From jake at secrist.org Thu Nov 1 14:04:48 2012 From: jake at secrist.org (Jake Secrist) Date: Thu, 1 Nov 2012 10:04:48 -0400 Subject: [rancid] *alpha* version of rancid 3.0 In-Reply-To: <20121029210638.GW61164@shrubbery.net> References: <20121024175603.GS79235@shrubbery.net> <20121027054359.GC85152@shrubbery.net> <20121029210638.GW61164@shrubbery.net> Message-ID: John, I had to modify clogin to get it to work. Our authentication server sends username: (lowercase 'u') and clogin expects Username: --- clogin.original 2012-11-01 09:03:38.046126840 -0400 +++ clogin 2012-11-01 09:24:44.810283562 -0400 @@ -813,7 +813,7 @@ # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { - set u_prompt "(Username|Login|login|user name|User):" + set u_prompt "(\[Uu]sername|Login|login|user name|User):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } Thank you, Jake On Mon, Oct 29, 2012 at 5:06 PM, heasley wrote: > few minor fixes added here: > ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.0a1.tar.gz > > per-your other e-mail, note that : field separators in router.db have > been changed to ;'s to allow for ipv6 addresses in the router.db file. > > also see supplied manpages for grancid and rancid.types.conf > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From krzysztof.zygmunt at gmail.com Sun Nov 4 19:22:58 2012 From: krzysztof.zygmunt at gmail.com (kris) Date: Sun, 04 Nov 2012 20:22:58 +0100 Subject: [rancid] *alpha* version of rancid 3.0 In-Reply-To: References: <20121024175603.GS79235@shrubbery.net> <20121027054359.GC85152@shrubbery.net> <20121029210638.GW61164@shrubbery.net> Message-ID: <193c9c79-b6cd-451d-9efe-1122b36d43e1@email.android.com> Hi But you can tell rancid what login prompt to expect by setting it in .cloginrc file. Jake Secrist wrote: >John, > >I had to modify clogin to get it to work. Our authentication server >sends >username: (lowercase 'u') and clogin expects Username: > >--- clogin.original 2012-11-01 09:03:38.046126840 -0400 >+++ clogin 2012-11-01 09:24:44.810283562 -0400 >@@ -813,7 +813,7 @@ > # Figure out prompts > set u_prompt [find userprompt $router] > if { "$u_prompt" == "" } { >- set u_prompt "(Username|Login|login|user name|User):" >+ set u_prompt "(\[Uu]sername|Login|login|user name|User):" > } else { > set u_prompt [join [lindex $u_prompt 0] ""] > } > >Thank you, > >Jake > > >On Mon, Oct 29, 2012 at 5:06 PM, heasley wrote: > >> few minor fixes added here: >> ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.0a1.tar.gz >> >> per-your other e-mail, note that : field separators in router.db have >> been changed to ;'s to allow for ipv6 addresses in the router.db >file. >> >> also see supplied manpages for grancid and rancid.types.conf >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > >------------------------------------------------------------------------ > >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Sent from mobile device. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancidshrubbery at gmail.com Tue Nov 6 13:09:35 2012 From: rancidshrubbery at gmail.com (rancid core) Date: Tue, 6 Nov 2012 14:09:35 +0100 Subject: [rancid] list_of_groups subdirectories or subfolder Message-ID: hi, we are using rancid for collecting all the configs from our internal and external devices. so we have an internal server running rancid and cvsweb and an external server running rancid. the external server is coping periodically the configs to the internal server. its working fine and can access/view the collected config files on the internal server via cvsweb. is it possible to create a folder with 2 subfolders that we can access via cvsweb? we want something like: main folder called customer_a with no files/config files in but 2 folders called customer_a_int and customer_a_ext. for sure we want to collect the customers internal config files in the folder customer_a_int and the external config files in the folder customer_a_ext. thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From bobthebaritone at gmail.com Tue Nov 6 21:51:47 2012 From: bobthebaritone at gmail.com (bob watson) Date: Wed, 7 Nov 2012 08:51:47 +1100 Subject: [rancid] list_of_groups subdirectories or subfolder In-Reply-To: References: Message-ID: Dear , You need to be looking at CVS here. It