From Michael.Sloan at nsrc.myflorida.com Mon Dec 2 13:49:13 2013 From: Michael.Sloan at nsrc.myflorida.com (Michael Sloan) Date: Mon, 2 Dec 2013 13:49:13 +0000 Subject: [rancid] Problem with some F5 devices Message-ID: <0F94C3474BE7B148B3D03E90547E96FF3B0C16@SNMEXCH2.nsrc.private> I'm relatively new to using RANCID, although it has been in use for a couple of years in my (new) workplace. We have been using RANCID with Cisco and Juniper equipment, and I recently added some devices from Aruba and F5 to the list of devices being archived with RANCID. We have 4 separate F5 chasses doing load-balancing and reverse proxy, and these work flawlessly with RANCID (once I found an F5 script that supports version 11 of the F5 OS, anyway). On these chasses, we have several vCMPs for different clients. The vCMPs have their own IP, and respond to the same F5 commands that the chasses do. The files generated in the configs directory for the vCMPs are all zero-length files, even though the physical chasses produce 23k-47k files in the configs directory. I have verified that clogin works, and clogin -c "bigpipe version' does in fact produce the correct output. Running "f5rancid " produces a 17k file in a test directory, so I know the process works for the vCMPs (see directory listings below). I have tried removing the entries for the vCMPs in router.db, started 'run-rancid', then added the entries back, and RANCID created zero-length files for the vCMPS a second time. We are using RANCID 2.3.6, on a CentOS 6 system, with Expect 5.43 Has anyone encountered this problem or have any ideas how to resolve it? A typical logfile: Trying to get all of the configs. 10.255.128.146: missed cmd(s): tmsh show /net route static 10.255.128.145: missed cmd(s): tmsh show /net route static 10.255.128.147: missed cmd(s): tmsh show /net route static 10.255.128.148: missed cmd(s): tmsh show /net route static 10.255.128.152: missed cmd(s): tmsh show /net route static 10.255.128.151: missed cmd(s): tmsh show /net route static 10.255.128.153: missed cmd(s): tmsh show /net route static 10.255.128.154: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware 10.255.128.155: missed cmd(s): tmsh show /net route static 10.255.128.157: missed cmd(s): tmsh show /net route static 10.255.128.156: missed cmd(s): tmsh show /net route static 10.255.128.158: missed cmd(s): tmsh show /net route static 10.255.128.159: missed cmd(s): tmsh show /net route static Getting missed routers: round 4. 10.255.128.148: missed cmd(s): tmsh show /net route static 10.255.128.145: missed cmd(s): tmsh show /net route static 10.255.128.147: missed cmd(s): tmsh show /net route static 10.255.128.146: missed cmd(s): tmsh show /net route static 10.255.128.151: missed cmd(s): tmsh show /net route static 10.255.128.152: missed cmd(s): tmsh show /net route static 10.255.128.153: missed cmd(s): tmsh show /net route static 10.255.128.156: missed cmd(s): tmsh show /net route static 10.255.128.154: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware 10.255.128.155: missed cmd(s): tmsh show /net route static 10.255.128.157: missed cmd(s): tmsh show /net route static 10.255.128.158: missed cmd(s): tmsh show /net route static 10.255.128.159: missed cmd(s): tmsh show /net route static cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs Checking in configs/10.255.128.143; /usr/local/rancid/var/CVS/other/configs/10.255.128.143,v <-- 10.255.128.143 new revision: 1.647; previous revision: 1.646 done Checking in configs/10.255.128.144; /usr/local/rancid/var/CVS/other/configs/10.255.128.144,v <-- 10.255.128.144 new revision: 1.283; previous revision: 1.282 done 10.255.128.145 and 10.255.128.146 are two of the physical chasses, while the IPs from .147 and above are vCMPs. My router.db file: 10.255.128.143:f5:up 10.255.128.144:f5:up 10.255.128.145:f5:up 10.255.128.146:f5:up 10.254.200.2:f5:up 10.255.128.147:f5:up 10.255.128.148:f5:up 10.255.128.151:f5:up 10.255.128.152:f5:up 10.255.128.153:f5:up 10.255.128.154:f5:up 10.255.128.155:f5:up 10.255.128.156:f5:up 10.255.128.157:f5:up 10.255.128.158:f5:up 10.255.128.159:f5:up And lastly, the directory listing for the configs directory: -bash-3.1$ ls -l total 592 -rw-r----- 1 rancid netadm 470068 Dec 2 08:17 10.254.200.2 -rw-r----- 1 rancid netadm 31335 Dec 2 08:17 10.255.128.143 -rw-r----- 1 rancid netadm 27155 Dec 2 08:17 10.255.128.144 -rw-r----- 1 rancid netadm 28406 Nov 5 09:33 10.255.128.145 -rw-r----- 1 rancid netadm 23159 Nov 5 09:33 10.255.128.146 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.147 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.148 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.151 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.152 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.153 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.154 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.155 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.156 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.157 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.158 -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.159 drwxr-x--- 2 rancid netadm 4096 Dec 2 08:21 CVS -rw-r----- 1 rancid netadm 11256 Dec 2 08:18 wlc.nsrc.private And my test from 'f5rancid 10.255.128.147' in a temp directory: -bash-3.1$ ls -l total 20 -rw-r--r-- 1 rancid netadm 17700 Dec 2 08:05 10.255.128.147.new Michael Sloan Systems Programmer Network Support Office: (850) 922-5476 Northwood Shared Resource Center Michael.Sloan at nsrc.myflorida.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Mon Dec 2 14:43:24 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 02 Dec 2013 16:43:24 +0200 Subject: [rancid] Problem with some F5 devices In-Reply-To: <0F94C3474BE7B148B3D03E90547E96FF3B0C16@SNMEXCH2.nsrc.private> References: <0F94C3474BE7B148B3D03E90547E96FF3B0C16@SNMEXCH2.nsrc.private> Message-ID: <529C9C8C.7070708@gmail.com> Your tests described below are quite sensible, but also incomplete We know that clogin works on your f5 with a simple command We know that clogin works on a vCMP with a simple command We know that f5rancid works on your physical chassis What we don't know is if clogin and f5rancid works correctly on a vCMP using the full command set. There must be some difference between what the physical chassis and the vCMPs sending back, otherwise both would work. I suspect some part of the vCMP output is upsetting the f5rancid script causing it to exit early. You need the big troubleshooting guns (this process is almost always what you need to do anyway if adding a device to router.db doesn't work out): 1. Run this test in a temp directory (not the usual rancid dir) as the rancid user 2. Pick a vCMP 3. Run "f5rancid -d " 4. This will give lots of screen output plus a new file with the full text output from the device in the current directory 5. In the screen output will be the full clogin command used. Copy paste that command and run it manually. Verify that the full command set works as expected on a vCMP 6. Look inside the raw data file from step 3. Somewhere near the end I expect to see error messages of some kind. Those errors will tell you were we look next. Note that "missed cmd(s)" and "End of run not found" messages are useless for debugging purposes, they are catch-all output and only indicate that something went wrong. They give no clue as to why. On 02/12/2013 15:49, Michael Sloan wrote: > I?m relatively new to using RANCID, although it has been in use for a > couple of years in my (new) workplace. We have been using RANCID with > Cisco and Juniper equipment, and I recently added some devices from > Aruba and F5 to the list of devices being archived with RANCID. > > > > We have 4 separate F5 chasses doing load-balancing and reverse proxy, > and these work flawlessly with RANCID (once I found an F5 script that > supports version 11 of the F5 OS, anyway). On these chasses, we have > several vCMPs for different clients. The vCMPs have their own IP, and > respond to the same F5 commands that the chasses do. > > > > The files generated in the configs directory for the vCMPs are all > zero-length files, even though the physical chasses produce 23k-47k > files in the configs directory. I have verified that clogin works, and > clogin ?c ?bigpipe version? does in fact produce the correct > output. Running ?f5rancid ? produces a 17k file in a test > directory, so I know the process works for the vCMPs (see directory > listings below). > > > > I have tried removing the entries for the vCMPs in router.db, started > ?run-rancid?, then added the entries back, and RANCID created > zero-length files for the vCMPS a second time. > > > > We are using RANCID 2.3.6, on a CentOS 6 system, with Expect 5.43 > > > > Has anyone encountered this problem or have any ideas how to resolve it? > > > > A typical logfile: > > > > Trying to get all of the configs. > > 10.255.128.146: missed cmd(s): tmsh show /net route static > > 10.255.128.145: missed cmd(s): tmsh show /net route static > > 10.255.128.147: missed cmd(s): tmsh show /net route static > > 10.255.128.148: missed cmd(s): tmsh show /net route static > > 10.255.128.152: missed cmd(s): tmsh show /net route static > > 10.255.128.151: missed cmd(s): tmsh show /net route static > > 10.255.128.153: missed cmd(s): tmsh show /net route static > > 10.255.128.154: missed cmd(s): tmsh show /net route static,tmsh show > /sys hardware > > 10.255.128.155: missed cmd(s): tmsh show /net route static > > 10.255.128.157: missed cmd(s): tmsh show /net route static > > 10.255.128.156: missed cmd(s): tmsh show /net route static > > 10.255.128.158: missed cmd(s): tmsh show /net route static > > 10.255.128.159: missed cmd(s): tmsh show /net route static > > Getting missed routers: round 4. > > 10.255.128.148: missed cmd(s): tmsh show /net route static > > 10.255.128.145: missed cmd(s): tmsh show /net route static > > 10.255.128.147: missed cmd(s): tmsh show /net route static > > 10.255.128.146: missed cmd(s): tmsh show /net route static > > 10.255.128.151: missed cmd(s): tmsh show /net route static > > 10.255.128.152: missed cmd(s): tmsh show /net route static > > 10.255.128.153: missed cmd(s): tmsh show /net route static > > 10.255.128.156: missed cmd(s): tmsh show /net route static > > 10.255.128.154: missed cmd(s): tmsh show /net route static,tmsh show > /sys hardware > > 10.255.128.155: missed cmd(s): tmsh show /net route static > > 10.255.128.157: missed cmd(s): tmsh show /net route static > > 10.255.128.158: missed cmd(s): tmsh show /net route static > > 10.255.128.159: missed cmd(s): tmsh show /net route static > > > > cvs diff: Diffing . > > cvs diff: Diffing configs > > cvs commit: Examining . > > cvs commit: Examining configs > > Checking in configs/10.255.128.143; > > /usr/local/rancid/var/CVS/other/configs/10.255.128.143,v <-- > 10.255.128.143 > > new revision: 1.647; previous revision: 1.646 > > done > > Checking in configs/10.255.128.144; > > /usr/local/rancid/var/CVS/other/configs/10.255.128.144,v <-- > 10.255.128.144 > > new revision: 1.283; previous revision: 1.282 > > done > > > > > > 10.255.128.145 and 10.255.128.146 are two of the physical chasses, while > the IPs from .147 and above are vCMPs. > > > > My router.db file: > > > > 10.255.128.143:f5:up > > 10.255.128.144:f5:up > > 10.255.128.145:f5:up > > 10.255.128.146:f5:up > > 10.254.200.2:f5:up > > 10.255.128.147:f5:up > > 10.255.128.148:f5:up > > 10.255.128.151:f5:up > > 10.255.128.152:f5:up > > 10.255.128.153:f5:up > > 10.255.128.154:f5:up > > 10.255.128.155:f5:up > > 10.255.128.156:f5:up > > 10.255.128.157:f5:up > > 10.255.128.158:f5:up > > 10.255.128.159:f5:up > > > > And lastly, the directory listing for the configs directory: > > > > -bash-3.1$ ls -l > > total 592 > > -rw-r----- 1 rancid netadm 470068 Dec 2 08:17 10.254.200.2 > > -rw-r----- 1 rancid netadm 31335 Dec 2 08:17 10.255.128.143 > > -rw-r----- 1 rancid netadm 27155 Dec 2 08:17 10.255.128.144 > > -rw-r----- 1 rancid netadm 28406 Nov 5 09:33 10.255.128.145 > > -rw-r----- 1 rancid netadm 23159 Nov 5 09:33 10.255.128.146 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.147 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.148 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.151 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.152 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.153 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.154 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.155 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.156 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.157 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.158 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.159 > > drwxr-x--- 2 rancid netadm 4096 Dec 2 08:21 CVS > > -rw-r----- 1 rancid netadm 11256 Dec 2 08:18 wlc.nsrc.private > > > > And my test from ?f5rancid 10.255.128.147? in a temp directory: > > > > -bash-3.1$ ls -l > > total 20 > > -rw-r--r-- 1 rancid netadm 17700 Dec 2 08:05 10.255.128.147.new > > > > > > > > Michael Sloan > > Systems Programmer Network Support > > Office: (850) 922-5476 > > Northwood Shared Resource Center > > Michael.Sloan at nsrc.myflorida.com > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From paul at gear.dyndns.org Mon Dec 2 23:07:37 2013 From: paul at gear.dyndns.org (Paul Gear) Date: Tue, 03 Dec 2013 09:07:37 +1000 Subject: [rancid] My conf diffs looks scrambled on HP In-Reply-To: References: Message-ID: On 11/29/2013 08:09 PM, Mathieu Poussin wrote: > Hello, > > I'm using the last version of rancid (2.3.8), and I have an issue with > my diffs, everytime I run rancid, I get something differents on some > switchs like this : > > Index: configs/lnaut-2626-2 > =================================================================== > - -- configs/lnaut-2626-2 (revision 64) > @@ -5,7 +5,7 @@ > ; > ;Memory: 15M > ; > - ;Image: [H [1HImage stamp: /sw/code/build/fish > + ;Image: stamp: /sw/code/build/fish > ;Image: Mar 28 2012 14:00:27 > ... > This is exactly the same issue than here: > https://groups.google.com/forum/#!topic/rancid-discuss/H5LWYT92pEI > > Do you have an idea ? Hi Mathieu, I see exactly the same thing almost every night on an HP 2810 on one of our sites. Comware switches on the same network using h3crancid have no problems. I haven't investigated yet, but I assumed it was just the ProCurve CLI being a bit flaky, and had planned to replace it with a Comware-based switch as soon as I have the opportunity. Regards, Paul From heas at shrubbery.net Mon Dec 2 23:11:46 2013 From: heas at shrubbery.net (heasley) Date: Mon, 2 Dec 2013 23:11:46 +0000 Subject: [rancid] My conf diffs looks scrambled on HP In-Reply-To: References: Message-ID: <20131202231146.GH24926@shrubbery.net> Tue, Dec 03, 2013 at 09:07:37AM +1000, Paul Gear: > On 11/29/2013 08:09 PM, Mathieu Poussin wrote: > > Hello, > > > > I'm using the last version of rancid (2.3.8), and I have an issue with > > my diffs, everytime I run rancid, I get something differents on some > > switchs like this : > > > > Index: configs/lnaut-2626-2 > > =================================================================== > > - -- configs/lnaut-2626-2 (revision 64) > > @@ -5,7 +5,7 @@ > > ; > > ;Memory: 15M > > ; > > - ;Image: [H [1HImage stamp: /sw/code/build/fish > > + ;Image: stamp: /sw/code/build/fish > > ;Image: Mar 28 2012 14:00:27 > > ... > > This is exactly the same issue than here: > > https://groups.google.com/forum/#!topic/rancid-discuss/H5LWYT92pEI > > > > Do you have an idea ? > > Hi Mathieu, > > I see exactly the same thing almost every night on an HP 2810 on one of > our sites. Comware switches on the same network using h3crancid have no > problems. I haven't investigated yet, but I assumed it was just the > ProCurve CLI being a bit flaky, and had planned to replace it with a > Comware-based switch as soon as I have the opportunity. Please make sure that you have applied patch p1. ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.p1.gz From heas at shrubbery.net Mon Dec 2 23:48:12 2013 From: heas at shrubbery.net (heasley) Date: Mon, 2 Dec 2013 23:48:12 +0000 Subject: [rancid] End of Run Issue with Cisco devices In-Reply-To: <5298B87B.4000009@gmail.com> References: <52989DF9.1060405@gmail.com> <5298B87B.4000009@gmail.com> Message-ID: <20131202234812.GJ24926@shrubbery.net> Fri, Nov 29, 2013 at 05:53:31PM +0200, Alan McKinnon: > On this device, rancid works correctly till it gets to the end of > "more system:running-config" or perhaps the beginning of > "show running-config view full" > > log in manually (using plain telnet and again with clogin) as the rancid > user and run those commands by hand, looking for odd and unusual output. > Something at that point in your output is causing this expect error in > clogin: > > write(spawn_id=1): broken pipe This would generally point to the router pre-maturely terminating the login/connection. An IOS bug perhaps, where using that command causes the parser to crash? From ryan_leung at smartone.com Mon Dec 2 23:50:19 2013 From: ryan_leung at smartone.com (Ryan Leung) Date: Mon, 2 Dec 2013 23:50:19 +0000 Subject: [rancid] Automatic reply: Extreme switch login In-Reply-To: <20131202235017.GK24926@shrubbery.net> References: <0F40727C94238D47B07CAE59A5A9DF94370AA239@APMBX02.smc.local>, <20131202235017.GK24926@shrubbery.net> Message-ID: <6dc807152c83443384f097314060a8fd@APCAS01.smc.local> I will be out of office from 30 Nov and will be back on 5 Dec. In my absence, please feel free to contact my supervisor Kelvin Leung on 2888 2666. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at gear.dyndns.org Tue Dec 3 07:03:07 2013 From: paul at gear.dyndns.org (Paul Gear) Date: Tue, 03 Dec 2013 17:03:07 +1000 Subject: [rancid] My conf diffs looks scrambled on HP In-Reply-To: <20131202231146.GH24926@shrubbery.net> References: <20131202231146.GH24926@shrubbery.net> Message-ID: On 12/03/2013 09:11 AM, heasley wrote: > ... >> Hi Mathieu, >> >> I see exactly the same thing almost every night on an HP 2810 on one of >> our sites. Comware switches on the same network using h3crancid have no >> problems. I haven't investigated yet, but I assumed it was just the >> ProCurve CLI being a bit flaky, and had planned to replace it with a >> Comware-based switch as soon as I have the opportunity. > > Please make sure that you have applied patch p1. > ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.p1.gz Thanks John. I'll give that a shot as soon as I have a chance. Paul From mathieu.poussin at netyxia.net Tue Dec 3 06:29:41 2013 From: mathieu.poussin at netyxia.net (Mathieu Poussin) Date: Tue, 3 Dec 2013 07:29:41 +0100 Subject: [rancid] My conf diffs looks scrambled on HP In-Reply-To: <20131202231146.GH24926@shrubbery.net> References: <20131202231146.GH24926@shrubbery.net> Message-ID: Well I just found the problem. I had both the last version from the tar.gz installed, and the debian/ubuntu package, I was running the tar.gz version from CLI/Cron, but the rancid configuration file was setting the path to the package version. I?ve fixed the path to use the tar.gz version and everything is now working fine Thank you -- Mathieu Poussin On Tuesday 3 December 2013 at 00:11, heasley wrote: > Tue, Dec 03, 2013 at 09:07:37AM +1000, Paul Gear: > > On 11/29/2013 08:09 PM, Mathieu Poussin wrote: > > > Hello, > > > > > > I'm using the last version of rancid (2.3.8), and I have an issue with > > > my diffs, everytime I run rancid, I get something differents on some > > > switchs like this : > > > > > > Index: configs/lnaut-2626-2 > > > =================================================================== > > > - -- configs/lnaut-2626-2 (revision 64) > > > @@ -5,7 +5,7 @@ > > > ; > > > ;Memory: 15M > > > ; > > > - ;Image: [H [1HImage stamp: /sw/code/build/fish > > > + ;Image: stamp: /sw/code/build/fish > > > ;Image: Mar 28 2012 14:00:27 > > > ... > > > This is exactly the same issue than here: > > > https://groups.google.com/forum/#!topic/rancid-discuss/H5LWYT92pEI > > > > > > Do you have an idea ? > > > > Hi Mathieu, > > > > I see exactly the same thing almost every night on an HP 2810 on one of > > our sites. Comware switches on the same network using h3crancid have no > > problems. I haven't investigated yet, but I assumed it was just the > > ProCurve CLI being a bit flaky, and had planned to replace it with a > > Comware-based switch as soon as I have the opportunity. > > > > > Please make sure that you have applied patch p1. > ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.p1.gz > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net (mailto:Rancid-discuss at shrubbery.net) > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Sloan at nsrc.myflorida.com Tue Dec 3 17:44:35 2013 From: Michael.Sloan at nsrc.myflorida.com (Michael Sloan) Date: Tue, 3 Dec 2013 17:44:35 +0000 Subject: [rancid] Problem with some F5 devices In-Reply-To: <529C9C8C.7070708@gmail.com> References: <0F94C3474BE7B148B3D03E90547E96FF3B0C16@SNMEXCH2.nsrc.private> <529C9C8C.7070708@gmail.com> Message-ID: <0F94C3474BE7B148B3D03E90547E96FF3B126E@SNMEXCH2.nsrc.private> Thank you for the additional troubleshooting suggestions, although I'm not sure that I'm closer to a solution with this problem. I'll recap what I've learned from troubleshooting, and then show the file/screen output. The troubleshooting/debugging recap: Manually executing 'f5rancid ' as the rancid user produces a .new file. Manually executing 'f5rancid ' as the rancid user produces a .new file. The f5rancid script first connects and determines the version of the F5 OS in use, and then initiates a second connection to the F5 or vCMP to issue the commands for the newer version of the F5 OS. If you run this second clogin command as the rancid user, you see all the correct screen output, but no file is created - this is true for both the F5 physical chassis and any vCMP. As far as I can see and tell, there aren't any differences in the behavior of the F5 chassis and the F5 vCMP, so I'm at a loss as to why the F5 chassis output files are created and the vCMP files are not. ----- The troubleshooting/debugging information: The screen output from "f5rancid -d ': -bash-3.1$ f5rancid -d 10.255.128.148 executing clogin -t 90 -c "bigpipe version 2>&1" 10.255.128.148 The F5 says to use tmsh, using tmsh command table for config collection. executing clogin -t 90 -c "tmsh show /sys version;tmsh show /sys hardware;tmsh show /sys license;cat /config/ZebOS.conf;lsof -i :179;tmsh show /net route static;tmsh -q list" 10.255.128.148 PROMPT MATCH: \[root at test-prod2:/S1-green-P:Active:In Sync\] config # HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys version In ShowVersion: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys version HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys hardware In ShowHardware: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys hardware HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys license In ShowLicense: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys license HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # cat /config/ZebOS.conf In ShowZebOSconf: [root at test-prod2:/S1-green-P:Active:In Sync] config # cat /config/ZebOS.conf HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # lsof -i :179 In ShowZebOSsockets: [root at test-prod2:/S1-green-P:Active:In Sync] config # lsof -i :179 HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /net route static In ShowRouteStatic: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /net route static HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh -q list In WriteTerm: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh -q list And the file 10.255.128.148.new is created (about 17k in size). If you use clogin to connect to the device and try the commands listed in the second "executing clogin" sequence, several produce no output (for instance, 'tmsh show /net route static' - because there are no static routes), one produces an error message ('cat /config/ZebOS.conf') because the file doesn't exist anywhere on the vCMP filesystem or on the F5 physical chassis filesystem. The rest produce the expected output. There are no error messages in the *.new output flle, aside from the 'file not found' error message from the above-mentioned 'cat' command. Both 'f5rancid ' and 'f5rancid -d ' produce vCMP.new files. The actual clogin command executed second: clogin -t 90 -c "tmsh show /sys version;tmsh show /sys hardware;tmsh show /sys license;cat /config/ZebOS.conf;lsof -i :179;tmsh show /net route static;tmsh -q list" 10.255.128.148 produces no file on the RANCID server, even though the screen output displays the correct output. As an additional test, running that same clogin command on one of the physical chasses produces no file, although 'f5rancid does. Michael Sloan Systems Programmer Network Support Office: (850) 922-5476 Northwood Shared Resource Center Michael.Sloan at nsrc.myflorida.com -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon Sent: Monday, December 02, 2013 9:43 AM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Problem with some F5 devices Your tests described below are quite sensible, but also incomplete We know that clogin works on your f5 with a simple command We know that clogin works on a vCMP with a simple command We know that f5rancid works on your physical chassis What we don't know is if clogin and f5rancid works correctly on a vCMP using the full command set. There must be some difference between what the physical chassis and the vCMPs sending back, otherwise both would work. I suspect some part of the vCMP output is upsetting the f5rancid script causing it to exit early. You need the big troubleshooting guns (this process is almost always what you need to do anyway if adding a device to router.db doesn't work out): 1. Run this test in a temp directory (not the usual rancid dir) as the rancid user 2. Pick a vCMP 3. Run "f5rancid -d " 4. This will give lots of screen output plus a new file with the full text output from the device in the current directory 5. In the screen output will be the full clogin command used. Copy paste that command and run it manually. Verify that the full command set works as expected on a vCMP 6. Look inside the raw data file from step 3. Somewhere near the end I expect to see error messages of some kind. Those errors will tell you were we look next. Note that "missed cmd(s)" and "End of run not found" messages are useless for debugging purposes, they are catch-all output and only indicate that something went wrong. They give no clue as to why. On 02/12/2013 15:49, Michael Sloan wrote: > I'm relatively new to using RANCID, although it has been in use for a > couple of years in my (new) workplace. We have been using RANCID with > Cisco and Juniper equipment, and I recently added some devices from > Aruba and F5 to the list of devices being archived with RANCID. > > > > We have 4 separate F5 chasses doing load-balancing and reverse proxy, > and these work flawlessly with RANCID (once I found an F5 script that > supports version 11 of the F5 OS, anyway). On these chasses, we have > several vCMPs for different clients. The vCMPs have their own IP, and > respond to the same F5 commands that the chasses do. > > > > The files generated in the configs directory for the vCMPs are all > zero-length files, even though the physical chasses produce 23k-47k > files in the configs directory. I have verified that clogin works, and > clogin -c "bigpipe version' does in fact produce the correct > output. Running "f5rancid " produces a 17k file in a test > directory, so I know the process works for the vCMPs (see directory > listings below). > > > > I have tried removing the entries for the vCMPs in router.db, started > 'run-rancid', then added the entries back, and RANCID created > zero-length files for the vCMPS a second time. > > > > We are using RANCID 2.3.6, on a CentOS 6 system, with Expect 5.43 > > > > Has anyone encountered this problem or have any ideas how to resolve it? > > > > A typical logfile: > > > > Trying to get all of the configs. > > 10.255.128.146: missed cmd(s): tmsh show /net route static > > 10.255.128.145: missed cmd(s): tmsh show /net route static > > 10.255.128.147: missed cmd(s): tmsh show /net route static > > 10.255.128.148: missed cmd(s): tmsh show /net route static > > 10.255.128.152: missed cmd(s): tmsh show /net route static > > 10.255.128.151: missed cmd(s): tmsh show /net route static > > 10.255.128.153: missed cmd(s): tmsh show /net route static > > 10.255.128.154: missed cmd(s): tmsh show /net route static,tmsh show > /sys hardware > > 10.255.128.155: missed cmd(s): tmsh show /net route static > > 10.255.128.157: missed cmd(s): tmsh show /net route static > > 10.255.128.156: missed cmd(s): tmsh show /net route static > > 10.255.128.158: missed cmd(s): tmsh show /net route static > > 10.255.128.159: missed cmd(s): tmsh show /net route static > > Getting missed routers: round 4. > > 10.255.128.148: missed cmd(s): tmsh show /net route static > > 10.255.128.145: missed cmd(s): tmsh show /net route static > > 10.255.128.147: missed cmd(s): tmsh show /net route static > > 10.255.128.146: missed cmd(s): tmsh show /net route static > > 10.255.128.151: missed cmd(s): tmsh show /net route static > > 10.255.128.152: missed cmd(s): tmsh show /net route static > > 10.255.128.153: missed cmd(s): tmsh show /net route static > > 10.255.128.156: missed cmd(s): tmsh show /net route static > > 10.255.128.154: missed cmd(s): tmsh show /net route static,tmsh show > /sys hardware > > 10.255.128.155: missed cmd(s): tmsh show /net route static > > 10.255.128.157: missed cmd(s): tmsh show /net route static > > 10.255.128.158: missed cmd(s): tmsh show /net route static > > 10.255.128.159: missed cmd(s): tmsh show /net route static > > > > cvs diff: Diffing . > > cvs diff: Diffing configs > > cvs commit: Examining . > > cvs commit: Examining configs > > Checking in configs/10.255.128.143; > > /usr/local/rancid/var/CVS/other/configs/10.255.128.143,v <-- > 10.255.128.143 > > new revision: 1.647; previous revision: 1.646 > > done > > Checking in configs/10.255.128.144; > > /usr/local/rancid/var/CVS/other/configs/10.255.128.144,v <-- > 10.255.128.144 > > new revision: 1.283; previous revision: 1.282 > > done > > > > > > 10.255.128.145 and 10.255.128.146 are two of the physical chasses, > while the IPs from .147 and above are vCMPs. > > > > My router.db file: > > > > 10.255.128.143:f5:up > > 10.255.128.144:f5:up > > 10.255.128.145:f5:up > > 10.255.128.146:f5:up > > 10.254.200.2:f5:up > > 10.255.128.147:f5:up > > 10.255.128.148:f5:up > > 10.255.128.151:f5:up > > 10.255.128.152:f5:up > > 10.255.128.153:f5:up > > 10.255.128.154:f5:up > > 10.255.128.155:f5:up > > 10.255.128.156:f5:up > > 10.255.128.157:f5:up > > 10.255.128.158:f5:up > > 10.255.128.159:f5:up > > > > And lastly, the directory listing for the configs directory: > > > > -bash-3.1$ ls -l > > total 592 > > -rw-r----- 1 rancid netadm 470068 Dec 2 08:17 10.254.200.2 > > -rw-r----- 1 rancid netadm 31335 Dec 2 08:17 10.255.128.143 > > -rw-r----- 1 rancid netadm 27155 Dec 2 08:17 10.255.128.144 > > -rw-r----- 1 rancid netadm 28406 Nov 5 09:33 10.255.128.145 > > -rw-r----- 1 rancid netadm 23159 Nov 5 09:33 10.255.128.146 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.147 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.148 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.151 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.152 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.153 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.154 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.155 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.156 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.157 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.158 > > -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.159 > > drwxr-x--- 2 rancid netadm 4096 Dec 2 08:21 CVS > > -rw-r----- 1 rancid netadm 11256 Dec 2 08:18 wlc.nsrc.private > > > > And my test from 'f5rancid 10.255.128.147' in a temp directory: > > > > -bash-3.1$ ls -l > > total 20 > > -rw-r--r-- 1 rancid netadm 17700 Dec 2 08:05 10.255.128.147.new > > > > > > > > Michael Sloan > > Systems Programmer Network Support > > Office: (850) 922-5476 > > Northwood Shared Resource Center > > Michael.Sloan at nsrc.myflorida.com > > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From alan.mckinnon at gmail.com Tue Dec 3 20:16:17 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 03 Dec 2013 22:16:17 +0200 Subject: [rancid] Problem with some F5 devices In-Reply-To: <0F94C3474BE7B148B3D03E90547E96FF3B126E@SNMEXCH2.nsrc.private> References: <0F94C3474BE7B148B3D03E90547E96FF3B0C16@SNMEXCH2.nsrc.private> <529C9C8C.7070708@gmail.com> <0F94C3474BE7B148B3D03E90547E96FF3B126E@SNMEXCH2.nsrc.private> Message-ID: <529E3C11.5090800@gmail.com> Hi Michael, All the info you've given here indicates that things are working correctly. The f5rancid -d output with the "HIT COMMAND" sections especially shows that data was collected and it's in a useable format - the parser detected the prompt and then found the expected commands in the expected order. This is good news, as you've narrowed down considerably the piece of code that contains your bug. Briefly, how rancid runs is: - rancid-run is the script you launch - rancid-run launches control_rancid for each group of devices in turn - control_rancid launches par - par runs PAR_CONT number of parallel sub-processes, one per device - Each of those sub-processes starts rancid-fe which uses the device type from router.db to start the appropriate rancid script (in your case f5rancid) - f5rancid runs clogin to fetch all the config info from the device, usually it goes into a .raw disk file, but there is an option to use pipes as well - f5rancid then goes through that saved output line by line making sense out of it, discarding unwanted text and writing the full desired output to a .new file The next bit is where I'm somewhat fuzzy (it's never failed me yet): - the .new file is diff'ed with the previous fetched config, renamed and booked into CVS and various mail notifications are generated and sent. Your setup appears to be working correctly up to the point where a .new file is generated, and everything else is common code. This doesn't leave much to exmine, basically the last 20 lines of f5rancid after the main loop labelled TOP. I can't meaningfully help much further than this, I don't have any F5s so I think you need to debug further by reading the code. How's your perl? On 03/12/2013 19:44, Michael Sloan wrote: > Thank you for the additional troubleshooting suggestions, although I'm not sure that I'm closer to a solution with this problem. I'll recap what I've learned from troubleshooting, and then show the file/screen output. > > The troubleshooting/debugging recap: > > Manually executing 'f5rancid ' as the rancid user produces a .new file. > Manually executing 'f5rancid ' as the rancid user produces a .new file. > > The f5rancid script first connects and determines the version of the F5 OS in use, and then initiates a second connection to the F5 or vCMP to issue the commands for the newer version of the F5 OS. If you run this second clogin command as the rancid user, you see all the correct screen output, but no file is created - this is true for both the F5 physical chassis and any vCMP. > > As far as I can see and tell, there aren't any differences in the behavior of the F5 chassis and the F5 vCMP, so I'm at a loss as to why the F5 chassis output files are created and the vCMP files are not. > > > ----- > The troubleshooting/debugging information: > > The screen output from "f5rancid -d ': > > -bash-3.1$ f5rancid -d 10.255.128.148 > executing clogin -t 90 -c "bigpipe version 2>&1" 10.255.128.148 > The F5 says to use tmsh, using tmsh command table for config collection. > executing clogin -t 90 -c "tmsh show /sys version;tmsh show /sys hardware;tmsh show /sys license;cat /config/ZebOS.conf;lsof -i :179;tmsh show /net route static;tmsh -q list" 10.255.128.148 > PROMPT MATCH: \[root at test-prod2:/S1-green-P:Active:In Sync\] config # > HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys version > In ShowVersion: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys version > HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys hardware > In ShowHardware: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys hardware > HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys license > In ShowLicense: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /sys license > HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # cat /config/ZebOS.conf > In ShowZebOSconf: [root at test-prod2:/S1-green-P:Active:In Sync] config # cat /config/ZebOS.conf > HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # lsof -i :179 > In ShowZebOSsockets: [root at test-prod2:/S1-green-P:Active:In Sync] config # lsof -i :179 > HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /net route static > In ShowRouteStatic: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh show /net route static > HIT COMMAND:[root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh -q list > In WriteTerm: [root at test-prod2:/S1-green-P:Active:In Sync] config # tmsh -q list > > And the file 10.255.128.148.new is created (about 17k in size). > > If you use clogin to connect to the device and try the commands listed in the second "executing clogin" sequence, several produce no output (for instance, 'tmsh show /net route static' - because there are no static routes), one produces an error message ('cat /config/ZebOS.conf') because the file doesn't exist anywhere on the vCMP filesystem or on the F5 physical chassis filesystem. The rest produce the expected output. > > There are no error messages in the *.new output flle, aside from the 'file not found' error message from the above-mentioned 'cat' command. Both 'f5rancid ' and 'f5rancid -d ' produce vCMP.new files. The actual clogin command executed second: > > clogin -t 90 -c "tmsh show /sys version;tmsh show /sys hardware;tmsh show /sys license;cat /config/ZebOS.conf;lsof -i :179;tmsh show /net route static;tmsh -q list" 10.255.128.148 > > produces no file on the RANCID server, even though the screen output displays the correct output. As an additional test, running that same clogin command on one of the physical chasses produces no file, although 'f5rancid does. > > > Michael Sloan > Systems Programmer Network Support > Office: (850) 922-5476 > Northwood Shared Resource Center > Michael.Sloan at nsrc.myflorida.com > > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon > Sent: Monday, December 02, 2013 9:43 AM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Problem with some F5 devices > > Your tests described below are quite sensible, but also incomplete > > We know that clogin works on your f5 with a simple command We know that clogin works on a vCMP with a simple command We know that f5rancid works on your physical chassis > > What we don't know is if clogin and f5rancid works correctly on a vCMP using the full command set. There must be some difference between what the physical chassis and the vCMPs sending back, otherwise both would work. I suspect some part of the vCMP output is upsetting the f5rancid script causing it to exit early. > > You need the big troubleshooting guns (this process is almost always what you need to do anyway if adding a device to router.db doesn't work > out): > > 1. Run this test in a temp directory (not the usual rancid dir) as the rancid user 2. Pick a vCMP 3. Run "f5rancid -d " > 4. This will give lots of screen output plus a new file with the full text output from the device in the current directory 5. In the screen output will be the full clogin command used. Copy paste that command and run it manually. Verify that the full command set works as expected on a vCMP 6. Look inside the raw data file from step 3. Somewhere near the end I expect to see error messages of some kind. Those errors will tell you were we look next. > > Note that "missed cmd(s)" and "End of run not found" messages are useless for debugging purposes, they are catch-all output and only indicate that something went wrong. They give no clue as to why. > > > > > > On 02/12/2013 15:49, Michael Sloan wrote: >> I'm relatively new to using RANCID, although it has been in use for a >> couple of years in my (new) workplace. We have been using RANCID with >> Cisco and Juniper equipment, and I recently added some devices from >> Aruba and F5 to the list of devices being archived with RANCID. >> >> >> >> We have 4 separate F5 chasses doing load-balancing and reverse proxy, >> and these work flawlessly with RANCID (once I found an F5 script that >> supports version 11 of the F5 OS, anyway). On these chasses, we have >> several vCMPs for different clients. The vCMPs have their own IP, and >> respond to the same F5 commands that the chasses do. >> >> >> >> The files generated in the configs directory for the vCMPs are all >> zero-length files, even though the physical chasses produce 23k-47k >> files in the configs directory. I have verified that clogin works, and >> clogin -c "bigpipe version' does in fact produce the correct >> output. Running "f5rancid " produces a 17k file in a test >> directory, so I know the process works for the vCMPs (see directory >> listings below). >> >> >> >> I have tried removing the entries for the vCMPs in router.db, started >> 'run-rancid', then added the entries back, and RANCID created >> zero-length files for the vCMPS a second time. >> >> >> >> We are using RANCID 2.3.6, on a CentOS 6 system, with Expect 5.43 >> >> >> >> Has anyone encountered this problem or have any ideas how to resolve it? >> >> >> >> A typical logfile: >> >> >> >> Trying to get all of the configs. >> >> 10.255.128.146: missed cmd(s): tmsh show /net route static >> >> 10.255.128.145: missed cmd(s): tmsh show /net route static >> >> 10.255.128.147: missed cmd(s): tmsh show /net route static >> >> 10.255.128.148: missed cmd(s): tmsh show /net route static >> >> 10.255.128.152: missed cmd(s): tmsh show /net route static >> >> 10.255.128.151: missed cmd(s): tmsh show /net route static >> >> 10.255.128.153: missed cmd(s): tmsh show /net route static >> >> 10.255.128.154: missed cmd(s): tmsh show /net route static,tmsh show >> /sys hardware >> >> 10.255.128.155: missed cmd(s): tmsh show /net route static >> >> 10.255.128.157: missed cmd(s): tmsh show /net route static >> >> 10.255.128.156: missed cmd(s): tmsh show /net route static >> >> 10.255.128.158: missed cmd(s): tmsh show /net route static >> >> 10.255.128.159: missed cmd(s): tmsh show /net route static >> >> Getting missed routers: round 4. >> >> 10.255.128.148: missed cmd(s): tmsh show /net route static >> >> 10.255.128.145: missed cmd(s): tmsh show /net route static >> >> 10.255.128.147: missed cmd(s): tmsh show /net route static >> >> 10.255.128.146: missed cmd(s): tmsh show /net route static >> >> 10.255.128.151: missed cmd(s): tmsh show /net route static >> >> 10.255.128.152: missed cmd(s): tmsh show /net route static >> >> 10.255.128.153: missed cmd(s): tmsh show /net route static >> >> 10.255.128.156: missed cmd(s): tmsh show /net route static >> >> 10.255.128.154: missed cmd(s): tmsh show /net route static,tmsh show >> /sys hardware >> >> 10.255.128.155: missed cmd(s): tmsh show /net route static >> >> 10.255.128.157: missed cmd(s): tmsh show /net route static >> >> 10.255.128.158: missed cmd(s): tmsh show /net route static >> >> 10.255.128.159: missed cmd(s): tmsh show /net route static >> >> >> >> cvs diff: Diffing . >> >> cvs diff: Diffing configs >> >> cvs commit: Examining . >> >> cvs commit: Examining configs >> >> Checking in configs/10.255.128.143; >> >> /usr/local/rancid/var/CVS/other/configs/10.255.128.143,v <-- >> 10.255.128.143 >> >> new revision: 1.647; previous revision: 1.646 >> >> done >> >> Checking in configs/10.255.128.144; >> >> /usr/local/rancid/var/CVS/other/configs/10.255.128.144,v <-- >> 10.255.128.144 >> >> new revision: 1.283; previous revision: 1.282 >> >> done >> >> >> >> >> >> 10.255.128.145 and 10.255.128.146 are two of the physical chasses, >> while the IPs from .147 and above are vCMPs. >> >> >> >> My router.db file: >> >> >> >> 10.255.128.143:f5:up >> >> 10.255.128.144:f5:up >> >> 10.255.128.145:f5:up >> >> 10.255.128.146:f5:up >> >> 10.254.200.2:f5:up >> >> 10.255.128.147:f5:up >> >> 10.255.128.148:f5:up >> >> 10.255.128.151:f5:up >> >> 10.255.128.152:f5:up >> >> 10.255.128.153:f5:up >> >> 10.255.128.154:f5:up >> >> 10.255.128.155:f5:up >> >> 10.255.128.156:f5:up >> >> 10.255.128.157:f5:up >> >> 10.255.128.158:f5:up >> >> 10.255.128.159:f5:up >> >> >> >> And lastly, the directory listing for the configs directory: >> >> >> >> -bash-3.1$ ls -l >> >> total 592 >> >> -rw-r----- 1 rancid netadm 470068 Dec 2 08:17 10.254.200.2 >> >> -rw-r----- 1 rancid netadm 31335 Dec 2 08:17 10.255.128.143 >> >> -rw-r----- 1 rancid netadm 27155 Dec 2 08:17 10.255.128.144 >> >> -rw-r----- 1 rancid netadm 28406 Nov 5 09:33 10.255.128.145 >> >> -rw-r----- 1 rancid netadm 23159 Nov 5 09:33 10.255.128.146 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.147 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.148 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.151 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.152 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.153 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.154 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.155 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.156 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.157 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.158 >> >> -rw-r----- 1 rancid netadm 0 Nov 27 11:17 10.255.128.159 >> >> drwxr-x--- 2 rancid netadm 4096 Dec 2 08:21 CVS >> >> -rw-r----- 1 rancid netadm 11256 Dec 2 08:18 wlc.nsrc.private >> >> >> >> And my test from 'f5rancid 10.255.128.147' in a temp directory: >> >> >> >> -bash-3.1$ ls -l >> >> total 20 >> >> -rw-r--r-- 1 rancid netadm 17700 Dec 2 08:05 10.255.128.147.new >> >> >> >> >> >> >> >> Michael Sloan >> >> Systems Programmer Network Support >> >> Office: (850) 922-5476 >> >> Northwood Shared Resource Center >> >> Michael.Sloan at nsrc.myflorida.com >> >> >> >> >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From stse+ancid at fsing.rootsland.net Wed Dec 4 16:22:50 2013 From: stse+ancid at fsing.rootsland.net (Stephan Seitz) Date: Wed, 4 Dec 2013 17:22:50 +0100 Subject: [rancid] F5 backups are only working for some hosts via cron, but always manually Message-ID: <20131204T171416.GA.613c5.stse@fsing.rootsland.net> Hi! I have two F5 clusters, bigip2a/bigip2b and bigip3a/bigip3b. If I start rancid-run for these four hosts manually all four hosts are backuped without problems. But if rancid-run is launched via cron I get error messages for the two b systems (bigip2b and bigip3b). The rancid log shows messages like: bigip3b: found unexpected command - "bigpipe list" bigip2b: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key bigip3b: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key bigip3b: End of run not found Why don?t I have the same errors if I run ?rancid-run bigip3b?? And how can I fix it? Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: stse at fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3621 bytes Desc: not available URL: From stse+rancid at fsing.rootsland.net Wed Dec 4 18:01:21 2013 From: stse+rancid at fsing.rootsland.net (Stephan Seitz) Date: Wed, 4 Dec 2013 19:01:21 +0100 Subject: [rancid] More information in the subject of the config diff mail Message-ID: <20131204T190041.GA.e54ef.stse@fsing.rootsland.net> Hi! I?m trying the rancid software and I find it very nice, but the mail with the config diffs has only the subject ?networking router config diffs?. This means I can?t see which hosts have changed without reading the mail. And if one host has only a small change I may overlook it. Is it possible to put the hostnames in the subject as well? Or would this be a very big code change? Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: stse at fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3621 bytes Desc: not available URL: From alan.mckinnon at gmail.com Wed Dec 4 19:56:37 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 04 Dec 2013 21:56:37 +0200 Subject: [rancid] More information in the subject of the config diff mail In-Reply-To: <20131204T190041.GA.e54ef.stse@fsing.rootsland.net> References: <20131204T190041.GA.e54ef.stse@fsing.rootsland.net> Message-ID: <529F88F5.5080909@gmail.com> On 04/12/2013 20:01, Stephan Seitz wrote: > Hi! > > I?m trying the rancid software and I find it very nice, but the mail > with the config diffs has only the subject ?networking router config > diffs?. > > This means I can?t see which hosts have changed without reading the > mail. And if one host has only a small change I may overlook it. > > Is it possible to put the hostnames in the subject as well? Or would > this be a very big code change? > > Shade and sweet water! > > Stephan diff mails are per-group and not per-device and the group is mentioned in the mail title. Groups can be arbitrarily large - I have some groups with over 800 entries with about half of them edge routers with customer circuits. All of those change about once a day at least. I can't deal with 400 diff mails after every run or 400 hostnames in the subject so both of those approaches are futile. rancid's current setup is probably the best middle ground there is and mail can only do so much. If you need more information, try something like Splunk -- Alan McKinnon alan.mckinnon at gmail.com From alan.mckinnon at gmail.com Wed Dec 4 20:05:51 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 04 Dec 2013 22:05:51 +0200 Subject: [rancid] F5 backups are only working for some hosts via cron, but always manually In-Reply-To: <20131204T171416.GA.613c5.stse@fsing.rootsland.net> References: <20131204T171416.GA.613c5.stse@fsing.rootsland.net> Message-ID: <529F8B1F.2030400@gmail.com> On 04/12/2013 18:22, Stephan Seitz wrote: > Hi! > > I have two F5 clusters, bigip2a/bigip2b and bigip3a/bigip3b. > If I start rancid-run for these four hosts manually all four hosts are > backuped without problems. But if rancid-run is launched via cron I get > error messages for the two b systems (bigip2b and bigip3b). > > The rancid log shows messages like: > bigip3b: found unexpected command - "bigpipe list" > bigip2b: missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > bigip3b: missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key > bigip3b: End of run not found > > Why don?t I have the same errors if I run ?rancid-run bigip3b?? And how > can I fix it? > > Shade and sweet water! > > Stephan This is a common problem with cron and has little to do with the program being run and everything to do with the environment. Cron does not run out of a login shell, so the environment is not set up at all. As a human user you get used to this being there and forget it is entirely absent from cron. Look in the .raw files generated by f5rancid and see what's going around the end of 'bigpipe route static show' and beginning of 'ls --full-time --color=never /config/ssl/ssl.crt' With luck you'll find clues as to an environment-related cause. Unfortunately there's no easy answer to your question as there are 100s of possible causes. You need to look closely at your own unique results. -- Alan McKinnon alan.mckinnon at gmail.com From stse+rancid at fsing.rootsland.net Wed Dec 4 21:11:49 2013 From: stse+rancid at fsing.rootsland.net (Stephan Seitz) Date: Wed, 4 Dec 2013 22:11:49 +0100 Subject: [rancid] More information in the subject of the config diff mail In-Reply-To: <529F88F5.5080909@gmail.com> References: <20131204T190041.GA.e54ef.stse@fsing.rootsland.net> <529F88F5.5080909@gmail.com> Message-ID: <20131204T215930.GA.19310.stse@fsing.rootsland.net> On Wed, Dec 04, 2013 at 09:56:37PM +0200, Alan McKinnon wrote: >> Is it possible to put the hostnames in the subject as well? Or would >> this be a very big code change? >diff mails are per-group and not per-device and the group is mentioned >in the mail title. Yes, I know. The problem is: if I make the change I don?t really need the mail. But if I didn?t make the change, a single line change in the configuration of one host may get lost if there are bigger changes in other hosts as well. So at least I would be glad if I can see the hostnames in the subject line. >I can't deal with 400 diff mails after every run or 400 hostnames in the >subject so both of those approaches are futile. rancid's current setup You?re right and I don?t say that this change would help everyone. A configuration option would be nice, so everyone can choose. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: stse at fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3621 bytes Desc: not available URL: From stse+rancid at fsing.rootsland.net Wed Dec 4 21:14:02 2013 From: stse+rancid at fsing.rootsland.net (Stephan Seitz) Date: Wed, 4 Dec 2013 22:14:02 +0100 Subject: [rancid] F5 backups are only working for some hosts via cron, but always manually In-Reply-To: <529F8B1F.2030400@gmail.com> References: <20131204T171416.GA.613c5.stse@fsing.rootsland.net> <529F8B1F.2030400@gmail.com> Message-ID: <20131204T221227.GA.3071d.stse@fsing.rootsland.net> On Wed, Dec 04, 2013 at 10:05:51PM +0200, Alan McKinnon wrote: >Look in the .raw files generated by f5rancid and see what's going around >the end of 'bigpipe route static show' and beginning of 'ls --full-time >--color=never /config/ssl/ssl.crt' Thanks, I will analyse the environment and the .raw files. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: stse at fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3621 bytes Desc: not available URL: From heas at shrubbery.net Thu Dec 5 01:28:24 2013 From: heas at shrubbery.net (John Heasley) Date: Wed, 4 Dec 2013 17:28:24 -0800 Subject: [rancid] More information in the subject of the config diff mail In-Reply-To: <20131204T215930.GA.19310.stse@fsing.rootsland.net> References: <20131204T190041.GA.e54ef.stse@fsing.rootsland.net> <529F88F5.5080909@gmail.com> <20131204T215930.GA.19310.stse@fsing.rootsland.net> Message-ID: <97FE6E37-B25F-4B07-B30B-9A56DBC71349@shrubbery.net> Am Dec 4, 2013 um 1:11 PM schrieb Stephan Seitz : > > On Wed, Dec 04, 2013 at 09:56:37PM +0200, Alan McKinnon wrote: >>> Is it possible to put the hostnames in the subject as well? Or would >>> this be a very big code change? >> diff mails are per-group and not per-device and the group is mentioned >> in the mail title. > > Yes, I know. The problem is: if I make the change I don?t really need the mail. But if I didn?t make the change, a single line change in the configuration of one host may get lost if there are bigger changes in other hosts as well. > So at least I would be glad if I can see the hostnames in the subject line. > Per-device mail could be added but seems ugly. You could devnull the normal diffs and do daily diffs via cron, so you only receive one email, or one per group, etc. >> I can't deal with 400 diff mails after every run or 400 hostnames in the >> subject so both of those approaches are futile. rancid's current setup > > You?re right and I don?t say that this change would help everyone. A configuration option would be nice, so everyone can choose. > > Shade and sweet water! > > Stephan > > -- > | Stephan Seitz E-Mail: stse at fsing.rootsland.net | > | Public Keys: http://fsing.rootsland.net/~stse/keys.html | > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From mutz.online at gmail.com Thu Dec 5 13:19:57 2013 From: mutz.online at gmail.com (Herbert Mutz) Date: Thu, 05 Dec 2013 14:19:57 +0100 Subject: [rancid] enterasys n series Message-ID: <52A07D7D.1060800@gmail.com> Hi there, i want to utilize rancid on enterasys n1 n3 and n7 series switches. Currently I have a running setup, that works great on foundry / brocade devices and somewhat good on hp switches. Rancid authenticates against a tacacs+ server successfully when using clogin. With a rancid -- r it doesn't work. The log says : tac_plus[4383]: connect from 172.18.*.** [172.18.*.**] tac_plus[4383]: login failure: rancid 172.18.*.** (172.18.*.**) telnet tacacs+ config for rancid user user = rancid { default service = permit pap = cleartext "rancid_login" login = cleartext "rancid_login" enable = cleartext "XXX" name = "Rancid User" service = exec { priv-lvl = 15 } } My concern is, that there isn't a value for Enterasys that I can configure in the router.db which means these devices aren't supported. I disabled autoenable in .cloginrc for the specific hosts. Is there an unofficial patch or workaround to get things working with the N series switches from Enterasys ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From stse+rancid at fsing.rootsland.net Thu Dec 5 15:22:36 2013 From: stse+rancid at fsing.rootsland.net (Stephan Seitz) Date: Thu, 5 Dec 2013 16:22:36 +0100 Subject: [rancid] F5 backups are only working for some hosts via cron, but always manually In-Reply-To: <529F8B1F.2030400@gmail.com> References: <20131204T171416.GA.613c5.stse@fsing.rootsland.net> <529F8B1F.2030400@gmail.com> Message-ID: <20131205T161042.GA.93fe8.stse@fsing.rootsland.net> On Wed, Dec 04, 2013 at 10:05:51PM +0200, Alan McKinnon wrote: >This is a common problem with cron and has little to do with the program >being run and everything to do with the environment. Cron does not run Well, I can say after several tests that I have probably found the problem, but I don?t understand it. The command: clogin -t 90 -c"bigpipe version;bigpipe platform;cat /config/bigip.license;bigpipe monitor list all;bigpipe profile list;bigpipe base list;bigpipe db show;bigpipe route static show;ls --full-time --color=never /config/ssl/ssl.crt;ls --full-time --color=never /config/ssl/ssl.key;bigpipe list" bigip2b a) called directly from the rancid user shell b) called from the root shell via ?su - rancid -c ? Looking at the different outputs of the problematic lines I can see the following: a) [root at bigip2b:Standby] config # ls --full-time --color=never /config/ssl/ssl.crt^M [root at bigip2b:Standby] config # ls --full-time --color=never /config/ssl/ssl.key^M [root at bigip2b:Standby] config # bigpipe list^M b) [root at bigip2b:Standby] config # ls --full-time --color=never /config/ssl/ssl.crt ^M^[[A[root at bigip2b:Standby] config # ls --full-time --color=never /config/ssl/ssl.cr^[[Kt^M ls --full-time --color=never /config/ssl/ssl.key^M [root at bigip2b:Standby] config # ls --full-time --color=never /config/ssl/ssl.key ^M^[[A[root at bigip2b:Standby] config #total 64^M e[root at bigip2b:Standby] config # bigpipe list^M So besides the CR characters the second output shows some other control characters which probably confuses the parser in the end. Is this the right conclusion? But why do I get these additional control characters in the second case? Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: stse at fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3621 bytes Desc: not available URL: From alan.mckinnon at gmail.com Thu Dec 5 19:35:18 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 05 Dec 2013 21:35:18 +0200 Subject: [rancid] F5 backups are only working for some hosts via cron, but always manually In-Reply-To: <20131205T161042.GA.93fe8.stse@fsing.rootsland.net> References: <20131204T171416.GA.613c5.stse@fsing.rootsland.net> <529F8B1F.2030400@gmail.com> <20131205T161042.GA.93fe8.stse@fsing.rootsland.net> Message-ID: <52A0D576.5040700@gmail.com> On 05/12/2013 17:22, Stephan Seitz wrote: > On Wed, Dec 04, 2013 at 10:05:51PM +0200, Alan McKinnon wrote: >> This is a common problem with cron and has little to do with the program >> being run and everything to do with the environment. Cron does not run > > Well, I can say after several tests that I have probably found the > problem, but I don?t understand it. > > The command: > clogin -t 90 -c"bigpipe version;bigpipe platform;cat > /config/bigip.license;bigpipe monitor list all;bigpipe profile > list;bigpipe base list;bigpipe db show;bigpipe route static show;ls > --full-time --color=never /config/ssl/ssl.crt;ls --full-time > --color=never /config/ssl/ssl.key;bigpipe list" bigip2b > > a) called directly from the rancid user shell > b) called from the root shell via ?su - rancid -c ? > > Looking at the different outputs of the problematic lines I can see the > following: > a) > [root at bigip2b:Standby] config # ls --full-time --color=never > /config/ssl/ssl.crt^M > > [root at bigip2b:Standby] config # ls --full-time --color=never > /config/ssl/ssl.key^M > > [root at bigip2b:Standby] config # bigpipe list^M > > > b) > [root at bigip2b:Standby] config # ls --full-time --color=never > /config/ssl/ssl.crt ^M^[[A[root at bigip2b:Standby] config # ls --full-time > --color=never /config/ssl/ssl.cr^[[Kt^M > > ls --full-time --color=never /config/ssl/ssl.key^M > [root at bigip2b:Standby] config # ls --full-time --color=never > /config/ssl/ssl.key ^M^[[A[root at bigip2b:Standby] config #total 64^M > > e[root at bigip2b:Standby] config # bigpipe list^M > > > So besides the CR characters the second output shows some other control > characters which probably confuses the parser in the end. > > Is this the right conclusion? But why do I get these additional control > characters in the second case? Those ANSI escape sequences containing "[" are never supposed to be echoed to the screen at all, they are controls to the terminal emulator to take some action or other. To see why you get them in case b) look the the man page for su under option -c: -c, --command COMMAND Specify a command that will be invoked by the shell using its -c. The executed command will have no controlling terminal. This option cannot be used to execute interractive programs which need a controlling TTY. You disable the terminal emulator with -c, so the escape sequences are passed through and not acted on. We now need to check what actually happens in your cron jobs. What is the content of rancid.conf, especially the settings NOPIPE, PATH and TERM? -- Alan McKinnon alan.mckinnon at gmail.com From tayfunsari1982 at gmail.com Fri Dec 6 07:19:38 2013 From: tayfunsari1982 at gmail.com (=?UTF-8?B?VGF5ZnVuIFNhcsSx?=) Date: Fri, 6 Dec 2013 09:19:38 +0200 Subject: [rancid] ACS 4.2 and rancid config example... Message-ID: Hi All, Can anyone share the acs4.2 user/group config and switch config that is working with Rancid? Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From stse+rancid at fsing.rootsland.net Fri Dec 6 13:09:20 2013 From: stse+rancid at fsing.rootsland.net (Stephan Seitz) Date: Fri, 6 Dec 2013 14:09:20 +0100 Subject: [rancid] F5 backups are only working for some hosts via cron, but always manually In-Reply-To: <52A0D576.5040700@gmail.com> References: <20131204T171416.GA.613c5.stse@fsing.rootsland.net> <529F8B1F.2030400@gmail.com> <20131205T161042.GA.93fe8.stse@fsing.rootsland.net> <52A0D576.5040700@gmail.com> Message-ID: <20131206T134957.GA.f123f.stse@fsing.rootsland.net> On Thu, Dec 05, 2013 at 09:35:18PM +0200, Alan McKinnon wrote: >Those ANSI escape sequences containing "[" are never supposed to be >echoed to the screen at all, they are controls to the terminal emulator >to take some action or other. > >To see why you get them in case b) look the the man page for su under >option -c: > > -c, --command COMMAND > Specify a command that will be invoked by the shell using its -c. > > The executed command will have no controlling terminal. This >option cannot be used to > execute interractive programs which need a controlling TTY. Ah, thank you very much for the explanation. So I?ll better test via cron. >We now need to check what actually happens in your cron jobs. What is >the content of rancid.conf, especially the settings NOPIPE, PATH and TERM? TERM=xterm;export TERM LC_COLLATE=?POSIX?; export LC_COLLATE umask 027 TMPDIR=/tmp; export TMPDIR BASEDIR=/var/lib/rancid; export BASEDIR PATH=/usr/lib/rancid/bin:/usr/bin:/usr/sbin:/bin:/usr/local/bin:/usr/bin; export PATH CVSROOT=$BASEDIR/CVS; export CVSROOT LOGDIR=$BASEDIR/logs; export LOGDIR RCSSYS=svn; export RCSSYS ACLSORT=YES; export ACLSORT FILTER_PWDS=NO; export FILTER_PWDS NOCOMMSTR=NO; export NOCOMMSTR LIST_OF_GROUPS=?networking? The default TERM setting after installation (Debian package) was network, but this doesn?t exist. So I changed it in the last days when I tried to analyse the problem. I tested TERM with the values xterm, linux, and screen together with NOPIPE=yes and no. But the results are always the same. All Cisco devices and the two active F5 are working, even with the nonexisting TERM setting network. The two standby F5 are only working manually. The environment variables for the rancid user via cron are: HOME=/var/lib/rancid LOGNAME=rancid PATH=/usr/bin:/bin LANG=en_US.UTF-8 SHELL=/bin/sh PWD=/var/lib/rancid The environment variables for the rancid user (bash) are: SHELL=/bin/bash TERM=xterm XDG_SESSION_COOKIE=fe5755edd7b665ab56f270925278ef8f-1386334922.264463-273332059 USER=rancid MAIL=/var/mail/rancid PATH=/usr/local/bin:/usr/bin:/bin:/usr/games PWD=/var/lib/rancid LANG=en_US.UTF-8 SHLVL=1 HOME=/var/lib/rancid LOGNAME=rancid DISPLAY=localhost:10.0 _=/usr/bin/env I simply don?t understand why the two F5 systems are failing. Since they are part of a cluster both sides have the same configuration and the same OS version. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: stse at fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3621 bytes Desc: not available URL: From skyeh at uidaho.edu Fri Dec 6 17:33:23 2013 From: skyeh at uidaho.edu (Hagen, Skye (skyeh@uidaho.edu)) Date: Fri, 6 Dec 2013 17:33:23 +0000 Subject: [rancid] ACS 4.2 and rancid config example... In-Reply-To: References: Message-ID: <96347acb9b2e43109412c11022d644c3@BN1PR04MB060.namprd04.prod.outlook.com> We no longer use ACS version 4, but I may be able to give you some pointers. You will need to define the ACS server as a TACACS server. This includes defining the IP address ranges of your networking devices that are allowed to communicate with the ACS server. On your networking devices, set them up to use TACACS (with a fallback to a local account) for authentication. There are plenty of examples of this on Cisco's web site, and most network vendors offer TACACS support on their gear. On the ACS server, define a user. You should be able to limit this user to TACACS requests. You can also limit the commands that the user is allowed to execute. In RANCID (the .clogin file), set it up with the user name you defined in ACS. You should be good to go. Skye ________________________________ From: rancid-discuss-bounces at shrubbery.net on behalf of Tayfun Sar? Sent: Thursday, December 05, 2013 11:19 PM To: rancid-discuss at shrubbery.net Subject: [rancid] ACS 4.2 and rancid config example... Hi All, Can anyone share the acs4.2 user/group config and switch config that is working with Rancid? Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From wpleasants at gmail.com Mon Dec 9 15:48:49 2013 From: wpleasants at gmail.com (Chip Pleasants) Date: Mon, 9 Dec 2013 10:48:49 -0500 Subject: [rancid] #' in my login banner Message-ID: I have a # in my login banner and I'm hoping someone could be so kind to assist me in adjusting clogin to accept the hash character in banner. I am hoping to remove the hash character from the banner in future, but right now I cannot. Below is the debug output. I'm using 2.3.6 on 12.0.4 Ubuntu apt-get package. I read though several posts and attempted to apply the patch from thread http://www.shrubbery.net/pipermail/rancid-discuss/2013-November/007277.html without luck. Looks like the patch is for 2.3.8, which may be an option if 2.3.6 isn't going to fly. Any assistance is greatly appreciated. -Chip rancid at rancid-server:/var/lib/rancid/bin$ ./clogin -d 10.2.200.2 10.2.200.2 spawn ssh -c 3des -x -l rancid-user 10.2.200.2 parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {13962} Gate keeper glob pattern for '(Connection refused|Secure connection [^ ]+ refused)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Connection closed by|Connection to [^ ]+ closed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established).*(yes/no)?' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.* (yes/no)?' is 'HOST IDENTIFICATION HAS CHANGED* *'. Activating booster. Gate keeper glob pattern for 'Offending key for .* (yes/no)?' is 'Offending key for * *'. Activating booster. Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. Activating booster. Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating booster. Gate keeper glob pattern for '@[^ ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: '. Activating booster. Gate keeper glob pattern for '(Username|Login|login|user name|User):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION HAS CHANGED* *"? gate=no "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no ############## # Rev 3(1-5) # ############## expect: does "\r\r\n##############\r\r\n# Rev 3(1-5) #\r\r\n##############\r\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "\r\r\n##############\r\r\n# Rev 3(1-5) #\r\r\n##############\r\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "\r\r\n##############\r\r\n# Rev 3(1-5) #\r\r\n##############\r\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION HAS CHANGED* *"? gate=no "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "#" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "\r\r\n#" send: sending "\r" to { exp6 } Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^(.+[:.])1 ((>|#| \(enable\)))' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^.+(>|#| \(enable\))' is ''. Not usable, disabling the performance booster. expect: does "#############\r\r\n# Rev 3(1-5) #\r\r\n##############\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "#############\r\r\n" expect: continuing expect expect: does "# Rev 3(1-5) #\r\r\n##############\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "# Rev 3(1-5) #\r\r\n" expect: continuing expect expect: does "##############\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "##############\r\r\n" expect: continuing expect expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no expect: does "\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "\r\n" expect: continuing expect expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no Password: expect: does "Password: " (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no expect: timed out Error: TIMEOUT reached -------------- next part -------------- An HTML attachment was scrubbed... URL: From marchamelin66 at gmail.com Fri Dec 6 10:06:04 2013 From: marchamelin66 at gmail.com (hamelin marc) Date: Fri, 6 Dec 2013 02:06:04 -0800 (PST) Subject: [rancid] HP procurve 2910 stacked In-Reply-To: References: Message-ID: <9742d876-04ac-43a6-a14d-0547edc78f61@googlegroups.com> Hello, for rancid with stack, I have an answer with this patch for hlogin (lines 449-478) : -re "$p_prompt" { > if ![string compare $prog "ssh"] { > send -- "$userpswd\r" > } else { > send -- "$passwd\r" > } > expect { > + "Enter switch number to connect to or :" { > + send "0\r" > + exp_continue > + } > eof { send_user "\nError: Couldn't login\n"; > wait; > return 1 > } > "Press any key to continue" { > send " "; > exp_continue > } > -re "$e_prompt" { send -- "$enapasswd\r" } > "$prompt" { set in_proc 0; > return 0 > } > } > exp_continue > } > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Chris.Davis at prin.edu Wed Dec 11 17:14:23 2013 From: Chris.Davis at prin.edu (Chris Davis) Date: Wed, 11 Dec 2013 17:14:23 +0000 Subject: [rancid] Wondered about messages like this one. Message-ID: I've always wondered about messages like this one. Seems like the only thing changed is file number and nothing else. I'm not even sure why a file number would change. retrieving revision 1.73 diff -U 4 -r1.73 192.168.12.22 @@ -40,9 +40,9 @@ ! !Flash: Directory of flash:/ !Flash: 2 -rwx 7191 Jan 8 2013 12:41:19 -06:00 config.text !Flash: 3 -rwx 5494 Jan 8 2013 12:41:19 -06:00 private-config.text - !Flash: 5 drwx 512 Oct 4 2011 12:27:05 -05:00 c3560-ipbasek9-mz.122-58.SE2 + !Flash: 6 drwx 512 Oct 4 2011 12:27:05 -05:00 c3560-ipbasek9-mz.122-58.SE2 !Flash: 27998208 bytes total (9377280 bytes free) ! !Flash: nvram: Directory of nvram:/ !Flash: nvram: 498 -rw- 7191 startup-config Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Dec 11 17:51:05 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 11 Dec 2013 19:51:05 +0200 Subject: [rancid] #' in my login banner In-Reply-To: References: Message-ID: <52A8A609.7090908@gmail.com> I see no-one has responded with an answer to your question. I think the reason is that code cannot deal with ">" and "#" characters in a banner in any sane way that gives consistent results. For rancid to function properly, it has to know what the shell prompt is exactly for a given device, and to do that it has to parse the entire text output. The only tool available to detect the prompt is pattern matching which inevitably means a regex. As a perl regex this is ^[-a-zA-Z0-9]*[>#] and that's assuming the prompt is the hostname. rancid has no way of knowing where the banner ends and cannot distinguish between a trailing > or # on a line in a banner and a prompt and the regex above could easily satisfy many possible lines in banners. One can find ways around this but all you are really doing is defining constraints on what may and may not be in a banner, and to make matters worse those constraints won't be useful in general. However, there is already a constraint in place about banners that networking people generally agree on, and that is "do not put > or # in banners" I'm afraid you really have no sensible choice in the matter if you want rancid to work, you have to accept this constraint. Think of it in the same wise as hostnames - you can't put a space in those as things break horribly. Don't try and change sensible code, rather change whatever local business rule gave you an invalid banner. On 09/12/2013 17:48, Chip Pleasants wrote: > I have a # in my login banner and I'm hoping someone could be so kind to > assist me in adjusting clogin to accept the hash character in banner. I > am hoping to remove the hash character from the banner in future, but > right now I cannot. Below is the debug output. I'm using 2.3.6 on > 12.0.4 Ubuntu apt-get package. I read though several posts and > attempted to apply the patch from > thread http://www.shrubbery.net/pipermail/rancid-discuss/2013-November/007277.html without > luck. Looks like the patch is for 2.3.8, which may be an option if 2.3.6 > isn't going to fly. Any assistance is greatly appreciated. > > -Chip > > > > rancid at rancid-server:/var/lib/rancid/bin$ ./clogin -d 10.2.200.2 > 10.2.200.2 > spawn ssh -c 3des -x -l rancid-user 10.2.200.2 > parent: waiting for sync byte > parent: telling child to go ahead > parent: now unsynchronized from child > spawn: returns {13962} > Gate keeper glob pattern for '(Connection refused|Secure connection [^ > ]+ refused)' is ''. Not usable, disabling the performance booster. > Gate keeper glob pattern for '(Connection closed by|Connection to [^ > ]+ closed)' is ''. Not usable, disabling the performance booster. > Gate keeper glob pattern for '(Host key not found |The authenticity of > host .* be established).*(yes/no)?' is ''. Not usable, disabling the > performance booster. > Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.* > (yes/no)?' is 'HOST IDENTIFICATION HAS CHANGED* *'. Activating booster. > Gate keeper glob pattern for 'Offending key for .* (yes/no)?' is > 'Offending key for * *'. Activating booster. > Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, > disabling the performance booster. > Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' > is ''. Not usable, disabling the performance booster. > Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. > Activating booster. > Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating > booster. > Gate keeper glob pattern for '@[^ > ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, > disabling the performance booster. > Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter > passphrase*: '. Activating booster. > Gate keeper glob pattern for '(Username|Login|login|user name|User):' is > ''. Not usable, disabling the performance booster. > Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ > :]+):' is ''. Not usable, disabling the performance booster. > Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable, > disabling the performance booster. > > expect: does "" (spawn_id exp6) match regular expression "(Connection > refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) > gate=yes re=no > "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE > only) gate=yes re=no > > expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be > established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION > HAS CHANGED* *"? gate=no > "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no > "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no > "Press any key to continue"? no > "Enter Selection: "? Gate "Enter Selection: "? gate=no > "Last login:"? Gate "Last login:"? gate=no > "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, > RE only) gate=yes re=no > "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no > "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no > "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) > gate=yes re=no > "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no > "Login invalid"? no > > ############## > # Rev 3(1-5) # > ############## > > expect: does "\r\r\n##############\r\r\n# Rev 3(1-5) > #\r\r\n##############\r\r\n" (spawn_id exp6) match regular expression > "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE > only) gate=yes re=no > "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE > only) gate=yes re=no > > expect: does "\r\r\n##############\r\r\n# Rev 3(1-5) > #\r\r\n##############\r\r\n" (spawn_id exp6) match glob pattern "unknown > host\r"? no > > expect: does "\r\r\n##############\r\r\n# Rev 3(1-5) > #\r\r\n##############\r\r\n" (spawn_id exp6) match glob pattern "Host is > unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be > established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION > HAS CHANGED* *"? gate=no > "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no > "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no > "Press any key to continue"? no > "Enter Selection: "? Gate "Enter Selection: "? gate=no > "Last login:"? Gate "Last login:"? gate=no > "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, > RE only) gate=yes re=no > "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no > "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no > "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) > gate=yes re=no > "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=yes > expect: set expect_out(0,string) "#" > expect: set expect_out(1,string) "#" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "\r\r\n#" > send: sending "\r" to { exp6 } > Gate keeper glob pattern for '[ > ]+' is ''. Not usable, disabling the performance booster. > Gate keeper glob pattern for '^(.+[:.])1 ((>|#| \(enable\)))' is ''. Not > usable, disabling the performance booster. > Gate keeper glob pattern for '^.+(>|#| \(enable\))' is ''. Not usable, > disabling the performance booster. > > expect: does "#############\r\r\n# Rev 3(1-5) > #\r\r\n##############\r\r\n" (spawn_id exp6) match regular expression > "[\r\n]+"? (No Gate, RE only) gate=yes re=yes > expect: set expect_out(0,string) "\r\r\n" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "#############\r\r\n" > expect: continuing expect > > expect: does "# Rev 3(1-5) #\r\r\n##############\r\r\n" (spawn_id exp6) > match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes > expect: set expect_out(0,string) "\r\r\n" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "# Rev 3(1-5) #\r\r\n" > expect: continuing expect > > expect: does "##############\r\r\n" (spawn_id exp6) match regular > expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes > expect: set expect_out(0,string) "\r\r\n" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "##############\r\r\n" > expect: continuing expect > > expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No > Gate, RE only) gate=yes re=no > "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no > "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no > > > expect: does "\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? > (No Gate, RE only) gate=yes re=yes > expect: set expect_out(0,string) "\r\n" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "\r\n" > expect: continuing expect > > expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No > Gate, RE only) gate=yes re=no > "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no > "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no > Password: > expect: does "Password: " (spawn_id exp6) match regular expression > "[\r\n]+"? (No Gate, RE only) gate=yes re=no > "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no > "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no > expect: timed out > > Error: TIMEOUT reached > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From peo at chalmers.se Wed Dec 11 18:14:12 2013 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 11 Dec 2013 19:14:12 +0100 Subject: [rancid] #' in my login banner In-Reply-To: <52A8A609.7090908@gmail.com> References: <52A8A609.7090908@gmail.com> Message-ID: <52A8AB74.9090905@chalmers.se> Hello On 12/11/2013 06:51 PM, Alan McKinnon wrote: > I see no-one has responded with an answer to your question. > > I think the reason is that code cannot deal with ">" and "#" characters > in a banner in any sane way that gives consistent results. For rancid to > function properly, it has to know what the shell prompt is exactly for a > given device, and to do that it has to parse the entire text output. > > The only tool available to detect the prompt is pattern matching which > inevitably means a regex. As a perl regex this is > > ^[-a-zA-Z0-9]*[>#] > > and that's assuming the prompt is the hostname. In hlogin I added -re "\[#>]+.*\[\n\r]+" { exp_continue } to just pass over none prompter # and >. Banner "#" and ">" is followed by CR or NL! Works for HPs /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- From alan.mckinnon at gmail.com Wed Dec 11 18:24:32 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 11 Dec 2013 20:24:32 +0200 Subject: [rancid] #' in my login banner In-Reply-To: <52A8AB74.9090905@chalmers.se> References: <52A8A609.7090908@gmail.com> <52A8AB74.9090905@chalmers.se> Message-ID: <52A8ADE0.8070109@gmail.com> On 11/12/2013 20:14, Per-Olof Olsson wrote: > Hello > > > > > On 12/11/2013 06:51 PM, Alan McKinnon wrote: >> I see no-one has responded with an answer to your question. >> >> I think the reason is that code cannot deal with ">" and "#" characters >> in a banner in any sane way that gives consistent results. For rancid to >> function properly, it has to know what the shell prompt is exactly for a >> given device, and to do that it has to parse the entire text output. >> >> The only tool available to detect the prompt is pattern matching which >> inevitably means a regex. As a perl regex this is >> >> ^[-a-zA-Z0-9]*[>#] >> >> and that's assuming the prompt is the hostname. > > In hlogin I added > > -re "\[#>]+.*\[\n\r]+" { > exp_continue > } > > to just pass over none prompter # and >. > Banner "#" and ">" is followed by CR or NL! Only if the banner has a surrounding box made of > or # One can always come up with a scheme that just happens to work for oneself because local rules specify some exact format where you can get a regex to work for you. That's a lot of work though. I find it easier to just change the banner. > > Works for HPs > > /Peo > ---------------------------------------------------------- > Per-Olof Olsson Email: peo at chalmers.se > Chalmers tekniska h?gskola IT-service > H?rsalsv?gen 5 412 96 G?teborg > Tel: 031/772 6738 Fax: 031/772 8660 > ---------------------------------------------------------- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Wed Dec 11 18:51:36 2013 From: heas at shrubbery.net (heasley) Date: Wed, 11 Dec 2013 18:51:36 +0000 Subject: [rancid] #' in my login banner In-Reply-To: <52A8AB74.9090905@chalmers.se> References: <52A8A609.7090908@gmail.com> <52A8AB74.9090905@chalmers.se> Message-ID: <20131211185136.GG80509@shrubbery.net> Wed, Dec 11, 2013 at 07:14:12PM +0100, Per-Olof Olsson: > Hello > > > > > On 12/11/2013 06:51 PM, Alan McKinnon wrote: > > I see no-one has responded with an answer to your question. > > > > I think the reason is that code cannot deal with ">" and "#" characters > > in a banner in any sane way that gives consistent results. For rancid to > > function properly, it has to know what the shell prompt is exactly for a > > given device, and to do that it has to parse the entire text output. > > > > The only tool available to detect the prompt is pattern matching which > > inevitably means a regex. As a perl regex this is > > > > ^[-a-zA-Z0-9]*[>#] > > > > and that's assuming the prompt is the hostname. > > In hlogin I added > > -re "\[#>]+.*\[\n\r]+" { > exp_continue > } > > to just pass over none prompter # and >. > Banner "#" and ">" is followed by CR or NL! > > Works for HPs I believe that this is timing dependent. if clogin happens to receive a portion of a line from the banner: ^foo#bar\n$ (regex anchors for clarity), such as: ^foo# there is no way for you to know if thats the prompt or if there is more coming. I suppose it could wait on the fdesc to see if more has comes, then decide if its a prompt or not - but, feh! tcl is haneous. the best solution, imo, if it hurts, dont do it. second best would be to add a cloginrc variable that allows users to set the initial prompt matching regex tailored to their device's/environment's quirks - for example, it could easily be "^[^ ]*#". From heas at shrubbery.net Wed Dec 11 18:59:22 2013 From: heas at shrubbery.net (heasley) Date: Wed, 11 Dec 2013 18:59:22 +0000 Subject: [rancid] Wondered about messages like this one. In-Reply-To: References: Message-ID: <20131211185922.GI80509@shrubbery.net> Wed, Dec 11, 2013 at 05:14:23PM +0000, Chris Davis: > I've always wondered about messages like this one. Seems like the only thing changed is file number and nothing else. I'm not even sure why a file number would change. it shouldnt be changing and normally does not, assuming no one is reloading the file. this is likely an IOS bug in whatever is running on that particular device. > retrieving revision 1.73 > > diff -U 4 -r1.73 192.168.12.22 > > @@ -40,9 +40,9 @@ > > ! > > !Flash: Directory of flash:/ > > !Flash: 2 -rwx 7191 Jan 8 2013 12:41:19 -06:00 config.text > > !Flash: 3 -rwx 5494 Jan 8 2013 12:41:19 -06:00 private-config.text > > - !Flash: 5 drwx 512 Oct 4 2011 12:27:05 -05:00 c3560-ipbasek9-mz.122-58.SE2 > > + !Flash: 6 drwx 512 Oct 4 2011 12:27:05 -05:00 c3560-ipbasek9-mz.122-58.SE2 > > !Flash: 27998208 bytes total (9377280 bytes free) > > ! > > !Flash: nvram: Directory of nvram:/ > > !Flash: nvram: 498 -rw- 7191 startup-config > > > Chris > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From dino.panagiotopoulos at gmail.com Fri Dec 13 20:36:53 2013 From: dino.panagiotopoulos at gmail.com (Dino Panagiotopoulos) Date: Fri, 13 Dec 2013 12:36:53 -0800 (PST) Subject: [rancid] NX-OS 6.1.4/Fan Zone Speed Message-ID: <75f8c1e7-84f5-4014-acee-e5a23a1556fc@googlegroups.com> Hi Everyone, Since upgrading to NX-OS 6.1(4), fan module speed changes are written to the startup config which in turn is creating a diff for each time the fan speed changes. As you could imagine, this is causing a lot of false positive emails to be sent each time Rancid and CVS run. Please see the example below: retrieving revision 1.1356 diff -U 4 -r1.1356 10.111.100.151 @@ -77,9 +77,9 @@ !Env: Fan4(fab_fan2) N7K-C7010-FAN-F 1.1 Ok !Env: Fan_in_PS1 -- -- Ok !Env: Fan_in_PS2 -- -- Ok !Env: Fan_in_PS3 -- -- Ok - !Env: Fan Zone Speed: Zone 1: 0x70 Zone 2: 0x50 + !Env: Fan Zone Speed: Zone 1: 0x60 Zone 2: 0x48 !Env: Fan Air Filter : Present This will flip back and forth with each fan change. Has anyone on 6.X NX-OS code experienced anything like this? We are on RANCID 2.3.4 and if this not resolved in the newest release, is it possible to just remove 'sh env' from the nxrancid.in file? Thanks, Dino Panagiotopoulos -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Sun Dec 15 17:32:01 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Sun, 15 Dec 2013 19:32:01 +0200 Subject: [rancid] NX-OS 6.1.4/Fan Zone Speed In-Reply-To: <75f8c1e7-84f5-4014-acee-e5a23a1556fc@googlegroups.com> References: <75f8c1e7-84f5-4014-acee-e5a23a1556fc@googlegroups.com> Message-ID: <52ADE791.4000403@gmail.com> On 13/12/2013 22:36, Dino Panagiotopoulos wrote: > Hi Everyone, > > Since upgrading to NX-OS 6.1(4), fan module speed changes are written to > the startup config which in turn is creating a diff for each time the > fan speed changes. As you could imagine, this is causing a lot of false > positive emails to be sent each time Rancid and CVS run. Please see the > example below: > > retrieving revision 1.1356 > diff -U 4 -r1.1356 10.111.100.151 > @@ -77,9 +77,9 @@ > !Env: Fan4(fab_fan2) N7K-C7010-FAN-F 1.1 Ok > !Env: Fan_in_PS1 -- -- Ok > !Env: Fan_in_PS2 -- -- Ok > !Env: Fan_in_PS3 -- -- Ok > - !Env: Fan Zone Speed: Zone 1: 0x70 Zone 2: 0x50 > + !Env: Fan Zone Speed: Zone 1: 0x60 Zone 2: 0x48 > !Env: Fan Air Filter : Present > > This will flip back and forth with each fan change. Has anyone on 6.X > NX-OS code experienced anything like this? We are on RANCID 2.3.4 and if > this not resolved in the newest release, is it possible to just remove > 'sh env' from the nxrancid.in file? Removing "sh env" from nxrancid for everyone is not a good idea, I would be most upset if an update shipped with that change. Rather just modify your local copy of nxrancid. Add a regex check to detect a line starting with "!Env: Fan Zone Speed:" ans skip that line. The rancid code has many examples of doing this (it's one of rancid's primary functions), just copy the existing style. The function to modify is ShowEnv() -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Mon Dec 16 18:02:32 2013 From: heas at shrubbery.net (heasley) Date: Mon, 16 Dec 2013 18:02:32 +0000 Subject: [rancid] NX-OS 6.1.4/Fan Zone Speed In-Reply-To: <20131216175155.6B3602FBA6@sea.shrubbery.net> <52ADE791.4000403@gmail.com> Message-ID: <20131216180232.GI48787@shrubbery.net> Sun, Dec 15, 2013 at 07:32:01PM +0200, Alan McKinnon: > Removing "sh env" from nxrancid for everyone is not a good idea, I would > be most upset if an update shipped with that change. > > Rather just modify your local copy of nxrancid. Add a regex check to > detect a line starting with "!Env: Fan Zone Speed:" ans skip that line. > The rancid code has many examples of doing this (it's one of rancid's > primary functions), just copy the existing style. > > The function to modify is ShowEnv() against 2.3.8 Index: bin/nxrancid.in =================================================================== --- bin/nxrancid.in (revision 2712) +++ bin/nxrancid.in (working copy) @@ -312,6 +312,7 @@ return(-1) if (/command authorization failed/i); s/ +$//; # Drop trailing ' ' + next if (/Fan Zone Speed:/); ProcessHistory("COMMENTS","","","!Env: $_"); } ProcessHistory("COMMENTS","","","!\n"); From Max.Vaillant at deem.com Tue Dec 17 00:51:13 2013 From: Max.Vaillant at deem.com (Max Vaillant) Date: Tue, 17 Dec 2013 00:51:13 +0000 Subject: [rancid] Help to add new command in rancid script Message-ID: <41E8798E-8E54-4395-9095-9463D4B737AE@deem.com> Hi, thanks for the helpful cdp routine. My perl skills are non-existent but it seems that the posted code has too many line breaks. Could I bother you for the code in text form? I found your post here: http://www.shrubbery.net/pipermail/rancid-discuss/2012-February/006228.html Max Vaillant SENIOR NETWORK ENGINEER 415.590.8775 OFFICE 415.789.6298 MOBILE deem.com -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3972 bytes Desc: not available URL: From alan.mckinnon at gmail.com Tue Dec 17 08:20:48 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 17 Dec 2013 10:20:48 +0200 Subject: [rancid] Help to add new command in rancid script In-Reply-To: <41E8798E-8E54-4395-9095-9463D4B737AE@deem.com> References: <41E8798E-8E54-4395-9095-9463D4B737AE@deem.com> Message-ID: <52B00960.3030801@gmail.com> On 17/12/2013 02:51, Max Vaillant wrote: > Hi, thanks for the helpful cdp routine. My perl skills are non-existent > but it seems that the posted code has too many line breaks. > > Could I bother you for the code in text form? > > I found your post here: > http://www.shrubbery.net/pipermail/rancid-discuss/2012-February/006228.html This part near the end of the routine: "!CDP: Device: $deviceID Platform: $platform Interface: $1\n") && next; should be on one line. It got wrapped at column 80. You will also need to add a line like this to @commandtable (near the end of the rancid script) {'show cdp neighbor detail' => 'ShowCDPDetail'}, otherwise your new code will never be called. Just after "show shun" is a good place. -- Alan McKinnon alan.mckinnon at gmail.com From rmilton at mvsusa.com Tue Dec 17 15:39:40 2013 From: rmilton at mvsusa.com (Ryan Milton) Date: Tue, 17 Dec 2013 15:39:40 +0000 Subject: [rancid] Device not contacted Message-ID: <03116dac55024e75b2366d9b46cad5cb@BN1PR01MB119.prod.exchangelabs.com> Hi all (Alan), Rancid has generally been running smooth as can be with my small deployment. I have just added two more Netscreen firewalls, to bring to a total of 6 Netscreen204s. Only issue is that one of the new devices is being a pain with that dreaded "The following routers have not been successfully contacted for more than 4 hours." Error. All devices have same login in the .clonginrc All devices can be logged into manually using the nlogin script. Log files only show: Getting missed routers: round 1. 195.3.XXX.XXX: missed cmd(s): get conf 195.3.XXX.XXX: End of run not found # The router.db file is fine, and the FW has the correct login info. Any idea what might the issue be? Regards, Ryan Milton MVS Network Manager o: 201-447-1505 x124 c: 862-249-5230 www.mvsusa.com [MVS final logo GOOD very small] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 569 bytes Desc: image001.gif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.jpg Type: image/jpeg Size: 2724 bytes Desc: image004.jpg URL: From alan.mckinnon at gmail.com Wed Dec 18 00:22:55 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 18 Dec 2013 02:22:55 +0200 Subject: [rancid] Device not contacted In-Reply-To: <03116dac55024e75b2366d9b46cad5cb@BN1PR01MB119.prod.exchangelabs.com> References: <03116dac55024e75b2366d9b46cad5cb@BN1PR01MB119.prod.exchangelabs.com> Message-ID: <52B0EADF.2060900@gmail.com> Hi Ryan, Run this manually: nlogin -t 90 -c"get system;get conf" | less It's the same command that nrancid will run. You can pipe the output to less, or redirect it to a file or whatever, the idea here is to be able to examine the output at leisure. "missed cmds" always means little more than "something went wrong", it's your signal to sharpen those debugging tools :-) I'm not familiar with NetScreens, but there's only two commands run by nrancid so it gets easier. Look at the nlogin output above carefully with fresh eyeballs. At the point where get system ends and get conf starts, is there anything odd there? Is the prompt correct? The code that finds the start of each command in the output and runs the correct sub is this (edited for clarity): TOP: while() { while (/>\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^>]+->)/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { last TOP; } } } and the sub does this (also edited for clarity): sub GetSystem { while () { last if(/$prompt/); } } Basically, if the prompt doesn't match what the script expects it to be, GetSystem runs till the very end, GetConf never runs at all, and "get conf" is tagged as not being detected - the error you see. The prompt must match the regexes in the "if (!defined($prompt))" for all of this magic to work at all. If nothing seems untoward at this point, run: nrancid -d and look for the text "PROMPT MATCH", verify that it matches reality. There can be other reasons for this error, but lets go for the common low hanging fruit first. On 17/12/2013 17:39, Ryan Milton wrote: > Hi all (Alan), > > > > Rancid has generally been running smooth as can be with my small > deployment. I have just added two more Netscreen firewalls, to bring to > a total of 6 Netscreen204s. > > > > Only issue is that one of the new devices is being a pain with that > dreaded ?The following routers have not been successfully contacted for > more than 4 hours.? Error. > > > > All devices have same login in the .clonginrc > > > > All devices can be logged into manually using the nlogin script. > > > > Log files only show: > > Getting missed routers: round 1. > > 195.3.XXX.XXX: missed cmd(s): get conf > > 195.3.XXX.XXX: End of run not found > > # > > > > The router.db file is fine, and the FW has the correct login info. Any > idea what might the issue be? > > > > Regards, > > Ryan Milton > > MVS Network Manager > > o: 201-447-1505 x124 > > c: 862-249-5230 > > www.mvsusa.com > > MVS final logo GOOD very small > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From dino.panagiotopoulos at gmail.com Mon Dec 16 18:26:38 2013 From: dino.panagiotopoulos at gmail.com (Dino Panagiotopoulos) Date: Mon, 16 Dec 2013 10:26:38 -0800 (PST) Subject: [rancid] NX-OS 6.1.4/Fan Zone Speed In-Reply-To: <75f8c1e7-84f5-4014-acee-e5a23a1556fc@googlegroups.com> References: <75f8c1e7-84f5-4014-acee-e5a23a1556fc@googlegroups.com> Message-ID: <173bcd18-94d7-48f6-ae8a-88570ed91090@googlegroups.com> Thank you to Mark & Doug for their suggestions which resolved my issue. The solution is to add the following line to the nxrancid file under "sh environment" subroutine: next if (/^Fan Zone Speed:/); The final config for the subroutine should look like this: # This routine parses "show environment" sub ShowEnv { print STDERR " In ShowEnv: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); next if (/^\s*\^\s*$/); next if (/^Fan Zone Speed:/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if (/\% Invalid command at /); return(-1) if (/\% Permission denied/); return(-1) if (/command authorization failed/i); s/ +$//; # Drop trailing ' ' ProcessHistory("COMMENTS","","","!Env: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } On Friday, December 13, 2013 3:36:53 PM UTC-5, Dino Panagiotopoulos wrote: > > Hi Everyone, > > Since upgrading to NX-OS 6.1(4), fan module speed changes are written to > the startup config which in turn is creating a diff for each time the fan > speed changes. As you could imagine, this is causing a lot of false > positive emails to be sent each time Rancid and CVS run. Please see the > example below: > > retrieving revision 1.1356 > diff -U 4 -r1.1356 10.111.100.151 > @@ -77,9 +77,9 @@ > !Env: Fan4(fab_fan2) N7K-C7010-FAN-F 1.1 Ok > !Env: Fan_in_PS1 -- -- Ok > !Env: Fan_in_PS2 -- -- Ok > !Env: Fan_in_PS3 -- -- Ok > - !Env: Fan Zone Speed: Zone 1: 0x70 Zone 2: 0x50 > + !Env: Fan Zone Speed: Zone 1: 0x60 Zone 2: 0x48 > !Env: Fan Air Filter : Present > > This will flip back and forth with each fan change. Has anyone on 6.X > NX-OS code experienced anything like this? We are on RANCID 2.3.4 and if > this not resolved in the newest release, is it possible to just remove 'sh > env' from the nxrancid.in file? > > Thanks, > Dino Panagiotopoulos > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sun.ccna at gmail.com Wed Dec 18 06:24:24 2013 From: sun.ccna at gmail.com (Sun) Date: Tue, 17 Dec 2013 22:24:24 -0800 (PST) Subject: [rancid] Only Run Config Message-ID: hi, Running it smoothly without any issue, only thing is I want "running conf" lines not other hardware/device/chassis etc info on top of file getting in Rancid how can I trim that .. any hint guys Rgds|Sun -------------- next part -------------- An HTML attachment was scrubbed... URL: From peterjackson1610 at gmail.com Wed Dec 18 16:49:10 2013 From: peterjackson1610 at gmail.com (Peter Jackson) Date: Wed, 18 Dec 2013 11:49:10 -0500 Subject: [rancid] Fwd: Only Run Config Message-ID: Sending to rancid-discuss at shrubbery.net. The original was sent (or showed up in my email) as rancid-discuss at googlegroups.com. When I replied to all, I got a return email with the following: "We're writing to let you know that the group you tried to contact (rancid-discuss) may not exist, or you may not have permission to post messages to the group. A few more details on why you weren't able to post: * You might have spelled or formatted the group name incorrectly. * The owner of the group may have removed this group. * You may need to join the group before receiving permission to post. * This group may not be open to posting. If you have questions related to this or any other Google Group, visit the Help Center at http://groups.google.com/support/." ---------- Forwarded message ---------- From: Peter Jackson Date: Wed, Dec 18, 2013 at 11:37 AM Subject: Re: [rancid] Only Run Config To: Sun Cc: rancid-discuss at googlegroups.com If you only want rancid to save the running configuration (for Cisco, one of the commands 'more system:running-config', 'show running-config view full', 'show running-config', or 'write term') then you would have to disable all of the other commands in the commandtable in the [x]rancid file. Here are the first five lines of the commandtable in the rancid file with the lines commented out (# at the beginning of the line). @commandtable = ( # {'show version' => 'ShowVersion'}, # {'show redundancy secondary' => 'ShowRedundancy'}, # {'show idprom backplane', => 'ShowIDprom'}, # {'show install active' => 'ShowInstallActive'}, # {'show env all' => 'ShowEnv'}, If you are using RANCID for devices other than 'standard' Cisco, then you would have to do the same for the other [x]rancid files (hrancid, nrancid, xrancid, etc). On Wed, Dec 18, 2013 at 1:24 AM, Sun wrote: > hi, > > Running it smoothly without any issue, only thing is I want "running conf" > lines not other hardware/device/chassis etc info on top of file getting in > Rancid how can I trim that .. any hint guys > > Rgds|Sun > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Dec 18 16:58:26 2013 From: heas at shrubbery.net (heasley) Date: Wed, 18 Dec 2013 16:58:26 +0000 Subject: [rancid] Fwd: Only Run Config In-Reply-To: References: Message-ID: <20131218165826.GE32984@shrubbery.net> Wed, Dec 18, 2013 at 11:49:10AM -0500, Peter Jackson: > From: Peter Jackson > Date: Wed, Dec 18, 2013 at 11:37 AM > Subject: Re: [rancid] Only Run Config > To: Sun > Cc: rancid-discuss at googlegroups.com > > > If you only want rancid to save the running configuration (for Cisco, one > of the commands 'more system:running-config', 'show running-config view > full', 'show running-config', or 'write term') then you would have to > disable all of the other commands in the commandtable in the [x]rancid file. > > Here are the first five lines of the commandtable in the rancid file with > the lines commented out (# at the beginning of the line). > > @commandtable = ( > # {'show version' => 'ShowVersion'}, you should NOT remove show version. From rmilton at mvsusa.com Wed Dec 18 18:25:04 2013 From: rmilton at mvsusa.com (Ryan Milton) Date: Wed, 18 Dec 2013 18:25:04 +0000 Subject: [rancid] Device not contacted In-Reply-To: <52B0EADF.2060900@gmail.com> References: <03116dac55024e75b2366d9b46cad5cb@BN1PR01MB119.prod.exchangelabs.com> <52B0EADF.2060900@gmail.com> Message-ID: Thanks Alan, I don?t think I even get that far! I get a hangup almost immediately. BUT! I noticed that there should have been no issue given that those commands worked perfectly. The problem was that the Netscreen was set to ?| more? rather than blurt out the whole config! That was a minor change to the console output command to not limit to 20 lines at a time. So, then I tested with rancid-run, it all worked! Thanks for the time/tips, that was helpful to find the root cause. Regards, Ryan Milton MVS Network Manager o: 201.447.1505 x124 c: 862-249-5230 On 12/17/13, 7:22 PM, "Alan McKinnon" wrote: >Hi Ryan, > >Run this manually: > >nlogin -t 90 -c"get system;get conf" | less > >It's the same command that nrancid will run. You can pipe the output to >less, or redirect it to a file or whatever, the idea here is to be able >to examine the output at leisure. > >"missed cmds" always means little more than "something went wrong", it's >your signal to sharpen those debugging tools :-) > >I'm not familiar with NetScreens, but there's only two commands run by >nrancid so it gets easier. Look at the nlogin output above carefully >with fresh eyeballs. At the point where get system ends and get conf >starts, is there anything odd there? Is the prompt correct? > >The code that finds the start of each command in the output and runs the >correct sub is this (edited for clarity): > > >TOP: while() { > while (/>\s*($cmds_regexp)\s*$/) { > $cmd = $1; > if (!defined($prompt)) { > $prompt = ($_ =~ /^([^>]+->)/)[0]; > $prompt =~ s/([][}{)(\\])/\\$1/g; > print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); > } > $rval = &{$commands{$cmd}}; > delete($commands{$cmd}); > if ($rval == -1) { > last TOP; > } > } >} > >and the sub does this (also edited for clarity): > >sub GetSystem { > > while () { > last if(/$prompt/); > } >} > >Basically, if the prompt doesn't match what the script expects it to be, >GetSystem runs till the very end, GetConf never runs at all, and "get >conf" is tagged as not being detected - the error you see. > >The prompt must match the regexes in the "if (!defined($prompt))" for >all of this magic to work at all. > >If nothing seems untoward at this point, run: > >nrancid -d and look for the text "PROMPT MATCH", >verify that it matches reality. > >There can be other reasons for this error, but lets go for the common >low hanging fruit first. > > > > >On 17/12/2013 17:39, Ryan Milton wrote: >> Hi all (Alan), >> >> >> >> Rancid has generally been running smooth as can be with my small >> deployment. I have just added two more Netscreen firewalls, to bring to >> a total of 6 Netscreen204s. >> >> >> >> Only issue is that one of the new devices is being a pain with that >> dreaded ?The following routers have not been successfully contacted for >> more than 4 hours.? Error. >> >> >> >> All devices have same login in the .clonginrc >> >> >> >> All devices can be logged into manually using the nlogin script. >> >> >> >> Log files only show: >> >> Getting missed routers: round 1. >> >> 195.3.XXX.XXX: missed cmd(s): get conf >> >> 195.3.XXX.XXX: End of run not found >> >> # >> >> >> >> The router.db file is fine, and the FW has the correct login info. Any >> idea what might the issue be? >> >> >> >> Regards, >> >> Ryan Milton >> >> MVS Network Manager >> >> o: 201-447-1505 x124 >> >> c: 862-249-5230 >> >> www.mvsusa.com >> >> MVS final logo GOOD very small >> >> >> >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > >-- >Alan McKinnon >alan.mckinnon at gmail.com > >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo/rancid-discuss From A.Stirk at macintoshfashion.co.uk Wed Dec 18 17:32:11 2013 From: A.Stirk at macintoshfashion.co.uk (Adam Stirk) Date: Wed, 18 Dec 2013 17:32:11 +0000 Subject: [rancid] Palo Alto Configuration Backup Message-ID: <4D54FFBBA40E2147A59915AB0928D64D94EBF410@UK0001N070.BRANTANO.NET> HI, We've just start using RANCID to backup our Palo Alto firewalls using the contributed scripts. Now we have these backups we are trying to test them, which I'm having problems with as the backups don't seem to be in the correct format. Has anyone else tried to use these backups to restore a device? Thanks Adam -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Dec 18 21:43:33 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 18 Dec 2013 23:43:33 +0200 Subject: [rancid] Device not contacted In-Reply-To: References: <03116dac55024e75b2366d9b46cad5cb@BN1PR01MB119.prod.exchangelabs.com> <52B0EADF.2060900@gmail.com> Message-ID: <52B21705.5060905@gmail.com> Hi Ryan Glad you got that one sorted out. Is there a command on the Netscreen to disable the pager for a session, like "terminal length 0" in IOS? If so, please post it so the command can be added to nlogin. otherwise you are forced to disable the pager in the device config always, that seems overly-restrictive On 18/12/2013 20:25, Ryan Milton wrote: > Thanks Alan, > > I don?t think I even get that far! I get a hangup almost immediately. > > BUT! I noticed that there should have been no issue given that those > commands worked perfectly. The problem was that the Netscreen was set to > ?| more? rather than blurt out the whole config! That was a minor change > to the console output command to not limit to 20 lines at a time. > > So, then I tested with rancid-run, it all worked! > > Thanks for the time/tips, that was helpful to find the root cause. > > Regards, > Ryan Milton > MVS Network Manager > o: 201.447.1505 x124 > c: 862-249-5230 > > > > > > > On 12/17/13, 7:22 PM, "Alan McKinnon" wrote: > >> Hi Ryan, >> >> Run this manually: >> >> nlogin -t 90 -c"get system;get conf" | less >> >> It's the same command that nrancid will run. You can pipe the output to >> less, or redirect it to a file or whatever, the idea here is to be able >> to examine the output at leisure. >> >> "missed cmds" always means little more than "something went wrong", it's >> your signal to sharpen those debugging tools :-) >> >> I'm not familiar with NetScreens, but there's only two commands run by >> nrancid so it gets easier. Look at the nlogin output above carefully >> with fresh eyeballs. At the point where get system ends and get conf >> starts, is there anything odd there? Is the prompt correct? >> >> The code that finds the start of each command in the output and runs the >> correct sub is this (edited for clarity): >> >> >> TOP: while() { >> while (/>\s*($cmds_regexp)\s*$/) { >> $cmd = $1; >> if (!defined($prompt)) { >> $prompt = ($_ =~ /^([^>]+->)/)[0]; >> $prompt =~ s/([][}{)(\\])/\\$1/g; >> print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); >> } >> $rval = &{$commands{$cmd}}; >> delete($commands{$cmd}); >> if ($rval == -1) { >> last TOP; >> } >> } >> } >> >> and the sub does this (also edited for clarity): >> >> sub GetSystem { >> >> while () { >> last if(/$prompt/); >> } >> } >> >> Basically, if the prompt doesn't match what the script expects it to be, >> GetSystem runs till the very end, GetConf never runs at all, and "get >> conf" is tagged as not being detected - the error you see. >> >> The prompt must match the regexes in the "if (!defined($prompt))" for >> all of this magic to work at all. >> >> If nothing seems untoward at this point, run: >> >> nrancid -d and look for the text "PROMPT MATCH", >> verify that it matches reality. >> >> There can be other reasons for this error, but lets go for the common >> low hanging fruit first. >> >> >> >> >> On 17/12/2013 17:39, Ryan Milton wrote: >>> Hi all (Alan), >>> >>> >>> >>> Rancid has generally been running smooth as can be with my small >>> deployment. I have just added two more Netscreen firewalls, to bring to >>> a total of 6 Netscreen204s. >>> >>> >>> >>> Only issue is that one of the new devices is being a pain with that >>> dreaded ?The following routers have not been successfully contacted for >>> more than 4 hours.? Error. >>> >>> >>> >>> All devices have same login in the .clonginrc >>> >>> >>> >>> All devices can be logged into manually using the nlogin script. >>> >>> >>> >>> Log files only show: >>> >>> Getting missed routers: round 1. >>> >>> 195.3.XXX.XXX: missed cmd(s): get conf >>> >>> 195.3.XXX.XXX: End of run not found >>> >>> # >>> >>> >>> >>> The router.db file is fine, and the FW has the correct login info. Any >>> idea what might the issue be? >>> >>> >>> >>> Regards, >>> >>> Ryan Milton >>> >>> MVS Network Manager >>> >>> o: 201-447-1505 x124 >>> >>> c: 862-249-5230 >>> >>> www.mvsusa.com >>> >>> MVS final logo GOOD very small >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> >> >> >> -- >> Alan McKinnon >> alan.mckinnon at gmail.com >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From rmilton at mvsusa.com Thu Dec 19 01:47:57 2013 From: rmilton at mvsusa.com (Ryan Milton) Date: Thu, 19 Dec 2013 01:47:57 +0000 Subject: [rancid] Device not contacted In-Reply-To: <52B21705.5060905@gmail.com> References: <03116dac55024e75b2366d9b46cad5cb@BN1PR01MB119.prod.exchangelabs.com> <52B0EADF.2060900@gmail.com> <52B21705.5060905@gmail.com> Message-ID: Exactly! That is exactly what there is. I?m close to throwing the Netscreens out for newer Juniper SRX devices. Ryan On 12/18/13, 4:43 PM, "Alan McKinnon" wrote: >Hi Ryan > >Glad you got that one sorted out. > >Is there a command on the Netscreen to disable the pager for a session, >like "terminal length 0" in IOS? > >If so, please post it so the command can be added to nlogin. >otherwise you are forced to disable the pager in the device config >always, that seems overly-restrictive > > > > >On 18/12/2013 20:25, Ryan Milton wrote: >> Thanks Alan, >> >> I don?t think I even get that far! I get a hangup almost immediately. >> >> BUT! I noticed that there should have been no issue given that those >> commands worked perfectly. The problem was that the Netscreen was set to >> ?| more? rather than blurt out the whole config! That was a minor change >> to the console output command to not limit to 20 lines at a time. >> >> So, then I tested with rancid-run, it all worked! >> >> Thanks for the time/tips, that was helpful to find the root cause. >> >> Regards, >> Ryan Milton >> MVS Network Manager >> o: 201.447.1505 x124 >> c: 862-249-5230 >> >> >> >> >> >> >> On 12/17/13, 7:22 PM, "Alan McKinnon" wrote: >> >>> Hi Ryan, >>> >>> Run this manually: >>> >>> nlogin -t 90 -c"get system;get conf" | less >>> >>> It's the same command that nrancid will run. You can pipe the output to >>> less, or redirect it to a file or whatever, the idea here is to be able >>> to examine the output at leisure. >>> >>> "missed cmds" always means little more than "something went wrong", >>>it's >>> your signal to sharpen those debugging tools :-) >>> >>> I'm not familiar with NetScreens, but there's only two commands run by >>> nrancid so it gets easier. Look at the nlogin output above carefully >>> with fresh eyeballs. At the point where get system ends and get conf >>> starts, is there anything odd there? Is the prompt correct? >>> >>> The code that finds the start of each command in the output and runs >>>the >>> correct sub is this (edited for clarity): >>> >>> >>> TOP: while() { >>> while (/>\s*($cmds_regexp)\s*$/) { >>> $cmd = $1; >>> if (!defined($prompt)) { >>> $prompt = ($_ =~ /^([^>]+->)/)[0]; >>> $prompt =~ s/([][}{)(\\])/\\$1/g; >>> print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); >>> } >>> $rval = &{$commands{$cmd}}; >>> delete($commands{$cmd}); >>> if ($rval == -1) { >>> last TOP; >>> } >>> } >>> } >>> >>> and the sub does this (also edited for clarity): >>> >>> sub GetSystem { >>> >>> while () { >>> last if(/$prompt/); >>> } >>> } >>> >>> Basically, if the prompt doesn't match what the script expects it to >>>be, >>> GetSystem runs till the very end, GetConf never runs at all, and "get >>> conf" is tagged as not being detected - the error you see. >>> >>> The prompt must match the regexes in the "if (!defined($prompt))" for >>> all of this magic to work at all. >>> >>> If nothing seems untoward at this point, run: >>> >>> nrancid -d and look for the text "PROMPT MATCH", >>> verify that it matches reality. >>> >>> There can be other reasons for this error, but lets go for the common >>> low hanging fruit first. >>> >>> >>> >>> >>> On 17/12/2013 17:39, Ryan Milton wrote: >>>> Hi all (Alan), >>>> >>>> >>>> >>>> Rancid has generally been running smooth as can be with my small >>>> deployment. I have just added two more Netscreen firewalls, to bring >>>>to >>>> a total of 6 Netscreen204s. >>>> >>>> >>>> >>>> Only issue is that one of the new devices is being a pain with that >>>> dreaded ?The following routers have not been successfully contacted >>>>for >>>> more than 4 hours.? Error. >>>> >>>> >>>> >>>> All devices have same login in the .clonginrc >>>> >>>> >>>> >>>> All devices can be logged into manually using the nlogin script. >>>> >>>> >>>> >>>> Log files only show: >>>> >>>> Getting missed routers: round 1. >>>> >>>> 195.3.XXX.XXX: missed cmd(s): get conf >>>> >>>> 195.3.XXX.XXX: End of run not found >>>> >>>> # >>>> >>>> >>>> >>>> The router.db file is fine, and the FW has the correct login info. Any >>>> idea what might the issue be? >>>> >>>> >>>> >>>> Regards, >>>> >>>> Ryan Milton >>>> >>>> MVS Network Manager >>>> >>>> o: 201-447-1505 x124 >>>> >>>> c: 862-249-5230 >>>> >>>> www.mvsusa.com >>>> >>>> MVS final logo GOOD very small >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>> >>> >>> >>> -- >>> Alan McKinnon >>> alan.mckinnon at gmail.com >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > >-- >Alan McKinnon >alan.mckinnon at gmail.com > >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo/rancid-discuss From peterjackson1610 at gmail.com Thu Dec 19 02:02:19 2013 From: peterjackson1610 at gmail.com (Peter Jackson) Date: Wed, 18 Dec 2013 21:02:19 -0500 Subject: [rancid] Palo Alto Configuration Backup In-Reply-To: <4D54FFBBA40E2147A59915AB0928D64D94EBF410@UK0001N070.BRANTANO.NET> References: <4D54FFBBA40E2147A59915AB0928D64D94EBF410@UK0001N070.BRANTANO.NET> Message-ID: <9A128984-72CD-4B59-918F-9B9D35F6E5D5@gmail.com> We ran into a lot of issues trying to restore PAs from text configs. First of all, we have never been able to completely configure a Palo Alto from the CLI so we have always at least had to clean/finish things up in the GUI. We also found some issues at the CLI with the firewalls not taking some of the commands as they show up in show config. AFAIK PAN does not have an automated configuration backup. Panorama has the capability but I can't remember if it can be automated. We use RANCID with PAs mainly to keep configurations consistent and to create informational webpages from the saved configs and command output. Sent from my mobile phone > On Dec 18, 2013, at 12:32 PM, Adam Stirk wrote: > > HI, > > We?ve just start using RANCID to backup our Palo Alto firewalls using the contributed scripts. Now we have these backups we are trying to test them, which I?m having problems with as the backups don?t seem to be in the correct format. > > Has anyone else tried to use these backups to restore a device? > > Thanks > > Adam > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From jan at spacepope.dk Thu Dec 19 08:26:28 2013 From: jan at spacepope.dk (Jan Dahl) Date: Thu, 19 Dec 2013 09:26:28 +0100 Subject: [rancid] #' in my login banner Message-ID: Maybe if we could somehow define an "ignored" string? I have a couple of thousand switches with this in the login banner, which I won't be allowed to change any time soon: ###### ###### # # # # # # # # # ###### # # # # # # # ###### ###### # Is it un-clever? Indeed! But it has been rolled out world wide before I started here and now I can't use rancid. The really weird thing for me is that somehow, terminal length and width are set at the right time, but none of my commands are pushed after that. Kind regards, Jan On Wed Dec 11 18:24:32 UTC 2013, Allan McKinnon wrote: On 11/12/2013 20:14, Per-Olof Olsson wrote: > Hello > > > > > On 12/11/2013 06:51 PM, Alan McKinnon wrote: >> I see no-one has responded with an answer to your question. >> >> I think the reason is that code cannot deal with ">" and "#" characters >> in a banner in any sane way that gives consistent results. For rancid to >> function properly, it has to know what the shell prompt is exactly for a >> given device, and to do that it has to parse the entire text output. >> >> The only tool available to detect the prompt is pattern matching which >> inevitably means a regex. As a perl regex this is >> >> ^[-a-zA-Z0-9]*[>#] >> >> and that's assuming the prompt is the hostname. > > In hlogin I added > > -re "\[#>]+.*\[\n\r]+" { > exp_continue > } > > to just pass over none prompter # and >. > Banner "#" and ">" is followed by CR or NL! Only if the banner has a surrounding box made of > or # One can always come up with a scheme that just happens to work for oneself because local rules specify some exact format where you can get a regex to work for you. That's a lot of work though. I find it easier to just change the banner. > > Works for HPs > > /Peo > ---------------------------------------------------------- > Per-Olof Olsson Email: peo at chalmers.se > Chalmers tekniska h?gskola IT-service > H?rsalsv?gen 5 412 96 G?teborg > Tel: 031/772 6738 Fax: 031/772 8660 > ---------------------------------------------------------- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com From alan.mckinnon at gmail.com Thu Dec 19 09:48:57 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 19 Dec 2013 11:48:57 +0200 Subject: [rancid] #' in my login banner In-Reply-To: References: Message-ID: <52B2C109.1050506@gmail.com> One possibility is to ignore any line with 2 or more #, and assume that it's a banner. This is the command case. Login and command prompts contain ">" or "#", but always only one. This way, code can discard lines that are known to NOT be the prompt. It's not 100% failproof but it is an improvement over the blind match we currently have. On 19/12/2013 10:26, Jan Dahl wrote: > Maybe if we could somehow define an "ignored" string? I have a couple > of thousand switches with this in the login banner, which I won't be > allowed to change any time soon: > > ###### ###### # # > # # # # # > # # ###### # # > # # # # # > ###### ###### # > > Is it un-clever? Indeed! But it has been rolled out world wide before > I started here and now I can't use rancid. > > The really weird thing for me is that somehow, terminal length and > width are set at the right time, but none of my commands are pushed > after that. > > Kind regards, > > Jan > > On Wed Dec 11 18:24:32 UTC 2013, Allan McKinnon wrote: > > On 11/12/2013 20:14, Per-Olof Olsson wrote: >> Hello >> >> >> >> >> On 12/11/2013 06:51 PM, Alan McKinnon wrote: >>> I see no-one has responded with an answer to your question. >>> >>> I think the reason is that code cannot deal with ">" and "#" characters >>> in a banner in any sane way that gives consistent results. For rancid to >>> function properly, it has to know what the shell prompt is exactly for a >>> given device, and to do that it has to parse the entire text output. >>> >>> The only tool available to detect the prompt is pattern matching which >>> inevitably means a regex. As a perl regex this is >>> >>> ^[-a-zA-Z0-9]*[>#] >>> >>> and that's assuming the prompt is the hostname. >> >> In hlogin I added >> >> -re "\[#>]+.*\[\n\r]+" { >> exp_continue >> } >> >> to just pass over none prompter # and >. >> Banner "#" and ">" is followed by CR or NL! > > > > Only if the banner has a surrounding box made of > or # > > One can always come up with a scheme that just happens to work for > oneself because local rules specify some exact format where you can get > a regex to work for you. > > That's a lot of work though. I find it easier to just change the banner. > > > > >> >> Works for HPs >> >> /Peo >> ---------------------------------------------------------- >> Per-Olof Olsson Email: peo at chalmers.se >> Chalmers tekniska h?gskola IT-service >> H?rsalsv?gen 5 412 96 G?teborg >> Tel: 031/772 6738 Fax: 031/772 8660 >> ---------------------------------------------------------- >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> >> > > -- Alan McKinnon alan.mckinnon at gmail.com From daniel.schmidt at wyo.gov Thu Dec 19 19:10:33 2013 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Thu, 19 Dec 2013 12:10:33 -0700 Subject: [rancid] Brocade uptime Message-ID: #*@& code update. - !Switch Fabric Module 1 Up Time is 1 days 18 hours 54 minutes 55 seconds + !Switch Fabric Module 1 Up Time is 2 days 18 hours 56 minutes 5 seconds I'm sure somebody has already seen this and patched it - please share diff - many thanks. E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Douglas.Hughes at DEShawResearch.com Thu Dec 19 19:13:36 2013 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Thu, 19 Dec 2013 19:13:36 +0000 Subject: [rancid] Brocade uptime In-Reply-To: References: Message-ID: This is very similar to the last thread. You just have to edit the brocade rancid file and add a 'next if' line above ProcessHistory In the appropriate place. It's a very easy patch. I'm not sure exactly in which section that occurs, but I'm guessing it's the equivalent of ShowRunningConfig or something, so just go in there and add a next if line near one of the other next if lines that is there, like this: next if /Switch Fabric Module.*Up Time/; From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Daniel Schmidt Sent: Thursday, December 19, 2013 2:11 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Brocade uptime #*@& code update. - !Switch Fabric Module 1 Up Time is 1 days 18 hours 54 minutes 55 seconds + !Switch Fabric Module 1 Up Time is 2 days 18 hours 56 minutes 5 seconds I'm sure somebody has already seen this and patched it - please share diff - many thanks. E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Thu Dec 19 20:18:09 2013 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Thu, 19 Dec 2013 13:18:09 -0700 Subject: [rancid] Brocade uptime In-Reply-To: References: Message-ID: Thanks much, Doug - Yeah, I know I should just try to fix it myself but... I'm lazy. And sure enough, somebody just sent me the file I need. Thanks though - I'll try not to be so lazy next time. ;-) On Thu, Dec 19, 2013 at 12:13 PM, Hughes, Doug < Douglas.Hughes at deshawresearch.com> wrote: > This is very similar to the last thread. You just have to edit the > brocade rancid file and add a ?next if? line above ProcessHistory > > In the appropriate place. It?s a very easy patch. > > > > I?m not sure exactly in which section that occurs, but I?m guessing it?s > the equivalent of ShowRunningConfig or something, so just go in there and > add a next if line near one of the other next if lines that is there, like > this: > > > > next if /Switch Fabric Module.*Up Time/; > > > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Daniel Schmidt > *Sent:* Thursday, December 19, 2013 2:11 PM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] Brocade uptime > > > > #*@& code update. > > > > - !Switch Fabric Module 1 Up Time is 1 days 18 hours 54 minutes 55 seconds > + !Switch Fabric Module 1 Up Time is 2 days 18 hours 56 minutes 5 seconds > > > > I'm sure somebody has already seen this and patched it - please share diff > - many thanks. > > > > E-Mail to and from me, in connection with the transaction > > of public business, is subject to the Wyoming Public Records > > Act and may be disclosed to third parties. > > > > E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From eravin at panix.com Fri Dec 20 02:43:20 2013 From: eravin at panix.com (Ed Ravin) Date: Thu, 19 Dec 2013 21:43:20 -0500 Subject: [rancid] Bluecoats Message-ID: <20131220024320.GB9056@panix.com> Every now and then in the last few years I see a note on the list from someone who talks about trying to get RANCID working with Bluecoat proxies. Can anyone report any successes, and better yet, share their working code? From sun.ccna at gmail.com Mon Dec 23 14:47:32 2013 From: sun.ccna at gmail.com (Sun) Date: Mon, 23 Dec 2013 06:47:32 -0800 (PST) Subject: [rancid] rancid takes linux user default Message-ID: <9bf7748c-5735-42a6-be7a-abfb798ef89e@googlegroups.com> I telnet from a linux machine with user linuxuser (linux username) rancid takes that linux user as login user to router(host1) not what is given in file.. how ?, only this router behave like this other are using user name from file only. /usr/local/rancid/bin/clogin host1 host1 spawn telnet host1 Trying host1 Connected to host1 Escape character is '^]'. User Access Verification Username: linuxuser Password: though I put different user in configuration file why so any idea guys ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Dec 24 06:59:47 2013 From: heas at shrubbery.net (heasley) Date: Tue, 24 Dec 2013 06:59:47 +0000 Subject: [rancid] #' in my login banner In-Reply-To: <20131224065243.6F56F5FBE@guelah.shrubbery.net> <52B2C109.1050506@gmail.com> Message-ID: <20131224065947.GC12140@shrubbery.net> Thu, Dec 19, 2013 at 11:48:57AM +0200, Alan McKinnon: > One possibility is to ignore any line with 2 or more #, and assume that > it's a banner. This is the command case. > > Login and command prompts contain ">" or "#", but always only one. > > This way, code can discard lines that are known to NOT be the prompt. > It's not 100% failproof but it is an improvement over the blind match we > currently have. > > > On 19/12/2013 10:26, Jan Dahl wrote: > > Maybe if we could somehow define an "ignored" string? I have a couple > > of thousand switches with this in the login banner, which I won't be > > allowed to change any time soon: > > > > ###### ###### # # > > # # # # # > > # # ###### # # > > # # # # # > > ###### ###### # > > > > Is it un-clever? Indeed! But it has been rolled out world wide before > > I started here and now I can't use rancid. > > > > The really weird thing for me is that somehow, terminal length and > > width are set at the right time, but none of my commands are pushed > > after that. > > > > Kind regards, > > > > Jan > > > > On Wed Dec 11 18:24:32 UTC 2013, Allan McKinnon wrote: > > > > On 11/12/2013 20:14, Per-Olof Olsson wrote: > >> Hello > >> > >> > >> > >> > >> On 12/11/2013 06:51 PM, Alan McKinnon wrote: > >>> I see no-one has responded with an answer to your question. > >>> > >>> I think the reason is that code cannot deal with ">" and "#" characters > >>> in a banner in any sane way that gives consistent results. For rancid to > >>> function properly, it has to know what the shell prompt is exactly for a > >>> given device, and to do that it has to parse the entire text output. > >>> > >>> The only tool available to detect the prompt is pattern matching which > >>> inevitably means a regex. As a perl regex this is > >>> > >>> ^[-a-zA-Z0-9]*[>#] > >>> > >>> and that's assuming the prompt is the hostname. > >> > >> In hlogin I added > >> > >> -re "\[#>]+.*\[\n\r]+" { > >> exp_continue > >> } > >> > >> to just pass over none prompter # and >. > >> Banner "#" and ">" is followed by CR or NL! > > > > > > > > Only if the banner has a surrounding box made of > or # > > > > One can always come up with a scheme that just happens to work for > > oneself because local rules specify some exact format where you can get > > a regex to work for you. > > > > That's a lot of work though. I find it easier to just change the banner. > > > > > > > > > >> > >> Works for HPs > >> > >> /Peo > >> ---------------------------------------------------------- > >> Per-Olof Olsson Email: peo at chalmers.se > >> Chalmers tekniska h?gskola IT-service > >> H?rsalsv?gen 5 412 96 G?teborg > >> Tel: 031/772 6738 Fax: 031/772 8660 > >> ---------------------------------------------------------- > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > >> > >> > > > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss This adds a 'prompt', or i suppose "initial prompt", directive to cloginrc, so something like this could be added to cloginrc: add prompt hostglob {^[^\n\r#]+#} it still has an odor from my pov, but it would work for the case at hand. Index: bin/clogin.in =================================================================== --- bin/clogin.in (revision 2761) +++ bin/clogin.in (working copy) @@ -581,6 +581,7 @@ send_user "\nError: Invalid login: $router\n"; catch {close}; catch {wait}; return 1 } + -re "\[^\r\n]*\[\r\n]+" { exp_continue; } } } @@ -763,7 +764,10 @@ } # Default prompt. - set prompt "(>|#| \\(enable\\))" + set prompt [join [find prompt $router] ""] + if { [llength $prompt] == 0 } { + set prompt "(>|#| \\(enable\\))" + } # look for noenable option in .cloginrc if { [find noenable $router] == "1" } { @@ -902,9 +906,10 @@ } # we are logged in, now figure out the full prompt send "\r" + regsub -all {^(\^*)(.*)} $prompt {\2} reprompt expect { -re "\[\r\n]+" { exp_continue; } - -re "^(.+\[:.])1 ($prompt)" { # stoopid extreme cmd-line numbers and + -re "^(.+\[:.])1 ($reprompt)" { # stoopid extreme cmd-line numbers and # prompt based on state of config changes, # which may have an * at the beginning. set junk $expect_out(1,string) @@ -913,7 +918,7 @@ set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"; set platform "extreme" } - -re "^.+$prompt" { set junk $expect_out(0,string); + -re "^.+$reprompt" { set junk $expect_out(0,string); regsub -all "\[\]\[\(\)]" $junk {\\&} prompt; } } From alan.mckinnon at gmail.com Tue Dec 24 08:40:46 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 24 Dec 2013 10:40:46 +0200 Subject: [rancid] rancid takes linux user default In-Reply-To: <9bf7748c-5735-42a6-be7a-abfb798ef89e@googlegroups.com> References: <9bf7748c-5735-42a6-be7a-abfb798ef89e@googlegroups.com> Message-ID: <52B9488E.5000409@gmail.com> On 23/12/13 16:47, Sun wrote: > I telnet from a linux machine with user linuxuser (linux username) > > rancid takes that linux user as login user to router(host1) not what is > given in file.. how ?, only this router behave like this other are using > user name from file only. > > /usr/local/rancid/bin/clogin host1 > host1 > spawn telnet host1 > Trying host1 > Connected to host1 > Escape character is '^]'. > > > User Access Verification > > Username: linuxuser > Password: > > though I put different user in configuration file > > why so any idea guys ? Did you run the clogin above as the linuxuser or as the rancid user? I would guess you did the former by mistake. Or, you have an incorrect ~/.cloginrc -- Alan McKinnon alan.mckinnon at gmail.com From jan at spacepope.dk Tue Dec 24 21:46:13 2013 From: jan at spacepope.dk (Jan Dahl) Date: Tue, 24 Dec 2013 22:46:13 +0100 Subject: [rancid] #' in my login banner In-Reply-To: References: Message-ID: <8F9A26B3-50E3-4436-959E-E35F8C19878C@spacepope.dk> I?ll try it out after the holidays and the ensuing fires that need to put out. Thanks! :) Kind regards, Jan > Date: Tue, 24 Dec 2013 06:59:47 +0000 > From: heasley > To: Alan McKinnon > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] #' in my login banner > Message-ID: <20131224065947.GC12140 at shrubbery.net> > Content-Type: text/plain; charset=iso-8859-1 > > Thu, Dec 19, 2013 at 11:48:57AM +0200, Alan McKinnon: >> One possibility is to ignore any line with 2 or more #, and assume that >> it's a banner. This is the command case. >> >> Login and command prompts contain ">" or "#", but always only one. >> >> This way, code can discard lines that are known to NOT be the prompt. >> It's not 100% failproof but it is an improvement over the blind match we >> currently have. >> >> >> On 19/12/2013 10:26, Jan Dahl wrote: >>> Maybe if we could somehow define an "ignored" string? I have a couple >>> of thousand switches with this in the login banner, which I won't be >>> allowed to change any time soon: >>> >>> ###### ###### # # >>> # # # # # >>> # # ###### # # >>> # # # # # >>> ###### ###### # >>> >>> Is it un-clever? Indeed! But it has been rolled out world wide before >>> I started here and now I can't use rancid. >>> >>> The really weird thing for me is that somehow, terminal length and >>> width are set at the right time, but none of my commands are pushed >>> after that. >>> >>> Kind regards, >>> >>> Jan >>> >>> On Wed Dec 11 18:24:32 UTC 2013, Allan McKinnon wrote: >>> >>> On 11/12/2013 20:14, Per-Olof Olsson wrote: >>>> Hello >>>> >>>> >>>> >>>> >>>> On 12/11/2013 06:51 PM, Alan McKinnon wrote: >>>>> I see no-one has responded with an answer to your question. >>>>> >>>>> I think the reason is that code cannot deal with ">" and "#" characters >>>>> in a banner in any sane way that gives consistent results. For rancid to >>>>> function properly, it has to know what the shell prompt is exactly for a >>>>> given device, and to do that it has to parse the entire text output. >>>>> >>>>> The only tool available to detect the prompt is pattern matching which >>>>> inevitably means a regex. As a perl regex this is >>>>> >>>>> ^[-a-zA-Z0-9]*[>#] >>>>> >>>>> and that's assuming the prompt is the hostname. >>>> >>>> In hlogin I added >>>> >>>> -re "\[#>]+.*\[\n\r]+" { >>>> exp_continue >>>> } >>>> >>>> to just pass over none prompter # and >. >>>> Banner "#" and ">" is followed by CR or NL! >>> >>> >>> >>> Only if the banner has a surrounding box made of > or # >>> >>> One can always come up with a scheme that just happens to work for >>> oneself because local rules specify some exact format where you can get >>> a regex to work for you. >>> >>> That's a lot of work though. I find it easier to just change the banner. >>> >>> >>> >>> >>>> >>>> Works for HPs >>>> >>>> /Peo >>>> ---------------------------------------------------------- >>>> Per-Olof Olsson Email: peo at chalmers.se >>>> Chalmers tekniska h?gskola IT-service >>>> H?rsalsv?gen 5 412 96 G?teborg >>>> Tel: 031/772 6738 Fax: 031/772 8660 >>>> ---------------------------------------------------------- >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>> >>>> >>> >>> >> >> >> -- >> Alan McKinnon >> alan.mckinnon at gmail.com >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > This adds a 'prompt', or i suppose "initial prompt", directive to cloginrc, > so something like this could be added to cloginrc: > > add prompt hostglob {^[^\n\r#]+#} > > it still has an odor from my pov, but it would work for the case at hand. > > Index: bin/clogin.in > =================================================================== > --- bin/clogin.in (revision 2761) > +++ bin/clogin.in (working copy) > @@ -581,6 +581,7 @@ > send_user "\nError: Invalid login: $router\n"; > catch {close}; catch {wait}; return 1 > } > + -re "\[^\r\n]*\[\r\n]+" { exp_continue; } > } > } > > @@ -763,7 +764,10 @@ > } > > # Default prompt. > - set prompt "(>|#| \\(enable\\))" > + set prompt [join [find prompt $router] ""] > + if { [llength $prompt] == 0 } { > + set prompt "(>|#| \\(enable\\))" > + } > > # look for noenable option in .cloginrc > if { [find noenable $router] == "1" } { > @@ -902,9 +906,10 @@ > } > # we are logged in, now figure out the full prompt > send "\r" > + regsub -all {^(\^*)(.*)} $prompt {\2} reprompt > expect { > -re "\[\r\n]+" { exp_continue; } > - -re "^(.+\[:.])1 ($prompt)" { # stoopid extreme cmd-line numbers and > + -re "^(.+\[:.])1 ($reprompt)" { # stoopid extreme cmd-line numbers and > # prompt based on state of config changes, > # which may have an * at the beginning. > set junk $expect_out(1,string) > @@ -913,7 +918,7 @@ > set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"; > set platform "extreme" > } > - -re "^.+$prompt" { set junk $expect_out(0,string); > + -re "^.+$reprompt" { set junk $expect_out(0,string); > regsub -all "\[\]\[\(\)]" $junk {\\&} prompt; > } > } > > > > ------------------------------ From willie at qis.net Thu Dec 26 19:49:27 2013 From: willie at qis.net (Willie Bollinger) Date: Thu, 26 Dec 2013 14:49:27 -0500 Subject: [rancid] Cienna / Lightning Edge Message-ID: <52BC8847.700@qis.net> Has anybody had any luck getting rancid to work with Ciena Switches? -- ----------------------------------------------------------------------- Willie Bollinger | 2975B Manchester Rd.| E-Mail: willie at qis.net Quantum Internet Services| Manchester, MD 21102| Voice: 410-239-6920 ----------------------------------------------------------------------- From roman.hochuli at nexellent.ch Mon Dec 30 09:01:27 2013 From: roman.hochuli at nexellent.ch (Roman Hochuli) Date: Mon, 30 Dec 2013 10:01:27 +0100 Subject: [rancid] Brocade uptime In-Reply-To: References: Message-ID: <52C13667.3060408@nexellent.ch> Hello Daniel, Doug > And sure enough, somebody just sent me the file I > need. Thanks though - I'll try not to be so lazy next time. ;-) Have a look at the Git-Repo. Usually a good start to find a fix. :) This particular issue had been fixed somewhen in August last year: http://bit.ly/1djDidc -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 Fax: +41 44 872 20 01 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier From tlimoncelli at stackexchange.com Mon Dec 30 16:46:35 2013 From: tlimoncelli at stackexchange.com (Tom Limoncelli) Date: Mon, 30 Dec 2013 11:46:35 -0500 Subject: [rancid] Patch for Cisco models that include "Time:" in "WriteTerm" Message-ID: Some of our switches were getting non-empty diffs every time we ran RANCID. It turned out they were models that included the current time when writing the config. This is while running on CentOS with the rancid-2.3.6-1.el6 package from epel. This patch solved the problem. --- a/rancid +++ b/rancid @@ -1582,6 +1582,8 @@ sub WriteTerm { } tr/\015//d; } + # skip current time + /^Time: / && next; # skip ASA 5520 configuration author line /^: written by /i && next; # some versions have other crap mixed in with the bits in the From tlimoncelli at stackexchange.com Mon Dec 30 16:48:39 2013 From: tlimoncelli at stackexchange.com (Tom Limoncelli) Date: Mon, 30 Dec 2013 11:48:39 -0500 Subject: [rancid] Patch for Cisco models that include "Time:" in "WriteTerm" In-Reply-To: References: Message-ID: P.S. The affected models were all Nexus devices. From heas at shrubbery.net Mon Dec 30 17:19:34 2013 From: heas at shrubbery.net (heasley) Date: Mon, 30 Dec 2013 17:19:34 +0000 Subject: [rancid] Patch for Cisco models that include "Time:" in "WriteTerm" In-Reply-To: References: Message-ID: <20131230171934.GF3351@shrubbery.net> Mon, Dec 30, 2013 at 11:48:39AM -0500, Tom Limoncelli: > P.S. The affected models were all Nexus devices. nexus should be type cisco-nx in router.db, not cisco. From graham at apolix.co.za Tue Dec 31 10:33:47 2013 From: graham at apolix.co.za (Graham Beneke) Date: Tue, 31 Dec 2013 12:33:47 +0200 Subject: [rancid] Cienna / Lightning Edge In-Reply-To: <52BC8847.700@qis.net> References: <52BC8847.700@qis.net> Message-ID: <52C29D8B.7010903@apolix.co.za> On 26/12/2013 21:49, Willie Bollinger wrote: > Has anybody had any luck getting rancid to work with Ciena Switches? I'm also interested in collecting Ciena configs. Was planning to try code up the bits required in the new year as I have not yet found any sign that they exist already. -- Graham Beneke