From owner-rancid-discuss@shrubbery.net Sat Jan 12 21:07:45 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CL7jF12986 for ; Sat, 12 Jan 2002 21:07:45 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0CL61124094 for rancid-discuss-outgoing; Sat, 12 Jan 2002 21:06:01 GMT Received: from alpha.jnpr.net (natint.juniper.net [207.17.136.129]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CL5ta24087 for ; Sat, 12 Jan 2002 21:05:55 GMT Received: from proton.jnpr.net ([172.24.18.98]) by alpha.jnpr.net with Microsoft SMTPSVC(5.0.2195.3779); Sat, 12 Jan 2002 13:05:50 -0800 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: automating non-config actions? X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Sat, 12 Jan 2002 13:05:50 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: automating non-config actions? Thread-Index: AcGbrNipiJDbPp+xRCK2+MCQi3+hfw== From: "Avram Dorfman" To: X-OriginalArrivalTime: 12 Jan 2002 21:05:50.0559 (UTC) FILETIME=[E9FF56F0:01C19BAC] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by guelah.shrubbery.net id g0CL5ua24089 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Has anyone thought about modifying rancid to make it a batch utility for executing arbitrary actions on lots of routers? I'd like to be able to write simple expect scripts to accomplish a task, like "show route" or "clear route forwarding-table x/y x.x.x.x" and then roll it out to a whole list of routers. The main difference I'm looking for is - a switch to turn off all the diffing and cvs - direct the logging to somewhere besides the config directory - specify the action script on the command line. This way, I could leverage all of rancid's router.db and vendor specific login knowledge, to get a more general utility. In particular, what I really want to do is build a script to *install* a batch of configs from the archive on a series of routers. I would use this in a lab environment to quickly restore a bunch of routers to arbitrary past lab scenarios that people have built. I would also then use it to run tests & show commands against the scenario, and store them for later reference. I'm getting ready to hack this up myself. But if anyone is has done something like this already, perhaps I can leverage your work. Either way, I'd like to know how many people are interested in this capability, so I can decide to what extent it's worth the effort of doing it professionally from the get-go, instead of quick-and-dirty. -Avram From owner-rancid-discuss@shrubbery.net Sat Jan 12 21:07:45 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CL7jF12985 for ; Sat, 12 Jan 2002 21:07:45 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0CL61s24095 for rancid-discuss-outgoing; Sat, 12 Jan 2002 21:06:01 GMT Received: from beta.jnpr.net (natint.juniper.net [207.17.136.129]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CL5ta24086 for ; Sat, 12 Jan 2002 21:05:55 GMT Received: from proton.jnpr.net ([172.24.18.98]) by beta.jnpr.net with Microsoft SMTPSVC(5.0.2195.3779); Sat, 12 Jan 2002 13:05:50 -0800 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: the cleartext password issue X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Sat, 12 Jan 2002 13:05:50 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: the cleartext password issue Thread-Index: AcGbq2lIE1ct+NDCRF2jIbr59A/zGQ== From: "Avram Dorfman" To: X-OriginalArrivalTime: 12 Jan 2002 21:05:50.0442 (UTC) FILETIME=[E9ED7CA0:01C19BAC] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by guelah.shrubbery.net id g0CL5ua24088 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello Everyone, I've dealt with rancid-style packages for a while that I home-grew, before rancid came along, so I've faced this annoying clear-text password in a file issue many times before. One way that I've considered handling it (although never actually implemented) is this: Encrypt the password file, but rather than storing that key in a file, have a "daemon" process that you have to launch manually, which prompts for it. Then this process would simply keep it in memory, and be responsible for doing all the sensitive stuff. I never implemented it for two reasons: 1) I couldn't think of a way to still get the scheduling benefits of cron, while having this process be the one that does everything, and 2) if someone hacks into the rancid user's account after an operator has manually launched the daemon, he could still subvert the process by mucking with the config files to direct rancid to login to a trojan horse, and steel the password there. Thus, the limiting factor is still the ability to become the rancid user. But I thought I'd throw it out there in case anyone else can expand on it for a real solution. -Avram From owner-rancid-discuss@shrubbery.net Sat Jan 12 22:06:57 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CM6vF14148 for ; Sat, 12 Jan 2002 22:06:57 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0CM6cB24208 for rancid-discuss-outgoing; Sat, 12 Jan 2002 22:06:38 GMT Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CM6Za24204 for ; Sat, 12 Jan 2002 22:06:36 GMT Received: (from asp@localhost) by tower.partan.com (8.9.3/8.9.3) id RAA07686; Sat, 12 Jan 2002 17:06:33 -0500 (EST) Date: Sat, 12 Jan 2002 17:06:33 -0500 From: Andrew Partan To: Avram Dorfman Cc: rancid-discuss@shrubbery.net Subject: Re: automating non-config actions? Message-ID: <20020112170633.A7639@partan.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from avram@juniper.net on Sat, Jan 12, 2002 at 01:05:50PM -0800 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Sat, Jan 12, 2002 at 01:05:50PM -0800, Avram Dorfman wrote: > Has anyone thought about modifying rancid to make it a batch > utility for executing arbitrary actions on lots of routers? Look at clogin - its already does a lot of what you want. --asp From owner-rancid-discuss@shrubbery.net Sat Jan 12 22:35:02 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CMZ1F14997 for ; Sat, 12 Jan 2002 22:35:01 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0CMYTe24287 for rancid-discuss-outgoing; Sat, 12 Jan 2002 22:34:29 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g0CMYPm24277; Sat, 12 Jan 2002 22:34:26 GMT Date: Sat, 12 Jan 2002 14:34:25 -0800 From: john heasley To: Avram Dorfman Cc: rancid-discuss@shrubbery.net Subject: Re: automating non-config actions? Message-ID: <20020112143425.I21650@shrubbery.net> References: <20020112170633.A7639@partan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020112170633.A7639@partan.com>; from asp@partan.com on Sat, Jan 12, 2002 at 05:06:33PM -0500 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Sat, Jan 12, 2002 at 05:06:33PM -0500, Andrew Partan: > On Sat, Jan 12, 2002 at 01:05:50PM -0800, Avram Dorfman wrote: > > Has anyone thought about modifying rancid to make it a batch > > utility for executing arbitrary actions on lots of routers? > > Look at clogin - its already does a lot of what you want. > --asp btw, clogin is cisco (more or less) specific at this point. a simple shell script would whack that for you. eg: cd /usr/local/rancid for router in `cat */router.db` do oldFS=$IFS IFS=: set $router IFS=$oldFS if [ "$3" == "up" ] ; then if [ "$2" != "juniper"] ; then jlogin -s jnx_script $1 else clogin -s cisco_script $1 fi fi done From owner-rancid-discuss@shrubbery.net Sat Jan 12 22:39:46 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CMdkF15079 for ; Sat, 12 Jan 2002 22:39:46 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0CMdbK24325 for rancid-discuss-outgoing; Sat, 12 Jan 2002 22:39:37 GMT Received: from alpha.jnpr.net (natint.juniper.net [207.17.136.129]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CMdYa24321 for ; Sat, 12 Jan 2002 22:39:34 GMT Received: from proton.jnpr.net ([172.24.18.98]) by alpha.jnpr.net with Microsoft SMTPSVC(5.0.2195.3779); Sat, 12 Jan 2002 14:39:29 -0800 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Subject: RE: automating non-config actions? X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Sat, 12 Jan 2002 14:39:28 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: automating non-config actions? Thread-Index: AcGbteIpOThHvc/DSEm/y5wyAdjMmgAADlqA From: "Avram Dorfman" To: "Andrew Partan" Cc: X-OriginalArrivalTime: 12 Jan 2002 22:39:29.0268 (UTC) FILETIME=[FF024B40:01C19BB9] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by guelah.shrubbery.net id g0CMdZa24322 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I did see that. -s will cover the arbitrary script task I've suggested. The grouping and parallel processing done by do-diffs, control_rancid, and par, look like they would need to be hacked to support the -s option of the *login scripts, with the more flexible batch functionality that they provide, rather than manually listing every router using *login -r. But a lot of the checking & emailing control_rancid does sort of doesn't make sense to do for non-config collecting, or in an interactive environment. My apologies for not really specifying my intent clearly. Thanks, -Avram > -----Original Message----- > From: Andrew Partan [mailto:asp@partan.com] > Sent: Saturday, January 12, 2002 5:07 PM > To: Avram Dorfman > Cc: rancid-discuss@shrubbery.net > Subject: Re: automating non-config actions? > > > On Sat, Jan 12, 2002 at 01:05:50PM -0800, Avram Dorfman wrote: > > Has anyone thought about modifying rancid to make it a batch > > utility for executing arbitrary actions on lots of routers? > > Look at clogin - its already does a lot of what you want. > --asp > From owner-rancid-discuss@shrubbery.net Sat Jan 12 22:45:13 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CMjDF15181 for ; Sat, 12 Jan 2002 22:45:13 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0CMivg24361 for rancid-discuss-outgoing; Sat, 12 Jan 2002 22:44:57 GMT Received: from beta.jnpr.net (natint.juniper.net [207.17.136.129]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CMiqa24349; Sat, 12 Jan 2002 22:44:52 GMT Received: from proton.jnpr.net ([172.24.18.98]) by beta.jnpr.net with Microsoft SMTPSVC(5.0.2195.3779); Sat, 12 Jan 2002 14:44:47 -0800 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Subject: RE: automating non-config actions? X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Sat, 12 Jan 2002 14:44:46 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: automating non-config actions? Thread-Index: AcGbufU3/9vgERliTqKikUSIptr8tAAAIPuQ From: "Avram Dorfman" To: "john heasley" Cc: X-OriginalArrivalTime: 12 Jan 2002 22:44:47.0286 (UTC) FILETIME=[BC8FFD60:01C19BBA] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by guelah.shrubbery.net id g0CMira24350 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Yup. I think I'll steal the group code, and work in par. I was thinking about building this back into control_rancid & do_diffs, but it will probably be quicker just to make a new script. Thanks, -Avram > -----Original Message----- > From: john heasley [mailto:heas@shrubbery.net] > Sent: Saturday, January 12, 2002 5:34 PM > To: Avram Dorfman > Cc: rancid-discuss@shrubbery.net > Subject: Re: automating non-config actions? > > > Sat, Jan 12, 2002 at 05:06:33PM -0500, Andrew Partan: > > On Sat, Jan 12, 2002 at 01:05:50PM -0800, Avram Dorfman wrote: > > > Has anyone thought about modifying rancid to make it a batch > > > utility for executing arbitrary actions on lots of routers? > > > > Look at clogin - its already does a lot of what you want. > > --asp > > btw, clogin is cisco (more or less) specific at this point. a simple > shell script would whack that for you. eg: > > cd /usr/local/rancid > for router in `cat */router.db` > do > oldFS=$IFS > IFS=: > set $router > IFS=$oldFS > > if [ "$3" == "up" ] ; then > if [ "$2" != "juniper"] ; then > jlogin -s jnx_script $1 > else > clogin -s cisco_script $1 > fi > fi > done > From owner-rancid-discuss@shrubbery.net Sat Jan 12 22:59:56 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CMxtF15262 for ; Sat, 12 Jan 2002 22:59:55 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0CMxhx24393 for rancid-discuss-outgoing; Sat, 12 Jan 2002 22:59:43 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g0CMxd724388; Sat, 12 Jan 2002 22:59:39 GMT Date: Sat, 12 Jan 2002 14:59:39 -0800 From: john heasley To: Avram Dorfman Cc: rancid-discuss@shrubbery.net Subject: Re: the cleartext password issue Message-ID: <20020112145939.K21650@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from avram@juniper.net on Sat, Jan 12, 2002 at 01:05:50PM -0800 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Sat, Jan 12, 2002 at 01:05:50PM -0800, Avram Dorfman: > Hello Everyone, > > I've dealt with rancid-style packages for a while that I home-grew, before rancid came along, so I've faced this annoying clear-text password in a file issue many times before. > > One way that I've considered handling it (although never actually implemented) is this: > > Encrypt the password file, but rather than storing that key in a file, have a "daemon" process that you have to launch manually, which prompts for it. Then this process would simply keep it in memory, and be responsible for doing all the sensitive stuff. > > I never implemented it for two reasons: 1) I couldn't think of a way to still get the scheduling benefits of cron, while having this process be the one that does everything, and 2) if someone hacks into the rancid user's account after an operator has manually launched the daemon, he could still subvert the process by mucking with the config files to direct rancid to login to a trojan horse, and steel the password there. Thus, the limiting factor is still the ability to become the rancid user. > > But I thought I'd throw it out there in case anyone else can expand on it for a real solution. > > -Avram this is the 2nd largest cost of automation and i have not been able to come up with a viable solution. if you have a daemon and someone hacks root or an account in group kmem, it is possible to look through memory and extract the password. or that daemon dumps a core in some world readable area ... and so on. protecting the rancid users' area and .cloginrc along with the unix box itself are the best methods. we still would like to add something like {} as a possible password token which would cause *login to prompt the user. allowing a .cloginrc to be shared among many users, but which contains no actual passwords. which would also be helpful for secure_id logins. it would be nice if all vendors did AAA and had a priv level that could look at everything, but not modify. then rancid would not need write privs. i believe this is possible on juniper with a local user definition and may be possible with AAA via radius. of course, the user making automated config changes still has privs ... From owner-rancid-discuss@shrubbery.net Sat Jan 12 23:03:06 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CN35F15308 for ; Sat, 12 Jan 2002 23:03:05 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0CN2nx24415 for rancid-discuss-outgoing; Sat, 12 Jan 2002 23:02:49 GMT Received: from fire.jasonlewis.net (diablo.jasonlewis.net [216.181.64.130]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0CN2ja24411 for ; Sat, 12 Jan 2002 23:02:45 GMT Received: from spinalcord (spinalcord.jasonlewis.net [192.168.120.77]) by fire.jasonlewis.net (Postfix) with SMTP id B3556952C; Sat, 12 Jan 2002 18:02:30 -0500 (EST) Reply-To: From: "Jason Lewis" To: "'Avram Dorfman'" , Subject: RE: automating non-config actions? Date: Sat, 12 Jan 2002 18:05:43 -0500 Message-ID: <00b301c19bbd$aa30e5a0$4d78a8c0@spinalcord> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00B4_01C19B93.C15ADDA0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal X-MS-TNEF-Correlator: 0000000066C0740F2BDFE047BCA3DF2DA9AD620F2458E700 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_00B4_01C19B93.C15ADDA0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Have you looked at these? MRAT - http://cisco.nothingnet.com/ Pancho - http://pancho.lunarmedia.net/ jas ------=_NextPart_000_00B4_01C19B93.C15ADDA0 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" eJ8+IiwXAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANIHAQAMABIABQAAAAYAAwEB A5AGAJQFAAAoAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADAC4AAAAAAAMANgAA AAAAHgBwAAEAAAAfAAAAYXV0b21hdGluZyBub24tY29uZmlnIGFjdGlvbnM/AAACAXEAAQAAABYA AAABwZu9qZMpKADhuRJIfroMtgCnESRLAAACAR0MAQAAABwAAABTTVRQOkpMRVdJU0BQQUNLRVRO RVhVUy5DT00ACwABDgAAAABAAAYOAHZlj72bwQECAQoOAQAAABgAAAAAAAAAZsB0Dyvf4Ee8o98t qa1iD8KAAAADABQOAQAAAAsAHw4BAAAAAgEJEAEAAAD0AAAA8AAAAJEBAABMWkZ10PGGwQMACgBy Y3BnMTI14jIDQ3RleAVBAQMB9/8KgAKkA+QHEwKAD/MAUARWPwhVB7IRJQ5RAwECAGNo4QrAc2V0 MgYABsMRJfYzBEYTtzASLBEzCO8J97Y7GB8OMDURIgxgYwBQMwsJAWQzNhZQC6YgSKBhdmUgeQhg IBewJG9rCYAgYQVAdGg5B5BlPwqiCoQKgE1SgEFUICAtIGgCQGBwOi8vYwQABaAuTG5vHiALgGdu FCAuaQWgbS8ehFAAcBPQb9cfmAqwIgIuCkBuCsAHgD5kBzAggBQgIXUehGphCnMein0mAB4AQhAB AAAAOQAAADxDNTM3NDRBNDRGQkM5QjRCQUU5MEVCNDFEMkMwOUFDMjczNkJENUBwcm90b24uam5w ci5uZXQ+AAAAAAMACVkBAAAACwAAgAggBgAAAAAAwAAAAAAAAEYAAAAAA4UAAAAAAAADAAKACCAG AAAAAADAAAAAAAAARgAAAAAQhQAAAAAAAAMACIAIIAYAAAAAAMAAAAAAAABGAAAAAAGFAAAAAAAA AwAkgAggBgAAAAAAwAAAAAAAAEYAAAAAUoUAACdqAQAeACWACCAGAAAAAADAAAAAAAAARgAAAABU hQAAAQAAAAQAAAA5LjAACwAmgAggBgAAAAAAwAAAAAAAAEYAAAAABoUAAAAAAAALACqACCAGAAAA AADAAAAAAAAARgAAAAAOhQAAAAAAAAMAK4AIIAYAAAAAAMAAAAAAAABGAAAAABGFAAAAAAAAAwAt gAggBgAAAAAAwAAAAAAAAEYAAAAAGIUAAAAAAAAeADuACCAGAAAAAADAAAAAAAAARgAAAAA2hQAA AQAAAAEAAAAAAAAAHgA8gAggBgAAAAAAwAAAAAAAAEYAAAAAN4UAAAEAAAABAAAAAAAAAB4APYAI IAYAAAAAAMAAAAAAAABGAAAAADiFAAABAAAAAQAAAAAAAAACAfgPAQAAABAAAABmwHQPK9/gR7yj 3y2prWIPAgH6DwEAAAAQAAAAZsB0Dyvf4Ee8o98tqa1iDwIB+w8BAAAAlAAAAAAAAAA4obsQBeUQ GqG7CAArKlbCAABtc3BzdC5kbGwAAAAAAE5JVEH5v7gBAKoAN9luAAAAQzpcRG9jdW1lbnRzIGFu ZCBTZXR0aW5nc1xqbGV3aXNcTG9jYWwgU2V0dGluZ3NcQXBwbGljYXRpb24gRGF0YVxNaWNyb3Nv ZnRcT3V0bG9va1xtYWlsYm94LnBzdAADAP4PBQAAAAMADTT9NwAAAgF/AAEAAAAxAAAAMDAwMDAw MDA2NkMwNzQwRjJCREZFMDQ3QkNBM0RGMkRBOUFENjIwRjI0NThFNzAwAAAAAAMABhCw/L4dAwAH EFkAAAADABAQAAAAAAMAERAAAAAAHgAIEAEAAABaAAAASEFWRVlPVUxPT0tFREFUVEhFU0U/TVJB VC1IVFRQOi8vQ0lTQ09OT1RISU5HTkVUQ09NL1BBTkNITy1IVFRQOi8vUEFOQ0hPTFVOQVJNRURJ QU5FVC9KQVMAAACuFA== ------=_NextPart_000_00B4_01C19B93.C15ADDA0-- From owner-rancid-discuss@shrubbery.net Thu Jan 17 16:23:34 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0HGNXF17391 for ; Thu, 17 Jan 2002 16:23:33 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0HGLYN19162 for rancid-discuss-outgoing; Thu, 17 Jan 2002 16:21:34 GMT Received: from smtp.vtx.ch (smtp1.vtx.ch [212.147.0.55]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0HGLVa19158 for ; Thu, 17 Jan 2002 16:21:31 GMT Received: from onyx.vtx.ch (onyx.vtx.ch [212.147.0.95]) by smtp.vtx.ch (VTX Services) with ESMTP id E42F9FE26 for ; Thu, 17 Jan 2002 17:21:20 +0100 (CET) Subject: Oops From: Nicolas STRINA To: rancid-discuss@shrubbery.net Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0 (Preview Release) Date: 17 Jan 2002 17:19:19 +0100 Message-Id: <1011284359.3634.126.camel@onyx.vtx.ch> Mime-Version: 1.0 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello, I just install Rancid on my tool box. So actually i have a problem. I am able to log on the router and to exec some commands but the logs are giving me this output: Getting missed routers: round 4. !ROM Bootstrap: Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) ir00.pul.lsn.fe0-0.vtxnet.ch: missed cmd(s): show diagbus,write term,dir /all bootflash:,show env all,show controllers cbus,dir /all nvram:,show module,dir /all sup-bootflash:,show c7200,show variables boot,show flash,show vlan,dir /all slot0:,show install active,dir /all slot1:,show boot,show diag,show controllers,show gsr chassis,dir /all sup-microcode:,dir /all disk0:,dir /all disk1:,show bootvar,show vtp status ir00.pul.lsn.fe0-0.vtxnet.ch: End of run not found For sure on the version of CISCO i am running i don't have this parameters enable or this hardware present on my router. My question: Is the config saved ? Where can i find it on my box ? Is it normal ? Thanks to let me know. Regards, Nicolas -- ---------------------------------------- STRINA Nicolas IP Network Manager VTX Services - Internet Service Provider Av. de Lavaux 101 CH-1009 Pully nicolas.strina@smart-telecom.ch http://www.vtx.ch ---------------------------------------- From owner-rancid-discuss@shrubbery.net Thu Jan 17 17:42:50 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0HHgoF19509 for ; Thu, 17 Jan 2002 17:42:50 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0HHgSa19504 for rancid-discuss-outgoing; Thu, 17 Jan 2002 17:42:28 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g0HHgNO19494; Thu, 17 Jan 2002 17:42:23 GMT Date: Thu, 17 Jan 2002 17:42:22 +0000 From: john heasley To: Nicolas STRINA Cc: rancid-discuss@shrubbery.net Subject: Re: Oops Message-ID: <20020117174222.D19370@shrubbery.net> References: <1011284359.3634.126.camel@onyx.vtx.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1011284359.3634.126.camel@onyx.vtx.ch>; from nicolas.strina@smart-telecom.ch on Thu, Jan 17, 2002 at 05:19:19PM +0100 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thu, Jan 17, 2002 at 05:19:19PM +0100, Nicolas STRINA: > Hello, > > I just install Rancid on my tool box. So actually i have a problem. > I am able to log on the router and to exec some commands but the logs > are giving me this output: > > Getting missed routers: round 4. > !ROM Bootstrap: Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE > (fc1) > ir00.pul.lsn.fe0-0.vtxnet.ch: missed cmd(s): show diagbus,write term,dir > /all bootflash:,show env all,show controllers cbus,dir /all nvram:,show > module,dir /all sup-bootflash:,show c7200,show variables boot,show > flash,show vlan,dir /all slot0:,show install active,dir /all slot1:,show > boot,show diag,show controllers,show gsr chassis,dir /all > sup-microcode:,dir /all disk0:,dir /all disk1:,show bootvar,show vtp > status > ir00.pul.lsn.fe0-0.vtxnet.ch: End of run not found > > For sure on the version of CISCO i am running i don't have this > parameters enable or this hardware present on my router. > > My question: > > Is the config saved ? Where can i find it on my box ? Is it normal ? the second line above (!ROM...) is the last line output by rancid, collected from show version in this case. so, it is logging in and at least starting collection of the router data. please see the FAQ (http://www.shrubbery.net/rancid/FAQ) for hints on how to debug this. if you still have trouble, drop another email. > Thanks to let me know. > > Regards, > > Nicolas > > -- > ---------------------------------------- > STRINA Nicolas > IP Network Manager > VTX Services - Internet Service Provider > Av. de Lavaux 101 CH-1009 Pully > nicolas.strina@smart-telecom.ch > http://www.vtx.ch > ---------------------------------------- From owner-rancid-discuss@shrubbery.net Thu Jan 24 19:46:29 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0OJkSF28108 for ; Thu, 24 Jan 2002 19:46:28 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0OJiSO08174 for rancid-discuss-outgoing; Thu, 24 Jan 2002 19:44:28 GMT Received: from dorq.noc.dti.net (dorq.noc.dti.net [206.252.134.52]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0OJiOa08162 for ; Thu, 24 Jan 2002 19:44:24 GMT Received: by dorq.noc.dti.net (Postfix, from userid 1000) id 5563396A6; Thu, 24 Jan 2002 14:44:21 -0500 (EST) Date: Thu, 24 Jan 2002 14:44:21 -0500 From: Josh Rivel To: rancid-discuss@shrubbery.net Subject: problem with Cat6000's Message-ID: <20020124194421.GA17157@dti.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi. I'm using rancid-2.2 on an OpenBSD 3.0 box, tcl/tk 8.3.3, expect 5.24. Works fine for my various Foundry's and IOS devices (2500s, 4000's, 7200's, etc.) However, on the switch side of the 6500's (a 6506 and 6509), and also on a 2980 I get the following in my log files: starting: Thu Jan 24 14:16:24 EST 2002 Trying to get all of the configs. cat6506: End of run not found end cat6509: End of run not found end cat2980 End of run not found end ===================================== etc. a cloginc -c "cmd1;cmd2" switch-name works fine, no errors. I saw the same thing when I was running rancid-2.1 on Solaris 2.6, figured upgrading to OpenBSD, newer versions of rancid and expect would solve the problem, but it remains. The prompt on the switches is: switchname> and switchname> (enable) when in enabled mode. All the switches are running IOS which uses SSH, I am running OpenSSH 3.0.2 The only relevant lines in the .cloginrc is: add method cat650* ssh add method cat2980* ssh and add cyphertype * {3des} Thanks. Here's the output of clogin -s "show version" to one of the switches: $ clogin -c "show ver" cat6509 cat6509 spawn ssh -c 3des -x -l rancid cat6509 rancid@cat6509's password: Cisco Systems Console cat6509> enable Enter password: cat6509> (enable) cat6509> (enable) set length 0 Screen length for this session set to 0. cat6509> (enable) show ver WS-C6509 Software, Version NmpSW: 7.1(1) Copyright (c) 1995-2001 by Cisco Systems NMP S/W compiled on Nov 30 2001, 17:24:31 System Bootstrap Version: 5.3(1) Hardware Version: 2.0 Model: WS-C6509 Serial #: SCA0349028V PS1 Module: WS-CAC-1300W Serial #: ACP03451461 PS2 Module: WS-CAC-1300W Serial #: ACP03430209 Mod Port Model Serial # Versions --- ---- ------------------- ----------- -------------------------------------- 1 2 WS-X6K-SUP1A-2GE SAD03411160 Hw : 3.4 Fw : 5.3(1) Fw1: 5.4(2) Sw : 7.1(1) Sw1: 7.1(1) WS-F6K-PFC SAD03430164 Hw : 1.1 2 48 WS-X6248-RJ-45 SAD040102MV Hw : 1.1 Fw : 4.2(0.24)VAI78 Sw : 7.1(1) 3 48 WS-X6248-RJ-45 SAD040102T4 Hw : 1.1 Fw : 4.2(0.24)VAI78 Sw : 7.1(1) 15 1 WS-F6K-MSFC SAD03427681 Hw : 2.1 Fw : 12.0(7)XE1, Sw : 12.0(7)XE1, DRAM FLASH NVRAM Module Total Used Free Total Used Free Total Used Free ------ ------- ------- ------- ------- ------- ------- ----- ----- ----- 1 65408K 45434K 19974K 16384K 9896K 6488K 512K 296K 216K Uptime is 27 days, 23 hours, 14 minutes cat6509> (enable)Connection to cat6509 closed by remote host. Connection to cat6509 closed. -- josh From owner-rancid-discuss@shrubbery.net Sun Jan 27 22:09:03 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0RM93F02926 for ; Sun, 27 Jan 2002 22:09:03 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0RM6dH29247 for rancid-discuss-outgoing; Sun, 27 Jan 2002 22:06:39 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0RM6aM29204 for rancid-discuss@shrubbery.net; Sun, 27 Jan 2002 22:06:36 GMT Received: from server.tmk.com (SYSTEM@server.tmk.com [204.141.35.63]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0R6eJa21530 for ; Sun, 27 Jan 2002 06:40:20 GMT Received: from tmk.com by tmk.com (PMDF V6.1 #37010) id <01KDJQUSFXM88WWBJ9@tmk.com> for rancid-discuss@shrubbery.net; Sun, 27 Jan 2002 01:40:17 -0500 (EST) Date: Sun, 27 Jan 2002 01:36:38 -0500 (EST) From: Terry Kennedy Subject: Re: problem with Cat6000's To: jrivel@dti.net Cc: rancid-discuss@shrubbery.net Message-id: <01KDJQZU6ZJ88WWBJ9@tmk.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is apparently a problem with the SSH implementation in CatOS - when RANCID says "exit", the switch closes the connection before echoing the exit command, which causes the script to not see that things completed properly. The following diff shows a fix to cat5rancid to deal with this. Note that your line numbers will be different - I have other unrelated changes. *************** *** 1051,1056 **** --- 1050,1060 ---- TOP: while() { tr/\015//d; if (/> \(enable\) ?exit$/) { + $clean_run=1; + last; + } + # CatOS SSH client stomps on the "exit" command echo... + if (/> \(enable\)*Connection*/) { $clean_run=1; last; } Terry Kennedy http://www.tmk.com terry@tmk.com New York, NY USA From owner-rancid-discuss@shrubbery.net Mon Jan 28 01:14:57 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g0S1EvF06625 for ; Mon, 28 Jan 2002 01:14:57 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id g0S1Eep25615 for rancid-discuss-outgoing; Mon, 28 Jan 2002 01:14:40 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g0S1EWZ25610; Mon, 28 Jan 2002 01:14:32 GMT Date: Mon, 28 Jan 2002 01:14:31 +0000 From: john heasley To: Terry Kennedy Cc: jrivel@dti.net, rancid-discuss@shrubbery.net Subject: Re: problem with Cat6000's Message-ID: <20020128011431.B23341@shrubbery.net> References: <01KDJQZU6ZJ88WWBJ9@tmk.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <01KDJQZU6ZJ88WWBJ9@tmk.com>; from terry@tmk.com on Sun, Jan 27, 2002 at 01:36:38AM -0500 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk josh, please report this to cisco. make them fix thier stuff. cat6509> (enable) show ver WS-C6509 Software, Version NmpSW: 7.1(1) Copyright (c) 1995-2001 by Cisco Systems NMP S/W compiled on Nov 30 2001, 17:24:31 System Bootstrap Version: 5.3(1) Sun, Jan 27, 2002 at 01:36:38AM -0500, Terry Kennedy: > This is apparently a problem with the SSH implementation in CatOS - when > RANCID says "exit", the switch closes the connection before echoing the > exit command, which causes the script to not see that things completed > properly. The following diff shows a fix to cat5rancid to deal with this. > Note that your line numbers will be different - I have other unrelated > changes. > > *************** > *** 1051,1056 **** > --- 1050,1060 ---- > TOP: while() { > tr/\015//d; > if (/> \(enable\) ?exit$/) { > + $clean_run=1; > + last; > + } > + # CatOS SSH client stomps on the "exit" command echo... > + if (/> \(enable\)*Connection*/) { > $clean_run=1; > last; > } > > Terry Kennedy http://www.tmk.com > terry@tmk.com New York, NY USA