From owner-rancid-discuss-outgoing@shrubbery.net Mon Aug 1 05:47:39 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 9E2DF11CE35 for ; Mon, 1 Aug 2005 05:47:39 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 57585864FF; Sun, 31 Jul 2005 22:47:38 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 50D9D86503; Sun, 31 Jul 2005 22:47:38 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from biola.edu (cgp.biola.edu [4.79.136.25]) by guelah.shrubbery.net (Postfix) with ESMTP id 6518D864FF for ; Sun, 31 Jul 2005 22:47:36 -0700 (PDT) Received: from [71.103.37.233] (account netmanager@biola.edu) by biola.edu (CommuniGate Pro WebUser 4.2.8) with HTTP id 58497460 for rancid-discuss@shrubbery.net; Sun, 31 Jul 2005 22:50:42 -0700 From: "Netmanager" Subject: Re: CVS checkout problems with cvsweb To: rancid-discuss@shrubbery.net X-Mailer: CommuniGate Pro WebUser Interface v.4.2.8 Date: Sun, 31 Jul 2005 22:50:42 -0700 Message-ID: In-Reply-To: <20050730235330.GD24356@shrubbery.net> References: <20050730235330.GD24356@shrubbery.net> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1"; format="flowed" Content-Transfer-Encoding: 8bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk > Sat, Jul 30, 2005 at 04:45:33PM -0700, Netmanager: >> Hello All, >> >> I've set up RANCID before with no problems, but I'm >> setting it up on a new box with the latest OS version >>(OS >> X 10.4), and it is retrieving configs, but cvsweb gives >> the following error when I click the "download" link to >> retrive the config. >> >> ------------- >> Error: Unexpected output from cvs co: cvs [checkout >> aborted]: Absolute module reference invalid: >> `/test/configs/cisco-core-6500-ssl.mycompany.com' >> Check whether the directory >> /opt/local/var/rancid/CVS/CVSROOT exists and the script >> has write-access to the CVSROOT/history file if it >>exists. >> The script needs to place lock files in the directory >>the >> file is in as well. >> ------------- >> >> CVS and CVS/CVSROOT exists, I changed permissions and >>file >> ownership but nothing. I'm puzzled that it seems to say >> `/test/configs/cisco-core-6500-ssl.mycompany.com' is an >> "absolute module reference". The correct absolute path >>is >> contained in the html link, pasted here: >> >> http://127.0.0.1/cgi-bin/cvsweb.cgi/~checkout~/test/configs/cisco-core-6500-ssl.mycompany.com?rev=1.2&content-type=text/plain >> >> My cvsweb.conf has: >> >> %CVSROOT = ( >> 'Development' => '/opt/local/var/rancid/CVS' > > I dont think you want 'CVS' there. note, the v 3.0.5 >has a different format > for this line; i dont know what you're using or whats >most recent. I was using an older version of cvsweb. I updated it to 3.0.5 and the problem vanished. It looks like I need cvsweb 3.x for Apple's latest OS. Thanks. Mark From owner-rancid-discuss-outgoing@shrubbery.net Fri Aug 5 14:40:53 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 4021C11CE32 for ; Fri, 5 Aug 2005 14:40:51 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 45844864EA; Fri, 5 Aug 2005 07:40:50 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 3F1EF864EF; Fri, 5 Aug 2005 07:40:50 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from NIHHUBIMS.hub.nih.gov (ims.hub.nih.gov [128.231.90.111]) by guelah.shrubbery.net (Postfix) with ESMTP id 65669864EA for ; Fri, 5 Aug 2005 07:40:46 -0700 (PDT) Received: by nihhubims.hub.nih.gov with Internet Mail Service (5.5.2658.27) id ; Fri, 5 Aug 2005 10:40:42 -0400 Message-ID: <71B0C9CB1FF4EA43BB48C08DCFF1A1FF1E286B@NIHCESMLBX.nih.gov> From: "Gee-clough, Aaron (NIH/CIT)" To: 'Emre Bastuz' , Fred Jordan Cc: rancid-discuss@shrubbery.net Subject: RE: Pix via ssh - how to reach required privilege level? Date: Fri, 5 Aug 2005 10:40:37 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2658.27) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Sorry for the late reply (was out at a conference). If you don't want to have your global enable in the rancid config, you can use "aaa authentication enable console LOCAL" on the PIX. This = will require you to have local accounts for every user, but will not prompt = for the global enable. Instead, it will prompt that user for their login password again. (So, you'd put their login password in .cloginrc = twice.) This way, each user's "enable" password is different, but they really = only have one password. It's a tradeoff. aaron ------------------ Aaron Gee-Clough DNST/CIT/NEB/NSS Contractor. Geek. =20 > -----Original Message----- > From: Emre Bastuz [mailto:info@emre.de]=20 > Sent: Wednesday, July 27, 2005 7:42 AM > To: Fred Jordan > Cc: rancid-discuss@shrubbery.net > Subject: Re: Pix via ssh - how to reach required privilege level? >=20 > Hi Jordan, >=20 > Zitat von Fred Jordan : > > We have not tried to use rancid for collecting PIX configs=20 > but would be > > very interested in how to do this. How do you tell rancid to use = ssh > > instead of telnet; in the entry in the router.db file? > you just have to add several line to your .cloginrc, that=20 > might look like this: >=20 > add user mypix.emre.de rancidpixuser > add password mypix.emre.de myPassword4Rancid > add cyphertype mypix.emre.de des > add method mypix.emre.de ssh >=20 > The first two lines are the username and password being used=20 > when trying to > login via ssh. >=20 > The line "cyphertype" specifies the cypher ssh will try to=20 > use. Not all pix > firewalls have a 3des licence installed so using "des" made=20 > it work in my case. >=20 > The last line tells rancid to use ssh instead of telnet. >=20 > I felt uncomfortable having my enable password in the=20 > .cloginrc as cleartext so > I added a local user to the pix that has the privilege for=20 > the show commands > only. >=20 > That=B4s where I got stuck: you can successfully login into the=20 > pix but are then > supposed to do a "login" first (instead of an "enable"). >=20 > My guess is that if you have your enable password for the pix=20 > in the cloginrc > you will be able to collect your config with rancid. >=20 > If you create a local user on the pix you=B4ll probably be=20 > stuck the same way that > I am. >=20 > Cheers, >=20 > Emre >=20 > -- > http://www.emre.de UIN: 561260 > PGP Key ID: 0xAFAC77FD >=20 > I don't see why some people even HAVE cars. -- Calvin >=20 From owner-rancid-discuss-outgoing@shrubbery.net Mon Aug 8 01:13:47 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 32D5911CE2D for ; Mon, 8 Aug 2005 01:13:47 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 36398864EC; Sun, 7 Aug 2005 18:13:46 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 30371864F1; Sun, 7 Aug 2005 18:13:46 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from number1.corehosting.com.au (number1.corehosting.com.au [202.45.103.179]) by guelah.shrubbery.net (Postfix) with SMTP id C1F44864EC for ; Sun, 7 Aug 2005 18:13:44 -0700 (PDT) Received: (qmail 75158 invoked by uid 1013); 8 Aug 2005 01:19:10 -0000 Received: from 203.10.110.199 by number1.corehosting.com.au (envelope-from , uid 1010) with qmail-scanner-1.25-st-qms (clamdscan: 0.83/918. spamassassin: 2.64. perlscan: 1.25-st-qms. Clear:RC:1(203.10.110.199):. Processed in 0.045442 secs); 08 Aug 2005 01:19:10 -0000 X-Antivirus-number1.corehosting.com.au-Mail-From: russell@brenkie.com.au via number1.corehosting.com.au X-Antivirus-number1.corehosting.com.au: 1.25-st-qms (Clear:RC:1(203.10.110.199):. Processed in 0.045442 secs Process 75152) Received: from core1-off-cr-fastether-0-0.melbourne.netspace.net.au (HELO viccrwk6) (203.10.110.199) by number1.corehosting.com.au with SMTP; 8 Aug 2005 01:19:10 -0000 From: "Russell Brenner" To: Subject: Subversion and Rancid Date: Mon, 8 Aug 2005 11:13:43 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcWbtmsq87WgAwa5T0euX64/YPBUqg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Antivirus-number1.corehosting.com.au-Message-ID: <1123463950107075152@number1.corehosting.com.au> Message-Id: <20050808011344.C1F44864EC@guelah.shrubbery.net> Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi Folks, Back in November 2004 there was some talk of a patch for Rancid that incorporate Subversion. I've not been able to find a copy of that diff anywhere (rancidSVN.diff), does anybody know where this patch lies or can contact me off list to grab a copy? -- Kind Regards, Russell Brenner russell at brenkie dot com dot au From owner-rancid-discuss-outgoing@shrubbery.net Mon Aug 8 01:30:33 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 6810811CE2D for ; Mon, 8 Aug 2005 01:30:33 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 88874864F5; Sun, 7 Aug 2005 18:30:32 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7B971864F6; Sun, 7 Aug 2005 18:30:32 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from splinter.bowdoin.edu (splinter.bowdoin.edu [139.140.181.132]) by guelah.shrubbery.net (Postfix) with ESMTP id A23BD864F1 for ; Sun, 7 Aug 2005 18:30:31 -0700 (PDT) Received: by splinter.bowdoin.edu (Postfix, from userid 12008) id 3767CC0F3; Sun, 7 Aug 2005 21:30:28 -0400 (EDT) Date: Sun, 7 Aug 2005 21:30:28 -0400 From: Alec Berryman To: rancid-discuss@shrubbery.net Subject: Re: Subversion and Rancid Message-ID: <20050808013028.GA41177@thened.net> Mail-Followup-To: rancid-discuss@shrubbery.net References: <20050808011344.C1F44864EC@guelah.shrubbery.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5mCyUwZo2JvN/JJP" Content-Disposition: inline In-Reply-To: <20050808011344.C1F44864EC@guelah.shrubbery.net> X-Ned-Wuz-Here: Yes X-GPG-Fingerprint: 3DB5 8785 53D9 8BF4 5049 B6B9 02E7 7FD9 881C 85C4 X-GPG-Key-ID: 881C85C4 X-GPG-Key: http://www.thened.net/~alec/static/alec.asc User-Agent: Mutt/1.5.9i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Russell Brenner on 2005-08-08 11:13:43 +1000: > Back in November 2004 there was some talk of a patch for Rancid that > incorporate Subversion. >=20 > I've not been able to find a copy of that diff anywhere > (rancidSVN.diff), does anybody know where this patch lies or can > contact me off list to grab a copy? http://svn.dastylinrastan.com/rastan/rancidSVN/RancidSVN-2.3.1.patch For the record, it's worked flawlessly for about a month now in our setup - we converted from a CVS repository with cvs2svn and were off running. --5mCyUwZo2JvN/JJP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFC9rW0Aud/2YgchcQRAjzgAKCraetyRkt2IKZ5uPkbebMveO8shACfdNhI 7a6Agk8IsR0YeIarINxAkfs= =Xn95 -----END PGP SIGNATURE----- --5mCyUwZo2JvN/JJP-- From owner-rancid-discuss-outgoing@shrubbery.net Mon Aug 8 10:02:44 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7AFAD11CE2D for ; Mon, 8 Aug 2005 10:02:44 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 734EE864EF; Mon, 8 Aug 2005 03:02:43 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 662DD864F1; Mon, 8 Aug 2005 03:02:43 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from smtp2.netcologne.de (smtp2.netcologne.de [194.8.194.218]) by guelah.shrubbery.net (Postfix) with ESMTP id 7E006864EC for ; Mon, 8 Aug 2005 03:02:41 -0700 (PDT) Received: from [194.8.193.125] (sys-125.netcologne.de [194.8.193.125]) by smtp2.netcologne.de (Postfix) with ESMTP id 529014316 for ; Mon, 8 Aug 2005 12:02:32 +0200 (MEST) Message-ID: <42F72DB8.4080304@emre.de> Date: Mon, 08 Aug 2005 12:02:32 +0200 From: Emre Bastuz User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: de, en-us, en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: Obtaining Cisco Pix Configs - Patch X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: multipart/mixed; boundary="------------030803010203040603090309" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a multi-part message in MIME format. --------------030803010203040603090309 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Hi, some time ago I wrote to this list and asked how RANCID could be used with a Pix firewall and a local user with only "show" privileges. It seems there is no way of doing the following with RANCID: # ssh mypix mypix# login mypix# show running-config etc.... To use "login" instead of "enable" I had to introduce a new variable to .cloginrc and patch the script "clogin". I have included the patch. Please feel free to use it if you need the functionality. Some words about the usage/prerequisites: - you have a pix and want itīs config - you do not want to have the enable password in clear text in your cloginrc - you do not have a tacacs server and want to configure a rancid user on your pix locally You have to: - add a user ("rancid") to your pix, who has the privileges for "show running config", "show flash" and "write term" - add the pix host to your routers.db as type cisco - add the following line/variables to your cloginrc for this host/group/whatever: add user mypix.emre.de rancid add password mypix.emre.de Pass--Word Pass--Word add cyphertype mypix.emre.de des add method mypix.emre.de ssh add login mypix.emre.de {1} The new variable is "login" which will "tell" RANCID to use the "login" command instead of the "enable" command to reach the required privilege level. Please note that using the "login" option implicitly sets "enable" to "no". Iīm not a shell-scripting guy, so I hope I didnīt break anything but the patch has worked for me. Any hints/sugestions are welcome. Cheers, Emre -- http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD I don't see why some people even HAVE cars. -- Calvin --------------030803010203040603090309 Content-Type: text/plain; name="rancid-diff.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rancid-diff.txt" --- clogin-dist Thu Jul 28 10:59:07 2005 +++ clogin Mon Aug 8 11:17:30 2005 @@ -57,6 +57,8 @@ set do_enapasswd 1 # attempt at platform switching. set platform "" +# new option to provide "login" command capabilities +set loginonly 0 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ] } { @@ -453,6 +455,39 @@ return 0 } +# New subroutine to provide "login" command capabilities, using the enable user and enable password +# Login +proc do_login { enauser enapasswd } { + global prompt in_proc + global u_prompt e_prompt + set in_proc 1 + + send "login\r" + expect { + -re "$u_prompt" { send "$enauser\r"; exp_continue} + -re "$e_prompt" { send "$enapasswd\r"; exp_continue} + "#" { set prompt "#" } + "(login)" { set prompt "> (login) " } + -re "(denied|Sorry|Incorrect)" { + # % Access denied - from local auth and poss. others + send_user "\nError: Check your Login passwd\n"; + return 1 + } + "% Error in authentication" { + send_user "\nError: Check your Login passwd\n" + return 1 + } + "% Bad passwords" { + send_user "\nError: Check your Login passwd\n" + return 1 + } + } + # We set the prompt variable (above) so script files don't need + # to know what it is. + set in_proc 0 + return 0 +} + # Enable proc do_enable { enauser enapasswd } { global prompt in_proc @@ -638,6 +673,13 @@ } } + # If a "login" option is used, no "enable" will be required + # look for login option in .cloginrc + if { [find login $router] != "" } { + set enable 0 + set loginonly 1 + } + # look for noenable option in .cloginrc if { [find noenable $router] != "" } { set enable 0 @@ -726,6 +768,17 @@ if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { continue } + + # login required? + if { $loginonly } { + if {[do_login $enauser $enapasswd]} { + if { $do_command || $do_script } { + close; wait + continue + } + } + } + if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { @@ -734,6 +787,7 @@ } } } + # we are logged in, now figure out the full prompt send "\r" expect { --------------030803010203040603090309-- From owner-rancid-discuss-outgoing@shrubbery.net Mon Aug 8 17:51:04 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id ABF7211CE2D for ; Mon, 8 Aug 2005 17:51:04 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id AA584864EC; Mon, 8 Aug 2005 10:51:03 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id A1FB6864F1; Mon, 8 Aug 2005 10:51:03 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S4.cableone.net (s4.cableone.net [24.116.0.230]) by guelah.shrubbery.net (Postfix) with ESMTP id 87927864EC for ; Mon, 8 Aug 2005 10:51:01 -0700 (PDT) Received: from [192.168.1.100] (unverified [24.119.117.0]) by S4.cableone.net (CableOne SMTP Service S4) with ESMTP id 27518093 for multiple; Mon, 08 Aug 2005 10:54:54 -0700 Message-ID: <42F79B78.9070504@grote.name> Date: Mon, 08 Aug 2005 11:50:48 -0600 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Russell Brenner Cc: rancid-discuss@shrubbery.net Subject: Re: Subversion and Rancid References: <20050808011344.C1F44864EC@guelah.shrubbery.net> In-Reply-To: <20050808011344.C1F44864EC@guelah.shrubbery.net> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms050802030406030507010607" X-IP-stats: Incoming Last 4, First 60, in=12, out=0, spam=0 X-External-IP: 24.119.117.0 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms050802030406030507010607 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Russell Brenner wrote: >Hi Folks, > >Back in November 2004 there was some talk of a patch for Rancid that >incorporate Subversion. > >I've not been able to find a copy of that diff anywhere (rancidSVN.diff), >does anybody know where this patch lies or can contact me off list to grab a >copy? > > http://svn.dastylinrastan.com/rastan/rancidSVN/RancidSVN-2.3.1.patch You can also just check out the rancidSVN directory and install it normally like rancid. I wrote this patch because it was pretty easy to do. It is a drop-in replacement for the CVS rancid. I was going to make a separate patch that would make subversion optional so that it could be merged into the mainline rancid tree, but this worked so well that I really didn't have any reason to do it. I will continue to track the major RANCID releases and merge in those changes appropriately. Maybe one of these days I'll get off my ass and write an optional patch so that subversion support can be merged into the mainline rancid, as my patch seems to be pretty popular. The site above might be a little slow for a couple of weeks, as I am in the process of moving the host to a new provider. -- __________________________ Justin Grote Network Architect JWG Networks --------------ms050802030406030507010607 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH4TCC AkswggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1 WjBDMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFq dXN0aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU 35//szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumT OCT8RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDe pN52h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYD VR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/ fe06atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipL dazYsqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAksw ggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1WjBD MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqdXN0 aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU35// szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumTOCT8 RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDepN52 h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYDVR0T AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/fe06 atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipLdazY sqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAz8wggKo oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwt ZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+ uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNV HRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNv bS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAg pB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzR UIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDgwODE3NTA0OVowIwYJKoZIhvcN AQkEMRYEFBkI/z38SIBb6sdMF6Pc/hcZKnVeMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMONiwwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMA0GCSqGSIb3DQEBAQUABIGAAirz OH4XZyThQ+OPI/e+lQfkTgJ+5XB+cmIvCBC8JxGc3MI7Ww2LjT1MH/RKnTHRW3h7pH4zsCvE caK97eXscYSuhkNchl8sA6w00BzZfYO4NzSPIJbjfKPLa6cTtiaTAUnq8BLiNQEpa1E5wNUu 4xvghWc/ngwndldEwa8z/KgAAAAAAAA= --------------ms050802030406030507010607-- From owner-rancid-discuss-outgoing@shrubbery.net Fri Aug 12 04:35:20 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D6F9011CE2E for ; Fri, 12 Aug 2005 04:35:19 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id C42AD864EA; Thu, 11 Aug 2005 21:35:18 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id B8689864EB; Thu, 11 Aug 2005 21:35:18 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.197]) by guelah.shrubbery.net (Postfix) with ESMTP id C098E864E5 for ; Thu, 11 Aug 2005 21:35:17 -0700 (PDT) Received: by rproxy.gmail.com with SMTP id a36so471499rnf for ; Thu, 11 Aug 2005 21:35:16 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=iJ+G5KmTe4Yan8p8xdpYZ8HVbJvuft8TkgIxjeWs6JYA5uF7T/6O/3LLnzbhfF++FPRzbL6Xytno6l+EKYBeCleGvwFnPrMytNRxUmcY6r8u8Fy9Q4BVAwmCMaTk8kkGmgCqmIiMwG4YgjPG6sCfTVZIJaspaBPd8GnN+gWyl/I= Received: by 10.38.75.6 with SMTP id x6mr909733rna; Thu, 11 Aug 2005 21:35:16 -0700 (PDT) Received: by 10.38.92.65 with HTTP; Thu, 11 Aug 2005 21:35:16 -0700 (PDT) Message-ID: Date: Thu, 11 Aug 2005 23:35:16 -0500 From: Russell Harrison To: rancid-discuss@shrubbery.net Subject: Race condition in Tcl_WriteChars? Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I am running rancid 2.3.1 with expect 5.42.1 and tcl 8.4.7 and Linux kernel 2.6.10. clogin has exhibited a problem when running interactively, particularly when executing a command that generates a large amount of output (show run, show access-list, show cry map, show cry ips sa, etc). It appears that a buffer is getting stuck somewhere along the way, as the same 4095 byte chunk of text is repeatedly written to stdout. In some cases this eventually clears and the output moves on (only to get stuck on another chunk of text later). Strace shows that write is returning -1 with errno set to EAGAIN. It is interesting to note that this still happens when the if ((rc =3D=3D -1) && (errno =3D=3D EAGAIN) goto retry; line of exp_chan.c is commented out. I've run expect through a debugger with breakpoints set in the expWriteChars function - this behaviour is not exhibited when the program is run in this way. This leads me to believe that it is a race condition of some sort. The easy solution to this issue is probably using a different version of expect and tcl - however if there is an existing patch which would resolve this issue that would be preferable. Thanks, Russell From owner-rancid-discuss-outgoing@shrubbery.net Sat Aug 13 19:37:09 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BB8C511CE31 for ; Sat, 13 Aug 2005 19:37:09 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id E1BD4864EA; Sat, 13 Aug 2005 12:37:08 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D5D36864EB; Sat, 13 Aug 2005 12:37:08 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.199]) by guelah.shrubbery.net (Postfix) with ESMTP id 001B2864E5 for ; Sat, 13 Aug 2005 12:37:07 -0700 (PDT) Received: by zproxy.gmail.com with SMTP id i11so582648nzh for ; Sat, 13 Aug 2005 12:37:05 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=C0ah5O5oG6L9ClS0Us4vq4m+nhyHPUAi1mGpqCQIUSTyxj3NdQtbofKa0DwFTgtViKb8lGgwnGllH1X55cXMshwYk6OQiEF/GcB9/uMCUBG0MpODehfjlbqx2YEkXgP5+VzMLjwDMbLJbpfV1LhfEWluI6fZR/fF3NxBxkcl9PU= Received: by 10.36.222.45 with SMTP id u45mr3339866nzg; Sat, 13 Aug 2005 12:37:05 -0700 (PDT) Received: by 10.36.157.10 with HTTP; Sat, 13 Aug 2005 12:37:05 -0700 (PDT) Message-ID: Date: Sat, 13 Aug 2005 20:37:05 +0100 From: Jee Kay To: rancid-discuss Subject: VLAN config on Ciscos Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I have just noticed that all the VLAN config lines are removed from the configuration that RANCID stores from a Cisco. Is there any particular reason for doing this? It makes it a little difficult to restore a switch to its proper configuration, as I've just found :) Thanks, Ras From owner-rancid-discuss-outgoing@shrubbery.net Sat Aug 13 20:08:31 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id A587C11CE31 for ; Sat, 13 Aug 2005 20:08:31 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 57775864F1; Sat, 13 Aug 2005 13:08:30 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 4916C864F6; Sat, 13 Aug 2005 13:08:30 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S3.cableone.net (s3.cableone.net [24.116.0.229]) by guelah.shrubbery.net (Postfix) with ESMTP id 34E50864EB for ; Sat, 13 Aug 2005 13:08:28 -0700 (PDT) Received: from [192.168.1.100] (unverified [24.119.117.0]) by S3.cableone.net (CableOne SMTP Service S3) with ESMTP id 28190545 for multiple; Sat, 13 Aug 2005 13:29:19 -0700 Message-ID: <42FE52FE.7000705@grote.name> Date: Sat, 13 Aug 2005 14:07:26 -0600 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jee Kay Cc: rancid-discuss Subject: Re: VLAN config on Ciscos References: In-Reply-To: Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030705000509080002040801" X-IP-stats: Incoming Last 5, First 7, in=2, out=0, spam=0 X-External-IP: 24.119.117.0 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms030705000509080002040801 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Jee Kay wrote: >I have just noticed that all the VLAN config lines are removed from >the configuration that RANCID stores from a Cisco. Is there any >particular reason for doing this? It makes it a little difficult to >restore a switch to its proper configuration, as I've just found :) > >Thanks, >Ras > > > Are you sure about that? I have a couple Cisco 4006's with extensive VLAN configuration and all the vlan lines are there in the config, as well as the output of show vlan, commented out of course. -- __________________________ Justin Grote Network Architect JWG Networks --------------ms030705000509080002040801 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH4TCC AkswggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1 WjBDMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFq dXN0aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU 35//szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumT OCT8RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDe pN52h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYD VR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/ fe06atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipL dazYsqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAksw ggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1WjBD MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqdXN0 aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU35// szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumTOCT8 RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDepN52 h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYDVR0T AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/fe06 atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipLdazY sqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAz8wggKo oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwt ZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+ uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNV HRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNv bS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAg pB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzR UIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDgxMzIwMDcyNlowIwYJKoZIhvcN AQkEMRYEFLCeBpyw29zGOr+6Pt5jl6vzAMtUMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMONiwwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMA0GCSqGSIb3DQEBAQUABIGAXFCF cMXeKfmhMgewN3AwSaNAxuUQjT5EDAF47MwYhLlky+lcH5dTd6sVeZvL4cqGHW5I0Kpk115X jr0AmHzMjdpFFc14bQKCbG6wpNG7ZZA00z9LijLCE4hD+I0r6F6Di1gEhDBFYp8Edosv3l8u ttRjYsfCHJTEbmKdwJ83NqUAAAAAAAA= --------------ms030705000509080002040801-- From owner-rancid-discuss-outgoing@shrubbery.net Sat Aug 13 20:11:26 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 3DAB711CE31 for ; Sat, 13 Aug 2005 20:11:26 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 6E1DF864F6; Sat, 13 Aug 2005 13:11:25 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 624C2864F9; Sat, 13 Aug 2005 13:11:25 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id ACDFF864F8; Sat, 13 Aug 2005 13:11:24 -0700 (PDT) Date: Sat, 13 Aug 2005 13:11:24 -0700 From: john heasley To: Justin Grote Cc: Jee Kay , rancid-discuss Subject: Re: VLAN config on Ciscos Message-ID: <20050813201124.GF24863@shrubbery.net> References: <42FE52FE.7000705@grote.name> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42FE52FE.7000705@grote.name> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Sat, Aug 13, 2005 at 02:07:26PM -0600, Justin Grote: > Jee Kay wrote: > > >I have just noticed that all the VLAN config lines are removed from > >the configuration that RANCID stores from a Cisco. Is there any > >particular reason for doing this? It makes it a little difficult to > >restore a switch to its proper configuration, as I've just found :) > > > >Thanks, > >Ras > > > > > > > Are you sure about that? I have a couple Cisco 4006's with extensive > VLAN configuration and all the vlan lines are there in the config, as > well as the output of show vlan, commented out of course. Perhaps this switch's IOS is one of those where the vlan configuration is done separately from conf t, ie: 'vlan database' or whatever it is. That has never been collected. From owner-rancid-discuss-outgoing@shrubbery.net Sat Aug 13 20:13:59 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D647811CE31 for ; Sat, 13 Aug 2005 20:13:59 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id E8C5C864F9; Sat, 13 Aug 2005 13:13:58 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E01E9864FE; Sat, 13 Aug 2005 13:13:58 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S1.cableone.net (s1.cableone.net [24.116.0.227]) by guelah.shrubbery.net (Postfix) with ESMTP id 705A3864F9; Sat, 13 Aug 2005 13:13:57 -0700 (PDT) Received: from [192.168.1.100] (unverified [24.119.117.0]) by S1.cableone.net (CableOne SMTP Service S1) with ESMTP id 28282046 for multiple; Sat, 13 Aug 2005 13:14:07 -0700 Message-ID: <42FE5458.3070306@grote.name> Date: Sat, 13 Aug 2005 14:13:12 -0600 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: john heasley Cc: Jee Kay , rancid-discuss Subject: Re: VLAN config on Ciscos References: <42FE52FE.7000705@grote.name> <20050813201124.GF24863@shrubbery.net> In-Reply-To: <20050813201124.GF24863@shrubbery.net> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020209090204020306090002" X-IP-stats: Incoming Last 1, First 64, in=20, out=0, spam=0 X-External-IP: 24.119.117.0 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms020209090204020306090002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit john heasley wrote: > >Perhaps this switch's IOS is one of those where the vlan configuration >is done separately from conf t, ie: 'vlan database' or whatever it is. >That has never been collected. > > > Good point. Jee, let us know what model and IOS version you are running (or if you are running CatOS). -- __________________________ Justin Grote Network Architect JWG Networks --------------ms020209090204020306090002 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH4TCC AkswggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1 WjBDMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFq dXN0aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU 35//szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumT OCT8RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDe pN52h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYD VR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/ fe06atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipL dazYsqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAksw ggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1WjBD MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqdXN0 aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU35// szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumTOCT8 RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDepN52 h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYDVR0T AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/fe06 atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipLdazY sqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAz8wggKo oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwt ZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+ uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNV HRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNv bS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAg pB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzR UIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDgxMzIwMTMxMlowIwYJKoZIhvcN AQkEMRYEFAubdi2fdDdedloVN8ILeJFHiEfnMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMONiwwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMA0GCSqGSIb3DQEBAQUABIGAh86U tXAjr9z+HOW4fXs61GC7QzVnFmNMym7ZG9Q2ntV1slk4Yw7KpsOKjB/+72oJ/dLrxrE3LZFU aKKUPX1yS+uRYMy9nupUjH2lxx32CwHnyN3yKgVBn6nT1Tw/7mO/xn73Zt/coZTcC6k2M08g Y6CnRxAYSKQwkFexT61g8CsAAAAAAAA= --------------ms020209090204020306090002-- From owner-rancid-discuss-outgoing@shrubbery.net Sat Aug 13 20:36:21 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0521611CE31 for ; Sat, 13 Aug 2005 20:36:20 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 336E6864FF; Sat, 13 Aug 2005 13:36:20 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 251D686500; Sat, 13 Aug 2005 13:36:20 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.194]) by guelah.shrubbery.net (Postfix) with ESMTP id 2CDA9864FE for ; Sat, 13 Aug 2005 13:36:18 -0700 (PDT) Received: by zproxy.gmail.com with SMTP id i11so585525nzh for ; Sat, 13 Aug 2005 13:36:18 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nH1a8RRoPuF7NB3vyL59VYsEytSaZh/jQT8j7P6qPLz7ZNouJbJU28waFuBoVPMxOwk5LVNUecW4O97lsI5WvUitwL2BCxaqGzMmCcpjRmF4qT5kJVcBLMfpmVzNC62yrU0oYLczbYY1DaBdbPEp0IKSYGPnlQRDDO2mwi+CsTs= Received: by 10.36.10.16 with SMTP id 16mr52691nzj; Sat, 13 Aug 2005 13:36:18 -0700 (PDT) Received: by 10.36.157.10 with HTTP; Sat, 13 Aug 2005 13:36:18 -0700 (PDT) Message-ID: Date: Sat, 13 Aug 2005 21:36:18 +0100 From: Jee Kay To: Justin Grote Subject: Re: VLAN config on Ciscos Cc: john heasley , rancid-discuss In-Reply-To: <42FE5458.3070306@grote.name> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42FE52FE.7000705@grote.name> <20050813201124.GF24863@shrubbery.net> <42FE5458.3070306@grote.name> Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 8/13/05, Justin Grote wrote: > john heasley wrote: > >Perhaps this switch's IOS is one of those where the vlan configuration > >is done separately from conf t, ie: 'vlan database' or whatever it is. > >That has never been collected. > > > Good point. Jee, let us know what model and IOS version you are running > (or if you are running CatOS). It is a 4006, running 12.2(20)EW. If I do 'show run' or 'write term' on the switch directly, the VLAN configuration is definitely there :) From owner-rancid-discuss-outgoing@shrubbery.net Sat Aug 13 21:14:12 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C5BF511CE31 for ; Sat, 13 Aug 2005 21:14:12 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id DABBE86500; Sat, 13 Aug 2005 14:14:11 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D239B86503; Sat, 13 Aug 2005 14:14:11 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mercury.acsalaska.net (mercury.acsalaska.net [209.112.173.226]) by guelah.shrubbery.net (Postfix) with ESMTP id 9E27E86500; Sat, 13 Aug 2005 14:14:10 -0700 (PDT) Received: from [10.0.10.68] (209-112-156-47-adslb0fh.acsalaska.net [209.112.156.47]) by mercury.acsalaska.net (8.13.4/8.13.4) with ESMTP id j7DLDN2r024271; Sat, 13 Aug 2005 13:13:24 -0800 (AKDT) (envelope-from chris.brown@acsalaska.net) Message-ID: <42FE627D.50307@acsalaska.net> Date: Sat, 13 Aug 2005 13:13:33 -0800 From: "Christopher E. Brown" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040803 Thunderbird/0.7.3 Mnenhy/0.6.0.104 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jee Kay Cc: Justin Grote , john heasley , rancid-discuss Subject: Re: VLAN config on Ciscos References: <42FE52FE.7000705@grote.name> <20050813201124.GF24863@shrubbery.net> <42FE5458.3070306@grote.name> In-Reply-To: X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ACS-Spam-Status: no X-ACS-Scanned-By: MD 2.51; SA 3.0.3; spamdefang 1.113 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Jee Kay wrote: > On 8/13/05, Justin Grote wrote: > >>john heasley wrote: >> >>>Perhaps this switch's IOS is one of those where the vlan configuration >>>is done separately from conf t, ie: 'vlan database' or whatever it is. >>>That has never been collected. >>> >> >>Good point. Jee, let us know what model and IOS version you are running >>(or if you are running CatOS). > > > It is a 4006, running 12.2(20)EW. If I do 'show run' or 'write term' > on the switch directly, the VLAN configuration is definitely there :) Most modern IOS: When the switch is in VTP "transparent" mode, the VLANS appear in the config. When in Client or Server mode they do not, wouldn't want your config changing due to an update 5 switches away. (Remember VTP server mode just means the switch lets you make local changes, a user interface restriction, on the network side there is no diff between client and server modes) -- ------------------------------------------------------------------------ Christopher E. Brown desk (907) 550-8393 cell (907) 632-8492 IP Engineer - ACS ------------------------------------------------------------------------ From owner-rancid-discuss-outgoing@shrubbery.net Sat Aug 13 21:36:29 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D6C1911CE31 for ; Sat, 13 Aug 2005 21:36:28 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id E68DE86503; Sat, 13 Aug 2005 14:36:27 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E06AC86506; Sat, 13 Aug 2005 14:36:27 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id CFDCA86505; Sat, 13 Aug 2005 14:36:26 -0700 (PDT) Date: Sat, 13 Aug 2005 14:36:26 -0700 From: john heasley To: Jee Kay Cc: Justin Grote , john heasley , rancid-discuss Subject: Re: VLAN config on Ciscos Message-ID: <20050813213626.GM24863@shrubbery.net> References: <42FE52FE.7000705@grote.name> <20050813201124.GF24863@shrubbery.net> <42FE5458.3070306@grote.name> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Sat, Aug 13, 2005 at 09:36:18PM +0100, Jee Kay: > On 8/13/05, Justin Grote wrote: > > john heasley wrote: > > >Perhaps this switch's IOS is one of those where the vlan configuration > > >is done separately from conf t, ie: 'vlan database' or whatever it is. > > >That has never been collected. > > > > > Good point. Jee, let us know what model and IOS version you are running > > (or if you are running CatOS). > > It is a 4006, running 12.2(20)EW. If I do 'show run' or 'write term' > on the switch directly, the VLAN configuration is definitely there :) There is no special handling of vlan output, so it is not being filtered. If you've checked that the switch is actually being collected successfully, please send a .raw file to me. $ export NOPIPE=YES $ rancid -d switchname From owner-rancid-discuss-outgoing@shrubbery.net Sat Aug 13 22:00:52 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 76E1E11CE31 for ; Sat, 13 Aug 2005 22:00:50 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 7E5648650A; Sat, 13 Aug 2005 15:00:49 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 72B248650B; Sat, 13 Aug 2005 15:00:49 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from stargate.spray.se (stargate.spray.se [212.78.194.91]) by guelah.shrubbery.net (Postfix) with ESMTP id F10F186508 for ; Sat, 13 Aug 2005 15:00:47 -0700 (PDT) Received: from diamant.i.spray.se (Not Verified[10.46.4.22]) by stargate.spray.se id ; Sat, 13 Aug 2005 23:53:47 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: VLAN config on Ciscos Date: Sun, 14 Aug 2005 00:00:35 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: VLAN config on Ciscos Thread-Index: AcWgS//vwE4dkntQTq2ufmYnakihKQABbyoA From: =?iso-8859-1?Q?H=E5kan_Lindholm?= To: "rancid-discuss" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Christopher E. Brown wrote: > Most modern IOS: When the switch is in VTP "transparent" mode, the > VLANS appear in the config. When in Client or Server mode > they do not, wouldn't want your config changing due to an update > 5 switches away. (Remember VTP server mode just means the switch > lets you make local changes, a user interface restriction, on the > network side there is no diff between client and server modes) Correct, but what does it take to see the VTP config in "sh run" ? I can add it in "conf t" (as well as "vlan d"), but it doesn't show up = in "sh run". My IOS is 12.1(20)EA1a on a cisco WS-C2950G-48-EI. My VTP servers are running CatOS, so I haven't thought that much about = not getting the VLAN names etc backed up. /H From owner-rancid-discuss-outgoing@shrubbery.net Sat Aug 13 23:50:58 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id CB1B511CE31 for ; Sat, 13 Aug 2005 23:50:58 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id D47D98650B; Sat, 13 Aug 2005 16:50:57 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C86978650D; Sat, 13 Aug 2005 16:50:57 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 1BE7B8650C; Sat, 13 Aug 2005 16:50:57 -0700 (PDT) Date: Sat, 13 Aug 2005 16:50:57 -0700 From: john heasley To: Arnold Nipper Cc: Ed Ravin , rancid-discuss@shrubbery.net Subject: Re: Cisco "show inventory" command Message-ID: <20050813235057.GP24863@shrubbery.net> References: <20050705162124.GA13788@panix.com> <42CB72F6.5070102@nipper.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42CB72F6.5070102@nipper.de> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On my box this command requires the argument 'raw' to get anything beyond the chassis, but it also displays empty slots (not necessarily a bad thing) and individual ports of a PA (rather verbose, except for gbics/xenpac). But, I didnt see any of you mention "raw". It may be that the command is still rather immature in 12.2.25S. !NAME: "", DESCR: "7206VXR chassis" !PID: !VID: 2.0 !SN: 20392450 !NAME: "", DESCR: "Chassis Slot" !PID: !VID: !SN: !NAME: "", DESCR: "Chassis Slot" !PID: !VID: !SN: !NAME: "", DESCR: "Channelized T1/PRI with CSU" !PID: !VID: 1.0 !SN: 18875160 !NAME: "T1 4/0", DESCR: "T1 4/0" !PID: !VID: !SN: !NAME: "T1 4/1", DESCR: "T1 4/1" !PID: !VID: !SN: !NAME: "T1 4/2", DESCR: "T1 4/2" !PID: !VID: !SN: !NAME: "T1 4/3", DESCR: "T1 4/3" !PID: !VID: !SN: Wed, Jul 06, 2005 at 07:58:14AM +0200, Arnold Nipper: > On 05.07.2005 18:21 Ed Ravin wrote > > >On another mailing list that I (and some of you) subscribe to, someone > >mentioned the "show inventory" command. It seems to be tailor-made > >for RANCID. It's in 12.0(30)S, and apparently in other recent releases. > > Ans it is in CatOS as well (at least since 8.3(3)) > > >Sample output below... > > > > for CatOS format looks identical > > > -- Ed > > > >------------------------ > >NAME: "7513 chassis,ID:73002384", DESCR: "7513 chassis" > >PID: 2 , VID: Hardware Version : 1.00, Board Revision : > >B0, SN: 73002384 > > > >NAME: "Line Card 0", DESCR: "Versatile Interface Processor (VIP2)" > >PID: VIP2 , VID: Hardware Version : 2.04, Board Revision : > >D0, SN: 6354210 > > > > NAME: "1", DESCR: "1000BaseX Ethernet 48 port WS-X6748-SFP Rev. 1.3" > PID: WS-X6748-SFP , VID: , SN: SAD082108BS > > NAME: "submodule 1/1", DESCR: "Centralized Fwd Card WS-F6700-CFC Rev 2.0" > PID: WS-F6700-CFC , VID: , SN: SAD080600LP > > NAME: "2", DESCR: "1000BaseX Ethernet 48 port WS-X6748-SFP Rev. 1.3" > PID: WS-X6748-SFP , VID: , SN: SAD082108BC > > > > > Arnold > -- > Arnold Nipper, AN45 From owner-rancid-discuss-outgoing@shrubbery.net Sun Aug 14 01:13:07 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id CD0A811CE31 for ; Sun, 14 Aug 2005 01:13:07 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id DF7638650D; Sat, 13 Aug 2005 18:13:06 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D959A86512; Sat, 13 Aug 2005 18:13:06 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail3.panix.com (mail3.panix.com [166.84.1.74]) by guelah.shrubbery.net (Postfix) with ESMTP id A54008650D; Sat, 13 Aug 2005 18:13:05 -0700 (PDT) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail3.panix.com (Postfix) with ESMTP id DC08D13A9FA; Sat, 13 Aug 2005 21:13:04 -0400 (EDT) Received: (from eravin@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j7E1D4e07590; Sat, 13 Aug 2005 21:13:04 -0400 (EDT) Date: Sat, 13 Aug 2005 21:13:04 -0400 From: Ed Ravin To: john heasley Cc: rancid-discuss@shrubbery.net Subject: Re: Cisco "show inventory" command Message-ID: <20050814011304.GA17422@panix.com> References: <20050705162124.GA13788@panix.com> <42CB72F6.5070102@nipper.de> <20050813235057.GP24863@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050813235057.GP24863@shrubbery.net> X-Y-Z: 1, 2, 3? User-Agent: Mutt/1.5.9i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Sat, Aug 13, 2005 at 04:50:57PM -0700, john heasley wrote: > On my box this command requires the argument 'raw' to get anything beyond > the chassis, but it also displays empty slots (not necessarily a bad thing) > and individual ports of a PA (rather verbose, except for gbics/xenpac). > But, I didnt see any of you mention "raw". [...] That's cause no one on c-nsp mentioned it. Who's got time to read docs these days - that's what we have mailing lists for, right? :-) Anyway, just tried "raw" on my 12.0.30S box and 12.4T box, it works as it does in your examples. From owner-rancid-discuss-outgoing@shrubbery.net Sun Aug 14 03:56:20 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 9EE6111CE31 for ; Sun, 14 Aug 2005 03:56:20 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 9496A86512; Sat, 13 Aug 2005 20:56:19 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8D3A186515; Sat, 13 Aug 2005 20:56:19 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id D926786513; Sat, 13 Aug 2005 20:56:18 -0700 (PDT) Date: Sat, 13 Aug 2005 20:56:18 -0700 From: john heasley To: Emre Bastuz Cc: rancid-discuss@shrubbery.net Subject: Re: Obtaining Cisco Pix Configs - Patch Message-ID: <20050814035618.GT24863@shrubbery.net> References: <42F72DB8.4080304@emre.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42F72DB8.4080304@emre.de> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, Aug 08, 2005 at 12:02:32PM +0200, Emre Bastuz: > Hi, > > some time ago I wrote to this list and asked how RANCID could be used with > a Pix firewall and a local user with only "show" privileges. > > It seems there is no way of doing the following with RANCID: > # ssh mypix > mypix# login > > > mypix# show running-config > etc.... > > To use "login" instead of "enable" I had to introduce a new variable to > .cloginrc and patch the script "clogin". > > I have included the patch. Please feel free to use it if you need the > functionality. It appears to me that the passwords in configuration are those easily reversable type, so not have the enable password in .cloginrc really seems to have little value. anyway, it might be more flexible to add a 'enablecmd' variable, much like the existing sshcmd variable. Then its value could also be 'enable N', for those that want a privilege level other than 15. > Some words about the usage/prerequisites: > - you have a pix and want it?s config > - you do not want to have the enable password in clear text in your cloginrc > - you do not have a tacacs server and want to configure a rancid user on > your pix locally > > You have to: > - add a user ("rancid") to your pix, who has the privileges for "show > running config", "show flash" and "write term" > - add the pix host to your routers.db as type cisco > - add the following line/variables to your cloginrc for this > host/group/whatever: > > add user mypix.emre.de rancid > add password mypix.emre.de Pass--Word Pass--Word > add cyphertype mypix.emre.de des > add method mypix.emre.de ssh > add login mypix.emre.de {1} > > The new variable is "login" which will "tell" RANCID to use the "login" > command instead of the "enable" command to reach the required privilege > level. > Please note that using the "login" option implicitly sets "enable" to "no". > > I?m not a shell-scripting guy, so I hope I didn?t break anything but the > patch has worked for > me. > > Any hints/sugestions are welcome. > > Cheers, > > Emre > > -- > http://www.emre.de UIN: 561260 > PGP Key ID: 0xAFAC77FD > > I don't see why some people even HAVE cars. -- Calvin > --- clogin-dist Thu Jul 28 10:59:07 2005 > +++ clogin Mon Aug 8 11:17:30 2005 > @@ -57,6 +57,8 @@ > set do_enapasswd 1 > # attempt at platform switching. > set platform "" > +# new option to provide "login" command capabilities > +set loginonly 0 > > # Find the user in the ENV, or use the unix userid. > if {[ info exists env(CISCO_USER) ] } { > @@ -453,6 +455,39 @@ > return 0 > } > > +# New subroutine to provide "login" command capabilities, using the enable user and enable password > +# Login > +proc do_login { enauser enapasswd } { > + global prompt in_proc > + global u_prompt e_prompt > + set in_proc 1 > + > + send "login\r" > + expect { > + -re "$u_prompt" { send "$enauser\r"; exp_continue} > + -re "$e_prompt" { send "$enapasswd\r"; exp_continue} > + "#" { set prompt "#" } > + "(login)" { set prompt "> (login) " } > + -re "(denied|Sorry|Incorrect)" { > + # % Access denied - from local auth and poss. others > + send_user "\nError: Check your Login passwd\n"; > + return 1 > + } > + "% Error in authentication" { > + send_user "\nError: Check your Login passwd\n" > + return 1 > + } > + "% Bad passwords" { > + send_user "\nError: Check your Login passwd\n" > + return 1 > + } > + } > + # We set the prompt variable (above) so script files don't need > + # to know what it is. > + set in_proc 0 > + return 0 > +} > + > # Enable > proc do_enable { enauser enapasswd } { > global prompt in_proc > @@ -638,6 +673,13 @@ > } > } > > + # If a "login" option is used, no "enable" will be required > + # look for login option in .cloginrc > + if { [find login $router] != "" } { > + set enable 0 > + set loginonly 1 > + } > + > # look for noenable option in .cloginrc > if { [find noenable $router] != "" } { > set enable 0 > @@ -726,6 +768,17 @@ > if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { > continue > } > + > + # login required? > + if { $loginonly } { > + if {[do_login $enauser $enapasswd]} { > + if { $do_command || $do_script } { > + close; wait > + continue > + } > + } > + } > + > if { $enable } { > if {[do_enable $enauser $enapasswd]} { > if { $do_command || $do_script } { > @@ -734,6 +787,7 @@ > } > } > } > + > # we are logged in, now figure out the full prompt > send "\r" > expect { From owner-rancid-discuss-outgoing@shrubbery.net Mon Aug 15 00:56:01 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id ECCB711CE3C for ; Mon, 15 Aug 2005 00:56:00 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 1BEA8864FA; Sun, 14 Aug 2005 17:56:00 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 1619886500; Sun, 14 Aug 2005 17:56:00 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 59A7E864FE; Sun, 14 Aug 2005 17:55:59 -0700 (PDT) Date: Sun, 14 Aug 2005 17:55:59 -0700 From: john heasley To: Justin Grote Cc: Russell Brenner , rancid-discuss@shrubbery.net Subject: Re: Subversion and Rancid Message-ID: <20050815005559.GC22602@shrubbery.net> References: <20050808011344.C1F44864EC@guelah.shrubbery.net> <42F79B78.9070504@grote.name> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42F79B78.9070504@grote.name> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I've integrated your patch for Subversion (more or less), plus a few misc bits, into: ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a3.tar.gz It'l likely need a little tweaking, but appears to work just fine. Mon, Aug 08, 2005 at 11:50:48AM -0600, Justin Grote: > Russell Brenner wrote: > > >Hi Folks, > > > >Back in November 2004 there was some talk of a patch for Rancid that > >incorporate Subversion. > > > >I've not been able to find a copy of that diff anywhere (rancidSVN.diff), > >does anybody know where this patch lies or can contact me off list to grab > >a > >copy? > > > > > http://svn.dastylinrastan.com/rastan/rancidSVN/RancidSVN-2.3.1.patch > > You can also just check out the rancidSVN directory and install it > normally like rancid. > > I wrote this patch because it was pretty easy to do. It is a drop-in > replacement for the CVS rancid. I was going to make a separate patch > that would make subversion optional so that it could be merged into the > mainline rancid tree, but this worked so well that I really didn't have > any reason to do it. I will continue to track the major RANCID releases > and merge in those changes appropriately. Maybe one of these days I'll > get off my ass and write an optional patch so that subversion support > can be merged into the mainline rancid, as my patch seems to be pretty > popular. > > The site above might be a little slow for a couple of weeks, as I am in > the process of moving the host to a new provider. > > -- > __________________________ > Justin Grote > Network Architect > JWG Networks > From owner-rancid-discuss-outgoing@shrubbery.net Mon Aug 15 01:28:20 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 21EB711CE3C for ; Mon, 15 Aug 2005 01:28:19 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 3B38B86500; Sun, 14 Aug 2005 18:28:19 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 32E5586505; Sun, 14 Aug 2005 18:28:19 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S3.cableone.net (s3.cableone.net [24.116.0.229]) by guelah.shrubbery.net (Postfix) with ESMTP id AF73486500; Sun, 14 Aug 2005 18:28:17 -0700 (PDT) Received: from [192.168.1.100] (unverified [24.119.117.0]) by S3.cableone.net (CableOne SMTP Service S3) with ESMTP id 28253814 for multiple; Sun, 14 Aug 2005 18:49:32 -0700 Message-ID: <42FFEFA9.3020600@grote.name> Date: Sun, 14 Aug 2005 19:28:09 -0600 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: john heasley Cc: Russell Brenner , rancid-discuss@shrubbery.net Subject: Re: Subversion and Rancid References: <20050808011344.C1F44864EC@guelah.shrubbery.net> <42F79B78.9070504@grote.name> <20050815005559.GC22602@shrubbery.net> In-Reply-To: <20050815005559.GC22602@shrubbery.net> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms090700010800080209020002" X-IP-stats: Incoming Last 1, First 9, in=3, out=0, spam=0 X-External-IP: 24.119.117.0 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms090700010800080209020002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit john heasley wrote: >I've integrated your patch for Subversion (more or less), plus a few misc >bits, into: > > ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a3.tar.gz > >It'l likely need a little tweaking, but appears to work just fine. > > Excellent. Thanks for taking the extra mile. I'll be sure to test it thoroughly and see if I can unravel any bugs. Hope everyone enjoys subversion support as much as I have. I hope in the next couple of weeks to submit another patch that I've been using for a while that allows distributed rancid collectors at various sites to commit to a central repository, thanks to subversion's remote committing. Thanks again John, I appreciate it. -- __________________________ Justin Grote Network Architect JWG Networks --------------ms090700010800080209020002 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH4TCC AkswggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1 WjBDMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFq dXN0aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU 35//szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumT OCT8RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDe pN52h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYD VR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/ fe06atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipL dazYsqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAksw ggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1WjBD MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqdXN0 aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU35// szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumTOCT8 RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDepN52 h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYDVR0T AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/fe06 atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipLdazY sqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAz8wggKo oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwt ZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+ uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNV HRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNv bS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAg pB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzR UIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDgxNTAxMjgwOVowIwYJKoZIhvcN AQkEMRYEFBAyE+akBr+ItdrpZauv6inutBiYMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMONiwwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMA0GCSqGSIb3DQEBAQUABIGAjIXU QwHk750zCl85EV4+cYBjM5lbt+l5LvQcsN2++nUA6MXRGQ5c1ZSRJH3L5vSNTYr1RzdS6QUF KRmOQm0xFSun/pwIjIv7nGC+OQPsNxaux5qLTNbyaheM5zYsBITi1KH/yaobCeNSgvonubn9 Bfu2AC8fF1We3+Bxl2+zXR0AAAAAAAA= --------------ms090700010800080209020002-- From owner-rancid-discuss-outgoing@shrubbery.net Tue Aug 16 05:45:36 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 8F54911CE7B for ; Tue, 16 Aug 2005 05:45:36 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id A8E46864D5; Mon, 15 Aug 2005 22:45:35 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id A0598864EB; Mon, 15 Aug 2005 22:45:35 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from sled.gsfc.nasa.gov (sled.gsfc.nasa.gov [198.119.28.21]) by guelah.shrubbery.net (Postfix) with ESMTP id 7D6E4864D5 for ; Mon, 15 Aug 2005 22:45:34 -0700 (PDT) Received: from frakir.gsfc.nasa.gov (frakir.gsfc.nasa.gov [198.119.28.35]) by sled.gsfc.nasa.gov (8.12.11/8.12.11) with ESMTP id j7G5j2vb014155; Tue, 16 Aug 2005 01:45:02 -0400 (EDT) Received: from frakir.gsfc.nasa.gov (localhost [127.0.0.1]) by frakir.gsfc.nasa.gov (8.13.4/8.13.4/Debian-3) with ESMTP id j7G5j1Xu022721; Tue, 16 Aug 2005 01:45:01 -0400 Received: (from morty@localhost) by frakir.gsfc.nasa.gov (8.13.4/8.13.4/Submit) id j7G5j1ro022720; Tue, 16 Aug 2005 01:45:01 -0400 From: Morty Abzug Date: Tue, 16 Aug 2005 01:45:01 -0400 To: rancid-discuss@shrubbery.net Subject: forethought/Marconi support Message-ID: <20050816054501.GJ20934@frakir.gsfc.nasa.gov> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="mxv5cy4qt+RJ9ypb" Content-Disposition: inline User-Agent: Mutt/1.5.9i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --mxv5cy4qt+RJ9ypb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The attached patch includes support for Fore/Marconi devices running the Forethought OS. I started with the Juniper scripts and hacked 'til it worked. Please let me know if this is acceptable. Thanks! - Morty --mxv5cy4qt+RJ9ypb Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rancid-2.3.1-local-p5.patch" diff -Nur rancid-2.3.1-local-p4/bin/forelogin.in rancid-2.3.1-local-p5/bin/forelogin.in --- rancid-2.3.1-local-p4/bin/forelogin.in 1969-12-31 19:00:00.000000000 -0500 +++ rancid-2.3.1-local-p5/bin/forelogin.in 2005-08-16 01:23:08.000000000 -0400 @@ -0,0 +1,526 @@ +#! @EXPECT_PATH@ -- +## +## $Id: jlogin.in,v 1.46 2004/03/11 19:36:25 heas Exp $ +## +## Copyright (C) 1997-2004 by Terrapin Communications, Inc. +## All rights reserved. +## +## This software may be freely copied, modified and redistributed +## without fee for non-commerical purposes provided that this license +## remains intact and unmodified with any RANCID distribution. +## +## There is no warranty or other guarantee of fitness of this software. +## It is provided solely "as is". The author(s) disclaim(s) all +## responsibility and liability with respect to this software's usage +## or its effect upon hardware, computer systems, other software, or +## anything else. +## +## Except where noted otherwise, rancid was written by and is maintained by +## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. +## +# +# The login expect scripts were based on Erik Sherk's gwtn, by permission. +# +# jlogin - juniper login +# +# Most options are intuitive for logging into a Cisco router. +# The default username password is the same as the vty password. +# + +# Usage line +set usage "Usage: $argv0 \[-c command\] \[-Evar=x\] \[-f cloginrc-file\] \ +\[-p user-password\] \[-r passphrase\] \[-s script-file\] \ +\[-u username\] \[-t timeout\] \[-x command-file\] \[-y ssh_cypher_type\] \ +router \[router...\]\n" + +# env(CLOGIN) may contain the following chars: +# x == do not set xterm banner or name + +# Password file +set password_file $env(HOME)/.cloginrc +# Default is to login to the router +set do_command 0 +set do_script 0 +# The default is to automatically enable +set avenable 1 +# The default is to look in the password file to find the passwords. This +# tracks if we receive them on the command line. +set do_passwd 1 + +# Find the user in the ENV, or use the unix userid. +if {[ info exists env(CISCO_USER) ] } { + set default_user $env(CISCO_USER) +} elseif {[ info exists env(USER) ]} { + set default_user $env(USER) +} elseif {[ info exists env(LOGNAME) ]} { + set default_user $env(LOGNAME) +} else { + # This uses "id" which I think is portable. At least it has existed + # (without options) on all machines/OSes I've been on recently - + # unlike whoami or id -nu. + if [ catch {exec id} reason ] { + send_error "\nError: could not exec id: $reason\n" + exit 1 + } + regexp {\(([^)]*)} "$reason" junk default_user +} + +# Sometimes routers take awhile to answer (the default is 10 sec) +set timeout 120 + +# Process the command line +for {set i 0} {$i < $argc} {incr i} { + set arg [lindex $argv $i] + + switch -glob -- $arg { + # Command to run. + -c* - + -C* { + if {! [ regexp .\[cC\](.+) $arg ignore command]} { + incr i + set command [ lindex $argv $i ] + } + set do_command 1 + # Environment variable to pass to -s scripts + } -E* + { + if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { + set E$varname $varvalue + } else { + send_user "\nError: invalid format for -E in $arg\n" + exit 1 + } + # alternate cloginrc file + } -f* - + -F* { + if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { + incr i + set password_file [ lindex $argv $i ] + } + # user Password + } -p* - + -P* { + if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { + incr i + set userpasswd [ lindex $argv $i ] + } + set do_passwd 0 + # passphrase + } -r* - + -R* { + if {! [ regexp .\[rR\](.+) $arg ignore passphrase]} { + incr i + set avpassphrase [ lindex $argv $i ] + } + # Expect script to run. + } -s* - + -S* { + if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { + incr i + set sfile [ lindex $argv $i ] + } + if { ! [ file readable $sfile ] } { + send_user "\nError: Can't read $sfile\n" + exit 1 + } + set do_script 1 + # Timeout + } -t* - + -T* { + if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { + incr i + set timeout [ lindex $argv $i ] + } + # Username + } -u* - + -U* { + if {! [ regexp .\[uU\](.+) $arg ignore user]} { + incr i + set username [ lindex $argv $i ] + } + # command file + } -x* - + -X* { + if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { + incr i + set cmd_file [ lindex $argv $i ] + } + if [ catch {set cmd_fd [open $cmd_file r]} reason ] { + send_user "\nError: $reason\n" + exit 1 + } + set cmd_text [read $cmd_fd] + close $cmd_fd + set command [join [split $cmd_text \n] \;] + set do_command 1 + # 'ssh -c' cypher type + } -y* - + -Y* { + if {! [ regexp .\[yY\](.+) $arg ignore cypher]} { + incr i + set cypher [ lindex $argv $i ] + } + } -* { + send_user "\nError: Unknown argument! $arg\n" + send_user $usage + exit 1 + } default { + break + } + } +} +# Process routers...no routers listed is an error. +if { $i == $argc } { + send_user "\nError: $usage" +} + +# Only be quiet if we are running a script (it can log its output +# on its own) +if { $do_script } { + log_user 0 +} else { + log_user 1 +} + +# +# Done configuration/variable setting. Now run with it... +# + +# Sets Xterm title if interactive...if its an xterm and the user cares +proc label { host } { + global env + # if CLOGIN has an 'x' in it, don't set the xterm name/banner + if [info exists env(CLOGIN)] { + if {[string first "x" $env(CLOGIN)] != -1} { return } + } + # take host from ENV(TERM) + if [info exists env(TERM)] { + if [regexp \^(xterm|vs) $env(TERM) ignore ] { + send_user "\033]1;[lindex [split $host "."] 0]\a" + send_user "\033]2;$host\a" + } + } +} + +# This is a helper function to make the password file easier to +# maintain. Using this the password file has the form: +# add password sl* pete cow +# add password at* steve +# add password * hanky-pie +proc add {var args} { global int_$var ; lappend int_$var $args} +proc include {args} { + global env + regsub -all "(^{|}$)" $args {} args + if { [ regexp "^/" $args ignore ] == 0 } { + set args $env(HOME)/$args + } + source_password_file $args +} + +proc find {var router} { + upvar int_$var list + if { [info exists list] } { + foreach line $list { + if { [string match [lindex $line 0] $router ] } { + return [lrange $line 1 end] + } + } + } + return {} +} + +# Loads the password file. Note that as this file is tcl, and that +# it is sourced, the user better know what to put in there, as it +# could install more than just password info... I will assume however, +# that a "bad guy" could just as easy put such code in the clogin +# script, so I will leave .cloginrc as just an extention of that script +proc source_password_file { password_file } { + global env + if { ! [file exists $password_file] } { + send_user "\nError: password file ($password_file) does not exist\n" + exit 1 + } + file stat $password_file fileinfo + if { [expr ($fileinfo(mode) & 007)] != 0000 } { + send_user "\nError: $password_file must not be world readable/writable\n" + exit 1 + } + if [ catch {source $password_file} reason ] { + send_user "\nError: $reason\n" + exit 1 + } +} + +# Log into the router. +proc login { router user passwd cmethod cyphertype identfile} { + global spawn_id in_proc do_command do_script passphrase prompt + global sshcmd + set in_proc 1 + + # try each of the connection methods in $cmethod until one is successful + set progs [llength $cmethod] + foreach prog [lrange $cmethod 0 end] { + if [string match "telnet*" $prog] { + regexp {telnet(:([^[:space:]]+))*} $prog command suffix port + if {"$port" == ""} { + set retval [ catch {spawn telnet $router} reason ] + } else { + set retval [ catch {spawn telnet $router $port} reason ] + } + if { $retval } { + send_user "\nError: telnet failed: $reason\n" + exit 1 + } + } elseif ![string compare $prog "ssh"] { + # ssh to the router & try to login with or without an identfile. + # We use two calls to spawn since spawn does not seem to parse + # spaces correctly. + if {$identfile != ""} { + if [ catch {spawn $sshcmd -c $cyphertype -x -l $user -i $identfile $router} reason ] { + send_user "\nError: failed to $sshcmd: $reason\n" + exit 1 + } + } else { + if [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] { + send_user "\nError: failed to $sshcmd: $reason\n" + exit 1 + } + } + } elseif ![string compare $prog "rsh"] { + if [ catch {spawn rsh -l $user $router} reason ] { + send_user "\nError: rsh failed: $reason\n" + exit 1 + } + } else { + puts "\nError: unknown connection method: $prog" + return 1 + } + incr progs -1 + sleep 0.3 + + # This helps cleanup each expect clause. + expect_after { + timeout { + send_user "\nError: TIMEOUT reached\n" + catch {close}; wait + if { $in_proc} { + return 1 + } else { + continue + } + } eof { + send_user "\nError: EOF received\n" + catch {close}; wait + if { $in_proc} { + return 1 + } else { + continue + } + } + } + + # Here we get a little tricky. There are several possibilities: + # the router can ask for a username and passwd and then + # talk to the TACACS server to authenticate you, or if the + # TACACS server is not working, then it will use the enable + # passwd. Or, the router might not have TACACS turned on, + # then it will just send the passwd. + expect { + -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { + catch {close}; wait + if !$progs { + send_user "\nError: Connection Refused ($prog)\n"; return 1 + } + } + eof { send_user "\nError: Couldn't login\n"; wait; return 1 + } -nocase "unknown host\r\n" { + catch {close}; + send_user "\nError: Unknown host\n"; wait; return 1 + } "Host is unreachable" { + catch {close}; + send_user "\nError: Host Unreachable!\n"; wait; return 1 + } "No address associated with name" { + catch {close}; + send_user "\nError: Unknown host\n"; wait; return 1 + } + "Login incorrect" { + send_user "\nError: Check your password for $router\n" + catch {close}; wait; return 1 + } + -re "Enter passphrase.*: " { + # sleep briefly to allow time for stty -echo + sleep 1 + send "$passphrase\r" + exp_continue } + -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { + send "yes\r" + send_user "\nHost $router added to the list of known hosts.\n" + exp_continue } + -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { + send "no\r" + send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" + return 1 } + -re "Offending key for .* \(yes\/no\)\?" { + send "no\r" + send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" + return 1 } + -re "(Username|\[\r\n]login):" { + send "$user\r" + exp_continue + } + "\[Pp]assword:" { + sleep 1; send "$passwd\r" + exp_continue + } + -re "$prompt" { break; } + denied { send_user "\nError: Check your password for $router\n" + catch {close}; wait; return 1 + } + } + } + + # we are logged in, now figure out the full prompt + send "\r" + expect { + -re "(\r\n|\n)" { exp_continue; } + -re "^\r*(\[^\r\n]*$prompt)" { set prompt $expect_out(1,string); + } + + } + set in_proc 0 + return 0 +} + +# Run commands given on the command line. +proc run_commands { prompt command } { + global in_proc + set in_proc 1 + + send "rows 0\r" + expect -exact "rows 0\r\n\r\n" + expect -exact $prompt {} + + match_max 100000 + + # Is this a multi-command? + if [ string match "*\;*" "$command" ] { + set commands [split $command \;] + set num_commands [llength $commands] + + for {set i 0} {$i < $num_commands} { incr i} { + send "[lindex $commands $i]\r" + expect { + -exact "$prompt" {} + -re "(\r\n|\n)" { exp_continue } + } + } + } else { + send "$command\r" + expect { + -exact "$prompt" {} + -re "(\r\n|\n)" { exp_continue } + } + } + send "quit" + expect "quit"; # hackery or Fore device will kick us out before echoing + send "\r" + expect { + "\n" { exp_continue } + timeout { return 0 } + eof { return 0 } + } + set in_proc 0 +} + +# +# For each router... (this is main loop) +# +source_password_file $password_file +set in_proc 0 +foreach router [lrange $argv $i end] { + set router [string tolower $router] + send_user "$router\n" + + set prompt ">" + + # Figure out username + if {[info exists username]} { + # command line username + set loginname $username + } else { + set loginname [join [find user $router] ""] + if { "$loginname" == "" } { set loginname $default_user } + } + + # Figure out loginname's password (if different from the vty password) + if {[info exists userpasswd]} { + # command line passwd + set passwd $userpasswd + } else { + set passwd [join [lindex [find userpassword $router] 0] ""] + if { "$passwd" == "" } { + set passwd [join [lindex [find password $router] 0] ""] + if { "$passwd" == "" } { + send_user "\nError: no password for $router in $password_file.\n" + continue + } + } + } + + # Figure out identity file to use + set identfile [join [lindex [find identity $router] 0] ""] + + # Figure out passphrase to use + if {[info exists avpassphrase]} { + set passphrase $avpassphrase + } else { + set passphrase [join [lindex [find passphrase $router] 0] ""] + } + if { ! [string length "$passphrase"]} { + set passphrase $passwd + } + + # Figure out ssh cypher type + if {[info exists cypher]} { + # command line ssh cypher type + set cyphertype $cypher + } else { + set cyphertype [find cyphertype $router] + if { "$cyphertype" == "" } { set cyphertype "3des" } + } + + # Figure out connection method + set cmethod [find method $router] + if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } + + # Figure out the SSH executable name + set sshcmd [find sshcmd $router] + if { "$sshcmd" == "" } { set sshcmd {ssh} } + + # Login to the router + if {[login $router $loginname $passwd $cmethod $cyphertype $identfile]} { + continue + } + + if { $do_command } { + if {[run_commands $prompt $command]} { + continue + } + } elseif { $do_script } { + send "set cli complete-on-space off\r" + expect -re $prompt {} + send "set cli screen-length 0\r" + expect -re $prompt {} + source $sfile + close + } else { + label $router + log_user 1 + interact + } + + # End of for each router + wait + sleep 0.3 +} +exit 0 diff -Nur rancid-2.3.1-local-p4/bin/forerancid.in rancid-2.3.1-local-p5/bin/forerancid.in --- rancid-2.3.1-local-p4/bin/forerancid.in 1969-12-31 19:00:00.000000000 -0500 +++ rancid-2.3.1-local-p5/bin/forerancid.in 2005-08-16 01:23:54.000000000 -0400 @@ -0,0 +1,361 @@ +#! @PERLV_PATH@ +## +## $Id: jrancid.in,v 1.61 2004/06/05 04:02:08 asp Exp $ +## +## Copyright (C) 1997-2004 by Terrapin Communications, Inc. +## All rights reserved. +## +## This software may be freely copied, modified and redistributed +## without fee for non-commerical purposes provided that this license +## remains intact and unmodified with any RANCID distribution. +## +## There is no warranty or other guarantee of fitness of this software. +## It is provided solely "as is". The author(s) disclaim(s) all +## responsibility and liability with respect to this software's usage +## or its effect upon hardware, computer systems, other software, or +## anything else. +## +## Except where noted otherwise, rancid was written by and is maintained by +## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. +## +# +# Amazingly hacked version of Hank's rancid - this one tries to +# deal with Marconis +# +# RANCID - Really Awesome New Cisco confIg Differ +# +# usage: jrancid [-d] [-l] [-f filename | $host] +# +use Getopt::Std; +getopts('dfl'); +$debug = $opt_d; +$log = $opt_l; +$file = $opt_f; +$host = $ARGV[0]; + +$clean_run = 0; +$found_end = 0; + +my(%filter_pwds); # password filtering mode + +# This routine is used to print out the router configuration +sub ProcessHistory { + my($new_hist_tag,$new_command,$command_string,@string)=(@_); + if((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) + && defined %history) { + print eval "$command \%history"; + undef %history; + } + if (($new_hist_tag) && ($new_command) && ($command_string)) { + if ($history{$command_string}) { + $history{$command_string} = "$history{$command_string}@string"; + } else { + $history{$command_string} = "@string"; + } + } elsif (($new_hist_tag) && ($new_command)) { + $history{++$#history} = "@string"; + } else { + print "@string"; + } + $hist_tag = $new_hist_tag; + $command = $new_command; + 1; +} + +sub numerically { $a <=> $b; } + +# This is a sort routing that will sort numerically on the +# keys of a hash as if it were a normal array. +sub keynsort { + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $key (sort numerically keys(%lines)) { + $sorted_lines[$i] = $lines{$key}; + $i++; + } + @sorted_lines; +} + +# This is a sort routing that will sort on the +# keys of a hash as if it were a normal array. +sub keysort { + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $key (sort keys(%lines)) { + $sorted_lines[$i] = $lines{$key}; + $i++; + } + @sorted_lines; +} + +# This is a sort routing that will sort on the +# values of a hash as if it were a normal array. +sub valsort{ + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $key (sort values %lines) { + $sorted_lines[$i] = $key; + $i++; + } + @sorted_lines; +} + +# This is a numerical sort routing (ascending). +sub numsort { + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $num (sort {$a <=> $b} keys %lines) { + $sorted_lines[$i] = $lines{$num}; + $i++; + } + @sorted_lines; +} + +# This is a sort routine that will sort on the +# ip address when the ip address is anywhere in +# the strings. +sub ipsort { + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $addr (sort sortbyipaddr keys %lines) { + $sorted_lines[$i] = $lines{$addr}; + $i++; + } + @sorted_lines; +} + +# These two routines will sort based upon IP addresses +sub ipaddrval { + my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); + $a[3]+256*($a[2]+256*($a[1]+256*$a[0])); +} +sub sortbyipaddr { + &ipaddrval($a) <=> &ipaddrval($b); +} + +### +### Start of real work +### + +# This routine parses "show chassis clocks" +# This routine parses "system filesystem dir" +sub SystemFilesystemDir { + print STDERR " In SystemFilesystemDir: $_" if ($debug); + + s/^.*>\s*(.*)/Output of $1:/; + ProcessHistory("","","","# $_"); + while () { + tr/\015//d; + last if(/^$prompt/); + + ProcessHistory("","","","# $_"); + } + return; +} + +# This routine parses assorted hardware show commands +sub HardwareShow { + print STDERR " In ShowChassisFirmware: $_" if ($debug); + + s/^.*>\s*(.*)/Output of $1:/; + ProcessHistory("","","","# $_"); + while () { + tr/\015//d; + last if(/^$prompt/); + + ProcessHistory("","","","# $_"); + } + return; +} + +# This routine parses "system batch show" +sub SystemBatchShow { + my($lines) = 0; + my($snmp) = 0; + print STDERR " In SystemBatchShow: $_" if ($debug); + + s/^.*>\s*(.*)/Output of $1:/; + ProcessHistory("","","","# $_"); + while () { + tr/\015//d; + # end of config - hopefully. fore does not have a reliable + # end-of-config tag. appears to end with "\n", but not sure. + if(/^$/) { + $found_end++; + last; + } + $lines++; + + # filter snmp community when appropriate + if (/^(security login new )(.*)( snmp community .*)$/) { + if (defined($ENV{'NOCOMMSTR'})) { + $_ = "$1\"\"$3\n"; + } + } + if (/^(security login _rawpassword new \S+ )\S+$/ && $filter_pwds >= 2) { + ProcessHistory("","","","$1$'"); + next; + } + ProcessHistory("","","","$_"); + } + + if ($lines < 3) { + printf(STDERR "ERROR: $host configuration appears truncated.\n"); + $found_end = 0; + return(-1); + } + + return; +} + +### +### End of real work +### + +# dummy function +sub DoNothing {print STDOUT;} + +# Main +%commands=( + "system filesystem dir" => "SystemFilesystemDir", + "hardware cecplus show" => "HardwareShow", + "hardware chassis" => "HardwareShow", + "hardware dualscp show" => "HardwareShow", + "hardware fabric show" => "HardwareShow", + "hardware fans" => "HardwareShow", + "hardware netmod show" => "HardwareShow", + "hardware port show" => "HardwareShow", + "hardware power" => "HardwareShow", + "hardware scp show" => "HardwareShow", + "hardware temperature" => "HardwareShow", + "interface ip show" => "HardwareShow", + "interface if show" => "HardwareShow", + "system batch show" => "SystemBatchShow", +); +@commands=( + "system filesystem dir", + "hardware cecplus show", + "hardware chassis", + "hardware dualscp show", + "hardware fabric show", + "hardware fans", + "hardware netmod show", + "hardware port show", + "hardware power", + "hardware temperature", + "hardware scp show", + "interface ip show", + "interface if show", + "system batch show", +); + +$fore_commands=join(";",@commands); +$cmds_regexp=join("|",@commands); + +open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; +select(OUTPUT); +# make OUTPUT unbuffered +if ($debug) { $| = 1; } + +if ($file) { + print STDERR "opening file $host\n" if ($debug); + print STDOUT "opening file $host\n" if ($log); + open(INPUT,"< $host") || die "open failed for $host: $!\n"; +} else { + print(STDERR "executing echo forelogin -c\"$fore_commands\" $host\n") if ($debug); + print(STDOUT "executing echo forelogin -c\"$fore_commands\" $host\n") if ($debug); + + if (defined($ENV{NOPIPE})) { + system "forelogin -c \"$fore_commands\" $host $host.raw" || die "forelogin failed for $host: $!\n"; + open(INPUT, "< $host.raw") || die "forelogin failed for $host: $!\n"; + } else { + open(INPUT,"forelogin -c \"$fore_commands\" $host ) { + tr/\015//d; + if (/^Error:/) { + print STDOUT ("$host forelogin error: $_"); + print STDERR ("$host forelogin error: $_") if ($debug); + $clean_run=0; + last; + } + if (/System shutdown message/) { + print STDOUT ("$host shutdown msg: $_"); + print STDERR ("$host shutdown msg: $_") if ($debug); + $clean_run = 0; + last; + } + if (/error: cli version does not match Managment Daemon/i) { + print STDOUT ("$host mgd version mismatch: $_"); + print STDERR ("$host mgd version mismatch: $_") if ($debug); + $clean_run = 0; + last; + } + while (/>\s*($cmds_regexp)\s*$/) { + $cmd = $1; + if (!defined($prompt)) { + $prompt = ($_ =~ /^([^>]+>)/)[0]; + $prompt =~ s/([][}{)(\\])/\\$1/g; + print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); + } + print STDERR ("HIT COMMAND:$_") if ($debug); + if (! defined($commands{$cmd})) { + print STDERR "$host: found unexpected command - \"$cmd\"\n"; + $clean_run = 0; + last TOP; + } + $rval = &{$commands{$cmd}}; + delete($commands{$cmd}); + if ($rval == -1) { + $clean_run = 0; + last TOP; + } + } + if (/>\s*quit/) { + $clean_run=1; + last; + } +} +print STDOUT "Done forelogin: $_\n" if ($log); +# Flush History +ProcessHistory("","","",""); +# Cleanup +close(INPUT); +close(OUTPUT); + +if (defined($ENV{NOPIPE})) { + unlink("$host.raw") if (! $debug); +} + +# check for completeness +$commands = join(", ", keys(%commands)); +if (scalar(%commands) || !$clean_run || !$found_end) { + if (scalar(%commands)) { + printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); + printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); + } + if (!$clean_run || !$found_end) { + print STDOUT "$host: End of run not found\n"; + print STDERR "$host: End of run not found\n" if ($debug); + system("/usr/bin/tail -1 $host.new"); + } + unlink "$host.new" if (! $debug); +} diff -Nur rancid-2.3.1-local-p4/bin/rancid-fe.in rancid-2.3.1-local-p5/bin/rancid-fe.in --- rancid-2.3.1-local-p4/bin/rancid-fe.in 2004-01-10 22:49:13.000000000 -0500 +++ rancid-2.3.1-local-p5/bin/rancid-fe.in 2005-08-16 01:24:46.000000000 -0400 @@ -37,6 +37,7 @@ elsif ($vendor =~ /^erx$/i) { exec('jerancid', $router); } elsif ($vendor =~ /^extreme$/i) { exec('xrancid', $router); } elsif ($vendor =~ /^ezt3$/i) { exec('erancid', $router); } +elsif ($vendor =~ /^fore$/i) { exec('forerancid', $router); } elsif ($vendor =~ /^force10$/i) { exec('f10rancid', $router); } elsif ($vendor =~ /^foundry$/i) { exec('francid', $router); } elsif ($vendor =~ /^hitachi$/i) { exec('htrancid', $router); } --mxv5cy4qt+RJ9ypb-- From owner-rancid-discuss-outgoing@shrubbery.net Tue Aug 16 05:56:43 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0DF5711CE91 for ; Tue, 16 Aug 2005 05:56:42 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 1D0B1864F1; Mon, 15 Aug 2005 22:56:42 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 14B34864F6; Mon, 15 Aug 2005 22:56:42 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from daedalus.andrew.net.au (daedalus.andrew.net.au [210.18.204.2]) by guelah.shrubbery.net (Postfix) with ESMTP id E18BC864F1 for ; Mon, 15 Aug 2005 22:56:40 -0700 (PDT) Received: from daedalus.andrew.net.au (daedalus.andrew.net.au [127.0.0.1]) by daedalus.andrew.net.au (8.13.4/8.13.4/Debian-3) with ESMTP id j7G5u4Fm005656 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 16 Aug 2005 15:56:05 +1000 Received: (from apollock@localhost) by daedalus.andrew.net.au (8.13.4/8.13.4/Submit) id j7G5u47s005655 for rancid-discuss@shrubbery.net; Tue, 16 Aug 2005 15:56:04 +1000 Date: Tue, 16 Aug 2005 15:56:04 +1000 From: Andrew Pollock To: rancid-discuss@shrubbery.net Subject: Out of band access to devices? Message-ID: <20050816055604.GB26901@daedalus.andrew.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i X-Scanned-By: MIMEDefang 2.51 on 127.0.0.1 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, Way back in December of 2003, I asked the question of out of band access. I'm back in a similar environment where I have a number of Cisco switches attached to Cyclades AlterPath ACS console-access servers, and all remove access to the switches is disabled. Telnet isn't an option, and I suspect that the IOS version doesn't include crypto, so I can't enable SSH access. So the only way of managing the devices is via SSHing to the Cyclades and getting on the console port. We can SSH directly to a specific port of the Cyclades, and after authenticating, get on the console attached to that port, and disconnect by way of the standard SSH disconnect break sequence when we're done. I'm wondering if RANCID has evolved over the last nearly 2 years to include such out of band access to devices, or if it's much of a muchness still? regards Andrew From owner-rancid-discuss-outgoing@shrubbery.net Tue Aug 16 14:48:34 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D2F1811CEE4 for ; Tue, 16 Aug 2005 14:48:34 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id D2DDE864D5; Tue, 16 Aug 2005 07:48:33 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C7D47864F1; Tue, 16 Aug 2005 07:48:33 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S4.cableone.net (s4.cableone.net [24.116.0.230]) by guelah.shrubbery.net (Postfix) with ESMTP id A5E02864D5 for ; Tue, 16 Aug 2005 07:48:32 -0700 (PDT) Received: from [192.168.1.100] (unverified [24.119.117.0]) by S4.cableone.net (CableOne SMTP Service S4) with ESMTP id 28221388 for multiple; Tue, 16 Aug 2005 07:53:37 -0700 Message-ID: <4301FCA8.9030704@grote.name> Date: Tue, 16 Aug 2005 08:48:08 -0600 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew Pollock Cc: rancid-discuss@shrubbery.net Subject: Re: Out of band access to devices? References: <20050816055604.GB26901@daedalus.andrew.net.au> In-Reply-To: <20050816055604.GB26901@daedalus.andrew.net.au> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020808080408030802070500" X-IP-stats: Incoming Last 4, First 67, in=16, out=0, spam=0 X-External-IP: 24.119.117.0 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms020808080408030802070500 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Andrew Pollock wrote: >Hi, > >Way back in December of 2003, I asked the question of out of band access. > >I'm back in a similar environment where I have a number of Cisco switches >attached to Cyclades AlterPath ACS console-access servers, and all remove >access to the switches is disabled. Telnet isn't an option, and I suspect >that the IOS version doesn't include crypto, so I can't enable SSH access. > > Why is telnet not an option? Apply an access list that only allows telnet access from the RANCID server and put telnet filters on your edge routers and/or put the management interfaces of the switches on their own VLAN and isolated from any outside connections. That's what most RANCID users that I know do. You'll be secure to all forms of attack except a source-spoofed replay attack or a packet capture between your RANCID collector and the switches, but that would have to a) originate inside your system, b) know the IP address of your RANCID collector, and c) know your switch password. Anyone with this kind of knowledge probably works in your company and is going to get in if they really want to, just by SSHing to your console access server. >So the only way of managing the devices is via SSHing to the Cyclades and >getting on the console port. We can SSH directly to a specific port of the >Cyclades, and after authenticating, get on the console attached to that >port, and disconnect by way of the standard SSH disconnect break sequence >when we're done. > >I'm wondering if RANCID has evolved over the last nearly 2 years to include >such out of band access to devices, or if it's much of a muchness still? > > It doesn't specifically support it, but the framework is certainly there. All you'd have to do is add a new connection method to clogin. If the console server allows direct connection to the switch just by accessing the specific port (and there are no menus or anything else in the way), the SSH clogin method may probably even work out of the box, if you specify the port in cloginrc. -- __________________________ Justin Grote Network Architect JWG Networks --------------ms020808080408030802070500 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH4TCC AkswggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1 WjBDMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFq dXN0aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU 35//szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumT OCT8RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDe pN52h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYD VR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/ fe06atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipL dazYsqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAksw ggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1WjBD MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqdXN0 aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU35// szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumTOCT8 RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDepN52 h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYDVR0T AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/fe06 atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipLdazY sqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAz8wggKo oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwt ZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+ uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNV HRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNv bS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAg pB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzR UIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDgxNjE0NDgwOFowIwYJKoZIhvcN AQkEMRYEFDhqKufM+rKDyK24PvC66UwmU5IdMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMONiwwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMA0GCSqGSIb3DQEBAQUABIGAU8hF Qreh1AP0P5QTQHnXK6CYYtE26+I9ETeKdkGou5VquPrOCk1zZvLTciEMtYhQ6yv89d/Oy51k P3trMMotBrsyKXwCsId7t2h7FV+WWFw1uekuOIGkBKLHkg00BX03mzcTm89mzt3pBL8xV4wR gn8ANmCS8gIX7umfXeROMXgAAAAAAAA= --------------ms020808080408030802070500-- From owner-rancid-discuss-outgoing@shrubbery.net Wed Aug 17 08:34:38 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7D5FB11CE3C for ; Wed, 17 Aug 2005 08:34:38 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 9953E864EB; Wed, 17 Aug 2005 01:34:37 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8DB2C864F1; Wed, 17 Aug 2005 01:34:37 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from stargate.spray.se (stargate.spray.se [212.78.194.91]) by guelah.shrubbery.net (Postfix) with ESMTP id 25323864D5 for ; Wed, 17 Aug 2005 01:34:35 -0700 (PDT) Received: from diamant.i.spray.se (Not Verified[10.46.4.22]) by stargate.spray.se id ; Wed, 17 Aug 2005 10:27:25 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Out of band access to devices? Date: Wed, 17 Aug 2005 10:34:16 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Out of band access to devices? Thread-Index: AcWiJ0zVGg8w6GbvQQCbvmQMzKAVZQA3rg7w From: =?iso-8859-1?Q?H=E5kan_Lindholm?= To: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Andrew Pollock wrote: > So the only way of managing the devices is via SSHing to the Cyclades > and getting on the console port. We can SSH directly to a specific > port of the Cyclades, and after authenticating, get on the console > attached to that port, and disconnect by way of the standard SSH > disconnect break sequence when we're done. If you setup "all.ipno" in pslave.conf, you can even get unique IP = addresses for each serial port. Build your own hosts file and you can = make it look like in-band access.. I haven't done it myself, but seems straight forward (knock knock) in = the docs.. > I'm wondering if RANCID has evolved over the last nearly 2 years to > include such out of band access to devices, or if it's much of a > muchness still?=20 You mean to use a port number on the TS instead of IP address. Maybe = you don't need it after all... /H From owner-rancid-discuss-outgoing@shrubbery.net Thu Aug 25 08:14:32 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0132E11CE30 for ; Thu, 25 Aug 2005 08:14:31 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id A1EA0864F9; Thu, 25 Aug 2005 01:14:30 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 95EE7864FE; Thu, 25 Aug 2005 01:14:30 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.203]) by guelah.shrubbery.net (Postfix) with ESMTP id ADC37864F6 for ; Thu, 25 Aug 2005 01:14:29 -0700 (PDT) Received: by zproxy.gmail.com with SMTP id i11so169553nzh for ; Thu, 25 Aug 2005 01:14:28 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=KoKT0G2xVWkP3y3CZh2cAnmx+s016yyQhXpCPy8TkLM3w3EMqTvgU/A3ObozBlBhkqVYPqXTkC6Fw9J1IHZuJQJ8rjSCbW4XWnlb5xC5dBiLIlMKDQrWaM17Wk4es5zwQfs4HaPMC5PFmyRzdLmoO400npvaXUB/FaBaXOe8iG4= Received: by 10.36.215.17 with SMTP id n17mr55941nzg; Thu, 25 Aug 2005 01:14:28 -0700 (PDT) Received: by 10.36.25.9 with HTTP; Thu, 25 Aug 2005 01:14:28 -0700 (PDT) Message-ID: Date: Thu, 25 Aug 2005 11:14:28 +0300 From: Kim Onnel To: rancid-discuss@shrubbery.net Subject: rancid not working after upgrade Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello, I had everything running smoothly until on my debian box, i did an upgrade and i think it included a new rancid-* version, i tried to downgrade it but i still get this problem. The error i get on all my groups: Getting missed routers: round 4. gw67: missed cmd(s): dir /all slavedisk2:,dir /all sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,di r /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,dir / all slavedisk1:,show module,show controllers,show diagbus,dir /all slavedisk0:,dir /all bootflash:,dir /all sec-slot0:,dir /al l sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all su p-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,show running-config,show c7200,dir /all slot1: gw67: End of run not found ! gw87: missed cmd(s): dir /all slavedisk2:,dir /all sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,di r /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,dir / all slavedisk1:,show module,show controllers,show diagbus,dir /all slavedisk0:,dir /all bootflash:,dir /all sec-slot0:,dir /al l sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all su p-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,show running-config,show c7200,dir /all slot1: gw87: End of run not found ! cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ending: Thu Aug 25 10:38:32 EEST 2005 cd /var/cache/apt/archives/ ls rancid-* rancid-cgi_2.3.1-1_i386.deb rancid-core_2.3.1-1_i386.deb=20 rancid-util_2.3.1-1_i386.deb rancid-cgi_2.3.1-2_i386.deb rancid-core_2.3.1-2_i386.deb=20 rancid-util_2.3.1-2_i386.deb #removing the newones dpkg -r rancid-cgi_2.3.1-2_i386.deb dpkg -r rancid-cgi rancid-core rancid-util #installing the old ones dpkg -i rancid-cgi_2.3.1-1_i386.deb rancid-core_2.3.1-1_i386.deb rancid-util_2.3.1-1_i386.deb I am not sure if the 2.3.1 was the older(running) version on my box, but thats what i found. zazu:~> pwd /var/lib/rancid Linux zazu 2.6.7-hardened #1 SMP Thu Oct 28 13:45:29 EET 2004 i686 GNU/Linu= x Any ideas ? Regards From owner-rancid-discuss-outgoing@shrubbery.net Wed Aug 31 13:43:46 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 445E711CE2E for ; Wed, 31 Aug 2005 13:43:45 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 33FF386505; Wed, 31 Aug 2005 06:43:45 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2CB4C86506; Wed, 31 Aug 2005 06:43:45 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from morpheus.is.co.za (morpheus.is.co.za [196.35.45.229]) by guelah.shrubbery.net (Postfix) with ESMTP id 7C2E786503 for ; Wed, 31 Aug 2005 06:43:36 -0700 (PDT) Received: from morpheus.is.co.za (localhost.is.co.za [127.0.0.1]) by morpheus.is.co.za (Postfix) with ESMTP id B2335F19B0 for ; Wed, 31 Aug 2005 15:40:54 +0200 (SAST) Received: from hermit.is.co.za (hermit.is.co.za [196.23.0.6]) by morpheus.is.co.za (Postfix) with ESMTP id 8CF86F19AF for ; Wed, 31 Aug 2005 15:40:54 +0200 (SAST) Received: by hermit.is.co.za (Postfix, from userid 1071) id B09D67307C; Wed, 31 Aug 2005 15:43:36 +0200 (SAST) Date: Wed, 31 Aug 2005 15:43:36 +0200 From: Andre van der Merwe To: rancid-discuss@shrubbery.net Subject: Acme Packet SD Message-ID: <20050831134336.GM52661@is.co.za> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="633Qqqc8nwy7lrt9" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-AV-Checked: ClamAV using ClamSMTP Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --633Qqqc8nwy7lrt9 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi All Just to check. Anyone hack RANCID to grab info from the Acme Packet Session Director ? Thanks -Andr=E9 --633Qqqc8nwy7lrt9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFDFbQIFgX7ot4NQaMRAs6HAJ417gC9kMZ01uTZ5xkyBou6Yo+DHACfUNMy PXZi6qKe14D9Joxume7xwJU= =35mS -----END PGP SIGNATURE----- --633Qqqc8nwy7lrt9-- From owner-rancid-discuss-outgoing@shrubbery.net Wed Aug 31 17:55:13 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 3AB3D11CE2E for ; Wed, 31 Aug 2005 17:55:12 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 29FC386508; Wed, 31 Aug 2005 10:55:12 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 1E6168650A; Wed, 31 Aug 2005 10:55:12 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from soloth.lewis.org (soloth.lewis.org [69.28.69.2]) by guelah.shrubbery.net (Postfix) with ESMTP id E8BD886506 for ; Wed, 31 Aug 2005 10:55:07 -0700 (PDT) Received: from soloth.lewis.org (localhost.localdomain [127.0.0.1]) by soloth.lewis.org (8.12.11/8.12.11) with ESMTP id j7VHt4Au022825 for ; Wed, 31 Aug 2005 13:55:04 -0400 Received: from localhost (jlewis@localhost) by soloth.lewis.org (8.12.11/8.12.11/Submit) with ESMTP id j7VHt4UL022821 for ; Wed, 31 Aug 2005 13:55:04 -0400 X-Authentication-Warning: soloth.lewis.org: jlewis owned process doing -bs Date: Wed, 31 Aug 2005 13:55:04 -0400 (EDT) From: Jon Lewis To: rancid-discuss@shrubbery.net Subject: vlan.dat always new? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I searched my archive and didn't find anything on this. Our most recently added (newest software) 3550 running 12.1(22)EA5 always says its vlan.dat is "new/recently modified" according to its timestamp. The result is switch config-diffs emailed to us every time rancid runs. - !Flash: 3 -rwx 720 Aug 31 2005 10:11:32 -04:00 vlan.dat + !Flash: 3 -rwx 720 Aug 31 2005 12:08:51 -04:00 vlan.dat The switch doing this is the 10th switch in a VTP domain where all 10 switches are vtp servers. It's the only one doing this (so far). This really isn't a "rancid problem"...more of a garbage in... problem. I just wonder if others have noticed this and if there's a known workaround? ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From owner-rancid-discuss-outgoing@shrubbery.net Wed Aug 31 18:50:26 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 6756A11CE2E for ; Wed, 31 Aug 2005 18:50:24 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 3BEFA8650A; Wed, 31 Aug 2005 11:50:23 -0700 (PDT) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 33E618650C; Wed, 31 Aug 2005 11:50:23 -0700 (PDT) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from bdk.com (towsmtp04.bdk.com [12.4.211.62]) by guelah.shrubbery.net (Postfix) with ESMTP id 2A8D98650A for ; Wed, 31 Aug 2005 11:50:21 -0700 (PDT) Received: from ([161.36.47.210]) by towsmtp04.bdk.com with ESMTP id 133020081.22177829; Wed, 31 Aug 2005 14:49:39 -0400 Received: from TOWEXCVS1.naptg.com ([161.36.47.213]) by TOWEXC10.naptg.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 31 Aug 2005 14:49:39 -0400 x-mimeole: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: vlan.dat always new? Date: Wed, 31 Aug 2005 14:47:32 -0400 Message-ID: <849BC3170D2CA34189993B52087B3D410204124B@TOWEXCVS1.naptg.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: vlan.dat always new? Thread-Index: AcWuVUIsrvHwQEniSgefxbus3uZsWgABhHLA From: "Koontz, Philip" To: X-OriginalArrivalTime: 31 Aug 2005 18:49:39.0046 (UTC) FILETIME=[BD8FA860:01C5AE5C] Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I have noticed similar behavior with msfc's in hybrid mode. Rancid emails a change to nv_hdr every hour but no config changes have been made. - !Flash: 4 -rwx 36 Aug 16 2005 12:04:39 -04:00 nv_hdr + !Flash: 4 -rwx 36 Aug 16 2005 13:04:56 -04:00 nv_hdr Thanks -Phil -----Original Message----- From: owner-rancid-discuss@shrubbery.net [mailto:owner-rancid-discuss@shrubbery.net] On Behalf Of Jon Lewis Sent: Wednesday, August 31, 2005 1:55 PM To: rancid-discuss@shrubbery.net Subject: vlan.dat always new? I searched my archive and didn't find anything on this. Our most recently=20 added (newest software) 3550 running 12.1(22)EA5 always says its vlan.dat=20 is "new/recently modified" according to its timestamp. The result is=20 switch config-diffs emailed to us every time rancid runs. - !Flash: 3 -rwx 720 Aug 31 2005 10:11:32 -04:00 vlan.dat + !Flash: 3 -rwx 720 Aug 31 2005 12:08:51 -04:00 vlan.dat The switch doing this is the 10th switch in a VTP domain where all 10=20 switches are vtp servers. It's the only one doing this (so far). This=20 really isn't a "rancid problem"...more of a garbage in... problem. I just=20 wonder if others have noticed this and if there's a known workaround? ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net |=20 _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________