From jackoregan at gmail.com Thu Oct 1 14:07:17 2015 From: jackoregan at gmail.com (Jack O Regan) Date: Thu, 1 Oct 2015 15:07:17 +0100 Subject: [rancid] how to create custom devices In-Reply-To: References: Message-ID: Hi All, I want to create some custom devices in rancid but I can't find a guide that makes sense to me. I have some virtual contexts that I want to get the config from. I also have some non-cisco devices that I need to get too. I just need to know what are the files I need to create/edit. Regards, Jack -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Oct 1 20:42:39 2015 From: heas at shrubbery.net (heasley) Date: Thu, 1 Oct 2015 20:42:39 +0000 Subject: [rancid] how to create custom devices In-Reply-To: References: Message-ID: <20151001204239.GE84368@shrubbery.net> Thu, Oct 01, 2015 at 03:07:17PM +0100, Jack O Regan: > I want to create some custom devices in rancid but I can't find a guide > that makes sense to me. I have some virtual contexts that I want to get the > config from. I also have some non-cisco devices that I need to get too. I > just need to know what are the files I need to create/edit. the current FAQ, see rancid webpage, has a section about this. From fra.nospam.nk at gmx.de Thu Oct 1 20:58:05 2015 From: fra.nospam.nk at gmx.de (Frank Fegert) Date: Thu, 1 Oct 2015 22:58:05 +0200 Subject: [rancid] Patch to srancid for improved handling of Dell PowerConnect M-Series switches Message-ID: <20151001205805.GA16337@dyndns.org> Hello all, i'd like to propose the attached patch to srancid for an improved hand- ling of Dell PowerConnect M-Series switch devices. The patched version was successfully tested against the Dell PowerConnect M6348 and M8024-k models. Besides some general output beautification -- additional section headers and newlines -- it basically deals with the system uptime data in the "show version" output. It also filters the temperature values from the sensors in the "show system" output. For output samples of both commands see below. Can you please consider the provided patch for inclusion in the next rancid release? Thanks & best regards, Frank Fegert ## "show version" sample ############################################## switch1# show version System Description................ Dell Ethernet Switch System Up Time.................... 90 days, 04h:48m:41s System Contact.................... System Name....................... System Location................... Burned In MAC Address............. F8B1.566E.4AFB System Object ID.................. 1.3.6.1.4.1.674.10895.3041 System Model ID................... PCM8024-k Machine Type...................... PowerConnect M8024-k unit image1 image2 current-active next-active ---- ----------- ----------- -------------- -------------- 1 5.1.3.7 5.1.8.2 image2 image2 2 5.1.3.7 5.1.8.2 image2 image2 ## "show system" sample ############################################### switch1# show system System Description: Dell Ethernet Switch System Up Time: 90 days, 04h:48m:19s System Contact: System Name: System Location: Burned In MAC Address: F8B1.566E.4AFB System Object ID: 1.3.6.1.4.1.674.10895.3041 System Model ID: PCM8024-k Machine Type: PowerConnect M8024-k Temperature Sensors: Unit Description Temperature Status (Celsius) ---- ----------- ----------- ------ 1 System 39 Good 2 System 39 Good Power Supplies: Unit Description Status ---- ----------- ----------- NA NA NA NA NA NA -------------- next part -------------- A non-text attachment was scrubbed... Name: srancid.in.patch Type: text/x-diff Size: 2750 bytes Desc: not available URL: From jbaird at follett.com Mon Oct 5 15:00:13 2015 From: jbaird at follett.com (Baird, Josh) Date: Mon, 5 Oct 2015 15:00:13 +0000 Subject: [rancid] Adding JunOS Commands Message-ID: Hi, I use configuration groups in JunOS, so I would like to add 'show configuration | display inheritance no comments' to the list of commands that gets executed against Juniper devices. Can someone point me in the right direction? Thanks, Josh -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Oct 5 15:22:45 2015 From: heas at shrubbery.net (heasley) Date: Mon, 5 Oct 2015 15:22:45 +0000 Subject: [rancid] Adding JunOS Commands In-Reply-To: References: Message-ID: <20151005152245.GA85011@shrubbery.net> Mon, Oct 05, 2015 at 03:00:13PM +0000, Baird, Josh: > Hi, > > I use configuration groups in JunOS, so I would like to add 'show configuration | display inheritance no comments' to the list of commands that gets executed against Juniper devices. Can someone point me in the right direction? use rancid 3.2, see rancid.type.conf(5). From jbaird at follett.com Mon Oct 5 15:32:10 2015 From: jbaird at follett.com (Baird, Josh) Date: Mon, 5 Oct 2015 15:32:10 +0000 Subject: [rancid] Adding JunOS Commands In-Reply-To: <20151005152245.GA85011@shrubbery.net> References: <20151005152245.GA85011@shrubbery.net> Message-ID: Thanks, I copied the following block from /etc/rancid/rancid.types.base to /etc/rancid/rancid.types.conf: juniper;script;rancid -t juniper juniper;login;jlogin juniper;module;junos juniper;inloop;junos::inloop juniper;command;junos::ShowChassisClocks;show chassis clocks juniper;command;junos::ShowChassisEnvironment;show chassis environment juniper;command;junos::ShowChassisFirmware;show chassis firmware juniper;command;junos::ShowChassisFpcDetail;show chassis fpc detail juniper;command;junos::ShowChassisHardware;show chassis hardware detail juniper;command;junos::ShowChassisHardware;show chassis hardware models juniper;command;junos::ShowChassisRoutingEngine;show chassis routing-engine juniper;command;junos::ShowChassisSCB;show chassis scb juniper;command;junos::ShowChassisSCB;show chassis sfm detail juniper;command;junos::ShowChassisSCB;show chassis ssb juniper;command;junos::ShowChassisSCB;show chassis feb detail juniper;command;junos::ShowChassisSCB;show chassis feb juniper;command;junos::ShowChassisSCB;show chassis cfeb juniper;command;junos::ShowChassisAlarms;show chassis alarms juniper;command;junos::ShowSystemLicense;show system license juniper;command;junos::ShowSystemBootMessages;show system boot-messages juniper;command;junos::ShowSystemCoreDumps;show system core-dumps juniper;command;junos::ShowVersion;show version detail juniper;command;junos::ShowConfiguration;show configuration Then, I added the following line to the bottom of /etc/rancid/rancid.types.conf: juniper;command;junos::ShowConfigurationOmit;show configuration | display omit Does this look correct? The new command is not being ran. Thanks, Josh > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Monday, October 05, 2015 11:23 AM > To: Baird, Josh > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Adding JunOS Commands > > Mon, Oct 05, 2015 at 03:00:13PM +0000, Baird, Josh: > > Hi, > > > > I use configuration groups in JunOS, so I would like to add 'show > configuration | display inheritance no comments' to the list of commands > that gets executed against Juniper devices. Can someone point me in the > right direction? > > use rancid 3.2, see rancid.type.conf(5). From heas at shrubbery.net Mon Oct 5 15:39:14 2015 From: heas at shrubbery.net (heasley) Date: Mon, 5 Oct 2015 15:39:14 +0000 Subject: [rancid] Adding JunOS Commands In-Reply-To: References: <20151005152245.GA85011@shrubbery.net> Message-ID: <20151005153914.GB85011@shrubbery.net> Mon, Oct 05, 2015 at 03:32:10PM +0000, Baird, Josh: > Thanks, I copied the following block from /etc/rancid/rancid.types.base to /etc/rancid/rancid.types.conf: > > juniper;script;rancid -t juniper > juniper;login;jlogin > juniper;module;junos > juniper;inloop;junos::inloop > juniper;command;junos::ShowChassisClocks;show chassis clocks > juniper;command;junos::ShowChassisEnvironment;show chassis environment > juniper;command;junos::ShowChassisFirmware;show chassis firmware > juniper;command;junos::ShowChassisFpcDetail;show chassis fpc detail > juniper;command;junos::ShowChassisHardware;show chassis hardware detail > juniper;command;junos::ShowChassisHardware;show chassis hardware models > juniper;command;junos::ShowChassisRoutingEngine;show chassis routing-engine > juniper;command;junos::ShowChassisSCB;show chassis scb > juniper;command;junos::ShowChassisSCB;show chassis sfm detail > juniper;command;junos::ShowChassisSCB;show chassis ssb > juniper;command;junos::ShowChassisSCB;show chassis feb detail > juniper;command;junos::ShowChassisSCB;show chassis feb > juniper;command;junos::ShowChassisSCB;show chassis cfeb > juniper;command;junos::ShowChassisAlarms;show chassis alarms > juniper;command;junos::ShowSystemLicense;show system license > juniper;command;junos::ShowSystemBootMessages;show system boot-messages > juniper;command;junos::ShowSystemCoreDumps;show system core-dumps > juniper;command;junos::ShowVersion;show version detail > juniper;command;junos::ShowConfiguration;show configuration > > Then, I added the following line to the bottom of /etc/rancid/rancid.types.conf: > > juniper;command;junos::ShowConfigurationOmit;show configuration | display omit > > Does this look correct? The new command is not being ran. you must name it something else; the definition in rancid.types.base will override it - this is intentional; its a clear signal to us that you have altered things. and, you must definte ShowConfigurationOmit the function somewhere and import it. eg myjuniper;module;junos myjuniper;module;myjunos ... myjuniper;command;myjunos::ShowConfigurationOmit;show configuration | display omit From david.ahrens at citrix.com Thu Oct 8 19:16:29 2015 From: david.ahrens at citrix.com (David Ahrens) Date: Thu, 8 Oct 2015 19:16:29 +0000 Subject: [rancid] Rancid with Dell 6248 errors Message-ID: <642FAF39868FD54A909CBFC1DD8F61A70D63C5D7@SJCPEX01CL02.citrite.net> Hi, I'm testing Rancid 3.2 with a Dell Powerconnect 6248. The Dell is running version 3.3.3.3 of the firmware. When I run: /usr/local/rancid/bin/clogin -f .cloginrc rancid-test I'm able to login and get a prompt "rancid-test>". If I hit return, I immediately get another command prompt. When I run "/usr/local/bin/rancid-run" The log file shows Error: TIMEOUT reached Missed cmd(s): all commands End of run not found When I run /usr/local/rancid/bin/dllogin -f .cloginrc rancid-test Or /usr/local/rancid/bin/hlogin -f .cloginrc rancid-test I get a prompt "rancid-test>" but if I hit return at the prompt, there's no response and eventually the connection is closed with "Error: TIMEOUT reached". For my router.db file, I've tried both rancid-test;smc;up and rancid-test;dell;up For .cloginrc file I have: add method {ssh} add autoenable rancid-test 1 add timeout rancid-test {30} add cyphertype rancid-test {aes256-crtr} add user rancid-test {ranciduser} add password {##########} Regards, David -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony at lavanauts.org Thu Oct 8 20:17:29 2015 From: tony at lavanauts.org (Antonio Querubin) Date: Thu, 8 Oct 2015 10:17:29 -1000 (HST) Subject: [rancid] Rancid with Dell 6248 errors In-Reply-To: <642FAF39868FD54A909CBFC1DD8F61A70D63C5D7@SJCPEX01CL02.citrite.net> References: <642FAF39868FD54A909CBFC1DD8F61A70D63C5D7@SJCPEX01CL02.citrite.net> Message-ID: On Thu, 8 Oct 2015, David Ahrens wrote: > I'm testing Rancid 3.2 with a Dell Powerconnect 6248. The Dell is > running version 3.3.3.3 of the firmware. > > When I run: > /usr/local/rancid/bin/clogin -f .cloginrc rancid-test > > I'm able to login and get a prompt "rancid-test>". If I hit return, I > immediately get another command prompt. > > When I run "/usr/local/bin/rancid-run" The log file shows > Error: TIMEOUT reached > Missed cmd(s): all commands > End of run not found > add password {##########} Dell switches originate from multiple vendors. The following patch for dell.pm for PowerConnect 7048 may work for you: --- dell.pm 2014-10-06 18:17:17.000000000 -1000 +++ powerconnect.pm 2015-02-23 14:44:57.360419809 -1000 @@ -1,4 +1,4 @@ -package dell; +package powerconnect; ## ## $Id: dlrancid.in 2258 2010-10-11 20:49:05Z heas $ ## @@ -102,7 +102,7 @@ TOP: while(<$INPUT>) { tr/\015//d; # XXX this match is not correct for DELL - if (/[>#]\s?exit$/) { + if (/[>#]\s?exit/) { $clean_run = 1; last; } And add the following to rancid.types.conf: powerconnect;script;rancid -t powerconnect powerconnect;login;clogin powerconnect;module;powerconnect powerconnect;inloop;powerconnect::inloop powerconnect;command;powerconnect::GetSystem;show switch powerconnect;command;powerconnect::GetConf;show running-config YMMV Antonio Querubin e-mail: tony at lavanauts.org xmpp: antonioquerubin at gmail.com From Mikko.Peltokangas at alavus.fi Sun Oct 11 13:11:46 2015 From: Mikko.Peltokangas at alavus.fi (Peltokangas Mikko) Date: Sun, 11 Oct 2015 13:11:46 +0000 Subject: [rancid] Good guide to install Rancid and differ. Message-ID: <627431AFBC39064D988A13AA0351DC430178696287@alexmbx01.6ad.local> Hello, is there anywhere a good guide to install Rancid and differ to Ubuntu-server? Thanks in advance :) -mikko From ryanmilton74 at gmail.com Sun Oct 11 14:45:23 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Sun, 11 Oct 2015 10:45:23 -0400 Subject: [rancid] Duplicate entries, sort of Message-ID: <1444574727486-943b9791-a9776297-e698ed3a@gmail.com> Forgive that I've asked this before. I have a mix of hardware, all us good except one cisco that rancid sends 100's of emails for daily. What happens is that rancid reads the flash changes and reports on it constantly. How do I edit rancid to ignore these? Pardon the small screenshot. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid.png Type: image/png Size: 399469 bytes Desc: not available URL: From heas at shrubbery.net Sun Oct 11 16:14:44 2015 From: heas at shrubbery.net (heasley) Date: Sun, 11 Oct 2015 16:14:44 +0000 Subject: [rancid] Duplicate entries, sort of In-Reply-To: <1444574727486-943b9791-a9776297-e698ed3a@gmail.com> References: <1444574727486-943b9791-a9776297-e698ed3a@gmail.com> Message-ID: <20151011161444.GD49970@shrubbery.net> Sun, Oct 11, 2015 at 10:45:23AM -0400, Ryan Milton: > Forgive that I've asked this before. I have a mix of hardware, all us good > except one cisco that rancid sends 100's of emails for daily. > > What happens is that rancid reads the flash changes and reports on it > constantly. > > How do I edit rancid to ignore these? > > Pardon the small screenshot. make sure that you are running rancid 3.2. if its still occuring, its either a flaw in the IOS or the filter in rancid is missing it. upgrade the ios if its an ios flaw, else show the changes to us for modification of the filter. From ryanmilton74 at gmail.com Sun Oct 11 13:36:13 2015 From: ryanmilton74 at gmail.com (Ryan Milton) Date: Sun, 11 Oct 2015 09:36:13 -0400 Subject: [rancid] Good guide to install Rancid and differ. In-Reply-To: <627431AFBC39064D988A13AA0351DC430178696287@alexmbx01.6ad.local> References: <627431AFBC39064D988A13AA0351DC430178696287@alexmbx01.6ad.local> Message-ID: <1444570577809-39da6e0f-00b40660-8de423aa@gmail.com> It's dated, but works: https://nsrc.org/workshops/2014/nsrc-tein-ait/raw-attachment/wiki/Agenda/rancid-exercise.htm On Sun, Oct 11, 2015 at 9:12 AM, Peltokangas Mikko < Mikko.Peltokangas at alavus.fi [Mikko.Peltokangas at alavus.fi] > wrote: Hello, is there anywhere a good guide to install Rancid and differ to Ubuntu-server? Thanks in advance :) -mikko _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From on at LEFerguson.com Sun Oct 11 16:55:52 2015 From: on at LEFerguson.com (on at LEFerguson.com) Date: Sun, 11 Oct 2015 16:55:52 +0000 Subject: [rancid] Duplicate entries, sort of In-Reply-To: <20151011161444.GD49970@shrubbery.net> References: <1444574727486-943b9791-a9776297-e698ed3a@gmail.com> <20151011161444.GD49970@shrubbery.net> Message-ID: These look like someone has saved a new copy of a text file, either with some automation or manually, notice the dates which are (reasonably) current. There's an example out there in the mailing list for WAP's (http://www.gossamer-threads.com/lists/rancid/users/7715) that should provide some guidance how you could omit these entirely by patching, which worked for the WAP issues. I believe, however, that you should not patch it but find the underlying cause. I'll share my own similar case (and not to hijack the thread but maybe someone has a clue for me). I have two ASA's that are giving differences like the below. Notice that all that changes is the number on the left (is that some kind of file number) without producing a new date. I THINK what is happening is that the router reboots, runs FSCK and gives a new file number for reasons a bit unclear (it is not producing new FSCKxxxx.REC files, they are all old and unchanging). However, I am unconvinced there is a reboot each time, as (a) they never show up as down on monitoring (polling 60 seconds so it might miss) and while one shows a few reboots, the other only had 1 in a month and more differences than that. I am curious if someone knows of a good approach (which might apply to the OP as well) to monitor flash for unexpected changes, some way to audit or trap so you know when it happened? Especially in my case, where the date is not changing, there's no indication except when rancid pulls a new copy. But for Ryan's case, if you have logs, I'd look at the date/time indicated and see if something else was going on? I think changing rancid in this case will just hide the cause, not fix it. As I think it would in mine. But I'm sympathetic as I have effectively an alarm without a clue what to do. PS. I'm aware of the very old crypto crash bug, and the guy managing these is or has opened a cisco case to see if it applies, no word yet. But why wouldn't they give new dates? retrieving revision 1.17 diff -u -4 -r1.17 trsrasa5505.moran.local @@ -29,10 +29,10 @@ !Flash: 117 4181246 Apr 28 2008 12:41:20 securedesktop-asa-3.2.1.103-k9.pkg !Flash: 118 398305 Apr 28 2008 12:41:36 sslclient-win-1.1.0.154.pkg !Flash: 119 11491880 Jun 26 2011 15:45:18 asdm-623.bin !Flash: 12 4096 Mar 06 2012 06:44:46 crypto_archive - !Flash: 140 394148 Dec 06 2011 22:11:24 crypto_archive/crypto_eng0_arch_1.bin - !Flash: 141 394148 Mar 06 2012 06:44:46 crypto_archive/crypto_eng0_arch_2.bin + !Flash: 142 394148 Dec 06 2011 22:11:24 crypto_archive/crypto_eng0_arch_1.bin + !Flash: 143 394148 Mar 06 2012 06:44:46 crypto_archive/crypto_eng0_arch_2.bin !Flash: 121 15390720 Sep 14 2011 06:44:12 asa825-k8.bin !Flash: 122 28672 Dec 31 1979 18:00:00 FSCK0000.REC !Flash: 3 4096 May 30 2008 10:41:34 log !Flash: 13 4096 Jun 26 2011 16:01:38 coredumpinfo -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of heasley Sent: Sunday, October 11, 2015 12:15 PM To: Ryan Milton Cc: Rancid-discuss at shrubbery.net Subject: Re: [rancid] Duplicate entries, sort of Sun, Oct 11, 2015 at 10:45:23AM -0400, Ryan Milton: > Forgive that I've asked this before. I have a mix of hardware, all us > good except one cisco that rancid sends 100's of emails for daily. > > What happens is that rancid reads the flash changes and reports on it > constantly. > > How do I edit rancid to ignore these? > > Pardon the small screenshot. make sure that you are running rancid 3.2. if its still occuring, its either a flaw in the IOS or the filter in rancid is missing it. upgrade the ios if its an ios flaw, else show the changes to us for modification of the filter. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From on at LEFerguson.com Sun Oct 11 17:08:13 2015 From: on at LEFerguson.com (on at LEFerguson.com) Date: Sun, 11 Oct 2015 17:08:13 +0000 Subject: [rancid] Good guide to install Rancid and differ. In-Reply-To: <627431AFBC39064D988A13AA0351DC430178696287@alexmbx01.6ad.local> References: <627431AFBC39064D988A13AA0351DC430178696287@alexmbx01.6ad.local> Message-ID: I just installed on 15.04 without any real issues using the included instructions. There's lots of examples online as well, though some are quite old and have issues. Fundamentally all I did was: - Install 15.04, got postfix running for email - Downloaded 3.2, unpacked. - Create account and change to it (imaginatively enough I used "rancid"), optionally with an admin group - Ran configure (I used ./configure --prefix=/home/rancid --localstatedir=/home/rancid/var/rancid ) - Make install - Edit the rancid.conf for the groups needed - copy cloginrc.sample to the prefix directory and edit it - REMOVE or comment what's in there (there's a bunch commented, but a bunch not) - Add your methods and passwords, notably for a typical setup add method * ssh add user * adminuseryouuse add password * adminpasswordyouuse - Add any exceptions with different passwords explicitly, e.g. add password weirdrouter otherpassword - Add the aliases for each group (there's an example) and test outside of rancid to make sure they work. - Add path in profile of the rancid account PATH="$HOME/bin:$PATH" - Run the rancid-cvs from the rancid account - add the routers to router.db in each group as appropriate - test with clogin and/or rancid-run from the rancid account - Schedule as you prefer under rancid account in crontab, here's an example I used: su - rancid crontab -e # run config differ every 4 hours 0 */4 * * * /home/rancid/bin/rancid-run # clean out config differ logs over 2 days old 50 23 * * * /usr/bin/find /home/rancid/var/rancid/logs -type f -mtime +2 -exec rm {} \; There's lots of examples visible in google of using the login to test, but once you start running things you should be able to see what the issues are. Logs go down inside the localstatedir directory if I recall, but are in a folder called logs. Basically it's all in the instructions included, though while a bit terse, seem pretty complete. Linwood -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Peltokangas Mikko Sent: Sunday, October 11, 2015 9:12 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Good guide to install Rancid and differ. Hello, is there anywhere a good guide to install Rancid and differ to Ubuntu-server? Thanks in advance :) -mikko _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Mon Oct 12 23:16:29 2015 From: heas at shrubbery.net (heasley) Date: Mon, 12 Oct 2015 23:16:29 +0000 Subject: [rancid] Duplicate entries, sort of In-Reply-To: References: <1444574727486-943b9791-a9776297-e698ed3a@gmail.com> <20151011161444.GD49970@shrubbery.net> Message-ID: <20151012231629.GD84405@shrubbery.net> Sun, Oct 11, 2015 at 04:55:52PM +0000, on at LEFerguson.com: > I am curious if someone knows of a good approach (which might apply to the OP as well) to monitor flash for unexpected changes, some way to audit or trap so you know when it happened? Especially in my case, where the date is not changing, there's no indication except when rancid pulls a new copy. perhaps a tcl script on the device; atm i forget what cisco calls that. i suspect that in your case it is a low-level process that it bypassing the normal filesystem code, but their api could just as easily offer a manner for users to set the date. i suppose that rancid could just drop the file number. > But for Ryan's case, if you have logs, I'd look at the date/time indicated and see if something else was going on? I think changing rancid in this case will just hide the cause, not fix it. As I think it would in mine. But I'm sympathetic as I have effectively an alarm without a clue what to do. > > PS. I'm aware of the very old crypto crash bug, and the guy managing these is or has opened a cisco case to see if it applies, no word yet. But why wouldn't they give new dates? > > retrieving revision 1.17 > diff -u -4 -r1.17 trsrasa5505.moran.local @@ -29,10 +29,10 @@ > !Flash: 117 4181246 Apr 28 2008 12:41:20 securedesktop-asa-3.2.1.103-k9.pkg > !Flash: 118 398305 Apr 28 2008 12:41:36 sslclient-win-1.1.0.154.pkg > !Flash: 119 11491880 Jun 26 2011 15:45:18 asdm-623.bin > !Flash: 12 4096 Mar 06 2012 06:44:46 crypto_archive > - !Flash: 140 394148 Dec 06 2011 22:11:24 crypto_archive/crypto_eng0_arch_1.bin > - !Flash: 141 394148 Mar 06 2012 06:44:46 crypto_archive/crypto_eng0_arch_2.bin > + !Flash: 142 394148 Dec 06 2011 22:11:24 crypto_archive/crypto_eng0_arch_1.bin > + !Flash: 143 394148 Mar 06 2012 06:44:46 crypto_archive/crypto_eng0_arch_2.bin > !Flash: 121 15390720 Sep 14 2011 06:44:12 asa825-k8.bin > !Flash: 122 28672 Dec 31 1979 18:00:00 FSCK0000.REC > !Flash: 3 4096 May 30 2008 10:41:34 log > !Flash: 13 4096 Jun 26 2011 16:01:38 coredumpinfo From francois.debry at ac-amiens.fr Thu Oct 15 09:56:18 2015 From: francois.debry at ac-amiens.fr (=?UTF-8?Q?Fran=c3=a7ois_DEBRY?=) Date: Thu, 15 Oct 2015 11:56:18 +0200 Subject: [rancid] Control_rancid -t not found Message-ID: <561F7842.5040302@ac-amiens.fr> Hello, I have this log in var/logs/devicetype.xxxxx : /opt/rancid/bin/control_rancid: 642: /opt/rancid/bin/control_rancid: -t: not found I haven't receive a config diff by e-mail and control_rancid wasn't modified. The fact that I have this log he can prevent the sending the diff by e-mail ? How to solve this problem ? Plateform : Rancid 3.2 Regards, Fran?ois From heas at shrubbery.net Thu Oct 15 16:46:31 2015 From: heas at shrubbery.net (heasley) Date: Thu, 15 Oct 2015 16:46:31 +0000 Subject: [rancid] Control_rancid -t not found In-Reply-To: <561F7842.5040302@ac-amiens.fr> References: <561F7842.5040302@ac-amiens.fr> Message-ID: <20151015164631.GE65360@shrubbery.net> Thu, Oct 15, 2015 at 11:56:18AM +0200, Fran?ois DEBRY: > I have this log in var/logs/devicetype.xxxxx : > > /opt/rancid/bin/control_rancid: 642: /opt/rancid/bin/control_rancid: -t: > not found i suspect that the configure script did not find the sendmail executable or you have improperly overridden SENDMAIL in your rancid.conf. control_rancid checks the value around line 131. From mnewton at pofp.com Thu Oct 15 23:31:30 2015 From: mnewton at pofp.com (Michael Newton) Date: Thu, 15 Oct 2015 23:31:30 +0000 Subject: [rancid] HP 1920 Message-ID: <701C7F96-2D29-4899-9B72-88A623CD798A@pofp.com> Wondering if anything ever came of this effort? We recently had to take over management of some of these switches and would like to get the configs saved to RANCID. Thanks! Mike I've done some experimental work on this with rancid 3, at the moment it relies on some changes to core rancid which I need to think through and feedback to the project, and I haven't looked at it in a while. I know I won't get a chance to do so for a while yet either unfortunately. For the record, this is an HP Comware switch, but is one of a set of models that has a fairly useless limited CLI, unless you enter the secret command and magic code to enable access to the full CLI, which requires the special handling. Jethro. On Tue, 30 Jun 2015, Andrea Venturoli wrote: > Hello. > > I've got a couple of HP 1920 switches I'd like Rancid to connect to. > > However what I get is: > > /usr/local/libexec/rancid/clogin switch-ufficio.xxxxxxx > > switch-ufficio.xxxxxxx > > spawn telnet switch-ufficio.xxxxxxx > > Trying 192.168.110.10... > > Connected to switch-ufficio.xxxxxxx. > > Escape character is '^]'. > > > > ****************************************************************************** > > * Copyright (c) 2010-2015 Hewlett-Packard Development Company, L.P. > > * > > * Without the owner's prior written consent, > > * > > * no decompiling or reverse-engineering shall be allowed. > > * > > ****************************************************************************** > > > > > > Login authentication > > > > > > Username:admin > > Password: > > enable > > ^ > > % Unrecognized command found at '^' position. > > ^C$ > > I believe the command "enable" has to be substituted with "_cmdline-mode on", > but found no driver implementing this. > > Does such a driver exist? > Anyone using this switch (or any similar one)? > > bye & Thanks > av. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss [at] shrubbery > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. _______________________________________________ Rancid-discuss mailing list Rancid-discuss [at] shrubbery http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5966 bytes Desc: not available URL: From heas at shrubbery.net Fri Oct 16 07:14:49 2015 From: heas at shrubbery.net (heasley) Date: Fri, 16 Oct 2015 07:14:49 +0000 Subject: [rancid] Control_rancid -t not found In-Reply-To: <56209EB7.1050807@ac-amiens.fr> References: <561F7842.5040302@ac-amiens.fr> <20151015164631.GE65360@shrubbery.net> <56209EB7.1050807@ac-amiens.fr> Message-ID: <20151016071449.GS70764@shrubbery.net> Fri, Oct 16, 2015 at 08:52:39AM +0200, Fran?ois DEBRY: > In control_rancid, line 131 is "SENDMAIL=${SENDMAIL:=sendmail};" but I > use postfix. postfix has a sendmail binary for compatability. Check PATH in rancid.conf; make sure it includes the path to sendmail. From don.white at edointeractive.com Mon Oct 19 18:48:05 2015 From: don.white at edointeractive.com (Don White) Date: Mon, 19 Oct 2015 13:48:05 -0500 Subject: [rancid] New to rancid Message-ID: I just started with a company and they use rancid for their cisco configs. I am trying to clean up some of the alerting that we are getting. It appears that we are running config checks every hour. However I keep getting the same alerts each hour. For example: - -- configs/xxx.xxx.xxx.xxx (revision 16685) @@ -307,7 +307,6 @@ preempt priority 105 ip xxx.xxx.xxx.xxx - no shutdown How can I get rancid not to alert on this change if it was alerted the last hour? Getting this same alert each hour, we will end up ignoring the alerts. (I know this for a fact, as one switch could not be accessed for over a year per rancid, and nobody fixed it) Thanks, Don -- Confidentiality Notice: The information in this e-mail message, including any attachments thereto, is intended to be confidential and is for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that retention, dissemination, distribution, or copying of this message is strictly prohibited. If you receive this message in error, please notify the sender and delete the material immediately. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpage at kayak.com Tue Oct 20 02:52:48 2015 From: dpage at kayak.com (Derek Page) Date: Mon, 19 Oct 2015 22:52:48 -0400 Subject: [rancid] New to rancid In-Reply-To: References: Message-ID: Rancid should only alert if there is a diff in the previous config. Rancid also gives you the a few lines above and below the diff. One of these lines must be different for each run. @@ -307,7 +307,6 @@? You could do this. Post is old, not sure if there is a better way. http://www.shrubbery.net/pipermail/rancid-discuss/2006-June/001542.html On Mon, Oct 19, 2015 at 2:48 PM, Don White wrote: > I just started with a company and they use rancid for their cisco configs. > I am trying to clean up some of the alerting that we are getting. It > appears that we are running config checks every hour. However I keep > getting the same alerts each hour. For example: > > - -- configs/xxx.xxx.xxx.xxx (revision 16685) > @@ -307,7 +307,6 @@ > preempt > priority 105 > ip xxx.xxx.xxx.xxx > - no shutdown > > How can I get rancid not to alert on this change if it was alerted the > last hour? Getting this same alert each hour, we will end up ignoring the > alerts. (I know this for a fact, as one switch could not be accessed for > over a year per rancid, and nobody fixed it) > > Thanks, > Don > > > > Confidentiality Notice: The information in this e-mail message, including > any attachments thereto, is intended to be confidential and is for the use > of the individual or entity named above. If the reader of this message is > not the intended recipient, you are hereby notified that retention, > dissemination, distribution, or copying of this message is strictly > prohibited. If you receive this message in error, please notify the sender > and delete the material immediately. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Derek Page Operations Engineer KAYAK -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Oct 20 05:57:22 2015 From: heas at shrubbery.net (heasley) Date: Tue, 20 Oct 2015 05:57:22 +0000 Subject: [rancid] New to rancid In-Reply-To: References: Message-ID: <20151020055722.GA95200@shrubbery.net> Mon, Oct 19, 2015 at 10:52:48PM -0400, Derek Page: > Rancid should only alert if there is a diff in the previous config. > Rancid also gives you the a few lines above and below the diff. > > One of these lines must be different for each run. > @@ -307,7 +307,6 @@? > > You could do this. Post is old, not sure if there is a better way. > http://www.shrubbery.net/pipermail/rancid-discuss/2006-June/001542.html its more likely that you have a CVS problem. Please see the FAQ for a section on just this topic. From ken.celenza at mail.com Thu Oct 22 01:39:39 2015 From: ken.celenza at mail.com (Ken Celenza) Date: Thu, 22 Oct 2015 03:39:39 +0200 Subject: [rancid] Pointers for RANCID Script Message-ID: An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Thu Oct 22 07:02:45 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 22 Oct 2015 09:02:45 +0200 Subject: [rancid] Pointers for RANCID Script In-Reply-To: References: Message-ID: <56288A15.9060903@gmail.com> On 22/10/2015 03:39, Ken Celenza wrote: > I put together Rancid for Riverbed based on rblogin from > http://article.gmane.org/gmane.network.rancid/2697/match=riverbed by > Bill Jacqmein and panrancid script. > > I was hoping I could get some feedback on what mistakes I have made. I > posted the code here: > https://github.com/itdependsnetworks/Rancid-Riverbed It looks very much like a stripped down version of the original Cisco parser - I recognise the pattern :-) I'm not familiar with that hardware at all, so can't comment on the data fetched and what your script does with it, or if rblogin is suitable. So I looked it over generally and have only two comments: On line 36, this: print "rancid 3.1\n"; probably wants changing to the actual script name and current version. sub ShowConfig pumps all data straight into ProcessHistory() unchanged. It doesn't do any re-ordering of lists, or redact sensitive information (with $filter_pwds) at all. I would be very happy to see a kit vendor get their act together and provide sane output to "show configuration", but somehow I doubt it. Are you certain this kit gives output that never requires tweaking, and never contains any sensitive information at all? -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Thu Oct 22 15:47:53 2015 From: heas at shrubbery.net (heasley) Date: Thu, 22 Oct 2015 15:47:53 +0000 Subject: [rancid] Pointers for RANCID Script In-Reply-To: References: Message-ID: <20151022154753.GD61201@shrubbery.net> Thu, Oct 22, 2015 at 03:39:39AM +0200, Ken Celenza: >

I put together Rancid for Riverbed based on rblogin from http://article.gmane.org/gmane.network.rancid/2697/match=riverbed by Bill Jacqmein and panrancid script.

> >

I was hoping I could get some feedback on what mistakes I have made. I posted the code here:

> >

https://github.com/itdependsnetworks/Rancid-Riverbed

i havent looked at your script, but i have support for riverbed for the next rev. i've left rancid-3.2.99.tar.gz for you to try. From ken.celenza at mail.com Thu Oct 22 17:37:32 2015 From: ken.celenza at mail.com (Ken Celenza) Date: Thu, 22 Oct 2015 19:37:32 +0200 Subject: [rancid] Pointers for RANCID Script In-Reply-To: <56288A15.9060903@gmail.com> References: , <56288A15.9060903@gmail.com> Message-ID: An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Thu Oct 22 20:11:53 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 22 Oct 2015 22:11:53 +0200 Subject: [rancid] Pointers for RANCID Script In-Reply-To: References: <56288A15.9060903@gmail.com> Message-ID: <56294309.6050808@gmail.com> On 22/10/2015 19:37, Ken Celenza wrote: > Alan, > > Thanks, I don't see anything that would need to be re-ordered, but point > taken on the passwords. I will look to address that. I take it you know how to do it? The Cisco script is full of examples, but does need a decent knowledge of and comfort with regexes > > *Sent:* Thursday, October 22, 2015 at 3:02 AM > *From:* "Alan McKinnon" > *To:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Pointers for RANCID Script > On 22/10/2015 03:39, Ken Celenza wrote: >> I put together Rancid for Riverbed based on rblogin from >> http://article.gmane.org/gmane.network.rancid/2697/match=riverbed by >> Bill Jacqmein and panrancid script. >> >> I was hoping I could get some feedback on what mistakes I have made. I >> posted the code here: >> https://github.com/itdependsnetworks/Rancid-Riverbed > > > > It looks very much like a stripped down version of the original Cisco > parser - I recognise the pattern :-) > > I'm not familiar with that hardware at all, so can't comment on the data > fetched and what your script does with it, or if rblogin is suitable. So > I looked it over generally and have only two comments: > > > On line 36, this: > print "rancid 3.1\n"; > probably wants changing to the actual script name and current version. > > > sub ShowConfig pumps all data straight into ProcessHistory() unchanged. > It doesn't do any re-ordering of lists, or redact sensitive information > (with $filter_pwds) at all. I would be very happy to see a kit vendor > get their act together and provide sane output to "show configuration", > but somehow I doubt it. Are you certain this kit gives output that never > requires tweaking, and never contains any sensitive information at all? > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From ken.celenza at mail.com Mon Oct 26 13:18:12 2015 From: ken.celenza at mail.com (Ken Celenza) Date: Mon, 26 Oct 2015 14:18:12 +0100 Subject: [rancid] clogin and rancid good, rancid-run fails Message-ID: I have been running rancid for a little over a year, and over the last month about 20 devices out of a few hundred stopped working. These are cisco devices, most of which have not been upgraded or rebooted in years. So I went through the normal debugging procedures that I know about. clogin works, rancid with debug "HIT"s all of the commands, but when I run it via "rancid-run -r " it does not work. >From the logs: ------------------------------------------- Trying to get all of the configs. : missed cmd(s): all commands clogin error: Error: Connection closed (ssh): : End of run not found ! ===================================== Getting missed routers: round 1. : missed cmd(s): all commands clogin error: Error: Connection closed (ssh): : End of run not found ! ===================================== Getting missed routers: round 2. : missed cmd(s): all commands clogin error: Error: Connection closed (ssh): : End of run not found ------------------------------------------- Is there any way to get the raw clogin output when running rancid-run sent to the log as well? To recap, it works for most devices, but a few stopped working about a month ago and even though they work fine with clogin and rancid, cannot get it to work with rancid-run. From alan.mckinnon at gmail.com Mon Oct 26 13:42:13 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 26 Oct 2015 15:42:13 +0200 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: References: Message-ID: <562E2DB5.8070708@gmail.com> On 26/10/2015 15:18, Ken Celenza wrote: > I have been running rancid for a little over a year, and over the last month about 20 devices out of a few hundred stopped working. These are cisco devices, most of which have not been upgraded or rebooted in years. So I went through the normal debugging procedures that I know about. clogin works, rancid with debug "HIT"s all of the commands, but when I run it via "rancid-run -r " it does not work. > > From the logs: > > ------------------------------------------- > > Trying to get all of the configs. > : missed cmd(s): all commands > clogin error: Error: Connection closed (ssh): > : End of run not found > ! > ===================================== > Getting missed routers: round 1. > : missed cmd(s): all commands > clogin error: Error: Connection closed (ssh): > : End of run not found > ! > ===================================== > Getting missed routers: round 2. > : missed cmd(s): all commands > clogin error: Error: Connection closed (ssh): > : End of run not found > > > ------------------------------------------- > > > Is there any way to get the raw clogin output when running rancid-run sent to the log as well? > > To recap, it works for most devices, but a few stopped working about a month ago and even though they work fine with clogin and rancid, cannot get it to work with rancid-run. What version of rancid are you using? The main point of departure in your results is that one uses router.db, the other does not. I would start by verifying that router.db entries for those problem devices are OK. -- Alan McKinnon alan.mckinnon at gmail.com From ken.celenza at mail.com Mon Oct 26 16:44:42 2015 From: ken.celenza at mail.com (Ken Celenza) Date: Mon, 26 Oct 2015 17:44:42 +0100 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: <562E2DB5.8070708@gmail.com> References: , <562E2DB5.8070708@gmail.com> Message-ID: > Sent: Monday, October 26, 2015 at 9:42 AM > From: "Alan McKinnon" > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > On 26/10/2015 15:18, Ken Celenza wrote: > > I have been running rancid for a little over a year, and over the last month about 20 devices out of a few hundred stopped working. These are cisco devices, most of which have not been upgraded or rebooted in years. So I went through the normal debugging procedures that I know about. clogin works, rancid with debug "HIT"s all of the commands, but when I run it via "rancid-run -r " it does not work. > > > > From the logs: > > > > ------------------------------------------- > > > > Trying to get all of the configs. > > : missed cmd(s): all commands > > clogin error: Error: Connection closed (ssh): > > : End of run not found > > ! > > ===================================== > > Getting missed routers: round 1. > > : missed cmd(s): all commands > > clogin error: Error: Connection closed (ssh): > > : End of run not found > > ! > > ===================================== > > Getting missed routers: round 2. > > : missed cmd(s): all commands > > clogin error: Error: Connection closed (ssh): > > : End of run not found > > > > > > ------------------------------------------- > > > > > > Is there any way to get the raw clogin output when running rancid-run sent to the log as well? > > > > To recap, it works for most devices, but a few stopped working about a month ago and even though they work fine with clogin and rancid, cannot get it to work with rancid-run. > > > What version of rancid are you using? > > The main point of departure in your results is that one uses router.db, > the other does not. I would start by verifying that router.db entries > for those problem devices are OK. > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > Version " $Id: rancid.in 2820 2014-04-25 19:03:59Z heas $ rancid 3.1 " Good call, but verified the router.db, and it's using ";". I actually think I have more of a hint. It is a suse server and was upgraded to suse 11 SP4, so I suspect one of those packages caused as issue. Any other suggestions? From heas at shrubbery.net Mon Oct 26 17:00:32 2015 From: heas at shrubbery.net (heasley) Date: Mon, 26 Oct 2015 17:00:32 +0000 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: References: <562E2DB5.8070708@gmail.com> Message-ID: <20151026170032.GB84389@shrubbery.net> Mon, Oct 26, 2015 at 05:44:42PM +0100, Ken Celenza: > > > Trying to get all of the configs. > > > : missed cmd(s): all commands > > > clogin error: Error: Connection closed (ssh): > > > : End of run not found > > > ! > > > ===================================== > > > Getting missed routers: round 1. > > > : missed cmd(s): all commands > > > clogin error: Error: Connection closed (ssh): > > > : End of run not found > > > ! > > > ===================================== > > > Getting missed routers: round 2. > > > : missed cmd(s): all commands > > > clogin error: Error: Connection closed (ssh): > > > : End of run not found > > > > > > Is there any way to get the raw clogin output when running rancid-run sent to the log as well? not easily, but this is a good feature idea. > > > To recap, it works for most devices, but a few stopped working about a month ago and even though they work fine with clogin and rancid, cannot get it to work with rancid-run. what is similar about the devices that are failing? From ken.celenza at mail.com Mon Oct 26 18:25:25 2015 From: ken.celenza at mail.com (Ken Celenza) Date: Mon, 26 Oct 2015 19:25:25 +0100 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: <20151026170032.GB84389@shrubbery.net> References: <562E2DB5.8070708@gmail.com> , <20151026170032.GB84389@shrubbery.net> Message-ID: > Sent: Monday, October 26, 2015 at 1:00 PM > From: heasley > To: "Ken Celenza" > Cc: "Alan McKinnon" , rancid-discuss at shrubbery.net > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > Mon, Oct 26, 2015 at 05:44:42PM +0100, Ken Celenza: > > > > Trying to get all of the configs. > > > > : missed cmd(s): all commands > > > > clogin error: Error: Connection closed (ssh): > > > > : End of run not found > > > > ! > > > > ===================================== > > > > Getting missed routers: round 1. > > > > : missed cmd(s): all commands > > > > clogin error: Error: Connection closed (ssh): > > > > : End of run not found > > > > ! > > > > ===================================== > > > > Getting missed routers: round 2. > > > > : missed cmd(s): all commands > > > > clogin error: Error: Connection closed (ssh): > > > > : End of run not found > > > > > > > > Is there any way to get the raw clogin output when running rancid-run sent to the log as well? > > not easily, but this is a good feature idea. > > > > > To recap, it works for most devices, but a few stopped working about a month ago and even though they work fine with clogin and rancid, cannot get it to work with rancid-run. > > what is similar about the devices that are failing? > They are all: 12.4(24)T(X) code, cisco routers e.g. 12.4(24)T 12.4(24)T4 12.4(24)T6 12.4(24)T8 routers 7204VXR 7206VXR 3825 3845 1841 From alan.mckinnon at gmail.com Tue Oct 27 05:29:51 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 27 Oct 2015 07:29:51 +0200 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: References: <562E2DB5.8070708@gmail.com> Message-ID: <562F0BCF.1020202@gmail.com> On 26/10/2015 18:44, Ken Celenza wrote: > >> Sent: Monday, October 26, 2015 at 9:42 AM >> From: "Alan McKinnon" >> To: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] clogin and rancid good, rancid-run fails >> >> On 26/10/2015 15:18, Ken Celenza wrote: >>> I have been running rancid for a little over a year, and over the last month about 20 devices out of a few hundred stopped working. These are cisco devices, most of which have not been upgraded or rebooted in years. So I went through the normal debugging procedures that I know about. clogin works, rancid with debug "HIT"s all of the commands, but when I run it via "rancid-run -r " it does not work. >>> >>> From the logs: >>> >>> ------------------------------------------- >>> >>> Trying to get all of the configs. >>> : missed cmd(s): all commands >>> clogin error: Error: Connection closed (ssh): >>> : End of run not found >>> ! >>> ===================================== >>> Getting missed routers: round 1. >>> : missed cmd(s): all commands >>> clogin error: Error: Connection closed (ssh): >>> : End of run not found >>> ! >>> ===================================== >>> Getting missed routers: round 2. >>> : missed cmd(s): all commands >>> clogin error: Error: Connection closed (ssh): >>> : End of run not found >>> >>> >>> ------------------------------------------- >>> >>> >>> Is there any way to get the raw clogin output when running rancid-run sent to the log as well? >>> >>> To recap, it works for most devices, but a few stopped working about a month ago and even though they work fine with clogin and rancid, cannot get it to work with rancid-run. >> >> >> What version of rancid are you using? >> >> The main point of departure in your results is that one uses router.db, >> the other does not. I would start by verifying that router.db entries >> for those problem devices are OK. >> >> >> -- >> Alan McKinnon >> alan.mckinnon at gmail.com >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > > Version " > > $Id: rancid.in 2820 2014-04-25 19:03:59Z heas $ > rancid 3.1 > " You should probably update top latest version if possible > > Good call, but verified the router.db, and it's using ";". I actually think I have more of a hint. It is a suse server and was upgraded to suse 11 SP4, so I suspect one of those packages caused as issue. > > Any other suggestions? I've had to debug an issue in this area only once; what I did was the classic method: edit the rancid-run script and scatter print calls throughout; and find the call to the actual rancid parser and launch that with -d. Then investigate further depending on what you find. -- Alan McKinnon alan.mckinnon at gmail.com From rancid at ale.cx Tue Oct 27 12:35:57 2015 From: rancid at ale.cx (Alex DEKKER) Date: Tue, 27 Oct 2015 12:35:57 +0000 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: References: <562E2DB5.8070708@gmail.com> <20151026170032.GB84389@shrubbery.net> Message-ID: <562F6FAD.9050204@ale.cx> On 26/10/15 18:25, Ken Celenza wrote: > > They are all: 12.4(24)T(X) code, cisco routers > > e.g. > 12.4(24)T > 12.4(24)T4 > 12.4(24)T6 > 12.4(24)T8 > > routers > 7204VXR > 7206VXR > 3825 > 3845 > 1841 > Can you SSH onto them from that box without any special parameters to SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or the default key size, perhaps?] used by older IOS, which means you have to add some -o option to make it work. alexd From ken.celenza at mail.com Tue Oct 27 16:23:43 2015 From: ken.celenza at mail.com (Ken Celenza) Date: Tue, 27 Oct 2015 17:23:43 +0100 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: <562F6FAD.9050204@ale.cx> References: <562E2DB5.8070708@gmail.com> <20151026170032.GB84389@shrubbery.net> , <562F6FAD.9050204@ale.cx> Message-ID: > Sent: Tuesday, October 27, 2015 at 8:35 AM > From: "Alex DEKKER" > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > On 26/10/15 18:25, Ken Celenza wrote: > > > > They are all: 12.4(24)T(X) code, cisco routers > > > > e.g. > > 12.4(24)T > > 12.4(24)T4 > > 12.4(24)T6 > > 12.4(24)T8 > > > > routers > > 7204VXR > > 7206VXR > > 3825 > > 3845 > > 1841 > > > > Can you SSH onto them from that box without any special parameters to > SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or > the default key size, perhaps?] used by older IOS, which means you have > to add some -o option to make it work. > > alexd > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > I think this is it. It's still weird that it works fine with ./rancid but not ./rancid-run. That being said, I turned on telnet, it worked fine, and I got a list of the packages that were updated. No changes to perl or expect, but openssh was updated and I found this. https://www.suse.com/support/kb/doc.php?id=7016904 Trying to get it downgraded. Thanks for everyone's help, and I'll report back if it did in fact fix the issue. From lee.e.rian at census.gov Tue Oct 27 17:04:38 2015 From: lee.e.rian at census.gov (Lee Rian (CENSUS/TCO FED)) Date: Tue, 27 Oct 2015 17:04:38 +0000 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: References: <562E2DB5.8070708@gmail.com> <20151026170032.GB84389@shrubbery.net> , <562F6FAD.9050204@ale.cx>, Message-ID: > openssh was updated and I found this. > > https://www.suse.com/support/kb/doc.php?id=7016904 hrmm.. interesting. I ran into problems after upgrading to openssh 7.something but it was very consistent - things either worked or no. It didn't make any difference using clogin or rancid-run > Trying to get it downgraded. Can you try a few things before downgrading? My .cloginrc - don't use 3DES for ssh: # add cyphertype * {3des} add cyphertype * {aes256-cbc} My ~/.ssh/config - allow sha1 KexAlgorithms +diffie-hellman-group1-sha1 I don't remember if this was required or no, but I did ssh-keygen -l -f ~/.ssh/known_hosts | sort -rn and regenerated the ssh keys on anything that had a key length < 1024 bits Regards, Lee ________________________________________ From: Rancid-discuss on behalf of Ken Celenza Sent: Tuesday, October 27, 2015 12:23 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] clogin and rancid good, rancid-run fails > Sent: Tuesday, October 27, 2015 at 8:35 AM > From: "Alex DEKKER" > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > On 26/10/15 18:25, Ken Celenza wrote: > > > > They are all: 12.4(24)T(X) code, cisco routers > > > > e.g. > > 12.4(24)T > > 12.4(24)T4 > > 12.4(24)T6 > > 12.4(24)T8 > > > > routers > > 7204VXR > > 7206VXR > > 3825 > > 3845 > > 1841 > > > > Can you SSH onto them from that box without any special parameters to > SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or > the default key size, perhaps?] used by older IOS, which means you have > to add some -o option to make it work. > > alexd > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > I think this is it. It's still weird that it works fine with ./rancid but not ./rancid-run. That being said, I turned on telnet, it worked fine, and I got a list of the packages that were updated. No changes to perl or expect, but openssh was updated and I found this. https://www.suse.com/support/kb/doc.php?id=7016904 Trying to get it downgraded. Thanks for everyone's help, and I'll report back if it did in fact fix the issue. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From jethro.binks at strath.ac.uk Tue Oct 27 18:48:50 2015 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 27 Oct 2015 18:48:50 +0000 (GMT) Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: References: <562E2DB5.8070708@gmail.com> <20151026170032.GB84389@shrubbery.net> , <562F6FAD.9050204@ale.cx> Message-ID: On Tue, 27 Oct 2015, Ken Celenza wrote: > > Sent: Tuesday, October 27, 2015 at 8:35 AM > > From: "Alex DEKKER" > > > > Can you SSH onto them from that box without any special parameters to > > SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or > > the default key size, perhaps?] used by older IOS, which means you have > > to add some -o option to make it work. > > > > alexd > > I think this is it. It's still weird that it works fine with ./rancid > but not ./rancid-run. That being said, I turned on telnet, it worked > fine, and I got a list of the packages that were updated. No changes to > perl or expect, but openssh was updated and I found this. Holy Batman; I've had a problem with a couple of systems for a while which I've only half-heartedly looked at, and then when I set them to 'down' forgot about completely for a while more. But inspired by the above comments, I tested each of /usr/bin/ssh and /usr/local/bin/ssh, and the latter works but the former does not. This explains why, like one of the OPs, rancid-run on the command-line worked, but not when run from cron - a variant of the usual reason, that the environment is different (in this case, $PATH). I changed the order in the PATH in rancid.conf, and now it can connect to the systems concerned (and I see form the diffs that they started to fail after an update that changed some SSL/TLS settings). The system /usr/bin/ssh was giving the following error: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se server aes128-ctr,aes192-ctr,aes256-ctr Unfortunately his never made it to a rancid logfile that I could see so I was completely in the dark. Is there any way that ssh errors like this could be caught and logged? Happy Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From ken.celenza at mail.com Tue Oct 27 19:27:37 2015 From: ken.celenza at mail.com (Ken Celenza) Date: Tue, 27 Oct 2015 20:27:37 +0100 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: References: <562E2DB5.8070708@gmail.com> <20151026170032.GB84389@shrubbery.net> , <562F6FAD.9050204@ale.cx>, , Message-ID: > Sent: Tuesday, October 27, 2015 at 1:04 PM > From: "Lee Rian (CENSUS/TCO FED)" > To: "Ken Celenza" , "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > > openssh was updated and I found this. > > > > https://www.suse.com/support/kb/doc.php?id=7016904 > > hrmm.. interesting. I ran into problems after upgrading to openssh 7.something but it was very consistent - things either worked or no. It didn't make any difference using clogin or rancid-run > > > Trying to get it downgraded. > > Can you try a few things before downgrading? > > My .cloginrc - don't use 3DES for ssh: > # add cyphertype * {3des} > add cyphertype * {aes256-cbc} > > My ~/.ssh/config - allow sha1 > KexAlgorithms +diffie-hellman-group1-sha1 > > I don't remember if this was required or no, but I did > ssh-keygen -l -f ~/.ssh/known_hosts | sort -rn > > and regenerated the ssh keys on anything that had a key length < 1024 bits > > Regards, > Lee > > > ________________________________________ > From: Rancid-discuss on behalf of Ken Celenza > Sent: Tuesday, October 27, 2015 12:23 PM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > > Sent: Tuesday, October 27, 2015 at 8:35 AM > > From: "Alex DEKKER" > > To: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > > > On 26/10/15 18:25, Ken Celenza wrote: > > > > > > They are all: 12.4(24)T(X) code, cisco routers > > > > > > e.g. > > > 12.4(24)T > > > 12.4(24)T4 > > > 12.4(24)T6 > > > 12.4(24)T8 > > > > > > routers > > > 7204VXR > > > 7206VXR > > > 3825 > > > 3845 > > > 1841 > > > > > > > Can you SSH onto them from that box without any special parameters to > > SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or > > the default key size, perhaps?] used by older IOS, which means you have > > to add some -o option to make it work. > > > > alexd > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > I think this is it. It's still weird that it works fine with ./rancid but not ./rancid-run. That being said, I turned on telnet, it worked fine, and I got a list of the packages that were updated. No changes to perl or expect, but openssh was updated and I found this. > > https://www.suse.com/support/kb/doc.php?id=7016904 > > Trying to get it downgraded. > > Thanks for everyone's help, and I'll report back if it did in fact fix the issue. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > It did not work with those changes. I did not adjust my known_host file, but I have my known_host always sent to null, so it should not be an issue. From ken.celenza at mail.com Tue Oct 27 19:32:44 2015 From: ken.celenza at mail.com (Ken Celenza) Date: Tue, 27 Oct 2015 20:32:44 +0100 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: References: <562E2DB5.8070708@gmail.com> <20151026170032.GB84389@shrubbery.net> , <562F6FAD.9050204@ale.cx> , Message-ID: > Sent: Tuesday, October 27, 2015 at 2:48 PM > From: "Jethro R Binks" > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > On Tue, 27 Oct 2015, Ken Celenza wrote: > > > > Sent: Tuesday, October 27, 2015 at 8:35 AM > > > From: "Alex DEKKER" > > > > > > Can you SSH onto them from that box without any special parameters to > > > SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or > > > the default key size, perhaps?] used by older IOS, which means you have > > > to add some -o option to make it work. > > > > > > alexd > > > > I think this is it. It's still weird that it works fine with ./rancid > > but not ./rancid-run. That being said, I turned on telnet, it worked > > fine, and I got a list of the packages that were updated. No changes to > > perl or expect, but openssh was updated and I found this. > > Holy Batman; > > I've had a problem with a couple of systems for a while which I've only > half-heartedly looked at, and then when I set them to 'down' forgot about > completely for a while more. > > But inspired by the above comments, I tested each of /usr/bin/ssh and > /usr/local/bin/ssh, and the latter works but the former does not. This > explains why, like one of the OPs, rancid-run on the command-line worked, > but not when run from cron - a variant of the usual reason, that the > environment is different (in this case, $PATH). > > I changed the order in the PATH in rancid.conf, and now it can connect to > the systems concerned (and I see form the diffs that they started to fail > after an update that changed some SSL/TLS settings). > > The system /usr/bin/ssh was giving the following error: > > no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se server aes128-ctr,aes192-ctr,aes256-ctr > > Unfortunately his never made it to a rancid logfile that I could see so I > was completely in the dark. Is there any way that ssh errors like this > could be caught and logged? > > Happy Jethro. > > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks, Network Manager, > Information Services Directorate, University Of Strathclyde, Glasgow, UK > > The University of Strathclyde is a charitable body, registered in > Scotland, number SC015263. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > Brilliant!! So yes, I can confirm when running ssh from /usr/bin it fails, when I run the ssh I have it works no problem. Now what's still weird is my $path it shows /usr/bin second, but when I run it via rancid-run, it comes up first and fails, not exactly sure why. I was able to confirm this by monitoring my processes spawning with "strace -feprocess $SHELL" I saw this: [pid 6384] execve("/src/rancid/rancid/bin/ssh", ["ssh", "-c", "3des", "-x", "-l", "user", "device", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"], [/* 68 vars */]) = -1 ENOENT (No such file or directory) [pid 6384] execve("/src/rancid/rancid//ssh", ["ssh", "-c", "3des", "-x", "-l", "user", "device", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"], [/* 68 vars */]) = -1 ENOENT (No such file or directory) [pid 6384] execve("/usr/bin/ssh", ["ssh", "-c", "3des", "-x", "-l", "user", "device", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"], [/* 68 vars */]) = 0 [pid 6384] arch_prctl(ARCH_SET_FS, 0x7fc8024117c0) = 0 [pid 6384] exit_group(255) = ? Process 6384 detached [pid 6383] --- SIGCHLD (Child exited) @ 0 (0) --- [pid 6383] wait4(6384, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], 0, NULL) = 6384 [pid 6383] clone(Process 6387 attached child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f4eddb709d0) = 6387 [pid 6387] --- SIGWINCH (Window changed) @ 0 (0) --- [pid 6387] clone(Process 6388 attached child_stack=0, flags=CLONE_PARENT_SETTID|SIGCHLD, parent_tidptr=0x7ffe9f44aeb8) = 6388 In reference to: """ This explains why, like one of the OPs, rancid-run on the command-line worked, but not when run from cron - a variant of the usual reason, that the environment is different (in this case, $PATH). """ Actually didn't work via command line or cron. From pi at beobide.net Wed Oct 28 10:12:09 2015 From: pi at beobide.net (Piarres Beobide) Date: Wed, 28 Oct 2015 11:12:09 +0100 Subject: [rancid] Cant enable , privileged user with "#" pronpot Message-ID: Hello first greet everyone and apologize for my low English I want use rancid to manage large site configuration backups but I have a problem with some Cisco devices. To log in this devices we use a little privileged user an then we need to enable to get configuration but the prompt for this user is "#" , I cant change this log procedure and I think rancid not enable because the program assumes that you already are enabled. Searching the web I fount this solution [1], but I cant find the code to change in clogin script. Can any help me ? [1] - http://networking-forum.com/viewtopic.php?t=16699 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at biel-tech.com Wed Oct 28 12:55:56 2015 From: jason at biel-tech.com (Jason Biel) Date: Wed, 28 Oct 2015 07:55:56 -0500 Subject: [rancid] Cant enable , privileged user with "#" pronpot In-Reply-To: References: Message-ID: Piarres, Look here: http://www.shrubbery.net/rancid/man/cloginrc.5.html Directives: *add enableprompt {""}* You may be able to modify the enableprompt to suit your needs. On Wed, Oct 28, 2015 at 5:12 AM, Piarres Beobide wrote: > Hello > > first greet everyone and apologize for my low English > > > I want use rancid to manage large site configuration backups but I have a > problem with some Cisco devices. > > To log in this devices we use a little privileged user an then we need to > enable to get configuration but the prompt for this user is "#" , I cant > change this log procedure and I think rancid not enable because the program > assumes that you already are enabled. > > > Searching the web I fount this solution [1], but I cant find the code to > change in clogin script. > > Can any help me ? > > > [1] - http://networking-forum.com/viewtopic.php?t=16699 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From pi at beobide.net Wed Oct 28 10:27:16 2015 From: pi at beobide.net (Piarres Beobide) Date: Wed, 28 Oct 2015 11:27:16 +0100 Subject: [rancid] Cant enable , privileged user with "#" prompt Message-ID: Hello first greet everyone and apologize for my low English I want use rancid to manage large site configuration backups but I have a problem with some Cisco devices. To log in this devices we use a little privileged user an then we need to enable to get configuration but the prompt for this user is "#" , I cant change this log procedure and I think rancid not enable because the program assumes that you already are enabled. Searching the web I fount this solution [1], but I cant find the code to change in clogin script. Can any help me ? [1] - http://networking-forum.com/viewtopic.php?t=16699 -------------- next part -------------- An HTML attachment was scrubbed... URL: From alain.hayot at inalco.fr Thu Oct 29 10:31:11 2015 From: alain.hayot at inalco.fr (hayot alain) Date: Thu, 29 Oct 2015 11:31:11 +0100 (CET) Subject: [rancid] what In-Reply-To: <419491997.208509.1446113826682.JavaMail.zimbra@inalco.fr> Message-ID: <245350139.211431.1446114671617.JavaMail.zimbra@inalco.fr> Hi, What kind of web server you offer me to work with rancid (cvsweb, openNMS, web...) ? I do not know what is the best and what will be easy to maintain. What you recommend me ? have you try openNMS and is it more intersting to use it than to use cvsweb or an other ? thanks for your advice. Cordialement ----- Alain HAYOT Responsable R?seau INALCO - LANGUES'O 65 rue des grands moulins 75013 Paris t?l?phone bureau : 01 81 70 10 74 From rdrake at direcpath.com Thu Oct 29 15:45:55 2015 From: rdrake at direcpath.com (Robert Drake) Date: Thu, 29 Oct 2015 11:45:55 -0400 Subject: [rancid] what In-Reply-To: <245350139.211431.1446114671617.JavaMail.zimbra@inalco.fr> References: <245350139.211431.1446114671617.JavaMail.zimbra@inalco.fr> Message-ID: <56323F33.20808@direcpath.com> With newer versions you can use git to manage the configs. I would recommend gitlab rather than cvsweb because it's a bit nicer. opennms is very good if you need a full network monitoring system but it can be painful to setup. Primarily it's rancid integration allows you to add/remove devices via the web interface. I'm not sure if the web interface to view changes or if you would need a separate program like gitlab or cvsweb. On 10/29/2015 6:31 AM, hayot alain wrote: > Hi, > What kind of web server you offer me to work with rancid (cvsweb, openNMS, web...) ? > > I do not know what is the best and what will be easy to maintain. What you recommend me ? > > have you try openNMS and is it more intersting to use it than to use cvsweb or an other ? > > thanks for your advice. > > > Cordialement > > ----- > Alain HAYOT > Responsable R?seau > > INALCO - LANGUES'O > 65 rue des grands moulins > 75013 Paris > > t?l?phone bureau : 01 81 70 10 74 > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Mikko.Peltokangas at alavus.fi Thu Oct 29 16:22:13 2015 From: Mikko.Peltokangas at alavus.fi (Peltokangas Mikko) Date: Thu, 29 Oct 2015 16:22:13 +0000 Subject: [rancid] what In-Reply-To: <56323F33.20808@direcpath.com> References: <245350139.211431.1446114671617.JavaMail.zimbra@inalco.fr>, <56323F33.20808@direcpath.com> Message-ID: <627431AFBC39064D988A13AA0351DC4301786F9C96@alexmbx01.6ad.local> Can you integrate gitlab to rancid? -mikko ________________________________ L?hett?j?: Robert Drake L?hetetty: ?29.?10.?2015 17:46 Vastaanottaja: rancid-discuss at shrubbery.net Aihe: Re: [rancid] what With newer versions you can use git to manage the configs. I would recommend gitlab rather than cvsweb because it's a bit nicer. opennms is very good if you need a full network monitoring system but it can be painful to setup. Primarily it's rancid integration allows you to add/remove devices via the web interface. I'm not sure if the web interface to view changes or if you would need a separate program like gitlab or cvsweb. On 10/29/2015 6:31 AM, hayot alain wrote: > Hi, > What kind of web server you offer me to work with rancid (cvsweb, openNMS, web...) ? > > I do not know what is the best and what will be easy to maintain. What you recommend me ? > > have you try openNMS and is it more intersting to use it than to use cvsweb or an other ? > > thanks for your advice. > > > Cordialement > > ----- > Alain HAYOT > Responsable R?seau > > INALCO - LANGUES'O > 65 rue des grands moulins > 75013 Paris > > t?l?phone bureau : 01 81 70 10 74 > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From ken.celenza at mail.com Thu Oct 29 17:07:33 2015 From: ken.celenza at mail.com (Ken Celenza) Date: Thu, 29 Oct 2015 18:07:33 +0100 Subject: [rancid] clogin and rancid good, rancid-run fails In-Reply-To: References: <562E2DB5.8070708@gmail.com> <20151026170032.GB84389@shrubbery.net> , <562F6FAD.9050204@ale.cx> , , Message-ID: > Sent: Tuesday, October 27, 2015 at 3:32 PM > From: "Ken Celenza" > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > > > > Sent: Tuesday, October 27, 2015 at 2:48 PM > > From: "Jethro R Binks" > > To: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] clogin and rancid good, rancid-run fails > > > > On Tue, 27 Oct 2015, Ken Celenza wrote: > > > > > > Sent: Tuesday, October 27, 2015 at 8:35 AM > > > > From: "Alex DEKKER" > > > > > > > > Can you SSH onto them from that box without any special parameters to > > > > SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or > > > > the default key size, perhaps?] used by older IOS, which means you have > > > > to add some -o option to make it work. > > > > > > > > alexd > > > > > > I think this is it. It's still weird that it works fine with ./rancid > > > but not ./rancid-run. That being said, I turned on telnet, it worked > > > fine, and I got a list of the packages that were updated. No changes to > > > perl or expect, but openssh was updated and I found this. > > > > Holy Batman; > > > > I've had a problem with a couple of systems for a while which I've only > > half-heartedly looked at, and then when I set them to 'down' forgot about > > completely for a while more. > > > > But inspired by the above comments, I tested each of /usr/bin/ssh and > > /usr/local/bin/ssh, and the latter works but the former does not. This > > explains why, like one of the OPs, rancid-run on the command-line worked, > > but not when run from cron - a variant of the usual reason, that the > > environment is different (in this case, $PATH). > > > > I changed the order in the PATH in rancid.conf, and now it can connect to > > the systems concerned (and I see form the diffs that they started to fail > > after an update that changed some SSL/TLS settings). > > > > The system /usr/bin/ssh was giving the following error: > > > > no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se server aes128-ctr,aes192-ctr,aes256-ctr > > > > Unfortunately his never made it to a rancid logfile that I could see so I > > was completely in the dark. Is there any way that ssh errors like this > > could be caught and logged? > > > > Happy Jethro. > > > > . . . . . . . . . . . . . . . . . . . . . . . . . > > Jethro R Binks, Network Manager, > > Information Services Directorate, University Of Strathclyde, Glasgow, UK > > > > The University of Strathclyde is a charitable body, registered in > > Scotland, number SC015263. > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > Brilliant!! So yes, I can confirm when running ssh from /usr/bin it fails, when I run the ssh I have it works no problem. Now what's still weird is my $path it shows /usr/bin second, but when I run it via rancid-run, it comes up first and fails, not exactly sure why. I was able to confirm this by monitoring my processes spawning with "strace -feprocess $SHELL" > > I saw this: > [pid 6384] execve("/src/rancid/rancid/bin/ssh", ["ssh", "-c", "3des", "-x", "-l", "user", "device", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"], [/* 68 vars */]) = -1 ENOENT (No such file or directory) > [pid 6384] execve("/src/rancid/rancid//ssh", ["ssh", "-c", "3des", "-x", "-l", "user", "device", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"], [/* 68 vars */]) = -1 ENOENT (No such file or directory) > [pid 6384] execve("/usr/bin/ssh", ["ssh", "-c", "3des", "-x", "-l", "user", "device", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"], [/* 68 vars */]) = 0 > [pid 6384] arch_prctl(ARCH_SET_FS, 0x7fc8024117c0) = 0 > [pid 6384] exit_group(255) = ? > Process 6384 detached > [pid 6383] --- SIGCHLD (Child exited) @ 0 (0) --- > [pid 6383] wait4(6384, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], 0, NULL) = 6384 > [pid 6383] clone(Process 6387 attached > child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f4eddb709d0) = 6387 > [pid 6387] --- SIGWINCH (Window changed) @ 0 (0) --- > [pid 6387] clone(Process 6388 attached > child_stack=0, flags=CLONE_PARENT_SETTID|SIGCHLD, parent_tidptr=0x7ffe9f44aeb8) = 6388 > > In reference to: > """ This explains why, like one of the OPs, rancid-run on the command-line worked, but not when run from cron - a variant of the usual reason, that the environment is different (in this case, $PATH). """ > > Actually didn't work via command line or cron. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > Just to finalize this, my /usr/bin/ssh was downgraded and now everything is working fine. I'm still perplexed as to why it didn't take my $PATH ordering into account. Just something to keep in mind if people are having similar issue in the future. From heas at shrubbery.net Thu Oct 29 19:24:27 2015 From: heas at shrubbery.net (heasley) Date: Thu, 29 Oct 2015 19:24:27 +0000 Subject: [rancid] Procket support Message-ID: <20151029192426.GH98263@shrubbery.net> We are considering removal of the Procket Networks support from rancid. Obviously, they are EOS and must be near EOL due to lack of s/w support. So, are any rancid users still running Prokects? Please reply just to me and we'll retain it. From Wayne.Eisenberg at CarolinasIT.com Fri Oct 30 13:14:49 2015 From: Wayne.Eisenberg at CarolinasIT.com (Wayne Eisenberg) Date: Fri, 30 Oct 2015 13:14:49 +0000 Subject: [rancid] rancid 3.1 and Aironet 1130 Message-ID: Hi, I am trying to get rancid 3.1 to talk to some Cisco Aironet 1130AG access points, but am not successful so far. I think the problem is in wlogin, since when I run "wlogin -d -t 40 -c"show sysinfo" ap1.local", it never finishes, just hangs waiting for input that isn't coming (successful login, gets to the # prompt, and then looks for more input). I've tried to use autoenable on and off, no success. The product hardware is AIR-AP1131G-A-K9 and the software is 12.4(21a)JA1 (c1130-k9w7-tar.124-21a.JA1). Any ideas? Is this combination supported, or is there a config change to make on the AP to make it compatible? (this is the add-in from before the inclusion in 3.2): wlogin produces: [rancid at host rancid3]$ bin/wlogin -d -t 40 -c"show sysinfo" ap1.local ap1.local spawn ssh -p 1002 -c 3des -x -l user ap1.local parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {20858} expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? no ">"? no "Login invalid"? no Password: expect: does "Password: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Password: " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "Password: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? yes expect: set expect_out(0,string) "Password:" expect: set expect_out(1,string) "Password" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Password:" send: sending "-------\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? no ">"? no "Login invalid"? no expect: does " \r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " \r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? no ">"? no "Login invalid"? no AP1# expect: does " \r\n\r\nAP1#" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\n\r\nAP1#" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " \r\n\r\nAP1#" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? no ">"? no "Login invalid"? no Any ideas? Is rancid v3.2 the answer? If so, how difficult is the upgrade and does it require reinstalling svn? Thanks, Wayne ________________________________ The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Oct 30 15:59:36 2015 From: heas at shrubbery.net (heasley) Date: Fri, 30 Oct 2015 15:59:36 +0000 Subject: [rancid] rancid 3.1 and Aironet 1130 In-Reply-To: References: Message-ID: <20151030155936.GA27895@shrubbery.net> Fri, Oct 30, 2015 at 01:14:49PM +0000, Wayne Eisenberg: > > Any ideas? Is rancid v3.2 the answer? i do not know, but i do not know what you have now, nor can I look at the wlogin you have. so, at a minimum, take wlogin from rancid 3.2. it does appear to be match for > rather than #; autoenable? >If so, how difficult is the upgrade depends upon what version you are running; only significant change for installation is the format of router.db > and does it require reinstalling svn? no From dan.w.anderson at gmail.com Fri Oct 30 14:25:32 2015 From: dan.w.anderson at gmail.com (Dan Anderson) Date: Fri, 30 Oct 2015 07:25:32 -0700 (PDT) Subject: [rancid] rancid 3.1 and Aironet 1130 In-Reply-To: References: Message-ID: <1446215132364.f7b79901@Nodemailer> Try using type cisco. wlogin was meant for the controller-based solution. If you're looking for more info than just the configs, you'd need to create a custom command set for the APs.? ? Dan On Fri, Oct 30, 2015 at 10:00 AM, Wayne Eisenberg wrote: > Hi, > I am trying to get rancid 3.1 to talk to some Cisco Aironet 1130AG access points, but am not successful so far. I think the problem is in wlogin, since when I run "wlogin -d -t 40 -c"show sysinfo" ap1.local", it never finishes, just hangs waiting for input that isn't coming (successful login, gets to the # prompt, and then looks for more input). I've tried to use autoenable on and off, no success. > The product hardware is AIR-AP1131G-A-K9 and the software is 12.4(21a)JA1 (c1130-k9w7-tar.124-21a.JA1). Any ideas? Is this combination supported, or is there a config change to make on the AP to make it compatible? > (this is the add-in from before the inclusion in 3.2): > wlogin produces: > [rancid at host rancid3]$ bin/wlogin -d -t 40 -c"show sysinfo" ap1.local > ap1.local > spawn ssh -p 1002 -c 3des -x -l user ap1.local > parent: waiting for sync byte > parent: telling child to go ahead > parent: now unsynchronized from child > spawn: returns {20858} > expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no > expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > ">"? no > "Login invalid"? no > Password: > expect: does "Password: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > expect: does "Password: " (spawn_id exp6) match glob pattern "unknown host\r"? no > expect: does "Password: " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? yes > expect: set expect_out(0,string) "Password:" > expect: set expect_out(1,string) "Password" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "Password:" > send: sending "-------\r" to { exp6 } > expect: continuing expect > expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no > expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > ">"? no > "Login invalid"? no > expect: does " \r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > expect: does " \r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no > expect: does " \r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > ">"? no > "Login invalid"? no > AP1# > expect: does " \r\n\r\nAP1#" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > expect: does " \r\n\r\nAP1#" (spawn_id exp6) match glob pattern "unknown host\r"? no > expect: does " \r\n\r\nAP1#" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > ">"? no > "Login invalid"? no > > Any ideas? Is rancid v3.2 the answer? If so, how difficult is the upgrade and does it require reinstalling svn? > Thanks, > Wayne > ________________________________ > The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: