From dbshah at myway.com Fri Jul 1 12:07:57 2005 From: dbshah at myway.com (dharmesh) Date: Fri, 1 Jul 2005 08:07:57 -0400 (EDT) Subject: CVS question: export complete config everyfriday Message-ID: <20050701120757.EC10E39A0@mprdmxin.myway.com> Ah well, they say its not as bad as they say it is. ---------anonymous Hello All, I have been an avvid user of Rancid since 2002. We have been using ver rancid v2.0 to 2.3 on Linux Redhat 9 to Fedora Core 3. Now my boss has enforced some LAME process upon us. He wants us to have Complete config backup taken every friday of all devices. Obviously rancid has been doing it , daily twice ( via cron ) & storing it in CVS. Now i know its more of a CVS question then rancid question. But i thought you guys could help me out. So here it is : How do i extract complete device configs as they stand on every friday from the CVS ? I could write a cron job , & zip the files later & email them. All that i can do, but not sure how i can do the first step itself. i.e extract the complete config from cvs . Any help from you folks would be greatly appreciated. thanks in advance regards dharmesh From heas at shrubbery.net Fri Jul 1 15:26:15 2005 From: heas at shrubbery.net (john heasley) Date: Fri, 1 Jul 2005 08:26:15 -0700 Subject: CVS question: export complete config everyfriday In-Reply-To: <20050701120757.EC10E39A0@mprdmxin.myway.com> References: <20050701120757.EC10E39A0@mprdmxin.myway.com> Message-ID: <20050701152615.GC23774@shrubbery.net> Fri, Jul 01, 2005 at 08:07:57AM -0400, dharmesh: > > > > > Ah well, they say its not as bad as they say it is. > ---------anonymous > > Hello All, > I have been an avvid user of Rancid since 2002. > We have been using ver rancid v2.0 to 2.3 on Linux Redhat 9 to Fedora Core 3. > > Now my boss has enforced some LAME process upon us. > He wants us to have Complete config backup taken every friday of all devices. > > Obviously rancid has been doing it , daily twice ( via cron ) & storing it in CVS. > > Now i know its more of a CVS question then rancid question. But i thought you guys could help me out. > > > So here it is : > How do i extract complete device configs as they stand on every friday from the CVS ? > > I could write a cron job , & zip the files later & email them. > All that i can do, but not sure how i can do the first step itself. i.e extract the complete config from cvs . This is really a CVS question, which you could answer by looking at CVS manual/FAQs/tutorials, but create a tmpdir w/ a checked-out copy of the repositories $ mkdir tmpdir;cd tmpdir $ . /usr/pkg/etc/rancid.conf $ for f in $LIST_OF_GROUPS; do > cvs -ud /var/rancid/CVS co $f > done from cron, $ cd tmpdir $ . /usr/pkg/etc/rancid.conf $ for f in $LIST_OF_GROUPS; do > (cd $f; cvs -u update) > done OR from cron, something like $ cd /var/rancid $ find -s */configs -type f -a -maxdepth 1 \ -exec cvs -u co -p {} >> /tmp/configs 2>&1 \; From dbshah at myway.com Mon Jul 4 07:30:55 2005 From: dbshah at myway.com (dharmesh) Date: Mon, 4 Jul 2005 03:30:55 -0400 (EDT) Subject: CVS question: export complete config everyfriday Message-ID: <20050704073055.4CDD2396B@mprdmxin.myway.com> Ah well, they say its not as bad as they say it is. ---------anonymous Thanks you all for replying. I have been able to implement the script provided by john. Regards dharmesh From eravin at panix.com Tue Jul 5 16:21:24 2005 From: eravin at panix.com (Ed Ravin) Date: Tue, 5 Jul 2005 12:21:24 -0400 Subject: Cisco "show inventory" command Message-ID: <20050705162124.GA13788@panix.com> On another mailing list that I (and some of you) subscribe to, someone mentioned the "show inventory" command. It seems to be tailor-made for RANCID. It's in 12.0(30)S, and apparently in other recent releases. Sample output below... -- Ed ------------------------ NAME: "7513 chassis,ID:73002384", DESCR: "7513 chassis" PID: 2 , VID: Hardware Version : 1.00, Board Revision : B0, SN: 73002384 NAME: "Line Card 0", DESCR: "Versatile Interface Processor (VIP2)" PID: VIP2 , VID: Hardware Version : 2.04, Board Revision : D0, SN: 6354210 NAME: "Card Slot 0,Bay 0", DESCR: "FastEthernet Port Adapter " PID: PA-FE-TX-ISL , VID: Hardware Version : 1.00, Board Revision : A0, SN: 6714008 NAME: "Card Slot 0,Bay 1", DESCR: "HSSI Port Adapter" PID: PA-AH1T , VID: Hardware Version : 1.17, Board Revision : A0, SN: 12382154 [...] From arnold at nipper.de Wed Jul 6 05:58:14 2005 From: arnold at nipper.de (Arnold Nipper) Date: Wed, 06 Jul 2005 07:58:14 +0200 Subject: Cisco "show inventory" command In-Reply-To: <20050705162124.GA13788@panix.com> References: <20050705162124.GA13788@panix.com> Message-ID: <42CB72F6.5070102@nipper.de> On 05.07.2005 18:21 Ed Ravin wrote > On another mailing list that I (and some of you) subscribe to, someone > mentioned the "show inventory" command. It seems to be tailor-made > for RANCID. It's in 12.0(30)S, and apparently in other recent releases. Ans it is in CatOS as well (at least since 8.3(3)) > Sample output below... > for CatOS format looks identical > -- Ed > > ------------------------ > NAME: "7513 chassis,ID:73002384", DESCR: "7513 chassis" > PID: 2 , VID: Hardware Version : 1.00, Board Revision : B0, SN: 73002384 > > NAME: "Line Card 0", DESCR: "Versatile Interface Processor (VIP2)" > PID: VIP2 , VID: Hardware Version : 2.04, Board Revision : D0, SN: 6354210 > NAME: "1", DESCR: "1000BaseX Ethernet 48 port WS-X6748-SFP Rev. 1.3" PID: WS-X6748-SFP , VID: , SN: SAD082108BS NAME: "submodule 1/1", DESCR: "Centralized Fwd Card WS-F6700-CFC Rev 2.0" PID: WS-F6700-CFC , VID: , SN: SAD080600LP NAME: "2", DESCR: "1000BaseX Ethernet 48 port WS-X6748-SFP Rev. 1.3" PID: WS-X6748-SFP , VID: , SN: SAD082108BC Arnold -- Arnold Nipper, AN45 From rdrake at ipsek.net Wed Jul 6 15:59:21 2005 From: rdrake at ipsek.net (Robert Drake) Date: Wed, 6 Jul 2005 11:59:21 -0400 Subject: Cisco "show inventory" command In-Reply-To: <20050705162124.GA13788@panix.com> References: <20050705162124.GA13788@panix.com> Message-ID: <20050706155921.GA9349@ipsek.net> Thats awesome. I used to submit bug reports when they released new cards and for no explainable reason, changed the way "sh diag" output worked (Then I'd go update our copy of rancid, since I never got responses). I loved it when they started putting free form information on lines, making you specifically have to search for that type of card to detect it. OTOH, here is a low-end example of "sh inv" not getting it right ethier: router2611#sh inv NAME: "", DESCR: "2611 chassis, Hw Serial#: 1191063160, Hw Revision: 0x202" PID: , VID: , SN: It doesn't include the WIC serial number, or tag the chassis serial in SN: That was on 12.3(1a), this is what rancid finds for the same box: !Slot 0: type C2611 2E Mainboard, 3 ports !Slot 0: hvers 2.2 rev A0 !Slot 0: part 73-2840-12, serial JAD03381685 ! !Slot 0/0: type FT1 BT8360 !Slot 0/0: hvers 1.3 rev C0 !Slot 0/0: part 800-03279-03, serial 17175179 So maybe it'll be fixed in a later version. At least it's extra info that might be useful to crosscheck. Thanks, Robert Ed Ravin(eravin at panix.com)@2005-07-05 12:21:24 -0400: > On another mailing list that I (and some of you) subscribe to, someone > mentioned the "show inventory" command. It seems to be tailor-made > for RANCID. It's in 12.0(30)S, and apparently in other recent releases. > Sample output below... > > -- Ed > > ------------------------ > NAME: "7513 chassis,ID:73002384", DESCR: "7513 chassis" > PID: 2 , VID: Hardware Version : 1.00, Board Revision : B0, SN: 73002384 > > NAME: "Line Card 0", DESCR: "Versatile Interface Processor (VIP2)" > PID: VIP2 , VID: Hardware Version : 2.04, Board Revision : D0, SN: 6354210 > > NAME: "Card Slot 0,Bay 0", DESCR: "FastEthernet Port Adapter " > PID: PA-FE-TX-ISL , VID: Hardware Version : 1.00, Board Revision : A0, SN: 6714008 > > NAME: "Card Slot 0,Bay 1", DESCR: "HSSI Port Adapter" > PID: PA-AH1T , VID: Hardware Version : 1.17, Board Revision : A0, SN: 12382154 > > [...] > From andre at is.co.za Wed Jul 6 16:23:15 2005 From: andre at is.co.za (Andre van der Merwe) Date: Wed, 6 Jul 2005 18:23:15 +0200 Subject: Cisco "show inventory" command In-Reply-To: <20050706155921.GA9349@ipsek.net> References: <20050705162124.GA13788@panix.com> <20050706155921.GA9349@ipsek.net> Message-ID: <20050706162315.GJ23970@is.co.za> On Wed, Jul 06, 2005 at 11:59:21AM -0400, Robert Drake wrote: > Thats awesome. I used to submit bug reports when they released new > cards and for no explainable reason, changed the way "sh diag" output > worked (Then I'd go update our copy of rancid, since I never got > responses). > > I loved it when they started putting free form information on lines, > making you specifically have to search for that type of card to detect > it. > > OTOH, here is a low-end example of "sh inv" not getting it right ethier: > > router2611#sh inv > NAME: "", DESCR: "2611 chassis, Hw Serial#: 1191063160, Hw Revision: > 0x202" > PID: , VID: , SN: > > > It doesn't include the WIC serial number, or tag the chassis serial in > SN: > > That was on 12.3(1a), this is what rancid finds for the same box: > > !Slot 0: type C2611 2E Mainboard, 3 ports > !Slot 0: hvers 2.2 rev A0 > !Slot 0: part 73-2840-12, serial JAD03381685 > ! > !Slot 0/0: type FT1 BT8360 > !Slot 0/0: hvers 1.3 rev C0 > !Slot 0/0: part 800-03279-03, serial 17175179 > > > So maybe it'll be fixed in a later version. At least it's extra info > that might be useful to crosscheck. Since extra information is gleaned from the 'show diag' would it not be wise to maybe put the "show inv" information in a seperate '!'ed section, ie !Inventory: NAME... It is duplicate information, but could come in handy. Thanks -Andr? From jeekay at gmail.com Wed Jul 6 20:07:19 2005 From: jeekay at gmail.com (Jee Kay) Date: Wed, 6 Jul 2005 21:07:19 +0100 Subject: Maximum Config Sizes Message-ID: Is there a limit for config sizes that RANCID will handle? I have a NetScreen with a config in the silly numbers, and RANCID only seems to be capturing the first 1600 or so lines of it. Are there any timeouts or anything like that which might cause this? Thanks, Ras From jrichard at digitalwest.net Wed Jul 6 20:37:04 2005 From: jrichard at digitalwest.net (Josh Richards) Date: Wed, 6 Jul 2005 13:37:04 -0700 Subject: Maximum Config Sizes In-Reply-To: References: Message-ID: <20050706203704.GD16279@lovejoy.digitalwest.net> I've got >1MB configs under Cisco IOS. -jr * Jee Kay [20050706 20:07]: > Is there a limit for config sizes that RANCID will handle? I have a > NetScreen with a config in the silly numbers, and RANCID only seems to > be capturing the first 1600 or so lines of it. Are there any timeouts > or anything like that which might cause this? > > Thanks, > Ras -- Josh Richards | Colocation Web Hosting Bandwidth Digital West Networks | +1 805 781-9378 / www.digitalwest.net San Luis Obispo, CA | AS14589 (Production) / AS29962 (R&D) jrichard at digitalwest.net | DWNI - Making Internet Business Better From eravin at panix.com Wed Jul 6 21:05:55 2005 From: eravin at panix.com (Ed Ravin) Date: Wed, 6 Jul 2005 17:05:55 -0400 Subject: Maximum Config Sizes In-Reply-To: References: Message-ID: <20050706210555.GA25636@panix.com> On Wed, Jul 06, 2005 at 09:07:19PM +0100, Jee Kay wrote: > Is there a limit for config sizes that RANCID will handle? I have a > NetScreen with a config in the silly numbers, and RANCID only seems to > be capturing the first 1600 or so lines of it. Are there any timeouts > or anything like that which might cause this? By default, nrancid calls nlogin with a timeout of 90 seconds. If that's not long enough for your NetScreen to dump its config, then you won't get the whole file. Try running "nrancid -t 120 " to see if that gives you the rest of (or more of) the config file. If so, you can edit the default value of $timeo in nrancid - look for this line: $timeo = 90; # nlogin timeout in seconds And adjust accordingly. From heas at shrubbery.net Wed Jul 6 22:38:11 2005 From: heas at shrubbery.net (john heasley) Date: Wed, 6 Jul 2005 15:38:11 -0700 Subject: Maximum Config Sizes In-Reply-To: <20050706210555.GA25636@panix.com> References: <20050706210555.GA25636@panix.com> Message-ID: <20050706223811.GD16430@shrubbery.net> Wed, Jul 06, 2005 at 05:05:55PM -0400, Ed Ravin: > On Wed, Jul 06, 2005 at 09:07:19PM +0100, Jee Kay wrote: > > Is there a limit for config sizes that RANCID will handle? I have a > > NetScreen with a config in the silly numbers, and RANCID only seems to > > be capturing the first 1600 or so lines of it. Are there any timeouts > > or anything like that which might cause this? > > By default, nrancid calls nlogin with a timeout of 90 seconds. If that's > not long enough for your NetScreen to dump its config, then you won't > get the whole file. the timeout applies to an expect clause. that is, when an expect {} begins, if $timeo seconds elapse before expect matches something, it will return a timeout. each match or exp_continue resets the timers. if there is some part of the configuration that takes a _long_ time to complete, ie: the output pauses for an extended period, then increasing the timeout will help. any clues in the logs? > Try running "nrancid -t 120 " to see if that gives you the rest > of (or more of) the config file. If so, you can edit the default value > of $timeo in nrancid - look for this line: > > $timeo = 90; # nlogin timeout in seconds > > And adjust accordingly. From jeekay at gmail.com Wed Jul 6 22:47:44 2005 From: jeekay at gmail.com (Jee Kay) Date: Wed, 6 Jul 2005 23:47:44 +0100 Subject: Maximum Config Sizes In-Reply-To: <20050706223811.GD16430@shrubbery.net> References: <20050706210555.GA25636@panix.com> <20050706223811.GD16430@shrubbery.net> Message-ID: On 7/6/05, john heasley wrote: > if there is some part of the configuration that takes a _long_ time to > complete, ie: the output pauses for an extended period, then increasing > the timeout will help. None.. if I nlogin manually and 'get conf' it dumps the entire config happily to the term. Any ideas for how to debug this further? (oh and nrancid doesn't support -t :)) From heas at shrubbery.net Wed Jul 6 22:55:25 2005 From: heas at shrubbery.net (john heasley) Date: Wed, 6 Jul 2005 15:55:25 -0700 Subject: Maximum Config Sizes In-Reply-To: References: <20050706210555.GA25636@panix.com> <20050706223811.GD16430@shrubbery.net> Message-ID: <20050706225525.GF16430@shrubbery.net> Wed, Jul 06, 2005 at 11:47:44PM +0100, Jee Kay: > On 7/6/05, john heasley wrote: > > if there is some part of the configuration that takes a _long_ time to > > complete, ie: the output pauses for an extended period, then increasing > > the timeout will help. > > None.. if I nlogin manually and 'get conf' it dumps the entire config > happily to the term. Any ideas for how to debug this further? (oh and > nrancid doesn't support -t :)) First I'd look at the logs for clues, then % NOPIPE=YES % nrancid -d host and check .raw file to make sure it is complete. if it, then I'd start looking at nrancid for bugs that cause the matching within GetConf to return to the main loop. From jeekay at gmail.com Wed Jul 6 22:55:52 2005 From: jeekay at gmail.com (Jee Kay) Date: Wed, 6 Jul 2005 23:55:52 +0100 Subject: Maximum Config Sizes In-Reply-To: References: <20050706210555.GA25636@panix.com> <20050706223811.GD16430@shrubbery.net> Message-ID: On 7/6/05, Jee Kay wrote: > None.. if I nlogin manually and 'get conf' it dumps the entire config > happily to the term. Any ideas for how to debug this further? (oh and > nrancid doesn't support -t :)) That was obviously meant in response to the 'is there anything in the log' paragraph, rather than what I quoted. Also, 'time' says it quits after around 44 seconds when using nrancid. When doing nlogin -c'show conf' directly, it also finishes afer 44 seconds, except that way it outputs the entire config correctly. There don't appear to be any accidental hits of the prompt regexp (even though it really is rather looser than it probably should be..) From jeekay at gmail.com Wed Jul 6 22:58:37 2005 From: jeekay at gmail.com (Jee Kay) Date: Wed, 6 Jul 2005 23:58:37 +0100 Subject: Maximum Config Sizes In-Reply-To: <20050706225525.GF16430@shrubbery.net> References: <20050706210555.GA25636@panix.com> <20050706223811.GD16430@shrubbery.net> <20050706225525.GF16430@shrubbery.net> Message-ID: On 7/6/05, john heasley wrote: > % NOPIPE=YES > % nrancid -d host > > and check .raw file to make sure it is complete. if it, then I'd start > looking at nrancid for bugs that cause the matching within GetConf to > return to the main loop. (yay for crossing emails) With NOPIPE, the .raw correctly contains the full output of the config. The .new however does not. I shall dig deeper into nrancid when I have a chance and see what is causing a bogus match. Thanks for the quick response! From jeekay at gmail.com Wed Jul 6 23:07:06 2005 From: jeekay at gmail.com (Jee Kay) Date: Thu, 7 Jul 2005 00:07:06 +0100 Subject: Maximum Config Sizes In-Reply-To: References: <20050706210555.GA25636@panix.com> <20050706223811.GD16430@shrubbery.net> <20050706225525.GF16430@shrubbery.net> Message-ID: On 7/6/05, Jee Kay wrote: > With NOPIPE, the .raw correctly contains the full output of the > config. The .new however does not. I shall dig deeper into nrancid > when I have a chance and see what is causing a bogus match. (apologies for the context diff.. stupid solaris) > diff nrancid.orig nrancid 269c269 < $prompt = "\-\>\s*"; --- > $prompt = "^[A-Za-z0-9\(\)]+\-\>\s*"; From heas at shrubbery.net Wed Jul 6 23:09:49 2005 From: heas at shrubbery.net (john heasley) Date: Wed, 6 Jul 2005 16:09:49 -0700 Subject: Maximum Config Sizes In-Reply-To: References: <20050706210555.GA25636@panix.com> <20050706223811.GD16430@shrubbery.net> <20050706225525.GF16430@shrubbery.net> Message-ID: <20050706230949.GI16430@shrubbery.net> Thu, Jul 07, 2005 at 12:07:06AM +0100, Jee Kay: > On 7/6/05, Jee Kay wrote: > > With NOPIPE, the .raw correctly contains the full output of the > > config. The .new however does not. I shall dig deeper into nrancid > > when I have a chance and see what is causing a bogus match. > > (apologies for the context diff.. stupid solaris) > > > diff nrancid.orig nrancid > 269c269 > < $prompt = "\-\>\s*"; > --- > > $prompt = "^[A-Za-z0-9\(\)]+\-\>\s*"; the most recent nrancid matches more explicitly. $prompt = ($_ =~ /^([^>]+->)/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; Does that work for you? From jeekay at gmail.com Wed Jul 6 23:14:39 2005 From: jeekay at gmail.com (Jee Kay) Date: Thu, 7 Jul 2005 00:14:39 +0100 Subject: Maximum Config Sizes In-Reply-To: <20050706230949.GI16430@shrubbery.net> References: <20050706210555.GA25636@panix.com> <20050706223811.GD16430@shrubbery.net> <20050706225525.GF16430@shrubbery.net> <20050706230949.GI16430@shrubbery.net> Message-ID: On 7/7/05, john heasley wrote: > the most recent nrancid matches more explicitly. It looks like that should work - the NetScreens have different prompts depending on what mode they've decided to be in that day, but [^>] looks safe. Is there any chance you could do a new rollup for 2.3.2 with the autoconf fix and any new fixes/features in ? Thanks, Ras From heas at shrubbery.net Thu Jul 7 01:18:04 2005 From: heas at shrubbery.net (john heasley) Date: Wed, 6 Jul 2005 18:18:04 -0700 Subject: Maximum Config Sizes In-Reply-To: References: <20050706210555.GA25636@panix.com> <20050706223811.GD16430@shrubbery.net> <20050706225525.GF16430@shrubbery.net> <20050706230949.GI16430@shrubbery.net> Message-ID: <20050707011804.GM16430@shrubbery.net> Thu, Jul 07, 2005 at 12:14:39AM +0100, Jee Kay: > On 7/7/05, john heasley wrote: > > > the most recent nrancid matches more explicitly. > > It looks like that should work - the NetScreens have different prompts > depending on what mode they've decided to be in that day, but [^>] > looks safe. > > Is there any chance you could do a new rollup for 2.3.2 with the > autoconf fix and any new fixes/features in ? ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a2.tar.gz note that the included nlogin supports -t. should be stable as it does not include any of the half-done/integrated bits :) From netmanager at biola.edu Thu Jul 7 17:14:07 2005 From: netmanager at biola.edu (Netmanager) Date: Thu, 07 Jul 2005 10:14:07 -0700 Subject: 2.3.1 and DESTDIR Message-ID: Hello all, I am trying to package RANCID 2.3.1 for the DarwinPorts package manager, and I notice that when I use any of these configure arguments: --localstatedir=${prefix}/var/${name} \ --bindir=${prefix}/libexec/${name} \ --sysconfdir=${prefix}/etc/${name} The DESTDIR gets ignored and my files get installed to their final locations by bypassing the package manager when "make install" executes: /usr/bin/make install-data-hook /bin/sh ./mkinstalldirs "Make install" would normally install to an intermediate location to be installed in a later phase of the package install. I've tried patching @sysconfdir@, @bindir@, etc to have the paths I want in the Makefile.in but soon afterwards it tries to install files to the unpatched locations. I've tried some other things that haven't worked yet. Is there an easy way to patch rancid so that I can use --localstatedir, --bindir, and --sysconfdir and not have it ignore DESTDIR? I have looked at the FreeBSD 2.3.1 Rancid port and it doesn't do anything about this, but since I do not have access to a FreeBSD system I can only guess that it probably behaves the same. Like my port, even if it did it the port would work ok, but this problem breaks clean uninstalls and other package management niceties. Thank you. Mark From grbell at lbl.gov Mon Jul 11 21:07:39 2005 From: grbell at lbl.gov (Gregory Bell) Date: Mon, 11 Jul 2005 14:07:39 -0700 Subject: "set" vs "et" under CatOS? Message-ID: <42D2DF9B.4090607@lbl.gov> We're seeing occasional diffs like this: > > set trunk 6/46 auto dot1q 1-1005,1025-4094 > set trunk 6/47 auto dot1q 1-1005,1025-4094 > set trunk 6/48 auto dot1q 1-1005,1025-4094 > + et spantree bpdu-guard 6/1-48 default > + et spantree portinstancepri 6/32 0 mst set port gvrp 6/1-48 disable > set gvrp registration normal 6/1-48 > set gvrp applicant normal 6/1-48 > Has anyone else encountered CatOS diffs with lines that begin "et..."? - Greg Bell From Philip.Koontz at bdk.com Wed Jul 13 21:16:08 2005 From: Philip.Koontz at bdk.com (Koontz, Philip) Date: Wed, 13 Jul 2005 17:16:08 -0400 Subject: Solaris 9 Message-ID: <849BC3170D2CA34189993B52087B3D4101CD20BB@TOWEXCVS1.naptg.com> I am about to install Rancid on a Solaris 9 system. Does anyone have any tips, necessary patches, etc for installing Rancid on Solaris 9? Thanks -Phil Koontz From arnold at nipper.de Wed Jul 13 21:27:05 2005 From: arnold at nipper.de (Arnold Nipper) Date: Wed, 13 Jul 2005 23:27:05 +0200 Subject: Solaris 9 In-Reply-To: <849BC3170D2CA34189993B52087B3D4101CD20BB@TOWEXCVS1.naptg.com> References: <849BC3170D2CA34189993B52087B3D4101CD20BB@TOWEXCVS1.naptg.com> Message-ID: <42D58729.4070409@nipper.de> On 13.07.2005 23:16 Koontz, Philip wrote > I am about to install Rancid on a Solaris 9 system. Does anyone have > any tips, necessary patches, etc for installing Rancid on Solaris 9? > Installs w/o problems iirc ... I did it two years ago and it worked perfectly. Installed version was rancid-2.2.2 Arnold -- Arnold Nipper, AN45 From justin at grote.name Wed Jul 13 21:57:39 2005 From: justin at grote.name (Justin Grote) Date: Wed, 13 Jul 2005 15:57:39 -0600 Subject: Solaris 9 In-Reply-To: <849BC3170D2CA34189993B52087B3D4101CD20BB@TOWEXCVS1.naptg.com> References: <849BC3170D2CA34189993B52087B3D4101CD20BB@TOWEXCVS1.naptg.com> Message-ID: <42D58E53.8090704@grote.name> Koontz, Philip wrote: >I am about to install Rancid on a Solaris 9 system. Does anyone have >any tips, necessary patches, etc for installing Rancid on Solaris 9? > >Thanks >-Phil Koontz > > > Just make sure you have CVS and diff installed, and you shouldnt have any problems -- __________________________ Justin Grote Network Architect JWG Networks From jeekay at gmail.com Thu Jul 14 13:22:57 2005 From: jeekay at gmail.com (Jee Kay) Date: Thu, 14 Jul 2005 14:22:57 +0100 Subject: Solaris 9 In-Reply-To: <849BC3170D2CA34189993B52087B3D4101CD20BB@TOWEXCVS1.naptg.com> References: <849BC3170D2CA34189993B52087B3D4101CD20BB@TOWEXCVS1.naptg.com> Message-ID: On 7/13/05, Koontz, Philip wrote: > I am about to install Rancid on a Solaris 9 system. Does anyone have > any tips, necessary patches, etc for installing Rancid on Solaris 9? If you are using sunfreeware for CVS packages, get the second-to-last package - the latest one doesn't work and just cores constantly. From ivan.philips at aarnet.edu.au Thu Jul 21 08:01:14 2005 From: ivan.philips at aarnet.edu.au (Ivan Philips) Date: Thu, 21 Jul 2005 18:01:14 +1000 Subject: cat5rancid error: "End of run not found" Message-ID: <42DF564A.1050503@aarnet.edu.au> Hey All, I am new to rancid and I having some problems getting it to work on my Cisco CatOS switches (2948's). It works fine on all my other devices. What I have noticed is that rancid sometimes can and sometimes can't grab the configs off the 2948s. When things go bad I get an "End of run not found" in the log file. I can clogin to the devices without any problem but when I run cat5rancid on them I get the following output. iphilips at lisa:~/rancid/bin$ export NOPIPE=YES;cat5rancid -d 203.143.175.140 executing clogin -t 240 -c"show version;show boot;show flash;dir bootflash:;dir slot0:;dir slot1:;dir sup-bootflash:;dir sup-microcode:;show module;show port ifindex;write term all;write term;show running-config" 203.143.175.140 PROMPT MATCH: ken-L5-G10-C4-S2> HIT COMMAND:ken-L5-G10-C4-S2> (enable) show version In ShowVersion: ken-L5-G10-C4-S2> (enable) show version HIT COMMAND:ken-L5-G10-C4-S2> (enable) show boot In ShowBoot: ken-L5-G10-C4-S2> (enable) show boot HIT COMMAND:ken-L5-G10-C4-S2> (enable) show flash In ShowFlash: ken-L5-G10-C4-S2> (enable) show flash HIT COMMAND:ken-L5-G10-C4-S2> (enable) dir bootflash: In DirSlotN: ken-L5-G10-C4-S2> (enable) dir bootflash: HIT COMMAND:ken-L5-G10-C4-S2> (enable) dir slot0: In DirSlotN: ken-L5-G10-C4-S2> (enable) dir slot0: HIT COMMAND:ken-L5-G10-C4-S2> (enable) dir slot1: In DirSlotN: ken-L5-G10-C4-S2> (enable) dir slot1: HIT COMMAND:ken-L5-G10-C4-S2> (enable) dir sup-bootflash: In DirSlotN: ken-L5-G10-C4-S2> (enable) dir sup-bootflash: HIT COMMAND:ken-L5-G10-C4-S2> (enable) dir sup-microcode: In DirSlotN: ken-L5-G10-C4-S2> (enable) dir sup-microcode: HIT COMMAND:ken-L5-G10-C4-S2> (enable) show module In ShowModule: ken-L5-G10-C4-S2> (enable) show module HIT COMMAND:ken-L5-G10-C4-S2> (enable) show port ifindex In ShowPortIfindex: ken-L5-G10-C4-S2> (enable) show port ifindex HIT COMMAND:ken-L5-G10-C4-S2> (enable) write term all In WriteTerm: ken-L5-G10-C4-S2> (enable) write term all HIT COMMAND:ken-L5-G10-C4-S2> (enable) write term In WriteTerm: ken-L5-G10-C4-S2> (enable) write term HIT COMMAND:ken-L5-G10-C4-S2> (enable) show running-config In WriteTerm: ken-L5-G10-C4-S2> (enable) show running-config 203.143.175.140: End of run not found 203.143.175.140: End of run not found end Here is the tail of the dot raw file iphilips at lisa:~/rancid/bin$ tail -10 203.143.175.140.raw set trunk 2/49 on dot1q 1-1005 set trunk 2/50 off dot1q 1-1005,1025-4094 set spantree portfast 2/1-48 enable set spantree bpdu-filter 2/1-48 disable set spantree bpdu-guard 2/1-48 enable set spantree guard none 2/1-50 set port channel 2/1-50 mode off end ken-L5-G10-C4-S2> (enable)Connection to 203.143.175.140 closed by remote host. Connection to 203.143.175.140 closed. Other than the "End of run not found" it all looks good, but when I run rancid-run it I end up with a 0 bytes sized file and no CVS updates. This doesn't happen all the time, sometimes it just works. Any ideas? Thanks Ivan From dbshah at myway.com Fri Jul 22 04:59:25 2005 From: dbshah at myway.com (dharmesh) Date: Fri, 22 Jul 2005 00:59:25 -0400 (EDT) Subject: cat5rancid error: Message-ID: <20050722045925.C1FB13961@mprdmxin.myway.com> Ah well, they say its not as bad as they say it is. ---------anonymous Hi Ivan, Even I have 20-25 Cat 6509 Switches. Even I am facing exactly teh same problem. I am using Linux Fedora Core 2 with expect version 5.41.0 & tcl8.5 I am certain this problem that you & I are facing is due to the very well illustrated fact on RANCID site . I guess you will need to 1) patch expect using the patch given on rancid site i.e ftp://ftp.shrubbery.net/pub/rancid/expect-hack1 2)build tcl & expect from source Thus you will need to download the tcl & expect source code from rancid site as well to be able to use the patch. However I myself havent done this as yet, since my binaries are already of higher version then the once the patch talks about. I am actually planning to install Fedora Core 4 & seriously pray that the bug goes away. IF that doesnt work I have two choices:- 1) Use Open/Net BSB --> as site says that this prob is only wiht Solaris & Linux. 2) Download the src for tcl & expect from rancid site & patch expect & then try on linux. pls let us know your Distro, & expect & TCL details. Once we crack this we shall post back to the forum on our progress. Thanks Regards Dharmesh P.S i hope my MUA doesnt mess up wiht HTML tags & all From heas at shrubbery.net Fri Jul 22 17:51:32 2005 From: heas at shrubbery.net (john heasley) Date: Fri, 22 Jul 2005 17:51:32 +0000 Subject: cat5rancid error: In-Reply-To: <20050722045925.C1FB13961@mprdmxin.myway.com> References: <20050722045925.C1FB13961@mprdmxin.myway.com> Message-ID: <20050722175132.GI14385@shrubbery.net> Fri, Jul 22, 2005 at 12:59:25AM -0400, dharmesh: > > > > Ah well, they say its not as bad as they say it is. > ---------anonymous > > Hi Ivan, > Even I have 20-25 Cat 6509 Switches. > Even I am facing exactly teh same problem. > > I am using Linux Fedora Core 2 with expect version 5.41.0 & tcl8.5 > I am certain this problem that you & I are facing is due to the very well illustrated fact on RANCID site . > > I guess you will need to > 1) patch expect using the patch given on rancid site i.e > ftp://ftp.shrubbery.net/pub/rancid/expect-hack1 > 2)build tcl & expect from source > Thus you will need to download the tcl & expect source code from rancid site as well to be able to use the patch. > > However I myself havent done this as yet, since my binaries are already of higher version then the once the patch talks about. > > I am actually planning to install Fedora Core 4 & seriously pray that the bug goes away. > > IF that doesnt work I have two choices:- > 1) Use Open/Net BSB --> as site says that this prob is only wiht Solaris & Linux. > 2) Download the src for tcl & expect from rancid site & patch expect & then try on linux. Please, use the patch if you are using Linux or Solaris with any version of expect. AFAIK, the bug still exists in versions as recent as 5.40 and I have no reason to believe it has been fixed since. Also, please try rancid 2.3.2a2. email rancid-discuss if the problem persists. From info at emre.de Tue Jul 26 12:10:30 2005 From: info at emre.de (Emre Bastuz) Date: Tue, 26 Jul 2005 14:10:30 +0200 Subject: Pix via ssh - how to reach required privilege level? Message-ID: <1122379830.42e62836768d3@netmail2.netcologne.de> Hi, I?m trying to backup some pix configs with rancid and chose ssh as the transport mechanism. There?s a problem with reaching the required privilege level as the firewall expects the user to issue a "login" command before trying to do an "enable". Is there a way to tell rancid that it is supposed to do a "login" *after* logging in by ssh and *before* trying "enable"? An alternative would be to configure the user on the pix in such a way, that directly after ssh?ing to the device the user has the required access-privilege and the prompt "#", but I honestly do not know how to do this (I?m not using tacacs or radius by the way). Any idea anyone? Cheers, Emre -- http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD I don't see why some people even HAVE cars. -- Calvin From info at emre.de Wed Jul 27 11:41:55 2005 From: info at emre.de (Emre Bastuz) Date: Wed, 27 Jul 2005 13:41:55 +0200 Subject: Pix via ssh - how to reach required privilege level? In-Reply-To: <42E7664A.1080209@hcssun01.hcs.net> References: <1122379830.42e62836768d3@netmail2.netcologne.de> <42E7664A.1080209@hcssun01.hcs.net> Message-ID: <1122464515.42e7730356379@netmail2.netcologne.de> Hi Jordan, Zitat von Fred Jordan : > We have not tried to use rancid for collecting PIX configs but would be > very interested in how to do this. How do you tell rancid to use ssh > instead of telnet; in the entry in the router.db file? you just have to add several line to your .cloginrc, that might look like this: add user mypix.emre.de rancidpixuser add password mypix.emre.de myPassword4Rancid add cyphertype mypix.emre.de des add method mypix.emre.de ssh The first two lines are the username and password being used when trying to login via ssh. The line "cyphertype" specifies the cypher ssh will try to use. Not all pix firewalls have a 3des licence installed so using "des" made it work in my case. The last line tells rancid to use ssh instead of telnet. I felt uncomfortable having my enable password in the .cloginrc as cleartext so I added a local user to the pix that has the privilege for the show commands only. That?s where I got stuck: you can successfully login into the pix but are then supposed to do a "login" first (instead of an "enable"). My guess is that if you have your enable password for the pix in the cloginrc you will be able to collect your config with rancid. If you create a local user on the pix you?ll probably be stuck the same way that I am. Cheers, Emre -- http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD I don't see why some people even HAVE cars. -- Calvin From Paul.D.Schmidt at Dartmouth.EDU Fri Jul 29 14:39:51 2005 From: Paul.D.Schmidt at Dartmouth.EDU (Paul Schmidt) Date: Fri, 29 Jul 2005 10:39:51 -0400 Subject: Collecting information from Aruba wireless switches Message-ID: <42EA3FB7.1030809@dartmouth.edu> I'm looking at collecting configs from Aruba wireless switches, which pretty closely emulates Cisco's interface, though there are enough differences that the collector will not succeed when treating it as a cisco device. Has anyone worked out the differences yet so as to collect information from an Aruba wireless switch? Just for reference, here are the errors that I currently get from a run with a cisco device type. aruba-fairchild2-wsw.dartmouth.edu clogin error: Error: TIMEOUT reached aruba-fairchild2-wsw.dartmouth.edu: missed cmd(s): write term,show vlan,show running-config aruba-fairchild2-wsw.dartmouth.edu: End of run not found Thanks for any help. -Paul Schmidt Dartmouth College From jeekay at gmail.com Sat Jul 30 19:19:03 2005 From: jeekay at gmail.com (Jee Kay) Date: Sat, 30 Jul 2005 20:19:03 +0100 Subject: RANCID on Extreme Message-ID: I'm looking to backup configs from my Extreme switches (Summit 48si models specifically), but can't find a login/rancid combo for these. Is there one anywhere? If not, can anyone give me some good hints as to how to start on them? Thanks in advance, Ras From heas at shrubbery.net Sat Jul 30 20:39:39 2005 From: heas at shrubbery.net (john heasley) Date: Sat, 30 Jul 2005 13:39:39 -0700 Subject: RANCID on Extreme In-Reply-To: References: Message-ID: <20050730203939.GJ13863@shrubbery.net> Sat, Jul 30, 2005 at 08:19:03PM +0100, Jee Kay: > I'm looking to backup configs from my Extreme switches (Summit 48si > models specifically), but can't find a login/rancid combo for these. > Is there one anywhere? > If not, can anyone give me some good hints as to how to start on them? See device type "extreme" and router.db(5). From heas at shrubbery.net Sat Jul 30 23:08:31 2005 From: heas at shrubbery.net (john heasley) Date: Sat, 30 Jul 2005 16:08:31 -0700 Subject: Collecting information from Aruba wireless switches In-Reply-To: <42EA3FB7.1030809@dartmouth.edu> References: <42EA3FB7.1030809@dartmouth.edu> Message-ID: <20050730230831.GB24356@shrubbery.net> Fri, Jul 29, 2005 at 10:39:51AM -0400, Paul Schmidt: > I'm looking at collecting configs from Aruba wireless switches, which > pretty closely emulates Cisco's interface, though there are enough > differences that the collector will not succeed when treating it as a > cisco device. Has anyone worked out the differences yet so as to > collect information from an Aruba wireless switch? > > Just for reference, here are the errors that I currently get from a run > with a cisco device type. > > aruba-fairchild2-wsw.dartmouth.edu clogin error: Error: TIMEOUT reached > aruba-fairchild2-wsw.dartmouth.edu: missed cmd(s): write term,show > vlan,show running-config > aruba-fairchild2-wsw.dartmouth.edu: End of run not found It is easier to begin with the expect/login script. Get it working with and without -c 'cmd', then worry about the rancid script. From netmanager at biola.edu Sat Jul 30 23:45:33 2005 From: netmanager at biola.edu (Netmanager) Date: Sat, 30 Jul 2005 16:45:33 -0700 Subject: CVS checkout problems with cvsweb Message-ID: Hello All, I've set up RANCID before with no problems, but I'm setting it up on a new box with the latest OS version (OS X 10.4), and it is retrieving configs, but cvsweb gives the following error when I click the "download" link to retrive the config. ------------- Error: Unexpected output from cvs co: cvs [checkout aborted]: Absolute module reference invalid: `/test/configs/cisco-core-6500-ssl.mycompany.com' Check whether the directory /opt/local/var/rancid/CVS/CVSROOT exists and the script has write-access to the CVSROOT/history file if it exists. The script needs to place lock files in the directory the file is in as well. ------------- CVS and CVS/CVSROOT exists, I changed permissions and file ownership but nothing. I'm puzzled that it seems to say `/test/configs/cisco-core-6500-ssl.mycompany.com' is an "absolute module reference". The correct absolute path is contained in the html link, pasted here: http://127.0.0.1/cgi-bin/cvsweb.cgi/~checkout~/test/configs/cisco-core-6500-ssl.mycompany.com?rev=1.2&content-type=text/plain My cvsweb.conf has: %CVSROOT = ( 'Development' => '/opt/local/var/rancid/CVS' ); I've poked around but I don't know how to troubleshoot the problem. Can someone tell me where to look for the trouble? Mark From heas at shrubbery.net Sat Jul 30 23:53:30 2005 From: heas at shrubbery.net (john heasley) Date: Sat, 30 Jul 2005 16:53:30 -0700 Subject: CVS checkout problems with cvsweb In-Reply-To: References: Message-ID: <20050730235330.GD24356@shrubbery.net> Sat, Jul 30, 2005 at 04:45:33PM -0700, Netmanager: > Hello All, > > I've set up RANCID before with no problems, but I'm > setting it up on a new box with the latest OS version (OS > X 10.4), and it is retrieving configs, but cvsweb gives > the following error when I click the "download" link to > retrive the config. > > ------------- > Error: Unexpected output from cvs co: cvs [checkout > aborted]: Absolute module reference invalid: > `/test/configs/cisco-core-6500-ssl.mycompany.com' > Check whether the directory > /opt/local/var/rancid/CVS/CVSROOT exists and the script > has write-access to the CVSROOT/history file if it exists. > The script needs to place lock files in the directory the > file is in as well. > ------------- > > CVS and CVS/CVSROOT exists, I changed permissions and file > ownership but nothing. I'm puzzled that it seems to say > `/test/configs/cisco-core-6500-ssl.mycompany.com' is an > "absolute module reference". The correct absolute path is > contained in the html link, pasted here: > > http://127.0.0.1/cgi-bin/cvsweb.cgi/~checkout~/test/configs/cisco-core-6500-ssl.mycompany.com?rev=1.2&content-type=text/plain > > My cvsweb.conf has: > > %CVSROOT = ( > 'Development' => '/opt/local/var/rancid/CVS' I dont think you want 'CVS' there. note, the v 3.0.5 has a different format for this line; i dont know what you're using or whats most recent.