-T zl Module SG837AT0L2 Up NO 1 ; C HP J8702A 24p Gig-T zl Module SG842AT0JQ Up NO 1 ; D HP J8702A 24p Gig-T zl Module SG835AT0HN Up NO 1 ; I HP J8702A 24p Gig-T zl Module SG820AT1RM Up NO 1 ; J HP J8702A 24p Gig-T zl Module SG835AT0H9 Up NO 1 ; K HP J8702A 24p Gig-T zl Module SG937AT06S Up NO 1 ; L HP J8702A 24p Gig-T zl Module SG837AT0H9 Up NO 1 ; ; ; Ver #01:0d:0c ; hostname "PS-5412zl-2nd" time daylight-time-rule Middle-Europe-and-Portugal fastboot qos dscp-map 101110 priority 6 module 1 type J8702A module 2 type J8702A module 3 type J8702A module 4 type J8702A module 9 type J8702A module 10 type J8702A module 11 type J8702A module 12 type J8702A interface A1 name "trunk to dc-8 with C1" exit interface B18 name "ASA Secondary Venus" exit interface B21 name "Venus 500mb" exit interface B23 name "PS-LSQ-Venus-Link" exit interface B24 name "Venus External" exit interface C1 name "trunk to dc-8 with A1" exit interface C2 name "Company-AP-1" exit interface D24 name "Link to LSQ" speed-duplex 100-full exit interface I1 name "trunk to clusterfs" exit interface I2 name "trunk to clusterfs" exit interface K1 name "trunk to clusterfs" exit interface K2 name "trunk to clusterfs" exit interface K3 name "ASA Primary Venus" exit interface K4 name "ASA Primary Inside" exit interface K5 name "ASA Primary VLANS" exit interface K6 name "ASA Primary Management" exit interface K7 name "BeBonded" exit interface K8 name "Company-SSL-2" exit interface K9 name "Team-DC-1" exit interface K11 name "Company-x64-b" exit interface K12 name "Company-Hyperv-1" exit interface K22 name "Cisco IPv6" exit interface L6 name "Netgear VLAN access point" exit interface L20 name "Company-csm-c" exit interface L21 name "trunk to 1st floor" exit interface L22 name "trunk to 1st floor" exit interface L23 name "trunk to 5406" exit interface L24 name "trunk to 5406" exit trunk L21-L22 Trk21 Trunk trunk L23-L24 Trk22 Trunk trunk I1-I2,K1-K2 Trk23 LACP trunk A1,C1 Trk28 LACP ip default-gateway 10.200.1.254 ip routing vlan 1 name "DEFAULT_VLAN" untagged B23,D24,Trk28 tagged B24 no untagged A2-A24,B1-B22,C2-C24,D1-D23,I3-I24,J1-J24,K3-K24,L1-L20,Trk21-Trk23 no ip address exit vlan 40 name "LSQ-40" tagged Trk21-Trk22 no ip address exit vlan 41 name "LSQ-41" tagged Trk21-Trk22 no ip address exit vlan 200 name "PS-200" untagged A3-A24,B1-B16,B19,B22,C2-C24,D1-D23,I3-I24,J1-J24,K4,K8-K21,L1-L5,L7-L20,Trk21-Trk23 ip address 10.200.1.11 255.255.0.0 ipv6 address 386:386:386:200::11/64 tagged B23,D24,L6,Trk28 exit vlan 201 name "PS-201" untagged K23-K24 ip address 10.201.1.1 255.255.255.0 tagged Trk21-Trk22,Trk28 exit vlan 202 name "PS 202" forbid K3 ip address 10.202.1.11 255.255.0.0 tagged A2-A24,B1-B16,B22-B23,C2-C24,D1-D24,I3-I24,J1-J24,K8-K21,K23,L1-L20,Trk21-Trk22,Trk28 exit vlan 220 name "UrbanWimax" tagged B20,K5,Trk21-Trk22 no ip address exit vlan 205 name "Guest Wifi" tagged B20,C2,K5,L6,Trk21-Trk22 no ip address exit vlan 215 name "Venus" untagged B18,B21,K3,K22 tagged K5,Trk21-Trk22 no ip address exit vlan 209 name "Blueprint" tagged B20,B23,D24,K5,Trk21-Trk22 no ip address exit vlan 210 name "WebDMZ" tagged B20,K5,Trk21-Trk22 no ip address exit vlan 250 name "ccr" untagged A2 ip address 10.250.1.1 255.255.255.0 tagged Trk21-Trk22 exit vlan 251 name "ccr-priv" tagged A2,Trk21-Trk22,Trk28 no ip address exit vlan 999 name "nowhere" tagged Trk21-Trk22 no ip address exit vlan 1001 name "PS-LSQ-LINK" ip address 10.1.1.1 255.255.255.0 ipv6 address 386:386:386:1001::200/64 tagged B23,D24,Trk21-Trk22 exit vlan 221 name "ASA Cluster" untagged B17,K6 tagged Trk21-Trk22 no ip address exit vlan 225 name "BeBonded" untagged K7 tagged B20,Trk22 no ip address exit fault-finder bad-driver sensitivity high fault-finder bad-transceiver sensitivity high fault-finder bad-cable sensitivity high fault-finder too-long-cable sensitivity high fault-finder over-bandwidth sensitivity high fault-finder broadcast-storm sensitivity high fault-finder loss-of-link sensitivity high fault-finder duplex-mismatch-hdx sensitivity high fault-finder duplex-mismatch-fdx sensitivity high power-over-ethernet pre-std-detect qos device-priority 10.201.1.5 priority 6 qos device-priority 10.202.0.0/16 priority 6 sflow 1 destination 10.200.105.51 sflow 1 polling A2-A24,B1-B24,C2-C24,D1-D24,I3-I24,J1-J24,K3-K24,L1-L20,Trk21-Trk23,Trk28 20 sflow 1 sampling A2-A24,B1-B24,C2-C24,D1-D24,I3-I24,J1-J24,K3-K24,L1-L20,Trk21-Trk23,Trk28 50 timesync sntp sntp unicast sntp server priority 1 10.200.100.231 sntp server priority 2 10.200.100.232 ip dns server-address priority 1 10.200.100.231 ip ssh filetransfer ip route 0.0.0.0 0.0.0.0 10.200.1.254 ip route 10.40.0.0 255.255.0.0 10.1.1.2 ipv6 route ::/0 386:386:386:200::254 ipv6 route 386:386:386:40::/64 386:386:386:1001::40 ipv6 unicast-routing snmp-server community "public" unrestricted spanning-tree spanning-tree Trk21 priority 4 spanning-tree Trk22 priority 4 spanning-tree Trk23 priority 4 spanning-tree Trk28 priority 4 spanning-tree priority 1 no tftp client no tftp server no autorun no dhcp config-file-update no dhcp image-file-update ;password manager ; From dale.shaw+rancid-discuss at gmail.com Thu Jan 12 05:14:56 2012 From: dale.shaw+rancid-discuss at gmail.com (Dale Shaw) Date: Thu, 12 Jan 2012 16:14:56 +1100 Subject: [rancid] F5 BIG-IP devices - any tricks? Message-ID: Hi all, I'm running RANCID 2.3.6 on a RHEL 4.8 system. I'm trying to add some F5 BIG-IP devices to the repository but I'm not having much luck. I don't know much at all about the F5s themselves but I suspect a terminal length/paging issue. The devices are running: BIG-IP Version 10.1.0 3341.0 Interactive "clogin" works fine -- I am dropped straight into a 'bigpipe' CLI (prompt "bp>"); I'm not sure if that's relevant. When I execute commands like "version show", the output is paged. Pressing scrolls by page, scrolls by line, as you'd expect. Running "f5rancid -d " just results in a file containing: #RANCID-CONTENT-TYPE: bigip # # # # ..and the terminal output shows: dale at box:/tmp$ sudo -H -u rancid f5rancid -d gsu-lb01 executing clogin -t 90 -c"bigpipe version;bigpipe platform;cat /config/bigip.license;bigpipe monitor list all;bigpipe profile list;bigpipe base list;bigpipe db show;bigpipe route static show;ls --full-time --color=never /config/ssl/ssl.crt;ls --full-time --color=never /config/ssl/ssl.key;bigpipe list" gsu-lb01 gsu-lb01 clogin error: Error: TIMEOUT reached gsu-lb01 clogin error: Error: TIMEOUT reached gsu-lb01: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,bigpipe route static show,bigpipe base list,cat /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor list all,ls --full-time --color=never /config/ssl/ssl.key,bigpipe version,bigpipe profile list,bigpipe list gsu-lb01: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,bigpipe route static show,bigpipe base list,cat /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor list all,ls --full-time --color=never /config/ssl/ssl.key,bigpipe version,bigpipe profile list,bigpipe list gsu-lb01: End of run not found gsu-lb01: End of run not found If I run: clogin -t 90 -c"bigpipe version" gsu-lb01 ..I see 'clogin' sending the command "terminal length 0", which is not parsed/accepted by the device, then it sends the command "bigpipe version", which executes and hangs at the first page of output. Any clues? I couldn't see an obvious way to disable the CLI pager. Cheers, Dale From dale.shaw+rancid-discuss at gmail.com Thu Jan 12 05:41:33 2012 From: dale.shaw+rancid-discuss at gmail.com (Dale Shaw) Date: Thu, 12 Jan 2012 16:41:33 +1100 Subject: [rancid] Trailing exclamation mark on Cisco ASA serial numbers In-Reply-To: References: Message-ID: Hi all, I recently upgraded from RANCID 2.3.3 to 2.3.6. I noticed a bunch of diffs generated on our Cisco ASA firewalls after a recent collection. Example: dale at box:.../firewalls/configs$ cvs diff -D '1 day ago' par-fw01 Index: par-fw01 =================================================================== RCS file: /usr/local/rancid/var/CVS/firewalls/configs/par-fw01,v retrieving revision 1.17 retrieving revision 1.18 diff -r1.17 -r1.18 8,9c8 < !Serial Number: JMXXXXXXPQ < ! --- > !Serial Number: JMXXXXXXPQ! dale at box:.../firewalls/configs$ Note the exclamation mark ("!") appended to the serial number string. This does not appear in the command output when entered interactively. There seem to be a few possible culprits mentioned in the CHANGES file between 2.3.3 and 2.3.6. Our ASAs are running software release 7.0(x). Cheers, Dale From rancid at gheek.net Thu Jan 12 14:16:26 2012 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 12 Jan 2012 07:16:26 -0700 Subject: [rancid] F5 BIG-IP devices - any tricks? In-Reply-To: References: Message-ID: In the F5 you need to change the setting under the user so they will get a full shell On Jan 11, 2012 10:15 PM, "Dale Shaw" wrote: > > Hi all, > > I'm running RANCID 2.3.6 on a RHEL 4.8 system. > > I'm trying to add some F5 BIG-IP devices to the repository but I'm not > having much luck. > > I don't know much at all about the F5s themselves but I suspect a > terminal length/paging issue. > > The devices are running: > > BIG-IP Version 10.1.0 3341.0 > > Interactive "clogin" works fine -- I am dropped straight into a > 'bigpipe' CLI (prompt "bp>"); I'm not sure if that's relevant. > > When I execute commands like "version show", the output is paged. > Pressing scrolls by page, scrolls by line, as you'd > expect. > > Running "f5rancid -d " just results in a file containing: > > #RANCID-CONTENT-TYPE: bigip > # > # > # > # > > ..and the terminal output shows: > > dale at box:/tmp$ sudo -H -u rancid f5rancid -d gsu-lb01 > executing clogin -t 90 -c"bigpipe version;bigpipe platform;cat > /config/bigip.license;bigpipe monitor list all;bigpipe profile > list;bigpipe base list;bigpipe db show;bigpipe route static show;ls > --full-time --color=never /config/ssl/ssl.crt;ls --full-time > --color=never /config/ssl/ssl.key;bigpipe list" gsu-lb01 > gsu-lb01 clogin error: Error: TIMEOUT reached > gsu-lb01 clogin error: Error: TIMEOUT reached > gsu-lb01: missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,bigpipe route static show,bigpipe base list,cat > /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor > list all,ls --full-time --color=never /config/ssl/ssl.key,bigpipe > version,bigpipe profile list,bigpipe list > gsu-lb01: missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,bigpipe route static show,bigpipe base list,cat > /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor > list all,ls --full-time --color=never /config/ssl/ssl.key,bigpipe > version,bigpipe profile list,bigpipe list > gsu-lb01: End of run not found > gsu-lb01: End of run not found > > If I run: clogin -t 90 -c"bigpipe version" gsu-lb01 > > ..I see 'clogin' sending the command "terminal length 0", which is not > parsed/accepted by the device, then it sends the command "bigpipe > version", which executes and hangs at the first page of output. > > Any clues? I couldn't see an obvious way to disable the CLI pager. > > Cheers, > Dale > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at gheek.net Thu Jan 12 14:19:36 2012 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 12 Jan 2012 07:19:36 -0700 Subject: [rancid] Trailing exclamation mark on Cisco ASA serial numbers In-Reply-To: References: Message-ID: Look at the full log and see if the exclamation is just not getting a new line character before it. On Jan 11, 2012 10:49 PM, "Dale Shaw" wrote: > Hi all, > > I recently upgraded from RANCID 2.3.3 to 2.3.6. > > I noticed a bunch of diffs generated on our Cisco ASA firewalls after > a recent collection. > > Example: > > dale at box:.../firewalls/configs$ cvs diff -D '1 day ago' par-fw01 > Index: par-fw01 > =================================================================== > RCS file: > /usr/local/rancid/var/CVS/firewalls/configs/par-fw01,v > retrieving revision 1.17 > retrieving revision 1.18 > diff -r1.17 -r1.18 > 8,9c8 > < !Serial Number: JMXXXXXXPQ > < ! > --- > > !Serial Number: JMXXXXXXPQ! > dale at box:.../firewalls/configs$ > > Note the exclamation mark ("!") appended to the serial number string. > This does not appear in the command output when entered interactively. > > There seem to be a few possible culprits mentioned in the CHANGES file > between 2.3.3 and 2.3.6. > > Our ASAs are running software release 7.0(x). > > Cheers, > Dale > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rwest at zyedge.com Thu Jan 12 14:25:13 2012 From: rwest at zyedge.com (Ryan West) Date: Thu, 12 Jan 2012 14:25:13 +0000 Subject: [rancid] Trailing exclamation mark on Cisco ASA serial numbers In-Reply-To: References: Message-ID: <5DC4853C6CC3EE4788779E0726E034DDF32065@zy-ex1.zyedge.local> On Thu, Jan 12, 2012 at 00:41:33, Dale Shaw wrote: > 8,9c8 > < !Serial Number: JMXXXXXXPQ > < ! > --- > > !Serial Number: JMXXXXXXPQ! > dale at box:.../firewalls/configs$ > > Note the exclamation mark ("!") appended to the serial number string. > This does not appear in the command output when entered interactively. > > There seem to be a few possible culprits mentioned in the CHANGES file > between 2.3.3 and 2.3.6. > > Our ASAs are running software release 7.0(x). > I'm seeing the same behavior on multiple versions of versions of 8.x as well. -ryan From diak.amara at gmail.com Thu Jan 12 11:38:33 2012 From: diak.amara at gmail.com (=?ISO-8859-1?Q?Amara_Diakit=E9?=) Date: Thu, 12 Jan 2012 12:38:33 +0100 Subject: [rancid] =?iso-8859-1?q?probl=E8me_avec_cvsweb?= Message-ID: Bonjour All, je viens d'installer cvsweb tout ? l'air de bien march? quand je tape http://127.0.0.1/cvsweb la page s'affiche bien avec les r?pertoires icons et css. j'ai install? rancid tout marche bien mais comment fait pour qu'on puisse consulter les config via le cvsweb quand je tape http://127.0.0.1/cgi-bin/cvsweb j'ai not found the requested URL /cgi-bin/cvsweb was not found on this server. aidez moi s'ils vous pla?t. le contenu de /etc/cvsweb.conf # Show a form for setting options in the directory view? # $edit_option_form = 1; # Show last changelog message for subdirectories? # The current implementation makes many assumptions and may show the # incorrect file at some times. The main assumption is that the last # modified file has the newest filedate. But some CVS operations # touch the file even when a new version isn't checked in, and TAG # based browsing essentially puts this out of order unless the last # checkin was on the same tag as you are viewing. # Enable this if you like the feature, but don't rely on correct results. # #$show_subdir_lastmod = 1; # Show CVS log when viewing file contents? # $show_log_in_markup = 1; # Preformat when viewing file contents? This should be turned off # when you have files in the repository that are in a multibyte # encoding which uses HTML special characters ([<>&"]) as part of a # multibyte character. (such as iso-2022-jp, ShiftJIS, etc.) # Otherwise those files will get screwed up in markup. # # Note: enscript(1) highlighting is preferred over the built-in preformatting, # ie. this has no effect if $allow_enscript is true and enscript can highlight # the file. # #$preformat_in_markup = 1; # Default tab width used to expand tabs to spaces in various HTMLized views. # Note that CVSweb scans the first few lines of sources for some common editor # directives controlling the tab width. It uses the value from them if found, # falling back to the value of $tabstop if not. Default: 8. # #$tabstop = 4; # If you wish to display absolute times in your local timezone, # then define @mytz and fill in the strings for your standard and # daylight time. Note that you must also make sure the system # timezone is correctly set. # #@mytz=("EST", "EDT"); # CVSweb is friendly to caches by sending the HTTP Last-Modified # header corresponding to the sent content. In the case of a # checkout, this may require running rcslog on the file solely for the # purpose of retrieving the timestamp to be sent. If you have a slow # server, you may want to turn this off for a small performance gain. # $use_moddate = 1; # Maximum number of filenames to pass to rlog(1) in one command. # If you see "Failed to spawn GNU rlog" errors with directories containing # lots of files, experiment by setting this to different values and see if # the error still occurs. A good value to start from would be eg. 200. # Just comment this out if you're not bitten by the problem. # #$file_list_len = 200; # Allow graphical representations of file revisions and branches with CvsGraph? # $allow_cvsgraph = $CMD{cvsgraph} ? 1 : 0; # Path to the CvsGraph configuration file. Only used if $allow_cvsgraph # is true. Leave this empty or comment it out to make cvsgraph(1) use its # default configuration file. Note that CVSweb will override some of the # settings in the configuration file with command line options, see # doGraph() and doGraphView() in cvsweb.cgi for details. # #$cvsgraph_config = "/etc/cvsgraph.conf"; # URL to the CVSHistory script. This should be absolute (but does not need # to include the host and port if the script is on the same server as # CVSweb). #$cvshistory_url = "/cgi-bin/cvshistory.cgi"; # Whether to allow downloading a tarball or a zip of the current directory. # While downloading of the entire repository is disallowed, depending on # the directory this may take a lot of time and disk space. For some CVS # versions, the user account running CVSweb needs write access to # CVSROOT/val-tags. See also the tar, gzip and zip options below. # #$allow_tar = (($CMD{tar} && $CMD{gzip}) || $CMD{zip}) ? 1 : 0; # Options to pass to tar(1). # For example: @tar_options = qw(--ignore-failed-read); # GNU tar has some useful options against unexpected errors. # Other useful options include "--owner=0" and "--group=0", see # the tar(1) (or gtar(1)) manpage for details. # @tar_options = qw(); # Options to pass to gzip(1) when compressing a tarball to download. # For example: @gzip_options = qw(-3); # Try lower compression level than 6 (default) if you want faster # compression, or higher for better compression. # @gzip_options = qw(); # Options to pass to zip(1) when compressing a zip archive to download. # For example: @zip_options = qw(-3); # Try lower compression level than 6 (default) if you want faster # compression, or higher for better compression. # @zip_options = qw(-q); # Options to pass to cvs(1). # For cvs versions 1.11 to 1.11.6 (broken in < 1.11, removed in 1.11.7), you # can use the '-l' option to prevent cvs from writing to the history file. # For other cvs versions, either suppress history logging by using the # LogHistory parameter in CVSROOT/config or make sure that the CVSweb user # can read and write to CVSROOT/history. # FreeBSD's and OpenBSD's cvs(1) has long since supported -R (read only access # mode) option, which considerably speeds up checkouts over NFS. For other # platforms, the -R option and the CVSREADONLYFS environment variable are # available in cvs >= 1.12.1. A similar effect is provided by -u on NetBSD. # @cvs_options = qw(-f); push @cvs_options, '-R' if ($^O eq 'freebsd' || $^O eq 'openbsd'); push @cvs_options, '-u' if ($^O eq 'netbsd'); # Only affects cvs >= 1.12.1, but doesn't hurt older ones. $ENV{CVSREADONLYFS} = 1 unless exists($ENV{CVSREADONLYFS}); # Options to pass to the 'cvs annotate' command, usually the normal # @cvs_options are good enough here. # To make annotate work against a read only repository, add -n, ie.: # @annotate_options = (@cvs_options, '-n'); # @annotate_options = @cvs_options; # Options to pass to rcsdiff(1). # Probably the only useful one here is -q (suppress diagnostic output). # @rcsdiff_options = qw(-q); # Enables syntax highlighting using GNU Enscript if set. # You will need GNU Enscript version 1.6.3 or newer for this to work. # #$allow_enscript = $CMD{enscript} ? 1 : 0; # Options to pass to enscript(1). # Do not set the -q, --language, -o or --highlight options here. # Most useful styles are probably emacs, emacs_verbose and msvc. # @enscript_options = qw(--style=emacs --color=1); # Enscript highlight rule to filename regex mappings. The set of useful # mappings depends on what highlight rules the system has installed. # %enscript_types = ( 'ada' => qr/\.ad(s|b|a)$/o, 'asm' => qr/\.[Ss]$/o, 'awk' => qr/\.awk$/o, 'bash' => qr/\.(bash(_profile|rc)|inputrc)$/o, 'c' => qr/\.(c|h)$/o, 'changelog' => qr/^changelog$/io, 'cpp' => qr/\.(c\+\+|C|H|cpp|cc|cxx)$/o, 'csh' => qr/\.(csh(rc)?|log(in|out)|history)$/o, 'elisp' => qr/\.e(l|macs)$/o, 'fortran' => qr/\.[fF]$/o, 'haskell' => qr/\.(l?h|l?g)s$/o, 'html' => qr/\.x?html?$/o, 'idl' => qr/\.idl$/o, 'inf' => qr/\.inf$/io, 'java' => qr/\.java$/o, 'javascript' => qr/\.(js|pac)$/o, 'ksh' => qr/\.ksh$/o, 'm4' => qr/\.m4$/o, 'makefile' => qr/(GNU)?[Mm]akefile(?!\.PL\b)|\.(ma?ke?|am)$/o, 'matlab' => qr/\.m$/o, 'nroff' => qr/\.man$/o, 'pascal' => qr/\.p(as|p)?$/io, 'perl' => qr/\.p(m|(er)?l)$/io, 'postscript' => qr/\.e?ps$/io, 'python' => qr/\.py$/o, 'rfc' => qr/\b((rfc|draft)\..*\.txt)$/o, 'scheme' => qr/\.(scm|scheme)$/o, 'sh' => qr/\.sh$/o, 'skill' => qr/\.il$/o, 'sql' => qr/\.sql$/o, 'states' => qr/\.st$/o, 'synopsys' => qr/\.s(cr|yn(th)?)$/o, 'tcl' => qr/\.tcl$/o, 'tcsh' => qr/\.tcshrc$/o, 'tex' => qr/\.tex$/o, 'vba' => qr/\.vba$/o, 'verilog' => qr/\.(v|vh)$/o, 'vhdl' => qr/\.vhdl?$/o, 'vrml' => qr/\.wrl$/o, 'wmlscript' => qr/\.wmls(cript)?$/o, 'zsh' => qr/\.(zsh(env|rc)|z(profile|log(in|out)))$/o, ); # Troubleshooting: in case of problems, setting this to 1 will cause more # error output into your web server error log. Under normal operation, # this should be set to 0 or commented out. # #$DEBUG = 1; # Enable this to let CVSweb load extra configuration files from the "conf.d" # subdirectory of the directory this file is located in. This enables site # specific configuration without having to modify this "master" configuration # file (except for enabling this functionality below :) # if (0) { my $confdir = catdir(dirname(__FILE__), 'conf.d'); if (opendir(CONFD, $confdir)) { my @files = sort(map(catfile($confdir, $_), readdir(CONFD))); close(CONFD); for my $conffile (grep(-f && -r _, @files)) { ($conffile) = ($conffile =~ /(.+\.conf)$/) or next; do "$conffile" or config_error($conffile, $@); } } } 1; -------------- next part -------------- An HTML attachment was scrubbed... URL: From skyeh at uidaho.edu Thu Jan 12 15:49:32 2012 From: skyeh at uidaho.edu (Hagen, Skye) Date: Thu, 12 Jan 2012 07:49:32 -0800 Subject: [rancid] Trailing exclamation mark on Cisco ASA serial numbers In-Reply-To: Message-ID: This also occurs on FWSM configs. I'll bet it is in this section of rancid, in the ShowVersion function. /^serial number:\s+(.*)$/i && ProcessHistory("COMMENTS","keysort","C1", "!Serial Number: $1") && next; Note: No newline is appended. Thanks, Skye Hagen On 1/11/12 9:41 PM, "Dale Shaw" wrote: > Hi all, > > I recently upgraded from RANCID 2.3.3 to 2.3.6. > > I noticed a bunch of diffs generated on our Cisco ASA firewalls after > a recent collection. > > Example: > > dale at box:.../firewalls/configs$ cvs diff -D '1 day ago' par-fw01 > Index: par-fw01 > =================================================================== > RCS file: > /usr/local/rancid/var/CVS/firewalls/configs/par-fw01,v > retrieving revision 1.17 > retrieving revision 1.18 > diff -r1.17 -r1.18 > 8,9c8 > < !Serial Number: JMXXXXXXPQ > < ! > --- >> !Serial Number: JMXXXXXXPQ! > dale at box:.../firewalls/configs$ > > Note the exclamation mark ("!") appended to the serial number string. > This does not appear in the command output when entered interactively. > > There seem to be a few possible culprits mentioned in the CHANGES file > between 2.3.3 and 2.3.6. > > Our ASAs are running software release 7.0(x). > > Cheers, > Dale > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From me_gogorza at hotmail.com Thu Jan 12 20:00:48 2012 From: me_gogorza at hotmail.com (Marito ...) Date: Thu, 12 Jan 2012 17:00:48 -0300 Subject: [rancid] Motorola BSR1000 Message-ID: Hi list, I am trying to backup Motorla BSR 2000. I have modified the clogin and made a copy of the bsrrancid to retrieve the config (attached). The issue is that I see some garbage at the "show running" section: no ip unreachables  ip ospf cost 10 ! ip pim border  cable downstream 0 frequency 567000000 cable downstream 0 interleave-depth 8 Has anyone faced an issue like this ? I am testing this on an Ubuntu 10.04 machine Any tip on how to find out what the problem is, is really appreciated. Thanks in advance !!! -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bsr2krancid Type: application/octet-stream Size: 19379 bytes Desc: not available URL: From daniel.schmidt at wyo.gov Thu Jan 12 20:38:08 2012 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Thu, 12 Jan 2012 13:38:08 -0700 Subject: [rancid] Trapeze Message-ID: Anybody got rancid working for Trapeze (now Juniper)? Long shot, but thought I?d ask. Thkx. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dale.shaw+rancid-discuss at gmail.com Thu Jan 12 23:06:54 2012 From: dale.shaw+rancid-discuss at gmail.com (Dale Shaw) Date: Fri, 13 Jan 2012 10:06:54 +1100 Subject: [rancid] F5 BIG-IP devices - any tricks? In-Reply-To: References: Message-ID: Hi Lance, On Fri, Jan 13, 2012 at 1:16 AM, Lance Vermilion wrote: > In the? F5 you need to change the setting under the user so they will get a > full shell Thanks, yeah, that does appear to be the issue -- f5rancid/clogin expect to be dropped into a full shell. We discovered yesterday (after posting to the list) that using the 'root' user results in working RANCID. On the surface it seemed that all we needed to do was figure out a way to disable the pager on a per-session basis within the bigpipe shell. That still seems like the cleanest way to make this work to me. Anyway, I'll work with the folks more familiar with the operation of the F5s to figure out how we provide 'full shell' access to the user RANCID uses. Hopefully we can provide 'full shell, read only' somehow. Cheers, Dale From randy at psg.com Fri Jan 13 03:29:03 2012 From: randy at psg.com (Randy Bush) Date: Thu, 12 Jan 2012 19:29:03 -0800 Subject: [rancid] can you hear me now? In-Reply-To: References: Message-ID: [ names changed to protect the guilty ] mail sez The following routers have not been successfully contacted for more than 4 hours. -rw-r----- 1 rancid staff 6303 Jan 12 19:16 fool.ya.rg.net but foolme.psg.com:/usr/home/rancid> /usr/local/libexec/rancid/clogin fool.ya.rg.net fool.ya.rg.net spawn ssh -c 3des -x -l randy fool.ya.rg.net randy at fool.ya.rg.net's password: RGnet / PSGnet Dallas/Google/Equinix fool.ya.rg.net 2011.07.05 +1 206 555 1212 fool.ya# fool.ya#q Connection to fool.ya.rg.net closed. and log sez Trying to get all of the configs. fool.ya.rg.net: End of run not found ! No cable ===================================== Getting missed routers: round 1. fool.ya.rg.net: End of run not found ! No cable ===================================== Getting missed routers: round 2. fool.ya.rg.net: End of run not found ! No cable ===================================== Getting missed routers: round 3. fool.ya.rg.net: End of run not found ! No cable ===================================== Getting missed routers: round 4. fool.ya.rg.net: End of run not found ! No cable it's only an oob 2511, so extremely slow with the ssh login. but it has been working for a long time. and there are three other 2511s about which rancid is not whining. hmmm. rancid just got upgraded to 2.3.6 with a freebsd portupgrade. randy From frnkblk at iname.com Fri Jan 13 05:29:24 2012 From: frnkblk at iname.com (Frank Bulk) Date: Thu, 12 Jan 2012 23:29:24 -0600 Subject: [rancid] Motorola BSR1000 In-Reply-To: References: Message-ID: <005201ccd1b4$4f4e6d00$edeb4700$@iname.com> Contact me offlist if you want my "motorancid". Frank From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Marito ... Sent: Thursday, January 12, 2012 2:01 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Motorola BSR1000 Hi list, I am trying to backup Motorla BSR 2000. I have modified the clogin and made a copy of the bsrrancid to retrieve the config (attached). The issue is that I see some garbage at the "show running" section: no ip unreachables [K ip ospf cost 10 ! ip pim border [K cable downstream 0 frequency 567000000 cable downstream 0 interleave-depth 8 Has anyone faced an issue like this ? I am testing this on an Ubuntu 10.04 machine Any tip on how to find out what the problem is, is really appreciated. Thanks in advance !!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From shouldbeq931 at gmail.com Fri Jan 13 13:24:47 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Fri, 13 Jan 2012 13:24:47 +0000 Subject: [rancid] Trailing exclamation mark on Cisco ASA serial numbers In-Reply-To: References: Message-ID: On Thu, Jan 12, 2012 at 3:49 PM, Hagen, Skye wrote: > This also occurs on FWSM configs. I'll bet it is in this section of rancid, > in the ShowVersion function. > > ??????? /^serial number:\s+(.*)$/i && > ??????????? ProcessHistory("COMMENTS","keysort","C1", "!Serial Number: $1") > && > ??????????? next; > > Note: No newline is appended. > > Thanks, > Skye Hagen > > > > > On 1/11/12 9:41 PM, "Dale Shaw" wrote: > >> Hi all, >> >> I recently upgraded from RANCID 2.3.3 to 2.3.6. >> >> I noticed a bunch of diffs generated on our Cisco ASA firewalls after >> a recent collection. >> >> Example: >> >> dale at box:.../firewalls/configs$ cvs diff -D '1 day ago' par-fw01 >> Index: par-fw01 >> =================================================================== >> RCS file: >> /usr/local/rancid/var/CVS/firewalls/configs/par-fw01,v >> retrieving revision 1.17 >> retrieving revision 1.18 >> diff -r1.17 -r1.18 >> 8,9c8 >> < !Serial Number: JMXXXXXXPQ >> < ! >> --- >>> !Serial Number: JMXXXXXXPQ! >> dale at box:.../firewalls/configs$ >> >> Note the exclamation mark ("!") appended to the serial number string. >> This does not appear in the command output when entered interactively. >> >> There seem to be a few possible culprits mentioned in the CHANGES file >> between 2.3.3 and 2.3.6. >> >> Our ASAs are running software release 7.0(x). >> >> Cheers, >> Dale >> _______________________________________________ I'm running rancid 2.3.6 against ASA 8.2.5 and also seeing the trailing ! From shouldbeq931 at gmail.com Fri Jan 13 14:59:18 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Fri, 13 Jan 2012 14:59:18 +0000 Subject: [rancid] Trailing exclamation mark on Cisco ASA serial numbers In-Reply-To: References: Message-ID: On Fri, Jan 13, 2012 at 1:24 PM, shouldbe q931 wrote: > On Thu, Jan 12, 2012 at 3:49 PM, Hagen, Skye wrote: >> This also occurs on FWSM configs. I'll bet it is in this section of rancid, >> in the ShowVersion function. >> >> ??????? /^serial number:\s+(.*)$/i && >> ??????????? ProcessHistory("COMMENTS","keysort","C1", "!Serial Number: $1") >> && >> ??????????? next; >> >> Note: No newline is appended. >> >> Thanks, >> Skye Hagen >> >> >> >> >> On 1/11/12 9:41 PM, "Dale Shaw" wrote: >> >>> Hi all, >>> >>> I recently upgraded from RANCID 2.3.3 to 2.3.6. >>> >>> I noticed a bunch of diffs generated on our Cisco ASA firewalls after >>> a recent collection. >>> >>> Example: >>> >>> dale at box:.../firewalls/configs$ cvs diff -D '1 day ago' par-fw01 >>> Index: par-fw01 >>> =================================================================== >>> RCS file: >>> /usr/local/rancid/var/CVS/firewalls/configs/par-fw01,v >>> retrieving revision 1.17 >>> retrieving revision 1.18 >>> diff -r1.17 -r1.18 >>> 8,9c8 >>> < !Serial Number: JMXXXXXXPQ >>> < ! >>> --- >>>> !Serial Number: JMXXXXXXPQ! >>> dale at box:.../firewalls/configs$ >>> >>> Note the exclamation mark ("!") appended to the serial number string. >>> This does not appear in the command output when entered interactively. >>> >>> There seem to be a few possible culprits mentioned in the CHANGES file >>> between 2.3.3 and 2.3.6. >>> >>> Our ASAs are running software release 7.0(x). >>> >>> Cheers, >>> Dale >>> _______________________________________________ > > I'm running rancid 2.3.6 against ASA 8.2.5 and also seeing the trailing ! and on a PIX running 6.3.5 From helmut.wieser at ieee.org Fri Jan 13 10:02:44 2012 From: helmut.wieser at ieee.org (Helmut Wieser) Date: Fri, 13 Jan 2012 11:02:44 +0100 Subject: [rancid] HP ProCurve MSM410 AccessPoint Message-ID: <4F100144.9060102@ieee.org> Hi, I've got rancid running fine with a variety of devices. However I've got a few HP ProCurve MSM410 access points that I would like to monitor with rancid as well. I can log in fine with hlogin. But they do not support "show system" or "show system information". Instead the command needs to be "show system info". Is anyone using those devices in rancid? I tried type "hp" in router.db, but this doesn't work. Here's sample "show system info" output: CLI# show system info [CPU info] [Mem info] Firmware Version: 5.3.1.0-y-xxxx Load 1min: 0.00 Total RAM: 263438336 Uptime: 123 days, 03:56> Load 5min: 0.00 Free RAM: 219406336 Board Revision: 50-00-1036-02 Load 15min: 0.00 Buffer RAM: 6041600 Serial Number: xxxxxxxxxx CPU use now: 0% Cache RAM: 14221312 CPU 5sec ago: 1% [Storage use] CPU 10sec ago: 0% Permanent: 3% CPU 20sec ago: 1% Temporary: 1% This is a list of all commands: end: Switches to parent context. reboot device: Restarts the system. show interfaces: Show networking interfaces. show bridge: Show bridge information. show bridge forwarding: Show bridge forwarding information. show arp: Show the ARP table. show ip: Show all IP addresses. show ip route: Show all IP routes. show dns cache []: Show DNS cache entries. Specify a serial number to display detailed information. show system info: Show basic system information. show certificate: Display current certificates. show certificate binding: Display how the certificates are used. sh: Protected access to shell. arp : Displays and modifies the Internet-to-Ethernet address translation tables used by the address resolution protocol. iperf : Runs a performance throughput test. ping : Determines if the specified remote IP address is active. arping : Pings a destination on a device interface using ARP packets. quit: Exit the enable context. rcapture : Sends port capture to an FTP server. dumpstats : Display internal status. show all config: Print all configuration that applies to this device. show client log []: Display client station log. Enter the MAC address to display more details for a specific client station. show wireless neighborhood: Show all access points detected nearby. show wireless rogue-ap: Show all rogue access points detected nearby. show dot11 associations: Show all current wireless associations. show dot11 statistics client-traffic: Show current client matrix statistics. show local mesh: Show current local mesh interfaces. config: Switches to the config context. factory reset: Resets the unit to factory default settings. switch operational mode: Switches the unit operational mode. kind regards, Helmut Wieser From Ian.Murphy at populous.com Fri Jan 13 22:08:30 2012 From: Ian.Murphy at populous.com (Ian Murphy) Date: Fri, 13 Jan 2012 22:08:30 +0000 Subject: [rancid] Does this make sense to anybody? Message-ID: <89071793C277DD45AE7A29E9DC3AAC29217FBFC2@US-EX2.pop.local> I am building a new Rancid/CVVS/TACACS+ server and am having some trouble with rancid-run . I am following the steps outlined here to do the setup. http://www.shrubbery.net/rancid/SteveSmithFedora15.pdf I get stuck on step 19. My clogin runs just fine and I get to the exec prompt, but when I execute rancid-run I get the following in my log files: Clogin error: Error: no password for router01 in .../.cloginrc My .cloginrc file has entries that look like this: adduser router01 rancid add password router01 {password} {password} add method router01 ssh telnet Any Ideas are greatly appreciated, thanks Ian Murphy The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ler762 at gmail.com Sat Jan 14 00:22:01 2012 From: ler762 at gmail.com (Lee) Date: Fri, 13 Jan 2012 19:22:01 -0500 Subject: [rancid] Does this make sense to anybody? In-Reply-To: <89071793C277DD45AE7A29E9DC3AAC29217FBFC2@US-EX2.pop.local> References: <89071793C277DD45AE7A29E9DC3AAC29217FBFC2@US-EX2.pop.local> Message-ID: Was it a copy/paste error or do you really have "adduser" in your .cloginrc file? Lee On 1/13/12, Ian Murphy wrote: > I am building a new Rancid/CVVS/TACACS+ server and am having some trouble > with rancid-run . I am following the steps outlined here to do the setup. > http://www.shrubbery.net/rancid/SteveSmithFedora15.pdf > > I get stuck on step 19. > My clogin runs just fine and I get to the exec prompt, but when I execute > rancid-run I get the following in my log files: > > Clogin error: Error: no password for router01 in .../.cloginrc > > My .cloginrc file has entries that look like this: > > adduser router01 rancid > add password router01 {password} {password} > add method router01 ssh telnet > > > Any Ideas are greatly appreciated, thanks > > Ian Murphy > > > The information contained in this electronic communication, as well as in > any attachments, may contain confidential or privileged information and may > constitute non-public information, and is intended solely for use by the > addressee(s). Any other use, disclosure, dissemination, distribution or > copying of this electronic communication is strictly prohibited, may > constitute an interference with Populous confidential business relationships > and may be unlawful. If you received this communication in error, please > notify me immediately and permanently delete the original and any electronic > or printed copies of this electronic communication (including any > attachments). Populous makes no representation regarding the absence of any > virus in any attachment and expressly disclaims any responsibility for any > damage suffered from the presence of a virus. > From shouldbeq931 at gmail.com Sun Jan 15 23:49:46 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Sun, 15 Jan 2012 23:49:46 +0000 Subject: [rancid] HP ProCurve MSM410 AccessPoint In-Reply-To: <4F100144.9060102@ieee.org> References: <4F100144.9060102@ieee.org> Message-ID: On Fri, Jan 13, 2012 at 10:02 AM, Helmut Wieser wrote: > Hi, > > I've got rancid running fine with a variety of devices. However I've got a > few HP ProCurve MSM410 access points that I would like to monitor with > rancid as well. I can log in fine with hlogin. But they do not support "show > system" or "show system information". Instead the command needs to be "show > system info". > > Is anyone using those devices in rancid? I tried type "hp" in router.db, but > this doesn't work. > > Here's sample "show system info" output: > > CLI# show system info > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?[CPU info] ? ? ? ? ? ? ? [Mem > info] > Firmware Version: 5.3.1.0-y-xxxx ? ? ? ? ?Load 1min: ? ? ? 0.00 ? Total RAM: > ?263438336 > Uptime: ? ? ? ? ? 123 days, 03:56> ? ? ? ? Load 5min: ? ? ? 0.00 ? ?Free > RAM: ?219406336 > Board Revision: ? 50-00-1036-02 ? ? ? ? ? ?Load 15min: ? ? ?0.00 ?Buffer > RAM: ? ?6041600 > Serial Number: ? ?xxxxxxxxxx ? ? ? ? ? ? ? CPU use now: ? ? ? 0% ? Cache > RAM: ? 14221312 > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? CPU 5sec ago: ? ? ?1% > [Storage use] > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? CPU 10sec ago: ? ? 0% ? Permanent: > ? ? ? ?3% > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? CPU 20sec ago: ? ? 1% ? Temporary: > ? ? ? ?1% > > > This is a list of all commands: > > end: > ? ? ? ?Switches to parent context. > reboot device: > ? ? ? ?Restarts the system. > show interfaces: > ? ? ? ?Show networking interfaces. > show bridge: > ? ? ? ?Show bridge information. > show bridge forwarding: > ? ? ? ?Show bridge forwarding information. > show arp: > ? ? ? ?Show the ARP table. > show ip: > ? ? ? ?Show all IP addresses. > show ip route: > ? ? ? ?Show all IP routes. > show dns cache []: > ? ? ? ?Show DNS cache entries. Specify a serial number to display detailed > information. > show system info: > ? ? ? ?Show basic system information. > show certificate: > ? ? ? ?Display current certificates. > show certificate binding: > ? ? ? ?Display how the certificates are used. > sh: > ? ? ? ?Protected access to shell. > arp : > ? ? ? ?Displays and modifies the Internet-to-Ethernet address translation > tables used by the address resolution protocol. > iperf : > ? ? ? ?Runs a performance throughput test. > ping : > ? ? ? ?Determines if ?the specified remote IP address is active. > arping : > ? ? ? ?Pings a destination on a device interface using ARP packets. > quit: > ? ? ? ?Exit the enable context. > rcapture : > ? ? ? ?Sends port capture to an FTP server. > dumpstats : > ? ? ? ?Display internal status. > show all config: > ? ? ? ?Print all configuration that applies to this device. > show client log []: > ? ? ? ?Display client station log. Enter the MAC address to display more > details for a specific client station. > show wireless neighborhood: > ? ? ? ?Show all access points detected nearby. > show wireless rogue-ap: > ? ? ? ?Show all rogue access points detected nearby. > show dot11 associations: > ? ? ? ?Show all current wireless associations. > show dot11 statistics client-traffic: > ? ? ? ?Show current client matrix statistics. > show local mesh: > ? ? ? ?Show current local mesh ?interfaces. > config: > ? ? ? ?Switches to the config context. > factory reset: > ? ? ? ?Resets the unit to factory default settings. > switch operational mode: > ? ? ? ?Switches the unit operational mode. > > > kind regards, > Helmut Wieser > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss Which version of rancid are you using, and are you using it for any other HP devices ? From me_gogorza at hotmail.com Mon Jan 16 12:59:34 2012 From: me_gogorza at hotmail.com (Marito ...) Date: Mon, 16 Jan 2012 09:59:34 -0300 Subject: [rancid] Motorola BSR1000 In-Reply-To: References: Message-ID: Dear all, After digging for a while, I was able to get BSR 2K working. Those characters, were matched at my bsrxlogin, and eliminated. Then I made some test to make bsrrancid work with both BSR 64K & 2K, as when I tested it, it was failing because my 2K hung when page off was executed. So, I have assigned page on when it has to run 2K, and page off when running 64K, and seems to work fine. BSR 2K needs login to get priviliges, so I have added login option at my .cloginrc. This is my .cloginrc file for BSRx: add user cmts.bsr64k.* backup add password cmts.bsr64k.* add method cmts.bsr64k.* telnet ssh1 add autoenable cmts.bsr64k.* 1 add noenable cmts.bsr64k.* 0 add user cmts.bsr2k.* backup add password cmts.bsr2k.* add loguser cmts.bsr2k.* backup add method cmts.bsr2k.* telnet add login cmts.bsr2k.* 1 Both scripts (attached), were modified from bsrlogin and bsrrancid Hope this helps someone else. Regards. From: me_gogorza at hotmail.com To: rancid-discuss at shrubbery.net Date: Thu, 12 Jan 2012 17:00:48 -0300 Subject: [rancid] Motorola BSR1000 Hi list, I am trying to backup Motorla BSR 2000. I have modified the clogin and made a copy of the bsrrancid to retrieve the config (attached). The issue is that I see some garbage at the "show running" section: no ip unreachables  ip ospf cost 10 ! ip pim border  cable downstream 0 frequency 567000000 cable downstream 0 interleave-depth 8 Has anyone faced an issue like this ? I am testing this on an Ubuntu 10.04 machine Any tip on how to find out what the problem is, is really appreciated. Thanks in advance !!! _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bsrxkrancid Type: application/octet-stream Size: 19405 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bsrxklogin Type: application/octet-stream Size: 26295 bytes Desc: not available URL: From michael.lee at mincom.com Mon Jan 16 05:33:18 2012 From: michael.lee at mincom.com (Michael Lee) Date: Sun, 15 Jan 2012 21:33:18 -0800 Subject: [rancid] Email notification with RANCID Message-ID: <50EBBF653D3B6A4CBCC80D17DE982D6A2DEDA142C8@SG1RD3XVS141.red003.local> Hi all, I am new to RANCID, hopefully you guys can help. I have been trying to find some way to make RANCID notify daily through mail which devices is backup successful and which backup is not successful. Is there currently a way to do this. I notice the capability at the moment only send notification on the changes of the configuration. Many thanks in advance, Br, Michael ________________________________ This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please notify the sender and delete the transmission. The contents of this e-mail are the opinion of the writer only and are not endorsed by the Mincom Group of companies unless expressly stated otherwise. -------------- next part -------------- An HTML attachment was scrubbed... URL: From helmut.wieser at ieee.org Mon Jan 16 07:10:43 2012 From: helmut.wieser at ieee.org (Helmut Wieser) Date: Mon, 16 Jan 2012 08:10:43 +0100 Subject: [rancid] HP ProCurve MSM410 AccessPoint In-Reply-To: References: <4F100144.9060102@ieee.org> Message-ID: <4F13CD73.8080303@ieee.org> I'm using rancid-2.3.6 on CentOS 5.4. I got a few HP ProCurve 4204s, HP 2650s, 2520s, etc. They all work fine, but then of course these respond to "show system" or "show system information". On 16.01.2012 00:49, shouldbe q931 wrote: > On Fri, Jan 13, 2012 at 10:02 AM, Helmut Wieser wrote: >> Hi, >> >> I've got rancid running fine with a variety of devices. However I've got a >> few HP ProCurve MSM410 access points that I would like to monitor with >> rancid as well. I can log in fine with hlogin. But they do not support "show >> system" or "show system information". Instead the command needs to be "show >> system info". >> >> Is anyone using those devices in rancid? I tried type "hp" in router.db, but >> this doesn't work. >> >> Here's sample "show system info" output: >> >> CLI# show system info >> [CPU info] [Mem >> info] >> Firmware Version: 5.3.1.0-y-xxxx Load 1min: 0.00 Total RAM: >> 263438336 >> Uptime: 123 days, 03:56> Load 5min: 0.00 Free >> RAM: 219406336 >> Board Revision: 50-00-1036-02 Load 15min: 0.00 Buffer >> RAM: 6041600 >> Serial Number: xxxxxxxxxx CPU use now: 0% Cache >> RAM: 14221312 >> CPU 5sec ago: 1% >> [Storage use] >> CPU 10sec ago: 0% Permanent: >> 3% >> CPU 20sec ago: 1% Temporary: >> 1% >> >> >> This is a list of all commands: >> >> end: >> Switches to parent context. >> reboot device: >> Restarts the system. >> show interfaces: >> Show networking interfaces. >> show bridge: >> Show bridge information. >> show bridge forwarding: >> Show bridge forwarding information. >> show arp: >> Show the ARP table. >> show ip: >> Show all IP addresses. >> show ip route: >> Show all IP routes. >> show dns cache []: >> Show DNS cache entries. Specify a serial number to display detailed >> information. >> show system info: >> Show basic system information. >> show certificate: >> Display current certificates. >> show certificate binding: >> Display how the certificates are used. >> sh: >> Protected access to shell. >> arp: >> Displays and modifies the Internet-to-Ethernet address translation >> tables used by the address resolution protocol. >> iperf: >> Runs a performance throughput test. >> ping: >> Determines if the specified remote IP address is active. >> arping: >> Pings a destination on a device interface using ARP packets. >> quit: >> Exit the enable context. >> rcapture: >> Sends port capture to an FTP server. >> dumpstats: >> Display internal status. >> show all config: >> Print all configuration that applies to this device. >> show client log []: >> Display client station log. Enter the MAC address to display more >> details for a specific client station. >> show wireless neighborhood: >> Show all access points detected nearby. >> show wireless rogue-ap: >> Show all rogue access points detected nearby. >> show dot11 associations: >> Show all current wireless associations. >> show dot11 statistics client-traffic: >> Show current client matrix statistics. >> show local mesh: >> Show current local mesh interfaces. >> config: >> Switches to the config context. >> factory reset: >> Resets the unit to factory default settings. >> switch operational mode: >> Switches the unit operational mode. >> >> >> kind regards, >> Helmut Wieser >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > Which version of rancid are you using, and are you using it for any > other HP devices ? > From shouldbeq931 at gmail.com Mon Jan 16 18:55:24 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Mon, 16 Jan 2012 18:55:24 +0000 Subject: [rancid] Email notification with RANCID In-Reply-To: <50EBBF653D3B6A4CBCC80D17DE982D6A2DEDA142C8@SG1RD3XVS141.red003.local> References: <50EBBF653D3B6A4CBCC80D17DE982D6A2DEDA142C8@SG1RD3XVS141.red003.local> Message-ID: On Mon, Jan 16, 2012 at 5:33 AM, Michael Lee wrote: > Hi all, > > > > I am new to RANCID, hopefully you guys can help. I have been trying to find > some way to make RANCID notify daily through mail which devices is backup > successful and which backup is not successful. > > Is there currently a way to do this. I notice the capability at the moment > only send notification on the changes of the configuration. > > > > Many thanks in advance, > > > > Br, > > Michael > > rancid will send a notification email if it has not been able to contact a device for 24hours, the below is from control_rancid ----------------------------------------------------------------------------------------------- # If any machines have not been reached within the last $OLDTIME # hours, mail out a list of them. cd $DIR/configs rm -f $DIR/routers.failed if [ "X$OLDTIME" = "X" ] ; then OLDTIME=24 fi ----------------------------------------------------------------------------------------------- From michael.lee at mincom.com Tue Jan 17 01:58:48 2012 From: michael.lee at mincom.com (Michael Lee) Date: Mon, 16 Jan 2012 17:58:48 -0800 Subject: [rancid] Email notification with RANCID In-Reply-To: References: <50EBBF653D3B6A4CBCC80D17DE982D6A2DEDA142C8@SG1RD3XVS141.red003.local> Message-ID: <50EBBF653D3B6A4CBCC80D17DE982D6A2DEDA14457@SG1RD3XVS141.red003.local> Hi, Really appreciate your reply. Yeah, however I am trying to list out all the devices and backup status in a list. By the way, do you know anyway to send the configuration diff using html format in an EMAIL similar to what we see on VIEWVC? BR, Michael -----Original Message----- From: shouldbe q931 [mailto:shouldbeq931 at gmail.com] Sent: Tuesday, January 17, 2012 2:55 AM To: Michael Lee Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Email notification with RANCID On Mon, Jan 16, 2012 at 5:33 AM, Michael Lee wrote: > Hi all, > > > > I am new to RANCID, hopefully you guys can help. I have been trying to find > some way to make RANCID notify daily through mail which devices is backup > successful and which backup is not successful. > > Is there currently a way to do this. I notice the capability at the moment > only send notification on the changes of the configuration. > > > > Many thanks in advance, > > > > Br, > > Michael > > rancid will send a notification email if it has not been able to contact a device for 24hours, the below is from control_rancid ----------------------------------------------------------------------------------------------- # If any machines have not been reached within the last $OLDTIME # hours, mail out a list of them. cd $DIR/configs rm -f $DIR/routers.failed if [ "X$OLDTIME" = "X" ] ; then OLDTIME=24 fi ----------------------------------------------------------------------------------------------- This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please notify the sender and delete the transmission. The contents of this e-mail are the opinion of the writer only and are not endorsed by the Mincom Group of companies unless expressly stated otherwise. From skyeh at uidaho.edu Wed Jan 18 00:48:25 2012 From: skyeh at uidaho.edu (Hagen, Skye) Date: Tue, 17 Jan 2012 16:48:25 -0800 Subject: [rancid] Email notification with RANCID In-Reply-To: <50EBBF653D3B6A4CBCC80D17DE982D6A2DEDA14457@SG1RD3XVS141.red003.local> Message-ID: We took a completely different tact on notification. We backup over 1600 devices nightly, and only want notification if there is a problem, and in some cases, only when there is a major problem. We use syslog with Splunk for a majority of our reporting. What I did was to wrap 'rancid-run' in a shell script that will take the logs, massage them, and send the results to syslog. We have created a number of Splunk reports, such as a report that tells us if there are excessive errors, or if a backup has had successive failures. If anyone is interested, I have attached the script. Skye. On 1/16/12 5:58 PM, "Michael Lee" wrote: > Hi, > > Really appreciate your reply. Yeah, however I am trying to list out all the > devices and backup status in a list. By the way, do you know anyway to send > the configuration diff using html format in an EMAIL similar to what we see on > VIEWVC? > > > BR, > Michael > -----Original Message----- > From: shouldbe q931 [mailto:shouldbeq931 at gmail.com] > Sent: Tuesday, January 17, 2012 2:55 AM > To: Michael Lee > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Email notification with RANCID > > On Mon, Jan 16, 2012 at 5:33 AM, Michael Lee wrote: >> Hi all, >> >> >> >> I am new to RANCID, hopefully you guys can help. I have been trying to find >> some way to make RANCID notify daily through mail which devices is backup >> successful and which backup is not successful. >> >> Is there currently a way to do this. I notice the capability at the moment >> only send notification on the changes of the configuration. >> >> >> >> Many thanks in advance, >> >> >> >> Br, >> >> Michael >> >> > > rancid will send a notification email if it has not been able to > contact a device for 24hours, the below is from control_rancid > > ------------------------------------------------------------------------------ > ----------------- > # If any machines have not been reached within the last $OLDTIME > # hours, mail out a list of them. > cd $DIR/configs > rm -f $DIR/routers.failed > if [ "X$OLDTIME" = "X" ] ; then > OLDTIME=24 > fi > ------------------------------------------------------------------------------ > ----------------- > > > This transmission is for the intended addressee only and is confidential > information. If you have received this transmission in error, please notify > the sender and delete the transmission. The contents of this e-mail are the > opinion of the writer only and are not endorsed by the Mincom Group of > companies unless expressly stated otherwise. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: RunRANCID.sh.txt URL: From kamran.ayub at dsl.net.pk Wed Jan 18 04:13:41 2012 From: kamran.ayub at dsl.net.pk (kamran ayub) Date: Wed, 18 Jan 2012 09:13:41 +0500 Subject: [rancid] rancid error "missing brace" Message-ID: Dear Members, I am running rancid with VCS . I am editing my .clogrc file with correct format . but not able to test any router/switch successfully with clogin command. Format of .cloginrc file entries is as follws: ad password hostname telnet_pwd {"enable_pwd"} When i test command as : clogin router_hostname it gives me error as clogin error: Error: missing brace Kindly suggest the correction. -- Regards, Muhammad Kamran Ayub From shouldbeq931 at gmail.com Wed Jan 18 10:46:57 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Wed, 18 Jan 2012 10:46:57 +0000 Subject: [rancid] rancid error "missing brace" In-Reply-To: References: Message-ID: On Wed, Jan 18, 2012 at 4:13 AM, kamran ayub wrote: > Dear Members, > > I am running rancid with VCS . > I am editing my .clogrc file with correct format . but not able to > test any router/switch successfully with clogin command. > Format of .cloginrc file entries is as follws: > ad password hostname telnet_pwd {"enable_pwd"} > > When i test command as : clogin router_hostname > it gives me error > as clogin error: Error: missing brace > > Kindly suggest the correction. > > -- > Regards, > > Muhammad Kamran Ayub from man cloginrc --------------------------------------------------- Each line contains either white-space (blank line), a comment which begins with the comment character '#' and may be preceded by white-space, or one of the directives listed below. Each line containing a directive is of the form: add {} [{} ...] or include {} Note: the braces ({}) surrounding the values is significant when the values include TCL meta-characters. Best common practice is to always enclose the values in braces. If a value includes a (left or right) brace or space character, it must be backslash-escaped, as in: add user {foo\}bar} add user {foo\ bar} --------------------------------------------------- from the top of the cloginrc file --------------------------------------------------- # add password --------------------------------------------------- from an actual .cloginrc for a Cisco L3 switch running IOS --------------------------------------------------- add user 10.10.1.1 rancid add password 10.10.1.1 rancidpass enablepass add method 10.10.1.1 ssh --------------------------------------------------- From vincent at autistici.org Thu Jan 19 12:49:28 2012 From: vincent at autistici.org (vincent) Date: Thu, 19 Jan 2012 14:49:28 +0200 Subject: [rancid] get running-config to other network Message-ID: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> hello, I can configure rancid to get him configuration of a switch with VLANs management on another network? this is possible? -- vincent +---------------------------------------------------------------------+ | GPG KeyID: 2048R/0C42E44E 2011-06-14 http://pgp.mit.edu | | Fingerprint GPG: AFD5 80B0 22C1 DCCB A2C5 8A4B F52F 0621 0C42 E44E | | () ascii ribbon campaign - against html e-mail | | /\ www.asciiribbon.org - against proprietary attachments | +---------------------------------------------------------------------+ From sva at anders.ru Thu Jan 19 14:16:10 2012 From: sva at anders.ru (sva at anders.ru) Date: Thu, 19 Jan 2012 18:16:10 +0400 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS Message-ID: <1309703231.20120119181610@anders.ru> ????????????, Rancid-discuss. Does anyone got working rancid 2.3.6 with Extreme box ? I Got latest X670, and i have the same promlems discussed earlier with incorrect expect behavior. I tried fixes discussed in mail-archive, but got no luck. Problems with login: clogin -f ./lgcloginrc -c "show version" sw1.local sw1.local spawn telnet sw1.local Trying x.x.x.x... Connected to sw1.local. Escape character is '^]'. telnet session telnet0 on /dev/ptyb0 System is in trial for 30 day(s) and this will expire in 30 day(s) login: auto password: Login incorrect System is in trial for 30 day(s) and this will expire in 30 day(s) login: rancidpass password: Login incorrect System is in trial for 30 day(s) and this will expire in 30 day(s) login: rancidpass password: Login incorrect Maximum number of login attempts reached! Connection closed by foreign host. rancidpass Error: Connection closed (telnet): sw1.local From time to time i got sucessfull login: clogin -f ./lgcloginrc -c "show version" sw1.local sw1.local spawn telnet sw1.local Trying x.x.x.x... Connected to sw1.local Escape character is '^]'. telnet session telnet0 on /dev/ptyb0 System is in trial for 30 day(s) and this will expire in 30 day(s) login: auto password: Login incorrect System is in trial for 30 day(s) and this will expire in 30 day(s) login: rancidpass password: Login incorrect System is in trial for 30 day(s) and this will expire in 30 day(s) login: auto password: ExtremeXOS Copyright (C) 2000-2011 Extreme Networks. All rights reserved. Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; 6,980,550; 6,981,174; 7,003,705; 7,017,082; 7,046,665; 7,126,923; 7,142,509; 7,149,217; 7,152,124; 7,154,861; 7,245,619; 7,245,629; 7,269,135. ============================================================================== Press the or '?' key at any time for completions. Remember to save your configuration changes. sw1.local.1 # sw1.local.1 #show version qSwitch : 800400-00-04 1143G-00074 Rev 4.0 BootROM: 2.0.1.5 IMG: 12.6.1.3 PSU-1 : Internal PSU-1 800282-00-04 1119K-81549 Rev 0.0 PSU-2 : Internal PSU-2 800282-00-04 1119K-81552 Rev 0.0 Image : ExtremeXOS version 12.6.1.3 v1261b3 by release-manager on Thu Jul 21 09:46:07 PDT 2011 BootROM : 2.0.1.5 Diagnostics : 3.4 sw1.local.2 # quit Connection closed by foreign host. -- ? ?????????, Shidlovsky Vyacheslav, Anders Telecom NOC mailto:sva at anders.ru From david.rodriguez18 at upr.edu Thu Jan 19 12:56:37 2012 From: david.rodriguez18 at upr.edu (David Rodriguez Minguela) Date: Thu, 19 Jan 2012 08:56:37 -0400 Subject: [rancid] get running-config to other network In-Reply-To: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> References: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> Message-ID: <004201ccd6a9$c8b64fb0$5a22ef10$@upr.edu> Sorry I just subscribed to rancid looking for support. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of vincent Sent: Thursday, January 19, 2012 8:49 AM To: rancid-discuss at shrubbery.net Subject: [rancid] get running-config to other network hello, I can configure rancid to get him configuration of a switch with VLANs management on another network? this is possible? -- vincent +---------------------------------------------------------------------+ | GPG KeyID: 2048R/0C42E44E 2011-06-14 http://pgp.mit.edu | | Fingerprint GPG: AFD5 80B0 22C1 DCCB A2C5 8A4B F52F 0621 0C42 E44E | | () ascii ribbon campaign - against html e-mail | | /\ www.asciiribbon.org - against proprietary attachments | +---------------------------------------------------------------------+ _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jward at nero.net Thu Jan 19 21:30:22 2012 From: jward at nero.net (Josh Ward) Date: Thu, 19 Jan 2012 13:30:22 -0800 Subject: [rancid] xrrancid destroys ipv[46] ACLs Message-ID: <4F188B6E.9010800@nero.net> Hey Erik, I just subscribed to the list here. I already fixed the problem in xrrancid where it clobbers ACLs. I haven't tested it with v6 yet but I know that it works for ipv4 ACLs. My patch also adds an option in rancid.conf that looks for an option STRIPACLSEQ=yes or no. If this is set to yes it will remove the ACL sequence numbers on IOS XR. I'm still working on the ACL sorting with this. The way I want it to work is to sort the ACLs in blocks based on remarks in the ACL if they present. I don't have that working yet (and would love a hand on that if anyone is willing!). I'll post another patch when I have that working. -Josh Here is a patch to rancid 2.3.6 that will fix what you were seeing. diff --git a/bin/xrrancid.in b/bin/xrrancid.in index 8481828..031e014 100644 --- a/bin/xrrancid.in +++ b/bin/xrrancid.in @@ -67,6 +67,7 @@ my($aclsort) = ("ipsort"); # ACL sorting mode my($config_register); # configuration register value my($filter_commstr); # SNMP community string filtering my($filter_pwds); # password filtering mode +my ($aclstripseq); # Strip ACL sequence numbers # This routine is used to print out the router configuration sub ProcessHistory { @@ -1026,11 +1027,21 @@ sub WriteTerm { while () { tr/\015//d; last if (/^$prompt/ || /^\S/); - if (/^\s+(\d+) (permit|deny) /) { - ProcessHistory("ACL $nlri $key","keysort","$2"," $2 $'"); - } else { - ProcessHistory("ACL $nlri $key","keysort","$key","$_"); - } + if (/^\s+(\d+) (permit|deny)/ || /^\s(\d+) (remark.*)$/) { + if ($aclstripseq == 0) { + ProcessHistory("ACL $1 $nlri $key","$aclsort","$2"," $1 $2 $'") + } + if ($aclstripseq == 1) { + ProcessHistory("ACL $nlri $key","$aclsort","$2"," $2 $'"); + } + } else { + if ($aclstripseq == 0) { + ProcessHistory("ACL $1 $nlri $key","$aclsort","$key","$1 $_"); + } + if ($aclstripseq == 1) { + ProcessHistory("ACL $nlri $key","$aclsort","$key"," $_"); + } + } } } # order arp lists @@ -1245,6 +1256,17 @@ if ($file) { if ($ENV{"ACLSORT"} =~ /no/i) { $aclsort = ""; } +# determine if we want to strip ACL sequence numbers +if ($ENV{"ACLSTRIPSEQ"} =~ /yes/i) { + $aclstripseq = 1; +} +else { + # If you are not stripping ACL sequence numbers + # you cannot sort ACLs + $aclstripseq = 0; + $aclsort = ""; +} + # determine community string filtering mode if (defined($ENV{"NOCOMMSTR"}) && ($ENV{"NOCOMMSTR"} =~ /yes/i || $ENV{"NOCOMMSTR"} =~ /^$/)) { From shouldbeq931 at gmail.com Thu Jan 19 21:36:09 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Thu, 19 Jan 2012 21:36:09 +0000 Subject: [rancid] get running-config to other network In-Reply-To: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> References: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> Message-ID: On Thu, Jan 19, 2012 at 12:49 PM, vincent wrote: > hello, > I can configure rancid to get him configuration of a switch with VLANs > management on another network? > > this is possible? > > -- > vincent > As long as you have IP connectivity to the device and it is "supported" by rancid, then its location is irrelevant. I use rancid to collect configurations from devices on several continents From vincent at autistici.org Thu Jan 19 22:23:29 2012 From: vincent at autistici.org (vincent) Date: Thu, 19 Jan 2012 23:23:29 +0100 Subject: [rancid] get running-config to other network In-Reply-To: References: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> Message-ID: <4F1897E1.5000108@autistici.org> Il 19/01/2012 22:36, shouldbe q931 ha scritto: > As long as you have IP connectivity to the device and it is > "supported" by rancid, then its location is irrelevant. > > I use rancid to collect configurations from devices on several continents > is ok but I can use a router (eg 10.10.10.0/24) on which I have connectivity as a bridge to a switch to another network (eg 20.20.20.0/24)? -- vincent +---------------------------------------------------------------------+ | GPG KeyID: 2048R/0C42E44E 2011-06-14 http://pgp.mit.edu | | Fingerprint GPG: AFD5 80B0 22C1 DCCB A2C5 8A4B F52F 0621 0C42 E44E | | () ascii ribbon campaign - against html e-mail | | /\ www.asciiribbon.org - against proprietary attachments | +---------------------------------------------------------------------+ From tyler at tolaris.com Thu Jan 19 22:50:35 2012 From: tyler at tolaris.com (Tyler J. Wagner) Date: Thu, 19 Jan 2012 22:50:35 +0000 Subject: [rancid] get running-config to other network In-Reply-To: <4F1897E1.5000108@autistici.org> References: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> <4F1897E1.5000108@autistici.org> Message-ID: <4F189E3B.4050307@tolaris.com> On 2012-01-19 22:23, vincent wrote: > Il 19/01/2012 22:36, shouldbe q931 ha scritto: > >> As long as you have IP connectivity to the device and it is >> "supported" by rancid, then its location is irrelevant. >> >> I use rancid to collect configurations from devices on several continents >> > > is ok > but I can use a router (eg 10.10.10.0/24) on which I have connectivity > as a bridge to a switch to another network (eg 20.20.20.0/24)? Your question has nothing to do with RANCID. >From the RANCID server, if you can telnet to the router by IP address or hostname, then RANCID can support it. If not, you have a routing problem. Fix that first. Regards, Tyler -- "[...] we are not attacking the corporations, but endeavoring to do away with any evil in them. We are not hostile to them; we are merely determined that they shall be so handled as to subserve the public good. We draw the line against misconduct, not against wealth." -- Theodore Roosevelt From vincent at autistici.org Thu Jan 19 23:15:40 2012 From: vincent at autistici.org (vincent) Date: Fri, 20 Jan 2012 00:15:40 +0100 Subject: [rancid] get running-config to other network In-Reply-To: <4F189E3B.4050307@tolaris.com> References: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> <4F1897E1.5000108@autistici.org> <4F189E3B.4050307@tolaris.com> Message-ID: <4F18A41C.2080001@autistici.org> Il 19/01/2012 23:50, Tyler J. Wagner ha scritto: > Your question has nothing to do with RANCID. > >>From the RANCID server, if you can telnet to the router by IP address or > hostname, then RANCID can support it. If not, you have a routing problem. > Fix that first. I don't have a routing problem. I have the following scenario: - I have two separate networks: A=10.10.10.0/24 and B=20.20.20.0/24 - The hosts on network "A" do not need to communicate with hosts on network "B" - I can access (on telnet) the router that separates the two networks (A and B) - I can not install rancid in both networks If the network "A" (10.10.10.0/24) I can log into the router that divides the network, can allow rancid (with script or other method) to perform a second authentication of network devices to the network "B" (if: 20.20.20.1)? -- vincent +---------------------------------------------------------------------+ | GPG KeyID: 2048R/0C42E44E 2011-06-14 http://pgp.mit.edu | | Fingerprint GPG: AFD5 80B0 22C1 DCCB A2C5 8A4B F52F 0621 0C42 E44E | | () ascii ribbon campaign - against html e-mail | | /\ www.asciiribbon.org - against proprietary attachments | +---------------------------------------------------------------------+ From list at soccergeek.net Fri Jan 20 00:09:30 2012 From: list at soccergeek.net (Aaron Smith) Date: Thu, 19 Jan 2012 16:09:30 -0800 Subject: [rancid] get running-config to other network In-Reply-To: <4F18A41C.2080001@autistici.org> References: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> <4F1897E1.5000108@autistici.org> <4F189E3B.4050307@tolaris.com> <4F18A41C.2080001@autistici.org> Message-ID: <4F18B0BA.5040103@soccergeek.net> On 01/19/2012 03:15 PM, vincent wrote: > I have the following scenario: > - I have two separate networks: A=10.10.10.0/24 and B=20.20.20.0/24 > - The hosts on network "A" do not need to communicate with hosts on > network "B" At least one host on network "A" needs to communicate with hosts on network "B" ;) > If the network "A" (10.10.10.0/24) I can log into the router that > divides the network, can allow rancid (with script or other method) to > perform a second authentication of network devices to the network "B" > (if: 20.20.20.1)? I don't believe rancid supports bouncing through one router to get to another. I suppose adding a static route on the RANCiD server to get to network "B" might work, depending on what networks you're connected to and what the routing/firewall policies are. > I don't have a routing problem. This seems like a routing problem to me. Your network admins either need to let you route through to network "B" or install a RANCiD server in both networks. -- @@ron From krzysztof.zygmunt at gmail.com Fri Jan 20 08:52:36 2012 From: krzysztof.zygmunt at gmail.com (Krzysztof Zygmunt) Date: Fri, 20 Jan 2012 09:52:36 +0100 Subject: [rancid] Email notification with RANCID In-Reply-To: References: <50EBBF653D3B6A4CBCC80D17DE982D6A2DEDA14457@SG1RD3XVS141.red003.local> Message-ID: Hi, It looks very interesting, can you tell me what do you do with those syslog messages on splunk side ? How do you generate any reports from such information ? cheers kris 2012/1/18 Hagen, Skye : > We took a completely different tact on notification. We backup over 1600 > devices nightly, and only want notification if there is a problem, and in > some cases, only when there is a major problem. > > We use syslog with Splunk for a majority of our reporting. What I did was to > wrap 'rancid-run' in a shell script that will take the logs, massage them, > and send the results to syslog. > > We have created a number of Splunk reports, such as a report that tells us > if there are excessive errors, or if a backup has had successive failures. > > If anyone is interested, I have attached the script. > > Skye. > > > > > > On 1/16/12 5:58 PM, "Michael Lee" wrote: > >> Hi, >> >> Really appreciate your reply. Yeah, however I am trying to list out all >> the >> devices and backup status in a list. By the way, do you know anyway to >> send >> the configuration diff using html format in an EMAIL similar to what we >> see on >> VIEWVC? >> >> >> BR, >> Michael >> -----Original Message----- >> From: shouldbe q931 [mailto:shouldbeq931 at gmail.com] >> Sent: Tuesday, January 17, 2012 2:55 AM >> To: Michael Lee >> Cc: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Email notification with RANCID >> >> On Mon, Jan 16, 2012 at 5:33 AM, Michael Lee >> wrote: >>> Hi all, >>> >>> >>> >>> I am new to RANCID, hopefully you guys can help. I have been trying to >>> find >>> some way to make RANCID notify daily through mail which devices is backup >>> successful and which backup is not successful. >>> >>> Is there currently a way to do this. I notice the capability at the >>> moment >>> only send notification on the changes of the configuration. >>> >>> >>> >>> Many thanks in advance, >>> >>> >>> >>> Br, >>> >>> Michael >>> >>> >> >> rancid will send a notification email if it has not been able to >> contact a device for 24hours, the below is from control_rancid >> >> >> ------------------------------------------------------------------------------ >> ----------------- >> # If any machines have not been reached within the last $OLDTIME >> # hours, mail out a list of them. >> cd $DIR/configs >> rm -f $DIR/routers.failed >> if [ "X$OLDTIME" = "X" ] ; then >>???? OLDTIME=24 >> fi >> >> ------------------------------------------------------------------------------ >> ----------------- >> >> >> This transmission is for the intended addressee only and is confidential >> information. If you have received this transmission in error, please >> notify >> the sender and delete the transmission. The contents of this e-mail are >> the >> opinion of the writer only and are not endorsed by the Mincom Group of >> companies unless expressly stated otherwise. >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From michael at maymann.org Fri Jan 20 10:00:39 2012 From: michael at maymann.org (Michael Maymann) Date: Fri, 20 Jan 2012 11:00:39 +0100 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> <20120110221303.GB7866@shrubbery.net> Message-ID: Hi, Thanks shouldbe, but that didn't help either...:-( I still haven't gotten this to work... have now tried the following: ---1---.cloginrc -bash-3.2$ cat .cloginrc add method * ssh add user * USER add identity * /COMPANY/site_home/USER/.ssh/id_rsa add password HOSTNAME {PASSWORD} {PASSWORD} ---1--- ---2---just standard output -bash-3.2$ /usr/libexec/rancid/hlogin -c "sh ver" HOSTNAME HOSTNAME spawn hpuifilter -- ssh -i PATH_TO/.ssh/id_rsa -c 3des -x -l test HOSTNAME We'd like to keep you up to date about: * Software feature updates * New product announcements * Special events Please register your products now at: www.ProCurve.com ProCurve J8697A Switch 5406zl Software revision K.15.02.0005 Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continueHOSTNAME#...I PRESS HERE... Error: TIMEOUT reached ---2--- ---3---strace output ("/usr/libexec/rancid/hlogin", ["/usr/libexec/rancid/hlogin", "-c", "sh ver", "HOSTNAME"], [/* 18 vars */]) = 0 brk(0) = 0x145bd000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac42984f000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac429850000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=32295, ...}) = 0 mmap(NULL, 32295, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ac429851000 close(3) = 0 open("/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/usr/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/usr/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/usr/lib64/libexpect5.43.so", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\266 at w6\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=180608, ...}) = 0 mmap(0x3677400000, 2287968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3677400000 mprotect(0x3677429000, 2097152, PROT_NONE) = 0 mmap(0x3677629000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29000) = 0x3677629000 mmap(0x367762c000, 10592, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x367762c000 close(3) = 0 open("/usr/lib64/libtcl8.4.so", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\22bZ?