From hoswfh at singtel.com Mon Jul 2 03:21:20 2007 From: hoswfh at singtel.com (Ho Siew Fah) Date: Mon, 2 Jul 2007 11:21:20 +0800 Subject: [rancid] Rancid End Of Run Problem Message-ID: <279ED964879B044DAF5F2E6420328A0AA73E7A@EXHQ05B.singtel.corp.root> Hi, I have problem getting the backup configuration for the following router. The below message keeps appearing after I have run the "rancid -d gbon" command. This is a cisco router. This router name is in the router.db file. This problem appears after I have manually removed the gbon router configuration file from the configs directory. gbon: End of run not found Any clues to solve this problem. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070702/7eeb08e4/attachment.html From david+rancid at luyer.net Mon Jul 2 16:24:42 2007 From: david+rancid at luyer.net (David Luyer) Date: Mon, 2 Jul 2007 09:24:42 -0700 (PDT) Subject: [rancid] Re: Rancid End Of Run Problem In-Reply-To: <279ED964879B044DAF5F2E6420328A0AA73E7A@EXHQ05B.singtel.corp.root> References: <279ED964879B044DAF5F2E6420328A0AA73E7A@EXHQ05B.singtel.corp.root> Message-ID: <54013.208.201.244.10.1183393482.squirrel@www.luyer.net> > Hi, > > I have problem getting the backup configuration for the following > router. The below message keeps appearing after I have run the "rancid > -d gbon" command. This is a cisco router. This router name is in the > router.db file. This problem appears after I have manually removed the > gbon router configuration file from the configs directory. > > gbon: End of run not found > > Any clues to solve this problem. You need to post more of the error. If that's the only error message, then it's probably getting a 'command authorization failed' for 'write term' (causes that message without any skipped command messages), and the patch I sent here recently will stop the error. But more likely, you're getting more error messages (such as a list of skipped commands). If you look at the first line of the output of the 'rancid -d gbon', it will be a 'clogin ....' line, if you run that, you will probably be able to spot what is going wrong. David. From hoswfh at gmail.com Tue Jul 3 01:43:21 2007 From: hoswfh at gmail.com (Ho Siew Fah) Date: Tue, 3 Jul 2007 09:43:21 +0800 Subject: [rancid] Rancid Hung Message-ID: <35d5fd5e0707021843i1f4f1a3fx78e2f63b98289d2e@mail.gmail.com> Hi, I encountered rancid hung after running the following command. I need to kill the rancid process in order to exit from this process. When I put this switch in router.db, I received many rancid hung emails from rancid. Upon checking, I found that the process of this switch hanged which caused my rancid could not be processed properly. I have to remove a lock file from /tmp folder and also this switch from router.db in order not to cause any processing problem for other routers. I am using expect-5.43.0_3 and rancid-2.3.1_2. Can anybody advise how to stop this process for being hung? I think this process should abort if there is any problem instead of hanging there. Thank you. [rancid at rcd ~]$ /usr/local/libexec/rancid/xrancid -d sngc3-as2.com executing clogin -t 90 -c "show version;show memory;show diag;show switch;show slot;show configuration detail;show configuration" sngc3-as2.com sngc3-as2.com clogin error: Error: TIMEOUT reached sngc3-as2.com clogin error: Error: TIMEOUT reached can not find channel named "exp4" while executing "close" ("foreach" body line 117) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/usr/sbin/clogin" line 616) ^Csngc3-as2.com : missed cmd(s): show configuration detail,show slot,show configuration,show version,show diag,show memory,show switch sngc3-as2.com : missed cmd(s): show configuration detail,show slot,show configuration,show version,show diag,show memory,show switch sngc3-as2.com: End of run not found sngc3-as2.com: End of run not found -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070703/f725c584/attachment.html From tex at off.org Tue Jul 3 07:42:42 2007 From: tex at off.org (Austin Schutz) Date: Tue, 3 Jul 2007 00:42:42 -0700 Subject: [rancid] Re: Rancid Hung In-Reply-To: <35d5fd5e0707021843i1f4f1a3fx78e2f63b98289d2e@mail.gmail.com> References: <35d5fd5e0707021843i1f4f1a3fx78e2f63b98289d2e@mail.gmail.com> Message-ID: <20070703074242.GC20847@gblx.net> On Tue, Jul 03, 2007 at 09:43:21AM +0800, Ho Siew Fah wrote: > Hi, > > I encountered rancid hung after running the following command. I need to > kill the rancid process in order to exit from this process. > When I put this switch in router.db, I received many rancid hung emails from > rancid. Upon checking, I found that the process of this switch hanged which > caused my rancid could not be processed properly. I have to remove a lock > file from /tmp folder and also this switch from router.db in order not to > cause any processing problem for other routers. > > I am using expect-5.43.0_3 and rancid-2.3.1_2. > > Can anybody advise how to stop this process for being hung? I think this > process should abort if there is any problem instead of hanging there. > > Thank you. > You are running into the expect bug, and need to patch expect: http://www.shrubbery.net/rancid/#osystems Austin From oha at netic.dk Tue Jul 3 08:09:39 2007 From: oha at netic.dk (Ole Hansen - Netic A/S) Date: Tue, 03 Jul 2007 10:09:39 +0200 Subject: [rancid] Suppress changes in VLAN-membership Message-ID: <468A0443.7080505@netic.dk> Hi, We are using MAC-based VLANS (vmps) and switch ports often change vlan membership. This is discovered by rancid, and I am sent a diff.. Is there any way to suppress this VLAN-information? It means that I get a lot of config diffs every day - and not only the ones that I would actually want to see.. Thanks in advance, Ole Hansen From mstefani at redhat.com Tue Jul 3 09:45:53 2007 From: mstefani at redhat.com (Michael Stefaniuc) Date: Tue, 03 Jul 2007 11:45:53 +0200 Subject: [rancid] Re: Suppress changes in VLAN-membership In-Reply-To: <468A0443.7080505@netic.dk> References: <468A0443.7080505@netic.dk> Message-ID: <468A1AD1.3000007@redhat.com> Ole Hansen - Netic A/S wrote: > We are using MAC-based VLANS (vmps) and switch ports often change vlan > membership. This is discovered by rancid, and I am sent a diff.. > > Is there any way to suppress this VLAN-information? It means that I get > a lot of config diffs every day - and not only the ones that I would > actually want to see.. Search the archives for "diff". Somebody posted a patch that uses gnu diff's "--ignore-matching-lines" option. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani at redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart From greg3105 at gmail.com Tue Jul 3 08:48:16 2007 From: greg3105 at gmail.com (=?ISO-8859-1?Q?Gr=E9gory_Ruby?=) Date: Tue, 3 Jul 2007 10:48:16 +0200 Subject: [rancid] upgrade IOS Message-ID: Hello! I would like to post a message: I would like to upgrade IOS of switch 2950 and i would like to do this with Rancid. There is my commands: copy tftp: flash: 10.X.X.X c2950ik6ls...... But there is a problem " Timeout Error " in the logs. Anybody can help me, please. bye -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070703/45f440f2/attachment.html From erik at code.de Thu Jul 5 08:11:25 2007 From: erik at code.de (Erik Wenzel) Date: Thu, 05 Jul 2007 10:11:25 +0200 Subject: [rancid] Re: Suppress changes in VLAN-membership In-Reply-To: <468A1AD1.3000007@redhat.com> References: <468A0443.7080505@netic.dk> <468A1AD1.3000007@redhat.com> Message-ID: <1183623085.15361.5.camel@festa> On Tue, 2007-07-03 at 11:45 +0200, Michael Stefaniuc wrote: [...] > > Is there any way to suppress this VLAN-information? It means that I get > > a lot of config diffs every day - and not only the ones that I would > > actually want to see.. > Search the archives for "diff". Somebody posted a patch that uses gnu > diff's "--ignore-matching-lines" option. Yes, but that was not working as expected. We ( a buddy and me ) rewrote that patch. I am preparing a patch for current stable version. -- Erik Wenzel From mloveley at plus.net Thu Jul 5 08:35:23 2007 From: mloveley at plus.net (Mark Loveley) Date: Thu, 5 Jul 2007 09:35:23 +0100 Subject: [rancid] Re: ERX bugs in Rancid? In-Reply-To: <20070617192423.GO3531@shrubbery.net> References: <788ce2b40706150711g46f24b35kbd87d7c78b3c7889@mail.gmail.com> <20070617192423.GO3531@shrubbery.net> Message-ID: On 17 Jun 2007, at 20:24, john heasley wrote: > Fri, Jun 15, 2007 at 04:11:13PM +0200, Neil Orley: >> Hello, >> >> I've just commmented in this line 266 in the clogin file, and now >> it seems >> to work fine with the ERX1440 : > > Could you provide more information? What is the actually output of > the > dir command? For me the problem is in both the commands "show env all" and "dir". I have been seeing diffs like this for a long time. The differences for "show env all" are:- ! power: A ok, B ok - ! *** srp redundancy: mode is file-system-synchronization auto-sync + ! srp redundancy: mode is file-system-synchronization auto-sync ! enabled, switch-on-error enabled - ! out of sync (file system) + ! in sync ! slots: ok ! power: A ok, B ok ! srp redundancy: mode is file-system-synchronization auto- sync ! enabled, switch-on-error enabled - ! in sync + ! sync in progress ! slots: ok ! power: A ok, B ok ! srp redundancy: mode is high-availability, state active ! auto-sync enabled, switch-on-error enabled - ! sync in progress + ! in sync ! slots: ok ! online: 0 1 7 11 13 And for "dir" are:- - !Flash: *** Active/standby file systems are not synchronized. *** - !Flash: Active System Controller: + !Flash: active/standby file systems are synchronized !Flash: unshared in !Flash: file size size date (GMT) use !Flash: --------------------- --------- --------- ------------------- --- !Flash: XXXXXXXXXXXXXXXXXXXXX 296984 296984 09/30/2005 03:55:22 ! @@ -107,9 +106,8 @@ !Flash: XXXXXXXXXXXXXXXXXXXXX 154139239 137984153 07/29/2005 03:21:34 ! !Flash: XXXXXXXXXXXXXXXXXXXXX 154263057 138107971 09/30/2005 03:52:32 ! !Flash: XXXXXXXXXXXXXXXXXXXXX 91388 91388 09/30/2005 03:55:50 !Flash: Capacity = 1025482752, Bytes Free = 660847516, Reserved = 68157440 - !Flash: Standby System Controller file system is currently unavailable. - !Flash: *** Active/standby file systems are being synchronized. *** + !Flash: Active/standby file systems are synchronized. !Flash: unshared !Flash: file size size date (GMT) !Flash: ---------------------------- --------- --------- ------------------- - !Flash: Active/standby file systems are synchronized. - !Flash: unshared in - !Flash: file size size date (GMT) use - !Flash: ------------------------ --------- --------- ------------------- --- - !Flash: disk0:reboot.hty 10624 10624 02/16/2007 04:36:36 - !Flash: disk0:system.log 171 171 02/16/2007 04:26:18 - !Flash: disk0:XXXXXXXXXX.rel 123538358 122344440 01/26/2007 12:45:58 - !Flash: disk0:XXXXXXXXXX.rel 117722882 116528964 02/16/2007 04:02:28 ! - !Flash: standby-disk0:reboot.hty 14144 14144 02/16/2007 04:33:00 - !Flash: standby-disk0:system.log 882 882 01/29/2007 08:18:20 - !Flash: Disk capacity - !Flash: ------------- - !Flash: Capacity Free Reserved - !Flash: Device (bytes) (bytes) (bytes) - !Flash: -------------- ---------- --------- -------- - !Flash: disk0: 1047674880 756345387 68157440 - !Flash: standby-disk0: 1047674880 756218546 68157440 + !Flash: *** Active/standby file systems are being synchronized. *** + !Flash: unshared in + !Flash: file size size date (GMT) use + !Flash: -------------------- --------- --------- ------------------- --- + !Flash: disk0:reboot.hty 10624 10624 02/16/2007 04:36:36 + !Flash: disk0:system.log 171 171 02/16/2007 04:26:18 + !Flash: disk0:XXXXXXXXXX.rel 123538358 122344440 01/26/2007 12:45:58 + !Flash: disk0:XXXXXXXXXX.rel 117722882 116528964 02/16/2007 04:02:28 ! + !Flash: Disk capacity + !Flash: ------------- + !Flash: Capacity Free Reserved + !Flash: Device (bytes) (bytes) (bytes) + !Flash: ------ ---------- --------- -------- + !Flash: disk0: 1047674880 756345387 68157440 I have stopped the uninteresting diffs by making chahges to jerancid as below. In sub DirSlotN making the following string compare case insensitive obviously helps. As at some point Juniper changed the case in the active/standby text. return(-1) if (/active\/standby/i && /not sync/); In sub ShowEnv these changes have worked for me, it may not be the best way of doing this. sub ShowEnv { print STDERR " In ShowEnv: $_" if ($debug); my $autoSyncEna = 0; # assume auto-sync is disabled while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); next if (/^Please wait/i); return(-1) if (/command authorization failed/i); # is autoSync enabled? $autoSyncEna =1 if (/enabled, switch-on-error enabled/); # fileSync mode (text has wrapped) $autoSyncEna =1 if (/auto-sync enabled/); # HA mode # fail if the RP is amid the auto-sync process return(-1) if (($autoSyncEna == 1) && (/out of sync \(file system\)/)); # fileSync mode return(-1) if (($autoSyncEna == 1) && (/sync in progress/)); # HA mode # return(-1) if (/auto-sync enabled/ && !/in sync/); The last line in the above output is commented as it is not valid on my ERX's as "in sync" and "auto-sync enabled" appear on multiple lines or split across multiple lines (you can see that in the above diff's). These changes appear to have stopped the uninteresting diffs for me. HTH Mark -- | Mark Loveley Broadband Solutions for | Network Engineer home and business | PlusNet PLC @www.plus.net | Registered Office: Internet House, 2 Tenter Street, Sheffield, S1 4BY | Registered in England no: 3279013 + ------------ PlusNet - The smarter way to broadband ----------------+ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/3cce7008/attachment.html From mstefani at redhat.com Thu Jul 5 09:07:41 2007 From: mstefani at redhat.com (Michael Stefaniuc) Date: Thu, 05 Jul 2007 11:07:41 +0200 Subject: [rancid] Re: Suppress changes in VLAN-membership In-Reply-To: <1183623085.15361.5.camel@festa> References: <468A0443.7080505@netic.dk> <468A1AD1.3000007@redhat.com> <1183623085.15361.5.camel@festa> Message-ID: <468CB4DD.6040606@redhat.com> Erik Wenzel wrote: > On Tue, 2007-07-03 at 11:45 +0200, Michael Stefaniuc wrote: > [...] >>> Is there any way to suppress this VLAN-information? It means that I get >>> a lot of config diffs every day - and not only the ones that I would >>> actually want to see.. >> Search the archives for "diff". Somebody posted a patch that uses gnu >> diff's "--ignore-matching-lines" option. > Yes, but that was not working as expected. We ( a buddy and me ) rewrote > that patch. I am preparing a patch for current stable version. Would you mind posting it to this email list when done? I guess there are a couple of people interested. thanks bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani at redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart From Todd at equivoice.com Thu Jul 5 20:23:47 2007 From: Todd at equivoice.com (Todd Heide) Date: Thu, 5 Jul 2007 15:23:47 -0500 Subject: [rancid] Viewvc problem, Might just be me playing dumb Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F6EF@exchange.Equivoice.local> I bought a new server to do my network management on as the current one tends to stop working and has to be power cycled. The problem is I have no easy way of just moving everything as I am using a newer version of Fedora than what I am running now due to the server requirements. I am loading FC6 x64, first, is this an issue? I did get Rancid to work, that is not a problem, it pulls the configs and is working flawlessly, the problem I have is when I moved the website over, which has other issues with ISPConfig, may or may not be related, I get the first page for viewvc showing the repository Rancid, but when I click Rancid I get errors stating the database isn't there or something, I blew it away, so I don't have the exact error now. I used to have the CVS stuff someone sent me a while back, but the link is page not found now. Does someone have a viewvc howto for Rancid? It might be CVS related, in fact I am quite certain it is. I don't think Viewvc can find the CVSROOT in /usr/local/rancid/var/CVS. I am currently rebuilding the server as I did mess something up with ISPConfig as none of the PHP files are working. Thanks Todd Heide CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/a8e265bb/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image001.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/a8e265bb/attachment.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1443 bytes Desc: image002.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/a8e265bb/attachment-0001.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1311 bytes Desc: image003.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/a8e265bb/attachment-0002.jpe From Todd at equivoice.com Mon Jul 9 13:36:55 2007 From: Todd at equivoice.com (Todd Heide) Date: Mon, 9 Jul 2007 08:36:55 -0500 Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F6EF@exchange.Equivoice.local> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F7F0@exchange.Equivoice.local> OK I fixed the PHP issues, now I need some guidance on viewvc. An Exception Has Occurred Rancid not found! The wrong path for this repository was configured, or the server on which the CVS tree lives may be down. Please try again in a few minutes. Python Traceback Traceback (most recent call last): File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 3665, in main request.run_viewvc() File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 234, in run_viewvc raise debug.ViewVCException( ViewVCException: ViewVC Unrecoverable Error: Rancid not found! The wrong path for this repository was configured, or the server on which the CVS tree lives may be down. Please try again in a few minutes. This is after I click on the Rancid link. Here is what I have in viewvc conf. cvs_roots = Rancid: /usr/local/rancid/var/CVS Nothing has changed between the servers, the layout is the same. I think I have something in CVS not setup right, but for the life of me cant remember what I did to get it working the first time. Thanks CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Thursday, July 05, 2007 3:24 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Viewvc problem, Might just be me playing dumb I bought a new server to do my network management on as the current one tends to stop working and has to be power cycled. The problem is I have no easy way of just moving everything as I am using a newer version of Fedora than what I am running now due to the server requirements. I am loading FC6 x64, first, is this an issue? I did get Rancid to work, that is not a problem, it pulls the configs and is working flawlessly, the problem I have is when I moved the website over, which has other issues with ISPConfig, may or may not be related, I get the first page for viewvc showing the repository Rancid, but when I click Rancid I get errors stating the database isn't there or something, I blew it away, so I don't have the exact error now. I used to have the CVS stuff someone sent me a while back, but the link is page not found now. Does someone have a viewvc howto for Rancid? It might be CVS related, in fact I am quite certain it is. I don't think Viewvc can find the CVSROOT in /usr/local/rancid/var/CVS. I am currently rebuilding the server as I did mess something up with ISPConfig as none of the PHP files are working. Thanks Todd Heide CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image001.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1443 bytes Desc: image002.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0001.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1311 bytes Desc: image003.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0002.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image004.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0003.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1443 bytes Desc: image005.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0004.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1311 bytes Desc: image006.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0005.jpe From erik at code.de Mon Jul 9 15:25:42 2007 From: erik at code.de (Erik Wenzel) Date: Mon, 09 Jul 2007 17:25:42 +0200 Subject: [rancid] Re: Suppress changes in VLAN-membership In-Reply-To: <468CB4DD.6040606@redhat.com> References: <468A0443.7080505@netic.dk> <468A1AD1.3000007@redhat.com> <1183623085.15361.5.camel@festa> <468CB4DD.6040606@redhat.com> Message-ID: <1183994743.10575.18.camel@hendrix> Am Donnerstag, den 05.07.2007, 11:07 +0200 schrieb Michael Stefaniuc: > Erik Wenzel wrote: > > On Tue, 2007-07-03 at 11:45 +0200, Michael Stefaniuc wrote: > > [...] > >>> Is there any way to suppress this VLAN-information? It means that I get > >>> a lot of config diffs every day - and not only the ones that I would > >>> actually want to see.. > >> Search the archives for "diff". Somebody posted a patch that uses gnu > >> diff's "--ignore-matching-lines" option. > > Yes, but that was not working as expected. We ( a buddy and me ) rewrote > > that patch. I am preparing a patch for current stable version. > Would you mind posting it to this email list when done? I guess there > are a couple of people interested. The patch is available http://gpl.code.de/rancid/diff-suppress-2.3.1-7.patch . Thanks to Chris Seitz, who fixed the code. It is tested with gnu diff, only. From Todd at equivoice.com Mon Jul 9 16:33:10 2007 From: Todd at equivoice.com (Todd Heide) Date: Mon, 9 Jul 2007 11:33:10 -0500 Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F7F0@exchange.Equivoice.local> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F836@exchange.Equivoice.local> Figured it out, DOH, Need to make sure the rancid directory has the proper access, otherwise, it cant see it. Thanks Todd Heide Equivoice Inc. CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS 847-235-3308 Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Monday, July 09, 2007 8:37 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb OK I fixed the PHP issues, now I need some guidance on viewvc. An Exception Has Occurred Rancid not found! The wrong path for this repository was configured, or the server on which the CVS tree lives may be down. Please try again in a few minutes. Python Traceback Traceback (most recent call last): File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 3665, in main request.run_viewvc() File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 234, in run_viewvc raise debug.ViewVCException( ViewVCException: ViewVC Unrecoverable Error: Rancid not found! The wrong path for this repository was configured, or the server on which the CVS tree lives may be down. Please try again in a few minutes. This is after I click on the Rancid link. Here is what I have in viewvc conf. cvs_roots = Rancid: /usr/local/rancid/var/CVS Nothing has changed between the servers, the layout is the same. I think I have something in CVS not setup right, but for the life of me cant remember what I did to get it working the first time. Thanks CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Thursday, July 05, 2007 3:24 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Viewvc problem, Might just be me playing dumb I bought a new server to do my network management on as the current one tends to stop working and has to be power cycled. The problem is I have no easy way of just moving everything as I am using a newer version of Fedora than what I am running now due to the server requirements. I am loading FC6 x64, first, is this an issue? I did get Rancid to work, that is not a problem, it pulls the configs and is working flawlessly, the problem I have is when I moved the website over, which has other issues with ISPConfig, may or may not be related, I get the first page for viewvc showing the repository Rancid, but when I click Rancid I get errors stating the database isn't there or something, I blew it away, so I don't have the exact error now. I used to have the CVS stuff someone sent me a while back, but the link is page not found now. Does someone have a viewvc howto for Rancid? It might be CVS related, in fact I am quite certain it is. I don't think Viewvc can find the CVSROOT in /usr/local/rancid/var/CVS. I am currently rebuilding the server as I did mess something up with ISPConfig as none of the PHP files are working. Thanks Todd Heide CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image001.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1443 bytes Desc: image002.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0001.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1311 bytes Desc: image003.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0002.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image004.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0003.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1443 bytes Desc: image005.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0004.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1311 bytes Desc: image006.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0005.jpe From mnoriega at amnetcorp.com Mon Jul 9 16:56:59 2007 From: mnoriega at amnetcorp.com (Manuel Noriega) Date: Mon, 9 Jul 2007 10:56:59 -0600 Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F836@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E22076F836@exchange.Equivoice.local> Message-ID: <88535012-DF29-46A3-9B8B-7EECE090B060@amnetcorp.com> Todd: I'm having a similar issue. I'm moving rancid from a Mandrake server to a Fedora Core 7 server. I've got rancid working fine, but before I was using cvsweb. Now I want to use viewvc on the new server but I guess I have the same permission problem. What permissions should I check and on what directory? When I open on the browser vewvc.cgi I don't get any page and only see the following in apache's log: [Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] Traceback (most recent call last): [Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] File "/ var/www/cgi-bin/viewvc.cgi", line 60, in [Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] cfg = viewvc.load_config(CONF_PATHNAME, server) [Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] File "/ usr/local/viewvc-1.0.4/lib/viewvc.py", line 3615, in load_config [Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] "a valid directory." % pp) [Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] debug.ViewVCException: ViewVC Unrecoverable Error: The path '/usr/ local/rancid/var/CVS' in 'root_parents' does not refer to a valid directory. [Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] Premature end of script headers: viewvc.cgi I've got the following in viewvc.conf cvs_roots = cvs: /usr/local/rancid/var/CVS root_parents = /usr/local/rancid/var/CVS : cvs But It's the first time I use viewvc. Thanks, Manuel Noriega ISP Engineer -------------- next part -------------- A non-text attachment was scrubbed... Name: AmnetDatos-Little.jpg Type: image/jpeg Size: 12703 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/df97b2ac/attachment.jpg -------------- next part -------------- 13 CALLE 3-40, ZONA 10 15 NIVEL, OFICINA 15-01 GUATEMALA CITY, C.A. www.amnetdatos.com On Jul 9, 2007, at 10:33 AM, Todd Heide wrote: > Figured it out, DOH, Need to make sure the rancid directory has the > proper access, otherwise, it cant see it. > > > > Thanks > > Todd Heide > > Equivoice Inc. > > > > > > > > CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS > > 847-235-3308 > > > > Nothing ever goes as planned, Its a hell of a notion, > > Even pharaohs turn to sand, Like a drop in the ocean > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Todd Heide > Sent: Monday, July 09, 2007 8:37 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb > > > > OK I fixed the PHP issues, now I need some guidance on viewvc. > > > > An Exception Has Occurred Rancid not found!The wrong path for this > repository was configured, or the server on which the CVS tree > lives may be down. Please try again in a few minutes. Python > Traceback Traceback (most recent call last): File "/usr/local/ > viewvc-1.0.4/lib/viewvc.py", line 3665, in main > request.run_viewvc() File "/usr/local/viewvc-1.0.4/lib/viewvc.py", > line 234, in run_viewvc raise debug.ViewVCException > (ViewVCException: ViewVC Unrecoverable Error: Rancid not found!The > wrong path for this repository was configured, or the server on > which the CVS tree lives may be down. Please try again in a few > minutes. > This is after I click on the Rancid link. > > > > Here is what I have in viewvc conf. > > > > cvs_roots = Rancid: /usr/local/rancid/var/CVS > > > > Nothing has changed between the servers, the layout is the same. I > think I have something in CVS not setup right, but for the life of > me cant remember what I did to get it working the first time. > > > > Thanks > > > > > > > > CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS > > > > Nothing ever goes as planned, Its a hell of a notion, > > Even pharaohs turn to sand, Like a drop in the ocean > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Todd Heide > Sent: Thursday, July 05, 2007 3:24 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Viewvc problem, Might just be me playing dumb > > > > I bought a new server to do my network management on as the current > one tends to stop working and has to be power cycled. The problem > is I have no easy way of just moving everything as I am using a > newer version of Fedora than what I am running now due to the > server requirements. I am loading FC6 x64, first, is this an issue? > I did get Rancid to work, that is not a problem, it pulls the > configs and is working flawlessly, the problem I have is when I > moved the website over, which has other issues with ISPConfig, may > or may not be related, I get the first page for viewvc showing the > repository Rancid, but when I click Rancid I get errors stating the > database isn?t there or something, I blew it away, so I don?t have > the exact error now. I used to have the CVS stuff someone sent me a > while back, but the link is page not found now. Does someone have a > viewvc howto for Rancid? It might be CVS related, in fact I am > quite certain it is. I don?t think Viewvc can find the CVSROOT in / > usr/local/rancid/var/CVS. > > > > I am currently rebuilding the server as I did mess something up > with ISPConfig as none of the PHP files are working. > > > > > > > > Thanks > > Todd Heide > > > > > > > > CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS > > > > Nothing ever goes as planned, Its a hell of a notion, > > Even pharaohs turn to sand, Like a drop in the ocean > > > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From aevans at kineto.com Tue Jul 10 00:31:05 2007 From: aevans at kineto.com (Alan Evans) Date: Mon, 9 Jul 2007 17:31:05 -0700 Subject: [rancid] Newbie question: I get an email every hour even when nothing has changed. Message-ID: Hello group, I just installed rancid today and I think I've done something wrong but can't figure out what. I get an email every hour even though nothing has changed. Below is a snipet from the email. It looks to me like the output from "dir /all nvram:" keeps changing every time rancid-run executes. Sometimes the prefix is "!Flash: nvram:" and sometimes the prefix is "!Flash: :". Anyone have any clues of what I've done wrong? Thanks in advance AlanE retrieving revision 1.7 diff -u -4 -r1.7 10.10.26.62 @@ -28,52 +28,52 @@ !Variable: BOOT variable = bootdisk:s72033-ipservices_wan-mz.122-18.SXF4.bin,1; !Variable: CONFIG_FILE variable does not exist !Variable: BOOTLDR variable = ! - !Flash: nvram: Directory of nvram:/ - !Flash: nvram: 1918 -rw- 30609 startup-config - !Flash: nvram: 1919 ---- 5 private-config - !Flash: nvram: 1920 -rw- 30609 underlying-config - !Flash: nvram: 1 ---- 4 rf_cold_starts - !Flash: nvram: 2 ---- 49 persistent-data - !Flash: nvram: 3 -rw- 0 ifIndex-table - !Flash: nvram: 1964024 bytes total (1930286 bytes free) + !Flash: : Directory of nvram:/ + !Flash: : 1918 -rw- 30609 startup-config + !Flash: : 1919 ---- 5 private-config + !Flash: : 1920 -rw- 30609 underlying-config + !Flash: : 1 ---- 4 rf_cold_starts + !Flash: : 2 ---- 49 persistent-data + !Flash: : 3 -rw- 0 ifIndex-table + !Flash: : 1964024 bytes total (1930286 bytes free) ! From cterpreau at gmail.com Tue Jul 10 09:18:31 2007 From: cterpreau at gmail.com (Christophe Terpreau) Date: Tue, 10 Jul 2007 11:18:31 +0200 Subject: [rancid] Get config from some rancid server to one cvsweb Message-ID: <8f7786aa0707100218x4e4e9e30gfef4a10f34555381@mail.gmail.com> Hello, i would like to backup some cisco devices from 3 rancid server but be able to put all config in only one cvsweb server. How can i do that ?? Many thx for your help. Regards. From david at infotrek.co.uk Tue Jul 10 13:12:44 2007 From: david at infotrek.co.uk (David Croft) Date: Tue, 10 Jul 2007 14:12:44 +0100 Subject: [rancid] Re: Get config from some rancid server to one cvsweb In-Reply-To: <8f7786aa0707100218x4e4e9e30gfef4a10f34555381@mail.gmail.com> References: <8f7786aa0707100218x4e4e9e30gfef4a10f34555381@mail.gmail.com> Message-ID: I did this by NFS mounting the rancid/var/CVS/ directory though you could also do it with rsync etc. Then modify @CVSrepositories in cvsweb.conf to point to each repository. David On 10/07/07, Christophe Terpreau wrote: > Hello, > > i would like to backup some cisco devices from 3 rancid server but be > able to put all config in only one cvsweb server. > > How can i do that ?? > > Many thx for your help. > Regards. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From david+rancid at luyer.net Tue Jul 10 15:28:01 2007 From: david+rancid at luyer.net (David Luyer) Date: Tue, 10 Jul 2007 08:28:01 -0700 (PDT) Subject: [rancid] Re: Get config from some rancid server to one cvsweb In-Reply-To: References: <8f7786aa0707100218x4e4e9e30gfef4a10f34555381@mail.gmail.com> Message-ID: <54120.208.201.244.10.1184081281.squirrel@www.luyer.net> Or you could just use CVS via pserver or ssh like it's designed to be? David. > I did this by NFS mounting the rancid/var/CVS/ directory though you > could also do it with rsync etc. > > Then modify @CVSrepositories in cvsweb.conf to point to each repository. > > David > > On 10/07/07, Christophe Terpreau wrote: >> Hello, >> >> i would like to backup some cisco devices from 3 rancid server but be >> able to put all config in only one cvsweb server. >> >> How can i do that ?? >> >> Many thx for your help. >> Regards. >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From hoswfh at gmail.com Wed Jul 11 01:13:38 2007 From: hoswfh at gmail.com (Ho Siew Fah) Date: Wed, 11 Jul 2007 09:13:38 +0800 Subject: [rancid] RcsDiff Problem With Juniper Router Message-ID: <35d5fd5e0707101813j32381acfs74d83cdf4f557995@mail.gmail.com> Hello group, Sometimes, the diff command shows the following "show chassis environment" from my juniper router even after I had changed my interface configuration in this router. I expect the diff command shows the changes I have made to the interface, but instead it just show the difference in the environment. I have to execute rancid-run again in order to get the configuration change I have made. Can anyone tell me how to solve this problem without running the rancid-run command again? Also, is there a way to change the time setting in the ouput of the rcsdiff? I have adeded the command TZ=SGT and export TZ in the rancid.conf file, but it seems that is not working. Thank you. RCS file: /usr/local/var/rancid/CVS/ix/configs/sbt-cr2.ix.sing.com,v retrieving revision 1.121 retrieving revision 1.122 diff -c -r1.121 -r1.122 *** sbt-cr2.ix.singtel.com 2007/06/30 16:11:40 1.121 --- sbt-cr2.ix.singtel.com 2007/06/30 21:39:24 1.122 *************** *** 2,8 **** # # sbt-cr2-re1> show chassis clocks # Clock State Measured frequency ! # PCG 0 Online - Master clock 124.95 MHz # PCG 1 Online - Standby 124.96 MHz # # sbt-cr2-re1> show chassis environment --- 2,8 ---- # # sbt-re1> show chassis clocks # Clock State Measured frequency ! # PCG 0 Online - Master clock 124.96 MHz # PCG 1 Online - Standby 124.96 MHz # # sbt-cr2-re1> show chassis environment -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070711/f17c57ce/attachment.html From hoswfh at gmail.com Wed Jul 11 02:15:28 2007 From: hoswfh at gmail.com (Ho Siew Fah) Date: Wed, 11 Jul 2007 10:15:28 +0800 Subject: [rancid] RcsDiff Problem With Juniper Router Message-ID: <35d5fd5e0707101915x35dfbe4di118b56e49a106440@mail.gmail.com> Hello group, Sometimes, the diff command shows the following "show chassis environment" from my juniper router even after I had changed my interface configuration in this router. I expect the diff command shows the changes I had made to the interface, but instead it just show the difference in the environment. I have to execute rancid-run again in order to get the configuration change I have made. Can anyone tell me how to solve this problem without running the rancid-run command again? Also, is there a way to change the time setting in the ouput of the rcsdiff? I have adeded the command TZ=SGT and export TZ in the rancid.conf file, but it seems that is not working. Thank you. RCS file: /usr/local/var/rancid/CVS/ix/configs/sbt-cr2.ix.sing.com,v retrieving revision 1.121 retrieving revision 1.122 diff -c -r1.121 -r1.122 *** sbt-cr2.ix.singtel.com 2007/06/30 16:11:40 1.121 --- sbt-cr2.ix.singtel.com 2007/06/30 21:39:24 1.122 *************** *** 2,8 **** # # sbt-cr2-re1> show chassis clocks # Clock State Measured frequency ! # PCG 0 Online - Master clock 124.95 MHz # PCG 1 Online - Standby 124.96 MHz # # sbt-cr2-re1> show chassis environment --- 2,8 ---- # # sbt-re1> show chassis clocks # Clock State Measured frequency ! # PCG 0 Online - Master clock 124.96 MHz # PCG 1 Online - Standby 124.96 MHz # # sbt-cr2-re1> show chassis environment -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070711/6fd3dc95/attachment.html From aevans at kineto.com Fri Jul 13 00:56:18 2007 From: aevans at kineto.com (Alan Evans) Date: Thu, 12 Jul 2007 17:56:18 -0700 Subject: [rancid] Re: Newbie question: I get an email every hour even when nothing has changed. In-Reply-To: Message-ID: Quick update on my problem. My initial thoughts were wrong. The problem was that I got different results when rancid was run from a cronjob and when it was run from the command line. Cron looked like this: !Flash: nvram: 1920 -rw- 30609 underlying-config Command line looked like this: !Flash: : 1920 -rw- 30609 underlying-config Notice the missing "nvram" when run from the command line. I managed to figure out that if I changed the $dev regex in rancid script (line#1898) From: my($dev) = (/\s([^\s]+):/); To: my($dev) = /\S+\s+(\S+):/; Then the nvram appears in both cron and command line outputs. I have no explanation why, but it works for me. Cheers AlanE From smunzani at comcast.net Fri Jul 13 19:45:29 2007 From: smunzani at comcast.net (Sam Munzani) Date: Fri, 13 Jul 2007 14:45:29 -0500 Subject: [rancid] F5 load balancer support Message-ID: <4697D659.7050006@comcast.net> Hi, Did anybody happened to hack one of Cisco scripts to support BigIP F5 boxes? It should be pretty simple. All I want to do is login and type "b list" which is equivalent of "show run" on cisco. However for some reason things not working. All I did was copied clogin to f5login, copied rancid to f5rancid and added following to rancid-fe. elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); } Then modified f5 rancid file and kept only one command in list of commands "b list". For some reason its not working. I can post my configs here if somebody like to see them. Thanks, Sam From rancid at gheek.net Fri Jul 13 20:28:08 2007 From: rancid at gheek.net (Lance) Date: Fri, 13 Jul 2007 13:28:08 -0700 Subject: [rancid] Re: F5 load balancer support Message-ID: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net> What error(s) do you get when you try to run your f5rancid? Where does it fail if you debug your f5login? -lance > -------- Original Message -------- > Subject: [rancid] F5 load balancer support > From: Sam Munzani > Date: Fri, July 13, 2007 12:45 pm > To: rancid-discuss at shrubbery.net > > Hi, > > Did anybody happened to hack one of Cisco scripts to support BigIP F5 > boxes? It should be pretty simple. All I want to do is login and type "b > list" which is equivalent of "show run" on cisco. > > However for some reason things not working. All I did was copied clogin > to f5login, copied rancid to f5rancid and added following to rancid-fe. > elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); } > > Then modified f5 rancid file and kept only one command in list of > commands "b list". > > For some reason its not working. I can post my configs here if somebody > like to see them. > > Thanks, > Sam > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From smunzani at comcast.net Fri Jul 13 21:30:32 2007 From: smunzani at comcast.net (Sam Munzani) Date: Fri, 13 Jul 2007 16:30:32 -0500 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net> References: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net> Message-ID: <4697EEF8.5090909@comcast.net> Lance, F5 login works fine with a minor error. $ f5login test-f5-01 test-f5-01 spawn ssh -c 3des -x -l root test-f5-01 Password: Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root [root at test-f5-01:Active] config # root -bash: root: command not found [root at test-f5-01:Active] config # [root at test-f5-01:Active] config # [root at test-f5-01:Active] config # I don't know how to debug otherwise I would turn on debug too. If you can provide some hints on debug, I would appreciate it. Thanks, Sam > What error(s) do you get when you try to run your f5rancid? > > Where does it fail if you debug your f5login? > > > -lance > > >> -------- Original Message -------- >> Subject: [rancid] F5 load balancer support >> From: Sam Munzani >> Date: Fri, July 13, 2007 12:45 pm >> To: rancid-discuss at shrubbery.net >> >> Hi, >> >> Did anybody happened to hack one of Cisco scripts to support BigIP F5 >> boxes? It should be pretty simple. All I want to do is login and type "b >> list" which is equivalent of "show run" on cisco. >> >> However for some reason things not working. All I did was copied clogin >> to f5login, copied rancid to f5rancid and added following to rancid-fe. >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); } >> >> Then modified f5 rancid file and kept only one command in list of >> commands "b list". >> >> For some reason its not working. I can post my configs here if somebody >> like to see them. >> >> Thanks, >> Sam >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070713/b8496639/attachment.html From smunzani at comcast.net Fri Jul 13 21:43:24 2007 From: smunzani at comcast.net (Sam Munzani) Date: Fri, 13 Jul 2007 16:43:24 -0500 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net> References: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net> Message-ID: <4697F1FC.5030407@comcast.net> Lance, I edited f5login file and added "-d" on expect line. Below is what I see in debug. clearf5login test-f5-01 expect version 5.43.0 argv[0] = /usr/local/bin/expect argv[1] = -d argv[2] = /opt/rancid/bin/f5login argv[3] = test-f5-01 set argc 1 set argv0 "/opt/rancid/bin/f5login" set argv "test-f5-01" executing commands from command file /opt/rancid/bin/f5login test-f5-01 spawn ssh -c 3des -x -l root test-f5-01 using master pty /dev/ptyp2 parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {30412} expect: does "" (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? no "Login invalid"? no Password: expect: does "Password: " (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Password: " (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does "Password: " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name):"? no "([Pp]assword|passwd):"? yes expect: set expect_out(0,string) "Password:" expect: set expect_out(1,string) "Password" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "Password:" send: sending "***********\r" to { exp4 } expect: continuing expect expect: does " " (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? no "Login invalid"? no expect: does " \r\n" (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " \r\n" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? no "Login invalid"? no Last login: Fri Jul 13 14:38:03 2007 from 172.24.100.12 expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n" (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) " \r\nLast login:" send: sending "root\r" to { exp4 } expect: continuing expect expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n" (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? no "Login invalid"? no [root at test-f5-01:Active] config # expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n[root at test-f5-01:Active] config # " (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n[root at test-f5-01:Active] config # " (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n[root at test-f5-01:Active] config # " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? yes expect: set expect_out(0,string) "#" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n[root at test-f5-01:Active] config #" send: sending "\r" to { exp4 } expect: does " " (spawn_id exp4) match regular expression "[\r\n]+"? no "^(.+:)1 (#| \(enable\))"? no "^.+(#| \(enable\))"? no "^.+> \(enable\)"? no ro expect: does " ro" (spawn_id exp4) match regular expression "[\r\n]+"? no "^(.+:)1 (#| \(enable\))"? no "^.+(#| \(enable\))"? no "^.+> \(enable\)"? no ot -bash: root: command not found [root at test-f5-01:Active] config # expect: does " root\r\n-bash: root: command not found\r\n[root at test-f5-01:Active] config # " (spawn_id exp4) match regular expression "[\r\n]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) " root\r\n" expect: continuing expect expect: does "-bash: root: command not found\r\n[root at test-f5-01:Active] config # " (spawn_id exp4) match regular expression "[\r\n]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "-bash: root: command not found\r\n" expect: continuing expect expect: does "[root at test-f5-01:Active] config # " (spawn_id exp4) match regular expression "[\r\n]+"? no "^(.+:)1 (#| \(enable\))"? no "^.+(#| \(enable\))"? yes expect: set expect_out(0,string) "[root at test-f5-01:Active] config #" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "[root at test-f5-01:Active] config #" tty_raw_noecho: was raw = 0 echo = 1 spawn id exp4 sent <\r\n> spawn id exp4 sent <[root at test-f5-01:Active] config # > [root at test-f5-01:Active] config # spawn id exp0 sent <\r> spawn id exp4 sent <\r\n> spawn id exp4 sent <[root at test-f5-01:Active] config # > [root at test-f5-01:Active] config # spawn id exp0 sent spawn id exp4 sent espawn id exp0 sent spawn id exp4 sent xspawn id exp0 sent spawn id exp4 sent ispawn id exp0 sent spawn id exp4 sent tspawn id exp0 sent <\r> spawn id exp4 sent <\r\nlogout\r\n> logout spawn id exp4 sent <\u001b[H\u001b[J> spawn id exp4 sent Connection to test-f5-01 closed. interact: received eof from spawn_id exp4 tty_set: raw = 0, echo = 1 tty_set: raw = 3, echo = 0 $ $ > What error(s) do you get when you try to run your f5rancid? > > Where does it fail if you debug your f5login? > > > -lance > > >> -------- Original Message -------- >> Subject: [rancid] F5 load balancer support >> From: Sam Munzani >> Date: Fri, July 13, 2007 12:45 pm >> To: rancid-discuss at shrubbery.net >> >> Hi, >> >> Did anybody happened to hack one of Cisco scripts to support BigIP F5 >> boxes? It should be pretty simple. All I want to do is login and type "b >> list" which is equivalent of "show run" on cisco. >> >> However for some reason things not working. All I did was copied clogin >> to f5login, copied rancid to f5rancid and added following to rancid-fe. >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); } >> >> Then modified f5 rancid file and kept only one command in list of >> commands "b list". >> >> For some reason its not working. I can post my configs here if somebody >> like to see them. >> >> Thanks, >> Sam >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070713/b49e1dc7/attachment.html From rancid at gheek.net Sat Jul 14 19:11:23 2007 From: rancid at gheek.net (Lance) Date: Sat, 14 Jul 2007 12:11:23 -0700 Subject: [rancid] Re: F5 load balancer support Message-ID: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> Sam, Have you tried using telnet to login, if the f5 has it enabled. You may also want to set auto enable in your .cloginrc for this device as it looks to clogin as you are already in a cisco equivalent equal to enable since your prompt has a # sign in it. Looking at your next email along with this one it looks like you are already in a cisco equivalent of enable after you login. f5login seems to be sending your username of root as a command after you get connected because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from 172.24.100.12" and it matches on the word "Login". See below. "(Username|Login|login|user name):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) " \r\nLast login:" send: sending "root\r" to { exp4 } expect: continuing expect You are just using a Cisco login/parsing script so it expects prompts from a Cisco device and in this case you have a *nix SSH banner that gets interrupted. I know you can use RANCID to backup *nix systems. So it knows how to understand connecting to a *nix system. You might want to try this email thread which asks about backing up Linux conifgs. "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" Or you could modify the existing f5login like so. I think you have to use the carrot before the () to work. I haven't checked this as I am at home and not on a UNIX system right now. Sorry to lazy to check it out right now. You might want to uncomment the line below 3. and comment out the line below 2. and see if that works. This is the only point in the code that I see it look for login in any line. If that doesn't work send me back the debug and I will see what I can do. I am sure some people that use expect more often then I can probably quickly tell you what to use as syntax there. # Figure out prompts set u_prompt [find userprompt $router if { "$u_prompt" == "" } { #1. ORIGINAL #set u_prompt "^(Username|Login|login|user name):" #2. Modified to read for a line beginning with Username,Login,login, or user name. set u_prompt "^(Username|Login|login|user name):" #3. Modified to read for a line beginning with Login or login. but I may be wrong #set u_prompt "^(Username|^Login|^login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] Let me know if this works for you. -Lance > -------- Original Message -------- > Subject: Re: [rancid] F5 load balancer support > From: Sam Munzani > Date: Fri, July 13, 2007 2:30 pm > To: Lance > Cc: rancid-discuss at shrubbery.net > > Lance, > > F5 login works fine with a minor error. > > $ f5login test-f5-01 > test-f5-01 > spawn ssh -c 3des -x -l root test-f5-01 > Password: > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 > root > [root at test-f5-01:Active] config # root > -bash: root: command not found > [root at test-f5-01:Active] config # > [root at test-f5-01:Active] config # > [root at test-f5-01:Active] config # > > I don't know how to debug otherwise I would turn on debug too. If you > can provide some hints on debug, I would appreciate it. > > Thanks, > Sam > > What error(s) do you get when you try to run your f5rancid? > > > > Where does it fail if you debug your f5login? > > > > > > -lance > > > > > >> -------- Original Message -------- > >> Subject: [rancid] F5 load balancer support > >> From: Sam Munzani > >> Date: Fri, July 13, 2007 12:45 pm > >> To: rancid-discuss at shrubbery.net > >> > >> Hi, > >> > >> Did anybody happened to hack one of Cisco scripts to support BigIP F5 > >> boxes? It should be pretty simple. All I want to do is login and > type "b > >> list" which is equivalent of "show run" on cisco. > >> > >> However for some reason things not working. All I did was copied > clogin > >> to f5login, copied rancid to f5rancid and added following to > rancid-fe. > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); } > >> > >> Then modified f5 rancid file and kept only one command in list of > >> commands "b list". > >> > >> For some reason its not working. I can post my configs here if > somebody > >> like to see them. > >> > >> Thanks, > >> Sam > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > > > > > > From david at infotrek.co.uk Sun Jul 15 12:43:01 2007 From: david at infotrek.co.uk (David Croft) Date: Sun, 15 Jul 2007 14:43:01 +0200 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> Message-ID: Thanks for this tip, turns out that this is also the reason the username gets entered at a prompt on the cisco IPS devices. Since it's using SSH and therefore doesn't need a username prompt, solution was to simply add in .cloginrc: add userprompt ids* bldshgalsjd (<- something that won't get sent during login) Regards, David On 14/07/07, Lance wrote: > Sam, > > Have you tried using telnet to login, if the f5 has it enabled. > You may also want to set auto enable in your .cloginrc for this device > as it looks to clogin as you are already in a cisco equivalent equal to > enable since your prompt has a # sign in it. > > Looking at your next email along with this one it looks like you are > already in a cisco equivalent of enable after you login. f5login seems > to be sending your username of root as a command after you get connected > because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from > 172.24.100.12" and it matches on the word "Login". See below. > > "(Username|Login|login|user name):"? yes > > expect: set expect_out(0,string) "login:" > > expect: set expect_out(1,string) "login" > > expect: set expect_out(spawn_id) "exp4" > > expect: set expect_out(buffer) " \r\nLast login:" > > send: sending "root\r" to { exp4 } > > expect: continuing expect > > You are just using a Cisco login/parsing script so it expects prompts > from a Cisco device and in this case you have a *nix SSH banner that > gets interrupted. I know you can use RANCID to backup *nix systems. So > it knows how to understand connecting to a *nix system. You might want > to try this email thread which asks about backing up Linux conifgs. > "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" > Or you could modify the existing f5login like so. > > I think you have to use the carrot before the () to work. I haven't > checked this as I am at home and not on a UNIX system right now. Sorry > to lazy to check it out right now. You might want to uncomment the line > below 3. and comment out the line below 2. and see if that works. This > is the only point in the code that I see it look for login in any line. > If that doesn't work send me back the debug and I will see what I can > do. I am sure some people that use expect more often then I can probably > quickly tell you what to use as syntax there. > > # Figure out prompts > set u_prompt [find userprompt $router > if { "$u_prompt" == "" } { > #1. ORIGINAL > #set u_prompt "^(Username|Login|login|user name):" > #2. Modified to read for a line beginning with Username,Login,login, or > user name. > set u_prompt "^(Username|Login|login|user name):" > #3. Modified to read for a line beginning with Login or login. but I > may be wrong > #set u_prompt "^(Username|^Login|^login|user name):" > } else { > set u_prompt [join [lindex $u_prompt 0] ""] > > > Let me know if this works for you. > > -Lance > > > -------- Original Message -------- > > Subject: Re: [rancid] F5 load balancer support > > From: Sam Munzani > > Date: Fri, July 13, 2007 2:30 pm > > To: Lance > > Cc: rancid-discuss at shrubbery.net > > > > Lance, > > > > F5 login works fine with a minor error. > > > > $ f5login test-f5-01 > > test-f5-01 > > spawn ssh -c 3des -x -l root test-f5-01 > > Password: > > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 > > root > > [root at test-f5-01:Active] config # root > > -bash: root: command not found > > [root at test-f5-01:Active] config # > > [root at test-f5-01:Active] config # > > [root at test-f5-01:Active] config # > > > > I don't know how to debug otherwise I would turn on debug too. If you > > can provide some hints on debug, I would appreciate it. > > > > Thanks, > > Sam > > > What error(s) do you get when you try to run your f5rancid? > > > > > > Where does it fail if you debug your f5login? > > > > > > > > > -lance > > > > > > > > >> -------- Original Message -------- > > >> Subject: [rancid] F5 load balancer support > > >> From: Sam Munzani > > >> Date: Fri, July 13, 2007 12:45 pm > > >> To: rancid-discuss at shrubbery.net > > >> > > >> Hi, > > >> > > >> Did anybody happened to hack one of Cisco scripts to support BigIP F5 > > >> boxes? It should be pretty simple. All I want to do is login and > > type "b > > >> list" which is equivalent of "show run" on cisco. > > >> > > >> However for some reason things not working. All I did was copied > > clogin > > >> to f5login, copied rancid to f5rancid and added following to > > rancid-fe. > > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); } > > >> > > >> Then modified f5 rancid file and kept only one command in list of > > >> commands "b list". > > >> > > >> For some reason its not working. I can post my configs here if > > somebody > > >> like to see them. > > >> > > >> Thanks, > > >> Sam > > >> _______________________________________________ > > >> Rancid-discuss mailing list > > >> Rancid-discuss at shrubbery.net > > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > >> > > > > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From smunzani at comcast.net Mon Jul 16 16:48:52 2007 From: smunzani at comcast.net (Sam Munzani) Date: Mon, 16 Jul 2007 11:48:52 -0500 Subject: [rancid] Re: F5 load balancer support In-Reply-To: References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> Message-ID: <469BA174.1050902@comcast.net> David, Thanks a lot for the tip. This worked well. Now f5login goes much more cleaner and the "root" doesn't set sent again. I still have other issues where rancid-run is backing up config properly but I am still troubleshooting it. Now here is a question. What does "bldshgalsjd" mean and how does it do this miracle? Thanks, Sam > Thanks for this tip, turns out that this is also the reason the > username gets entered at a prompt on the cisco IPS devices. Since it's > using SSH and therefore doesn't need a username prompt, solution was > to simply add in .cloginrc: > > add userprompt ids* bldshgalsjd (<- something that won't get sent > during login) > > Regards, > > David > > On 14/07/07, Lance wrote: >> Sam, >> >> Have you tried using telnet to login, if the f5 has it enabled. >> You may also want to set auto enable in your .cloginrc for this device >> as it looks to clogin as you are already in a cisco equivalent equal to >> enable since your prompt has a # sign in it. >> >> Looking at your next email along with this one it looks like you are >> already in a cisco equivalent of enable after you login. f5login seems >> to be sending your username of root as a command after you get connected >> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from >> 172.24.100.12" and it matches on the word "Login". See below. >> >> "(Username|Login|login|user name):"? yes >> >> expect: set expect_out(0,string) "login:" >> >> expect: set expect_out(1,string) "login" >> >> expect: set expect_out(spawn_id) "exp4" >> >> expect: set expect_out(buffer) " \r\nLast login:" >> >> send: sending "root\r" to { exp4 } >> >> expect: continuing expect >> >> You are just using a Cisco login/parsing script so it expects prompts >> from a Cisco device and in this case you have a *nix SSH banner that >> gets interrupted. I know you can use RANCID to backup *nix systems. So >> it knows how to understand connecting to a *nix system. You might want >> to try this email thread which asks about backing up Linux conifgs. >> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" >> >> Or you could modify the existing f5login like so. >> >> I think you have to use the carrot before the () to work. I haven't >> checked this as I am at home and not on a UNIX system right now. Sorry >> to lazy to check it out right now. You might want to uncomment the line >> below 3. and comment out the line below 2. and see if that works. This >> is the only point in the code that I see it look for login in any line. >> If that doesn't work send me back the debug and I will see what I can >> do. I am sure some people that use expect more often then I can probably >> quickly tell you what to use as syntax there. >> >> # Figure out prompts >> set u_prompt [find userprompt $router >> if { "$u_prompt" == "" } { >> #1. ORIGINAL >> #set u_prompt "^(Username|Login|login|user name):" >> #2. Modified to read for a line beginning with >> Username,Login,login, or >> user name. >> set u_prompt "^(Username|Login|login|user name):" >> #3. Modified to read for a line beginning with Login or login. >> but I >> may be wrong >> #set u_prompt "^(Username|^Login|^login|user name):" >> } else { >> set u_prompt [join [lindex $u_prompt 0] ""] >> >> >> Let me know if this works for you. >> >> -Lance >> >> > -------- Original Message -------- >> > Subject: Re: [rancid] F5 load balancer support >> > From: Sam Munzani >> > Date: Fri, July 13, 2007 2:30 pm >> > To: Lance >> > Cc: rancid-discuss at shrubbery.net >> > >> > Lance, >> > >> > F5 login works fine with a minor error. >> > >> > $ f5login test-f5-01 >> > test-f5-01 >> > spawn ssh -c 3des -x -l root test-f5-01 >> > Password: >> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 >> > root >> > [root at test-f5-01:Active] config # root >> > -bash: root: command not found >> > [root at test-f5-01:Active] config # >> > [root at test-f5-01:Active] config # >> > [root at test-f5-01:Active] config # >> > >> > I don't know how to debug otherwise I would turn on debug too. If you >> > can provide some hints on debug, I would appreciate it. >> > >> > Thanks, >> > Sam >> > > What error(s) do you get when you try to run your f5rancid? >> > > >> > > Where does it fail if you debug your f5login? >> > > >> > > >> > > -lance >> > > >> > > >> > >> -------- Original Message -------- >> > >> Subject: [rancid] F5 load balancer support >> > >> From: Sam Munzani >> > >> Date: Fri, July 13, 2007 12:45 pm >> > >> To: rancid-discuss at shrubbery.net >> > >> >> > >> Hi, >> > >> >> > >> Did anybody happened to hack one of Cisco scripts to support >> BigIP F5 >> > >> boxes? It should be pretty simple. All I want to do is login and >> > type "b >> > >> list" which is equivalent of "show run" on cisco. >> > >> >> > >> However for some reason things not working. All I did was copied >> > clogin >> > >> to f5login, copied rancid to f5rancid and added following to >> > rancid-fe. >> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', >> $router); } >> > >> >> > >> Then modified f5 rancid file and kept only one command in list of >> > >> commands "b list". >> > >> >> > >> For some reason its not working. I can post my configs here if >> > somebody >> > >> like to see them. >> > >> >> > >> Thanks, >> > >> Sam >> > >> _______________________________________________ >> > >> Rancid-discuss mailing list >> > >> Rancid-discuss at shrubbery.net >> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > >> >> > > >> > > >> > > >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > From rancid at gheek.net Mon Jul 16 17:20:53 2007 From: rancid at gheek.net (Lance) Date: Mon, 16 Jul 2007 10:20:53 -0700 Subject: [rancid] Re: F5 load balancer support Message-ID: <20070716102053.8e114e4890519e5179c192e02d6bca26.ed552ed684.wbe@email.secureserver.net> Sam, What bldshgalsjd is the prompt is looks for before it sends the username. Example, if the the device prompted you for a username like so, you would use the following. Your User name: #.cloginrc line add userprompt f5* "Your User name:" This would only send your username if it found the prompt of "Your User name:" (minus the ""). So the likely hood that it will find bldshgalsjd would be slim to almost impossible. -lance > -------- Original Message -------- > Subject: Re: [rancid] Re: F5 load balancer support > From: Sam Munzani > Date: Mon, July 16, 2007 9:48 am > To: David Croft > Cc: Lance , rancid-discuss at shrubbery.net > > David, > > Thanks a lot for the tip. This worked well. Now f5login goes much more > cleaner and the "root" doesn't set sent again. I still have other issues > where rancid-run is backing up config properly but I am still > troubleshooting it. > > Now here is a question. What does "bldshgalsjd" mean and how does it do > this miracle? > > Thanks, > Sam > > Thanks for this tip, turns out that this is also the reason the > > username gets entered at a prompt on the cisco IPS devices. Since it's > > using SSH and therefore doesn't need a username prompt, solution was > > to simply add in .cloginrc: > > > > add userprompt ids* bldshgalsjd (<- something that won't get sent > > during login) > > > > Regards, > > > > David > > > > On 14/07/07, Lance wrote: > >> Sam, > >> > >> Have you tried using telnet to login, if the f5 has it enabled. > >> You may also want to set auto enable in your .cloginrc for this device > >> as it looks to clogin as you are already in a cisco equivalent > equal to > >> enable since your prompt has a # sign in it. > >> > >> Looking at your next email along with this one it looks like you are > >> already in a cisco equivalent of enable after you login. f5login seems > >> to be sending your username of root as a command after you get > connected > >> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from > >> 172.24.100.12" and it matches on the word "Login". See below. > >> > >> "(Username|Login|login|user name):"? yes > >> > >> expect: set expect_out(0,string) "login:" > >> > >> expect: set expect_out(1,string) "login" > >> > >> expect: set expect_out(spawn_id) "exp4" > >> > >> expect: set expect_out(buffer) " \r\nLast login:" > >> > >> send: sending "root\r" to { exp4 } > >> > >> expect: continuing expect > >> > >> You are just using a Cisco login/parsing script so it expects prompts > >> from a Cisco device and in this case you have a *nix SSH banner that > >> gets interrupted. I know you can use RANCID to backup *nix systems. So > >> it knows how to understand connecting to a *nix system. You might want > >> to try this email thread which asks about backing up Linux conifgs. > >> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" > > >> > >> Or you could modify the existing f5login like so. > >> > >> I think you have to use the carrot before the () to work. I haven't > >> checked this as I am at home and not on a UNIX system right now. Sorry > >> to lazy to check it out right now. You might want to uncomment the > line > >> below 3. and comment out the line below 2. and see if that works. This > >> is the only point in the code that I see it look for login in any > line. > >> If that doesn't work send me back the debug and I will see what I can > >> do. I am sure some people that use expect more often then I can > probably > >> quickly tell you what to use as syntax there. > >> > >> # Figure out prompts > >> set u_prompt [find userprompt $router > >> if { "$u_prompt" == "" } { > >> #1. ORIGINAL > >> #set u_prompt "^(Username|Login|login|user name):" > >> #2. Modified to read for a line beginning with > >> Username,Login,login, or > >> user name. > >> set u_prompt "^(Username|Login|login|user name):" > >> #3. Modified to read for a line beginning with Login or login. > >> but I > >> may be wrong > >> #set u_prompt "^(Username|^Login|^login|user name):" > >> } else { > >> set u_prompt [join [lindex $u_prompt 0] ""] > >> > >> > >> Let me know if this works for you. > >> > >> -Lance > >> > >> > -------- Original Message -------- > >> > Subject: Re: [rancid] F5 load balancer support > >> > From: Sam Munzani > >> > Date: Fri, July 13, 2007 2:30 pm > >> > To: Lance > >> > Cc: rancid-discuss at shrubbery.net > >> > > >> > Lance, > >> > > >> > F5 login works fine with a minor error. > >> > > >> > $ f5login test-f5-01 > >> > test-f5-01 > >> > spawn ssh -c 3des -x -l root test-f5-01 > >> > Password: > >> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 > >> > root > >> > [root at test-f5-01:Active] config # root > >> > -bash: root: command not found > >> > [root at test-f5-01:Active] config # > >> > [root at test-f5-01:Active] config # > >> > [root at test-f5-01:Active] config # > >> > > >> > I don't know how to debug otherwise I would turn on debug too. If > you > >> > can provide some hints on debug, I would appreciate it. > >> > > >> > Thanks, > >> > Sam > >> > > What error(s) do you get when you try to run your f5rancid? > >> > > > >> > > Where does it fail if you debug your f5login? > >> > > > >> > > > >> > > -lance > >> > > > >> > > > >> > >> -------- Original Message -------- > >> > >> Subject: [rancid] F5 load balancer support > >> > >> From: Sam Munzani > >> > >> Date: Fri, July 13, 2007 12:45 pm > >> > >> To: rancid-discuss at shrubbery.net > >> > >> > >> > >> Hi, > >> > >> > >> > >> Did anybody happened to hack one of Cisco scripts to support > >> BigIP F5 > >> > >> boxes? It should be pretty simple. All I want to do is login and > >> > type "b > >> > >> list" which is equivalent of "show run" on cisco. > >> > >> > >> > >> However for some reason things not working. All I did was copied > >> > clogin > >> > >> to f5login, copied rancid to f5rancid and added following to > >> > rancid-fe. > >> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', > >> $router); } > >> > >> > >> > >> Then modified f5 rancid file and kept only one command in list of > >> > >> commands "b list". > >> > >> > >> > >> For some reason its not working. I can post my configs here if > >> > somebody > >> > >> like to see them. > >> > >> > >> > >> Thanks, > >> > >> Sam > >> > >> _______________________________________________ > >> > >> Rancid-discuss mailing list > >> > >> Rancid-discuss at shrubbery.net > >> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > >> > >> > > > >> > > > >> > > > >> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > > From smunzani at comcast.net Mon Jul 16 18:00:04 2007 From: smunzani at comcast.net (Sam Munzani) Date: Mon, 16 Jul 2007 13:00:04 -0500 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <20070716102053.8e114e4890519e5179c192e02d6bca26.ed552ed684.wbe@email.secureserver.net> References: <20070716102053.8e114e4890519e5179c192e02d6bca26.ed552ed684.wbe@email.secureserver.net> Message-ID: <469BB224.2000609@comcast.net> Lance, That makes perfect sense. Thanks a lot for a very good logical explanation. BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below. # This routine processes a "write term" sub BList { print STDERR " In BList: $_" if ($debug); my($lineauto,$comment,$linecnt) = (0,0,0); while () { tr/\015//d; last if(/^$prompt/); return(-1) if (/command not found/i); $linecnt++; $lineauto = 0 if (/^[^ ]/); # some versions have other crap mixed in with the bits in the } # The ContentEngine lacks a definitive "end of config" marker. If we # know that it is a CE and we have seen at least 5 lines of b list # o/p, we can be reasonably sure that we got the config. if ($linecnt > 5) { $found_end = 1; return(1); } return(0); } # dummy function sub DoNothing {print STDOUT;} # Main %commands=( 'b list' => "BList" ); # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and write term last). pita @commands=( "b list" ); $cisco_cmds=join(";", at commands); $cmds_regexp=join("|", at commands); All I did was changed "write term" to "b list" and changed function name too. I also changed a little bit around finding the end of input variable. However it still doesn't work. I get following in my logs. starting: Mon Jul 16 12:49:05 CDT 2007 Trying to get all of the configs. test-f5-01: End of run not found ! ===================================== Getting missed routers: round 1. test-f5-01: End of run not found ! ===================================== Getting missed routers: round 2. test-f5-01: End of run not found ! ===================================== Getting missed routers: round 3. test-f5-01: End of run not found ! ===================================== Getting missed routers: round 4. test-f5-01: End of run not found ! cvs diff: Diffing . cvs diff: Diffing configs cvs diff: cannot find configs/test-f5-01 cvs commit: Examining . cvs commit: Examining configs cvs commit: Up-to-date check failed for `configs/test-f5-01' cvs [commit aborted]: correct above errors first! ls: test-f5-01: No such file or directory ending: Mon Jul 16 12:49:32 CDT 2007 Any hints would be appreciated. Thanks, Sam > Sam, > > What bldshgalsjd is the prompt is looks for before it sends the > username. > > Example, if the the device prompted you for a username like so, you > would use the following. > > Your User name: > > #.cloginrc line > add userprompt f5* "Your User name:" > > This would only send your username if it found the prompt of "Your User > name:" (minus the ""). So the likely hood that it will find bldshgalsjd > would be slim to almost impossible. > > -lance > > >> -------- Original Message -------- >> Subject: Re: [rancid] Re: F5 load balancer support >> From: Sam Munzani >> Date: Mon, July 16, 2007 9:48 am >> To: David Croft >> Cc: Lance , rancid-discuss at shrubbery.net >> >> David, >> >> Thanks a lot for the tip. This worked well. Now f5login goes much more >> cleaner and the "root" doesn't set sent again. I still have other issues >> where rancid-run is backing up config properly but I am still >> troubleshooting it. >> >> Now here is a question. What does "bldshgalsjd" mean and how does it do >> this miracle? >> >> Thanks, >> Sam >> >>> Thanks for this tip, turns out that this is also the reason the >>> username gets entered at a prompt on the cisco IPS devices. Since it's >>> using SSH and therefore doesn't need a username prompt, solution was >>> to simply add in .cloginrc: >>> >>> add userprompt ids* bldshgalsjd (<- something that won't get sent >>> during login) >>> >>> Regards, >>> >>> David >>> >>> On 14/07/07, Lance wrote: >>> >>>> Sam, >>>> >>>> Have you tried using telnet to login, if the f5 has it enabled. >>>> You may also want to set auto enable in your .cloginrc for this device >>>> as it looks to clogin as you are already in a cisco equivalent >>>> >> equal to >> >>>> enable since your prompt has a # sign in it. >>>> >>>> Looking at your next email along with this one it looks like you are >>>> already in a cisco equivalent of enable after you login. f5login seems >>>> to be sending your username of root as a command after you get >>>> >> connected >> >>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from >>>> 172.24.100.12" and it matches on the word "Login". See below. >>>> >>>> "(Username|Login|login|user name):"? yes >>>> >>>> expect: set expect_out(0,string) "login:" >>>> >>>> expect: set expect_out(1,string) "login" >>>> >>>> expect: set expect_out(spawn_id) "exp4" >>>> >>>> expect: set expect_out(buffer) " \r\nLast login:" >>>> >>>> send: sending "root\r" to { exp4 } >>>> >>>> expect: continuing expect >>>> >>>> You are just using a Cisco login/parsing script so it expects prompts >>>> from a Cisco device and in this case you have a *nix SSH banner that >>>> gets interrupted. I know you can use RANCID to backup *nix systems. So >>>> it knows how to understand connecting to a *nix system. You might want >>>> to try this email thread which asks about backing up Linux conifgs. >>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" >>>> >>>> Or you could modify the existing f5login like so. >>>> >>>> I think you have to use the carrot before the () to work. I haven't >>>> checked this as I am at home and not on a UNIX system right now. Sorry >>>> to lazy to check it out right now. You might want to uncomment the >>>> >> line >> >>>> below 3. and comment out the line below 2. and see if that works. This >>>> is the only point in the code that I see it look for login in any >>>> >> line. >> >>>> If that doesn't work send me back the debug and I will see what I can >>>> do. I am sure some people that use expect more often then I can >>>> >> probably >> >>>> quickly tell you what to use as syntax there. >>>> >>>> # Figure out prompts >>>> set u_prompt [find userprompt $router >>>> if { "$u_prompt" == "" } { >>>> #1. ORIGINAL >>>> #set u_prompt "^(Username|Login|login|user name):" >>>> #2. Modified to read for a line beginning with >>>> Username,Login,login, or >>>> user name. >>>> set u_prompt "^(Username|Login|login|user name):" >>>> #3. Modified to read for a line beginning with Login or login. >>>> but I >>>> may be wrong >>>> #set u_prompt "^(Username|^Login|^login|user name):" >>>> } else { >>>> set u_prompt [join [lindex $u_prompt 0] ""] >>>> >>>> >>>> Let me know if this works for you. >>>> >>>> -Lance >>>> >>>> >>>>> -------- Original Message -------- >>>>> Subject: Re: [rancid] F5 load balancer support >>>>> From: Sam Munzani >>>>> Date: Fri, July 13, 2007 2:30 pm >>>>> To: Lance >>>>> Cc: rancid-discuss at shrubbery.net >>>>> >>>>> Lance, >>>>> >>>>> F5 login works fine with a minor error. >>>>> >>>>> $ f5login test-f5-01 >>>>> test-f5-01 >>>>> spawn ssh -c 3des -x -l root test-f5-01 >>>>> Password: >>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 >>>>> root >>>>> [root at test-f5-01:Active] config # root >>>>> -bash: root: command not found >>>>> [root at test-f5-01:Active] config # >>>>> [root at test-f5-01:Active] config # >>>>> [root at test-f5-01:Active] config # >>>>> >>>>> I don't know how to debug otherwise I would turn on debug too. If >>>>> >> you >> >>>>> can provide some hints on debug, I would appreciate it. >>>>> >>>>> Thanks, >>>>> Sam >>>>> >>>>>> What error(s) do you get when you try to run your f5rancid? >>>>>> >>>>>> Where does it fail if you debug your f5login? >>>>>> >>>>>> >>>>>> -lance >>>>>> >>>>>> >>>>>> >>>>>>> -------- Original Message -------- >>>>>>> Subject: [rancid] F5 load balancer support >>>>>>> From: Sam Munzani >>>>>>> Date: Fri, July 13, 2007 12:45 pm >>>>>>> To: rancid-discuss at shrubbery.net >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> Did anybody happened to hack one of Cisco scripts to support >>>>>>> >>>> BigIP F5 >>>> >>>>>>> boxes? It should be pretty simple. All I want to do is login and >>>>>>> >>>>> type "b >>>>> >>>>>>> list" which is equivalent of "show run" on cisco. >>>>>>> >>>>>>> However for some reason things not working. All I did was copied >>>>>>> >>>>> clogin >>>>> >>>>>>> to f5login, copied rancid to f5rancid and added following to >>>>>>> >>>>> rancid-fe. >>>>> >>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', >>>>>>> >>>> $router); } >>>> >>>>>>> Then modified f5 rancid file and kept only one command in list of >>>>>>> commands "b list". >>>>>>> >>>>>>> For some reason its not working. I can post my configs here if >>>>>>> >>>>> somebody >>>>> >>>>>>> like to see them. >>>>>>> >>>>>>> Thanks, >>>>>>> Sam >>>>>>> _______________________________________________ >>>>>>> Rancid-discuss mailing list >>>>>>> Rancid-discuss at shrubbery.net >>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>>>>> >>>>>>> >>>>>> >>>>>> >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >>>> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/dfdac047/attachment.html From sam at munzani.com Mon Jul 16 16:57:33 2007 From: sam at munzani.com (Sam Munzani) Date: Mon, 16 Jul 2007 11:57:33 -0500 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <469BA174.1050902@comcast.net> References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> <469BA174.1050902@comcast.net> Message-ID: <469BA37D.4070107@munzani.com> BTW, this is what I see in the log when I do rancid-run now. That means the f5rancid file(hacked copy of rancid) is still missing something. more nfl.20070716.114842 starting: Mon Jul 16 11:48:42 CDT 2007 Trying to get all of the configs. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 1. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 2. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 3. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 4. test-f5-01: End of run not found -bash: write: command not found cvs diff: Diffing . cvs diff: Diffing configs nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007 Trying to get all of the configs. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 1. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 2. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 3. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 4. test-f5-01: End of run not found -bash: write: command not found cvs diff: Diffing . cvs diff: Diffing configs cvs diff: cannot find configs/test-f5-01 cvs commit: Examining . cvs commit: Examining configs cvs commit: Up-to-date check failed for `configs/test-f5-01' cvs [commit aborted]: correct above errors first! ls: test-f5-01: No such file or directory ending: Mon Jul 16 11:49:41 CDT 2007 Thanks, Sam > David, > > Thanks a lot for the tip. This worked well. Now f5login goes much more > cleaner and the "root" doesn't set sent again. I still have other issues > where rancid-run is backing up config properly but I am still > troubleshooting it. > > Now here is a question. What does "bldshgalsjd" mean and how does it do > this miracle? > > Thanks, > Sam > >> Thanks for this tip, turns out that this is also the reason the >> username gets entered at a prompt on the cisco IPS devices. Since it's >> using SSH and therefore doesn't need a username prompt, solution was >> to simply add in .cloginrc: >> >> add userprompt ids* bldshgalsjd (<- something that won't get sent >> during login) >> >> Regards, >> >> David >> >> On 14/07/07, Lance wrote: >> >>> Sam, >>> >>> Have you tried using telnet to login, if the f5 has it enabled. >>> You may also want to set auto enable in your .cloginrc for this device >>> as it looks to clogin as you are already in a cisco equivalent equal to >>> enable since your prompt has a # sign in it. >>> >>> Looking at your next email along with this one it looks like you are >>> already in a cisco equivalent of enable after you login. f5login seems >>> to be sending your username of root as a command after you get connected >>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from >>> 172.24.100.12" and it matches on the word "Login". See below. >>> >>> "(Username|Login|login|user name):"? yes >>> >>> expect: set expect_out(0,string) "login:" >>> >>> expect: set expect_out(1,string) "login" >>> >>> expect: set expect_out(spawn_id) "exp4" >>> >>> expect: set expect_out(buffer) " \r\nLast login:" >>> >>> send: sending "root\r" to { exp4 } >>> >>> expect: continuing expect >>> >>> You are just using a Cisco login/parsing script so it expects prompts >>> from a Cisco device and in this case you have a *nix SSH banner that >>> gets interrupted. I know you can use RANCID to backup *nix systems. So >>> it knows how to understand connecting to a *nix system. You might want >>> to try this email thread which asks about backing up Linux conifgs. >>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" >>> >>> Or you could modify the existing f5login like so. >>> >>> I think you have to use the carrot before the () to work. I haven't >>> checked this as I am at home and not on a UNIX system right now. Sorry >>> to lazy to check it out right now. You might want to uncomment the line >>> below 3. and comment out the line below 2. and see if that works. This >>> is the only point in the code that I see it look for login in any line. >>> If that doesn't work send me back the debug and I will see what I can >>> do. I am sure some people that use expect more often then I can probably >>> quickly tell you what to use as syntax there. >>> >>> # Figure out prompts >>> set u_prompt [find userprompt $router >>> if { "$u_prompt" == "" } { >>> #1. ORIGINAL >>> #set u_prompt "^(Username|Login|login|user name):" >>> #2. Modified to read for a line beginning with >>> Username,Login,login, or >>> user name. >>> set u_prompt "^(Username|Login|login|user name):" >>> #3. Modified to read for a line beginning with Login or login. >>> but I >>> may be wrong >>> #set u_prompt "^(Username|^Login|^login|user name):" >>> } else { >>> set u_prompt [join [lindex $u_prompt 0] ""] >>> >>> >>> Let me know if this works for you. >>> >>> -Lance >>> >>> >>>> -------- Original Message -------- >>>> Subject: Re: [rancid] F5 load balancer support >>>> From: Sam Munzani >>>> Date: Fri, July 13, 2007 2:30 pm >>>> To: Lance >>>> Cc: rancid-discuss at shrubbery.net >>>> >>>> Lance, >>>> >>>> F5 login works fine with a minor error. >>>> >>>> $ f5login test-f5-01 >>>> test-f5-01 >>>> spawn ssh -c 3des -x -l root test-f5-01 >>>> Password: >>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 >>>> root >>>> [root at test-f5-01:Active] config # root >>>> -bash: root: command not found >>>> [root at test-f5-01:Active] config # >>>> [root at test-f5-01:Active] config # >>>> [root at test-f5-01:Active] config # >>>> >>>> I don't know how to debug otherwise I would turn on debug too. If you >>>> can provide some hints on debug, I would appreciate it. >>>> >>>> Thanks, >>>> Sam >>>> >>>>> What error(s) do you get when you try to run your f5rancid? >>>>> >>>>> Where does it fail if you debug your f5login? >>>>> >>>>> >>>>> -lance >>>>> >>>>> >>>>> >>>>>> -------- Original Message -------- >>>>>> Subject: [rancid] F5 load balancer support >>>>>> From: Sam Munzani >>>>>> Date: Fri, July 13, 2007 12:45 pm >>>>>> To: rancid-discuss at shrubbery.net >>>>>> >>>>>> Hi, >>>>>> >>>>>> Did anybody happened to hack one of Cisco scripts to support >>>>>> >>> BigIP F5 >>> >>>>>> boxes? It should be pretty simple. All I want to do is login and >>>>>> >>>> type "b >>>> >>>>>> list" which is equivalent of "show run" on cisco. >>>>>> >>>>>> However for some reason things not working. All I did was copied >>>>>> >>>> clogin >>>> >>>>>> to f5login, copied rancid to f5rancid and added following to >>>>>> >>>> rancid-fe. >>>> >>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', >>>>>> >>> $router); } >>> >>>>>> Then modified f5 rancid file and kept only one command in list of >>>>>> commands "b list". >>>>>> >>>>>> For some reason its not working. I can post my configs here if >>>>>> >>>> somebody >>>> >>>>>> like to see them. >>>>>> >>>>>> Thanks, >>>>>> Sam >>>>>> _______________________________________________ >>>>>> Rancid-discuss mailing list >>>>>> Rancid-discuss at shrubbery.net >>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>>>> >>>>>> >>>>> >>>>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >>> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/36447911/attachment.html From rancid at gheek.net Mon Jul 16 18:54:53 2007 From: rancid at gheek.net (Lance) Date: Mon, 16 Jul 2007 11:54:53 -0700 Subject: [rancid] Re: F5 load balancer support Message-ID: <20070716115452.8e114e4890519e5179c192e02d6bca26.9b57f25956.wbe@email.secureserver.net> Sam, Is that the whole file? Attach the whole file to make sure you aren't missing anything. Does the f5 have a pager of sort? Meaning if you run b list does it have a <-- More --> prompt or anything else other than the config that may show up? Email me your IM names and we might be able to solve it faster and then post back to the list? -lance > -------- Original Message -------- > Subject: Re: [rancid] Re: F5 load balancer support > From: Sam Munzani > Date: Mon, July 16, 2007 11:00 am > To: Lance > Cc: rancid-discuss at shrubbery.net, David Croft > > Lance, > > That makes perfect sense. Thanks a lot for a very good logical > explanation. > > BTW, this is what I did in f5rancid(a copy of rancid). Modified it as > below. > > # This routine processes a "write term" > sub BList { > print STDERR " In BList: $_" if ($debug); > my($lineauto,$comment,$linecnt) = (0,0,0); > > while () { > tr/\015//d; > last if(/^$prompt/); > return(-1) if (/command not found/i); > $linecnt++; > $lineauto = 0 if (/^[^ ]/); > # some versions have other crap mixed in with the bits in the > > } > # The ContentEngine lacks a definitive "end of config" marker. If we > # know that it is a CE and we have seen at least 5 lines of b list > # o/p, we can be reasonably sure that we got the config. > if ($linecnt > 5) { > $found_end = 1; > return(1); > } > > return(0); > } > > # dummy function > sub DoNothing {print STDOUT;} > > # Main > %commands=( > 'b list' => "BList" > ); > # keys() doesnt return things in the order entered and the order of the > # cmds is important (show version first and write term last). pita > @commands=( > "b list" > ); > $cisco_cmds=join(";", at commands); > $cmds_regexp=join("|", at commands); > > All I did was changed "write term" to "b list" and changed function name > too. I also changed a little bit around finding the end of input > variable. However it still doesn't work. I get following in my logs. > > starting: Mon Jul 16 12:49:05 CDT 2007 > > > > Trying to get all of the configs. > test-f5-01: End of run not found > ! > ===================================== > Getting missed routers: round 1. > test-f5-01: End of run not found > ! > ===================================== > Getting missed routers: round 2. > test-f5-01: End of run not found > ! > ===================================== > Getting missed routers: round 3. > test-f5-01: End of run not found > ! > ===================================== > Getting missed routers: round 4. > test-f5-01: End of run not found > ! > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs diff: cannot find configs/test-f5-01 > cvs commit: Examining . > cvs commit: Examining configs > cvs commit: Up-to-date check failed for `configs/test-f5-01' > cvs [commit aborted]: correct above errors first! > ls: test-f5-01: No such file or directory > > ending: Mon Jul 16 12:49:32 CDT 2007 > > Any hints would be appreciated. > > Thanks, > Sam > > Sam, > > > > What bldshgalsjd is the prompt is looks for before it sends the > > username. > > > > Example, if the the device prompted you for a username like so, you > > would use the following. > > > > Your User name: > > > > #.cloginrc line > > add userprompt f5* "Your User name:" > > > > This would only send your username if it found the prompt of "Your User > > name:" (minus the ""). So the likely hood that it will find bldshgalsjd > > would be slim to almost impossible. > > > > -lance > > > > > >> -------- Original Message -------- > >> Subject: Re: [rancid] Re: F5 load balancer support > >> From: Sam Munzani > >> Date: Mon, July 16, 2007 9:48 am > >> To: David Croft > >> Cc: Lance , rancid-discuss at shrubbery.net > >> > >> David, > >> > >> Thanks a lot for the tip. This worked well. Now f5login goes much > more > >> cleaner and the "root" doesn't set sent again. I still have other > issues > >> where rancid-run is backing up config properly but I am still > >> troubleshooting it. > >> > >> Now here is a question. What does "bldshgalsjd" mean and how does > it do > >> this miracle? > >> > >> Thanks, > >> Sam > >> > >>> Thanks for this tip, turns out that this is also the reason the > >>> username gets entered at a prompt on the cisco IPS devices. Since > it's > >>> using SSH and therefore doesn't need a username prompt, solution was > >>> to simply add in .cloginrc: > >>> > >>> add userprompt ids* bldshgalsjd (<- something that won't get sent > >>> during login) > >>> > >>> Regards, > >>> > >>> David > >>> > >>> On 14/07/07, Lance wrote: > >>> > >>>> Sam, > >>>> > >>>> Have you tried using telnet to login, if the f5 has it enabled. > >>>> You may also want to set auto enable in your .cloginrc for this > device > >>>> as it looks to clogin as you are already in a cisco equivalent > >>>> > >> equal to > >> > >>>> enable since your prompt has a # sign in it. > >>>> > >>>> Looking at your next email along with this one it looks like you are > >>>> already in a cisco equivalent of enable after you login. f5login > seems > >>>> to be sending your username of root as a command after you get > >>>> > >> connected > >> > >>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from > >>>> 172.24.100.12" and it matches on the word "Login". See below. > >>>> > >>>> "(Username|Login|login|user name):"? yes > >>>> > >>>> expect: set expect_out(0,string) "login:" > >>>> > >>>> expect: set expect_out(1,string) "login" > >>>> > >>>> expect: set expect_out(spawn_id) "exp4" > >>>> > >>>> expect: set expect_out(buffer) " \r\nLast login:" > >>>> > >>>> send: sending "root\r" to { exp4 } > >>>> > >>>> expect: continuing expect > >>>> > >>>> You are just using a Cisco login/parsing script so it expects > prompts > >>>> from a Cisco device and in this case you have a *nix SSH banner that > >>>> gets interrupted. I know you can use RANCID to backup *nix > systems. So > >>>> it knows how to understand connecting to a *nix system. You might > want > >>>> to try this email thread which asks about backing up Linux conifgs. > >>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" > >>>> > >>>> Or you could modify the existing f5login like so. > >>>> > >>>> I think you have to use the carrot before the () to work. I haven't > >>>> checked this as I am at home and not on a UNIX system right now. > Sorry > >>>> to lazy to check it out right now. You might want to uncomment the > >>>> > >> line > >> > >>>> below 3. and comment out the line below 2. and see if that works. > This > >>>> is the only point in the code that I see it look for login in any > >>>> > >> line. > >> > >>>> If that doesn't work send me back the debug and I will see what I > can > >>>> do. I am sure some people that use expect more often then I can > >>>> > >> probably > >> > >>>> quickly tell you what to use as syntax there. > >>>> > >>>> # Figure out prompts > >>>> set u_prompt [find userprompt $router > >>>> if { "$u_prompt" == "" } { > >>>> #1. ORIGINAL > >>>> #set u_prompt "^(Username|Login|login|user name):" > >>>> #2. Modified to read for a line beginning with > >>>> Username,Login,login, or > >>>> user name. > >>>> set u_prompt "^(Username|Login|login|user name):" > >>>> #3. Modified to read for a line beginning with Login or > login. > >>>> but I > >>>> may be wrong > >>>> #set u_prompt "^(Username|^Login|^login|user name):" > >>>> } else { > >>>> set u_prompt [join [lindex $u_prompt 0] ""] > >>>> > >>>> > >>>> Let me know if this works for you. > >>>> > >>>> -Lance > >>>> > >>>> > >>>>> -------- Original Message -------- > >>>>> Subject: Re: [rancid] F5 load balancer support > >>>>> From: Sam Munzani > >>>>> Date: Fri, July 13, 2007 2:30 pm > >>>>> To: Lance > >>>>> Cc: rancid-discuss at shrubbery.net > >>>>> > >>>>> Lance, > >>>>> > >>>>> F5 login works fine with a minor error. > >>>>> > >>>>> $ f5login test-f5-01 > >>>>> test-f5-01 > >>>>> spawn ssh -c 3des -x -l root test-f5-01 > >>>>> Password: > >>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 > >>>>> root > >>>>> [root at test-f5-01:Active] config # root > >>>>> -bash: root: command not found > >>>>> [root at test-f5-01:Active] config # > >>>>> [root at test-f5-01:Active] config # > >>>>> [root at test-f5-01:Active] config # > >>>>> > >>>>> I don't know how to debug otherwise I would turn on debug too. If > >>>>> > >> you > >> > >>>>> can provide some hints on debug, I would appreciate it. > >>>>> > >>>>> Thanks, > >>>>> Sam > >>>>> > >>>>>> What error(s) do you get when you try to run your f5rancid? > >>>>>> > >>>>>> Where does it fail if you debug your f5login? > >>>>>> > >>>>>> > >>>>>> -lance > >>>>>> > >>>>>> > >>>>>> > >>>>>>> -------- Original Message -------- > >>>>>>> Subject: [rancid] F5 load balancer support > >>>>>>> From: Sam Munzani > >>>>>>> Date: Fri, July 13, 2007 12:45 pm > >>>>>>> To: rancid-discuss at shrubbery.net > >>>>>>> > >>>>>>> Hi, > >>>>>>> > >>>>>>> Did anybody happened to hack one of Cisco scripts to support > >>>>>>> > >>>> BigIP F5 > >>>> > >>>>>>> boxes? It should be pretty simple. All I want to do is login and > >>>>>>> > >>>>> type "b > >>>>> > >>>>>>> list" which is equivalent of "show run" on cisco. > >>>>>>> > >>>>>>> However for some reason things not working. All I did was copied > >>>>>>> > >>>>> clogin > >>>>> > >>>>>>> to f5login, copied rancid to f5rancid and added following to > >>>>>>> > >>>>> rancid-fe. > >>>>> > >>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', > >>>>>>> > >>>> $router); } > >>>> > >>>>>>> Then modified f5 rancid file and kept only one command in list of > >>>>>>> commands "b list". > >>>>>>> > >>>>>>> For some reason its not working. I can post my configs here if > >>>>>>> > >>>>> somebody > >>>>> > >>>>>>> like to see them. > >>>>>>> > >>>>>>> Thanks, > >>>>>>> Sam > >>>>>>> _______________________________________________ > >>>>>>> Rancid-discuss mailing list > >>>>>>> Rancid-discuss at shrubbery.net > >>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>>>>> > >>>>>>> > >>>>>> > >>>>>> > >>>> _______________________________________________ > >>>> Rancid-discuss mailing list > >>>> Rancid-discuss at shrubbery.net > >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>> > >>>> > > > > > > From heas at shrubbery.net Mon Jul 16 21:55:57 2007 From: heas at shrubbery.net (john heasley) Date: Mon, 16 Jul 2007 21:55:57 +0000 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <469BB224.2000609@comcast.net> References: <20070716102053.8e114e4890519e5179c192e02d6bca26.ed552ed684.wbe@email.secureserver.net> <469BB224.2000609@comcast.net> Message-ID: <20070716215557.GT8752@shrubbery.net> A user gave me access to a f5, but I ran out of time and access was removed. So, I have a nearly complete script for it that I'd like to be completed. I'll send it to you separately. Mon, Jul 16, 2007 at 01:00:04PM -0500, Sam Munzani: > Lance, > > That makes perfect sense. Thanks a lot for a very good logical explanation. > > BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below. > > # This routine processes a "write term" > sub BList { > print STDERR " In BList: $_" if ($debug); > my($lineauto,$comment,$linecnt) = (0,0,0); > > while () { > tr/\015//d; > last if(/^$prompt/); > return(-1) if (/command not found/i); > $linecnt++; > $lineauto = 0 if (/^[^ ]/); > # some versions have other crap mixed in with the bits in the > > } > # The ContentEngine lacks a definitive "end of config" marker. If we > # know that it is a CE and we have seen at least 5 lines of b list > # o/p, we can be reasonably sure that we got the config. > if ($linecnt > 5) { > $found_end = 1; > return(1); > } > > return(0); > } > > # dummy function > sub DoNothing {print STDOUT;} > > # Main > %commands=( > 'b list' => "BList" > ); > # keys() doesnt return things in the order entered and the order of the > # cmds is important (show version first and write term last). pita > @commands=( > "b list" > ); > $cisco_cmds=join(";", at commands); > $cmds_regexp=join("|", at commands); > > All I did was changed "write term" to "b list" and changed function name > too. I also changed a little bit around finding the end of input > variable. However it still doesn't work. I get following in my logs. > > starting: Mon Jul 16 12:49:05 CDT 2007 > > > > Trying to get all of the configs. > test-f5-01: End of run not found > ! > ===================================== > Getting missed routers: round 1. > test-f5-01: End of run not found > ! > ===================================== > Getting missed routers: round 2. > test-f5-01: End of run not found > ! > ===================================== > Getting missed routers: round 3. > test-f5-01: End of run not found > ! > ===================================== > Getting missed routers: round 4. > test-f5-01: End of run not found > ! > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs diff: cannot find configs/test-f5-01 > cvs commit: Examining . > cvs commit: Examining configs > cvs commit: Up-to-date check failed for `configs/test-f5-01' > cvs [commit aborted]: correct above errors first! > ls: test-f5-01: No such file or directory > > ending: Mon Jul 16 12:49:32 CDT 2007 > > Any hints would be appreciated. > > Thanks, > Sam > >Sam, > > > >What bldshgalsjd is the prompt is looks for before it sends the > >username. > > > >Example, if the the device prompted you for a username like so, you > >would use the following. > > > >Your User name: > > > >#.cloginrc line > >add userprompt f5* "Your User name:" > > > >This would only send your username if it found the prompt of "Your User > >name:" (minus the ""). So the likely hood that it will find bldshgalsjd > >would be slim to almost impossible. > > > >-lance > > > > > >>-------- Original Message -------- > >>Subject: Re: [rancid] Re: F5 load balancer support > >>From: Sam Munzani > >>Date: Mon, July 16, 2007 9:48 am > >>To: David Croft > >>Cc: Lance , rancid-discuss at shrubbery.net > >> > >>David, > >> > >>Thanks a lot for the tip. This worked well. Now f5login goes much more > >>cleaner and the "root" doesn't set sent again. I still have other issues > >>where rancid-run is backing up config properly but I am still > >>troubleshooting it. > >> > >>Now here is a question. What does "bldshgalsjd" mean and how does it do > >>this miracle? > >> > >>Thanks, > >>Sam > >> > >>>Thanks for this tip, turns out that this is also the reason the > >>>username gets entered at a prompt on the cisco IPS devices. Since it's > >>>using SSH and therefore doesn't need a username prompt, solution was > >>>to simply add in .cloginrc: > >>> > >>>add userprompt ids* bldshgalsjd (<- something that won't get sent > >>>during login) > >>> > >>>Regards, > >>> > >>>David > >>> > >>>On 14/07/07, Lance wrote: > >>> > >>>>Sam, > >>>> > >>>>Have you tried using telnet to login, if the f5 has it enabled. > >>>>You may also want to set auto enable in your .cloginrc for this device > >>>>as it looks to clogin as you are already in a cisco equivalent > >>>> > >>equal to > >> > >>>>enable since your prompt has a # sign in it. > >>>> > >>>>Looking at your next email along with this one it looks like you are > >>>>already in a cisco equivalent of enable after you login. f5login seems > >>>>to be sending your username of root as a command after you get > >>>> > >>connected > >> > >>>>because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from > >>>>172.24.100.12" and it matches on the word "Login". See below. > >>>> > >>>>"(Username|Login|login|user name):"? yes > >>>> > >>>>expect: set expect_out(0,string) "login:" > >>>> > >>>>expect: set expect_out(1,string) "login" > >>>> > >>>>expect: set expect_out(spawn_id) "exp4" > >>>> > >>>>expect: set expect_out(buffer) " \r\nLast login:" > >>>> > >>>>send: sending "root\r" to { exp4 } > >>>> > >>>>expect: continuing expect > >>>> > >>>>You are just using a Cisco login/parsing script so it expects prompts > >>>>from a Cisco device and in this case you have a *nix SSH banner that > >>>>gets interrupted. I know you can use RANCID to backup *nix systems. So > >>>>it knows how to understand connecting to a *nix system. You might want > >>>>to try this email thread which asks about backing up Linux conifgs. > >>>>"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" > >>>> > >>>>Or you could modify the existing f5login like so. > >>>> > >>>>I think you have to use the carrot before the () to work. I haven't > >>>>checked this as I am at home and not on a UNIX system right now. Sorry > >>>>to lazy to check it out right now. You might want to uncomment the > >>>> > >>line > >> > >>>>below 3. and comment out the line below 2. and see if that works. This > >>>>is the only point in the code that I see it look for login in any > >>>> > >>line. > >> > >>>>If that doesn't work send me back the debug and I will see what I can > >>>>do. I am sure some people that use expect more often then I can > >>>> > >>probably > >> > >>>>quickly tell you what to use as syntax there. > >>>> > >>>># Figure out prompts > >>>> set u_prompt [find userprompt $router > >>>>if { "$u_prompt" == "" } { > >>>> #1. ORIGINAL > >>>> #set u_prompt "^(Username|Login|login|user name):" > >>>> #2. Modified to read for a line beginning with > >>>>Username,Login,login, or > >>>>user name. > >>>> set u_prompt "^(Username|Login|login|user name):" > >>>> #3. Modified to read for a line beginning with Login or login. > >>>>but I > >>>>may be wrong > >>>> #set u_prompt "^(Username|^Login|^login|user name):" > >>>> } else { > >>>> set u_prompt [join [lindex $u_prompt 0] ""] > >>>> > >>>> > >>>>Let me know if this works for you. > >>>> > >>>>-Lance > >>>> > >>>> > >>>>>-------- Original Message -------- > >>>>>Subject: Re: [rancid] F5 load balancer support > >>>>>From: Sam Munzani > >>>>>Date: Fri, July 13, 2007 2:30 pm > >>>>>To: Lance > >>>>>Cc: rancid-discuss at shrubbery.net > >>>>> > >>>>>Lance, > >>>>> > >>>>>F5 login works fine with a minor error. > >>>>> > >>>>>$ f5login test-f5-01 > >>>>>test-f5-01 > >>>>>spawn ssh -c 3des -x -l root test-f5-01 > >>>>>Password: > >>>>>Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 > >>>>>root > >>>>>[root at test-f5-01:Active] config # root > >>>>>-bash: root: command not found > >>>>>[root at test-f5-01:Active] config # > >>>>>[root at test-f5-01:Active] config # > >>>>>[root at test-f5-01:Active] config # > >>>>> > >>>>>I don't know how to debug otherwise I would turn on debug too. If > >>>>> > >>you > >> > >>>>>can provide some hints on debug, I would appreciate it. > >>>>> > >>>>>Thanks, > >>>>>Sam > >>>>> > >>>>>>What error(s) do you get when you try to run your f5rancid? > >>>>>> > >>>>>>Where does it fail if you debug your f5login? > >>>>>> > >>>>>> > >>>>>>-lance > >>>>>> > >>>>>> > >>>>>> > >>>>>>>-------- Original Message -------- > >>>>>>>Subject: [rancid] F5 load balancer support > >>>>>>>From: Sam Munzani > >>>>>>>Date: Fri, July 13, 2007 12:45 pm > >>>>>>>To: rancid-discuss at shrubbery.net > >>>>>>> > >>>>>>>Hi, > >>>>>>> > >>>>>>>Did anybody happened to hack one of Cisco scripts to support > >>>>>>> > >>>>BigIP F5 > >>>> > >>>>>>>boxes? It should be pretty simple. All I want to do is login and > >>>>>>> > >>>>>type "b > >>>>> > >>>>>>>list" which is equivalent of "show run" on cisco. > >>>>>>> > >>>>>>>However for some reason things not working. All I did was copied > >>>>>>> > >>>>>clogin > >>>>> > >>>>>>>to f5login, copied rancid to f5rancid and added following to > >>>>>>> > >>>>>rancid-fe. > >>>>> > >>>>>>>elsif ($vendor =~ /^f5$/i) { exec('f5rancid', > >>>>>>> > >>>>$router); } > >>>> > >>>>>>>Then modified f5 rancid file and kept only one command in list of > >>>>>>>commands "b list". > >>>>>>> > >>>>>>>For some reason its not working. I can post my configs here if > >>>>>>> > >>>>>somebody > >>>>> > >>>>>>>like to see them. > >>>>>>> > >>>>>>>Thanks, > >>>>>>>Sam > >>>>>>>_______________________________________________ > >>>>>>>Rancid-discuss mailing list > >>>>>>>Rancid-discuss at shrubbery.net > >>>>>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>>>>> > >>>>>>> > >>>>>> > >>>>>> > >>>>_______________________________________________ > >>>>Rancid-discuss mailing list > >>>>Rancid-discuss at shrubbery.net > >>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>> > >>>> > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Mon Jul 16 22:22:15 2007 From: rancid at gheek.net (Lance) Date: Mon, 16 Jul 2007 15:22:15 -0700 Subject: [rancid] Re: F5 load balancer support Message-ID: <20070716152215.8e114e4890519e5179c192e02d6bca26.d54bb90ca5.wbe@email.secureserver.net> Nice that should be helpful. I just wish I had access to an F5 still. 2 years ago I did, now I don't as I changed companies. hehe. -Lance > -------- Original Message -------- > Subject: [rancid] Re: F5 load balancer support > From: john heasley > Date: Mon, July 16, 2007 2:55 pm > To: Sam Munzani > Cc: rancid-discuss at shrubbery.net > > A user gave me access to a f5, but I ran out of time and access was > removed. > So, I have a nearly complete script for it that I'd like to be completed. > I'll send it to you separately. > > Mon, Jul 16, 2007 at 01:00:04PM -0500, Sam Munzani: > > Lance, > > > > That makes perfect sense. Thanks a lot for a very good logical > explanation. > > > > BTW, this is what I did in f5rancid(a copy of rancid). Modified it > as below. > > > > # This routine processes a "write term" > > sub BList { > > print STDERR " In BList: $_" if ($debug); > > my($lineauto,$comment,$linecnt) = (0,0,0); > > > > while () { > > tr/\015//d; > > last if(/^$prompt/); > > return(-1) if (/command not found/i); > > $linecnt++; > > $lineauto = 0 if (/^[^ ]/); > > # some versions have other crap mixed in with the bits in the > > > > } > > # The ContentEngine lacks a definitive "end of config" marker. > If we > > # know that it is a CE and we have seen at least 5 lines of b list > > # o/p, we can be reasonably sure that we got the config. > > if ($linecnt > 5) { > > $found_end = 1; > > return(1); > > } > > > > return(0); > > } > > > > # dummy function > > sub DoNothing {print STDOUT;} > > > > # Main > > %commands=( > > 'b list' => "BList" > > ); > > # keys() doesnt return things in the order entered and the order of the > > # cmds is important (show version first and write term last). pita > > @commands=( > > "b list" > > ); > > $cisco_cmds=join(";", at commands); > > $cmds_regexp=join("|", at commands); > > > > All I did was changed "write term" to "b list" and changed function > name > > too. I also changed a little bit around finding the end of input > > variable. However it still doesn't work. I get following in my logs. > > > > starting: Mon Jul 16 12:49:05 CDT 2007 > > > > > > > > Trying to get all of the configs. > > test-f5-01: End of run not found > > ! > > ===================================== > > Getting missed routers: round 1. > > test-f5-01: End of run not found > > ! > > ===================================== > > Getting missed routers: round 2. > > test-f5-01: End of run not found > > ! > > ===================================== > > Getting missed routers: round 3. > > test-f5-01: End of run not found > > ! > > ===================================== > > Getting missed routers: round 4. > > test-f5-01: End of run not found > > ! > > > > cvs diff: Diffing . > > cvs diff: Diffing configs > > cvs diff: cannot find configs/test-f5-01 > > cvs commit: Examining . > > cvs commit: Examining configs > > cvs commit: Up-to-date check failed for `configs/test-f5-01' > > cvs [commit aborted]: correct above errors first! > > ls: test-f5-01: No such file or directory > > > > ending: Mon Jul 16 12:49:32 CDT 2007 > > > > Any hints would be appreciated. > > > > Thanks, > > Sam > > >Sam, > > > > > >What bldshgalsjd is the prompt is looks for before it sends the > > >username. > > > > > >Example, if the the device prompted you for a username like so, you > > >would use the following. > > > > > >Your User name: > > > > > >#.cloginrc line > > >add userprompt f5* "Your User name:" > > > > > >This would only send your username if it found the prompt of "Your > User > > >name:" (minus the ""). So the likely hood that it will find > bldshgalsjd > > >would be slim to almost impossible. > > > > > >-lance > > > > > > > > >>-------- Original Message -------- > > >>Subject: Re: [rancid] Re: F5 load balancer support > > >>From: Sam Munzani > > >>Date: Mon, July 16, 2007 9:48 am > > >>To: David Croft > > >>Cc: Lance , rancid-discuss at shrubbery.net > > >> > > >>David, > > >> > > >>Thanks a lot for the tip. This worked well. Now f5login goes much > more > > >>cleaner and the "root" doesn't set sent again. I still have other > issues > > >>where rancid-run is backing up config properly but I am still > > >>troubleshooting it. > > >> > > >>Now here is a question. What does "bldshgalsjd" mean and how does > it do > > >>this miracle? > > >> > > >>Thanks, > > >>Sam > > >> > > >>>Thanks for this tip, turns out that this is also the reason the > > >>>username gets entered at a prompt on the cisco IPS devices. Since > it's > > >>>using SSH and therefore doesn't need a username prompt, solution was > > >>>to simply add in .cloginrc: > > >>> > > >>>add userprompt ids* bldshgalsjd (<- something that won't get sent > > >>>during login) > > >>> > > >>>Regards, > > >>> > > >>>David > > >>> > > >>>On 14/07/07, Lance wrote: > > >>> > > >>>>Sam, > > >>>> > > >>>>Have you tried using telnet to login, if the f5 has it enabled. > > >>>>You may also want to set auto enable in your .cloginrc for this > device > > >>>>as it looks to clogin as you are already in a cisco equivalent > > >>>> > > >>equal to > > >> > > >>>>enable since your prompt has a # sign in it. > > >>>> > > >>>>Looking at your next email along with this one it looks like you > are > > >>>>already in a cisco equivalent of enable after you login. f5login > seems > > >>>>to be sending your username of root as a command after you get > > >>>> > > >>connected > > >> > > >>>>because it sees this line "Last login: Fri Jul 13 14:38:03 2007 > from > > >>>>172.24.100.12" and it matches on the word "Login". See below. > > >>>> > > >>>>"(Username|Login|login|user name):"? yes > > >>>> > > >>>>expect: set expect_out(0,string) "login:" > > >>>> > > >>>>expect: set expect_out(1,string) "login" > > >>>> > > >>>>expect: set expect_out(spawn_id) "exp4" > > >>>> > > >>>>expect: set expect_out(buffer) " \r\nLast login:" > > >>>> > > >>>>send: sending "root\r" to { exp4 } > > >>>> > > >>>>expect: continuing expect > > >>>> > > >>>>You are just using a Cisco login/parsing script so it expects > prompts > > >>>>from a Cisco device and in this case you have a *nix SSH banner > that > > >>>>gets interrupted. I know you can use RANCID to backup *nix > systems. So > > >>>>it knows how to understand connecting to a *nix system. You > might want > > >>>>to try this email thread which asks about backing up Linux conifgs. > > >>>>"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html" > > >>>> > > >>>>Or you could modify the existing f5login like so. > > >>>> > > >>>>I think you have to use the carrot before the () to work. I haven't > > >>>>checked this as I am at home and not on a UNIX system right now. > Sorry > > >>>>to lazy to check it out right now. You might want to uncomment the > > >>>> > > >>line > > >> > > >>>>below 3. and comment out the line below 2. and see if that > works. This > > >>>>is the only point in the code that I see it look for login in any > > >>>> > > >>line. > > >> > > >>>>If that doesn't work send me back the debug and I will see what > I can > > >>>>do. I am sure some people that use expect more often then I can > > >>>> > > >>probably > > >> > > >>>>quickly tell you what to use as syntax there. > > >>>> > > >>>># Figure out prompts > > >>>> set u_prompt [find userprompt $router > > >>>>if { "$u_prompt" == "" } { > > >>>> #1. ORIGINAL > > >>>> #set u_prompt "^(Username|Login|login|user name):" > > >>>> #2. Modified to read for a line beginning with > > >>>>Username,Login,login, or > > >>>>user name. > > >>>> set u_prompt "^(Username|Login|login|user name):" > > >>>> #3. Modified to read for a line beginning with Login or > login. > > >>>>but I > > >>>>may be wrong > > >>>> #set u_prompt "^(Username|^Login|^login|user name):" > > >>>> } else { > > >>>> set u_prompt [join [lindex $u_prompt 0] ""] > > >>>> > > >>>> > > >>>>Let me know if this works for you. > > >>>> > > >>>>-Lance > > >>>> > > >>>> > > >>>>>-------- Original Message -------- > > >>>>>Subject: Re: [rancid] F5 load balancer support > > >>>>>From: Sam Munzani > > >>>>>Date: Fri, July 13, 2007 2:30 pm > > >>>>>To: Lance > > >>>>>Cc: rancid-discuss at shrubbery.net > > >>>>> > > >>>>>Lance, > > >>>>> > > >>>>>F5 login works fine with a minor error. > > >>>>> > > >>>>>$ f5login test-f5-01 > > >>>>>test-f5-01 > > >>>>>spawn ssh -c 3des -x -l root test-f5-01 > > >>>>>Password: > > >>>>>Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 > > >>>>>root > > >>>>>[root at test-f5-01:Active] config # root > > >>>>>-bash: root: command not found > > >>>>>[root at test-f5-01:Active] config # > > >>>>>[root at test-f5-01:Active] config # > > >>>>>[root at test-f5-01:Active] config # > > >>>>> > > >>>>>I don't know how to debug otherwise I would turn on debug too. If > > >>>>> > > >>you > > >> > > >>>>>can provide some hints on debug, I would appreciate it. > > >>>>> > > >>>>>Thanks, > > >>>>>Sam > > >>>>> > > >>>>>>What error(s) do you get when you try to run your f5rancid? > > >>>>>> > > >>>>>>Where does it fail if you debug your f5login? > > >>>>>> > > >>>>>> > > >>>>>>-lance > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>-------- Original Message -------- > > >>>>>>>Subject: [rancid] F5 load balancer support > > >>>>>>>From: Sam Munzani > > >>>>>>>Date: Fri, July 13, 2007 12:45 pm > > >>>>>>>To: rancid-discuss at shrubbery.net > > >>>>>>> > > >>>>>>>Hi, > > >>>>>>> > > >>>>>>>Did anybody happened to hack one of Cisco scripts to support > > >>>>>>> > > >>>>BigIP F5 > > >>>> > > >>>>>>>boxes? It should be pretty simple. All I want to do is login and > > >>>>>>> > > >>>>>type "b > > >>>>> > > >>>>>>>list" which is equivalent of "show run" on cisco. > > >>>>>>> > > >>>>>>>However for some reason things not working. All I did was copied > > >>>>>>> > > >>>>>clogin > > >>>>> > > >>>>>>>to f5login, copied rancid to f5rancid and added following to > > >>>>>>> > > >>>>>rancid-fe. > > >>>>> > > >>>>>>>elsif ($vendor =~ /^f5$/i) { exec('f5rancid', > > >>>>>>> > > >>>>$router); } > > >>>> > > >>>>>>>Then modified f5 rancid file and kept only one command in > list of > > >>>>>>>commands "b list". > > >>>>>>> > > >>>>>>>For some reason its not working. I can post my configs here if > > >>>>>>> > > >>>>>somebody > > >>>>> > > >>>>>>>like to see them. > > >>>>>>> > > >>>>>>>Thanks, > > >>>>>>>Sam > > >>>>>>>_______________________________________________ > > >>>>>>>Rancid-discuss mailing list > > >>>>>>>Rancid-discuss at shrubbery.net > > >>>>>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > >>>>>>> > > >>>>>>> > > >>>>>> > > >>>>>> > > >>>>_______________________________________________ > > >>>>Rancid-discuss mailing list > > >>>>Rancid-discuss at shrubbery.net > > >>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > >>>> > > >>>> > > > > > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From mashcraft at omniture.com Mon Jul 16 18:48:35 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Mon, 16 Jul 2007 12:48:35 -0600 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <469BA37D.4070107@munzani.com> References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> <469BA174.1050902@comcast.net> <469BA37D.4070107@munzani.com> Message-ID: <45EB285310B55542A513F93230F0A5330115D963@EXCHANGE0.orm.omniture.com> Sam, I have a working f5rancid that I have been using for a number of months now. I have one minor bug related to tracking installed SSL certs which you probably don't care about. Other than that, it works great. I did encounter and solve all the problems you have been discussing on the list. Let me know if you are interested in trying what I have. I have tested it with Big-IP 9.1.2. Mike ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani Sent: Monday, July 16, 2007 10:58 AM To: smunzani at comcast.net Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: F5 load balancer support BTW, this is what I see in the log when I do rancid-run now. That means the f5rancid file(hacked copy of rancid) is still missing something. more nfl.20070716.114842 starting: Mon Jul 16 11:48:42 CDT 2007 Trying to get all of the configs. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 1. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 2. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 3. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 4. test-f5-01: End of run not found -bash: write: command not found cvs diff: Diffing . cvs diff: Diffing configs nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007 Trying to get all of the configs. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 1. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 2. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 3. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 4. test-f5-01: End of run not found -bash: write: command not found cvs diff: Diffing . cvs diff: Diffing configs cvs diff: cannot find configs/test-f5-01 cvs commit: Examining . cvs commit: Examining configs cvs commit: Up-to-date check failed for `configs/test-f5-01' cvs [commit aborted]: correct above errors first! ls: test-f5-01: No such file or directory ending: Mon Jul 16 11:49:41 CDT 2007 Thanks, Sam David, Thanks a lot for the tip. This worked well. Now f5login goes much more cleaner and the "root" doesn't set sent again. I still have other issues where rancid-run is backing up config properly but I am still troubleshooting it. Now here is a question. What does "bldshgalsjd" mean and how does it do this miracle? Thanks, Sam Thanks for this tip, turns out that this is also the reason the username gets entered at a prompt on the cisco IPS devices. Since it's using SSH and therefore doesn't need a username prompt, solution was to simply add in .cloginrc: add userprompt ids* bldshgalsjd (<- something that won't get sent during login) Regards, David On 14/07/07, Lance wrote: Sam, Have you tried using telnet to login, if the f5 has it enabled. You may also want to set auto enable in your .cloginrc for this device as it looks to clogin as you are already in a cisco equivalent equal to enable since your prompt has a # sign in it. Looking at your next email along with this one it looks like you are already in a cisco equivalent of enable after you login. f5login seems to be sending your username of root as a command after you get connected because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from 172.24.100.12" and it matches on the word "Login". See below. "(Username|Login|login|user name):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) " \r\nLast login:" send: sending "root\r" to { exp4 } expect: continuing expect You are just using a Cisco login/parsing script so it expects prompts from a Cisco device and in this case you have a *nix SSH banner that gets interrupted. I know you can use RANCID to backup *nix systems. So it knows how to understand connecting to a *nix system. You might want to try this email thread which asks about backing up Linux conifgs. "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht ml" Or you could modify the existing f5login like so. I think you have to use the carrot before the () to work. I haven't checked this as I am at home and not on a UNIX system right now. Sorry to lazy to check it out right now. You might want to uncomment the line below 3. and comment out the line below 2. and see if that works. This is the only point in the code that I see it look for login in any line. If that doesn't work send me back the debug and I will see what I can do. I am sure some people that use expect more often then I can probably quickly tell you what to use as syntax there. # Figure out prompts set u_prompt [find userprompt $router if { "$u_prompt" == "" } { #1. ORIGINAL #set u_prompt "^(Username|Login|login|user name):" #2. Modified to read for a line beginning with Username,Login,login, or user name. set u_prompt "^(Username|Login|login|user name):" #3. Modified to read for a line beginning with Login or login. but I may be wrong #set u_prompt "^(Username|^Login|^login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] Let me know if this works for you. -Lance -------- Original Message -------- Subject: Re: [rancid] F5 load balancer support From: Sam Munzani Date: Fri, July 13, 2007 2:30 pm To: Lance Cc: rancid-discuss at shrubbery.net Lance, F5 login works fine with a minor error. $ f5login test-f5-01 test-f5-01 spawn ssh -c 3des -x -l root test-f5-01 Password: Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root [root at test-f5-01:Active] config # root -bash: root: command not found [root at test-f5-01:Active] config # [root at test-f5-01:Active] config # [root at test-f5-01:Active] config # I don't know how to debug otherwise I would turn on debug too. If you can provide some hints on debug, I would appreciate it. Thanks, Sam What error(s) do you get when you try to run your f5rancid? Where does it fail if you debug your f5login? -lance -------- Original Message -------- Subject: [rancid] F5 load balancer support From: Sam Munzani Date: Fri, July 13, 2007 12:45 pm To: rancid-discuss at shrubbery.net Hi, Did anybody happened to hack one of Cisco scripts to support BigIP F5 boxes? It should be pretty simple. All I want to do is login and type "b list" which is equivalent of "show run" on cisco. However for some reason things not working. All I did was copied clogin to f5login, copied rancid to f5rancid and added following to rancid-fe. elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); } Then modified f5 rancid file and kept only one command in list of commands "b list". For some reason its not working. I can post my configs here if somebody like to see them. Thanks, Sam _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/788b0a25/attachment.html From mashcraft at omniture.com Mon Jul 16 17:21:51 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Mon, 16 Jul 2007 11:21:51 -0600 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <469BA174.1050902@comcast.net> References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> <469BA174.1050902@comcast.net> Message-ID: <45EB285310B55542A513F93230F0A5330115D926@EXCHANGE0.orm.omniture.com> Sam, I've been working on a f5rancid script for some time now. One of my targets was to work with the standard cisco login script [clogin]. The .clogninrc configuration I use with the clogin script for F5 Big-IP is as follows: add user hostname username add userprompt hostname sshONLYnoPrompt #Any string without a match works add autoenable hostname 1 add method hostname ssh add password hostname password Hope this helps, Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani Sent: Monday, July 16, 2007 10:49 AM To: David Croft Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: F5 load balancer support David, Thanks a lot for the tip. This worked well. Now f5login goes much more cleaner and the "root" doesn't set sent again. I still have other issues where rancid-run is backing up config properly but I am still troubleshooting it. Now here is a question. What does "bldshgalsjd" mean and how does it do this miracle? Thanks, Sam > Thanks for this tip, turns out that this is also the reason the > username gets entered at a prompt on the cisco IPS devices. Since it's > using SSH and therefore doesn't need a username prompt, solution was > to simply add in .cloginrc: > > add userprompt ids* bldshgalsjd (<- something that won't get sent > during login) > > Regards, > > David > > On 14/07/07, Lance wrote: >> Sam, >> >> Have you tried using telnet to login, if the f5 has it enabled. >> You may also want to set auto enable in your .cloginrc for this >> device as it looks to clogin as you are already in a cisco equivalent >> equal to enable since your prompt has a # sign in it. >> >> Looking at your next email along with this one it looks like you are >> already in a cisco equivalent of enable after you login. f5login >> seems to be sending your username of root as a command after you get >> connected because it sees this line "Last login: Fri Jul 13 14:38:03 >> 2007 from 172.24.100.12" and it matches on the word "Login". See below. >> >> "(Username|Login|login|user name):"? yes >> >> expect: set expect_out(0,string) "login:" >> >> expect: set expect_out(1,string) "login" >> >> expect: set expect_out(spawn_id) "exp4" >> >> expect: set expect_out(buffer) " \r\nLast login:" >> >> send: sending "root\r" to { exp4 } >> >> expect: continuing expect >> >> You are just using a Cisco login/parsing script so it expects prompts >> from a Cisco device and in this case you have a *nix SSH banner that >> gets interrupted. I know you can use RANCID to backup *nix systems. >> So it knows how to understand connecting to a *nix system. You might >> want to try this email thread which asks about backing up Linux conifgs. >> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht ml" >> >> Or you could modify the existing f5login like so. >> >> I think you have to use the carrot before the () to work. I haven't >> checked this as I am at home and not on a UNIX system right now. >> Sorry to lazy to check it out right now. You might want to uncomment >> the line below 3. and comment out the line below 2. and see if that >> works. This is the only point in the code that I see it look for login in any line. >> If that doesn't work send me back the debug and I will see what I can >> do. I am sure some people that use expect more often then I can >> probably quickly tell you what to use as syntax there. >> >> # Figure out prompts >> set u_prompt [find userprompt $router if { "$u_prompt" == "" } { >> #1. ORIGINAL >> #set u_prompt "^(Username|Login|login|user name):" >> #2. Modified to read for a line beginning with >> Username,Login,login, or user name. >> set u_prompt "^(Username|Login|login|user name):" >> #3. Modified to read for a line beginning with Login or login. >> but I >> may be wrong >> #set u_prompt "^(Username|^Login|^login|user name):" >> } else { >> set u_prompt [join [lindex $u_prompt 0] ""] >> >> >> Let me know if this works for you. >> >> -Lance >> >> > -------- Original Message -------- >> > Subject: Re: [rancid] F5 load balancer support >> > From: Sam Munzani >> > Date: Fri, July 13, 2007 2:30 pm >> > To: Lance >> > Cc: rancid-discuss at shrubbery.net >> > >> > Lance, >> > >> > F5 login works fine with a minor error. >> > >> > $ f5login test-f5-01 >> > test-f5-01 >> > spawn ssh -c 3des -x -l root test-f5-01 >> > Password: >> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root >> > [root at test-f5-01:Active] config # root >> > -bash: root: command not found >> > [root at test-f5-01:Active] config # >> > [root at test-f5-01:Active] config # >> > [root at test-f5-01:Active] config # >> > >> > I don't know how to debug otherwise I would turn on debug too. If >> > you can provide some hints on debug, I would appreciate it. >> > >> > Thanks, >> > Sam >> > > What error(s) do you get when you try to run your f5rancid? >> > > >> > > Where does it fail if you debug your f5login? >> > > >> > > >> > > -lance >> > > >> > > >> > >> -------- Original Message -------- >> > >> Subject: [rancid] F5 load balancer support >> > >> From: Sam Munzani >> > >> Date: Fri, July 13, 2007 12:45 pm >> > >> To: rancid-discuss at shrubbery.net >> > >> >> > >> Hi, >> > >> >> > >> Did anybody happened to hack one of Cisco scripts to support >> BigIP F5 >> > >> boxes? It should be pretty simple. All I want to do is login and >> > type "b >> > >> list" which is equivalent of "show run" on cisco. >> > >> >> > >> However for some reason things not working. All I did was copied >> > clogin >> > >> to f5login, copied rancid to f5rancid and added following to >> > rancid-fe. >> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', >> $router); } >> > >> >> > >> Then modified f5 rancid file and kept only one command in list >> > >> of commands "b list". >> > >> >> > >> For some reason its not working. I can post my configs here if >> > somebody >> > >> like to see them. >> > >> >> > >> Thanks, >> > >> Sam >> > >> _______________________________________________ >> > >> Rancid-discuss mailing list >> > >> Rancid-discuss at shrubbery.net >> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > >> >> > > >> > > >> > > >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From mashcraft at omniture.com Mon Jul 16 15:39:59 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Mon, 16 Jul 2007 09:39:59 -0600 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> Message-ID: <45EB285310B55542A513F93230F0A5330115D89E@EXCHANGE0.orm.omniture.com> Sam, I've been working on a f5rancid script for some time now. One of my targets was to work with the standard cisco login script [clogin]. The .clogninrc configuration I use with the clogin script for F5 Big-IP is as follows: add user hostname username add userprompt hostname sshONLYnoPrompt #Any string without a match works add autoenable hostname 1 add method hostname ssh add password hostname password Hope this helps, Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Sent: Saturday, July 14, 2007 1:11 PM To: smunzani at comcast.net Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: F5 load balancer support Sam, Have you tried using telnet to login, if the f5 has it enabled. You may also want to set auto enable in your .cloginrc for this device as it looks to clogin as you are already in a cisco equivalent equal to enable since your prompt has a # sign in it. Looking at your next email along with this one it looks like you are already in a cisco equivalent of enable after you login. f5login seems to be sending your username of root as a command after you get connected because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from 172.24.100.12" and it matches on the word "Login". See below. "(Username|Login|login|user name):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) " \r\nLast login:" send: sending "root\r" to { exp4 } expect: continuing expect You are just using a Cisco login/parsing script so it expects prompts from a Cisco device and in this case you have a *nix SSH banner that gets interrupted. I know you can use RANCID to backup *nix systems. So it knows how to understand connecting to a *nix system. You might want to try this email thread which asks about backing up Linux conifgs. "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht ml" Or you could modify the existing f5login like so. I think you have to use the carrot before the () to work. I haven't checked this as I am at home and not on a UNIX system right now. Sorry to lazy to check it out right now. You might want to uncomment the line below 3. and comment out the line below 2. and see if that works. This is the only point in the code that I see it look for login in any line. If that doesn't work send me back the debug and I will see what I can do. I am sure some people that use expect more often then I can probably quickly tell you what to use as syntax there. # Figure out prompts set u_prompt [find userprompt $router if { "$u_prompt" == "" } { #1. ORIGINAL #set u_prompt "^(Username|Login|login|user name):" #2. Modified to read for a line beginning with Username,Login,login, or user name. set u_prompt "^(Username|Login|login|user name):" #3. Modified to read for a line beginning with Login or login. but I may be wrong #set u_prompt "^(Username|^Login|^login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] Let me know if this works for you. -Lance > -------- Original Message -------- > Subject: Re: [rancid] F5 load balancer support > From: Sam Munzani > Date: Fri, July 13, 2007 2:30 pm > To: Lance > Cc: rancid-discuss at shrubbery.net > > Lance, > > F5 login works fine with a minor error. > > $ f5login test-f5-01 > test-f5-01 > spawn ssh -c 3des -x -l root test-f5-01 > Password: > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root > [root at test-f5-01:Active] config # root > -bash: root: command not found > [root at test-f5-01:Active] config # > [root at test-f5-01:Active] config # > [root at test-f5-01:Active] config # > > I don't know how to debug otherwise I would turn on debug too. If you > can provide some hints on debug, I would appreciate it. > > Thanks, > Sam > > What error(s) do you get when you try to run your f5rancid? > > > > Where does it fail if you debug your f5login? > > > > > > -lance > > > > > >> -------- Original Message -------- > >> Subject: [rancid] F5 load balancer support > >> From: Sam Munzani > >> Date: Fri, July 13, 2007 12:45 pm > >> To: rancid-discuss at shrubbery.net > >> > >> Hi, > >> > >> Did anybody happened to hack one of Cisco scripts to support BigIP > >> F5 boxes? It should be pretty simple. All I want to do is login and > type "b > >> list" which is equivalent of "show run" on cisco. > >> > >> However for some reason things not working. All I did was copied > clogin > >> to f5login, copied rancid to f5rancid and added following to > rancid-fe. > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); } > >> > >> Then modified f5 rancid file and kept only one command in list of > >> commands "b list". > >> > >> For some reason its not working. I can post my configs here if > somebody > >> like to see them. > >> > >> Thanks, > >> Sam > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > > > > > > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Tue Jul 17 00:32:01 2007 From: rancid at gheek.net (Lance) Date: Mon, 16 Jul 2007 17:32:01 -0700 Subject: [rancid] Re: F5 load balancer support Message-ID: <20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net> I have helped Sam get a working f5rancid which requires a f5login (only because it doesn't recognize the prompt with a space and exit, unless you enter a return before the exit). He is cleaning up all the unused functions and will post it. Once John H. sends out his script I will look at it and see how it differs from the one I did with Sam. I will even help Sam get it working for his setup. We will let you know when it is all working. -lance > -------- Original Message -------- > Subject: [rancid] Re: F5 load balancer support > From: "Mike Ashcraft" > Date: Mon, July 16, 2007 11:48 am > To: > Cc: rancid-discuss at shrubbery.net > > Sam, > > I have a working f5rancid that I have been using for a number of months > now. I have one minor bug related to tracking installed SSL certs > which you probably don't care about. Other than that, it works great. > > I did encounter and solve all the problems you have been discussing on > the list. > > Let me know if you are interested in trying what I have. I have tested > it with Big-IP 9.1.2. > > Mike > > ________________________________ > > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani > Sent: Monday, July 16, 2007 10:58 AM > To: smunzani at comcast.net > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: F5 load balancer support > > > BTW, this is what I see in the log when I do rancid-run now. That means > the f5rancid file(hacked copy of rancid) is still missing something. > > more nfl.20070716.114842 > starting: Mon Jul 16 11:48:42 CDT 2007 > > > > Trying to get all of the configs. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 1. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 2. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 3. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 4. > test-f5-01: End of run not found > -bash: write: command not found > > cvs diff: Diffing . > cvs diff: Diffing configs > nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007 > > > > Trying to get all of the configs. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 1. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 2. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 3. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 4. > test-f5-01: End of run not found > -bash: write: command not found > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs diff: cannot find configs/test-f5-01 > cvs commit: Examining . > cvs commit: Examining configs > cvs commit: Up-to-date check failed for `configs/test-f5-01' > cvs [commit aborted]: correct above errors first! > ls: test-f5-01: No such file or directory > > ending: Mon Jul 16 11:49:41 CDT 2007 > > Thanks, > Sam > > > David, > > Thanks a lot for the tip. This worked well. Now f5login goes > much more > cleaner and the "root" doesn't set sent again. I still have > other issues > where rancid-run is backing up config properly but I am still > troubleshooting it. > > Now here is a question. What does "bldshgalsjd" mean and how > does it do > this miracle? > > Thanks, > Sam > > > Thanks for this tip, turns out that this is also the > reason the > username gets entered at a prompt on the cisco IPS > devices. Since it's > using SSH and therefore doesn't need a username prompt, > solution was > to simply add in .cloginrc: > > add userprompt ids* bldshgalsjd (<- something that > won't get sent > during login) > > Regards, > > David > > On 14/07/07, Lance > wrote: > > > Sam, > > Have you tried using telnet to login, if the f5 > has it enabled. > You may also want to set auto enable in your > .cloginrc for this device > as it looks to clogin as you are already in a > cisco equivalent equal to > enable since your prompt has a # sign in it. > > Looking at your next email along with this one > it looks like you are > already in a cisco equivalent of enable after > you login. f5login seems > to be sending your username of root as a command > after you get connected > because it sees this line "Last login: Fri Jul > 13 14:38:03 2007 from > 172.24.100.12" and it matches on the word > "Login". See below. > > "(Username|Login|login|user name):"? yes > > expect: set expect_out(0,string) "login:" > > expect: set expect_out(1,string) "login" > > expect: set expect_out(spawn_id) "exp4" > > expect: set expect_out(buffer) " \r\nLast > login:" > > send: sending "root\r" to { exp4 } > > expect: continuing expect > > You are just using a Cisco login/parsing script > so it expects prompts > from a Cisco device and in this case you have a > *nix SSH banner that > gets interrupted. I know you can use RANCID to > backup *nix systems. So > it knows how to understand connecting to a *nix > system. You might want > to try this email thread which asks about > backing up Linux conifgs. > > "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht > ml" > ml> > > Or you could modify the existing f5login like > so. > > I think you have to use the carrot before the () > to work. I haven't > checked this as I am at home and not on a UNIX > system right now. Sorry > to lazy to check it out right now. You might > want to uncomment the line > below 3. and comment out the line below 2. and > see if that works. This > is the only point in the code that I see it look > for login in any line. > If that doesn't work send me back the debug and > I will see what I can > do. I am sure some people that use expect more > often then I can probably > quickly tell you what to use as syntax there. > > # Figure out prompts > set u_prompt [find userprompt $router > if { "$u_prompt" == "" } { > #1. ORIGINAL > #set u_prompt > "^(Username|Login|login|user name):" > #2. Modified to read for a line beginning > with > Username,Login,login, or > user name. > set u_prompt "^(Username|Login|login|user > name):" > #3. Modified to read for a line beginning > with Login or login. > but I > may be wrong > #set u_prompt > "^(Username|^Login|^login|user name):" > } else { > set u_prompt [join [lindex $u_prompt 0] > ""] > > > Let me know if this works for you. > > -Lance > > > > -------- Original Message -------- > Subject: Re: [rancid] F5 load balancer > support > From: Sam Munzani > > Date: Fri, July 13, 2007 2:30 pm > To: Lance > > Cc: rancid-discuss at shrubbery.net > > Lance, > > F5 login works fine with a minor error. > > $ f5login test-f5-01 > test-f5-01 > spawn ssh -c 3des -x -l root test-f5-01 > Password: > Last login: Fri Jul 13 14:26:28 2007 > from 172.24.100.12 > root > [root at test-f5-01:Active] config # root > -bash: root: command not found > [root at test-f5-01:Active] config # > [root at test-f5-01:Active] config # > [root at test-f5-01:Active] config # > > I don't know how to debug otherwise I > would turn on debug too. If you > can provide some hints on debug, I would > appreciate it. > > Thanks, > Sam > > > What error(s) do you get when you try to > run your f5rancid? > > Where does it fail if you debug your > f5login? > > > -lance > > > > > -------- Original Message -------- > Subject: [rancid] F5 load balancer > support > From: Sam Munzani > > Date: Fri, July 13, 2007 12:45 pm > To: rancid-discuss at shrubbery.net > > Hi, > > Did anybody happened to hack one of > Cisco scripts to support > > > BigIP F5 > > > boxes? It should be pretty simple. All I > want to do is login and > > > type "b > > > list" which is equivalent of "show run" > on cisco. > > However for some reason things not > working. All I did was copied > > > clogin > > > to f5login, copied rancid to f5rancid > and added following to > > > rancid-fe. > > > elsif ($vendor =~ /^f5$/i) > { exec('f5rancid', > > > $router); } > > > Then modified f5 rancid file and kept > only one command in list of > commands "b list". > > For some reason its not working. I can > post my configs here if > > > somebody > > > like to see them. > > Thanks, > Sam > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Joe.Marr at brodart.com Tue Jul 17 03:15:50 2007 From: Joe.Marr at brodart.com (Marr, Joe) Date: Mon, 16 Jul 2007 23:15:50 -0400 Subject: [rancid] issue with email diffs Message-ID: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal> I seem to have a problem with the config diffs I receive from rancid: Index: configs/XXXX-cor01.XXXX.com =================================================================== retrieving revision 1.38 diff -U-4 -r1.38 XXXX-cor01.XXXX.com Index: configs/XXXX-cor05.XXXX.com =================================================================== retrieving revision 1.29 diff -U-4 -r1.29 XXXX-cor05.XXXX.com when I receive an email with a diff, I only see the above text in the email. I do not receive the actual differences. Why would this happen? Joe Marr CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the individual to whom it is addressed, and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you have received this email in error, please notify the sender by reply email and destroy this message and its attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/d949b2e5/attachment.html From tex at off.org Tue Jul 17 07:59:19 2007 From: tex at off.org (Austin Schutz) Date: Tue, 17 Jul 2007 00:59:19 -0700 Subject: [rancid] Re: issue with email diffs In-Reply-To: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal> References: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal> Message-ID: <20070717075919.GH20223@gblx.net> On Mon, Jul 16, 2007 at 11:15:50PM -0400, Marr, Joe wrote: > I seem to have a problem with the config diffs I receive from rancid: > > > > Index: configs/XXXX-cor01.XXXX.com > =================================================================== > > retrieving revision 1.38 > > diff -U-4 -r1.38 XXXX-cor01.XXXX.com > > Index: configs/XXXX-cor05.XXXX.com > =================================================================== > > retrieving revision 1.29 > > diff -U-4 -r1.29 XXXX-cor05.XXXX.com > > > > when I receive an email with a diff, I only see the above text in the > email. I do not receive the actual differences. > > > > Why would this happen? > In control_rancid it looks like changes where only whitespace changes get cut from the diff output. There's probably a newline added or subtracted, or something of that nature. Austin From matjaz.straus at arnes.si Tue Jul 17 08:56:21 2007 From: matjaz.straus at arnes.si (Matjaz Straus) Date: Tue, 17 Jul 2007 10:56:21 +0200 Subject: [rancid] clogin that reads passwords from stdin Message-ID: <20070717085621.C510EABE16@rzenik.arnes.si> Hi, all! We've disliked the idea that router passwords are stored on disk while clogin is being executed. Therefore, we wrote a small patch that allows clogin to read passwords from STDIN (with a "-f -" option). You might find this patch interesting. Example of usage: some_prog_that_writes_cloginrc 2>/dev/null |clogin -f - -c "sh ver" device_name Regards, Matjaz P.S. Another minor thing -- I've found "term width 0" in clogin very useful. -- Matjaz Straus, ARNES matjaz.straus at arnes.si MS6745-RIPE Jamova 39, p.p.7, SI-1001 Ljubljana, Slovenija tel:+386 1 479-88-00 fax:+386 1 479-88-99 http://www.arnes.si/ PGP public key at: http://www.arnes.si/~matjaz/ keyID 7AB260CD 1998-11-04 key fingerprint = 32 23 95 63 FE D3 FF C9 7B 88 21 A6 0C A9 3B 5E ------------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: clogin.patch Type: application/x-patch Size: 2154 bytes Desc: clogin.patch Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/0a7c92f0/attachment.bin From Joe.Marr at brodart.com Tue Jul 17 13:26:40 2007 From: Joe.Marr at brodart.com (Marr, Joe) Date: Tue, 17 Jul 2007 09:26:40 -0400 Subject: [rancid] Re: issue with email diffs In-Reply-To: <20070717075919.GH20223@gblx.net> References: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal> <20070717075919.GH20223@gblx.net> Message-ID: <6035911CB587A2418E439316750F70670AADE890@mailserver.nexus.brodart.internal> I checked that, I have about 75 devices several of them with ACLs that are updated weekly. The changes never show up. This is only recent. I originally thought it was a setting, however I have not found it. We migrated the system from one box to another and the problem showed up shortly after. The configs and changes appear to be commited to CVS. Joe Marr CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the individual to whom it is addressed, and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you have received this email in error, please notify the sender by reply email and destroy this message and its attachments. -----Original Message----- From: Austin Schutz [mailto:tex at off.org] Sent: Tuesday, July 17, 2007 3:59 AM To: Marr, Joe Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] issue with email diffs On Mon, Jul 16, 2007 at 11:15:50PM -0400, Marr, Joe wrote: > I seem to have a problem with the config diffs I receive from rancid: > > > > Index: configs/XXXX-cor01.XXXX.com > =================================================================== > > retrieving revision 1.38 > > diff -U-4 -r1.38 XXXX-cor01.XXXX.com > > Index: configs/XXXX-cor05.XXXX.com > =================================================================== > > retrieving revision 1.29 > > diff -U-4 -r1.29 XXXX-cor05.XXXX.com > > > > when I receive an email with a diff, I only see the above text in the > email. I do not receive the actual differences. > > > > Why would this happen? > In control_rancid it looks like changes where only whitespace changes get cut from the diff output. There's probably a newline added or subtracted, or something of that nature. Austin From heas at shrubbery.net Tue Jul 17 16:29:50 2007 From: heas at shrubbery.net (john heasley) Date: Tue, 17 Jul 2007 16:29:50 +0000 Subject: [rancid] Re: issue with email diffs In-Reply-To: <6035911CB587A2418E439316750F70670AADE890@mailserver.nexus.brodart.internal> References: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal> <20070717075919.GH20223@gblx.net> <6035911CB587A2418E439316750F70670AADE890@mailserver.nexus.brodart.internal> Message-ID: <20070717162950.GK28116@shrubbery.net> Tue, Jul 17, 2007 at 09:26:40AM -0400, Marr, Joe: > I checked that, I have about 75 devices several of them with ACLs that > are updated weekly. The changes never show up. > > This is only recent. I originally thought it was a setting, however I > have not found it. We migrated the system from one box to another and > the problem showed up shortly after. The configs and changes appear to > be commited to CVS. my guess is that my autoconf tests lost; does your diff really like 'diff -U-4'? try it out; cvs diff -U-4 -r1.37 -r1.38 XXXX-cor01.XXXX.com > > I seem to have a problem with the config diffs I receive from rancid: > > > > > > > > Index: configs/XXXX-cor01.XXXX.com > > =================================================================== > > > > retrieving revision 1.38 > > > > diff -U-4 -r1.38 XXXX-cor01.XXXX.com > > > > Index: configs/XXXX-cor05.XXXX.com > > =================================================================== > > > > retrieving revision 1.29 > > > > diff -U-4 -r1.29 XXXX-cor05.XXXX.com > > > > > > > > when I receive an email with a diff, I only see the above text in the > > email. I do not receive the actual differences. > > > > > > > > Why would this happen? > > > > In control_rancid it looks like changes where only whitespace > changes > get cut from the diff output. There's probably a newline added or > subtracted, > or something of that nature. > > Austin > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From mashcraft at omniture.com Tue Jul 17 17:49:18 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Tue, 17 Jul 2007 11:49:18 -0600 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <469C200F.4020909@munzani.com> References: <20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net> <469C200F.4020909@munzani.com> Message-ID: <45EB285310B55542A513F93230F0A5330115DB4F@EXCHANGE0.orm.omniture.com> I have been on vacation for the last couple of weeks or I would have posted this sooner and possibly saved some of you a bit of effort. It sounds like Lance and Sam have put together a working f5rancid with basic functionality which Sam posted last night. I have attached my f5rancid which I have been running for a few months. Installation instructions are included as comments in the file. This version uses clogin so that a separate f5login script is not required. This version formats and processes the output to make it more usable. As far as what is captured, I based this on the F5 equivalent of a tech out. It grabs a copy of all the configuration files, hardware configuration and software version as well as the timestamps and file sizes for SSL certs hosted on the device. This facilitates rebuilding from scratch as quickly as possible if this is ever needed. I was able to resolve the bug I mentioned yesterday by increasing the clogin timeout. On a small number of devices it failed to process the last few commands when running from cron but always worked properly from the command line on all devices [making it difficult to track down]. I mention this because it may be an appropriate fix for other intermittent problems sometimes discussed on this list. Any feedback is appreciated. I hope to get f5 support added to future releases of rancid. Thanks, Mike ________________________________ From: Sam Munzani [mailto:sam at munzani.com] Sent: Monday, July 16, 2007 7:49 PM To: Lance Cc: Mike Ashcraft; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: F5 load balancer support Lance, Thanks a lot for all your help. Pretty much you did all the work while I watched what you are doing :-).. Attached are cleaned up files. In f5rancid file, I have left some basic functions(non platform specific) just in case we expand this script to do a lot more than just "b list" output. In rancid-fe, we defined a new device type "f5", f5login was copied from clogin and remarked some "term length" statements we don't need on F5. All 3 files are attached and working great. Please be aware, we are not parsing anything at all. All its doing is basic function of running "b list" command and capturing its output. As I expand more on this, I will be sure to share with the audience here. Again, thanks a lot for all your help today. Regards, Sam I have helped Sam get a working f5rancid which requires a f5login (only because it doesn't recognize the prompt with a space and exit, unless you enter a return before the exit). He is cleaning up all the unused functions and will post it. Once John H. sends out his script I will look at it and see how it differs from the one I did with Sam. I will even help Sam get it working for his setup. We will let you know when it is all working. -lance -------- Original Message -------- Subject: [rancid] Re: F5 load balancer support From: "Mike Ashcraft" Date: Mon, July 16, 2007 11:48 am To: Cc: rancid-discuss at shrubbery.net Sam, I have a working f5rancid that I have been using for a number of months now. I have one minor bug related to tracking installed SSL certs which you probably don't care about. Other than that, it works great. I did encounter and solve all the problems you have been discussing on the list. Let me know if you are interested in trying what I have. I have tested it with Big-IP 9.1.2. Mike ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani Sent: Monday, July 16, 2007 10:58 AM To: smunzani at comcast.net Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: F5 load balancer support BTW, this is what I see in the log when I do rancid-run now. That means the f5rancid file(hacked copy of rancid) is still missing something. more nfl.20070716.114842 starting: Mon Jul 16 11:48:42 CDT 2007 Trying to get all of the configs. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 1. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 2. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 3. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 4. test-f5-01: End of run not found -bash: write: command not found cvs diff: Diffing . cvs diff: Diffing configs nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007 Trying to get all of the configs. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 1. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 2. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 3. test-f5-01: End of run not found -bash: write: command not found ===================================== Getting missed routers: round 4. test-f5-01: End of run not found -bash: write: command not found cvs diff: Diffing . cvs diff: Diffing configs cvs diff: cannot find configs/test-f5-01 cvs commit: Examining . cvs commit: Examining configs cvs commit: Up-to-date check failed for `configs/test-f5-01' cvs [commit aborted]: correct above errors first! ls: test-f5-01: No such file or directory ending: Mon Jul 16 11:49:41 CDT 2007 Thanks, Sam David, Thanks a lot for the tip. This worked well. Now f5login goes much more cleaner and the "root" doesn't set sent again. I still have other issues where rancid-run is backing up config properly but I am still troubleshooting it. Now here is a question. What does "bldshgalsjd" mean and how does it do this miracle? Thanks, Sam Thanks for this tip, turns out that this is also the reason the username gets entered at a prompt on the cisco IPS devices. Since it's using SSH and therefore doesn't need a username prompt, solution was to simply add in .cloginrc: add userprompt ids* bldshgalsjd (<- something that won't get sent during login) Regards, David On 14/07/07, Lance wrote: Sam, Have you tried using telnet to login, if the f5 has it enabled. You may also want to set auto enable in your .cloginrc for this device as it looks to clogin as you are already in a cisco equivalent equal to enable since your prompt has a # sign in it. Looking at your next email along with this one it looks like you are already in a cisco equivalent of enable after you login. f5login seems to be sending your username of root as a command after you get connected because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from 172.24.100.12" and it matches on the word "Login". See below. "(Username|Login|login|user name):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) " \r\nLast login:" send: sending "root\r" to { exp4 } expect: continuing expect You are just using a Cisco login/parsing script so it expects prompts from a Cisco device and in this case you have a *nix SSH banner that gets interrupted. I know you can use RANCID to backup *nix systems. So it knows how to understand connecting to a *nix system. You might want to try this email thread which asks about backing up Linux conifgs. "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht ml" Or you could modify the existing f5login like so. I think you have to use the carrot before the () to work. I haven't checked this as I am at home and not on a UNIX system right now. Sorry to lazy to check it out right now. You might want to uncomment the line below 3. and comment out the line below 2. and see if that works. This is the only point in the code that I see it look for login in any line. If that doesn't work send me back the debug and I will see what I can do. I am sure some people that use expect more often then I can probably quickly tell you what to use as syntax there. # Figure out prompts set u_prompt [find userprompt $router if { "$u_prompt" == "" } { #1. ORIGINAL #set u_prompt "^(Username|Login|login|user name):" #2. Modified to read for a line beginning with Username,Login,login, or user name. set u_prompt "^(Username|Login|login|user name):" #3. Modified to read for a line beginning with Login or login. but I may be wrong #set u_prompt "^(Username|^Login|^login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] Let me know if this works for you. -Lance -------- Original Message -------- Subject: Re: [rancid] F5 load balancer support From: Sam Munzani Date: Fri, July 13, 2007 2:30 pm To: Lance Cc: rancid-discuss at shrubbery.net Lance, F5 login works fine with a minor error. $ f5login test-f5-01 test-f5-01 spawn ssh -c 3des -x -l root test-f5-01 Password: Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root [root at test-f5-01:Active] config # root -bash: root: command not found [root at test-f5-01:Active] config # [root at test-f5-01:Active] config # [root at test-f5-01:Active] config # I don't know how to debug otherwise I would turn on debug too. If you can provide some hints on debug, I would appreciate it. Thanks, Sam What error(s) do you get when you try to run your f5rancid? Where does it fail if you debug your f5login? -lance -------- Original Message -------- Subject: [rancid] F5 load balancer support From: Sam Munzani Date: Fri, July 13, 2007 12:45 pm To: rancid-discuss at shrubbery.net Hi, Did anybody happened to hack one of Cisco scripts to support BigIP F5 boxes? It should be pretty simple. All I want to do is login and type "b list" which is equivalent of "show run" on cisco. However for some reason things not working. All I did was copied clogin to f5login, copied rancid to f5rancid and added following to rancid-fe. elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); } Then modified f5 rancid file and kept only one command in list of commands "b list". For some reason its not working. I can post my configs here if somebody like to see them. Thanks, Sam _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
________ _______________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/dfa722e0/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: f5rancid Type: application/octet-stream Size: 8752 bytes Desc: f5rancid Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/dfa722e0/attachment.obj From rancid at gheek.net Tue Jul 17 18:00:25 2007 From: rancid at gheek.net (Lance) Date: Tue, 17 Jul 2007 11:00:25 -0700 Subject: [rancid] Re: F5 load balancer support Message-ID: <20070717110025.8e114e4890519e5179c192e02d6bca26.2c7708e391.wbe@email.secureserver.net> Mike, Looks really nice. I am guessing the bigip.conf or the other file is what is displayed with "b list". -Lance > -------- Original Message -------- > Subject: RE: [rancid] Re: F5 load balancer support > From: "Mike Ashcraft" > Date: Tue, July 17, 2007 10:49 am > To: , "Lance" > Cc: > > I have been on vacation for the last couple of weeks or I would have > posted this sooner and possibly saved some of you a bit of effort. > > It sounds like Lance and Sam have put together a working f5rancid with > basic functionality which Sam posted last night. I have attached my > f5rancid which I have been running for a few months. Installation > instructions are included as comments in the file. This version uses > clogin so that a separate f5login script is not required. > > This version formats and processes the output to make it more usable. > As far as what is captured, I based this on the F5 equivalent of a tech > out. It grabs a copy of all the configuration files, hardware > configuration and software version as well as the timestamps and file > sizes for SSL certs hosted on the device. This facilitates rebuilding > from scratch as quickly as possible if this is ever needed. > > I was able to resolve the bug I mentioned yesterday by increasing the > clogin timeout. On a small number of devices it failed to process the > last few commands when running from cron but always worked properly from > the command line on all devices [making it difficult to track down]. I > mention this because it may be an appropriate fix for other intermittent > problems sometimes discussed on this list. > > Any feedback is appreciated. I hope to get f5 support added to future > releases of rancid. > > Thanks, > > Mike > > > > ________________________________ > > From: Sam Munzani [mailto:sam at munzani.com] > Sent: Monday, July 16, 2007 7:49 PM > To: Lance > Cc: Mike Ashcraft; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: F5 load balancer support > > > Lance, > > Thanks a lot for all your help. Pretty much you did all the work while I > watched what you are doing :-).. > > Attached are cleaned up files. In f5rancid file, I have left some basic > functions(non platform specific) just in case we expand this script to > do a lot more than just "b list" output. In rancid-fe, we defined a new > device type "f5", f5login was copied from clogin and remarked some "term > length" statements we don't need on F5. > > All 3 files are attached and working great. Please be aware, we are not > parsing anything at all. All its doing is basic function of running "b > list" command and capturing its output. As I expand more on this, I will > be sure to share with the audience here. > > Again, thanks a lot for all your help today. > > Regards, > Sam > > > I have helped Sam get a working f5rancid which requires a > f5login (only > because it doesn't recognize the prompt with a space and exit, > unless > you enter a return before the exit). He is cleaning up all the > unused > functions and will post it. > > Once John H. sends out his script I will look at it and see how > it > differs from the one I did with Sam. I will even help Sam get it > working > for his setup. We will let you know when it is all working. > > -lance > > > > -------- Original Message -------- > Subject: [rancid] Re: F5 load balancer support > From: "Mike Ashcraft" > > Date: Mon, July 16, 2007 11:48 am > To: > Cc: rancid-discuss at shrubbery.net > > Sam, > > I have a working f5rancid that I have been using for a > number of months > now. I have one minor bug related to tracking > installed SSL certs > which you probably don't care about. Other than that, > it works great. > > I did encounter and solve all the problems you have been > discussing on > the list. > > Let me know if you are interested in trying what I have. > I have tested > it with Big-IP 9.1.2. > > Mike > > ________________________________ > > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf > Of Sam Munzani > Sent: Monday, July 16, 2007 10:58 AM > To: smunzani at comcast.net > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: F5 load balancer support > > > BTW, this is what I see in the log when I do rancid-run > now. That means > the f5rancid file(hacked copy of rancid) is still > missing something. > > more nfl.20070716.114842 > starting: Mon Jul 16 11:48:42 CDT 2007 > > > > Trying to get all of the configs. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 1. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 2. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 3. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 4. > test-f5-01: End of run not found > -bash: write: command not found > > cvs diff: Diffing . > cvs diff: Diffing configs > nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT > 2007 > > > > Trying to get all of the configs. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 1. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 2. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 3. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 4. > test-f5-01: End of run not found > -bash: write: command not found > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs diff: cannot find configs/test-f5-01 > cvs commit: Examining . > cvs commit: Examining configs > cvs commit: Up-to-date check failed for > `configs/test-f5-01' > cvs [commit aborted]: correct above errors first! > ls: test-f5-01: No such file or directory > > ending: Mon Jul 16 11:49:41 CDT 2007 > > Thanks, > Sam > > > David, > > Thanks a lot for the tip. This worked well. Now > f5login goes > much more > cleaner and the "root" doesn't set sent again. I > still have > other issues > where rancid-run is backing up config properly > but I am still > troubleshooting it. > > Now here is a question. What does "bldshgalsjd" > mean and how > does it do > this miracle? > > Thanks, > Sam > > > Thanks for this tip, turns out that this > is also the > reason the > username gets entered at a prompt on the > cisco IPS > devices. Since it's > using SSH and therefore doesn't need a > username prompt, > solution was > to simply add in .cloginrc: > > add userprompt ids* bldshgalsjd (<- > something that > won't get sent > during login) > > Regards, > > David > > On 14/07/07, Lance > > > wrote: > > > Sam, > > Have you tried using telnet to > login, if the f5 > has it enabled. > You may also want to set auto > enable in your > .cloginrc for this device > as it looks to clogin as you are > already in a > cisco equivalent equal to > enable since your prompt has a # > sign in it. > > Looking at your next email along > with this one > it looks like you are > already in a cisco equivalent of > enable after > you login. f5login seems > to be sending your username of > root as a command > after you get connected > because it sees this line "Last > login: Fri Jul > 13 14:38:03 2007 from > 172.24.100.12" and it matches on > the word > "Login". See below. > > "(Username|Login|login|user > name):"? yes > > expect: set expect_out(0,string) > "login:" > > expect: set expect_out(1,string) > "login" > > expect: set expect_out(spawn_id) > "exp4" > > expect: set expect_out(buffer) " > \r\nLast > login:" > > send: sending "root\r" to { exp4 > } > > expect: continuing expect > > You are just using a Cisco > login/parsing script > so it expects prompts > from a Cisco device and in this > case you have a > *nix SSH banner that > gets interrupted. I know you can > use RANCID to > backup *nix systems. So > it knows how to understand > connecting to a *nix > system. You might want > to try this email thread which > asks about > backing up Linux conifgs. > > > "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht > ml" > ml> > > ml> > ml> > > Or you could modify the existing > f5login like > so. > > I think you have to use the > carrot before the () > to work. I haven't > checked this as I am at home and > not on a UNIX > system right now. Sorry > to lazy to check it out right > now. You might > want to uncomment the line > below 3. and comment out the > line below 2. and > see if that works. This > is the only point in the code > that I see it look > for login in any line. > If that doesn't work send me > back the debug and > I will see what I can > do. I am sure some people that > use expect more > often then I can probably > quickly tell you what to use as > syntax there. > > # Figure out prompts > set u_prompt [find userprompt > $router > if { "$u_prompt" == "" } { > #1. ORIGINAL > #set u_prompt > "^(Username|Login|login|user name):" > #2. Modified to read for > a line beginning > with > Username,Login,login, or > user name. > set u_prompt > "^(Username|Login|login|user > name):" > #3. Modified to read for > a line beginning > with Login or login. > but I > may be wrong > #set u_prompt > "^(Username|^Login|^login|user name):" > } else { > set u_prompt [join > [lindex $u_prompt 0] > ""] > > > Let me know if this works for > you. > > -Lance > > > > -------- Original > Message -------- > Subject: Re: [rancid] > F5 load balancer > support > From: Sam Munzani > > > > Date: Fri, July 13, 2007 > 2:30 pm > To: Lance > > > Cc: > rancid-discuss at shrubbery.net > > Lance, > > F5 login works fine with > a minor error. > > $ f5login test-f5-01 > test-f5-01 > spawn ssh -c 3des -x -l > root test-f5-01 > Password: > Last login: Fri Jul 13 > 14:26:28 2007 > from 172.24.100.12 > root > [root at test-f5-01:Active] > config # root > -bash: root: command not > found > [root at test-f5-01:Active] > config # > [root at test-f5-01:Active] > config # > [root at test-f5-01:Active] > config # > > I don't know how to > debug otherwise I > would turn on debug too. If you > can provide some hints > on debug, I would > appreciate it. > > Thanks, > Sam > > > What error(s) do you get > when you try to > run your f5rancid? > > Where does it fail if > you debug your > f5login? > > > -lance > > > > > -------- Original > Message -------- > Subject: [rancid] F5 > load balancer > support > From: Sam Munzani > > > > Date: Fri, July 13, 2007 > 12:45 pm > To: > rancid-discuss at shrubbery.net > > Hi, > > Did anybody happened to > hack one of > Cisco scripts to support > > > BigIP F5 > > > boxes? It should be > pretty simple. All I > want to do is login and > > > type "b > > > list" which is > equivalent of "show run" > on cisco. > > However for some reason > things not > working. All I did was copied > > > clogin > > > to f5login, copied > rancid to f5rancid > and added following to > > > rancid-fe. > > > elsif ($vendor =~ > /^f5$/i) > { exec('f5rancid', > > > $router); } > > > Then modified f5 rancid > file and kept > only one command in list of > commands "b list". > > For some reason its not > working. I can > post my configs here if > > > somebody > > > like to see them. > > Thanks, > Sam > > _______________________________________________ > Rancid-discuss mailing > list > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
________ > _______________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rmordasiewicz at samuelmanutech.com Tue Jul 17 19:31:01 2007 From: rmordasiewicz at samuelmanutech.com (Robin Mordasiewicz) Date: Tue, 17 Jul 2007 15:31:01 -0400 (EDT) Subject: [rancid] Re: F5 load balancer support In-Reply-To: <45EB285310B55542A513F93230F0A5330115DB4F@EXCHANGE0.orm.omniture.com> References: <20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net> <469C200F.4020909@munzani.com> <45EB285310B55542A513F93230F0A5330115DB4F@EXCHANGE0.orm.omniture.com> Message-ID: On Tue, 17 Jul 2007, Mike Ashcraft wrote: > It sounds like Lance and Sam have put together a working f5rancid with > basic functionality which Sam posted last night. I have attached my > f5rancid which I have been running for a few months. Installation > instructions are included as comments in the file. This version uses > clogin so that a separate f5login script is not required. > > This version formats and processes the output to make it more usable. > As far as what is captured, I based this on the F5 equivalent of a tech > out. It grabs a copy of all the configuration files, hardware > configuration and software version as well as the timestamps and file > sizes for SSL certs hosted on the device. This facilitates rebuilding > from scratch as quickly as possible if this is ever needed. > > I was able to resolve the bug I mentioned yesterday by increasing the > clogin timeout. On a small number of devices it failed to process the > last few commands when running from cron but always worked properly from > the command line on all devices [making it difficult to track down]. I > mention this because it may be an appropriate fix for other intermittent > problems sometimes discussed on this list. > > Any feedback is appreciated. I hope to get f5 support added to future > releases of rancid. I just installed the file and followed the instructions and it worked. One thing you might want to add in the instructions is that the user must edit the rancid-fe file to assiciate the device type with executing this file, however if this becomes part of the main distribution then it will just work. -- From mashcraft at omniture.com Tue Jul 17 19:35:22 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Tue, 17 Jul 2007 13:35:22 -0600 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <20070717110025.8e114e4890519e5179c192e02d6bca26.2c7708e391.wbe@email.secureserver.net> References: <20070717110025.8e114e4890519e5179c192e02d6bca26.2c7708e391.wbe@email.secureserver.net> Message-ID: <45EB285310B55542A513F93230F0A5330115DBAD@EXCHANGE0.orm.omniture.com> Lance, Thanks for the feedback. "b list" and "cat bigip.conf" are equivalent with the exception that b list may reflect changes made in the cli that are not saved and will be lost on reboot. Changes made using the web configuration tool are automatically saved. "b list" may also limit what the rancid user can see to a partial view if the user is not given sufficient rights. This file has the software configuration. The other file, bigip_base.conf contains interface configuration, management IP addresses, routing, VLANs etc. One could debate whether the f5rancid script should get the saved configuration files or the running config or both. For cisco devices, rancid obtains both. I'll look at adding both. Mike -----Original Message----- From: Lance [mailto:rancid at gheek.net] Sent: Tuesday, July 17, 2007 12:00 PM To: Mike Ashcraft Cc: rancid-discuss at shrubbery.net; sam at munzani.com Subject: RE: [rancid] Re: F5 load balancer support Mike, Looks really nice. I am guessing the bigip.conf or the other file is what is displayed with "b list". -Lance > -------- Original Message -------- > Subject: RE: [rancid] Re: F5 load balancer support > From: "Mike Ashcraft" > Date: Tue, July 17, 2007 10:49 am > To: , "Lance" > Cc: > > I have been on vacation for the last couple of weeks or I would have > posted this sooner and possibly saved some of you a bit of effort. > > It sounds like Lance and Sam have put together a working f5rancid with > basic functionality which Sam posted last night. I have attached my > f5rancid which I have been running for a few months. Installation > instructions are included as comments in the file. This version uses > clogin so that a separate f5login script is not required. > > This version formats and processes the output to make it more usable. > As far as what is captured, I based this on the F5 equivalent of a tech > out. It grabs a copy of all the configuration files, hardware > configuration and software version as well as the timestamps and file > sizes for SSL certs hosted on the device. This facilitates rebuilding > from scratch as quickly as possible if this is ever needed. > > I was able to resolve the bug I mentioned yesterday by increasing the > clogin timeout. On a small number of devices it failed to process the > last few commands when running from cron but always worked properly from > the command line on all devices [making it difficult to track down]. I > mention this because it may be an appropriate fix for other intermittent > problems sometimes discussed on this list. > > Any feedback is appreciated. I hope to get f5 support added to future > releases of rancid. > > Thanks, > > Mike > > > > ________________________________ > > From: Sam Munzani [mailto:sam at munzani.com] > Sent: Monday, July 16, 2007 7:49 PM > To: Lance > Cc: Mike Ashcraft; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: F5 load balancer support > > > Lance, > > Thanks a lot for all your help. Pretty much you did all the work while I > watched what you are doing :-).. > > Attached are cleaned up files. In f5rancid file, I have left some basic > functions(non platform specific) just in case we expand this script to > do a lot more than just "b list" output. In rancid-fe, we defined a new > device type "f5", f5login was copied from clogin and remarked some "term > length" statements we don't need on F5. > > All 3 files are attached and working great. Please be aware, we are not > parsing anything at all. All its doing is basic function of running "b > list" command and capturing its output. As I expand more on this, I will > be sure to share with the audience here. > > Again, thanks a lot for all your help today. > > Regards, > Sam > > > I have helped Sam get a working f5rancid which requires a > f5login (only > because it doesn't recognize the prompt with a space and exit, > unless > you enter a return before the exit). He is cleaning up all the > unused > functions and will post it. > > Once John H. sends out his script I will look at it and see how > it > differs from the one I did with Sam. I will even help Sam get it > working > for his setup. We will let you know when it is all working. > > -lance > > > > -------- Original Message -------- > Subject: [rancid] Re: F5 load balancer support > From: "Mike Ashcraft" > > Date: Mon, July 16, 2007 11:48 am > To: > Cc: rancid-discuss at shrubbery.net > > Sam, > > I have a working f5rancid that I have been using for a > number of months > now. I have one minor bug related to tracking > installed SSL certs > which you probably don't care about. Other than that, > it works great. > > I did encounter and solve all the problems you have been > discussing on > the list. > > Let me know if you are interested in trying what I have. > I have tested > it with Big-IP 9.1.2. > > Mike > > ________________________________ > > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf > Of Sam Munzani > Sent: Monday, July 16, 2007 10:58 AM > To: smunzani at comcast.net > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: F5 load balancer support > > > BTW, this is what I see in the log when I do rancid-run > now. That means > the f5rancid file(hacked copy of rancid) is still > missing something. > > more nfl.20070716.114842 > starting: Mon Jul 16 11:48:42 CDT 2007 > > > > Trying to get all of the configs. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 1. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 2. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 3. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 4. > test-f5-01: End of run not found > -bash: write: command not found > > cvs diff: Diffing . > cvs diff: Diffing configs > nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT > 2007 > > > > Trying to get all of the configs. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 1. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 2. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 3. > test-f5-01: End of run not found > -bash: write: command not found > ===================================== > Getting missed routers: round 4. > test-f5-01: End of run not found > -bash: write: command not found > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs diff: cannot find configs/test-f5-01 > cvs commit: Examining . > cvs commit: Examining configs > cvs commit: Up-to-date check failed for > `configs/test-f5-01' > cvs [commit aborted]: correct above errors first! > ls: test-f5-01: No such file or directory > > ending: Mon Jul 16 11:49:41 CDT 2007 > > Thanks, > Sam > > > David, > > Thanks a lot for the tip. This worked well. Now > f5login goes > much more > cleaner and the "root" doesn't set sent again. I > still have > other issues > where rancid-run is backing up config properly > but I am still > troubleshooting it. > > Now here is a question. What does "bldshgalsjd" > mean and how > does it do > this miracle? > > Thanks, > Sam > > > Thanks for this tip, turns out that this > is also the > reason the > username gets entered at a prompt on the > cisco IPS > devices. Since it's > using SSH and therefore doesn't need a > username prompt, > solution was > to simply add in .cloginrc: > > add userprompt ids* bldshgalsjd (<- > something that > won't get sent > during login) > > Regards, > > David > > On 14/07/07, Lance > > > wrote: > > > Sam, > > Have you tried using telnet to > login, if the f5 > has it enabled. > You may also want to set auto > enable in your > .cloginrc for this device > as it looks to clogin as you are > already in a > cisco equivalent equal to > enable since your prompt has a # > sign in it. > > Looking at your next email along > with this one > it looks like you are > already in a cisco equivalent of > enable after > you login. f5login seems > to be sending your username of > root as a command > after you get connected > because it sees this line "Last > login: Fri Jul > 13 14:38:03 2007 from > 172.24.100.12" and it matches on > the word > "Login". See below. > > "(Username|Login|login|user > name):"? yes > > expect: set expect_out(0,string) > "login:" > > expect: set expect_out(1,string) > "login" > > expect: set expect_out(spawn_id) > "exp4" > > expect: set expect_out(buffer) " > \r\nLast > login:" > > send: sending "root\r" to { exp4 > } > > expect: continuing expect > > You are just using a Cisco > login/parsing script > so it expects prompts > from a Cisco device and in this > case you have a > *nix SSH banner that > gets interrupted. I know you can > use RANCID to > backup *nix systems. So > it knows how to understand > connecting to a *nix > system. You might want > to try this email thread which > asks about > backing up Linux conifgs. > > > "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht > ml" > ml> > > ml> > ml> > > Or you could modify the existing > f5login like > so. > > I think you have to use the > carrot before the () > to work. I haven't > checked this as I am at home and > not on a UNIX > system right now. Sorry > to lazy to check it out right > now. You might > want to uncomment the line > below 3. and comment out the > line below 2. and > see if that works. This > is the only point in the code > that I see it look > for login in any line. > If that doesn't work send me > back the debug and > I will see what I can > do. I am sure some people that > use expect more > often then I can probably > quickly tell you what to use as > syntax there. > > # Figure out prompts > set u_prompt [find userprompt > $router > if { "$u_prompt" == "" } { > #1. ORIGINAL > #set u_prompt > "^(Username|Login|login|user name):" > #2. Modified to read for > a line beginning > with > Username,Login,login, or > user name. > set u_prompt > "^(Username|Login|login|user > name):" > #3. Modified to read for > a line beginning > with Login or login. > but I > may be wrong > #set u_prompt > "^(Username|^Login|^login|user name):" > } else { > set u_prompt [join > [lindex $u_prompt 0] > ""] > > > Let me know if this works for > you. > > -Lance > > > > -------- Original > Message -------- > Subject: Re: [rancid] > F5 load balancer > support > From: Sam Munzani > > > > Date: Fri, July 13, 2007 > 2:30 pm > To: Lance > > > Cc: > rancid-discuss at shrubbery.net > > Lance, > > F5 login works fine with > a minor error. > > $ f5login test-f5-01 > test-f5-01 > spawn ssh -c 3des -x -l > root test-f5-01 > Password: > Last login: Fri Jul 13 > 14:26:28 2007 > from 172.24.100.12 > root > [root at test-f5-01:Active] > config # root > -bash: root: command not > found > [root at test-f5-01:Active] > config # > [root at test-f5-01:Active] > config # > [root at test-f5-01:Active] > config # > > I don't know how to > debug otherwise I > would turn on debug too. If you > can provide some hints > on debug, I would > appreciate it. > > Thanks, > Sam > > > What error(s) do you get > when you try to > run your f5rancid? > > Where does it fail if > you debug your > f5login? > > > -lance > > > > > -------- Original > Message -------- > Subject: [rancid] F5 > load balancer > support > From: Sam Munzani > > > > Date: Fri, July 13, 2007 > 12:45 pm > To: > rancid-discuss at shrubbery.net > > Hi, > > Did anybody happened to > hack one of > Cisco scripts to support > > > BigIP F5 > > > boxes? It should be > pretty simple. All I > want to do is login and > > > type "b > > > list" which is > equivalent of "show run" > on cisco. > > However for some reason > things not > working. All I did was copied > > > clogin > > > to f5login, copied > rancid to f5rancid > and added following to > > > rancid-fe. > > > elsif ($vendor =~ > /^f5$/i) > { exec('f5rancid', > > > $router); } > > > Then modified f5 rancid > file and kept > only one command in list of > commands "b list". > > For some reason its not > working. I can > post my configs here if > > > somebody > > > like to see them. > > Thanks, > Sam > > _______________________________________________ > Rancid-discuss mailing > list > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
________ > _______________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Tue Jul 17 21:34:46 2007 From: rancid at gheek.net (Lance) Date: Tue, 17 Jul 2007 14:34:46 -0700 Subject: [rancid] Re: F5 load balancer support Message-ID: <20070717143446.8e114e4890519e5179c192e02d6bca26.c17ba8393d.wbe@email.secureserver.net> Mike, I would also like to bring up a few other things. 1.) If you are using the default clogin file you are going to have term length and term width commands executed. They will not do anything but they will show up as commands that would be attempted to run. So it would be best to have a separate f5login script/modified clogin so it has a clean login. 2.) You don't seem to check if you have reached end of file and have run clean. You seem to just blindly set these values, which removes the whole purpose they are there. It would be better to read the whole output similar to how the cssrancid script is done or the f5rancid script done. Other than thsoe I think your script is nice. I am sure it can be expanded on like a lot of the stuff but lets get some product that has all the checking, and prompt detection between each command and then lets look at adding it to the distribution. Obviously John H. and company has the final say on that one. -lance > -------- Original Message -------- > Subject: RE: [rancid] Re: F5 load balancer support > From: "Mike Ashcraft" > Date: Tue, July 17, 2007 12:35 pm > To: "Lance" > Cc: , > > Lance, > > Thanks for the feedback. > > "b list" and "cat bigip.conf" are equivalent with the exception that b > list may reflect changes made in the cli that are not saved and will be > lost on reboot. Changes made using the web configuration tool are > automatically saved. "b list" may also limit what the rancid user can > see to a partial view if the user is not given sufficient rights. This > file has the software configuration. > > The other file, bigip_base.conf contains interface configuration, > management IP addresses, routing, VLANs etc. > > One could debate whether the f5rancid script should get the saved > configuration files or the running config or both. For cisco devices, > rancid obtains both. I'll look at adding both. > > Mike > > -----Original Message----- > From: Lance [mailto:rancid at gheek.net] > Sent: Tuesday, July 17, 2007 12:00 PM > To: Mike Ashcraft > Cc: rancid-discuss at shrubbery.net; sam at munzani.com > Subject: RE: [rancid] Re: F5 load balancer support > > Mike, > > Looks really nice. I am guessing the bigip.conf or the other file is > what is displayed with "b list". > > -Lance > > > -------- Original Message -------- > > Subject: RE: [rancid] Re: F5 load balancer support > > From: "Mike Ashcraft" > > Date: Tue, July 17, 2007 10:49 am > > To: , "Lance" > > Cc: > > > > I have been on vacation for the last couple of weeks or I would have > > posted this sooner and possibly saved some of you a bit of effort. > > > > It sounds like Lance and Sam have put together a working f5rancid with > > basic functionality which Sam posted last night. I have attached my > > f5rancid which I have been running for a few months. Installation > > instructions are included as comments in the file. This version uses > > clogin so that a separate f5login script is not required. > > > > This version formats and processes the output to make it more usable. > > As far as what is captured, I based this on the F5 equivalent of a > tech > > out. It grabs a copy of all the configuration files, hardware > > configuration and software version as well as the timestamps and file > > sizes for SSL certs hosted on the device. This facilitates rebuilding > > from scratch as quickly as possible if this is ever needed. > > > > I was able to resolve the bug I mentioned yesterday by increasing the > > clogin timeout. On a small number of devices it failed to process the > > last few commands when running from cron but always worked properly > from > > the command line on all devices [making it difficult to track down]. > I > > mention this because it may be an appropriate fix for other > intermittent > > problems sometimes discussed on this list. > > > > Any feedback is appreciated. I hope to get f5 support added to future > > releases of rancid. > > > > Thanks, > > > > Mike > > > > > > > > ________________________________ > > > > From: Sam Munzani [mailto:sam at munzani.com] > > Sent: Monday, July 16, 2007 7:49 PM > > To: Lance > > Cc: Mike Ashcraft; rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Re: F5 load balancer support > > > > > > Lance, > > > > Thanks a lot for all your help. Pretty much you did all the work while > I > > watched what you are doing :-).. > > > > Attached are cleaned up files. In f5rancid file, I have left some > basic > > functions(non platform specific) just in case we expand this script to > > do a lot more than just "b list" output. In rancid-fe, we defined a > new > > device type "f5", f5login was copied from clogin and remarked some > "term > > length" statements we don't need on F5. > > > > All 3 files are attached and working great. Please be aware, we are > not > > parsing anything at all. All its doing is basic function of running "b > > list" command and capturing its output. As I expand more on this, I > will > > be sure to share with the audience here. > > > > Again, thanks a lot for all your help today. > > > > Regards, > > Sam > > > > > > I have helped Sam get a working f5rancid which requires a > > f5login (only > > because it doesn't recognize the prompt with a space and exit, > > unless > > you enter a return before the exit). He is cleaning up all the > > unused > > functions and will post it. > > > > Once John H. sends out his script I will look at it and see how > > it > > differs from the one I did with Sam. I will even help Sam get it > > working > > for his setup. We will let you know when it is all working. > > > > -lance > > > > > > > > -------- Original Message -------- > > Subject: [rancid] Re: F5 load balancer support > > From: "Mike Ashcraft" > > > > Date: Mon, July 16, 2007 11:48 am > > To: > > Cc: rancid-discuss at shrubbery.net > > > > Sam, > > > > I have a working f5rancid that I have been using for a > > number of months > > now. I have one minor bug related to tracking > > installed SSL certs > > which you probably don't care about. Other than that, > > it works great. > > > > I did encounter and solve all the problems you have been > > discussing on > > the list. > > > > Let me know if you are interested in trying what I have. > > I have tested > > it with Big-IP 9.1.2. > > > > Mike > > > > ________________________________ > > > > From: rancid-discuss-bounces at shrubbery.net > > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf > > Of Sam Munzani > > Sent: Monday, July 16, 2007 10:58 AM > > To: smunzani at comcast.net > > Cc: rancid-discuss at shrubbery.net > > Subject: [rancid] Re: F5 load balancer support > > > > > > BTW, this is what I see in the log when I do rancid-run > > now. That means > > the f5rancid file(hacked copy of rancid) is still > > missing something. > > > > more nfl.20070716.114842 > > starting: Mon Jul 16 11:48:42 CDT 2007 > > > > > > > > Trying to get all of the configs. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 1. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 2. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 3. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 4. > > test-f5-01: End of run not found > > -bash: write: command not found > > > > cvs diff: Diffing . > > cvs diff: Diffing configs > > nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT > > 2007 > > > > > > > > Trying to get all of the configs. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 1. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 2. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 3. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 4. > > test-f5-01: End of run not found > > -bash: write: command not found > > > > cvs diff: Diffing . > > cvs diff: Diffing configs > > cvs diff: cannot find configs/test-f5-01 > > cvs commit: Examining . > > cvs commit: Examining configs > > cvs commit: Up-to-date check failed for > > `configs/test-f5-01' > > cvs [commit aborted]: correct above errors first! > > ls: test-f5-01: No such file or directory > > > > ending: Mon Jul 16 11:49:41 CDT 2007 > > > > Thanks, > > Sam > > > > > > David, > > > > Thanks a lot for the tip. This worked well. Now > > f5login goes > > much more > > cleaner and the "root" doesn't set sent again. I > > still have > > other issues > > where rancid-run is backing up config properly > > but I am still > > troubleshooting it. > > > > Now here is a question. What does "bldshgalsjd" > > mean and how > > does it do > > this miracle? > > > > Thanks, > > Sam > > > > > > Thanks for this tip, turns out that this > > is also the > > reason the > > username gets entered at a prompt on the > > cisco IPS > > devices. Since it's > > using SSH and therefore doesn't need a > > username prompt, > > solution was > > to simply add in .cloginrc: > > > > add userprompt ids* bldshgalsjd (<- > > something that > > won't get sent > > during login) > > > > Regards, > > > > David > > > > On 14/07/07, Lance > > > > > > wrote: > > > > > > Sam, > > > > Have you tried using telnet to > > login, if the f5 > > has it enabled. > > You may also want to set auto > > enable in your > > .cloginrc for this device > > as it looks to clogin as you are > > already in a > > cisco equivalent equal to > > enable since your prompt has a # > > sign in it. > > > > Looking at your next email along > > with this one > > it looks like you are > > already in a cisco equivalent of > > enable after > > you login. f5login seems > > to be sending your username of > > root as a command > > after you get connected > > because it sees this line "Last > > login: Fri Jul > > 13 14:38:03 2007 from > > 172.24.100.12" and it matches on > > the word > > "Login". See below. > > > > "(Username|Login|login|user > > name):"? yes > > > > expect: set expect_out(0,string) > > "login:" > > > > expect: set expect_out(1,string) > > "login" > > > > expect: set expect_out(spawn_id) > > "exp4" > > > > expect: set expect_out(buffer) " > > \r\nLast > > login:" > > > > send: sending "root\r" to { exp4 > > } > > > > expect: continuing expect > > > > You are just using a Cisco > > login/parsing script > > so it expects prompts > > from a Cisco device and in this > > case you have a > > *nix SSH banner that > > gets interrupted. I know you can > > use RANCID to > > backup *nix systems. So > > it knows how to understand > > connecting to a *nix > > system. You might want > > to try this email thread which > > asks about > > backing up Linux conifgs. > > > > > > > "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht > > ml" > > > > ml> > > > > > > ml> > > > > ml> > > > > Or you could modify the existing > > f5login like > > so. > > > > I think you have to use the > > carrot before the () > > to work. I haven't > > checked this as I am at home and > > not on a UNIX > > system right now. Sorry > > to lazy to check it out right > > now. You might > > want to uncomment the line > > below 3. and comment out the > > line below 2. and > > see if that works. This > > is the only point in the code > > that I see it look > > for login in any line. > > If that doesn't work send me > > back the debug and > > I will see what I can > > do. I am sure some people that > > use expect more > > often then I can probably > > quickly tell you what to use as > > syntax there. > > > > # Figure out prompts > > set u_prompt [find userprompt > > $router > > if { "$u_prompt" == "" } { > > #1. ORIGINAL > > #set u_prompt > > "^(Username|Login|login|user name):" > > #2. Modified to read for > > a line beginning > > with > > Username,Login,login, or > > user name. > > set u_prompt > > "^(Username|Login|login|user > > name):" > > #3. Modified to read for > > a line beginning > > with Login or login. > > but I > > may be wrong > > #set u_prompt > > "^(Username|^Login|^login|user name):" > > } else { > > set u_prompt [join > > [lindex $u_prompt 0] > > ""] > > > > > > Let me know if this works for > > you. > > > > -Lance > > > > > > > > -------- Original > > Message -------- > > Subject: Re: [rancid] > > F5 load balancer > > support > > From: Sam Munzani > > > > > > > > Date: Fri, July 13, 2007 > > 2:30 pm > > To: Lance > > > > > > Cc: > > rancid-discuss at shrubbery.net > > > > Lance, > > > > F5 login works fine with > > a minor error. > > > > $ f5login test-f5-01 > > test-f5-01 > > spawn ssh -c 3des -x -l > > root test-f5-01 > > Password: > > Last login: Fri Jul 13 > > 14:26:28 2007 > > from 172.24.100.12 > > root > > [root at test-f5-01:Active] > > config # root > > -bash: root: command not > > found > > [root at test-f5-01:Active] > > config # > > [root at test-f5-01:Active] > > config # > > [root at test-f5-01:Active] > > config # > > > > I don't know how to > > debug otherwise I > > would turn on debug too. If you > > can provide some hints > > on debug, I would > > appreciate it. > > > > Thanks, > > Sam > > > > > > What error(s) do you get > > when you try to > > run your f5rancid? > > > > Where does it fail if > > you debug your > > f5login? > > > > > > -lance > > > > > > > > > > -------- Original > > Message -------- > > Subject: [rancid] F5 > > load balancer > > support > > From: Sam Munzani > > > > > > > > Date: Fri, July 13, 2007 > > 12:45 pm > > To: > > rancid-discuss at shrubbery.net > > > > Hi, > > > > Did anybody happened to > > hack one of > > Cisco scripts to support > > > > > > BigIP F5 > > > > > > boxes? It should be > > pretty simple. All I > > want to do is login and > > > > > > type "b > > > > > > list" which is > > equivalent of "show run" > > on cisco. > > > > However for some reason > > things not > > working. All I did was copied > > > > > > clogin > > > > > > to f5login, copied > > rancid to f5rancid > > and added following to > > > > > > rancid-fe. > > > > > > elsif ($vendor =~ > > /^f5$/i) > > { exec('f5rancid', > > > > > > $router); } > > > > > > Then modified f5 rancid > > file and kept > > only one command in list of > > commands "b list". > > > > For some reason its not > > working. I can > > post my configs here if > > > > > > somebody > > > > > > like to see them. > > > > Thanks, > > Sam > > > > _______________________________________________ > > Rancid-discuss mailing > > list > > > > Rancid-discuss at shrubbery.net > > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
________ > > _______________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From mashcraft at omniture.com Tue Jul 17 22:55:19 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Tue, 17 Jul 2007 16:55:19 -0600 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <20070717143446.8e114e4890519e5179c192e02d6bca26.c17ba8393d.wbe@email.secureserver.net> References: <20070717143446.8e114e4890519e5179c192e02d6bca26.c17ba8393d.wbe@email.secureserver.net> Message-ID: <45EB285310B55542A513F93230F0A5330115DC6F@EXCHANGE0.orm.omniture.com> Lance, I welcome a separate f5login, but when I asked about it back in February, Andrew Partan recommended using clogin if I could get it to work. Since I already had it working with clogin at that point, I didn't want to tackle re-writing clogin for the f5 if I didn't need to. The f5login you put together works with minimal changes to f5rancid. It also fixes some emulation problems when using clogin to obtain a shell on the f5. While these did not impact f5rancid, it does improve the overall functionality. Thanks! The check for prompt, the end of file and clean run is all there. This also answers Sam's question about how I was able to use clogin. When I was trying to figure out why I was not getting a clean run, I found that the standard rancid looks for a regex match to /[>#]\s?exit$/ to detect a clean run. Looking at the data coming back from clogin, I was not seeing anything to match this from the f5 so I replaced it with /\s?logout$/ to match what I was seeing from the F5 at the end of a clean run. Mike -----Original Message----- From: Lance [mailto:rancid at gheek.net] Sent: Tuesday, July 17, 2007 3:35 PM To: Mike Ashcraft Cc: rancid-discuss at shrubbery.net; sam at munzani.com Subject: RE: [rancid] Re: F5 load balancer support Mike, I would also like to bring up a few other things. 1.) If you are using the default clogin file you are going to have term length and term width commands executed. They will not do anything but they will show up as commands that would be attempted to run. So it would be best to have a separate f5login script/modified clogin so it has a clean login. 2.) You don't seem to check if you have reached end of file and have run clean. You seem to just blindly set these values, which removes the whole purpose they are there. It would be better to read the whole output similar to how the cssrancid script is done or the f5rancid script done. Other than thsoe I think your script is nice. I am sure it can be expanded on like a lot of the stuff but lets get some product that has all the checking, and prompt detection between each command and then lets look at adding it to the distribution. Obviously John H. and company has the final say on that one. -lance > -------- Original Message -------- > Subject: RE: [rancid] Re: F5 load balancer support > From: "Mike Ashcraft" > Date: Tue, July 17, 2007 12:35 pm > To: "Lance" > Cc: , > > Lance, > > Thanks for the feedback. > > "b list" and "cat bigip.conf" are equivalent with the exception that b > list may reflect changes made in the cli that are not saved and will be > lost on reboot. Changes made using the web configuration tool are > automatically saved. "b list" may also limit what the rancid user can > see to a partial view if the user is not given sufficient rights. This > file has the software configuration. > > The other file, bigip_base.conf contains interface configuration, > management IP addresses, routing, VLANs etc. > > One could debate whether the f5rancid script should get the saved > configuration files or the running config or both. For cisco devices, > rancid obtains both. I'll look at adding both. > > Mike > > -----Original Message----- > From: Lance [mailto:rancid at gheek.net] > Sent: Tuesday, July 17, 2007 12:00 PM > To: Mike Ashcraft > Cc: rancid-discuss at shrubbery.net; sam at munzani.com > Subject: RE: [rancid] Re: F5 load balancer support > > Mike, > > Looks really nice. I am guessing the bigip.conf or the other file is > what is displayed with "b list". > > -Lance > > > -------- Original Message -------- > > Subject: RE: [rancid] Re: F5 load balancer support > > From: "Mike Ashcraft" > > Date: Tue, July 17, 2007 10:49 am > > To: , "Lance" > > Cc: > > > > I have been on vacation for the last couple of weeks or I would have > > posted this sooner and possibly saved some of you a bit of effort. > > > > It sounds like Lance and Sam have put together a working f5rancid with > > basic functionality which Sam posted last night. I have attached my > > f5rancid which I have been running for a few months. Installation > > instructions are included as comments in the file. This version uses > > clogin so that a separate f5login script is not required. > > > > This version formats and processes the output to make it more usable. > > As far as what is captured, I based this on the F5 equivalent of a > tech > > out. It grabs a copy of all the configuration files, hardware > > configuration and software version as well as the timestamps and file > > sizes for SSL certs hosted on the device. This facilitates rebuilding > > from scratch as quickly as possible if this is ever needed. > > > > I was able to resolve the bug I mentioned yesterday by increasing the > > clogin timeout. On a small number of devices it failed to process the > > last few commands when running from cron but always worked properly > from > > the command line on all devices [making it difficult to track down]. > I > > mention this because it may be an appropriate fix for other > intermittent > > problems sometimes discussed on this list. > > > > Any feedback is appreciated. I hope to get f5 support added to future > > releases of rancid. > > > > Thanks, > > > > Mike > > > > > > > > ________________________________ > > > > From: Sam Munzani [mailto:sam at munzani.com] > > Sent: Monday, July 16, 2007 7:49 PM > > To: Lance > > Cc: Mike Ashcraft; rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Re: F5 load balancer support > > > > > > Lance, > > > > Thanks a lot for all your help. Pretty much you did all the work while > I > > watched what you are doing :-).. > > > > Attached are cleaned up files. In f5rancid file, I have left some > basic > > functions(non platform specific) just in case we expand this script to > > do a lot more than just "b list" output. In rancid-fe, we defined a > new > > device type "f5", f5login was copied from clogin and remarked some > "term > > length" statements we don't need on F5. > > > > All 3 files are attached and working great. Please be aware, we are > not > > parsing anything at all. All its doing is basic function of running "b > > list" command and capturing its output. As I expand more on this, I > will > > be sure to share with the audience here. > > > > Again, thanks a lot for all your help today. > > > > Regards, > > Sam > > > > > > I have helped Sam get a working f5rancid which requires a > > f5login (only > > because it doesn't recognize the prompt with a space and exit, > > unless > > you enter a return before the exit). He is cleaning up all the > > unused > > functions and will post it. > > > > Once John H. sends out his script I will look at it and see how > > it > > differs from the one I did with Sam. I will even help Sam get it > > working > > for his setup. We will let you know when it is all working. > > > > -lance > > > > > > > > -------- Original Message -------- > > Subject: [rancid] Re: F5 load balancer support > > From: "Mike Ashcraft" > > > > Date: Mon, July 16, 2007 11:48 am > > To: > > Cc: rancid-discuss at shrubbery.net > > > > Sam, > > > > I have a working f5rancid that I have been using for a > > number of months > > now. I have one minor bug related to tracking > > installed SSL certs > > which you probably don't care about. Other than that, > > it works great. > > > > I did encounter and solve all the problems you have been > > discussing on > > the list. > > > > Let me know if you are interested in trying what I have. > > I have tested > > it with Big-IP 9.1.2. > > > > Mike > > > > ________________________________ > > > > From: rancid-discuss-bounces at shrubbery.net > > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf > > Of Sam Munzani > > Sent: Monday, July 16, 2007 10:58 AM > > To: smunzani at comcast.net > > Cc: rancid-discuss at shrubbery.net > > Subject: [rancid] Re: F5 load balancer support > > > > > > BTW, this is what I see in the log when I do rancid-run > > now. That means > > the f5rancid file(hacked copy of rancid) is still > > missing something. > > > > more nfl.20070716.114842 > > starting: Mon Jul 16 11:48:42 CDT 2007 > > > > > > > > Trying to get all of the configs. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 1. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 2. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 3. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 4. > > test-f5-01: End of run not found > > -bash: write: command not found > > > > cvs diff: Diffing . > > cvs diff: Diffing configs > > nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT > > 2007 > > > > > > > > Trying to get all of the configs. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 1. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 2. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 3. > > test-f5-01: End of run not found > > -bash: write: command not found > > ===================================== > > Getting missed routers: round 4. > > test-f5-01: End of run not found > > -bash: write: command not found > > > > cvs diff: Diffing . > > cvs diff: Diffing configs > > cvs diff: cannot find configs/test-f5-01 > > cvs commit: Examining . > > cvs commit: Examining configs > > cvs commit: Up-to-date check failed for > > `configs/test-f5-01' > > cvs [commit aborted]: correct above errors first! > > ls: test-f5-01: No such file or directory > > > > ending: Mon Jul 16 11:49:41 CDT 2007 > > > > Thanks, > > Sam > > > > > > David, > > > > Thanks a lot for the tip. This worked well. Now > > f5login goes > > much more > > cleaner and the "root" doesn't set sent again. I > > still have > > other issues > > where rancid-run is backing up config properly > > but I am still > > troubleshooting it. > > > > Now here is a question. What does "bldshgalsjd" > > mean and how > > does it do > > this miracle? > > > > Thanks, > > Sam > > > > > > Thanks for this tip, turns out that this > > is also the > > reason the > > username gets entered at a prompt on the > > cisco IPS > > devices. Since it's > > using SSH and therefore doesn't need a > > username prompt, > > solution was > > to simply add in .cloginrc: > > > > add userprompt ids* bldshgalsjd (<- > > something that > > won't get sent > > during login) > > > > Regards, > > > > David > > > > On 14/07/07, Lance > > > > > > wrote: > > > > > > Sam, > > > > Have you tried using telnet to > > login, if the f5 > > has it enabled. > > You may also want to set auto > > enable in your > > .cloginrc for this device > > as it looks to clogin as you are > > already in a > > cisco equivalent equal to > > enable since your prompt has a # > > sign in it. > > > > Looking at your next email along > > with this one > > it looks like you are > > already in a cisco equivalent of > > enable after > > you login. f5login seems > > to be sending your username of > > root as a command > > after you get connected > > because it sees this line "Last > > login: Fri Jul > > 13 14:38:03 2007 from > > 172.24.100.12" and it matches on > > the word > > "Login". See below. > > > > "(Username|Login|login|user > > name):"? yes > > > > expect: set expect_out(0,string) > > "login:" > > > > expect: set expect_out(1,string) > > "login" > > > > expect: set expect_out(spawn_id) > > "exp4" > > > > expect: set expect_out(buffer) " > > \r\nLast > > login:" > > > > send: sending "root\r" to { exp4 > > } > > > > expect: continuing expect > > > > You are just using a Cisco > > login/parsing script > > so it expects prompts > > from a Cisco device and in this > > case you have a > > *nix SSH banner that > > gets interrupted. I know you can > > use RANCID to > > backup *nix systems. So > > it knows how to understand > > connecting to a *nix > > system. You might want > > to try this email thread which > > asks about > > backing up Linux conifgs. > > > > > > > "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht > > ml" > > > > ml> > > > > > > ml> > > > > ml> > > > > Or you could modify the existing > > f5login like > > so. > > > > I think you have to use the > > carrot before the () > > to work. I haven't > > checked this as I am at home and > > not on a UNIX > > system right now. Sorry > > to lazy to check it out right > > now. You might > > want to uncomment the line > > below 3. and comment out the > > line below 2. and > > see if that works. This > > is the only point in the code > > that I see it look > > for login in any line. > > If that doesn't work send me > > back the debug and > > I will see what I can > > do. I am sure some people that > > use expect more > > often then I can probably > > quickly tell you what to use as > > syntax there. > > > > # Figure out prompts > > set u_prompt [find userprompt > > $router > > if { "$u_prompt" == "" } { > > #1. ORIGINAL > > #set u_prompt > > "^(Username|Login|login|user name):" > > #2. Modified to read for > > a line beginning > > with > > Username,Login,login, or > > user name. > > set u_prompt > > "^(Username|Login|login|user > > name):" > > #3. Modified to read for > > a line beginning > > with Login or login. > > but I > > may be wrong > > #set u_prompt > > "^(Username|^Login|^login|user name):" > > } else { > > set u_prompt [join > > [lindex $u_prompt 0] > > ""] > > > > > > Let me know if this works for > > you. > > > > -Lance > > > > > > > > -------- Original > > Message -------- > > Subject: Re: [rancid] > > F5 load balancer > > support > > From: Sam Munzani > > > > > > > > Date: Fri, July 13, 2007 > > 2:30 pm > > To: Lance > > > > > > Cc: > > rancid-discuss at shrubbery.net > > > > Lance, > > > > F5 login works fine with > > a minor error. > > > > $ f5login test-f5-01 > > test-f5-01 > > spawn ssh -c 3des -x -l > > root test-f5-01 > > Password: > > Last login: Fri Jul 13 > > 14:26:28 2007 > > from 172.24.100.12 > > root > > [root at test-f5-01:Active] > > config # root > > -bash: root: command not > > found > > [root at test-f5-01:Active] > > config # > > [root at test-f5-01:Active] > > config # > > [root at test-f5-01:Active] > > config # > > > > I don't know how to > > debug otherwise I > > would turn on debug too. If you > > can provide some hints > > on debug, I would > > appreciate it. > > > > Thanks, > > Sam > > > > > > What error(s) do you get > > when you try to > > run your f5rancid? > > > > Where does it fail if > > you debug your > > f5login? > > > > > > -lance > > > > > > > > > > -------- Original > > Message -------- > > Subject: [rancid] F5 > > load balancer > > support > > From: Sam Munzani > > > > > > > > Date: Fri, July 13, 2007 > > 12:45 pm > > To: > > rancid-discuss at shrubbery.net > > > > Hi, > > > > Did anybody happened to > > hack one of > > Cisco scripts to support > > > > > > BigIP F5 > > > > > > boxes? It should be > > pretty simple. All I > > want to do is login and > > > > > > type "b > > > > > > list" which is > > equivalent of "show run" > > on cisco. > > > > However for some reason > > things not > > working. All I did was copied > > > > > > clogin > > > > > > to f5login, copied > > rancid to f5rancid > > and added following to > > > > > > rancid-fe. > > > > > > elsif ($vendor =~ > > /^f5$/i) > > { exec('f5rancid', > > > > > > $router); } > > > > > > Then modified f5 rancid > > file and kept > > only one command in list of > > commands "b list". > > > > For some reason its not > > working. I can > > post my configs here if > > > > > > somebody > > > > > > like to see them. > > > > Thanks, > > Sam > > > > _______________________________________________ > > Rancid-discuss mailing > > list > > > > Rancid-discuss at shrubbery.net > > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
________ > > _______________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Wed Jul 18 00:03:13 2007 From: rancid at gheek.net (Lance) Date: Tue, 17 Jul 2007 17:03:13 -0700 Subject: [rancid] Re: F5 load balancer support Message-ID: <20070717170313.8e114e4890519e5179c192e02d6bca26.7977ba3067.wbe@email.secureserver.net> Mike, Interesting comment about the logout/exit portion. The f5login I created from slightly modifying the clogin basically had expect send an additional \r before it issued exit\r. So it looks like so send "\rexit\r". That made it get another line and then when it saw the # in the prompt followed by a space and then exit it worked just fine. Interesting you got yours to work with logout. Hehe. In any regard nicely done and I am sure what we have is nice and all but I know John has his own copy...I thought I remember him saying. I would think he has it a lot like the cisco one, catching particulars and exclaiming them at the top of the file. I may be wrong, but none the less between the 3 version I think there should be no reason why we can't have it added to the next alpha release. :-D John can you pass out your version and let us know if it will make the next alpha release? -Lance > -------- Original Message -------- > Subject: RE: [rancid] Re: F5 load balancer support > From: "Mike Ashcraft" > Date: Tue, July 17, 2007 3:55 pm > To: "Lance" > Cc: , > > Lance, > > I welcome a separate f5login, but when I asked about it back in > February, Andrew Partan recommended using clogin if I could get it to > work. Since I already had it working with clogin at that point, I > didn't want to tackle re-writing clogin for the f5 if I didn't need to. > The f5login you put together works with minimal changes to f5rancid. It > also fixes some emulation problems when using clogin to obtain a shell > on the f5. While these did not impact f5rancid, it does improve the > overall functionality. Thanks! > > The check for prompt, the end of file and clean run is all there. This > also answers Sam's question about how I was able to use clogin. When I > was trying to figure out why I was not getting a clean run, I found that > the standard rancid looks for a regex match to /[>#]\s?exit$/ to detect > a clean run. Looking at the data coming back from clogin, I was not > seeing anything to match this from the f5 so I replaced it with > /\s?logout$/ to match what I was seeing from the F5 at the end of a > clean run. > > Mike > > > -----Original Message----- > From: Lance [mailto:rancid at gheek.net] > Sent: Tuesday, July 17, 2007 3:35 PM > To: Mike Ashcraft > Cc: rancid-discuss at shrubbery.net; sam at munzani.com > Subject: RE: [rancid] Re: F5 load balancer support > > Mike, > > I would also like to bring up a few other things. > > 1.) If you are using the default clogin file you are going to have term > length and term width commands executed. They will not do anything but > they will show up as commands that would be attempted to run. So it > would be best to have a separate f5login script/modified clogin so it > has a clean login. > > 2.) You don't seem to check if you have reached end of file and have run > clean. You seem to just blindly set these values, which removes the > whole purpose they are there. It would be better to read the whole > output similar to how the cssrancid script is done or the f5rancid > script done. > > Other than thsoe I think your script is nice. I am sure it can be > expanded on like a lot of the stuff but lets get some product that has > all the checking, and prompt detection between each command and then > lets look at adding it to the distribution. Obviously John H. and > company has the final say on that one. > > -lance > > > -------- Original Message -------- > > Subject: RE: [rancid] Re: F5 load balancer support > > From: "Mike Ashcraft" > > Date: Tue, July 17, 2007 12:35 pm > > To: "Lance" > > Cc: , > > > > Lance, > > > > Thanks for the feedback. > > > > "b list" and "cat bigip.conf" are equivalent with the exception that b > > list may reflect changes made in the cli that are not saved and will > be > > lost on reboot. Changes made using the web configuration tool are > > automatically saved. "b list" may also limit what the rancid user can > > see to a partial view if the user is not given sufficient rights. > This > > file has the software configuration. > > > > The other file, bigip_base.conf contains interface configuration, > > management IP addresses, routing, VLANs etc. > > > > One could debate whether the f5rancid script should get the saved > > configuration files or the running config or both. For cisco devices, > > rancid obtains both. I'll look at adding both. > > > > Mike > > > > -----Original Message----- > > From: Lance [mailto:rancid at gheek.net] > > Sent: Tuesday, July 17, 2007 12:00 PM > > To: Mike Ashcraft > > Cc: rancid-discuss at shrubbery.net; sam at munzani.com > > Subject: RE: [rancid] Re: F5 load balancer support > > > > Mike, > > > > Looks really nice. I am guessing the bigip.conf or the other file is > > what is displayed with "b list". > > > > -Lance > > > > > -------- Original Message -------- > > > Subject: RE: [rancid] Re: F5 load balancer support > > > From: "Mike Ashcraft" > > > Date: Tue, July 17, 2007 10:49 am > > > To: , "Lance" > > > Cc: > > > > > > I have been on vacation for the last couple of weeks or I would have > > > posted this sooner and possibly saved some of you a bit of effort. > > > > > > It sounds like Lance and Sam have put together a working f5rancid > with > > > basic functionality which Sam posted last night. I have attached my > > > f5rancid which I have been running for a few months. Installation > > > instructions are included as comments in the file. This version > uses > > > clogin so that a separate f5login script is not required. > > > > > > This version formats and processes the output to make it more > usable. > > > As far as what is captured, I based this on the F5 equivalent of a > > tech > > > out. It grabs a copy of all the configuration files, hardware > > > configuration and software version as well as the timestamps and > file > > > sizes for SSL certs hosted on the device. This facilitates > rebuilding > > > from scratch as quickly as possible if this is ever needed. > > > > > > I was able to resolve the bug I mentioned yesterday by increasing > the > > > clogin timeout. On a small number of devices it failed to process > the > > > last few commands when running from cron but always worked properly > > from > > > the command line on all devices [making it difficult to track down]. > > I > > > mention this because it may be an appropriate fix for other > > intermittent > > > problems sometimes discussed on this list. > > > > > > Any feedback is appreciated. I hope to get f5 support added to > future > > > releases of rancid. > > > > > > Thanks, > > > > > > Mike > > > > > > > > > > > > ________________________________ > > > > > > From: Sam Munzani [mailto:sam at munzani.com] > > > Sent: Monday, July 16, 2007 7:49 PM > > > To: Lance > > > Cc: Mike Ashcraft; rancid-discuss at shrubbery.net > > > Subject: Re: [rancid] Re: F5 load balancer support > > > > > > > > > Lance, > > > > > > Thanks a lot for all your help. Pretty much you did all the work > while > > I > > > watched what you are doing :-).. > > > > > > Attached are cleaned up files. In f5rancid file, I have left some > > basic > > > functions(non platform specific) just in case we expand this script > to > > > do a lot more than just "b list" output. In rancid-fe, we defined a > > new > > > device type "f5", f5login was copied from clogin and remarked some > > "term > > > length" statements we don't need on F5. > > > > > > All 3 files are attached and working great. Please be aware, we are > > not > > > parsing anything at all. All its doing is basic function of running > "b > > > list" command and capturing its output. As I expand more on this, I > > will > > > be sure to share with the audience here. > > > > > > Again, thanks a lot for all your help today. > > > > > > Regards, > > > Sam > > > > > > > > > I have helped Sam get a working f5rancid which requires a > > > f5login (only > > > because it doesn't recognize the prompt with a space and exit, > > > unless > > > you enter a return before the exit). He is cleaning up all the > > > unused > > > functions and will post it. > > > > > > Once John H. sends out his script I will look at it and see how > > > it > > > differs from the one I did with Sam. I will even help Sam get it > > > working > > > for his setup. We will let you know when it is all working. > > > > > > -lance > > > > > > > > > > > > -------- Original Message -------- > > > Subject: [rancid] Re: F5 load balancer support > > > From: "Mike Ashcraft" > > > > > > Date: Mon, July 16, 2007 11:48 am > > > To: > > > Cc: rancid-discuss at shrubbery.net > > > > > > Sam, > > > > > > I have a working f5rancid that I have been using for a > > > number of months > > > now. I have one minor bug related to tracking > > > installed SSL certs > > > which you probably don't care about. Other than that, > > > it works great. > > > > > > I did encounter and solve all the problems you have been > > > discussing on > > > the list. > > > > > > Let me know if you are interested in trying what I have. > > > I have tested > > > it with Big-IP 9.1.2. > > > > > > Mike > > > > > > ________________________________ > > > > > > From: rancid-discuss-bounces at shrubbery.net > > > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf > > > Of Sam Munzani > > > Sent: Monday, July 16, 2007 10:58 AM > > > To: smunzani at comcast.net > > > Cc: rancid-discuss at shrubbery.net > > > Subject: [rancid] Re: F5 load balancer support > > > > > > > > > BTW, this is what I see in the log when I do rancid-run > > > now. That means > > > the f5rancid file(hacked copy of rancid) is still > > > missing something. > > > > > > more nfl.20070716.114842 > > > starting: Mon Jul 16 11:48:42 CDT 2007 > > > > > > > > > > > > Trying to get all of the configs. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > ===================================== > > > Getting missed routers: round 1. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > ===================================== > > > Getting missed routers: round 2. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > ===================================== > > > Getting missed routers: round 3. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > ===================================== > > > Getting missed routers: round 4. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > > > > cvs diff: Diffing . > > > cvs diff: Diffing configs > > > nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT > > > 2007 > > > > > > > > > > > > Trying to get all of the configs. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > ===================================== > > > Getting missed routers: round 1. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > ===================================== > > > Getting missed routers: round 2. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > ===================================== > > > Getting missed routers: round 3. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > ===================================== > > > Getting missed routers: round 4. > > > test-f5-01: End of run not found > > > -bash: write: command not found > > > > > > cvs diff: Diffing . > > > cvs diff: Diffing configs > > > cvs diff: cannot find configs/test-f5-01 > > > cvs commit: Examining . > > > cvs commit: Examining configs > > > cvs commit: Up-to-date check failed for > > > `configs/test-f5-01' > > > cvs [commit aborted]: correct above errors first! > > > ls: test-f5-01: No such file or directory > > > > > > ending: Mon Jul 16 11:49:41 CDT 2007 > > > > > > Thanks, > > > Sam > > > > > > > > > David, > > > > > > Thanks a lot for the tip. This worked well. Now > > > f5login goes > > > much more > > > cleaner and the "root" doesn't set sent again. I > > > still have > > > other issues > > > where rancid-run is backing up config properly > > > but I am still > > > troubleshooting it. > > > > > > Now here is a question. What does "bldshgalsjd" > > > mean and how > > > does it do > > > this miracle? > > > > > > Thanks, > > > Sam > > > > > > > > > Thanks for this tip, turns out that this > > > is also the > > > reason the > > > username gets entered at a prompt on the > > > cisco IPS > > > devices. Since it's > > > using SSH and therefore doesn't need a > > > username prompt, > > > solution was > > > to simply add in .cloginrc: > > > > > > add userprompt ids* bldshgalsjd (<- > > > something that > > > won't get sent > > > during login) > > > > > > Regards, > > > > > > David > > > > > > On 14/07/07, Lance > > > > > > > > > wrote: > > > > > > > > > Sam, > > > > > > Have you tried using telnet to > > > login, if the f5 > > > has it enabled. > > > You may also want to set auto > > > enable in your > > > .cloginrc for this device > > > as it looks to clogin as you are > > > already in a > > > cisco equivalent equal to > > > enable since your prompt has a # > > > sign in it. > > > > > > Looking at your next email along > > > with this one > > > it looks like you are > > > already in a cisco equivalent of > > > enable after > > > you login. f5login seems > > > to be sending your username of > > > root as a command > > > after you get connected > > > because it sees this line "Last > > > login: Fri Jul > > > 13 14:38:03 2007 from > > > 172.24.100.12" and it matches on > > > the word > > > "Login". See below. > > > > > > "(Username|Login|login|user > > > name):"? yes > > > > > > expect: set expect_out(0,string) > > > "login:" > > > > > > expect: set expect_out(1,string) > > > "login" > > > > > > expect: set expect_out(spawn_id) > > > "exp4" > > > > > > expect: set expect_out(buffer) " > > > \r\nLast > > > login:" > > > > > > send: sending "root\r" to { exp4 > > > } > > > > > > expect: continuing expect > > > > > > You are just using a Cisco > > > login/parsing script > > > so it expects prompts > > > from a Cisco device and in this > > > case you have a > > > *nix SSH banner that > > > gets interrupted. I know you can > > > use RANCID to > > > backup *nix systems. So > > > it knows how to understand > > > connecting to a *nix > > > system. You might want > > > to try this email thread which > > > asks about > > > backing up Linux conifgs. > > > > > > > > > > > > "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht > > > ml" > > > > > > > > ml> > > > > > > > > > > > ml> > > > > > > > > ml> > > > > > > Or you could modify the existing > > > f5login like > > > so. > > > > > > I think you have to use the > > > carrot before the () > > > to work. I haven't > > > checked this as I am at home and > > > not on a UNIX > > > system right now. Sorry > > > to lazy to check it out right > > > now. You might > > > want to uncomment the line > > > below 3. and comment out the > > > line below 2. and > > > see if that works. This > > > is the only point in the code > > > that I see it look > > > for login in any line. > > > If that doesn't work send me > > > back the debug and > > > I will see what I can > > > do. I am sure some people that > > > use expect more > > > often then I can probably > > > quickly tell you what to use as > > > syntax there. > > > > > > # Figure out prompts > > > set u_prompt [find userprompt > > > $router > > > if { "$u_prompt" == "" } { > > > #1. ORIGINAL > > > #set u_prompt > > > "^(Username|Login|login|user name):" > > > #2. Modified to read for > > > a line beginning > > > with > > > Username,Login,login, or > > > user name. > > > set u_prompt > > > "^(Username|Login|login|user > > > name):" > > > #3. Modified to read for > > > a line beginning > > > with Login or login. > > > but I > > > may be wrong > > > #set u_prompt > > > "^(Username|^Login|^login|user name):" > > > } else { > > > set u_prompt [join > > > [lindex $u_prompt 0] > > > ""] > > > > > > > > > Let me know if this works for > > > you. > > > > > > -Lance > > > > > > > > > > > > -------- Original > > > Message -------- > > > Subject: Re: [rancid] > > > F5 load balancer > > > support > > > From: Sam Munzani > > > > > > > > > > > > Date: Fri, July 13, 2007 > > > 2:30 pm > > > To: Lance > > > > > > > > > Cc: > > > rancid-discuss at shrubbery.net > > > > > > Lance, > > > > > > F5 login works fine with > > > a minor error. > > > > > > $ f5login test-f5-01 > > > test-f5-01 > > > spawn ssh -c 3des -x -l > > > root test-f5-01 > > > Password: > > > Last login: Fri Jul 13 > > > 14:26:28 2007 > > > from 172.24.100.12 > > > root > > > [root at test-f5-01:Active] > > > config # root > > > -bash: root: command not > > > found > > > [root at test-f5-01:Active] > > > config # > > > [root at test-f5-01:Active] > > > config # > > > [root at test-f5-01:Active] > > > config # > > > > > > I don't know how to > > > debug otherwise I > > > would turn on debug too. If you > > > can provide some hints > > > on debug, I would > > > appreciate it. > > > > > > Thanks, > > > Sam > > > > > > > > > What error(s) do you get > > > when you try to > > > run your f5rancid? > > > > > > Where does it fail if > > > you debug your > > > f5login? > > > > > > > > > -lance > > > > > > > > > > > > > > > -------- Original > > > Message -------- > > > Subject: [rancid] F5 > > > load balancer > > > support > > > From: Sam Munzani > > > > > > > > > > > > Date: Fri, July 13, 2007 > > > 12:45 pm > > > To: > > > rancid-discuss at shrubbery.net > > > > > > Hi, > > > > > > Did anybody happened to > > > hack one of > > > Cisco scripts to support > > > > > > > > > BigIP F5 > > > > > > > > > boxes? It should be > > > pretty simple. All I > > > want to do is login and > > > > > > > > > type "b > > > > > > > > > list" which is > > > equivalent of "show run" > > > on cisco. > > > > > > However for some reason > > > things not > > > working. All I did was copied > > > > > > > > > clogin > > > > > > > > > to f5login, copied > > > rancid to f5rancid > > > and added following to > > > > > > > > > rancid-fe. > > > > > > > > > elsif ($vendor =~ > > > /^f5$/i) > > > { exec('f5rancid', > > > > > > > > > $router); } > > > > > > > > > Then modified f5 rancid > > > file and kept > > > only one command in list of > > > commands "b list". > > > > > > For some reason its not > > > working. I can > > > post my configs here if > > > > > > > > > somebody > > > > > > > > > like to see them. > > > > > > Thanks, > > > Sam > > > > > > _______________________________________________ > > > Rancid-discuss mailing > > > list > > > > > > Rancid-discuss at shrubbery.net > > > > > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > > > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > > > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
________ > > > _______________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From sam at munzani.com Tue Jul 17 01:49:03 2007 From: sam at munzani.com (Sam Munzani) Date: Mon, 16 Jul 2007 20:49:03 -0500 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net> References: <20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net> Message-ID: <469C200F.4020909@munzani.com> Lance, Thanks a lot for all your help. Pretty much you did all the work while I watched what you are doing :-).. Attached are cleaned up files. In f5rancid file, I have left some basic functions(non platform specific) just in case we expand this script to do a lot more than just "b list" output. In rancid-fe, we defined a new device type "f5", f5login was copied from clogin and remarked some "term length" statements we don't need on F5. All 3 files are attached and working great. Please be aware, we are not parsing anything at all. All its doing is basic function of running "b list" command and capturing its output. As I expand more on this, I will be sure to share with the audience here. Again, thanks a lot for all your help today. Regards, Sam > I have helped Sam get a working f5rancid which requires a f5login (only > because it doesn't recognize the prompt with a space and exit, unless > you enter a return before the exit). He is cleaning up all the unused > functions and will post it. > > Once John H. sends out his script I will look at it and see how it > differs from the one I did with Sam. I will even help Sam get it working > for his setup. We will let you know when it is all working. > > -lance > > >> -------- Original Message -------- >> Subject: [rancid] Re: F5 load balancer support >> From: "Mike Ashcraft" >> Date: Mon, July 16, 2007 11:48 am >> To: >> Cc: rancid-discuss at shrubbery.net >> >> Sam, >> >> I have a working f5rancid that I have been using for a number of months >> now. I have one minor bug related to tracking installed SSL certs >> which you probably don't care about. Other than that, it works great. >> >> I did encounter and solve all the problems you have been discussing on >> the list. >> >> Let me know if you are interested in trying what I have. I have tested >> it with Big-IP 9.1.2. >> >> Mike >> >> ________________________________ >> >> From: rancid-discuss-bounces at shrubbery.net >> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani >> Sent: Monday, July 16, 2007 10:58 AM >> To: smunzani at comcast.net >> Cc: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: F5 load balancer support >> >> >> BTW, this is what I see in the log when I do rancid-run now. That means >> the f5rancid file(hacked copy of rancid) is still missing something. >> >> more nfl.20070716.114842 >> starting: Mon Jul 16 11:48:42 CDT 2007 >> >> >> >> Trying to get all of the configs. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 1. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 2. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 3. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 4. >> test-f5-01: End of run not found >> -bash: write: command not found >> >> cvs diff: Diffing . >> cvs diff: Diffing configs >> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007 >> >> >> >> Trying to get all of the configs. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 1. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 2. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 3. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 4. >> test-f5-01: End of run not found >> -bash: write: command not found >> >> cvs diff: Diffing . >> cvs diff: Diffing configs >> cvs diff: cannot find configs/test-f5-01 >> cvs commit: Examining . >> cvs commit: Examining configs >> cvs commit: Up-to-date check failed for `configs/test-f5-01' >> cvs [commit aborted]: correct above errors first! >> ls: test-f5-01: No such file or directory >> >> ending: Mon Jul 16 11:49:41 CDT 2007 >> >> Thanks, >> Sam >> >> >> David, >> >> Thanks a lot for the tip. This worked well. Now f5login goes >> much more >> cleaner and the "root" doesn't set sent again. I still have >> other issues >> where rancid-run is backing up config properly but I am still >> troubleshooting it. >> >> Now here is a question. What does "bldshgalsjd" mean and how >> does it do >> this miracle? >> >> Thanks, >> Sam >> >> >> Thanks for this tip, turns out that this is also the >> reason the >> username gets entered at a prompt on the cisco IPS >> devices. Since it's >> using SSH and therefore doesn't need a username prompt, >> solution was >> to simply add in .cloginrc: >> >> add userprompt ids* bldshgalsjd (<- something that >> won't get sent >> during login) >> >> Regards, >> >> David >> >> On 14/07/07, Lance >> wrote: >> >> >> Sam, >> >> Have you tried using telnet to login, if the f5 >> has it enabled. >> You may also want to set auto enable in your >> .cloginrc for this device >> as it looks to clogin as you are already in a >> cisco equivalent equal to >> enable since your prompt has a # sign in it. >> >> Looking at your next email along with this one >> it looks like you are >> already in a cisco equivalent of enable after >> you login. f5login seems >> to be sending your username of root as a command >> after you get connected >> because it sees this line "Last login: Fri Jul >> 13 14:38:03 2007 from >> 172.24.100.12" and it matches on the word >> "Login". See below. >> >> "(Username|Login|login|user name):"? yes >> >> expect: set expect_out(0,string) "login:" >> >> expect: set expect_out(1,string) "login" >> >> expect: set expect_out(spawn_id) "exp4" >> >> expect: set expect_out(buffer) " \r\nLast >> login:" >> >> send: sending "root\r" to { exp4 } >> >> expect: continuing expect >> >> You are just using a Cisco login/parsing script >> so it expects prompts >> from a Cisco device and in this case you have a >> *nix SSH banner that >> gets interrupted. I know you can use RANCID to >> backup *nix systems. So >> it knows how to understand connecting to a *nix >> system. You might want >> to try this email thread which asks about >> backing up Linux conifgs. >> >> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht >> ml" >> > ml> >> >> Or you could modify the existing f5login like >> so. >> >> I think you have to use the carrot before the () >> to work. I haven't >> checked this as I am at home and not on a UNIX >> system right now. Sorry >> to lazy to check it out right now. You might >> want to uncomment the line >> below 3. and comment out the line below 2. and >> see if that works. This >> is the only point in the code that I see it look >> for login in any line. >> If that doesn't work send me back the debug and >> I will see what I can >> do. I am sure some people that use expect more >> often then I can probably >> quickly tell you what to use as syntax there. >> >> # Figure out prompts >> set u_prompt [find userprompt $router >> if { "$u_prompt" == "" } { >> #1. ORIGINAL >> #set u_prompt >> "^(Username|Login|login|user name):" >> #2. Modified to read for a line beginning >> with >> Username,Login,login, or >> user name. >> set u_prompt "^(Username|Login|login|user >> name):" >> #3. Modified to read for a line beginning >> with Login or login. >> but I >> may be wrong >> #set u_prompt >> "^(Username|^Login|^login|user name):" >> } else { >> set u_prompt [join [lindex $u_prompt 0] >> ""] >> >> >> Let me know if this works for you. >> >> -Lance >> >> >> >> -------- Original Message -------- >> Subject: Re: [rancid] F5 load balancer >> support >> From: Sam Munzani >> >> Date: Fri, July 13, 2007 2:30 pm >> To: Lance >> >> Cc: rancid-discuss at shrubbery.net >> >> Lance, >> >> F5 login works fine with a minor error. >> >> $ f5login test-f5-01 >> test-f5-01 >> spawn ssh -c 3des -x -l root test-f5-01 >> Password: >> Last login: Fri Jul 13 14:26:28 2007 >> from 172.24.100.12 >> root >> [root at test-f5-01:Active] config # root >> -bash: root: command not found >> [root at test-f5-01:Active] config # >> [root at test-f5-01:Active] config # >> [root at test-f5-01:Active] config # >> >> I don't know how to debug otherwise I >> would turn on debug too. If you >> can provide some hints on debug, I would >> appreciate it. >> >> Thanks, >> Sam >> >> >> What error(s) do you get when you try to >> run your f5rancid? >> >> Where does it fail if you debug your >> f5login? >> >> >> -lance >> >> >> >> >> -------- Original Message -------- >> Subject: [rancid] F5 load balancer >> support >> From: Sam Munzani >> >> Date: Fri, July 13, 2007 12:45 pm >> To: rancid-discuss at shrubbery.net >> >> Hi, >> >> Did anybody happened to hack one of >> Cisco scripts to support >> >> >> BigIP F5 >> >> >> boxes? It should be pretty simple. All I >> want to do is login and >> >> >> type "b >> >> >> list" which is equivalent of "show run" >> on cisco. >> >> However for some reason things not >> working. All I did was copied >> >> >> clogin >> >> >> to f5login, copied rancid to f5rancid >> and added following to >> >> >> rancid-fe. >> >> >> elsif ($vendor =~ /^f5$/i) >> { exec('f5rancid', >> >> >> $router); } >> >> >> Then modified f5 rancid file and kept >> only one command in list of >> commands "b list". >> >> For some reason its not working. I can >> post my configs here if >> >> >> somebody >> >> >> like to see them. >> >> Thanks, >> Sam >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/fc2a7394/attachment.html -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: f5login Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/fc2a7394/attachment.ksh -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: f5rancid Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/fc2a7394/attachment-0001.ksh -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: rancid-fe Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/fc2a7394/attachment-0002.ksh From sam at munzani.com Tue Jul 17 19:59:35 2007 From: sam at munzani.com (Sam Munzani) Date: Tue, 17 Jul 2007 14:59:35 -0500 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <45EB285310B55542A513F93230F0A5330115DBAD@EXCHANGE0.orm.omniture.com> References: <20070717110025.8e114e4890519e5179c192e02d6bca26.2c7708e391.wbe@email.secureserver.net> <45EB285310B55542A513F93230F0A5330115DBAD@EXCHANGE0.orm.omniture.com> Message-ID: <469D1FA7.2040807@munzani.com> Mike, I am curious how did you get around using clogin without any changes. Lance and I ran in to "term length" command issue. clogin was trying to run that command on f5 which set errors and F5 never declared it a clean run until we remarked out "term length" line. That's why we thought having a separate f5login was good idea to filter out cisco specific login routines :-) BTW, your script is working great and I have started using it. Your script do a little more than "b list" I had. Specially "cat bigip_base.conf" which is needed to rebuild the box. Thanks, Sam > Lance, > > Thanks for the feedback. > > "b list" and "cat bigip.conf" are equivalent with the exception that b > list may reflect changes made in the cli that are not saved and will be > lost on reboot. Changes made using the web configuration tool are > automatically saved. "b list" may also limit what the rancid user can > see to a partial view if the user is not given sufficient rights. This > file has the software configuration. > > The other file, bigip_base.conf contains interface configuration, > management IP addresses, routing, VLANs etc. > > One could debate whether the f5rancid script should get the saved > configuration files or the running config or both. For cisco devices, > rancid obtains both. I'll look at adding both. > > Mike > > -----Original Message----- > From: Lance [mailto:rancid at gheek.net] > Sent: Tuesday, July 17, 2007 12:00 PM > To: Mike Ashcraft > Cc: rancid-discuss at shrubbery.net; sam at munzani.com > Subject: RE: [rancid] Re: F5 load balancer support > > Mike, > > Looks really nice. I am guessing the bigip.conf or the other file is > what is displayed with "b list". > > -Lance > > >> -------- Original Message -------- >> Subject: RE: [rancid] Re: F5 load balancer support >> From: "Mike Ashcraft" >> Date: Tue, July 17, 2007 10:49 am >> To: , "Lance" >> Cc: >> >> I have been on vacation for the last couple of weeks or I would have >> posted this sooner and possibly saved some of you a bit of effort. >> >> It sounds like Lance and Sam have put together a working f5rancid with >> basic functionality which Sam posted last night. I have attached my >> f5rancid which I have been running for a few months. Installation >> instructions are included as comments in the file. This version uses >> clogin so that a separate f5login script is not required. >> >> This version formats and processes the output to make it more usable. >> As far as what is captured, I based this on the F5 equivalent of a >> > tech > >> out. It grabs a copy of all the configuration files, hardware >> configuration and software version as well as the timestamps and file >> sizes for SSL certs hosted on the device. This facilitates rebuilding >> from scratch as quickly as possible if this is ever needed. >> >> I was able to resolve the bug I mentioned yesterday by increasing the >> clogin timeout. On a small number of devices it failed to process the >> last few commands when running from cron but always worked properly >> > from > >> the command line on all devices [making it difficult to track down]. >> > I > >> mention this because it may be an appropriate fix for other >> > intermittent > >> problems sometimes discussed on this list. >> >> Any feedback is appreciated. I hope to get f5 support added to future >> releases of rancid. >> >> Thanks, >> >> Mike >> >> >> >> ________________________________ >> >> From: Sam Munzani [mailto:sam at munzani.com] >> Sent: Monday, July 16, 2007 7:49 PM >> To: Lance >> Cc: Mike Ashcraft; rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Re: F5 load balancer support >> >> >> Lance, >> >> Thanks a lot for all your help. Pretty much you did all the work while >> > I > >> watched what you are doing :-).. >> >> Attached are cleaned up files. In f5rancid file, I have left some >> > basic > >> functions(non platform specific) just in case we expand this script to >> do a lot more than just "b list" output. In rancid-fe, we defined a >> > new > >> device type "f5", f5login was copied from clogin and remarked some >> > "term > >> length" statements we don't need on F5. >> >> All 3 files are attached and working great. Please be aware, we are >> > not > >> parsing anything at all. All its doing is basic function of running "b >> list" command and capturing its output. As I expand more on this, I >> > will > >> be sure to share with the audience here. >> >> Again, thanks a lot for all your help today. >> >> Regards, >> Sam >> >> >> I have helped Sam get a working f5rancid which requires a >> f5login (only >> because it doesn't recognize the prompt with a space and exit, >> unless >> you enter a return before the exit). He is cleaning up all the >> unused >> functions and will post it. >> >> Once John H. sends out his script I will look at it and see how >> it >> differs from the one I did with Sam. I will even help Sam get it >> working >> for his setup. We will let you know when it is all working. >> >> -lance >> >> >> >> -------- Original Message -------- >> Subject: [rancid] Re: F5 load balancer support >> From: "Mike Ashcraft" >> >> Date: Mon, July 16, 2007 11:48 am >> To: >> Cc: rancid-discuss at shrubbery.net >> >> Sam, >> >> I have a working f5rancid that I have been using for a >> number of months >> now. I have one minor bug related to tracking >> installed SSL certs >> which you probably don't care about. Other than that, >> it works great. >> >> I did encounter and solve all the problems you have been >> discussing on >> the list. >> >> Let me know if you are interested in trying what I have. >> I have tested >> it with Big-IP 9.1.2. >> >> Mike >> >> ________________________________ >> >> From: rancid-discuss-bounces at shrubbery.net >> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf >> Of Sam Munzani >> Sent: Monday, July 16, 2007 10:58 AM >> To: smunzani at comcast.net >> Cc: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: F5 load balancer support >> >> >> BTW, this is what I see in the log when I do rancid-run >> now. That means >> the f5rancid file(hacked copy of rancid) is still >> missing something. >> >> more nfl.20070716.114842 >> starting: Mon Jul 16 11:48:42 CDT 2007 >> >> >> >> Trying to get all of the configs. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 1. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 2. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 3. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 4. >> test-f5-01: End of run not found >> -bash: write: command not found >> >> cvs diff: Diffing . >> cvs diff: Diffing configs >> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT >> 2007 >> >> >> >> Trying to get all of the configs. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 1. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 2. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 3. >> test-f5-01: End of run not found >> -bash: write: command not found >> ===================================== >> Getting missed routers: round 4. >> test-f5-01: End of run not found >> -bash: write: command not found >> >> cvs diff: Diffing . >> cvs diff: Diffing configs >> cvs diff: cannot find configs/test-f5-01 >> cvs commit: Examining . >> cvs commit: Examining configs >> cvs commit: Up-to-date check failed for >> `configs/test-f5-01' >> cvs [commit aborted]: correct above errors first! >> ls: test-f5-01: No such file or directory >> >> ending: Mon Jul 16 11:49:41 CDT 2007 >> >> Thanks, >> Sam >> >> >> David, >> >> Thanks a lot for the tip. This worked well. Now >> f5login goes >> much more >> cleaner and the "root" doesn't set sent again. I >> still have >> other issues >> where rancid-run is backing up config properly >> but I am still >> troubleshooting it. >> >> Now here is a question. What does "bldshgalsjd" >> mean and how >> does it do >> this miracle? >> >> Thanks, >> Sam >> >> >> Thanks for this tip, turns out that this >> is also the >> reason the >> username gets entered at a prompt on the >> cisco IPS >> devices. Since it's >> using SSH and therefore doesn't need a >> username prompt, >> solution was >> to simply add in .cloginrc: >> >> add userprompt ids* bldshgalsjd (<- >> something that >> won't get sent >> during login) >> >> Regards, >> >> David >> >> On 14/07/07, Lance >> >> >> wrote: >> >> >> Sam, >> >> Have you tried using telnet to >> login, if the f5 >> has it enabled. >> You may also want to set auto >> enable in your >> .cloginrc for this device >> as it looks to clogin as you are >> already in a >> cisco equivalent equal to >> enable since your prompt has a # >> sign in it. >> >> Looking at your next email along >> with this one >> it looks like you are >> already in a cisco equivalent of >> enable after >> you login. f5login seems >> to be sending your username of >> root as a command >> after you get connected >> because it sees this line "Last >> login: Fri Jul >> 13 14:38:03 2007 from >> 172.24.100.12" and it matches on >> the word >> "Login". See below. >> >> "(Username|Login|login|user >> name):"? yes >> >> expect: set expect_out(0,string) >> "login:" >> >> expect: set expect_out(1,string) >> "login" >> >> expect: set expect_out(spawn_id) >> "exp4" >> >> expect: set expect_out(buffer) " >> \r\nLast >> login:" >> >> send: sending "root\r" to { exp4 >> } >> >> expect: continuing expect >> >> You are just using a Cisco >> login/parsing script >> so it expects prompts >> from a Cisco device and in this >> case you have a >> *nix SSH banner that >> gets interrupted. I know you can >> use RANCID to >> backup *nix systems. So >> it knows how to understand >> connecting to a *nix >> system. You might want >> to try this email thread which >> asks about >> backing up Linux conifgs. >> >> >> >> > "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht > >> ml" >> >> > >> ml> >> >> >> > >> ml> >> >> > >> ml> >> >> Or you could modify the existing >> f5login like >> so. >> >> I think you have to use the >> carrot before the () >> to work. I haven't >> checked this as I am at home and >> not on a UNIX >> system right now. Sorry >> to lazy to check it out right >> now. You might >> want to uncomment the line >> below 3. and comment out the >> line below 2. and >> see if that works. This >> is the only point in the code >> that I see it look >> for login in any line. >> If that doesn't work send me >> back the debug and >> I will see what I can >> do. I am sure some people that >> use expect more >> often then I can probably >> quickly tell you what to use as >> syntax there. >> >> # Figure out prompts >> set u_prompt [find userprompt >> $router >> if { "$u_prompt" == "" } { >> #1. ORIGINAL >> #set u_prompt >> "^(Username|Login|login|user name):" >> #2. Modified to read for >> a line beginning >> with >> Username,Login,login, or >> user name. >> set u_prompt >> "^(Username|Login|login|user >> name):" >> #3. Modified to read for >> a line beginning >> with Login or login. >> but I >> may be wrong >> #set u_prompt >> "^(Username|^Login|^login|user name):" >> } else { >> set u_prompt [join >> [lindex $u_prompt 0] >> ""] >> >> >> Let me know if this works for >> you. >> >> -Lance >> >> >> >> -------- Original >> Message -------- >> Subject: Re: [rancid] >> F5 load balancer >> support >> From: Sam Munzani >> >> >> >> Date: Fri, July 13, 2007 >> 2:30 pm >> To: Lance >> >> >> Cc: >> rancid-discuss at shrubbery.net >> >> Lance, >> >> F5 login works fine with >> a minor error. >> >> $ f5login test-f5-01 >> test-f5-01 >> spawn ssh -c 3des -x -l >> root test-f5-01 >> Password: >> Last login: Fri Jul 13 >> 14:26:28 2007 >> from 172.24.100.12 >> root >> [root at test-f5-01:Active] >> config # root >> -bash: root: command not >> found >> [root at test-f5-01:Active] >> config # >> [root at test-f5-01:Active] >> config # >> [root at test-f5-01:Active] >> config # >> >> I don't know how to >> debug otherwise I >> would turn on debug too. If you >> can provide some hints >> on debug, I would >> appreciate it. >> >> Thanks, >> Sam >> >> >> What error(s) do you get >> when you try to >> run your f5rancid? >> >> Where does it fail if >> you debug your >> f5login? >> >> >> -lance >> >> >> >> >> -------- Original >> Message -------- >> Subject: [rancid] F5 >> load balancer >> support >> From: Sam Munzani >> >> >> >> Date: Fri, July 13, 2007 >> 12:45 pm >> To: >> rancid-discuss at shrubbery.net >> >> Hi, >> >> Did anybody happened to >> hack one of >> Cisco scripts to support >> >> >> BigIP F5 >> >> >> boxes? It should be >> pretty simple. All I >> want to do is login and >> >> >> type "b >> >> >> list" which is >> equivalent of "show run" >> on cisco. >> >> However for some reason >> things not >> working. All I did was copied >> >> >> clogin >> >> >> to f5login, copied >> rancid to f5rancid >> and added following to >> >> >> rancid-fe. >> >> >> elsif ($vendor =~ >> /^f5$/i) >> { exec('f5rancid', >> >> >> $router); } >> >> >> Then modified f5 rancid >> file and kept >> only one command in list of >> commands "b list". >> >> For some reason its not >> working. I can >> post my configs here if >> >> >> somebody >> >> >> like to see them. >> >> Thanks, >> Sam >> >> _______________________________________________ >> Rancid-discuss mailing >> list >> >> Rancid-discuss at shrubbery.net >> >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> >> >> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
________ > >> _______________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/b7342fe8/attachment.html From teun at teun.tv Mon Jul 16 22:21:05 2007 From: teun at teun.tv (Teun Vink) Date: Tue, 17 Jul 2007 00:21:05 +0200 Subject: [rancid] Re: F5 load balancer support In-Reply-To: <20070716215557.GT8752@shrubbery.net> References: <20070716102053.8e114e4890519e5179c192e02d6bca26.ed552ed684.wbe@email.secureserver.net> <469BB224.2000609@comcast.net> <20070716215557.GT8752@shrubbery.net> Message-ID: <1184624465.21508.5.camel@demandred> On Mon, 2007-07-16 at 21:55 +0000, john heasley wrote: > A user gave me access to a f5, but I ran out of time and access was removed. > So, I have a nearly complete script for it that I'd like to be completed. > I'll send it to you separately. If you like someone else to test it as well, feel free to send me a copy. Unfortunately I can't provide access to a live box due to access policies. Regards, Teun From jsidwell at perisys.net Mon Jul 23 18:00:33 2007 From: jsidwell at perisys.net (Joshua Sidwell) Date: Mon, 23 Jul 2007 12:00:33 -0600 Subject: [rancid] Using privilege command enhancements for least privilege configuration Message-ID: <001801c7cd53$5e644e00$0c01a8c0@headquarters.haynesmechsys.com> Hello all, has anyone tried to rewrite the rancid.in file to accommodate a custom privilege level that just allows the commands in rancid.in? Or is a rewrite not even necessary if when I logon using that account I am already in enable mode? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070723/40b2327f/attachment.html From rancid at gheek.net Mon Jul 23 21:43:15 2007 From: rancid at gheek.net (Lance) Date: Mon, 23 Jul 2007 14:43:15 -0700 Subject: [rancid] Re: Using privilege command enhancements for least privilege configuration Message-ID: <20070723144315.8e114e4890519e5179c192e02d6bca26.937c5eb887.wbe@email.secureserver.net> Joshua, Why not try this. # add autoenable <1/0> # This is used if you are automatically enabled by the login process. # The prompt that will be expected will be a # as if you # were already in enable mode or privilege 15 when you login. add autoenable cisco_router 1 # Expects a prompt as if you were privilege 0 or > as your prompt. # this is the default setting. add autoenable cisco_router 0 -Lance > -------- Original Message -------- > Subject: [rancid] Using privilege command enhancements for least > privilege configuration > From: Joshua Sidwell > Date: Mon, July 23, 2007 11:00 am > To: rancid-discuss at shrubbery.net > > Hello all, has anyone tried to rewrite the rancid.in file to > accommodate a > custom privilege level that just allows the commands in rancid.in? Or > is a > rewrite not even necessary if when I logon using that account I am > already > in enable mode?
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From dtuecks at googlemail.com Tue Jul 24 09:47:09 2007 From: dtuecks at googlemail.com (Daniel Tuecks) Date: Tue, 24 Jul 2007 11:47:09 +0200 Subject: [rancid] 'changeto context' Issue Message-ID: Hello, I am trying to backup various fwsm contexts. Using rancid 2.3.2a6, i can issue a command similar to clogin -c 'changeto context ;show running-config' fwsm0.my.domain clogin displays the config, exits and everything is fine. How can I configure rancid to do this automatically? I'd like to have each context-config treated as a separate device. How would I specify this in the router.db file? I cannot access the context directly. It would be nice if something like this existed router.db --------- fwsm0:cisco-fwcontext[my_context]:up or alternatively fwsm0[my_context]:cisco:up -- Daniel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070724/600833a4/attachment.html From rancid at gheek.net Tue Jul 24 17:24:32 2007 From: rancid at gheek.net (Lance) Date: Tue, 24 Jul 2007 10:24:32 -0700 Subject: [rancid] Re: 'changeto context' Issue Message-ID: <20070724102431.8e114e4890519e5179c192e02d6bca26.3329f496fe.wbe@email.secureserver.net> Daniel, This is currently not support by rancid. The tricky part is to make this function dynamic. To make it static is rather simple. The only way to make it dynamic from my point of view is to do it one of a couple of ways. # #Sample router.db format: # device[my_context]:asa:up # #Sample processing of $hosts to help control which context is backed up. # : cat asarancid #!/usr/bin/perl -w my $host = $ARGV[0]; my $device; my $context; if ( $host =~ /(.*)\[(.*)\]/ ) { $device = $1; $context = $2; print "Device: $device\n"; print "Context: $context\n"; } die "Didn't find a context in the prompt: $!\n" if (! $context ); if ( -e $device_system ) { my @array = `cat $device_system`; foreach (@array) { print "Process Context: $context\n" if $_ =~ /^context\s$context$/; $match = 1 if $_ =~ /context\s$context/; } print "No context matching $context in the system config for $device\n" if (! $match); } else { die "File ($device) doesn't exist: $!\n"; } perl asarancid ops-pix-1[admin]:asa:up Device: ops-pix-1 Context: admin Process Context: admin perl asarancid ops-pix-1[admin2]:asa:up Device: ops-pix-1 Context: admin2 Process Context: admin2 1.) - connect to the FW or FWSM and changeto system. Issue "sh run". - read the FW/FWSM system config that is saved in the configs directory and capture all contexts that are configured there. - using something I would call ASArancid a perl script (slightly modified rancid perl script) and read the FW/FWSM system config that is saved in the configs directory and capture all contexts names that are in the configuration. Then call the existing clogin expect script and pass in the commands to run which would include a new command "changeto ". - If you want to be able to control the contexts that are collected then you could modify ASArancid a little more to simply parse $ARGV[0]/$host and check if the context from the example above. That would dynamically capture the configs and allow you to control what is captured. Keep in mind you would need to first have an entry for "device[system]:asa:up" to create the base config which is only the system config. If that wasn't there then all other attempts to get configs for contexts on that host would fail. I would also make these be saved as device_system. So for my example I would have an example file file of var//configs/ops-pix-1_system. So the file new log line would look something like this. open(OUTPUT,">$device_$context.new") || die "Can't open $device_$context.new for writing: $!\n"; This is the best I can I think to process it. Maybe I will get some time to put a asarancid script together. -Lance > -------- Original Message -------- > Subject: [rancid] 'changeto context' Issue > From: "Daniel Tuecks" > Date: Tue, July 24, 2007 2:47 am > To: rancid-discuss at shrubbery.net > > Hello, > > I am trying to backup various fwsm contexts. Using rancid 2.3.2a6, i can > issue a command similar to > > clogin -c 'changeto context ;show running-config' > fwsm0.my.domain > > clogin displays the config, exits and everything is fine. > > How can I configure rancid to do this automatically? I'd like to have each > context-config treated as a separate device. How would I specify this in the > router.db file? I cannot access the context directly. > > It would be nice if something like this existed > > router.db > --------- > > fwsm0:cisco-fwcontext[my_context]:up > > or alternatively > > fwsm0[my_context]:cisco:up > > > -- Daniel
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From dthomas53 at gmail.com Fri Jul 27 01:35:52 2007 From: dthomas53 at gmail.com (David Stanford) Date: Thu, 26 Jul 2007 21:35:52 -0400 Subject: [rancid] Rancid + Cisco ASAs (with multiple contexts) Message-ID: Hi all, I've been googling for the past hour or so, but haven't been able to find a solid answer to my problem. We are beginning to implement some new Cisco ASA devices here at work, using multiple contexts. We currently use Rancid across our network for Juniper+Cisco devices and would like to incorporate the new ASAs, but I don't see that Rancid currently has the ability to recognize contexts and pull the various config information from each one. At the moment, I am considering a simple shell script using clogin that will subsequently commit the configs to our CVS repo, but since I am no shell scripting guru, this would be a best effort attempt and would probably not be nearly as clean as Rancid (on the saved output). Is there anything in the works for Rancid to support this? Has anyone else been able to implement this with any success (using multiple contexts)? Thanks in advance! -David -- [root at fbsd ~]# fortune Happiness is just an illusion, filled with sadness and confusion. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070726/41e2b054/attachment.html From rancid at gheek.net Fri Jul 27 02:46:28 2007 From: rancid at gheek.net (Lance) Date: Thu, 26 Jul 2007 19:46:28 -0700 Subject: [rancid] Re: Rancid + Cisco ASAs (with multiple contexts) Message-ID: <20070726194628.8e114e4890519e5179c192e02d6bca26.2e9d84f59b.wbe@email.secureserver.net> David, This link is where I have put in some suggestions and will actually hopefully produce a new script to do this. http://www.shrubbery.net/pipermail/rancid-discuss/2007-July/002358.html Not sure when I will get to it. Hopefully I will get to it in the next couple of weeks. -Lance > -------- Original Message -------- > Subject: [rancid] Rancid + Cisco ASAs (with multiple contexts) > From: "David Stanford" > Date: Thu, July 26, 2007 6:35 pm > To: rancid-discuss at shrubbery.net > > Hi all, > > I've been googling for the past hour or so, but haven't been able to find a > solid answer to my problem. We are beginning to implement some new Cisco ASA > devices here at work, using multiple contexts. We currently use Rancid > across our network for Juniper+Cisco devices and would like to incorporate > the new ASAs, but I don't see that Rancid currently has the ability to > recognize contexts and pull the various config information from each one. > > At the moment, I am considering a simple shell script using clogin that will > subsequently commit the configs to our CVS repo, but since I am no shell > scripting guru, this would be a best effort attempt and would probably not > be nearly as clean as Rancid (on the saved output). Is there anything in the > works for Rancid to support this? Has anyone else been able to implement > this with any success (using multiple contexts)? > > Thanks in advance! > > -David > -- > [root at fbsd ~]# fortune > Happiness is just an illusion, filled with sadness and confusion.
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From dthomas53 at gmail.com Fri Jul 27 04:10:29 2007 From: dthomas53 at gmail.com (David Stanford) Date: Fri, 27 Jul 2007 00:10:29 -0400 Subject: [rancid] Re: Rancid + Cisco ASAs (with multiple contexts) In-Reply-To: <20070726194628.8e114e4890519e5179c192e02d6bca26.2e9d84f59b.wbe@email.secureserver.net> References: <20070726194628.8e114e4890519e5179c192e02d6bca26.2e9d84f59b.wbe@email.secureserver.net> Message-ID: Thanks Lance, I appreciate the quick response. :) Will you post it to the list or should I just continue checking for a new alpha release? Thanks again! -David On 7/26/07, Lance wrote: > > David, > > This link is where I have put in some suggestions and will actually > hopefully produce a new script to do this. > > http://www.shrubbery.net/pipermail/rancid-discuss/2007-July/002358.html > > Not sure when I will get to it. Hopefully I will get to it in the next > couple of weeks. > > -Lance > > -------- Original Message -------- > > Subject: [rancid] Rancid + Cisco ASAs (with multiple contexts) > > From: "David Stanford" > > Date: Thu, July 26, 2007 6:35 pm > > To: rancid-discuss at shrubbery.net > > > > Hi all, > > > > I've been googling for the past hour or so, but haven't been able to > find a > > solid answer to my problem. We are beginning to implement some new Cisco > ASA > > devices here at work, using multiple contexts. We currently use Rancid > > across our network for Juniper+Cisco devices and would like to > incorporate > > the new ASAs, but I don't see that Rancid currently has the ability to > > recognize contexts and pull the various config information from each > one. > > > > At the moment, I am considering a simple shell script using clogin that > will > > subsequently commit the configs to our CVS repo, but since I am no shell > > scripting guru, this would be a best effort attempt and would probably > not > > be nearly as clean as Rancid (on the saved output). Is there anything in > the > > works for Rancid to support this? Has anyone else been able to implement > > this with any success (using multiple contexts)? > > > > Thanks in advance! > > > > -David > > -- > > [root at fbsd ~]# fortune > > Happiness is just an illusion, filled with sadness and > confusion.
_______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- [root at fbsd ~]# fortune Happiness is just an illusion, filled with sadness and confusion. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070727/d78cb331/attachment.html From rancid at gheek.net Fri Jul 27 17:02:22 2007 From: rancid at gheek.net (Lance) Date: Fri, 27 Jul 2007 10:02:22 -0700 Subject: [rancid] Re: Rancid + Cisco ASAs (with multiple contexts) Message-ID: <20070727100222.8e114e4890519e5179c192e02d6bca26.ffd15bb85e.wbe@email.secureserver.net> Daniel, I will post it to the list. I don't maintain the list/app. I am just a contributor. :-D John H. would be the one to add it to the package. -Lance > -------- Original Message -------- > Subject: Re: [rancid] Rancid + Cisco ASAs (with multiple contexts) > From: "David Stanford" > Date: Thu, July 26, 2007 9:10 pm > To: Lance > Cc: rancid-discuss at shrubbery.net > > Thanks Lance, I appreciate the quick response. :) > > Will you post it to the list or should I just continue checking for a new > alpha release? > > Thanks again! > > -David > > On 7/26/07, Lance wrote: > > > > David, > > > > This link is where I have put in some suggestions and will actually > > hopefully produce a new script to do this. > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2007-July/002358.html > > > > Not sure when I will get to it. Hopefully I will get to it in the next > > couple of weeks. > > > > -Lance > > > -------- Original Message -------- > > > Subject: [rancid] Rancid + Cisco ASAs (with multiple contexts) > > > From: "David Stanford" > > > Date: Thu, July 26, 2007 6:35 pm > > > To: rancid-discuss at shrubbery.net > > > > > > Hi all, > > > > > > I've been googling for the past hour or so, but haven't been able to > > find a > > > solid answer to my problem. We are beginning to implement some new Cisco > > ASA > > > devices here at work, using multiple contexts. We currently use Rancid > > > across our network for Juniper+Cisco devices and would like to > > incorporate > > > the new ASAs, but I don't see that Rancid currently has the ability to > > > recognize contexts and pull the various config information from each > > one. > > > > > > At the moment, I am considering a simple shell script using clogin that > > will > > > subsequently commit the configs to our CVS repo, but since I am no shell > > > scripting guru, this would be a best effort attempt and would probably > > not > > > be nearly as clean as Rancid (on the saved output). Is there anything in > > the > > > works for Rancid to support this? Has anyone else been able to implement > > > this with any success (using multiple contexts)? > > > > > > Thanks in advance! > > > > > > -David > > > -- > > > [root at fbsd ~]# fortune > > > Happiness is just an illusion, filled with sadness and > > confusion.
_______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > -- > [root at fbsd ~]# fortune > Happiness is just an illusion, filled with sadness and confusion. From lance at gheek.net Tue Jul 24 18:41:24 2007 From: lance at gheek.net (Lance Vermilion) Date: Tue, 24 Jul 2007 11:41:24 -0700 Subject: [rancid] Re: 'changeto context' Issue Message-ID: <20070724114124.8e114e4890519e5179c192e02d6bca26.ce3d4cdf93.wbe@email.secureserver.net> Looks like I will be able to spend some time on this in the next 90 days. We are getting some FWSM and going to be creating more contexts than we use on our outside firewalls. hehehe. -lance > -------- Original Message -------- > Subject: [rancid] Re: 'changeto context' Issue > From: Lance > Date: Tue, July 24, 2007 10:24 am > To: Daniel Tuecks > Cc: rancid-discuss at shrubbery.net > > Daniel, > > This is currently not support by rancid. The tricky part is to make this > function dynamic. To make it static is rather simple. The only way to > make it dynamic from my point of view is to do it one of a couple of > ways. > > # > #Sample router.db format: > # > device[my_context]:asa:up > > # > #Sample processing of $hosts to help control which context is backed up. > # > : cat asarancid > #!/usr/bin/perl -w > > my $host = $ARGV[0]; > my $device; > my $context; > > if ( $host =~ /(.*)\[(.*)\]/ ) > { > > $device = $1; > $context = $2; > print "Device: $device\n"; > print "Context: $context\n"; > } > > die "Didn't find a context in the prompt: $!\n" if (! $context ); > > if ( -e $device_system ) > { > my @array = `cat $device_system`; > foreach (@array) > { > print "Process Context: $context\n" if $_ =~ /^context\s$context$/; > $match = 1 if $_ =~ /context\s$context/; > } > print "No context matching $context in the system config for > $device\n" if (! $match); > } > else > { > die "File ($device) doesn't exist: $!\n"; > } > > perl asarancid ops-pix-1[admin]:asa:up > Device: ops-pix-1 > Context: admin > Process Context: admin > > > perl asarancid ops-pix-1[admin2]:asa:up > Device: ops-pix-1 > Context: admin2 > Process Context: admin2 > > > > > 1.) - connect to the FW or FWSM and changeto system. Issue "sh run". > - read the FW/FWSM system config that is saved in the configs > directory and capture all contexts that are configured there. > - using something I would call ASArancid a perl script (slightly > modified rancid perl script) and read the FW/FWSM system config that is > saved in the configs directory and capture all contexts names that are > in the configuration. Then call the existing clogin expect script and > pass in the commands to run which would include a new command "changeto > ". > - If you want to be able to control the contexts that are collected > then you could modify ASArancid a little more to simply parse > $ARGV[0]/$host and check if the context from the example above. > > That would dynamically capture the configs and allow you to control what > is captured. Keep in mind you would need to first have an entry for > "device[system]:asa:up" to create the base config which is only the > system config. If that wasn't there then all other attempts to get > configs for contexts on that host would fail. I would also make these be > saved as device_system. So for my example I would have an example file > file of var//configs/ops-pix-1_system. So the file new log line > would look something like this. > > open(OUTPUT,">$device_$context.new") || die "Can't open > $device_$context.new for writing: $!\n"; > > This is the best I can I think to process it. Maybe I will get some time > to put a asarancid script together. > > -Lance > > > > -------- Original Message -------- > > Subject: [rancid] 'changeto context' Issue > > From: "Daniel Tuecks" > > Date: Tue, July 24, 2007 2:47 am > > To: rancid-discuss at shrubbery.net > > > > Hello, > > > > I am trying to backup various fwsm contexts. Using rancid 2.3.2a6, i can > > issue a command similar to > > > > clogin -c 'changeto context ;show running-config' > > fwsm0.my.domain > > > > clogin displays the config, exits and everything is fine. > > > > How can I configure rancid to do this automatically? I'd like to have each > > context-config treated as a separate device. How would I specify this in the > > router.db file? I cannot access the context directly. > > > > It would be nice if something like this existed > > > > router.db > > --------- > > > > fwsm0:cisco-fwcontext[my_context]:up > > > > or alternatively > > > > fwsm0[my_context]:cisco:up > > > > > > -- Daniel
_______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From info at emre.de Tue Jul 31 08:29:51 2007 From: info at emre.de (Emre Bastuz) Date: Tue, 31 Jul 2007 10:29:51 +0200 Subject: [rancid] Migrating from CVS to SVN on different server Message-ID: <46AEF2FF.7070008@emre.de> Hi, I have migrated rancid data from one machine to another and while I was at it switched from CVS to SVN. For those who need to do something similar I?d like to outline the steps taken. - I put the CVS data from rancid?s old installation into at tar.gz, moved it over to the new machine an placed it in a folder /tmp/myoldcvs - I used cvs2svn to convert the data from group "router": cvs2svn --trunk-only --encoding=utf8 -s /var/svn/rancid-router /tmp/myoldcvs/CVS/router - as the svn data already exists now, the command 'rancid-cvs' can not be used to initialize the repository and create further data, needed by rancid. You?ll have to create the needed files manually/copy them from the former installation: BASEDIR=/var/lib/rancid; export BASEDIR OLDDIR=/tmp/myoldcvs; export OLDDIR mkdir $BASEDIR/router cd $BASEDIR/router svn checkout file:///var/svn/rancid-router/trunk . cp $OLDDIR/router/routers.all $BASEDIR/router/ cp $OLDDIR/router/routers.down $BASEDIR/router/ cp $OLDDIR/router/routers.failed $BASEDIR/router/ cp $OLDDIR/router/routers.up $BASEDIR/router/ cp $OLDDIR/router/router.db $BASEDIR/router/ chown -R rancid:rancid $BASEDIR chown -R rancid /var/svn/rancid-router/ - I edited rancid.conf to point to the SVN folder and "activated" SVN RCSSYS=svn; export RCSSYS CVSROOT=/var/svn/rancid-router; export CVSROOT By the way: for debugging purposes I edited the first line of the script 'control_rancid' to include the "-x" option for /bin/sh: #! /bin/sh -x This will add a lot of information to the rancid logfile. Hope this helps. Cheers, Emre -- http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD I don't see why some people even HAVE cars. -- Calvin From rancid at gheek.net Tue Jul 31 15:33:10 2007 From: rancid at gheek.net (Lance) Date: Tue, 31 Jul 2007 08:33:10 -0700 Subject: [rancid] Re: Migrating from CVS to SVN on different server Message-ID: <20070731083310.8e114e4890519e5179c192e02d6bca26.9bdd4d2383.wbe@email.secureserver.net> Nice work. > -------- Original Message -------- > Subject: [rancid] Migrating from CVS to SVN on different server > From: Emre Bastuz > Date: Tue, July 31, 2007 1:29 am > To: rancid-discuss at shrubbery.net > > Hi, > > I have migrated rancid data from one machine to another and > while I was at it switched from CVS to SVN. > > For those who need to do something similar I?d like to outline > the steps taken. > > - I put the CVS data from rancid?s old installation into at tar.gz, > moved it over to the new machine an placed it in a folder > /tmp/myoldcvs > > - I used cvs2svn to convert the data from group "router": > cvs2svn --trunk-only --encoding=utf8 -s /var/svn/rancid-router /tmp/myoldcvs/CVS/router > > - as the svn data already exists now, the command 'rancid-cvs' can not be > used to initialize the repository and create further data, needed by > rancid. You?ll have to create the needed files manually/copy them from the > former installation: > > BASEDIR=/var/lib/rancid; export BASEDIR > OLDDIR=/tmp/myoldcvs; export OLDDIR > mkdir $BASEDIR/router > cd $BASEDIR/router > svn checkout file:///var/svn/rancid-router/trunk . > cp $OLDDIR/router/routers.all $BASEDIR/router/ > cp $OLDDIR/router/routers.down $BASEDIR/router/ > cp $OLDDIR/router/routers.failed $BASEDIR/router/ > cp $OLDDIR/router/routers.up $BASEDIR/router/ > cp $OLDDIR/router/router.db $BASEDIR/router/ > chown -R rancid:rancid $BASEDIR > chown -R rancid /var/svn/rancid-router/ > > - I edited rancid.conf to point to the SVN folder and "activated" SVN > RCSSYS=svn; export RCSSYS > CVSROOT=/var/svn/rancid-router; export CVSROOT > By the way: for debugging purposes I edited the first line of > the script 'control_rancid' to include the "-x" option for > /bin/sh: #! /bin/sh -x > > This will add a lot of information to the rancid logfile. > > Hope this helps. > > Cheers, > > Emre > > -- > http://www.emre.de UIN: 561260 > PGP Key ID: 0xAFAC77FD > > I don't see why some people even HAVE cars. -- Calvin > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss