From howie at thingy.com Mon Jul 1 08:23:03 2013 From: howie at thingy.com (Howard Jones) Date: Mon, 01 Jul 2013 09:23:03 +0100 Subject: [rancid] Support for the Cisco SF300 In-Reply-To: <184866CE19BFA64EB7BCC3B5659A2ED9227CA838@EXCH2010.dintid.local> References: <184866CE19BFA64EB7BCC3B5659A2ED9227CA838@EXCH2010.dintid.local> Message-ID: <51D13C67.3020105@thingy.com> On 30/06/2013 14:52, Morten Nielsen wrote: > > I finally found the updated versions of csbrancid and csblogin files > here but still seems to be some issue with my SG300 > > http://www.gossamer-threads.com/lists/rancid/users/6910 > [snip] > > I can log in just fine using .clogin sg300-10p > > Only odd thing is the 4 blank lines, but I don?t know if they are > important. > > ------------------ > > rancid at ubuntu:~$ bin/clogin sg300-10p > > sg300-10p > > spawn ssh -c 3des -x -l rancid sg300-10p > > rancid at sg300-10p's password: > > You downloaded a csblogin/csbrancid (which RANCID is using), but you are testing using clogin (the regular Cisco version). To see what's going on, try using the same login program RANCID is! :-) bin/csblogin sg300-10p It might be a start, at least... Howie From heas at shrubbery.net Mon Jul 1 15:55:22 2013 From: heas at shrubbery.net (heasley) Date: Mon, 1 Jul 2013 15:55:22 +0000 Subject: [rancid] ignoring flash memory changes In-Reply-To: <51D0C126.1020805@gmail.com> References: <51C22513.8040304@gmail.com> <20130627221812.GT75983@shrubbery.net> <51CD2500.3060808@gmail.com> <51D0C126.1020805@gmail.com> Message-ID: <20130701155522.GF323@shrubbery.net> > > Wed, Jun 19, 2013 at 11:39:31PM +0200, Alan McKinnon: > >> Rancid could really benefit from some kind of call-out mechanism > where > >> we can add our own local tweaks and keep them out of the main > code, but > >> unfortunately 2.3.x doesn't have this. > >> > >> Perhaps a worthy addition to the 3.0 series! > > > > What do you mean 'call-out mechanism'? in 3.0 you can tell rancid > which > > module to include (need to add functionality to include multiple > modules) > > and tell it what function to use to parse the output. > > > > Yes, something like that. > > The problem I face is I've forked every parser script I use, and it's > always to add or remove entire commands or individual regexes. These > things work best when the regex definition is treated as data out of a > config, not as pure code > > I still haven't fully read the 3.0 code yet, so I could well be asking > for something you've already done 3.0 does not offer a manner of altering the regexes by configuration, only the module, commands and functions used for the given device type. I do not see the former being practical, there are simply too many; you'd practically define the entire module in a configuration file and the value would be lost. From heas at shrubbery.net Mon Jul 1 16:15:10 2013 From: heas at shrubbery.net (heasley) Date: Mon, 1 Jul 2013 16:15:10 +0000 Subject: [rancid] Support for the Cisco SF300 In-Reply-To: <51D0948D.1050505@gmail.com> References: <184866CE19BFA64EB7BCC3B5659A2ED9227CA838@EXCH2010.dintid.local> <51D0948D.1050505@gmail.com> Message-ID: <20130701161510.GH323@shrubbery.net> Sun, Jun 30, 2013 at 10:26:53PM +0200, Alan McKinnon: > On 30/06/2013 15:52, Morten Nielsen wrote: > > Been trying to add support for the Cisco Small business switches in my > > Rancid 2.38. > > > > > > > > I finally found the updated versions of csbrancid and csblogin files > > here but still seems to be some issue with my SG300 > > > > http://www.gossamer-threads.com/lists/rancid/users/6910 > > are they not using the usual IOS cli? > > Maybe i miss something with this line, as I don?t know what he means:? > > > > ?- End of run fix (important for be sure to get the full configuration > > dump)? > > > > > > > > My log just says: > > > > Trying to get all of the configs. > > > > sg300-10p csblogin error: Error: TIMEOUT reached > > > > sg300-10p missed cmd(s): show version,show system,show startup-config > > > > sg300-10p End of run not found > > > > > > > > I can log in just fine using .clogin sg300-10p > > > > Only odd thing is the 4 blank lines, but I don?t know if they are important. > > > > ------------------ > > > > rancid at ubuntu:~$ bin/clogin sg300-10p > > > > sg300-10p > > > > spawn ssh -c 3des -x -l rancid sg300-10p > > > > rancid at sg300-10p's password: > > > > > > > > > > > > > > > > > > > > SG300-10P# > > > > SG300-10P# > > > > ------------------ > > > > > > > > My .cloginrc > > > > # Switches > > > > add userprompt sg*.* {"User Name:"} > > > > add user sg*.* {rancid} > > > > add password sg*.* {pass} > > > > add autoenable sg*.* 1 > > > > add method sg*.* ssh > > > > > > > > I?ve commenting lines out, removing {} and googled a lot, so feel I?ve > > tried evertyhing but to no avail. > > > > > > > > Hope someone have some idea > > Does csbrancid support -d like regular rancid does? If so > > csbrancid -d >hostname> > > let it complete and a full log is left in the current directory. It > usually has enough info for you to figure out why it failed. > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Mon Jul 1 16:25:19 2013 From: heas at shrubbery.net (heasley) Date: Mon, 1 Jul 2013 16:25:19 +0000 Subject: [rancid] Checking for root In-Reply-To: <20130630021703.GD23080@panix.com> References: <20130628150638.5A0BD24D023@sea.shrubbery.net> <20130628151421.GF8902@shrubbery.net> <20130630021703.GD23080@panix.com> Message-ID: <20130701162519.GJ323@shrubbery.net> Sat, Jun 29, 2013 at 10:17:04PM -0400, Ed Ravin: > On Sat, Jun 29, 2013 at 11:18:46PM +0100, Matthew Walster wrote: > > On 28 June 2013 16:14, heasley <[1]heas at shrubbery.net> wrote: > > > > +eval `id | sed -e 's/(.*//'` > > +test "$uid" -eq 0 && echo "Do not run $0 as root!" && exit 1 > > > > Would it not make more sense just to compare $UID -- that's set by the > > shell. Essentially, you'd end up with: > > if [[ $UID == 0 ]] > > Not sure if every shell supports that, remember RANCID has to run in a > lot of environments, like on Solaris systems where the /bin/sh feature set > seems to date back to 1985. correct. > However, since we already need Perl to run the RANCID commands, how about > this: > > uid=`perl -e 'print "$<\n"'` > test "$uid" -eq 0 && echo "Do not run $0 as root!" && exit 1 > that'd work, but i think $> is the variable that you want. From alan.mckinnon at gmail.com Mon Jul 1 19:37:19 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 01 Jul 2013 21:37:19 +0200 Subject: [rancid] ignoring flash memory changes In-Reply-To: <20130701155522.GF323@shrubbery.net> References: <51C22513.8040304@gmail.com> <20130627221812.GT75983@shrubbery.net> <51CD2500.3060808@gmail.com> <51D0C126.1020805@gmail.com> <20130701155522.GF323@shrubbery.net> Message-ID: <51D1DA6F.1030302@gmail.com> On 01/07/2013 17:55, heasley wrote: >> > Wed, Jun 19, 2013 at 11:39:31PM +0200, Alan McKinnon: >> >> Rancid could really benefit from some kind of call-out mechanism >> where >> >> we can add our own local tweaks and keep them out of the main >> code, but >> >> unfortunately 2.3.x doesn't have this. >> >> >> >> Perhaps a worthy addition to the 3.0 series! >> > >> > What do you mean 'call-out mechanism'? in 3.0 you can tell rancid >> which >> > module to include (need to add functionality to include multiple >> modules) >> > and tell it what function to use to parse the output. >> > >> >> Yes, something like that. >> >> The problem I face is I've forked every parser script I use, and it's >> always to add or remove entire commands or individual regexes. These >> things work best when the regex definition is treated as data out of a >> config, not as pure code >> >> I still haven't fully read the 3.0 code yet, so I could well be asking >> for something you've already done > > 3.0 does not offer a manner of altering the regexes by configuration, > only the module, commands and functions used for the given device type. I > do not see the former being practical, there are simply too many; you'd > practically define the entire module in a configuration file and the value > would be lost. I can't get the first, but I can get 2, 3 & 4? Deal, you have a sale. The check is in the mail :-) -- Alan McKinnon alan.mckinnon at gmail.com From s.rigby at uber.com.au Mon Jul 8 04:26:58 2013 From: s.rigby at uber.com.au (Shannon Rigby) Date: Mon, 8 Jul 2013 04:26:58 +0000 Subject: [rancid] Rancid for F5 LTMs Message-ID: Hi Has anyone had any luck with creating a script to backup F5 ltm, 11.2 plus, using tmsh instead of bigpipe Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From istong at costar.com Mon Jul 8 16:12:59 2013 From: istong at costar.com (Ian Stong) Date: Mon, 8 Jul 2013 16:12:59 +0000 Subject: [rancid] Rancid for F5 LTMs In-Reply-To: References: Message-ID: <6ED7B4C44A4C234FA7427C0BFDF35A322C3BB8F0@DCMBXPRD100.us.costar.local> The attached will work with V11 LTM and GTM devices. Thanks, Ian Stong From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Shannon Rigby Sent: Monday, July 08, 2013 12:27 AM To: 'rancid-discuss at shrubbery.net' Subject: [rancid] Rancid for F5 LTMs Hi Has anyone had any luck with creating a script to backup F5 ltm, 11.2 plus, using tmsh instead of bigpipe Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: f5rancidv11.txt URL: From morten at dintid.dk Mon Jul 8 17:18:52 2013 From: morten at dintid.dk (Morten Nielsen) Date: Mon, 8 Jul 2013 17:18:52 +0000 Subject: [rancid] Support for the Cisco SF300 Message-ID: <184866CE19BFA64EB7BCC3B5659A2ED9227EED06@EXCH2010.dintid.local> Jun 30, 2013, 1:26 PM, alan.mckinnon at gmail wrote: > Does csbrancid support -d like regular rancid does? If so > > csbrancid -d >hostname> > > let it complete and a full log is left in the current directory. It > usually has enough info for you to figure out why it failed. I werent even aware of this feature, but after testing it, I can say it does not. Doing a -d using clogin I did get some more usefull info though, which corresponds wih my findings that it is an SSH issue between my rancid and the switch. Jul 1, 2013, 1:23 AM, howie at thingy wrote: > You downloaded a csblogin/csbrancid (which RANCID is using), but you > are testing using clogin (the regular Cisco version). To see what's > going on, try using the same login program RANCID is! :-) > > bin/csblogin sg300-10p > > It might be a start, at least... I weren't aware of the csblogin thingie as I'm total linux newbie, but the issue is the same nonetheless. I'm rather confused as I can log into the device using telnet using either "clogin" or "csblogin" either way. After I asked the first question I found that it is propably some SSH issue between rancid and my switch, as it works fine using just telnet. Jul 1, 2013, 9:15 AM, heas at shrubbery wrote: > are they not using the usual IOS cli? Not entirely. The commands are % 90+ but not all IOS. My SG200 don't have any cli access at all, which is even worse. Cli reference /adm guide. https://supportforums.cisco.com/servlet/JiveServlet/download/3431571-112802/300%20series%20CLI%20firmware%201.1.pdf -------------- next part -------------- An HTML attachment was scrubbed... URL: From gene.lim at apc.sg Fri Jul 12 04:15:04 2013 From: gene.lim at apc.sg (Gene Lim) Date: Fri, 12 Jul 2013 12:15:04 +0800 Subject: [rancid] Cisco ASA 5505 configs Message-ID: <000801ce7eb6$633f8d20$29bea760$@lim@apc.sg> Hi All Would appreciate some advice on how I can trouble shoot this issue regarding enable for a Cisco ASA 5505 device. Logs and configuration provided below. Please advice. ==Version 1 without enable password== /router.db 192.168.1.84:cisco:up /.cloginrc add method 192.168.1.84 ssh add user 192.168.1.84 admin add userpassword 192.168.1.84 {adminpwd} $ bin/clogin 192.168.1.84 192.168.1.84 spawn ssh -c 3des -x -l admin 192.168.1.84 admin at 192.168.1.84's password: Type help or '?' for a list of available commands. CISCOASA5505> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. Error: Check your Enable passwd CISCOASA5505> CISCOASA5505> exit Logoff /logs Trying to get all of the configs. 192.168.1.84 clogin error: Error: Check your Enable passwd 192.168.1.84: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show capture,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,show running-config view full,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,show shun,show controllers,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sup-bootdisk:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,show redundancy secondary,show running-config,show c7200,dir /all slot1: 192.168.1.84: End of run not found ! ==Version 2 with enable password== /router.db 192.168.1.84:cisco:up /.cloginrc add method 192.168.1.84 ssh add user 192.168.1.84 admin add password 192.168.1.84 {adminpwd} {enable at pwd} $ bin/clogin 192.168.1.84 192.168.1.84 spawn ssh -c 3des -x -l admin 192.168.1.84 admin at 192.168.1.84 's password: Permission denied, please try again. admin at 192.168.1.84 's password: Error: Check your passwd for 192.168.1.84 /logs 192.168.1.84 clogin error: Error: Check your passwd for 192.168.1.84 192.168.1.84: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show capture,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,show running-config view full,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,show shun,show controllers,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sup-bootdisk:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,show redundancy secondary,show running-config,show c7200,dir /all slot1: 192.168.1.84: End of run not found ! Thank You Warmest Regards, Gene Lim -------------- next part -------------- An HTML attachment was scrubbed... URL: From roman.hochuli at nexellent.ch Fri Jul 12 13:39:35 2013 From: roman.hochuli at nexellent.ch (Roman Hochuli) Date: Fri, 12 Jul 2013 15:39:35 +0200 Subject: [rancid] Citrix NetScaler / nsrancid "Last modified" lines Message-ID: <51E00717.7070401@nexellent.ch> Hello All I was getting tired to have my logs/mailbox beeing filled up with lines of this type with every run of rancid: --snip - # Last modified by `save config`, Fri Jul 12 13:07:26 2013 + # Last modified by `save config`, Fri Jul 12 14:07:31 2013 --snap So I decided to filter out that line. Maybe others would be interested as well. So here is the diff: --snip --- nsrancid 2013-07-12 15:14:06.000000000 +0200 +++ nsrancid 2013-07-12 15:24:34.000000000 +0200 @@ -185,6 +185,9 @@ $_ =~ s/community label .*$/community label /; } } + if (/^# Last modified/) { + $_ = ""; + } return(1) if /(invalid command name)/; ProcessHistory("","","","$_"); } --snap Enjoy. -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 Fax: +41 44 872 20 01 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier From roman.hochuli at nexellent.ch Fri Jul 12 14:05:36 2013 From: roman.hochuli at nexellent.ch (Roman Hochuli) Date: Fri, 12 Jul 2013 16:05:36 +0200 Subject: [rancid] Citrix NetScaler / nsrancid "Last modified" lines In-Reply-To: <51E00717.7070401@nexellent.ch> References: <51E00717.7070401@nexellent.ch> Message-ID: <51E00D30.4060805@nexellent.ch> Hello All > So I decided to filter out that line. Maybe others would be interested > as well. So here is the diff: Actually, I found a slightly quicker way: --snip --- nsrancid.ORI 2013-07-12 15:14:06.000000000 +0200 +++ nsrancid 2013-07-12 15:55:34.000000000 +0200 @@ -180,6 +180,7 @@ next if (/^Can\'t find object or class named \"\-all\"\s*$/); next if (/lock-address .*$/); next if (/^\# *uptime +\d+\s*$/); + next if (/^# Last modified/); if (/community label /) { if ($filter_commstr) { $_ =~ s/community label .*$/community label /; --snap Pull-Request @GitHub is open. -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 Fax: +41 44 872 20 01 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier From matthew at walster.org Fri Jul 12 14:58:02 2013 From: matthew at walster.org (Matthew Walster) Date: Fri, 12 Jul 2013 15:58:02 +0100 Subject: [rancid] Citrix NetScaler / nsrancid "Last modified" lines In-Reply-To: <51E00D30.4060805@nexellent.ch> References: <51E00717.7070401@nexellent.ch> <51E00D30.4060805@nexellent.ch> Message-ID: Hi Roman, I for one want to see these "last modified" lines as otherwise I have no idea when the change occurred -- especially if RANCID is only set to run once a day or similar and I'm tracking down an issue. Ideally what would happen is that when a particular syslog line is seen "commit/saved" etc, then RANCID would run on that device immediately, and yes, your patch would be a good thing to apply. Or, as I'm not familiar with that product, could it be that this line is changing every single time RANCID runs and not just when there has been a config change? Cheers, Matthew Walster On 12 July 2013 15:05, Roman Hochuli wrote: > Hello All > > > So I decided to filter out that line. Maybe others would be interested > > as well. So here is the diff: > > Actually, I found a slightly quicker way: > > --snip > --- nsrancid.ORI 2013-07-12 15:14:06.000000000 +0200 > +++ nsrancid 2013-07-12 15:55:34.000000000 +0200 > @@ -180,6 +180,7 @@ > next if (/^Can\'t find object or class named \"\-all\"\s*$/); > next if (/lock-address .*$/); > next if (/^\# *uptime +\d+\s*$/); > + next if (/^# Last modified/); > if (/community label /) { > if ($filter_commstr) { > $_ =~ s/community label .*$/community label /; > --snap > > Pull-Request @GitHub is open. > > -- > Best regards, > Roman Hochuli > Operations Manager > > nexellent ag > Saegereistrasse 33 > CH-8152 Glattbrugg > > Phone: +41 44 872 20 00 > Fax: +41 44 872 20 01 > URL: www.nexellent.ch > X-NCC-RegID: ch.nexellent > > Imagination is the one weapon in the war > against reality. > -- Jules de Gaultier > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris at node-nine.com Fri Jul 12 17:54:43 2013 From: chris at node-nine.com (Chris Moody) Date: Fri, 12 Jul 2013 13:54:43 -0400 Subject: [rancid] Cisco ASA 5505 configs In-Reply-To: <000801ce7eb6$633f8d20$29bea760$@lim@apc.sg> References: <000801ce7eb6$633f8d20$29bea760$@lim@apc.sg> Message-ID: <51E042E3.90201@node-nine.com> Gene, perhaps I'm reading too much into your post as most people obfuscate their actual passwords when posting to a mailing-list, but I have to ask. Your enable password, does it actually have an '@' in it? Reason I ask is that "special characters" such as this need escaped when software reads these kinds of values. Please set your enable pass to something without an '@' or other punctuation in it and see if you're able to get RANCID working. Once you can confirm RANCID is operating ok, then we can go about setting your credentials to more complex values and escaping any strange characters appropriately. Cheers, -Chris On 7/12/13 12:15 AM, Gene Lim wrote: > > Hi All > > Would appreciate some advice on how I can trouble shoot this issue > regarding enable for a Cisco ASA 5505 device. Logs and configuration > provided below. Please advice. > > ==Version 1 without enable password== > > /router.db > > 192.168.1.84:cisco:up > > /.cloginrc > > add method 192.168.1.84 ssh > > add user 192.168.1.84 admin > > add userpassword 192.168.1.84 {adminpwd} > > $ bin/clogin 192.168.1.84 > > 192.168.1.84 > > spawn ssh -c 3des -x -l admin 192.168.1.84 > > admin at 192.168.1.84's password: > > Type help or '?' for a list of available commands. > > CISCOASA5505> enable > > Password: ******** > > Invalid password > > Password: ******** > > Invalid password > > Password: ******** > > Invalid password > > Access denied. > > Error: Check your Enable passwd > > CISCOASA5505> > > CISCOASA5505> exit > > Logoff > > /logs > > Trying to get all of the configs. > > 192.168.1.84 clogin error: Error: Check your Enable passwd > > 192.168.1.84: missed cmd(s): dir /all slavedisk2:,show rsp > chassis-info,show capture,dir /all sec-slot2:,show diag,dir /all > disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir > /all disk2:,show running-config view full,dir /all sec-bootflash:,show > spe version,dir /all slaveslot2:,dir /all disk0:,show install > active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all > harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir > /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show > variables boot,show boot,show inventory raw,dir /all slavedisk1:,show > env all,show module,show shun,show controllers,show diagbus,more > system:running-config,dir /all slavedisk0:,show debug,show idprom > backplane,dir /all bootflash:,dir /all sup-bootdisk:,dir /all > sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all > sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir > /all sup-microcode:,show vlan,dir /all slavebootflash:,show > controllers cbus,dir /all slaveslot1:,dir /all nvram:,show > version,show vlan-switch,show redundancy secondary,show > running-config,show c7200,dir /all slot1: > > 192.168.1.84: End of run not found > > ! > > ==Version 2 with enable password== > > /router.db > > 192.168.1.84:cisco:up > > /.cloginrc > > add method 192.168.1.84 ssh > > add user 192.168.1.84 admin > > add password 192.168.1.84 {adminpwd} {enable at pwd} > > $ bin/clogin 192.168.1.84 > > 192.168.1.84 > > spawn ssh -c 3des -x -l admin 192.168.1.84 > > admin at 192.168.1.84 's password: > > Permission denied, please try again. > > admin at 192.168.1.84 's password: > > Error: Check your passwd for 192.168.1.84 > > /logs > > 192.168.1.84 clogin error: Error: Check your passwd for 192.168.1.84 > > 192.168.1.84: missed cmd(s): dir /all slavedisk2:,show rsp > chassis-info,show capture,dir /all sec-slot2:,show diag,dir /all > disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir > /all disk2:,show running-config view full,dir /all sec-bootflash:,show > spe version,dir /all slaveslot2:,dir /all disk0:,show install > active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all > harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir > /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show > variables boot,show boot,show inventory raw,dir /all slavedisk1:,show > env all,show module,show shun,show controllers,show diagbus,more > system:running-config,dir /all slavedisk0:,show debug,show idprom > backplane,dir /all bootflash:,dir /all sup-bootdisk:,dir /all > sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all > sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir > /all sup-microcode:,show vlan,dir /all slavebootflash:,show > controllers cbus,dir /all slaveslot1:,dir /all nvram:,show > version,show vlan-switch,show redundancy secondary,show > running-config,show c7200,dir /all slot1: > > 192.168.1.84: End of run not found > > ! > > Thank You > > Warmest Regards, > > Gene Lim > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.wilkinson at cba.com.au Mon Jul 15 09:28:10 2013 From: alex.wilkinson at cba.com.au (Wilkinson, Alex) Date: Mon, 15 Jul 2013 17:28:10 +0800 Subject: [rancid] persistent alerts - but nothing was changed ... ? Message-ID: <20130715092809.GA48555@margz.perth.internal> Hi all, I am consistently getting rancid alerts (diffs) that config has changed on a number of Cisco Nexus devices. However, the diffs in the email are exactly the same each rancid-run(1) and are bogus. Is there anything that would cause rancid to see bogus diffs ? -Alex ************** IMPORTANT MESSAGE ***************************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ************************************************************** From alan.mckinnon at gmail.com Mon Jul 15 09:37:35 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 15 Jul 2013 11:37:35 +0200 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130715092809.GA48555@margz.perth.internal> References: <20130715092809.GA48555@margz.perth.internal> Message-ID: <51E3C2DF.3050100@gmail.com> On 15/07/2013 11:28, Wilkinson, Alex wrote: > Hi all, > > I am consistently getting rancid alerts (diffs) that config has changed on > a number of Cisco Nexus devices. However, the diffs in the email are exactly > the same each rancid-run(1) and are bogus. > > Is there anything that would cause rancid to see bogus diffs ? A diff is a diff, and it has content because something is different. Maybe whitespace. If you post one of these diffs, we can help examine it for you. -- Alan McKinnon alan.mckinnon at gmail.com From gene.lim at apc.sg Mon Jul 15 10:15:26 2013 From: gene.lim at apc.sg (Gene Lim) Date: Mon, 15 Jul 2013 18:15:26 +0800 Subject: [rancid] Cisco ASA 5505 configs In-Reply-To: <51E042E3.90201@node-nine.com> References: <000801ce7eb6$633f8d20$29bea760$@lim@apc.sg> <51E042E3.90201@node-nine.com> Message-ID: <000001ce8144$39d51c30$ad7f5490$@lim@apc.sg> Dear Chris Thank you for the information. Yes you are right my enable password has the special character @ in it. However from further testing using changed credentials below I am still receiving the same login issue. Please advice. ==Version 2 with enable password== /router.db 192.168.1.84:cisco:up /.cloginrc add method 192.168.1.84 ssh add user 192.168.1.84 admin add password 192.168.1.84 {adminpwd} {enablepwd} $ bin/clogin 192.168.1.84 192.168.1.84 spawn ssh -c 3des -x -l admin 192.168.1.84 admin at 192.168.1.84 's password: Permission denied, please try again. admin at 192.168.1.84 's password: Error: Check your passwd for 192.168.1.84 Thank You Warmest Regards, Gene Lim -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Jul 15 19:39:20 2013 From: heas at shrubbery.net (heasley) Date: Mon, 15 Jul 2013 19:39:20 +0000 Subject: [rancid] Citrix NetScaler / nsrancid "Last modified" lines In-Reply-To: References: <51E00717.7070401@nexellent.ch> <51E00D30.4060805@nexellent.ch> Message-ID: <20130715193920.GO85583@shrubbery.net> Fri, Jul 12, 2013 at 03:58:02PM +0100, Matthew Walster: > Ideally what would happen is that when a particular syslog line is seen > "commit/saved" etc, then RANCID would run on that device immediately, and > yes, your patch would be a good thing to apply. > > Or, as I'm not familiar with that product, could it be that this line is > changing every single time RANCID runs and not just when there has been a > config change? see the rancid FAQ: http://shrubbery.net/rancid/FAQ From Chris.Davis at prin.edu Mon Jul 15 20:55:49 2013 From: Chris.Davis at prin.edu (Chris Davis) Date: Mon, 15 Jul 2013 20:55:49 +0000 Subject: [rancid] Couple of Questions. upgrading and Fortinet issue. Message-ID: I recently tried integrating my Fortinet FortiGate units into RANCID. I'm having some trouble which I see has been noticed here before. Apparently 2.3.8 patch 4 should fix the problem of my Private keys looking like they've been changed and they should stop generating a change report every time the job runs. That led me to another problem. I am currently on version 2.3.6 and I was wondering if upgrading to 2.3.8 was just as simple as expanding the archive and running .configure and make? Will it move my data around if needed? Or is that something I have to do manually? The other thing I've noticed is that other folks also had passwords seem to be continually changing and causing alerts. I have never noted this in my clusters........................yet. I do however get an alert that the date has changed on the unit instead. Any ideas other than the patch to get rid (hopefully) of the change being caused by the date? Thanks in Advance. Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From Richard.Savage at newnet.co.uk Mon Jul 15 21:06:13 2013 From: Richard.Savage at newnet.co.uk (Richard Savage) Date: Mon, 15 Jul 2013 21:06:13 +0000 Subject: [rancid] Couple of Questions. upgrading and Fortinet issue. In-Reply-To: Message-ID: The other thing I?ve noticed is that other folks also had passwords seem to be continually changing and causing alerts. I have never noted this in my clusters????????yet. -- Yes I see this all the time, every time a backup is run. I need to be able to backup a full config on other devices, (cisco, juicer) so can't disable the grabbing of password data in rancid as this would stop it being backed up for all cisco and juniper hardware. Not sure of any way to achieve this at the moment. Rich This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at newnet.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Jul 15 21:25:11 2013 From: heas at shrubbery.net (heasley) Date: Mon, 15 Jul 2013 21:25:11 +0000 Subject: [rancid] Couple of Questions. upgrading and Fortinet issue. In-Reply-To: References: Message-ID: <20130715212511.GC85583@shrubbery.net> Mon, Jul 15, 2013 at 08:55:49PM +0000, Chris Davis: > I recently tried integrating my Fortinet FortiGate units into RANCID. I'm having some trouble which I see has been noticed here before. Apparently 2.3.8 patch 4 should fix the problem of my Private keys looking like they've been changed and they should stop generating a change report every time the job runs. That led me to another problem. > > I am currently on version 2.3.6 and I was wondering if upgrading to 2.3.8 was just as simple as expanding the archive and running .configure and make? Will it move my data around if needed? Or is that something I have to do manually? no files move, that i recall. > The other thing I've noticed is that other folks also had passwords seem to be continually changing and causing alerts. I have never noted this in my clusters........................yet. I do however get an alert that the date has changed on the unit instead. Any ideas other than the patch to get rid (hopefully) of the change being caused by the date? perhaps you can compare your o/s revisions and configs with Richard Savage to possibly find what causes the passwords oscillate. From heas at shrubbery.net Mon Jul 15 21:27:27 2013 From: heas at shrubbery.net (heasley) Date: Mon, 15 Jul 2013 21:27:27 +0000 Subject: [rancid] Couple of Questions. upgrading and Fortinet issue. In-Reply-To: References: Message-ID: <20130715212727.GD85583@shrubbery.net> Mon, Jul 15, 2013 at 09:06:13PM +0000, Richard Savage: > The other thing I?ve noticed is that other folks also had passwords seem to be continually changing and causing alerts. I have never noted this in my clusters????????yet. > > -- Yes I see this all the time, every time a backup is run. I need to be able to backup a full config on other devices, (cisco, juicer) so can't disable the grabbing of password data in rancid as this would stop it being backed up for all cisco and juniper hardware. Not sure of any way to achieve this at the moment. what if a /rancid.conf were supported that could over-ride configuration of the global rancid.conf? From Richard.Savage at newnet.co.uk Mon Jul 15 21:29:45 2013 From: Richard.Savage at newnet.co.uk (Richard Savage) Date: Mon, 15 Jul 2013 21:29:45 +0000 Subject: [rancid] Couple of Questions. upgrading and Fortinet issue. In-Reply-To: <20130715212727.GD85583@shrubbery.net> Message-ID: On 15/07/2013 22:27, "heasley" wrote: >Mon, Jul 15, 2013 at 09:06:13PM +0000, Richard Savage: >> The other thing I?ve noticed is that other folks also had passwords >>seem to be continually changing and causing alerts. I have never noted >>this in my clusters????????yet. >> >> -- Yes I see this all the time, every time a backup is run. I need to >>be able to backup a full config on other devices, (cisco, juicer) so >>can't disable the grabbing of password data in rancid as this would stop >>it being backed up for all cisco and juniper hardware. Not sure of any >>way to achieve this at the moment. > >what if a /rancid.conf were supported that could over-ride >configuration >of the global rancid.conf? Yes either a group or a hardware type would be good. Some way of excluding the password from certain hosts would be great. :) Rich This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at newnet.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. From Chris.Davis at prin.edu Mon Jul 15 21:42:03 2013 From: Chris.Davis at prin.edu (Chris Davis) Date: Mon, 15 Jul 2013 21:42:03 +0000 Subject: [rancid] Couple of Questions. upgrading and Fortinet issue. In-Reply-To: References: <20130715212727.GD85583@shrubbery.net> Message-ID: Here is what I am seeing in my rancid reports. Index: configs/x.x.x.x =================================================================== retrieving revision 1.150 diff -U 4 -r1.150 x.x.x.x @@ -17,9 +17,9 @@ !Distribution: International !Branch point: 665 !Release Version Information: MR3 Patch 14 !FortiOS x86-64: Yes - !System time: Mon Jul 15 15:06:58 2013 + !System time: Mon Jul 15 16:07:02 2013 config system global set access-banner disable set admin-concurrent enable @@ -9112,22 +9112,22 @@ edit "Fortinet_Factory" !set password ENC set private-key "-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED And then my old key and then the new key. I'm not sure if it's getting confused on the master/slave issue because the fortinet's have the same IP address, even though there are two separate firewalls. Could be the time issue too. Chris -----Original Message----- From: Richard Savage [mailto:Richard.Savage at newnet.co.uk] Sent: Monday, July 15, 2013 4:30 PM To: heasley Cc: Chris Davis; 'rancid-discuss at shrubbery.net' Subject: Re: [rancid] Couple of Questions. upgrading and Fortinet issue. On 15/07/2013 22:27, "heasley" wrote: >Mon, Jul 15, 2013 at 09:06:13PM +0000, Richard Savage: >> The other thing I?ve noticed is that other folks also had passwords >>seem to be continually changing and causing alerts. I have never >>noted this in my clusters????????yet. >> >> -- Yes I see this all the time, every time a backup is run. I need to >>be able to backup a full config on other devices, (cisco, juicer) so >>can't disable the grabbing of password data in rancid as this would >>stop it being backed up for all cisco and juniper hardware. Not sure >>of any way to achieve this at the moment. > >what if a /rancid.conf were supported that could over-ride >configuration of the global rancid.conf? Yes either a group or a hardware type would be good. Some way of excluding the password from certain hosts would be great. :) Rich This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at newnet.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. From alex.wilkinson at cba.com.au Tue Jul 16 00:41:08 2013 From: alex.wilkinson at cba.com.au (Wilkinson, Alex) Date: Tue, 16 Jul 2013 08:41:08 +0800 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <51E3C2DF.3050100@gmail.com> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> Message-ID: <20130716004108.GA51723@margz.perth.internal> 0n Mon, Jul 15, 2013 at 07:37:35PM +1000, Alan McKinnon wrote: >On 15/07/2013 11:28, Wilkinson, Alex wrote: >> Hi all, >> >> I am consistently getting rancid alerts (diffs) that config has changed on >> a number of Cisco Nexus devices. However, the diffs in the email are exactly >> the same each rancid-run(1) and are bogus. >> >> Is there anything that would cause rancid to see bogus diffs ? > >A diff is a diff, and it has content because something is different. >Maybe whitespace. > >If you post one of these diffs, we can help examine it for you. I'm using SVN not CVS. Here is an example diff - I have not touched these lines whatsoever but get alerts every day about them: Index: configs/nexus4k1-5 =================================================================== - -- configs/nexus1-5 (revision 85) @@ -94,6 +94,17 @@ ele-fwd pause rate threshold is 1000 pps + interface mgmt0 + speed 1000 + duplex full + vrf member management + ip address 192.168.240.35/24 + + interface mgmt1 + boot kickstart bootflash:/n4000-bk9-kickstart.4.1.2.E1.1i.bin + boot system bootflash:/n4000-bk9.4.1.2.E1.1i.bin + system health loopback frequency 60 + interface Ethernet1/1 link state group 1 downstream spanning-tree port type edge @@ -194,17 +205,6 @@ interface Ethernet1/20 speed 10000 - interface mgmt0 - speed 1000 - duplex full - vrf member management - ip address 192.168.240.35/24 - - interface mgmt1 - boot kickstart bootflash:/n4000-bk9-kickstart.4.1.2.E1.1i.bin - boot system bootflash:/n4000-bk9.4.1.2.E1.1i.bin - system health loopback frequency 60 - Any ideas of how to debug ? -Alex ************** IMPORTANT MESSAGE ***************************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ************************************************************** From r.engehausen at gmail.com Tue Jul 16 02:47:55 2013 From: r.engehausen at gmail.com (Roy) Date: Mon, 15 Jul 2013 19:47:55 -0700 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130716004108.GA51723@margz.perth.internal> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> Message-ID: <51E4B45B.4010502@gmail.com> I don't know the box but the diff seems to indicate that the location of mgmt0 and mgmt1 interfaces in the config file is changing. In the first diff the interfaces are before Ethernet1/1 and in the second diff, they are after Ethernet 1/20 On 7/15/2013 5:41 PM, Wilkinson, Alex wrote: > 0n Mon, Jul 15, 2013 at 07:37:35PM +1000, Alan McKinnon wrote: > > >On 15/07/2013 11:28, Wilkinson, Alex wrote: > >> Hi all, > >> > >> I am consistently getting rancid alerts (diffs) that config has changed on > >> a number of Cisco Nexus devices. However, the diffs in the email are exactly > >> the same each rancid-run(1) and are bogus. > >> > >> Is there anything that would cause rancid to see bogus diffs ? > > > >A diff is a diff, and it has content because something is different. > >Maybe whitespace. > > > >If you post one of these diffs, we can help examine it for you. > > I'm using SVN not CVS. > > Here is an example diff - I have not touched these lines whatsoever but get alerts every day about them: > > Index: configs/nexus4k1-5 > =================================================================== > - -- configs/nexus1-5 (revision 85) > @@ -94,6 +94,17 @@ > ele-fwd pause rate threshold is 1000 pps > > > + interface mgmt0 > + speed 1000 > + duplex full > + vrf member management > + ip address 192.168.240.35/24 > + > + interface mgmt1 > + boot kickstart bootflash:/n4000-bk9-kickstart.4.1.2.E1.1i.bin > + boot system bootflash:/n4000-bk9.4.1.2.E1.1i.bin > + system health loopback frequency 60 > + > interface Ethernet1/1 > link state group 1 downstream > spanning-tree port type edge > @@ -194,17 +205,6 @@ > interface Ethernet1/20 > speed 10000 > > - interface mgmt0 > - speed 1000 > - duplex full > - vrf member management > - ip address 192.168.240.35/24 > - > - interface mgmt1 > - boot kickstart bootflash:/n4000-bk9-kickstart.4.1.2.E1.1i.bin > - boot system bootflash:/n4000-bk9.4.1.2.E1.1i.bin > - system health loopback frequency 60 > - > > Any ideas of how to debug ? > > -Alex > > From alex.wilkinson at cba.com.au Tue Jul 16 03:53:23 2013 From: alex.wilkinson at cba.com.au (Wilkinson, Alex) Date: Tue, 16 Jul 2013 11:53:23 +0800 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <51E4B45B.4010502@gmail.com> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> Message-ID: <20130716035323.GB51723@margz.perth.internal> 0n Tue, Jul 16, 2013 at 12:47:55PM +1000, Roy wrote: >I don't know the box but the diff seems to indicate that the location of >mgmt0 and mgmt1 interfaces in the config file is changing. In the first >diff the interfaces are before Ethernet1/1 and in the second diff, they >are after Ethernet 1/20 You are exactly right. When comparing the diffs via OpenGrok its very clear that the line locations consistently change causing a diff + rancid alert. If i'm not changing these devices and the line locations are supposedly changing - what could cause this ? rancid ? -Alex ************** IMPORTANT MESSAGE ***************************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ************************************************************** From chris at node-nine.com Tue Jul 16 05:06:14 2013 From: chris at node-nine.com (Chris Moody) Date: Tue, 16 Jul 2013 01:06:14 -0400 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <51E3C2DF.3050100@gmail.com> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> Message-ID: <51E4D4C6.4000308@node-nine.com> I see TONS of buggy outputs that cause this same behavior from our Nexus boxes. It's almost entirely due to whitespace changes in outputs. You'd seriously think that the output of something like show commands would be consistent...but I guess that's too hard to do. ;o) -Chris On 7/15/13 5:37 AM, Alan McKinnon wrote: > On 15/07/2013 11:28, Wilkinson, Alex wrote: >> Hi all, >> >> I am consistently getting rancid alerts (diffs) that config has changed on >> a number of Cisco Nexus devices. However, the diffs in the email are exactly >> the same each rancid-run(1) and are bogus. >> >> Is there anything that would cause rancid to see bogus diffs ? > > > A diff is a diff, and it has content because something is different. > Maybe whitespace. > > If you post one of these diffs, we can help examine it for you. > > > From Richard.Savage at newnet.co.uk Tue Jul 16 10:28:08 2013 From: Richard.Savage at newnet.co.uk (Richard Savage) Date: Tue, 16 Jul 2013 10:28:08 +0000 Subject: [rancid] Couple of Questions. upgrading and Fortinet issue. In-Reply-To: References: <20130715212727.GD85583@shrubbery.net> Message-ID: <51E52037.7020101@newnet.co.uk> Chris From the output there you are running version 4 firmware. We are running version 5 firmware and see the following changing: Index: configs/xxx.xxx.xxx.xxx =================================================================== - -- configs/xxx.xxx.xxx.xxx (revision 1353) @@ -2369,7 +2369,7 @@ end config system autoupdate tunneling set address '' - set password ENC dhoUEEHeL5UkwJRmdsHswXW+8tLjEc6JmH3TBtcL7WRTjy6Ayq2X+SaXB1XYjAF5Q4BGYmX+g6FRgI2kJWMaPg7kFQivPUsd4g/fx2NCReNZkqQbj3QlN4SE3g5uOJW+a96UQXXnDHd73Xatc7Bfyq603aSClDGPahDz8c7K6CjWDaPIiSPm4OsE4ZWvNV4ycDhRQg== + set password ENC ttt+Kp8HtbS9m8mAtqlZV0MrgVMF4zaSGNqA+OzWjRhsuIiA1xtdkMsopQbx4D3zb+YqG5luzq6YR6qv9CsS8QsmR0knpp8uyfUgI4CXDRBd/orXkpaBwfnxb4YHp5uvViDVkLmchFLCTYLru5PXBIvMY0xhNBT4ohcQhYk8im3GTEzQmpJDRCgFLBjB0tFO/WhkzA== set port 0 set status disable set username '' @@ -7499,7 +7499,7 @@ end config vpn certificate local edit "Fortinet_Factory" - set password ENC jfMgY0J2VTU2w51hIRcsX0GWrGIjHZGk6Yn7n9JRPdlypYzBLU0jduL4MqD9fLG0p3W1L28vysoAR+KEpfV1Jpz+abCdkZa2z6Ws950ADwdhN/k6ofJ6oDsqfvX1O3XQBNQFMrn4LZyeZBbghMAdxJj6LgcAfS9ITdsoYjwoMNdWhsF/nLZ9DT/5rO5ytoaymZNmHA== + set password ENC RnXcEYclwQ1yEPTAfnnaWo0z1OgZDn5PArWoZ6JcGklyiZiefOCdOMxZ0cFTwrFDW4XVjnBldBGWgMqfHa3I67fkej0P5TavkuefMQgghB84jDu/TmTVxxsie70xLtoLggZj3Ip/8JB8S760ZJFK3FRCZ3CAy7rv7oowEodY3/HhN5GgeJnYgi1RhQkevNgIggkTcA== # set private-key "-----BEGIN RSA PRIVATE KEY----- # #-----END RSA PRIVATE KEY-----" -----END RSA PRIVATE KEY-----" @@ -7531,7 +7531,7 @@ set source-ip 0.0.0.0 next edit "Fortinet_Firmware" - set password ENC JVq7ApNWXXVHYsi1w+jn09tqslHpX2ukinOyignjB7mbnzizmJ+0L+xVMtvncf/6TTk78aaN3t23d7AuRxuSHU/LAJv7cgX5nwReoZlLHxnmGGmuuRNONekb4+SawfNCEelksJYxFYBGoDrhzwy9yc/g8cYxlTmNSkdlIkR+YFgbbFanVrS/ZHv49HKc/MRByXvl7w== + set password ENC 9GByWeF7ueFwhAeZcfaQ4cAPx5a4MljomxrRVi8I2NVkefDND/kfdRrvR4WFMxXe7ab4/Ck8kZmUo8X4fFHs1JC9Bo8KqO104lXNGhKO6+mJsVvfGxtAHNfkmnNa/DilEZVZXotewhD2YN1kf/JOrUT5lrHoWQrKo0rB5MUSEgYur+0yY++cGyr0+C4eAU/w7FLX8Q== # set private-key "-----BEGIN RSA PRIVATE KEY----- # #-----END RSA PRIVATE KEY-----" -----END RSA PRIVATE KEY-----" @@ -7562,7 +7562,7 @@ set source-ip 0.0.0.0 next edit "Fortinet_CA_SSLProxy" - set password ENC ii+WdWZzSvyoSuavT+MTZtJ5bK80ckENEZU9xufB7OcSxZ3o1XLz5UcZKWVszMf7um+pXQusHZKXvg00MpND3eRv/HeXvH1YwuEHB6k+Gs9tbL51uMK0GNqhl15ArgqYpTxLXbeYuukaonOSDI7lzI+pn4JoxDKgYvfCesYR20nzbtj5W6mP4cCw9A51aKlEmLpDlA== + set password ENC NokvU0icZ4noGkTcAl1toRRKptAhax6RQ/YjMG2puabX/wty4PNJXC91Y1DIvWJU9wExoF2qUuBR/wDvCOmOyEXrXsc+DYpXtcCCIXsSwxr9Xe8quqmXkDw9LhZKFF+FBrL8rQDw9BrCTtUNYtaisu+WR69fJ5VPp+KIAqBiL5v+atEjn/zl6DiLnOtwLuNgE5cJ8Q== # set private-key "-----BEGIN RSA PRIVATE KEY----- # #-----END RSA PRIVATE KEY-----" -----END RSA PRIVATE KEY-----" @@ -7593,7 +7593,7 @@ set source-ip 0.0.0.0 next edit "Fortinet_Wifi" - set password ENC 7DubW8l84gayfXLG1ijmTzijwSwzmR7SarrN9poQ0G/iS/xVDpDswefkm75+KTV0NhtXFqlpDLnOH8q3BLEigNijhxsqmLD2iK5PK+SP60563hHkWrRLSn+gBkXv7RMpdY75NC/7A1CtATPz8JUf4qJ9cvUWiZ8CgHL/MRfPir7t29AuE3mbo5eIy85zhJi77q71BA== + set password ENC hCz2B7PDett8D8llPvp7gvH+rKuQXNOGc8fIpMniLifo4lpD8OKsjnltCyb8bgg0WmmbYyf1n/kc8ZcozpXo5ar082yqW2VHs8mAl8yY/st6+XBdCLvfAxZmliGFe9BCJcMPXDB807wIO/TUMDTS3u8JwdHTDKJ4QTCRoP/qj0DnFW/DqQg5IIGK9XdGBs/QTf73oQ== # set private-key "-----BEGIN RSA PRIVATE KEY----- # #-----END RSA PRIVATE KEY-----" -----END RSA PRIVATE KEY-----" @@ -20560,21 +20560,21 @@ set wireless-port 0 set phone1 '' set username1 '' - set passwd1 ENC OYecWm8MUPUowKbMfgivzvXvlponep0BLTfLYaqkJroVNFMakcll5YDLHaOsLuhL76qMHt4I3p2NA6DiAWZb4ZjdZCpaBMYyBT4RFgDFPlbIq+13GDZmFLqLRm9p/Mp5VIJWO2f6/oGF5tMZuOZAIbBAfISA1CzV3eZ3lxSQNwwzXwmfIqDgIeTQMkvLLpnX0FamDw== + set passwd1 ENC bpiIeQF/TJOjs1885gNpw2GiWZURU7b+ct0t11wGiqoct9i6DYFKytD+JhaikQfa1KbZ+QsczX6XItDWMxDg9u8Vvs4JTTh2EGx+88F/uJoBsCYDVtBysFZqm8JpuqWVWTMzI8/gh6A7z9LN8k2HrZIAS5LZ8NuugQcWZLSK+nUDyPu6E4Sr44X47k5/EA6uOQX8cw== set extra-init1 '' set peer-modem1 generic set ppp-echo-request1 enable set authtype1 pap chap mschap mschapv2 set phone2 '' set username2 '' - set passwd2 ENC ngu9UIr4Cy/bs0sn9ll6HUh8Tl58VwCvAvdKR/WfU6UDYEjOSVraM0ERzPnu2dAa5AO2wwz3zPMje9Un3kbO+O+uVuAmOwYQwAh8gM4A4aEx8wGL+rBFb9Bwa7cGgfdqKrjlhnpJ7avQXMtxFlYr8b7z/96DeyTyQtgIbUMB0bBYm70uS6rhesp2FoPpVdJWeA8RGQ== + set passwd2 ENC KN9+FmugZN1NHjd8isGa5/Up6MfyrNevAueemgXFJCSlsvZtLlo9ZSqpr8dQvsiC3vtdH+Cx7Tzwx3uHVtdEHzMcgrcyzMkrWY3fYf2G7kOYMZbdg72uAveJPsdGbv/tUd+HNrEvStRDTPSVCANEPJF0ECxVEgvT4sENTpq7WW0OllYc5YfwbXzWlCgGefwUXTGcBA== set extra-init2 '' set peer-modem2 generic set ppp-echo-request2 enable set authtype2 pap chap mschap mschapv2 set phone3 '' set username3 '' - set passwd3 ENC YTCFaleufbiTG5/JtEso4EWBOc9UQ8zgjG2uJDAkGJrWaRNRdEz4CJfKxC2IsdRsNeAUcmKaEZggB0qYMD6PDTgiGEYd1Ip/LKJ0FRehBnJmZmesiglUOwuwOW/kmo3oqy7yIl7BFc8cgyAQwgdtFNDDrVFv3b64BdVyuTD2BzHv9AW+gq7XYDpranFKKt/P4n1Npg== + set passwd3 ENC +wtrAlt9E99XPKKm7S2HNCMOVapqEyeI1xXadcO3jYASu7AIeNC+47WfkyGGCO2O8m4jMLNvyWqMhQJVVfJXjnpVEVpTr1BtgwuFZJUIysg7NqvzSV9O6/Po5IfPtRx+kQxzYo8qXk1gvzTCYKpBTyLKT+MTp4ubpSHsuKpDUZPaZK96YLrfJ/BBLlAt5RgIsi1EWg== set extra-init3 '' set peer-modem3 generic set ppp-echo-request3 enable @@ -25318,8 +25318,8 @@ set adjacency-check disable set auth-mode-l1 password set auth-mode-l2 password - set auth-password-l1 ENC j23VOr2Fga+lMtAtKilexLuPfzb4DU7CbMwUuJyONEj8l8l3fhB/SLRzbOV0JM1YTbRcvlf/0KfeMQm7LVSysTQ4J+5UjdUtdvT4bgBrDAEdf63lizBsRiyUM+bU08NXgrNdo9ZRA7V40L3n1VlnBSdF3uxvonrBeoll4uH8FPMZ3pmq60gojs95wgjQPvVooKExWQ== - set auth-password-l2 ENC IZr/IkmcQNStBmAezJQEzIc9c8zHHjZM8ABXDxnbKHnY4j06reeCUTR5F2h33Z8ypGXBOk3AETl/RxEsoCeFhUR1Oynwbq+yBuEbIyhjw4p9wusJ4tyFaOXopvWN/4Q9wMN1lVolo2VjiXm5xMbVwbX2AICvuvdggzEaXDL2qoSIZszC2bEIqGfZl1E2NbT2G1q/0A== + set auth-password-l1 ENC DgCyfyhRjXp8lhW3Rx5y6O4hJmLlFn1zVRho1o92ZOqjaan5/MAjiBt5CDh7YaGB+sgLt8Ahs+2N3Z1MtHpHdcSiR6TIXn11zVblwGRPvjNyFPgV2sHVROJCbxxSqWZ+GjKQuezScmmAJnIR+6+JLPNqGuievtwgpweGPmj/YSy+z5EC56ibyQGYF5a6Wu3NRNku7w== + set auth-password-l2 ENC W+1SYTl72Tr+zOTjvAZnGECi9P2FOaSVq+GCsfNb0c53CuJ6pMek+PWNrKdl2cCQBqGAamr5aGhbUI6Yg7eXqH/M0YLU8nEQzAkGnuv1Dxcq4CwKQY9qEmzJlIzDNgTveMyD5lSxS4znQwtwEd33FBpV/yPLaz8PiP0p6/fo+Ugv2erMX+12frfo3AEVRQjd1U4MUQ== set auth-sendonly-l1 disable set auth-sendonly-l2 disable set default-originate disable Need someway to excude the password from fortigate backups Rich On 15/07/13 22:42, Chris Davis wrote: > Here is what I am seeing in my rancid reports. > > Index: configs/x.x.x.x > =================================================================== > retrieving revision 1.150 > diff -U 4 -r1.150 x.x.x.x > @@ -17,9 +17,9 @@ > !Distribution: International > !Branch point: 665 > !Release Version Information: MR3 Patch 14 > !FortiOS x86-64: Yes > - !System time: Mon Jul 15 15:06:58 2013 > + !System time: Mon Jul 15 16:07:02 2013 > > config system global > set access-banner disable > set admin-concurrent enable > @@ -9112,22 +9112,22 @@ > edit "Fortinet_Factory" > !set password ENC > set private-key "-----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > > And then my old key and then the new key. I'm not sure if it's getting confused on the master/slave issue because the fortinet's have the same IP address, even though there are two separate firewalls. Could be the time issue too. > > Chris > > -----Original Message----- > From: Richard Savage [mailto:Richard.Savage at newnet.co.uk] > Sent: Monday, July 15, 2013 4:30 PM > To: heasley > Cc: Chris Davis; 'rancid-discuss at shrubbery.net' > Subject: Re: [rancid] Couple of Questions. upgrading and Fortinet issue. > > > > On 15/07/2013 22:27, "heasley" wrote: > >> Mon, Jul 15, 2013 at 09:06:13PM +0000, Richard Savage: >>> The other thing I?ve noticed is that other folks also had passwords >>> seem to be continually changing and causing alerts. I have never >>> noted this in my clusters????????yet. >>> >>> -- Yes I see this all the time, every time a backup is run. I need to >>> be able to backup a full config on other devices, (cisco, juicer) so >>> can't disable the grabbing of password data in rancid as this would >>> stop it being backed up for all cisco and juniper hardware. Not sure >>> of any way to achieve this at the moment. >> what if a /rancid.conf were supported that could over-ride >> configuration of the global rancid.conf? > Yes either a group or a hardware type would be good. Some way of excluding the password from certain hosts would be great. :) > > Rich > > This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at newnet.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at newnet.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. From daniel.schmidt at wyo.gov Tue Jul 16 14:28:10 2013 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 16 Jul 2013 08:28:10 -0600 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <51E4D4C6.4000308@node-nine.com> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <51E4D4C6.4000308@node-nine.com> Message-ID: Odd, I don't have many issues. On the subject of white space, I believe it was John Jetmore who proposed this white space fix, is it in your code? ######################### --- nxrancid-238-dist 2012-06-14 10:58:55.000000000 -0500 +++ nxrancid-238-local 2012-06-14 11:00:00.000000000 -0500 @@ -380,7 +380,7 @@ s/ Draw / /; s/ ----------- / /; s/ N\/A / / || - s/ \d+ W / /; # Does not chop enough to line up. + s/ [ \d]{9} W / /; # Does not chop enough to line up. (does now) /actual draw/ && next; # Drop changing total power output. ########################### On Mon, Jul 15, 2013 at 11:06 PM, Chris Moody wrote: > I see TONS of buggy outputs that cause this same behavior from our Nexus > boxes. > > It's almost entirely due to whitespace changes in outputs. > > You'd seriously think that the output of something like show commands > would be consistent...but I guess that's too hard to do. ;o) > > -Chris > > > > On 7/15/13 5:37 AM, Alan McKinnon wrote: > >> On 15/07/2013 11:28, Wilkinson, Alex wrote: >> >>> Hi all, >>> >>> I am consistently getting rancid alerts (diffs) that config has changed >>> on >>> a number of Cisco Nexus devices. However, the diffs in the email are >>> exactly >>> the same each rancid-run(1) and are bogus. >>> >>> Is there anything that would cause rancid to see bogus diffs ? >>> >> >> >> A diff is a diff, and it has content because something is different. >> Maybe whitespace. >> >> If you post one of these diffs, we can help examine it for you. >> >> >> >> > ______________________________**_________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/**mailman/listinfo.cgi/rancid-**discuss > E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jul 16 17:14:52 2013 From: heas at shrubbery.net (heasley) Date: Tue, 16 Jul 2013 17:14:52 +0000 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <51E4D4C6.4000308@node-nine.com> Message-ID: <20130716171452.GS25970@shrubbery.net> Tue, Jul 16, 2013 at 08:28:10AM -0600, Daniel Schmidt: > Odd, I don't have many issues. On the subject of white space, I believe it > was John Jetmore who proposed this white space fix, is it in your code? > > ######################### > --- nxrancid-238-dist 2012-06-14 10:58:55.000000000 -0500 > +++ nxrancid-238-local 2012-06-14 11:00:00.000000000 -0500 > @@ -380,7 +380,7 @@ > s/ Draw / /; > s/ ----------- / /; > s/ N\/A / / || > - s/ \d+ W / /; # Does not chop enough to line up. > + s/ [ \d]{9} W / /; # Does not chop enough to line > up. (does now) > > /actual draw/ && next; # Drop changing total power output. > > ########################### ShowEnvPower currently looks like this (from Zenon Mousmoulas/myself), which I hope fixes the problem for folks: # This routine parses "show environment power" sub ShowEnvPower { print STDERR " In ShowEnvPower: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); next if (/^\s*\^\s*$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if (/\% Invalid command at /); return(-1) if (/\% Permission denied/); return(-1) if (/command authorization failed/i); # Cut out Actual Output/Draw. #Power Actual Total #Supply Model Output Capacity Status # (Watts ) (Watts ) #------- ------------------- ----------- ----------- -------------- #1 ------------ 0 W 0 W Absent #3 749 W 5480 W Ok # Actual Power #Module Model Draw Allocated Status # (Watts ) (Watts ) #------- ------------------- ----------- ----------- -------------- #2 NURBURGRING N/A 573 W Powered-Up #fan1 N/A 720 W Powered-Up if ( /(.* +)(\d+ W)( +\d+ W.*)/) { $_ = sprintf("%s%-". length($2)."s%s\n", $1, "", $3); } /actual draw/ && next; # Drop changing total power output. s/ +$//; # Drop trailing ' ' ProcessHistory("COMMENTS","","","!Env: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } > > > > On Mon, Jul 15, 2013 at 11:06 PM, Chris Moody wrote: > > > I see TONS of buggy outputs that cause this same behavior from our Nexus > > boxes. > > > > It's almost entirely due to whitespace changes in outputs. > > > > You'd seriously think that the output of something like show commands > > would be consistent...but I guess that's too hard to do. ;o) > > > > -Chris > > > > > > > > On 7/15/13 5:37 AM, Alan McKinnon wrote: > > > >> On 15/07/2013 11:28, Wilkinson, Alex wrote: > >> > >>> Hi all, > >>> > >>> I am consistently getting rancid alerts (diffs) that config has changed > >>> on > >>> a number of Cisco Nexus devices. However, the diffs in the email are > >>> exactly > >>> the same each rancid-run(1) and are bogus. > >>> > >>> Is there anything that would cause rancid to see bogus diffs ? > >>> > >> > >> > >> A diff is a diff, and it has content because something is different. > >> Maybe whitespace. > >> > >> If you post one of these diffs, we can help examine it for you. > >> > >> > >> > >> > > ______________________________**_________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/**mailman/listinfo.cgi/rancid-**discuss > > > > > E-Mail to and from me, in connection with the transaction > of public business, is subject to the Wyoming Public Records > Act and may be disclosed to third parties. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Jul 16 20:53:45 2013 From: heas at shrubbery.net (heasley) Date: Tue, 16 Jul 2013 20:53:45 +0000 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130716035323.GB51723@margz.perth.internal> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> <20130716035323.GB51723@margz.perth.internal> Message-ID: <20130716205345.GD35599@shrubbery.net> Tue, Jul 16, 2013 at 11:53:23AM +0800, Wilkinson, Alex: > 0n Tue, Jul 16, 2013 at 12:47:55PM +1000, Roy wrote: > > >I don't know the box but the diff seems to indicate that the location of > >mgmt0 and mgmt1 interfaces in the config file is changing. In the first > >diff the interfaces are before Ethernet1/1 and in the second diff, they > >are after Ethernet 1/20 > > You are exactly right. When comparing the diffs via OpenGrok its very clear that > the line locations consistently change causing a diff + rancid alert. If i'm not > changing these devices and the line locations are supposedly changing - what > could cause this ? rancid ? it wouldnt be rancid, it's the device itself. report the bug to the TAC. From ricardo.nuno at gmail.com Tue Jul 16 16:57:28 2013 From: ricardo.nuno at gmail.com (Ricardo Nuno) Date: Tue, 16 Jul 2013 17:57:28 +0100 Subject: [rancid] Rancid, Riverbed Steelhead and SonicWall Message-ID: Hi list, I'm configuring Rancid to backup all Switch's configs and i would like to include Sonicwall and Riverbed. For the SonicWall i don't have high hopes since on the shell its like the dark side and for what i can understand the export is always on a binary format. Does anyone had any success with Sonicwall's? For the Riverbed i found on the mailing archive a script from Bill Jacqmein called rblogin and i can login to it but it never gives me a enabled prompt. http://article.gmane.org/gmane.network.rancid/2697/match=riverbed I'm probably missing something obvious here my config is as follows on .cloginrc: add user riverbed01 admin add method riverbed01 ssh add cyphertype riverbed01 aes128-ctr add password riverbed01 adm_passwd adm_passwd add autoenable riverbed01 1 Running the script is logs in but cant put enable to work: [rancid at testmachine ~]$ bin/rblogin rb-timwe-hq riverbed01 spawn ssh -c aes128-ctr -x -l admin riverbed01 Riverbed Steelhead admin at riverbed01's password: Last login: Mon Jul 15 19:47:18 2013 from 10.10.52.109 RIVERBED01 > Can anyone share success configuration with a Riverbed? Thank you. From alex.wilkinson at cba.com.au Wed Jul 17 01:46:15 2013 From: alex.wilkinson at cba.com.au (Wilkinson, Alex) Date: Wed, 17 Jul 2013 09:46:15 +0800 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130716205345.GD35599@shrubbery.net> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> <20130716035323.GB51723@margz.perth.internal> <20130716205345.GD35599@shrubbery.net> Message-ID: <20130717014615.GA53036@margz.perth.internal> 0n Wed, Jul 17, 2013 at 06:53:45AM +1000, heasley wrote: >Tue, Jul 16, 2013 at 11:53:23AM +0800, Wilkinson, Alex: >> 0n Tue, Jul 16, 2013 at 12:47:55PM +1000, Roy wrote: >> >> >I don't know the box but the diff seems to indicate that the location of >> >mgmt0 and mgmt1 interfaces in the config file is changing. In the first >> >diff the interfaces are before Ethernet1/1 and in the second diff, they >> >are after Ethernet 1/20 >> >> You are exactly right. When comparing the diffs via OpenGrok its very clear that >> the line locations consistently change causing a diff + rancid alert. If i'm not >> changing these devices and the line locations are supposedly changing - what >> could cause this ? rancid ? > >it wouldnt be rancid, it's the device itself. report the bug to the TAC. Something I have noticed is that for all my Nexus devices (7K, 5K, 4K) none of them have the 'RANCID-CONTENT-TYPE' of 'cisco-nx' but rather plain old 'cisco'. Could this be the reason behind the my problem ? And even if not, why would Rancid not be using cisco-nx automagically ? Or do I have to set it manually ? -Alex ************** IMPORTANT MESSAGE ***************************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ************************************************************** From alan.mckinnon at gmail.com Wed Jul 17 05:49:50 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 17 Jul 2013 07:49:50 +0200 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130717014615.GA53036@margz.perth.internal> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> <20130716035323.GB51723@margz.perth.internal> <20130716205345.GD35599@shrubbery.net> <20130717014615.GA53036@margz.perth.internal> Message-ID: <51E6307E.5080006@gmail.com> On 17/07/2013 03:46, Wilkinson, Alex wrote: > 0n Wed, Jul 17, 2013 at 06:53:45AM +1000, heasley wrote: > > >Tue, Jul 16, 2013 at 11:53:23AM +0800, Wilkinson, Alex: > >> 0n Tue, Jul 16, 2013 at 12:47:55PM +1000, Roy wrote: > >> > >> >I don't know the box but the diff seems to indicate that the location of > >> >mgmt0 and mgmt1 interfaces in the config file is changing. In the first > >> >diff the interfaces are before Ethernet1/1 and in the second diff, they > >> >are after Ethernet 1/20 > >> > >> You are exactly right. When comparing the diffs via OpenGrok its very clear that > >> the line locations consistently change causing a diff + rancid alert. If i'm not > >> changing these devices and the line locations are supposedly changing - what > >> could cause this ? rancid ? > > > >it wouldnt be rancid, it's the device itself. report the bug to the TAC. > > Something I have noticed is that for all my Nexus devices (7K, 5K, 4K) none of > them have the 'RANCID-CONTENT-TYPE' of 'cisco-nx' but rather plain old 'cisco'. > Could this be the reason behind the my problem ? And even if not, why would > Rancid not be using cisco-nx automagically ? Or do I have to set it manually ? You have to set it manually in router.db Rancid has no auto-detection of device type -- Alan McKinnon alan.mckinnon at gmail.com From alex.wilkinson at cba.com.au Wed Jul 17 07:24:43 2013 From: alex.wilkinson at cba.com.au (Wilkinson, Alex) Date: Wed, 17 Jul 2013 17:24:43 +1000 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <51E6307E.5080006@gmail.com> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> <20130716035323.GB51723@margz.perth.internal> <20130716205345.GD35599@shrubbery.net> <20130717014615.GA53036@margz.perth.internal> <51E6307E.5080006@gmail.com> Message-ID: <20130717072443.GB57507@margz.perth.internal> 0n Wed, Jul 17, 2013 at 03:49:50PM +1000, Alan McKinnon wrote: >On 17/07/2013 03:46, Wilkinson, Alex wrote: >> 0n Wed, Jul 17, 2013 at 06:53:45AM +1000, heasley wrote: >> >> >Tue, Jul 16, 2013 at 11:53:23AM +0800, Wilkinson, Alex: >> >> 0n Tue, Jul 16, 2013 at 12:47:55PM +1000, Roy wrote: >> >> >> >> >I don't know the box but the diff seems to indicate that the location of >> >> >mgmt0 and mgmt1 interfaces in the config file is changing. In the first >> >> >diff the interfaces are before Ethernet1/1 and in the second diff, they >> >> >are after Ethernet 1/20 >> >> >> >> You are exactly right. When comparing the diffs via OpenGrok its very clear that >> >> the line locations consistently change causing a diff + rancid alert. If i'm not >> >> changing these devices and the line locations are supposedly changing - what >> >> could cause this ? rancid ? >> > >> >it wouldnt be rancid, it's the device itself. report the bug to the TAC. >> >> Something I have noticed is that for all my Nexus devices (7K, 5K, 4K) none of >> them have the 'RANCID-CONTENT-TYPE' of 'cisco-nx' but rather plain old 'cisco'. >> Could this be the reason behind the my problem ? And even if not, why would >> Rancid not be using cisco-nx automagically ? Or do I have to set it manually ? > > >You have to set it manually in router.db > >Rancid has no auto-detection of device type Ah, great! I changed all NX devices to cisco-nx. This seems to fix the false alert noise but now introduces a new problem for our Nexus 5000s e.g Trying to get all of the configs. nexus5k1-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config nexus5k1-1: End of run not found ! nexus5k1-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config nexus5k1-2: End of run not found ! nexus5k2-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config nexus5k2-2: End of run not found ! nexus5k2-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config nexus5k2-1: End of run not found All other Nexus devices work fine now (7Ks, 4Ks). Any ideas ? -Alex ************** IMPORTANT MESSAGE ***************************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ************************************************************** From alan.mckinnon at gmail.com Wed Jul 17 07:59:27 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 17 Jul 2013 09:59:27 +0200 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130717072443.GB57507@margz.perth.internal> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> <20130716035323.GB51723@margz.perth.internal> <20130716205345.GD35599@shrubbery.net> <20130717014615.GA53036@margz.perth.internal> <51E6307E.5080006@gmail.com> <20130717072443.GB57507@margz.perth.internal> Message-ID: <51E64EDF.7070103@gmail.com> On 17/07/2013 09:24, Wilkinson, Alex wrote: > 0n Wed, Jul 17, 2013 at 03:49:50PM +1000, Alan McKinnon wrote: > > >On 17/07/2013 03:46, Wilkinson, Alex wrote: > >> 0n Wed, Jul 17, 2013 at 06:53:45AM +1000, heasley wrote: > >> > >> >Tue, Jul 16, 2013 at 11:53:23AM +0800, Wilkinson, Alex: > >> >> 0n Tue, Jul 16, 2013 at 12:47:55PM +1000, Roy wrote: > >> >> > >> >> >I don't know the box but the diff seems to indicate that the location of > >> >> >mgmt0 and mgmt1 interfaces in the config file is changing. In the first > >> >> >diff the interfaces are before Ethernet1/1 and in the second diff, they > >> >> >are after Ethernet 1/20 > >> >> > >> >> You are exactly right. When comparing the diffs via OpenGrok its very clear that > >> >> the line locations consistently change causing a diff + rancid alert. If i'm not > >> >> changing these devices and the line locations are supposedly changing - what > >> >> could cause this ? rancid ? > >> > > >> >it wouldnt be rancid, it's the device itself. report the bug to the TAC. > >> > >> Something I have noticed is that for all my Nexus devices (7K, 5K, 4K) none of > >> them have the 'RANCID-CONTENT-TYPE' of 'cisco-nx' but rather plain old 'cisco'. > >> Could this be the reason behind the my problem ? And even if not, why would > >> Rancid not be using cisco-nx automagically ? Or do I have to set it manually ? > > > > > >You have to set it manually in router.db > > > >Rancid has no auto-detection of device type > > Ah, great! I changed all NX devices to cisco-nx. This seems to fix the false alert > noise but now introduces a new problem for our Nexus 5000s e.g > > Trying to get all of the configs. > nexus5k1-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > nexus5k1-1: End of run not found > ! > nexus5k1-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > nexus5k1-2: End of run not found > ! > nexus5k2-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > nexus5k2-2: End of run not found > ! > nexus5k2-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > nexus5k2-1: End of run not found > > All other Nexus devices work fine now (7Ks, 4Ks). > > Any ideas ? The failing commands are the last three, so I'd suspect the command just before those - show debug. Stuff to check: 1. Does clogin properly work and properly enable the login? 2. What is in the log files (${RANCIDDIR}/var/logs/*) for those devices? 3. Does the rancid user have proper permissions to run those commands? (keep in mind that if you use tacacs for auth, that Nexus are *very* different from IOS wrt authorization). I found that the default behaviour in the nxrancid code was to quit the script entirely on permission denied errors, which caused me huge issues. So now I apply this patch (beware, it's long): (my notes about what it does): * The nexus parser is incomplete and "Permission denied" errors cause the parser to fail and quit. We want to continue regardless and mark the command as having failed. * Oddly enough, "show fex" and "show module fex" are not supported out of the box. * Oddly enough, the routine to sanitize SNMP community strings is commented out. * Changed the code to redact tacacs keys * Expanded password redaction regex to exclude "mpls ldp neighbor" > --- nxrancid.orig 2012-02-28 12:21:51.000000000 +0200 > +++ nxrancid 2013-05-15 11:14:14.000000000 +0200 > @@ -174,7 +174,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(-1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > if (/^Cisco Nexus Operating System/) { $type = "NXOS";} > @@ -241,7 +242,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > /^Built By / && ProcessHistory("COMMENTS","","", "!Build: $_"); > @@ -264,7 +266,8 @@ > next if (/^(\s*|\s*$cmd\s*)$/); > return(1) if /(Invalid input detected|Type help or )/; > return(1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > /^-+$/ && next; # Skip lines of all dashes. > @@ -286,7 +289,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > s/ +$//; # Drop trailing ' ' > @@ -307,7 +311,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > s/ +$//; # Drop trailing ' ' > @@ -328,7 +333,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(-1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > # Cut out CurTemp - drop the 2nd to last field. > @@ -358,7 +364,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > # Cut out Actual Output/Draw. > @@ -404,7 +411,8 @@ > return(1) if /(Invalid input detected|Type help or )/; > return(1) if /Ambiguous command/i; > return(-1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > s/ variable = / = /; > @@ -434,7 +442,8 @@ > return(1) if / is either not present or not formatted/; > return(-1) if /\%Error calling/; > return(-1) if /(: device being squeezed|ATA_Status time out)/i; # busy > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > return(1) if /(Open device \S+ failed|Error opening \S+:)/; > > @@ -460,7 +469,8 @@ > last if (/^$prompt/); > next if (/^\s*$cmd\s*$/); > return(1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > s/(.*) \*$/$1/; # Drop a trailing '*' > @@ -485,7 +495,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > if (/^(NAME: "[^"]*",)\s+(DESCR: "[^"]+")/) { > @@ -532,7 +543,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > next if (/^Configuration last modified by/); > # the pager can not be disabled per-session on the PIX > @@ -568,7 +575,8 @@ > # newer releases (~12.1(9)) place the vlan config in the normal > # configuration (write term). > return(1) if ($type =~ /^(3550|4500)$/); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > # the pager can not be disabled per-session on the PIX > if (/^(<-+ More -+>)/) { > @@ -594,7 +602,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(-1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > /^No matching debug flags set$/ && next; > @@ -619,7 +628,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > ProcessHistory("COMMENTS","","","!CORES: $_"); > @@ -639,7 +649,8 @@ > return(1) if /Line has invalid autocommand /; > return(1) if /(Invalid input detected|Type help or )/; > return(-1) if (/\% Invalid command at /); > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > ProcessHistory("COMMENTS","","","!PROC_LOGS: $_"); > @@ -648,6 +659,27 @@ > return(0); > } > > +# This routine parses "show fex" and "show module fex" > +sub ShowFex { > + print STDERR " In ShowFex: $_" if ($debug); > + > + while () { > + tr/\015//d; > + last if (/^$prompt/); > + next if (/^(\s*|\s*$cmd\s*)$/); > + return(1) if /Line has invalid autocommand /; > + return(1) if /(Invalid input detected|Type help or )/; > + return(1) if (/\% Invalid command at /); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > + return(-1) if (/command authorization failed/i); > + > + ProcessHistory("COMMENTS","","","!FEX: $_"); > + } > + ProcessHistory("COMMENTS","","","!\n"); > + return(0); > +} > + > # This routine processes a "write term" > sub WriteTerm { > print STDERR " In WriteTerm: $_" if ($debug); > @@ -660,7 +692,8 @@ > return(1) if (/(Invalid input detected|Type help or )/i); > return(-1) if (/\% Invalid command at /); > return(0) if ($found_end); # Only do this routine once > - return(-1) if (/\% Permission denied/); > +# return(-1) if (/\% Permission denied/); > + return(1) if (/\% Permission denied/); > return(-1) if (/command authorization failed/i); > > # /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked > @@ -784,6 +822,10 @@ > # ProcessHistory("","","","! neighbor $1 password \n"); > # next; > # } > + if (/^\s*(.*?neighbor \S*) password / && $filter_pwds >= 1) { > + ProcessHistory("","","","! $1 password \n"); > + next; > + } > # if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) { > # ProcessHistory("","","","!$1 \n"); next; > # } > @@ -929,18 +962,25 @@ > # } > # next; > # } > -# if (/^(snmp-server community) (\S+)/) { > -# if ($filter_commstr) { > -# ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; > -# } else { > -# ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; > -# } > -# } > + # Why was this commented out? It shows up in the raw text... > + if (/^(snmp-server community) (\S+)/) { > + if ($filter_commstr) { > + ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; > + } else { > + ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; > + } > + } > # # prune tacacs/radius server keys > # if (/^((tacacs|radius)-server\s(\w*[-\s(\s\S+])*\s?key) (\d )?\w+/ > # && $filter_pwds >= 1) { > # ProcessHistory("","","","!$1 $'"); next; > # } > + # prune tacacs/radius server keys: > + # tacacs-server host 196.23.0.13 key 7 "xxxxxxx" port 50 timeout 10 > + if (/^((tacacs|radius)-server.*?\bkey\b.*?) ".*?"(.*)/ > + && $filter_pwds >= 1) { > + ProcessHistory("","","","!$1 $3\n"); next; > + } > # # order clns host statements > # /^clns host \S+ (\S+)/ && > # ProcessHistory("CLNS","keysort","$1","$_") && next; > @@ -1035,7 +1075,7 @@ > {'show boot' => 'ShowBoot'}, > {'dir bootflash:' => 'DirSlotN'}, > {'dir debug:' => 'DirSlotN'}, > - {'dir logflash:' => 'DirSlotN'}, > +# {'dir logflash:' => 'DirSlotN'}, > {'dir slot0:' => 'DirSlotN'}, > {'dir usb1:' => 'DirSlotN'}, > {'dir usb2:' => 'DirSlotN'}, > @@ -1048,6 +1088,8 @@ > {'show debug' => 'ShowDebug'}, > {'show cores vdc-all' => 'ShowCores'}, > {'show processes log vdc-all' => 'ShowProcLog'}, > + {'show module fex' => 'ShowFex'}, > + {'show fex' => 'ShowFex'}, > {'show running-config' => 'WriteTerm'}, > ); > # Use an array to preserve the order of the commands and a hash for mapping > > [edit] bin/rancid > > Removed dynamic address data from a description line for Ethernet interfaces. > Expanded password redaction regex to exclude "mpls ldp neighbor" > > --- rancid.orig 2012-12-20 22:46:04.000000000 +0200 > +++ rancid 2012-12-20 22:48:51.000000000 +0200 > @@ -835,6 +835,10 @@ > /^AM79970 / && ProcessHistory("INT","","","!Interface: $_") && next; > /^buffer size \d+ (Universal Serial: .*)/ && > ProcessHistory("INT","","","!\t$1\n") && next; > + # Remove these dynamic addresses: > + # !Interface: FastEthernet0/0, GT96K FE ADDR: 62AFB684, FASTSEND: 61579E4C, MCI_INDEX: 0 > + /^Hardware is (.*?)($| ADDR: .*| at 0x.*)/ && > + ProcessHistory("INT","","","!Interface: $INT$1\n") && next; > /^Hardware is (.*)/ && > ProcessHistory("INT","","","!Interface: $INT$1\n") && next; > /^(QUICC Serial unit \d),/ && > @@ -1741,8 +1745,8 @@ > ProcessHistory("LINE-PASS","","","!$1secret \n"); > next; > } > - if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) { > - ProcessHistory("","","","! neighbor $1 password \n"); > + if (/^\s*(.*?neighbor.*?) password / && $filter_pwds >= 1) { > + ProcessHistory("","","","! $1 password \n"); > next; > } > if (/^(\s*ppp .* hostname) .*/ && $filter_pwds >= 1) { -- Alan McKinnon alan.mckinnon at gmail.com From alex.wilkinson at cba.com.au Wed Jul 17 08:46:58 2013 From: alex.wilkinson at cba.com.au (Wilkinson, Alex) Date: Wed, 17 Jul 2013 18:46:58 +1000 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <51E64EDF.7070103@gmail.com> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> <20130716035323.GB51723@margz.perth.internal> <20130716205345.GD35599@shrubbery.net> <20130717014615.GA53036@margz.perth.internal> <51E6307E.5080006@gmail.com> <20130717072443.GB57507@margz.perth.internal> <51E64EDF.7070103@gmail.com> Message-ID: <20130717084657.GD57507@margz.perth.internal> 0n Wed, Jul 17, 2013 at 05:59:27PM +1000, Alan McKinnon wrote: >On 17/07/2013 09:24, Wilkinson, Alex wrote: >> 0n Wed, Jul 17, 2013 at 03:49:50PM +1000, Alan McKinnon wrote: >> >> >On 17/07/2013 03:46, Wilkinson, Alex wrote: >> >> 0n Wed, Jul 17, 2013 at 06:53:45AM +1000, heasley wrote: >> >> >> >> >Tue, Jul 16, 2013 at 11:53:23AM +0800, Wilkinson, Alex: >> >> >> 0n Tue, Jul 16, 2013 at 12:47:55PM +1000, Roy wrote: >> >> >> >> >> >> >I don't know the box but the diff seems to indicate that the location of >> >> >> >mgmt0 and mgmt1 interfaces in the config file is changing. In the first >> >> >> >diff the interfaces are before Ethernet1/1 and in the second diff, they >> >> >> >are after Ethernet 1/20 >> >> >> >> >> >> You are exactly right. When comparing the diffs via OpenGrok its very clear that >> >> >> the line locations consistently change causing a diff + rancid alert. If i'm not >> >> >> changing these devices and the line locations are supposedly changing - what >> >> >> could cause this ? rancid ? >> >> > >> >> >it wouldnt be rancid, it's the device itself. report the bug to the TAC. >> >> >> >> Something I have noticed is that for all my Nexus devices (7K, 5K, 4K) none of >> >> them have the 'RANCID-CONTENT-TYPE' of 'cisco-nx' but rather plain old 'cisco'. >> >> Could this be the reason behind the my problem ? And even if not, why would >> >> Rancid not be using cisco-nx automagically ? Or do I have to set it manually ? >> > >> > >> >You have to set it manually in router.db >> > >> >Rancid has no auto-detection of device type >> >> Ah, great! I changed all NX devices to cisco-nx. This seems to fix the false alert >> noise but now introduces a new problem for our Nexus 5000s e.g >> >> Trying to get all of the configs. >> nexus5k1-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config >> nexus5k1-1: End of run not found >> ! >> nexus5k1-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config >> nexus5k1-2: End of run not found >> ! >> nexus5k2-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config >> nexus5k2-2: End of run not found >> ! >> nexus5k2-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config >> nexus5k2-1: End of run not found >> >> All other Nexus devices work fine now (7Ks, 4Ks). >> >> Any ideas ? > >The failing commands are the last three, so I'd suspect the command just >before those - show debug. Awesome! You where right. 'show debug' was failing. I forgot to add a role for rancid user. All sorted now! Neat patch also! -Alex ************** IMPORTANT MESSAGE ***************************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ************************************************************** From alan.mckinnon at gmail.com Wed Jul 17 09:12:05 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 17 Jul 2013 11:12:05 +0200 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130717084657.GD57507@margz.perth.internal> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> <20130716035323.GB51723@margz.perth.internal> <20130716205345.GD35599@shrubbery.net> <20130717014615.GA53036@margz.perth.internal> <51E6307E.5080006@gmail.com> <20130717072443.GB57507@margz.perth.internal> <51E64EDF.7070103@gmail.com> <20130717084657.GD57507@margz.perth.internal> Message-ID: <51E65FE5.4070802@gmail.com> On 17/07/2013 10:46, Wilkinson, Alex wrote: > Awesome! You where right. 'show debug' was failing. I forgot to add a role for > rancid user. All sorted now! Neat patch also! Thanks :-) I'd review the patch very carefully if I were you - it's specific to my needs and might not work for you -- Alan McKinnon alan.mckinnon at gmail.com From gene.lim at apc.sg Thu Jul 18 07:48:52 2013 From: gene.lim at apc.sg (Gene Lim) Date: Thu, 18 Jul 2013 15:48:52 +0800 Subject: [rancid] Cisco ASA 5505 configs In-Reply-To: <20130715194550.GP85583@shrubbery.net> References: <000801ce7eb6$633f8d20$29bea760$@lim@apc.sg> <51E042E3.90201@node-nine.com> <000001ce8144$39d51c30$ad7f5490$@lim@apc.sg> <20130715194550.GP85583@shrubbery.net> Message-ID: <001b01ce838b$3fc98fb0$bf5caf10$@lim@apc.sg> Dear Heasley Thank you for advicing. Tried using the -d option with below logs. Could you advice further on how may I troubleshoot this ? Please assist. /.cloginrc add method 192.168.1.84 ssh add user 192.168.1.84 admin add password 192.168.1.84 {adminpwd} {enablepwd} bin/clogin -d 192.168.1.84 192.168.1.84 spawn ssh -c 3des -x -l admin 192.168.1.84 parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {3229} Gate keeper glob pattern for '^<-+ More -+>[^ ]*' is '<* More *>*'. Activating booster. Gate keeper glob pattern for '(Connection refused|Secure connection [^ ]+ refused)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Connection closed by|Connection to [^ ]+ closed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?' is 'HOST IDENTIFICATION HAS CHANGED* (yes/no)\?'. Activating booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED[^ ]+' is 'HOST IDENTIFICATION HAS CHANGED*'. Activating booster. Gate keeper glob pattern for 'Offending key for .* \(yes/no\)\?' is 'Offending key for * (yes/no)\?'. Activating booster. Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. Activating booster. Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating booster. Gate keeper glob pattern for '@[^ ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: '. Activating booster. Gate keeper glob pattern for '(Username|Login|login|user name|User):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp4) match regular expression "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?"? Gate "HOST IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS CHANGED*"? gate=no "Offending key for .* \(yes/no\)\?"? Gate "Offending key for * (yes/no)\?"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no admin at 192.168.1.84's password: expect: does "admin at 192.168.1.84's password: " (spawn_id exp4) match regular expression "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "admin at 192.168.1.84's password: " (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does "admin at 192.168.1.84's password: " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?"? Gate "HOST IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS CHANGED*"? gate=no "Offending key for .* \(yes/no\)\?"? Gate "Offending key for * (yes/no)\?"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "@192.168.1.84's password:" expect: set expect_out(1,string) "password" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "admin at 192.168.1.84's password:" send: sending "clearance\r" to { exp4 } expect: continuing expect expect: does " " (spawn_id exp4) match regular expression "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does " " (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?"? Gate "HOST IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS CHANGED*"? gate=no "Offending key for .* \(yes/no\)\?"? Gate "Offending key for * (yes/no)\?"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no expect: does " \r\n" (spawn_id exp4) match regular expression "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does " \r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " \r\n" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?"? Gate "HOST IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS CHANGED*"? gate=no "Offending key for .* \(yes/no\)\?"? Gate "Offending key for * (yes/no)\?"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no Permission denied, please try again. admin at 192.168.1.84's password: expect: does " \r\nPermission denied, please try again.\r\r\nadmin at 192.168.1.84's password: " (spawn_id exp4) match regular expression "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does " \r\nPermission denied, please try again.\r\r\nadmin at 192.168.1.84's password: " (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " \r\nPermission denied, please try again.\r\r\nadmin at 192.168.1.84's password: " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?"? Gate "HOST IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS CHANGED*"? gate=no "Offending key for .* \(yes/no\)\?"? Gate "Offending key for * (yes/no)\?"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "denied" expect: set expect_out(1,string) "denied" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) " \r\nPermission denied" Error: Check your passwd for 192.168.1.84 Thank You Warmest Regards, Gene Lim -----Original Message----- From: heasley Sent: Tuesday, 16 July, 2013 3:46 AM To: Gene Lim Subject: Re: [rancid] Cisco ASA 5505 configs Mon, Jul 15, 2013 at 06:15:26PM +0800, Gene Lim: > Dear Chris > > > > Thank you for the information. Yes you are right my enable password > has the special character @ in it. However from further testing using > changed credentials below I am still receiving the same login issue. Please advice. well, it would appear that adminpwd is now not being interpretted correctly. clogin -d will show you the transcript with the password thats being sent. > > > ==Version 2 with enable password== > > /router.db > > 192.168.1.84:cisco:up > > > > /.cloginrc > > add method 192.168.1.84 ssh > > add user 192.168.1.84 admin > > add password 192.168.1.84 {adminpwd} {enablepwd} > > > > $ bin/clogin 192.168.1.84 > > 192.168.1.84 > > spawn ssh -c 3des -x -l admin 192.168.1.84 > > admin at 192.168.1.84 's password: > > Permission denied, please try again. > > admin at 192.168.1.84 's password: > > Error: Check your passwd for 192.168.1.84 > > > > Thank You > > Warmest Regards, > > Gene Lim > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From alligator94 at laposte.net Thu Jul 18 19:37:19 2013 From: alligator94 at laposte.net (alligator94) Date: Thu, 18 Jul 2013 21:37:19 +0200 Subject: [rancid] Cisco wlc Message-ID: <005e01ce83ee$37c5d450$a7517cf0$@net> Dear all, I need to back up a cisco wlc . May you help me to find the right patchs as I have read a lot of posts about the WLC but no link to download the patchs and it is not included in the rancid distrib. Thanks, Rancid fan Gilles -------------- next part -------------- An HTML attachment was scrubbed... URL: From alligator94 at laposte.net Fri Jul 19 07:03:16 2013 From: alligator94 at laposte.net (alligator94) Date: Fri, 19 Jul 2013 09:03:16 +0200 Subject: [rancid] Cisco wlc In-Reply-To: References: <005e01ce83ee$37c5d450$a7517cf0$@net> Message-ID: <000001ce844e$0b5776c0$22066440$@net> Hi, we run WLC : 7.4.100.60 and rancid : 2.3.8 Regards, Gilles De : slavkv at gmail.com [mailto:slavkv at gmail.com] De la part de Slava Mestniy Envoy? : vendredi 19 juillet 2013 04:33 ? : alligator94 Objet : Re: [rancid] Cisco wlc What type of WLC and software version you are running? Auzzik On 19 July 2013 05:37, alligator94 wrote: Dear all, I need to back up a cisco wlc . May you help me to find the right patchs as I have read a lot of posts about the WLC but no link to download the patchs and it is not included in the rancid distrib. Thanks, Rancid fan Gilles _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From alligator94 at laposte.net Fri Jul 19 07:46:14 2013 From: alligator94 at laposte.net (alligator94) Date: Fri, 19 Jul 2013 09:46:14 +0200 Subject: [rancid] Cisco wlc In-Reply-To: References: <005e01ce83ee$37c5d450$a7517cf0$@net> <000001ce844e$0b5776c0$22066440$@net> Message-ID: <000e01ce8454$0be02000$23a06000$@net> Thanks a lot. I will test it. BTW, do you also have the wlogin script as it is not part of the rancid software. Regards, Gilles De : slavkv at gmail.com [mailto:slavkv at gmail.com] De la part de Auzzik Envoy? : vendredi 19 juillet 2013 09:30 ? : alligator94 Cc : rancid-discuss at shrubbery.net Objet : Re: [rancid] Cisco wlc I am running a little bit different software on WLC and rancid is 2.3.6. I attached file I am using. As I remember we did some small changes in original file, but not sure now. Try it. Maybe it will work for you. Slava On 19 July 2013 17:03, alligator94 wrote: Hi, we run WLC : 7.4.100.60 and rancid : 2.3.8 Regards, Gilles De : slavkv at gmail.com [mailto:slavkv at gmail.com] De la part de Slava Mestniy Envoy? : vendredi 19 juillet 2013 04:33 ? : alligator94 Objet : Re: [rancid] Cisco wlc What type of WLC and software version you are running? Auzzik On 19 July 2013 05:37, alligator94 wrote: Dear all, I need to back up a cisco wlc . May you help me to find the right patchs as I have read a lot of posts about the WLC but no link to download the patchs and it is not included in the rancid distrib. Thanks, Rancid fan Gilles _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From auzzik at gmail.com Fri Jul 19 07:30:23 2013 From: auzzik at gmail.com (Auzzik) Date: Fri, 19 Jul 2013 17:30:23 +1000 Subject: [rancid] Cisco wlc In-Reply-To: <000001ce844e$0b5776c0$22066440$@net> References: <005e01ce83ee$37c5d450$a7517cf0$@net> <000001ce844e$0b5776c0$22066440$@net> Message-ID: I am running a little bit different software on WLC and rancid is 2.3.6. I attached file I am using. As I remember we did some small changes in original file, but not sure now. Try it. Maybe it will work for you. Slava On 19 July 2013 17:03, alligator94 wrote: > Hi,**** > > we run WLC : 7.4.100.60 and rancid : 2.3.8**** > > Regards,**** > > Gilles**** > > ** ** > > *De :* slavkv at gmail.com [mailto:slavkv at gmail.com] *De la part de* Slava > Mestniy > *Envoy? :* vendredi 19 juillet 2013 04:33 > *? :* alligator94 > *Objet :* Re: [rancid] Cisco wlc**** > > ** ** > > What type of WLC and software version you are running? > > Auzzik**** > > ** ** > > On 19 July 2013 05:37, alligator94 wrote:**** > > Dear all,**** > > I need to back up a cisco wlc . May you help me to find the right patchs > as I have read a lot of posts about the WLC but no link to download the > patchs and it is not included in the rancid distrib.**** > > **** > > Thanks,**** > > Rancid fan**** > > Gilles**** > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss**** > > ** ** > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ciscowlc5 Type: application/octet-stream Size: 9401 bytes Desc: not available URL: From auzzik at gmail.com Fri Jul 19 07:55:10 2013 From: auzzik at gmail.com (Auzzik) Date: Fri, 19 Jul 2013 17:55:10 +1000 Subject: [rancid] Cisco wlc In-Reply-To: <000e01ce8454$0be02000$23a06000$@net> References: <005e01ce83ee$37c5d450$a7517cf0$@net> <000001ce844e$0b5776c0$22066440$@net> <000e01ce8454$0be02000$23a06000$@net> Message-ID: Here you are. Slava On 19 July 2013 17:46, alligator94 wrote: > Thanks a lot. I will test it.**** > > ** ** > > BTW, do you also have the wlogin script as it is not part of the rancid > software.**** > > Regards,**** > > Gilles**** > > ** ** > > ** ** > > *De :* slavkv at gmail.com [mailto:slavkv at gmail.com] *De la part de* Auzzik > *Envoy? :* vendredi 19 juillet 2013 09:30 > *? :* alligator94 > *Cc :* rancid-discuss at shrubbery.net > > *Objet :* Re: [rancid] Cisco wlc**** > > ** ** > > I am running a little bit different software on WLC and rancid is 2.3.6.** > ** > > I attached file I am using. As I remember we did some small changes in > original file, but not sure now.**** > > Try it. Maybe it will work for you.**** > > ** ** > > Slava**** > > ** ** > > On 19 July 2013 17:03, alligator94 wrote:**** > > Hi,**** > > we run WLC : 7.4.100.60 and rancid : 2.3.8**** > > Regards,**** > > Gilles**** > > **** > > *De :* slavkv at gmail.com [mailto:slavkv at gmail.com] *De la part de* Slava > Mestniy > *Envoy? :* vendredi 19 juillet 2013 04:33 > *? :* alligator94 > *Objet :* Re: [rancid] Cisco wlc**** > > **** > > What type of WLC and software version you are running? > > Auzzik**** > > **** > > On 19 July 2013 05:37, alligator94 wrote:**** > > Dear all,**** > > I need to back up a cisco wlc . May you help me to find the right patchs > as I have read a lot of posts about the WLC but no link to download the > patchs and it is not included in the rancid distrib.**** > > **** > > Thanks,**** > > Rancid fan**** > > Gilles**** > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss**** > > **** > > ** ** > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: wlogin Type: application/octet-stream Size: 24387 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ciscowlc5 Type: application/octet-stream Size: 9401 bytes Desc: not available URL: From keitex at gmail.com Tue Jul 16 18:36:24 2013 From: keitex at gmail.com (Dmitry G) Date: Tue, 16 Jul 2013 11:36:24 -0700 (PDT) Subject: [rancid] SVN issue with CentOS Message-ID: <9db11a5e-1087-4070-b31a-80fc11346e0c@googlegroups.com> Hi, I am having problems with SVN after swapping from ViewVC to WebSVN, I am getting this error: Error running this command: svn --non-interactive --config-dir /tmp list > --xml 'file:///usr/local/rancid/var/SVN/@' > sh: /No such file or directory > Funnily enough, if I run this command from bash as rancid or root then it displays an XML file just fine without any errors. Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: From alligator94 at laposte.net Fri Jul 19 16:39:56 2013 From: alligator94 at laposte.net (Alligator) Date: Fri, 19 Jul 2013 18:39:56 +0200 Subject: [rancid] Cisco wlc In-Reply-To: References: <005e01ce83ee$37c5d450$a7517cf0$@net> <000001ce844e$0b5776c0$22066440$@net> <000e01ce8454$0be02000$23a06000$@net> Message-ID: <001b01ce849e$9a3755e0$cea601a0$@net> Hi Slava, Thanks for your help It works for me with : WLC : 7.4.100.60 and rancid : 2.3.8 Have a nice weekend Regards, Gilles De : slavkv at gmail.com [mailto:slavkv at gmail.com] De la part de Auzzik Envoy? : vendredi 19 juillet 2013 09:55 ? : alligator94 Cc : rancid-discuss Objet : Re: [rancid] Cisco wlc Here you are. Slava On 19 July 2013 17:46, alligator94 wrote: Thanks a lot. I will test it. BTW, do you also have the wlogin script as it is not part of the rancid software. Regards, Gilles De : slavkv at gmail.com [mailto:slavkv at gmail.com] De la part de Auzzik Envoy? : vendredi 19 juillet 2013 09:30 ? : alligator94 Cc : rancid-discuss at shrubbery.net Objet : Re: [rancid] Cisco wlc I am running a little bit different software on WLC and rancid is 2.3.6. I attached file I am using. As I remember we did some small changes in original file, but not sure now. Try it. Maybe it will work for you. Slava On 19 July 2013 17:03, alligator94 wrote: Hi, we run WLC : 7.4.100.60 and rancid : 2.3.8 Regards, Gilles De : slavkv at gmail.com [mailto:slavkv at gmail.com] De la part de Slava Mestniy Envoy? : vendredi 19 juillet 2013 04:33 ? : alligator94 Objet : Re: [rancid] Cisco wlc What type of WLC and software version you are running? Auzzik On 19 July 2013 05:37, alligator94 wrote: Dear all, I need to back up a cisco wlc . May you help me to find the right patchs as I have read a lot of posts about the WLC but no link to download the patchs and it is not included in the rancid distrib. Thanks, Rancid fan Gilles _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From SRonan at eexchange.com Sat Jul 20 15:25:08 2013 From: SRonan at eexchange.com (SRonan at eexchange.com) Date: Sat, 20 Jul 2013 15:25:08 +0000 Subject: [rancid] Avocent Terminal Servers Message-ID: Hello All, Does anyone have a working config for Avocent Terminal Servers? I have searched the mailing-list and can't find any good examples. Specifically looking for the proper config for the .cloginrc file. Thanks, Shane Ronan, Vice President ? Technology Architect Consultant State Street Global Exchange | Trading & Clearing 1230 Avenue of the Americas, 18th Fl | New York, NY 10020 P (212) 259-3023 | M (347) 413-4503 sronan at eexchange.com ________________________________ The information contained in this e-mail (including any attachments) is intended solely for the use of the intended recipient(s), may be used solely for the purpose for which it was sent, may contain confidential, proprietary, or personally identifiable information, and/or may be subject to the attorney-client or attorney work product privilege or other applicable confidentiality protections. If you are not an intended recipient please notify the author by replying to this e-mail and delete this e-mail immediately. Any unauthorized copying, disclosure, retention, distribution or other use of this email, its contents or its attachments is strictly prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: From SRonan at eexchange.com Sun Jul 21 02:35:19 2013 From: SRonan at eexchange.com (SRonan at eexchange.com) Date: Sun, 21 Jul 2013 02:35:19 +0000 Subject: [rancid] Avocent Terminal Servers In-Reply-To: <20130720155534.GB88277@shrubbery.net> Message-ID: [rancid at portal.rc1 bin]$ ./clogin term01.ny4 term01.ny4 spawn ssh -c 3des -x -l rancid term01.ny4 Password: [rancid at term01 rancid]$ --------------------------------------------------------------- [rancid at portal.rc1 bin]$ ./rancid -d term01.ny4 executing clogin -t 90 -c"show version;show redundancy secondary;show idprom backplane;show install active;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootdisk:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;show diag;show capture;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;show shun;more system:running-config;show running-config view full;show running-config;write term" term01.ny4 term01.ny4 clogin error: Error: TIMEOUT reached term01.ny4 clogin error: Error: TIMEOUT reached term01.ny4: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show capture,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,show running-config view full,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,show shun,show controllers,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sup-bootdisk:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,show redundancy secondary,show running-config,show c7200,dir /all slot1: term01.ny4: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show capture,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,show running-config view full,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,show shun,show controllers,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sup-bootdisk:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,show redundancy secondary,show running-config,show c7200,dir /all slot1: term01.ny4: End of run not found term01.ny4: End of run not found Shane Ronan, Vice President ? Technology Architect Consultant State Street Global Exchange | Trading & Clearing 1230 Avenue of the Americas, 18th Fl | New York, NY 10020 P (212) 259-3023 | M (347) 413-4503 sronan at eexchange.com On 7/20/13 11:55 AM, "heasley" wrote: >Sat, Jul 20, 2013 at 03:25:08PM +0000, SRonan at eexchange.com: >> Hello All, >> >> Does anyone have a working config for Avocent Terminal Servers? I have >>searched the mailing-list and can't find any good examples. >> >> Specifically looking for the proper config for the .cloginrc file. > >i do not recall it being any from a cisco or needing anything unusual. >if you are receiving an error, post it and/or the transcript to the list. ________________________________ The information contained in this e-mail (including any attachments) is intended solely for the use of the intended recipient(s), may be used solely for the purpose for which it was sent, may contain confidential, proprietary, or personally identifiable information, and/or may be subject to the attorney-client or attorney work product privilege or other applicable confidentiality protections. If you are not an intended recipient please notify the author by replying to this e-mail and delete this e-mail immediately. Any unauthorized copying, disclosure, retention, distribution or other use of this email, its contents or its attachments is strictly prohibited. From Wiethoff at tfh-bochum.de Mon Jul 22 13:21:53 2013 From: Wiethoff at tfh-bochum.de (Wiethoff, Helge) Date: Mon, 22 Jul 2013 13:21:53 +0000 Subject: [rancid] microsens and rancid Message-ID: <194290040642FB4D952083D79F7F7D1D2F6AC62C@BOHEMSX2010.rbbk.de> Hi everyone, if you are also using microsens switches, you know the problem: there is no real "show config" within the CLI. Because of that i modified the existing clogin and rancid, to parse the output from the terminal and build a new clean config out of it. Maybe this is useful for someone of you. Best regards, helge ________________________________ Helge Wiethoff Medienzentrum Telefon: +49 (234) 968 8717 Fax: +49 (234) 968 3453 E-Mail: Wiethoff at tfh-bochum.de Technische Fachhochschule Georg Agricola f?r Rohstoff, Energie und Umwelt zu Bochum Staatlich anerkannte Fachhochschule der DMT-Gesellschaft f?r Lehre und Bildung mbH Herner Stra?e 45 44787 Bochum http://www.tfh-bochum.de ________________________________ Tr?ger: DMT-Gesellschaft f?r Lehre und Bildung mbH Sitz der Gesellschaft: Bochum Registergericht: Amtsgericht Bochum Handelsregister: B 4052 Gesch?ftsf?hrung: Prof. Dr. J?rgen Kretschmann (Vorsitzender) Manfred Freitag -------------- next part -------------- A non-text attachment was scrubbed... Name: mslogin Type: application/octet-stream Size: 8497 bytes Desc: mslogin URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: msrancid Type: application/octet-stream Size: 14069 bytes Desc: msrancid URL: From alex.wilkinson at cba.com.au Tue Jul 23 01:10:32 2013 From: alex.wilkinson at cba.com.au (Wilkinson, Alex) Date: Tue, 23 Jul 2013 11:10:32 +1000 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130717072443.GB57507@margz.perth.internal> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> <20130716035323.GB51723@margz.perth.internal> <20130716205345.GD35599@shrubbery.net> <20130717014615.GA53036@margz.perth.internal> <51E6307E.5080006@gmail.com> <20130717072443.GB57507@margz.perth.internal> Message-ID: <20130723011031.GC66277@margz.perth.internal> 0n Wed, Jul 17, 2013 at 05:24:43PM +1000, Wilkinson, Alex wrote: > 0n Wed, Jul 17, 2013 at 03:49:50PM +1000, Alan McKinnon wrote: > > >On 17/07/2013 03:46, Wilkinson, Alex wrote: > >> 0n Wed, Jul 17, 2013 at 06:53:45AM +1000, heasley wrote: > >> > >> >Tue, Jul 16, 2013 at 11:53:23AM +0800, Wilkinson, Alex: > >> >> 0n Tue, Jul 16, 2013 at 12:47:55PM +1000, Roy wrote: > >> >> > >> >> >I don't know the box but the diff seems to indicate that the location of > >> >> >mgmt0 and mgmt1 interfaces in the config file is changing. In the first > >> >> >diff the interfaces are before Ethernet1/1 and in the second diff, they > >> >> >are after Ethernet 1/20 > >> >> > >> >> You are exactly right. When comparing the diffs via OpenGrok its very clear that > >> >> the line locations consistently change causing a diff + rancid alert. If i'm not > >> >> changing these devices and the line locations are supposedly changing - what > >> >> could cause this ? rancid ? > >> > > >> >it wouldnt be rancid, it's the device itself. report the bug to the TAC. > >> > >> Something I have noticed is that for all my Nexus devices (7K, 5K, 4K) none of > >> them have the 'RANCID-CONTENT-TYPE' of 'cisco-nx' but rather plain old 'cisco'. > >> Could this be the reason behind the my problem ? And even if not, why would > >> Rancid not be using cisco-nx automagically ? Or do I have to set it manually ? > > > > > >You have to set it manually in router.db > > > >Rancid has no auto-detection of device type > >Ah, great! I changed all NX devices to cisco-nx. This seems to fix the false alert >noise but now introduces a new problem for our Nexus 5000s e.g > > Trying to get all of the configs. > nexus5k1-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > nexus5k1-1: End of run not found > ! > nexus5k1-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > nexus5k1-2: End of run not found > ! > nexus5k2-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > nexus5k2-2: End of run not found > ! > nexus5k2-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > nexus5k2-1: End of run not found mmm... so false positives are back! e.g. Index: configs/nexus7k =================================================================== - -- configs/nexus7k (revision 380) @@ -299,10 +299,10 @@ !Env: Xb3 N7K-C7010-FAB-1 60 W Powered-Up !Env: Xb4 xbar 60 W Absent !Env: Xb5 xbar 60 W Absent - !Env: fan1 N7K-C7010-FAN-S 720 W Powered-Up - !Env: fan2 N7K-C7010-FAN-S 720 W Powered-Up - !Env: fan3 N7K-C7010-FAN-F 120 W Powered-Up - !Env: fan4 N7K-C7010-FAN-F 120 W Powered-Up + !Env: fan1 N7K-C7010-FAN-S 720 W Powered-Up + !Env: fan2 N7K-C7010-FAN-S 720 W Powered-Up + !Env: fan3 N7K-C7010-FAN-F 120 W Powered-Up + !Env: fan4 N7K-C7010-FAN-F 120 W Powered-Up !Env: N/A - Per module power not available !Env: Power Usage Summary: !Env: -------------------- So I get this alert all day because of white space changes. Is there anyway to stop/ignore this ? -Alex ************** IMPORTANT MESSAGE ***************************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ************************************************************** From vhoffman at names.co.uk Tue Jul 23 09:07:05 2013 From: vhoffman at names.co.uk (Vincent Hoffman-Kazlauskas) Date: Tue, 23 Jul 2013 10:07:05 +0100 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130723011031.GC66277@margz.perth.internal> References: <20130715092809.GA48555@margz.perth.internal> <51E3C2DF.3050100@gmail.com> <20130716004108.GA51723@margz.perth.internal> <51E4B45B.4010502@gmail.com> <20130716035323.GB51723@margz.perth.internal> <20130716205345.GD35599@shrubbery.net> <20130717014615.GA53036@margz.perth.internal> <51E6307E.5080006@gmail.com> <20130717072443.GB57507@margz.perth.internal> <20130723011031.GC66277@margz.perth.internal> Message-ID: <51EE47B9.7060203@names.co.uk> On 23/07/2013 02:10, Wilkinson, Alex wrote: > 0n Wed, Jul 17, 2013 at 05:24:43PM +1000, Wilkinson, Alex wrote: > > > 0n Wed, Jul 17, 2013 at 03:49:50PM +1000, Alan McKinnon wrote: > > > > >On 17/07/2013 03:46, Wilkinson, Alex wrote: > > >> 0n Wed, Jul 17, 2013 at 06:53:45AM +1000, heasley wrote: > > >> > > >> >Tue, Jul 16, 2013 at 11:53:23AM +0800, Wilkinson, Alex: > > >> >> 0n Tue, Jul 16, 2013 at 12:47:55PM +1000, Roy wrote: > > >> >> > > >> >> >I don't know the box but the diff seems to indicate that the location of > > >> >> >mgmt0 and mgmt1 interfaces in the config file is changing. In the first > > >> >> >diff the interfaces are before Ethernet1/1 and in the second diff, they > > >> >> >are after Ethernet 1/20 > > >> >> > > >> >> You are exactly right. When comparing the diffs via OpenGrok its very clear that > > >> >> the line locations consistently change causing a diff + rancid alert. If i'm not > > >> >> changing these devices and the line locations are supposedly changing - what > > >> >> could cause this ? rancid ? > > >> > > > >> >it wouldnt be rancid, it's the device itself. report the bug to the TAC. > > >> > > >> Something I have noticed is that for all my Nexus devices (7K, 5K, 4K) none of > > >> them have the 'RANCID-CONTENT-TYPE' of 'cisco-nx' but rather plain old 'cisco'. > > >> Could this be the reason behind the my problem ? And even if not, why would > > >> Rancid not be using cisco-nx automagically ? Or do I have to set it manually ? > > > > > > > > >You have to set it manually in router.db > > > > > >Rancid has no auto-detection of device type > > > >Ah, great! I changed all NX devices to cisco-nx. This seems to fix the false alert > >noise but now introduces a new problem for our Nexus 5000s e.g > > > > Trying to get all of the configs. > > nexus5k1-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > > nexus5k1-1: End of run not found > > ! > > nexus5k1-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > > nexus5k1-2: End of run not found > > ! > > nexus5k2-2: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > > nexus5k2-2: End of run not found > > ! > > nexus5k2-1: missed cmd(s): show cores vdc-all,show processes log vdc-all,show running-config > > nexus5k2-1: End of run not found > > mmm... so false positives are back! > > e.g. > > Index: configs/nexus7k > =================================================================== > - -- configs/nexus7k (revision 380) > @@ -299,10 +299,10 @@ > !Env: Xb3 N7K-C7010-FAB-1 60 W Powered-Up > !Env: Xb4 xbar 60 W Absent > !Env: Xb5 xbar 60 W Absent > - !Env: fan1 N7K-C7010-FAN-S 720 W Powered-Up > - !Env: fan2 N7K-C7010-FAN-S 720 W Powered-Up > - !Env: fan3 N7K-C7010-FAN-F 120 W Powered-Up > - !Env: fan4 N7K-C7010-FAN-F 120 W Powered-Up > + !Env: fan1 N7K-C7010-FAN-S 720 W Powered-Up > + !Env: fan2 N7K-C7010-FAN-S 720 W Powered-Up > + !Env: fan3 N7K-C7010-FAN-F 120 W Powered-Up > + !Env: fan4 N7K-C7010-FAN-F 120 W Powered-Up > !Env: N/A - Per module power not available > !Env: Power Usage Summary: > !Env: -------------------- > > So I get this alert all day because of white space changes. Is there anyway to stop/ignore this ? Totally untested/pulled out of somewhere or other but diff (or svn diff, dunno about cvs diff) can take a -b flag that ignores changes in the amount of white space. A very brief grep in the /usr/libexec/rancid/* scripts (on a centos install not sure where for other distros/OS) leads me to think you could try adding the -b flag to the relevent diff commands in control_rancid. Cant promise this will fix it or is a good idea but it could work. Vince > > -Alex > > ************** IMPORTANT MESSAGE ***************************** > This e-mail message is intended only for the addressee(s) and contains information which may be > confidential. > If you are not the intended recipient please advise the sender by return email, do not use or > disclose the contents, and delete the message and any attachments from your system. Unless > specifically indicated, this email does not constitute formal advice or commitment by the sender > or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. > We can be contacted through our web site: commbank.com.au. > If you no longer wish to receive commercial electronic messages from us, please reply to this > e-mail by typing Unsubscribe in the subject line. > ************************************************************** > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Jul 23 22:14:14 2013 From: heas at shrubbery.net (heasley) Date: Tue, 23 Jul 2013 22:14:14 +0000 Subject: [rancid] Couple of Questions. upgrading and Fortinet issue. In-Reply-To: <20130723221217.F035324D028@sea.shrubbery.net> Message-ID: <20130723221414.GG90797@shrubbery.net> Mon, Jul 15, 2013 at 09:29:45PM +0000, Richard Savage: > > > On 15/07/2013 22:27, "heasley" wrote: > > >Mon, Jul 15, 2013 at 09:06:13PM +0000, Richard Savage: > >> The other thing I?ve noticed is that other folks also had passwords > >>seem to be continually changing and causing alerts. I have never noted > >>this in my clusters????????yet. > >> > >> -- Yes I see this all the time, every time a backup is run. I need to > >>be able to backup a full config on other devices, (cisco, juicer) so > >>can't disable the grabbing of password data in rancid as this would stop > >>it being backed up for all cisco and juniper hardware. Not sure of any > >>way to achieve this at the moment. > > > >what if a /rancid.conf were supported that could over-ride > >configuration > >of the global rancid.conf? > > Yes either a group or a hardware type would be good. Some way of > excluding the password from certain hosts would be great. :) > > Rich there might be fuzz w/ pre-3.0a. Index: bin/control_rancid.in =================================================================== --- bin/control_rancid.in (revision 2713) +++ bin/control_rancid.in (working copy) @@ -45,11 +45,12 @@ # print a usage message to stderr pr_usage() { - echo "usage: $0 [-V] [-r device_name] [-m mail rcpt] group" >&2; + echo "usage: $0 [-V] [-f group_config_file] [-r device_name] [-m mail rcpt] group" >&2; } # command-line options # -V print version string +# -f # -m # -r alt_mailrcpt=0 @@ -61,6 +62,16 @@ echo "@PACKAGE@ @VERSION@" exit 0 ;; + -f) + shift + # next arg is the alternate config file name + ENVFILE="$1" + if [ -z $ENVFILE ]; then + pr_usage + exit 1 + fi + shift + ;; -m) shift # next arg is the mail recipient @@ -105,6 +116,12 @@ fi DIR=$BASEDIR/$GROUP TMP=${TMPDIR:=/tmp}/rancid.$GROUP.$$ +if [ -z "$ENVFILE" ] ; then + ENVFILE="$DIR/rancid.conf" +fi +if [ -e "$ENVFILE" ] ; then + . $ENVFILE +fi trap 'rm -fr $TMP;' 1 2 15 # disable noclobber @@ -167,6 +184,14 @@ fi fi +# check if there is a rancid.conf and if it needs to be added to the RCS +if [ -e rancid.conf ] ; then + LN=`$RCSSYS ls rancid.conf | wc -l` + if [ $LN -eq 0 ] ; then + $RCSSYS add rancid.conf + fi +fi + # do cvs update of router.db in case anyone has fiddled. $RCSSYS update router.db > $TMP 2>&1 grep "^C" $TMP > /dev/null Index: CHANGES =================================================================== --- CHANGES (revision 2713) +++ CHANGES (working copy) @@ -1,4 +1,7 @@ 3.0a3 + control_rancid: add group-specific rancid.conf file & supporting -f + option + nxrancid: filter snmp communities, tacacs keys and neighbor pwds - Alan McKinnon Index: man/control_rancid.1 =================================================================== --- man/control_rancid.1 (revision 2713) +++ man/control_rancid.1 (working copy) @@ -1,11 +1,14 @@ .\" .hys 50 -.TH "control_rancid" "1" "5 October 2006" +.TH "control_rancid" "1" "15 July 2013" .SH NAME control_rancid \- run rancid for devices of a group .SH SYNOPSIS .B control_rancid [\fB\-V\fR] [\c +.BI \-f\ \c +group_config_file]\ \c +[\c .BI \-m\ \c mail_rcpt]\ \c [\c @@ -28,6 +31,18 @@ .B \-V Prints package name and version strings. .TP +.B \-f group_config_file +Specify a rancid.conf specific to the given group. The global rancid.conf +file is read by rancid-run, which calls +.B control_rancid +for each group, and +.B control_rancid +reads the group-specific rancid.conf, thereby overriding the global file. +.sp +The group-specific rancid.conf may not exist. +.sp +Default: //rancid.conf +.TP .B \-m mail_rcpt Specify the recipient of diff mail, which is normally rancid-. The argument may be a single address, multiple comma separated addresses, or From heas at shrubbery.net Tue Jul 23 22:19:30 2013 From: heas at shrubbery.net (heasley) Date: Tue, 23 Jul 2013 22:19:30 +0000 Subject: [rancid] Couple of Questions. upgrading and Fortinet issue. In-Reply-To: <20130723221614.DACF224D02A@sea.shrubbery.net> Message-ID: <20130723221930.GI90797@shrubbery.net> Mon, Jul 15, 2013 at 09:42:03PM +0000, Chris Davis: > Here is what I am seeing in my rancid reports. > > Index: configs/x.x.x.x > =================================================================== > retrieving revision 1.150 > diff -U 4 -r1.150 x.x.x.x > @@ -17,9 +17,9 @@ > !Distribution: International > !Branch point: 665 > !Release Version Information: MR3 Patch 14 > !FortiOS x86-64: Yes > - !System time: Mon Jul 15 15:06:58 2013 > + !System time: Mon Jul 15 16:07:02 2013 see patch below > config system global > set access-banner disable > set admin-concurrent enable > @@ -9112,22 +9112,22 @@ > edit "Fortinet_Factory" > !set password ENC > set private-key "-----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > > And then my old key and then the new key. I'm not sure if it's getting confused on the master/slave issue because the fortinet's have the same IP address, even though there are two separate firewalls. Could be the time issue too. seems like a rather odd configuration for the primary and standy by answer on the same management address when they're both active?? Index: bin/fnrancid.in =================================================================== --- bin/fnrancid.in (revision 2279) +++ bin/fnrancid.in (revision 2280) @@ -175,7 +175,7 @@ next if /^\s*$/; last if (/$prompt/); - next if (/^System Time:/); + next if (/^system time:/i); next if (/^\s*Virus-DB: .*/); next if (/^\s*Extended DB: .*/); next if (/^\s*IPS-DB: .*/); @@ -207,7 +207,7 @@ # System time is fortigate extraction time next if (/^\s*!System time:/); # remove occurrances of conf_file_ver - next if (/^conf_file_ver=/); + next if (/^#?conf_file_ver=/); # filter variabilities between configurations. password encryption # upon each display of the configuration. if (/^\s*(set [^\s]*)\s(Enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) { From mwilson at northwestern.edu Wed Jul 24 11:22:54 2013 From: mwilson at northwestern.edu (Matthew J Wilson) Date: Wed, 24 Jul 2013 11:22:54 +0000 Subject: [rancid] persistent alerts - but nothing was changed ... ? In-Reply-To: <20130723011031.GC66277@margz.perth.internal> Message-ID: <4B2EF5CC66DF534491B244623C5A13342D31EAF8@evcspmbx1.ads.northwestern.edu> On 7/22/13 8:10 PM, "Wilkinson, Alex" wrote: > Index: configs/nexus7k > =================================================================== > - -- configs/nexus7k (revision 380) > @@ -299,10 +299,10 @@ > !Env: Xb3 N7K-C7010-FAB-1 60 W Powered-Up > !Env: Xb4 xbar 60 W Absent > !Env: Xb5 xbar 60 W Absent > - !Env: fan1 N7K-C7010-FAN-S 720 W >Powered-Up > - !Env: fan2 N7K-C7010-FAN-S 720 W >Powered-Up > - !Env: fan3 N7K-C7010-FAN-F 120 W >Powered-Up > - !Env: fan4 N7K-C7010-FAN-F 120 W >Powered-Up > + !Env: fan1 N7K-C7010-FAN-S 720 W Powered-Up > + !Env: fan2 N7K-C7010-FAN-S 720 W Powered-Up > + !Env: fan3 N7K-C7010-FAN-F 120 W >Powered-Up > + !Env: fan4 N7K-C7010-FAN-F 120 W >Powered-Up > !Env: N/A - Per module power not available > !Env: Power Usage Summary: > !Env: -------------------- > >So I get this alert all day because of white space changes. Is there >anyway to stop/ignore this ? We ran into this as well. Would a patch to the nxrancid script like the following work for you? -Matt Index: nxrancid =================================================================== --- nxrancid (revision 852) +++ nxrancid (revision 853) @@ -372,7 +372,7 @@ s/ Draw / /; s/ ----------- / /; s/ N\/A / / || - s/ \d+ W / /; # Does not chop enough to line up. + s/ (\d+) W /" " x length($1)/e; # Replace with same length /actual draw/ && next; # Drop changing total power output. From lists at jasonyates.co.uk Tue Jul 30 07:11:17 2013 From: lists at jasonyates.co.uk (Jason Yates) Date: Tue, 30 Jul 2013 08:11:17 +0100 Subject: [rancid] RANCID with SVN - Deleting Groups Message-ID: <003801ce8cf3$fcd433f0$f67c9bd0$@jasonyates.co.uk> Hi All, Can anybody tell me how to delete a group from RANCID when using SVN? I've removed the group name from rancid.conf but I can't seem to delete it from SVN. If I do rm -rf the folder still remains in SVN. If I try an svn delete it returns svn: '.' is not a working copy I can't seem to find any documentation on how to do this with SVN, only with CVS. Any help is greatly appreciated. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From vhoffman at names.co.uk Tue Jul 30 09:01:54 2013 From: vhoffman at names.co.uk (Vincent Hoffman-Kazlauskas) Date: Tue, 30 Jul 2013 10:01:54 +0100 Subject: [rancid] RANCID with SVN - Deleting Groups In-Reply-To: <003801ce8cf3$fcd433f0$f67c9bd0$@jasonyates.co.uk> References: <003801ce8cf3$fcd433f0$f67c9bd0$@jasonyates.co.uk> Message-ID: <51F78102.60709@names.co.uk> On 30/07/2013 08:11, Jason Yates wrote: > > Hi All, > > > > Can anybody tell me how to delete a group from RANCID when using SVN? > > > > I've removed the group name from rancid.conf but I can't seem to > delete it from SVN. If I do rm --rf the folder still remains in > SVN. If I try an svn delete it returns svn: '.' is not a > working copy > > > > I can't seem to find any documentation on how to do this with SVN, > only with CVS. > I'm not totally au fait with rancid but for me (on centos6 rancid from epel) [root at rancid]# cd /var/rancid/test [root at rancid]# svn info | grep 'Repository Root' Repository Root: file:///var/rancid/CVS [root at rancid]# svn ls file:///var/rancid/CVS/test configs/ router.db [root at rancid]# svn rm -m"remove test group" file:///var/rancid/CVS/test Committed revision 79. [root at rancid]# then just delete the directory. Hope that's useful. Vince > > > Any help is greatly appreciated. > > > > Thanks > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at jasonyates.co.uk Tue Jul 30 09:39:27 2013 From: lists at jasonyates.co.uk (Jason Yates) Date: Tue, 30 Jul 2013 10:39:27 +0100 Subject: [rancid] RANCID with SVN - Deleting Groups In-Reply-To: <51F78102.60709@names.co.uk> References: <003801ce8cf3$fcd433f0$f67c9bd0$@jasonyates.co.uk> <51F78102.60709@names.co.uk> Message-ID: <004801ce8d08$aff532e0$0fdf98a0$@jasonyates.co.uk> Vince, That worked perfectly. Many thanks for the fast reply! Regards From: Vincent Hoffman-Kazlauskas [mailto:vhoffman at names.co.uk] Sent: 30 July 2013 10:02 To: Jason Yates Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] RANCID with SVN - Deleting Groups On 30/07/2013 08:11, Jason Yates wrote: Hi All, Can anybody tell me how to delete a group from RANCID when using SVN? I've removed the group name from rancid.conf but I can't seem to delete it from SVN. If I do rm -rf the folder still remains in SVN. If I try an svn delete it returns svn: '.' is not a working copy I can't seem to find any documentation on how to do this with SVN, only with CVS. I'm not totally au fait with rancid but for me (on centos6 rancid from epel) [root at rancid]# cd /var/rancid/test [root at rancid]# svn info | grep 'Repository Root' Repository Root: file:///var/rancid/CVS [root at rancid]# svn ls file:///var/rancid/CVS/test configs/ router.db [root at rancid]# svn rm -m"remove test group" file:///var/rancid/CVS/test Committed revision 79. [root at rancid]# then just delete the directory. Hope that's useful. Vince Any help is greatly appreciated. Thanks _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From trix at basement.net Tue Jul 30 11:42:03 2013 From: trix at basement.net (Trix Farrar) Date: Tue, 30 Jul 2013 06:42:03 -0500 Subject: [rancid] RANCID with SVN - Deleting Groups In-Reply-To: <51F78102.60709@names.co.uk> References: <003801ce8cf3$fcd433f0$f67c9bd0$@jasonyates.co.uk> <51F78102.60709@names.co.uk> Message-ID: <20130730114203.GA51148@willow.basement.net> On Tue, Jul 30, 2013 at 10:01:54AM +0100, Vincent Hoffman-Kazlauskas wrote: > On 30/07/2013 08:11, Jason Yates wrote: > > Can anybody tell me how to delete a group from RANCID when using SVN? > > > [root at rancid]# cd /var/rancid/test > [root at rancid]# svn info | grep 'Repository Root' > Repository Root: file:///var/rancid/CVS > [root at rancid]# svn ls file:///var/rancid/CVS/test > configs/ > router.db > [root at rancid]# svn rm -m"remove test group" file:///var/rancid/CVS/test > > Committed revision 79. > [root at rancid]# > $ cd /var/rancid $ svn rm test $ svn commit -m 'remove test group' Should do the same thing. Either should work. Source: http://svnbook.red-bean.com/en/1.7/svn.ref.svn.c.delete.html -- John D. "Trix" Farrar __\\|//__ Basement.NET trix at basement.net (` o-o ') http://www.basement.net/ --------------------------------ooO-(_)-Ooo-------------------------- GPG Key Fprint: 525F DBA7 1A62 E4C4 E642 DF95 384B B851 3CEF C10A -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: From vhoffman at names.co.uk Tue Jul 30 12:40:28 2013 From: vhoffman at names.co.uk (Vincent Hoffman-Kazlauskas) Date: Tue, 30 Jul 2013 13:40:28 +0100 Subject: [rancid] RANCID with SVN - Deleting Groups In-Reply-To: <20130730114203.GA51148@willow.basement.net> References: <003801ce8cf3$fcd433f0$f67c9bd0$@jasonyates.co.uk> <51F78102.60709@names.co.uk> <20130730114203.GA51148@willow.basement.net> Message-ID: <51F7B43C.5090002@names.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 30/07/2013 12:42, Trix Farrar wrote: > On Tue, Jul 30, 2013 at 10:01:54AM +0100, Vincent Hoffman-Kazlauskas wrote: >> On 30/07/2013 08:11, Jason Yates wrote: >>> Can anybody tell me how to delete a group from RANCID when using SVN? >>> >> [root at rancid]# cd /var/rancid/test >> [root at rancid]# svn info | grep 'Repository Root' >> Repository Root: file:///var/rancid/CVS >> [root at rancid]# svn ls file:///var/rancid/CVS/test >> configs/ >> router.db >> [root at rancid]# svn rm -m"remove test group" file:///var/rancid/CVS/test >> >> Committed revision 79. >> [root at rancid]# >> > > $ cd /var/rancid > $ svn rm test > $ svn commit -m 'remove test group' > > Should do the same thing. Either should work. > > Source: http://svnbook.red-bean.com/en/1.7/svn.ref.svn.c.delete.html > oddly it doesnt which is why I jumped though hoops. [rancid at ancid ~]$ pwd /var/rancid/ [rancid at ancid ~]$ svn info test Path: test URL: file:///var/rancid/CVS/test Repository Root: file:///var/rancid/CVS Repository UUID: 5b34dc86-8168-4497-a0a8-ff0461a0d52a Revision: 81 Node Kind: directory Schedule: normal Last Changed Author: rancid Last Changed Rev: 81 Last Changed Date: 2013-07-30 13:33:29 +0100 (Tue, 30 Jul 2013) [rancid at rancid ~]$ svn rm test svn: '.' is not a working copy [rancid at rancid ~]$svn commit -m 'remove test group' svn: '/var/rancid' is not a working copy the working copies are i assume the group directories. Vince -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlH3tDsACgkQxCSYQ8x/EL4dGwCfU6/97DPcI/jZFOm4ecdsz0wG fssAniWjhzXvvN3z+3TB56EOxedi6063 =ozcN -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From bcook at poughkeepsieschools.org Wed Jul 31 13:02:49 2013 From: bcook at poughkeepsieschools.org (B. Cook) Date: Wed, 31 Jul 2013 09:02:49 -0400 Subject: [rancid] dlogin / 6248 System Up Time.. Message-ID: Hello all, Recently updated a set of 6248's from 3.3.6.4 to 3.3.7.2. Since then I've been getting (hourly b/c of the people in the organization..) updates with the 'System Up Time' being changed.. retrieving revision 1.189 diff -U 4 -r1.189 10.20.0.254 @@ -1,9 +1,9 @@ !RANCID-CONTENT-TYPE: Dell ! ! System Description................ Dell Ethernet Switch - System Up Time.................... 7 days, 12h:18m:46s + System Up Time.................... 7 days, 13h:18m:46s Index: configs/10.20.0.254 =================================================================== retrieving revision 1.190 diff -U 4 -r1.190 10.20.0.254 @@ -1,9 +1,9 @@ !RANCID-CONTENT-TYPE: Dell ! ! System Description................ Dell Ethernet Switch - System Up Time.................... 7 days, 13h:18m:46s + System Up Time.................... 7 days, 14h:18m:46s I'm running rancid 2.3.8 on a CentOS 6.x machine (fwiw).. and the dlogin from Jeremy Singletary. Any suggestions on how I could 'filter' out that change? Thank you for taking the time to read this and for any help you may have to offer. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Jul 31 16:57:22 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 31 Jul 2013 18:57:22 +0200 Subject: [rancid] dlogin / 6248 System Up Time.. In-Reply-To: References: Message-ID: <51F941F2.7010008@gmail.com> On 31/07/2013 15:02, B. Cook wrote: > Hello all, > > Recently updated a set of 6248's from 3.3.6.4 to 3.3.7.2. > > Since then I've been getting (hourly b/c of the people in the > organization..) updates with the 'System Up Time' being changed.. > > retrieving revision 1.189 > diff -U 4 -r1.189 10.20.0.254 > @@ -1,9 +1,9 @@ > !RANCID-CONTENT-TYPE: Dell > ! > ! > System Description................ Dell Ethernet Switch > - System Up Time.................... 7 days, 12h:18m:46s > + System Up Time.................... 7 days, 13h:18m:46s > > Index: configs/10.20.0.254 > =================================================================== > retrieving revision 1.190 > diff -U 4 -r1.190 10.20.0.254 > @@ -1,9 +1,9 @@ > !RANCID-CONTENT-TYPE: Dell > ! > ! > System Description................ Dell Ethernet Switch > - System Up Time.................... 7 days, 13h:18m:46s > + System Up Time.................... 7 days, 14h:18m:46s > > > I'm running rancid 2.3.8 on a CentOS 6.x machine (fwiw).. and the dlogin > from Jeremy Singletary. > > Any suggestions on how I could 'filter' out that change? > > Thank you for taking the time to read this and for any help you may have > to offer. I don't know drancid at all, I have no need of it. So flying somewhat blind, with only common sense as a guide: Assuming drancid somewhat follows the pattern of all the other parser scripts, it should have a loop that processes each line of output for a command in sequence then does $RELEVANT_STUFF to that line. You need to find that loop and add a check to ignore (i.e. discard) line containing the phrase "System Up Time". Something like this: next if (/^System Up Time.*$/); There's lots of examples in existing code and the regex may need tweaking depending on what Dell's output. Especially check for the phrase System Up Time being used elsewhere in lines that you DO want to keep. Onto why this happens: Is this a new feature of Dell kit to display the up time? Did they change the exact format used? -- -- Alan McKinnon alan.mckinnon at gmail.com