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=805656, ...}) = 0 mmap(0x3f5a600000, 2903528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f5a600000 mprotect(0x3f5a6bb000, 2093056, PROT_NONE) = 0 mmap(0x3f5a8ba000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xba000) = 0x3f5a8ba000 mmap(0x3f5a8c4000, 3560, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f5a8c4000 close(3) = 0 open("/lib64/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\16\240W?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=23360, ...}) = 0 mmap(0x3f57a00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f57a00000 mprotect(0x3f57a02000, 2097152, PROT_NONE) = 0 mmap(0x3f57c02000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x3f57c02000 close(3) = 0 open("/lib64/libpthread.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240W\340W?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=145824, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac429859000 mmap(0x3f57e00000, 2204528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f57e00000 mprotect(0x3f57e16000, 2093056, PROT_NONE) = 0 mmap(0x3f58015000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x3f58015000 mmap(0x3f58017000, 13168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f58017000 close(3) = 0 open("/lib64/libm.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`>\240X?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=615136, ...}) = 0 mmap(0x3f58a00000, 2629848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f58a00000 mprotect(0x3f58a82000, 2093056, PROT_NONE) = 0 mmap(0x3f58c81000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81000) = 0x3f58c81000 close(3) = 0 open("/lib64/libutil.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\16\340Z?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=18152, ...}) = 0 mmap(0x3f5ae00000, 2105616, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f5ae00000 mprotect(0x3f5ae02000, 2093056, PROT_NONE) = 0 mmap(0x3f5b001000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x3f5b001000 close(3) = 0 open("/lib64/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\332aW?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1722304, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac42985a000 mmap(0x3f57600000, 3502424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f57600000 mprotect(0x3f5774e000, 2097152, PROT_NONE) = 0 mmap(0x3f5794e000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14e000) = 0x3f5794e000 mmap(0x3f57953000, 16728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f57953000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac42985b000 arch_prctl(ARCH_SET_FS, 0x2ac42985b790) = 0 mprotect(0x3f57c02000, 4096, PROT_READ) = 0 mprotect(0x3f58015000, 4096, PROT_READ) = 0 mprotect(0x3f58c81000, 4096, PROT_READ) = 0 mprotect(0x3f5b001000, 4096, PROT_READ) = 0 mprotect(0x3f5794e000, 16384, PROT_READ) = 0 mprotect(0x3f5741c000, 4096, PROT_READ) = 0 munmap(0x2ac429851000, 32295) = 0 set_tid_address(0x2ac42985b820) = 6256 set_robust_list(0x2ac42985b830, 0x18) = 0 futex(0x7fff824f43cc, FUTEX_WAKE_PRIVATE, 1) = 0 rt_sigaction(SIGRTMIN, {0x3f57e05380, [], SA_RESTORER|SA_SIGINFO, 0x3f57e0eb70}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {0x3f57e052b0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x3f57e0eb70}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0 lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) lseek(1, 0, SEEK_CUR) = 0 lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) rt_sigaction(SIGPIPE, {0x1, [PIPE], SA_RESTORER|SA_RESTART, 0x3f576302d0}, {SIG_DFL, [], 0}, 8) = 0 brk(0) = 0x145bd000 brk(0x145de000) = 0x145de000 mmap(NULL, 10489856, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_32BIT, -1, 0) = 0x40e28000 mprotect(0x40e28000, 4096, PROT_NONE) = 0 clone(child_stack=0x41828250, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLON7 futex(0x145c1924, FUTEX_WAIT_PRIVATE, 1, NULL) = 0 futex(0x145bdb30, FUTEX_WAIT_PRIVATE, 2, NULL) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 uname({sys="Linux", node="LINUXBOX", ...}) = 0 open("/usr/lib/locale/locale-archive", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=56459024, ...}) = 0 mmap(NULL, 56459024, PROT_READ, MAP_PRIVATE, 5, 0) = 0x2aaaaaaab000 close(5) = 0 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0 lstat("/usr/lib/tcl8.4", {st_mode=S_IFLNK|0777, st_size=17, ...}) = 0 readlink("/usr/lib/tcl8.4", "/usr/share/tcl8.4"..., 4096) = 17 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share/tcl8.4", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share/tcl8.4/encoding", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/usr/share/tcl8.4/encoding/iso8859-1.enc", O_RDONLY) = 5 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f39b0) = -1 ENOTTY (Inappropriate ioctl for device) brk(0x14600000) = 0x14600000 read(5, "# Encoding file: iso8859-1, sing"..., 4096) = 1094 read(5, "", 4096) = 0 close(5) = 0 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share/tcl8.4", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 access("/usr/share/tcl8.4/init.tcl", F_OK) = 0 stat("/usr/share/tcl8.4/init.tcl", {st_mode=S_IFREG|0644, st_size=22674, ...}) = 0 open("/usr/share/tcl8.4/init.tcl", O_RDONLY) = 5 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f2fe0) = -1 ENOTTY (Inappropriate ioctl for device) read(5, "# init.tcl --\n#\n# Default system"..., 4096) = 4096 read(5, " the following steps to make the"..., 4096) = 4096 read(5, "in \\\"unknown\\\"\" {} \\\n\t\t\t[list CO"..., 4096) = 4096 read(5, "guments: \n# None.\n\nproc auto_loa"..., 4096) = 4096 read(5, " namespace eval :: "..., 4096) = 4096 read(5, " give a more precise\n\t# error me"..., 4096) = 2194 read(5, "", 4096) = 0 close(5) = 0 brk(0x14624000) = 0x14624000 open("/dev/tty", O_RDWR) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(5, TIOCGWINSZ, {ws_row=33, ws_col=145, ws_xpixel=0, ws_ypixel=0}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f42a0) = -1 ENOTTY (Inappropriate ioctl for device) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(1, 0, SEEK_CUR) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f4120) = -1 ENOTTY (Inappropriate ioctl for device) getsockname(1, 0x7fff824f41f0, [16]) = -1 ENOTSOCK (Socket operation on non-socket) lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 fcntl(0, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 fcntl(2, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(2, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 fcntl(2, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(5, F_SETFD, FD_CLOEXEC) = 0 fcntl(5, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) fcntl(5, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 fcntl(5, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) rt_sigaction(SIGINT, {0x367741a760, [INT], SA_RESTORER|SA_RESTART, 0x3f576302d0}, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGTERM, {0x367741a760, [TERM], SA_RESTORER|SA_RESTART, 0x3f576302d0}, {SIG_DFL, [], 0}, 8) = 0 open("/usr/lib/expect5.43/expect.rc", O_RDONLY) = -1 ENOENT (No such file or directory) open("/COMPANY/site_home/USER/.expect.rc", O_RDONLY) = -1 ENOENT (No such file or directory) lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/libexec", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/libexec/rancid", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/libexec/rancid/hlogin", {st_mode=S_IFREG|0755, st_size=22702, ...}) = 0 open("/usr/libexec/rancid/hlogin", O_RDONLY) = 6 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f4020) = -1 ENOTTY (Inappropriate ioctl for device) read(6, "#! /usr/bin/expect --\n##\n## $Id:"..., 4096) = 4096 read(6, " # This uses \"id\" which I think "..., 4096) = 4096 read(6, "# This is a helper function to m"..., 4096) = 4096 read(6, ";\n\t if !$progs {\n\t\tsend_user "..., 4096) = 4096 read(6, "\t\t\t\t\t catch {send \" \"};\n\t\t\t\t\t "..., 4096) = 4096 brk(0x1464c000) = 0x1464c000 brk(0x14648000) = 0x14648000 read(6, "ompt\" == \"\" } {\n\tset p_prompt \"("..., 4096) = 2222 read(6, "", 4096) = 0 close(6) = 0 lstat("/COMPANY", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 lstat("/COMPANY/site_home", {st_mode=S_IFDIR|0755, st_size=118784, ...}) = 0 lstat("/COMPANY/site_home/USER", {st_mode=S_IFDIR|S_ISGID|0750, st_size=4096, ...}) = 0 access("/COMPANY/site_home/USER/.cloginrc", F_OK) = 0 stat("/COMPANY/site_home/USER/.cloginrc", {st_mode=S_IFREG|0600, st_size=130, ...}) = 0 stat("/COMPANY/site_home/USER/.cloginrc", {st_mode=S_IFREG|0600, st_size=130, ...}) = 0 open("/COMPANY/site_home/USER/.cloginrc", O_RDONLY) = 6 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f30f0) = -1 ENOTTY (Inappropriate ioctl for device) read(6, "add method * ssh\nadd user * test"..., 4096) = 130 read(6, "", 4096) = 0 close(6) = 0 brk(0x1466c000) = 0x1466c000 write(1, "HOSTNAME\n", 9) = 9 brk(0x14690000) = 0x14690000 write(1, "spawn", 5) = 5 write(1, " ", 1) = 1 write(1, "hpuifilter", 10) = 10 write(1, " ", 1) = 1 write(1, "--", 2) = 2 write(1, " ", 1) = 1 write(1, "ssh", 3) = 3 write(1, " ", 1) = 1 write(1, "-i", 2) = 2 write(1, " ", 1) = 1 write(1, "/COMPANY/site_home/USER/.ssh"..., 39) = 39 write(1, " ", 1) = 1 write(1, "-c", 2) = 2 write(1, " ", 1) = 1 write(1, "3des", 4) = 4 write(1, " ", 1) = 1 write(1, "-x", 2) = 2 write(1, " ", 1) = 1 write(1, "-l", 2) = 2 write(1, " ", 1) = 1 write(1, "test", 4) = 4 write(1, " ", 1) = 1 write(1, "HOSTNAME", 8) = 8 write(1, "\r\n", 2) = 2 open("/dev/ptmx", O_RDWR) = 6 statfs("/dev/pts", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen0 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(6, TIOCGPTN, [3]) = 0 stat("/dev/pts/3", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0 statfs("/dev/pts/3", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namel0 ioctl(6, TIOCSPTLCK, [0]) = 0 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(6, TIOCGPTN, [3]) = 0 stat("/dev/pts/3", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0 open("/dev/pts/3", O_RDWR|O_NOCTTY) = 7 ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/7", "/dev/pts/3"..., 4095) = 10 close(7) = 0 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 pipe([7, 8]) = 0 pipe([9, 10]) = 0 pipe([11, 12]) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2ac42985b820) = 6258 close(8) = 0 close(9) = 0 close(12) = 0 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 fcntl(6, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) fcntl(6, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 fcntl(6, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) read(7, " ", 1) = 1 write(10, " ", 1) = 1 close(7) = 0 close(10) = 0 read(11, "", 4) = 0 close(11) = 0 clock_gettime(CLOCK_REALTIME, {1327052097, 956733000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 1, {0, 299932000}) = -1 ETIMEDOUT (Connection timed out) futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 brk(0x146b4000) = 0x146b4000 brk(0x146d8000) = 0x146d8000 brk(0x146fa000) = 0x146fa000 brk(0x146f4000) = 0x146f4000 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052098, 261705000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 3, {44, 999845000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "We'd like to keep you up to date"..., 4096) = 42 write(1, "We'd like to keep you up to date"..., 42) = 42 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 489667000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 5, {43, 999847000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, " * Software feature updates\r\r\n", 4096) = 31 write(1, " * Software feature updates\r\r\n", 31) = 31 brk(0x14716000) = 0x14716000 brk(0x14704000) = 0x14704000 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 490805000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 7, {43, 999849000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, " * New product announcements\r\r\n", 4096) = 32 write(1, " * New product announcements\r\r\n", 32) = 32 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 491718000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 9, {43, 999851000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, " * Special events\r\r\n", 4096) = 21 write(1, " * Special events\r\r\n", 21) = 21 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 492653000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 11, {43, 999812000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "\r\r\n", 4096) = 3 write(1, "\r\r\n", 3) = 3 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 493894000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 13, {43, 999803000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "Please register your products no"..., 4096) = 58 write(1, "Please register your products no"..., 58) = 58 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 494800000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 15, {43, 999851000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "\r\r\n", 4096) = 3 write(1, "\r\r\n", 3) = 3 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 495717000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 17, {43, 999851000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "\r\r\n", 4096) = 3 write(1, "\r\r\n", 3) = 3 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 496640000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 19, {43, 999851000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "ProCurve J8697A Switch 5406zl\r\r\r"..., 4096) = 279 write(1, "ProCurve J8697A Switch 5406zl\r\r\r"..., 279) = 279 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 750560000}) = 0 futex(0x14673f40, FUTEX_WAKE_PRIVATE, 1) = 1 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 21, {43, 999800000}) = -1 EAGAIN (Resource temporarily unavailable) futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, " as set forth in subdivision (b)"..., 4096) = 204 write(1, " as set forth in subdivision (b)"..., 204) = 204 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 751914000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 23, {43, 999807000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "Press any key to continue", 4096) = 25 write(1, "Press any key to continue", 25) = 25 write(6, " ", 1) = 1 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 950814000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 25, {44, 999808000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "HOSTNAME# ", 4096) = 10 write(1, "HOSTNAME# ", 10) = 10 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 969335000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 27, {44, 999848000} ) = -1 ETIMEDOUT (Connection timed out) write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 write(1, "\nError: TIMEOUT reached\n", 24) = 24 fcntl(6, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(6, F_SETFL, O_RDWR|O_LARGEFILE) = 0 fcntl(6, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) write(6, "", 0) = 0 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({1, 0}, {1, 0}) = 0 close(6) = 0 open("/dev/null", O_RDONLY) = 6 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 wait4(6258, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 6258 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 fcntl(5, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(5, F_SETFL, O_RDWR|O_LARGEFILE) = 0 fcntl(5, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) close(5) = 0 open("/dev/null", O_RDONLY) = 5 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 fcntl(2, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(2, F_SETFL, O_RDWR|O_LARGEFILE) = 0 fcntl(2, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) close(2) = 0 open("/dev/null", O_RDONLY) = 2 fcntl(2, F_SETFD, FD_CLOEXEC) = 0 fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) fcntl(0, F_SETFL, O_RDWR|O_LARGEFILE) = 0 fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) write(1, "", 0) = 0 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({1, 0}, {1, 0}) = 0 close(0) = 0 close(1) = 0 open("/dev/null", O_RDONLY) = 0 fcntl(0, F_SETFD, FD_CLOEXEC) = 0 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fcntl(6, F_SETFL, O_RDONLY|O_LARGEFILE) = 0 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) write(6, "", 0) = -1 EBADF (Bad file descriptor) close(6) = 0 write(4, "q", 1) = 1 close(4) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 futex(0x145c1920, FUTEX_WAKE_PRIVATE, 1) = 1 futex(0x145c1924, FUTEX_WAIT_PRIVATE, 3, NULL) = -1 EAGAIN (Resource temporarily unavailable) futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 exit_group(1) = ? ---3--- It seems to complain about some files missing: access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/usr/lib/expect5.43/expect.rc", O_RDONLY) = -1 ENOENT (No such file or directory) open("/COMPANY/site_home/USER/.expect.rc", O_RDONLY) = -1 ENOENT (No such file or directory) -bash-3.2$ locate expect /usr/bin/autoexpect /usr/bin/expect /usr/lib/expect5.43 /usr/lib/libexpect5.43.so /usr/lib/expect5.43/cat-buffers /usr/lib/expect5.43/pkgIndex.tcl /usr/lib64/expect5.43 /usr/lib64/libexpect5.43.so /usr/lib64/expect5.43/cat-buffers /usr/lib64/expect5.43/pkgIndex.tcl /usr/share/man/man1/autoexpect.1.gz /usr/share/man/man1/expect.1.gz /usr/share/man/overrides/man1/expect.1.gz /usr/share/vim/vim70/syntax/expect.vim Just installed rancid from yum on RHEL5.7 64 bit - what could I have done wrong... ? Urgent - Please can anyone help...? Thanks in advance :-) ! ~maymann 2012/1/11 shouldbe q931 > On Wed, Jan 11, 2012 at 4:50 PM, Michael Maymann > wrote: > > Hi Shouldbe, > > > > Sorry for not stating this... busy day at work...: > > tried to change "show system-information" -> "show system" to hrancid but > > still: > > hlogin -c "sh ver" > > is "hanging"... > > > > So it seems I have run into 2 problems: > > 1. trying to use hlogin with ssh-key-share (add identity * id_rsa) > > configured to .cloginrc is still giving an error about password is > missing > > in .cloginrc. "ssh user at host" is working fine with key-sharing > > (password-lessly)... > > 2. hlogin is "hanging" also if I use username/password directly in > .cloginrc > > and even if I make the modifications to hrancid (stated above...) > > > > Am I using this wrong somehow, as it works for you...? > > Shouldbe: can you provide your .cloginrc and a tar of rancid-bin-dir > (where > > hlogin/hrancid etc is located)... and perhaps give examples of how you > use > > the tool to run commands on HP ProCurve equipment. > > Heasley: is this an easy/quick fix or can you recommend anything else > that > > is working with both HP ProCurve and Cisco equipment... ? > > > > > > Thanks in advance :-) ! > > ~maymann > > > > > > I've attached a copy of hrancid, and what we "see" via ViewVC on the > rancid box > > I've had to slightly sanitise the output... > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ttauber at 1-4-5.net Fri Jan 20 13:03:25 2012 From: ttauber at 1-4-5.net (Tony Tauber) Date: Fri, 20 Jan 2012 08:03:25 -0500 Subject: [rancid] get running-config to other network In-Reply-To: <4F18B0BA.5040103@soccergeek.net> References: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> <4F1897E1.5000108@autistici.org> <4F189E3B.4050307@tolaris.com> <4F18A41C.2080001@autistici.org> <4F18B0BA.5040103@soccergeek.net> Message-ID: Actually, this question has come up before (I think even from me once) about devices which are only reachable via some sort of gateway (e.g. telnet from one device to another or console access via terminal server). I haven't done it and don't have the need in my current environment but I believe there may have been some patches or hacks devised to deal with it. Tony On Thu, Jan 19, 2012 at 7:09 PM, Aaron Smith wrote: > On 01/19/2012 03:15 PM, vincent wrote: > >> I have the following scenario: >> - I have two separate networks: A=10.10.10.0/24 and B=20.20.20.0/24 >> - The hosts on network "A" do not need to communicate with hosts on >> network "B" >> > > At least one host on network "A" needs to communicate with hosts on > network "B" ;) > > > If the network "A" (10.10.10.0/24) I can log into the router that >> divides the network, can allow rancid (with script or other method) to >> perform a second authentication of network devices to the network "B" >> (if: 20.20.20.1)? >> > > I don't believe rancid supports bouncing through one router to get to > another. I suppose adding a static route on the RANCiD server to get to > network "B" might work, depending on what networks you're connected to and > what the routing/firewall policies are. > > > > I don't have a routing problem. > > This seems like a routing problem to me. Your network admins either need > to let you route through to network "B" or install a RANCiD server in both > networks. > > -- > @@ron > > ______________________________**_________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/**mailman/listinfo.cgi/rancid-**discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sarikoudis at googlemail.com Fri Jan 20 15:26:32 2012 From: sarikoudis at googlemail.com (theodoros sarikoudis) Date: Fri, 20 Jan 2012 17:26:32 +0200 Subject: [rancid] get running-config to other network In-Reply-To: References: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> <4F1897E1.5000108@autistici.org> <4F189E3B.4050307@tolaris.com> <4F18A41C.2080001@autistici.org> <4F18B0BA.5040103@soccergeek.net> Message-ID: I had the same problem (some years ago) There is a solution but I cannot remember the term used for this case :( intermediate logon or something.... Search old list archives. (if i find something I ll come back) 2012/1/20 Tony Tauber : > Actually, this question has come up before (I think even from me once) about > devices which are only reachable via some sort of gateway (e.g. telnet from > one device to another or console access via terminal server). > I haven't done it and don't have the need in my current environment but I > believe there may have been some patches or hacks devised to deal with it. > > Tony > > On Thu, Jan 19, 2012 at 7:09 PM, Aaron Smith wrote: >> >> On 01/19/2012 03:15 PM, vincent wrote: >>> >>> I have the following scenario: >>> ? - I have two separate networks: A=10.10.10.0/24 and B=20.20.20.0/24 >>> ? - The hosts on network "A" do not need to communicate with hosts on >>> network "B" >> >> >> At least one host on network "A" needs to communicate with hosts on >> network "B" ;) >> >> >>> If the network "A" (10.10.10.0/24) I can log into the router that >>> divides the network, can allow rancid (with script or other method) to >>> perform a second authentication of network devices to the network "B" >>> (if: 20.20.20.1)? >> >> >> I don't believe rancid supports bouncing through one router to get to >> another. ?I suppose adding a static route on the RANCiD server to get to >> network "B" might work, depending on what networks you're connected to and >> what the routing/firewall policies are. >> >> >> > I don't have a routing problem. >> >> This seems like a routing problem to me. ?Your network admins either need >> to let you route through to network "B" or install a RANCiD server in both >> networks. >> >> -- >> @@ron >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From sarikoudis at googlemail.com Fri Jan 20 17:24:11 2012 From: sarikoudis at googlemail.com (theodoros sarikoudis) Date: Fri, 20 Jan 2012 19:24:11 +0200 Subject: [rancid] get running-config to other network In-Reply-To: References: <458b2495cf9bd5c2bbe1cff7184d4261@inventati.org> <4F1897E1.5000108@autistici.org> <4F189E3B.4050307@tolaris.com> <4F18A41C.2080001@autistici.org> <4F18B0BA.5040103@soccergeek.net> Message-ID: found it have a look on: http://www.shrubbery.net/pipermail/rancid-discuss/2004-November/000905.html 2012/1/20 Tony Tauber : > Actually, this question has come up before (I think even from me once) about > devices which are only reachable via some sort of gateway (e.g. telnet from > one device to another or console access via terminal server). > I haven't done it and don't have the need in my current environment but I > believe there may have been some patches or hacks devised to deal with it. > > Tony > > On Thu, Jan 19, 2012 at 7:09 PM, Aaron Smith wrote: >> >> On 01/19/2012 03:15 PM, vincent wrote: >>> >>> I have the following scenario: >>> ? - I have two separate networks: A=10.10.10.0/24 and B=20.20.20.0/24 >>> ? - The hosts on network "A" do not need to communicate with hosts on >>> network "B" >> >> >> At least one host on network "A" needs to communicate with hosts on >> network "B" ;) >> >> >>> If the network "A" (10.10.10.0/24) I can log into the router that >>> divides the network, can allow rancid (with script or other method) to >>> perform a second authentication of network devices to the network "B" >>> (if: 20.20.20.1)? >> >> >> I don't believe rancid supports bouncing through one router to get to >> another. ?I suppose adding a static route on the RANCiD server to get to >> network "B" might work, depending on what networks you're connected to and >> what the routing/firewall policies are. >> >> >> > I don't have a routing problem. >> >> This seems like a routing problem to me. ?Your network admins either need >> to let you route through to network "B" or install a RANCiD server in both >> networks. >> >> -- >> @@ron >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From skyeh at uidaho.edu Fri Jan 20 19:14:05 2012 From: skyeh at uidaho.edu (Hagen, Skye) Date: Fri, 20 Jan 2012 11:14:05 -0800 Subject: [rancid] Email notification with RANCID In-Reply-To: Message-ID: The syslog events are indexed in Splunk with a specific sourcetype, in our case 'Rancid'. We run RANCID via cron once a day. Therefore, our Splunk reports are on a daily schedule. Here is a list of the reports that we run. Consistent errors, where the same device has an error for the last two weeks. Run daily, for the last 2 weeks. Query: sourcetype="Rancid" "rancid-run" error | stats count by device | where count > 13 Excessive errors, where we have a large number of errors in a single run. Run daily, for the last 24 hours. Query: sourcetype="Rancid" rancid Errors > 7 Did not finish, where we do not see the end of the run for our three RANCID groups. Run daily, for the last 24 hours. Query: sourcetype="Rancid" rancid-run ending: | stats count by date_mday | where count != 3 The reports are only emailed to our network team if the event count is greater than zero. In other words, we only get notified if there is a problem. If you want to discuss this further, lets take it off-list. Skye. On 1/20/12 12:52 AM, "Krzysztof Zygmunt" wrote: > Hi, > > It looks very interesting, can you tell me what do you do with those > syslog messages > on splunk side ? How do you generate any reports from such information ? > > cheers > kris > > 2012/1/18 Hagen, Skye : >> We took a completely different tact on notification. We backup over 1600 >> devices nightly, and only want notification if there is a problem, and in >> some cases, only when there is a major problem. >> >> We use syslog with Splunk for a majority of our reporting. What I did was to >> wrap 'rancid-run' in a shell script that will take the logs, massage them, >> and send the results to syslog. >> >> We have created a number of Splunk reports, such as a report that tells us >> if there are excessive errors, or if a backup has had successive failures. >> >> If anyone is interested, I have attached the script. >> >> Skye. >> >> >> >> >> >> On 1/16/12 5:58 PM, "Michael Lee" wrote: >> >>> Hi, >>> >>> Really appreciate your reply. Yeah, however I am trying to list out all >>> the >>> devices and backup status in a list. By the way, do you know anyway to >>> send >>> the configuration diff using html format in an EMAIL similar to what we >>> see on >>> VIEWVC? >>> >>> >>> BR, >>> Michael >>> -----Original Message----- >>> From: shouldbe q931 [mailto:shouldbeq931 at gmail.com] >>> Sent: Tuesday, January 17, 2012 2:55 AM >>> To: Michael Lee >>> Cc: rancid-discuss at shrubbery.net >>> Subject: Re: [rancid] Email notification with RANCID >>> >>> On Mon, Jan 16, 2012 at 5:33 AM, Michael Lee >>> wrote: >>>> Hi all, >>>> >>>> >>>> >>>> I am new to RANCID, hopefully you guys can help. I have been trying to >>>> find >>>> some way to make RANCID notify daily through mail which devices is backup >>>> successful and which backup is not successful. >>>> >>>> Is there currently a way to do this. I notice the capability at the >>>> moment >>>> only send notification on the changes of the configuration. >>>> >>>> >>>> >>>> Many thanks in advance, >>>> >>>> >>>> >>>> Br, >>>> >>>> Michael >>>> >>>> >>> >>> rancid will send a notification email if it has not been able to >>> contact a device for 24hours, the below is from control_rancid >>> >>> >>> ---------------------------------------------------------------------------- >>> -- >>> ----------------- >>> # If any machines have not been reached within the last $OLDTIME >>> # hours, mail out a list of them. >>> cd $DIR/configs >>> rm -f $DIR/routers.failed >>> if [ "X$OLDTIME" = "X" ] ; then >>> ???? OLDTIME=24 >>> fi >>> >>> ---------------------------------------------------------------------------- >>> -- >>> ----------------- >>> >>> >>> This transmission is for the intended addressee only and is confidential >>> information. If you have received this transmission in error, please >>> notify >>> the sender and delete the transmission. The contents of this e-mail are >>> the >>> opinion of the writer only and are not endorsed by the Mincom Group of >>> companies unless expressly stated otherwise. >>> >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From sva at anders.ru Sun Jan 22 18:37:00 2012 From: sva at anders.ru (sva at anders.ru) Date: Sun, 22 Jan 2012 22:37:00 +0400 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS In-Reply-To: <1309703231.20120119181610@anders.ru> References: <1309703231.20120119181610@anders.ru> Message-ID: <932747755.20120122223700@anders.ru> Here is full expect output in attach, can anyone help with this ? > ????????????, Rancid-discuss. > Does anyone got working rancid 2.3.6 with Extreme box ? I Got latest > X670, and i have the same promlems discussed earlier with incorrect > expect behavior. > I tried fixes discussed in mail-archive, but got no luck. > Problems with login: > clogin -f ./lgcloginrc -c "show version" sw1.local > sw1.local > spawn telnet sw1.local > Trying x.x.x.x... > Connected to sw1.local. > Escape character is '^]'. > telnet session telnet0 on /dev/ptyb0 > System is in trial for 30 day(s) and this will expire in 30 day(s) > login: auto > password: > Login incorrect > System is in trial for 30 day(s) and this will expire in 30 day(s) > login: rancidpass > password: > Login incorrect > System is in trial for 30 day(s) and this will expire in 30 day(s) > login: rancidpass > password: > Login incorrect > Maximum number of login attempts reached! > Connection closed by foreign host. > rancidpass > Error: Connection closed (telnet): sw1.local > From time to time i got sucessfull login: > clogin -f ./lgcloginrc -c "show version" sw1.local > sw1.local > spawn telnet sw1.local > Trying x.x.x.x... > Connected to sw1.local > Escape character is '^]'. > telnet session telnet0 on /dev/ptyb0 > System is in trial for 30 day(s) and this will expire in 30 day(s) > login: auto > password: > Login incorrect > System is in trial for 30 day(s) and this will expire in 30 day(s) > login: rancidpass > password: > Login incorrect > System is in trial for 30 day(s) and this will expire in 30 day(s) > login: auto > password: > ExtremeXOS > Copyright (C) 2000-2011 Extreme Networks. All rights reserved. > Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; > 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; > 6,980,550; 6,981,174; 7,003,705; 7,017,082; 7,046,665; 7,126,923; > 7,142,509; 7,149,217; 7,152,124; 7,154,861; 7,245,619; 7,245,629; 7,269,135. > ============================================================================== > Press the or '?' key at any time for completions. > Remember to save your configuration changes. > sw1.local.1 # > sw1.local.1 #show version > qSwitch : 800400-00-04 1143G-00074 Rev 4.0 BootROM: 2.0.1.5 IMG: 12.6.1.3 > PSU-1 : Internal PSU-1 800282-00-04 1119K-81549 Rev 0.0 > PSU-2 : Internal PSU-2 800282-00-04 1119K-81552 Rev 0.0 > Image : ExtremeXOS version 12.6.1.3 v1261b3 by release-manager > on Thu Jul 21 09:46:07 PDT 2011 > BootROM : 2.0.1.5 > Diagnostics : 3.4 > sw1.local.2 # quit > Connection closed by foreign host. -- ? ?????????, Shidlovsky Vyacheslav, Anders Telecom NOC mailto:sva at anders.ru -------------- next part -------------- A non-text attachment was scrubbed... Name: putty.log Type: application/octet-stream Size: 41788 bytes Desc: not available URL: From michael at maymann.org Mon Jan 23 08:27:41 2012 From: michael at maymann.org (Michael Maymann) Date: Mon, 23 Jan 2012 09:27:41 +0100 Subject: [rancid] SSH public-keys In-Reply-To: References: <4F0C042A.8080008@tolaris.com> <20120110162049.GF7866@shrubbery.net> <20120110200005.GU7866@shrubbery.net> <20120110221303.GB7866@shrubbery.net> Message-ID: Rather urgent... Help is much appreciated...:-) ~maymann 2012/1/20 Michael Maymann > Hi, > > Thanks shouldbe, but that didn't help either...:-( > I still haven't gotten this to work... have now tried the following: > ---1---.cloginrc > -bash-3.2$ cat .cloginrc > add method * ssh > add user * USER > add identity * /COMPANY/site_home/USER/.ssh/id_rsa > add password HOSTNAME {PASSWORD} {PASSWORD} > ---1--- > ---2---just standard output > > -bash-3.2$ /usr/libexec/rancid/hlogin -c "sh ver" HOSTNAME > HOSTNAME > spawn hpuifilter -- ssh -i PATH_TO/.ssh/id_rsa -c 3des -x -l test HOSTNAME > > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > > Please register your products now at: www.ProCurve.com > > > ProCurve J8697A Switch 5406zl > Software revision K.15.02.0005 > > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to > restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data > and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > > Press any key to continueHOSTNAME#...I PRESS HERE... > > Error: TIMEOUT reached > ---2--- > ---3---strace output > ("/usr/libexec/rancid/hlogin", ["/usr/libexec/rancid/hlogin", "-c", "sh > ver", "HOSTNAME"], [/* 18 vars */]) = 0 > brk(0) = 0x145bd000 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = > 0x2ac42984f000 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = > 0x2ac429850000 > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat(3, {st_mode=S_IFREG|0644, st_size=32295, ...}) = 0 > mmap(NULL, 32295, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ac429851000 > close(3) = 0 > open("/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such > file or directory) > stat("/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file > or directory) > stat("/lib64/tls", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such > file or directory) > stat("/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/lib64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or > directory) > stat("/lib64", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > open("/usr/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No > such file or directory) > stat("/usr/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/usr/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such > file or directory) > stat("/usr/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > open("/usr/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such > file or directory) > stat("/usr/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/usr/lib64/libexpect5.43.so", O_RDONLY) = 3 > read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\266 at w6\0\0\0"..., > 832) = 832 > fstat(3, {st_mode=S_IFREG|0755, st_size=180608, ...}) = 0 > mmap(0x3677400000, 2287968, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3677400000 > mprotect(0x3677429000, 2097152, PROT_NONE) = 0 > mmap(0x3677629000, 12288, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29000) = 0x3677629000 > mmap(0x367762c000, 10592, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x367762c000 > close(3) = 0 > open("/usr/lib64/libtcl8.4.so", O_RDONLY) = 3 > read(3, > "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\22bZ?\0\0\0"..., 832) = > 832 > fstat(3, {st_mode=S_IFREG|0755, st_size=805656, ...}) = 0 > mmap(0x3f5a600000, 2903528, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f5a600000 > mprotect(0x3f5a6bb000, 2093056, PROT_NONE) = 0 > mmap(0x3f5a8ba000, 40960, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xba000) = 0x3f5a8ba000 > mmap(0x3f5a8c4000, 3560, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f5a8c4000 > close(3) = 0 > open("/lib64/libdl.so.2", O_RDONLY) = 3 > read(3, > "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\16\240W?\0\0\0"..., 832) > = 832 > fstat(3, {st_mode=S_IFREG|0755, st_size=23360, ...}) = 0 > mmap(0x3f57a00000, 2109696, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f57a00000 > mprotect(0x3f57a02000, 2097152, PROT_NONE) = 0 > mmap(0x3f57c02000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x3f57c02000 > close(3) = 0 > open("/lib64/libpthread.so.0", O_RDONLY) = 3 > read(3, > "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240W\340W?\0\0\0"..., 832) > = 832 > fstat(3, {st_mode=S_IFREG|0755, st_size=145824, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = > 0x2ac429859000 > mmap(0x3f57e00000, 2204528, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f57e00000 > mprotect(0x3f57e16000, 2093056, PROT_NONE) = 0 > mmap(0x3f58015000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x3f58015000 > mmap(0x3f58017000, 13168, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f58017000 > close(3) = 0 > open("/lib64/libm.so.6", O_RDONLY) = 3 > read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`>\240X?\0\0\0"..., > 832) = 832 > fstat(3, {st_mode=S_IFREG|0755, st_size=615136, ...}) = 0 > mmap(0x3f58a00000, 2629848, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f58a00000 > mprotect(0x3f58a82000, 2093056, PROT_NONE) = 0 > mmap(0x3f58c81000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81000) = 0x3f58c81000 > close(3) = 0 > open("/lib64/libutil.so.1", O_RDONLY) = 3 > read(3, > "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\16\340Z?\0\0\0"..., > 832) = 832 > fstat(3, {st_mode=S_IFREG|0755, st_size=18152, ...}) = 0 > mmap(0x3f5ae00000, 2105616, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f5ae00000 > mprotect(0x3f5ae02000, 2093056, PROT_NONE) = 0 > mmap(0x3f5b001000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x3f5b001000 > close(3) = 0 > open("/lib64/libc.so.6", O_RDONLY) = 3 > read(3, > "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\332aW?\0\0\0"..., 832) > = 832 > fstat(3, {st_mode=S_IFREG|0755, st_size=1722304, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = > 0x2ac42985a000 > mmap(0x3f57600000, 3502424, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f57600000 > mprotect(0x3f5774e000, 2097152, PROT_NONE) = 0 > mmap(0x3f5794e000, 20480, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14e000) = 0x3f5794e000 > mmap(0x3f57953000, 16728, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f57953000 > close(3) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = > 0x2ac42985b000 > arch_prctl(ARCH_SET_FS, 0x2ac42985b790) = 0 > mprotect(0x3f57c02000, 4096, PROT_READ) = 0 > mprotect(0x3f58015000, 4096, PROT_READ) = 0 > mprotect(0x3f58c81000, 4096, PROT_READ) = 0 > mprotect(0x3f5b001000, 4096, PROT_READ) = 0 > mprotect(0x3f5794e000, 16384, PROT_READ) = 0 > mprotect(0x3f5741c000, 4096, PROT_READ) = 0 > munmap(0x2ac429851000, 32295) = 0 > set_tid_address(0x2ac42985b820) = 6256 > set_robust_list(0x2ac42985b830, 0x18) = 0 > futex(0x7fff824f43cc, FUTEX_WAKE_PRIVATE, 1) = 0 > rt_sigaction(SIGRTMIN, {0x3f57e05380, [], SA_RESTORER|SA_SIGINFO, > 0x3f57e0eb70}, NULL, 8) = 0 > rt_sigaction(SIGRT_1, {0x3f57e052b0, [], > SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x3f57e0eb70}, NULL, 8) = 0 > rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 > getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0 > lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) > lseek(1, 0, SEEK_CUR) = 0 > lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) > rt_sigaction(SIGPIPE, {0x1, [PIPE], SA_RESTORER|SA_RESTART, 0x3f576302d0}, > {SIG_DFL, [], 0}, 8) = 0 > brk(0) = 0x145bd000 > brk(0x145de000) = 0x145de000 > mmap(NULL, 10489856, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS|MAP_32BIT, -1, 0) = 0x40e28000 > mprotect(0x40e28000, 4096, PROT_NONE) = 0 > clone(child_stack=0x41828250, > flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLON7 > futex(0x145c1924, FUTEX_WAIT_PRIVATE, 1, NULL) = 0 > futex(0x145bdb30, FUTEX_WAIT_PRIVATE, 2, NULL) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > uname({sys="Linux", node="LINUXBOX", ...}) = 0 > open("/usr/lib/locale/locale-archive", O_RDONLY) = 5 > fstat(5, {st_mode=S_IFREG|0644, st_size=56459024, ...}) = 0 > mmap(NULL, 56459024, PROT_READ, MAP_PRIVATE, 5, 0) = 0x2aaaaaaab000 > close(5) = 0 > lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0 > lstat("/usr/lib/tcl8.4", {st_mode=S_IFLNK|0777, st_size=17, ...}) = 0 > readlink("/usr/lib/tcl8.4", "/usr/share/tcl8.4"..., 4096) = 17 > lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat("/usr/share/tcl8.4", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat("/usr/share/tcl8.4/encoding", {st_mode=S_IFDIR|0755, st_size=4096, > ...}) = 0 > open("/usr/share/tcl8.4/encoding/iso8859-1.enc", O_RDONLY) = 5 > fcntl(5, F_SETFD, FD_CLOEXEC) = 0 > ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f39b0) = -1 ENOTTY > (Inappropriate ioctl for device) > brk(0x14600000) = 0x14600000 > read(5, "# Encoding file: iso8859-1, sing"..., 4096) = 1094 > read(5, "", 4096) = 0 > close(5) = 0 > lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat("/usr/share/tcl8.4", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > access("/usr/share/tcl8.4/init.tcl", F_OK) = 0 > stat("/usr/share/tcl8.4/init.tcl", {st_mode=S_IFREG|0644, st_size=22674, > ...}) = 0 > open("/usr/share/tcl8.4/init.tcl", O_RDONLY) = 5 > fcntl(5, F_SETFD, FD_CLOEXEC) = 0 > ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f2fe0) = -1 ENOTTY > (Inappropriate ioctl for device) > read(5, "# init.tcl --\n#\n# Default system"..., 4096) = 4096 > read(5, " the following steps to make the"..., 4096) = 4096 > read(5, "in \\\"unknown\\\"\" {} \\\n\t\t\t[list CO"..., 4096) = 4096 > read(5, "guments: \n# None.\n\nproc auto_loa"..., 4096) = 4096 > read(5, " namespace eval :: "..., 4096) = 4096 > read(5, " give a more precise\n\t# error me"..., 4096) = 2194 > read(5, "", 4096) = 0 > close(5) = 0 > brk(0x14624000) = 0x14624000 > open("/dev/tty", O_RDWR) = 5 > ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > ioctl(5, TIOCGWINSZ, {ws_row=33, ws_col=145, ws_xpixel=0, ws_ypixel=0}) = 0 > ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f42a0) = -1 ENOTTY > (Inappropriate ioctl for device) > ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) > ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > lseek(1, 0, SEEK_CUR) = 0 > ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f4120) = -1 ENOTTY > (Inappropriate ioctl for device) > getsockname(1, 0x7fff824f41f0, [16]) = -1 ENOTSOCK (Socket operation on > non-socket) > lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) > ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) > fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 > fcntl(0, F_GETFL) = 0x8802 (flags > O_RDWR|O_NONBLOCK|O_LARGEFILE) > ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > fcntl(2, F_GETFL) = 0x8802 (flags > O_RDWR|O_NONBLOCK|O_LARGEFILE) > fcntl(2, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 > fcntl(2, F_GETFL) = 0x8802 (flags > O_RDWR|O_NONBLOCK|O_LARGEFILE) > fcntl(5, F_SETFD, FD_CLOEXEC) = 0 > fcntl(5, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) > fcntl(5, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 > fcntl(5, F_GETFL) = 0x8802 (flags > O_RDWR|O_NONBLOCK|O_LARGEFILE) > rt_sigaction(SIGINT, {0x367741a760, [INT], SA_RESTORER|SA_RESTART, > 0x3f576302d0}, {SIG_DFL, [], 0}, 8) = 0 > rt_sigaction(SIGTERM, {0x367741a760, [TERM], SA_RESTORER|SA_RESTART, > 0x3f576302d0}, {SIG_DFL, [], 0}, 8) = 0 > open("/usr/lib/expect5.43/expect.rc", O_RDONLY) = -1 ENOENT (No such file > or directory) > open("/COMPANY/site_home/USER/.expect.rc", O_RDONLY) = -1 ENOENT (No such > file or directory) > lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat("/usr/libexec", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat("/usr/libexec/rancid", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > stat("/usr/libexec/rancid/hlogin", {st_mode=S_IFREG|0755, st_size=22702, > ...}) = 0 > open("/usr/libexec/rancid/hlogin", O_RDONLY) = 6 > fcntl(6, F_SETFD, FD_CLOEXEC) = 0 > ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f4020) = -1 ENOTTY > (Inappropriate ioctl for device) > read(6, "#! /usr/bin/expect --\n##\n## $Id:"..., 4096) = 4096 > read(6, " # This uses \"id\" which I think "..., 4096) = 4096 > read(6, "# This is a helper function to m"..., 4096) = 4096 > read(6, ";\n\t if !$progs {\n\t\tsend_user "..., 4096) = 4096 > read(6, "\t\t\t\t\t catch {send \" \"};\n\t\t\t\t\t "..., 4096) = 4096 > brk(0x1464c000) = 0x1464c000 > brk(0x14648000) = 0x14648000 > read(6, "ompt\" == \"\" } {\n\tset p_prompt \"("..., 4096) = 2222 > read(6, "", 4096) = 0 > close(6) = 0 > lstat("/COMPANY", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 > lstat("/COMPANY/site_home", {st_mode=S_IFDIR|0755, st_size=118784, ...}) = > 0 > lstat("/COMPANY/site_home/USER", {st_mode=S_IFDIR|S_ISGID|0750, > st_size=4096, ...}) = 0 > access("/COMPANY/site_home/USER/.cloginrc", F_OK) = 0 > stat("/COMPANY/site_home/USER/.cloginrc", {st_mode=S_IFREG|0600, > st_size=130, ...}) = 0 > stat("/COMPANY/site_home/USER/.cloginrc", {st_mode=S_IFREG|0600, > st_size=130, ...}) = 0 > open("/COMPANY/site_home/USER/.cloginrc", O_RDONLY) = 6 > fcntl(6, F_SETFD, FD_CLOEXEC) = 0 > ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f30f0) = -1 ENOTTY > (Inappropriate ioctl for device) > read(6, "add method * ssh\nadd user * test"..., 4096) = 130 > read(6, "", 4096) = 0 > close(6) = 0 > brk(0x1466c000) = 0x1466c000 > write(1, "HOSTNAME\n", 9) = 9 > brk(0x14690000) = 0x14690000 > write(1, "spawn", 5) = 5 > write(1, " ", 1) = 1 > write(1, "hpuifilter", 10) = 10 > write(1, " ", 1) = 1 > write(1, "--", 2) = 2 > write(1, " ", 1) = 1 > write(1, "ssh", 3) = 3 > write(1, " ", 1) = 1 > write(1, "-i", 2) = 2 > write(1, " ", 1) = 1 > write(1, "/COMPANY/site_home/USER/.ssh"..., 39) = 39 > write(1, " ", 1) = 1 > write(1, "-c", 2) = 2 > write(1, " ", 1) = 1 > write(1, "3des", 4) = 4 > write(1, " ", 1) = 1 > write(1, "-x", 2) = 2 > write(1, " ", 1) = 1 > write(1, "-l", 2) = 2 > write(1, " ", 1) = 1 > write(1, "test", 4) = 4 > write(1, " ", 1) = 1 > write(1, "HOSTNAME", 8) = 8 > write(1, "\r\n", 2) = 2 > open("/dev/ptmx", O_RDWR) = 6 > statfs("/dev/pts", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, f_blocks=0, > f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen0 > ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > ioctl(6, TIOCGPTN, [3]) = 0 > stat("/dev/pts/3", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = > 0 > statfs("/dev/pts/3", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, > f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, > f_namel0 > ioctl(6, TIOCSPTLCK, [0]) = 0 > ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > ioctl(6, TIOCGPTN, [3]) = 0 > stat("/dev/pts/3", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = > 0 > open("/dev/pts/3", O_RDWR|O_NOCTTY) = 7 > ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > readlink("/proc/self/fd/7", "/dev/pts/3"..., 4095) = 10 > close(7) = 0 > fcntl(6, F_SETFD, FD_CLOEXEC) = 0 > pipe([7, 8]) = 0 > pipe([9, 10]) = 0 > pipe([11, 12]) = 0 > clone(child_stack=0, > flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, > child_tidptr=0x2ac42985b820) = 6258 > close(8) = 0 > close(9) = 0 > close(12) = 0 > fcntl(6, F_SETFD, FD_CLOEXEC) = 0 > fcntl(6, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) > fcntl(6, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 > fcntl(6, F_GETFL) = 0x8802 (flags > O_RDWR|O_NONBLOCK|O_LARGEFILE) > read(7, " ", 1) = 1 > write(10, " ", 1) = 1 > close(7) = 0 > close(10) = 0 > read(11, "", 4) = 0 > close(11) = 0 > clock_gettime(CLOCK_REALTIME, {1327052097, 956733000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 1, {0, 299932000}) = -1 ETIMEDOUT > (Connection timed out) > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > brk(0x146b4000) = 0x146b4000 > brk(0x146d8000) = 0x146d8000 > brk(0x146fa000) = 0x146fa000 > brk(0x146f4000) = 0x146f4000 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052098, 261705000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 3, {44, 999845000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, "We'd like to keep you up to date"..., 4096) = 42 > write(1, "We'd like to keep you up to date"..., 42) = 42 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 489667000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 5, {43, 999847000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, " * Software feature updates\r\r\n", 4096) = 31 > write(1, " * Software feature updates\r\r\n", 31) = 31 > brk(0x14716000) = 0x14716000 > brk(0x14704000) = 0x14704000 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 490805000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 7, {43, 999849000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, " * New product announcements\r\r\n", 4096) = 32 > write(1, " * New product announcements\r\r\n", 32) = 32 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 491718000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 9, {43, 999851000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, " * Special events\r\r\n", 4096) = 21 > write(1, " * Special events\r\r\n", 21) = 21 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 492653000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 11, {43, 999812000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, "\r\r\n", 4096) = 3 > write(1, "\r\r\n", 3) = 3 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 493894000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 13, {43, 999803000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, "Please register your products no"..., 4096) = 58 > write(1, "Please register your products no"..., 58) = 58 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 494800000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 15, {43, 999851000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, "\r\r\n", 4096) = 3 > write(1, "\r\r\n", 3) = 3 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 495717000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 17, {43, 999851000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, "\r\r\n", 4096) = 3 > write(1, "\r\r\n", 3) = 3 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 496640000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 19, {43, 999851000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, "ProCurve J8697A Switch 5406zl\r\r\r"..., 4096) = 279 > write(1, "ProCurve J8697A Switch 5406zl\r\r\r"..., 279) = 279 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 750560000}) = 0 > futex(0x14673f40, FUTEX_WAKE_PRIVATE, 1) = 1 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 21, {43, 999800000}) = -1 EAGAIN > (Resource temporarily unavailable) > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, " as set forth in subdivision (b)"..., 4096) = 204 > write(1, " as set forth in subdivision (b)"..., 204) = 204 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 751914000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 23, {43, 999807000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, "Press any key to continue", 4096) = 25 > write(1, "Press any key to continue", 25) = 25 > write(6, " ", 1) = 1 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 950814000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 25, {44, 999808000}) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > read(6, "HOSTNAME# ", 4096) = 10 > write(1, "HOSTNAME# ", 10) = 10 > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > clock_gettime(CLOCK_REALTIME, {1327052099, 969335000}) = 0 > futex(0x14673f44, FUTEX_WAIT_PRIVATE, 27, {44, 999848000} > ) = -1 ETIMEDOUT (Connection timed out) > write(4, "\0", 1) = 1 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > write(1, "\nError: TIMEOUT reached\n", 24) = 24 > fcntl(6, F_GETFL) = 0x8802 (flags > O_RDWR|O_NONBLOCK|O_LARGEFILE) > fcntl(6, F_SETFL, O_RDWR|O_LARGEFILE) = 0 > fcntl(6, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) > write(6, "", 0) = 0 > rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 > rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > nanosleep({1, 0}, {1, 0}) = 0 > close(6) = 0 > open("/dev/null", O_RDONLY) = 6 > fcntl(6, F_SETFD, FD_CLOEXEC) = 0 > wait4(6258, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 6258 > ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo > ...}) = 0 > fcntl(5, F_GETFL) = 0x8802 (flags > O_RDWR|O_NONBLOCK|O_LARGEFILE) > fcntl(5, F_SETFL, O_RDWR|O_LARGEFILE) = 0 > fcntl(5, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) > close(5) = 0 > open("/dev/null", O_RDONLY) = 5 > fcntl(5, F_SETFD, FD_CLOEXEC) = 0 > fcntl(2, F_GETFL) = 0x8802 (flags > O_RDWR|O_NONBLOCK|O_LARGEFILE) > fcntl(2, F_SETFL, O_RDWR|O_LARGEFILE) = 0 > fcntl(2, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) > close(2) = 0 > open("/dev/null", O_RDONLY) = 2 > fcntl(2, F_SETFD, FD_CLOEXEC) = 0 > fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) > fcntl(0, F_SETFL, O_RDWR|O_LARGEFILE) = 0 > fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) > write(1, "", 0) = 0 > rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 > rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > nanosleep({1, 0}, {1, 0}) = 0 > close(0) = 0 > close(1) = 0 > open("/dev/null", O_RDONLY) = 0 > fcntl(0, F_SETFD, FD_CLOEXEC) = 0 > fcntl(6, F_GETFL) = 0x8000 (flags > O_RDONLY|O_LARGEFILE) > fcntl(6, F_SETFL, O_RDONLY|O_LARGEFILE) = 0 > fcntl(6, F_GETFL) = 0x8000 (flags > O_RDONLY|O_LARGEFILE) > write(6, "", 0) = -1 EBADF (Bad file descriptor) > close(6) = 0 > write(4, "q", 1) = 1 > close(4) = 0 > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 > futex(0x145c1920, FUTEX_WAKE_PRIVATE, 1) = 1 > futex(0x145c1924, FUTEX_WAIT_PRIVATE, 3, NULL) = -1 EAGAIN (Resource > temporarily unavailable) > futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 > exit_group(1) = ? > ---3--- > > It seems to complain about some files missing: > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > open("/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such > file or directory) > stat("/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file > or directory) > stat("/lib64/tls", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such > file or directory) > stat("/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/lib64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/usr/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No > such file or directory) > stat("/usr/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/usr/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such > file or directory) > open("/usr/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such > file or directory) > stat("/usr/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or > directory) > open("/usr/lib/expect5.43/expect.rc", O_RDONLY) = -1 ENOENT (No such file > or directory) > open("/COMPANY/site_home/USER/.expect.rc", O_RDONLY) = -1 ENOENT (No such > file or directory) > > -bash-3.2$ locate expect > /usr/bin/autoexpect > /usr/bin/expect > /usr/lib/expect5.43 > /usr/lib/libexpect5.43.so > /usr/lib/expect5.43/cat-buffers > /usr/lib/expect5.43/pkgIndex.tcl > /usr/lib64/expect5.43 > /usr/lib64/libexpect5.43.so > /usr/lib64/expect5.43/cat-buffers > /usr/lib64/expect5.43/pkgIndex.tcl > /usr/share/man/man1/autoexpect.1.gz > /usr/share/man/man1/expect.1.gz > /usr/share/man/overrides/man1/expect.1.gz > /usr/share/vim/vim70/syntax/expect.vim > > Just installed rancid from yum on RHEL5.7 64 bit - what could I have done > wrong... ? > Urgent - Please can anyone help...? > > > > Thanks in advance :-) ! > > ~maymann > > > 2012/1/11 shouldbe q931 > >> On Wed, Jan 11, 2012 at 4:50 PM, Michael Maymann >> wrote: >> > Hi Shouldbe, >> > >> > Sorry for not stating this... busy day at work...: >> > tried to change "show system-information" -> "show system" to hrancid >> but >> > still: >> > hlogin -c "sh ver" >> > is "hanging"... >> > >> > So it seems I have run into 2 problems: >> > 1. trying to use hlogin with ssh-key-share (add identity * id_rsa) >> > configured to .cloginrc is still giving an error about password is >> missing >> > in .cloginrc. "ssh user at host" is working fine with key-sharing >> > (password-lessly)... >> > 2. hlogin is "hanging" also if I use username/password directly in >> .cloginrc >> > and even if I make the modifications to hrancid (stated above...) >> > >> > Am I using this wrong somehow, as it works for you...? >> > Shouldbe: can you provide your .cloginrc and a tar of rancid-bin-dir >> (where >> > hlogin/hrancid etc is located)... and perhaps give examples of how you >> use >> > the tool to run commands on HP ProCurve equipment. >> > Heasley: is this an easy/quick fix or can you recommend anything else >> that >> > is working with both HP ProCurve and Cisco equipment... ? >> > >> > >> > Thanks in advance :-) ! >> > ~maymann >> > >> > >> >> I've attached a copy of hrancid, and what we "see" via ViewVC on the >> rancid box >> >> I've had to slightly sanitise the output... >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From paolo at paolodemichele.it Mon Jan 23 18:18:07 2012 From: paolo at paolodemichele.it (Paolo De Michele) Date: Mon, 23 Jan 2012 19:18:07 +0100 Subject: [rancid] .cloginrc - problem with password Message-ID: <4F1DA45F.10601@paolodemichele.it> hi list, I have problems to authenticate my cisco router with passwordi to enable. the scenario is as follows: - authentication password has special characters, uppercase letters, lowercase letters and numbers - enable password has capital letters, lowercase letters and numbers my .cloginrc is: add method {ssh} add user 10.0.0.3 username add userpassword 10.0.0.3 {P-------l----3--------@} add enauser 10.0.0.3 {L------x-x-0----l-------} I also tried: add method {ssh} add user 10.0.0.3 username add userpassword 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} the problem is that I am logging to the router but not in enable. something wrong in the syntax of the file. cloginrc? I look forward to your help thanks in advance -------------- next part -------------- An HTML attachment was scrubbed... URL: From paolo at paolodemichele.it Mon Jan 23 19:20:45 2012 From: paolo at paolodemichele.it (Paolo De Michele) Date: Mon, 23 Jan 2012 20:20:45 +0100 Subject: [rancid] .cloginrc - problem with password In-Reply-To: <4F1DB16E.5040101@paolodemichele.it> References: <4F1DB16E.5040101@paolodemichele.it> Message-ID: <4F1DB30D.8000505@paolodemichele.it> On 01/23/2012 07:51 PM, heasley wrote: > Mon, Jan 23, 2012 at 07:18:07PM +0100, Paolo De Michele: >> hi list, >> I have problems to authenticate my cisco router with passwordi to enable. >> >> the scenario is as follows: >> - authentication password has special characters, uppercase letters, >> lowercase letters and numbers > see the cloginrc(5) manpage for dealing with special characters, the > format of userpassword and enauser and autoenable. now, my .cloginrc is: add method * {ssh} add user * {-------------} add userpassword * {Pxxxxxxxxxx3xxxxx@} add passprompt {"L-----------------c3------"} from console: xxxxxxxxxx at 10.x.x.x's password: cxxxxxx>enable Password: Password: Password: % Bad secrets I am sure that the enable password I put is correct, but I don't understand where I'm wrong syntax >> - enable password has capital letters, lowercase letters and numbers >> >> my .cloginrc is: >> >> add method {ssh} >> add user 10.0.0.3 username >> add userpassword 10.0.0.3 {P-------l----3--------@} >> add enauser 10.0.0.3 {L------x-x-0----l-------} >> >> I also tried: >> >> >> add method {ssh} >> add user 10.0.0.3 username >> add userpassword 10.0.0.3 {P-------l----3--------@} >> {L------x-x-0----l-------} >> >> >> >> the problem is that I am logging to the router but not in enable. >> something wrong in the syntax of the file. cloginrc? >> I look forward to your help >> thanks in advance >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From gabbawp at gmail.com Mon Jan 23 19:31:39 2012 From: gabbawp at gmail.com (Gareth Hopkins) Date: Mon, 23 Jan 2012 21:31:39 +0200 Subject: [rancid] .cloginrc - problem with password In-Reply-To: <4F1DA45F.10601@paolodemichele.it> References: <4F1DA45F.10601@paolodemichele.it> Message-ID: <7BDCE22D-D82A-4A1D-896D-9FCC26A44954@gmail.com> Hi, Try just with add password. > add password 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} As per the clogin sample file # add userpassword # The password for user if different than the password set # using 'add password'. Cheers, Gareth On 23 Jan 2012, at 8:18 PM, Paolo De Michele wrote: > hi list, > I have problems to authenticate my cisco router with passwordi to enable. > > the scenario is as follows: > - authentication password has special characters, uppercase letters, lowercase letters and numbers > - enable password has capital letters, lowercase letters and numbers > > my .cloginrc is: > > add method {ssh} > add user 10.0.0.3 username > add userpassword 10.0.0.3 {P-------l----3--------@} > add enauser 10.0.0.3 {L------x-x-0----l-------} > > I also tried: > > > add method {ssh} > add user 10.0.0.3 username > add userpassword 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} > > > > the problem is that I am logging to the router but not in enable. something wrong in the syntax of the file. cloginrc? > I look forward to your help > thanks in advance > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From paolo at paolodemichele.it Mon Jan 23 19:45:44 2012 From: paolo at paolodemichele.it (Paolo De Michele) Date: Mon, 23 Jan 2012 20:45:44 +0100 Subject: [rancid] .cloginrc - problem with password In-Reply-To: <7BDCE22D-D82A-4A1D-896D-9FCC26A44954@gmail.com> References: <4F1DA45F.10601@paolodemichele.it> <7BDCE22D-D82A-4A1D-896D-9FCC26A44954@gmail.com> Message-ID: <4F1DB8E8.4010301@paolodemichele.it> On 01/23/2012 08:31 PM, Gareth Hopkins wrote: > Hi, hi Gareth, > > Try just with add password. > >> add password 10.0.0.3 >> {P-------l----3--------@} {L------x-x-0----l-------} > > As per the clogin sample file > > > > # add userpassword > # The password for user if different than the password set > # using 'add password'. now it's correctly? add *userpassword* 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} > > > > Cheers, > > Gareth > > On 23 Jan 2012, at 8:18 PM, Paolo De Michele wrote: > >> hi list, >> I have problems to authenticate my cisco router with passwordi to enable. >> >> the scenario is as follows: >> - authentication password has special characters, uppercase >> letters, lowercase letters and numbers >> - enable password has capital letters, lowercase letters and numbers >> >> my .cloginrc is: >> >> add method {ssh} >> add user 10.0.0.3 username >> add userpassword 10.0.0.3 {P-------l----3--------@} >> add enauser 10.0.0.3 {L------x-x-0----l-------} >> >> I also tried: >> >> >> add method {ssh} >> add user 10.0.0.3 username >> add userpassword 10.0.0.3 {P-------l----3--------@} >> {L------x-x-0----l-------} >> >> >> >> the problem is that I am logging to the router but not in enable. >> something wrong in the syntax of the file. cloginrc? >> I look forward to your help >> thanks in advance >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gabbawp at gmail.com Mon Jan 23 19:56:32 2012 From: gabbawp at gmail.com (Gareth Hopkins) Date: Mon, 23 Jan 2012 21:56:32 +0200 Subject: [rancid] .cloginrc - problem with password In-Reply-To: <4F1DB8E8.4010301@paolodemichele.it> References: <4F1DA45F.10601@paolodemichele.it> <7BDCE22D-D82A-4A1D-896D-9FCC26A44954@gmail.com> <4F1DB8E8.4010301@paolodemichele.it> Message-ID: <720FE67B-1D34-4F74-8D11-67CF94B54050@gmail.com> Hi, userpassword is only used if the password is different to the password set by the add password option. so change "add userpassword" to "add password" Cheers, Gareth On 23 Jan 2012, at 9:45 PM, Paolo De Michele wrote: > > > On 01/23/2012 08:31 PM, Gareth Hopkins wrote: >> >> Hi, > > hi Gareth, >> >> Try just with add password. >> >>> add password 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} >> >> >> As per the clogin sample file >> >> >> >> # add userpassword >> # The password for user if different than the password set >> # using 'add password'. > > now it's correctly? > > add userpassword 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} > >> >> >> >> Cheers, >> >> Gareth >> >> On 23 Jan 2012, at 8:18 PM, Paolo De Michele wrote: >> >>> hi list, >>> I have problems to authenticate my cisco router with passwordi to enable. >>> >>> the scenario is as follows: >>> - authentication password has special characters, uppercase letters, lowercase letters and numbers >>> - enable password has capital letters, lowercase letters and numbers >>> >>> my .cloginrc is: >>> >>> add method {ssh} >>> add user 10.0.0.3 username >>> add userpassword 10.0.0.3 {P-------l----3--------@} >>> add enauser 10.0.0.3 {L------x-x-0----l-------} >>> >>> I also tried: >>> >>> >>> add method {ssh} >>> add user 10.0.0.3 username >>> add userpassword 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} >>> >>> >>> >>> the problem is that I am logging to the router but not in enable. something wrong in the syntax of the file. cloginrc? >>> I look forward to your help >>> thanks in advance >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From gabbawp at gmail.com Mon Jan 23 20:04:38 2012 From: gabbawp at gmail.com (Gareth Hopkins) Date: Mon, 23 Jan 2012 22:04:38 +0200 Subject: [rancid] .cloginrc - problem with password In-Reply-To: <4F1DBCCA.8040400@paolodemichele.it> References: <4F1DA45F.10601@paolodemichele.it> <7BDCE22D-D82A-4A1D-896D-9FCC26A44954@gmail.com> <4F1DB8E8.4010301@paolodemichele.it> <720FE67B-1D34-4F74-8D11-67CF94B54050@gmail.com> <4F1DBCCA.8040400@paolodemichele.it> Message-ID: <085A97FD-C5E2-44A7-B592-AB048CE1343D@gmail.com> Do you perhaps have a global setting somewhere else in your clogin file as you only have an entry for 10.0.0.3 and not 10.0.0.6 which you are getting the error from. Cheers, Gareth On 23 Jan 2012, at 10:02 PM, Paolo De Michele wrote: > my .cloginrc: > > add user 10.0.0.3 xxxxxxxxxx > add password 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} > > output from console: > > administrator at 10.0.0.6's password: > Permission denied, please try again. > > Error: Check your passwd for 10.0.0.6 > > > excuse me, but I don't understand where I'm wrong > are inexperienced and if I don't go out in this point are completely blocked. Thanks again > > On 01/23/2012 08:56 PM, Gareth Hopkins wrote: >> >> Hi, >> >> userpassword is only used if the password is different to the password set by the add password option. >> >> so change "add userpassword" to "add password" >> >> Cheers, >> >> Gareth >> >> On 23 Jan 2012, at 9:45 PM, Paolo De Michele wrote: >> >>> >>> >>> On 01/23/2012 08:31 PM, Gareth Hopkins wrote: >>>> >>>> Hi, >>> >>> hi Gareth, >>>> >>>> Try just with add password. >>>> >>>>> add password 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} >>>> >>>> >>>> As per the clogin sample file >>>> >>>> >>>> >>>> # add userpassword >>>> # The password for user if different than the password set >>>> # using 'add password'. >>> >>> now it's correctly? >>> >>> add userpassword 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} >>> >>>> >>>> >>>> >>>> Cheers, >>>> >>>> Gareth >>>> >>>> On 23 Jan 2012, at 8:18 PM, Paolo De Michele wrote: >>>> >>>>> hi list, >>>>> I have problems to authenticate my cisco router with passwordi to enable. >>>>> >>>>> the scenario is as follows: >>>>> - authentication password has special characters, uppercase letters, lowercase letters and numbers >>>>> - enable password has capital letters, lowercase letters and numbers >>>>> >>>>> my .cloginrc is: >>>>> >>>>> add method {ssh} >>>>> add user 10.0.0.3 username >>>>> add userpassword 10.0.0.3 {P-------l----3--------@} >>>>> add enauser 10.0.0.3 {L------x-x-0----l-------} >>>>> >>>>> I also tried: >>>>> >>>>> >>>>> add method {ssh} >>>>> add user 10.0.0.3 username >>>>> add userpassword 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} >>>>> >>>>> >>>>> >>>>> the problem is that I am logging to the router but not in enable. something wrong in the syntax of the file. cloginrc? >>>>> I look forward to your help >>>>> thanks in advance >>>>> _______________________________________________ >>>>> Rancid-discuss mailing list >>>>> Rancid-discuss at shrubbery.net >>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From paolo at paolodemichele.it Mon Jan 23 20:02:18 2012 From: paolo at paolodemichele.it (Paolo De Michele) Date: Mon, 23 Jan 2012 21:02:18 +0100 Subject: [rancid] .cloginrc - problem with password In-Reply-To: <720FE67B-1D34-4F74-8D11-67CF94B54050@gmail.com> References: <4F1DA45F.10601@paolodemichele.it> <7BDCE22D-D82A-4A1D-896D-9FCC26A44954@gmail.com> <4F1DB8E8.4010301@paolodemichele.it> <720FE67B-1D34-4F74-8D11-67CF94B54050@gmail.com> Message-ID: <4F1DBCCA.8040400@paolodemichele.it> my .cloginrc: add user 10.0.0.3 xxxxxxxxxx add password 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} output from console: administrator at 10.0.0.6's password: Permission denied, please try again. Error: Check your passwd for 10.0.0.6 excuse me, but I don't understand where I'm wrong are inexperienced and if I don't go out in this point are completely blocked. Thanks again On 01/23/2012 08:56 PM, Gareth Hopkins wrote: > Hi, > > userpassword is only used if the password is different to the password > set by the add password option. > > so change "add userpassword" to "add password" > > Cheers, > > Gareth > > On 23 Jan 2012, at 9:45 PM, Paolo De Michele wrote: > >> >> >> On 01/23/2012 08:31 PM, Gareth Hopkins wrote: >>> Hi, >> >> hi Gareth, >>> >>> Try just with add password. >>> >>>> add password 10.0.0.3 >>>> {P-------l----3--------@} {L------x-x-0----l-------} >>> >>> As per the clogin sample file >>> >>> >>> >>> # add userpassword >>> # The password for user if different than the password set >>> # using 'add password'. >> >> now it's correctly? >> >> add *userpassword* 10.0.0.3 >> {P-------l----3--------@} {L------x-x-0----l-------} >> >>> >>> >>> >>> Cheers, >>> >>> Gareth >>> >>> On 23 Jan 2012, at 8:18 PM, Paolo De Michele wrote: >>> >>>> hi list, >>>> I have problems to authenticate my cisco router with passwordi to >>>> enable. >>>> >>>> the scenario is as follows: >>>> - authentication password has special characters, uppercase >>>> letters, lowercase letters and numbers >>>> - enable password has capital letters, lowercase letters and >>>> numbers >>>> >>>> my .cloginrc is: >>>> >>>> add method {ssh} >>>> add user 10.0.0.3 username >>>> add userpassword 10.0.0.3 {P-------l----3--------@} >>>> add enauser 10.0.0.3 {L------x-x-0----l-------} >>>> >>>> I also tried: >>>> >>>> >>>> add method {ssh} >>>> add user 10.0.0.3 username >>>> add userpassword 10.0.0.3 {P-------l----3--------@} >>>> {L------x-x-0----l-------} >>>> >>>> >>>> >>>> the problem is that I am logging to the router but not in enable. >>>> something wrong in the syntax of the file. cloginrc? >>>> I look forward to your help >>>> thanks in advance >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hugo.deprez at gmail.com Mon Jan 23 20:49:43 2012 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Mon, 23 Jan 2012 21:49:43 +0100 Subject: [rancid] Known_hosts issue with fortigate cluster Message-ID: Dear community, I just met an issue with the backup of a Fortigate 300A firewall. This is a cluster. Now the cluster is running on the slave member. My linux host is complaining about the public key which is not matching the one from the master. I would like to know how you guys, do you deal with this situation ? Regards Hugo -------------- next part -------------- An HTML attachment was scrubbed... URL: From froztbyte at froztbyte.net Mon Jan 23 20:54:58 2012 From: froztbyte at froztbyte.net (JP Viljoen) Date: Mon, 23 Jan 2012 22:54:58 +0200 Subject: [rancid] =?utf-8?q?Known=5Fhosts_issue_with_fortigate_cluster?= In-Reply-To: References: Message-ID: On Mon, 23 Jan 2012 21:49:43 +0100, Hugo Deprez wrote: > Dear community, > > I just met an issue with the backup of a Fortigate 300A firewall. > This is a cluster. > > Now the cluster is running on the slave member. My linux host is > complaining about the public key which is not matching the one from > the master. > I would like to know how you guys, do you deal with this situation ? From the ssh_config manpage, the option StrictHostKeyChecking: echo -en "Host *.fortigate.internal.domain.tld\n\tStrictHostKeyChecking: no" >> ~rancid/.ssh/config Adjust the host parameter to suit your environment as needed. -J From paolo at paolodemichele.it Mon Jan 23 21:16:43 2012 From: paolo at paolodemichele.it (Paolo De Michele) Date: Mon, 23 Jan 2012 22:16:43 +0100 Subject: [rancid] .cloginrc - problem with password In-Reply-To: <085A97FD-C5E2-44A7-B592-AB048CE1343D@gmail.com> References: <4F1DA45F.10601@paolodemichele.it> <7BDCE22D-D82A-4A1D-896D-9FCC26A44954@gmail.com> <4F1DB8E8.4010301@paolodemichele.it> <720FE67B-1D34-4F74-8D11-67CF94B54050@gmail.com> <4F1DBCCA.8040400@paolodemichele.it> <085A97FD-C5E2-44A7-B592-AB048CE1343D@gmail.com> Message-ID: <4F1DCE3B.2030804@paolodemichele.it> have the same password of all routers It is not a problem of global settings On 01/23/2012 09:04 PM, Gareth Hopkins wrote: > Do you perhaps have a global setting somewhere else in your clogin > file as you only have an entry for 10.0.0.3 > and not 10.0.0.6 which you are getting the error from. > > Cheers, > > Gareth > > On 23 Jan 2012, at 10:02 PM, Paolo De Michele wrote: > >> my .cloginrc: >> >> add user 10.0.0.3 xxxxxxxxxx >> add password 10.0.0.3 >> {P-------l----3--------@} {L------x-x-0----l-------} >> >> output from console: >> >> administrator at 10.0.0.6's password: >> Permission denied, please try again. >> >> Error: Check your passwd for 10.0.0.6 >> >> >> excuse me, but I don't understand where I'm wrong >> are inexperienced and if I don't go out in this point are completely >> blocked. Thanks again >> >> On 01/23/2012 08:56 PM, Gareth Hopkins wrote: >>> Hi, >>> >>> userpassword is only used if the password is different to the >>> password set by the add password option. >>> >>> so change "add userpassword" to "add password" >>> >>> Cheers, >>> >>> Gareth >>> >>> On 23 Jan 2012, at 9:45 PM, Paolo De Michele wrote: >>> >>>> >>>> >>>> On 01/23/2012 08:31 PM, Gareth Hopkins wrote: >>>>> Hi, >>>> >>>> hi Gareth, >>>>> >>>>> Try just with add password. >>>>> >>>>>> add password 10.0.0.3 >>>>>> {P-------l----3--------@} {L------x-x-0----l-------} >>>>> >>>>> As per the clogin sample file >>>>> >>>>> >>>>> >>>>> # add userpassword >>>>> # The password for user if different than the password set >>>>> # using 'add password'. >>>> >>>> now it's correctly? >>>> >>>> add *userpassword* 10.0.0.3 >>>> {P-------l----3--------@} {L------x-x-0----l-------} >>>> >>>>> >>>>> >>>>> >>>>> Cheers, >>>>> >>>>> Gareth >>>>> >>>>> On 23 Jan 2012, at 8:18 PM, Paolo De Michele wrote: >>>>> >>>>>> hi list, >>>>>> I have problems to authenticate my cisco router with passwordi to >>>>>> enable. >>>>>> >>>>>> the scenario is as follows: >>>>>> - authentication password has special characters, uppercase >>>>>> letters, lowercase letters and numbers >>>>>> - enable password has capital letters, lowercase letters and >>>>>> numbers >>>>>> >>>>>> my .cloginrc is: >>>>>> >>>>>> add method {ssh} >>>>>> add user 10.0.0.3 username >>>>>> add userpassword 10.0.0.3 {P-------l----3--------@} >>>>>> add enauser 10.0.0.3 {L------x-x-0----l-------} >>>>>> >>>>>> I also tried: >>>>>> >>>>>> >>>>>> add method {ssh} >>>>>> add user 10.0.0.3 username >>>>>> add userpassword 10.0.0.3 {P-------l----3--------@} >>>>>> {L------x-x-0----l-------} >>>>>> >>>>>> >>>>>> >>>>>> the problem is that I am logging to the router but not in enable. >>>>>> something wrong in the syntax of the file. cloginrc? >>>>>> I look forward to your help >>>>>> thanks in advance >>>>>> _______________________________________________ >>>>>> Rancid-discuss mailing list >>>>>> Rancid-discuss at shrubbery.net >>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>>> >>> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From list at soccergeek.net Mon Jan 23 21:30:28 2012 From: list at soccergeek.net (Aaron Smith) Date: Mon, 23 Jan 2012 13:30:28 -0800 Subject: [rancid] Known_hosts issue with fortigate cluster In-Reply-To: References: Message-ID: <4F1DD174.8020905@soccergeek.net> On 01/23/2012 12:49 PM, Hugo Deprez wrote: > Dear community, > > I just met an issue with the backup of a Fortigate 300A firewall. > This is a cluster. > > Now the cluster is running on the slave member. My linux host is > complaining about the public key which is not matching the one from the > master. > I would like to know how you guys, do you deal with this situation ? If you can't manage the SSH keys on the Fortigate units, you could set "StrictHostKeyChecking=no" in your SSH config or in the invocation of the SSH client. -- @@ron From daniel.schmidt at wyo.gov Mon Jan 23 21:34:19 2012 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Mon, 23 Jan 2012 14:34:19 -0700 Subject: [rancid] Known_hosts issue with fortigate cluster In-Reply-To: <4F1DD174.8020905@soccergeek.net> References: <4F1DD174.8020905@soccergeek.net> Message-ID: <5fae3fcaf482c608945de297c2ad470d@mail.gmail.com> Or ssh-keygen -R hostname -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Aaron Smith Sent: Monday, January 23, 2012 2:30 PM To: Hugo Deprez Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Known_hosts issue with fortigate cluster On 01/23/2012 12:49 PM, Hugo Deprez wrote: > Dear community, > > I just met an issue with the backup of a Fortigate 300A firewall. > This is a cluster. > > Now the cluster is running on the slave member. My linux host is > complaining about the public key which is not matching the one from > the master. > I would like to know how you guys, do you deal with this situation ? If you can't manage the SSH keys on the Fortigate units, you could set "StrictHostKeyChecking=no" in your SSH config or in the invocation of the SSH client. -- @@ron _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss E-Mail to and from me, in connection with the transaction of public business,is subject to the Wyoming Public Records Act, and may be disclosed to third parties. From paolo at paolodemichele.it Mon Jan 23 22:48:17 2012 From: paolo at paolodemichele.it (Paolo De Michele) Date: Mon, 23 Jan 2012 23:48:17 +0100 Subject: [rancid] .cloginrc - problem with password In-Reply-To: <4F1DCE3B.2030804@paolodemichele.it> References: <4F1DA45F.10601@paolodemichele.it> <7BDCE22D-D82A-4A1D-896D-9FCC26A44954@gmail.com> <4F1DB8E8.4010301@paolodemichele.it> <720FE67B-1D34-4F74-8D11-67CF94B54050@gmail.com> <4F1DBCCA.8040400@paolodemichele.it> <085A97FD-C5E2-44A7-B592-AB048CE1343D@gmail.com> <4F1DCE3B.2030804@paolodemichele.it> Message-ID: <4F1DE3B1.1070301@paolodemichele.it> my .cloginrc: add user 10.0.0.3 xxxxxxxxxx add password 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} from console: xxxxxxxxxx at 10.0.0.3's password: Permission denied, please try again. Error: Check your passwd for 10.0.0.3 why? On 01/23/2012 10:16 PM, Paolo De Michele wrote: > have the same password of all routers > It is not a problem of global settings > > On 01/23/2012 09:04 PM, Gareth Hopkins wrote: >> Do you perhaps have a global setting somewhere else in your clogin >> file as you only have an entry for 10.0.0.3 >> and not 10.0.0.6 which you are getting the error from. >> >> Cheers, >> >> Gareth >> >> On 23 Jan 2012, at 10:02 PM, Paolo De Michele wrote: >> >>> my .cloginrc: >>> >>> add user 10.0.0.3 xxxxxxxxxx >>> add password 10.0.0.3 >>> {P-------l----3--------@} {L------x-x-0----l-------} >>> >>> output from console: >>> >>> administrator at 10.0.0.6's password: >>> Permission denied, please try again. >>> >>> Error: Check your passwd for 10.0.0.6 >>> >>> >>> excuse me, but I don't understand where I'm wrong >>> are inexperienced and if I don't go out in this point are completely >>> blocked. Thanks again >>> >>> On 01/23/2012 08:56 PM, Gareth Hopkins wrote: >>>> Hi, >>>> >>>> userpassword is only used if the password is different to the >>>> password set by the add password option. >>>> >>>> so change "add userpassword" to "add password" >>>> >>>> Cheers, >>>> >>>> Gareth >>>> >>>> On 23 Jan 2012, at 9:45 PM, Paolo De Michele wrote: >>>> >>>>> >>>>> >>>>> On 01/23/2012 08:31 PM, Gareth Hopkins wrote: >>>>>> Hi, >>>>> >>>>> hi Gareth, >>>>>> >>>>>> Try just with add password. >>>>>> >>>>>>> add password 10.0.0.3 >>>>>>> {P-------l----3--------@} {L------x-x-0----l-------} >>>>>> >>>>>> As per the clogin sample file >>>>>> >>>>>> >>>>>> >>>>>> # add userpassword >>>>>> # The password for user if different than the password set >>>>>> # using 'add password'. >>>>> >>>>> now it's correctly? >>>>> >>>>> add *userpassword* 10.0.0.3 >>>>> {P-------l----3--------@} {L------x-x-0----l-------} >>>>> >>>>>> >>>>>> >>>>>> >>>>>> Cheers, >>>>>> >>>>>> Gareth >>>>>> >>>>>> On 23 Jan 2012, at 8:18 PM, Paolo De Michele wrote: >>>>>> >>>>>>> hi list, >>>>>>> I have problems to authenticate my cisco router with passwordi >>>>>>> to enable. >>>>>>> >>>>>>> the scenario is as follows: >>>>>>> - authentication password has special characters, uppercase >>>>>>> letters, lowercase letters and numbers >>>>>>> - enable password has capital letters, lowercase letters and >>>>>>> numbers >>>>>>> >>>>>>> my .cloginrc is: >>>>>>> >>>>>>> add method {ssh} >>>>>>> add user 10.0.0.3 username >>>>>>> add userpassword 10.0.0.3 {P-------l----3--------@} >>>>>>> add enauser 10.0.0.3 {L------x-x-0----l-------} >>>>>>> >>>>>>> I also tried: >>>>>>> >>>>>>> >>>>>>> add method {ssh} >>>>>>> add user 10.0.0.3 username >>>>>>> add userpassword 10.0.0.3 {P-------l----3--------@} >>>>>>> {L------x-x-0----l-------} >>>>>>> >>>>>>> >>>>>>> >>>>>>> the problem is that I am logging to the router but not in >>>>>>> enable. something wrong in the syntax of the file. cloginrc? >>>>>>> I look forward to your help >>>>>>> thanks in advance >>>>>>> _______________________________________________ >>>>>>> Rancid-discuss mailing list >>>>>>> Rancid-discuss at shrubbery.net >>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>>>> >>>> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From trix at basement.net Tue Jan 24 00:22:20 2012 From: trix at basement.net (Trix Farrar) Date: Mon, 23 Jan 2012 18:22:20 -0600 Subject: [rancid] .cloginrc - problem with password In-Reply-To: <4F1DE3B1.1070301@paolodemichele.it> References: <4F1DA45F.10601@paolodemichele.it> <7BDCE22D-D82A-4A1D-896D-9FCC26A44954@gmail.com> <4F1DB8E8.4010301@paolodemichele.it> <720FE67B-1D34-4F74-8D11-67CF94B54050@gmail.com> <4F1DBCCA.8040400@paolodemichele.it> <085A97FD-C5E2-44A7-B592-AB048CE1343D@gmail.com> <4F1DCE3B.2030804@paolodemichele.it> <4F1DE3B1.1070301@paolodemichele.it> Message-ID: <20120124002220.GE72300@basement.net> On Mon, Jan 23, 2012 at 11:48:17PM +0100, Paolo De Michele wrote: > my .cloginrc: > > add user 10.0.0.3 xxxxxxxxxx > add password 10.0.0.3 {P-------l----3--------@} {L------x-x-0----l-------} > > from console: > > xxxxxxxxxx at 10.0.0.3's password: > Permission denied, please try again. > > Error: Check your passwd for 10.0.0.3 > > why? > I'm willing to bet that the '@' is tripping you up. Try escaping it with a backslash ('\@' instead of '@') in the password portion of your ~/.cloginrc. I've run into that before. -- John D. "Trix" Farrar __\\|//__ Basement.NET trix at basement.net (` o-o ') http://www.basement.net/ -----------------------------------ooO-(_)-Ooo-------------------------- GPG Key Fprint: 525F DBA7 1A62 E4C4 E642 DF95 384B B851 3CEF C10A -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: From vincent at autistici.org Tue Jan 24 10:02:12 2012 From: vincent at autistici.org (vincent) Date: Tue, 24 Jan 2012 12:02:12 +0200 Subject: [rancid] get running-config to other network Message-ID: Hi, thanks theodoros I have modified my version on /home/rancid/bin/clogin but don't work. This is the diff from the original clogin file: http://paste.debian.net/153437/ I suppose the reason is the different version of clogin This is my .cloginrc file on /home/rancid/ add user * user add method 10.10.10.1 telnet add method 10.10.10.1 dssh:20.20.20.1 add password 10.10.10.1 password password add password 20.20.20.1 password password -- vincent +---------------------------------------------------------------------+ | GPG KeyID: 2048R/0C42E44E 2011-06-14 http://pgp.mit.edu | | Fingerprint GPG: AFD5 80B0 22C1 DCCB A2C5 8A4B F52F 0621 0C42 E44E | | () ascii ribbon campaign - against html e-mail | | /\ www.asciiribbon.org - against proprietary attachments | +---------------------------------------------------------------------+ From michael at maymann.org Wed Jan 25 12:44:38 2012 From: michael at maymann.org (Michael Maymann) Date: Wed, 25 Jan 2012 13:44:38 +0100 Subject: [rancid] .cloginrc identity still asking for password + hlogin timeout... Message-ID: Hi, Urgent - Please can anyone help...? Don't know why some of my emails don't get through to the list...trying with new subject...:-o ! I still haven't gotten this to work...: ---1---.cloginrc -bash-3.2$ cat .cloginrc add method * ssh add user * USER add identity * /COMPANY/site_home/USER/.ssh/ id_rsa add password HOSTNAME {PASSWORD} {PASSWORD} ---1--- ---2---just standard output -bash-3.2$ /usr/libexec/rancid/hlogin -c "sh ver" HOSTNAME HOSTNAME spawn hpuifilter -- ssh -i PATH_TO/.ssh/id_rsa -c 3des -x -l test HOSTNAME We'd like to keep you up to date about: * Software feature updates * New product announcements * Special events Please register your products now at: www.ProCurve.com ProCurve J8697A Switch 5406zl Software revision K.15.02.0005 Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continueHOSTNAME#...I PRESS HERE... Error: TIMEOUT reached ---2--- ---3---strace output ("/usr/libexec/rancid/hlogin", ["/usr/libexec/rancid/hlogin", "-c", "sh ver", "HOSTNAME"], [/* 18 vars */]) = 0 brk(0) = 0x145bd000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac42984f000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac429850000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=32295, ...}) = 0 mmap(NULL, 32295, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ac429851000 close(3) = 0 open("/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/usr/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/usr/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/usr/lib64/libexpect5.43.so", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\266 at w6\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=180608, ...}) = 0 mmap(0x3677400000, 2287968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3677400000 mprotect(0x3677429000, 2097152, PROT_NONE) = 0 mmap(0x3677629000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29000) = 0x3677629000 mmap(0x367762c000, 10592, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x367762c000 close(3) = 0 open("/usr/lib64/libtcl8.4.so", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\22bZ?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=805656, ...}) = 0 mmap(0x3f5a600000, 2903528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f5a600000 mprotect(0x3f5a6bb000, 2093056, PROT_NONE) = 0 mmap(0x3f5a8ba000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xba000) = 0x3f5a8ba000 mmap(0x3f5a8c4000, 3560, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f5a8c4000 close(3) = 0 open("/lib64/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\16\240W?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=23360, ...}) = 0 mmap(0x3f57a00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f57a00000 mprotect(0x3f57a02000, 2097152, PROT_NONE) = 0 mmap(0x3f57c02000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x3f57c02000 close(3) = 0 open("/lib64/libpthread.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240W\340W?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=145824, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac429859000 mmap(0x3f57e00000, 2204528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f57e00000 mprotect(0x3f57e16000, 2093056, PROT_NONE) = 0 mmap(0x3f58015000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x3f58015000 mmap(0x3f58017000, 13168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f58017000 close(3) = 0 open("/lib64/libm.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`>\240X?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=615136, ...}) = 0 mmap(0x3f58a00000, 2629848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f58a00000 mprotect(0x3f58a82000, 2093056, PROT_NONE) = 0 mmap(0x3f58c81000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81000) = 0x3f58c81000 close(3) = 0 open("/lib64/libutil.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\16\340Z?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=18152, ...}) = 0 mmap(0x3f5ae00000, 2105616, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f5ae00000 mprotect(0x3f5ae02000, 2093056, PROT_NONE) = 0 mmap(0x3f5b001000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x3f5b001000 close(3) = 0 open("/lib64/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\332aW?\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1722304, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac42985a000 mmap(0x3f57600000, 3502424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f57600000 mprotect(0x3f5774e000, 2097152, PROT_NONE) = 0 mmap(0x3f5794e000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14e000) = 0x3f5794e000 mmap(0x3f57953000, 16728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f57953000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac42985b000 arch_prctl(ARCH_SET_FS, 0x2ac42985b790) = 0 mprotect(0x3f57c02000, 4096, PROT_READ) = 0 mprotect(0x3f58015000, 4096, PROT_READ) = 0 mprotect(0x3f58c81000, 4096, PROT_READ) = 0 mprotect(0x3f5b001000, 4096, PROT_READ) = 0 mprotect(0x3f5794e000, 16384, PROT_READ) = 0 mprotect(0x3f5741c000, 4096, PROT_READ) = 0 munmap(0x2ac429851000, 32295) = 0 set_tid_address(0x2ac42985b820) = 6256 set_robust_list(0x2ac42985b830, 0x18) = 0 futex(0x7fff824f43cc, FUTEX_WAKE_PRIVATE, 1) = 0 rt_sigaction(SIGRTMIN, {0x3f57e05380, [], SA_RESTORER|SA_SIGINFO, 0x3f57e0eb70}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {0x3f57e052b0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x3f57e0eb70}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0 lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) lseek(1, 0, SEEK_CUR) = 0 lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) rt_sigaction(SIGPIPE, {0x1, [PIPE], SA_RESTORER|SA_RESTART, 0x3f576302d0}, {SIG_DFL, [], 0}, 8) = 0 brk(0) = 0x145bd000 brk(0x145de000) = 0x145de000 mmap(NULL, 10489856, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_32BIT, -1, 0) = 0x40e28000 mprotect(0x40e28000, 4096, PROT_NONE) = 0 clone(child_stack=0x41828250, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLON7 futex(0x145c1924, FUTEX_WAIT_PRIVATE, 1, NULL) = 0 futex(0x145bdb30, FUTEX_WAIT_PRIVATE, 2, NULL) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 uname({sys="Linux", node="LINUXBOX", ...}) = 0 open("/usr/lib/locale/locale-archive", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=56459024, ...}) = 0 mmap(NULL, 56459024, PROT_READ, MAP_PRIVATE, 5, 0) = 0x2aaaaaaab000 close(5) = 0 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0 lstat("/usr/lib/tcl8.4", {st_mode=S_IFLNK|0777, st_size=17, ...}) = 0 readlink("/usr/lib/tcl8.4", "/usr/share/tcl8.4"..., 4096) = 17 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share/tcl8.4", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share/tcl8.4/encoding", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/usr/share/tcl8.4/encoding/iso8859-1.enc", O_RDONLY) = 5 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f39b0) = -1 ENOTTY (Inappropriate ioctl for device) brk(0x14600000) = 0x14600000 read(5, "# Encoding file: iso8859-1, sing"..., 4096) = 1094 read(5, "", 4096) = 0 close(5) = 0 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share/tcl8.4", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 access("/usr/share/tcl8.4/init.tcl", F_OK) = 0 stat("/usr/share/tcl8.4/init.tcl", {st_mode=S_IFREG|0644, st_size=22674, ...}) = 0 open("/usr/share/tcl8.4/init.tcl", O_RDONLY) = 5 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f2fe0) = -1 ENOTTY (Inappropriate ioctl for device) read(5, "# init.tcl --\n#\n# Default system"..., 4096) = 4096 read(5, " the following steps to make the"..., 4096) = 4096 read(5, "in \\\"unknown\\\"\" {} \\\n\t\t\t[list CO"..., 4096) = 4096 read(5, "guments: \n# None.\n\nproc auto_loa"..., 4096) = 4096 read(5, " namespace eval :: "..., 4096) = 4096 read(5, " give a more precise\n\t# error me"..., 4096) = 2194 read(5, "", 4096) = 0 close(5) = 0 brk(0x14624000) = 0x14624000 open("/dev/tty", O_RDWR) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(5, TIOCGWINSZ, {ws_row=33, ws_col=145, ws_xpixel=0, ws_ypixel=0}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f42a0) = -1 ENOTTY (Inappropriate ioctl for device) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(1, 0, SEEK_CUR) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f4120) = -1 ENOTTY (Inappropriate ioctl for device) getsockname(1, 0x7fff824f41f0, [16]) = -1 ENOTSOCK (Socket operation on non-socket) lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 fcntl(0, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 fcntl(2, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(2, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 fcntl(2, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(5, F_SETFD, FD_CLOEXEC) = 0 fcntl(5, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) fcntl(5, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 fcntl(5, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) rt_sigaction(SIGINT, {0x367741a760, [INT], SA_RESTORER|SA_RESTART, 0x3f576302d0}, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGTERM, {0x367741a760, [TERM], SA_RESTORER|SA_RESTART, 0x3f576302d0}, {SIG_DFL, [], 0}, 8) = 0 open("/usr/lib/expect5.43/expect.rc", O_RDONLY) = -1 ENOENT (No such file or directory) open("/COMPANY/site_home/USER/.expect.rc", O_RDONLY) = -1 ENOENT (No such file or directory) lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/libexec", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/libexec/rancid", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/libexec/rancid/hlogin", {st_mode=S_IFREG|0755, st_size=22702, ...}) = 0 open("/usr/libexec/rancid/hlogin", O_RDONLY) = 6 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f4020) = -1 ENOTTY (Inappropriate ioctl for device) read(6, "#! /usr/bin/expect --\n##\n## $Id:"..., 4096) = 4096 read(6, " # This uses \"id\" which I think "..., 4096) = 4096 read(6, "# This is a helper function to m"..., 4096) = 4096 read(6, ";\n\t if !$progs {\n\t\tsend_user "..., 4096) = 4096 read(6, "\t\t\t\t\t catch {send \" \"};\n\t\t\t\t\t "..., 4096) = 4096 brk(0x1464c000) = 0x1464c000 brk(0x14648000) = 0x14648000 read(6, "ompt\" == \"\" } {\n\tset p_prompt \"("..., 4096) = 2222 read(6, "", 4096) = 0 close(6) = 0 lstat("/COMPANY", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 lstat("/COMPANY/site_home", {st_mode=S_IFDIR|0755, st_size=118784, ...}) = 0 lstat("/COMPANY/site_home/USER", {st_mode=S_IFDIR|S_ISGID|0750, st_size=4096, ...}) = 0 access("/COMPANY/site_home/USER/.cloginrc", F_OK) = 0 stat("/COMPANY/site_home/USER/.cloginrc", {st_mode=S_IFREG|0600, st_size=130, ...}) = 0 stat("/COMPANY/site_home/USER/.cloginrc", {st_mode=S_IFREG|0600, st_size=130, ...}) = 0 open("/COMPANY/site_home/USER/.cloginrc", O_RDONLY) = 6 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff824f30f0) = -1 ENOTTY (Inappropriate ioctl for device) read(6, "add method * ssh\nadd user * test"..., 4096) = 130 read(6, "", 4096) = 0 close(6) = 0 brk(0x1466c000) = 0x1466c000 write(1, "HOSTNAME\n", 9) = 9 brk(0x14690000) = 0x14690000 write(1, "spawn", 5) = 5 write(1, " ", 1) = 1 write(1, "hpuifilter", 10) = 10 write(1, " ", 1) = 1 write(1, "--", 2) = 2 write(1, " ", 1) = 1 write(1, "ssh", 3) = 3 write(1, " ", 1) = 1 write(1, "-i", 2) = 2 write(1, " ", 1) = 1 write(1, "/COMPANY/site_home/USER/.ssh"..., 39) = 39 write(1, " ", 1) = 1 write(1, "-c", 2) = 2 write(1, " ", 1) = 1 write(1, "3des", 4) = 4 write(1, " ", 1) = 1 write(1, "-x", 2) = 2 write(1, " ", 1) = 1 write(1, "-l", 2) = 2 write(1, " ", 1) = 1 write(1, "test", 4) = 4 write(1, " ", 1) = 1 write(1, "HOSTNAME", 8) = 8 write(1, "\r\n", 2) = 2 open("/dev/ptmx", O_RDWR) = 6 statfs("/dev/pts", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen0 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(6, TIOCGPTN, [3]) = 0 stat("/dev/pts/3", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0 statfs("/dev/pts/3", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namel0 ioctl(6, TIOCSPTLCK, [0]) = 0 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(6, TIOCGPTN, [3]) = 0 stat("/dev/pts/3", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0 open("/dev/pts/3", O_RDWR|O_NOCTTY) = 7 ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/7", "/dev/pts/3"..., 4095) = 10 close(7) = 0 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 pipe([7, 8]) = 0 pipe([9, 10]) = 0 pipe([11, 12]) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2ac42985b820) = 6258 close(8) = 0 close(9) = 0 close(12) = 0 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 fcntl(6, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) fcntl(6, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 fcntl(6, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) read(7, " ", 1) = 1 write(10, " ", 1) = 1 close(7) = 0 close(10) = 0 read(11, "", 4) = 0 close(11) = 0 clock_gettime(CLOCK_REALTIME, {1327052097, 956733000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 1, {0, 299932000}) = -1 ETIMEDOUT (Connection timed out) futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 brk(0x146b4000) = 0x146b4000 brk(0x146d8000) = 0x146d8000 brk(0x146fa000) = 0x146fa000 brk(0x146f4000) = 0x146f4000 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052098, 261705000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 3, {44, 999845000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "We'd like to keep you up to date"..., 4096) = 42 write(1, "We'd like to keep you up to date"..., 42) = 42 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 489667000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 5, {43, 999847000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, " * Software feature updates\r\r\n", 4096) = 31 write(1, " * Software feature updates\r\r\n", 31) = 31 brk(0x14716000) = 0x14716000 brk(0x14704000) = 0x14704000 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 490805000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 7, {43, 999849000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, " * New product announcements\r\r\n", 4096) = 32 write(1, " * New product announcements\r\r\n", 32) = 32 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 491718000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 9, {43, 999851000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, " * Special events\r\r\n", 4096) = 21 write(1, " * Special events\r\r\n", 21) = 21 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 492653000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 11, {43, 999812000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "\r\r\n", 4096) = 3 write(1, "\r\r\n", 3) = 3 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 493894000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 13, {43, 999803000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "Please register your products no"..., 4096) = 58 write(1, "Please register your products no"..., 58) = 58 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 494800000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 15, {43, 999851000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "\r\r\n", 4096) = 3 write(1, "\r\r\n", 3) = 3 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 495717000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 17, {43, 999851000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "\r\r\n", 4096) = 3 write(1, "\r\r\n", 3) = 3 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 496640000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 19, {43, 999851000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "ProCurve J8697A Switch 5406zl\r\r\r"..., 4096) = 279 write(1, "ProCurve J8697A Switch 5406zl\r\r\r"..., 279) = 279 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 750560000}) = 0 futex(0x14673f40, FUTEX_WAKE_PRIVATE, 1) = 1 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 21, {43, 999800000}) = -1 EAGAIN (Resource temporarily unavailable) futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, " as set forth in subdivision (b)"..., 4096) = 204 write(1, " as set forth in subdivision (b)"..., 204) = 204 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 751914000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 23, {43, 999807000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "Press any key to continue", 4096) = 25 write(1, "Press any key to continue", 25) = 25 write(6, " ", 1) = 1 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 950814000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 25, {44, 999808000}) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 read(6, "HOSTNAME# ", 4096) = 10 write(1, "HOSTNAME# ", 10) = 10 write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 clock_gettime(CLOCK_REALTIME, {1327052099, 969335000}) = 0 futex(0x14673f44, FUTEX_WAIT_PRIVATE, 27, {44, 999848000} ) = -1 ETIMEDOUT (Connection timed out) write(4, "\0", 1) = 1 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 write(1, "\nError: TIMEOUT reached\n", 24) = 24 fcntl(6, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(6, F_SETFL, O_RDWR|O_LARGEFILE) = 0 fcntl(6, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) write(6, "", 0) = 0 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({1, 0}, {1, 0}) = 0 close(6) = 0 open("/dev/null", O_RDONLY) = 6 fcntl(6, F_SETFD, FD_CLOEXEC) = 0 wait4(6258, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 6258 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 fcntl(5, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(5, F_SETFL, O_RDWR|O_LARGEFILE) = 0 fcntl(5, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) close(5) = 0 open("/dev/null", O_RDONLY) = 5 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 fcntl(2, F_GETFL) = 0x8802 (flags O_RDWR|O_NONBLOCK|O_LARGEFILE) fcntl(2, F_SETFL, O_RDWR|O_LARGEFILE) = 0 fcntl(2, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) close(2) = 0 open("/dev/null", O_RDONLY) = 2 fcntl(2, F_SETFD, FD_CLOEXEC) = 0 fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) fcntl(0, F_SETFL, O_RDWR|O_LARGEFILE) = 0 fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) write(1, "", 0) = 0 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({1, 0}, {1, 0}) = 0 close(0) = 0 close(1) = 0 open("/dev/null", O_RDONLY) = 0 fcntl(0, F_SETFD, FD_CLOEXEC) = 0 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fcntl(6, F_SETFL, O_RDONLY|O_LARGEFILE) = 0 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) write(6, "", 0) = -1 EBADF (Bad file descriptor) close(6) = 0 write(4, "q", 1) = 1 close(4) = 0 futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 1 futex(0x145c1920, FUTEX_WAKE_PRIVATE, 1) = 1 futex(0x145c1924, FUTEX_WAIT_PRIVATE, 3, NULL) = -1 EAGAIN (Resource temporarily unavailable) futex(0x145bdb30, FUTEX_WAKE_PRIVATE, 1) = 0 exit_group(1) = ? ---3--- It seems to complain about some files missing, but maybe this is not the root-cause...?: access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/lib64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/x86_64/libexpect5.43.