From nick at foobar.org Sun Feb 1 18:14:25 2015 From: nick at foobar.org (Nick Hilliard) Date: Sun, 01 Feb 2015 18:14:25 +0000 Subject: [rancid] ipv6 compatible ip address sort Message-ID: <54CE6D01.6080406@foobar.org> This patch fixes the ipv6 prefix-list sorting problems which affect perl 5.18 and later. The sorting problems happen because ipaddrval() returns undef, so the sort function attempts to sort on the same index key. Before perl5.18, the default behaviour was to return hash keys in a consistent order. On 5.18+, this order is deliberately randomised. The patch changes sortbyipaddr to use a lexical sort on the hex value of the key because numerical sort breaks for 128 bit keys. It should be plug-in compatible with all the locally defined ipaddrval()/sortbyipaddr() implementations in each function. Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: ipaddrval.pl Type: text/x-perl-script Size: 568 bytes Desc: not available URL: From sergey at lobanov.in Mon Feb 2 17:31:16 2015 From: sergey at lobanov.in (Sergey V. Lobanov) Date: Mon, 02 Feb 2015 20:31:16 +0300 Subject: [rancid] DLink DGS3627G basic support (dl36rancid) Message-ID: <9461491422898276@web29g.yandex.ru> Hello, Added basic support for D-Link DGS3627G (for RANCID 3.1) Based on http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20131029/5c2dda2e/attachment-0001.obj (http://web.archive.org/web/20150202171220/http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20131029/5c2dda2e/attachment-0001.obj ) Used default dllogin from ftp://ftp.shrubbery.net/pub/rancid/rancid-3.1.tar.gz dl36rancid attached Patch for orignial dlrancid also attached --? wbr,? Sergey V. Lobanov? -------------- next part -------------- A non-text attachment was scrubbed... Name: dl36rancid Type: text/x-perl Size: 10815 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: dl36rancid.patch Type: text/x-diff Size: 1316 bytes Desc: not available URL: From bgmilne at staff.telkomsa.net Tue Feb 3 15:49:20 2015 From: bgmilne at staff.telkomsa.net (Buchan Milne) Date: Tue, 03 Feb 2015 17:49:20 +0200 Subject: [rancid] Looking glass is broken in 3.1 Message-ID: <1422978560.15902.4.camel@seaknight.telkomsa.net> The looking glass CGIs (lg.cgi, lgform.cgi) in 3.1 weren't updated for the change in format of the router.db: Please find a patch fixing this attached (if it hasn't yet been fixed). Regards, Buchan -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid-3.1-lg-routerdb-format.patch Type: text/x-patch Size: 1742 bytes Desc: not available URL: From Shaun.Krok at 888holdings.com Wed Feb 4 07:33:38 2015 From: Shaun.Krok at 888holdings.com (Shaun Krok) Date: Wed, 4 Feb 2015 07:33:38 +0000 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> Message-ID: <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> Hi there I was hoping someone had come across this issue. We are using Rancid to collect diffs from our BIG-IP clusters (as per bash script below) It works really well but are now facing an issue for reason unknown that when the cluster is not synced the rancid fails and reports fetcher issues. If I run the bash script below manually on each device it works without issue. As soon the cluster is synced it works fine .. It appears that TMSH is not allowing the script to work but it works fine if I run it manually on the BIG-IP What could be the problem ? Thank you Shaun -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Shaun Krok Sent: Monday, October 13, 2014 8:13 AM To: Mick O'Rourke Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] rancid not working with partitions v11.x tmsh F5 LTM Thank your for the reply --- i have created a bash script on the F5 and it works creating a test.file with all the config the file is in /root/f5part #!/bin/bash tmsh -q -c 'cd / ;list recursive' how do i call from f5rancid or do i have this all wrong ? {'tmsh -q list' => 'WriteTermTMSH'}, #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, On 2014-10-13 06:13, Mick O'Rourke wrote: > We found easiestquickest way to modify rancid-f5 - post 11.x version > checkdetect, call a bash script under /root/bin which runs "tmsh -q > -c > cd / ;list recursive" working around the rancid limitationerrors that > resulted when cd / ;list recursive was added to rancid-f5 itself. > > On 12 October 2014 15:27, Shaun Krok wrote: > >> Hi >> >> I am busy to integrate Rancid into our network and have an issue >> with partitions on BIG IP LTM v11.x >> All works fine but Rancid does not backup all partitions ? >> I am using the script from GIT with TMSH commands >> >> This command work from bash : tmsh -q -c "cd /; list recursive" but >> does not from the script .. >> >> This is a snip from the forum where the issue was identified but is >> anyone aware if there is a fix : >> >> Thanks >> >> Shaun >> >> here is a working tmsh version in the rancid git repo. >> >> The only thing that doesnt work when adjusting the script to list >> all >> partition co config is a tmsh -q -c "cd /; list recursive" - it >> errors out >> due to extra double quotes required by the -c option. >> On Dec 6, 2012 8:57 PM, "Darius Seroka" >> wrote: >> >> Shaun Krok >> Network Team >> >> -- >> Shaun Krok >> Tel: 050 2424 381 >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net [2] >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [3] > > > > Links: > ------ > [1] http://gmail.com > [2] mailto:Rancid-discuss at shrubbery.net > [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [4] mailto:krok at krok.za.net -- Shaun Krok Tel: 050 2424 381 _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you From john.kougoulos at gmail.com Wed Feb 4 10:56:43 2015 From: john.kougoulos at gmail.com (John Kougoulos) Date: Wed, 4 Feb 2015 11:56:43 +0100 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> Message-ID: Hi, I had a similar problem with the width of the terminal, so when the device was out of sync, the prompt was becoming longer and some of the commands failed to be parsed. I had to change in f5rancid the line: $ENV{'TERM'} = "vt100"; to: $ENV{'TERM'} = "vt100-w"; Regards, John On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok wrote: > Hi there > > I was hoping someone had come across this issue. > > We are using Rancid to collect diffs from our BIG-IP clusters (as per > bash script below) > It works really well but are now facing an issue for reason unknown that > when the cluster is not synced the rancid fails and reports fetcher issues. > If I run the bash script below manually on each device it works without > issue. > As soon the cluster is synced it works fine .. > > It appears that TMSH is not allowing the script to work but it works fine > if I run it manually on the BIG-IP > > What could be the problem ? > > Thank you > > Shaun > > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On > Behalf Of Shaun Krok > Sent: Monday, October 13, 2014 8:13 AM > To: Mick O'Rourke > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] rancid not working with partitions v11.x tmsh F5 LTM > > Thank your for the reply --- > > i have created a bash script on the F5 and it works creating a > test.file with all the config > the file is in /root/f5part > > #!/bin/bash > tmsh -q -c 'cd / ;list recursive' > > how do i call from f5rancid or do i have this all wrong ? > > > {'tmsh -q list' => 'WriteTermTMSH'}, > #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, > > > > On 2014-10-13 06:13, Mick O'Rourke wrote: > > We found easiestquickest way to modify rancid-f5 - post 11.x version > > checkdetect, call a bash script under /root/bin which runs "tmsh -q > > -c > > cd / ;list recursive" working around the rancid limitationerrors that > > resulted when cd / ;list recursive was added to rancid-f5 itself. > > > > On 12 October 2014 15:27, Shaun Krok wrote: > > > >> Hi > >> > >> I am busy to integrate Rancid into our network and have an issue > >> with partitions on BIG IP LTM v11.x > >> All works fine but Rancid does not backup all partitions ? > >> I am using the script from GIT with TMSH commands > >> > >> This command work from bash : tmsh -q -c "cd /; list recursive" but > >> does not from the script .. > >> > >> This is a snip from the forum where the issue was identified but is > >> anyone aware if there is a fix : > >> > >> Thanks > >> > >> Shaun > >> > >> here is a working tmsh version in the rancid git repo. > >> > >> The only thing that doesnt work when adjusting the script to list > >> all > >> partition co config is a tmsh -q -c "cd /; list recursive" - it > >> errors out > >> due to extra double quotes required by the -c option. > >> On Dec 6, 2012 8:57 PM, "Darius Seroka" > >> wrote: > >> > >> Shaun Krok > >> Network Team > >> > >> -- > >> Shaun Krok > >> Tel: 050 2424 381 > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net [2] > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [3] > > > > > > > > Links: > > ------ > > [1] http://gmail.com > > [2] mailto:Rancid-discuss at shrubbery.net > > [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > [4] mailto:krok at krok.za.net > > -- > Shaun Krok > Tel: 050 2424 381 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > This email message and its attachments are for the sole use of the > intended recipient(s) and may not be shared with any other party. They may > contain confidential information of 888 Holdings plc or its direct and > indirect subsidiaries (together, the ?888 Group?) and are to be regarded as > confidential information under any non-disclosure agreement. Any review, > use, disclosure or distribution by persons or entities other than the > intended recipient(s) is prohibited. Nothing in this message is capable of > or intended to create any legally binding obligation. The 888 Group will > only ever assume a legally binding obligation where recorded in a written > agreement duly executed by the authorized signatories of the relevant 888 > Group company. The 888 Group accepts no liability for any personal views > expressed in this message. If you are not the intended recipient, please > contact the sender by return and destroy all copies of the original message > and its attachments. Thank you > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lsy.annie at gmail.com Wed Feb 4 11:03:45 2015 From: lsy.annie at gmail.com (Annie Lee) Date: Wed, 4 Feb 2015 22:03:45 +1100 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> Message-ID: Hi shaun, Do you mind sharing how to make it work with partitions ? Thanks On Wed, Feb 4, 2015 at 6:33 PM, Shaun Krok wrote: > Hi there > > I was hoping someone had come across this issue. > > We are using Rancid to collect diffs from our BIG-IP clusters (as per > bash script below) > It works really well but are now facing an issue for reason unknown that > when the cluster is not synced the rancid fails and reports fetcher issues. > If I run the bash script below manually on each device it works without > issue. > As soon the cluster is synced it works fine .. > > It appears that TMSH is not allowing the script to work but it works fine > if I run it manually on the BIG-IP > > What could be the problem ? > > Thank you > > Shaun > > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On > Behalf Of Shaun Krok > Sent: Monday, October 13, 2014 8:13 AM > To: Mick O'Rourke > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] rancid not working with partitions v11.x tmsh F5 LTM > > Thank your for the reply --- > > i have created a bash script on the F5 and it works creating a > test.file with all the config > the file is in /root/f5part > > #!/bin/bash > tmsh -q -c 'cd / ;list recursive' > > how do i call from f5rancid or do i have this all wrong ? > > > {'tmsh -q list' => 'WriteTermTMSH'}, > #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, > > > > On 2014-10-13 06:13, Mick O'Rourke wrote: > > We found easiestquickest way to modify rancid-f5 - post 11.x version > > checkdetect, call a bash script under /root/bin which runs "tmsh -q > > -c > > cd / ;list recursive" working around the rancid limitationerrors that > > resulted when cd / ;list recursive was added to rancid-f5 itself. > > > > On 12 October 2014 15:27, Shaun Krok wrote: > > > >> Hi > >> > >> I am busy to integrate Rancid into our network and have an issue > >> with partitions on BIG IP LTM v11.x > >> All works fine but Rancid does not backup all partitions ? > >> I am using the script from GIT with TMSH commands > >> > >> This command work from bash : tmsh -q -c "cd /; list recursive" but > >> does not from the script .. > >> > >> This is a snip from the forum where the issue was identified but is > >> anyone aware if there is a fix : > >> > >> Thanks > >> > >> Shaun > >> > >> here is a working tmsh version in the rancid git repo. > >> > >> The only thing that doesnt work when adjusting the script to list > >> all > >> partition co config is a tmsh -q -c "cd /; list recursive" - it > >> errors out > >> due to extra double quotes required by the -c option. > >> On Dec 6, 2012 8:57 PM, "Darius Seroka" > >> wrote: > >> > >> Shaun Krok > >> Network Team > >> > >> -- > >> Shaun Krok > >> Tel: 050 2424 381 > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net [2] > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [3] > > > > > > > > Links: > > ------ > > [1] http://gmail.com > > [2] mailto:Rancid-discuss at shrubbery.net > > [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > [4] mailto:krok at krok.za.net > > -- > Shaun Krok > Tel: 050 2424 381 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > This email message and its attachments are for the sole use of the > intended recipient(s) and may not be shared with any other party. They may > contain confidential information of 888 Holdings plc or its direct and > indirect subsidiaries (together, the ?888 Group?) and are to be regarded as > confidential information under any non-disclosure agreement. Any review, > use, disclosure or distribution by persons or entities other than the > intended recipient(s) is prohibited. Nothing in this message is capable of > or intended to create any legally binding obligation. The 888 Group will > only ever assume a legally binding obligation where recorded in a written > agreement duly executed by the authorized signatories of the relevant 888 > Group company. The 888 Group accepts no liability for any personal views > expressed in this message. If you are not the intended recipient, please > contact the sender by return and destroy all copies of the original message > and its attachments. Thank you > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From bgmilne at staff.telkomsa.net Fri Feb 6 15:41:20 2015 From: bgmilne at staff.telkomsa.net (Buchan Milne) Date: Fri, 06 Feb 2015 17:41:20 +0200 Subject: [rancid] Collaborative development for rancid (e.g. git / github) Message-ID: <1423237280.15902.16.camel@seaknight.telkomsa.net> Is there a reason why the development of rancid is not done in a more collaborative fashion? Having submitted a basic fix, and not knowing what it's future will be, I checked to see if there is a public VCS repository for rancid. I searched on github, and found that there were a few repositories created by users who imported some version of rancid, some with a few commits, but some with a few hundred: https://github.com/dotwaffle/rancid-git https://github.com/reca/rancid https://github.com/ssinyagin/rancid-ssi https://github.com/supine/rancid-bzr-git-multihop https://github.com/jahkeup/rancid3-git https://github.com/jalmeida/rancid-3.1 https://github.com/codeout/rancid https://github.com/onlight/rancid There are also a few git repos on github that just contain additional scripts for rancid: https://github.com/JeroenvHeugten/rancid-huawei https://github.com/b225ccc/rancid-linerate https://github.com/ajschroeder/rancid And in other git repos too: https://bitbucket.org/aquerubin/rancid-vyatta Wouldn't it make sense to have a public repo for rancid, preferably git, and if there is no other infrastructure planned, github is probably the easiest. I see someone at Facebook has also made a tac_plus repo: https://github.com/facebook/tac_plus Regards, Buchan From nick at foobar.org Fri Feb 6 15:46:12 2015 From: nick at foobar.org (Nick Hilliard) Date: Fri, 06 Feb 2015 15:46:12 +0000 Subject: [rancid] Collaborative development for rancid (e.g. git / github) In-Reply-To: <1423237280.15902.16.camel@seaknight.telkomsa.net> References: <1423237280.15902.16.camel@seaknight.telkomsa.net> Message-ID: <54D4E1C4.6090102@foobar.org> On 06/02/2015 15:41, Buchan Milne wrote: > Wouldn't it make sense to have a public repo for rancid, preferably git, > and if there is no other infrastructure planned, github is probably the > easiest. couldn't agree more. Nick From Shaun.Krok at 888holdings.com Fri Feb 6 18:51:06 2015 From: Shaun.Krok at 888holdings.com (Shaun Krok) Date: Fri, 6 Feb 2015 18:51:06 +0000 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> Message-ID: <57FD84723C05BB4FA3BB5F66AC609F642B3F59AF@XCH-IL-MB2.888holdings.corp> Thanks John --- this worked Much appreciated Shaun From: John Kougoulos [mailto:john.kougoulos at gmail.com] Sent: Wednesday, February 04, 2015 12:57 PM To: Shaun Krok Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] rancid not working with partitions v11.x tmsh F5 LTM Hi, I had a similar problem with the width of the terminal, so when the device was out of sync, the prompt was becoming longer and some of the commands failed to be parsed. I had to change in f5rancid the line: $ENV{'TERM'} = "vt100"; to: $ENV{'TERM'} = "vt100-w"; Regards, John On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok > wrote: Hi there I was hoping someone had come across this issue. We are using Rancid to collect diffs from our BIG-IP clusters (as per bash script below) It works really well but are now facing an issue for reason unknown that when the cluster is not synced the rancid fails and reports fetcher issues. If I run the bash script below manually on each device it works without issue. As soon the cluster is synced it works fine .. It appears that TMSH is not allowing the script to work but it works fine if I run it manually on the BIG-IP What could be the problem ? Thank you Shaun -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Shaun Krok Sent: Monday, October 13, 2014 8:13 AM To: Mick O'Rourke Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] rancid not working with partitions v11.x tmsh F5 LTM Thank your for the reply --- i have created a bash script on the F5 and it works creating a test.file with all the config the file is in /root/f5part #!/bin/bash tmsh -q -c 'cd / ;list recursive' how do i call from f5rancid or do i have this all wrong ? {'tmsh -q list' => 'WriteTermTMSH'}, #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, On 2014-10-13 06:13, Mick O'Rourke wrote: > We found easiestquickest way to modify rancid-f5 - post 11.x version > checkdetect, call a bash script under /root/bin which runs "tmsh -q > -c > cd / ;list recursive" working around the rancid limitationerrors that > resulted when cd / ;list recursive was added to rancid-f5 itself. > > On 12 October 2014 15:27, Shaun Krok [4]> wrote: > >> Hi >> >> I am busy to integrate Rancid into our network and have an issue >> with partitions on BIG IP LTM v11.x >> All works fine but Rancid does not backup all partitions ? >> I am using the script from GIT with TMSH commands >> >> This command work from bash : tmsh -q -c "cd /; list recursive" but >> does not from the script .. >> >> This is a snip from the forum where the issue was identified but is >> anyone aware if there is a fix : >> >> Thanks >> >> Shaun >> >> here is a working tmsh version in the rancid git repo. >> >> The only thing that doesnt work when adjusting the script to list >> all >> partition co config is a tmsh -q -c "cd /; list recursive" - it >> errors out >> due to extra double quotes required by the -c option. >> On Dec 6, 2012 8:57 PM, "Darius Seroka" [1]> >> wrote: >> >> Shaun Krok >> Network Team >> >> -- >> Shaun Krok >> Tel: 050 2424 381 >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net [2] >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [3] > > > > Links: > ------ > [1] http://gmail.com > [2] mailto:Rancid-discuss at shrubbery.net > [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [4] mailto:krok at krok.za.net -- Shaun Krok Tel: 050 2424 381 _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From jon.s.lucas at gmail.com Fri Feb 6 15:00:08 2015 From: jon.s.lucas at gmail.com (Jonathan Lucas) Date: Fri, 6 Feb 2015 10:00:08 -0500 Subject: [rancid] An issue with bin/clogin Message-ID: Hello Everyone, I am having an issue with rancid (3.1) failing to log in using the clogin script. As far as I know, the configs are all properly set up, insofar as I received no errors until I ran bin/clogin. I am using CentOS 6.6 as my base OS. So far, I have tried creating a fresh test user on the device and I have verified that the password works when using a straight telnet or ssh session. It is only when attempting to connect via the clogin script that I see it fail on the password prompt. Please let me know what other information I can provide, i.e. version numbers, steps already taken, etc. - - Jon -------------- next part -------------- An HTML attachment was scrubbed... URL: From tgreer at tsone.net.uk Sat Feb 7 13:31:54 2015 From: tgreer at tsone.net.uk (Thomas Greer) Date: Sat, 7 Feb 2015 13:31:54 +0000 Subject: [rancid] Rancid 3.1.99 Alpha git integration issues. Message-ID: Hi All I?ve recently (read today) installed the above alpha in anticipation of the git support. I?ve setup rancid a few times before, but I?m struggling with the git stuff. When I run rancid-cvs after a fresh install, I get a load of errors. -bash-4.1$ ./bin/rancid-cvs error: Malformed value for push.default: simple error: Must be one of nothing, matching, tracking or current. fatal: bad config file line 6 in /usr/local/rancid//.gitconfig error: Malformed value for push.default: simple error: Must be one of nothing, matching, tracking or current. fatal: bad config file line 6 in /usr/local/rancid//.gitconfig fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git error: Malformed value for push.default: simple error: Must be one of nothing, matching, tracking or current. fatal: bad config file line 6 in /usr/local/rancid//.gitconfig error: Malformed value for push.default: simple error: Must be one of nothing, matching, tracking or current. fatal: bad config file line 6 in /usr/local/rancid//.gitconfig fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git error: Malformed value for push.default: simple error: Must be one of nothing, matching, tracking or current. fatal: bad config file line 6 in /usr/local/rancid//.gitconfig error: Malformed value for push.default: simple error: Must be one of nothing, matching, tracking or current. fatal: bad config file line 6 in /usr/local/rancid//.gitconfig fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git fatal: Not a git repository (or any of the parent directories): .git My rancid.conf contains: # Select which RCS system to use, "cvs" (default), "svn" or "git". Do not # change this after CVSROOT has been created with rancid-cvs. Changing between # these requires manual conversions. RCSSYS=git; export RCSSYS The README and UPGRADING mention nothing specific to initialising git other than to run rancid-cvs. Running on Centos 6.6 git version 1.7.1 Any help would be appreciated with this. Thanks Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: From heas at shrubbery.net Sun Feb 8 04:22:57 2015 From: heas at shrubbery.net (heasley) Date: Sun, 8 Feb 2015 04:22:57 +0000 Subject: [rancid] Rancid 3.1.99 Alpha git integration issues. In-Reply-To: References: Message-ID: <20150208042257.GB27729@shrubbery.net> Sat, Feb 07, 2015 at 01:31:54PM +0000, Thomas Greer: > Hi All > > I?ve recently (read today) installed the above alpha in anticipation of the git support. I?ve setup rancid a few times before, but I?m struggling with the git stuff. > > When I run rancid-cvs after a fresh install, I get a load of errors. > > -bash-4.1$ ./bin/rancid-cvs > error: Malformed value for push.default: simple > error: Must be one of nothing, matching, tracking or current. > fatal: bad config file line 6 in /usr/local/rancid//.gitconfig > error: Malformed value for push.default: simple > error: Must be one of nothing, matching, tracking or current. > fatal: bad config file line 6 in /usr/local/rancid//.gitconfig entirely possible that i've screwed-up the git support; i'll have to re-test it. but, this error is odd. rancid-cvs doesnt create .gitconfig itself. so, what is the source of that file and thus this error? > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > error: Malformed value for push.default: simple > error: Must be one of nothing, matching, tracking or current. > fatal: bad config file line 6 in /usr/local/rancid//.gitconfig > error: Malformed value for push.default: simple > error: Must be one of nothing, matching, tracking or current. > fatal: bad config file line 6 in /usr/local/rancid//.gitconfig > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > error: Malformed value for push.default: simple > error: Must be one of nothing, matching, tracking or current. > fatal: bad config file line 6 in /usr/local/rancid//.gitconfig > error: Malformed value for push.default: simple > error: Must be one of nothing, matching, tracking or current. > fatal: bad config file line 6 in /usr/local/rancid//.gitconfig > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > fatal: Not a git repository (or any of the parent directories): .git > > My rancid.conf contains: > > # Select which RCS system to use, "cvs" (default), "svn" or "git". Do not > # change this after CVSROOT has been created with rancid-cvs. Changing between > # these requires manual conversions. > RCSSYS=git; export RCSSYS > > The README and UPGRADING mention nothing specific to initialising git other than to run rancid-cvs. > > Running on Centos 6.6 > git version 1.7.1 > > Any help would be appreciated with this. > > Thanks > > Thomas > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From tgreer at tsone.net.uk Sun Feb 8 07:37:22 2015 From: tgreer at tsone.net.uk (Thomas Greer) Date: Sun, 8 Feb 2015 07:37:22 +0000 Subject: [rancid] Rancid 3.1.99 Alpha git integration issues. In-Reply-To: <20150208042257.GB27729@shrubbery.net> References: <20150208042257.GB27729@shrubbery.net> Message-ID: > On 8 Feb 2015, at 06:22, heasley wrote: > > Sat, Feb 07, 2015 at 01:31:54PM +0000, Thomas Greer: >> Hi All >> >> I?ve recently (read today) installed the above alpha in anticipation of the git support. I?ve setup rancid a few times before, but I?m struggling with the git stuff. >> >> When I run rancid-cvs after a fresh install, I get a load of errors. >> >> -bash-4.1$ ./bin/rancid-cvs >> error: Malformed value for push.default: simple >> error: Must be one of nothing, matching, tracking or current. >> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >> error: Malformed value for push.default: simple >> error: Must be one of nothing, matching, tracking or current. >> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig > > entirely possible that i've screwed-up the git support; i'll have to re-test > it. but, this error is odd. rancid-cvs doesnt create .gitconfig itself. > so, what is the source of that file and thus this error? > >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> error: Malformed value for push.default: simple >> error: Must be one of nothing, matching, tracking or current. >> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >> error: Malformed value for push.default: simple >> error: Must be one of nothing, matching, tracking or current. >> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> error: Malformed value for push.default: simple >> error: Must be one of nothing, matching, tracking or current. >> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >> error: Malformed value for push.default: simple >> error: Must be one of nothing, matching, tracking or current. >> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> fatal: Not a git repository (or any of the parent directories): .git >> >> My rancid.conf contains: >> >> # Select which RCS system to use, "cvs" (default), "svn" or "git". Do not >> # change this after CVSROOT has been created with rancid-cvs. Changing between >> # these requires manual conversions. >> RCSSYS=git; export RCSSYS >> >> The README and UPGRADING mention nothing specific to initialising git other than to run rancid-cvs. >> >> Running on Centos 6.6 >> git version 1.7.1 >> >> Any help would be appreciated with this. >> >> Thanks >> >> Thomas > > > >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > Either make install, or rancid-cvs. I rm?d the /usr/local/rancid directory before running make install -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: From lsy.annie at gmail.com Sun Feb 8 21:16:55 2015 From: lsy.annie at gmail.com (Annie Lee) Date: Mon, 9 Feb 2015 08:16:55 +1100 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: <57FD84723C05BB4FA3BB5F66AC609F642B3F59AF@XCH-IL-MB2.888holdings.corp> References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> <57FD84723C05BB4FA3BB5F66AC609F642B3F59AF@XCH-IL-MB2.888holdings.corp> Message-ID: Hi Shaun, Sorry. im new to this scripting and hope you dont mind me asking more on the bash thingy. 1) create a file under root privilege with the below contents : (root for the F5 or the rancid box) ? * #!/bin/bash tmsh -q -c 'cd / ;list recursive'* 2) how do i call that via rancid ? *{'tmsh -q list' => 'WriteTermTMSH'},* Yes, my rancid is working good with the common partitions.. Thanks On Sat, Feb 7, 2015 at 5:51 AM, Shaun Krok wrote: > Thanks John --- this worked > > > > Much appreciated > > > > Shaun > > > > > > *From:* John Kougoulos [mailto:john.kougoulos at gmail.com] > *Sent:* Wednesday, February 04, 2015 12:57 PM > *To:* Shaun Krok > > *Cc:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] rancid not working with partitions v11.x tmsh F5 > LTM > > > > Hi, > > I had a similar problem with the width of the terminal, so when the device > was out of sync, the prompt was becoming longer and some of the commands > failed to be parsed. > > I had to change in f5rancid the line: > $ENV{'TERM'} = "vt100"; > > to: > $ENV{'TERM'} = "vt100-w"; > > Regards, > John > > > > On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok > wrote: > > Hi there > > I was hoping someone had come across this issue. > > We are using Rancid to collect diffs from our BIG-IP clusters (as per > bash script below) > It works really well but are now facing an issue for reason unknown that > when the cluster is not synced the rancid fails and reports fetcher issues. > If I run the bash script below manually on each device it works without > issue. > As soon the cluster is synced it works fine .. > > It appears that TMSH is not allowing the script to work but it works fine > if I run it manually on the BIG-IP > > What could be the problem ? > > Thank you > > Shaun > > > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On > Behalf Of Shaun Krok > Sent: Monday, October 13, 2014 8:13 AM > To: Mick O'Rourke > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] rancid not working with partitions v11.x tmsh F5 LTM > > Thank your for the reply --- > > i have created a bash script on the F5 and it works creating a > test.file with all the config > the file is in /root/f5part > > #!/bin/bash > tmsh -q -c 'cd / ;list recursive' > > how do i call from f5rancid or do i have this all wrong ? > > > {'tmsh -q list' => 'WriteTermTMSH'}, > #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, > > > > On 2014-10-13 06:13, Mick O'Rourke wrote: > > We found easiestquickest way to modify rancid-f5 - post 11.x version > > checkdetect, call a bash script under /root/bin which runs "tmsh -q > > -c > > cd / ;list recursive" working around the rancid limitationerrors that > > resulted when cd / ;list recursive was added to rancid-f5 itself. > > > > On 12 October 2014 15:27, Shaun Krok wrote: > > > >> Hi > >> > >> I am busy to integrate Rancid into our network and have an issue > >> with partitions on BIG IP LTM v11.x > >> All works fine but Rancid does not backup all partitions ? > >> I am using the script from GIT with TMSH commands > >> > >> This command work from bash : tmsh -q -c "cd /; list recursive" but > >> does not from the script .. > >> > >> This is a snip from the forum where the issue was identified but is > >> anyone aware if there is a fix : > >> > >> Thanks > >> > >> Shaun > >> > >> here is a working tmsh version in the rancid git repo. > >> > >> The only thing that doesnt work when adjusting the script to list > >> all > >> partition co config is a tmsh -q -c "cd /; list recursive" - it > >> errors out > >> due to extra double quotes required by the -c option. > >> On Dec 6, 2012 8:57 PM, "Darius Seroka" > >> wrote: > >> > >> Shaun Krok > >> Network Team > >> > >> -- > >> Shaun Krok > >> Tel: 050 2424 381 > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net [2] > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [3] > > > > > > > > Links: > > ------ > > [1] http://gmail.com > > [2] mailto:Rancid-discuss at shrubbery.net > > [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > [4] mailto:krok at krok.za.net > > -- > Shaun Krok > Tel: 050 2424 381 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > This email message and its attachments are for the sole use of the > intended recipient(s) and may not be shared with any other party. They may > contain confidential information of 888 Holdings plc or its direct and > indirect subsidiaries (together, the ?888 Group?) and are to be regarded as > confidential information under any non-disclosure agreement. Any review, > use, disclosure or distribution by persons or entities other than the > intended recipient(s) is prohibited. Nothing in this message is capable of > or intended to create any legally binding obligation. The 888 Group will > only ever assume a legally binding obligation where recorded in a written > agreement duly executed by the authorized signatories of the relevant 888 > Group company. The 888 Group accepts no liability for any personal views > expressed in this message. If you are not the intended recipient, please > contact the sender by return and destroy all copies of the original message > and its attachments. Thank you > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > This email message and its attachments are for the sole use of the > intended recipient(s) and may not be shared with any other party. They may > contain confidential information of 888 Holdings plc or its direct and > indirect subsidiaries (together, the ?888 Group?) and are to be regarded as > confidential information under any non-disclosure agreement. Any review, > use, disclosure or distribution by persons or entities other than the > intended recipient(s) is prohibited. Nothing in this message is capable of > or intended to create any legally binding obligation. The 888 Group will > only ever assume a legally binding obligation where recorded in a written > agreement duly executed by the authorized signatories of the relevant 888 > Group company. The 888 Group accepts no liability for any personal views > expressed in this message. If you are not the intended recipient, please > contact the sender by return and destroy all copies of the original message > and its attachments. Thank you > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From krok at krok.za.net Mon Feb 9 08:15:36 2015 From: krok at krok.za.net (Shaun Krok) Date: Mon, 09 Feb 2015 10:15:36 +0200 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> <57FD84723C05BB4FA3BB5F66AC609F642B3F59AF@XCH-IL-MB2.888holdings.corp> Message-ID: On 2015-02-08 23:16, Annie Lee wrote: > Hi Shaun, > > Sorry. im new to this scripting and hope you dont mind me asking more > on the bash thingy. > > 1) create a file under root privilege with the below contents : (root > for the F5 or the rancid box) ? on the F5 > > #!/bin/bash > tmsh -q -c cd / ;list recursive > > 2) how do i call that via rancid ? > > _{TMSH -Q LIST => WRITETERMTMSH},_ SNIP from the f5rancid script # Main # bigpipe commands, BIGIP v9 and v10 @bigpipe_commandtable = ( {'bigpipe version' => 'ShowVersion'}, {'bigpipe platform' => 'ShowPlatform'}, {'cat /config/bigip.license' => 'ShowLicense'}, {'bigpipe monitor list all' => 'ShowMonitor'}, {'bigpipe profile list' => 'ShowProfile'}, {'bigpipe base list' => 'ShowBaseRun'}, {'bigpipe db show' => 'ShowDb'}, {'bigpipe route static show' => 'ShowRouteStatic'}, #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, {'bigpipe list' => 'WriteTermBIGPIPE'} ); # tmsh commands, BIGIP v11 @tmsh_commandtable = ( {'tmsh show /sys version' => 'ShowVersion'}, {'tmsh show /sys hardware' => 'ShowHardware'}, {'tmsh show /sys license' => 'ShowLicense'}, #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, #{'lsof -i :179' => 'ShowZebOSsockets'}, {'tmsh show /net route static' => 'ShowRouteStatic'}, #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, #{'tmsh -q list' => 'WriteTermTMSH'}, #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, {'./f5part' => 'WriteTermTMSH'}, > > Yes, my rancid is working good with the common partitions.. > > Thanks > > On Sat, Feb 7, 2015 at 5:51 AM, Shaun Krok > [20]> wrote: > >> Thanks John --- this worked >> >> ? >> >> Much appreciated >> >> ? >> >> Shaun >> >> ? >> >> ? >> >> FROM: John Kougoulos [mailto:john.kougoulos at gmail.com [15]] >> SENT: Wednesday, February 04, 2015 12:57 PM >> TO: Shaun Krok >> >> CC: rancid-discuss at shrubbery.net [16] >> SUBJECT: Re: [rancid] rancid not working with partitions v11.x tmsh >> F5 LTM >> >> ? >> >> Hi, >> >> I had a similar problem with the width of the terminal, so when the >> device was out of sync, the prompt was becoming longer and some of >> the commands failed to be parsed. >> >> I had to change in f5rancid the line: >> $ENV{TERM} = "vt100"; >> >> to: >> $ENV{TERM} = "vt100-w"; >> >> Regards, >> John >> >> ? >> >> On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok >> wrote: >> >>> Hi there >>> >>> I was hoping someone had come across this issue. >>> >>> We are using Rancid to collect diffs from our? BIG-IP clusters >>> (as per bash script below) >>> It works really well but are now facing an issue for reason >>> unknown that when the cluster is not synced the rancid fails and >>> reports fetcher issues. >>> If I run the bash script below manually on each device it works >>> without issue. >>> As soon the cluster is synced it works fine .. >>> >>> It appears that TMSH is not allowing the script to work but it >>> works fine if I run it manually on the BIG-IP >>> >>> What could be the problem ? >>> >>> Thank you >>> >>> Shaun >>> >>> -----Original Message----- >>> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net >>> [1]] On Behalf Of Shaun Krok >>> Sent: Monday, October 13, 2014 8:13 AM >>> To: Mick ORourke >>> Cc: rancid-discuss at shrubbery.net [2] >>> Subject: Re: [rancid] rancid not working with partitions v11.x >>> tmsh F5 LTM >>> >>> Thank your for the reply --- >>> >>> i have created a bash script on the F5 and it works creating a >>> test.file with all the config >>> the file is in /root/f5part >>> >>> #!/bin/bash >>> tmsh -q -c cd / ;list recursive >>> >>> how do i call from f5rancid or do i have this all wrong ? >>> >>> {tmsh -q list => WriteTermTMSH}, >>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH}, >>> >>> On 2014-10-13 06:13, Mick ORourke wrote: >>> > We found easiestquickest way to modify rancid-f5 - post 11.x >>> version >>> > checkdetect, call a bash script under /root/bin which runs >>> "tmsh -q >>> > -c >>> > cd / ;list recursive" working around the rancid >>> limitationerrors that >>> > resulted when? cd / ;list recursive was added to rancid-f5 >>> itself. >>> > >>> > On 12 October 2014 15:27, Shaun Krok >>> wrote: >>> > >>> >> Hi >>> >> >>> >> I am busy to integrate Rancid into our network and have an >>> issue >>> >> with partitions on BIG IP LTM v11.x >>> >> All? works fine but Rancid does not backup all partitions ? >>> >> I am using the script from GIT with TMSH commands >>> >> >>> >> This command work from bash : tmsh -q -c "cd /; list >>> recursive" but >>> >> does not from the script .. >>> >> >>> >> This is a snip from the forum where the issue was identified >>> but is >>> >> anyone aware if there is a fix : >>> >> >>> >> Thanks >>> >> >>> >> Shaun >>> >> >>> >> here is a working tmsh version in the rancid git repo. >>> >> >>> >> The only thing that doesnt work when adjusting the script to >>> list >>> >> all >>> >> partition co config is a tmsh -q -c "cd /; list recursive" - >>> it >>> >> errors out >>> >> due to extra double quotes required by the -c option. >>> >> On Dec 6, 2012 8:57 PM, "Darius Seroka" >> [4] [1]> >>> >> wrote: >>> >> >>> >> Shaun Krok >>> >> Network Team >>> >> >>> >> -- >>> >> Shaun Krok >>> >> Tel: 050 2424 381 >>> >> _______________________________________________ >>> >> Rancid-discuss mailing list >>> >> Rancid-discuss at shrubbery.net [5] [2] >>> >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [6] >>> [3] >>> > >>> > >>> > >>> > Links: >>> > ------ >>> > [1] http://gmail.com [7] >>> > [2] mailto:Rancid-discuss at shrubbery.net [8] >>> > [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> [9] >>> > [4] mailto:krok at krok.za.net [10] >>> >>> -- >>> Shaun Krok >>> Tel: 050 2424 381 >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net [11] >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [12] >>> >>> This email message and its attachments are for the sole use of the >>> intended recipient(s) and may not be shared with any other party. >>> They may contain confidential information of 888 Holdings plc or >>> its direct and indirect subsidiaries (together, the ?888 >>> Group?) and are to be regarded as confidential information under >>> any non-disclosure agreement. Any review, use, disclosure or >>> distribution by persons or entities other than the intended >>> recipient(s) is prohibited. Nothing in this message is capable of >>> or intended to create any legally binding obligation. The 888 >>> Group will only ever assume a legally binding obligation where >>> recorded in a written agreement duly executed by the authorized >>> signatories of the relevant 888 Group company. The 888 Group >>> accepts no liability for any personal views expressed in this >>> message. If you are not the intended recipient, please contact the >>> sender by return and destroy all copies of the original message >>> and its attachments. Thank you >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net [13] >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [14] >> >> ? >> >> This email message and its attachments are for the sole use of the >> intended recipient(s) and may not be shared with any other party. >> They may contain confidential information of 888 Holdings plc or its >> direct and indirect subsidiaries (together, the ?888 Group?) and >> are to be regarded as confidential information under any >> non-disclosure agreement. Any review, use, disclosure or >> distribution by persons or entities other than the intended >> recipient(s) is prohibited. Nothing in this message is capable of or >> intended to create any legally binding obligation. The 888 Group >> will only ever assume a legally binding obligation where recorded in >> a written agreement duly executed by the authorized signatories of >> the relevant 888 Group company. The 888 Group accepts no liability >> for any personal views expressed in this message. If you are not the >> intended recipient, please contact the sender by return and destroy >> all copies of the original message and its attachments. Thank you >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net [18] >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [19] > > > > Links: > ------ > [1] mailto:rancid-discuss-bounces at shrubbery.net > [2] mailto:rancid-discuss at shrubbery.net > [3] mailto:krok at krok.za.net > [4] http://gmail.com > [5] mailto:Rancid-discuss at shrubbery.net > [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [7] http://gmail.com > [8] mailto:Rancid-discuss at shrubbery.net > [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [10] mailto:krok at krok.za.net > [11] mailto:Rancid-discuss at shrubbery.net > [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [13] mailto:Rancid-discuss at shrubbery.net > [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [15] mailto:john.kougoulos at gmail.com > [16] mailto:rancid-discuss at shrubbery.net > [17] mailto:Shaun.Krok at 888holdings.com > [18] mailto:Rancid-discuss at shrubbery.net > [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [20] mailto:Shaun.Krok at 888holdings.com -- Shaun Krok Tel: 050 2424 381 From Alex.Chard at Reed-Elsevier.com.au Mon Feb 9 09:47:25 2015 From: Alex.Chard at Reed-Elsevier.com.au (Chard, Alex (RET-SYD)) Date: Mon, 9 Feb 2015 09:47:25 +0000 Subject: [rancid] Fortigate diffs when nothing actually changed Message-ID: Hi All, I know I have seen this discussed a few times on here but I haven't been able to find the resolution in the archives. I am running Rancid 3 (not sure how to check exact version). I have fortigates backed up in Rancid. They periodically drop/add commands from the config, and then revert back at the next backup. This means I end up with config diffs like the following: retrieving revision 1.11 diff -U 4 -r1.11 rausyd-lan-fw02s.corp.regn.net @@ -59530,8 +59530,9 @@ set dataset "traffic.Top10.IM.Users.Volume" set category traffic set favorite no set graph-type bar + exit set style auto set dimension 3D config x-series set caption '' followed by: retrieving revision 1.12 diff -U 4 -r1.12 rausyd-lan-fw02s.corp.regn.net @@ -59530,9 +59530,8 @@ set dataset "traffic.Top10.IM.Users.Volume" set category traffic set favorite no set graph-type bar - exit set style auto set dimension 3D config x-series set caption '' I do have the pager turned off, so that's not the issue. And a partly related question, is there a way to have rancid download a config file by SCP rather than execute commands to retrieve it? It seems to me this might be more successful - and also an easy way to grab config from devices that aren't supported. Thanks, Alex This e-mail is for the use of the intended recipient(s) only. If you have received this e-mail in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not use, disclose or distribute this e-mail without the author's permission. We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this e-mail. We cannot accept liability for any loss or damage caused by software viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rdrake at direcpath.com Mon Feb 9 10:45:57 2015 From: rdrake at direcpath.com (Robert Drake) Date: Mon, 9 Feb 2015 05:45:57 -0500 Subject: [rancid] Fortigate diffs when nothing actually changed In-Reply-To: References: Message-ID: <54D88FE5.6040409@direcpath.com> Try running the diff on the cli and check whitespace? Diff is a pretty base-level thing, so it's not rancid that's tripping but something in the actual config which makes it see a difference, but it's something that doesn't show up on-screen. If it is whitespace then there might be an error in the rancid script that parses lines and adds a space, or there might be something in the router that leaves whitespace where it shouldn't. Either way, it should be correctable by having the rancid script remove the offending stuff. On 2/9/2015 4:47 AM, Chard, Alex (RET-SYD) wrote: > > Hi All, > > I know I have seen this discussed a few times on here but I haven?t > been able to find the resolution in the archives. > > I am running Rancid 3 (not sure how to check exact version). > > I have fortigates backed up in Rancid. They periodically drop/add > commands from the config, and then revert back at the next backup. > > This means I end up with config diffs like the following: > > ** > > *retrieving revision 1.11* > > *diff -U 4 -r1.11 rausyd-lan-fw02s.corp.regn.net @@ -59530,8 +59530,9 @@* > > *set dataset "traffic.Top10.IM.Users.Volume"* > > *set category traffic* > > *set favorite no* > > *set graph-type bar* > > *+ exit* > > *set style auto* > > *set dimension 3D* > > *config x-series* > > *set caption ''* > > followed by: > > *retrieving revision 1.12* > > *diff -U 4 -r1.12 rausyd-lan-fw02s.corp.regn.net @@ -59530,9 +59530,8 @@* > > *set dataset "traffic.Top10.IM.Users.Volume"* > > *set category traffic* > > *set favorite no* > > *set graph-type bar* > > *- exit* > > *set style auto* > > *set dimension 3D* > > *config x-series* > > *set caption ''* > > I do have the pager turned off, so that?s not the issue. > > And a partly related question, is there a way to have rancid download > a config file by SCP rather than execute commands to retrieve it? > > It seems to me this might be more successful ? and also an easy way to > grab config from devices that aren?t supported. > > Thanks, > > Alex > > This e-mail is for the use of the intended recipient(s) only. If you > have received this e-mail in error, please notify the sender > immediately and then delete it. If you are not the intended recipient, > you must not use, disclose or distribute this e-mail without the > author's permission. We have taken precautions to minimise the risk of > transmitting software viruses, but we advise you to carry out your own > virus checks on any attachment to this e-mail. We cannot accept > liability for any loss or damage caused by software viruses. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Direcpath, LLC 817 West Peachtree St. NW - Suite 750 | Atlanta, GA 30308 2935B Amwiler Rd. | Atlanta,GA 30360 T 866-430-7284 | F 404.961.7060 rdrake at direcpath.com | www.direcpath.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Feb 9 17:18:36 2015 From: heas at shrubbery.net (heasley) Date: Mon, 9 Feb 2015 17:18:36 +0000 Subject: [rancid] Fortigate diffs when nothing actually changed In-Reply-To: References: Message-ID: <20150209171836.GA77491@shrubbery.net> Mon, Feb 09, 2015 at 09:47:25AM +0000, Chard, Alex (RET-SYD): > I am running Rancid 3 (not sure how to check exact version). rancid -V; clogin -V; etc etc > I have fortigates backed up in Rancid. They periodically drop/add commands from the config, and then revert back at the next backup. > This means I end up with config diffs like the following: > > retrieving revision 1.11 > > diff -U 4 -r1.11 rausyd-lan-fw02s.corp.regn.net @@ -59530,8 +59530,9 @@ > > set dataset "traffic.Top10.IM.Users.Volume" > > set category traffic > > set favorite no > > set graph-type bar > > + exit > > set style auto > > set dimension 3D > > config x-series > > set caption '' > followed by: > > retrieving revision 1.12 > > diff -U 4 -r1.12 rausyd-lan-fw02s.corp.regn.net @@ -59530,9 +59530,8 @@ > > set dataset "traffic.Top10.IM.Users.Volume" > > set category traffic > > set favorite no > > set graph-type bar > > - exit is that perhaps the login script getting ahead of itself, and not a change in the config? From lsy.annie at gmail.com Mon Feb 9 21:29:11 2015 From: lsy.annie at gmail.com (Annie Lee) Date: Tue, 10 Feb 2015 08:29:11 +1100 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> <57FD84723C05BB4FA3BB5F66AC609F642B3F59AF@XCH-IL-MB2.888holdings.corp> Message-ID: Hi Shaun, I've wrote a script with the below content to run from the F5, but error out..(hence it wont be successful from rancid) #!/bin/bash tmsh -q -c cd / ;list recursive Thanks On Mon, Feb 9, 2015 at 7:15 PM, Shaun Krok wrote: > On 2015-02-08 23:16, Annie Lee wrote: > >> Hi Shaun, >> >> Sorry. im new to this scripting and hope you dont mind me asking more >> on the bash thingy. >> >> 1) create a file under root privilege with the below contents : (root >> for the F5 or the rancid box) ? on the F5 >> >> #!/bin/bash >> tmsh -q -c cd / ;list recursive >> >> 2) how do i call that via rancid ? >> >> _{TMSH -Q LIST => WRITETERMTMSH},_ >> > > SNIP from the f5rancid script > > # Main > # bigpipe commands, BIGIP v9 and v10 > @bigpipe_commandtable = ( > {'bigpipe version' => 'ShowVersion'}, > {'bigpipe platform' => 'ShowPlatform'}, > {'cat /config/bigip.license' => 'ShowLicense'}, > {'bigpipe monitor list all' => 'ShowMonitor'}, > {'bigpipe profile list' => 'ShowProfile'}, > {'bigpipe base list' => 'ShowBaseRun'}, > {'bigpipe db show' => 'ShowDb'}, > {'bigpipe route static show' => 'ShowRouteStatic'}, > #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, > #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, > {'bigpipe list' => 'WriteTermBIGPIPE'} > ); > # tmsh commands, BIGIP v11 > @tmsh_commandtable = ( > {'tmsh show /sys version' => 'ShowVersion'}, > {'tmsh show /sys hardware' => 'ShowHardware'}, > {'tmsh show /sys license' => 'ShowLicense'}, > #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, > #{'lsof -i :179' => 'ShowZebOSsockets'}, > {'tmsh show /net route static' => 'ShowRouteStatic'}, > #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, > #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, > #{'tmsh -q list' => 'WriteTermTMSH'}, > #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, > {'./f5part' => 'WriteTermTMSH'}, > >> >> Yes, my rancid is working good with the common partitions.. >> >> Thanks >> >> On Sat, Feb 7, 2015 at 5:51 AM, Shaun Krok > [20]> wrote: >> >> Thanks John --- this worked >>> >>> >>> >>> Much appreciated >>> >>> >>> >>> Shaun >>> >>> >>> >>> >>> >>> FROM: John Kougoulos [mailto:john.kougoulos at gmail.com [15]] >>> SENT: Wednesday, February 04, 2015 12:57 PM >>> TO: Shaun Krok >>> >>> CC: rancid-discuss at shrubbery.net [16] >>> SUBJECT: Re: [rancid] rancid not working with partitions v11.x tmsh >>> F5 LTM >>> >>> >>> >>> Hi, >>> >>> I had a similar problem with the width of the terminal, so when the >>> device was out of sync, the prompt was becoming longer and some of >>> the commands failed to be parsed. >>> >>> I had to change in f5rancid the line: >>> $ENV{TERM} = "vt100"; >>> >>> to: >>> $ENV{TERM} = "vt100-w"; >>> >>> Regards, >>> John >>> >>> >>> >>> On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok >>> wrote: >>> >>> Hi there >>>> >>>> I was hoping someone had come across this issue. >>>> >>>> We are using Rancid to collect diffs from our BIG-IP clusters >>>> (as per bash script below) >>>> It works really well but are now facing an issue for reason >>>> unknown that when the cluster is not synced the rancid fails and >>>> reports fetcher issues. >>>> If I run the bash script below manually on each device it works >>>> without issue. >>>> As soon the cluster is synced it works fine .. >>>> >>>> It appears that TMSH is not allowing the script to work but it >>>> works fine if I run it manually on the BIG-IP >>>> >>>> What could be the problem ? >>>> >>>> Thank you >>>> >>>> Shaun >>>> >>>> -----Original Message----- >>>> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net >>>> [1]] On Behalf Of Shaun Krok >>>> Sent: Monday, October 13, 2014 8:13 AM >>>> To: Mick ORourke >>>> Cc: rancid-discuss at shrubbery.net [2] >>>> Subject: Re: [rancid] rancid not working with partitions v11.x >>>> tmsh F5 LTM >>>> >>>> Thank your for the reply --- >>>> >>>> i have created a bash script on the F5 and it works creating a >>>> test.file with all the config >>>> the file is in /root/f5part >>>> >>>> #!/bin/bash >>>> tmsh -q -c cd / ;list recursive >>>> >>>> how do i call from f5rancid or do i have this all wrong ? >>>> >>>> {tmsh -q list => WriteTermTMSH}, >>>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH}, >>>> >>>> On 2014-10-13 06:13, Mick ORourke wrote: >>>> > We found easiestquickest way to modify rancid-f5 - post 11.x >>>> version >>>> > checkdetect, call a bash script under /root/bin which runs >>>> "tmsh -q >>>> > -c >>>> > cd / ;list recursive" working around the rancid >>>> limitationerrors that >>>> > resulted when cd / ;list recursive was added to rancid-f5 >>>> itself. >>>> > >>>> > On 12 October 2014 15:27, Shaun Krok >>>> wrote: >>>> > >>>> >> Hi >>>> >> >>>> >> I am busy to integrate Rancid into our network and have an >>>> issue >>>> >> with partitions on BIG IP LTM v11.x >>>> >> All works fine but Rancid does not backup all partitions ? >>>> >> I am using the script from GIT with TMSH commands >>>> >> >>>> >> This command work from bash : tmsh -q -c "cd /; list >>>> recursive" but >>>> >> does not from the script .. >>>> >> >>>> >> This is a snip from the forum where the issue was identified >>>> but is >>>> >> anyone aware if there is a fix : >>>> >> >>>> >> Thanks >>>> >> >>>> >> Shaun >>>> >> >>>> >> here is a working tmsh version in the rancid git repo. >>>> >> >>>> >> The only thing that doesnt work when adjusting the script to >>>> list >>>> >> all >>>> >> partition co config is a tmsh -q -c "cd /; list recursive" - >>>> it >>>> >> errors out >>>> >> due to extra double quotes required by the -c option. >>>> >> On Dec 6, 2012 8:57 PM, "Darius Seroka" >>> [4] [1]> >>>> >> wrote: >>>> >> >>>> >> Shaun Krok >>>> >> Network Team >>>> >> >>>> >> -- >>>> >> Shaun Krok >>>> >> Tel: 050 2424 381 >>>> >> _______________________________________________ >>>> >> Rancid-discuss mailing list >>>> >> Rancid-discuss at shrubbery.net [5] [2] >>>> >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [6] >>>> [3] >>>> > >>>> > >>>> > >>>> > Links: >>>> > ------ >>>> > [1] http://gmail.com [7] >>>> > [2] mailto:Rancid-discuss at shrubbery.net [8] >>>> > [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>> [9] >>>> > [4] mailto:krok at krok.za.net [10] >>>> >>>> -- >>>> Shaun Krok >>>> Tel: 050 2424 381 >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net [11] >>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [12] >>>> >>>> This email message and its attachments are for the sole use of the >>>> intended recipient(s) and may not be shared with any other party. >>>> They may contain confidential information of 888 Holdings plc or >>>> its direct and indirect subsidiaries (together, the ?888 >>>> Group?) and are to be regarded as confidential information under >>>> any non-disclosure agreement. Any review, use, disclosure or >>>> distribution by persons or entities other than the intended >>>> recipient(s) is prohibited. Nothing in this message is capable of >>>> or intended to create any legally binding obligation. The 888 >>>> Group will only ever assume a legally binding obligation where >>>> recorded in a written agreement duly executed by the authorized >>>> signatories of the relevant 888 Group company. The 888 Group >>>> accepts no liability for any personal views expressed in this >>>> message. If you are not the intended recipient, please contact the >>>> sender by return and destroy all copies of the original message >>>> and its attachments. Thank you >>>> >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net [13] >>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [14] >>>> >>> >>> >>> >>> This email message and its attachments are for the sole use of the >>> intended recipient(s) and may not be shared with any other party. >>> They may contain confidential information of 888 Holdings plc or its >>> direct and indirect subsidiaries (together, the ?888 Group?) and >>> are to be regarded as confidential information under any >>> non-disclosure agreement. Any review, use, disclosure or >>> distribution by persons or entities other than the intended >>> recipient(s) is prohibited. Nothing in this message is capable of or >>> intended to create any legally binding obligation. The 888 Group >>> will only ever assume a legally binding obligation where recorded in >>> a written agreement duly executed by the authorized signatories of >>> the relevant 888 Group company. The 888 Group accepts no liability >>> for any personal views expressed in this message. If you are not the >>> intended recipient, please contact the sender by return and destroy >>> all copies of the original message and its attachments. Thank you >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net [18] >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [19] >>> >> >> >> >> Links: >> ------ >> [1] mailto:rancid-discuss-bounces at shrubbery.net >> [2] mailto:rancid-discuss at shrubbery.net >> [3] mailto:krok at krok.za.net >> [4] http://gmail.com >> [5] mailto:Rancid-discuss at shrubbery.net >> [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [7] http://gmail.com >> [8] mailto:Rancid-discuss at shrubbery.net >> [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [10] mailto:krok at krok.za.net >> [11] mailto:Rancid-discuss at shrubbery.net >> [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [13] mailto:Rancid-discuss at shrubbery.net >> [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [15] mailto:john.kougoulos at gmail.com >> [16] mailto:rancid-discuss at shrubbery.net >> [17] mailto:Shaun.Krok at 888holdings.com >> [18] mailto:Rancid-discuss at shrubbery.net >> [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [20] mailto:Shaun.Krok at 888holdings.com >> > > -- > Shaun Krok > Tel: 050 2424 381 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lsy.annie at gmail.com Mon Feb 9 21:46:02 2015 From: lsy.annie at gmail.com (Annie Lee) Date: Tue, 10 Feb 2015 08:46:02 +1100 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> <57FD84723C05BB4FA3BB5F66AC609F642B3F59AF@XCH-IL-MB2.888holdings.corp> Message-ID: Just checked the diff (with the added partition configs) and it seems to have all unnecessary 'default configs' as well. Is that normal ? On Tue, Feb 10, 2015 at 8:43 AM, Annie Lee wrote: > Hi Shaun, > > Managed to get the bash script running, missed the double quote on the > script. > > > > *#! /bin/bashtmsh -q -c "cd /;list recursive"* > Thank you very much... > > On Tue, Feb 10, 2015 at 8:29 AM, Annie Lee wrote: > >> Hi Shaun, >> >> I've wrote a script with the below content to run from the F5, but error >> out..(hence it wont be successful from rancid) >> >> #!/bin/bash >> tmsh -q -c cd / ;list recursive >> >> Thanks >> >> On Mon, Feb 9, 2015 at 7:15 PM, Shaun Krok wrote: >> >>> On 2015-02-08 23:16, Annie Lee wrote: >>> >>>> Hi Shaun, >>>> >>>> Sorry. im new to this scripting and hope you dont mind me asking more >>>> on the bash thingy. >>>> >>>> 1) create a file under root privilege with the below contents : (root >>>> for the F5 or the rancid box) ? on the F5 >>>> >>>> #!/bin/bash >>>> tmsh -q -c cd / ;list recursive >>>> >>>> 2) how do i call that via rancid ? >>>> >>>> _{TMSH -Q LIST => WRITETERMTMSH},_ >>>> >>> >>> SNIP from the f5rancid script >>> >>> # Main >>> # bigpipe commands, BIGIP v9 and v10 >>> @bigpipe_commandtable = ( >>> {'bigpipe version' => 'ShowVersion'}, >>> {'bigpipe platform' => 'ShowPlatform'}, >>> {'cat /config/bigip.license' => 'ShowLicense'}, >>> {'bigpipe monitor list all' => 'ShowMonitor'}, >>> {'bigpipe profile list' => 'ShowProfile'}, >>> {'bigpipe base list' => 'ShowBaseRun'}, >>> {'bigpipe db show' => 'ShowDb'}, >>> {'bigpipe route static show' => 'ShowRouteStatic'}, >>> #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, >>> #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, >>> {'bigpipe list' => 'WriteTermBIGPIPE'} >>> ); >>> # tmsh commands, BIGIP v11 >>> @tmsh_commandtable = ( >>> {'tmsh show /sys version' => 'ShowVersion'}, >>> {'tmsh show /sys hardware' => 'ShowHardware'}, >>> {'tmsh show /sys license' => 'ShowLicense'}, >>> #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, >>> #{'lsof -i :179' => 'ShowZebOSsockets'}, >>> {'tmsh show /net route static' => 'ShowRouteStatic'}, >>> #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, >>> #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, >>> #{'tmsh -q list' => 'WriteTermTMSH'}, >>> #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, >>> {'./f5part' => 'WriteTermTMSH'}, >>> >>>> >>>> Yes, my rancid is working good with the common partitions.. >>>> >>>> Thanks >>>> >>>> On Sat, Feb 7, 2015 at 5:51 AM, Shaun Krok >>> [20]> wrote: >>>> >>>> Thanks John --- this worked >>>>> >>>>> >>>>> >>>>> Much appreciated >>>>> >>>>> >>>>> >>>>> Shaun >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> FROM: John Kougoulos [mailto:john.kougoulos at gmail.com [15]] >>>>> SENT: Wednesday, February 04, 2015 12:57 PM >>>>> TO: Shaun Krok >>>>> >>>>> CC: rancid-discuss at shrubbery.net [16] >>>>> SUBJECT: Re: [rancid] rancid not working with partitions v11.x tmsh >>>>> F5 LTM >>>>> >>>>> >>>>> >>>>> Hi, >>>>> >>>>> I had a similar problem with the width of the terminal, so when the >>>>> device was out of sync, the prompt was becoming longer and some of >>>>> the commands failed to be parsed. >>>>> >>>>> I had to change in f5rancid the line: >>>>> $ENV{TERM} = "vt100"; >>>>> >>>>> to: >>>>> $ENV{TERM} = "vt100-w"; >>>>> >>>>> Regards, >>>>> John >>>>> >>>>> >>>>> >>>>> On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok >>>>> wrote: >>>>> >>>>> Hi there >>>>>> >>>>>> I was hoping someone had come across this issue. >>>>>> >>>>>> We are using Rancid to collect diffs from our BIG-IP clusters >>>>>> (as per bash script below) >>>>>> It works really well but are now facing an issue for reason >>>>>> unknown that when the cluster is not synced the rancid fails and >>>>>> reports fetcher issues. >>>>>> If I run the bash script below manually on each device it works >>>>>> without issue. >>>>>> As soon the cluster is synced it works fine .. >>>>>> >>>>>> It appears that TMSH is not allowing the script to work but it >>>>>> works fine if I run it manually on the BIG-IP >>>>>> >>>>>> What could be the problem ? >>>>>> >>>>>> Thank you >>>>>> >>>>>> Shaun >>>>>> >>>>>> -----Original Message----- >>>>>> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net >>>>>> [1]] On Behalf Of Shaun Krok >>>>>> Sent: Monday, October 13, 2014 8:13 AM >>>>>> To: Mick ORourke >>>>>> Cc: rancid-discuss at shrubbery.net [2] >>>>>> Subject: Re: [rancid] rancid not working with partitions v11.x >>>>>> tmsh F5 LTM >>>>>> >>>>>> Thank your for the reply --- >>>>>> >>>>>> i have created a bash script on the F5 and it works creating a >>>>>> test.file with all the config >>>>>> the file is in /root/f5part >>>>>> >>>>>> #!/bin/bash >>>>>> tmsh -q -c cd / ;list recursive >>>>>> >>>>>> how do i call from f5rancid or do i have this all wrong ? >>>>>> >>>>>> {tmsh -q list => WriteTermTMSH}, >>>>>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH}, >>>>>> >>>>>> On 2014-10-13 06:13, Mick ORourke wrote: >>>>>> > We found easiestquickest way to modify rancid-f5 - post 11.x >>>>>> version >>>>>> > checkdetect, call a bash script under /root/bin which runs >>>>>> "tmsh -q >>>>>> > -c >>>>>> > cd / ;list recursive" working around the rancid >>>>>> limitationerrors that >>>>>> > resulted when cd / ;list recursive was added to rancid-f5 >>>>>> itself. >>>>>> > >>>>>> > On 12 October 2014 15:27, Shaun Krok >>>>>> wrote: >>>>>> > >>>>>> >> Hi >>>>>> >> >>>>>> >> I am busy to integrate Rancid into our network and have an >>>>>> issue >>>>>> >> with partitions on BIG IP LTM v11.x >>>>>> >> All works fine but Rancid does not backup all partitions ? >>>>>> >> I am using the script from GIT with TMSH commands >>>>>> >> >>>>>> >> This command work from bash : tmsh -q -c "cd /; list >>>>>> recursive" but >>>>>> >> does not from the script .. >>>>>> >> >>>>>> >> This is a snip from the forum where the issue was identified >>>>>> but is >>>>>> >> anyone aware if there is a fix : >>>>>> >> >>>>>> >> Thanks >>>>>> >> >>>>>> >> Shaun >>>>>> >> >>>>>> >> here is a working tmsh version in the rancid git repo. >>>>>> >> >>>>>> >> The only thing that doesnt work when adjusting the script to >>>>>> list >>>>>> >> all >>>>>> >> partition co config is a tmsh -q -c "cd /; list recursive" - >>>>>> it >>>>>> >> errors out >>>>>> >> due to extra double quotes required by the -c option. >>>>>> >> On Dec 6, 2012 8:57 PM, "Darius Seroka" >>>>> [4] [1]> >>>>>> >> wrote: >>>>>> >> >>>>>> >> Shaun Krok >>>>>> >> Network Team >>>>>> >> >>>>>> >> -- >>>>>> >> Shaun Krok >>>>>> >> Tel: 050 2424 381 >>>>>> >> _______________________________________________ >>>>>> >> Rancid-discuss mailing list >>>>>> >> Rancid-discuss at shrubbery.net [5] [2] >>>>>> >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [6] >>>>>> [3] >>>>>> > >>>>>> > >>>>>> > >>>>>> > Links: >>>>>> > ------ >>>>>> > [1] http://gmail.com [7] >>>>>> > [2] mailto:Rancid-discuss at shrubbery.net [8] >>>>>> > [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>> [9] >>>>>> > [4] mailto:krok at krok.za.net [10] >>>>>> >>>>>> -- >>>>>> Shaun Krok >>>>>> Tel: 050 2424 381 >>>>>> _______________________________________________ >>>>>> Rancid-discuss mailing list >>>>>> Rancid-discuss at shrubbery.net [11] >>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [12] >>>>>> >>>>>> This email message and its attachments are for the sole use of the >>>>>> intended recipient(s) and may not be shared with any other party. >>>>>> They may contain confidential information of 888 Holdings plc or >>>>>> its direct and indirect subsidiaries (together, the ?888 >>>>>> Group?) and are to be regarded as confidential information under >>>>>> any non-disclosure agreement. Any review, use, disclosure or >>>>>> distribution by persons or entities other than the intended >>>>>> recipient(s) is prohibited. Nothing in this message is capable of >>>>>> or intended to create any legally binding obligation. The 888 >>>>>> Group will only ever assume a legally binding obligation where >>>>>> recorded in a written agreement duly executed by the authorized >>>>>> signatories of the relevant 888 Group company. The 888 Group >>>>>> accepts no liability for any personal views expressed in this >>>>>> message. If you are not the intended recipient, please contact the >>>>>> sender by return and destroy all copies of the original message >>>>>> and its attachments. Thank you >>>>>> >>>>>> _______________________________________________ >>>>>> Rancid-discuss mailing list >>>>>> Rancid-discuss at shrubbery.net [13] >>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [14] >>>>>> >>>>> >>>>> >>>>> >>>>> This email message and its attachments are for the sole use of the >>>>> intended recipient(s) and may not be shared with any other party. >>>>> They may contain confidential information of 888 Holdings plc or its >>>>> direct and indirect subsidiaries (together, the ?888 Group?) and >>>>> are to be regarded as confidential information under any >>>>> non-disclosure agreement. Any review, use, disclosure or >>>>> distribution by persons or entities other than the intended >>>>> recipient(s) is prohibited. Nothing in this message is capable of or >>>>> intended to create any legally binding obligation. The 888 Group >>>>> will only ever assume a legally binding obligation where recorded in >>>>> a written agreement duly executed by the authorized signatories of >>>>> the relevant 888 Group company. The 888 Group accepts no liability >>>>> for any personal views expressed in this message. If you are not the >>>>> intended recipient, please contact the sender by return and destroy >>>>> all copies of the original message and its attachments. Thank you >>>>> _______________________________________________ >>>>> Rancid-discuss mailing list >>>>> Rancid-discuss at shrubbery.net [18] >>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [19] >>>>> >>>> >>>> >>>> >>>> Links: >>>> ------ >>>> [1] mailto:rancid-discuss-bounces at shrubbery.net >>>> [2] mailto:rancid-discuss at shrubbery.net >>>> [3] mailto:krok at krok.za.net >>>> [4] http://gmail.com >>>> [5] mailto:Rancid-discuss at shrubbery.net >>>> [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>> [7] http://gmail.com >>>> [8] mailto:Rancid-discuss at shrubbery.net >>>> [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>> [10] mailto:krok at krok.za.net >>>> [11] mailto:Rancid-discuss at shrubbery.net >>>> [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>> [13] mailto:Rancid-discuss at shrubbery.net >>>> [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>> [15] mailto:john.kougoulos at gmail.com >>>> [16] mailto:rancid-discuss at shrubbery.net >>>> [17] mailto:Shaun.Krok at 888holdings.com >>>> [18] mailto:Rancid-discuss at shrubbery.net >>>> [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>> [20] mailto:Shaun.Krok at 888holdings.com >>>> >>> >>> -- >>> Shaun Krok >>> Tel: 050 2424 381 >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lsy.annie at gmail.com Mon Feb 9 21:43:16 2015 From: lsy.annie at gmail.com (Annie Lee) Date: Tue, 10 Feb 2015 08:43:16 +1100 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> <57FD84723C05BB4FA3BB5F66AC609F642B3F59AF@XCH-IL-MB2.888holdings.corp> Message-ID: Hi Shaun, Managed to get the bash script running, missed the double quote on the script. *#! /bin/bashtmsh -q -c "cd /;list recursive"* Thank you very much... On Tue, Feb 10, 2015 at 8:29 AM, Annie Lee wrote: > Hi Shaun, > > I've wrote a script with the below content to run from the F5, but error > out..(hence it wont be successful from rancid) > > #!/bin/bash > tmsh -q -c cd / ;list recursive > > Thanks > > On Mon, Feb 9, 2015 at 7:15 PM, Shaun Krok wrote: > >> On 2015-02-08 23:16, Annie Lee wrote: >> >>> Hi Shaun, >>> >>> Sorry. im new to this scripting and hope you dont mind me asking more >>> on the bash thingy. >>> >>> 1) create a file under root privilege with the below contents : (root >>> for the F5 or the rancid box) ? on the F5 >>> >>> #!/bin/bash >>> tmsh -q -c cd / ;list recursive >>> >>> 2) how do i call that via rancid ? >>> >>> _{TMSH -Q LIST => WRITETERMTMSH},_ >>> >> >> SNIP from the f5rancid script >> >> # Main >> # bigpipe commands, BIGIP v9 and v10 >> @bigpipe_commandtable = ( >> {'bigpipe version' => 'ShowVersion'}, >> {'bigpipe platform' => 'ShowPlatform'}, >> {'cat /config/bigip.license' => 'ShowLicense'}, >> {'bigpipe monitor list all' => 'ShowMonitor'}, >> {'bigpipe profile list' => 'ShowProfile'}, >> {'bigpipe base list' => 'ShowBaseRun'}, >> {'bigpipe db show' => 'ShowDb'}, >> {'bigpipe route static show' => 'ShowRouteStatic'}, >> #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, >> #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, >> {'bigpipe list' => 'WriteTermBIGPIPE'} >> ); >> # tmsh commands, BIGIP v11 >> @tmsh_commandtable = ( >> {'tmsh show /sys version' => 'ShowVersion'}, >> {'tmsh show /sys hardware' => 'ShowHardware'}, >> {'tmsh show /sys license' => 'ShowLicense'}, >> #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, >> #{'lsof -i :179' => 'ShowZebOSsockets'}, >> {'tmsh show /net route static' => 'ShowRouteStatic'}, >> #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, >> #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, >> #{'tmsh -q list' => 'WriteTermTMSH'}, >> #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, >> {'./f5part' => 'WriteTermTMSH'}, >> >>> >>> Yes, my rancid is working good with the common partitions.. >>> >>> Thanks >>> >>> On Sat, Feb 7, 2015 at 5:51 AM, Shaun Krok >> [20]> wrote: >>> >>> Thanks John --- this worked >>>> >>>> >>>> >>>> Much appreciated >>>> >>>> >>>> >>>> Shaun >>>> >>>> >>>> >>>> >>>> >>>> FROM: John Kougoulos [mailto:john.kougoulos at gmail.com [15]] >>>> SENT: Wednesday, February 04, 2015 12:57 PM >>>> TO: Shaun Krok >>>> >>>> CC: rancid-discuss at shrubbery.net [16] >>>> SUBJECT: Re: [rancid] rancid not working with partitions v11.x tmsh >>>> F5 LTM >>>> >>>> >>>> >>>> Hi, >>>> >>>> I had a similar problem with the width of the terminal, so when the >>>> device was out of sync, the prompt was becoming longer and some of >>>> the commands failed to be parsed. >>>> >>>> I had to change in f5rancid the line: >>>> $ENV{TERM} = "vt100"; >>>> >>>> to: >>>> $ENV{TERM} = "vt100-w"; >>>> >>>> Regards, >>>> John >>>> >>>> >>>> >>>> On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok >>>> wrote: >>>> >>>> Hi there >>>>> >>>>> I was hoping someone had come across this issue. >>>>> >>>>> We are using Rancid to collect diffs from our BIG-IP clusters >>>>> (as per bash script below) >>>>> It works really well but are now facing an issue for reason >>>>> unknown that when the cluster is not synced the rancid fails and >>>>> reports fetcher issues. >>>>> If I run the bash script below manually on each device it works >>>>> without issue. >>>>> As soon the cluster is synced it works fine .. >>>>> >>>>> It appears that TMSH is not allowing the script to work but it >>>>> works fine if I run it manually on the BIG-IP >>>>> >>>>> What could be the problem ? >>>>> >>>>> Thank you >>>>> >>>>> Shaun >>>>> >>>>> -----Original Message----- >>>>> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net >>>>> [1]] On Behalf Of Shaun Krok >>>>> Sent: Monday, October 13, 2014 8:13 AM >>>>> To: Mick ORourke >>>>> Cc: rancid-discuss at shrubbery.net [2] >>>>> Subject: Re: [rancid] rancid not working with partitions v11.x >>>>> tmsh F5 LTM >>>>> >>>>> Thank your for the reply --- >>>>> >>>>> i have created a bash script on the F5 and it works creating a >>>>> test.file with all the config >>>>> the file is in /root/f5part >>>>> >>>>> #!/bin/bash >>>>> tmsh -q -c cd / ;list recursive >>>>> >>>>> how do i call from f5rancid or do i have this all wrong ? >>>>> >>>>> {tmsh -q list => WriteTermTMSH}, >>>>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH}, >>>>> >>>>> On 2014-10-13 06:13, Mick ORourke wrote: >>>>> > We found easiestquickest way to modify rancid-f5 - post 11.x >>>>> version >>>>> > checkdetect, call a bash script under /root/bin which runs >>>>> "tmsh -q >>>>> > -c >>>>> > cd / ;list recursive" working around the rancid >>>>> limitationerrors that >>>>> > resulted when cd / ;list recursive was added to rancid-f5 >>>>> itself. >>>>> > >>>>> > On 12 October 2014 15:27, Shaun Krok >>>>> wrote: >>>>> > >>>>> >> Hi >>>>> >> >>>>> >> I am busy to integrate Rancid into our network and have an >>>>> issue >>>>> >> with partitions on BIG IP LTM v11.x >>>>> >> All works fine but Rancid does not backup all partitions ? >>>>> >> I am using the script from GIT with TMSH commands >>>>> >> >>>>> >> This command work from bash : tmsh -q -c "cd /; list >>>>> recursive" but >>>>> >> does not from the script .. >>>>> >> >>>>> >> This is a snip from the forum where the issue was identified >>>>> but is >>>>> >> anyone aware if there is a fix : >>>>> >> >>>>> >> Thanks >>>>> >> >>>>> >> Shaun >>>>> >> >>>>> >> here is a working tmsh version in the rancid git repo. >>>>> >> >>>>> >> The only thing that doesnt work when adjusting the script to >>>>> list >>>>> >> all >>>>> >> partition co config is a tmsh -q -c "cd /; list recursive" - >>>>> it >>>>> >> errors out >>>>> >> due to extra double quotes required by the -c option. >>>>> >> On Dec 6, 2012 8:57 PM, "Darius Seroka" >>>> [4] [1]> >>>>> >> wrote: >>>>> >> >>>>> >> Shaun Krok >>>>> >> Network Team >>>>> >> >>>>> >> -- >>>>> >> Shaun Krok >>>>> >> Tel: 050 2424 381 >>>>> >> _______________________________________________ >>>>> >> Rancid-discuss mailing list >>>>> >> Rancid-discuss at shrubbery.net [5] [2] >>>>> >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [6] >>>>> [3] >>>>> > >>>>> > >>>>> > >>>>> > Links: >>>>> > ------ >>>>> > [1] http://gmail.com [7] >>>>> > [2] mailto:Rancid-discuss at shrubbery.net [8] >>>>> > [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>> [9] >>>>> > [4] mailto:krok at krok.za.net [10] >>>>> >>>>> -- >>>>> Shaun Krok >>>>> Tel: 050 2424 381 >>>>> _______________________________________________ >>>>> Rancid-discuss mailing list >>>>> Rancid-discuss at shrubbery.net [11] >>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [12] >>>>> >>>>> This email message and its attachments are for the sole use of the >>>>> intended recipient(s) and may not be shared with any other party. >>>>> They may contain confidential information of 888 Holdings plc or >>>>> its direct and indirect subsidiaries (together, the ?888 >>>>> Group?) and are to be regarded as confidential information under >>>>> any non-disclosure agreement. Any review, use, disclosure or >>>>> distribution by persons or entities other than the intended >>>>> recipient(s) is prohibited. Nothing in this message is capable of >>>>> or intended to create any legally binding obligation. The 888 >>>>> Group will only ever assume a legally binding obligation where >>>>> recorded in a written agreement duly executed by the authorized >>>>> signatories of the relevant 888 Group company. The 888 Group >>>>> accepts no liability for any personal views expressed in this >>>>> message. If you are not the intended recipient, please contact the >>>>> sender by return and destroy all copies of the original message >>>>> and its attachments. Thank you >>>>> >>>>> _______________________________________________ >>>>> Rancid-discuss mailing list >>>>> Rancid-discuss at shrubbery.net [13] >>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [14] >>>>> >>>> >>>> >>>> >>>> This email message and its attachments are for the sole use of the >>>> intended recipient(s) and may not be shared with any other party. >>>> They may contain confidential information of 888 Holdings plc or its >>>> direct and indirect subsidiaries (together, the ?888 Group?) and >>>> are to be regarded as confidential information under any >>>> non-disclosure agreement. Any review, use, disclosure or >>>> distribution by persons or entities other than the intended >>>> recipient(s) is prohibited. Nothing in this message is capable of or >>>> intended to create any legally binding obligation. The 888 Group >>>> will only ever assume a legally binding obligation where recorded in >>>> a written agreement duly executed by the authorized signatories of >>>> the relevant 888 Group company. The 888 Group accepts no liability >>>> for any personal views expressed in this message. If you are not the >>>> intended recipient, please contact the sender by return and destroy >>>> all copies of the original message and its attachments. Thank you >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net [18] >>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [19] >>>> >>> >>> >>> >>> Links: >>> ------ >>> [1] mailto:rancid-discuss-bounces at shrubbery.net >>> [2] mailto:rancid-discuss at shrubbery.net >>> [3] mailto:krok at krok.za.net >>> [4] http://gmail.com >>> [5] mailto:Rancid-discuss at shrubbery.net >>> [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> [7] http://gmail.com >>> [8] mailto:Rancid-discuss at shrubbery.net >>> [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> [10] mailto:krok at krok.za.net >>> [11] mailto:Rancid-discuss at shrubbery.net >>> [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> [13] mailto:Rancid-discuss at shrubbery.net >>> [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> [15] mailto:john.kougoulos at gmail.com >>> [16] mailto:rancid-discuss at shrubbery.net >>> [17] mailto:Shaun.Krok at 888holdings.com >>> [18] mailto:Rancid-discuss at shrubbery.net >>> [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> [20] mailto:Shaun.Krok at 888holdings.com >>> >> >> -- >> Shaun Krok >> Tel: 050 2424 381 >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Alex.Chard at Reed-Elsevier.com.au Tue Feb 10 02:25:51 2015 From: Alex.Chard at Reed-Elsevier.com.au (Chard, Alex (RET-SYD)) Date: Tue, 10 Feb 2015 02:25:51 +0000 Subject: [rancid] Fortigate diffs when nothing actually changed In-Reply-To: <20150209171836.GA77491@shrubbery.net> References: <20150209171836.GA77491@shrubbery.net> Message-ID: Hi, It is Rancid 3.1 I could well believe that it is the script getting ahead of itself... Can I slow it down somehow? Thanks, Alex -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Tuesday, 10 February 2015 4:19 AM To: Chard, Alex (RET-SYD) Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Fortigate diffs when nothing actually changed Mon, Feb 09, 2015 at 09:47:25AM +0000, Chard, Alex (RET-SYD): > I am running Rancid 3 (not sure how to check exact version). rancid -V; clogin -V; etc etc > I have fortigates backed up in Rancid. They periodically drop/add commands from the config, and then revert back at the next backup. > This means I end up with config diffs like the following: > > retrieving revision 1.11 > > diff -U 4 -r1.11 rausyd-lan-fw02s.corp.regn.net @@ -59530,8 +59530,9 > @@ > > set dataset "traffic.Top10.IM.Users.Volume" > > set category traffic > > set favorite no > > set graph-type bar > > + exit > > set style auto > > set dimension 3D > > config x-series > > set caption '' > followed by: > > retrieving revision 1.12 > > diff -U 4 -r1.12 rausyd-lan-fw02s.corp.regn.net @@ -59530,9 +59530,8 > @@ > > set dataset "traffic.Top10.IM.Users.Volume" > > set category traffic > > set favorite no > > set graph-type bar > > - exit is that perhaps the login script getting ahead of itself, and not a change in the config? This e-mail is for the use of the intended recipient(s) only. If you have received this e-mail in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not use, disclose or distribute this e-mail without the author's permission. We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this e-mail. We cannot accept liability for any loss or damage caused by software viruses. From Alex.Chard at Reed-Elsevier.com.au Tue Feb 10 04:21:59 2015 From: Alex.Chard at Reed-Elsevier.com.au (Chard, Alex (RET-SYD)) Date: Tue, 10 Feb 2015 04:21:59 +0000 Subject: [rancid] Fortigate diffs when nothing actually changed In-Reply-To: <54D88FE5.6040409@direcpath.com> References: <54D88FE5.6040409@direcpath.com> Message-ID: Hi Robert, >From the diff, it looks to me like it is seeing a change in the config. (The 'exit' command in this case). But the config on the device did not change. I see this moderately frequently - it ranges from every few days to several times a day. It does not happen on all devices. Thanks, Alex From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Robert Drake Sent: Monday, 9 February 2015 9:46 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Fortigate diffs when nothing actually changed Try running the diff on the cli and check whitespace? Diff is a pretty base-level thing, so it's not rancid that's tripping but something in the actual config which makes it see a difference, but it's something that doesn't show up on-screen. If it is whitespace then there might be an error in the rancid script that parses lines and adds a space, or there might be something in the router that leaves whitespace where it shouldn't. Either way, it should be correctable by having the rancid script remove the offending stuff. On 2/9/2015 4:47 AM, Chard, Alex (RET-SYD) wrote: Hi All, I know I have seen this discussed a few times on here but I haven't been able to find the resolution in the archives. I am running Rancid 3 (not sure how to check exact version). I have fortigates backed up in Rancid. They periodically drop/add commands from the config, and then revert back at the next backup. This means I end up with config diffs like the following: retrieving revision 1.11 diff -U 4 -r1.11 rausyd-lan-fw02s.corp.regn.net @@ -59530,8 +59530,9 @@ set dataset "traffic.Top10.IM.Users.Volume" set category traffic set favorite no set graph-type bar + exit set style auto set dimension 3D config x-series set caption '' followed by: retrieving revision 1.12 diff -U 4 -r1.12 rausyd-lan-fw02s.corp.regn.net @@ -59530,9 +59530,8 @@ set dataset "traffic.Top10.IM.Users.Volume" set category traffic set favorite no set graph-type bar - exit set style auto set dimension 3D config x-series set caption '' I do have the pager turned off, so that's not the issue. And a partly related question, is there a way to have rancid download a config file by SCP rather than execute commands to retrieve it? It seems to me this might be more successful - and also an easy way to grab config from devices that aren't supported. Thanks, Alex This e-mail is for the use of the intended recipient(s) only. If you have received this e-mail in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not use, disclose or distribute this e-mail without the author's permission. We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this e-mail. We cannot accept liability for any loss or damage caused by software viruses. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Direcpath, LLC 817 West Peachtree St. NW - Suite 750 | Atlanta, GA 30308 2935B Amwiler Rd. | Atlanta,GA 30360 T 866-430-7284 | F 404.961.7060 rdrake at direcpath.com | www.direcpath.com This e-mail is for the use of the intended recipient(s) only. If you have received this e-mail in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not use, disclose or distribute this e-mail without the author's permission. We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this e-mail. We cannot accept liability for any loss or damage caused by software viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: From krok at krok.za.net Tue Feb 10 05:49:02 2015 From: krok at krok.za.net (Shaun Krok) Date: Tue, 10 Feb 2015 07:49:02 +0200 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> <57FD84723C05BB4FA3BB5F66AC609F642B3F59AF@XCH-IL-MB2.888holdings.corp> Message-ID: <735d977e993e16991e203ad213e45beb@krok.za.net> Hi there Annie Good to hear it is working for you Can you show us what you mean by default config --- i believe this is normal but lets see a sample and we can comment thanks Shaun On 2015-02-09 23:46, Annie Lee wrote: > Just checked the diff (with the added partition configs) and it seems > to have all unnecessary default configs as well. > Is that normal ? > > On Tue, Feb 10, 2015 at 8:43 AM, Annie Lee > wrote: > >> Hi Shaun, >> >> Managed to get the bash script running, missed the double quote on >> the script. >> >> #! /bin/bash >> tmsh -q -c "cd /;list recursive" >> >> Thank you very much... >> >> On Tue, Feb 10, 2015 at 8:29 AM, Annie Lee > [42]> wrote: >> >>> Hi Shaun, >>> >>> Ive wrote a script with the below content to run from the F5, but >>> error out..(hence it wont be successful from rancid) >>> >>> #!/bin/bash >>> ?tmsh -q -c cd / ;list recursive >>> >>> Thanks >>> >>> On Mon, Feb 9, 2015 at 7:15 PM, Shaun Krok >>> wrote: >>> >>>> On 2015-02-08 23:16, Annie Lee wrote: >>>> >>>>> Hi Shaun, >>>>> >>>>> Sorry. im new to this scripting and hope you dont mind me >>>>> asking more >>>>> on the bash thingy. >>>>> >>>>> 1) create a file under root privilege with the below contents >>>>> : (root >>>>> for the F5 or the rancid box) ? on the F5 >>>>> >>>>> ?#!/bin/bash >>>>> ?tmsh -q -c cd / ;list recursive >>>>> >>>>> 2) how do i call that via rancid ? >>>>> >>>>> ?_{TMSH -Q LIST => WRITETERMTMSH},_ >>>> >>>> SNIP from the f5rancid script >>>> >>>> # Main >>>> # bigpipe commands, BIGIP v9 and v10 >>>> @bigpipe_commandtable = ( >>>> {bigpipe version => ShowVersion}, >>>> {bigpipe platform => ShowPlatform}, >>>> {cat /config/bigip.license => ShowLicense}, >>>> {bigpipe monitor list all => ShowMonitor}, >>>> {bigpipe profile list => ShowProfile}, >>>> {bigpipe base list => ShowBaseRun}, >>>> {bigpipe db show => ShowDb}, >>>> {bigpipe route static show => ShowRouteStatic}, >>>> #{ls --full-time --color=never /config/ssl/ssl.crt => >>>> ShowSslCrt}, >>>> #{ls --full-time --color=never /config/ssl/ssl.key => >>>> ShowSslKey}, >>>> {bigpipe list => WriteTermBIGPIPE} >>>> ); >>>> # tmsh commands, BIGIP v11 >>>> @tmsh_commandtable = ( >>>> {tmsh show /sys version => ShowVersion}, >>>> {tmsh show /sys hardware => ShowHardware}, >>>> {tmsh show /sys license => ShowLicense}, >>>> #{cat /config/ZebOS.conf => ShowZebOSconf}, >>>> #{lsof -i :179 => ShowZebOSsockets}, >>>> {tmsh show /net route static => ShowRouteStatic}, >>>> #{ls --full-time --color=never /config/ssl/ssl.crt => >>>> ShowSslCrt}, >>>> #{ls --full-time --color=never /config/ssl/ssl.key => >>>> ShowSslKey}, >>>> #{tmsh -q list => WriteTermTMSH}, >>>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH}, >>>> {./f5part => WriteTermTMSH}, >>>> >>>>> Yes, my rancid is working good with the common partitions.. >>>>> >>>>> Thanks >>>>> >>>>> On Sat, Feb 7, 2015 at 5:51 AM, Shaun Krok >>>>> >>>> [20]> wrote: >>>>> >>>>>> Thanks John --- this worked >>>>>> >>>>>> ? >>>>>> >>>>>> Much appreciated >>>>>> >>>>>> ? >>>>>> >>>>>> Shaun >>>>>> >>>>>> ? >>>>>> >>>>>> ? >>>>>> >>>>>> FROM: John Kougoulos [mailto:john.kougoulos at gmail.com [15] >>>>>> [15]] >>>>>> SENT: Wednesday, February 04, 2015 12:57 PM >>>>>> TO: Shaun Krok >>>>>> >>>>>> CC: rancid-discuss at shrubbery.net [16] [16] >>>>>> SUBJECT: Re: [rancid] rancid not working with partitions >>>>>> v11.x tmsh >>>>>> F5 LTM >>>>>> >>>>>> ? >>>>>> >>>>>> Hi, >>>>>> >>>>>> I had a similar problem with the width of the terminal, so >>>>>> when the >>>>>> device was out of sync, the prompt was becoming longer and >>>>>> some of >>>>>> the commands failed to be parsed. >>>>>> >>>>>> I had to change in f5rancid the line: >>>>>> $ENV{TERM} = "vt100"; >>>>>> >>>>>> to: >>>>>> $ENV{TERM} = "vt100-w"; >>>>>> >>>>>> Regards, >>>>>> John >>>>>> >>>>>> ? >>>>>> >>>>>> On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok >>>>>> wrote: >>>>>> >>>>>>> Hi there >>>>>>> >>>>>>> I was hoping someone had come across this issue. >>>>>>> >>>>>>> We are using Rancid to collect diffs from our? BIG-IP >>>>>>> clusters >>>>>>> (as per bash script below) >>>>>>> It works really well but are now facing an issue for >>>>>>> reason >>>>>>> unknown that when the cluster is not synced the rancid >>>>>>> fails and >>>>>>> reports fetcher issues. >>>>>>> If I run the bash script below manually on each device it >>>>>>> works >>>>>>> without issue. >>>>>>> As soon the cluster is synced it works fine .. >>>>>>> >>>>>>> It appears that TMSH is not allowing the script to work >>>>>>> but it >>>>>>> works fine if I run it manually on the BIG-IP >>>>>>> >>>>>>> What could be the problem ? >>>>>>> >>>>>>> Thank you >>>>>>> >>>>>>> Shaun >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Rancid-discuss >>>>>>> [mailto:rancid-discuss-bounces at shrubbery.net [1] >>>>>>> [1]] On Behalf Of Shaun Krok >>>>>>> Sent: Monday, October 13, 2014 8:13 AM >>>>>>> To: Mick ORourke >>>>>>> Cc: rancid-discuss at shrubbery.net [2] [2] >>>>>>> Subject: Re: [rancid] rancid not working with partitions >>>>>>> v11.x >>>>>>> tmsh F5 LTM >>>>>>> >>>>>>> Thank your for the reply --- >>>>>>> >>>>>>> i have created a bash script on the F5 and it works >>>>>>> creating a >>>>>>> test.file with all the config >>>>>>> the file is in /root/f5part >>>>>>> >>>>>>> #!/bin/bash >>>>>>> tmsh -q -c cd / ;list recursive >>>>>>> >>>>>>> how do i call from f5rancid or do i have this all wrong ? >>>>>>> >>>>>>> {tmsh -q list => WriteTermTMSH}, >>>>>>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH}, >>>>>>> >>>>>>> On 2014-10-13 06:13, Mick ORourke wrote: >>>>>>> > We found easiestquickest way to modify rancid-f5 - post >>>>>>> 11.x >>>>>>> version >>>>>>> > checkdetect, call a bash script under /root/bin which >>>>>>> runs >>>>>>> "tmsh -q >>>>>>> > -c >>>>>>> > cd / ;list recursive" working around the rancid >>>>>>> limitationerrors that >>>>>>> > resulted when? cd / ;list recursive was added to >>>>>>> rancid-f5 >>>>>>> itself. >>>>>>> > >>>>>>> > On 12 October 2014 15:27, Shaun Krok >>>>>> [3] [3] [4]> >>>>>>> wrote: >>>>>>> > >>>>>>> >> Hi >>>>>>> >> >>>>>>> >> I am busy to integrate Rancid into our network and >>>>>>> have an >>>>>>> issue >>>>>>> >> with partitions on BIG IP LTM v11.x >>>>>>> >> All? works fine but Rancid does not backup all >>>>>>> partitions ? >>>>>>> >> I am using the script from GIT with TMSH commands >>>>>>> >> >>>>>>> >> This command work from bash : tmsh -q -c "cd /; list >>>>>>> recursive" but >>>>>>> >> does not from the script .. >>>>>>> >> >>>>>>> >> This is a snip from the forum where the issue was >>>>>>> identified >>>>>>> but is >>>>>>> >> anyone aware if there is a fix : >>>>>>> >> >>>>>>> >> Thanks >>>>>>> >> >>>>>>> >> Shaun >>>>>>> >> >>>>>>> >> here is a working tmsh version in the rancid git repo. >>>>>>> >> >>>>>>> >> The only thing that doesnt work when adjusting the >>>>>>> script to >>>>>>> list >>>>>>> >> all >>>>>>> >> partition co config is a tmsh -q -c "cd /; list >>>>>>> recursive" - >>>>>>> it >>>>>>> >> errors out >>>>>>> >> due to extra double quotes required by the -c option. >>>>>>> >> On Dec 6, 2012 8:57 PM, "Darius Seroka" >>>>>> gmail.com [4] >>>>>>> [4] [1]> >>>>>>> >> wrote: >>>>>>> >> >>>>>>> >> Shaun Krok >>>>>>> >> Network Team >>>>>>> >> >>>>>>> >> -- >>>>>>> >> Shaun Krok >>>>>>> >> Tel: 050 2424 381 >>>>>>> >> _______________________________________________ >>>>>>> >> Rancid-discuss mailing list >>>>>>> >> Rancid-discuss at shrubbery.net [5] [5] [2] >>>>>>> >> >>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>>> [6] [6] >>>>>>> [3] >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > Links: >>>>>>> > ------ >>>>>>> > [1] http://gmail.com [7] [7] >>>>>>> > [2] mailto:Rancid-discuss at shrubbery.net [8] [8] >>>>>>> > [3] >>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>>> [9] >>>>>>> [9] >>>>>>> > [4] mailto:krok at krok.za.net [10] [10] >>>>>>> >>>>>>> -- >>>>>>> Shaun Krok >>>>>>> Tel: 050 2424 381 >>>>>>> _______________________________________________ >>>>>>> Rancid-discuss mailing list >>>>>>> Rancid-discuss at shrubbery.net [11] [11] >>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>>> [12] [12] >>>>>>> >>>>>>> This email message and its attachments are for the sole >>>>>>> use of the >>>>>>> intended recipient(s) and may not be shared with any >>>>>>> other party. >>>>>>> They may contain confidential information of 888 Holdings >>>>>>> plc or >>>>>>> its direct and indirect subsidiaries (together, the >>>>>>> ?888 >>>>>>> Group?) and are to be regarded as confidential >>>>>>> information under >>>>>>> any non-disclosure agreement. Any review, use, disclosure >>>>>>> or >>>>>>> distribution by persons or entities other than the >>>>>>> intended >>>>>>> recipient(s) is prohibited. Nothing in this message is >>>>>>> capable of >>>>>>> or intended to create any legally binding obligation. The >>>>>>> 888 >>>>>>> Group will only ever assume a legally binding obligation >>>>>>> where >>>>>>> recorded in a written agreement duly executed by the >>>>>>> authorized >>>>>>> signatories of the relevant 888 Group company. The 888 >>>>>>> Group >>>>>>> accepts no liability for any personal views expressed in >>>>>>> this >>>>>>> message. If you are not the intended recipient, please >>>>>>> contact the >>>>>>> sender by return and destroy all copies of the original >>>>>>> message >>>>>>> and its attachments. Thank you >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Rancid-discuss mailing list >>>>>>> Rancid-discuss at shrubbery.net [13] [13] >>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>>> [14] [14] >>>>>> >>>>>> ? >>>>>> >>>>>> This email message and its attachments are for the sole use >>>>>> of the >>>>>> intended recipient(s) and may not be shared with any other >>>>>> party. >>>>>> They may contain confidential information of 888 Holdings >>>>>> plc or its >>>>>> direct and indirect subsidiaries (together, the ?888 >>>>>> Group?) and >>>>>> are to be regarded as confidential information under any >>>>>> non-disclosure agreement. Any review, use, disclosure or >>>>>> distribution by persons or entities other than the intended >>>>>> recipient(s) is prohibited. Nothing in this message is >>>>>> capable of or >>>>>> intended to create any legally binding obligation. The 888 >>>>>> Group >>>>>> will only ever assume a legally binding obligation where >>>>>> recorded in >>>>>> a written agreement duly executed by the authorized >>>>>> signatories of >>>>>> the relevant 888 Group company. The 888 Group accepts no >>>>>> liability >>>>>> for any personal views expressed in this message. If you >>>>>> are not the >>>>>> intended recipient, please contact the sender by return and >>>>>> destroy >>>>>> all copies of the original message and its attachments. >>>>>> Thank you >>>>>> _______________________________________________ >>>>>> Rancid-discuss mailing list >>>>>> Rancid-discuss at shrubbery.net [18] [18] >>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>> [19] [19] >>>>> >>>>> Links: >>>>> ------ >>>>> [1] mailto:rancid-discuss-bounces at shrubbery.net [21] >>>>> [2] mailto:rancid-discuss at shrubbery.net [22] >>>>> [3] mailto:krok at krok.za.net [23] >>>>> [4] http://gmail.com [24] >>>>> [5] mailto:Rancid-discuss at shrubbery.net [25] >>>>> [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>> [26] >>>>> [7] http://gmail.com [27] >>>>> [8] mailto:Rancid-discuss at shrubbery.net [28] >>>>> [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>> [29] >>>>> [10] mailto:krok at krok.za.net [30] >>>>> [11] mailto:Rancid-discuss at shrubbery.net [31] >>>>> [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>> [32] >>>>> [13] mailto:Rancid-discuss at shrubbery.net [33] >>>>> [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>> [34] >>>>> [15] mailto:john.kougoulos at gmail.com [35] >>>>> [16] mailto:rancid-discuss at shrubbery.net [36] >>>>> [17] mailto:Shaun.Krok at 888holdings.com [37] >>>>> [18] mailto:Rancid-discuss at shrubbery.net [38] >>>>> [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>> [39] >>>>> [20] mailto:Shaun.Krok at 888holdings.com [40] >>>> >>>> -- >>>> Shaun Krok >>>> Tel: 050 2424 381 > > > > Links: > ------ > [1] mailto:rancid-discuss-bounces at shrubbery.net > [2] mailto:rancid-discuss at shrubbery.net > [3] mailto:krok at krok.za.net > [4] http://gmail.com > [5] mailto:Rancid-discuss at shrubbery.net > [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [7] http://gmail.com > [8] mailto:Rancid-discuss at shrubbery.net > [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [10] mailto:krok at krok.za.net > [11] mailto:Rancid-discuss at shrubbery.net > [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [13] mailto:Rancid-discuss at shrubbery.net > [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [15] mailto:john.kougoulos at gmail.com > [16] mailto:rancid-discuss at shrubbery.net > [17] mailto:Shaun.Krok at 888holdings.com > [18] mailto:Rancid-discuss at shrubbery.net > [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [20] mailto:Shaun.Krok at 888holdings.com > [21] mailto:rancid-discuss-bounces at shrubbery.net > [22] mailto:rancid-discuss at shrubbery.net > [23] mailto:krok at krok.za.net > [24] http://gmail.com > [25] mailto:Rancid-discuss at shrubbery.net > [26] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [27] http://gmail.com > [28] mailto:Rancid-discuss at shrubbery.net > [29] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [30] mailto:krok at krok.za.net > [31] mailto:Rancid-discuss at shrubbery.net > [32] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [33] mailto:Rancid-discuss at shrubbery.net > [34] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [35] mailto:john.kougoulos at gmail.com > [36] mailto:rancid-discuss at shrubbery.net > [37] mailto:Shaun.Krok at 888holdings.com > [38] mailto:Rancid-discuss at shrubbery.net > [39] http://www.shrubbery.net/mailman/listinfo/rancid-discuss > [40] mailto:Shaun.Krok at 888holdings.com > [41] mailto:krok at krok.za.net > [42] mailto:lsy.annie at gmail.com > [43] mailto:lsy.annie at gmail.com -- Shaun Krok Tel: 050 2424 381 From heas at shrubbery.net Tue Feb 10 23:53:08 2015 From: heas at shrubbery.net (heasley) Date: Tue, 10 Feb 2015 23:53:08 +0000 Subject: [rancid] Fortigate diffs when nothing actually changed In-Reply-To: References: <20150209171836.GA77491@shrubbery.net> Message-ID: <20150210235308.GE3352@shrubbery.net> Tue, Feb 10, 2015 at 02:25:51AM +0000, Chard, Alex (RET-SYD): > Hi, > It is Rancid 3.1 > > I could well believe that it is the script getting ahead of itself... Can I slow it down somehow? it (can) happens if the script sends two commands without waiting for a prompt or sees something in the o/p that looks like a prompt. I dont have any of these; you or someone with one will have to debug it, or provide access to one, or provide o/p from fnlogin -d -t 90 -c 'get system status;show full-configuration' hostname 2>log From lsy.annie at gmail.com Tue Feb 10 20:48:56 2015 From: lsy.annie at gmail.com (Annie Lee) Date: Wed, 11 Feb 2015 07:48:56 +1100 Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM In-Reply-To: <735d977e993e16991e203ad213e45beb@krok.za.net> References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net> <57FD84723C05BB4FA3BB5F66AC609F642B3DA63A@XCH-IL-MB2.888holdings.corp> <57FD84723C05BB4FA3BB5F66AC609F642B3F59AF@XCH-IL-MB2.888holdings.corp> <735d977e993e16991e203ad213e45beb@krok.za.net> Message-ID: Hi Shaun, After adding the partition bit, there are additional 40k lines added. (attached are some of them) Revision *1.10* - (view ) (annotate ) - [select for diffs] *Mon Feb 9 22:39:17 2015 UTC* (22 hours, 1 minute ago) by *rancid* Branch: *MAIN* Changes since *1.9: +44759 -0 lines* Diff to previous 1.9 updates So i amended the script to only capture the additional partition rather than looping and find the available partition in the F5. *tmsh -q -c "cd /partition_DMZ;list"* Thanks On Tue, Feb 10, 2015 at 4:49 PM, Shaun Krok wrote: > Hi there Annie > > Good to hear it is working for you > > Can you show us what you mean by default config --- i believe this is > normal but lets see a sample and we can comment > > thanks > > Shaun > > > On 2015-02-09 23:46, Annie Lee wrote: > >> Just checked the diff (with the added partition configs) and it seems >> to have all unnecessary default configs as well. >> Is that normal ? >> >> On Tue, Feb 10, 2015 at 8:43 AM, Annie Lee >> wrote: >> >> Hi Shaun, >>> >>> Managed to get the bash script running, missed the double quote on >>> the script. >>> >>> #! /bin/bash >>> tmsh -q -c "cd /;list recursive" >>> >>> Thank you very much... >>> >>> On Tue, Feb 10, 2015 at 8:29 AM, Annie Lee >> [42]> wrote: >>> >>> Hi Shaun, >>>> >>>> Ive wrote a script with the below content to run from the F5, but >>>> error out..(hence it wont be successful from rancid) >>>> >>>> #!/bin/bash >>>> tmsh -q -c cd / ;list recursive >>>> >>>> Thanks >>>> >>>> On Mon, Feb 9, 2015 at 7:15 PM, Shaun Krok >>>> wrote: >>>> >>>> On 2015-02-08 23:16, Annie Lee wrote: >>>>> >>>>> Hi Shaun, >>>>>> >>>>>> Sorry. im new to this scripting and hope you dont mind me >>>>>> asking more >>>>>> on the bash thingy. >>>>>> >>>>>> 1) create a file under root privilege with the below contents >>>>>> : (root >>>>>> for the F5 or the rancid box) ? on the F5 >>>>>> >>>>>> #!/bin/bash >>>>>> tmsh -q -c cd / ;list recursive >>>>>> >>>>>> 2) how do i call that via rancid ? >>>>>> >>>>>> _{TMSH -Q LIST => WRITETERMTMSH},_ >>>>>> >>>>> >>>>> SNIP from the f5rancid script >>>>> >>>>> # Main >>>>> # bigpipe commands, BIGIP v9 and v10 >>>>> @bigpipe_commandtable = ( >>>>> {bigpipe version => ShowVersion}, >>>>> {bigpipe platform => ShowPlatform}, >>>>> {cat /config/bigip.license => ShowLicense}, >>>>> {bigpipe monitor list all => ShowMonitor}, >>>>> {bigpipe profile list => ShowProfile}, >>>>> {bigpipe base list => ShowBaseRun}, >>>>> {bigpipe db show => ShowDb}, >>>>> {bigpipe route static show => ShowRouteStatic}, >>>>> #{ls --full-time --color=never /config/ssl/ssl.crt => >>>>> ShowSslCrt}, >>>>> #{ls --full-time --color=never /config/ssl/ssl.key => >>>>> ShowSslKey}, >>>>> {bigpipe list => WriteTermBIGPIPE} >>>>> ); >>>>> # tmsh commands, BIGIP v11 >>>>> @tmsh_commandtable = ( >>>>> {tmsh show /sys version => ShowVersion}, >>>>> {tmsh show /sys hardware => ShowHardware}, >>>>> {tmsh show /sys license => ShowLicense}, >>>>> #{cat /config/ZebOS.conf => ShowZebOSconf}, >>>>> #{lsof -i :179 => ShowZebOSsockets}, >>>>> {tmsh show /net route static => ShowRouteStatic}, >>>>> #{ls --full-time --color=never /config/ssl/ssl.crt => >>>>> ShowSslCrt}, >>>>> #{ls --full-time --color=never /config/ssl/ssl.key => >>>>> ShowSslKey}, >>>>> #{tmsh -q list => WriteTermTMSH}, >>>>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH}, >>>>> {./f5part => WriteTermTMSH}, >>>>> >>>>> Yes, my rancid is working good with the common partitions.. >>>>>> >>>>>> Thanks >>>>>> >>>>>> On Sat, Feb 7, 2015 at 5:51 AM, Shaun Krok >>>>>> >>>>> [20]> wrote: >>>>>> >>>>>> Thanks John --- this worked >>>>>>> >>>>>>> >>>>>>> >>>>>>> Much appreciated >>>>>>> >>>>>>> >>>>>>> >>>>>>> Shaun >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> FROM: John Kougoulos [mailto:john.kougoulos at gmail.com [15] >>>>>>> [15]] >>>>>>> SENT: Wednesday, February 04, 2015 12:57 PM >>>>>>> TO: Shaun Krok >>>>>>> >>>>>>> CC: rancid-discuss at shrubbery.net [16] [16] >>>>>>> SUBJECT: Re: [rancid] rancid not working with partitions >>>>>>> v11.x tmsh >>>>>>> F5 LTM >>>>>>> >>>>>>> >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I had a similar problem with the width of the terminal, so >>>>>>> when the >>>>>>> device was out of sync, the prompt was becoming longer and >>>>>>> some of >>>>>>> the commands failed to be parsed. >>>>>>> >>>>>>> I had to change in f5rancid the line: >>>>>>> $ENV{TERM} = "vt100"; >>>>>>> >>>>>>> to: >>>>>>> $ENV{TERM} = "vt100-w"; >>>>>>> >>>>>>> Regards, >>>>>>> John >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok >>>>>>> wrote: >>>>>>> >>>>>>> Hi there >>>>>>>> >>>>>>>> I was hoping someone had come across this issue. >>>>>>>> >>>>>>>> We are using Rancid to collect diffs from our BIG-IP >>>>>>>> clusters >>>>>>>> (as per bash script below) >>>>>>>> It works really well but are now facing an issue for >>>>>>>> reason >>>>>>>> unknown that when the cluster is not synced the rancid >>>>>>>> fails and >>>>>>>> reports fetcher issues. >>>>>>>> If I run the bash script below manually on each device it >>>>>>>> works >>>>>>>> without issue. >>>>>>>> As soon the cluster is synced it works fine .. >>>>>>>> >>>>>>>> It appears that TMSH is not allowing the script to work >>>>>>>> but it >>>>>>>> works fine if I run it manually on the BIG-IP >>>>>>>> >>>>>>>> What could be the problem ? >>>>>>>> >>>>>>>> Thank you >>>>>>>> >>>>>>>> Shaun >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: Rancid-discuss >>>>>>>> [mailto:rancid-discuss-bounces at shrubbery.net [1] >>>>>>>> [1]] On Behalf Of Shaun Krok >>>>>>>> Sent: Monday, October 13, 2014 8:13 AM >>>>>>>> To: Mick ORourke >>>>>>>> Cc: rancid-discuss at shrubbery.net [2] [2] >>>>>>>> Subject: Re: [rancid] rancid not working with partitions >>>>>>>> v11.x >>>>>>>> tmsh F5 LTM >>>>>>>> >>>>>>>> Thank your for the reply --- >>>>>>>> >>>>>>>> i have created a bash script on the F5 and it works >>>>>>>> creating a >>>>>>>> test.file with all the config >>>>>>>> the file is in /root/f5part >>>>>>>> >>>>>>>> #!/bin/bash >>>>>>>> tmsh -q -c cd / ;list recursive >>>>>>>> >>>>>>>> how do i call from f5rancid or do i have this all wrong ? >>>>>>>> >>>>>>>> {tmsh -q list => WriteTermTMSH}, >>>>>>>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH}, >>>>>>>> >>>>>>>> On 2014-10-13 06:13, Mick ORourke wrote: >>>>>>>> > We found easiestquickest way to modify rancid-f5 - post >>>>>>>> 11.x >>>>>>>> version >>>>>>>> > checkdetect, call a bash script under /root/bin which >>>>>>>> runs >>>>>>>> "tmsh -q >>>>>>>> > -c >>>>>>>> > cd / ;list recursive" working around the rancid >>>>>>>> limitationerrors that >>>>>>>> > resulted when cd / ;list recursive was added to >>>>>>>> rancid-f5 >>>>>>>> itself. >>>>>>>> > >>>>>>>> > On 12 October 2014 15:27, Shaun Krok >>>>>>> [3] [3] [4]> >>>>>>>> >>>>>>>> wrote: >>>>>>>> > >>>>>>>> >> Hi >>>>>>>> >> >>>>>>>> >> I am busy to integrate Rancid into our network and >>>>>>>> have an >>>>>>>> issue >>>>>>>> >> with partitions on BIG IP LTM v11.x >>>>>>>> >> All works fine but Rancid does not backup all >>>>>>>> partitions ? >>>>>>>> >> I am using the script from GIT with TMSH commands >>>>>>>> >> >>>>>>>> >> This command work from bash : tmsh -q -c "cd /; list >>>>>>>> recursive" but >>>>>>>> >> does not from the script .. >>>>>>>> >> >>>>>>>> >> This is a snip from the forum where the issue was >>>>>>>> identified >>>>>>>> but is >>>>>>>> >> anyone aware if there is a fix : >>>>>>>> >> >>>>>>>> >> Thanks >>>>>>>> >> >>>>>>>> >> Shaun >>>>>>>> >> >>>>>>>> >> here is a working tmsh version in the rancid git repo. >>>>>>>> >> >>>>>>>> >> The only thing that doesnt work when adjusting the >>>>>>>> script to >>>>>>>> list >>>>>>>> >> all >>>>>>>> >> partition co config is a tmsh -q -c "cd /; list >>>>>>>> recursive" - >>>>>>>> it >>>>>>>> >> errors out >>>>>>>> >> due to extra double quotes required by the -c option. >>>>>>>> >> On Dec 6, 2012 8:57 PM, "Darius Seroka" >>>>>>> gmail.com [4] >>>>>>>> [4] [1]> >>>>>>>> >> wrote: >>>>>>>> >> >>>>>>>> >> Shaun Krok >>>>>>>> >> Network Team >>>>>>>> >> >>>>>>>> >> -- >>>>>>>> >> Shaun Krok >>>>>>>> >> Tel: 050 2424 381 >>>>>>>> >> _______________________________________________ >>>>>>>> >> Rancid-discuss mailing list >>>>>>>> >> Rancid-discuss at shrubbery.net [5] [5] [2] >>>>>>>> >> >>>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>>>> [6] [6] >>>>>>>> [3] >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > Links: >>>>>>>> > ------ >>>>>>>> > [1] http://gmail.com [7] [7] >>>>>>>> > [2] mailto:Rancid-discuss at shrubbery.net [8] [8] >>>>>>>> > [3] >>>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>>>> [9] >>>>>>>> [9] >>>>>>>> > [4] mailto:krok at krok.za.net [10] [10] >>>>>>>> >>>>>>>> -- >>>>>>>> Shaun Krok >>>>>>>> Tel: 050 2424 381 >>>>>>>> _______________________________________________ >>>>>>>> Rancid-discuss mailing list >>>>>>>> Rancid-discuss at shrubbery.net [11] [11] >>>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>>>> [12] [12] >>>>>>>> >>>>>>>> >>>>>>>> This email message and its attachments are for the sole >>>>>>>> use of the >>>>>>>> intended recipient(s) and may not be shared with any >>>>>>>> other party. >>>>>>>> They may contain confidential information of 888 Holdings >>>>>>>> plc or >>>>>>>> its direct and indirect subsidiaries (together, the >>>>>>>> ?888 >>>>>>>> Group?) and are to be regarded as confidential >>>>>>>> information under >>>>>>>> any non-disclosure agreement. Any review, use, disclosure >>>>>>>> or >>>>>>>> distribution by persons or entities other than the >>>>>>>> intended >>>>>>>> recipient(s) is prohibited. Nothing in this message is >>>>>>>> capable of >>>>>>>> or intended to create any legally binding obligation. The >>>>>>>> 888 >>>>>>>> Group will only ever assume a legally binding obligation >>>>>>>> where >>>>>>>> recorded in a written agreement duly executed by the >>>>>>>> authorized >>>>>>>> signatories of the relevant 888 Group company. The 888 >>>>>>>> Group >>>>>>>> accepts no liability for any personal views expressed in >>>>>>>> this >>>>>>>> message. If you are not the intended recipient, please >>>>>>>> contact the >>>>>>>> sender by return and destroy all copies of the original >>>>>>>> message >>>>>>>> and its attachments. Thank you >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Rancid-discuss mailing list >>>>>>>> Rancid-discuss at shrubbery.net [13] [13] >>>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>>>> [14] [14] >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> This email message and its attachments are for the sole use >>>>>>> of the >>>>>>> intended recipient(s) and may not be shared with any other >>>>>>> party. >>>>>>> They may contain confidential information of 888 Holdings >>>>>>> plc or its >>>>>>> direct and indirect subsidiaries (together, the ?888 >>>>>>> Group?) and >>>>>>> are to be regarded as confidential information under any >>>>>>> non-disclosure agreement. Any review, use, disclosure or >>>>>>> distribution by persons or entities other than the intended >>>>>>> recipient(s) is prohibited. Nothing in this message is >>>>>>> capable of or >>>>>>> intended to create any legally binding obligation. The 888 >>>>>>> Group >>>>>>> will only ever assume a legally binding obligation where >>>>>>> recorded in >>>>>>> a written agreement duly executed by the authorized >>>>>>> signatories of >>>>>>> the relevant 888 Group company. The 888 Group accepts no >>>>>>> liability >>>>>>> for any personal views expressed in this message. If you >>>>>>> are not the >>>>>>> intended recipient, please contact the sender by return and >>>>>>> destroy >>>>>>> all copies of the original message and its attachments. >>>>>>> Thank you >>>>>>> _______________________________________________ >>>>>>> Rancid-discuss mailing list >>>>>>> Rancid-discuss at shrubbery.net [18] [18] >>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>>> [19] [19] >>>>>>> >>>>>> >>>>>> Links: >>>>>> ------ >>>>>> [1] mailto:rancid-discuss-bounces at shrubbery.net [21] >>>>>> [2] mailto:rancid-discuss at shrubbery.net [22] >>>>>> [3] mailto:krok at krok.za.net [23] >>>>>> [4] http://gmail.com [24] >>>>>> [5] mailto:Rancid-discuss at shrubbery.net [25] >>>>>> [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>> [26] >>>>>> [7] http://gmail.com [27] >>>>>> [8] mailto:Rancid-discuss at shrubbery.net [28] >>>>>> [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>> [29] >>>>>> [10] mailto:krok at krok.za.net [30] >>>>>> [11] mailto:Rancid-discuss at shrubbery.net [31] >>>>>> [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>> [32] >>>>>> [13] mailto:Rancid-discuss at shrubbery.net [33] >>>>>> [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>> [34] >>>>>> [15] mailto:john.kougoulos at gmail.com [35] >>>>>> [16] mailto:rancid-discuss at shrubbery.net [36] >>>>>> [17] mailto:Shaun.Krok at 888holdings.com [37] >>>>>> [18] mailto:Rancid-discuss at shrubbery.net [38] >>>>>> [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>>>>> [39] >>>>>> [20] mailto:Shaun.Krok at 888holdings.com [40] >>>>>> >>>>> >>>>> -- >>>>> Shaun Krok >>>>> Tel: 050 2424 381 >>>>> >>>> >> >> >> Links: >> ------ >> [1] mailto:rancid-discuss-bounces at shrubbery.net >> [2] mailto:rancid-discuss at shrubbery.net >> [3] mailto:krok at krok.za.net >> [4] http://gmail.com >> [5] mailto:Rancid-discuss at shrubbery.net >> [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [7] http://gmail.com >> [8] mailto:Rancid-discuss at shrubbery.net >> [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [10] mailto:krok at krok.za.net >> [11] mailto:Rancid-discuss at shrubbery.net >> [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [13] mailto:Rancid-discuss at shrubbery.net >> [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [15] mailto:john.kougoulos at gmail.com >> [16] mailto:rancid-discuss at shrubbery.net >> [17] mailto:Shaun.Krok at 888holdings.com >> [18] mailto:Rancid-discuss at shrubbery.net >> [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [20] mailto:Shaun.Krok at 888holdings.com >> [21] mailto:rancid-discuss-bounces at shrubbery.net >> [22] mailto:rancid-discuss at shrubbery.net >> [23] mailto:krok at krok.za.net >> [24] http://gmail.com >> [25] mailto:Rancid-discuss at shrubbery.net >> [26] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [27] http://gmail.com >> [28] mailto:Rancid-discuss at shrubbery.net >> [29] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [30] mailto:krok at krok.za.net >> [31] mailto:Rancid-discuss at shrubbery.net >> [32] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [33] mailto:Rancid-discuss at shrubbery.net >> [34] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [35] mailto:john.kougoulos at gmail.com >> [36] mailto:rancid-discuss at shrubbery.net >> [37] mailto:Shaun.Krok at 888holdings.com >> [38] mailto:Rancid-discuss at shrubbery.net >> [39] http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> [40] mailto:Shaun.Krok at 888holdings.com >> [41] mailto:krok at krok.za.net >> [42] mailto:lsy.annie at gmail.com >> [43] mailto:lsy.annie at gmail.com >> > > -- > Shaun Krok > Tel: 050 2424 381 > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- 898 ltm monitor dns dns { 899 accept-rcode no-error 900 answer-contains query-type 901 destination *:* 902 interval 5 903 qtype a 904 time-until-up 0 905 timeout 16 906 } 907 ltm monitor external external { 908 destination *:* 909 interval 5 910 time-until-up 0 911 timeout 16 912 } 913 ltm monitor firepass firepass { 914 cipherlist HIGH:!ADH 915 concurrency-limit 95 916 destination *:* 917 interval 5 918 max-load-average 12 919 time-until-up 0 920 timeout 16 921 username gtmuser 922 } 923 ltm monitor ftp ftp { 924 debug no 925 destination *:* 926 interval 10 927 mode passive 928 time-until-up 0 929 timeout 31 930 } 931 ltm monitor gateway-icmp gateway_icmp { 932 destination *:* 933 interval 5 934 time-until-up 0 935 timeout 16 936 } 937 ltm monitor http http { 938 destination *:* 939 interval 5 940 ip-dscp 0 941 send "GET /\r\n" 942 time-until-up 0 943 timeout 16 944 } 1070 ltm monitor nntp nntp { 1071 debug no 1072 destination *:* 1073 interval 5 1074 time-until-up 0 1075 timeout 16 1076 } 1077 ltm monitor none none { 1078 destination *:6666 1079 } 1080 ltm monitor oracle oracle { 1081 count 0 1082 database %node_ip%:%node_port%: 1083 debug no 1084 destination *:* 1085 interval 30 1086 time-until-up 0 1087 timeout 91 1088 } 1089 ltm monitor pop3 pop3 { 1090 debug no 1091 destination *:* 1092 interval 5 1093 time-until-up 0 1094 timeout 16 1095 } 1096 ltm monitor postgresql postgresql { 1097 count 0 1098 debug no 1099 destination *:* 1100 interval 30 1101 time-until-up 0 1102 timeout 91 1103 } 1104 ltm monitor radius radius { 1105 debug no 1106 destination *:* 1107 interval 10 1108 time-until-up 0 1109 timeout 31 1110 } 1111 ltm monitor radius-accounting radius_accounting { 1112 debug no 1113 destination *:* 1114 interval 10 1115 time-until-up 0 1116 timeout 31 1117 } 1118 ltm monitor real-server real_server { 1119 agent "Mozilla/4.0 (compatible: MSIE 5.0; Windows NT)" 1120 command GetServerStats 1121 interval 5 1122 method GET 1123 metrics "ServerBandwidth:1.5, CPUPercentUsage, MemoryUsage, TotalClientCount" 1124 time-until-up 0 1125 timeout 16 1126 } 1127 ltm monitor rpc rpc { 1128 debug no 1129 destination *:* 1130 interval 10 1131 mode tcp 1132 time-until-up 0 1133 timeout 31 1134 } 1135 ltm monitor sasp sasp { 1136 interval auto 1137 mode pull 1138 protocol tcp 1139 service 3860 1140 time-until-up 0 1141 } 1142 ltm monitor scripted scripted { 1143 debug no 1144 destination *:* 1145 interval 10 1146 time-until-up 0 1147 timeout 31 1148 } 1149 ltm monitor sip sip { 1150 cipherlist DEFAULT:+SHA:+3DES:+kEDH 1151 compatibility enabled 1152 debug no 1153 destination *:* 1154 interval 5 1155 mode udp 1156 time-until-up 0 1157 timeout 16 1158 } 1159 ltm monitor smb smb { 1160 debug no 1161 destination *:* 1162 interval 10 1163 time-until-up 0 1164 timeout 31 1165 } 1166 ltm monitor smtp smtp { 1167 debug no 1168 destination *:* 1169 interval 5 1170 time-until-up 0 1171 timeout 16 1172 } 1173 ltm monitor snmp-dca snmp_dca { 1174 agent-type UCD 1175 community public 1176 cpu-coefficient 1.5 1177 cpu-threshold 80 1178 disk-coefficient 2.0 1179 disk-threshold 90 1180 interval 10 1181 memory-coefficient 1.0 1182 memory-threshold 70 1183 time-until-up 0 1184 timeout 30 1185 version v1 1186 } 1187 ltm monitor snmp-dca-base snmp_dca_base { 1188 community public 1189 interval 10 1190 time-until-up 0 1191 timeout 30 1192 version v1 1193 } 1194 ltm monitor soap soap { 1195 debug no 1196 destination *:* 1197 expect-fault no 1198 interval 5 1199 protocol http 1200 time-until-up 0 1201 timeout 16 1202 } 1203 ltm monitor tcp tcp { 1204 destination *:* 1205 interval 5 1206 ip-dscp 0 1207 time-until-up 0 1208 timeout 16 1209 } 1210 ltm monitor tcp-echo tcp_echo { 1211 interval 5 1212 time-until-up 0 1213 timeout 16 1214 } 1215 ltm monitor tcp-half-open TCP-HALF-10secs { 1216 defaults-from tcp_half_open 1217 description "Modified TCP Half-Open" 1218 destination *:* 1219 interval 10 1220 time-until-up 0 1221 timeout 21 1222 } 1223 ltm monitor tcp-half-open tcp_half_open { 1224 destination *:* 1225 interval 5 1226 time-until-up 0 1227 timeout 16 1228 } 1229 ltm monitor udp udp { 1230 debug no 1231 destination *:* 1232 interval 5 1233 send "default send string" 1234 time-until-up 0 1235 timeout 16 1236 } 1237 ltm monitor virtual-location virtual_location { 1238 debug no 1239 interval 5 1240 time-until-up 0 1241 timeout 16 1242 } 1243 ltm monitor wap wap { 1244 debug no 1245 destination *:* 1246 interval 10 1247 time-until-up 0 1248 timeout 31 1249 } 1250 ltm monitor wmi wmi { 1251 agent "Mozilla/4.0 (compatible: MSIE 5.0; Windows NT)" 1252 command "GetCPUInfo, GetDiskInfo, GetOSInfo" 1253 destination *:http 1254 interval 5 1255 method POST 1256 metrics "LoadPercentage, DiskUsage, PhysicalMemoryUsage:1.5, VirtualMemoryUsage:2.0" 1257 post RespFormat=HTML 1258 time-until-up 0 1259 timeout 16 1260 url /scripts/F5Isapi.dll 1261 } 1357 } 1358 ltm persistence cookie cookie { 1359 app-service none 1360 cookie-name none 1361 expiration 0 1362 hash-length 0 1363 hash-offset 0 1364 method insert 1365 mirror disabled 1366 } 1367 ltm persistence dest-addr dest_addr { 1368 app-service none 1369 mask none 1370 mirror disabled 1371 timeout 180 1372 } 1373 ltm persistence global-settings { } 1374 ltm persistence hash hash { 1375 app-service none 1376 mirror disabled 1377 rule none 1378 timeout 180 1379 } 1380 ltm persistence msrdp msrdp { 1381 app-service none 1382 has-session-dir yes 1383 mirror disabled 1384 timeout 300 1385 } 1386 ltm persistence sip sip_info { 1387 app-service none 1388 mirror disabled 1389 timeout 180 1390 } 1391 ltm persistence source-addr source_addr { 1392 app-service none 1393 map-proxies enabled 1394 mask none 1395 mirror disabled 1396 timeout 180 1397 } 1398 ltm persistence ssl ssl { 1399 app-service none 1400 mirror disabled 1401 timeout 300 1402 } 1403 ltm persistence universal universal { 1404 app-service none 1405 mirror disabled 1406 rule none 1407 timeout 180 1408 } 1409 ltm policy _sys_CEC_SSL_policy { 1410 controls { classification } 1411 requires { ssl-persistence } 1412 rules { 1413 akamai_cert_1 { 1414 actions { 1415 1 { 1416 pem 1417 ssl-server-handshake 1418 classify 1419 application /Common/akamai 1420 ssl-session-id 1421 } 1422 } 1423 conditions { 1424 1 { 1425 ssl-cert 1426 ssl-server-handshake 1427 common-name 1428 ends-with 1429 values { .edgecastcdn.net .akamai.net .edgekey.net } 1430 } 1431 } 1432 ordinal 10004 1433 } 1434 akamai_sni_1 { 1435 actions { 1436 1 { 1437 pem 1438 ssl-client-hello 1439 classify 1440 application /Common/akamai 1441 ssl-session-id 1442 } 1443 } 1444 conditions { 1445 1 { 1446 ssl-extension 1447 ssl-client-hello 1448 server-name 1449 ends-with 1450 values { .edgecastcdn.net .akamaihd.net .edgekey.net } 1451 } 1452 } 1453 ordinal 10005 1454 } 1455 amazon_adv_cert_1 { 1456 actions { 1457 1 { 1458 pem 1459 ssl-server-handshake 1460 classify 1461 application /Common/amazon_adv 1462 ssl-session-id 1463 } 1464 } 1465 conditions { 1466 1 { 1467 ssl-cert 1468 ssl-server-handshake 1469 common-name 1470 ends-with 1471 values { .amazon-adsystem.com } 1472 } 1473 } 1474 ordinal 196 1475 } 1476 amazon_adv_sni_1 { 1477 actions { 1478 1 { 1479 pem 1480 ssl-client-hello 1481 classify 1482 application /Common/amazon_adv 1483 ssl-session-id 1484 } 1485 } 1486 conditions { 1487 1 { 1488 ssl-extension 1489 ssl-client-hello 1490 server-name 1491 ends-with 1492 values { .amazon-adsystem.com } 1493 } 1494 } 1495 ordinal 197 1496 } 1497 amazon_aws_cert_1 { 1498 actions { 1499 1 { 1500 pem 1501 ssl-server-handshake 1502 classify 1503 application /Common/amazon_aws 1504 ssl-session-id 1505 } 1506 } 1507 conditions { 1508 1 { 1509 ssl-cert 1510 ssl-server-handshake 1511 common-name 1512 ends-with 1513 values { .cloudfront.net .amazon.com } 1514 } 1515 } 1516 ordinal 10002 1517 } 1518 amazon_aws_sni_1 { 1519 actions { 1520 1 { 1521 pem 1522 ssl-client-hello 1523 classify 1524 application /Common/amazon_aws 1525 ssl-session-id 1526 } 1527 } 1528 conditions { 1529 1 { 1530 ssl-extension 1531 ssl-client-hello 1532 server-name 1533 ends-with 1534 values { .cloudfront.net .amazon.com } 1535 } 1536 } 1537 ordinal 10003 1538 } 1539 amazon_cert_1 { 1540 actions { 1541 1 { 1542 pem 1543 ssl-server-handshake 1544 classify 1545 application /Common/amazon 1546 ssl-session-id 1547 } 1548 } 1549 conditions { 1550 1 { 1551 ssl-cert 1552 ssl-server-handshake 1553 common-name 1554 ends-with 1555 values { .amazon.com -amazon.com } 1556 } 1557 } 1558 ordinal 192 1559 } 1560 amazon_cert_2 { 1561 actions { 1562 1 { 1563 pem 1564 ssl-server-handshake 1565 classify 1566 application /Common/amazon 1567 ssl-session-id 1568 } 1569 } 1570 conditions { 1571 1 { 1572 ssl-cert 1573 ssl-server-handshake 1574 common-name 1575 contains 1576 values { .amazon. } 1577 } 1578 } 1579 ordinal 194 1580 } 1581 amazon_sni_1 { 1582 actions { 1583 1 { 1584 pem 1585 ssl-client-hello 1586 classify 1587 application /Common/amazon 1588 ssl-session-id 1589 } 1590 } 1591 conditions { 1592 1 { 1593 ssl-extension 1594 ssl-client-hello 1595 server-name 1596 ends-with 1597 values { .amazon.com -amazon.com } 1598 } 1599 } 1600 ordinal 193 1601 } 1602 amazon_sni_2 { 1603 actions { 1604 1 { 1605 pem 1606 ssl-client-hello 1607 classify 1608 application /Common/amazon 1609 ssl-session-id 1610 } 1611 } 1612 conditions { 1613 1 { 1614 ssl-extension 1615 ssl-client-hello 1616 server-name 1617 contains 1618 values { .amazon. } 1619 } 1620 } 1621 ordinal 195 1622 } 1623 americanexpress_cert_1 { 1624 actions { 1625 1 { 1626 pem 1627 ssl-server-handshake 1628 classify 1629 application /Common/americanexpress 1630 ssl-session-id 1631 } 1632 } 1633 conditions { 1634 1 { 1635 ssl-cert 1636 ssl-server-handshake 1637 common-name 1638 ends-with 1639 values { .americanexpress.com .aexp-static.com } 1640 } 1641 } 1642 ordinal 230 1643 } 1644 americanexpress_cert_sni_1 { 1645 actions { 1646 1 { 1647 pem 1648 ssl-server-handshake 1649 classify 1650 application /Common/americanexpress 1651 ssl-session-id 1652 } 1653 } 1654 conditions { 1655 1 { 1656 ssl-cert 1657 ssl-server-handshake 1658 common-name 1659 ends-with 1660 values { .2o7.net .demdex.net } 1661 } 1662 2 { 1663 ssl-extension 1664 ssl-client-hello 1665 server-name 1666 starts-with 1667 values { 2americanexpress. aexp.demdex.net } 1668 } 1669 } 1670 ordinal 232 1671 } 1672 americanexpress_sni_1 { 1673 actions { 1674 1 { 1675 pem 1676 ssl-client-hello 1677 classify 1678 application /Common/americanexpress 1679 ssl-session-id 1680 } 1681 } 1682 conditions { 1683 1 { 1684 ssl-extension 1685 ssl-client-hello 1686 server-name 1687 ends-with 1688 values { .americanexpress.com .aexp-static.com } 1689 } 1690 } 1691 ordinal 231 1692 } 1693 apple_cert_1 { 1694 actions { 1695 1 { 1696 pem 1697 ssl-server-handshake 1698 classify 1699 application /Common/apple 1700 ssl-session-id 1701 } 1702 } 1703 conditions { 1704 1 { 1705 ssl-cert 1706 ssl-server-handshake 1707 common-name 1708 values { apple.com } 1709 } 1710 } 1711 ordinal 146 1712 } 1713 apple_cert_2 { 1714 actions { 1715 1 { 1716 pem 1717 ssl-server-handshake 1718 classify 1719 application /Common/apple 1720 ssl-session-id 1721 } 1722 } 1723 conditions { 1724 1 { 1725 ssl-cert 1726 ssl-server-handshake 1727 common-name 1728 ends-with 1729 values { .apple.com .cdn-apple.com } 1730 } 1731 } 1732 ordinal 148 1733 } 1734 apple_sni_1 { 1735 actions { 1736 1 { 1737 pem 1738 ssl-client-hello 1739 classify 1740 application /Common/apple 1741 ssl-session-id 1742 } 1743 } 1744 conditions { 1745 1 { 1746 ssl-extension 1747 ssl-client-hello 1748 server-name 1749 values { apple.com } 1750 } 1751 } 1752 ordinal 147 1753 } 1754 apple_sni_2 { 1755 actions { 1756 1 { 1757 pem 1758 ssl-client-hello 1759 classify 1760 application /Common/apple 1761 ssl-session-id 1762 } 1763 } 1764 conditions { 1765 1 { 1766 ssl-extension 1767 ssl-client-hello 1768 server-name 1769 ends-with 1770 values { .apple.com .cdn-apple.com } 1771 } 1772 } 1773 ordinal 149 1774 } 1775 badoo_cert_1 { 1776 actions { 1777 1 { 1778 pem 1779 ssl-server-handshake 1780 classify 1781 application /Common/badoo 1782 ssl-session-id 1783 } 1784 } 1785 conditions { 1786 1 { 1787 ssl-cert 1788 ssl-server-handshake 1789 common-name 1790 ends-with 1791 values { .badoo.com .badoocdn.com } 1792 } 1793 } 1794 ordinal 140 1795 } 1796 badoo_sni_1 { 1797 actions { 1798 1 { 1799 pem 1800 ssl-client-hello 1801 classify 1802 application /Common/badoo 1803 ssl-session-id 1804 } 1805 } 1806 conditions { 1807 1 { 1808 ssl-extension 1809 ssl-client-hello 1810 server-name 1811 ends-with 1812 values { badoo.com badoocdn.com } 1813 } 1814 } 1815 ordinal 141 1816 } 1817 baidu_cert_1 { 1818 actions { 1819 1 { 1820 pem 1821 ssl-server-handshake 1822 classify 1823 application /Common/baidu 1824 ssl-session-id 1825 } 1826 } 1827 conditions { 1828 1 { 1829 ssl-cert 1830 ssl-server-handshake 1831 common-name 1832 ends-with 1833 values { .baidu.com } 1834 } 1835 } 1836 ordinal 190 1837 } 1838 baidu_sni_1 { 1839 actions { 1840 1 { 1841 pem 1842 ssl-client-hello 1843 classify 1844 application /Common/baidu 1845 ssl-session-id 1846 } 1847 } 1848 conditions { 1849 1 { 1850 ssl-extension 1851 ssl-client-hello 1852 server-name 1853 ends-with 1854 values { .baidu.com } 1855 } 1856 } 1857 ordinal 191 1858 } 1859 bing_cert_1 { 1860 actions { 1861 1 { 1862 pem 1863 ssl-server-handshake 1864 classify 1865 application /Common/bing 1866 ssl-session-id 1867 } 1868 } 1869 conditions { 1870 1 { 1871 ssl-cert 1872 ssl-server-handshake 1873 common-name 1874 ends-with 1875 values { .bing.com .virtualearth.net } 1876 } 1877 } 1878 ordinal 100 1879 } 1880 bing_sni_1 { 1881 actions { 1882 1 { 1883 pem 1884 ssl-client-hello 1885 classify 1886 application /Common/bing 1887 ssl-session-id 1888 } 1889 } 1890 conditions { 1891 1 { 1892 ssl-extension 1893 ssl-client-hello 1894 server-name 1895 ends-with 1896 values { .bing.com .virtualearth.net } 1897 } 1898 } 1899 ordinal 101 1900 } 1901 blogger_cert_1 { 1902 actions { 1903 1 { 1904 pem 1905 ssl-server-handshake 1906 classify 1907 application /Common/blogger 1908 ssl-session-id 1909 } 1910 } 1911 conditions { 1912 1 { 1913 ssl-cert 1914 ssl-server-handshake 1915 common-name 1916 ends-with 1917 values { .blogger.com } 1918 } 1919 } 1920 ordinal 130 1921 } 1922 blogger_sni_1 { 1923 actions { 1924 1 { 1925 pem 1926 ssl-client-hello 1927 classify 1928 application /Common/blogger 1929 ssl-session-id 1930 } 1931 } 1932 conditions { 1933 1 { 1934 ssl-extension 1935 ssl-client-hello 1936 server-name 1937 ends-with 1938 values { .blogger.com } 1939 } 1940 } 1941 ordinal 131 1942 } 1943 break_cert_1 { 1944 actions { 1945 1 { 1946 pem 1947 ssl-server-handshake 1948 classify 1949 application /Common/break 1950 ssl-session-id 1951 } 1952 } 1953 conditions { 1954 1 { 1955 ssl-cert 1956 ssl-server-handshake 1957 common-name 1958 ends-with 1959 values { .break.com } 1960 } 1961 } 1962 ordinal 239 1963 } 1964 break_sni_1 { 1965 actions { 1966 1 { 1967 pem 1968 ssl-client-hello 1969 classify 1970 application /Common/break 1971 ssl-session-id 1972 } 1973 } 1974 conditions { 1975 1 { 1976 ssl-extension 1977 ssl-client-hello 1978 server-name 1979 ends-with 1980 values { .break.com } 1981 } 1982 } 1983 ordinal 240 1984 } 1985 cartoonnetwork_cert_1 { 1986 actions { 1987 1 { 1988 pem 1989 ssl-server-handshake 1990 classify 1991 application /Common/cartoonnetwork 1992 ssl-session-id 1993 } 1994 } 1995 conditions { 1996 1 { 1997 ssl-cert 1998 ssl-server-handshake 1999 common-name 2000 ends-with 2001 values { .cartoonnetwork.com } 2002 } 2003 } 2004 ordinal 243 2005 } 2006 cartoonnetwork_sni_1 { 2007 actions { 2008 1 { 2009 pem 2010 ssl-client-hello 2011 classify 2012 application /Common/cartoonnetwork 2013 ssl-session-id 2014 } 2015 } 2016 conditions { 2017 1 { 2018 ssl-extension 2019 ssl-client-hello 2020 server-name 2021 ends-with 2022 values { .cartoonnetwork.com } 2023 } 2024 } 2025 ordinal 244 2026 } 2027 classmates_cert_1 { 2028 actions { 2029 1 { 2030 pem 2031 ssl-server-handshake 2032 classify 2033 application /Common/classmates 2034 ssl-session-id 2035 } 2036 } 2037 conditions { 2038 1 { 2039 ssl-cert 2040 ssl-server-handshake 2041 common-name 2042 ends-with 2043 values { .classmates.com } 2044 } 2045 } 2046 ordinal 233 2047 } 2048 classmates_sni_1 { 2049 actions { 2050 1 { 2051 pem 2052 ssl-client-hello 2053 classify 2054 application /Common/classmates 2055 ssl-session-id 2056 } 2057 } 2058 conditions { 2059 1 { 2060 ssl-extension 2061 ssl-client-hello 2062 server-name 2063 ends-with 2064 values { .classmates.com } 2065 } 2066 } 2067 ordinal 234 2068 } 2069 common_adv_cert_1 { 2070 actions { 2071 1 { 2072 pem 2073 ssl-server-handshake 2074 classify 2075 application /Common/common_adv 2076 ssl-session-id 2077 } 2078 } 2079 conditions { 2080 1 { 2081 ssl-cert 2082 ssl-server-handshake 2083 common-name 2084 ends-with 2085 values { .admedia.com .adnxs.com .admitad.com .adobetag.com .advertising.com .bkrtx.com .bluekai.com .casalemedia.com .flashtalking.com .kissmetrics.com .lphbs.com .luxup.ru .mixpanel.com .newrelic.com .nexac.com .optimizely.com .quantserve.com .realmedia.com .sc.omtrdc.net .scorecardresearch.com .superfish.com .xiti.com } 2086 } 2087 } 2088 ordinal 10000 2089 } 2090 common_adv_sni_1 { 2091 actions { 2092 1 { 2093 pem 2094 ssl-client-hello 2095 classify 2096 application /Common/common_adv 2097 ssl-session-id 2098 } 2099 } 2100 conditions { 2101 1 { 2102 ssl-extension 2103 ssl-client-hello 2104 server-name 2105 ends-with 2106 values { .admedia.com .adnxs.com .admitad.com .adobetag.com .advertising.com .bkrtx.com .bluekai.com .casalemedia.com .flashtalking.com .kissmetrics.com .lphbs.com .luxup.ru .mixpanel.com .newrelic.com .nexac.com .optimizely.com .quantserve.com .realmedia.com .sc.omtrdc.net .scorecardresearch.com .superfish.com .xiti.com } 2107 } 2108 } 2109 ordinal 10001 2110 } 2111 doubleclick_cert_1 { 2112 actions { 2113 1 { 2114 pem 2115 ssl-server-handshake 2116 classify 2117 application /Common/doubleclick_ads 2118 ssl-session-id 2119 } 2120 } 2121 conditions { 2122 1 { 2123 ssl-cert 2124 ssl-server-handshake 2125 common-name 2126 ends-with 2127 values { .doubleclick.net } 2128 } 2129 } 2130 ordinal 27 2131 } 2132 doubleclick_sni_1 { 2133 actions { 2134 1 { 2135 pem 2136 ssl-client-hello 2137 classify 2138 application /Common/doubleclick_ads 2139 ssl-session-id 2140 } 2141 } 2142 conditions { 2143 1 { 2144 ssl-extension 2145 ssl-client-hello 2146 server-name 2147 ends-with 2148 values { .doubleclick.net .2mdn.net } 2149 } 2150 } 2151 ordinal 28 2152 } 2153 dropbox_cert_1 { 2154 actions { 2155 1 { 2156 pem 2157 ssl-server-handshake 2158 classify 2159 application /Common/dropbox 2160 ssl-session-id 2161 } 2162 } 2163 conditions { 2164 1 { 2165 ssl-cert 2166 ssl-server-handshake 2167 common-name 2168 ends-with 2169 values { .dropbox.com .dropboxusercontent.com } 2170 } 2171 } 2172 ordinal 135 2173 } 2174 dropbox_sni_1 { 2175 actions { 2176 1 { 2177 pem 2178 ssl-client-hello 2179 classify 2180 application /Common/dropbox 2181 ssl-session-id 2182 } 2183 } 2184 conditions { 2185 1 { 2186 ssl-extension 2187 ssl-client-hello 2188 server-name 2189 ends-with 2190 values { .dropbox.com .dropboxusercontent.com dt8kf6553cww8.cloudfront.net } 2191 } 2192 } 2193 ordinal 136 2194 } 2195 ebay_cert_1 { 2196 actions { 2197 1 { 2198 pem 2199 ssl-server-handshake 2200 classify 2201 application /Common/ebay 2202 ssl-session-id 2203 } 2204 } 2205 conditions { 2206 1 { 2207 ssl-cert 2208 ssl-server-handshake 2209 common-name 2210 ends-with 2211 values { .ebay.com .ebaystatic.com .ebayrtm.com } 2212 } 2213 } 2214 ordinal 182 2215 } 2216 ebay_cert_sni_1 { 2217 actions { 2218 1 { 2219 pem 2220 ssl-server-handshake 2221 classify 2222 application /Common/ebay 2223 ssl-session-id 2224 } 2225 } 2226 conditions { 2227 1 { 2228 ssl-extension 2229 ssl-client-hello 2230 server-name 2231 contains 2232 values { .ebay. } 2233 } 2234 } 2235 ordinal 184 2236 } 2237 ebay_sni_1 { 2238 actions { 2239 1 { 2240 pem 2241 ssl-client-hello 2242 classify 2243 application /Common/ebay 2244 ssl-session-id 2245 } 2246 } 2247 conditions { 2248 1 { 2249 ssl-extension 2250 ssl-client-hello 2251 server-name 2252 ends-with 2253 values { .ebay.com .ebaystatic.com .ebayrtm.com } 2254 } 2255 } 2256 ordinal 183 2257 } 2258 espn_cert_1 { 2259 actions { 2260 1 { 2261 pem 2262 ssl-server-handshake 2263 classify 2264 application /Common/espn 2265 ssl-session-id 2266 } 2267 } 2268 conditions { 2269 1 { 2270 ssl-cert 2271 ssl-server-handshake 2272 common-name 2273 ends-with 2274 values { .espn.go.com } 2275 } 2276 } 2277 ordinal 185 2278 } 2279 espn_sni_1 { 2280 actions { 2281 1 { 2282 pem 2283 ssl-client-hello 2284 classify 2285 application /Common/espn 2286 ssl-session-id 2287 } 2288 } 2289 conditions { 2290 1 { 2291 ssl-extension 2292 ssl-client-hello 2293 server-name 2294 ends-with 2295 values { .espn.go.com } 2296 } 2297 } 2298 ordinal 186 2299 } 2300 facebook_cert_1 { 2301 actions { 2302 1 { 2303 pem 2304 ssl-server-handshake 2305 classify 2306 application /Common/facebook 2307 ssl-session-id 2308 } 2309 } 2310 conditions { 2311 1 { 2312 ssl-cert 2313 ssl-server-handshake 2314 common-name 2315 ends-with 2316 values { .facebook.com .fbcdn.net } 2317 } 2318 } 2319 ordinal 70 2320 } 2321 facebook_sni_1 { 2322 actions { 2323 1 { 2324 pem 2325 ssl-client-hello 2326 classify 2327 application /Common/facebook 2328 ssl-session-id 2329 } 2330 } 2331 conditions { 2332 1 { 2333 ssl-extension 2334 ssl-client-hello 2335 server-name 2336 ends-with 2337 values { .facebook.com .fbcdn.net } 2338 } 2339 } 2340 ordinal 71 2341 } 2342 facebook_sni_2 { 2343 actions { 2344 1 { 2345 pem 2346 ssl-client-hello 2347 classify 2348 application /Common/facebook 2349 ssl-session-id 2350 } 2351 } 2352 conditions { 2353 1 { 2354 ssl-extension 2355 ssl-client-hello 2356 server-name 2357 starts-with 2358 values { fbexternal- fbstatic- fbcdn- } 2359 } 2360 2 { 2361 ssl-extension 2362 ssl-client-hello 2363 server-name 2364 ends-with 2365 values { .akamaihd.net } 2366 } 2367 } 2368 ordinal 72 2369 } 2370 flickr_cert_1 { 2371 actions { 2372 1 { 2373 pem 2374 ssl-server-handshake 2375 classify 2376 application /Common/flickr 2377 ssl-session-id 2378 } 2379 } 2380 conditions { 2381 1 { 2382 ssl-cert 2383 ssl-server-handshake 2384 common-name 2385 ends-with 2386 values { .staticflickr.com .flickr.com } 2387 } 2388 } 2389 ordinal 160 2390 } 2391 flickr_sni_1 { 2392 actions { 2393 1 { 2394 pem 2395 ssl-client-hello 2396 classify 2397 application /Common/flickr 2398 ssl-session-id 2399 } 2400 } 2401 conditions { 2402 1 { 2403 ssl-extension 2404 ssl-client-hello 2405 server-name 2406 ends-with 2407 values { .staticflickr.com .flickr.com } 2408 } 2409 } 2410 ordinal 161 2411 } 2412 friendster_cert_1 { 2413 actions { 2414 1 { 2415 pem 2416 ssl-server-handshake 2417 classify 2418 application /Common/friendster 2419 ssl-session-id 2420 } 2421 } 2422 conditions { 2423 1 { 2424 ssl-cert 2425 ssl-server-handshake 2426 common-name 2427 ends-with 2428 values { .friendster.com } 2429 } 2430 } 2431 ordinal 133 2432 } 2433 friendster_sni_1 { 2434 actions { 2435 1 { 2436 pem 2437 ssl-client-hello 2438 classify 2439 application /Common/friendster 2440 ssl-session-id 2441 } 2442 } 2443 conditions { 2444 1 { 2445 ssl-extension 2446 ssl-client-hello 2447 server-name 2448 ends-with 2449 values { .friendster.com d3lihw2jc2z1gc.cloudfront.net } 2450 } 2451 } 2452 ordinal 134 2453 } 2454 google_ads_cert_1 { 2455 actions { 2456 1 { 2457 pem 2458 ssl-server-handshake 2459 classify 2460 application /Common/google 2461 ssl-session-id 2462 } 2463 2 { 2464 pem 2465 ssl-server-handshake 2466 classify 2467 application /Common/google_ads 2468 ssl-session-id 2469 } 2470 } 2471 conditions { 2472 1 { 2473 ssl-cert 2474 ssl-server-handshake 2475 common-name 2476 ends-with 2477 values { .googleadservices.com .googlesyndication.com .googletagservices.com } 2478 } 2479 } 2480 ordinal 22 2481 } 2482 google_ads_sni_1 { 2483 actions { 2484 1 { 2485 pem 2486 ssl-client-hello 2487 classify 2488 application /Common/google 2489 ssl-session-id 2490 } 2491 2 { 2492 pem 2493 ssl-client-hello 2494 classify 2495 application /Common/google_ads 2496 ssl-session-id 2497 } 2498 } 2499 conditions { 2500 1 { 2501 ssl-extension 2502 ssl-client-hello 2503 server-name 2504 ends-with 2505 values { .googleadservices.com .googlesyndication.com } 2506 } 2507 } 2508 ordinal 23 2509 } 2510 google_analytics_cert_1 { 2511 actions { 2512 1 { 2513 pem 2514 ssl-server-handshake 2515 classify 2516 application /Common/google 2517 ssl-session-id 2518 } 2519 2 { 2520 pem 2521 ssl-server-handshake 2522 classify 2523 application /Common/google_analytics 2524 ssl-session-id 2525 } 2526 } 2527 conditions { 2528 1 { 2529 ssl-cert 2530 ssl-server-handshake 2531 common-name 2532 ends-with 2533 values { .google-analytics.com } 2534 } 2535 } 2536 ordinal 16 2537 } 2538 google_analytics_sni_1 { 2539 actions { 2540 1 { 2541 pem 2542 ssl-client-hello 2543 classify 2544 application /Common/google 2545 ssl-session-id 2546 } 2547 2 { 2548 pem 2549 ssl-client-hello 2550 classify 2551 application /Common/google_analytics 2552 ssl-session-id 2553 } 2554 } 2555 conditions { 2556 1 { 2557 ssl-extension 2558 ssl-client-hello 2559 server-name 2560 ends-with 2561 values { .google-analytics.com } 2562 } 2563 } 2564 ordinal 17 2565 } 2566 google_cache_cert_1 { 2567 actions { 2568 1 { 2569 pem 2570 ssl-server-handshake 2571 classify 2572 application /Common/google 2573 ssl-session-id 2574 } 2575 2 { 2576 pem 2577 ssl-server-handshake 2578 classify 2579 application /Common/google_cache 2580 ssl-session-id 2581 } 2582 } 2583 conditions { 2584 1 { 2585 ssl-cert 2586 ssl-server-handshake 2587 common-name 2588 ends-with 2589 values { .googleusercontent.com } 2590 } 2591 } 2592 ordinal 20 2593 } 2594 google_cache_sni_1 { 2595 actions { 2596 1 { 2597 pem 2598 ssl-client-hello 2599 classify 2600 application /Common/google 2601 ssl-session-id 2602 } 2603 2 { 2604 pem 2605 ssl-client-hello 2606 classify 2607 application /Common/google_cache 2608 ssl-session-id 2609 } 2610 } From jwbensley at gmail.com Wed Feb 11 12:02:29 2015 From: jwbensley at gmail.com (James Bensley) Date: Wed, 11 Feb 2015 12:02:29 +0000 Subject: [rancid] Reverse RANCID Message-ID: Hi All, I am think about writing a web interface that uses RANCID in the background to make configuration changes on devices. Since RANCID has a bunch of scripts for various device types my thinking is a simple-ish web interface in which I can paste in some config and then use RANCID to log into the device and input the config, also though I can specify some commands and RANCID will run though them and capture output which can be passed to Bash/PERL/Python scripts to interogate the output and check that the BGP sessions have come back up or that the number of routes in a VRF is still the same etc. The goal is: Anything I do on the CLI when making changes to devices can be automated. I know I can push config using the RANCID CLI wrapper scripts but I'm wondering if anyone has done this before to extend RANCID to also run "show" style commands and interogated the output to make checks to valid the success of the change, and also if anyone has made a web interface already (other than the CVS types for RANCID's normal purpose of backing up rather than pushing config) ? Kind regards, James. From alan.mckinnon at gmail.com Wed Feb 11 15:31:58 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 11 Feb 2015 17:31:58 +0200 Subject: [rancid] Reverse RANCID In-Reply-To: References: Message-ID: <54DB75EE.3090207@gmail.com> On 11/02/2015 14:02, James Bensley wrote: > Hi All, > > I am think about writing a web interface that uses RANCID in the > background to make configuration changes on devices. Since RANCID has > a bunch of scripts for various device types my thinking is a > simple-ish web interface in which I can paste in some config and then > use RANCID to log into the device and input the config, also though I > can specify some commands and RANCID will run though them and capture > output which can be passed to Bash/PERL/Python scripts to interogate > the output and check that the BGP sessions have come back up or that > the number of routes in a VRF is still the same etc. > > The goal is: Anything I do on the CLI when making changes to devices > can be automated. > > I know I can push config using the RANCID CLI wrapper scripts but I'm > wondering if anyone has done this before to extend RANCID to also run > "show" style commands and interogated the output to make checks to > valid the success of the change, and also if anyone has made a web > interface already (other than the CVS types for RANCID's normal > purpose of backing up rather than pushing config) ? It doesn't make sense to extend rancid in this way. Consider rancid's purpose: it logs in, captures the config, diffs it and stores the result. Then tells you what the diff is. None of that involves in any way changing the device in question and it is highly recommended that you lock down the rancid user to only the specific commands listed in @commands. There is one part of rancid that enables you to do config changes however: clogin Rather do something like this: Get the changes you want to make from the user, apply them using clogin and then write a framework that will do the double-checking you describe. Rancid itself has no code you can leverage to do any of that. It's best done in an entirely separate system, with the added benefit that rancid will come along in an hour and record the fact of a change made. All this depends however on your Risk department being OK with the idea. I know mine would shoot me at the very thought :-) -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Wed Feb 11 17:16:26 2015 From: heas at shrubbery.net (heasley) Date: Wed, 11 Feb 2015 17:16:26 +0000 Subject: [rancid] Reverse RANCID In-Reply-To: References: Message-ID: <20150211171626.GA31410@shrubbery.net> Wed, Feb 11, 2015 at 12:02:29PM +0000, James Bensley: > Hi All, > > I am think about writing a web interface that uses RANCID in the > background to make configuration changes on devices. Since RANCID has > a bunch of scripts for various device types my thinking is a > simple-ish web interface in which I can paste in some config and then > use RANCID to log into the device and input the config, also though I > can specify some commands and RANCID will run though them and capture > output which can be passed to Bash/PERL/Python scripts to interogate > the output and check that the BGP sessions have come back up or that > the number of routes in a VRF is still the same etc. > > The goal is: Anything I do on the CLI when making changes to devices > can be automated. > > I know I can push config using the RANCID CLI wrapper scripts but I'm > wondering if anyone has done this before to extend RANCID to also run > "show" style commands and interogated the output to make checks to > valid the success of the change, and also if anyone has made a web > interface already (other than the CVS types for RANCID's normal > purpose of backing up rather than pushing config) ? not quite the same, but rancid comes with a version of Ed Kern's looking glass adapted to use rancid. you may gain some ideas from that. From adudek16 at gmail.com Wed Feb 11 15:49:33 2015 From: adudek16 at gmail.com (Aaron Dudek) Date: Wed, 11 Feb 2015 10:49:33 -0500 Subject: [rancid] Reverse RANCID In-Reply-To: <54DB75EE.3090207@gmail.com> References: <54DB75EE.3090207@gmail.com> Message-ID: Isn't this kind of the function Tail-F was proposing? On Wed, Feb 11, 2015 at 10:31 AM, Alan McKinnon wrote: > On 11/02/2015 14:02, James Bensley wrote: > > Hi All, > > > > I am think about writing a web interface that uses RANCID in the > > background to make configuration changes on devices. Since RANCID has > > a bunch of scripts for various device types my thinking is a > > simple-ish web interface in which I can paste in some config and then > > use RANCID to log into the device and input the config, also though I > > can specify some commands and RANCID will run though them and capture > > output which can be passed to Bash/PERL/Python scripts to interogate > > the output and check that the BGP sessions have come back up or that > > the number of routes in a VRF is still the same etc. > > > > The goal is: Anything I do on the CLI when making changes to devices > > can be automated. > > > > I know I can push config using the RANCID CLI wrapper scripts but I'm > > wondering if anyone has done this before to extend RANCID to also run > > "show" style commands and interogated the output to make checks to > > valid the success of the change, and also if anyone has made a web > > interface already (other than the CVS types for RANCID's normal > > purpose of backing up rather than pushing config) ? > > > > It doesn't make sense to extend rancid in this way. > > Consider rancid's purpose: it logs in, captures the config, diffs it and > stores the result. Then tells you what the diff is. > > None of that involves in any way changing the device in question and it > is highly recommended that you lock down the rancid user to only the > specific commands listed in @commands. > > > There is one part of rancid that enables you to do config changes > however: clogin > > Rather do something like this: > Get the changes you want to make from the user, apply them using clogin > and then write a framework that will do the double-checking you > describe. Rancid itself has no code you can leverage to do any of that. > It's best done in an entirely separate system, with the added benefit > that rancid will come along in an hour and record the fact of a change > made. > > All this depends however on your Risk department being OK with the idea. > I know mine would shoot me at the very thought :-) > > > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From skyeh at uidaho.edu Wed Feb 11 16:54:12 2015 From: skyeh at uidaho.edu (Hagen, Skye (skyeh@uidaho.edu)) Date: Wed, 11 Feb 2015 16:54:12 +0000 Subject: [rancid] Reverse RANCID In-Reply-To: <54DB75EE.3090207@gmail.com> References: <54DB75EE.3090207@gmail.com> Message-ID: I have been asked to do something similar where I work. The problem that I ran into was the verification process for certain kinds of jobs. For a simple change, that only affected the device itself, and if there was a problem, wouldn't cause a major outage, I could hack together some scripts to use clogin and do the job. But, when identical changes had to be made to several devices in coordination, no way. The number of ways things could go wrong, and the varieties of backout procedures, it just got too complex. And for something as potentially disruptive as making changes to a routing protocol, I always wanted to be hands on. On the other side of RANCID, you have a repository that contains a near real-time copy of your device configurations. I have written a number of auditing scripts that will determine all routed networks, and compare them against our network management system to make sure all routed networks are defined. I also use this list of routed networks to audit ACL's, to make sure that we clean up related ACL's when we delete networks. I audit the VLAN's to make sure they are all contiguous across all our switches. I also have a configuration auditing system that will compare a configuration file against a set of rules, and check for compliance. As I learned from an auditor, there are two ways to approach controlling something. Control it up front, or audit after the fact. In my case, auditing after the fact was a lot easier and quicker. Skye. On 2/11/15, 7:31 AM, "Alan McKinnon" wrote: >On 11/02/2015 14:02, James Bensley wrote: >> Hi All, >> >> I am think about writing a web interface that uses RANCID in the >> background to make configuration changes on devices. Since RANCID has >> a bunch of scripts for various device types my thinking is a >> simple-ish web interface in which I can paste in some config and then >> use RANCID to log into the device and input the config, also though I >> can specify some commands and RANCID will run though them and capture >> output which can be passed to Bash/PERL/Python scripts to interogate >> the output and check that the BGP sessions have come back up or that >> the number of routes in a VRF is still the same etc. >> >> The goal is: Anything I do on the CLI when making changes to devices >> can be automated. >> >> I know I can push config using the RANCID CLI wrapper scripts but I'm >> wondering if anyone has done this before to extend RANCID to also run >> "show" style commands and interogated the output to make checks to >> valid the success of the change, and also if anyone has made a web >> interface already (other than the CVS types for RANCID's normal >> purpose of backing up rather than pushing config) ? > > > >It doesn't make sense to extend rancid in this way. > >Consider rancid's purpose: it logs in, captures the config, diffs it and >stores the result. Then tells you what the diff is. > >None of that involves in any way changing the device in question and it >is highly recommended that you lock down the rancid user to only the >specific commands listed in @commands. > > >There is one part of rancid that enables you to do config changes >however: clogin > >Rather do something like this: >Get the changes you want to make from the user, apply them using clogin >and then write a framework that will do the double-checking you >describe. Rancid itself has no code you can leverage to do any of that. >It's best done in an entirely separate system, with the added benefit >that rancid will come along in an hour and record the fact of a change >made. > >All this depends however on your Risk department being OK with the idea. >I know mine would shoot me at the very thought :-) > > > > > > >-- >Alan McKinnon >alan.mckinnon at gmail.com > >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Thu Feb 12 00:39:09 2015 From: heas at shrubbery.net (heasley) Date: Thu, 12 Feb 2015 00:39:09 +0000 Subject: [rancid] Reverse RANCID In-Reply-To: References: <54DB75EE.3090207@gmail.com> Message-ID: <20150212003909.GQ38204@shrubbery.net> Wed, Feb 11, 2015 at 10:49:33AM -0500, Aaron Dudek: > Isn't this kind of the function Tail-F was proposing? sort of. the best way to introduce yourself to tail-f is to search for presentations by Carl Moberg; he does a fantastic job in various videos from NANOG, etc. From ttauber at 1-4-5.net Thu Feb 12 00:58:38 2015 From: ttauber at 1-4-5.net (Tony Tauber) Date: Wed, 11 Feb 2015 19:58:38 -0500 Subject: [rancid] Reverse RANCID In-Reply-To: <20150212003909.GQ38204@shrubbery.net> References: <54DB75EE.3090207@gmail.com> <20150212003909.GQ38204@shrubbery.net> Message-ID: You might also want to see a presentation on automation from NANOG63 just last week. This discusses using the NETCONF notion of a candidate config to do the syntax validation. Unfortunately the author indicated that in his experience only JunOS had good support for this so far. Something to aim for perhaps. Tony On Wed, Feb 11, 2015 at 7:39 PM, heasley wrote: > Wed, Feb 11, 2015 at 10:49:33AM -0500, Aaron Dudek: > > Isn't this kind of the function Tail-F was proposing? > > sort of. the best way to introduce yourself to tail-f is to search for > presentations by Carl Moberg; he does a fantastic job in various videos > from NANOG, etc. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From david.russell at dowjones.com Wed Feb 11 23:59:46 2015 From: david.russell at dowjones.com (Russell, David) Date: Wed, 11 Feb 2015 18:59:46 -0500 Subject: [rancid] Reverse RANCID In-Reply-To: References: <54DB75EE.3090207@gmail.com> Message-ID: That sounds very impressive and useful. Have you shared any of these scripts? Regards, David david.russell at dowjones.com On Wed, Feb 11, 2015 at 11:54 AM, Hagen, Skye (skyeh at uidaho.edu) < skyeh at uidaho.edu> wrote: > I have been asked to do something similar where I work. The problem that I > ran into was the verification process for certain kinds of jobs. For a > simple change, that only affected the device itself, and if there was a > problem, wouldn't cause a major outage, I could hack together some scripts > to use clogin and do the job. But, when identical changes had to be made > to several devices in coordination, no way. The number of ways things > could go wrong, and the varieties of backout procedures, it just got too > complex. And for something as potentially disruptive as making changes to > a routing protocol, I always wanted to be hands on. > > On the other side of RANCID, you have a repository that contains a near > real-time copy of your device configurations. I have written a number of > auditing scripts that will determine all routed networks, and compare them > against our network management system to make sure all routed networks are > defined. I also use this list of routed networks to audit ACL's, to make > sure that we clean up related ACL's when we delete networks. I audit the > VLAN's to make sure they are all contiguous across all our switches. I > also have a configuration auditing system that will compare a > configuration file against a set of rules, and check for compliance. > > As I learned from an auditor, there are two ways to approach controlling > something. Control it up front, or audit after the fact. In my case, > auditing after the fact was a lot easier and quicker. > > Skye. > > > On 2/11/15, 7:31 AM, "Alan McKinnon" wrote: > > >On 11/02/2015 14:02, James Bensley wrote: > >> Hi All, > >> > >> I am think about writing a web interface that uses RANCID in the > >> background to make configuration changes on devices. Since RANCID has > >> a bunch of scripts for various device types my thinking is a > >> simple-ish web interface in which I can paste in some config and then > >> use RANCID to log into the device and input the config, also though I > >> can specify some commands and RANCID will run though them and capture > >> output which can be passed to Bash/PERL/Python scripts to interogate > >> the output and check that the BGP sessions have come back up or that > >> the number of routes in a VRF is still the same etc. > >> > >> The goal is: Anything I do on the CLI when making changes to devices > >> can be automated. > >> > >> I know I can push config using the RANCID CLI wrapper scripts but I'm > >> wondering if anyone has done this before to extend RANCID to also run > >> "show" style commands and interogated the output to make checks to > >> valid the success of the change, and also if anyone has made a web > >> interface already (other than the CVS types for RANCID's normal > >> purpose of backing up rather than pushing config) ? > > > > > > > >It doesn't make sense to extend rancid in this way. > > > >Consider rancid's purpose: it logs in, captures the config, diffs it and > >stores the result. Then tells you what the diff is. > > > >None of that involves in any way changing the device in question and it > >is highly recommended that you lock down the rancid user to only the > >specific commands listed in @commands. > > > > > >There is one part of rancid that enables you to do config changes > >however: clogin > > > >Rather do something like this: > >Get the changes you want to make from the user, apply them using clogin > >and then write a framework that will do the double-checking you > >describe. Rancid itself has no code you can leverage to do any of that. > >It's best done in an entirely separate system, with the added benefit > >that rancid will come along in an hour and record the fact of a change > >made. > > > >All this depends however on your Risk department being OK with the idea. > >I know mine would shoot me at the very thought :-) > > > > > > > > > > > > > >-- > >Alan McKinnon > >alan.mckinnon at gmail.com > > > >_______________________________________________ > >Rancid-discuss mailing list > >Rancid-discuss at shrubbery.net > >http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- David R. Russell CCIE #5751 *Infrastructure Planning & Engineering* *Dow Jones Technology* P.O. Box 300 | Princeton NJ 08543-0300 Direct: 609-520-4458 | Cell: 610-909-1129 *Email: **david.russell at dowjones.com * -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Feb 12 05:17:07 2015 From: heas at shrubbery.net (heasley) Date: Thu, 12 Feb 2015 05:17:07 +0000 Subject: [rancid] Reverse RANCID In-Reply-To: References: <54DB75EE.3090207@gmail.com> <20150212003909.GQ38204@shrubbery.net> Message-ID: <20150212051707.GB51856@shrubbery.net> Wed, Feb 11, 2015 at 07:58:38PM -0500, Tony Tauber: > You might also want to see a presentation on automation > from NANOG63 just last > week. > This discusses using the NETCONF notion of a candidate config to do the > syntax validation. junos and XR VMs exist for this too and theyre cheap. this isnt the forum for it, but if anyone figures-out how to make the bloody things work on ESXi, please school me. rumor is that the current XR VM, of a few weeks ago, works on ESXi. From alan.mckinnon at gmail.com Thu Feb 12 06:53:36 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 12 Feb 2015 08:53:36 +0200 Subject: [rancid] Reverse RANCID In-Reply-To: References: <54DB75EE.3090207@gmail.com> Message-ID: <54DC4DF0.6070000@gmail.com> On 11/02/2015 18:54, Hagen, Skye (skyeh at uidaho.edu) wrote: > I have been asked to do something similar where I work. The problem that I > ran into was the verification process for certain kinds of jobs. For a > simple change, that only affected the device itself, and if there was a > problem, wouldn't cause a major outage, I could hack together some scripts > to use clogin and do the job. But, when identical changes had to be made > to several devices in coordination, no way. The number of ways things > could go wrong, and the varieties of backout procedures, it just got too > complex. And for something as potentially disruptive as making changes to > a routing protocol, I always wanted to be hands on. > > On the other side of RANCID, you have a repository that contains a near > real-time copy of your device configurations. I have written a number of > auditing scripts that will determine all routed networks, and compare them > against our network management system to make sure all routed networks are > defined. I also use this list of routed networks to audit ACL's, to make > sure that we clean up related ACL's when we delete networks. I audit the > VLAN's to make sure they are all contiguous across all our switches. I > also have a configuration auditing system that will compare a > configuration file against a set of rules, and check for compliance. > > As I learned from an auditor, there are two ways to approach controlling > something. Control it up front, or audit after the fact. In my case, > auditing after the fact was a lot easier and quicker. I have some experience in this area. My last job was at a large ISP and my team dealt with deployment, auditing and tracking of the entire network (2,000 PE and 30,000+ CE routers). We ended up having to control up front *and* audit after the fact, and it's the latter that was the horrible problem to solve. The basic problem is that every tool out there seemed to work like rancid - it records a diff but has no knowledge of what the diff might mean. It only sees that a line changed, it can't tell that a VLAN was dropped for example. So we ended up building a huge Cisco config parser that could read in a config and turn it into a sane data structure with meaning (also accounting for all the tiny variations in layout that Cisco have ever published). I could go on, but it was one of those truly horrible coding problems that drives you bonkers and always requires human eyes. Definitely not a "quick script" problem and not something I'd recommend trying to shoehorn into rancid's codebase. > > Skye. > > > On 2/11/15, 7:31 AM, "Alan McKinnon" wrote: > >> On 11/02/2015 14:02, James Bensley wrote: >>> Hi All, >>> >>> I am think about writing a web interface that uses RANCID in the >>> background to make configuration changes on devices. Since RANCID has >>> a bunch of scripts for various device types my thinking is a >>> simple-ish web interface in which I can paste in some config and then >>> use RANCID to log into the device and input the config, also though I >>> can specify some commands and RANCID will run though them and capture >>> output which can be passed to Bash/PERL/Python scripts to interogate >>> the output and check that the BGP sessions have come back up or that >>> the number of routes in a VRF is still the same etc. >>> >>> The goal is: Anything I do on the CLI when making changes to devices >>> can be automated. >>> >>> I know I can push config using the RANCID CLI wrapper scripts but I'm >>> wondering if anyone has done this before to extend RANCID to also run >>> "show" style commands and interogated the output to make checks to >>> valid the success of the change, and also if anyone has made a web >>> interface already (other than the CVS types for RANCID's normal >>> purpose of backing up rather than pushing config) ? >> >> >> >> It doesn't make sense to extend rancid in this way. >> >> Consider rancid's purpose: it logs in, captures the config, diffs it and >> stores the result. Then tells you what the diff is. >> >> None of that involves in any way changing the device in question and it >> is highly recommended that you lock down the rancid user to only the >> specific commands listed in @commands. >> >> >> There is one part of rancid that enables you to do config changes >> however: clogin >> >> Rather do something like this: >> Get the changes you want to make from the user, apply them using clogin >> and then write a framework that will do the double-checking you >> describe. Rancid itself has no code you can leverage to do any of that. >> It's best done in an entirely separate system, with the added benefit >> that rancid will come along in an hour and record the fact of a change >> made. >> >> All this depends however on your Risk department being OK with the idea. >> I know mine would shoot me at the very thought :-) >> >> >> >> >> >> >> -- >> Alan McKinnon >> alan.mckinnon at gmail.com >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com From jandrewartha at ccgs.wa.edu.au Thu Feb 12 08:13:56 2015 From: jandrewartha at ccgs.wa.edu.au (James Andrewartha) Date: Thu, 12 Feb 2015 16:13:56 +0800 Subject: [rancid] Reverse RANCID In-Reply-To: References: Message-ID: <54DC60C4.1090008@ccgs.wa.edu.au> On 11/02/15 20:02, James Bensley wrote: > I know I can push config using the RANCID CLI wrapper scripts but I'm > wondering if anyone has done this before to extend RANCID to also run > "show" style commands and interogated the output to make checks to > valid the success of the change, and also if anyone has made a web > interface already (other than the CVS types for RANCID's normal > purpose of backing up rather than pushing config) ? Notch/Mr CLI/PUNC/netmunge might be up your alley: https://code.google.com/p/notch/ -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 From jwbensley at gmail.com Thu Feb 12 10:08:24 2015 From: jwbensley at gmail.com (James Bensley) Date: Thu, 12 Feb 2015 10:08:24 +0000 Subject: [rancid] Reverse RANCID In-Reply-To: <54DC60C4.1090008@ccgs.wa.edu.au> References: <54DC60C4.1090008@ccgs.wa.edu.au> Message-ID: On 12 February 2015 at 08:13, James Andrewartha wrote: > On 11/02/15 20:02, James Bensley wrote: >> I know I can push config using the RANCID CLI wrapper scripts but I'm >> wondering if anyone has done this before to extend RANCID to also run >> "show" style commands and interogated the output to make checks to >> valid the success of the change, and also if anyone has made a web >> interface already (other than the CVS types for RANCID's normal >> purpose of backing up rather than pushing config) ? > > Notch/Mr CLI/PUNC/netmunge might be up your alley: > https://code.google.com/p/notch/ That is a rather cool tool, and that is the kind of think I am thinking off. What I am imagining in my head is something like a list of actions to be execute that you can define along with an IP/hostname to perform the action on and some login credentials for that specific action. An example would be selecting the action "perform a CLI check" and them supplied a command to show the number of routes received by a neighbour. Giving the IP of RouterA. Then add this to the action queue as the first action. Next I would add an action to the action queue "upload some config" to RouterB and supply RouterB's IP address and username/password. Finally a third action to "perform a CLI check" is added to the action queue again to check on RouterA it is still receiving the same number of routes from RouterB. Actions could have pass/fail criteria too, if the value is lt/eq/gt etc its a pass or faill, and sub-action could be defined. Set a start time of midnight and go to bed. That is again a slightly simplified view of what I am proposing but it doesn't seem like rocket science to me, nor to build in safegaurds? Kind regards, James. From jwbensley at gmail.com Thu Feb 12 09:57:55 2015 From: jwbensley at gmail.com (James Bensley) Date: Thu, 12 Feb 2015 09:57:55 +0000 Subject: [rancid] Reverse RANCID In-Reply-To: References: Message-ID: Hi All, In answer to some of the feedback I've had I perhaps should have been more detailed in my explenation as people are thowing back reason not really related to the technically of do this which is what I was trying to query for; - When I said I'd like to use RANCID, I mean I have no intention of using it for backups we already have a system for that which we prefer, I mean clogin specifically (as someone mentioned). RANCID contains a bunch of scripts that allow you to execute commands on a whole range of vendor devices, I'm talking about bastardising though as the interaction layer with the devices so I don't have to write my own per vendor/make/OS. - Obviously RANCID can't check syntax of config it would push, when we make changes on the network we write out the full concfig to be applied, it is peer reviewed by another engineer, then submitted to a change board to reviewel, only then would it go into the reverse rancid tool so that is no more risk than a human finally copying and pasting it in. If at any point an error is through back, the tool would see that. - We also have a full virtual mock-up of the core and a nearly full hardware mock-up in the lab, so again, the syntax will be tested, that could even be built into the tool that at the scheduled time of change executing it runs it on the lab first. - Making changes to something seen as "dangerous" like routing protocols shouldn't be shied away from because of the potential impact, you have to find ways to de-risk the change. Like someone else mentions we have thousand and thousands of devices, this must be automated. - Someone mentioned security, We have plenty of that locking down rancid access to a sepcific IP, in a specific VRF, and the user account is of course in Tacacs so we can then limit the exact commands it runs on a per-device basis, we can even limit the dates/times the account is allowed to log in. All comands that it does run at logged back to Tacac's so its fully auditable. No issues there. I'm really just interested in writing a web interface in which you can paste in some config, give a date/time, username/password maybe, and hostname/IP, at that time it uploads the configs. Also one must be able to configure checks to the run before and after the config upload as I said, like grabing the number of routers in a table, or number of routes received from a specific neighbour, or number of neighbours we are exchanging routes with. Then I can define some pass/fail criteria and my reverse RANCID would simply roll back the changes, I could have pre-supplied the equivilent config to roll back. This sounds like fairly strait forward stuff so I could be missing something. I have seen systems like NETCONF but the support isn't wide spread yet, there is more support on JunOS at present than Cisco (and we have more Cisco and JunOS) and no one is really rolling much in the way of applications for utilising it. Kind regards, James. From ryanmilton74 at gmail.com Thu Feb 12 21:30:30 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Thu, 12 Feb 2015 16:30:30 -0500 Subject: [rancid] New Rancid install Message-ID: I have installed rancid before, but its too infrequent between installations, so I've run into the following roadblock. -This is an ubuntu system. -running as rancid user running /usr/local/rancid/bin/rancid-cvs creates /usr/local/rancid/var/CVS/CVSROOT rancid-run creates following error logs: cvs commit: cannot open CVS/Entries for reading: No such file or directory cvs commit: nothing known about `router.db' cvs [commit aborted]: correct above errors first! -------------- /usr/local/rancid/etc/rancid.conf shows: BASEDIR=/usr/local/rancid/var; export BASEDIR PATH=/usr/local/rancid/bin:/usr/bin:/usr/sbin:.:/bin:/usr/local/bin:/usr/bin; export PATH CVSROOT=$BASEDIR/CVS; export CVSROOT LOGDIR=$BASEDIR/logs; export LOGDIR #LIST_OF_GROUPS="$LIST_OF_GROUPS noc billybobisp" LIST_OF_GROUPS="networks" all the permissions are good. Never got anything like this: [rancid at bigboy ~]$ /usr/local/rancid/bin/rancid-cvs No conflicts created by this import cvs checkout: Updating networking cvs checkout: Updating networking/configs cvs add: scheduling file `router.db' for addition cvs add: use 'cvs commit' to add this file permanently RCS file: /usr/local/rancid//var/CVS/networking/router.db,v done Checking in router.db; /usr/local/rancid//var/CVS/networking/router.db,v <-- router.db initial revision: 1.1 done [rancid at bigboy ~]$ Thanks for your help in advance. Ryan Douglass Milton -------------- next part -------------- An HTML attachment was scrubbed... URL: From DSearle at geminigroup.net Fri Feb 13 14:18:15 2015 From: DSearle at geminigroup.net (Dean Searle) Date: Fri, 13 Feb 2015 14:18:15 +0000 Subject: [rancid] AudioCodes Mediant devices Message-ID: <02D688AC1099C94C892202CA743C4322D3622517@MAIL1.ggroup.local> Hello group, I was wondering if anyone in the group has used Rancid to pull configurations from AudioCodes Mediant 1000 Media gateways? We are currently using Rancid to pull config's from Cisco and Fortinet devices and would like to start pulling configs from our Mediants. I just wanted to make sure Rancid was compatible first as these devices are our production voice gateways. I've read through the past couple of years of archives but didn't see any mention of audiocodes devices. That's not to say that I didn't overlook it either with all the conversations dealing with other devices. If you could point me in the right direction I can try and get it working. Thank you for your help and consideration in advance. -Dean -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Fri Feb 13 18:32:15 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 13 Feb 2015 20:32:15 +0200 Subject: [rancid] AudioCodes Mediant devices In-Reply-To: <02D688AC1099C94C892202CA743C4322D3622517@MAIL1.ggroup.local> References: <02D688AC1099C94C892202CA743C4322D3622517@MAIL1.ggroup.local> Message-ID: <54DE432F.7090307@gmail.com> On 13/02/2015 16:18, Dean Searle wrote: > Hello group, > > > > I was wondering if anyone in the group has used Rancid to pull > configurations from AudioCodes Mediant 1000 Media gateways? We are > currently using Rancid to pull config?s from Cisco and Fortinet devices > and would like to start pulling configs from our Mediants. I just wanted > to make sure Rancid was compatible first as these devices are our > production voice gateways. > > > > I?ve read through the past couple of years of archives but didn?t see > any mention of audiocodes devices. That?s not to say that I didn?t > overlook it either with all the conversations dealing with other devices. > > > > If you could point me in the right direction I can try and get it working. > > > > Thank you for your help and consideration in advance. I wrote one of those at my last job but I forget which exact model. It was trivially simple as IIRC the config was formatted sane and rationally, I just had to store it. I did have to do something with *login though, there was issues with the last line. Or something like that. I may have posted it here, do Google check my name and "audiocode", see what comes up. If not, I might be able to snarf a copy of the code for you -- Alan McKinnon alan.mckinnon at gmail.com From ryanmilton74 at gmail.com Fri Feb 13 18:44:24 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Fri, 13 Feb 2015 13:44:24 -0500 Subject: [rancid] Rancid user permissions Message-ID: Does the rancid user need to be a super-user with regards to the network (Juniper) devices that it is querying? I had created a rancid user with the permission to view the configuration, but not from the edit mode, just from the operator (>) mode. It seems that rancid is just pulling blank configs simply because it can't get to the edit mode to run the show commands. Thanks, Ryan Douglass Milton -------------- next part -------------- An HTML attachment was scrubbed... URL: From DSearle at geminigroup.net Fri Feb 13 20:55:39 2015 From: DSearle at geminigroup.net (Dean Searle) Date: Fri, 13 Feb 2015 20:55:39 +0000 Subject: [rancid] AudioCodes Mediant devices In-Reply-To: <54DE432F.7090307@gmail.com> References: <02D688AC1099C94C892202CA743C4322D3622517@MAIL1.ggroup.local> <54DE432F.7090307@gmail.com> Message-ID: <02D688AC1099C94C892202CA743C4322D3635F91@MAIL1.ggroup.local> Thanks for the quick reply Alan. I'll do a search and let you know what turns up. -Dean -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon Sent: Friday, February 13, 2015 1:32 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] AudioCodes Mediant devices On 13/02/2015 16:18, Dean Searle wrote: > Hello group, > > > > I was wondering if anyone in the group has used Rancid to pull > configurations from AudioCodes Mediant 1000 Media gateways? We are > currently using Rancid to pull config's from Cisco and Fortinet > devices and would like to start pulling configs from our Mediants. I > just wanted to make sure Rancid was compatible first as these devices > are our production voice gateways. > > > > I've read through the past couple of years of archives but didn't see > any mention of audiocodes devices. That's not to say that I didn't > overlook it either with all the conversations dealing with other devices. > > > > If you could point me in the right direction I can try and get it working. > > > > Thank you for your help and consideration in advance. I wrote one of those at my last job but I forget which exact model. It was trivially simple as IIRC the config was formatted sane and rationally, I just had to store it. I did have to do something with *login though, there was issues with the last line. Or something like that. I may have posted it here, do Google check my name and "audiocode", see what comes up. If not, I might be able to snarf a copy of the code for you -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://scanmail.trustwave.com/?c=4062&d=-cPe1Kfv4F-_B50Dn7YUXLnRV01TdkgwvhYyoTkg5g&s=879&u=http%3a%2f%2fwww%2eshrubbery%2enet%2fmailman%2flistinfo%2francid-discuss From ryanmilton74 at gmail.com Sat Feb 14 00:32:42 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Fri, 13 Feb 2015 19:32:42 -0500 Subject: [rancid] rancid-run returning no output Message-ID: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> Hi all, I'm getting slowly closer to my goal... Rancid IS running...however, it seems that it may NOT be capturing any configs. My original problem had been that I couldn't get the rancid-cvs to function. That did work. running rancid v 3.1 now, when I run the command: /usr/local/rancid/bin/rancid-run or /usr/local/rancid/bin/rancid-run -r 10.50.1.1 I get the following empty message : starting: Fri Feb 13 19:16:47 EST 2015 ending: Fri Feb 13 19:16:47 EST 2015 ~ This works: rancid at FP-RANCID:/usr/local/rancid/var/logs$ jlogin 10.50.1.3 10.50.1.3 spawn ssh -c 3des -x -l rancid 10.50.1.3 rancid at 10.50.1.3's password: --- JUNOS 12.3R8.7 built 2014-09-19 15:47:21 UTC {master:0} rancid at Distribution_North> Any help would be appreciated! Ryan Sent from my iPad From alan.mckinnon at gmail.com Sat Feb 14 08:23:18 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Sat, 14 Feb 2015 10:23:18 +0200 Subject: [rancid] rancid-run returning no output In-Reply-To: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> References: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> Message-ID: <54DF05F6.5070000@gmail.com> On 14/02/2015 02:32, Ryan Milton wrote: > Hi all, > > I'm getting slowly closer to my goal... > > Rancid IS running...however, it seems that it may NOT be capturing any configs. > My original problem had been that I couldn't get the rancid-cvs to function. That did work. > running rancid v 3.1 > now, when I run the command: > > /usr/local/rancid/bin/rancid-run or > /usr/local/rancid/bin/rancid-run -r 10.50.1.1 > > I get the following empty message : > > starting: Fri Feb 13 19:16:47 EST 2015 > > > > ending: Fri Feb 13 19:16:47 EST 2015 > ~ > This works: > rancid at FP-RANCID:/usr/local/rancid/var/logs$ jlogin 10.50.1.3 > 10.50.1.3 > spawn ssh -c 3des -x -l rancid 10.50.1.3 > rancid at 10.50.1.3's password: > --- JUNOS 12.3R8.7 built 2014-09-19 15:47:21 UTC > {master:0} > rancid at Distribution_North> rancid -d will give debug output so you can see what's going on. Looks like you have Junipers, so use jrancid for those instead. In either event, it's usually quite obvious where the problem lies once you get proper debug output -- Alan McKinnon alan.mckinnon at gmail.com From ryanmilton74 at gmail.com Sat Feb 14 17:44:02 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Sat, 14 Feb 2015 12:44:02 -0500 Subject: [rancid] rancid-run returning no output In-Reply-To: <54DF05F6.5070000@gmail.com> References: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> <54DF05F6.5070000@gmail.com> Message-ID: That is what I thought would debug, however, this is the output I get: rancid at FP-RANCID:~$ rancid -d 10.50.1.1 loadtype(): device_type is empty Couldn't load device type spec for rancid at FP-RANCID:~$* jrancid -d 10.50.1.1* jrancid: command not found rancid at FP-RANCID:~$* /usr/local/rancid/bin/jrancid -d 10.50.1.1* -bash: /usr/local/rancid/bin/jrancid: No such file or directory rancid at FP-RANCID:~$ cd /usr/local/rancid/bin rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.2 jrancid: command not found rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.1 Ryan Douglass Milton On Sat, Feb 14, 2015 at 3:23 AM, Alan McKinnon wrote: > On 14/02/2015 02:32, Ryan Milton wrote: > > Hi all, > > > > I'm getting slowly closer to my goal... > > > > Rancid IS running...however, it seems that it may NOT be capturing any > configs. > > My original problem had been that I couldn't get the rancid-cvs to > function. That did work. > > running rancid v 3.1 > > now, when I run the command: > > > > /usr/local/rancid/bin/rancid-run or > > /usr/local/rancid/bin/rancid-run -r 10.50.1.1 > > > > I get the following empty message : > > > > starting: Fri Feb 13 19:16:47 EST 2015 > > > > > > > > ending: Fri Feb 13 19:16:47 EST 2015 > > ~ > > This works: > > rancid at FP-RANCID:/usr/local/rancid/var/logs$ jlogin 10.50.1.3 > > 10.50.1.3 > > spawn ssh -c 3des -x -l rancid 10.50.1.3 > > rancid at 10.50.1.3's password: > > --- JUNOS 12.3R8.7 built 2014-09-19 15:47:21 UTC > > {master:0} > > rancid at Distribution_North> > > > rancid -d > > will give debug output so you can see what's going on. > > Looks like you have Junipers, so use > > jrancid for those instead. In either event, it's usually quite obvious > where the problem lies once you get proper debug output > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony at lavanauts.org Sat Feb 14 18:03:08 2015 From: tony at lavanauts.org (Antonio Querubin) Date: Sat, 14 Feb 2015 08:03:08 -1000 (HST) Subject: [rancid] rancid-run returning no output In-Reply-To: References: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> <54DF05F6.5070000@gmail.com> Message-ID: On Sat, 14 Feb 2015, Ryan Milton wrote: > That is what I thought would debug, however, this is the output I get: > > rancid at FP-RANCID:~$ rancid -d 10.50.1.1 > loadtype(): device_type is empty > Couldn't load device type spec for Try 'rancid -t juniper -d 10.50.1.1' Antonio Querubin e-mail: tony at lavanauts.org xmpp: antonioquerubin at gmail.com -------------- next part -------------- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From ryanmilton74 at gmail.com Sat Feb 14 18:22:27 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Sat, 14 Feb 2015 13:22:27 -0500 Subject: [rancid] rancid-run returning no output In-Reply-To: References: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> <54DF05F6.5070000@gmail.com> Message-ID: Hi Antonio, So I ran this against two junipers, one that has super-user (10.50.1.1) and one that has specific allow-commands. Below are the results. My logs still don't show anything in them, nor are there configurations recorded. One thing I've noticed in my setup, is that I have these two folder structures, which seems like its duplicating something...confusing the application, I'm not sure. rancid at FP-RANCID:/usr/local/rancid/var$ ls -al total 20 drwxr-xr-x 5 rancid rancid 4096 Feb 13 11:26 . drwxr-xr-x 7 rancid rancid 4096 Feb 9 13:15 .. drwxrwxr-x 4 rancid rancid 4096 Feb 13 11:26 CVS drwxr-x--- 4 rancid rancid 4096 Feb 14 13:00 fareportal drwxr-x--- 2 rancid rancid 4096 Feb 14 13:00 logs rancid at FP-RANCID:/usr/local/rancid/var$ cd fareportal/ rancid at FP-RANCID:/usr/local/rancid/var/fareportal$ ls -al total 32 drwxr-x--- 4 rancid rancid 4096 Feb 14 13:00 . drwxr-xr-x 5 rancid rancid 4096 Feb 13 11:26 .. drwxr-x--- 3 rancid rancid 4096 Feb 13 11:26 configs drwxr-x--- 2 rancid rancid 4096 Feb 13 11:53 CVS -rw-r----- 1 rancid rancid 47 Feb 13 11:53 .cvsignore -rw-r----- 1 rancid rancid 88 Feb 13 11:45 router.db -rw-r----- 1 rancid rancid 86 Feb 14 13:00 routers.all -rw-r----- 1 rancid rancid 86 Feb 14 13:00 routers.down -rw-r----- 1 rancid rancid 0 Feb 14 13:00 routers.up rancid at FP-RANCID:/usr/local/rancid/var/CVS$ ls CVSROOT fareportal rancid at FP-RANCID:/usr/local/rancid/var/CVS$ ls -al total 16 drwxrwxr-x 4 rancid rancid 4096 Feb 13 11:26 . drwxr-xr-x 5 rancid rancid 4096 Feb 13 11:26 .. drwxrwxr-x 3 rancid rancid 4096 Feb 13 11:53 CVSROOT drwxrwxr-x 3 rancid rancid 4096 Feb 14 13:00 fareportal rancid at FP-RANCID:/usr/local/rancid/var/CVS$ cd fareportal/ rancid at FP-RANCID:/usr/local/rancid/var/CVS/fareportal$ ls configs router.db,v rancid at FP-RANCID:/usr/local/rancid/var/CVS/fareportal$ cd configs/ rancid at FP-RANCID:/usr/local/rancid/var/CVS/fareportal/configs$ ls -al total 8 drwxrwxr-x 2 rancid rancid 4096 Feb 13 18:30 . drwxrwxr-x 3 rancid rancid 4096 Feb 14 13:00 .. rancid at FP-RANCID:~$ rancid -t juniper -d 10.50.1.1 loadtype: device type juniper loadtype: found device type juniper in /usr/local/rancid/etc/rancid.types.base executing jlogin -t 120 -c"show chassis clocks;show chassis environment;show chassis firmware;show chassis fpc detail;show chassis hardware detail;show chassis hardware models;show chassis routing-engine;show chassis scb;show chassis sfm detail;show chassis ssb;show chassis feb detail;show chassis feb;show chassis cfeb;show chassis alarms;show system license;show system boot-messages;show system core-dumps;show version detail;show configuration" 10.50.1.1 PROMPT MATCH: rmilton at EX-NYCorp-Core> HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis clocks In ShowChassisClocks: rmilton at EX-NYCorp-Core> show chassis clocks HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis environment In ShowChassisEnvironment: rmilton at EX-NYCorp-Core> show chassis environment HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis firmware In ShowChassisFirmware: rmilton at EX-NYCorp-Core> show chassis firmware HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis fpc detail In ShowChassisFpcDetail: rmilton at EX-NYCorp-Core> show chassis fpc detail HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis hardware detail In ShowChassisHardware: rmilton at EX-NYCorp-Core> show chassis hardware detail HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis hardware models In ShowChassisHardware: rmilton at EX-NYCorp-Core> show chassis hardware models HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis routing-engine In ShowChassisRoutingEngine: rmilton at EX-NYCorp-Core> show chassis routing-engine HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis scb In ShowChassisSCB: rmilton at EX-NYCorp-Core> show chassis scb HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis sfm detail In ShowChassisSCB: rmilton at EX-NYCorp-Core> show chassis sfm detail HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis ssb In ShowChassisSCB: rmilton at EX-NYCorp-Core> show chassis ssb HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis feb detail In ShowChassisSCB: rmilton at EX-NYCorp-Core> show chassis feb detail HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis feb In ShowChassisSCB: rmilton at EX-NYCorp-Core> show chassis feb HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis cfeb In ShowChassisSCB: rmilton at EX-NYCorp-Core> show chassis cfeb HIT COMMAND:rmilton at EX-NYCorp-Core> show chassis alarms In ShowChassisAlarms: rmilton at EX-NYCorp-Core> show chassis alarms HIT COMMAND:rmilton at EX-NYCorp-Core> show system license In ShowSystemLicense: rmilton at EX-NYCorp-Core> show system license HIT COMMAND:rmilton at EX-NYCorp-Core> show system boot-messages In ShowSystemBootMessages: rmilton at EX-NYCorp-Core> show system boot-messages HIT COMMAND:rmilton at EX-NYCorp-Core> show system core-dumps In ShowSystemCoreDumps: rmilton at EX-NYCorp-Core> show system core-dumps HIT COMMAND:rmilton at EX-NYCorp-Core> show version detail In ShowVersion: rmilton at EX-NYCorp-Core> show version detail HIT COMMAND:rmilton at EX-NYCorp-Core> show configuration In ShowConfiguration: rmilton at EX-NYCorp-Core> show configuration rancid at FP-RANCID:~$ rancid -t juniper -d 10.50.1.3 loadtype: device type juniper loadtype: found device type juniper in /usr/local/rancid/etc/rancid.types.base executing jlogin -t 120 -c"show chassis clocks;show chassis environment;show chassis firmware;show chassis fpc detail;show chassis hardware detail;show chassis hardware models;show chassis routing-engine;show chassis scb;show chassis sfm detail;show chassis ssb;show chassis feb detail;show chassis feb;show chassis cfeb;show chassis alarms;show system license;show system boot-messages;show system core-dumps;show version detail;show configuration" 10.50.1.3 PROMPT MATCH: rancid at Distribution_North> HIT COMMAND:rancid at Distribution_North> show chassis clocks In ShowChassisClocks: rancid at Distribution_North> show chassis clocks HIT COMMAND:rancid at Distribution_North> show chassis environment In ShowChassisEnvironment: rancid at Distribution_North> show chassis environment HIT COMMAND:rancid at Distribution_North> show chassis firmware In ShowChassisFirmware: rancid at Distribution_North> show chassis firmware HIT COMMAND:rancid at Distribution_North> show chassis fpc detail In ShowChassisFpcDetail: rancid at Distribution_North> show chassis fpc detail HIT COMMAND:rancid at Distribution_North> show chassis hardware detail In ShowChassisHardware: rancid at Distribution_North> show chassis hardware detail HIT COMMAND:rancid at Distribution_North> show chassis hardware models In ShowChassisHardware: rancid at Distribution_North> show chassis hardware models HIT COMMAND:rancid at Distribution_North> show chassis routing-engine In ShowChassisRoutingEngine: rancid at Distribution_North> show chassis routing-engine HIT COMMAND:rancid at Distribution_North> show chassis scb In ShowChassisSCB: rancid at Distribution_North> show chassis scb HIT COMMAND:rancid at Distribution_North> show chassis sfm detail In ShowChassisSCB: rancid at Distribution_North> show chassis sfm detail HIT COMMAND:rancid at Distribution_North> show chassis ssb In ShowChassisSCB: rancid at Distribution_North> show chassis ssb HIT COMMAND:rancid at Distribution_North> show chassis feb detail In ShowChassisSCB: rancid at Distribution_North> show chassis feb detail HIT COMMAND:rancid at Distribution_North> show chassis feb In ShowChassisSCB: rancid at Distribution_North> show chassis feb HIT COMMAND:rancid at Distribution_North> show chassis cfeb In ShowChassisSCB: rancid at Distribution_North> show chassis cfeb HIT COMMAND:rancid at Distribution_North> show chassis alarms In ShowChassisAlarms: rancid at Distribution_North> show chassis alarms HIT COMMAND:rancid at Distribution_North> show system license In ShowSystemLicense: rancid at Distribution_North> show system license HIT COMMAND:rancid at Distribution_North> show system boot-messages In ShowSystemBootMessages: rancid at Distribution_North> show system boot-messages HIT COMMAND:rancid at Distribution_North> show system core-dumps In ShowSystemCoreDumps: rancid at Distribution_North> show system core-dumps HIT COMMAND:rancid at Distribution_North> show version detail In ShowVersion: rancid at Distribution_North> show version detail HIT COMMAND:rancid at Distribution_North> show configuration In ShowConfiguration: rancid at Distribution_North> show configuration ERROR: 10.50.1.3 configuration appears truncated. 10.50.1.3: End of run not found 10.50.1.3: End of run not found Ryan Douglass Milton On Sat, Feb 14, 2015 at 1:03 PM, Antonio Querubin wrote: > On Sat, 14 Feb 2015, Ryan Milton wrote: > > That is what I thought would debug, however, this is the output I get: >> >> rancid at FP-RANCID:~$ rancid -d 10.50.1.1 >> loadtype(): device_type is empty >> Couldn't load device type spec for >> > > Try 'rancid -t juniper -d 10.50.1.1' > > Antonio Querubin > e-mail: tony at lavanauts.org > xmpp: antonioquerubin at gmail.com > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Sat Feb 14 19:35:59 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Sat, 14 Feb 2015 21:35:59 +0200 Subject: [rancid] rancid-run returning no output In-Reply-To: References: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> <54DF05F6.5070000@gmail.com> Message-ID: <54DFA39F.1030601@gmail.com> On 14/02/2015 19:44, Ryan Milton wrote: > That is what I thought would debug, however, this is the output I get: > > rancid at FP-RANCID:~$ rancid -d 10.50.1.1 > loadtype(): device_type is empty > Couldn't load device type spec for > rancid at FP-RANCID:~$*jrancid -d 10.50.1.1* > jrancid: command not found > rancid at FP-RANCID:~$*/usr/local/rancid/bin/jrancid -d 10.50.1.1* > -bash: /usr/local/rancid/bin/jrancid: No such file or directory > rancid at FP-RANCID:~$ cd /usr/local/rancid/bin > rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.2 > jrancid: command not found > rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.1 Those are Unix errors, you are not giving the correct path to the jrancid executable. You need to find it and provide that directory path > > > > Ryan Douglass Milton > > > On Sat, Feb 14, 2015 at 3:23 AM, Alan McKinnon > wrote: > > On 14/02/2015 02:32, Ryan Milton wrote: > > Hi all, > > > > I'm getting slowly closer to my goal... > > > > Rancid IS running...however, it seems that it may NOT be capturing > any configs. > > My original problem had been that I couldn't get the rancid-cvs to > function. That did work. > > running rancid v 3.1 > > now, when I run the command: > > > > /usr/local/rancid/bin/rancid-run or > > /usr/local/rancid/bin/rancid-run -r 10.50.1.1 > > > > I get the following empty message : > > > > starting: Fri Feb 13 19:16:47 EST 2015 > > > > > > > > ending: Fri Feb 13 19:16:47 EST 2015 > > ~ > > This works: > > rancid at FP-RANCID:/usr/local/rancid/var/logs$ jlogin 10.50.1.3 > > 10.50.1.3 > > spawn ssh -c 3des -x -l rancid 10.50.1.3 > > rancid at 10.50.1.3 's password: > > --- JUNOS 12.3R8.7 built 2014-09-19 15:47:21 UTC > > {master:0} > > rancid at Distribution_North> > > > rancid -d > > will give debug output so you can see what's going on. > > Looks like you have Junipers, so use > > jrancid for those instead. In either event, it's usually quite obvious > where the problem lies once you get proper debug output > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com From ryanmilton74 at gmail.com Mon Feb 16 19:15:25 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Mon, 16 Feb 2015 14:15:25 -0500 Subject: [rancid] rancid-run returning no output In-Reply-To: <54DFA39F.1030601@gmail.com> References: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> <54DF05F6.5070000@gmail.com> <54DFA39F.1030601@gmail.com> Message-ID: I deleted the directories, re-ran /usr/local/rancid/bin/rancid-cvs This successfully created the directories again. I know that the jrancid or jerancid is run from /usr/local/rancid/bin/ after recreating the directories that end up: /usr/local/rancid/var/networking/ (from rancid-cvs) I test with bin/jlogin 10.50.1.2 works I test with bin/rancid-run 10.50.1.2 I get noting in the log but a start and an end time. In the past, rancid-run takes some time. This time it just flashes. I'm feeling stumped on this... Ryan Douglass Milton On Sat, Feb 14, 2015 at 2:35 PM, Alan McKinnon wrote: > On 14/02/2015 19:44, Ryan Milton wrote: > > That is what I thought would debug, however, this is the output I get: > > > > rancid at FP-RANCID:~$ rancid -d 10.50.1.1 > > loadtype(): device_type is empty > > Couldn't load device type spec for > > rancid at FP-RANCID:~$*jrancid -d 10.50.1.1* > > jrancid: command not found > > rancid at FP-RANCID:~$*/usr/local/rancid/bin/jrancid -d 10.50.1.1* > > -bash: /usr/local/rancid/bin/jrancid: No such file or directory > > rancid at FP-RANCID:~$ cd /usr/local/rancid/bin > > rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.2 > > jrancid: command not found > > rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.1 > > > > Those are Unix errors, you are not giving the correct path to the > jrancid executable. You need to find it and provide that directory path > > > > > > > > > > > > > > Ryan Douglass Milton > > > > > > On Sat, Feb 14, 2015 at 3:23 AM, Alan McKinnon > > wrote: > > > > On 14/02/2015 02:32, Ryan Milton wrote: > > > Hi all, > > > > > > I'm getting slowly closer to my goal... > > > > > > Rancid IS running...however, it seems that it may NOT be capturing > > any configs. > > > My original problem had been that I couldn't get the rancid-cvs to > > function. That did work. > > > running rancid v 3.1 > > > now, when I run the command: > > > > > > /usr/local/rancid/bin/rancid-run or > > > /usr/local/rancid/bin/rancid-run -r 10.50.1.1 > > > > > > I get the following empty message : > > > > > > starting: Fri Feb 13 19:16:47 EST 2015 > > > > > > > > > > > > ending: Fri Feb 13 19:16:47 EST 2015 > > > ~ > > > This works: > > > rancid at FP-RANCID:/usr/local/rancid/var/logs$ jlogin 10.50.1.3 > > > 10.50.1.3 > > > spawn ssh -c 3des -x -l rancid 10.50.1.3 > > > rancid at 10.50.1.3 's password: > > > --- JUNOS 12.3R8.7 built 2014-09-19 15:47:21 UTC > > > {master:0} > > > rancid at Distribution_North> > > > > > > rancid -d > > > > will give debug output so you can see what's going on. > > > > Looks like you have Junipers, so use > > > > jrancid for those instead. In either event, it's usually quite > obvious > > where the problem lies once you get proper debug output > > > > > > > > -- > > Alan McKinnon > > alan.mckinnon at gmail.com > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dtuecks at googlemail.com Tue Feb 17 01:27:28 2015 From: dtuecks at googlemail.com (Daniel Tuecks) Date: Tue, 17 Feb 2015 02:27:28 +0100 Subject: [rancid] rancid-run returning no output In-Reply-To: References: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> <54DF05F6.5070000@gmail.com> <54DFA39F.1030601@gmail.com> Message-ID: Hey Ryan, if jlogin is working check your router.db just to make sure your device is in there and you are using the correct syntax (delimiter in router.db changed from ":" to ";" in rancid 3.0+). Daniel Am 16.02.2015 23:06 schrieb "Ryan Milton" : > I deleted the directories, re-ran /usr/local/rancid/bin/rancid-cvs > > This successfully created the directories again. > > I know that the jrancid or jerancid is run from /usr/local/rancid/bin/ > > after recreating the directories that end up: > > /usr/local/rancid/var/networking/ (from rancid-cvs) > > I test with bin/jlogin 10.50.1.2 > > works > > I test with bin/rancid-run 10.50.1.2 > > I get noting in the log but a start and an end time. In the past, > rancid-run takes some time. This time it just flashes. > > I'm feeling stumped on this... > > > > Ryan Douglass Milton > > > On Sat, Feb 14, 2015 at 2:35 PM, Alan McKinnon > wrote: > >> On 14/02/2015 19:44, Ryan Milton wrote: >> > That is what I thought would debug, however, this is the output I get: >> > >> > rancid at FP-RANCID:~$ rancid -d 10.50.1.1 >> > loadtype(): device_type is empty >> > Couldn't load device type spec for >> > rancid at FP-RANCID:~$*jrancid -d 10.50.1.1* >> > jrancid: command not found >> > rancid at FP-RANCID:~$*/usr/local/rancid/bin/jrancid -d 10.50.1.1* >> > -bash: /usr/local/rancid/bin/jrancid: No such file or directory >> > rancid at FP-RANCID:~$ cd /usr/local/rancid/bin >> > rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.2 >> > jrancid: command not found >> > rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.1 >> >> >> >> Those are Unix errors, you are not giving the correct path to the >> jrancid executable. You need to find it and provide that directory path >> >> >> >> >> >> >> > >> > >> > >> > Ryan Douglass Milton >> > >> > >> > On Sat, Feb 14, 2015 at 3:23 AM, Alan McKinnon > > > wrote: >> > >> > On 14/02/2015 02:32, Ryan Milton wrote: >> > > Hi all, >> > > >> > > I'm getting slowly closer to my goal... >> > > >> > > Rancid IS running...however, it seems that it may NOT be capturing >> > any configs. >> > > My original problem had been that I couldn't get the rancid-cvs to >> > function. That did work. >> > > running rancid v 3.1 >> > > now, when I run the command: >> > > >> > > /usr/local/rancid/bin/rancid-run or >> > > /usr/local/rancid/bin/rancid-run -r 10.50.1.1 >> > > >> > > I get the following empty message : >> > > >> > > starting: Fri Feb 13 19:16:47 EST 2015 >> > > >> > > >> > > >> > > ending: Fri Feb 13 19:16:47 EST 2015 >> > > ~ >> > > This works: >> > > rancid at FP-RANCID:/usr/local/rancid/var/logs$ jlogin 10.50.1.3 >> > > 10.50.1.3 >> > > spawn ssh -c 3des -x -l rancid 10.50.1.3 >> > > rancid at 10.50.1.3 's password: >> > > --- JUNOS 12.3R8.7 built 2014-09-19 15:47:21 UTC >> > > {master:0} >> > > rancid at Distribution_North> >> > >> > >> > rancid -d >> > >> > will give debug output so you can see what's going on. >> > >> > Looks like you have Junipers, so use >> > >> > jrancid for those instead. In either event, it's usually quite >> obvious >> > where the problem lies once you get proper debug output >> > >> > >> > >> > -- >> > Alan McKinnon >> > alan.mckinnon at gmail.com >> > >> > _______________________________________________ >> > Rancid-discuss mailing list >> > Rancid-discuss at shrubbery.net >> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > >> > >> >> >> -- >> Alan McKinnon >> alan.mckinnon at gmail.com >> >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ryanmilton74 at gmail.com Tue Feb 17 21:18:43 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Tue, 17 Feb 2015 16:18:43 -0500 Subject: [rancid] rancid-run returning no output In-Reply-To: References: <6C05F057-C7E3-465B-8996-640175C9FD10@gmail.com> <54DF05F6.5070000@gmail.com> <54DFA39F.1030601@gmail.com> Message-ID: I think that may be what the issue was. Ryan Douglass Milton On Mon, Feb 16, 2015 at 8:27 PM, Daniel Tuecks wrote: > Hey Ryan, > > if jlogin is working check your router.db just to make sure your device is > in there and you are using the correct syntax (delimiter in router.db > changed from ":" to ";" in rancid 3.0+). > > Daniel > Am 16.02.2015 23:06 schrieb "Ryan Milton" : > >> I deleted the directories, re-ran /usr/local/rancid/bin/rancid-cvs >> >> This successfully created the directories again. >> >> I know that the jrancid or jerancid is run from /usr/local/rancid/bin/ >> >> after recreating the directories that end up: >> >> /usr/local/rancid/var/networking/ (from rancid-cvs) >> >> I test with bin/jlogin 10.50.1.2 >> >> works >> >> I test with bin/rancid-run 10.50.1.2 >> >> I get noting in the log but a start and an end time. In the past, >> rancid-run takes some time. This time it just flashes. >> >> I'm feeling stumped on this... >> >> >> >> Ryan Douglass Milton >> >> >> On Sat, Feb 14, 2015 at 2:35 PM, Alan McKinnon >> wrote: >> >>> On 14/02/2015 19:44, Ryan Milton wrote: >>> > That is what I thought would debug, however, this is the output I get: >>> > >>> > rancid at FP-RANCID:~$ rancid -d 10.50.1.1 >>> > loadtype(): device_type is empty >>> > Couldn't load device type spec for >>> > rancid at FP-RANCID:~$*jrancid -d 10.50.1.1* >>> > jrancid: command not found >>> > rancid at FP-RANCID:~$*/usr/local/rancid/bin/jrancid -d 10.50.1.1* >>> > -bash: /usr/local/rancid/bin/jrancid: No such file or directory >>> > rancid at FP-RANCID:~$ cd /usr/local/rancid/bin >>> > rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.2 >>> > jrancid: command not found >>> > rancid at FP-RANCID:/usr/local/rancid/bin$ jrancid -d 10.50.1.1 >>> >>> >>> >>> Those are Unix errors, you are not giving the correct path to the >>> jrancid executable. You need to find it and provide that directory path >>> >>> >>> >>> >>> >>> >>> > >>> > >>> > >>> > Ryan Douglass Milton >>> > >>> > >>> > On Sat, Feb 14, 2015 at 3:23 AM, Alan McKinnon < >>> alan.mckinnon at gmail.com >>> > > wrote: >>> > >>> > On 14/02/2015 02:32, Ryan Milton wrote: >>> > > Hi all, >>> > > >>> > > I'm getting slowly closer to my goal... >>> > > >>> > > Rancid IS running...however, it seems that it may NOT be >>> capturing >>> > any configs. >>> > > My original problem had been that I couldn't get the rancid-cvs >>> to >>> > function. That did work. >>> > > running rancid v 3.1 >>> > > now, when I run the command: >>> > > >>> > > /usr/local/rancid/bin/rancid-run or >>> > > /usr/local/rancid/bin/rancid-run -r 10.50.1.1 >>> > > >>> > > I get the following empty message : >>> > > >>> > > starting: Fri Feb 13 19:16:47 EST 2015 >>> > > >>> > > >>> > > >>> > > ending: Fri Feb 13 19:16:47 EST 2015 >>> > > ~ >>> > > This works: >>> > > rancid at FP-RANCID:/usr/local/rancid/var/logs$ jlogin 10.50.1.3 >>> > > 10.50.1.3 >>> > > spawn ssh -c 3des -x -l rancid 10.50.1.3 >>> > > rancid at 10.50.1.3 's password: >>> > > --- JUNOS 12.3R8.7 built 2014-09-19 15:47:21 UTC >>> > > {master:0} >>> > > rancid at Distribution_North> >>> > >>> > >>> > rancid -d >>> > >>> > will give debug output so you can see what's going on. >>> > >>> > Looks like you have Junipers, so use >>> > >>> > jrancid for those instead. In either event, it's usually quite >>> obvious >>> > where the problem lies once you get proper debug output >>> > >>> > >>> > >>> > -- >>> > Alan McKinnon >>> > alan.mckinnon at gmail.com >>> > >>> > _______________________________________________ >>> > Rancid-discuss mailing list >>> > Rancid-discuss at shrubbery.net >>> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> > >>> > >>> >>> >>> -- >>> Alan McKinnon >>> alan.mckinnon at gmail.com >>> >>> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mnewton at pofp.com Tue Feb 17 18:11:42 2015 From: mnewton at pofp.com (Michael Newton) Date: Tue, 17 Feb 2015 18:11:42 +0000 Subject: [rancid] Foundry (Brocade) environmental details Message-ID: Just set up a couple of Brocade switches and am now getting a lot of noise from RANCID when the weather changes in Seattle. - ! Pressure: 102.1kPa - ! Altitude: -133m + ! Pressure: 102.0kPa + ! Altitude: -122m This appears to be part of the ?show chassis? output. (Worth mentioning that one of the advantages of setting up on a site like Github, as recently discussed on the list, is a bug tracker for things like this!) Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5966 bytes Desc: not available URL: From frnkblk at iname.com Wed Feb 18 06:44:12 2015 From: frnkblk at iname.com (Frank Bulk) Date: Wed, 18 Feb 2015 00:44:12 -0600 Subject: [rancid] Foundry (Brocade) environmental details In-Reply-To: References: Message-ID: <001601d04b46$4e202db0$ea608910$@iname.com> Just add a few lines to that script to skip those lines. Frank From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Michael Newton Sent: Tuesday, February 17, 2015 12:12 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Foundry (Brocade) environmental details Just set up a couple of Brocade switches and am now getting a lot of noise from RANCID when the weather changes in Seattle. - ! Pressure: 102.1kPa - ! Altitude: -133m + ! Pressure: 102.0kPa + ! Altitude: -122m This appears to be part of the "show chassis" output. (Worth mentioning that one of the advantages of setting up on a site like Github, as recently discussed on the list, is a bug tracker for things like this!) Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony at lavanauts.org Wed Feb 18 12:54:32 2015 From: tony at lavanauts.org (Antonio Querubin) Date: Wed, 18 Feb 2015 02:54:32 -1000 (HST) Subject: [rancid] vyatta/vyos In-Reply-To: <8ABFC807392ABC49BCAD4465458B3C9106CD95C115@EMV32-UKDY.domain1.systemhost.net> References: <8ABFC807392ABC49BCAD4465458B3C9106CD18A776@EMV32-UKDY.domain1.systemhost.net> <8ABFC807392ABC49BCAD4465458B3C9106CD95C115@EMV32-UKDY.domain1.systemhost.net> Message-ID: The vyos support now installs/runs as a module. See the README in the git repository for updated install info. Antonio Querubin e-mail: tony at lavanauts.org xmpp: antonioquerubin at gmail.com From tgreer at tsone.net.uk Wed Feb 18 13:01:25 2015 From: tgreer at tsone.net.uk (Thomas Greer) Date: Wed, 18 Feb 2015 13:01:25 +0000 Subject: [rancid] Rancid 3.1.99 Alpha git integration issues. In-Reply-To: References: <20150208042257.GB27729@shrubbery.net> Message-ID: <72054478-7310-45B0-B925-78B31C74BCD2@tsone.net.uk> > On 8 Feb 2015, at 07:37, Thomas Greer wrote: > >> On 8 Feb 2015, at 06:22, heasley wrote: >> >> Sat, Feb 07, 2015 at 01:31:54PM +0000, Thomas Greer: >>> Hi All >>> >>> I?ve recently (read today) installed the above alpha in anticipation of the git support. I?ve setup rancid a few times before, but I?m struggling with the git stuff. >>> >>> When I run rancid-cvs after a fresh install, I get a load of errors. >>> >>> -bash-4.1$ ./bin/rancid-cvs >>> error: Malformed value for push.default: simple >>> error: Must be one of nothing, matching, tracking or current. >>> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >>> error: Malformed value for push.default: simple >>> error: Must be one of nothing, matching, tracking or current. >>> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >> >> entirely possible that i've screwed-up the git support; i'll have to re-test >> it. but, this error is odd. rancid-cvs doesnt create .gitconfig itself. >> so, what is the source of that file and thus this error? >> >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> error: Malformed value for push.default: simple >>> error: Must be one of nothing, matching, tracking or current. >>> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >>> error: Malformed value for push.default: simple >>> error: Must be one of nothing, matching, tracking or current. >>> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> error: Malformed value for push.default: simple >>> error: Must be one of nothing, matching, tracking or current. >>> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >>> error: Malformed value for push.default: simple >>> error: Must be one of nothing, matching, tracking or current. >>> fatal: bad config file line 6 in /usr/local/rancid//.gitconfig >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> fatal: Not a git repository (or any of the parent directories): .git >>> >>> My rancid.conf contains: >>> >>> # Select which RCS system to use, "cvs" (default), "svn" or "git". Do not >>> # change this after CVSROOT has been created with rancid-cvs. Changing between >>> # these requires manual conversions. >>> RCSSYS=git; export RCSSYS >>> >>> The README and UPGRADING mention nothing specific to initialising git other than to run rancid-cvs. >>> >>> Running on Centos 6.6 >>> git version 1.7.1 >>> >>> Any help would be appreciated with this. >>> >>> Thanks >>> >>> Thomas >> >> >> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > > Either make install, or rancid-cvs. I rm?d the /usr/local/rancid directory before running make install > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss Any further info or progress on this? :) From jethro.binks at strath.ac.uk Wed Feb 18 14:37:26 2015 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed, 18 Feb 2015 14:37:26 +0000 (GMT) Subject: [rancid] Foundry (Brocade) environmental details In-Reply-To: References: Message-ID: On Tue, 17 Feb 2015, Michael Newton wrote: > Just set up a couple of Brocade switches and am now getting a lot of noise > from RANCID when the weather changes in Seattle. > > - ! Pressure: 102.1kPa > - ! Altitude: -133m > + ! Pressure: 102.0kPa > + ! Altitude: -122m > > > This appears to be part of the ?show chassis? output. Taking this into account, the sub ShowChassis subroutine in my francid looks like (I'm not sure how close this would be to what you have): ... if (/(POWERS|TEMPERATURE READINGS)/) { $skip = 1; } if (/fan controlled temperature:/i || /fan speed switching temperature thresholds/i) { $skip = 1; } if (/THERMAL PLANE/) { $skip = 1; } if (/temperature:/i) { $skip = 1; } if (/Pressure:/) { $skip = 1; } if (/Altitude:/) { $skip = 1; } s/(Fan \d+ \S+), speed .*/$1/; if (/speed/i) { $skip = 1; } next if $skip; ... If you're running rancid v3, you'll find similar in foundry.pm. What model do you see these on? Could you share most/all of "show chassis", out of curiosity? (It seems odd to me that Altitude is changing by 10m ... Are these on a ship or something?!) Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From davee at ceu.ox.ac.uk Wed Feb 18 15:06:46 2015 From: davee at ceu.ox.ac.uk (Dave Ewart) Date: Wed, 18 Feb 2015 15:06:46 +0000 Subject: [rancid] Foundry (Brocade) environmental details In-Reply-To: References: Message-ID: <20150218150646.GO6696@pandora.ceu.ox.ac.uk> On Wednesday, 18.02.2015 at 14:37 +0000, Jethro R Binks wrote: > On Tue, 17 Feb 2015, Michael Newton wrote: > > > Just set up a couple of Brocade switches and am now getting a lot of > > noise from RANCID when the weather changes in Seattle. > > > > - ! Pressure: 102.1kPa > > - ! Altitude: -133m > > + ! Pressure: 102.0kPa > > + ! Altitude: -122m > > [...] > > (It seems odd to me that Altitude is changing by 10m ... Are these on a > ship or something?!) ... and the altitude readings suggest 122m and 133m *below sea level*! The pressure readings do seem to be approx. Atmospheric Pressure, though ;-) Dave. -- Dave Ewart davee at ceu.ox.ac.uk Computing Manager, Cancer Epidemiology Unit University of Oxford N 51.7516, W 1.2152 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1530 bytes Desc: Digital signature URL: From heas at shrubbery.net Wed Feb 18 17:42:40 2015 From: heas at shrubbery.net (heasley) Date: Wed, 18 Feb 2015 17:42:40 +0000 Subject: [rancid] Foundry (Brocade) environmental details In-Reply-To: <20150218174048.F28EE4A8D8@sea.shrubbery.net> Message-ID: <20150218174240.GA95862@shrubbery.net> Wed, Feb 18, 2015 at 02:37:26PM +0000, Jethro R Binks: > On Tue, 17 Feb 2015, Michael Newton wrote: > > > Just set up a couple of Brocade switches and am now getting a lot of noise > > from RANCID when the weather changes in Seattle. > > > > - ! Pressure: 102.1kPa > > - ! Altitude: -133m > > + ! Pressure: 102.0kPa > > + ! Altitude: -122m > > > > > > This appears to be part of the ?show chassis? output. > > Taking this into account, the sub ShowChassis subroutine in my francid > looks like (I'm not sure how close this would be to what you have): > > If you're running rancid v3, you'll find similar in foundry.pm. Index: foundry.pm.in =================================================================== --- foundry.pm.in (revision 3035) +++ foundry.pm.in (working copy) @@ -174,7 +174,7 @@ if (/THERMAL PLANE/) { $skip = 1; } - if (/temperature:/i) { + if (/(pressure|altitude|temperature):/i) { $skip = 1; } s/(Fan \d+ \S+), speed .*/$1/; > (It seems odd to me that Altitude is changing by 10m ... or why one would care about either. From mnewton at pofp.com Wed Feb 18 06:47:24 2015 From: mnewton at pofp.com (Michael Newton) Date: Wed, 18 Feb 2015 06:47:24 +0000 Subject: [rancid] Foundry (Brocade) environmental details In-Reply-To: <001601d04b46$4e202db0$ea608910$@iname.com> References: , <001601d04b46$4e202db0$ea608910$@iname.com> Message-ID: Yes, that's what I did. It should be added to the Perl module though. Mike Sent using OWA for iPhone ________________________________ From: Frank Bulk Sent: February 17, 2015 10:44:12 PM To: Michael Newton; rancid-discuss at shrubbery.net Subject: RE: Foundry (Brocade) environmental details Just add a few lines to that script to skip those lines. Frank From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Michael Newton Sent: Tuesday, February 17, 2015 12:12 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Foundry (Brocade) environmental details Just set up a couple of Brocade switches and am now getting a lot of noise from RANCID when the weather changes in Seattle. - ! Pressure: 102.1kPa - ! Altitude: -133m + ! Pressure: 102.0kPa + ! Altitude: -122m This appears to be part of the "show chassis" output. (Worth mentioning that one of the advantages of setting up on a site like Github, as recently discussed on the list, is a bug tracker for things like this!) Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Josten at hs-niederrhein.de Thu Feb 19 07:42:17 2015 From: Michael.Josten at hs-niederrhein.de (Josten, Michael) Date: Thu, 19 Feb 2015 08:42:17 +0100 Subject: [rancid] Foundry (Brocade) environmental details In-Reply-To: <20150218174240.GA95862@shrubbery.net> References: <20150218174048.F28EE4A8D8@sea.shrubbery.net> <20150218174240.GA95862@shrubbery.net> Message-ID: <9BDA0B754D62C64FBE6B0CFFA429C47A340E4A2809@prometheus> The changing altitude is a result of the poor implementation brocade did with those sensors. My guess is, they used a chip that measures pressure and then they derive the altitude from that data instead of using a proper altometer. We also get this chatter from an ICX 7750 device. -----Urspr?ngliche Nachricht----- Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von heasley Gesendet: Mittwoch, 18. Februar 2015 18:43 An: Jethro R Binks Cc: rancid-discuss at shrubbery.net Betreff: Re: [rancid] Foundry (Brocade) environmental details Wed, Feb 18, 2015 at 02:37:26PM +0000, Jethro R Binks: > On Tue, 17 Feb 2015, Michael Newton wrote: > > > Just set up a couple of Brocade switches and am now getting a lot of > > noise from RANCID when the weather changes in Seattle. > > > > - ! Pressure: 102.1kPa > > - ! Altitude: -133m > > + ! Pressure: 102.0kPa > > + ! Altitude: -122m > > > > > > This appears to be part of the ?show chassis? output. > > Taking this into account, the sub ShowChassis subroutine in my francid > looks like (I'm not sure how close this would be to what you have): > > If you're running rancid v3, you'll find similar in foundry.pm. Index: foundry.pm.in =================================================================== --- foundry.pm.in (revision 3035) +++ foundry.pm.in (working copy) @@ -174,7 +174,7 @@ if (/THERMAL PLANE/) { $skip = 1; } - if (/temperature:/i) { + if (/(pressure|altitude|temperature):/i) { $skip = 1; } s/(Fan \d+ \S+), speed .*/$1/; > (It seems odd to me that Altitude is changing by 10m ... or why one would care about either. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Thu Feb 19 15:45:38 2015 From: heas at shrubbery.net (heasley) Date: Thu, 19 Feb 2015 15:45:38 +0000 Subject: [rancid] Foundry (Brocade) environmental details In-Reply-To: <9BDA0B754D62C64FBE6B0CFFA429C47A340E4A2809@prometheus> References: <20150218174048.F28EE4A8D8@sea.shrubbery.net> <20150218174240.GA95862@shrubbery.net> <9BDA0B754D62C64FBE6B0CFFA429C47A340E4A2809@prometheus> Message-ID: <20150219154538.GB45433@shrubbery.net> Thu, Feb 19, 2015 at 08:42:17AM +0100, Josten, Michael: > The changing altitude is a result of the poor implementation brocade did with those sensors. why implement it at all? > My guess is, they used a chip that measures pressure and then they derive the altitude from that > data instead of using a proper altometer. We also get this chatter from an ICX 7750 device. are you using the foundry device type for this device? From Michael.Josten at hs-niederrhein.de Thu Feb 19 18:48:37 2015 From: Michael.Josten at hs-niederrhein.de (Josten, Michael) Date: Thu, 19 Feb 2015 19:48:37 +0100 Subject: [rancid] Foundry (Brocade) environmental details In-Reply-To: <20150219154538.GB45433@shrubbery.net> References: <20150218174048.F28EE4A8D8@sea.shrubbery.net> <20150218174240.GA95862@shrubbery.net> <9BDA0B754D62C64FBE6B0CFFA429C47A340E4A2809@prometheus>, <20150219154538.GB45433@shrubbery.net> Message-ID: <9BDA0B754D62C64FBE6B0CFFA429C47A340E4F1520@prometheus> I don't understand your question, sorry. The ICX 7750 is a switch from brocade / foundry. I configured it as a foundry device in the router.db it that was the thing you want to know. ________________________________________ Von: heasley [heas at shrubbery.net] Gesendet: Donnerstag, 19. Februar 2015 16:45 An: Josten, Michael Cc: rancid-discuss at shrubbery.net Betreff: Re: [rancid] Foundry (Brocade) environmental details Thu, Feb 19, 2015 at 08:42:17AM +0100, Josten, Michael: > The changing altitude is a result of the poor implementation brocade did with those sensors. why implement it at all? > My guess is, they used a chip that measures pressure and then they derive the altitude from that > data instead of using a proper altometer. We also get this chatter from an ICX 7750 device. are you using the foundry device type for this device? From heas at shrubbery.net Thu Feb 19 18:58:14 2015 From: heas at shrubbery.net (heasley) Date: Thu, 19 Feb 2015 18:58:14 +0000 Subject: [rancid] Foundry (Brocade) environmental details In-Reply-To: <9BDA0B754D62C64FBE6B0CFFA429C47A340E4F1520@prometheus> References: <20150218174048.F28EE4A8D8@sea.shrubbery.net> <20150218174240.GA95862@shrubbery.net> <9BDA0B754D62C64FBE6B0CFFA429C47A340E4A2809@prometheus> <20150219154538.GB45433@shrubbery.net> <9BDA0B754D62C64FBE6B0CFFA429C47A340E4F1520@prometheus> Message-ID: <20150219185814.GM45433@shrubbery.net> Thu, Feb 19, 2015 at 07:48:37PM +0100, Josten, Michael: > I don't understand your question, sorry. The ICX 7750 is a switch from brocade / foundry. I configured it as a foundry device in the router.db > it that was the thing you want to know. exactly. I didn't know if it worked as type foundry; so I didn't know if the filter needed to also be applied elsewhere. From s.felici at mclink.eu Wed Feb 25 10:41:12 2015 From: s.felici at mclink.eu (Simone Felici) Date: Wed, 25 Feb 2015 11:41:12 +0100 Subject: [rancid] Question about custom command-file and expect Message-ID: <54EDA6C8.8000607@mclink.eu> Hello, I would like to connect on a device using rancid and execute some commands *only* in some circumstances. clogin works perfectly to login and using -x to specify a command-list file or -c to execute commands works as well. But what I need is that, based on the response of a command I could execute another command or not. I.e., after login on a router, executing: #show ip route IF I obtain: % Subnet not in table I need to execute some commands. If I obtain: Routing entry for (...) THEN I need to do something different. I've seen there is a [-s script-file] where I could add an expect script. Trying to use it, seems the whole content of clogin is bypassed using the script file. Would be possible to use clogin for login action and then, at the end, use only the script-file to add the rest of the commands with the IF-THEN-ELSE logic? Thanks for the help! Simon From alan.mckinnon at gmail.com Wed Feb 25 11:25:56 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 25 Feb 2015 13:25:56 +0200 Subject: [rancid] Question about custom command-file and expect In-Reply-To: <54EDA6C8.8000607@mclink.eu> References: <54EDA6C8.8000607@mclink.eu> Message-ID: <20150225132556.2f3dee20@hobbit> On Wed, 25 Feb 2015 11:41:12 +0100 Simone Felici wrote: > > Hello, > > I would like to connect on a device using rancid and execute some > commands *only* in some circumstances. clogin works perfectly to > login and using -x to specify a command-list file or -c to execute > commands works as well. But what I need is that, based on the > response of a command I could execute another command or not. > > I.e., after login on a router, executing: > > #show ip route > > IF I obtain: > > % Subnet not in table > > I need to execute some commands. > > If I obtain: > Routing entry for > (...) > > THEN I need to do something different. > > I've seen there is a [-s script-file] where I could add an expect > script. Trying to use it, seems the whole content of clogin is > bypassed using the script file. Would be possible to use clogin for > login action and then, at the end, use only the script-file to add > the rest of the commands with the IF-THEN-ELSE logic? > > Thanks for the help! I think you are trying to solve a problem that does not exist. Rancid won't run a command like this: show ip route Instead, it will show all the routes, grab all of them, sort all of them and put the whole lot into cvs. Running specific commands like you suggest breaks the rancid model, which is to track everything in a repeatable way so that the only differences are configurations. I can't think of a circumstance where you would want to do what you describe. If that was just an example for illustration, perhaps you could describe the real problem? Alan From heas at shrubbery.net Wed Feb 25 12:52:48 2015 From: heas at shrubbery.net (Heasley) Date: Wed, 25 Feb 2015 12:52:48 +0000 Subject: [rancid] Question about custom command-file and expect In-Reply-To: <20150225132556.2f3dee20@hobbit> References: <54EDA6C8.8000607@mclink.eu> <20150225132556.2f3dee20@hobbit> Message-ID: Am 25.02.2015 um 11:25 schrieb Alan McKinnon : > > On Wed, 25 Feb 2015 11:41:12 +0100 > Simone Felici wrote: > >> >> Hello, >> >> I would like to connect on a device using rancid and execute some >> commands *only* in some circumstances. clogin works perfectly to >> login and using -x to specify a command-list file or -c to execute >> commands works as well. But what I need is that, based on the >> response of a command I could execute another command or not. >> >> I.e., after login on a router, executing: >> >> #show ip route >> >> IF I obtain: >> >> % Subnet not in table >> >> I need to execute some commands. >> >> If I obtain: >> Routing entry for >> (...) >> >> THEN I need to do something different. >> >> I've seen there is a [-s script-file] where I could add an expect >> script. Trying to use it, seems the whole content of clogin is >> bypassed using the script file. Would be possible to use clogin for >> login action and then, at the end, use only the script-file to add >> the rest of the commands with the IF-THEN-ELSE logic? >> >> Thanks for the help! > > I think you are trying to solve a problem that does not exist. Rancid > won't run a command like this: > > show ip route > > Instead, it will show all the routes, grab all of them, sort all of > them and put the whole lot into cvs. Running specific commands like you > suggest breaks the rancid model, which is to track everything in a > repeatable way so that the only differences are configurations. > > I can't think of a circumstance where you would want to do what you > describe. If that was just an example for illustration, perhaps you > could describe the real problem? > I think he is using clogin to retrieve data. In that case he could retrieve o/p, disconnect, makes choices and connect again, using -x or -c. Or use -s. Rancid comes with some examples for -s; see the share dir. > Alan > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From ryanmilton74 at gmail.com Wed Feb 25 13:13:50 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Wed, 25 Feb 2015 08:13:50 -0500 Subject: [rancid] Juniper Message-ID: <711552eab186a25b250d3285955b24@ip-10-0-3-72> An HTML attachment was scrubbed... URL: From ryanmilton74 at gmail.com Wed Feb 25 14:10:54 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Wed, 25 Feb 2015 09:10:54 -0500 Subject: [rancid] Juniper In-Reply-To: <1424873344516.55577@tsone.net.uk> References: <711552eab186a25b250d3285955b24@ip-10-0-3-72> <1424873344516.55577@tsone.net.uk> Message-ID: I'll try it!! Ryan Douglass Milton On Wed, Feb 25, 2015 at 9:09 AM, Thomas Greer wrote: > ### set system login class RANCID permissions access > ### set system login class RANCID permissions admin > ### set system login class RANCID permissions firewall > ### set system login class RANCID permissions flow-tap > ### set system login class RANCID permissions interface > ### set system login class RANCID permissions network > ### set system login class RANCID permissions routing > ### set system login class RANCID permissions secret > ### set system login class RANCID permissions security > ### set system login class RANCID permissions snmp > ### set system login class RANCID permissions storage > ### set system login class RANCID permissions system > ### set system login class RANCID permissions trace > ### set system login class RANCID permissions view > ### set system login class RANCID permissions view-configuration > > set system login user rancid class RANCID > ? > > ------------------------------ > *From:* Rancid-discuss on behalf > of Ryan Milton > *Sent:* 25 February 2015 13:13 > *To:* Rancid-discuss at shrubbery.net > *Subject:* [rancid] Juniper > > > So I'm very happy to have my rancid working now, but I would like to know > if there are examples of access accounts that people are using for their > rancid user for Juniper devices. > > I created a "view-configuration" class, but it seems that rancid really > wants to run in edit mode, so currently unless I've given super-user > access, it doesn't see the changes. > > Not secure, obviously. > > Any recommendations? > > Thank you in advance! > > Ryan > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ryanmilton74 at gmail.com Wed Feb 25 14:27:25 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Wed, 25 Feb 2015 09:27:25 -0500 Subject: [rancid] Juniper In-Reply-To: References: <711552eab186a25b250d3285955b24@ip-10-0-3-72> <1424873344516.55577@tsone.net.uk> Message-ID: so simple I'm embarrasses! it works! halleluja! Ryan Douglass Milton On Wed, Feb 25, 2015 at 9:10 AM, Ryan Milton wrote: > I'll try it!! > > > Ryan Douglass Milton > > > On Wed, Feb 25, 2015 at 9:09 AM, Thomas Greer wrote: > >> ### set system login class RANCID permissions access >> ### set system login class RANCID permissions admin >> ### set system login class RANCID permissions firewall >> ### set system login class RANCID permissions flow-tap >> ### set system login class RANCID permissions interface >> ### set system login class RANCID permissions network >> ### set system login class RANCID permissions routing >> ### set system login class RANCID permissions secret >> ### set system login class RANCID permissions security >> ### set system login class RANCID permissions snmp >> ### set system login class RANCID permissions storage >> ### set system login class RANCID permissions system >> ### set system login class RANCID permissions trace >> ### set system login class RANCID permissions view >> ### set system login class RANCID permissions view-configuration >> >> set system login user rancid class RANCID >> ? >> >> ------------------------------ >> *From:* Rancid-discuss on behalf >> of Ryan Milton >> *Sent:* 25 February 2015 13:13 >> *To:* Rancid-discuss at shrubbery.net >> *Subject:* [rancid] Juniper >> >> >> So I'm very happy to have my rancid working now, but I would like to know >> if there are examples of access accounts that people are using for their >> rancid user for Juniper devices. >> >> I created a "view-configuration" class, but it seems that rancid really >> wants to run in edit mode, so currently unless I've given super-user >> access, it doesn't see the changes. >> >> Not secure, obviously. >> >> Any recommendations? >> >> Thank you in advance! >> >> Ryan >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ricardo.ferreira at elephanttalk.com Wed Feb 25 15:25:50 2015 From: ricardo.ferreira at elephanttalk.com (Ricardo Ferreira) Date: Wed, 25 Feb 2015 16:25:50 +0100 Subject: [rancid] Show Removed Passwords Message-ID: <54EDE97E.9060204@elephanttalk.com> Hi there, by default rancid removes passwords from the configuration. Is it possible to counter this behavior? Thank You -- - no title specified Kind regards / Met vriendelijke groet / Saludos, Ricardo Ferreira Core IP Network Elephant Talk Communications -------------- next part -------------- An HTML attachment was scrubbed... URL: From ricardo.ferreira at elephanttalk.com Wed Feb 25 15:35:32 2015 From: ricardo.ferreira at elephanttalk.com (Ricardo Ferreira) Date: Wed, 25 Feb 2015 16:35:32 +0100 Subject: [rancid] Show Removed Passwords In-Reply-To: References: <54EDE97E.9060204@elephanttalk.com> Message-ID: <54EDEBC4.6060307@elephanttalk.com> found it, thanks a lot guys! - no title specified Kind regards / Met vriendelijke groet / Saludos, Ricardo Ferreira Core IP Network Elephant Talk Communications On 25/02/15 16:34, Heasley wrote: > > Am 25.02.2015 um 16:25 schrieb Ricardo Ferreira > >: > >> Hi there, >> by default rancid removes passwords from the configuration. >> Is it possible to counter this behavior? > > See rancid.conf(5) > >> Thank You >> >> -- >> - no title specified >> >> Kind regards / Met vriendelijke groet / Saludos, >> >> Ricardo Ferreira >> >> Core IP Network >> >> Elephant Talk Communications >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From ryanmilton74 at gmail.com Wed Feb 25 16:26:22 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Wed, 25 Feb 2015 11:26:22 -0500 Subject: [rancid] Juniper In-Reply-To: References: <711552eab186a25b250d3285955b24@ip-10-0-3-72> <1424873344516.55577@tsone.net.uk> Message-ID: Trying on an ASA, but having login problems. Here is what I have: add method 192.168.77.241 {ssh} add user 192.168.77.241 {rancid} add password 192.168.77.241 (Welcome1} {welcome} username rancid password Xu5IkiGmz1nmz4Gv encrypted privilege 4 privilege cmd level 4 mode exec command show privilege show level 4 mode exec command running-config Error I get: rancid at FP-RANCID:/var/lib/rancid/networking$ /var/lib/rancid/bin/clogin 192.168.77.241 72.28.107.174 spawn ssh -c 3des -x -l rancid 192.168.77.241 rancid at 192.168.77.241's password: Permission denied, please try again. rancid at 192.168.77.241's password: Error: Check your passwd for 192.168.77.241 Ryan Douglass Milton On Wed, Feb 25, 2015 at 9:27 AM, Ryan Milton wrote: > so simple I'm embarrasses! it works! halleluja! > > > Ryan Douglass Milton > > > On Wed, Feb 25, 2015 at 9:10 AM, Ryan Milton > wrote: > >> I'll try it!! >> >> >> Ryan Douglass Milton >> >> >> On Wed, Feb 25, 2015 at 9:09 AM, Thomas Greer >> wrote: >> >>> ### set system login class RANCID permissions access >>> ### set system login class RANCID permissions admin >>> ### set system login class RANCID permissions firewall >>> ### set system login class RANCID permissions flow-tap >>> ### set system login class RANCID permissions interface >>> ### set system login class RANCID permissions network >>> ### set system login class RANCID permissions routing >>> ### set system login class RANCID permissions secret >>> ### set system login class RANCID permissions security >>> ### set system login class RANCID permissions snmp >>> ### set system login class RANCID permissions storage >>> ### set system login class RANCID permissions system >>> ### set system login class RANCID permissions trace >>> ### set system login class RANCID permissions view >>> ### set system login class RANCID permissions view-configuration >>> >>> set system login user rancid class RANCID >>> ? >>> >>> ------------------------------ >>> *From:* Rancid-discuss on behalf >>> of Ryan Milton >>> *Sent:* 25 February 2015 13:13 >>> *To:* Rancid-discuss at shrubbery.net >>> *Subject:* [rancid] Juniper >>> >>> >>> So I'm very happy to have my rancid working now, but I would like to >>> know if there are examples of access accounts that people are using for >>> their rancid user for Juniper devices. >>> >>> I created a "view-configuration" class, but it seems that rancid really >>> wants to run in edit mode, so currently unless I've given super-user >>> access, it doesn't see the changes. >>> >>> Not secure, obviously. >>> >>> Any recommendations? >>> >>> Thank you in advance! >>> >>> Ryan >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at foobar.org Wed Feb 25 16:29:55 2015 From: nick at foobar.org (Nick Hilliard) Date: Wed, 25 Feb 2015 16:29:55 +0000 Subject: [rancid] Juniper In-Reply-To: References: <711552eab186a25b250d3285955b24@ip-10-0-3-72> <1424873344516.55577@tsone.net.uk> Message-ID: <54EDF883.8040804@foobar.org> On 25/02/2015 16:26, Ryan Milton wrote: > add password 192.168.77.241 (Welcome1} {welcome} Is that '(' before the password a typo? Nick From ryanmilton74 at gmail.com Wed Feb 25 17:03:24 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Wed, 25 Feb 2015 12:03:24 -0500 Subject: [rancid] Juniper In-Reply-To: References: <711552eab186a25b250d3285955b24@ip-10-0-3-72> <1424873344516.55577@tsone.net.uk> <54EDF883.8040804@foobar.org> Message-ID: seems to work (sheepish grin) Ryan Douglass Milton On Wed, Feb 25, 2015 at 12:00 PM, Ryan Milton wrote: > Yes, let me see.... > > > Ryan Douglass Milton > > > On Wed, Feb 25, 2015 at 11:29 AM, Nick Hilliard wrote: > >> On 25/02/2015 16:26, Ryan Milton wrote: >> > add password 192.168.77.241 (Welcome1} {welcome} >> >> Is that '(' before the password a typo? >> >> Nick >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ryanmilton74 at gmail.com Wed Feb 25 17:00:58 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Wed, 25 Feb 2015 12:00:58 -0500 Subject: [rancid] Juniper In-Reply-To: <54EDF883.8040804@foobar.org> References: <711552eab186a25b250d3285955b24@ip-10-0-3-72> <1424873344516.55577@tsone.net.uk> <54EDF883.8040804@foobar.org> Message-ID: Yes, let me see.... Ryan Douglass Milton On Wed, Feb 25, 2015 at 11:29 AM, Nick Hilliard wrote: > On 25/02/2015 16:26, Ryan Milton wrote: > > add password 192.168.77.241 (Welcome1} {welcome} > > Is that '(' before the password a typo? > > Nick > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tgreer at tsone.net.uk Wed Feb 25 14:09:04 2015 From: tgreer at tsone.net.uk (Thomas Greer) Date: Wed, 25 Feb 2015 14:09:04 +0000 Subject: [rancid] Juniper In-Reply-To: <711552eab186a25b250d3285955b24@ip-10-0-3-72> References: <711552eab186a25b250d3285955b24@ip-10-0-3-72> Message-ID: <1424873344516.55577@tsone.net.uk> ### set system login class RANCID permissions access ### set system login class RANCID permissions admin ### set system login class RANCID permissions firewall ### set system login class RANCID permissions flow-tap ### set system login class RANCID permissions interface ### set system login class RANCID permissions network ### set system login class RANCID permissions routing ### set system login class RANCID permissions secret ### set system login class RANCID permissions security ### set system login class RANCID permissions snmp ### set system login class RANCID permissions storage ### set system login class RANCID permissions system ### set system login class RANCID permissions trace ### set system login class RANCID permissions view ### set system login class RANCID permissions view-configuration set system login user rancid class RANCID ? ________________________________ From: Rancid-discuss on behalf of Ryan Milton Sent: 25 February 2015 13:13 To: Rancid-discuss at shrubbery.net Subject: [rancid] Juniper So I'm very happy to have my rancid working now, but I would like to know if there are examples of access accounts that people are using for their rancid user for Juniper devices. I created a "view-configuration" class, but it seems that rancid really wants to run in edit mode, so currently unless I've given super-user access, it doesn't see the changes. Not secure, obviously. Any recommendations? Thank you in advance! Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: From pawel.rzepa at gmail.com Wed Feb 25 13:07:13 2015 From: pawel.rzepa at gmail.com (=?UTF-8?B?UGF3ZcWCIFJ6ZXBh?=) Date: Wed, 25 Feb 2015 14:07:13 +0100 Subject: [rancid] Question about custom command-file and expect In-Reply-To: <20150225132556.2f3dee20@hobbit> References: <54EDA6C8.8000607@mclink.eu> <20150225132556.2f3dee20@hobbit> Message-ID: <54EDC901.90800@gmail.com> W dniu 25.02.2015 o 12:25, Alan McKinnon pisze: > On Wed, 25 Feb 2015 11:41:12 +0100 > Simone Felici wrote: > >> Hello, >> >> I would like to connect on a device using rancid and execute some >> commands *only* in some circumstances. clogin works perfectly to >> login and using -x to specify a command-list file or -c to execute >> commands works as well. But what I need is that, based on the >> response of a command I could execute another command or not. >> >> I.e., after login on a router, executing: >> >> #show ip route >> >> IF I obtain: >> >> % Subnet not in table >> >> I need to execute some commands. >> >> If I obtain: >> Routing entry for >> (...) >> >> THEN I need to do something different. >> >> I've seen there is a [-s script-file] where I could add an expect >> script. Trying to use it, seems the whole content of clogin is >> bypassed using the script file. Would be possible to use clogin for >> login action and then, at the end, use only the script-file to add >> the rest of the commands with the IF-THEN-ELSE logic? >> >> Thanks for the help! > I think you are trying to solve a problem that does not exist. Rancid > won't run a command like this: > > show ip route > > Instead, it will show all the routes, grab all of them, sort all of > them and put the whole lot into cvs. Running specific commands like you > suggest breaks the rancid model, which is to track everything in a > repeatable way so that the only differences are configurations. > > I can't think of a circumstance where you would want to do what you > describe. If that was just an example for illustration, perhaps you > could describe the real problem? > > Alan > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss Hi, What about running rancid twice? First you run rancid with 'show-ip-route-or-anything-else', then parse the output with whatever you want (perl/bash/etc) and depending on the result run rancid for the second time with your new commands? Maybe it against the idea of rancid, requires to connect to the remote device twice so it is not as fast as for the single run, but is quick to implement and does its job. Regards, Pawel From Douglas.Hughes at DEShawResearch.com Wed Feb 25 22:01:44 2015 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Wed, 25 Feb 2015 22:01:44 +0000 Subject: [rancid] Question about custom command-file and expect In-Reply-To: <54EDA6C8.8000607@mclink.eu> References: <54EDA6C8.8000607@mclink.eu> Message-ID: This is definitely possible, though you need to dig out your Perl coding skills. It's not that hard with a little bit of perl, but you need to be prepared to edit the rancid file corresponding to your device (e.g. crancid or jrancid or whatever) Then it's just adding the if condition (like the "next if" already there) and perhaps calling a new subroutine, or perhaps just handling it in a { } block if it's short enough. It's not a standard feature, though. -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Simone Felici Sent: Wednesday, February 25, 2015 5:41 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Question about custom command-file and expect Hello, I would like to connect on a device using rancid and execute some commands *only* in some circumstances. clogin works perfectly to login and using -x to specify a command-list file or -c to execute commands works as well. But what I need is that, based on the response of a command I could execute another command or not. I.e., after login on a router, executing: #show ip route IF I obtain: % Subnet not in table I need to execute some commands. If I obtain: Routing entry for (...) THEN I need to do something different. I've seen there is a [-s script-file] where I could add an expect script. Trying to use it, seems the whole content of clogin is bypassed using the script file. Would be possible to use clogin for login action and then, at the end, use only the script-file to add the rest of the commands with the IF-THEN-ELSE logic? Thanks for the help! Simon _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From bob.franzke at altn.com Wed Feb 25 22:39:00 2015 From: bob.franzke at altn.com (Robert Franzke) Date: Wed, 25 Feb 2015 16:39:00 -0600 Subject: [rancid] Radware/Alteon Interactive Commands Message-ID: So I recently upgraded the code on my Alteon 4408 Load Balancers. Since this upgrade, when running the /c/dump command listed in arancid to print out the current config while having some type of SSL certificate installed on the device, the device asks you if you want to Display the Private Keys and expects the user to reply with a ?y? or ?n? like so: >> ALTEON-A - Standalone ADC - Main# /c/d Display private keys? [y/n]: This hangs RANCID up and causes the device config to not be retrieved. Is there some way to fix this in the list of commands in alogin/arancid such that the script would catch the ?Display private keys? [y/n]:? and then send a ?n?? I am not too sure which file I would add this too to fix this. Any help here would be very much appreciated. Thanks in advance. Bob Franzke -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Feb 26 09:38:37 2015 From: heas at shrubbery.net (heasley) Date: Thu, 26 Feb 2015 09:38:37 +0000 Subject: [rancid] Radware/Alteon Interactive Commands In-Reply-To: References: Message-ID: <20150226093837.GB88419@shrubbery.net> Wed, Feb 25, 2015 at 04:39:00PM -0600, Robert Franzke: > So I recently upgraded the code on my Alteon 4408 Load Balancers. Since this upgrade, when running the /c/dump command listed in arancid to print out the current config while having some type of SSL certificate installed on the device, the device asks you if you want to Display the Private Keys and expects the user to reply with a ?y? or ?n? like so: > > >> ALTEON-A - Standalone ADC - Main# /c/d > Display private keys? [y/n]: > > This hangs RANCID up and causes the device config to not be retrieved. Is there some way to fix this in the list of commands in alogin/arancid such that the script would catch the ?Display private keys? [y/n]:? and then send a ?n?? I am not too sure which file I would add this too to fix this. is there a configuration knob or argument to /c/dump to tell it not to prompt? From Bob.Franzke at altn.com Thu Feb 26 12:20:56 2015 From: Bob.Franzke at altn.com (Bob Franzke) Date: Thu, 26 Feb 2015 06:20:56 -0600 Subject: [rancid] Radware/Alteon Interactive Commands In-Reply-To: <20150226093837.GB88419@shrubbery.net> References: <20150226093837.GB88419@shrubbery.net> Message-ID: <9C96D799-3F4C-4B92-BE7D-7855199303FF@altn.com> There is not unfortunately. You could remove the certificate and it would no longer prompt but those are needed. > On Feb 26, 2015, at 3:39 AM, heasley wrote: > > Wed, Feb 25, 2015 at 04:39:00PM -0600, Robert Franzke: >> So I recently upgraded the code on my Alteon 4408 Load Balancers. Since this upgrade, when running the /c/dump command listed in arancid to print out the current config while having some type of SSL certificate installed on the device, the device asks you if you want to Display the Private Keys and expects the user to reply with a ?y? or ?n? like so: >> >>>> ALTEON-A - Standalone ADC - Main# /c/d >> Display private keys? [y/n]: >> >> This hangs RANCID up and causes the device config to not be retrieved. Is there some way to fix this in the list of commands in alogin/arancid such that the script would catch the ?Display private keys? [y/n]:? and then send a ?n?? I am not too sure which file I would add this too to fix this. > > is there a configuration knob or argument to /c/dump to tell it not to prompt? From mnewton at pofp.com Sat Feb 28 00:18:17 2015 From: mnewton at pofp.com (Michael Newton) Date: Sat, 28 Feb 2015 00:18:17 +0000 Subject: [rancid] Error with 10 character prompts Message-ID: <7E15AA31-38B2-42FA-8BA2-518A7F08B5B7@pofp.com> I?ve come across a bit of an odd problem in clogin, I believe it shows up with prompts that are ten characters long, and the tenth character would need escaping if it were put in a regex. I modified clogin to show me what it was building for a prompt and this is what I saw: (ThisLong) # reprompt is \(ThisLong\([^#>\r\n]+)?[#>](\([^)\r\n]+\))? (ThisIsLonger) # reprompt is \(ThisIsLon([^#>\r\n]+)?[#>](\([^)\r\n]+\))? Notice on the shorter prompt, the parenthesis in the regex ends up being escaped, I suspect because the prompt is being escaped and then trimmed. The problem code is right near the top of run_commands(). Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5966 bytes Desc: not available URL: From ryanmilton74 at gmail.com Sat Feb 28 17:02:01 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Sat, 28 Feb 2015 12:02:01 -0500 Subject: [rancid] Cisco troubles Message-ID: I have two Cisco 3750s... one is behaving on the updates. This second keeps sending back odd messages: Index: configs/192.168.80.1 =================================================================== - -- configs/192.168.80.1 (revision 66) @@ -40,7 +40,6 @@ !Flash: 32514048 bytes total (9830400 bytes free) ! !Flash: nvram: Translating "l"...domain server (255.255.255.255) - !Flash: sec-disk2: Translating "l"...domain server (255.255.255.255) ! !NAME: "Cat37xx Stacking", DESCR: "Catalyst 37xx Switch Stack" !NAME: "1", DESCR: "WS-C3750G-48TS" Is this just a "no ip domain-lookup" issue, or something else? Ryan Douglass Milton -------------- next part -------------- An HTML attachment was scrubbed... URL: From mvoity at uvm.edu Sat Feb 28 17:33:59 2015 From: mvoity at uvm.edu (Michael T. Voity) Date: Sat, 28 Feb 2015 12:33:59 -0500 Subject: [rancid] Cisco ASA 5585 mufti context Message-ID: <54F1FC07.5000304@uvm.edu> Hello, Up until recently my rancid 3.0 has been working fine and reporting the correct changes with changes from the correct context. I have 3 of my 7 contexts that are barking about these changes every couple hours, even thought the changes haven't been made - 2200 e-mail : Index: configs/active-dir-asa =================================================================== retrieving revision 1.219 diff -U 4 -r1.219 active-dir-asa @@ -829,7 +829,6 @@ privilege cmd level 2 mode exec command show privilege show level 2 mode exec command nameif privilege show level 2 mode exec command object-group privilege show level 2 mode exec command access-list - privilege show level 2 mode configure command access-list privilege cmd level 2 mode configure command enable : end 2300 email: Index: configs/active-dir-asa =================================================================== retrieving revision 1.220 diff -U 4 -r1.220 active-dir-asa @@ -829,6 +829,7 @@ privilege cmd level 2 mode exec command show privilege show level 2 mode exec command nameif privilege show level 2 mode exec command object-group privilege show level 2 mode exec command access-list + privilege show level 2 mode configure command access-list privilege cmd level 2 mode configure command enable : end Ideas? -Mike -- Michael T. Voity Network Engineer University of Vermont