From Chris.Davis at principia.edu Tue Mar 8 21:49:06 2016 From: Chris.Davis at principia.edu (Chris Davis) Date: Tue, 8 Mar 2016 21:49:06 +0000 Subject: [rancid] Current 3.X and Fortinet. Message-ID: Does the current 3.X version of Rancid support Fortinet firewalls? I don't see it in the list, nor do I see any add-on patches on the ftp site. I'd like to move to 3.x, but I'd like it to handle my firewalls. Not seeing anything on the website that confirms. Chris From JWouda at denit.nl Wed Mar 9 07:12:54 2016 From: JWouda at denit.nl (Jeroen Wouda) Date: Wed, 9 Mar 2016 08:12:54 +0100 Subject: [rancid] Current 3.X and Fortinet. In-Reply-To: References: Message-ID: Yes it does. However, there is a patch available which I recommend, since otherwise the result might be broken (depending on your Fortinet firmware version). Kind regards, Jeroen > Met vriendelijke groet, Jeroen Wouda Systems Architect [cid:image5e2bfa.JPG at 02ec3961.4e9e1071] Kabelweg 21 1014 BA Amsterdam Telefoon +31 (0) 20 337 18 01 Web www.denit.nl E-mail JWouda at denit.nl [cid:image3cc39b.JPG at 1440db58.49b84c14] [cid:imageeeec1e.JPG at 677c40ce.42b425bb] Denit Hosting Solutions is ISO 9001:2008 en ISO 27001:2013 gecertificeerd. -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf > Of Chris Davis > Sent: dinsdag 8 maart 2016 22:49 > To: rancid-discuss at shrubbery.net > Subject: [rancid] Current 3.X and Fortinet. > > Does the current 3.X version of Rancid support Fortinet firewalls? I don't see it > in the list, nor do I see any add-on patches on the ftp site. > > I'd like to move to 3.x, but I'd like it to handle my firewalls. Not seeing anything > on the website that confirms. > > Chris > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image5e2bfa.JPG Type: image/jpeg Size: 5954 bytes Desc: image5e2bfa.JPG URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image3cc39b.JPG Type: image/jpeg Size: 10173 bytes Desc: image3cc39b.JPG URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: imageeeec1e.JPG Type: image/jpeg Size: 9670 bytes Desc: imageeeec1e.JPG URL: From Chris.Davis at principia.edu Wed Mar 9 16:33:05 2016 From: Chris.Davis at principia.edu (Chris Davis) Date: Wed, 9 Mar 2016 16:33:05 +0000 Subject: [rancid] Current 3.X and Fortinet. In-Reply-To: References: Message-ID: Where do I find the patch Jeroen? I?m running 5.2.5 currntly. I didn?t see a Fortinet patch in the contributed library. Chris From: Jeroen Wouda [mailto:JWouda at denit.nl] Sent: Wednesday, March 09, 2016 1:13 AM To: Chris Davis Cc: rancid-discuss at shrubbery.net Subject: RE: Current 3.X and Fortinet. Yes it does. However, there is a patch available which I recommend, since otherwise the result might be broken (depending on your Fortinet firmware version). Kind regards, Jeroen > Met vriendelijke groet, Jeroen Wouda Systems Architect [Denit Hosting Solutions] Kabelweg 21 1014 BA Amsterdam Telefoon +31 (0) 20 337 18 01 Web www.denit.nl E-mail JWouda at denit.nl [LinkedIn] [cid:image003.jpg at 01D179EF.0E5FF790] Denit Hosting Solutions is ISO 9001:2008 en ISO 27001:2013 gecertificeerd. -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf > Of Chris Davis > Sent: dinsdag 8 maart 2016 22:49 > To: rancid-discuss at shrubbery.net > Subject: [rancid] Current 3.X and Fortinet. > > Does the current 3.X version of Rancid support Fortinet firewalls? I don't see it > in the list, nor do I see any add-on patches on the ftp site. > > I'd like to move to 3.x, but I'd like it to handle my firewalls. Not seeing anything > on the website that confirms. > > Chris > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 5954 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 10173 bytes Desc: image002.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 9670 bytes Desc: image003.jpg URL: From smeftahi at gmail.com Wed Mar 9 12:41:36 2016 From: smeftahi at gmail.com (Samir Meftahi) Date: Wed, 9 Mar 2016 13:41:36 +0100 Subject: [rancid] rancid cannot find .cloginrc Message-ID: Dear all, After changing credentials, Rancid stopped backing up nodes. I can see this error message: /home/rancid/var/rancid/logs# home/rancid/.cloginrc -bash: home/rancid/.cloginrc: No such file or directory Yet the file exists in right path. Any help appreciated /Sam -------------- next part -------------- An HTML attachment was scrubbed... URL: From JWouda at denit.nl Thu Mar 10 07:25:33 2016 From: JWouda at denit.nl (Jeroen Wouda) Date: Thu, 10 Mar 2016 08:25:33 +0100 Subject: [rancid] Current 3.X and Fortinet. In-Reply-To: References: Message-ID: Hi Chris, Here you go: http://www.shrubbery.net/pipermail/rancid-discuss/2015-April/008347.html Kind regards, Jeroen Met vriendelijke groet, Jeroen Wouda Systems Architect [cid:image2a1429.JPG at 532728f1.48bd0d9e] Kabelweg 21 1014 BA Amsterdam Telefoon +31 (0) 20 337 18 01 Web www.denit.nl E-mail JWouda at denit.nl [cid:image65d943.JPG at 817f2ac2.4ab092b9] [cid:image2a5638.JPG at 93e04a4c.47ba8f4c] Denit Hosting Solutions is ISO 9001:2008 en ISO 27001:2013 gecertificeerd. From: Chris Davis [mailto:Chris.Davis at principia.edu] Sent: woensdag 9 maart 2016 17:33 To: Jeroen Wouda Cc: rancid-discuss at shrubbery.net Subject: RE: Current 3.X and Fortinet. Where do I find the patch Jeroen? I?m running 5.2.5 currntly. I didn?t see a Fortinet patch in the contributed library. Chris From: Jeroen Wouda [mailto:JWouda at denit.nl] Sent: Wednesday, March 09, 2016 1:13 AM To: Chris Davis > Cc: rancid-discuss at shrubbery.net Subject: RE: Current 3.X and Fortinet. Yes it does. However, there is a patch available which I recommend, since otherwise the result might be broken (depending on your Fortinet firmware version). Kind regards, Jeroen > Met vriendelijke groet, Jeroen Wouda Systems Architect [cid:image001.jpg at 01D17AA6.6A4E9630] Kabelweg 21 1014 BA Amsterdam Telefoon +31 (0) 20 337 18 01 Web www.denit.nl E-mail JWouda at denit.nl [cid:image002.jpg at 01D17AA6.6A4E9630] [cid:image003.jpg at 01D17AA6.6A4E9630] Denit Hosting Solutions is ISO 9001:2008 en ISO 27001:2013 gecertificeerd. -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf > Of Chris Davis > Sent: dinsdag 8 maart 2016 22:49 > To: rancid-discuss at shrubbery.net > Subject: [rancid] Current 3.X and Fortinet. > > Does the current 3.X version of Rancid support Fortinet firewalls? I don't see it > in the list, nor do I see any add-on patches on the ftp site. > > I'd like to move to 3.x, but I'd like it to handle my firewalls. Not seeing anything > on the website that confirms. > > Chris > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 5954 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 10173 bytes Desc: image002.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 9670 bytes Desc: image003.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image2a1429.JPG Type: image/jpeg Size: 5954 bytes Desc: image2a1429.JPG URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image65d943.JPG Type: image/jpeg Size: 10173 bytes Desc: image65d943.JPG URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image2a5638.JPG Type: image/jpeg Size: 9670 bytes Desc: image2a5638.JPG URL: From smeftahi at gmail.com Thu Mar 10 12:08:11 2016 From: smeftahi at gmail.com (Samir Meftahi) Date: Thu, 10 Mar 2016 13:08:11 +0100 Subject: [rancid] Clogin not sending username Message-ID: Hi, I tested my clogin file with below, and it works fine when AAA is removed from node abd I have local user configured on cisco router. add method rtr-* {telnet} add user rtr-* {user} add password rtr-* {pass} {enapass} add autoenable dk-* 0 But when I use AAA, and below file...clogin does not seem to send username...and session times out. If I type username, I don't get prompted for password. add method rtr-* {telnet} add user rtr-* {AAAuser} add password rtr-* {AAApass} add autoenable dk-* 1 This setup has worked fine until recent tacacs changes, where enable password was no longer needed. I assumed changing 0 to 1 would be enough. I can telnet to nodes using the credentials. Any help appreciated ! /Sam -------------- next part -------------- An HTML attachment was scrubbed... URL: From smckee at umich.edu Thu Mar 10 12:57:18 2016 From: smckee at umich.edu (Shawn McKee) Date: Thu, 10 Mar 2016 07:57:18 -0500 Subject: [rancid] Rancid support for Mellanox switches? Message-ID: Hi Everyone, I have poked around but haven't found any mention of Rancid support for Mellanox switches. I am particularly interested in running Rancid on a new SN2700 (http://www.mellanox.com/page/products_dyn?product_family=217& ) I can clogin to the switch but gathering its config fails. I assume I would be more successful starting from a "mlxlogin" if someone has created one. Thanks for any pointers, Shawn McKee / University of Michigan Physics -------------- next part -------------- An HTML attachment was scrubbed... URL: From david.ahrens at citrix.com Thu Mar 10 17:45:09 2016 From: david.ahrens at citrix.com (David Ahrens) Date: Thu, 10 Mar 2016 17:45:09 +0000 Subject: [rancid] Cisco Nexus Message-ID: Hi, I'm trying to use rancid 3.2 to backup the configs of a Cisco Nexus. Here's the version info for the Cisco Nexus: Software BIOS: version 08.06 NXOS: version 6.1(2)I2(2b) BIOS compile time: 09/10/2014 NXOS image file is: bootflash:///n9000-dk9.6.1.2.I2.2b.bin NXOS compile time: 8/7/2014 17:00:00 [08/08/2014 00:10:31] Hardware cisco Nexus9000 C9504 (4 Slot) Chassis ("Supervisor Module") Intel(R) Xeon(R) CPU E5-2403 with 16402456 kB of memory. Processor Board ID SAL18485EX1 I'm able to login to the switch using clogin. Here's my .cloginrc ### FTL Colo Cisco Nexus switches # # ### add method * {ssh} add autoenable MIA2-ESW* {1} add user MIA2-ESW* {} add password MIA2-ESW* { } Here's the log file (it's the same for rounds 1..4): ===================================== Getting missed routers: round 4. mia2-esw0008-1_supa: missed cmd(s): show module,dir usb1:,dir debug:,show debug,show cores vdc-all,show vtp status,show module xbar,show inventory,dir usb2:,show vlan,dir volatile:,dir bootflash:,dir slot0:,show module fex,show processes log vdc-all,dir logflash:,show fex,show running-config mia2-esw0008-1_supa: End of run not found ! When I login to the Cisco-nexus using clogin, I'm able to manually enter these commands at the prompt. Thanks, David -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhb at clemson.edu Wed Mar 9 21:24:00 2016 From: jhb at clemson.edu (Joseph Bernard) Date: Wed, 9 Mar 2016 21:24:00 +0000 Subject: [rancid] rancid cannot find .cloginrc In-Reply-To: References: Message-ID: <4079A9D9-9DE3-43BE-8A01-3BD11FAE7396@clemson.edu> Login as the userid that runs rancid and see if it can see that file. Thanks, Joseph B. From: Rancid-discuss on behalf of Samir Meftahi Date: Wednesday, March 9, 2016 at 7:41 AM To: "rancid-discuss at shrubbery.net" Subject: [rancid] rancid cannot find .cloginrc Dear all, After changing credentials, Rancid stopped backing up nodes. I can see this error message: /home/rancid/var/rancid/logs# home/rancid/.cloginrc -bash: home/rancid/.cloginrc: No such file or directory Yet the file exists in right path. Any help appreciated /Sam -------------- next part -------------- An HTML attachment was scrubbed... URL: From ler762 at gmail.com Thu Mar 10 21:29:12 2016 From: ler762 at gmail.com (Lee) Date: Thu, 10 Mar 2016 16:29:12 -0500 Subject: [rancid] Cisco Nexus In-Reply-To: References: Message-ID: On 3/10/16, David Ahrens wrote: > Hi, > > I'm trying to use rancid 3.2 to backup the configs of a Cisco Nexus. > [.. snip ..] > mia2-esw0008-1_supa: End of run not found does router.db have the device type as cisco or cisco-nx? If it's "cisco" try changing it. Lee From gmourani at gmail.com Fri Mar 11 15:30:37 2016 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 11 Mar 2016 10:30:37 -0500 Subject: [rancid] set password ENC Message-ID: <2F41BE6C-D37C-4CD8-AA16-7556B3D4F7C4@gmail.com> Hello List, I?m still having problem with diff related to "set password ENC? that come again and again. Fortigate version is v5.2.6,build711. Rancid version is 3.2 Here an example of the line I would like to remove: set password ENC AGPgQlrTRxOmZuUjKSSGaBqav+OG08kYtIUGTrVg7YNWv8Kz96DI/02XCUISGqEOncyp4mWxfx5AfZO9RZ2Xi+EJO00sJGlgJaeYZ47l2CDXISwum0INicQ2AETplkrzPglVsd78zWlogFtf4AQXxMbrYU+wCaTElsvc2G0eqftKCjOLEhl3vsSBmEPODPNKyjycXg== Gerhard, From heas at shrubbery.net Tue Mar 15 17:26:25 2016 From: heas at shrubbery.net (heasley) Date: Tue, 15 Mar 2016 17:26:25 +0000 Subject: [rancid] set password ENC In-Reply-To: <2F41BE6C-D37C-4CD8-AA16-7556B3D4F7C4@gmail.com> References: <2F41BE6C-D37C-4CD8-AA16-7556B3D4F7C4@gmail.com> Message-ID: <20160315172625.GE88499@shrubbery.net> Fri, Mar 11, 2016 at 10:30:37AM -0500, Gerhard Mourani: > Hello List, > > I?m still having problem with diff related to "set password ENC? that come again and again. meaning that the password has not changed but the encrypted string changes repeatedly? The code only filters this line if FILTER_PWDS is set to YES or ALL. > Fortigate version is v5.2.6,build711. > Rancid version is 3.2 > > Here an example of the line I would like to remove: > > set password ENC AGPgQlrTRxOmZuUjKSSGaBqav+OG08kYtIUGTrVg7YNWv8Kz96DI/02XCUISGqEOncyp4mWxfx5AfZO9RZ2Xi+EJO00sJGlgJaeYZ47l2CDXISwum0INicQ2AETplkrzPglVsd78zWlogFtf4AQXxMbrYU+wCaTElsvc2G0eqftKCjOLEhl3vsSBmEPODPNKyjycXg== From nick at foobar.org Tue Mar 15 17:35:10 2016 From: nick at foobar.org (Nick Hilliard) Date: Tue, 15 Mar 2016 17:35:10 +0000 Subject: [rancid] set password ENC In-Reply-To: <20160315172625.GE88499@shrubbery.net> References: <2F41BE6C-D37C-4CD8-AA16-7556B3D4F7C4@gmail.com> <20160315172625.GE88499@shrubbery.net> Message-ID: <56E847CE.3080209@foobar.org> heasley wrote: > meaning that the password has not changed but the encrypted string > changes repeatedly? yeah, fortios does this. So does Adtran AOS. Apparently this is a "feature". Nick From gmourani at gmail.com Tue Mar 15 17:40:07 2016 From: gmourani at gmail.com (Gerhard Mourani) Date: Tue, 15 Mar 2016 13:40:07 -0400 Subject: [rancid] set password ENC In-Reply-To: <20160315172625.GE88499@shrubbery.net> References: <2F41BE6C-D37C-4CD8-AA16-7556B3D4F7C4@gmail.com> <20160315172625.GE88499@shrubbery.net> Message-ID: > meaning that the password has not changed but the encrypted string changes repeatedly? Yes, look like that. Password has no been changed. Did you have a code I can add/change to eliminate all ?set password ENC? parts? Gerhard, > On Mar 15, 2016, at 1:26 PM, heasley wrote: > > Fri, Mar 11, 2016 at 10:30:37AM -0500, Gerhard Mourani: >> Hello List, >> >> I?m still having problem with diff related to "set password ENC? that come again and again. > > meaning that the password has not changed but the encrypted string > changes repeatedly? The code only filters this line if FILTER_PWDS is > set to YES or ALL. > >> Fortigate version is v5.2.6,build711. >> Rancid version is 3.2 >> >> Here an example of the line I would like to remove: >> >> set password ENC AGPgQlrTRxOmZuUjKSSGaBqav+OG08kYtIUGTrVg7YNWv8Kz96DI/02XCUISGqEOncyp4mWxfx5AfZO9RZ2Xi+EJO00sJGlgJaeYZ47l2CDXISwum0INicQ2AETplkrzPglVsd78zWlogFtf4AQXxMbrYU+wCaTElsvc2G0eqftKCjOLEhl3vsSBmEPODPNKyjycXg== From heas at shrubbery.net Tue Mar 15 17:47:18 2016 From: heas at shrubbery.net (heasley) Date: Tue, 15 Mar 2016 17:47:18 +0000 Subject: [rancid] set password ENC In-Reply-To: <56E847CE.3080209@foobar.org> References: <2F41BE6C-D37C-4CD8-AA16-7556B3D4F7C4@gmail.com> <20160315172625.GE88499@shrubbery.net> <56E847CE.3080209@foobar.org> Message-ID: <20160315174718.GG88499@shrubbery.net> Tue, Mar 15, 2016 at 05:35:10PM +0000, Nick Hilliard: > heasley wrote: > > meaning that the password has not changed but the encrypted string > > changes repeatedly? > > yeah, fortios does this. So does Adtran AOS. Apparently this is a > "feature". > > Nick now i realize that someone wanted those saved, regardless of the cycling. i suppose rancid does need an option separate from FILTER_PWDS to save cycling passwords, as someone ask about last week. From gmourani at gmail.com Tue Mar 15 18:23:12 2016 From: gmourani at gmail.com (Gerhard Mourani) Date: Tue, 15 Mar 2016 14:23:12 -0400 Subject: [rancid] set password ENC In-Reply-To: <20160315174718.GG88499@shrubbery.net> References: <2F41BE6C-D37C-4CD8-AA16-7556B3D4F7C4@gmail.com> <20160315172625.GE88499@shrubbery.net> <56E847CE.3080209@foobar.org> <20160315174718.GG88499@shrubbery.net> Message-ID: <2B3B6A39-C9D8-4869-BAE0-0ECFEF813447@gmail.com> Setting FILTER_PWDS to YES or NO, doesn?t make any difference. > On Mar 15, 2016, at 1:47 PM, heasley wrote: > > Tue, Mar 15, 2016 at 05:35:10PM +0000, Nick Hilliard: >> heasley wrote: >>> meaning that the password has not changed but the encrypted string >>> changes repeatedly? >> >> yeah, fortios does this. So does Adtran AOS. Apparently this is a >> "feature". >> >> Nick > > now i realize that someone wanted those saved, regardless of the cycling. > i suppose rancid does need an option separate from FILTER_PWDS to save > cycling passwords, as someone ask about last week. From ler762 at gmail.com Wed Mar 16 15:32:56 2016 From: ler762 at gmail.com (Lee) Date: Wed, 16 Mar 2016 11:32:56 -0400 Subject: [rancid] cosmetic error in configure for rancid 3.4.1? Message-ID: I don't know if this is a cygwin specific issue or it's an error msg everybody gets that can be safely ignored, but it looks like this line in configure ENV_PATH="$ENV_PATH:`dirname $DIRNAME`:`dirname $DIFF`:`dirname $MKTEMP`" should be using $MKTEMP_PATH instead of $MKTEMP MKTEMP isn't getting set in configure -- at least on cygwin. But it's a non-issue since the mktemp program is in /usr/bin which gets added to the path anyway because perl, expect, etc. are all in /usr/bin relevant bit from ./configure output: checking for perl... /usr/bin/perl checking Socket.pm version... checking for expect... /usr/bin/expect checking for mktemp... /usr/bin/mktemp checking for ping... /cygdrive/c/windows/system32/ping.exe dirname: missing operand Try 'dirname --help' for more information. I added some echo commands to configure & reran: checking for ping... /cygdrive/c/windows/system32/ping.exe PERLV_PATH : /usr/bin/perl EXPECT_PATH: /usr/bin/expect SENDMAIL : DIRNAME : /usr/bin/dirname DIFF : /usr/bin/diff MKTEMP : MKTEMP_PATH: /usr/bin/mktemp ENV_PATH : /usr/bin:/usr/bin:. dirname: missing operand Try 'dirname --help' for more information. ENV_PATH : /usr/bin:/usr/bin:.:/usr/bin:/usr/bin: So the problem is $ dirname $MKTEMP dirname: missing operand Try 'dirname --help' for more information. Should MKTEMP be getting set in configure? I can't tell, but it seems like the easy fix would be to use $MKTEMP_PATH instead of $MKTEMP Thanks, Lee From heas at shrubbery.net Wed Mar 16 17:30:44 2016 From: heas at shrubbery.net (heasley) Date: Wed, 16 Mar 2016 17:30:44 +0000 Subject: [rancid] cosmetic error in configure for rancid 3.4.1? In-Reply-To: References: Message-ID: <20160316173044.GJ25224@shrubbery.net> Wed, Mar 16, 2016 at 11:32:56AM -0400, Lee: > I don't know if this is a cygwin specific issue or it's an error msg > everybody gets that can be safely ignored, but it looks like this line > in configure ... you are correct; there is a variable name inconsistency there. Thanks. From gmourani at gmail.com Fri Mar 18 22:44:48 2016 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 18 Mar 2016 18:44:48 -0400 Subject: [rancid] set password ENC In-Reply-To: <20160315174718.GG88499@shrubbery.net> References: <2F41BE6C-D37C-4CD8-AA16-7556B3D4F7C4@gmail.com> <20160315172625.GE88499@shrubbery.net> <56E847CE.3080209@foobar.org> <20160315174718.GG88499@shrubbery.net> Message-ID: <1C7E7C80-E1C4-4617-991E-F67B341DA942@gmail.com> Guys, This patch make the ENCRYPTED PRIVATE KEY part to be removed. diff -ur rancid-3.2.orig/bin/fnrancid.in rancid-3.2/bin/fnrancid.in --- rancid-3.2.orig/bin/fnrancid.in 2015-03-16 15:02:52.000000000 -0400 +++ rancid-3.2/bin/fnrancid.in 2016-03-17 13:22:16.494902363 -0400 @@ -170,6 +170,7 @@ sub GetSystem { print STDERR " In GetSystem: $_" if ($debug); + my $priv_key; while () { tr/\015//d; next if /^\s*$/; @@ -204,6 +205,11 @@ tr/\015//d; next if /^\s*$/; last if (/$prompt/); + # spot the start of an ENCRYPTED private key + $priv_key = 1 if(/^\s*set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----/); + # spot the end of an RSA private key + $priv_key = 0 && next if(/^\s*-----END ENCRYPTED PRIVATE KEY-----"/); + next if($priv_key == 1); # System time is fortigate extraction time next if (/^\s*!System time:/); Gerhard, > On Mar 15, 2016, at 1:47 PM, heasley wrote: > > Tue, Mar 15, 2016 at 05:35:10PM +0000, Nick Hilliard: >> heasley wrote: >>> meaning that the password has not changed but the encrypted string >>> changes repeatedly? >> >> yeah, fortios does this. So does Adtran AOS. Apparently this is a >> "feature". >> >> Nick > > now i realize that someone wanted those saved, regardless of the cycling. > i suppose rancid does need an option separate from FILTER_PWDS to save > cycling passwords, as someone ask about last week. From nachofw at adinet.com.uy Mon Mar 21 17:06:06 2016 From: nachofw at adinet.com.uy (nachofw) Date: Mon, 21 Mar 2016 14:06:06 -0300 Subject: [rancid] Cisco - who made change Message-ID: <4kpkvao4rarh1wh2ylyse0d7.1458579966930@email.android.com> Hi, i wanted to make a suggestion.When someone makes a change in a cisco router to take into account the line "last configuration change at *** by user ***".But only make a new version if the config chaged, and send in the mail with the diff and the user that made the change.I know some people dont agree that this is the best way. Still can this feature be optional?Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From ler762 at gmail.com Mon Mar 21 17:57:37 2016 From: ler762 at gmail.com (Lee) Date: Mon, 21 Mar 2016 13:57:37 -0400 Subject: [rancid] Cisco - who made change In-Reply-To: <4kpkvao4rarh1wh2ylyse0d7.1458579966930@email.android.com> References: <4kpkvao4rarh1wh2ylyse0d7.1458579966930@email.android.com> Message-ID: On 3/21/16, nachofw wrote: > Hi, i wanted to make a suggestion.When someone makes a change in a cisco > router to take into account the line "last configuration change at *** by > user ***".But only make a new version if the config chaged, and send in the > mail with the diff and the user that made the change.I know some people dont > agree that this is the best way. Still can this feature be optional?Regards It's easy enough to get the "last configuration change at ***" line included - just comment out the line(s) that ignore them - ie /source/rancid-3.4.1/bin $ grep -i "last c" * cat5rancid: /^! (Last configuration|NVRAM config last)/ && next; cat5rancid.in: /^! (Last configuration|NVRAM config last)/ && next; cssrancid: /^! (Last configuration|NVRAM config last)/ && next; cssrancid.in: /^! (Last configuration|NVRAM config last)/ && next; prancid: /^! Last Changed:/ && next; prancid.in: /^! Last Changed:/ && next; rrancid: /^! Configuration last changed by user / && next; rrancid.in: /^! Configuration last changed by user / && next; zrancid: /^! Last Changed:/ && next; zrancid.in: /^! Last Changed:/ && next; /source/rancid-3.4.1/lib $ grep -i "last c" * acos.pm: next if (/Last configuration saved/); acos.pm.in: next if (/Last configuration saved/); ios.pm: /^! (Last configuration|NVRAM config last)/ && next; ios.pm.in: /^! (Last configuration|NVRAM config last)/ && next; iosxr.pm: /^! (Last configuration|NVRAM config last)/ && next; iosxr.pm.in: /^! (Last configuration|NVRAM config last)/ && next; I haven't tried it, but you can probably suppress the config change email if the only thing that changed was the "last config" line by changing the diff call to also specify -I 'Last config' Regards, Lee From nachofw at adinet.com.uy Thu Mar 24 14:58:13 2016 From: nachofw at adinet.com.uy (nachofw) Date: Thu, 24 Mar 2016 11:58:13 -0300 Subject: [rancid] High cpu on large configs Message-ID: Hi, some of the devices i backup contain more than 10k config lines, specifically a cisco asa. This causes high cpu when a backup is done. How can i set a "sleep 1" in the clogin script so that when the line "<--- More --->" gets hit it whaits 1 second before continuing. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at ale.cx Thu Mar 24 15:06:03 2016 From: rancid at ale.cx (Alex DEKKER) Date: Thu, 24 Mar 2016 15:06:03 +0000 Subject: [rancid] High cpu on large configs In-Reply-To: References: Message-ID: <56F4025B.5000004@ale.cx> On 24/03/16 14:58, nachofw wrote: > Hi, some of the devices i backup contain more than 10k config lines, > specifically a cisco asa. This causes high cpu when a backup is done. > How can i set a "sleep 1" in the clogin script so that when the line > "<--- More --->" gets hit it whaits 1 second before continuing. I doubt that RANCID ever "sees" the pager lines. It almost certainly sets the terminal length so that the config is never split into pages. alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Mar 24 15:39:43 2016 From: heas at shrubbery.net (heasley) Date: Thu, 24 Mar 2016 15:39:43 +0000 Subject: [rancid] High cpu on large configs In-Reply-To: <56F4025B.5000004@ale.cx> References: <56F4025B.5000004@ale.cx> Message-ID: <20160324153943.GA96355@shrubbery.net> Thu, Mar 24, 2016 at 03:06:03PM +0000, Alex DEKKER: > On 24/03/16 14:58, nachofw wrote: > > Hi, some of the devices i backup contain more than 10k config lines, > > specifically a cisco asa. This causes high cpu when a backup is done. > > How can i set a "sleep 1" in the clogin script so that when the line > > "<--- More --->" gets hit it whaits 1 second before continuing. > > I doubt that RANCID ever "sees" the pager lines. It almost certainly > sets the terminal length so that the config is never split into pages. if the device supports that, yes. you'd probably be better to set send_human parameters to something slow. From ler762 at gmail.com Thu Mar 24 16:14:15 2016 From: ler762 at gmail.com (Lee) Date: Thu, 24 Mar 2016 12:14:15 -0400 Subject: [rancid] High cpu on large configs In-Reply-To: References: Message-ID: On 3/24/16, nachofw wrote: > Hi, some of the devices i backup contain more than 10k config lines, > specifically a cisco asa. This causes high cpu when a backup is done. How > can i set a "sleep 1" in the clogin script so that when the line "<--- More > --->" gets hit it whaits 1 second before continuing. Depends on which version of rancid you have. For 3.4.1 you'd edit lib/rancid/ios.pm to add the sleep calls or whatever inside the appropriate if (/^(<-+ More -+>)/) { ... } block. Regards, Lee From ler762 at gmail.com Thu Mar 24 16:19:53 2016 From: ler762 at gmail.com (Lee) Date: Thu, 24 Mar 2016 12:19:53 -0400 Subject: [rancid] High cpu on large configs In-Reply-To: <20160324153943.GA96355@shrubbery.net> References: <56F4025B.5000004@ale.cx> <20160324153943.GA96355@shrubbery.net> Message-ID: On 3/24/16, heasley wrote: > Thu, Mar 24, 2016 at 03:06:03PM +0000, Alex DEKKER: >> On 24/03/16 14:58, nachofw wrote: >> > Hi, some of the devices i backup contain more than 10k config lines, >> > specifically a cisco asa. This causes high cpu when a backup is done. >> > How can i set a "sleep 1" in the clogin script so that when the line >> > "<--- More --->" gets hit it whaits 1 second before continuing. >> >> I doubt that RANCID ever "sees" the pager lines. It almost certainly >> sets the terminal length so that the config is never split into pages. > > if the device supports that, yes. You might want to consider adding a terminal pager 0 to clogin in addition to the 'term len 0' to disable the pager on ASAs Lee From nachofw at adinet.com.uy Mon Mar 28 18:10:16 2016 From: nachofw at adinet.com.uy (nachofw) Date: Mon, 28 Mar 2016 15:10:16 -0300 Subject: [rancid] High cpu on large configs Message-ID: <608ssqq2r8urp2tolm6xdewq.1459188374790@email.android.com> Thanks for the input.I ended up taking advantage of the fact that asa doesn't support 'terminal length'and 'terminal width'. And changed the file lee mentioned:-> /usr/share/perl5/rancid/ios.pm??????? # the pager can not be disabled per-session on the PIX??????? if (/^(<-+ More -+>)/) {??????????? my($len) = length($1);??????????? s/^$1s{$len}//;+??????????? select(undef, undef, undef, 0.15);??????? } I cant use the 'terminal pager 0' because that displays all the config in one shot and causes the cpu to spike to 97%, i needed for rancid to use the ---more--- feature when displaying the config.Again thanks to all-------- Mensaje original --------De: nachofw Fecha: 24/03/2016 11:58 AM (GMT-03:00) Para: rancid-discuss at shrubbery.net, rancid at shrubbery.net Asunto: High cpu on large configs Hi, some of the devices i backup contain more than 10k config lines, specifically a cisco asa. This causes high cpu when a backup is done. How can i set a "sleep 1" in the clogin script so that when the line "<--- More --->" gets hit it whaits 1 second before continuing. -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.jacobs at doortodoororganics.com Mon Mar 28 21:12:05 2016 From: daniel.jacobs at doortodoororganics.com (Daniel Jacobs) Date: Mon, 28 Mar 2016 15:12:05 -0600 Subject: [rancid] fnrancid not getting full configs for fortigates Message-ID: We have a couple of fortigate devices that we want to incorporate into our rancid backups. The config file that rancid is ending up with from the "show full-configuration" command is around 8800 lines and is missing all of the ipsec and bgp configuration sections as well as other areas. The full configuration I see when I ssh into the firewall and run "show full-configuration" and the config I get from downloading a backup through the gui are both close to 30,000 lines and have the ipsec and bgp configuration sections. The version of fnrancid I'm running is from 2015-01-11, and is the latest one I found. And I'm running rancid 3.2, but the changelogs didn't indicate anything that seemed relevant to my issue. Has anyone else run into this? Any suggestions? -- Daniel Jacobs Senior IT Admin Door to Door Organics p: 303.620.5440 DoorToDoorOrganics.com Facebook ? Twitter ? Instagram ? Pinterest From heas at shrubbery.net Tue Mar 29 12:46:15 2016 From: heas at shrubbery.net (heasley) Date: Tue, 29 Mar 2016 12:46:15 +0000 Subject: [rancid] High cpu on large configs In-Reply-To: <608ssqq2r8urp2tolm6xdewq.1459188374790@email.android.com> References: <608ssqq2r8urp2tolm6xdewq.1459188374790@email.android.com> Message-ID: <20160329124615.GG45004@shrubbery.net> Mon, Mar 28, 2016 at 03:10:16PM -0300, nachofw: > Thanks for the input.I ended up taking advantage of the fact that asa doesn't support 'terminal length'and 'terminal width'. And changed the file lee mentioned:-> /usr/share/perl5/rancid/ios.pm??????? # the pager can not be disabled per-session on the PIX??????? if (/^(<-+ More -+>)/) {??????????? my($len) = length($1);??????????? s/^$1s{$len}//;+??????????? select(undef, undef, undef, 0.15);??????? } > I cant use the 'terminal pager 0' because that displays all the config in one shot and causes the cpu to spike to 97%, i needed for rancid to use the ---more--- feature when displaying the config.Again thanks to all-------- Why is it an issue if the cpu jumps for 97%? So what. It is temporary and the scheduler should prioritize processes appropriately. From nachofw at adinet.com.uy Tue Mar 29 13:23:56 2016 From: nachofw at adinet.com.uy (nachofw) Date: Tue, 29 Mar 2016 10:23:56 -0300 Subject: [rancid] High cpu on large configs Message-ID: It is very inconvinient for my scenario, high cpu causes alerts on the monitoring systems creating false positive alerts. Also on other platforms causes packet loss por example cisco 3k series with large configs Enviado desde mi smartphone Samsung Galaxy.-------- Mensaje original --------De: heasley Fecha: 29/03/2016 9:46 AM (GMT-03:00) Para: nachofw Cc: rancid-discuss at shrubbery.net Asunto: Re: High cpu on large configs Mon, Mar 28, 2016 at 03:10:16PM -0300, nachofw: > Thanks for the input.I ended up taking advantage of the fact that asa doesn't support 'terminal length'and 'terminal width'. And changed the file lee mentioned:-> /usr/share/perl5/rancid/ios.pm??????? # the pager can not be disabled per-session on the PIX??????? if (/^(<-+ More -+>)/) {??????????? my($len) = length($1);??????????? s/^$1s{$len}//;+??????????? select(undef, undef, undef, 0.15);??????? } > I cant use the 'terminal pager 0' because that displays all the config in one shot and causes the cpu to spike to 97%, i needed for rancid to use the ---more--- feature when displaying the config.Again thanks to all-------- Why is it an issue if the cpu jumps for 97%?? So what.? It is temporary and the scheduler should prioritize processes appropriately. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nicolai.Langfeldt at broadnet.no Tue Mar 29 13:38:58 2016 From: Nicolai.Langfeldt at broadnet.no (Nicolai Langfeldt) Date: Tue, 29 Mar 2016 13:38:58 +0000 Subject: [rancid] High cpu on large configs In-Reply-To: References: Message-ID: <56FA85D5.9040203@broadnet.no> On 29. mars 2016 15:23, nachofw wrote: > It is very inconvinient for my scenario, high cpu causes alerts on the > monitoring systems creating false positive alerts. Also on other > platforms causes packet loss por example cisco 3k series with large configs Then I guess you can't use rancid on those systems. The whole point is to generate text configs. http://www.gdargaud.net/Humor/Pics/DilbertNickel.gif Nicolai From heas at shrubbery.net Tue Mar 29 13:41:38 2016 From: heas at shrubbery.net (heasley) Date: Tue, 29 Mar 2016 13:41:38 +0000 Subject: [rancid] High cpu on large configs In-Reply-To: References: Message-ID: <20160329134138.GA47270@shrubbery.net> Tue, Mar 29, 2016 at 10:23:56AM -0300, nachofw: > It is very inconvinient for my scenario, high cpu causes alerts on the monitoring systems creating false positive alerts. Also on other platforms causes packet loss por example cisco 3k series with large configs the scheduler should not allow it to cause packet loss. you should open a TAC case. as for monitoring; i would alert on high cpu over a 5 minute or longer interval, not a single poll. From nachofw at adinet.com.uy Tue Mar 29 13:55:33 2016 From: nachofw at adinet.com.uy (nachofw) Date: Tue, 29 Mar 2016 10:55:33 -0300 Subject: [rancid] High cpu on large configs Message-ID: But i do use it succesfully, read the previous mail where i set a 150 millisecond sleep to avoid the high cpu. Its working just fine now Enviado desde mi smartphone Samsung Galaxy.-------- Mensaje original --------De: Nicolai Langfeldt Fecha: 29/03/2016 10:38 AM (GMT-03:00) Para: nachofw , rancid-discuss at shrubbery.net Asunto: Re: [rancid] High cpu on large configs On 29. mars 2016 15:23, nachofw wrote: > It is very inconvinient for my scenario, high cpu causes alerts on the > monitoring systems creating false positive alerts. Also on other > platforms causes packet loss por example cisco 3k series with large configs Then I guess you can't use rancid on those systems.? The whole point is to generate text configs. http://www.gdargaud.net/Humor/Pics/DilbertNickel.gif Nicolai -------------- next part -------------- An HTML attachment was scrubbed... URL: From nachofw at adinet.com.uy Tue Mar 29 13:58:30 2016 From: nachofw at adinet.com.uy (nachofw) Date: Tue, 29 Mar 2016 10:58:30 -0300 Subject: [rancid] High cpu on large configs Message-ID: Thanks heasley i will check on the polling advice, as for TAC unfortunately my company doesnt have the budget for that. Enviado desde mi smartphone Samsung Galaxy.-------- Mensaje original --------De: heasley Fecha: 29/03/2016 10:41 AM (GMT-03:00) Para: nachofw Cc: heasley , rancid-discuss at shrubbery.net Asunto: Re: High cpu on large configs Tue, Mar 29, 2016 at 10:23:56AM -0300, nachofw: > It is very inconvinient for my scenario, high cpu causes alerts on the monitoring systems creating false positive alerts. Also on other platforms causes packet loss por example cisco 3k series with large configs the scheduler should not allow it to cause packet loss.? you should open a TAC case. as for monitoring; i would alert on high cpu over a 5 minute or longer interval, not a single poll. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeffrey.dambly at jasper.com Tue Mar 29 17:31:06 2016 From: jeffrey.dambly at jasper.com (Jeffrey d'Ambly) Date: Tue, 29 Mar 2016 17:31:06 +0000 Subject: [rancid] Rancid with an F5 Message-ID: I?m having some issues getting rancid working with my F5 load balancers. Here is what my routers.db looks like [root at sjc-corp-net01 observium]# cat router.db | grep lb atl-lb01;f5;up atl-lb02;f5;up gz-lb01;f5;up gz-lb02;f5;up jed-lb01;f5;up jed-lb02;f5;up nj-lb01;f5;up nj-lb02;f5;up phx-lb01;f5;up phx-lb02;f5;up ryd-lb01;f5;up ryd-lb02;f5;up sjc-lb01;f5;up sjc-lb02;f5;up [root at sjc-corp-net01 observium]# When I run rancid I get the following [root at sjc-corp-net01 rancid]# cat observium.20160329.101355 starting: Tue Mar 29 10:13:55 PDT 2016 Trying to get all of the configs. ERROR: sjc-lb01 configuration appears truncated. Is this because I have partitions configured on my f5, and if so how do I resolve this? ?Jeff -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Mar 29 18:33:39 2016 From: heas at shrubbery.net (heasley) Date: Tue, 29 Mar 2016 18:33:39 +0000 Subject: [rancid] Rancid with an F5 In-Reply-To: References: Message-ID: <20160329183339.GC54818@shrubbery.net> Tue, Mar 29, 2016 at 05:31:06PM +0000, Jeffrey d'Ambly: > > I?m having some issues getting rancid working with my F5 load balancers. > > Here is what my routers.db looks like > > [root at sjc-corp-net01 observium]# cat router.db | grep lb > atl-lb01;f5;up > atl-lb02;f5;up > gz-lb01;f5;up > gz-lb02;f5;up > jed-lb01;f5;up > jed-lb02;f5;up > nj-lb01;f5;up > nj-lb02;f5;up > phx-lb01;f5;up > phx-lb02;f5;up > ryd-lb01;f5;up > ryd-lb02;f5;up > sjc-lb01;f5;up > sjc-lb02;f5;up > [root at sjc-corp-net01 observium]# > > When I run rancid I get the following > > [root at sjc-corp-net01 rancid]# cat observium.20160329.101355 > starting: Tue Mar 29 10:13:55 PDT 2016 > > > > Trying to get all of the configs. > ERROR: sjc-lb01 configuration appears truncated. > > Is this because I have partitions configured on my f5, and if so how do I resolve this? it does so if receives less than 3 lines of configuration. From jeffrey.dambly at jasper.com Tue Mar 29 20:04:28 2016 From: jeffrey.dambly at jasper.com (Jeffrey d'Ambly) Date: Tue, 29 Mar 2016 20:04:28 +0000 Subject: [rancid] Rancid with an F5 In-Reply-To: <20160329183339.GC54818@shrubbery.net> References: <20160329183339.GC54818@shrubbery.net> Message-ID: So that would mean the commands are not working, how do I troubleshoot that? ?Jeff On 3/29/16, 11:33 AM, "heasley" wrote: >Tue, Mar 29, 2016 at 05:31:06PM +0000, Jeffrey d'Ambly: >> >> I?m having some issues getting rancid working with my F5 load balancers. >> >> Here is what my routers.db looks like >> >> [root at sjc-corp-net01 observium]# cat router.db | grep lb >> atl-lb01;f5;up >> atl-lb02;f5;up >> gz-lb01;f5;up >> gz-lb02;f5;up >> jed-lb01;f5;up >> jed-lb02;f5;up >> nj-lb01;f5;up >> nj-lb02;f5;up >> phx-lb01;f5;up >> phx-lb02;f5;up >> ryd-lb01;f5;up >> ryd-lb02;f5;up >> sjc-lb01;f5;up >> sjc-lb02;f5;up >> [root at sjc-corp-net01 observium]# >> >> When I run rancid I get the following >> >> [root at sjc-corp-net01 rancid]# cat observium.20160329.101355 >> starting: Tue Mar 29 10:13:55 PDT 2016 >> >> >> >> Trying to get all of the configs. >> ERROR: sjc-lb01 configuration appears truncated. >> >> Is this because I have partitions configured on my f5, and if so how do >>I resolve this? > >it does so if receives less than 3 lines of configuration. From jeffrey.dambly at jasper.com Tue Mar 29 20:52:36 2016 From: jeffrey.dambly at jasper.com (Jeffrey d'Ambly) Date: Tue, 29 Mar 2016 20:52:36 +0000 Subject: [rancid] Rancid with an F5 In-Reply-To: <20160329204538.GA57822@shrubbery.net> References: <20160329183339.GC54818@shrubbery.net> <20160329204538.GA57822@shrubbery.net> Message-ID: Here is the output, am I using the wrong version of f5rancid? [rancid at sjc-corp-net01 configs]$ eval `/usr/libexec/rancid/f5rancid -C sjc-lb01` sjc-lb01 spawn ssh -i /var/rancid/.ssh/id_dsa -c 3des -x -l admin sjc-lb01 Warning: Identity file /var/rancid/.ssh/id_dsa not accessible: No such file or directory. Password: Last login: Tue Mar 29 11:04:48 2016 from 192.168.201.51 admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal length 0 Syntax Error: unexpected argument "terminal" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal width 132 Syntax Error: unexpected argument "terminal" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe version Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe platform Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# cat /config/bigip.license Syntax Error: unexpected argument "cat" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe monitor list all Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe profile list Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe base list Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe db show Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe route static show Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time --color=never /config/ssl/ssl.crt Syntax Error: unexpected argument "ls" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time --color=never /config/ssl/ssl.key Syntax Error: unexpected argument "ls" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe list Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ^C[rancid at sjc-corp-net01 configs]$ On 3/29/16, 1:45 PM, "heasley" wrote: >Tue, Mar 29, 2016 at 08:04:28PM +0000, Jeffrey d'Ambly: >> So that would mean the commands are not working, how do I troubleshoot >> that? > >yes, i expect so. you will need to run the commands to check for >yourself. >like >eval `f5rancid -C hostname` > >> ?Jeff >> >> On 3/29/16, 11:33 AM, "heasley" wrote: >> >> >Tue, Mar 29, 2016 at 05:31:06PM +0000, Jeffrey d'Ambly: >> >> >> >> I?m having some issues getting rancid working with my F5 load >>balancers. >> >> >> >> Here is what my routers.db looks like >> >> >> >> [root at sjc-corp-net01 observium]# cat router.db | grep lb >> >> atl-lb01;f5;up >> >> atl-lb02;f5;up >> >> gz-lb01;f5;up >> >> gz-lb02;f5;up >> >> jed-lb01;f5;up >> >> jed-lb02;f5;up >> >> nj-lb01;f5;up >> >> nj-lb02;f5;up >> >> phx-lb01;f5;up >> >> phx-lb02;f5;up >> >> ryd-lb01;f5;up >> >> ryd-lb02;f5;up >> >> sjc-lb01;f5;up >> >> sjc-lb02;f5;up >> >> [root at sjc-corp-net01 observium]# >> >> >> >> When I run rancid I get the following >> >> >> >> [root at sjc-corp-net01 rancid]# cat observium.20160329.101355 >> >> starting: Tue Mar 29 10:13:55 PDT 2016 >> >> >> >> >> >> >> >> Trying to get all of the configs. >> >> ERROR: sjc-lb01 configuration appears truncated. >> >> >> >> Is this because I have partitions configured on my f5, and if so how >>do >> >>I resolve this? >> > >> >it does so if receives less than 3 lines of configuration. From shain.singh at gmail.com Wed Mar 30 00:20:39 2016 From: shain.singh at gmail.com (Shain Singh) Date: Wed, 30 Mar 2016 00:20:39 +0000 Subject: [rancid] Rancid with an F5 In-Reply-To: References: <20160329183339.GC54818@shrubbery.net> <20160329204538.GA57822@shrubbery.net> Message-ID: that script looks like it's built for v10 of f5's software... 'bigpipe' commands will no longer run, so you would need to change them to 'tmsh' commands. https://support.f5.com/kb/en-us/solutions/public/13000/600/sol13697 On Wed, 30 Mar 2016 at 07:52 Jeffrey d'Ambly wrote: > Here is the output, am I using the wrong version of f5rancid? > > > [rancid at sjc-corp-net01 configs]$ eval `/usr/libexec/rancid/f5rancid -C > sjc-lb01` > sjc-lb01 > spawn ssh -i /var/rancid/.ssh/id_dsa -c 3des -x -l admin sjc-lb01 > Warning: Identity file /var/rancid/.ssh/id_dsa not accessible: No such > file or directory. > Password: > Last login: Tue Mar 29 11:04:48 2016 from 192.168.201.51 > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal length > 0 > Syntax Error: unexpected argument "terminal" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal width > 132 > Syntax Error: unexpected argument "terminal" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe > version > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe > platform > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# cat > /config/bigip.license > Syntax Error: unexpected argument "cat" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe monitor > list all > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe profile > list > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe base > list > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe db show > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe route > static show > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time > --color=never /config/ssl/ssl.crt > Syntax Error: unexpected argument "ls" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time > --color=never /config/ssl/ssl.key > Syntax Error: unexpected argument "ls" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe list > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# > ^C[rancid at sjc-corp-net01 configs]$ > > > > On 3/29/16, 1:45 PM, "heasley" wrote: > > >Tue, Mar 29, 2016 at 08:04:28PM +0000, Jeffrey d'Ambly: > >> So that would mean the commands are not working, how do I troubleshoot > >> that? > > > >yes, i expect so. you will need to run the commands to check for > >yourself. > >like > >eval `f5rancid -C hostname` > > > >> ?Jeff > >> > >> On 3/29/16, 11:33 AM, "heasley" wrote: > >> > >> >Tue, Mar 29, 2016 at 05:31:06PM +0000, Jeffrey d'Ambly: > >> >> > >> >> I?m having some issues getting rancid working with my F5 load > >>balancers. > >> >> > >> >> Here is what my routers.db looks like > >> >> > >> >> [root at sjc-corp-net01 observium]# cat router.db | grep lb > >> >> atl-lb01;f5;up > >> >> atl-lb02;f5;up > >> >> gz-lb01;f5;up > >> >> gz-lb02;f5;up > >> >> jed-lb01;f5;up > >> >> jed-lb02;f5;up > >> >> nj-lb01;f5;up > >> >> nj-lb02;f5;up > >> >> phx-lb01;f5;up > >> >> phx-lb02;f5;up > >> >> ryd-lb01;f5;up > >> >> ryd-lb02;f5;up > >> >> sjc-lb01;f5;up > >> >> sjc-lb02;f5;up > >> >> [root at sjc-corp-net01 observium]# > >> >> > >> >> When I run rancid I get the following > >> >> > >> >> [root at sjc-corp-net01 rancid]# cat observium.20160329.101355 > >> >> starting: Tue Mar 29 10:13:55 PDT 2016 > >> >> > >> >> > >> >> > >> >> Trying to get all of the configs. > >> >> ERROR: sjc-lb01 configuration appears truncated. > >> >> > >> >> Is this because I have partitions configured on my f5, and if so how > >>do > >> >>I resolve this? > >> > > >> >it does so if receives less than 3 lines of configuration. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From Chris.Davis at principia.edu Wed Mar 30 14:18:35 2016 From: Chris.Davis at principia.edu (Chris Davis) Date: Wed, 30 Mar 2016 14:18:35 +0000 Subject: [rancid] Upgrading to 3.4 Message-ID: I was hoping to upgrade to 3.4 but have run into a series of problems. Wondering how others moved past this. Initially, I was running 2.38 on Centos 5. I tried to in place upgrade and ran into a socket library problem. Saw that the version of the socket library in Centos 7 was compatible, so then began to focus on installing that on my hardware. Unfortunately, the controller driver appears to be no longer supported. So, then I started focusing on a VM for my Rancid server. Got it all set up and installed on a Hyper-V host. And while the networking worked during the install, apparently the network drivers aren't right on the virtual disk and none of the networking works once I boot off the virtual HD. So, has anyone set up Rancid 3.4/Centos 7 on a hyper V host? Or have any other ideas to try? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeffrey.dambly at jasper.com Wed Mar 30 18:23:27 2016 From: jeffrey.dambly at jasper.com (Jeffrey d'Ambly) Date: Wed, 30 Mar 2016 18:23:27 +0000 Subject: [rancid] Rancid with an F5 In-Reply-To: References: <20160329183339.GC54818@shrubbery.net> <20160329204538.GA57822@shrubbery.net> Message-ID: I?ve updated my f5rancid script to use this one https://raw.githubusercontent.com/dotwaffle/rancid-git/master/bin/f5rancid.in However it?s still not working. Is there something additional I need to do? ?Jeff From: Shain Singh > Date: Tuesday, March 29, 2016 at 5:20 PM To: Jeffrey >, heasley >, "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Rancid with an F5 that script looks like it's built for v10 of f5's software... 'bigpipe' commands will no longer run, so you would need to change them to 'tmsh' commands. https://support.f5.com/kb/en-us/solutions/public/13000/600/sol13697 On Wed, 30 Mar 2016 at 07:52 Jeffrey d'Ambly > wrote: Here is the output, am I using the wrong version of f5rancid? [rancid at sjc-corp-net01 configs]$ eval `/usr/libexec/rancid/f5rancid -C sjc-lb01` sjc-lb01 spawn ssh -i /var/rancid/.ssh/id_dsa -c 3des -x -l admin sjc-lb01 Warning: Identity file /var/rancid/.ssh/id_dsa not accessible: No such file or directory. Password: Last login: Tue Mar 29 11:04:48 2016 from 192.168.201.51 admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal length 0 Syntax Error: unexpected argument "terminal" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal width 132 Syntax Error: unexpected argument "terminal" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe version Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe platform Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# cat /config/bigip.license Syntax Error: unexpected argument "cat" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe monitor list all Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe profile list Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe base list Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe db show Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe route static show Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time --color=never /config/ssl/ssl.crt Syntax Error: unexpected argument "ls" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time --color=never /config/ssl/ssl.key Syntax Error: unexpected argument "ls" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe list Syntax Error: unexpected argument "bigpipe" admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit Use "quit" to end the current session admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ^C[rancid at sjc-corp-net01 configs]$ On 3/29/16, 1:45 PM, "heasley" > wrote: >Tue, Mar 29, 2016 at 08:04:28PM +0000, Jeffrey d'Ambly: >> So that would mean the commands are not working, how do I troubleshoot >> that? > >yes, i expect so. you will need to run the commands to check for >yourself. >like >eval `f5rancid -C hostname` > >> ?Jeff >> >> On 3/29/16, 11:33 AM, "heasley" > wrote: >> >> >Tue, Mar 29, 2016 at 05:31:06PM +0000, Jeffrey d'Ambly: >> >> >> >> I?m having some issues getting rancid working with my F5 load >>balancers. >> >> >> >> Here is what my routers.db looks like >> >> >> >> [root at sjc-corp-net01 observium]# cat router.db | grep lb >> >> atl-lb01;f5;up >> >> atl-lb02;f5;up >> >> gz-lb01;f5;up >> >> gz-lb02;f5;up >> >> jed-lb01;f5;up >> >> jed-lb02;f5;up >> >> nj-lb01;f5;up >> >> nj-lb02;f5;up >> >> phx-lb01;f5;up >> >> phx-lb02;f5;up >> >> ryd-lb01;f5;up >> >> ryd-lb02;f5;up >> >> sjc-lb01;f5;up >> >> sjc-lb02;f5;up >> >> [root at sjc-corp-net01 observium]# >> >> >> >> When I run rancid I get the following >> >> >> >> [root at sjc-corp-net01 rancid]# cat observium.20160329.101355 >> >> starting: Tue Mar 29 10:13:55 PDT 2016 >> >> >> >> >> >> >> >> Trying to get all of the configs. >> >> ERROR: sjc-lb01 configuration appears truncated. >> >> >> >> Is this because I have partitions configured on my f5, and if so how >>do >> >>I resolve this? >> > >> >it does so if receives less than 3 lines of configuration. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: