From owner-rancid-discuss-outgoing@shrubbery.net Tue Nov 1 18:09:02 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 028F311CE30 for ; Tue, 1 Nov 2005 18:08:59 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 3102B864F1; Tue, 1 Nov 2005 10:08:59 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 298DE86508; Tue, 1 Nov 2005 10:08:59 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from claven.harvard.edu (claven.harvard.edu [128.103.208.250]) by guelah.shrubbery.net (Postfix) with ESMTP id 5B738864F1 for ; Tue, 1 Nov 2005 10:08:57 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by claven.harvard.edu (Postfix) with ESMTP id 0FA644981BF for ; Tue, 1 Nov 2005 13:08:55 -0500 (EST) Received: from claven.harvard.edu ([127.0.0.1]) by localhost (claven [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11181-10 for ; Tue, 1 Nov 2005 13:08:54 -0500 (EST) Received: from wrls10-103.wrls.harvard.edu (vpnclient-sub209-248.vpn.harvard.edu [10.1.209.248]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by claven.harvard.edu (Postfix) with ESMTP id C58904981BD for ; Tue, 1 Nov 2005 13:08:54 -0500 (EST) Received: from [127.0.0.1] by wrls10-103.wrls.harvard.edu (PGP Universal service); Tue, 01 Nov 2005 13:09:23 -0500 X-PGP-Universal: processed; by wrls10-103.wrls.harvard.edu on Tue, 01 Nov 2005 13:09:23 -0500 Message-ID: <4367AF52.4030402@harvard.edu> Date: Tue, 01 Nov 2005 13:09:22 -0500 From: David LaPorte Reply-To: david_laporte@harvard.edu Organization: Harvard University User-Agent: Thunderbird 1.4.1 (Macintosh/20051006) MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: RANCID ACL sorting? X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at claven.harvard.edu Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I've noticed an issue (I think) with the way that RANCID determines whether a configuration has changed. I've written some code around RANCID's CVS repository to check the "live" ACLs against those on our TFTP server to ensure consistency. What I've noticed is that if the order of entries in an ACL changes, RANCID does not check the new config into CVS. I believe this is due to sorting the ACLs before comparing, although I haven't dug through the code deeply enough to be certain. Does anyone know if this is the case? If so, would it be considered a bug or is it operating as designed? thanks! Dave From owner-rancid-discuss-outgoing@shrubbery.net Wed Nov 2 11:34:43 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 53F3A11CE30 for ; Wed, 2 Nov 2005 11:34:43 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 5038D86512; Wed, 2 Nov 2005 03:34:42 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 462B586516; Wed, 2 Nov 2005 03:34:42 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) by guelah.shrubbery.net (Postfix) with ESMTP id C60E9864F1; Wed, 2 Nov 2005 03:34:40 -0800 (PST) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id jA2BYS13011165; Wed, 2 Nov 2005 06:34:29 -0500 Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com [172.16.2.10]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id jA2BYOV14039; Wed, 2 Nov 2005 06:34:24 -0500 Received: from brasov.stuttgart.redhat.com (brasov.stuttgart.redhat.com [172.16.2.246]) by pobox.stuttgart.redhat.com (8.12.8/8.12.8) with ESMTP id jA2BYMH4006121; Wed, 2 Nov 2005 12:34:23 +0100 Received: by brasov.stuttgart.redhat.com (Postfix, from userid 2500) id C6D403415A; Wed, 2 Nov 2005 12:34:22 +0100 (CET) Date: Wed, 2 Nov 2005 12:34:22 +0100 From: Michael Stefaniuc To: Hank Kilmer Cc: rancid@shrubbery.net, rancid-discuss@shrubbery.net Subject: Re: License question Message-ID: <20051102113422.GA7015@redhat.com> References: <4366532E.9010206@redhat.com> <43665F65.8020705@rem.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OXfL5xGRrasGEqWY" Content-Disposition: inline In-Reply-To: <43665F65.8020705@rem.com> User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 31, 2005 at 01:16:05PM -0500, Hank Kilmer wrote: > The intent of the license to to maintain recognition but still allow=20 > free use. Full ACK here. > We have discussed updating the license to make it more=20 > "standard" and clear - more later on that. Please do so. I know license discussions drift easily into big flame wars that can go on for months but a known license can ease the adoption of a software. There is already a license jungle in the OSS world. > You are free to use it as described. Thanks, will do. > -Hank Just to crosscheck it: Hank Kilmer and Henry Kilmer (the name in the COPYING file) are the same person. Google seems to confirm this e.g. http://pgp.mit.edu:11371/pks/lookup?search=3Dhank%40rem.com&op=3Dindex bye michael > Michael Stefaniuc wrote: > >while trying to improve the rancid spec file i got from Dan Pfleger so i= =20 > >can start testing rancid i run into a non technical problem: the=20 > >license. I have read the COPYING file and there is the "non-commerical= =20 > >purposes" limitation for copying, modifying and redistribution. But=20 > >there is no mention of "use" of the software in there. > >I googled around and what i found is that FreshMeat shows as license=20 > >"Other/Proprietary License"=20 > >(http://themes.freshmeat.net/projects/rancid/) and Debian marks it as=20 > >"non-free" (http://packages.debian.org/unstable/source/rancid). Couldn't= =20 > >find any previous license discussions for rancid that's why i'm asking n= ow. > >To me the software looks like an advertising BSD license with some=20 > >non-commercial restrictions but IANAL so i asked one. His answer was: "I= =20 > >would ask that you contact the maintainers and ask that they clarify=20 > >that the non-commercial restriction applies only to re-distribution, not= =20 > >to use, copying or modification." > > > >What we want to do is to use the rancid internaly at Red Hat, not to=20 > >sell it, not to distribute it and not to sell any services based on it.= =20 > >Only pure internal use. > > > >bye > > michael >=20 --=20 Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani@redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDaKQ+08alQ5mXm14RAkrfAJ4h9oCMmYXbRuNDD+IDa6fd1PxgowCeLZHK cap72b8hUyu9Hi/tdlU8YgA= =707t -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY-- From owner-rancid-discuss-outgoing@shrubbery.net Wed Nov 2 15:35:45 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 634A111CE30 for ; Wed, 2 Nov 2005 15:35:44 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 31A8F86508; Wed, 2 Nov 2005 07:35:44 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2BBFC86518; Wed, 2 Nov 2005 07:35:44 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail.padfoot.com (mail.PADFOOT.com [198.137.194.43]) by guelah.shrubbery.net (Postfix) with ESMTP id 088BD86506; Wed, 2 Nov 2005 07:35:38 -0800 (PST) Received: from [198.137.194.2] (pool-151-196-241-162.balt.east.verizon.net [151.196.241.162]) (using TLSv1 with cipher DHE-DSS-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.padfoot.com (Postfix) with ESMTP id 83595A108F; Wed, 2 Nov 2005 10:35:31 -0500 (EST) Message-ID: <4368DCC7.3080907@rem.com> Date: Wed, 02 Nov 2005 10:35:35 -0500 From: Hank Kilmer User-Agent: Thunderbird 1.4 (Windows/20050908) MIME-Version: 1.0 To: Michael Stefaniuc Cc: rancid@shrubbery.net, rancid-discuss@shrubbery.net Subject: Re: License question References: <4366532E.9010206@redhat.com> <43665F65.8020705@rem.com> <20051102113422.GA7015@redhat.com> In-Reply-To: <20051102113422.GA7015@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Michael Stefaniuc wrote: > Just to crosscheck it: Hank Kilmer and Henry Kilmer (the name in the > COPYING file) are the same person. Google seems to confirm this e.g. > http://pgp.mit.edu:11371/pks/lookup?search=hank%40rem.com&op=index Most certainly. There are other nick names I respond too as well but aren't for public consumption ;-) -Hank From owner-rancid-discuss-outgoing@shrubbery.net Thu Nov 3 21:59:38 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 675DB11CE2F for ; Thu, 3 Nov 2005 21:59:38 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 1F76F864F1; Thu, 3 Nov 2005 13:59:37 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 17C5A86508; Thu, 3 Nov 2005 13:59:37 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from ns1.jac.net (mail.jac.net [140.99.33.20]) by guelah.shrubbery.net (Postfix) with ESMTP id 15968864F1 for ; Thu, 3 Nov 2005 13:59:35 -0800 (PST) Received: from ns1.jac.net (localhost [127.0.0.1]) by ns1.jac.net (8.13.4/8.13.1) with ESMTP id jA3LxGRi054886 for ; Thu, 3 Nov 2005 14:59:16 -0700 (MST) (envelope-from scarter@ns1.jac.net) Received: (from scarter@localhost) by ns1.jac.net (8.13.4/8.13.1/Submit) id jA3LxGdx054885 for rancid-discuss@shrubbery.net; Thu, 3 Nov 2005 14:59:16 -0700 (MST) (envelope-from scarter) Date: Thu, 3 Nov 2005 14:59:16 -0700 From: Steve Carter To: rancid-discuss@shrubbery.net Subject: tftp config problems Message-ID: <20051103215916.GA54857@pobox.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I have a config file on a TFTP server that I want to upload into the running config on a Cisco Cat5 running IOS: switch#sh ver Cisco Internetwork Operating System Software IOS (tm) C3750 Software (C3750-I9-M), Version 12.1(19)EA1c, RELEASE SOFTWARE (fc2) but when I run the following command: $ /usr/local/libexec/rancid/clogin -c 'conf n;host;199.199.199.199;switch-confg;;wr' switch switch spawn telnet switch Trying 199.199.199.198... Connected to switch Escape character is '^]'. Username: scarter Password: switch# switch#term length 0 switch#conf n Error: TIMEOUT reached $ obviously, I can paste the commands in my config file and I can manually run the 'conf n' commands at the switch prompt. I want to do this so I can update a large number of devices by embedding these commands into a shell script. Any ideas? -Steve From owner-rancid-discuss-outgoing@shrubbery.net Thu Nov 3 22:52:17 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BF7AE11CE2F for ; Thu, 3 Nov 2005 22:52:17 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 892D186506; Thu, 3 Nov 2005 14:52:16 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7D64986508; Thu, 3 Nov 2005 14:52:16 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from claven.harvard.edu (claven.harvard.edu [128.103.208.250]) by guelah.shrubbery.net (Postfix) with ESMTP id 9795E864F1 for ; Thu, 3 Nov 2005 14:52:15 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by claven.harvard.edu (Postfix) with ESMTP id 97AB94981BE for ; Thu, 3 Nov 2005 17:52:12 -0500 (EST) Received: from claven.harvard.edu ([127.0.0.1]) by localhost (claven [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08923-05 for ; Thu, 3 Nov 2005 17:52:12 -0500 (EST) Received: from dipsy.laportestyle.org (dsl092-066-196.bos1.dsl.speakeasy.net [66.92.66.196]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by claven.harvard.edu (Postfix) with ESMTP id 27A6C4981BF for ; Thu, 3 Nov 2005 17:52:12 -0500 (EST) Received: from [127.0.0.1] by dipsy.laportestyle.org (PGP Universal service); Thu, 03 Nov 2005 17:52:12 -0500 X-PGP-Universal: processed; by dipsy.laportestyle.org on Thu, 03 Nov 2005 17:52:12 -0500 Message-ID: <436A949B.8030305@harvard.edu> Date: Thu, 03 Nov 2005 17:52:11 -0500 From: David LaPorte Reply-To: david_laporte@harvard.edu Organization: Harvard University User-Agent: Thunderbird 1.4.1 (Macintosh/20051006) MIME-Version: 1.0 To: Steve Carter Cc: rancid-discuss@shrubbery.net Subject: Re: tftp config problems References: <20051103215916.GA54857@pobox.com> In-Reply-To: <20051103215916.GA54857@pobox.com> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at claven.harvard.edu Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk try using "\n", eg: $ /usr/local/libexec/rancid/clogin -c "conf n\nhost\n199.199.199.199\nswitch-confg\n;wr" switch Steve Carter wrote: > I have a config file on a TFTP server that I want to upload into the > running config on a Cisco Cat5 running IOS: > > switch#sh ver > Cisco Internetwork Operating System Software IOS (tm) C3750 Software > (C3750-I9-M), Version 12.1(19)EA1c, RELEASE SOFTWARE (fc2) > > but when I run the following command: > > $ /usr/local/libexec/rancid/clogin -c 'conf n;host;199.199.199.199;switch-confg;;wr' switch > switch > spawn telnet switch > Trying 199.199.199.198... > Connected to switch > Escape character is '^]'. > > Username: scarter > Password: > > switch# > switch#term length 0 > switch#conf n > > > Error: TIMEOUT reached > $ > > obviously, I can paste the commands in my config file and I can manually > run the 'conf n' commands at the switch prompt. I want to do this so I > can update a large number of devices by embedding these commands into a > shell script. > > Any ideas? > > -Steve -- David LaPorte, CISSP, CCNP Security Manager, Network and Server Systems Harvard University Information Systems ----------------------------------------------- Email: david_laporte@harvard.edu PGP: 0x4DC3E508 4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508 From owner-rancid-discuss-outgoing@shrubbery.net Fri Nov 4 01:10:25 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 496F111CE2F for ; Fri, 4 Nov 2005 01:10:24 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 0F73586508; Thu, 3 Nov 2005 17:10:24 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 0919386512; Thu, 3 Nov 2005 17:10:24 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from good.gulp.org (black.gulp.org [68.15.176.227]) by guelah.shrubbery.net (Postfix) with ESMTP id 164E986508 for ; Thu, 3 Nov 2005 17:10:22 -0800 (PST) Received: from good.gulp.org (localhost [127.0.0.1]) by good.gulp.org (8.13.4/8.13.1) with ESMTP id jA41AB0n058965; Thu, 3 Nov 2005 18:10:11 -0700 (MST) (envelope-from scarter@good.gulp.org) Received: (from scarter@localhost) by good.gulp.org (8.13.4/8.13.1/Submit) id jA41AATT058964; Thu, 3 Nov 2005 18:10:10 -0700 (MST) (envelope-from scarter) Date: Thu, 3 Nov 2005 18:10:10 -0700 From: Steve Carter To: David LaPorte Cc: Steve Carter , rancid-discuss@shrubbery.net Subject: Re: tftp config problems Message-ID: <20051104011010.GB58919@pobox.com> References: <20051103215916.GA54857@pobox.com> <436A949B.8030305@harvard.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <436A949B.8030305@harvard.edu> User-Agent: Mutt/1.4.2.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Awesome, works perfectly, thank you ... I'm so behind the times ... pretty sure ';' used to work ... :) * David LaPorte said: > try using "\n", eg: > > $ /usr/local/libexec/rancid/clogin -c "conf > n\nhost\n199.199.199.199\nswitch-confg\n;wr" switch > > Steve Carter wrote: > > I have a config file on a TFTP server that I want to upload into the > > running config on a Cisco Cat5 running IOS: > > > > switch#sh ver > > Cisco Internetwork Operating System Software IOS (tm) C3750 Software > > (C3750-I9-M), Version 12.1(19)EA1c, RELEASE SOFTWARE (fc2) > > > > but when I run the following command: > > > > $ /usr/local/libexec/rancid/clogin -c 'conf n;host;199.199.199.199;switch-confg;;wr' switch > > switch > > spawn telnet switch > > Trying 199.199.199.198... > > Connected to switch > > Escape character is '^]'. > > > > Username: scarter > > Password: > > > > switch# > > switch#term length 0 > > switch#conf n > > > > > > Error: TIMEOUT reached > > $ > > > > obviously, I can paste the commands in my config file and I can manually > > run the 'conf n' commands at the switch prompt. I want to do this so I > > can update a large number of devices by embedding these commands into a > > shell script. > > > > Any ideas? > > > > -Steve > > -- > David LaPorte, CISSP, CCNP > Security Manager, Network and Server Systems > Harvard University Information Systems > ----------------------------------------------- > Email: david_laporte@harvard.edu > PGP: 0x4DC3E508 > 4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508 > From owner-rancid-discuss-outgoing@shrubbery.net Tue Nov 8 20:11:08 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 501E711CE2F for ; Tue, 8 Nov 2005 20:11:05 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 0CC3786526; Tue, 8 Nov 2005 20:11:05 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 069508652C; Tue, 8 Nov 2005 20:11:05 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mitch.veggiechinese.net (mitch.veggiechinese.net [66.33.206.106]) by guelah.shrubbery.net (Postfix) with ESMTP id 475F486523 for ; Tue, 8 Nov 2005 20:11:04 +0000 (UTC) Received: by mitch.veggiechinese.net (Postfix, from userid 1228) id C8FE8B198; Tue, 8 Nov 2005 12:11:03 -0800 (PST) Date: Tue, 8 Nov 2005 12:11:03 -0800 From: William Yardley To: rancid-discuss@shrubbery.net Subject: existing CVS repo? Message-ID: <20051108201103.GE15127@mitch.veggiechinese.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.11 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Is it possible (without heavily modifying the source) to use RANCID with an existing CVS repository / module (just putting it in a subdir like repo:module/rancid/), or, if not, is it possible to use a new module in an existing repository? w From owner-rancid-discuss-outgoing@shrubbery.net Tue Nov 8 20:48:42 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 255E811CE2F for ; Tue, 8 Nov 2005 20:48:41 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 95B6A86523; Tue, 8 Nov 2005 20:48:40 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8FCEC8652E; Tue, 8 Nov 2005 20:48:40 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id DA2F586526; Tue, 8 Nov 2005 20:48:39 +0000 (UTC) Date: Tue, 8 Nov 2005 20:48:39 +0000 From: john heasley To: William Yardley Cc: rancid-discuss@shrubbery.net Subject: Re: existing CVS repo? Message-ID: <20051108204839.GO19915@shrubbery.net> References: <20051108201103.GE15127@mitch.veggiechinese.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051108201103.GE15127@mitch.veggiechinese.net> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, Nov 08, 2005 at 12:11:03PM -0800, William Yardley: > Is it possible (without heavily modifying the source) to use RANCID with > an existing CVS repository / module (just putting it in a subdir like > repo:module/rancid/), or, if not, is it possible to use a new module in > an existing repository? > > w modules, no, it is not. rancid-cvs specifically creates new modules, and i've come to the conclusion that this is easier in terms of supporting folks when they have cvs issues. as for sharing a repository, possibly. i've never tried, but you can. try setting CVSROOT in rancid.conf and/or symlinking ~rancidusr/CVS to the other respository. From owner-rancid-discuss-outgoing@shrubbery.net Mon Nov 14 17:11:40 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 5E76B11CE2F for ; Mon, 14 Nov 2005 17:11:39 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id E0F7486523; Mon, 14 Nov 2005 09:11:38 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D466E8652C; Mon, 14 Nov 2005 09:11:38 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 5DD7F86526; Mon, 14 Nov 2005 09:11:38 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from jetjack.onland.dk (jetjack.onland.dk [212.97.207.9]) by guelah.shrubbery.net (Postfix) with ESMTP id 2C28586523 for ; Mon, 14 Nov 2005 07:40:46 -0800 (PST) Received: from [IPv6:::1] (localhost.onland.dk [IPv6:::1]) by jetjack.onland.dk (8.13.3/8.13.3) with ESMTP id jAEFeWZ4062235 for ; Mon, 14 Nov 2005 16:40:34 +0100 (CET) (envelope-from sha@onland.dk) Message-ID: <4378AFF0.9050401@onland.dk> Date: Mon, 14 Nov 2005 16:40:32 +0100 From: Soren Hansen User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050920) X-Accept-Language: en-us, en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: CSS problem Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, I'm trying to figure out what goes wrong when adding two cisco content switches. I have added them to router.db with type css. I can clogin to them using: add user css?office.intra.telia.dk root add autoenable css?office.intra.telia.dk 1 add password css?office.intra.telia.dk myrealpassword dummypw When I do a rancid-run, the configs are not retireved. Running cssrancid goes like this: rancid@lanwan-mon$ cssrancid -d css1office.intra.telia.dk executing clogin -t 90 -c"term length 65535;copy profile user-profile;show version;show boot;show run" css1office.intra.telia.dk HIT COMMAND:css1office# term length 65535 HIT COMMAND:css1office# term length 65535 css1office.intra.telia.dk: found unexpected command - "term length 65535" HIT COMMAND:css1office# copy profile user-profile HIT COMMAND:css1office# copy profile user-profile css1office.intra.telia.dk: found unexpected command - "copy profile user-profile" HIT COMMAND:css1office# show version In ShowVersion: css1office# show version HIT COMMAND:css1office# show boot In ShowBoot: css1office# show boot HIT COMMAND:css1office# show run In ShowRun: css1office# show run css1office.intra.telia.dk: End of run not found css1office.intra.telia.dk: End of run not found The file css1office.intra.telia.dk looks like a full config. Same goes with an almost identical css2office. Ideas? /Søren From owner-rancid-discuss-outgoing@shrubbery.net Tue Nov 15 17:28:27 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 81EF311CE2F for ; Tue, 15 Nov 2005 17:28:26 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 01BD48652D; Tue, 15 Nov 2005 09:28:26 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E98098652E; Tue, 15 Nov 2005 09:28:25 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from ni.shrubbery.net (ni.shrubbery.net [198.58.5.4]) by guelah.shrubbery.net (Postfix) with ESMTP id 404AA86526 for ; Tue, 15 Nov 2005 09:28:24 -0800 (PST) Received: from trotsky.rauhaus.org (trotsky.rauhaus.org [64.122.164.21]) by ni.shrubbery.net (Postfix) with ESMTP id 812C511CE2F for ; Tue, 15 Nov 2005 17:28:23 +0000 (UTC) Received: by trotsky.rauhaus.org (Postfix, from userid 1000) id 233681A18C6; Tue, 15 Nov 2005 09:27:54 -0800 (PST) Date: Tue, 15 Nov 2005 09:27:54 -0800 To: rancid-discuss@shrubbery.net Subject: Missing "Image: Software:" for some platforms Message-ID: <20051115172753.GA15129@rauhaus.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Mailer: Mutt http://www.mutt.org/ X-Uptime: 258 days X-URL: http://www.rauhaus.org/~srau/ X-Location: Portland, OR, USA X-Editor: Vim http://www.vim.org/ User-Agent: Mutt/1.5.10i From: srau@rauhaus.org (Stafford A. Rau) Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I'd like to be able to extract the running IOS version for all of our Cisco platforms from the rancid configs, but we're missing the '!Image: Software:' lines from some of them. Specifically, I don't see it for our 7609s, 6509s (running native IOS), and less importantly, our PIXes. I'd be quite happy to supply any command output from those devices to facilitate this feature request. We're running rancid version 2.3.1. Thanks, --Stafford From owner-rancid-discuss-outgoing@shrubbery.net Tue Nov 15 17:45:19 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id E701A11CE2F for ; Tue, 15 Nov 2005 17:45:18 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id E15968652F; Tue, 15 Nov 2005 09:45:16 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D386986531; Tue, 15 Nov 2005 09:45:16 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from trotsky.rauhaus.org (trotsky.rauhaus.org [64.122.164.21]) by guelah.shrubbery.net (Postfix) with ESMTP id 20E148652F for ; Tue, 15 Nov 2005 09:45:15 -0800 (PST) Received: by trotsky.rauhaus.org (Postfix, from userid 1000) id 16B3B1A18C6; Tue, 15 Nov 2005 09:45:16 -0800 (PST) Date: Tue, 15 Nov 2005 09:45:16 -0800 To: rancid-discuss@shrubbery.net Subject: Re: Missing "Image: Software:" for some platforms Message-ID: <20051115174516.GB15129@rauhaus.org> References: <20051115172753.GA15129@rauhaus.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051115172753.GA15129@rauhaus.org> X-Mailer: Mutt http://www.mutt.org/ X-Uptime: 258 days X-URL: http://www.rauhaus.org/~srau/ X-Location: Portland, OR, USA X-Editor: Vim http://www.vim.org/ User-Agent: Mutt/1.5.10i From: srau@rauhaus.org (Stafford A. Rau) Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk * Stafford A. Rau [051115 09:28]: > > Specifically, I don't see it for our 7609s, 6509s (running native IOS), > and less importantly, our PIXes. Ignore the PIX comment - I see the version is there in the "PIX Version" line right in the config. --Stafford From owner-rancid-discuss-outgoing@shrubbery.net Wed Nov 16 18:19:50 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 54B1411CE2F for ; Wed, 16 Nov 2005 18:19:50 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id E67DA8652D; Wed, 16 Nov 2005 10:19:48 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id DFC598652F; Wed, 16 Nov 2005 10:19:48 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by guelah.shrubbery.net (Postfix) with ESMTP id 3FADF8652D for ; Wed, 16 Nov 2005 10:19:43 -0800 (PST) Received: from localhost ([127.0.0.1] helo=roam.psg.com) by rip.psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.54 (FreeBSD)) id 1EcRsi-0002Du-PF for rancid-discuss@shrubbery.net; Wed, 16 Nov 2005 18:19:40 +0000 Received: from localhost ([127.0.0.1] helo=roam.psg.com) by roam.psg.com with esmtp (Exim 4.54 (FreeBSD)) id 1EcRsh-000KAL-AS for rancid-discuss@shrubbery.net; Wed, 16 Nov 2005 08:19:39 -1000 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17275.30778.913460.836155@roam.psg.com> Date: Wed, 16 Nov 2005 10:19:38 -0800 To: rancid users Subject: j 7.4 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk it looks as if going from junos 7.3 to 7.4 creates a bit of diffs. sigh. also, how can i get it to dump the config with apply-groups expanded | except ##? randy From owner-rancid-discuss-outgoing@shrubbery.net Wed Nov 16 18:39:18 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1BEDA11CE2F for ; Wed, 16 Nov 2005 18:39:17 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id A3B208652F; Wed, 16 Nov 2005 10:39:16 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9D8CD86531; Wed, 16 Nov 2005 10:39:16 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by guelah.shrubbery.net (Postfix) with ESMTP id EB6718652F for ; Wed, 16 Nov 2005 10:39:15 -0800 (PST) Received: from localhost ([127.0.0.1] helo=roam.psg.com) by rip.psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.54 (FreeBSD)) id 1EcSBf-0002pa-EA; Wed, 16 Nov 2005 18:39:15 +0000 Received: from localhost ([127.0.0.1] helo=roam.psg.com) by roam.psg.com with esmtp (Exim 4.54 (FreeBSD)) id 1EcSBd-000KD8-RC; Wed, 16 Nov 2005 08:39:13 -1000 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17275.31953.332732.688331@roam.psg.com> Date: Wed, 16 Nov 2005 10:39:13 -0800 To: Aaron Block Cc: rancid users Subject: Re: j 7.4 References: <17275.30778.913460.836155@roam.psg.com> Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk >> also, how can i get it to dump the config with apply-groups expanded >> | except ##? > I believe this is what you are looking for. > show configuration | display inheritance i know how to type it. what i want is for rancid to do it for the diffs randy From owner-rancid-discuss-outgoing@shrubbery.net Wed Nov 16 19:09:36 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1CC2711CE2F for ; Wed, 16 Nov 2005 19:09:33 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id B77638652D; Wed, 16 Nov 2005 11:09:32 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id AFD898652F; Wed, 16 Nov 2005 11:09:32 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 3AA5E8652E; Wed, 16 Nov 2005 11:09:32 -0800 (PST) Received: from zydeco.netbusters.com (zydeco.netbusters.com [66.92.82.201]) by guelah.shrubbery.net (Postfix) with ESMTP id 0F6498652F for ; Wed, 16 Nov 2005 10:38:32 -0800 (PST) Received: from zydeco.netbusters.com (zydeco.netbusters.com [66.92.82.201]) by zydeco.netbusters.com (Postfix) with ESMTP id 62E99B63B4; Wed, 16 Nov 2005 13:38:25 -0500 (EST) Date: Wed, 16 Nov 2005 13:38:25 -0500 (EST) From: Aaron Block To: Randy Bush Cc: rancid users Subject: Re: j 7.4 In-Reply-To: <17275.30778.913460.836155@roam.psg.com> Message-ID: References: <17275.30778.913460.836155@roam.psg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Wed, 16 Nov 2005, Randy Bush wrote: > also, how can i get it to dump the config with apply-groups expanded > | except ##? I believe this is what you are looking for. show configuration | display inheritance Pup From owner-rancid-discuss-outgoing@shrubbery.net Mon Nov 21 16:50:01 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id B2BC111CE2F for ; Mon, 21 Nov 2005 16:50:01 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 27E048652C; Mon, 21 Nov 2005 08:50:00 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 1F7328652F; Mon, 21 Nov 2005 08:50:00 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) by guelah.shrubbery.net (Postfix) with ESMTP id EE9618652C for ; Mon, 21 Nov 2005 08:49:58 -0800 (PST) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id jALGnlPH002231 for ; Mon, 21 Nov 2005 11:49:47 -0500 Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com [172.16.2.10]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id jALGngV31721 for ; Mon, 21 Nov 2005 11:49:46 -0500 Received: from [172.16.2.246] (brasov.stuttgart.redhat.com [172.16.2.246]) by pobox.stuttgart.redhat.com (8.12.8/8.12.8) with ESMTP id jALGnbYx016940 for ; Mon, 21 Nov 2005 17:49:41 +0100 Message-ID: <4381FAA1.4000603@redhat.com> Date: Mon, 21 Nov 2005 17:49:37 +0100 From: Michael Stefaniuc Organization: Red Hat GmbH User-Agent: Mozilla Thunderbird 1.0.6-1.1.rhel3 (X11/20050808) X-Accept-Language: en-us, en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: rancid spec file Content-Type: multipart/mixed; boundary="------------080806080702020002070201" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a multi-part message in MIME format. --------------080806080702020002070201 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, attached is an improved rancid spec file based on Dan Pfleger's original one. Changes are in the changelog of the spec file. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani@redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart --------------080806080702020002070201 Content-Type: text/plain; name="rancid.spec" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="rancid.spec" TmFtZTogICAgICAgICAgIHJhbmNpZApWZXJzaW9uOiAgICAgICAgMi4zLjEKUmVsZWFzZTog ICAgICAgIDMKU3VtbWFyeTogICAgICAgIFJlYWxseSBBd2Vzb21lIChtb3JlIHRoYW4pIENp c2NvIERpZmZlcgoKR3JvdXA6ICAgICAgICAgIE1vbml0b3JpbmcKTGljZW5zZTogICAgICAg IG5vbi1mcmVlClVSTDogICAgICAgICAgICBodHRwOi8vd3d3LnNocnViYmVyeS5uZXQvcmFu Y2lkLwpTb3VyY2UwOiAgICAgICAgZnRwOi8vZnRwLnNocnViYmVyeS5uZXQvcHViL3JhbmNp ZC9yYW5jaWQtJXt2ZXJzaW9ufS50YXIuZ3oKUGF0Y2gwOiAgICAgICAgIHJhbmNpZC0yLjMu MS1ub2xnLnBhdGNoCkJ1aWxkUm9vdDogICAgICAle190bXBwYXRofS8le25hbWV9LSV7dmVy c2lvbn0tJXtyZWxlYXNlfS1yb290LSUoJXtfX2lkX3V9IC1uKQoKUmVxdWlyZXM6ICAgICAg IGN2cyBleHBlY3QgPj0gNS40MAoKJWRlc2NyaXB0aW9uClJhbmNpZCBpcyBhICJSZWFsbHkg QXdlc29tZSBOZXcgQ2lzY28gY29uZklnIERpZmZlciIgZGV2ZWxvcGVkIHRvCm1haW50YWlu IENWUyBjb250cm9sbGVkIGNvcGllcyBvZiByb3V0ZXIgY29uZmlncy4gUmFuY2lkIGlzIG5v dCBsaW1pdGVkCnRvIENpc2NvIGRldmljZXMuIEl0IGN1cnJlbnRseSBzdXBwb3J0cyBDaXNj byByb3V0ZXJzLCBKdW5pcGVyIHJvdXRlcnMsCkNhdGFseXN0IHN3aXRjaGVzLCBGb3VuZHJ5 IHN3aXRjaGVzLCBSZWRiYWNrIE5BU3MsIEFEQyBFWlQzIG11eGVzLCBNUlRkCihhbmQgdGh1 cyBsaWtlbHkgSVJSZCksIEFsdGVvbiBzd2l0Y2hlcywgYW5kIEhQIHByb2N1cnZlIHN3aXRj aGVzIGFuZCBhCmhvc3Qgb2Ygb3RoZXJzLgoKJXByZXAgCiVzZXR1cCAtcQojIERvIG5vdCBp bnN0YWxsIHRoZSBsb29raW5nIGdsYXMgc3R1ZmYgYXMgaXQgaW50cm9kdWNlcyBhIGxvdCBv ZiBkZXBlbmRlbmNpZXMuCiMgRklYTUU6IGEgcmFuY2lkLWxnIHJwbSB3b3VsZCBiZSBhIGJl dHRlciBzb2x1dGlvbi4KJXBhdGNoMCAtcDAgLWIgLm5vbGcKCiVidWlsZAolY29uZmlndXJl IC0tbG9jYWxzdGF0ZWRpcj0le19sb2NhbHN0YXRlZGlyfS9yYW5jaWQgXAogICAgLS1kaXNh YmxlLW1rLWxvY2Fsc3RhdGVkaXIgXAogICAgLS1kaXNhYmxlLWNvbmYtaW5zdGFsbAptYWtl CgoKJWluc3RhbGwKcm0gLXJmICRSUE1fQlVJTERfUk9PVAptYWtlIGluc3RhbGwtZXhlYyBE RVNURElSPSRSUE1fQlVJTERfUk9PVApwdXNoZCBtYW4KbWFrZSBpbnN0YWxsIERFU1RESVI9 JFJQTV9CVUlMRF9ST09UCnBvcGQKIyBXb3JrYXJvdW5kIGZvciB0aGUgc3R1cGlkIHJwbWJ1 aWxkIHRvIE5PVCBzZWFyY2ggZm9yIGRlcGVuZGVuY2llcyBpbiB0aGUKIyBkb2N1bWVudGF0 aW9uLiBXZSBuZWVkIHRvIGRvIGl0IGhlcmUgYXMgJWRvYyBpZ25vcmVzICVhdHRyLgpmaW5k IHNoYXJlIC10eXBlIGYgLXByaW50MCB8IHhhcmdzIC0wIGNobW9kIGEteApta2RpciAtcCAk UlBNX0JVSUxEX1JPT1QvJXtfbG9jYWxzdGF0ZWRpcn0vcmFuY2lkCgoKJXByZQppZiBbICQx IC1lcSAxIF07IHRoZW4KICAgIHVzZXJhZGQgLU0gLXIgLWQgJXtfbG9jYWxzdGF0ZWRpcn0v cmFuY2lkIC1jICJSQU5DSUQgdXNlciIgcmFuY2lkCmZpCgoKJXBvc3R1bgppZiBbICQxIC1l cSAwIF07IHRoZW4KICAgICMgSXQncyBhIG1hdHRlciBvZiB0YXN0ZSBpZiB3ZSBzaG91bGQg cmVtb3ZlIHRoZSB1c2VyIG9uIHVuaW5zdGFsbCBvciBub3QKICAgIHVzZXJkZWwgcmFuY2lk CmZpCgoKJWNsZWFuCnJtIC1yZiAkUlBNX0JVSUxEX1JPT1QKCgolZmlsZXMKJWRlZmF0dHIo LSxyb290LHJvb3QsLSkKJWRvYyBCVUdTIENIQU5HRVMgQ09QWUlORyBGQVEgUkVBRE1FIFVQ R1JBRElORyBjbG9naW5yYy5zYW1wbGUKJWRvYyBldGMvcmFuY2lkLmNvbmYuc2FtcGxlIHNo YXJlL2Npc2NvLWxvYWQuZXhwIHNoYXJlL2Npc2NvLXJlbG9hZC5leHAKJWRvYyBzaGFyZS9k b3ducmVwb3J0IHNoYXJlL2dldGlwYWNjdGcgc2hhcmUvcnRyZmlsdGVyCiV7X2JpbmRpcn0K JXtfbWFuZGlyfS9tYW4xCiV7X21hbmRpcn0vbWFuNQolZGlyICVhdHRyKDc3MCxyYW5jaWQs cmFuY2lkKSAle19sb2NhbHN0YXRlZGlyfS9yYW5jaWQKCgolY2hhbmdlbG9nCiogV2VkIE5v diAxNiAyMDA1IE1pY2hhZWwgU3RlZmFuaXVjIDxtc3RlZmFuaUByZWRoYXQuY29tPiAyLjMu MS0zCi0gVXNlIC92YXIvcmFuY2lkIGFzIGxvY2Fsc3RhdGVkaXIKLSBDcmVhdGUgdGhlIHJh bmNpZCB1c2VyIG9uIGluc3RhbGwgYW5kIHJlbW92ZSBpdCBvbiB1bmluc3RhbGwKLSBVc2Ug JWRvYyBjb3JyZWN0bHkKCiogV2VkIE5vdiAwMiAyMDA1IE1pY2hhZWwgU3RlZmFuaXVjIDxt c3RlZmFuaUByZWRoYXQuY29tPiAyLjMuMS0yCi0gT3JpZ2luYWwgc3BlYyBmaWxlIGJ5IERh biBQZmxlZ2VyLgotIEFkZCBhIGNoYW5nZWxvZy4KLSBNYWtlIHRoZSBmb3JtYXRpbmcgb2Yg dGhlIHNwZWMgZmlsZSBhZGhlcmUgdG8gdGhlIEZlZG9yYSBFeHRyYXMgUGFja2FnaW5nCiAg Z3VpZGVsaW5lcy4KLSBOZXcgJWRlc2NyaXB0aW9uIGJhc2VkIG9uIHRoZSBSRUFETUUgYW5k IHRoZSB3ZWJzaXRlLgotIEFkZCBjdnMgUmVxdWlyZXMuCi0gQ2hhbmdlZCBHcm91cAotIFVz ZSBtYWNyb3MgaW4gdGhlIGZpbGVzIHNlY3Rpb24uIFNpbXBsaWZ5IGl0LgotIERvIG5vdCBp bnN0YWxsIHRoZSBsb29raW5nIGdsYXNzIGNnaSdzLiBUaG9zZSBtYWtlIHJwbSBwdWxsIGlu IG1vcmUgcGVybAogIG1vZHVsZSBkZXBlbmRlbmNpZXMuCg== --------------080806080702020002070201 Content-Type: text/plain; name="rancid-2.3.1-nolg.patch" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="rancid-2.3.1-nolg.patch" IyBEbyBub3QgaW5zdGFsbCB0aGUgbG9va2luZyBnbGFzcyBjZ2kncyBpbnRvIHRoZSBiaW4g cGF0aC4KCi0tLSAuL2Jpbi9NYWtlZmlsZS5pbi5ub2xnCTIwMDUtMTEtMDIgMTg6MjE6NDMu MDAwMDAwMDAwICswMTAwCisrKyAuL2Jpbi9NYWtlZmlsZS5pbgkyMDA1LTExLTAyIDE4OjI2 OjUxLjAwMDAwMDAwMCArMDEwMApAQCAtMjA2LDcgKzIwNiw3IEBACiAJbXJhbmNpZCBubG9n aW4gbnJhbmNpZCBuc2xvZ2luIG5zcmFuY2lkIHBhciBwcmFuY2lkIFwKIAlyYW5jaWQgcmFu Y2lkLWZlIHJpdmxvZ2luIHJpdnJhbmNpZCBycmFuY2lkIFwKIAl0bnRsb2dpbiB0bnRyYW5j aWQgeHJhbmNpZCB6cmFuY2lkXAotbGcuY2dpIGxnZm9ybS5jZ2kgcmFuY2lkLWN2cyByYW5j aWQtcnVuCisJcmFuY2lkLWN2cyByYW5jaWQtcnVuCiBFWFRSQV9ESVNUID0gbGcuY2dpLmlu IGxnZm9ybS5jZ2kuaW4gcmFuY2lkLWN2cy5pbiByYW5jaWQtcnVuLmluCiAjZGlzdF9iaW5f U0NSSVBUUz0gJChiaW5fU0NSSVBUUzolPSUuaW4pCiBDTEVBTkZJTEVTID0gbGcuY2dpIGxn Zm9ybS5jZ2kgcmFuY2lkLWN2cyByYW5jaWQtcnVuCg== --------------080806080702020002070201-- From owner-rancid-discuss-outgoing@shrubbery.net Tue Nov 22 17:52:20 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 6D2A911CE2F for ; Tue, 22 Nov 2005 17:52:18 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id F19638652F; Tue, 22 Nov 2005 09:52:16 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E4F3086530; Tue, 22 Nov 2005 09:52:16 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) by guelah.shrubbery.net (Postfix) with ESMTP id C0B898652C for ; Tue, 22 Nov 2005 09:52:13 -0800 (PST) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id jAMHq4vV010446 for ; Tue, 22 Nov 2005 12:52:04 -0500 Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com [172.16.2.10]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id jAMHq3V15158 for ; Tue, 22 Nov 2005 12:52:03 -0500 Received: from [172.16.2.246] (brasov.stuttgart.redhat.com [172.16.2.246]) by pobox.stuttgart.redhat.com (8.12.8/8.12.8) with ESMTP id jAMHq2Yx003515 for ; Tue, 22 Nov 2005 18:52:02 +0100 Message-ID: <43835AC2.1000805@redhat.com> Date: Tue, 22 Nov 2005 18:52:02 +0100 From: Michael Stefaniuc Organization: Red Hat GmbH User-Agent: Mozilla Thunderbird 1.0.6-1.1.rhel3 (X11/20050808) X-Accept-Language: en-us, en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: Cisco (Altera) VPN concentrators? Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello, does anybody have a rancid script to get the config file out of the Cisco VPN3k (formerly Altera) concentrators? Those have a stupid menu driven system and no cli. The format of the config file is not very user friendly either but i still prefer to back it up ;). Alternatively a generic rancid wrapper that is able to feed a file into the rancid cvs would do too as i already have a script to scp the config file from the VPN3k. thanks bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani@redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart From owner-rancid-discuss-outgoing@shrubbery.net Tue Nov 22 22:26:53 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 87AC111CE2F for ; Tue, 22 Nov 2005 22:26:52 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id EE0128652F; Tue, 22 Nov 2005 14:26:51 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E199886530; Tue, 22 Nov 2005 14:26:51 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from aurvandil.sahala.org (aurvandil.sahala.org [64.81.96.120]) by guelah.shrubbery.net (Postfix) with ESMTP id 0696D8652C for ; Tue, 22 Nov 2005 14:26:50 -0800 (PST) Received: by aurvandil.sahala.org (Postfix, from userid 1001) id 1B2201C7; Tue, 22 Nov 2005 15:26:48 -0700 (MST) Date: Tue, 22 Nov 2005 15:26:48 -0700 From: joshua sahala To: rancid-discuss@shrubbery.net Subject: RadWare boxen Message-ID: <20051122222648.GJ31134@aurvandil.sahala.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline User-Agent: Mutt/1.5.11 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I was wondering if anyone here had modified RANCID to work with the RadWare WSD boxen...We've got several of them here, with more on the way, and it would be nice to have them 'watched' thanks /joshua - -- A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. - Douglas Adams - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDg5soJr8VjiIHVH0RAlVRAKCVWSs4rBvN2INnAbvF3kZWMDaHIgCgzn63 khtwVMsMGGKuR6/iC0MTI+A= =uxz1 -----END PGP SIGNATURE----- From owner-rancid-discuss-outgoing@shrubbery.net Wed Nov 23 15:49:08 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 3B86D11CE2F for ; Wed, 23 Nov 2005 15:49:05 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id C3F5086530; Wed, 23 Nov 2005 07:49:04 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BBC5886532; Wed, 23 Nov 2005 07:49:04 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 3CCA386531; Wed, 23 Nov 2005 07:49:04 -0800 (PST) Received: from jetjack.onland.dk (jetjack.onland.dk [212.97.207.9]) by guelah.shrubbery.net (Postfix) with ESMTP id B7B8686530 for ; Wed, 23 Nov 2005 04:46:37 -0800 (PST) Received: from jetjack.onland.dk (localhost.onland.dk [127.0.0.1]) by jetjack.onland.dk (8.13.3/8.13.3) with ESMTP id jANCkPbZ049431; Wed, 23 Nov 2005 13:46:25 +0100 (CET) (envelope-from sha@jetjack.onland.dk) Received: (from sha@localhost) by jetjack.onland.dk (8.13.3/8.13.3/Submit) id jANCkPGa049430; Wed, 23 Nov 2005 13:46:25 +0100 (CET) (envelope-from sha) Date: Wed, 23 Nov 2005 13:46:25 +0100 From: Soren Hansen To: Soren Hansen Cc: rancid-discuss@shrubbery.net Subject: Re: CSS problem Message-ID: <20051123124625.GA49357@jetjack.onland.dk> References: <4378AFF0.9050401@onland.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4378AFF0.9050401@onland.dk> User-Agent: Mutt/1.4.2.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Upgrading to 2.3.2a3 fixed the problem. /Søren On Mon, Nov 14, 2005 at 04:40:32PM +0100, Soren Hansen wrote: > Hi, > I'm trying to figure out what goes wrong when adding two cisco content > switches. > I have added them to router.db with type css. > I can clogin to them using: > add user css?office.intra.telia.dk root > add autoenable css?office.intra.telia.dk 1 > add password css?office.intra.telia.dk myrealpassword dummypw > > When I do a rancid-run, the configs are not retireved. > > Running cssrancid goes like this: > rancid@lanwan-mon$ cssrancid -d css1office.intra.telia.dk > executing clogin -t 90 -c"term length 65535;copy profile > user-profile;show version;show boot;show run" css1office.intra.telia.dk > HIT COMMAND:css1office# term length 65535 > HIT COMMAND:css1office# term length 65535 > css1office.intra.telia.dk: found unexpected command - "term length 65535" > HIT COMMAND:css1office# copy profile user-profile > HIT COMMAND:css1office# copy profile user-profile > css1office.intra.telia.dk: found unexpected command - "copy profile > user-profile" > HIT COMMAND:css1office# show version > In ShowVersion: css1office# show version > HIT COMMAND:css1office# show boot > In ShowBoot: css1office# show boot > HIT COMMAND:css1office# show run > In ShowRun: css1office# show run > css1office.intra.telia.dk: End of run not found > css1office.intra.telia.dk: End of run not found > > The file css1office.intra.telia.dk looks like a full config. > > Same goes with an almost identical css2office. > > Ideas? > > /Søren From owner-rancid-discuss-outgoing@shrubbery.net Thu Nov 24 00:10:37 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 16AE311CE2F for ; Thu, 24 Nov 2005 00:10:36 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 67D1886533; Wed, 23 Nov 2005 16:10:35 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 620E686535; Wed, 23 Nov 2005 16:10:35 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id DC24186534; Wed, 23 Nov 2005 16:10:34 -0800 (PST) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by guelah.shrubbery.net (Postfix) with ESMTP id 4BF3286533 for ; Wed, 23 Nov 2005 15:32:32 -0800 (PST) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1Ef44o-0006cM-UQ for rancid-discuss@shrubbery.net; Thu, 24 Nov 2005 00:30:58 +0100 Received: from tina.ndcservers.net ([204.10.37.62]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 24 Nov 2005 00:30:58 +0100 Received: from mailinglists by tina.ndcservers.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 24 Nov 2005 00:30:58 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: rancid-discuss@shrubbery.net From: "Shaun" Subject: Rancid+Cisco privs? Date: Wed, 23 Nov 2005 15:18:55 -0800 Lines: 14 Message-ID: X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: tina.ndcservers.net X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.3790.1830 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 X-RFC2646: Format=Flowed; Original Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I just setup rancid and all it working fine but now I want to secure things a bit. Right now the user rancid logs into my Cisco gear with has a priv of 15 but I want to lock this user down so that the user only have privs to do what rancid needs to do. I'm not very familiar with rancid, it's my first time using it so I'm not really sure what it's doing in the back end. I searched around a bit but couldn't really find much on this subject. Right now all my equipment rancid it polling is IOS. Will a priv 1 be enough access for rancid? ~~Shaun From owner-rancid-discuss-outgoing@shrubbery.net Thu Nov 24 03:17:55 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id E67C411CE2F for ; Thu, 24 Nov 2005 03:17:54 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id CE56986535; Wed, 23 Nov 2005 19:17:53 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C1D6A86536; Wed, 23 Nov 2005 19:17:53 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail3.panix.com (mail3.panix.com [166.84.1.74]) by guelah.shrubbery.net (Postfix) with ESMTP id D51A986534 for ; Wed, 23 Nov 2005 19:17:50 -0800 (PST) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail3.panix.com (Postfix) with ESMTP id E837613A9D3; Wed, 23 Nov 2005 22:17:49 -0500 (EST) Received: (from eravin@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id jAO3HnH01409; Wed, 23 Nov 2005 22:17:49 -0500 (EST) Date: Wed, 23 Nov 2005 22:17:49 -0500 From: Ed Ravin To: Shaun Cc: rancid-discuss@shrubbery.net Subject: Re: Rancid+Cisco privs? Message-ID: <20051124031749.GA26564@panix.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Y-Z: 1, 2, 3? User-Agent: Mutt/1.5.10i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Wed, Nov 23, 2005 at 03:18:55PM -0800, Shaun wrote: > I just setup rancid and all it working fine but now I want to secure things > a bit. Right now the user rancid logs into my Cisco gear with has a priv of > 15 but I want to lock this user down so that the user only have privs to do > what rancid needs to do. I'm not very familiar with rancid, it's my first > time using it so I'm not really sure what it's doing in the back end. Read through the clogin program - you'll get to a nice long table of commands that are sent to the router. All of them are sent, even the ones your router doesn't support. That's what it does in the back end - the output of the commands that work on your router (including the config) get saved in a CVS archive. A few things get adjusted for various subtle reasons, like trimming of passwords to avoid accidental disclosure or sorting of some structures to avoid non-meaningful difference notices, but that's basically it. > I searched around a bit but couldn't really find much on this subject. > Right now all my equipment rancid it polling is IOS. > > Will a priv 1 be enough access for rancid? No. To see the configuration file, you need privilege 15. Although if you have a TACACS server you can give lower privilege levels the ability to execute the "show config" command, it won't actually show you anything, because without privilege 15 a user is denied access to that data. On the other hand, it should be possible using a TACACS server to set up an account so it had privilege 15 but was only able to execute a limited subset of commands, namely the ones needed by RANCID and no others. That would at least prevent the rancid user from changing the config or other mischief. I wasn't able to get it working when I tried, but perhaps I'm just not familiar enough with the innards of TACACS configurations. From owner-rancid-discuss-outgoing@shrubbery.net Thu Nov 24 07:17:01 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 4BBC211CE2F for ; Thu, 24 Nov 2005 07:17:00 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 0099386538; Wed, 23 Nov 2005 23:17:00 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E84FA86539; Wed, 23 Nov 2005 23:16:59 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from ni.shrubbery.net (ni.shrubbery.net [198.58.5.4]) by guelah.shrubbery.net (Postfix) with ESMTP id 37E1E86537 for ; Wed, 23 Nov 2005 23:16:56 -0800 (PST) Received: from ytti.fi (ytti.fi [62.236.255.178]) by ni.shrubbery.net (Postfix) with ESMTP id 6C29E11CE2F for ; Thu, 24 Nov 2005 07:16:51 +0000 (UTC) Received: by ytti.fi (Postfix, from userid 1000) id A486FEE55E; Thu, 24 Nov 2005 09:16:26 +0200 (EET) Date: Thu, 24 Nov 2005 09:16:26 +0200 From: Saku Ytti To: rancid-discuss@shrubbery.net Subject: Re: Rancid+Cisco privs? Message-ID: <20051124071626.GC17452@ytti.fi> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.11 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On (2005-11-23 15:18 -0800), Shaun wrote: > I just setup rancid and all it working fine but now I want to secure things > a bit. Right now the user rancid logs into my Cisco gear with has a priv of > 15 but I want to lock this user down so that the user only have privs to do > what rancid needs to do. I'm not very familiar with rancid, it's my first > time using it so I'm not really sure what it's doing in the back end. I > searched around a bit but couldn't really find much on this subject. Right > now all my equipment rancid it polling is IOS. > > Will a priv 1 be enough access for rancid? Reading NVRAM is priviledged command always, so priv 1 will not help you. However if you're running cutting edge IOS you have 'views' where you can add just the commands you need. -- ++ytti From owner-rancid-discuss-outgoing@shrubbery.net Thu Nov 24 11:14:09 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C91A411CE2F for ; Thu, 24 Nov 2005 11:14:08 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 4BE8686534; Thu, 24 Nov 2005 03:14:07 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 440A286537; Thu, 24 Nov 2005 03:14:07 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from electra.nolink.net (electra.nolink.net [195.139.204.207]) by guelah.shrubbery.net (Postfix) with ESMTP id D018B86534 for ; Thu, 24 Nov 2005 03:14:04 -0800 (PST) Received: (qmail 15819 invoked by uid 1000); 24 Nov 2005 11:13:47 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 Nov 2005 11:13:47 -0000 Date: Thu, 24 Nov 2005 12:13:47 +0100 (CET) From: Lars Erik Gullerud To: Shaun Cc: rancid-discuss@shrubbery.net Subject: Re: Rancid+Cisco privs? In-Reply-To: Message-ID: <20051124120924.U136@electra.nolink.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Wed, 23 Nov 2005, Shaun wrote: > I just setup rancid and all it working fine but now I want to secure things > a bit. Right now the user rancid logs into my Cisco gear with has a priv of > 15 but I want to lock this user down so that the user only have privs to do > what rancid needs to do. I'm not very familiar with rancid, it's my first > time using it so I'm not really sure what it's doing in the back end. I > searched around a bit but couldn't really find much on this subject. Right > now all my equipment rancid it polling is IOS. > > Will a priv 1 be enough access for rancid? What we do is to hack rancid and replace "show running-config" and "write term" with "show startup-config" instead. After that you can play around with lower privileges as you like (we run rancid user as level 2 and allow other commands like the "dir" commands via privilege-lines in IOS). But you can't show the complete running-config without being level 15 or lowering everything else down to rancids level (which is, in effect, the same thing... :) However, this solution means you do not get any config diffs to running-config, so if people forget to do a "write", well, then rancid doesn't catch it. /leg From owner-rancid-discuss-outgoing@shrubbery.net Fri Nov 25 03:01:26 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 8138B11CE2F for ; Fri, 25 Nov 2005 03:01:26 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 308CF8652C; Thu, 24 Nov 2005 19:01:25 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2976686530; Thu, 24 Nov 2005 19:01:25 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id A6B408652F; Thu, 24 Nov 2005 19:01:24 -0800 (PST) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by guelah.shrubbery.net (Postfix) with ESMTP id D3B1786532 for ; Thu, 24 Nov 2005 10:36:47 -0800 (PST) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1EfLw3-0003J9-B8 for rancid-discuss@shrubbery.net; Thu, 24 Nov 2005 19:35:07 +0100 Received: from ip68-111-70-41.oc.oc.cox.net ([68.111.70.41]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 24 Nov 2005 19:35:07 +0100 Received: from mailinglists by ip68-111-70-41.oc.oc.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 24 Nov 2005 19:35:07 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: rancid-discuss@shrubbery.net From: "Shaun" Subject: Re: Rancid+Cisco privs? Date: Thu, 24 Nov 2005 10:33:16 -0800 Lines: 10 Message-ID: References: X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: ip68-111-70-41.oc.oc.cox.net X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-RFC2646: Format=Flowed; Response Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thanks all your responces, sounds like, i guess, that i should just run a priv 15 user... might as well save user/passwords then too if somebody gains access to the rancid user they'll have the login/pass from cloginrc anyway and thats not even encrypted ;) -- ~~Shaun From owner-rancid-discuss-outgoing@shrubbery.net Fri Nov 25 20:11:51 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1E19311CE2F for ; Fri, 25 Nov 2005 20:11:50 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id DFAE38652F; Fri, 25 Nov 2005 12:11:49 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D2D6D86530; Fri, 25 Nov 2005 12:11:49 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.195]) by guelah.shrubbery.net (Postfix) with ESMTP id DE8AA8652C for ; Fri, 25 Nov 2005 12:11:48 -0800 (PST) Received: by wproxy.gmail.com with SMTP id 70so1335003wra for ; Fri, 25 Nov 2005 12:11:47 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mjhj5txpZvJzcqeiJ2jqe7TpwjMwLqEJYLS2TAVpow3prhhVtGTjTN5ydp+toyVlYeDuybyI3poRF2W8zthhTnzyUeZ/1OzdbGRICG5dPdyAdREv6ngN2NM+Q4qGdI+wP0FSZ54pAxr2qOhK2CtSREgLefJD0HjIg9MmVJJEa4E= Received: by 10.54.93.3 with SMTP id q3mr5754554wrb; Fri, 25 Nov 2005 12:11:47 -0800 (PST) Received: by 10.54.106.3 with HTTP; Fri, 25 Nov 2005 12:11:47 -0800 (PST) Message-ID: <8e124f160511251211g1d73f3bcqfe1a08eec7bb7428@mail.gmail.com> Date: Fri, 25 Nov 2005 12:11:47 -0800 From: Big Wave Dave To: Michael Stefaniuc Subject: Re: Cisco (Altera) VPN concentrators? Cc: rancid-discuss@shrubbery.net In-Reply-To: <43835AC2.1000805@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <43835AC2.1000805@redhat.com> Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 11/22/05, Michael Stefaniuc wrote: > Hello, > > does anybody have a rancid script to get the config file out of the > Cisco VPN3k (formerly Altera) concentrators? Those have a stupid menu > driven system and no cli. The format of the config file is not very user > friendly either but i still prefer to back it up ;). > Alternatively a generic rancid wrapper that is able to feed a file into > the rancid cvs would do too as i already have a script to scp the config > file from the VPN3k. > > thanks > bye > michael I would be interested in this too. Dave ---------------------------------------------------------- Are Your Friends Lemmings? -- http://www.lemmingshirts.com From owner-rancid-discuss-outgoing@shrubbery.net Sun Nov 27 02:20:04 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7CAC411CE2F for ; Sun, 27 Nov 2005 02:20:01 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id F1A6A86523; Sat, 26 Nov 2005 18:20:00 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id DFE3C8652D; Sat, 26 Nov 2005 18:20:00 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 668178652C; Sat, 26 Nov 2005 18:20:00 -0800 (PST) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by guelah.shrubbery.net (Postfix) with ESMTP id 8EF7186523 for ; Sat, 26 Nov 2005 10:14:30 -0800 (PST) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1Eg4Yh-00035C-Qf for rancid-discuss@shrubbery.net; Sat, 26 Nov 2005 19:13:59 +0100 Received: from ip68-111-70-41.oc.oc.cox.net ([68.111.70.41]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 26 Nov 2005 19:13:59 +0100 Received: from mailinglists by ip68-111-70-41.oc.oc.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 26 Nov 2005 19:13:59 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: rancid-discuss@shrubbery.net From: "Shaun Reitan" Subject: getting diff's every hour on my Cisco 2950 Date: Sat, 26 Nov 2005 10:13:20 -0800 Lines: 30 Message-ID: X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: ip68-111-70-41.oc.oc.cox.net X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-RFC2646: Format=Flowed; Original Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I just recently setup rancid and to start i had it just polling my Cisco 3750's but the other night i added a bunch of my Cisco 2950G switches. For some reason rancid keeps sending me diff's for all but one of those switches. These diffs are huge also, just just somthing small changing, in fact it looks like a full dump of everything (initial run). Anybody know what might be happening here... Also i have this error in my logs, i havnt figured out how to correct it but maybe it's part of the cause... starting: Sat Nov 26 10:01:48 PST 2005 Trying to get all of the configs. All routers sucessfully completed. cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs cvs commit: Up-to-date check failed for `configs/edge-138.14.irv.xxxxxx.xxx' cvs [commit aborted]: correct above errors first! ending: Sat Nov 26 10:01:58 PST 2005 -- Shaun From owner-rancid-discuss-outgoing@shrubbery.net Sun Nov 27 04:15:59 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 5FE1C11CE2F for ; Sun, 27 Nov 2005 04:15:59 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id EE96E86523; Sat, 26 Nov 2005 20:15:57 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E6A558652D; Sat, 26 Nov 2005 20:15:57 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S3.cableone.net (s3.cableone.net [24.116.0.229]) by guelah.shrubbery.net (Postfix) with ESMTP id B848386523 for ; Sat, 26 Nov 2005 20:15:56 -0800 (PST) Received: from [192.168.1.130] (unverified [24.119.164.164]) by S3.cableone.net (CableOne SMTP Service S3) with ESMTP id 38215542 for multiple; Sat, 26 Nov 2005 21:31:12 -0700 Message-ID: <438932E6.4090201@grote.name> Date: Sat, 26 Nov 2005 21:15:34 -0700 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Shaun Reitan Cc: rancid-discuss@shrubbery.net Subject: Re: getting diff's every hour on my Cisco 2950 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-IP-stats: Incoming Last 3, First 65, in=37, out=0, spam=0 X-External-IP: 24.119.164.164 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Shaun Reitan wrote: >Also i have this error in my logs, i havnt figured out how to correct it but >maybe it's part of the cause... > > Google turns up this. http://lists.gnu.org/archive/html/info-cvs/2001-06/msg00882.html I use Subversion as my backend but ran into a simliar situation which required a database rebuild (when I was running on subversion 1.0 when it used the godawful bdb backend. God bless fsfs. -- Justin Grote Network Architect JWG Networks From owner-rancid-discuss-outgoing@shrubbery.net Sun Nov 27 23:04:37 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 6305511CE2F for ; Sun, 27 Nov 2005 23:04:37 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 2C96A86523; Sun, 27 Nov 2005 15:04:36 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2476F8652D; Sun, 27 Nov 2005 15:04:36 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.205]) by guelah.shrubbery.net (Postfix) with ESMTP id 3200286523 for ; Sun, 27 Nov 2005 15:04:34 -0800 (PST) Received: by wproxy.gmail.com with SMTP id 71so609496wra for ; Sun, 27 Nov 2005 15:04:31 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:sender; b=lSJI7mqLFcvUotDXidebq738zKtPpXe/BDLWL7LY08PYCOJh44AkM15d99OCjZGbmwDYaYmIu6iwJRi4LIo2qWi7NeUWWqkk8nG6X3n+52uxC3/z8xOzmcNiDTe8WF9GEvvlFc1Ve8C+PJgMELGa7qFh4Evq07ZaUMfFAbMomFo= Received: by 10.54.100.6 with SMTP id x6mr1198286wrb; Sun, 27 Nov 2005 15:04:31 -0800 (PST) Received: from ?10.190.2.118? ( [203.94.135.59]) by mx.gmail.com with ESMTP id 65sm95290wra.2005.11.27.15.04.30; Sun, 27 Nov 2005 15:04:31 -0800 (PST) Message-ID: <438A3B7C.8070806@choqolat.org> Date: Mon, 28 Nov 2005 10:04:28 +1100 From: Andrew Fort User-Agent: Thunderbird 1.5 (Windows/20051025) MIME-Version: 1.0 Cc: rancid users Subject: Re: j 7.4 References: <17275.30778.913460.836155@roam.psg.com> <17275.31953.332732.688331@roam.psg.com> In-Reply-To: <17275.31953.332732.688331@roam.psg.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Randy Bush wrote: >>> also, how can i get it to dump the config with apply-groups expanded >>> | except ##? >> I believe this is what you are looking for. >> show configuration | display inheritance > > i know how to type it. what i want is for rancid to do it > for the diffs > > randy > If all you want to do is change the command executed, change two lines in jrancid. I'd give a diff but I'm not sure what version you're on, so look for these two stanza towards the end (~line 484 for me): # Main %commands=( "show chassis clocks" => "ShowChassisClocks", "show chassis environment" => "ShowChassisEnvironment", "show chassis firmware" => "ShowChassisFirmware", "show chassis fpc detail" => "ShowChassisFpcDetail", "show chassis hardware detail" => "ShowChassisHardware", "show chassis routing-engine" => "ShowChassisRoutingEngine", "show chassis scb" => "ShowChassisSCB", "show chassis sfm detail" => "ShowChassisSCB", "show chassis ssb" => "ShowChassisSCB", "show chassis feb" => "ShowChassisSCB", "show chassis cfeb" => "ShowChassisSCB", "show chassis alarms" => "ShowChassisAlarms", "show system boot-messages" => "ShowSystemBootMessages", "show version detail" => "ShowVersion", "show configuration" => "ShowConfiguration" ); @commands=( "show chassis clocks", "show chassis environment", "show chassis firmware", "show chassis fpc detail", "show chassis hardware detail", "show chassis routing-engine", "show chassis scb", "show chassis sfm detail", "show chassis ssb", "show chassis feb", "show chassis cfeb", "show chassis alarms", "show system boot-messages", "show version detail", "show configuration" ); Change the two instances of "show configuration" to the intended command. As long as there's no changes in the parsing required by ShowConfiguration (my limited understanding of junos cli syntax thinks you should be OK), it should work. -andrew From owner-rancid-discuss-outgoing@shrubbery.net Sun Nov 27 23:10:25 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0188211CE2F for ; Sun, 27 Nov 2005 23:10:24 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id D44958652F; Sun, 27 Nov 2005 15:10:23 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id CC44586532; Sun, 27 Nov 2005 15:10:23 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192]) by guelah.shrubbery.net (Postfix) with ESMTP id DFE538652F for ; Sun, 27 Nov 2005 15:10:22 -0800 (PST) Received: by wproxy.gmail.com with SMTP id 71so1584174wri for ; Sun, 27 Nov 2005 15:10:21 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:sender; b=Ej1zcGa3hVA2o/5mMuRrmGOrRioywtxuIRf5h2Jj1bvi5RdNYH+8ahDKdt52Aoe+h0FKdXv+QxxR3EDFn8Ll/SrXFGc3kPgvjL6rsWl9r5UxSEoLIkNPNlZW3GUq3wULCtClFPLbx+rLvyZSP92+/KedkIRnPotPcTsSbl5FRuw= Received: by 10.54.110.18 with SMTP id i18mr7840730wrc; Sun, 27 Nov 2005 15:10:21 -0800 (PST) Received: from ?10.190.2.118? ( [203.94.135.59]) by mx.gmail.com with ESMTP id 40sm204455wrl.2005.11.27.15.10.20; Sun, 27 Nov 2005 15:10:21 -0800 (PST) Message-ID: <438A3CDA.3020103@choqolat.org> Date: Mon, 28 Nov 2005 10:10:18 +1100 From: Andrew Fort User-Agent: Thunderbird 1.5 (Windows/20051025) MIME-Version: 1.0 To: Shaun Cc: rancid-discuss@shrubbery.net Subject: Re: Rancid+Cisco privs? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Shaun wrote: > Thanks all your responces, sounds like, i guess, that i should just run a > priv 15 user... might as well save user/passwords then too if somebody > gains access to the rancid user they'll have the login/pass from cloginrc > anyway and thats not even encrypted ;) the recommended way is to use TAC+, and TAC+ command authori[sz]ation, so the rancid user can't go to configuration mode. you may find the tac_plus.conf stanza you need in the mailing list archives somewhere. if not, the command list is in bin/rancid towards the end. keep in mind you'll need "exit" in that list, also. cheers -andrew From owner-rancid-discuss-outgoing@shrubbery.net Sun Nov 27 23:27:09 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 14B8411CE2F for ; Sun, 27 Nov 2005 23:27:08 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id C1FB286532; Sun, 27 Nov 2005 15:27:07 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BAE3C86534; Sun, 27 Nov 2005 15:27:07 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id AC5CD86532 for ; Sun, 27 Nov 2005 15:27:06 -0800 (PST) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.13.1/8.13.1) with ESMTP id jARNR5Xe020764; Sun, 27 Nov 2005 18:27:05 -0500 (EST) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.13.1/8.13.1/Submit) id jARNR5do020761; Sun, 27 Nov 2005 18:27:05 -0500 (EST) (envelope-from asp) Date: Sun, 27 Nov 2005 18:27:05 -0500 From: Andrew Partan To: Shaun Reitan Cc: rancid-discuss@shrubbery.net Subject: Re: getting diff's every hour on my Cisco 2950 Message-ID: <20051127232705.GB20686@partan.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Sat, Nov 26, 2005 at 10:13:20AM -0800, Shaun Reitan wrote: > Also i have this error in my logs, i havnt figured out how to correct it but > maybe it's part of the cause... > > cvs commit: Up-to-date check failed for `configs/edge-138.14.irv.xxxxxx.xxx' > cvs [commit aborted]: correct above errors first! Something or someone has mucked with your CVS store. See the FAQ, its in there. --asp Q. I keep receiving the same diff for a (or set of) devices, but I know the data is not changing repeatedly. Why? A. This is probably a CVS or filesystem permissions problem. Check the log file from the last run for that group for clues first; it may provide the exact cause. Note: It is very important the following be done as the user who normally runs the rancid collection from cron. Check the cvs status of the device's file. example: guelah [2704] cvs status rtr.shrubbery.net =================================================================== File: yogi.shrubbery.net Status: Up-to-date Working revision: 1.197 Tue Jul 10 15:41:16 2001 Repository revision: 1.197 /usr/local/rancid/var/CVS/shrubbery/configs/rtr.shrubbery.net,v Sticky Tag: (none) Sticky Date: (none) Sticky Options: (none) The Status: should be Up-to-date. If the status is "Unknown", then somehow the file has been created without being cvs add'ed. This should be corrected by removing that device's entry from the group's router.db file, run rancid-run, replace the entry in router.db, and run rancid-run again. If the Status is anything else, someone has most likely been touching the files manually. Sane state can be achieved by removing the file and running cvs update to get a fresh copy from the repository. Check the ownership and permissions of the file and directory and the directory and file in the cvs repository (/CVS/). They should be owned by the user who runs rancid-run from cron. At the very least, the directory and files should be writable by the rancid user. Group and world permissions will determined by the umask (default 027), which is set in /rancid.conf. Likely the easiest way to fix the ownership on the cvs repository is chown -R /CVS / From owner-rancid-discuss-outgoing@shrubbery.net Mon Nov 28 13:12:25 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7CB2211CE2F for ; Mon, 28 Nov 2005 13:12:24 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id C275E86523; Mon, 28 Nov 2005 05:12:23 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BC4308652F; Mon, 28 Nov 2005 05:12:23 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id 242D686523 for ; Mon, 28 Nov 2005 05:12:20 -0800 (PST) Received: from Internal Mail-Server by ananas1 with SMTP; 28 Nov 2005 15:09:10 +0200 Received: from ntx2.forest.netvision.net.il ([172.20.30.33]) by vidius-new.forest.netvision.net.il with Microsoft SMTPSVC(6.0.3790.1830); Mon, 28 Nov 2005 15:12:06 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: RANCID sending empty 'routers down' messages Date: Mon, 28 Nov 2005 15:12:06 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-topic: RANCID sending empty 'routers down' messages Thread-Index: AcXME3RjckVkAcHTQoueGfUqu/wTfAoCWHtA From: "Yuval Ben-Ari" To: "Jee Kay" , X-OriginalArrivalTime: 28 Nov 2005 13:12:06.0852 (UTC) FILETIME=[5513D840:01C5F41D] Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I have same problem, platform is Linux with rancid 2.3 I found the problem in the list archives and the workaround of adding fake line like this to router.db stops the false diffs: FIX_DIFF_BUG:cisco:down I only have 1 diff version on the machine: [rancid@ranc1 rancid]$ which diff /usr/bin/diff [rancid@ranc1 rancid]$ diff -v diff (GNU diffutils) 2.8.1 <...> any idea ? > -----Original Message----- > From: owner-rancid-discuss@shrubbery.net=20 > [mailto:owner-rancid-discuss@shrubbery.net] On Behalf Of Jee Kay > Sent: Saturday, October 08, 2005 3:20 PM > To: rancid-discuss@shrubbery.net > Subject: RANCID sending empty 'routers down' messages >=20 >=20 > I have just added a third site to our RANCID config (the previous two > are working fine), but now whenever RANCID runs it sends an empty > 'changes in xxxx routers' with a body of 'Routers changed to down' on > every run. It only does it for this one site, the other two are having > no problems. >=20 > (When I say 'site', I mean another group within RANCID - there is only > one install of the actual software, I'm just adding a new entry to the > LIST_OF_GROUPS variable) >=20 > The only difference between this new site and the other sites is that > it consists of a single router.. would that make any difference? If > not, any idea what might be causing this? >=20 > Thanks in advance, > Ras >=20 > =20 >=20 >=20 From owner-rancid-discuss-outgoing@shrubbery.net Mon Nov 28 19:58:52 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 93DD311CE30 for ; Mon, 28 Nov 2005 19:58:52 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 995B886530; Mon, 28 Nov 2005 11:58:51 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8EA8186532; Mon, 28 Nov 2005 11:58:51 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) by guelah.shrubbery.net (Postfix) with ESMTP id AE44886523; Mon, 28 Nov 2005 11:58:48 -0800 (PST) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id jASJwfCD024929; Mon, 28 Nov 2005 14:58:41 -0500 Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com [172.16.2.10]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id jASJweV05477; Mon, 28 Nov 2005 14:58:40 -0500 Received: from brasov.stuttgart.redhat.com (brasov.stuttgart.redhat.com [172.16.2.246]) by pobox.stuttgart.redhat.com (8.12.8/8.12.8) with ESMTP id jASJwdYx021083; Mon, 28 Nov 2005 20:58:39 +0100 Received: by brasov.stuttgart.redhat.com (Postfix, from userid 2500) id 6A5D233F53; Mon, 28 Nov 2005 20:58:39 +0100 (CET) Date: Mon, 28 Nov 2005 20:58:39 +0100 From: Michael Stefaniuc To: john heasley Cc: rancid-discuss@shrubbery.net Subject: Re: Cisco (Altera) VPN concentrators? Message-ID: <20051128195839.GA17186@redhat.com> References: <43835AC2.1000805@redhat.com> <20051123231810.GT25305@shrubbery.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="s/l3CgOIzMHHjg/5" Content-Disposition: inline In-Reply-To: <20051123231810.GT25305@shrubbery.net> User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --s/l3CgOIzMHHjg/5 Content-Type: multipart/mixed; boundary="2fHTh5uZTiUOsy+g" Content-Disposition: inline --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 23, 2005 at 03:18:10PM -0800, john heasley wrote: > Tue, Nov 22, 2005 at 06:52:02PM +0100, Michael Stefaniuc: > > Hello, > >=20 > > does anybody have a rancid script to get the config file out of the=20 > > Cisco VPN3k (formerly Altera) concentrators? Those have a stupid menu= =20 > > driven system and no cli. The format of the config file is not very use= r=20 >=20 > you are probably out of luck. rancid currently depends on a UI (no snmp > stuff) and menu-driven UIs are very difficult to deal with via expect. I know, i have read the FAQ before sending my email. That's why i asked for a generic rancid wrapper that is able to inject a file (which dosn't matter how it was gathered) into the rancid CVS.=20 > > friendly either but i still prefer to back it up ;). > > Alternatively a generic rancid wrapper that is able to feed a file into= =20 > > the rancid cvs would do too as i already have a script to scp the confi= g=20 > > file from the VPN3k. Here is a proposal for such a wrapper. As nothing speaks like code i have attached a proof of concept code which works for me but is a quick hack and NOT ready for production. Use on your own risk. Design: ------- router.db entry: is of the form wrapper. . Example: # VPN concentrator 192.168.1.1:wrapper.vpn3k:up wrancid is the actual wrapper and it is called from rancid-fe (patch attached). What it does is it calls the /usr/share/rancid/wrapper/ file passing it the filename to which to save the config file and the hostname. /usr/share/rancid/wrapper/vpn3k this is the actual workhorse. Here it uses scp and snmp to get the config file and some informations and it drops them to the filename it got from wrancid. That's all. Ugly? Sure it is but it gets the job done (to backup the device; nothing more). And it is easily extensible; just drop a script ("plugin") that is able to get you a file into /usr/share/rancid/wrapper and you're done. The plugin file can be written in any language and dosn't have to use expect. How the plugin file gets to the config file depends on the device polled (scp, ftp, http, trained monkey) and it dosn't realy matter. Possible improvements of wrancid would be to parse .cloginrc and pass the username/password down to the plugin scripts making those easier but that needs to be done securely (no command line and no enviroment). At the moment vpn3k has it hard coded in the file (did i say that it is proof of concept code?). And the scripts would need some error handling too. Comments? bye michael --=20 Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani@redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=wrancid Content-Transfer-Encoding: quoted-printable #!/usr/bin/perl -w # # wrancid - Wrapper script for all the devices without a proper cli but # for which there is an other way to get to the config file. # # WARNING: This is only PROOF OF CONCEPT code and will screw up your data # and eat babies!!! # # Copyright 2005 Michael Stefaniuc for Red Hat # # This script is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #=20 # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. #=20 # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # use strict; use Getopt::Std; ############# # Variables # ############# my $plugin_dir =3D '/usr/share/rancid/wrapper'; my %options =3D (); getopts("f:s:", \%options); my $host =3D $ARGV[0]; my $script =3D $options{'s'}; my $file; if (defined($options{'f'})) { $file =3D $options{'f'}; } else { $file =3D $host . ".new"; } # Call the plugin script and let it do the work exec("$plugin_dir/$script", "-f", $file, $host) or die "Couldn't execute the '$plugin_dir/$script' script!\n"; --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rancid-fe.diff" --- rancid-fe.orig 2005-11-28 10:53:11.000000000 -0500 +++ rancid-fe 2005-11-28 11:17:35.000000000 -0500 @@ -49,6 +49,7 @@ elsif ($vendor =~ /^redback$/i) { exec('rrancid', $router); } elsif ($vendor =~ /^riverstone$/i) { exec('rivrancid', $router); } elsif ($vendor =~ /^tnt$/i) { exec('tntrancid', $router); } +elsif ($vendor =~ /^wrapper\.(.+)$/i) { exec('wrancid', '-s', $1, $router); } elsif ($vendor =~ /^zebra$/i) { exec('zrancid', $router); } else { printf(STDERR "unknown router manufacturer for $router: $vendor\n"); --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=vpn3k Content-Transfer-Encoding: quoted-printable #!/usr/bin/perl -w # # vpn3k - SCP and SNMP Backup script for Cisco VPN 3K concentrators # to be used by the wrancid rancid wrapper # # WARNING: This is only PROOF OF CONCEPT code and will screw up your data # and eat babies!!! # # Copyright 2005 Michael Stefaniuc for Red Hat # # This script is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #=20 # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. #=20 # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # ####################################################### # Modules ####################################################### # Load any modules needed use strict; use Getopt::Std; use Net::SCP::Expect; use File::Temp; ####################################################### # Variables ####################################################### # Initialize variables used in this script my $backup_user =3D "backup"; my $backup_pass =3D "backup"; my $snmp_community =3D 'public'; my %options =3D (); getopts('f:', \%options); my $file =3D $options{'f'}; my $fh; my $host =3D $ARGV[0]; (my $tempfh, my $tempfile) =3D mkstemp( "/tmp/tmpfileXXXXX" ); #close($tempfh); # Open the output file. open($fh, ">", $file) or die "Cannot open output file\n"; print($fh "#RANCID-CONTENT-TYPE: wrapper.vpn3k\n#\n"); # Get some infos from snmp my $snmp_command =3D "snmpget -v2c -c $snmp_community -On $host .1.3.6.1.2.= 1.1.1.0"; my $result =3D `$snmp_command`; chomp($result); if ($result =3D~ /VPN 3000 Concentrator Version (\S+) built by (\S+) on (.+= )$/i) { my $version =3D $1; my $compiled =3D "$3 by $2"; print($fh "#Chassis Type: VPN 3000\n#\n"); $snmp_command =3D "snmpget -v2c -c $snmp_community -On $host .1.3.6.1.2= .1.47.1.1.1.1.11.1"; $result =3D `$snmp_command`; chomp($result); if ($result =3D~ /"([^"]+)"/) { print($fh "#Serial Number: $1\n#\n"); } print($fh "#Image: Version: $version\n"); print($fh "#Image: Compiled: $compiled\n#\n"); } # Call scp and download the running config. my $scp_session =3D Net::SCP::Expect->new(user=3D>"$backup_user",password= =3D>"$backup_pass"); # the connection sometimes terminates incorrectly but we fully transfered # the file eval { $scp_session->scp("$host:config", $tempfile); }; # Copy the config file over removing the comment at the beginning open($tempfh, "<", $tempfile) or die "Scp seems to have failed\n"; my $line; while ($line =3D <$tempfh>) { if ($line =3D~ /^#/) { next; } print($fh $line); } ####### # End # ####### close($fh); close($tempfh); unlink($tempfile); --2fHTh5uZTiUOsy+g-- --s/l3CgOIzMHHjg/5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDi2Fv08alQ5mXm14RAl8GAJ9p2uqCpU3hvi/vk3ZlLnvAMzezIACfeGlN MKEhw7PngwQSJK2uloID/5w= =6s8i -----END PGP SIGNATURE----- --s/l3CgOIzMHHjg/5--