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/x86_64", 0x7fff824f3880) = -1 ENOENT (No such file or directory) open("/usr/lib/expect5.43/expect.rc", O_RDONLY) = -1 ENOENT (No such file or directory) open("/COMPANY/site_home/USER/.expect.rc", O_RDONLY) = -1 ENOENT (No such file or directory) -bash-3.2$ locate expect /usr/bin/autoexpect /usr/bin/expect /usr/lib/expect5.43 /usr/lib/libexpect5.43.so /usr/lib/expect5.43/cat-buffers /usr/lib/expect5.43/pkgIndex.tcl /usr/lib64/expect5.43 /usr/lib64/libexpect5.43.so /usr/lib64/expect5.43/cat-buffers /usr/lib64/expect5.43/pkgIndex.tcl /usr/share/man/man1/autoexpect.1.gz /usr/share/man/man1/expect.1.gz /usr/share/man/overrides/man1/expect.1.gz /usr/share/vim/vim70/syntax/expect.vim Just installed rancid from yum on RHEL5.7 64 bit - what could I have done wrong... ? 1. .cloginrc identity still asks for password when remove the "add password" line: Any surgestions to how I can troubleshoot this further ? 2. hlogin is timeing out when running "/usr/libexec/rancid/hlogin -c "sh ver" HOSTNAME": Any surgestions to how I can troubleshoot this further ? Any help is very welcome, as we need to configure snmp+smtp traps+backup of 100+ devices very soon. Thanks in advance :-) ! Br. ~maymann -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Jan 25 16:49:38 2012 From: heas at shrubbery.net (heasley) Date: Wed, 25 Jan 2012 16:49:38 +0000 Subject: [rancid] .cloginrc identity still asking for password + hlogin timeout... In-Reply-To: References: Message-ID: <20120125164938.GB70808@shrubbery.net> Wed, Jan 25, 2012 at 01:44:38PM +0100, Michael Maymann: > I still haven't gotten this to work...: > ---1---.cloginrc > -bash-3.2$ cat .cloginrc > add method * ssh > add user * USER > add identity * /COMPANY/site_home/USER/.ssh/ > id_rsa > add password HOSTNAME {PASSWORD} {PASSWORD} > ---1--- > ---2---just standard output > Press any key to continueHOSTNAME#...I PRESS HERE... > > Error: TIMEOUT reached > ---2--- i didnt see a prompt for a password, so it'd seem that the key is working properly. i dont like that it didn't echo the \r response to "press any...". but, see autoenable in cloginrc(5). > It seems to complain about some files missing, but maybe this is not the > root-cause...?: likely all optional config files and libraries or just the sequential search of the path with which the linker is configured. From michael at maymann.org Wed Jan 25 17:03:26 2012 From: michael at maymann.org (Michael Maymann) Date: Wed, 25 Jan 2012 18:03:26 +0100 Subject: [rancid] .cloginrc identity still asking for password + hlogin timeout... In-Reply-To: <20120125164938.GB70808@shrubbery.net> References: <20120125164938.GB70808@shrubbery.net> Message-ID: Hi, Heasley: thanks for your quick reply... much appreciated...:-) ! 2012/1/25 heasley > Wed, Jan 25, 2012 at 01:44:38PM +0100, Michael Maymann: > > I still haven't gotten this to work...: > > ---1---.cloginrc > > -bash-3.2$ cat .cloginrc > > add method * ssh > > add user * USER > > add identity * /COMPANY/site_home/USER/.ssh/ > > id_rsa > > add password HOSTNAME {PASSWORD} {PASSWORD} > > ---1--- > > ---2---just standard output > > Press any key to continueHOSTNAME#...I PRESS HERE... > > > > Error: TIMEOUT reached > > ---2--- > > i didnt see a prompt for a password, so it'd seem that the key is working > properly. > Isn't the "add user..." and "add password..." used for logging in...? In my mind I should be able to remove the "add passsword..." line - but when I do - I tells me "no password in .cloginrc" or similar (not at work currently... so can't give you the specific error...) > > i dont like that it didn't echo the \r response to "press any...". but, > see autoenable in cloginrc(5). > No me either...:-) ! - is it possible from my strace to see where it goes wrong, or can I run a specific command for better troubleshooting ? Will take a look at cloginrc(5) tomorrow at work... > > > It seems to complain about some files missing, but maybe this is not the > > root-cause...?: > > likely all optional config files and libraries or just the sequential > search > of the path with which the linker is configured. > Ok, so you don't think that this is causing me my problems ? Thanks in advance :-) ! ~maymann -------------- next part -------------- An HTML attachment was scrubbed... URL: From me_gogorza at hotmail.com Wed Jan 25 17:09:48 2012 From: me_gogorza at hotmail.com (Marito ...) Date: Wed, 25 Jan 2012 14:09:48 -0300 Subject: [rancid] .cloginrc identity still asking for password + hlogin timeout... In-Reply-To: References: , <20120125164938.GB70808@shrubbery.net>, Message-ID: Hi Michael, for second issue (hlogin timeout), I'd run " expect -d /path/to/rancid/hlogin DEVICE" just to see when it hungs. First try only like this, and then trying tu run a command. Whe trying to connect, do you get any prompt (spawn xxxx, user, login, etc) ?? Regards. From: michael at maymann.org Date: Wed, 25 Jan 2012 18:03:26 +0100 To: heas at shrubbery.net CC: rancid-discuss at shrubbery.net Subject: Re: [rancid] .cloginrc identity still asking for password + hlogin timeout... Hi, Heasley: thanks for your quick reply... much appreciated...:-) ! 2012/1/25 heasley Wed, Jan 25, 2012 at 01:44:38PM +0100, Michael Maymann: > I still haven't gotten this to work...: > ---1---.cloginrc > -bash-3.2$ cat .cloginrc > add method * ssh > add user * USER > add identity * /COMPANY/site_home/USER/.ssh/ > id_rsa > add password HOSTNAME {PASSWORD} {PASSWORD} > ---1--- > ---2---just standard output > Press any key to continueHOSTNAME#...I PRESS HERE... > > Error: TIMEOUT reached > ---2--- i didnt see a prompt for a password, so it'd seem that the key is working properly. Isn't the "add user..." and "add password..." used for logging in...? In my mind I should be able to remove the "add passsword..." line - but when I do - I tells me "no password in .cloginrc" or similar (not at work currently... so can't give you the specific error...) i dont like that it didn't echo the \r response to "press any...". but, see autoenable in cloginrc(5). No me either...:-) ! - is it possible from my strace to see where it goes wrong, or can I run a specific command for better troubleshooting ? Will take a look at cloginrc(5) tomorrow at work... > It seems to complain about some files missing, but maybe this is not the > root-cause...?: likely all optional config files and libraries or just the sequential search of the path with which the linker is configured. Ok, so you don't think that this is causing me my problems ? Thanks in advance :-) ! ~maymann _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Jan 25 17:25:27 2012 From: heas at shrubbery.net (heasley) Date: Wed, 25 Jan 2012 17:25:27 +0000 Subject: [rancid] .cloginrc identity still asking for password + hlogin timeout... In-Reply-To: References: <20120125164938.GB70808@shrubbery.net> Message-ID: <20120125172527.GC72937@shrubbery.net> Wed, Jan 25, 2012 at 06:03:26PM +0100, Michael Maymann: > Isn't the "add user..." and "add password..." used for logging in...? > In my mind I should be able to remove the "add passsword..." line - but > when I do - I tells me "no password in .cloginrc" or similar (not at work > currently... so can't give you the specific error...) i didnt expect folks to use it without a password/passphrase. they can be empty strings. > No me either...:-) ! - is it possible from my strace to see where it goes > wrong, or can I run a specific command for better troubleshooting ? > Will take a look at cloginrc(5) tomorrow at work... clogin -d host > Ok, so you don't think that this is causing me my problems ? no From michael at maymann.org Wed Jan 25 18:34:03 2012 From: michael at maymann.org (Michael Maymann) Date: Wed, 25 Jan 2012 19:34:03 +0100 Subject: [rancid] .cloginrc identity still asking for password + hlogin timeout... In-Reply-To: <20120125172527.GC72937@shrubbery.net> References: <20120125164938.GB70808@shrubbery.net> <20120125172527.GC72937@shrubbery.net> Message-ID: Hi, Heasley+Marito: Thanks for your replies...:-) ! 2012/1/25 heasley > Wed, Jan 25, 2012 at 06:03:26PM +0100, Michael Maymann: > > Isn't the "add user..." and "add password..." used for logging in...? > > In my mind I should be able to remove the "add passsword..." line - but > > when I do - I tells me "no password in .cloginrc" or similar (not at work > > currently... so can't give you the specific error...) > > i didnt expect folks to use it without a password/passphrase. they can > be empty strings. > Ok. I am using ssh-keysharing without passphrase and therefore no password is needed. In general the "add password..." should not be obligatory when "add identity..." is present. I will try to see if "add password * {} {}" works tomorrow. > > > No me either...:-) ! - is it possible from my strace to see where it goes > > wrong, or can I run a specific command for better troubleshooting ? > > Will take a look at cloginrc(5) tomorrow at work... > > clogin -d host > I will try this tomorrow as well, and report back with findings. > > > Ok, so you don't think that this is causing me my problems ? > > no > Super Thanks for your help so far...much appreciated...:-) ! ~maymann -------------- next part -------------- An HTML attachment was scrubbed... URL: From hugo.deprez at gmail.com Wed Jan 25 20:36:55 2012 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Wed, 25 Jan 2012 21:36:55 +0100 Subject: [rancid] Known_hosts issue with fortigate cluster In-Reply-To: <5fae3fcaf482c608945de297c2ad470d@mail.gmail.com> References: <4F1DD174.8020905@soccergeek.net> <5fae3fcaf482c608945de297c2ad470d@mail.gmail.com> Message-ID: Hello, thank you for the answer. I deleted the keys with ssh-keygen then I changed the ssh config of rancid's user : ssh -o StrictHostKeyChecking=no my_host Everything is fine now. Thank you. On 23 January 2012 22:34, Daniel Schmidt wrote: > Or ssh-keygen -R hostname > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Aaron Smith > Sent: Monday, January 23, 2012 2:30 PM > To: Hugo Deprez > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Known_hosts issue with fortigate cluster > > On 01/23/2012 12:49 PM, Hugo Deprez wrote: > > Dear community, > > > > I just met an issue with the backup of a Fortigate 300A firewall. > > This is a cluster. > > > > Now the cluster is running on the slave member. My linux host is > > complaining about the public key which is not matching the one from > > the master. > > I would like to know how you guys, do you deal with this situation ? > > If you can't manage the SSH keys on the Fortigate units, you could set > "StrictHostKeyChecking=no" in your SSH config or in the invocation of the > SSH client. > > -- > @@ron > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > E-Mail to and from me, in connection with the transaction > of public business,is subject to the Wyoming Public Records > Act, and may be disclosed to third parties. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at maymann.org Thu Jan 26 09:05:54 2012 From: michael at maymann.org (Michael Maymann) Date: Thu, 26 Jan 2012 10:05:54 +0100 Subject: [rancid] .cloginrc identity still asking for password + hlogin timeout... In-Reply-To: References: <20120125164938.GB70808@shrubbery.net> <20120125172527.GC72937@shrubbery.net> Message-ID: Hi, 2012/1/25 Michael Maymann > Hi, > > Heasley+Marito: Thanks for your replies...:-) ! > > 2012/1/25 heasley > >> Wed, Jan 25, 2012 at 06:03:26PM +0100, Michael Maymann: >> > Isn't the "add user..." and "add password..." used for logging in...? >> > In my mind I should be able to remove the "add passsword..." line - but >> > when I do - I tells me "no password in .cloginrc" or similar (not at >> work >> > currently... so can't give you the specific error...) >> >> i didnt expect folks to use it without a password/passphrase. they can >> be empty strings. >> > Ok. I am using ssh-keysharing without passphrase and therefore no password > is needed. > In general the "add password..." should not be obligatory when "add > identity..." is present. I will try to see if "add password * {} {}" works > tomorrow. > This works...:-)! I surgest removing obligatory "add password..." when "add identity..." is present. But is still should be an option if someone is using passphrase... FYI: The error it gives me is: "Error: no password for HOSTNAME in /PATH_TO/.cloginrc." > >> > No me either...:-) ! - is it possible from my strace to see where it >> goes >> > wrong, or can I run a specific command for better troubleshooting ? >> > Will take a look at cloginrc(5) tomorrow at work... >> >> clogin -d host >> > I will try this tomorrow as well, and report back with findings. > Now this is my .cloginrc: add method * ssh add user * test add identity * /PATH_TO/.ssh/id_rsa add password * {} {} add autoenable * {1} and the autoenable also did the trick...:-) ! "hlogin -c "sh ip" HOSTNAME" now does what i expect...:-) ! After login, but before running the command specified in "-c" option, it gives me: HOSTNAME# no page 1. What does this mean ? 2. How do I check if a command i successful or not ? clogin still fails though, here is the debug output: -bash-3.2$ /usr/libexec/rancid/clogin -d -c "sh ip" hostname hostname spawn ssh -i /PATH_TO/.ssh/id_rsa -c 3des -x -l user hostname parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {22595} expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no We'd like to keep you up to date about: * Software feature updates * New product announcements * Special events Please register your products now at: www.ProCurve.com expect: does "We'd like to keep you up to date about:\r\n * Software feature updates\r\n * New product announcements\r\n * Special events\r\n\r\nPlease register your products now at: www.ProCurve.com\r\o "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "We'd like to keep you up to date about:\r\n * Software feature updates\r\n * New product announcements\r\n * Special events\r\n\r\nPlease register your products now at: www.ProCurve.com\r\o expect: does "We'd like to keep you up to date about:\r\n * Software feature updates\r\n * New product announcements\r\n * Special events\r\n\r\nPlease register your products now at: www.ProCurve.com\r\o "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no expect: does "We'd like to keep you up to date about:\r\n * Software feature updates\r\n * New product announcements\r\n * Special events\r\n\r\nPlease register your products now at: www.ProCurve.com\r\o "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "We'd like to keep you up to date about:\r\n * Software feature updates\r\n * New product announcements\r\n * Special events\r\n\r\nPlease register your products now at: www.ProCurve.com\r\o expect: does "We'd like to keep you up to date about:\r\n * Software feature updates\r\n * New product announcements\r\n * Special events\r\n\r\nPlease register your products now at: www.ProCurve.com\r\o "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|pass ProCurve J8697A Switch 5406zl Software revision K.15.02.0005 Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 expect: set expect_out(buffer) "We'd like to keep you up to date about:\r\n * Software feature updates\r\n * New product announcements\r\n * Special events\r\n\r\nPlease register your products now at: w[ HOSTNAME# expect: does "\u001b[14;1H\u001b[?25h\u001b[46;27H\u001b[?6l\u001b[1;46r\u001b[?7l\u001b[2J\u001b[1;1H\u001b[1;46r\u001b[46;1H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[46;1HHOSTNAME# \uo "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "\u001b[14;1H\u001b[?25h\u001b[46;27H\u001b[?6l\u001b[1;46r\u001b[?7l\u001b[2J\u001b[1;1H\u001b[1;46r\u001b[46;1H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[46;1HHOSTNAME# \uo expect: does "\u001b[14;1H\u001b[?25h\u001b[46;27H\u001b[?6l\u001b[1;46r\u001b[?7l\u001b[2J\u001b[1;1H\u001b[1;46r\u001b[46;1H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[46;1HHOSTNAME# \uo "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? yes expect: set expect_out(0,string) "#" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "\u001b[14;1H\u001b[?25h\u001b[46;27H\u001b[?6l\u001b[1;46r\u001b[?7l\u001b[2J\u001b[1;1H\u001b[1;46r\u001b[46;1H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b" send: sending "\r" to { exp6 } expect: does " \u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[?25h\u001b[46;11H" (spawn_id exp6) match regular expression "[\r\n]+"? no "^(.+[:.])1 ((>|#| \(enable\)))"? no "^.+(>|#| \(enable\))"? no HOSTNAME# expect: does " \u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[?25h\u001b[46;11H\u001b[46;0H\u001bE\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[1;46r\u001b[46;1H\u001bo "^(.+[:.])1 ((>|#| \(enable\)))"? no "^.+(>|#| \(enable\))"? yes expect: set expect_out(0,string) " \u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[?25h\u001b[46;11H\u001b[46;0H\u001bE\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[1;4" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[?25h\u001b[46;11H\u001b[46;0H\u001bE\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[1;46r" send: sending "terminal length 0\r" to { exp6 } couldn't compile regular expression pattern: parentheses () not balanced while executing "expect -nobrace -re { [46;1H([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} {} -re {[ ]+} { exp_continue }" invoked from within "expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } }" (procedure "run_commands" line 21) invoked from within "run_commands $prompt $command" ("foreach" body line 166) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/usr/libexec/rancid/clogin" line 743) 3. Any idea why this is still causing me problems... ? Thanks in advance :-) ! ~maymann >> > Ok, so you don't think that this is causing me my problems ? >> >> no >> > Super > > Thanks for your help so far...much appreciated...:-) ! > > ~maymann > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ingard at startsiden.no Thu Jan 26 11:28:41 2012 From: ingard at startsiden.no (=?iso-8859-1?Q?Ingard_Mev=E5g?=) Date: Thu, 26 Jan 2012 12:28:41 +0100 Subject: [rancid] f5 bigip v11 Message-ID: Hi I've been trying to get Rancid (2.3.6) to work with our F5 bigip v11 LBs. Is anyone else doing this successfully? (using tmsh shell instead of bigpipe) ? I've modified f5rancid using this: http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/44/aft/2158962/showtab/groupforums/Default.aspx I can see "terminal length 0" is still happening and returning and error, but I don't know if that has anything to do with the expect errors I'm seeing. Ingard From vincent at autistici.org Mon Jan 30 15:32:53 2012 From: vincent at autistici.org (vincent) Date: Mon, 30 Jan 2012 17:32:53 +0200 Subject: [rancid] get running-config to other network Message-ID: <17d19c056f54bcd8d48b4790687b8f1f@inventati.org> Il 24/01/2012 11:02, vincent ha scritto: > Hi, > thanks theodoros > > I have modified my version on /home/rancid/bin/clogin but don't work. > > This is the diff from the original clogin file: > http://paste.debian.net/153437/ > > I suppose the reason is the different version of clogin > > This is my .cloginrc file on /home/rancid/ > > add user * user > add method 10.10.10.1 telnet > add method 10.10.10.1 dssh:20.20.20.1 > add password 10.10.10.1 password password > add password 20.20.20.1 password password Hi, i tried to download the old clogin version [2.3.2a8*] for apply this patch: http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html But isn't possibile download it for permission error: $ wget ftp://ftp.shrubbery.net/pub/rancid/.old/rancid-2.3.2a8.tar.gz --2012-01-30 16:03:58-- ftp://ftp.shrubbery.net/pub/rancid/.old/rancid-2.3.2a8.tar.gz => `rancid-2.3.2a8.tar.gz' Resolving ftp.shrubbery.net... 129.250.47.99 Connecting to ftp.shrubbery.net|129.250.47.99|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /pub/rancid/.old ... done. ==> SIZE rancid-2.3.2a8.tar.gz ... 316677 ==> PASV ... done. ==> RETR rancid-2.3.2a8.tar.gz ... No such file `rancid-2.3.2a8.tar.gz'. But the file is present on the directory: ftp://ftp.shrubbery.net/pub/rancid/.old/ Do you know other ways to download this old version? If I try to apply the patch in the current version of clogin [2.3.6], this is the result: $ patch clogin patch-2006.diff patching file clogin Hunk #1 FAILED at 288. Hunk #2 succeeded at 352 with fuzz 2 (offset 33 lines). Hunk #3 FAILED at 642. Hunk #4 succeeded at 871 with fuzz 2 (offset 103 lines). 2 out of 4 hunks FAILED -- saving rejects to file clogin.rej this is the content of my clogin.rej files: http://paste.debian.net/plainh/23ab99c5 [*: http://www.gossamer-threads.com/lists/rancid/users/3285] -- vincent +---------------------------------------------------------------------+ | GPG KeyID: 2048R/0C42E44E 2011-06-14 http://pgp.mit.edu | | Fingerprint GPG: AFD5 80B0 22C1 DCCB A2C5 8A4B F52F 0621 0C42 E44E | | () ascii ribbon campaign - against html e-mail | | /\ www.asciiribbon.org - against proprietary attachments | +---------------------------------------------------------------------+ From hansson.magnus at gmail.com Mon Jan 30 21:30:35 2012 From: hansson.magnus at gmail.com (Magnus Hansson) Date: Mon, 30 Jan 2012 22:30:35 +0100 Subject: [rancid] Fortigate rancid issues Message-ID: Hi there. Thanks for putting in the effort in figuring this out. Is there any chance either one of you could provide a complete diff to apply towards the fnrancid.in file, i got somewhat confused as to which pieces to include and which not to.... Thanks -- -- Magnus Hansson -------------- next part -------------- An HTML attachment was scrubbed... URL: