From owens at nysernet.org Thu Apr 9 20:11:15 2020 From: owens at nysernet.org (Bill Owens) Date: Thu, 9 Apr 2020 20:11:15 +0000 Subject: [rancid] Draft config for IOS-XR 7.x on Cisco NCS Message-ID: <97A83B5A-D714-44CA-BB66-5E613FC89A7F@contoso.com> After many years of trouble-free RANCID use, we ran into a snag trying to get our shiny new Cisco NCS 5000 router into the system. It appears there were significant CLI changes between 6.x and 7.x, primarily the complete elimination of the 'admin' mode, which most of the cisco-xr commands relied on. After a few false starts I think I've found a set of commands that do the right things: # Variant cisco-xr/ios-xr commands for IOS-XR 7.x on NCS # WCO 20200409 ios-xr7;alias;cisco-xr7 cisco-xr7;script;rancid -t cisco-xr7 cisco-xr7;login;clogin cisco-xr7;module;iosxr cisco-xr7;inloop;iosxr::inloop cisco-xr7;command;rancid::RunCommand;terminal exec prompt no-timestamp cisco-xr7;command;iosxr::ShowVersion;show version cisco-xr7;command;iosxr::ShowMemorySum;show memory summary cisco-xr7;command;iosxr::ShowInstallActive;show install active cisco-xr7;command;iosxr::ShowLicense;show license udi cisco-xr7;command;iosxr::ShowLicense;show license summary cisco-xr7;command;iosxr::ShowHWfpd;show hw-module fpd cisco-xr7;command;iosxr::ShowRedundancy;show redundancy cisco-xr7;command;iosxr::ShowEnv;show env all cisco-xr7;command;iosxr::DirSlotN;dir /all config: cisco-xr7;command;iosxr::DirSlotN;dir /all disk0: cisco-xr7;command;iosxr::DirSlotN;dir /all harddisk: cisco-xr7;command;iosxr::ShowContAll;show controllers description cisco-xr7;command;iosxr::AdminShowDiag;show diag cisco-xr7;command;iosxr::ShowInventory;show inventory raw cisco-xr7;command;iosxr::ShowDebug;show debug cisco-xr7;command;iosxr::ShowRPL;show rpl maximum cisco-xr7;command;iosxr::WriteTerm;show running-config I limited the number of DirSlotN commands because the other option, rootfs, has constantly changing files. I'm running these with a custom task/user config to limit the rancid account's privileges, which also seems to work: taskgroup rancid task execute filesystem inherit taskgroup retrieve ! usergroup rancid taskgroup rancid ! username myrancid group rancid secret 10 blahblah Comments, feedback, and so on, all appreciated... Bill. From heas at shrubbery.net Thu Apr 9 20:45:31 2020 From: heas at shrubbery.net (john heasley) Date: Thu, 9 Apr 2020 20:45:31 +0000 Subject: [rancid] Draft config for IOS-XR 7.x on Cisco NCS In-Reply-To: <97A83B5A-D714-44CA-BB66-5E613FC89A7F@contoso.com> References: <97A83B5A-D714-44CA-BB66-5E613FC89A7F@contoso.com> Message-ID: <20200409204531.GC32695@shrubbery.net> Thu, Apr 09, 2020 at 08:11:15PM +0000, Bill Owens: > After many years of trouble-free RANCID use, we ran into a snag trying to get our shiny new Cisco NCS 5000 router into the system. It appears there were significant CLI changes between 6.x and 7.x, primarily the complete elimination of the 'admin' mode, which most of the cisco-xr commands relied on. After a few false starts I think I've found a set of commands that do the right things: > > # Variant cisco-xr/ios-xr commands for IOS-XR 7.x on NCS > # WCO 20200409 > ios-xr7;alias;cisco-xr7 > cisco-xr7;script;rancid -t cisco-xr7 > cisco-xr7;login;clogin > cisco-xr7;module;iosxr > cisco-xr7;inloop;iosxr::inloop > cisco-xr7;command;rancid::RunCommand;terminal exec prompt no-timestamp > cisco-xr7;command;iosxr::ShowVersion;show version > cisco-xr7;command;iosxr::ShowMemorySum;show memory summary > cisco-xr7;command;iosxr::ShowInstallActive;show install active > cisco-xr7;command;iosxr::ShowLicense;show license udi > cisco-xr7;command;iosxr::ShowLicense;show license summary > cisco-xr7;command;iosxr::ShowHWfpd;show hw-module fpd > cisco-xr7;command;iosxr::ShowRedundancy;show redundancy > cisco-xr7;command;iosxr::ShowEnv;show env all > cisco-xr7;command;iosxr::DirSlotN;dir /all config: > cisco-xr7;command;iosxr::DirSlotN;dir /all disk0: > cisco-xr7;command;iosxr::DirSlotN;dir /all harddisk: > cisco-xr7;command;iosxr::ShowContAll;show controllers description > cisco-xr7;command;iosxr::AdminShowDiag;show diag > cisco-xr7;command;iosxr::ShowInventory;show inventory raw > cisco-xr7;command;iosxr::ShowDebug;show debug > cisco-xr7;command;iosxr::ShowRPL;show rpl maximum > cisco-xr7;command;iosxr::WriteTerm;show running-config > > I limited the number of DirSlotN commands because the other option, rootfs, has constantly changing files. I am not positive that the NCS variant is the same as the ASR, but please try/see rancid device type cisco-exr. EXR = enhanced XR; their name, not mine. > I'm running these with a custom task/user config to limit the rancid account's privileges, which also seems to work: > > taskgroup rancid > task execute filesystem > inherit taskgroup retrieve > ! > usergroup rancid > taskgroup rancid > ! > username myrancid > group rancid > secret 10 blahblah > > > Comments, feedback, and so on, all appreciated... > > Bill. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss From owens at nysernet.org Thu Apr 9 20:58:16 2020 From: owens at nysernet.org (Bill Owens) Date: Thu, 9 Apr 2020 20:58:16 +0000 Subject: [rancid] Draft config for IOS-XR 7.x on Cisco NCS In-Reply-To: <20200409204531.GC32695@shrubbery.net> References: <97A83B5A-D714-44CA-BB66-5E613FC89A7F@contoso.com> <20200409204531.GC32695@shrubbery.net> Message-ID: <6077179F-039C-4DF8-9B7C-5DA77098EC83@nysernet.org> ?On 4/9/20, 4:45 PM, "john heasley" wrote: I am not positive that the NCS variant is the same as the ASR, but please try/see rancid device type cisco-exr. EXR = enhanced XR; their name, not mine. I looked at cisco-exr as well, and it seems to be part-way between base ios-xr and what I needed for the NCS. I don't pretend to understand Cisco's versions/flavors/etc. but IOS-XR 7.x has completely eliminated 'admin' mode. Attempting to run those commands throws this error: WARNING: Admin mode has been deprecated. Please consult the Command Line Interface Guide. Sadly, there does not appear to be a Command Line Interface Guide; I've asked my Cisco contacts for help finding the details of the changes. Bill. From adudek16 at gmail.com Thu Apr 9 21:16:59 2020 From: adudek16 at gmail.com (Aaron Dudek) Date: Thu, 9 Apr 2020 17:16:59 -0400 Subject: [rancid] Draft config for IOS-XR 7.x on Cisco NCS In-Reply-To: <6077179F-039C-4DF8-9B7C-5DA77098EC83@nysernet.org> References: <97A83B5A-D714-44CA-BB66-5E613FC89A7F@contoso.com> <20200409204531.GC32695@shrubbery.net> <6077179F-039C-4DF8-9B7C-5DA77098EC83@nysernet.org> Message-ID: eXR = 64-bit linux based cXR = classic XR (what we are used to) On Thu, Apr 9, 2020 at 4:58 PM Bill Owens wrote: > > > > ?On 4/9/20, 4:45 PM, "john heasley" wrote: > > I am not positive that the NCS variant is the same as the ASR, but please > try/see rancid device type cisco-exr. EXR = enhanced XR; their name, not > mine. > > > I looked at cisco-exr as well, and it seems to be part-way between base ios-xr and what I needed for the NCS. I don't pretend to understand Cisco's versions/flavors/etc. but IOS-XR 7.x has completely eliminated 'admin' mode. Attempting to run those commands throws this error: > > WARNING: Admin mode has been deprecated. Please consult the Command Line Interface Guide. > > Sadly, there does not appear to be a Command Line Interface Guide; I've asked my Cisco contacts for help finding the details of the changes. > > Bill. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss From naiknilesh at gmail.com Sun Apr 19 08:34:44 2020 From: naiknilesh at gmail.com (Nilesh Naik) Date: Sun, 19 Apr 2020 14:04:44 +0530 Subject: [rancid] Mikrotik Ignore PPP Interfaces Message-ID: Dear All, I am looking at removing the lines from my Mikrotik Backup. set disabled=yes display-time=5s set disabled=yes display-time=5s set disabled=yes display-time=5s I know I have to modify mtrancid module to get this done but i am not able to figure out the place to put the ignore statement. Also how do i run the script on the command line to know what is happening? Thanks for your help in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From charles.allen at zagg.com Wed Apr 22 21:36:50 2020 From: charles.allen at zagg.com (Charles Allen) Date: Wed, 22 Apr 2020 21:36:50 +0000 Subject: [rancid] Unable to pull configuration from Cisco WLC 8.5 Message-ID: Rancid version: 3.12 Cisco WLC: 8.5.161.0 I cannot successfully pull the configuration from my Cisco WLC. In every case, it just gives the generic error "End of run not found." However, if I execute the command to pull configuration via rancid, the .new file looks complete and without issue. I have tried changing the various commands executed but with no success. Looking for a smarter person than I to perhaps give some direction or recommendations. [rancid at xxxx ~]$ NOPIPE=yes rancid -d -t cisco-wlc8 wlc loadtype: device type cisco-wlc8 loadtype: found device type cisco-wlc8 at /usr/local/rancid/etc/rancid.types.base:351 executing wlogin -t 120 -c"show udi;show sysinfo;show run-config commands" wlc PROMPT MATCH: \(Cisco Controller\) > HIT COMMAND:(Cisco Controller) >show udi In ShowUdi: (Cisco Controller) >show udi HIT COMMAND:(Cisco Controller) >show sysinfo In ShowSysinfo: (Cisco Controller) >show sysinfo HIT COMMAND:(Cisco Controller) >show run-config commands In ShowConfig: (Cisco Controller) >show run-config commands wlc : End of run not found wlc : clean_run is false !--WLC End Config Data--! -------------- next part -------------- An HTML attachment was scrubbed... URL: From marijn.vangool at comsave.com Fri Apr 24 11:38:30 2020 From: marijn.vangool at comsave.com (Marijn van Gool) Date: Fri, 24 Apr 2020 13:38:30 +0200 Subject: [rancid] Rancid not sending svn e-mail diffs Message-ID: <690B6EA2-990C-42D7-ACFD-F3C563058D6E@comsave.com> Hello guys, I?ve succesfully installed rancid 3.7 and I am getting configs and diffs. I can also view changes made with svn. No errors when running /usr/lib/rancid/bin/rancid-run: starting: Fri Apr 24 13:34:44 CEST 2020 property 'svn:ignore' set on '.' property 'svn:ignore' set on 'configs' Updating '.': At revision 14. Trying to get all of the configs. All routers successfully completed. ending: Fri Apr 24 13:34:53 CEST 2020 svn diff -r13:14 IP-address | less Index: IP-address =================================================================== --- IP-address (revision 13) +++ IP-address (revision 14) @@ -770,7 +770,7 @@ } } xe-0/0/1:2 { - description test; + description FREE:; } xe-0/0/1:3 { description "FREE: ?; What can I check? Marijn -------------- next part -------------- An HTML attachment was scrubbed... URL: From marijn.vangool at comsave.com Fri Apr 24 12:04:11 2020 From: marijn.vangool at comsave.com (Marijn van Gool) Date: Fri, 24 Apr 2020 14:04:11 +0200 Subject: [rancid] Rancid not sending svn e-mail diffs In-Reply-To: <690B6EA2-990C-42D7-ACFD-F3C563058D6E@comsave.com> References: <690B6EA2-990C-42D7-ACFD-F3C563058D6E@comsave.com> Message-ID: <9D406E3C-B441-4EEE-AA02-5CEDA79FF404@comsave.com> Of course, I?m not e-mailing to this list without having an issue :-) But as the title suggests, I?m not receiving any e-mails, nor from diffs, nor the first time rancid ran. I followed this guide: https://nsrc.org/workshops/2017/apricot2017/nmm/netmgmt/en/rancid/exercises-rancid.html Marijn > On 24 Apr 2020, at 13:38, Marijn van Gool wrote: > > Hello guys, > > I?ve succesfully installed rancid 3.7 and I am getting configs and diffs. > I can also view changes made with svn. > No errors when running /usr/lib/rancid/bin/rancid-run: > > starting: Fri Apr 24 13:34:44 CEST 2020 > > property 'svn:ignore' set on '.' > property 'svn:ignore' set on 'configs' > Updating '.': > At revision 14. > > > Trying to get all of the configs. > All routers successfully completed. > > > ending: Fri Apr 24 13:34:53 CEST 2020 > > > svn diff -r13:14 IP-address | less > > Index: IP-address > =================================================================== > --- IP-address (revision 13) > +++ IP-address (revision 14) > @@ -770,7 +770,7 @@ > } > } > xe-0/0/1:2 { > - description test; > + description FREE:; > } > xe-0/0/1:3 { > description "FREE: ?; > > > What can I check? > > Marijn -------------- next part -------------- An HTML attachment was scrubbed... URL: From dan.w.anderson at gmail.com Fri Apr 24 12:14:19 2020 From: dan.w.anderson at gmail.com (Dan Anderson) Date: Fri, 24 Apr 2020 08:14:19 -0400 Subject: [rancid] Rancid not sending svn e-mail diffs In-Reply-To: <9D406E3C-B441-4EEE-AA02-5CEDA79FF404@comsave.com> References: <690B6EA2-990C-42D7-ACFD-F3C563058D6E@comsave.com> <9D406E3C-B441-4EEE-AA02-5CEDA79FF404@comsave.com> Message-ID: Section 6 in the FAQ (https://shrubbery.net/rancid/FAQ) is a good place to start. Email issues usually come down to configuration of your MTA. You need to have the appropriate rancid-XXX aliases defined. On Fri, Apr 24, 2020 at 8:04 AM Marijn van Gool wrote: > Of course, I?m not e-mailing to this list without having an issue :-) > But as the title suggests, I?m not receiving any e-mails, nor from diffs, > nor the first time rancid ran. > I followed this guide: > https://nsrc.org/workshops/2017/apricot2017/nmm/netmgmt/en/rancid/exercises-rancid.html > > Marijn > > On 24 Apr 2020, at 13:38, Marijn van Gool > wrote: > > Hello guys, > > I?ve succesfully installed rancid 3.7 and I am getting configs and diffs. > I can also view changes made with svn. > No errors when running */usr/lib/rancid/bin/rancid-run:* > > starting: Fri Apr 24 13:34:44 CEST 2020 > > property 'svn:ignore' set on '.' > property 'svn:ignore' set on 'configs' > Updating '.': > At revision 14. > > > Trying to get all of the configs. > All routers successfully completed. > > > ending: Fri Apr 24 13:34:53 CEST 2020 > > > *svn diff -r13:14 IP-address | less* > > Index: IP-address > =================================================================== > --- IP-address (revision 13) > +++ IP-address (revision 14) > @@ -770,7 +770,7 @@ > } > } > xe-0/0/1:2 { > - description test; > + description FREE:; > } > xe-0/0/1:3 { > description "FREE: ?; > > > What can I check? > > Marijn > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From marijn.vangool at comsave.com Fri Apr 24 12:29:21 2020 From: marijn.vangool at comsave.com (Marijn van Gool) Date: Fri, 24 Apr 2020 14:29:21 +0200 Subject: [rancid] Rancid not sending svn e-mail diffs In-Reply-To: References: <690B6EA2-990C-42D7-ACFD-F3C563058D6E@comsave.com> <9D406E3C-B441-4EEE-AA02-5CEDA79FF404@comsave.com> Message-ID: <411685E0-B5D0-4098-8DA7-59058FE95593@comsave.com> Hi Dan, Thanks for your quick response. I understand that Rancid is not responsible for e-mail issues. Only the weird thing is, the e-mail part is actually working, because what I DO receive is the following (everytime I add or delete a router). That?s why I would think something is wrong in my Rancid configuration. Subject: changes in core routers Routers changed to up: device3;juniper Added routers: device3;juniper /etc/aliases: root at rancid:~# cat /etc/aliases # See man 5 aliases for format postmaster: root rancid-core: my.e-mail.address rancid-admin-core: my.e-mail.address root at rancid:~# /usr/sbin/newaliases WARNING: local host name (oxidized) is not qualified; see cf/README: WHO AM I? /etc/mail/aliases: 3 aliases, longest 18 bytes, 78 bytes total root at rancid:~# su - rancid rancid at rancid:~$ /var/lib/rancid/bin/rancid-run configs: rancid at oxidized:~$ ls /var/lib/rancid/core/configs device1 device2 device3 Marijn > On 24 Apr 2020, at 14:14, Dan Anderson wrote: > > Section 6 in the FAQ (https://shrubbery.net/rancid/FAQ ) is a good place to start. Email issues usually come down to configuration of your MTA. You need to have the appropriate rancid-XXX aliases defined. > > On Fri, Apr 24, 2020 at 8:04 AM Marijn van Gool > wrote: > Of course, I?m not e-mailing to this list without having an issue :-) > But as the title suggests, I?m not receiving any e-mails, nor from diffs, nor the first time rancid ran. > I followed this guide: https://nsrc.org/workshops/2017/apricot2017/nmm/netmgmt/en/rancid/exercises-rancid.html > > Marijn > >> On 24 Apr 2020, at 13:38, Marijn van Gool > wrote: >> >> Hello guys, >> >> I?ve succesfully installed rancid 3.7 and I am getting configs and diffs. >> I can also view changes made with svn. >> No errors when running /usr/lib/rancid/bin/rancid-run: >> >> starting: Fri Apr 24 13:34:44 CEST 2020 >> >> property 'svn:ignore' set on '.' >> property 'svn:ignore' set on 'configs' >> Updating '.': >> At revision 14. >> >> >> Trying to get all of the configs. >> All routers successfully completed. >> >> >> ending: Fri Apr 24 13:34:53 CEST 2020 >> >> >> svn diff -r13:14 IP-address | less >> >> Index: IP-address >> =================================================================== >> --- IP-address (revision 13) >> +++ IP-address (revision 14) >> @@ -770,7 +770,7 @@ >> } >> } >> xe-0/0/1:2 { >> - description test; >> + description FREE:; >> } >> xe-0/0/1:3 { >> description "FREE: ?; >> >> >> What can I check? >> >> Marijn > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > -- > Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From dan.w.anderson at gmail.com Fri Apr 24 13:19:06 2020 From: dan.w.anderson at gmail.com (Dan Anderson) Date: Fri, 24 Apr 2020 09:19:06 -0400 Subject: [rancid] Rancid not sending svn e-mail diffs In-Reply-To: <411685E0-B5D0-4098-8DA7-59058FE95593@comsave.com> References: <690B6EA2-990C-42D7-ACFD-F3C563058D6E@comsave.com> <9D406E3C-B441-4EEE-AA02-5CEDA79FF404@comsave.com> <411685E0-B5D0-4098-8DA7-59058FE95593@comsave.com> Message-ID: There really isn't much in the way of mail settings in rancid.conf. You can force/override your FQDN if your MTA isn't doing that for you and you can change the headers from Bulk to something of higher priority if necessary. I wouldn't necessarily expect either of those settings to be an issue if you're getting some of the mail. I assume you've run mailq and verified that there's nothing that's pending or failing in the outbound queue? Depending on the size of the diffs, especially on first run, they may be getting blocked by the receiving server. There's an option in rancid.conf to split large messages into smaller pieces which might be worth exploring. On Fri, Apr 24, 2020 at 8:29 AM Marijn van Gool wrote: > Hi Dan, > > Thanks for your quick response. > I understand that Rancid is not responsible for e-mail issues. > > Only the weird thing is, the e-mail part is actually working, because what > I DO receive is the following (everytime I add or delete a router). > That?s why I would think something is wrong in my Rancid configuration. > > Subject: changes in core routers > > Routers changed to up: > device3;juniper > > Added routers: > device3;juniper > > > */etc/aliases:* > > root at rancid:~# cat /etc/aliases > # See man 5 aliases for format > postmaster: root > rancid-core: my.e-mail.address > rancid-admin-core: my.e-mail.address > > root at rancid:~# /usr/sbin/newaliases > WARNING: local host name (oxidized) is not qualified; see cf/README: WHO > AM I? > /etc/mail/aliases: 3 aliases, longest 18 bytes, 78 bytes total > root at rancid:~# su - rancid > rancid at rancid:~$ /var/lib/rancid/bin/rancid-run > > *configs:* > > rancid at oxidized:~$ ls /var/lib/rancid/core/configs > device1 device2 device3 > > Marijn > > On 24 Apr 2020, at 14:14, Dan Anderson wrote: > > Section 6 in the FAQ (https://shrubbery.net/rancid/FAQ) is a good place > to start. Email issues usually come down to configuration of your MTA. You > need to have the appropriate rancid-XXX aliases defined. > > On Fri, Apr 24, 2020 at 8:04 AM Marijn van Gool < > marijn.vangool at comsave.com> wrote: > >> Of course, I?m not e-mailing to this list without having an issue :-) >> But as the title suggests, I?m not receiving any e-mails, nor from diffs, >> nor the first time rancid ran. >> I followed this guide: >> https://nsrc.org/workshops/2017/apricot2017/nmm/netmgmt/en/rancid/exercises-rancid.html >> >> Marijn >> >> On 24 Apr 2020, at 13:38, Marijn van Gool >> wrote: >> >> Hello guys, >> >> I?ve succesfully installed rancid 3.7 and I am getting configs and diffs. >> I can also view changes made with svn. >> No errors when running */usr/lib/rancid/bin/rancid-run:* >> >> starting: Fri Apr 24 13:34:44 CEST 2020 >> >> property 'svn:ignore' set on '.' >> property 'svn:ignore' set on 'configs' >> Updating '.': >> At revision 14. >> >> >> Trying to get all of the configs. >> All routers successfully completed. >> >> >> ending: Fri Apr 24 13:34:53 CEST 2020 >> >> >> *svn diff -r13:14 IP-address | less* >> >> Index: IP-address >> =================================================================== >> --- IP-address (revision 13) >> +++ IP-address (revision 14) >> @@ -770,7 +770,7 @@ >> } >> } >> xe-0/0/1:2 { >> - description test; >> + description FREE:; >> } >> xe-0/0/1:3 { >> description "FREE: ?; >> >> >> What can I check? >> >> Marijn >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at www.shrubbery.net >> https://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > > -- > Dan > > > -- Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From marijn.vangool at comsave.com Fri Apr 24 13:40:47 2020 From: marijn.vangool at comsave.com (Marijn van Gool) Date: Fri, 24 Apr 2020 15:40:47 +0200 Subject: [rancid] Rancid not sending svn e-mail diffs In-Reply-To: References: <690B6EA2-990C-42D7-ACFD-F3C563058D6E@comsave.com> <9D406E3C-B441-4EEE-AA02-5CEDA79FF404@comsave.com> <411685E0-B5D0-4098-8DA7-59058FE95593@comsave.com> Message-ID: <83713907-C45C-4EA3-967D-80E5DC760E26@comsave.com> Hi Dan, Well, there you have it.. I forgot to check my Junk inbox? and there they all are. Thanks for taking the time to answer my dumb questions. Have a nice weekend! Marijn > On 24 Apr 2020, at 15:19, Dan Anderson wrote: > > There really isn't much in the way of mail settings in rancid.conf. You can force/override your FQDN if your MTA isn't doing that for you and you can change the headers from Bulk to something of higher priority if necessary. I wouldn't necessarily expect either of those settings to be an issue if you're getting some of the mail. > > I assume you've run mailq and verified that there's nothing that's pending or failing in the outbound queue? Depending on the size of the diffs, especially on first run, they may be getting blocked by the receiving server. There's an option in rancid.conf to split large messages into smaller pieces which might be worth exploring. > > On Fri, Apr 24, 2020 at 8:29 AM Marijn van Gool > wrote: > Hi Dan, > > Thanks for your quick response. > I understand that Rancid is not responsible for e-mail issues. > > Only the weird thing is, the e-mail part is actually working, because what I DO receive is the following (everytime I add or delete a router). > That?s why I would think something is wrong in my Rancid configuration. > > Subject: changes in core routers > > Routers changed to up: > device3;juniper > > Added routers: > device3;juniper > > > /etc/aliases: > > root at rancid:~# cat /etc/aliases > # See man 5 aliases for format > postmaster: root > rancid-core: my.e-mail.address > rancid-admin-core: my.e-mail.address > > root at rancid:~# /usr/sbin/newaliases > WARNING: local host name (oxidized) is not qualified; see cf/README: WHO AM I? > /etc/mail/aliases: 3 aliases, longest 18 bytes, 78 bytes total > root at rancid:~# su - rancid > rancid at rancid:~$ /var/lib/rancid/bin/rancid-run > > configs: > > rancid at oxidized:~$ ls /var/lib/rancid/core/configs > device1 device2 device3 > > Marijn > >> On 24 Apr 2020, at 14:14, Dan Anderson > wrote: >> >> Section 6 in the FAQ (https://shrubbery.net/rancid/FAQ ) is a good place to start. Email issues usually come down to configuration of your MTA. You need to have the appropriate rancid-XXX aliases defined. >> >> On Fri, Apr 24, 2020 at 8:04 AM Marijn van Gool > wrote: >> Of course, I?m not e-mailing to this list without having an issue :-) >> But as the title suggests, I?m not receiving any e-mails, nor from diffs, nor the first time rancid ran. >> I followed this guide: https://nsrc.org/workshops/2017/apricot2017/nmm/netmgmt/en/rancid/exercises-rancid.html >> >> Marijn >> >>> On 24 Apr 2020, at 13:38, Marijn van Gool > wrote: >>> >>> Hello guys, >>> >>> I?ve succesfully installed rancid 3.7 and I am getting configs and diffs. >>> I can also view changes made with svn. >>> No errors when running /usr/lib/rancid/bin/rancid-run: >>> >>> starting: Fri Apr 24 13:34:44 CEST 2020 >>> >>> property 'svn:ignore' set on '.' >>> property 'svn:ignore' set on 'configs' >>> Updating '.': >>> At revision 14. >>> >>> >>> Trying to get all of the configs. >>> All routers successfully completed. >>> >>> >>> ending: Fri Apr 24 13:34:53 CEST 2020 >>> >>> >>> svn diff -r13:14 IP-address | less >>> >>> Index: IP-address >>> =================================================================== >>> --- IP-address (revision 13) >>> +++ IP-address (revision 14) >>> @@ -770,7 +770,7 @@ >>> } >>> } >>> xe-0/0/1:2 { >>> - description test; >>> + description FREE:; >>> } >>> xe-0/0/1:3 { >>> description "FREE: ?; >>> >>> >>> What can I check? >>> >>> Marijn >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at www.shrubbery.net >> https://www.shrubbery.net/mailman/listinfo/rancid-discuss >> >> >> -- >> Dan > > > > -- > Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From on at LEFerguson.com Mon Apr 27 16:58:55 2020 From: on at LEFerguson.com (on at LEFerguson.com) Date: Mon, 27 Apr 2020 16:58:55 +0000 Subject: [rancid] Rancid 3.10 and ASA 9.14 failing? Message-ID: I'm on 3.10 and just upgraded an cisco 5516 asa to 9.14, and it will not pull from rancid giving this error: HIT COMMAND:XXXXX-ASA1# show running-config In WriteTerm: XXXXX-ASA1# show running-config HIT COMMAND:XXXXX-ASA1# write term In WriteTerm: XXXXX-ASA1# write term xxxxx-asa1.etsbcad.local: missed cmd(s): show redundancy secondary, show flash:, show running-config view full Another otherwise identically configured ASA on 9.9(2) works fine. All three of these commands work the same on 9.2 as on 9.14 (i.e. first and third do not exist, and show flash works). So it's something more subtle. I've reviewed the release notes for 3.11 and didn't see anything that may apply; I am a bit reluctant to upgrade as I have a lot of changes to scripts to retrofit and upgrading is a pretty big job. It's also remotely possible I broke this in one of my changes; again, a bit painful to back all changes out to tell. So... please save me a bit of time... is anyone using ASA version 9.14 with Rancid? Does it work, or fail the same way? Knowing either one will save me a lot of time. Thanks, Linwood -------------- next part -------------- An HTML attachment was scrubbed... URL: From ryan.g at atwgpc.net Tue Apr 28 04:02:45 2020 From: ryan.g at atwgpc.net (Ryan Gelobter) Date: Mon, 27 Apr 2020 23:02:45 -0500 Subject: [rancid] Rancid 3.10 and ASA 9.14 failing? In-Reply-To: References: Message-ID: I spun up an ASAv 9.14.1 with a brand new rancid 3.10 install and had no issues. I assume you know about making sure you run 'no aaa authentication login-history' as that's needed for 9.9 as well. I can't remember if cisco added that banner prompt in 9.2. Regards, Ryan On Mon, Apr 27, 2020 at 11:59 AM on at LEFerguson.com wrote: > I'm on 3.10 and just upgraded an cisco 5516 asa to 9.14, and it will not > pull from rancid giving this error: > > > > HIT COMMAND:XXXXX-ASA1# show running-config > > In WriteTerm: XXXXX-ASA1# show running-config > > HIT COMMAND:XXXXX-ASA1# write term > > In WriteTerm: XXXXX-ASA1# write term > > xxxxx-asa1.etsbcad.local: missed cmd(s): show redundancy secondary, show > flash:, show running-config view full > > > > Another otherwise identically configured ASA on 9.9(2) works fine. > > > > All three of these commands work the same on 9.2 as on 9.14 (i.e. first > and third do not exist, and show flash works). So it's something more > subtle. > > > > I've reviewed the release notes for 3.11 and didn't see anything that may > apply; I am a bit reluctant to upgrade as I have a lot of changes to > scripts to retrofit and upgrading is a pretty big job. > > > > It's also remotely possible I broke this in one of my changes; again, a > bit painful to back all changes out to tell. > > > > So? please save me a bit of time? is anyone using ASA version 9.14 with > Rancid? Does it work, or fail the same way? Knowing either one will save > me a lot of time. > > > > Thanks, > > Linwood > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Tim.McIntire at infinite.com Tue Apr 28 13:45:46 2020 From: Tim.McIntire at infinite.com (Tim McIntire) Date: Tue, 28 Apr 2020 13:45:46 +0000 Subject: [rancid] no CVS directory created for new groups Message-ID: <5616a3a9ef5042c784dede6529a8f5ff@ICUSM01.infics.com> Hi, I recently migrated to rancid 3.9. I created 3 groups initially and it is all working fine, but when I added two more, I was not getting any emails for the changes. I tested email to the alias, that is working. Looked through the archives and it appears to be related to not running rancid-cvs after adding the group to rancid.conf. I can run rancid-run and it created the var/GROUP/configs dir and saves the config, but it is not keeping track of differences. When I run cvs log -bSh router.db I get cvs log: No CVSROOT specified! Please use the `-d' option cvs [log aborted]: or set the CVSROOT environment variable. I ran rancid-cvs -V -f /opt/rancid/etc/rancid.conf but it is still not creating the GROUP in /opt/rancid/var/CVS. Any suggestions? Thanks.. Tim This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify so to the sender by e-mail and delete the original message. In such cases, please notify us immediately at info at infinite.com . Further, you are not to copy, disclose, or distribute this e-mail or its contents to any unauthorized person(s). Any such actions are considered unlawful. This e-mail may contain viruses. Infinite has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachments. Infinite reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infinite e-mail system. ***INFINITE******** End of Disclaimer********INFINITE******** -------------- next part -------------- An HTML attachment was scrubbed... URL: From Charles.Brooks at hbcs.org Tue Apr 28 14:05:00 2020 From: Charles.Brooks at hbcs.org (Charles T. Brooks) Date: Tue, 28 Apr 2020 14:05:00 +0000 Subject: [rancid] no CVS directory created for new groups In-Reply-To: <5616a3a9ef5042c784dede6529a8f5ff@ICUSM01.infics.com> References: <5616a3a9ef5042c784dede6529a8f5ff@ICUSM01.infics.com> Message-ID: If you haven't defined CVSROOT then CVS won't know where to create CVS objects, n'est-ce pas? Until you define it, CVS can't work.? Google your error message. CVSROOT is usually set in a bash profile (or whatever login initialization script is used by your chosen OS.) Remember, the environment variable has to be set for the process actually running CVS. If you are running CVS from a user login, that's quite likely got different environment configuration than when you're running it out of cron or some other job scheduler. --Charlie From: Rancid-discuss on behalf of Tim McIntire Sent: Tuesday, April 28, 2020 9:45 AM To: Rancid-discuss at www.shrubbery.net Subject: [rancid] no CVS directory created for new groups ? Hi, ? I recently migrated to rancid 3.9.? I created 3 groups initially and it is all working fine, but when I added two more, I was not getting any emails for the changes.? I tested email to the alias, that is working.? Looked through the archives and it? appears to be related to not running rancid-cvs after adding the group to rancid.conf.??? I can run rancid-run and it created the var/GROUP/configs dir and saves the config, but it is not keeping track of differences.? When I run ? cvs? log -bSh router.db ? I get ? cvs log: No CVSROOT specified!? Please use the `-d' option cvs [log aborted]: or set the CVSROOT environment variable. ? I ran ? rancid-cvs -V -f /opt/rancid/etc/rancid.conf ? but it is still not creating the GROUP in /opt/rancid/var/CVS. ? Any suggestions? ? Thanks.. ? Tim ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- From Tim.McIntire at infinite.com Tue Apr 28 14:53:58 2020 From: Tim.McIntire at infinite.com (Tim McIntire) Date: Tue, 28 Apr 2020 14:53:58 +0000 Subject: [rancid] no CVS directory created for new groups In-Reply-To: References: <5616a3a9ef5042c784dede6529a8f5ff@ICUSM01.infics.com> Message-ID: <1b562e20f28b48e587aa5026bd1bfb7d@ICUSM01.infics.com> Understood, but CVSROOT is defined in the rancid.conf file and is working just fine for the original 3 groups that I created when I configured the new rancid server. In both cases, I was running this as the rancid user. Got it to work.. here is what I did: Removed the broken GROUP entries from the rancid.conf file Ran /opt/rancid/bin/rancid-cvs renamed the broken GROUP directories in /opt/rancid/var/ added the GROUP entries back into the rancid.conf file. Ran /opt/rancid/bin/rancid-cvs again.. this time I saw it create the directories in the CVS dir. Copied the router.db file back over to the GROUP dir When I ran rancid-run, I got the email with the config updates. Tim -----Original Message----- From: Charles T. Brooks [mailto:Charles.Brooks at hbcs.org] Sent: Tuesday, April 28, 2020 9:05 AM To: Tim McIntire ; Rancid-discuss at www.shrubbery.net Subject: Re: no CVS directory created for new groups If you haven't defined CVSROOT then CVS won't know where to create CVS objects, n'est-ce pas? Until you define it, CVS can't work.? Google your error message. CVSROOT is usually set in a bash profile (or whatever login initialization script is used by your chosen OS.) Remember, the environment variable has to be set for the process actually running CVS. If you are running CVS from a user login, that's quite likely got different environment configuration than when you're running it out of cron or some other job scheduler. --Charlie From: Rancid-discuss on behalf of Tim McIntire Sent: Tuesday, April 28, 2020 9:45 AM To: Rancid-discuss at www.shrubbery.net Subject: [rancid] no CVS directory created for new groups ? Hi, ? I recently migrated to rancid 3.9.? I created 3 groups initially and it is all working fine, but when I added two more, I was not getting any emails for the changes.? I tested email to the alias, that is working.? Looked through the archives and it? appears to be related to not running rancid-cvs after adding the group to rancid.conf.??? I can run rancid-run and it created the var/GROUP/configs dir and saves the config, but it is not keeping track of differences.? When I run ? cvs? log -bSh router.db ? I get ? cvs log: No CVSROOT specified!? Please use the `-d' option cvs [log aborted]: or set the CVSROOT environment variable. ? I ran ? rancid-cvs -V -f /opt/rancid/etc/rancid.conf ? but it is still not creating the GROUP in /opt/rancid/var/CVS. ? Any suggestions? ? Thanks.. ? Tim ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify so to the sender by e-mail and delete the original message. In such cases, please notify us immediately at info at infinite.com . Further, you are not to copy, disclose, or distribute this e-mail or its contents to any unauthorized person(s). Any such actions are considered unlawful. This e-mail may contain viruses. Infinite has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachments. Infinite reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infinite e-mail system. ***INFINITE******** End of Disclaimer********INFINITE******** From heas at shrubbery.net Tue Apr 28 15:13:08 2020 From: heas at shrubbery.net (john heasley) Date: Tue, 28 Apr 2020 15:13:08 +0000 Subject: [rancid] no CVS directory created for new groups In-Reply-To: References: <5616a3a9ef5042c784dede6529a8f5ff@ICUSM01.infics.com> Message-ID: <20200428151308.GC32476@shrubbery.net> Tue, Apr 28, 2020 at 02:05:00PM +0000, Charles T. Brooks: > If you haven't defined CVSROOT then CVS won't know where to create CVS objects, n'est-ce pas? > > Until you define it, CVS can't work.? Google your error message. > > CVSROOT is usually set in a bash profile (or whatever login initialization script is used by your chosen OS.) For rancid, CVSROOT is set in rancid.conf. Please see the comments about this in that file. But, CVSROOT in one's environment is only needed when outside of an established repository, or it can be specified on the cmd-line with the -d option. Once within one, it would be read from the file CVS/Root (iirc), unless overridden by the env variable or cmd-line. The scripts that need it, will read rancid.conf from the default location or as specified on the cmd-line. An interactive user using bourne shell can include it in their env by running ". /path/to/rancid.conf" I suspect that Tim's problem is that the new groups are not in rancid.conf:LIST_OF_GROUPS nor specified on the cmd-line and therefore were not processed by rancid-cvs. From Tim.McIntire at infinite.com Tue Apr 28 20:24:01 2020 From: Tim.McIntire at infinite.com (Tim McIntire) Date: Tue, 28 Apr 2020 20:24:01 +0000 Subject: [rancid] fortigate 100E hourly changes not filtered Message-ID: Hi All, Having a problem with Rancid 3.9 with Fortigate 100E firewall. Each hour, the config is updated with new Virus files and it is triggering an update/email for the change. Here is the delta: @@ -1,12 +1,12 @@ #RANCID-CONTENT-TYPE: fortigate # #Version: FortiGate-100E v6.2.3,build1066,191218 (GA) - #Virus-DB: 77.00033(2020-04-28 08:20) - #Extended DB: 77.00033(2020-04-28 08:20) - #IPS-DB: 15.00828(2020-04-25 01:28) + #Virus-DB: 77.00035(2020-04-28 10:20) + #Extended DB: 77.00035(2020-04-28 10:20) + #IPS-DB: 15.00829(2020-04-28 00:39) #IPS-ETDB: 0.00000(2001-01-01 00:00) - #APP-DB: 15.00828(2020-04-25 01:28) + #APP-DB: 15.00829(2020-04-28 00:39) #INDUSTRIAL-DB: 6.00741(2015-12-01 02:30) #Serial-Number: FG100ETK19022626 #IPS Malicious URL Database: 2.00627(2020-04-28 05:33) #Botnet DB: 1.00000(2012-05-28 22:51) I can see in the lib/fortigate.pm file where it tries to filter this out, but it still showing up. Has anyone else seen this? Thanks for a really useful product, it has saved us on a number of occasions. Tim This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify so to the sender by e-mail and delete the original message. In such cases, please notify us immediately at info at infinite.com . Further, you are not to copy, disclose, or distribute this e-mail or its contents to any unauthorized person(s). Any such actions are considered unlawful. This e-mail may contain viruses. Infinite has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachments. Infinite reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infinite e-mail system. ***INFINITE******** End of Disclaimer********INFINITE******** -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Apr 28 20:28:49 2020 From: heas at shrubbery.net (john heasley) Date: Tue, 28 Apr 2020 20:28:49 +0000 Subject: [rancid] fortigate 100E hourly changes not filtered In-Reply-To: References: Message-ID: <20200428202849.GF83841@shrubbery.net> Tue, Apr 28, 2020 at 08:24:01PM +0000, Tim McIntire: > Hi All, > > Having a problem with Rancid 3.9 with Fortigate 100E firewall. Each hour, the config is updated with new Virus files and it is triggering an update/email for the change. > > Here is the delta: > > @@ -1,12 +1,12 @@ > > #RANCID-CONTENT-TYPE: fortigate > # > #Version: FortiGate-100E v6.2.3,build1066,191218 (GA) > - #Virus-DB: 77.00033(2020-04-28 08:20) > - #Extended DB: 77.00033(2020-04-28 08:20) > - #IPS-DB: 15.00828(2020-04-25 01:28) > + #Virus-DB: 77.00035(2020-04-28 10:20) > + #Extended DB: 77.00035(2020-04-28 10:20) > + #IPS-DB: 15.00829(2020-04-28 00:39) > #IPS-ETDB: 0.00000(2001-01-01 00:00) > - #APP-DB: 15.00828(2020-04-25 01:28) > + #APP-DB: 15.00829(2020-04-28 00:39) > #INDUSTRIAL-DB: 6.00741(2015-12-01 02:30) > #Serial-Number: FG100ETK19022626 > #IPS Malicious URL Database: 2.00627(2020-04-28 05:33) > #Botnet DB: 1.00000(2012-05-28 22:51) > > I can see in the lib/fortigate.pm file where it tries to filter this out, but it still showing up. Has anyone else seen this? > > Thanks for a really useful product, it has saved us on a number of occasions. rancid.conf:FILTER_OSC=ALL (or in /rancid.conf) must be set to filter these. It defaults to YES. Also see rancid.conf(5). From Tim.McIntire at infinite.com Tue Apr 28 20:42:55 2020 From: Tim.McIntire at infinite.com (Tim McIntire) Date: Tue, 28 Apr 2020 20:42:55 +0000 Subject: [rancid] fortigate 100E hourly changes not filtered In-Reply-To: <20200428202849.GF83841@shrubbery.net> References: <20200428202849.GF83841@shrubbery.net> Message-ID: Thanks John.. that clears it up. Tim -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Tuesday, April 28, 2020 3:29 PM To: Tim McIntire Cc: Rancid-discuss at www.shrubbery.net Subject: Re: [rancid] fortigate 100E hourly changes not filtered Tue, Apr 28, 2020 at 08:24:01PM +0000, Tim McIntire: > Hi All, > > Having a problem with Rancid 3.9 with Fortigate 100E firewall. Each hour, the config is updated with new Virus files and it is triggering an update/email for the change. > > Here is the delta: > > @@ -1,12 +1,12 @@ > > #RANCID-CONTENT-TYPE: fortigate > # > #Version: FortiGate-100E v6.2.3,build1066,191218 (GA) > - #Virus-DB: 77.00033(2020-04-28 08:20) > - #Extended DB: 77.00033(2020-04-28 08:20) > - #IPS-DB: 15.00828(2020-04-25 01:28) > + #Virus-DB: 77.00035(2020-04-28 10:20) #Extended DB: > + 77.00035(2020-04-28 10:20) > + #IPS-DB: 15.00829(2020-04-28 00:39) > #IPS-ETDB: 0.00000(2001-01-01 00:00) > - #APP-DB: 15.00828(2020-04-25 01:28) > + #APP-DB: 15.00829(2020-04-28 00:39) > #INDUSTRIAL-DB: 6.00741(2015-12-01 02:30) > #Serial-Number: FG100ETK19022626 > #IPS Malicious URL Database: 2.00627(2020-04-28 05:33) > #Botnet DB: 1.00000(2012-05-28 22:51) > > I can see in the lib/fortigate.pm file where it tries to filter this out, but it still showing up. Has anyone else seen this? > > Thanks for a really useful product, it has saved us on a number of occasions. rancid.conf:FILTER_OSC=ALL (or in /rancid.conf) must be set to filter these. It defaults to YES. Also see rancid.conf(5). This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify so to the sender by e-mail and delete the original message. In such cases, please notify us immediately at info at infinite.com . Further, you are not to copy, disclose, or distribute this e-mail or its contents to any unauthorized person(s). Any such actions are considered unlawful. This e-mail may contain viruses. Infinite has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachments. Infinite reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infinite e-mail system. ***INFINITE******** End of Disclaimer********INFINITE********