is certainly possible. CVS can hold sub directories, different project branches. Cheers, Bob Watson On 7 November 2012 00:09, rancid core wrote: > hi, > we are using rancid for collecting all the configs from our internal and > external devices. > so we have an internal server running rancid and cvsweb and an external > server running rancid. the external server is coping periodically the > configs to the internal server. > its working fine and can access/view the collected config files on the > internal server via cvsweb. > > is it possible to create a folder with 2 subfolders that we can access via > cvsweb? we want something like: > > main folder called customer_a with no files/config files in but 2 folders > called customer_a_int and customer_a_ext. for sure we want to collect the > customers internal config files in the folder customer_a_int and the > external config files in the folder customer_a_ext. > > thanks > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris at node-nine.com Tue Nov 13 01:33:28 2012 From: chris at node-nine.com (Chris Moody) Date: Mon, 12 Nov 2012 20:33:28 -0500 Subject: [rancid] Questions about debugging a failing F5 backup Message-ID: <50A1A368.1080702@node-nine.com> I'm running into a strange problem with a couple F5 boxes I'm trying to backup. Running RANCID v. 2.3.8. I currently have over over 50 F5 load-balancers that are backing up beautifully in RANCID. I seem to be running into an issue with a particular pair of devices however, and am scratching my head trying to figure out why these systems are failing. This pair is a set of Viprions running 10.2.2. I have other Viprions that are backing up fine. In the logs, I continually see the following: ============================================= Trying to get all of the configs. lb1-pre-prod-w2-qcy_eth0: missed cmd(s): bigpipe route static show,cat /config/bigip.license,bigpipe monitor list all lb2-pre-prod-w2-qcy_eth0: missed cmd(s): bigpipe route static show,cat /config/bigip.license ===================================== Getting missed routers: round 1. lb2-pre-prod-w2-qcy_eth0: missed cmd(s): bigpipe route static show,cat /config/bigip.license lb1-pre-prod-w2-qcy_eth0: missed cmd(s): bigpipe route static show,cat /config/bigip.license,bigpipe monitor list all ===================================== etc... However, if I actually login to the device and issue these commands, they all return data just fine. I've tried running f5rancid with debugging enabled, but it's not giving me any clues as it says it's hitting all commands ok. ============================================= sprdfrypa301 ~ $ f5rancid -d lb1-pre-prod-w2-qcy_eth0 executing clogin -t 90 -c"bigpipe version;bigpipe platform;cat /config/bigip.license;bigpipe monitor list all;bigpipe profile list;bigpipe base list;bigpipe db show;bigpipe route static show;bigpipe list" lb1-pre-prod-w2-qcy_eth0 PROMPT MATCH: \[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby\] ~ # HIT COMMAND:[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe version In ShowVersion: [cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe version HIT COMMAND:[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe platform In ShowPlatform: [cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe platform HIT COMMAND:[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # cat /config/bigip.license In ShowLicense: [cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # cat /config/bigip.license HIT COMMAND:[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe monitor list all In ShowMonitor: [cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe monitor list all HIT COMMAND:[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe profile list In ShowProfile: [cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe profile list HIT COMMAND:[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe base list In ShowBaseRun: [cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe base list HIT COMMAND:[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe db show In ShowDb: [cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe db show HIT COMMAND:[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe route static show In ShowRouteStatic: [cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe route static show HIT COMMAND:[cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe list In WriteTerm: [cworks at lb1-pre-prod-w2-qcy:/S1-green-P:Standby] ~ # bigpipe list sprdfrypa301 ~ $ ============================================= What are some next steps I can try to nail what's triggering the backup of these couple devices to fail? Cheers, -Chris From dredd at megacity.org Tue Nov 20 19:24:43 2012 From: dredd at megacity.org (Derek Balling) Date: Tue, 20 Nov 2012 14:24:43 -0500 Subject: [rancid] Odd HP Blade Switch Issues Message-ID: We're running 2.3.8, and have a number of older HP 6120XG blade switches configured to have their configs collected. However, what we see is them waffling back and forth between header information that looks like so: ;Flash: Image Size(Bytes) Date Version ;Flash: ----- ---------- -------- ------- ;Flash: Primary Image : 7785946 02/17/11 Z.14.26 ;Flash: Secondary Image : 7785946 02/17/11 Z.14.26 ;Flash: Boot Rom Version: Z.14.09 ;Flash: Default Boot : Primary ; ; ; and this ; ;Flash: Image Size(Bytes) Date Version ;Flash: ----- ---------- -------- ------- ;Flash: Primary Image : 7785946 02/17/11 Z.14.26 ;Flash: Secondary Image : 7785946 02/17/11 Z.14.26 ;Flash: Boot Rom Version: Z.14.09 ; ; 0sw2.ut1# ut: module ; ; So the difference is the missing "Default Boot" line, and the addition of the weird "ut.module" line which looks like it also includes some truncated form of the switch's hostname-prompt. I tried adding: /Flash\: Default Boot.*/ && next; /ut\: module/ && next; to hrancid in WriteTerm (right above where it LOOKS like a bunch of other unwanted lines and detritus are being explicitly tossed away, riht around line 450 or so (search-string "the rest are from rancid"), figuring that IF the line showed up, just throw it away and I won't keep waffling back and forth. But that didn't seem to actually change anything. Anyone have any idea what we'd need to do to clean this up? Cheers, D -------------- next part -------------- An HTML attachment was scrubbed... URL: From willie.s.hinote at nasa.gov Tue Nov 27 16:50:03 2012 From: willie.s.hinote at nasa.gov (Hinote, Willie Scott. (MSFC-IS40)[NICS]) Date: Tue, 27 Nov 2012 10:50:03 -0600 Subject: [rancid] is it possible to strip IPs from email notifications Message-ID: <8420D9D639CBE744B778A8916DFFC90FF6D2431AF0@NDMSSCC08.ndc.nasa.gov> I have used RANCID for a few years in its stock form. As part of a new project I have a few requirements that I need to meet. One of them is related to stripping sensitive information that will be sent out in email notifications. I need to be able to strip IPs from all emails that RANCID sends. I would think this is possible by altering one of RANCID's scripts. Has anyone already accomplished this or know the scripts that I would need to modify to make this work? Your help is greatly appreciated. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From tyler at tolaris.com Tue Nov 27 17:30:57 2012 From: tyler at tolaris.com (Tyler J. Wagner) Date: Tue, 27 Nov 2012 17:30:57 +0000 Subject: [rancid] is it possible to strip IPs from email notifications In-Reply-To: <8420D9D639CBE744B778A8916DFFC90FF6D2431AF0@NDMSSCC08.ndc.nasa.gov> References: <8420D9D639CBE744B778A8916DFFC90FF6D2431AF0@NDMSSCC08.ndc.nasa.gov> Message-ID: <50B4F8D1.5050806@tolaris.com> I think it would be easier to pass the outbound emails to a perl script, or to procmail, which sends it to a perl script. Regards, Tyler On 2012-11-27 16:50, Hinote, Willie Scott. (MSFC-IS40)[NICS] wrote: > I have used RANCID for a few years in its stock form. As part of a new > project I have a few requirements that I need to meet. One of them is > related to stripping sensitive information that will be sent out in email > notifications. I need to be able to strip IPs from all emails that RANCID > sends. I would think this is possible by altering one of RANCID?s scripts. > Has anyone already accomplished this or know the scripts that I would need > to modify to make this work? Your help is greatly appreciated. > > > > Thank you > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- "When a claim is falsified in science [...], it is discarded. It is put in the trashbin of bad ideas. When a claim of religion is falsified, it becomes a metaphor." -- Jerry Coyne From heas at shrubbery.net Tue Nov 27 18:43:10 2012 From: heas at shrubbery.net (heasley) Date: Tue, 27 Nov 2012 10:43:10 -0800 Subject: [rancid] is it possible to strip IPs from email notifications In-Reply-To: <50B4F8D1.5050806@tolaris.com> References: <8420D9D639CBE744B778A8916DFFC90FF6D2431AF0@NDMSSCC08.ndc.nasa.gov> <50B4F8D1.5050806@tolaris.com> Message-ID: <20121127184310.GL47179@shrubbery.net> Tue, Nov 27, 2012 at 05:30:57PM +0000, Tyler J. Wagner: > I think it would be easier to pass the outbound emails to a perl script, or > to procmail, which sends it to a perl script. indeed, this is the way to do this, or with double aliases (rancid-group alias through a script that forwards to some other alias for the recipients). it keeps the change out of the rancid code and it doesnt remove the info from the config repository itself. From willie.s.hinote at nasa.gov Tue Nov 27 22:19:02 2012 From: willie.s.hinote at nasa.gov (Hinote, Willie Scott. (MSFC-IS40)[NICS]) Date: Tue, 27 Nov 2012 16:19:02 -0600 Subject: [rancid] is it possible to strip IPs from email notifications In-Reply-To: <20121127184310.GL47179@shrubbery.net> References: <8420D9D639CBE744B778A8916DFFC90FF6D2431AF0@NDMSSCC08.ndc.nasa.gov> <50B4F8D1.5050806@tolaris.com> <20121127184310.GL47179@shrubbery.net> Message-ID: <8420D9D639CBE744B778A8916DFFC90FF6D2431D6A@NDMSSCC08.ndc.nasa.gov> I agree that it would be best to leave the data intact for the repository. I would looking for something that occurred after the checkin. I was hoping that there would be a separate RANCID email script that could be modified to strip out the IPs after the data had been diff'd and added to the repository. This would only alter the information that is inserted into the email and not the data itself. If anyone has a similar type script that they are using for other purposes that would give me an idea of how to start that would be greatly appreciated, otherwise I will write a Perl script that will do this. Thanks for the replies so far. -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Tuesday, November 27, 2012 12:43 PM To: Tyler J. Wagner Cc: Hinote, Willie Scott. (MSFC-IS40)[NICS]; rancid-discuss at shrubbery.net Subject: Re: [rancid] is it possible to strip IPs from email notifications Tue, Nov 27, 2012 at 05:30:57PM +0000, Tyler J. Wagner: > I think it would be easier to pass the outbound emails to a perl > script, or to procmail, which sends it to a perl script. indeed, this is the way to do this, or with double aliases (rancid-group alias through a script that forwards to some other alias for the recipients). it keeps the change out of the rancid code and it doesnt remove the info from the config repository itself. From epac at korigan.net Wed Nov 28 00:27:27 2012 From: epac at korigan.net (epac) Date: Tue, 27 Nov 2012 16:27:27 -0800 (PST) Subject: [rancid] is it possible to strip IPs from email notifications In-Reply-To: <8420D9D639CBE744B778A8916DFFC90FF6D2431D6A@NDMSSCC08.ndc.nasa.gov> References: <8420D9D639CBE744B778A8916DFFC90FF6D2431AF0@NDMSSCC08.ndc.nasa.gov> <50B4F8D1.5050806@tolaris.com> <20121127184310.GL47179@shrubbery.net> <8420D9D639CBE744B778A8916DFFC90FF6D2431D6A@NDMSSCC08.ndc.nasa.gov> Message-ID: On Tue, 27 Nov 2012, Hinote, Willie Scott. (MSFC-IS40)[NICS] wrote: > I agree that it would be best to leave the data intact for the > repository. I would looking for something that occurred after the > checkin. I was hoping that there would be a separate RANCID email script > that could be modified to strip out the IPs after the data had been > diff'd and added to the repository. This would only alter the > information that is inserted into the email and not the data itself. If > anyone has a similar type script that they are using for other purposes > that would give me an idea of how to start that would be greatly > appreciated, otherwise I will write a Perl script that will do this. > Thanks for the replies so far. if you are using SVN for the repository for the data, you could use a hook script that does the "cleanup" before sending the mail. that would apply to all the devices. the logic in the hook could do all sort of processing (figure out who to send to, based on the device config being updated, what lines to remove before sending, etc...) Thanks, Jok --- Nothing is foolproof to a sufficiently talented fool... oo ,(..)\ ~~ From willie.s.hinote at nasa.gov Wed Nov 28 16:53:22 2012 From: willie.s.hinote at nasa.gov (Hinote, Willie Scott. (MSFC-IS40)[NICS]) Date: Wed, 28 Nov 2012 10:53:22 -0600 Subject: [rancid] jlogin not using ssh key Message-ID: <8420D9D639CBE744B778A8916DFFC90FF6D2431FD9@NDMSSCC08.ndc.nasa.gov> I have setup SSH keys on a Juniper device. The keys work when I SSH as the RANCID user to the Juniper but do not work when I execute rancid-run or execute jlogin without the -p flag. I have modified my .cloginrc to use an identity file. .cloginrc -- add identity X.X.X.X /opt/rancid/.ssh/id_rsa Only the add identity line exists for this IP. No other add lines are in the .cloginrc. When I execute: /usr/libexec/rancid/jlogin -f /opt/rancid/.cloginrc X.X.X.X I receive error: Error: no password for router in /opt/rancid/.cloginrc. X.X.X.X When I execute: /usr/libexec/rancid/rancid-run JUNIPER I see errors in logs: X.X.X.X jlogin error: Error: no password for X.X.X.X in /opt/rancid/.cloginrc. X.X.X.X: missed cmd(s) ***Lots of commands*** X.X.X.X: End of run not found If I execute: /usr/libexec/rancid/jlogin -p router X.X.X.X It logs me in with no errors. Are there any other options that need to be added to the .cloginrc file? Has anyone else successfully used SSH keys with Juniper devices? I appreciate the assistance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Nov 28 17:15:43 2012 From: heas at shrubbery.net (heasley) Date: Wed, 28 Nov 2012 09:15:43 -0800 Subject: [rancid] jlogin not using ssh key In-Reply-To: <8420D9D639CBE744B778A8916DFFC90FF6D2431FD9@NDMSSCC08.ndc.nasa.gov> References: <8420D9D639CBE744B778A8916DFFC90FF6D2431FD9@NDMSSCC08.ndc.nasa.gov> Message-ID: <20121128171543.GB90216@shrubbery.net> Wed, Nov 28, 2012 at 10:53:22AM -0600, Hinote, Willie Scott. (MSFC-IS40)[NICS]: > I have setup SSH keys on a Juniper device. The keys work when I SSH as the RANCID user to the Juniper but do not work when I execute rancid-run or execute jlogin without the -p flag. I have modified my .cloginrc to use an identity file. > > .cloginrc > -- > add identity X.X.X.X /opt/rancid/.ssh/id_rsa > > Only the add identity line exists for this IP. No other add lines are in the .cloginrc. > > When I execute: > /usr/libexec/rancid/jlogin -f /opt/rancid/.cloginrc X.X.X.X > > I receive error: > Error: no password for router in /opt/rancid/.cloginrc. X.X.X.X > > When I execute: > /usr/libexec/rancid/rancid-run JUNIPER > > I see errors in logs: > X.X.X.X jlogin error: Error: no password for X.X.X.X in /opt/rancid/.cloginrc. > X.X.X.X: missed cmd(s) ***Lots of commands*** > X.X.X.X: End of run not found > > If I execute: > /usr/libexec/rancid/jlogin -p router X.X.X.X > > It logs me in with no errors. > > Are there any other options that need to be added to the .cloginrc file? Has anyone else successfully used SSH keys with Juniper devices? it does insist on a pwd; just add an empty one add password glob {} From willie.s.hinote at nasa.gov Wed Nov 28 17:52:32 2012 From: willie.s.hinote at nasa.gov (Hinote, Willie Scott. (MSFC-IS40)[NICS]) Date: Wed, 28 Nov 2012 11:52:32 -0600 Subject: [rancid] jlogin not using ssh key In-Reply-To: <20121128171543.GB90216@shrubbery.net> References: <8420D9D639CBE744B778A8916DFFC90FF6D2431FD9@NDMSSCC08.ndc.nasa.gov> <20121128171543.GB90216@shrubbery.net> Message-ID: <8420D9D639CBE744B778A8916DFFC90FF6D2432072@NDMSSCC08.ndc.nasa.gov> I appreciate the reply. Unfortunately this did not work exactly as prescribed but I did find a solution. For anyone else who may be experiencing this issue you need to have at least one character entered on the add password line. During testing I tried a number of different letters, numbers and symbols; all worked. Even adding up to 6 characters worked with no errors (I am sure more would work but I did not test). If you add the braces you must include a character between the braces and spaces do not work with or without the braces. My test Juniper is running JUNOS 10.4R2.6. My lab equipment is limited so I am not able to test with other JUNOS versions to see if it is version specific. I tested by executing: /usr/libexec/rancid/rancid-run JUNIPER /usr/libexec/rancid/jlogin router X.X.X.X /usr/libexec/rancid/jlogin -f /opt/rancid/.cloginrc router X.X.X.X All tests completed without errors. .cloginrc -- add identity X.X.X.X /opt/rancid/.ssh/id_rsa add password X.X.X.X 1 add method X.X.X.X ssh Hopefully this helps anyone else who may be stuck on this issue. -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Wednesday, November 28, 2012 11:16 AM To: Hinote, Willie Scott. (MSFC-IS40)[NICS] Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] jlogin not using ssh key Wed, Nov 28, 2012 at 10:53:22AM -0600, Hinote, Willie Scott. (MSFC-IS40)[NICS]: > I have setup SSH keys on a Juniper device. The keys work when I SSH as the RANCID user to the Juniper but do not work when I execute rancid-run or execute jlogin without the -p flag. I have modified my .cloginrc to use an identity file. > > .cloginrc > -- > add identity X.X.X.X /opt/rancid/.ssh/id_rsa > > Only the add identity line exists for this IP. No other add lines are in the .cloginrc. > > When I execute: > /usr/libexec/rancid/jlogin -f /opt/rancid/.cloginrc X.X.X.X > > I receive error: > Error: no password for router in /opt/rancid/.cloginrc. X.X.X.X > > When I execute: > /usr/libexec/rancid/rancid-run JUNIPER > > I see errors in logs: > X.X.X.X jlogin error: Error: no password for X.X.X.X in /opt/rancid/.cloginrc. > X.X.X.X: missed cmd(s) ***Lots of commands*** > X.X.X.X: End of run not found > > If I execute: > /usr/libexec/rancid/jlogin -p router X.X.X.X > > It logs me in with no errors. > > Are there any other options that need to be added to the .cloginrc file? Has anyone else successfully used SSH keys with Juniper devices? it does insist on a pwd; just add an empty one add password glob {} From jherrera at uniovi.es Thu Nov 29 13:31:47 2012 From: jherrera at uniovi.es (Javier A. Herrera) Date: Thu, 29 Nov 2012 14:31:47 +0100 Subject: [rancid] groups, customers and so on in RANCID.... Message-ID: <50B763C3.4010006@uniovi.es> Hello, sure i'm missing or misunderstanding something, but i'm not able to make RANCID work with customers or groups, unless i'm supposing things that RANCID doesn't do...let me explain...what i wanted to do was to put several customers or groups on the LIST_OF_GROUPS entry, each one of then associated with a router.db list of devices in the corresponding directory, and then, in the .cloginrc file, use a different credentials for each group, that is, for example: add method *.group1 ssh add method *.group2 telnet add method *.group3 ssh telnet add password *.group1 {pass1} {pass2} add password *.group2 {pass1} {passpass} and so on... but i'm having no success...could anyone point me to the right direction, if it is possible?? is there any way of doing this?? Thank you very much in advance, Javier -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x279D803C.asc Type: application/pgp-keys Size: 1742 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: jherrera.vcf Type: text/x-vcard Size: 1148 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From Shaun.Krok at betterplace.com Thu Nov 29 09:20:53 2012 From: Shaun.Krok at betterplace.com (Shaun Krok) Date: Thu, 29 Nov 2012 09:20:53 +0000 Subject: [rancid] issue with bigip rancid diff Message-ID: Hi there Please could I ask if someone has some input as to how fix/stop the following issue. Rancid and BIGIP boxes using tmsh F5 rancid script are working 100% But the problem is that the cron which runs every hour is generating an email that shows the following : The same is generated for every F5 device in that is being monitored by Rancid. It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this. Any help would be much appreciated ??? // snip of email diff ***************************************************************************************** iENM_F5_SNMP_1 { - auth-password-encrypted ";ZdCaD>7S2YO,J6I\\Cp" + auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a" auth-protocol sha oid-subset .1 - privacy-password-encrypted @fG9HR]i^K4YOVMUbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o" privacy-protocol des security-level auth-privacy username ENM_F5_SNMP Shaun Krok IBM Networking and Security Department [Description: cid:image001.png at 01CD8508.B733CBB0] 13 Ha'amal St., P.O.Box 11793 Afek Industrial Park, Rosh-Ha'ayin 48092 Israel Office +972-73-790-2791 Mobile +972-54-2030399 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 5400 bytes Desc: image001.png URL: From heas at shrubbery.net Thu Nov 29 22:20:29 2012 From: heas at shrubbery.net (heasley) Date: Thu, 29 Nov 2012 14:20:29 -0800 Subject: [rancid] issue with bigip rancid diff In-Reply-To: References: Message-ID: <20121129222029.GD33228@shrubbery.net> Thu, Nov 29, 2012 at 09:20:53AM +0000, Shaun Krok: > Hi there > > Please could I ask if someone has some input as to how fix/stop the following issue. > Rancid and BIGIP boxes using tmsh F5 rancid script are working 100% > > But the problem is that the cron which runs every hour is generating an email that shows the following : > The same is generated for every F5 device in that is being monitored by Rancid. > It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this. > > Any help would be much appreciated ??? you would need to add a filter to the script. i'm fairly ignorant of the F5; in the output of which command does this appear? > > // snip of email diff ***************************************************************************************** > > iENM_F5_SNMP_1 { > > - auth-password-encrypted ";ZdCaD>7S2YO,J6I\\Cp" > > + auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a" > > auth-protocol sha > > oid-subset .1 > > - privacy-password-encrypted @fG9HR]i^K4YOVM > + privacy-password-encrypted "P;`P9[6`e1iD\\[>UbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o" > > privacy-protocol des > > security-level auth-privacy > > username ENM_F5_SNMP > > > Shaun Krok > IBM Networking and Security Department > > [Description: cid:image001.png at 01CD8508.B733CBB0] > 13 Ha'amal St., P.O.Box 11793 > Afek Industrial Park, Rosh-Ha'ayin 48092 Israel > Office +972-73-790-2791 > Mobile +972-54-2030399 > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Shaun.Krok at betterplace.com Fri Nov 30 09:38:33 2012 From: Shaun.Krok at betterplace.com (Shaun Krok) Date: Fri, 30 Nov 2012 09:38:33 +0000 Subject: [rancid] issue with bigip rancid diff In-Reply-To: <20121129222029.GD33228@shrubbery.net> References: <20121129222029.GD33228@shrubbery.net> Message-ID: Hi there Thanks for your reply. The command on the F5 using tmsh is : I am guessing and have not confirmed but I should just hash this command out of the F5rancid script ? Thanks Shaun (tmos)# list sys snmp users sys snmp { users { iENM_F5_SNMP_1 { auth-password-encrypted "TI1P at K@kT::OA3<[Eik_\?_OIYSb=N7:_VGd>16^V9F" privacy-protocol des security-level auth-privacy username ENM_F5_SNMP -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Friday, November 30, 2012 12:20 AM To: Shaun Krok Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] issue with bigip rancid diff Thu, Nov 29, 2012 at 09:20:53AM +0000, Shaun Krok: > Hi there > > Please could I ask if someone has some input as to how fix/stop the following issue. > Rancid and BIGIP boxes using tmsh F5 rancid script are working 100% > > But the problem is that the cron which runs every hour is generating an email that shows the following : > The same is generated for every F5 device in that is being monitored by Rancid. > It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this. > > Any help would be much appreciated ??? you would need to add a filter to the script. i'm fairly ignorant of the F5; in the output of which command does this appear? > > // snip of email diff > ********************************************************************** > ******************* > > iENM_F5_SNMP_1 { > > - auth-password-encrypted ";ZdCaD>7S2YO,J6I\\Cp" > > + auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a" > > auth-protocol sha > > oid-subset .1 > > - privacy-password-encrypted @fG9HR]i^K4YOVM > + privacy-password-encrypted "P;`P9[6`e1iD\\[>UbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o" > > privacy-protocol des > > security-level auth-privacy > > username ENM_F5_SNMP > > > Shaun Krok > IBM Networking and Security Department > > [Description: cid:image001.png at 01CD8508.B733CBB0] > 13 Ha'amal St., P.O.Box 11793 > Afek Industrial Park, Rosh-Ha'ayin 48092 Israel Office > +972-73-790-2791 Mobile +972-54-2030399 > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss