From hoswfh at singtel.com Mon Jul 2 03:21:20 2007
From: hoswfh at singtel.com (Ho Siew Fah)
Date: Mon, 2 Jul 2007 11:21:20 +0800
Subject: [rancid] Rancid End Of Run Problem
Message-ID: <279ED964879B044DAF5F2E6420328A0AA73E7A@EXHQ05B.singtel.corp.root>
Hi,
I have problem getting the backup configuration for the following
router. The below message keeps appearing after I have run the "rancid
-d gbon" command. This is a cisco router. This router name is in the
router.db file. This problem appears after I have manually removed the
gbon router configuration file from the configs directory.
gbon: End of run not found
Any clues to solve this problem.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070702/7eeb08e4/attachment.html
From david+rancid at luyer.net Mon Jul 2 16:24:42 2007
From: david+rancid at luyer.net (David Luyer)
Date: Mon, 2 Jul 2007 09:24:42 -0700 (PDT)
Subject: [rancid] Re: Rancid End Of Run Problem
In-Reply-To: <279ED964879B044DAF5F2E6420328A0AA73E7A@EXHQ05B.singtel.corp.root>
References: <279ED964879B044DAF5F2E6420328A0AA73E7A@EXHQ05B.singtel.corp.root>
Message-ID: <54013.208.201.244.10.1183393482.squirrel@www.luyer.net>
> Hi,
>
> I have problem getting the backup configuration for the following
> router. The below message keeps appearing after I have run the "rancid
> -d gbon" command. This is a cisco router. This router name is in the
> router.db file. This problem appears after I have manually removed the
> gbon router configuration file from the configs directory.
>
> gbon: End of run not found
>
> Any clues to solve this problem.
You need to post more of the error.
If that's the only error message, then it's probably getting a 'command
authorization failed' for 'write term' (causes that message without any
skipped command messages), and the patch I sent here recently will stop
the error.
But more likely, you're getting more error messages (such as a list of
skipped commands). If you look at the first line of the output of the
'rancid -d gbon', it will be a 'clogin ....' line, if you run that, you
will probably be able to spot what is going wrong.
David.
From hoswfh at gmail.com Tue Jul 3 01:43:21 2007
From: hoswfh at gmail.com (Ho Siew Fah)
Date: Tue, 3 Jul 2007 09:43:21 +0800
Subject: [rancid] Rancid Hung
Message-ID: <35d5fd5e0707021843i1f4f1a3fx78e2f63b98289d2e@mail.gmail.com>
Hi,
I encountered rancid hung after running the following command. I need to
kill the rancid process in order to exit from this process.
When I put this switch in router.db, I received many rancid hung emails from
rancid. Upon checking, I found that the process of this switch hanged which
caused my rancid could not be processed properly. I have to remove a lock
file from /tmp folder and also this switch from router.db in order not to
cause any processing problem for other routers.
I am using expect-5.43.0_3 and rancid-2.3.1_2.
Can anybody advise how to stop this process for being hung? I think this
process should abort if there is any problem instead of hanging there.
Thank you.
[rancid at rcd ~]$ /usr/local/libexec/rancid/xrancid -d sngc3-as2.com
executing clogin -t 90 -c "show version;show memory;show diag;show
switch;show slot;show configuration detail;show configuration" sngc3-as2.com
sngc3-as2.com clogin error: Error: TIMEOUT reached
sngc3-as2.com clogin error: Error: TIMEOUT reached
can not find channel named "exp4"
while executing
"close"
("foreach" body line 117)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
send_user "$router\n"
# Figure out prompt.
# Since autoena..."
(file "/usr/sbin/clogin" line 616)
^Csngc3-as2.com : missed cmd(s): show configuration
detail,show slot,show configuration,show version,show diag,show memory,show
switch
sngc3-as2.com : missed cmd(s): show configuration detail,show slot,show
configuration,show version,show diag,show memory,show switch
sngc3-as2.com: End of run not found
sngc3-as2.com: End of run not found
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070703/f725c584/attachment.html
From tex at off.org Tue Jul 3 07:42:42 2007
From: tex at off.org (Austin Schutz)
Date: Tue, 3 Jul 2007 00:42:42 -0700
Subject: [rancid] Re: Rancid Hung
In-Reply-To: <35d5fd5e0707021843i1f4f1a3fx78e2f63b98289d2e@mail.gmail.com>
References: <35d5fd5e0707021843i1f4f1a3fx78e2f63b98289d2e@mail.gmail.com>
Message-ID: <20070703074242.GC20847@gblx.net>
On Tue, Jul 03, 2007 at 09:43:21AM +0800, Ho Siew Fah wrote:
> Hi,
>
> I encountered rancid hung after running the following command. I need to
> kill the rancid process in order to exit from this process.
> When I put this switch in router.db, I received many rancid hung emails from
> rancid. Upon checking, I found that the process of this switch hanged which
> caused my rancid could not be processed properly. I have to remove a lock
> file from /tmp folder and also this switch from router.db in order not to
> cause any processing problem for other routers.
>
> I am using expect-5.43.0_3 and rancid-2.3.1_2.
>
> Can anybody advise how to stop this process for being hung? I think this
> process should abort if there is any problem instead of hanging there.
>
> Thank you.
>
You are running into the expect bug, and need to patch expect:
http://www.shrubbery.net/rancid/#osystems
Austin
From oha at netic.dk Tue Jul 3 08:09:39 2007
From: oha at netic.dk (Ole Hansen - Netic A/S)
Date: Tue, 03 Jul 2007 10:09:39 +0200
Subject: [rancid] Suppress changes in VLAN-membership
Message-ID: <468A0443.7080505@netic.dk>
Hi,
We are using MAC-based VLANS (vmps) and switch ports often change vlan
membership. This is discovered by rancid, and I am sent a diff..
Is there any way to suppress this VLAN-information? It means that I get
a lot of config diffs every day - and not only the ones that I would
actually want to see..
Thanks in advance,
Ole Hansen
From mstefani at redhat.com Tue Jul 3 09:45:53 2007
From: mstefani at redhat.com (Michael Stefaniuc)
Date: Tue, 03 Jul 2007 11:45:53 +0200
Subject: [rancid] Re: Suppress changes in VLAN-membership
In-Reply-To: <468A0443.7080505@netic.dk>
References: <468A0443.7080505@netic.dk>
Message-ID: <468A1AD1.3000007@redhat.com>
Ole Hansen - Netic A/S wrote:
> We are using MAC-based VLANS (vmps) and switch ports often change vlan
> membership. This is discovered by rancid, and I am sent a diff..
>
> Is there any way to suppress this VLAN-information? It means that I get
> a lot of config diffs every day - and not only the ones that I would
> actually want to see..
Search the archives for "diff". Somebody posted a patch that uses gnu
diff's "--ignore-matching-lines" option.
bye
michael
--
Michael Stefaniuc Tel.: +49-711-96437-199
Sr. Network Engineer Fax.: +49-711-96437-111
Red Hat GmbH Email: mstefani at redhat.com
Hauptstaetterstr. 58 http://www.redhat.de/
D-70178 Stuttgart
From greg3105 at gmail.com Tue Jul 3 08:48:16 2007
From: greg3105 at gmail.com (=?ISO-8859-1?Q?Gr=E9gory_Ruby?=)
Date: Tue, 3 Jul 2007 10:48:16 +0200
Subject: [rancid] upgrade IOS
Message-ID:
Hello!
I would like to post a message:
I would like to upgrade IOS of switch 2950 and i would like to do this with
Rancid.
There is my commands:
copy tftp: flash:
10.X.X.X
c2950ik6ls......
But there is a problem " Timeout Error " in the logs.
Anybody can help me, please.
bye
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070703/45f440f2/attachment.html
From erik at code.de Thu Jul 5 08:11:25 2007
From: erik at code.de (Erik Wenzel)
Date: Thu, 05 Jul 2007 10:11:25 +0200
Subject: [rancid] Re: Suppress changes in VLAN-membership
In-Reply-To: <468A1AD1.3000007@redhat.com>
References: <468A0443.7080505@netic.dk> <468A1AD1.3000007@redhat.com>
Message-ID: <1183623085.15361.5.camel@festa>
On Tue, 2007-07-03 at 11:45 +0200, Michael Stefaniuc wrote:
[...]
> > Is there any way to suppress this VLAN-information? It means that I get
> > a lot of config diffs every day - and not only the ones that I would
> > actually want to see..
> Search the archives for "diff". Somebody posted a patch that uses gnu
> diff's "--ignore-matching-lines" option.
Yes, but that was not working as expected. We ( a buddy and me ) rewrote
that patch. I am preparing a patch for current stable version.
--
Erik Wenzel
From mloveley at plus.net Thu Jul 5 08:35:23 2007
From: mloveley at plus.net (Mark Loveley)
Date: Thu, 5 Jul 2007 09:35:23 +0100
Subject: [rancid] Re: ERX bugs in Rancid?
In-Reply-To: <20070617192423.GO3531@shrubbery.net>
References: <788ce2b40706150711g46f24b35kbd87d7c78b3c7889@mail.gmail.com>
<20070617192423.GO3531@shrubbery.net>
Message-ID:
On 17 Jun 2007, at 20:24, john heasley wrote:
> Fri, Jun 15, 2007 at 04:11:13PM +0200, Neil Orley:
>> Hello,
>>
>> I've just commmented in this line 266 in the clogin file, and now
>> it seems
>> to work fine with the ERX1440 :
>
> Could you provide more information? What is the actually output of
> the
> dir command?
For me the problem is in both the commands "show env all" and "dir".
I have been seeing diffs like this for a long time. The differences
for "show env all" are:-
! power: A ok, B ok
- ! *** srp redundancy: mode is file-system-synchronization
auto-sync
+ ! srp redundancy: mode is file-system-synchronization auto-sync
! enabled, switch-on-error enabled
- ! out of sync (file system)
+ ! in sync
! slots: ok
! power: A ok, B ok
! srp redundancy: mode is file-system-synchronization auto-
sync
! enabled, switch-on-error enabled
- ! in sync
+ ! sync in progress
! slots: ok
! power: A ok, B ok
! srp redundancy: mode is high-availability, state active
! auto-sync enabled, switch-on-error enabled
- ! sync in progress
+ ! in sync
! slots: ok
! online: 0 1 7 11 13
And for "dir" are:-
- !Flash: *** Active/standby file systems are not synchronized. ***
- !Flash: Active System Controller:
+ !Flash: active/standby file systems are synchronized
!Flash:
unshared in
!Flash: file size size date
(GMT) use
!Flash: --------------------- --------- ---------
------------------- ---
!Flash: XXXXXXXXXXXXXXXXXXXXX 296984 296984 09/30/2005
03:55:22 !
@@ -107,9 +106,8 @@
!Flash: XXXXXXXXXXXXXXXXXXXXX 154139239 137984153 07/29/2005
03:21:34 !
!Flash: XXXXXXXXXXXXXXXXXXXXX 154263057 138107971 09/30/2005
03:52:32 !
!Flash: XXXXXXXXXXXXXXXXXXXXX 91388 91388 09/30/2005
03:55:50
!Flash: Capacity = 1025482752, Bytes Free = 660847516, Reserved =
68157440
- !Flash: Standby System Controller file system is currently
unavailable.
- !Flash: *** Active/standby file systems are being synchronized. ***
+ !Flash: Active/standby file systems are synchronized.
!Flash: unshared
!Flash: file size size
date (GMT)
!Flash: ---------------------------- --------- ---------
-------------------
- !Flash: Active/standby file systems are synchronized.
- !Flash:
unshared in
- !Flash: file size size date
(GMT) use
- !Flash: ------------------------ --------- ---------
------------------- ---
- !Flash: disk0:reboot.hty 10624 10624
02/16/2007 04:36:36
- !Flash: disk0:system.log 171 171
02/16/2007 04:26:18
- !Flash: disk0:XXXXXXXXXX.rel 123538358 122344440
01/26/2007 12:45:58
- !Flash: disk0:XXXXXXXXXX.rel 117722882 116528964
02/16/2007 04:02:28 !
- !Flash: standby-disk0:reboot.hty 14144 14144
02/16/2007 04:33:00
- !Flash: standby-disk0:system.log 882 882
01/29/2007 08:18:20
- !Flash: Disk capacity
- !Flash: -------------
- !Flash: Capacity Free Reserved
- !Flash: Device (bytes) (bytes) (bytes)
- !Flash: -------------- ---------- --------- --------
- !Flash: disk0: 1047674880 756345387 68157440
- !Flash: standby-disk0: 1047674880 756218546 68157440
+ !Flash: *** Active/standby file systems are being synchronized. ***
+ !Flash:
unshared in
+ !Flash: file size size date
(GMT) use
+ !Flash: -------------------- --------- ---------
------------------- ---
+ !Flash: disk0:reboot.hty 10624 10624 02/16/2007
04:36:36
+ !Flash: disk0:system.log 171 171 02/16/2007
04:26:18
+ !Flash: disk0:XXXXXXXXXX.rel 123538358 122344440 01/26/2007
12:45:58
+ !Flash: disk0:XXXXXXXXXX.rel 117722882 116528964 02/16/2007
04:02:28 !
+ !Flash: Disk capacity
+ !Flash: -------------
+ !Flash: Capacity Free Reserved
+ !Flash: Device (bytes) (bytes) (bytes)
+ !Flash: ------ ---------- --------- --------
+ !Flash: disk0: 1047674880 756345387 68157440
I have stopped the uninteresting diffs by making chahges to jerancid
as below.
In sub DirSlotN making the following string compare case insensitive
obviously helps. As at some point Juniper changed the case in the
active/standby text.
return(-1) if (/active\/standby/i && /not sync/);
In sub ShowEnv these changes have worked for me, it may not be the
best way of doing this.
sub ShowEnv {
print STDERR " In ShowEnv: $_" if ($debug);
my $autoSyncEna = 0; # assume auto-sync is disabled
while () {
tr/\015//d;
last if (/^$prompt/);
next if (/^(\s*|\s*$cmd\s*)$/);
next if (/^Please wait/i);
return(-1) if (/command authorization failed/i);
# is autoSync enabled?
$autoSyncEna =1 if (/enabled, switch-on-error
enabled/); # fileSync mode (text has wrapped)
$autoSyncEna =1 if (/auto-sync
enabled/); # HA mode
# fail if the RP is amid the auto-sync process
return(-1) if (($autoSyncEna == 1) && (/out of sync \(file
system\)/)); # fileSync mode
return(-1) if (($autoSyncEna == 1) && (/sync in
progress/)); # HA mode
# return(-1) if (/auto-sync enabled/ && !/in sync/);
The last line in the above output is commented as it is not valid on
my ERX's as "in sync" and "auto-sync enabled" appear on multiple
lines or split across multiple lines (you can see that in the above
diff's).
These changes appear to have stopped the uninteresting diffs for me.
HTH
Mark
--
| Mark Loveley Broadband Solutions for
| Network Engineer home and business
| PlusNet PLC @www.plus.net
| Registered Office: Internet House, 2 Tenter Street, Sheffield, S1 4BY
| Registered in England no: 3279013
+ ------------ PlusNet - The smarter way to broadband ----------------+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/3cce7008/attachment.html
From mstefani at redhat.com Thu Jul 5 09:07:41 2007
From: mstefani at redhat.com (Michael Stefaniuc)
Date: Thu, 05 Jul 2007 11:07:41 +0200
Subject: [rancid] Re: Suppress changes in VLAN-membership
In-Reply-To: <1183623085.15361.5.camel@festa>
References: <468A0443.7080505@netic.dk> <468A1AD1.3000007@redhat.com>
<1183623085.15361.5.camel@festa>
Message-ID: <468CB4DD.6040606@redhat.com>
Erik Wenzel wrote:
> On Tue, 2007-07-03 at 11:45 +0200, Michael Stefaniuc wrote:
> [...]
>>> Is there any way to suppress this VLAN-information? It means that I get
>>> a lot of config diffs every day - and not only the ones that I would
>>> actually want to see..
>> Search the archives for "diff". Somebody posted a patch that uses gnu
>> diff's "--ignore-matching-lines" option.
> Yes, but that was not working as expected. We ( a buddy and me ) rewrote
> that patch. I am preparing a patch for current stable version.
Would you mind posting it to this email list when done? I guess there
are a couple of people interested.
thanks
bye
michael
--
Michael Stefaniuc Tel.: +49-711-96437-199
Sr. Network Engineer Fax.: +49-711-96437-111
Red Hat GmbH Email: mstefani at redhat.com
Hauptstaetterstr. 58 http://www.redhat.de/
D-70178 Stuttgart
From Todd at equivoice.com Thu Jul 5 20:23:47 2007
From: Todd at equivoice.com (Todd Heide)
Date: Thu, 5 Jul 2007 15:23:47 -0500
Subject: [rancid] Viewvc problem, Might just be me playing dumb
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F6EF@exchange.Equivoice.local>
I bought a new server to do my network management on as the current one
tends to stop working and has to be power cycled. The problem is I have
no easy way of just moving everything as I am using a newer version of
Fedora than what I am running now due to the server requirements. I am
loading FC6 x64, first, is this an issue? I did get Rancid to work, that
is not a problem, it pulls the configs and is working flawlessly, the
problem I have is when I moved the website over, which has other issues
with ISPConfig, may or may not be related, I get the first page for
viewvc showing the repository Rancid, but when I click Rancid I get
errors stating the database isn't there or something, I blew it away, so
I don't have the exact error now. I used to have the CVS stuff someone
sent me a while back, but the link is page not found now. Does someone
have a viewvc howto for Rancid? It might be CVS related, in fact I am
quite certain it is. I don't think Viewvc can find the CVSROOT in
/usr/local/rancid/var/CVS.
I am currently rebuilding the server as I did mess something up with
ISPConfig as none of the PHP files are working.
Thanks
Todd Heide
CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS
Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/a8e265bb/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1450 bytes
Desc: image001.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/a8e265bb/attachment.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1443 bytes
Desc: image002.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/a8e265bb/attachment-0001.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1311 bytes
Desc: image003.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070705/a8e265bb/attachment-0002.jpe
From Todd at equivoice.com Mon Jul 9 13:36:55 2007
From: Todd at equivoice.com (Todd Heide)
Date: Mon, 9 Jul 2007 08:36:55 -0500
Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb
In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F6EF@exchange.Equivoice.local>
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F7F0@exchange.Equivoice.local>
OK I fixed the PHP issues, now I need some guidance on viewvc.
An Exception Has Occurred
Rancid not found!
The wrong path for this repository was configured, or the server on
which the CVS tree lives may be down. Please try again in a few minutes.
Python Traceback
Traceback (most recent call last):
File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 3665, in main
request.run_viewvc()
File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 234, in run_viewvc
raise debug.ViewVCException(
ViewVCException: ViewVC Unrecoverable Error: Rancid not found!
The wrong path for this repository was configured, or the server on
which the CVS tree lives may be down. Please try again in a few minutes.
This is after I click on the Rancid link.
Here is what I have in viewvc conf.
cvs_roots = Rancid: /usr/local/rancid/var/CVS
Nothing has changed between the servers, the layout is the same. I think
I have something in CVS not setup right, but for the life of me cant
remember what I did to get it working the first time.
Thanks
CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS
Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean
________________________________
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide
Sent: Thursday, July 05, 2007 3:24 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Viewvc problem, Might just be me playing dumb
I bought a new server to do my network management on as the current one
tends to stop working and has to be power cycled. The problem is I have
no easy way of just moving everything as I am using a newer version of
Fedora than what I am running now due to the server requirements. I am
loading FC6 x64, first, is this an issue? I did get Rancid to work, that
is not a problem, it pulls the configs and is working flawlessly, the
problem I have is when I moved the website over, which has other issues
with ISPConfig, may or may not be related, I get the first page for
viewvc showing the repository Rancid, but when I click Rancid I get
errors stating the database isn't there or something, I blew it away, so
I don't have the exact error now. I used to have the CVS stuff someone
sent me a while back, but the link is page not found now. Does someone
have a viewvc howto for Rancid? It might be CVS related, in fact I am
quite certain it is. I don't think Viewvc can find the CVSROOT in
/usr/local/rancid/var/CVS.
I am currently rebuilding the server as I did mess something up with
ISPConfig as none of the PHP files are working.
Thanks
Todd Heide
CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS
Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1450 bytes
Desc: image001.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1443 bytes
Desc: image002.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0001.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1311 bytes
Desc: image003.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0002.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1450 bytes
Desc: image004.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0003.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1443 bytes
Desc: image005.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0004.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1311 bytes
Desc: image006.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/5291dc71/attachment-0005.jpe
From erik at code.de Mon Jul 9 15:25:42 2007
From: erik at code.de (Erik Wenzel)
Date: Mon, 09 Jul 2007 17:25:42 +0200
Subject: [rancid] Re: Suppress changes in VLAN-membership
In-Reply-To: <468CB4DD.6040606@redhat.com>
References: <468A0443.7080505@netic.dk> <468A1AD1.3000007@redhat.com>
<1183623085.15361.5.camel@festa> <468CB4DD.6040606@redhat.com>
Message-ID: <1183994743.10575.18.camel@hendrix>
Am Donnerstag, den 05.07.2007, 11:07 +0200 schrieb Michael Stefaniuc:
> Erik Wenzel wrote:
> > On Tue, 2007-07-03 at 11:45 +0200, Michael Stefaniuc wrote:
> > [...]
> >>> Is there any way to suppress this VLAN-information? It means that I get
> >>> a lot of config diffs every day - and not only the ones that I would
> >>> actually want to see..
> >> Search the archives for "diff". Somebody posted a patch that uses gnu
> >> diff's "--ignore-matching-lines" option.
> > Yes, but that was not working as expected. We ( a buddy and me ) rewrote
> > that patch. I am preparing a patch for current stable version.
> Would you mind posting it to this email list when done? I guess there
> are a couple of people interested.
The patch is available
http://gpl.code.de/rancid/diff-suppress-2.3.1-7.patch . Thanks to Chris
Seitz, who fixed the code. It is tested with gnu diff, only.
From Todd at equivoice.com Mon Jul 9 16:33:10 2007
From: Todd at equivoice.com (Todd Heide)
Date: Mon, 9 Jul 2007 11:33:10 -0500
Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb
In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F7F0@exchange.Equivoice.local>
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F836@exchange.Equivoice.local>
Figured it out, DOH, Need to make sure the rancid directory has the
proper access, otherwise, it cant see it.
Thanks
Todd Heide
Equivoice Inc.
CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS
847-235-3308
Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean
________________________________
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide
Sent: Monday, July 09, 2007 8:37 AM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb
OK I fixed the PHP issues, now I need some guidance on viewvc.
An Exception Has Occurred
Rancid not found!
The wrong path for this repository was configured, or the server on
which the CVS tree lives may be down. Please try again in a few minutes.
Python Traceback
Traceback (most recent call last):
File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 3665, in main
request.run_viewvc()
File "/usr/local/viewvc-1.0.4/lib/viewvc.py", line 234, in run_viewvc
raise debug.ViewVCException(
ViewVCException: ViewVC Unrecoverable Error: Rancid not found!
The wrong path for this repository was configured, or the server on
which the CVS tree lives may be down. Please try again in a few minutes.
This is after I click on the Rancid link.
Here is what I have in viewvc conf.
cvs_roots = Rancid: /usr/local/rancid/var/CVS
Nothing has changed between the servers, the layout is the same. I think
I have something in CVS not setup right, but for the life of me cant
remember what I did to get it working the first time.
Thanks
CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS
Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean
________________________________
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide
Sent: Thursday, July 05, 2007 3:24 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Viewvc problem, Might just be me playing dumb
I bought a new server to do my network management on as the current one
tends to stop working and has to be power cycled. The problem is I have
no easy way of just moving everything as I am using a newer version of
Fedora than what I am running now due to the server requirements. I am
loading FC6 x64, first, is this an issue? I did get Rancid to work, that
is not a problem, it pulls the configs and is working flawlessly, the
problem I have is when I moved the website over, which has other issues
with ISPConfig, may or may not be related, I get the first page for
viewvc showing the repository Rancid, but when I click Rancid I get
errors stating the database isn't there or something, I blew it away, so
I don't have the exact error now. I used to have the CVS stuff someone
sent me a while back, but the link is page not found now. Does someone
have a viewvc howto for Rancid? It might be CVS related, in fact I am
quite certain it is. I don't think Viewvc can find the CVSROOT in
/usr/local/rancid/var/CVS.
I am currently rebuilding the server as I did mess something up with
ISPConfig as none of the PHP files are working.
Thanks
Todd Heide
CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS
Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1450 bytes
Desc: image001.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1443 bytes
Desc: image002.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0001.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1311 bytes
Desc: image003.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0002.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1450 bytes
Desc: image004.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0003.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1443 bytes
Desc: image005.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0004.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1311 bytes
Desc: image006.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/d9a0e4e6/attachment-0005.jpe
From mnoriega at amnetcorp.com Mon Jul 9 16:56:59 2007
From: mnoriega at amnetcorp.com (Manuel Noriega)
Date: Mon, 9 Jul 2007 10:56:59 -0600
Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb
In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F836@exchange.Equivoice.local>
References: <082FEA82DC985B4F8A6B412D5AC4E22076F836@exchange.Equivoice.local>
Message-ID: <88535012-DF29-46A3-9B8B-7EECE090B060@amnetcorp.com>
Todd:
I'm having a similar issue. I'm moving rancid from a Mandrake server
to a Fedora Core 7 server. I've got rancid working fine, but before I
was using cvsweb. Now I want to use viewvc on the new server but I
guess I have the same permission problem. What permissions should I
check and on what directory?
When I open on the browser vewvc.cgi I don't get any page and only
see the following in apache's log:
[Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] Traceback
(most recent call last):
[Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] File "/
var/www/cgi-bin/viewvc.cgi", line 60, in
[Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] cfg =
viewvc.load_config(CONF_PATHNAME, server)
[Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] File "/
usr/local/viewvc-1.0.4/lib/viewvc.py", line 3615, in load_config
[Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] "a
valid directory." % pp)
[Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101]
debug.ViewVCException: ViewVC Unrecoverable Error: The path '/usr/
local/rancid/var/CVS' in 'root_parents' does not refer to a valid
directory.
[Mon Jul 09 10:51:16 2007] [error] [client 192.168.60.101] Premature
end of script headers: viewvc.cgi
I've got the following in viewvc.conf
cvs_roots = cvs: /usr/local/rancid/var/CVS
root_parents = /usr/local/rancid/var/CVS : cvs
But It's the first time I use viewvc.
Thanks,
Manuel Noriega
ISP Engineer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AmnetDatos-Little.jpg
Type: image/jpeg
Size: 12703 bytes
Desc: not available
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070709/df97b2ac/attachment.jpg
-------------- next part --------------
13 CALLE 3-40, ZONA 10
15 NIVEL, OFICINA 15-01
GUATEMALA CITY, C.A.
www.amnetdatos.com
On Jul 9, 2007, at 10:33 AM, Todd Heide wrote:
> Figured it out, DOH, Need to make sure the rancid directory has the
> proper access, otherwise, it cant see it.
>
>
>
> Thanks
>
> Todd Heide
>
> Equivoice Inc.
>
>
>
>
>
>
>
> CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS
>
> 847-235-3308
>
>
>
> Nothing ever goes as planned, Its a hell of a notion,
>
> Even pharaohs turn to sand, Like a drop in the ocean
>
> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-
> bounces at shrubbery.net] On Behalf Of Todd Heide
> Sent: Monday, July 09, 2007 8:37 AM
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: Viewvc problem, Might just be me playing dumb
>
>
>
> OK I fixed the PHP issues, now I need some guidance on viewvc.
>
>
>
> An Exception Has Occurred Rancid not found!The wrong path for this
> repository was configured, or the server on which the CVS tree
> lives may be down. Please try again in a few minutes. Python
> Traceback Traceback (most recent call last): File "/usr/local/
> viewvc-1.0.4/lib/viewvc.py", line 3665, in main
> request.run_viewvc() File "/usr/local/viewvc-1.0.4/lib/viewvc.py",
> line 234, in run_viewvc raise debug.ViewVCException
> (ViewVCException: ViewVC Unrecoverable Error: Rancid not found!The
> wrong path for this repository was configured, or the server on
> which the CVS tree lives may be down. Please try again in a few
> minutes.
> This is after I click on the Rancid link.
>
>
>
> Here is what I have in viewvc conf.
>
>
>
> cvs_roots = Rancid: /usr/local/rancid/var/CVS
>
>
>
> Nothing has changed between the servers, the layout is the same. I
> think I have something in CVS not setup right, but for the life of
> me cant remember what I did to get it working the first time.
>
>
>
> Thanks
>
>
>
>
>
>
>
> CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS
>
>
>
> Nothing ever goes as planned, Its a hell of a notion,
>
> Even pharaohs turn to sand, Like a drop in the ocean
>
> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-
> bounces at shrubbery.net] On Behalf Of Todd Heide
> Sent: Thursday, July 05, 2007 3:24 PM
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] Viewvc problem, Might just be me playing dumb
>
>
>
> I bought a new server to do my network management on as the current
> one tends to stop working and has to be power cycled. The problem
> is I have no easy way of just moving everything as I am using a
> newer version of Fedora than what I am running now due to the
> server requirements. I am loading FC6 x64, first, is this an issue?
> I did get Rancid to work, that is not a problem, it pulls the
> configs and is working flawlessly, the problem I have is when I
> moved the website over, which has other issues with ISPConfig, may
> or may not be related, I get the first page for viewvc showing the
> repository Rancid, but when I click Rancid I get errors stating the
> database isn?t there or something, I blew it away, so I don?t have
> the exact error now. I used to have the CVS stuff someone sent me a
> while back, but the link is page not found now. Does someone have a
> viewvc howto for Rancid? It might be CVS related, in fact I am
> quite certain it is. I don?t think Viewvc can find the CVSROOT in /
> usr/local/rancid/var/CVS.
>
>
>
> I am currently rebuilding the server as I did mess something up
> with ISPConfig as none of the PHP files are working.
>
>
>
>
>
>
>
> Thanks
>
> Todd Heide
>
>
>
>
>
>
>
> CCNA CCDA CS-CAWLANFS CQS-CWLSS CS-CISecS
>
>
>
> Nothing ever goes as planned, Its a hell of a notion,
>
> Even pharaohs turn to sand, Like a drop in the ocean
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From aevans at kineto.com Tue Jul 10 00:31:05 2007
From: aevans at kineto.com (Alan Evans)
Date: Mon, 9 Jul 2007 17:31:05 -0700
Subject: [rancid] Newbie question: I get an email every hour even when
nothing has changed.
Message-ID:
Hello group,
I just installed rancid today and I think I've done something wrong but
can't figure out what.
I get an email every hour even though nothing has changed. Below is a
snipet from the email.
It looks to me like the output from "dir /all nvram:" keeps changing
every time rancid-run executes.
Sometimes the prefix is "!Flash: nvram:" and sometimes the prefix is
"!Flash: :".
Anyone have any clues of what I've done wrong?
Thanks in advance
AlanE
retrieving revision 1.7
diff -u -4 -r1.7 10.10.26.62
@@ -28,52 +28,52 @@
!Variable: BOOT variable =
bootdisk:s72033-ipservices_wan-mz.122-18.SXF4.bin,1;
!Variable: CONFIG_FILE variable does not exist
!Variable: BOOTLDR variable =
!
- !Flash: nvram: Directory of nvram:/
- !Flash: nvram: 1918 -rw- 30609
startup-config
- !Flash: nvram: 1919 ---- 5
private-config
- !Flash: nvram: 1920 -rw- 30609
underlying-config
- !Flash: nvram: 1 ---- 4
rf_cold_starts
- !Flash: nvram: 2 ---- 49
persistent-data
- !Flash: nvram: 3 -rw- 0
ifIndex-table
- !Flash: nvram: 1964024 bytes total (1930286 bytes free)
+ !Flash: : Directory of nvram:/
+ !Flash: : 1918 -rw- 30609
startup-config
+ !Flash: : 1919 ---- 5
private-config
+ !Flash: : 1920 -rw- 30609
underlying-config
+ !Flash: : 1 ---- 4
rf_cold_starts
+ !Flash: : 2 ---- 49
persistent-data
+ !Flash: : 3 -rw- 0
ifIndex-table
+ !Flash: : 1964024 bytes total (1930286 bytes free)
!
From cterpreau at gmail.com Tue Jul 10 09:18:31 2007
From: cterpreau at gmail.com (Christophe Terpreau)
Date: Tue, 10 Jul 2007 11:18:31 +0200
Subject: [rancid] Get config from some rancid server to one cvsweb
Message-ID: <8f7786aa0707100218x4e4e9e30gfef4a10f34555381@mail.gmail.com>
Hello,
i would like to backup some cisco devices from 3 rancid server but be
able to put all config in only one cvsweb server.
How can i do that ??
Many thx for your help.
Regards.
From david at infotrek.co.uk Tue Jul 10 13:12:44 2007
From: david at infotrek.co.uk (David Croft)
Date: Tue, 10 Jul 2007 14:12:44 +0100
Subject: [rancid] Re: Get config from some rancid server to one cvsweb
In-Reply-To: <8f7786aa0707100218x4e4e9e30gfef4a10f34555381@mail.gmail.com>
References: <8f7786aa0707100218x4e4e9e30gfef4a10f34555381@mail.gmail.com>
Message-ID:
I did this by NFS mounting the rancid/var/CVS/ directory though you
could also do it with rsync etc.
Then modify @CVSrepositories in cvsweb.conf to point to each repository.
David
On 10/07/07, Christophe Terpreau wrote:
> Hello,
>
> i would like to backup some cisco devices from 3 rancid server but be
> able to put all config in only one cvsweb server.
>
> How can i do that ??
>
> Many thx for your help.
> Regards.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
From david+rancid at luyer.net Tue Jul 10 15:28:01 2007
From: david+rancid at luyer.net (David Luyer)
Date: Tue, 10 Jul 2007 08:28:01 -0700 (PDT)
Subject: [rancid] Re: Get config from some rancid server to one cvsweb
In-Reply-To:
References: <8f7786aa0707100218x4e4e9e30gfef4a10f34555381@mail.gmail.com>
Message-ID: <54120.208.201.244.10.1184081281.squirrel@www.luyer.net>
Or you could just use CVS via pserver or ssh like it's designed to be?
David.
> I did this by NFS mounting the rancid/var/CVS/ directory though you
> could also do it with rsync etc.
>
> Then modify @CVSrepositories in cvsweb.conf to point to each repository.
>
> David
>
> On 10/07/07, Christophe Terpreau wrote:
>> Hello,
>>
>> i would like to backup some cisco devices from 3 rancid server but be
>> able to put all config in only one cvsweb server.
>>
>> How can i do that ??
>>
>> Many thx for your help.
>> Regards.
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
From hoswfh at gmail.com Wed Jul 11 01:13:38 2007
From: hoswfh at gmail.com (Ho Siew Fah)
Date: Wed, 11 Jul 2007 09:13:38 +0800
Subject: [rancid] RcsDiff Problem With Juniper Router
Message-ID: <35d5fd5e0707101813j32381acfs74d83cdf4f557995@mail.gmail.com>
Hello group,
Sometimes, the diff command shows the following "show chassis environment"
from my juniper router even after I had changed my interface configuration
in this router. I expect the diff command shows the changes I have made to
the interface, but instead it just show the difference in the environment. I
have to execute rancid-run again in order to get the configuration change I
have made.
Can anyone tell me how to solve this problem without running the rancid-run
command again?
Also, is there a way to change the time setting in the ouput of the rcsdiff?
I have adeded the command TZ=SGT and export TZ in the rancid.conf file, but
it seems that is not working.
Thank you.
RCS file: /usr/local/var/rancid/CVS/ix/configs/sbt-cr2.ix.sing.com,v
retrieving revision 1.121
retrieving revision 1.122
diff -c -r1.121 -r1.122
*** sbt-cr2.ix.singtel.com 2007/06/30 16:11:40 1.121
--- sbt-cr2.ix.singtel.com 2007/06/30 21:39:24 1.122
***************
*** 2,8 ****
#
# sbt-cr2-re1> show chassis clocks
# Clock State Measured frequency
! # PCG 0 Online - Master clock 124.95 MHz
# PCG 1 Online - Standby 124.96 MHz
#
# sbt-cr2-re1> show chassis environment
--- 2,8 ----
#
# sbt-re1> show chassis clocks
# Clock State Measured frequency
! # PCG 0 Online - Master clock 124.96 MHz
# PCG 1 Online - Standby 124.96 MHz
#
# sbt-cr2-re1> show chassis environment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070711/f17c57ce/attachment.html
From hoswfh at gmail.com Wed Jul 11 02:15:28 2007
From: hoswfh at gmail.com (Ho Siew Fah)
Date: Wed, 11 Jul 2007 10:15:28 +0800
Subject: [rancid] RcsDiff Problem With Juniper Router
Message-ID: <35d5fd5e0707101915x35dfbe4di118b56e49a106440@mail.gmail.com>
Hello group,
Sometimes, the diff command shows the following "show chassis environment"
from my juniper router even after I had changed my interface configuration
in this router. I expect the diff command shows the changes I had made to
the interface, but instead it just show the difference in the environment. I
have to execute rancid-run again in order to get the configuration change I
have made.
Can anyone tell me how to solve this problem without running the rancid-run
command again?
Also, is there a way to change the time setting in the ouput of the rcsdiff?
I have adeded the command TZ=SGT and export TZ in the rancid.conf file, but
it seems that is not working.
Thank you.
RCS file: /usr/local/var/rancid/CVS/ix/configs/sbt-cr2.ix.sing.com,v
retrieving revision 1.121
retrieving revision 1.122
diff -c -r1.121 -r1.122
*** sbt-cr2.ix.singtel.com 2007/06/30 16:11:40 1.121
--- sbt-cr2.ix.singtel.com 2007/06/30 21:39:24 1.122
***************
*** 2,8 ****
#
# sbt-cr2-re1> show chassis clocks
# Clock State Measured frequency
! # PCG 0 Online - Master clock 124.95 MHz
# PCG 1 Online - Standby 124.96 MHz
#
# sbt-cr2-re1> show chassis environment
--- 2,8 ----
#
# sbt-re1> show chassis clocks
# Clock State Measured frequency
! # PCG 0 Online - Master clock 124.96 MHz
# PCG 1 Online - Standby 124.96 MHz
#
# sbt-cr2-re1> show chassis environment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070711/6fd3dc95/attachment.html
From aevans at kineto.com Fri Jul 13 00:56:18 2007
From: aevans at kineto.com (Alan Evans)
Date: Thu, 12 Jul 2007 17:56:18 -0700
Subject: [rancid] Re: Newbie question: I get an email every hour even when
nothing has changed.
In-Reply-To:
Message-ID:
Quick update on my problem.
My initial thoughts were wrong. The problem was that I got different
results when rancid was run from a cronjob and when it was run from the
command line.
Cron looked like this:
!Flash: nvram: 1920 -rw- 30609 underlying-config
Command line looked like this:
!Flash: : 1920 -rw- 30609 underlying-config
Notice the missing "nvram" when run from the command line.
I managed to figure out that if I changed the $dev regex in rancid
script (line#1898)
From:
my($dev) = (/\s([^\s]+):/);
To:
my($dev) = /\S+\s+(\S+):/;
Then the nvram appears in both cron and command line outputs.
I have no explanation why, but it works for me.
Cheers
AlanE
From smunzani at comcast.net Fri Jul 13 19:45:29 2007
From: smunzani at comcast.net (Sam Munzani)
Date: Fri, 13 Jul 2007 14:45:29 -0500
Subject: [rancid] F5 load balancer support
Message-ID: <4697D659.7050006@comcast.net>
Hi,
Did anybody happened to hack one of Cisco scripts to support BigIP F5
boxes? It should be pretty simple. All I want to do is login and type "b
list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied clogin
to f5login, copied rancid to f5rancid and added following to rancid-fe.
elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if somebody
like to see them.
Thanks,
Sam
From rancid at gheek.net Fri Jul 13 20:28:08 2007
From: rancid at gheek.net (Lance)
Date: Fri, 13 Jul 2007 13:28:08 -0700
Subject: [rancid] Re: F5 load balancer support
Message-ID: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net>
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance
> -------- Original Message --------
> Subject: [rancid] F5 load balancer support
> From: Sam Munzani
> Date: Fri, July 13, 2007 12:45 pm
> To: rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to hack one of Cisco scripts to support BigIP F5
> boxes? It should be pretty simple. All I want to do is login and type "b
> list" which is equivalent of "show run" on cisco.
>
> However for some reason things not working. All I did was copied clogin
> to f5login, copied rancid to f5rancid and added following to rancid-fe.
> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
>
> Then modified f5 rancid file and kept only one command in list of
> commands "b list".
>
> For some reason its not working. I can post my configs here if somebody
> like to see them.
>
> Thanks,
> Sam
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From smunzani at comcast.net Fri Jul 13 21:30:32 2007
From: smunzani at comcast.net (Sam Munzani)
Date: Fri, 13 Jul 2007 16:30:32 -0500
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net>
References: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net>
Message-ID: <4697EEF8.5090909@comcast.net>
Lance,
F5 login works fine with a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Password:
Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
root
[root at test-f5-01:Active] config # root
-bash: root: command not found
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #
I don't know how to debug otherwise I would turn on debug too. If you
can provide some hints on debug, I would appreciate it.
Thanks,
Sam
> What error(s) do you get when you try to run your f5rancid?
>
> Where does it fail if you debug your f5login?
>
>
> -lance
>
>
>> -------- Original Message --------
>> Subject: [rancid] F5 load balancer support
>> From: Sam Munzani
>> Date: Fri, July 13, 2007 12:45 pm
>> To: rancid-discuss at shrubbery.net
>>
>> Hi,
>>
>> Did anybody happened to hack one of Cisco scripts to support BigIP F5
>> boxes? It should be pretty simple. All I want to do is login and type "b
>> list" which is equivalent of "show run" on cisco.
>>
>> However for some reason things not working. All I did was copied clogin
>> to f5login, copied rancid to f5rancid and added following to rancid-fe.
>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
>>
>> Then modified f5 rancid file and kept only one command in list of
>> commands "b list".
>>
>> For some reason its not working. I can post my configs here if somebody
>> like to see them.
>>
>> Thanks,
>> Sam
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070713/b8496639/attachment.html
From smunzani at comcast.net Fri Jul 13 21:43:24 2007
From: smunzani at comcast.net (Sam Munzani)
Date: Fri, 13 Jul 2007 16:43:24 -0500
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net>
References: <20070713132808.8e114e4890519e5179c192e02d6bca26.0a49157a0e.wbe@email.secureserver.net>
Message-ID: <4697F1FC.5030407@comcast.net>
Lance,
I edited f5login file and added "-d" on expect line. Below is what I see
in debug.
clear[5Df5login test-f5-01
expect version 5.43.0
argv[0] = /usr/local/bin/expect argv[1] = -d argv[2] =
/opt/rancid/bin/f5login argv[3] = test-f5-01
set argc 1
set argv0 "/opt/rancid/bin/f5login"
set argv "test-f5-01"
executing commands from command file /opt/rancid/bin/f5login
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
using master pty /dev/ptyp2
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {30412}
expect: does "" (spawn_id exp4) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does "" (spawn_id exp4) match glob pattern "unknown host\r"? no
expect: does "" (spawn_id exp4) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue."? no
"Enter Selection: "? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
Password:
expect: does "Password: " (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does "Password: " (spawn_id exp4) match glob pattern "unknown
host\r"? no
expect: does "Password: " (spawn_id exp4) match glob pattern "Host is
unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue."? no
"Enter Selection: "? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name):"? no
"([Pp]assword|passwd):"? yes
expect: set expect_out(0,string) "Password:"
expect: set expect_out(1,string) "Password"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) "Password:"
send: sending "***********\r" to { exp4 }
expect: continuing expect
expect: does " " (spawn_id exp4) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does " " (spawn_id exp4) match glob pattern "unknown host\r"? no
expect: does " " (spawn_id exp4) match glob pattern "Host is
unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue."? no
"Enter Selection: "? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
expect: does " \r\n" (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does " \r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no
expect: does " \r\n" (spawn_id exp4) match glob pattern "Host is
unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue."? no
"Enter Selection: "? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
Last login: Fri Jul 13 14:38:03 2007 from 172.24.100.12
expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n" (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no
expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "Host is
unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue."? no
"Enter Selection: "? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n"
(spawn_id exp4) match regular expression "(Connection refused|Secure
connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n"
(spawn_id exp4) match glob pattern "unknown host\r"? no
expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n"
(spawn_id exp4) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue."? no
"Enter Selection: "? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
[root at test-f5-01:Active] config #
expect: does " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[root at test-f5-01:Active] config # " (spawn_id exp4)
match regular expression "(Connection refused|Secure connection [^\n\r]+
refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[root at test-f5-01:Active] config # " (spawn_id exp4)
match glob pattern "unknown host\r"? no
expect: does " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[root at test-f5-01:Active] config # " (spawn_id exp4)
match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue."? no
"Enter Selection: "? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? yes
expect: set expect_out(0,string) "#"
expect: set expect_out(1,string) "#"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[root at test-f5-01:Active] config #"
send: sending "\r" to { exp4 }
expect: does " " (spawn_id exp4) match regular expression "[\r\n]+"? no
"^(.+:)1 (#| \(enable\))"? no
"^.+(#| \(enable\))"? no
"^.+> \(enable\)"? no
ro
expect: does " ro" (spawn_id exp4) match regular expression "[\r\n]+"? no
"^(.+:)1 (#| \(enable\))"? no
"^.+(#| \(enable\))"? no
"^.+> \(enable\)"? no
ot
-bash: root: command not found
[root at test-f5-01:Active] config #
expect: does " root\r\n-bash: root: command not
found\r\n[root at test-f5-01:Active] config # " (spawn_id exp4) match
regular expression "[\r\n]+"? yes
expect: set expect_out(0,string) "\r\n"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " root\r\n"
expect: continuing expect
expect: does "-bash: root: command not found\r\n[root at test-f5-01:Active]
config # " (spawn_id exp4) match regular expression "[\r\n]+"? yes
expect: set expect_out(0,string) "\r\n"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) "-bash: root: command not found\r\n"
expect: continuing expect
expect: does "[root at test-f5-01:Active] config # " (spawn_id exp4) match
regular expression "[\r\n]+"? no
"^(.+:)1 (#| \(enable\))"? no
"^.+(#| \(enable\))"? yes
expect: set expect_out(0,string) "[root at test-f5-01:Active] config #"
expect: set expect_out(1,string) "#"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) "[root at test-f5-01:Active] config #"
tty_raw_noecho: was raw = 0 echo = 1
spawn id exp4 sent <\r\n>
spawn id exp4 sent <[root at test-f5-01:Active] config # >
[root at test-f5-01:Active] config # spawn id exp0 sent <\r>
spawn id exp4 sent <\r\n>
spawn id exp4 sent <[root at test-f5-01:Active] config # >
[root at test-f5-01:Active] config # spawn id exp0 sent
spawn id exp4 sent
espawn id exp0 sent
spawn id exp4 sent
xspawn id exp0 sent
spawn id exp4 sent
ispawn id exp0 sent
spawn id exp4 sent
tspawn id exp0 sent <\r>
spawn id exp4 sent <\r\nlogout\r\n>
logout
spawn id exp4 sent <\u001b[H\u001b[J>
[H[Jspawn id exp4 sent
Connection to test-f5-01 closed.
interact: received eof from spawn_id exp4
tty_set: raw = 0, echo = 1
tty_set: raw = 3, echo = 0
$
$
> What error(s) do you get when you try to run your f5rancid?
>
> Where does it fail if you debug your f5login?
>
>
> -lance
>
>
>> -------- Original Message --------
>> Subject: [rancid] F5 load balancer support
>> From: Sam Munzani
>> Date: Fri, July 13, 2007 12:45 pm
>> To: rancid-discuss at shrubbery.net
>>
>> Hi,
>>
>> Did anybody happened to hack one of Cisco scripts to support BigIP F5
>> boxes? It should be pretty simple. All I want to do is login and type "b
>> list" which is equivalent of "show run" on cisco.
>>
>> However for some reason things not working. All I did was copied clogin
>> to f5login, copied rancid to f5rancid and added following to rancid-fe.
>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
>>
>> Then modified f5 rancid file and kept only one command in list of
>> commands "b list".
>>
>> For some reason its not working. I can post my configs here if somebody
>> like to see them.
>>
>> Thanks,
>> Sam
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070713/b49e1dc7/attachment.html
From rancid at gheek.net Sat Jul 14 19:11:23 2007
From: rancid at gheek.net (Lance)
Date: Sat, 14 Jul 2007 12:11:23 -0700
Subject: [rancid] Re: F5 load balancer support
Message-ID: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net>
Sam,
Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login. but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance
> -------- Original Message --------
> Subject: Re: [rancid] F5 load balancer support
> From: Sam Munzani
> Date: Fri, July 13, 2007 2:30 pm
> To: Lance
> Cc: rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l root test-f5-01
> Password:
> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> root
> [root at test-f5-01:Active] config # root
> -bash: root: command not found
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
>
> I don't know how to debug otherwise I would turn on debug too. If you
> can provide some hints on debug, I would appreciate it.
>
> Thanks,
> Sam
> > What error(s) do you get when you try to run your f5rancid?
> >
> > Where does it fail if you debug your f5login?
> >
> >
> > -lance
> >
> >
> >> -------- Original Message --------
> >> Subject: [rancid] F5 load balancer support
> >> From: Sam Munzani
> >> Date: Fri, July 13, 2007 12:45 pm
> >> To: rancid-discuss at shrubbery.net
> >>
> >> Hi,
> >>
> >> Did anybody happened to hack one of Cisco scripts to support BigIP F5
> >> boxes? It should be pretty simple. All I want to do is login and
> type "b
> >> list" which is equivalent of "show run" on cisco.
> >>
> >> However for some reason things not working. All I did was copied
> clogin
> >> to f5login, copied rancid to f5rancid and added following to
> rancid-fe.
> >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
> >>
> >> Then modified f5 rancid file and kept only one command in list of
> >> commands "b list".
> >>
> >> For some reason its not working. I can post my configs here if
> somebody
> >> like to see them.
> >>
> >> Thanks,
> >> Sam
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>
> >
> >
> >
From david at infotrek.co.uk Sun Jul 15 12:43:01 2007
From: david at infotrek.co.uk (David Croft)
Date: Sun, 15 Jul 2007 14:43:01 +0200
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net>
References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net>
Message-ID:
Thanks for this tip, turns out that this is also the reason the
username gets entered at a prompt on the cisco IPS devices. Since it's
using SSH and therefore doesn't need a username prompt, solution was
to simply add in .cloginrc:
add userprompt ids* bldshgalsjd (<- something that won't get sent during login)
Regards,
David
On 14/07/07, Lance wrote:
> Sam,
>
> Have you tried using telnet to login, if the f5 has it enabled.
> You may also want to set auto enable in your .cloginrc for this device
> as it looks to clogin as you are already in a cisco equivalent equal to
> enable since your prompt has a # sign in it.
>
> Looking at your next email along with this one it looks like you are
> already in a cisco equivalent of enable after you login. f5login seems
> to be sending your username of root as a command after you get connected
> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> 172.24.100.12" and it matches on the word "Login". See below.
>
> "(Username|Login|login|user name):"? yes
>
> expect: set expect_out(0,string) "login:"
>
> expect: set expect_out(1,string) "login"
>
> expect: set expect_out(spawn_id) "exp4"
>
> expect: set expect_out(buffer) " \r\nLast login:"
>
> send: sending "root\r" to { exp4 }
>
> expect: continuing expect
>
> You are just using a Cisco login/parsing script so it expects prompts
> from a Cisco device and in this case you have a *nix SSH banner that
> gets interrupted. I know you can use RANCID to backup *nix systems. So
> it knows how to understand connecting to a *nix system. You might want
> to try this email thread which asks about backing up Linux conifgs.
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> Or you could modify the existing f5login like so.
>
> I think you have to use the carrot before the () to work. I haven't
> checked this as I am at home and not on a UNIX system right now. Sorry
> to lazy to check it out right now. You might want to uncomment the line
> below 3. and comment out the line below 2. and see if that works. This
> is the only point in the code that I see it look for login in any line.
> If that doesn't work send me back the debug and I will see what I can
> do. I am sure some people that use expect more often then I can probably
> quickly tell you what to use as syntax there.
>
> # Figure out prompts
> set u_prompt [find userprompt $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt "^(Username|Login|login|user name):"
> #2. Modified to read for a line beginning with Username,Login,login, or
> user name.
> set u_prompt "^(Username|Login|login|user name):"
> #3. Modified to read for a line beginning with Login or login. but I
> may be wrong
> #set u_prompt "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join [lindex $u_prompt 0] ""]
>
>
> Let me know if this works for you.
>
> -Lance
>
> > -------- Original Message --------
> > Subject: Re: [rancid] F5 load balancer support
> > From: Sam Munzani
> > Date: Fri, July 13, 2007 2:30 pm
> > To: Lance
> > Cc: rancid-discuss at shrubbery.net
> >
> > Lance,
> >
> > F5 login works fine with a minor error.
> >
> > $ f5login test-f5-01
> > test-f5-01
> > spawn ssh -c 3des -x -l root test-f5-01
> > Password:
> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> > root
> > [root at test-f5-01:Active] config # root
> > -bash: root: command not found
> > [root at test-f5-01:Active] config #
> > [root at test-f5-01:Active] config #
> > [root at test-f5-01:Active] config #
> >
> > I don't know how to debug otherwise I would turn on debug too. If you
> > can provide some hints on debug, I would appreciate it.
> >
> > Thanks,
> > Sam
> > > What error(s) do you get when you try to run your f5rancid?
> > >
> > > Where does it fail if you debug your f5login?
> > >
> > >
> > > -lance
> > >
> > >
> > >> -------- Original Message --------
> > >> Subject: [rancid] F5 load balancer support
> > >> From: Sam Munzani
> > >> Date: Fri, July 13, 2007 12:45 pm
> > >> To: rancid-discuss at shrubbery.net
> > >>
> > >> Hi,
> > >>
> > >> Did anybody happened to hack one of Cisco scripts to support BigIP F5
> > >> boxes? It should be pretty simple. All I want to do is login and
> > type "b
> > >> list" which is equivalent of "show run" on cisco.
> > >>
> > >> However for some reason things not working. All I did was copied
> > clogin
> > >> to f5login, copied rancid to f5rancid and added following to
> > rancid-fe.
> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
> > >>
> > >> Then modified f5 rancid file and kept only one command in list of
> > >> commands "b list".
> > >>
> > >> For some reason its not working. I can post my configs here if
> > somebody
> > >> like to see them.
> > >>
> > >> Thanks,
> > >> Sam
> > >> _______________________________________________
> > >> Rancid-discuss mailing list
> > >> Rancid-discuss at shrubbery.net
> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >>
> > >
> > >
> > >
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
From smunzani at comcast.net Mon Jul 16 16:48:52 2007
From: smunzani at comcast.net (Sam Munzani)
Date: Mon, 16 Jul 2007 11:48:52 -0500
Subject: [rancid] Re: F5 load balancer support
In-Reply-To:
References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net>
Message-ID: <469BA174.1050902@comcast.net>
David,
Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?
Thanks,
Sam
> Thanks for this tip, turns out that this is also the reason the
> username gets entered at a prompt on the cisco IPS devices. Since it's
> using SSH and therefore doesn't need a username prompt, solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<- something that won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance wrote:
>> Sam,
>>
>> Have you tried using telnet to login, if the f5 has it enabled.
>> You may also want to set auto enable in your .cloginrc for this device
>> as it looks to clogin as you are already in a cisco equivalent equal to
>> enable since your prompt has a # sign in it.
>>
>> Looking at your next email along with this one it looks like you are
>> already in a cisco equivalent of enable after you login. f5login seems
>> to be sending your username of root as a command after you get connected
>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
>> 172.24.100.12" and it matches on the word "Login". See below.
>>
>> "(Username|Login|login|user name):"? yes
>>
>> expect: set expect_out(0,string) "login:"
>>
>> expect: set expect_out(1,string) "login"
>>
>> expect: set expect_out(spawn_id) "exp4"
>>
>> expect: set expect_out(buffer) " \r\nLast login:"
>>
>> send: sending "root\r" to { exp4 }
>>
>> expect: continuing expect
>>
>> You are just using a Cisco login/parsing script so it expects prompts
>> from a Cisco device and in this case you have a *nix SSH banner that
>> gets interrupted. I know you can use RANCID to backup *nix systems. So
>> it knows how to understand connecting to a *nix system. You might want
>> to try this email thread which asks about backing up Linux conifgs.
>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>>
>> Or you could modify the existing f5login like so.
>>
>> I think you have to use the carrot before the () to work. I haven't
>> checked this as I am at home and not on a UNIX system right now. Sorry
>> to lazy to check it out right now. You might want to uncomment the line
>> below 3. and comment out the line below 2. and see if that works. This
>> is the only point in the code that I see it look for login in any line.
>> If that doesn't work send me back the debug and I will see what I can
>> do. I am sure some people that use expect more often then I can probably
>> quickly tell you what to use as syntax there.
>>
>> # Figure out prompts
>> set u_prompt [find userprompt $router
>> if { "$u_prompt" == "" } {
>> #1. ORIGINAL
>> #set u_prompt "^(Username|Login|login|user name):"
>> #2. Modified to read for a line beginning with
>> Username,Login,login, or
>> user name.
>> set u_prompt "^(Username|Login|login|user name):"
>> #3. Modified to read for a line beginning with Login or login.
>> but I
>> may be wrong
>> #set u_prompt "^(Username|^Login|^login|user name):"
>> } else {
>> set u_prompt [join [lindex $u_prompt 0] ""]
>>
>>
>> Let me know if this works for you.
>>
>> -Lance
>>
>> > -------- Original Message --------
>> > Subject: Re: [rancid] F5 load balancer support
>> > From: Sam Munzani
>> > Date: Fri, July 13, 2007 2:30 pm
>> > To: Lance
>> > Cc: rancid-discuss at shrubbery.net
>> >
>> > Lance,
>> >
>> > F5 login works fine with a minor error.
>> >
>> > $ f5login test-f5-01
>> > test-f5-01
>> > spawn ssh -c 3des -x -l root test-f5-01
>> > Password:
>> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
>> > root
>> > [root at test-f5-01:Active] config # root
>> > -bash: root: command not found
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> >
>> > I don't know how to debug otherwise I would turn on debug too. If you
>> > can provide some hints on debug, I would appreciate it.
>> >
>> > Thanks,
>> > Sam
>> > > What error(s) do you get when you try to run your f5rancid?
>> > >
>> > > Where does it fail if you debug your f5login?
>> > >
>> > >
>> > > -lance
>> > >
>> > >
>> > >> -------- Original Message --------
>> > >> Subject: [rancid] F5 load balancer support
>> > >> From: Sam Munzani
>> > >> Date: Fri, July 13, 2007 12:45 pm
>> > >> To: rancid-discuss at shrubbery.net
>> > >>
>> > >> Hi,
>> > >>
>> > >> Did anybody happened to hack one of Cisco scripts to support
>> BigIP F5
>> > >> boxes? It should be pretty simple. All I want to do is login and
>> > type "b
>> > >> list" which is equivalent of "show run" on cisco.
>> > >>
>> > >> However for some reason things not working. All I did was copied
>> > clogin
>> > >> to f5login, copied rancid to f5rancid and added following to
>> > rancid-fe.
>> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>> $router); }
>> > >>
>> > >> Then modified f5 rancid file and kept only one command in list of
>> > >> commands "b list".
>> > >>
>> > >> For some reason its not working. I can post my configs here if
>> > somebody
>> > >> like to see them.
>> > >>
>> > >> Thanks,
>> > >> Sam
>> > >> _______________________________________________
>> > >> Rancid-discuss mailing list
>> > >> Rancid-discuss at shrubbery.net
>> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>> > >>
>> > >
>> > >
>> > >
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
From rancid at gheek.net Mon Jul 16 17:20:53 2007
From: rancid at gheek.net (Lance)
Date: Mon, 16 Jul 2007 10:20:53 -0700
Subject: [rancid] Re: F5 load balancer support
Message-ID: <20070716102053.8e114e4890519e5179c192e02d6bca26.ed552ed684.wbe@email.secureserver.net>
Sam,
What bldshgalsjd is the prompt is looks for before it sends the
username.
Example, if the the device prompted you for a username like so, you
would use the following.
Your User name:
#.cloginrc line
add userprompt f5* "Your User name:"
This would only send your username if it found the prompt of "Your User
name:" (minus the ""). So the likely hood that it will find bldshgalsjd
would be slim to almost impossible.
-lance
> -------- Original Message --------
> Subject: Re: [rancid] Re: F5 load balancer support
> From: Sam Munzani
> Date: Mon, July 16, 2007 9:48 am
> To: David Croft
> Cc: Lance , rancid-discuss at shrubbery.net
>
> David,
>
> Thanks a lot for the tip. This worked well. Now f5login goes much more
> cleaner and the "root" doesn't set sent again. I still have other issues
> where rancid-run is backing up config properly but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd" mean and how does it do
> this miracle?
>
> Thanks,
> Sam
> > Thanks for this tip, turns out that this is also the reason the
> > username gets entered at a prompt on the cisco IPS devices. Since it's
> > using SSH and therefore doesn't need a username prompt, solution was
> > to simply add in .cloginrc:
> >
> > add userprompt ids* bldshgalsjd (<- something that won't get sent
> > during login)
> >
> > Regards,
> >
> > David
> >
> > On 14/07/07, Lance wrote:
> >> Sam,
> >>
> >> Have you tried using telnet to login, if the f5 has it enabled.
> >> You may also want to set auto enable in your .cloginrc for this device
> >> as it looks to clogin as you are already in a cisco equivalent
> equal to
> >> enable since your prompt has a # sign in it.
> >>
> >> Looking at your next email along with this one it looks like you are
> >> already in a cisco equivalent of enable after you login. f5login seems
> >> to be sending your username of root as a command after you get
> connected
> >> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> >> 172.24.100.12" and it matches on the word "Login". See below.
> >>
> >> "(Username|Login|login|user name):"? yes
> >>
> >> expect: set expect_out(0,string) "login:"
> >>
> >> expect: set expect_out(1,string) "login"
> >>
> >> expect: set expect_out(spawn_id) "exp4"
> >>
> >> expect: set expect_out(buffer) " \r\nLast login:"
> >>
> >> send: sending "root\r" to { exp4 }
> >>
> >> expect: continuing expect
> >>
> >> You are just using a Cisco login/parsing script so it expects prompts
> >> from a Cisco device and in this case you have a *nix SSH banner that
> >> gets interrupted. I know you can use RANCID to backup *nix systems. So
> >> it knows how to understand connecting to a *nix system. You might want
> >> to try this email thread which asks about backing up Linux conifgs.
> >> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>
> >>
> >> Or you could modify the existing f5login like so.
> >>
> >> I think you have to use the carrot before the () to work. I haven't
> >> checked this as I am at home and not on a UNIX system right now. Sorry
> >> to lazy to check it out right now. You might want to uncomment the
> line
> >> below 3. and comment out the line below 2. and see if that works. This
> >> is the only point in the code that I see it look for login in any
> line.
> >> If that doesn't work send me back the debug and I will see what I can
> >> do. I am sure some people that use expect more often then I can
> probably
> >> quickly tell you what to use as syntax there.
> >>
> >> # Figure out prompts
> >> set u_prompt [find userprompt $router
> >> if { "$u_prompt" == "" } {
> >> #1. ORIGINAL
> >> #set u_prompt "^(Username|Login|login|user name):"
> >> #2. Modified to read for a line beginning with
> >> Username,Login,login, or
> >> user name.
> >> set u_prompt "^(Username|Login|login|user name):"
> >> #3. Modified to read for a line beginning with Login or login.
> >> but I
> >> may be wrong
> >> #set u_prompt "^(Username|^Login|^login|user name):"
> >> } else {
> >> set u_prompt [join [lindex $u_prompt 0] ""]
> >>
> >>
> >> Let me know if this works for you.
> >>
> >> -Lance
> >>
> >> > -------- Original Message --------
> >> > Subject: Re: [rancid] F5 load balancer support
> >> > From: Sam Munzani
> >> > Date: Fri, July 13, 2007 2:30 pm
> >> > To: Lance
> >> > Cc: rancid-discuss at shrubbery.net
> >> >
> >> > Lance,
> >> >
> >> > F5 login works fine with a minor error.
> >> >
> >> > $ f5login test-f5-01
> >> > test-f5-01
> >> > spawn ssh -c 3des -x -l root test-f5-01
> >> > Password:
> >> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> >> > root
> >> > [root at test-f5-01:Active] config # root
> >> > -bash: root: command not found
> >> > [root at test-f5-01:Active] config #
> >> > [root at test-f5-01:Active] config #
> >> > [root at test-f5-01:Active] config #
> >> >
> >> > I don't know how to debug otherwise I would turn on debug too. If
> you
> >> > can provide some hints on debug, I would appreciate it.
> >> >
> >> > Thanks,
> >> > Sam
> >> > > What error(s) do you get when you try to run your f5rancid?
> >> > >
> >> > > Where does it fail if you debug your f5login?
> >> > >
> >> > >
> >> > > -lance
> >> > >
> >> > >
> >> > >> -------- Original Message --------
> >> > >> Subject: [rancid] F5 load balancer support
> >> > >> From: Sam Munzani
> >> > >> Date: Fri, July 13, 2007 12:45 pm
> >> > >> To: rancid-discuss at shrubbery.net
> >> > >>
> >> > >> Hi,
> >> > >>
> >> > >> Did anybody happened to hack one of Cisco scripts to support
> >> BigIP F5
> >> > >> boxes? It should be pretty simple. All I want to do is login and
> >> > type "b
> >> > >> list" which is equivalent of "show run" on cisco.
> >> > >>
> >> > >> However for some reason things not working. All I did was copied
> >> > clogin
> >> > >> to f5login, copied rancid to f5rancid and added following to
> >> > rancid-fe.
> >> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
> >> $router); }
> >> > >>
> >> > >> Then modified f5 rancid file and kept only one command in list of
> >> > >> commands "b list".
> >> > >>
> >> > >> For some reason its not working. I can post my configs here if
> >> > somebody
> >> > >> like to see them.
> >> > >>
> >> > >> Thanks,
> >> > >> Sam
> >> > >> _______________________________________________
> >> > >> Rancid-discuss mailing list
> >> > >> Rancid-discuss at shrubbery.net
> >> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >> > >>
> >> > >
> >> > >
> >> > >
> >>
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>
> >
From smunzani at comcast.net Mon Jul 16 18:00:04 2007
From: smunzani at comcast.net (Sam Munzani)
Date: Mon, 16 Jul 2007 13:00:04 -0500
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <20070716102053.8e114e4890519e5179c192e02d6bca26.ed552ed684.wbe@email.secureserver.net>
References: <20070716102053.8e114e4890519e5179c192e02d6bca26.ed552ed684.wbe@email.secureserver.net>
Message-ID: <469BB224.2000609@comcast.net>
Lance,
That makes perfect sense. Thanks a lot for a very good logical explanation.
BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below.
# This routine processes a "write term"
sub BList {
print STDERR " In BList: $_" if ($debug);
my($lineauto,$comment,$linecnt) = (0,0,0);
while () {
tr/\015//d;
last if(/^$prompt/);
return(-1) if (/command not found/i);
$linecnt++;
$lineauto = 0 if (/^[^ ]/);
# some versions have other crap mixed in with the bits in the
}
# The ContentEngine lacks a definitive "end of config" marker. If we
# know that it is a CE and we have seen at least 5 lines of b list
# o/p, we can be reasonably sure that we got the config.
if ($linecnt > 5) {
$found_end = 1;
return(1);
}
return(0);
}
# dummy function
sub DoNothing {print STDOUT;}
# Main
%commands=(
'b list' => "BList"
);
# keys() doesnt return things in the order entered and the order of the
# cmds is important (show version first and write term last). pita
@commands=(
"b list"
);
$cisco_cmds=join(";", at commands);
$cmds_regexp=join("|", at commands);
All I did was changed "write term" to "b list" and changed function name
too. I also changed a little bit around finding the end of input
variable. However it still doesn't work. I get following in my logs.
starting: Mon Jul 16 12:49:05 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
!
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 12:49:32 CDT 2007
Any hints would be appreciated.
Thanks,
Sam
> Sam,
>
> What bldshgalsjd is the prompt is looks for before it sends the
> username.
>
> Example, if the the device prompted you for a username like so, you
> would use the following.
>
> Your User name:
>
> #.cloginrc line
> add userprompt f5* "Your User name:"
>
> This would only send your username if it found the prompt of "Your User
> name:" (minus the ""). So the likely hood that it will find bldshgalsjd
> would be slim to almost impossible.
>
> -lance
>
>
>> -------- Original Message --------
>> Subject: Re: [rancid] Re: F5 load balancer support
>> From: Sam Munzani
>> Date: Mon, July 16, 2007 9:48 am
>> To: David Croft
>> Cc: Lance , rancid-discuss at shrubbery.net
>>
>> David,
>>
>> Thanks a lot for the tip. This worked well. Now f5login goes much more
>> cleaner and the "root" doesn't set sent again. I still have other issues
>> where rancid-run is backing up config properly but I am still
>> troubleshooting it.
>>
>> Now here is a question. What does "bldshgalsjd" mean and how does it do
>> this miracle?
>>
>> Thanks,
>> Sam
>>
>>> Thanks for this tip, turns out that this is also the reason the
>>> username gets entered at a prompt on the cisco IPS devices. Since it's
>>> using SSH and therefore doesn't need a username prompt, solution was
>>> to simply add in .cloginrc:
>>>
>>> add userprompt ids* bldshgalsjd (<- something that won't get sent
>>> during login)
>>>
>>> Regards,
>>>
>>> David
>>>
>>> On 14/07/07, Lance wrote:
>>>
>>>> Sam,
>>>>
>>>> Have you tried using telnet to login, if the f5 has it enabled.
>>>> You may also want to set auto enable in your .cloginrc for this device
>>>> as it looks to clogin as you are already in a cisco equivalent
>>>>
>> equal to
>>
>>>> enable since your prompt has a # sign in it.
>>>>
>>>> Looking at your next email along with this one it looks like you are
>>>> already in a cisco equivalent of enable after you login. f5login seems
>>>> to be sending your username of root as a command after you get
>>>>
>> connected
>>
>>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
>>>> 172.24.100.12" and it matches on the word "Login". See below.
>>>>
>>>> "(Username|Login|login|user name):"? yes
>>>>
>>>> expect: set expect_out(0,string) "login:"
>>>>
>>>> expect: set expect_out(1,string) "login"
>>>>
>>>> expect: set expect_out(spawn_id) "exp4"
>>>>
>>>> expect: set expect_out(buffer) " \r\nLast login:"
>>>>
>>>> send: sending "root\r" to { exp4 }
>>>>
>>>> expect: continuing expect
>>>>
>>>> You are just using a Cisco login/parsing script so it expects prompts
>>>> from a Cisco device and in this case you have a *nix SSH banner that
>>>> gets interrupted. I know you can use RANCID to backup *nix systems. So
>>>> it knows how to understand connecting to a *nix system. You might want
>>>> to try this email thread which asks about backing up Linux conifgs.
>>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>>>>
>>>> Or you could modify the existing f5login like so.
>>>>
>>>> I think you have to use the carrot before the () to work. I haven't
>>>> checked this as I am at home and not on a UNIX system right now. Sorry
>>>> to lazy to check it out right now. You might want to uncomment the
>>>>
>> line
>>
>>>> below 3. and comment out the line below 2. and see if that works. This
>>>> is the only point in the code that I see it look for login in any
>>>>
>> line.
>>
>>>> If that doesn't work send me back the debug and I will see what I can
>>>> do. I am sure some people that use expect more often then I can
>>>>
>> probably
>>
>>>> quickly tell you what to use as syntax there.
>>>>
>>>> # Figure out prompts
>>>> set u_prompt [find userprompt $router
>>>> if { "$u_prompt" == "" } {
>>>> #1. ORIGINAL
>>>> #set u_prompt "^(Username|Login|login|user name):"
>>>> #2. Modified to read for a line beginning with
>>>> Username,Login,login, or
>>>> user name.
>>>> set u_prompt "^(Username|Login|login|user name):"
>>>> #3. Modified to read for a line beginning with Login or login.
>>>> but I
>>>> may be wrong
>>>> #set u_prompt "^(Username|^Login|^login|user name):"
>>>> } else {
>>>> set u_prompt [join [lindex $u_prompt 0] ""]
>>>>
>>>>
>>>> Let me know if this works for you.
>>>>
>>>> -Lance
>>>>
>>>>
>>>>> -------- Original Message --------
>>>>> Subject: Re: [rancid] F5 load balancer support
>>>>> From: Sam Munzani
>>>>> Date: Fri, July 13, 2007 2:30 pm
>>>>> To: Lance
>>>>> Cc: rancid-discuss at shrubbery.net
>>>>>
>>>>> Lance,
>>>>>
>>>>> F5 login works fine with a minor error.
>>>>>
>>>>> $ f5login test-f5-01
>>>>> test-f5-01
>>>>> spawn ssh -c 3des -x -l root test-f5-01
>>>>> Password:
>>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
>>>>> root
>>>>> [root at test-f5-01:Active] config # root
>>>>> -bash: root: command not found
>>>>> [root at test-f5-01:Active] config #
>>>>> [root at test-f5-01:Active] config #
>>>>> [root at test-f5-01:Active] config #
>>>>>
>>>>> I don't know how to debug otherwise I would turn on debug too. If
>>>>>
>> you
>>
>>>>> can provide some hints on debug, I would appreciate it.
>>>>>
>>>>> Thanks,
>>>>> Sam
>>>>>
>>>>>> What error(s) do you get when you try to run your f5rancid?
>>>>>>
>>>>>> Where does it fail if you debug your f5login?
>>>>>>
>>>>>>
>>>>>> -lance
>>>>>>
>>>>>>
>>>>>>
>>>>>>> -------- Original Message --------
>>>>>>> Subject: [rancid] F5 load balancer support
>>>>>>> From: Sam Munzani
>>>>>>> Date: Fri, July 13, 2007 12:45 pm
>>>>>>> To: rancid-discuss at shrubbery.net
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Did anybody happened to hack one of Cisco scripts to support
>>>>>>>
>>>> BigIP F5
>>>>
>>>>>>> boxes? It should be pretty simple. All I want to do is login and
>>>>>>>
>>>>> type "b
>>>>>
>>>>>>> list" which is equivalent of "show run" on cisco.
>>>>>>>
>>>>>>> However for some reason things not working. All I did was copied
>>>>>>>
>>>>> clogin
>>>>>
>>>>>>> to f5login, copied rancid to f5rancid and added following to
>>>>>>>
>>>>> rancid-fe.
>>>>>
>>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>>>>>>>
>>>> $router); }
>>>>
>>>>>>> Then modified f5 rancid file and kept only one command in list of
>>>>>>> commands "b list".
>>>>>>>
>>>>>>> For some reason its not working. I can post my configs here if
>>>>>>>
>>>>> somebody
>>>>>
>>>>>>> like to see them.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Sam
>>>>>>> _______________________________________________
>>>>>>> Rancid-discuss mailing list
>>>>>>> Rancid-discuss at shrubbery.net
>>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>
>>>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/dfdac047/attachment.html
From sam at munzani.com Mon Jul 16 16:57:33 2007
From: sam at munzani.com (Sam Munzani)
Date: Mon, 16 Jul 2007 11:57:33 -0500
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <469BA174.1050902@comcast.net>
References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net>
<469BA174.1050902@comcast.net>
Message-ID: <469BA37D.4070107@munzani.com>
BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
> David,
>
> Thanks a lot for the tip. This worked well. Now f5login goes much more
> cleaner and the "root" doesn't set sent again. I still have other issues
> where rancid-run is backing up config properly but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd" mean and how does it do
> this miracle?
>
> Thanks,
> Sam
>
>> Thanks for this tip, turns out that this is also the reason the
>> username gets entered at a prompt on the cisco IPS devices. Since it's
>> using SSH and therefore doesn't need a username prompt, solution was
>> to simply add in .cloginrc:
>>
>> add userprompt ids* bldshgalsjd (<- something that won't get sent
>> during login)
>>
>> Regards,
>>
>> David
>>
>> On 14/07/07, Lance wrote:
>>
>>> Sam,
>>>
>>> Have you tried using telnet to login, if the f5 has it enabled.
>>> You may also want to set auto enable in your .cloginrc for this device
>>> as it looks to clogin as you are already in a cisco equivalent equal to
>>> enable since your prompt has a # sign in it.
>>>
>>> Looking at your next email along with this one it looks like you are
>>> already in a cisco equivalent of enable after you login. f5login seems
>>> to be sending your username of root as a command after you get connected
>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
>>> 172.24.100.12" and it matches on the word "Login". See below.
>>>
>>> "(Username|Login|login|user name):"? yes
>>>
>>> expect: set expect_out(0,string) "login:"
>>>
>>> expect: set expect_out(1,string) "login"
>>>
>>> expect: set expect_out(spawn_id) "exp4"
>>>
>>> expect: set expect_out(buffer) " \r\nLast login:"
>>>
>>> send: sending "root\r" to { exp4 }
>>>
>>> expect: continuing expect
>>>
>>> You are just using a Cisco login/parsing script so it expects prompts
>>> from a Cisco device and in this case you have a *nix SSH banner that
>>> gets interrupted. I know you can use RANCID to backup *nix systems. So
>>> it knows how to understand connecting to a *nix system. You might want
>>> to try this email thread which asks about backing up Linux conifgs.
>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>>>
>>> Or you could modify the existing f5login like so.
>>>
>>> I think you have to use the carrot before the () to work. I haven't
>>> checked this as I am at home and not on a UNIX system right now. Sorry
>>> to lazy to check it out right now. You might want to uncomment the line
>>> below 3. and comment out the line below 2. and see if that works. This
>>> is the only point in the code that I see it look for login in any line.
>>> If that doesn't work send me back the debug and I will see what I can
>>> do. I am sure some people that use expect more often then I can probably
>>> quickly tell you what to use as syntax there.
>>>
>>> # Figure out prompts
>>> set u_prompt [find userprompt $router
>>> if { "$u_prompt" == "" } {
>>> #1. ORIGINAL
>>> #set u_prompt "^(Username|Login|login|user name):"
>>> #2. Modified to read for a line beginning with
>>> Username,Login,login, or
>>> user name.
>>> set u_prompt "^(Username|Login|login|user name):"
>>> #3. Modified to read for a line beginning with Login or login.
>>> but I
>>> may be wrong
>>> #set u_prompt "^(Username|^Login|^login|user name):"
>>> } else {
>>> set u_prompt [join [lindex $u_prompt 0] ""]
>>>
>>>
>>> Let me know if this works for you.
>>>
>>> -Lance
>>>
>>>
>>>> -------- Original Message --------
>>>> Subject: Re: [rancid] F5 load balancer support
>>>> From: Sam Munzani
>>>> Date: Fri, July 13, 2007 2:30 pm
>>>> To: Lance
>>>> Cc: rancid-discuss at shrubbery.net
>>>>
>>>> Lance,
>>>>
>>>> F5 login works fine with a minor error.
>>>>
>>>> $ f5login test-f5-01
>>>> test-f5-01
>>>> spawn ssh -c 3des -x -l root test-f5-01
>>>> Password:
>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
>>>> root
>>>> [root at test-f5-01:Active] config # root
>>>> -bash: root: command not found
>>>> [root at test-f5-01:Active] config #
>>>> [root at test-f5-01:Active] config #
>>>> [root at test-f5-01:Active] config #
>>>>
>>>> I don't know how to debug otherwise I would turn on debug too. If you
>>>> can provide some hints on debug, I would appreciate it.
>>>>
>>>> Thanks,
>>>> Sam
>>>>
>>>>> What error(s) do you get when you try to run your f5rancid?
>>>>>
>>>>> Where does it fail if you debug your f5login?
>>>>>
>>>>>
>>>>> -lance
>>>>>
>>>>>
>>>>>
>>>>>> -------- Original Message --------
>>>>>> Subject: [rancid] F5 load balancer support
>>>>>> From: Sam Munzani
>>>>>> Date: Fri, July 13, 2007 12:45 pm
>>>>>> To: rancid-discuss at shrubbery.net
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Did anybody happened to hack one of Cisco scripts to support
>>>>>>
>>> BigIP F5
>>>
>>>>>> boxes? It should be pretty simple. All I want to do is login and
>>>>>>
>>>> type "b
>>>>
>>>>>> list" which is equivalent of "show run" on cisco.
>>>>>>
>>>>>> However for some reason things not working. All I did was copied
>>>>>>
>>>> clogin
>>>>
>>>>>> to f5login, copied rancid to f5rancid and added following to
>>>>>>
>>>> rancid-fe.
>>>>
>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>>>>>>
>>> $router); }
>>>
>>>>>> Then modified f5 rancid file and kept only one command in list of
>>>>>> commands "b list".
>>>>>>
>>>>>> For some reason its not working. I can post my configs here if
>>>>>>
>>>> somebody
>>>>
>>>>>> like to see them.
>>>>>>
>>>>>> Thanks,
>>>>>> Sam
>>>>>> _______________________________________________
>>>>>> Rancid-discuss mailing list
>>>>>> Rancid-discuss at shrubbery.net
>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>>
>>>>>>
>>>>>
>>>>>
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/36447911/attachment.html
From rancid at gheek.net Mon Jul 16 18:54:53 2007
From: rancid at gheek.net (Lance)
Date: Mon, 16 Jul 2007 11:54:53 -0700
Subject: [rancid] Re: F5 load balancer support
Message-ID: <20070716115452.8e114e4890519e5179c192e02d6bca26.9b57f25956.wbe@email.secureserver.net>
Sam,
Is that the whole file? Attach the whole file to make sure you aren't
missing anything.
Does the f5 have a pager of sort? Meaning if you run b list does it have
a <-- More --> prompt or anything else other than the config that may
show up?
Email me your IM names and we might be able to solve it faster and then
post back to the list?
-lance
> -------- Original Message --------
> Subject: Re: [rancid] Re: F5 load balancer support
> From: Sam Munzani
> Date: Mon, July 16, 2007 11:00 am
> To: Lance
> Cc: rancid-discuss at shrubbery.net, David Croft
>
> Lance,
>
> That makes perfect sense. Thanks a lot for a very good logical
> explanation.
>
> BTW, this is what I did in f5rancid(a copy of rancid). Modified it as
> below.
>
> # This routine processes a "write term"
> sub BList {
> print STDERR " In BList: $_" if ($debug);
> my($lineauto,$comment,$linecnt) = (0,0,0);
>
> while () {
> tr/\015//d;
> last if(/^$prompt/);
> return(-1) if (/command not found/i);
> $linecnt++;
> $lineauto = 0 if (/^[^ ]/);
> # some versions have other crap mixed in with the bits in the
>
> }
> # The ContentEngine lacks a definitive "end of config" marker. If we
> # know that it is a CE and we have seen at least 5 lines of b list
> # o/p, we can be reasonably sure that we got the config.
> if ($linecnt > 5) {
> $found_end = 1;
> return(1);
> }
>
> return(0);
> }
>
> # dummy function
> sub DoNothing {print STDOUT;}
>
> # Main
> %commands=(
> 'b list' => "BList"
> );
> # keys() doesnt return things in the order entered and the order of the
> # cmds is important (show version first and write term last). pita
> @commands=(
> "b list"
> );
> $cisco_cmds=join(";", at commands);
> $cmds_regexp=join("|", at commands);
>
> All I did was changed "write term" to "b list" and changed function name
> too. I also changed a little bit around finding the end of input
> variable. However it still doesn't work. I get following in my logs.
>
> starting: Mon Jul 16 12:49:05 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> !
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 12:49:32 CDT 2007
>
> Any hints would be appreciated.
>
> Thanks,
> Sam
> > Sam,
> >
> > What bldshgalsjd is the prompt is looks for before it sends the
> > username.
> >
> > Example, if the the device prompted you for a username like so, you
> > would use the following.
> >
> > Your User name:
> >
> > #.cloginrc line
> > add userprompt f5* "Your User name:"
> >
> > This would only send your username if it found the prompt of "Your User
> > name:" (minus the ""). So the likely hood that it will find bldshgalsjd
> > would be slim to almost impossible.
> >
> > -lance
> >
> >
> >> -------- Original Message --------
> >> Subject: Re: [rancid] Re: F5 load balancer support
> >> From: Sam Munzani
> >> Date: Mon, July 16, 2007 9:48 am
> >> To: David Croft
> >> Cc: Lance , rancid-discuss at shrubbery.net
> >>
> >> David,
> >>
> >> Thanks a lot for the tip. This worked well. Now f5login goes much
> more
> >> cleaner and the "root" doesn't set sent again. I still have other
> issues
> >> where rancid-run is backing up config properly but I am still
> >> troubleshooting it.
> >>
> >> Now here is a question. What does "bldshgalsjd" mean and how does
> it do
> >> this miracle?
> >>
> >> Thanks,
> >> Sam
> >>
> >>> Thanks for this tip, turns out that this is also the reason the
> >>> username gets entered at a prompt on the cisco IPS devices. Since
> it's
> >>> using SSH and therefore doesn't need a username prompt, solution was
> >>> to simply add in .cloginrc:
> >>>
> >>> add userprompt ids* bldshgalsjd (<- something that won't get sent
> >>> during login)
> >>>
> >>> Regards,
> >>>
> >>> David
> >>>
> >>> On 14/07/07, Lance wrote:
> >>>
> >>>> Sam,
> >>>>
> >>>> Have you tried using telnet to login, if the f5 has it enabled.
> >>>> You may also want to set auto enable in your .cloginrc for this
> device
> >>>> as it looks to clogin as you are already in a cisco equivalent
> >>>>
> >> equal to
> >>
> >>>> enable since your prompt has a # sign in it.
> >>>>
> >>>> Looking at your next email along with this one it looks like you are
> >>>> already in a cisco equivalent of enable after you login. f5login
> seems
> >>>> to be sending your username of root as a command after you get
> >>>>
> >> connected
> >>
> >>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> >>>> 172.24.100.12" and it matches on the word "Login". See below.
> >>>>
> >>>> "(Username|Login|login|user name):"? yes
> >>>>
> >>>> expect: set expect_out(0,string) "login:"
> >>>>
> >>>> expect: set expect_out(1,string) "login"
> >>>>
> >>>> expect: set expect_out(spawn_id) "exp4"
> >>>>
> >>>> expect: set expect_out(buffer) " \r\nLast login:"
> >>>>
> >>>> send: sending "root\r" to { exp4 }
> >>>>
> >>>> expect: continuing expect
> >>>>
> >>>> You are just using a Cisco login/parsing script so it expects
> prompts
> >>>> from a Cisco device and in this case you have a *nix SSH banner that
> >>>> gets interrupted. I know you can use RANCID to backup *nix
> systems. So
> >>>> it knows how to understand connecting to a *nix system. You might
> want
> >>>> to try this email thread which asks about backing up Linux conifgs.
> >>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> >>>>
> >>>> Or you could modify the existing f5login like so.
> >>>>
> >>>> I think you have to use the carrot before the () to work. I haven't
> >>>> checked this as I am at home and not on a UNIX system right now.
> Sorry
> >>>> to lazy to check it out right now. You might want to uncomment the
> >>>>
> >> line
> >>
> >>>> below 3. and comment out the line below 2. and see if that works.
> This
> >>>> is the only point in the code that I see it look for login in any
> >>>>
> >> line.
> >>
> >>>> If that doesn't work send me back the debug and I will see what I
> can
> >>>> do. I am sure some people that use expect more often then I can
> >>>>
> >> probably
> >>
> >>>> quickly tell you what to use as syntax there.
> >>>>
> >>>> # Figure out prompts
> >>>> set u_prompt [find userprompt $router
> >>>> if { "$u_prompt" == "" } {
> >>>> #1. ORIGINAL
> >>>> #set u_prompt "^(Username|Login|login|user name):"
> >>>> #2. Modified to read for a line beginning with
> >>>> Username,Login,login, or
> >>>> user name.
> >>>> set u_prompt "^(Username|Login|login|user name):"
> >>>> #3. Modified to read for a line beginning with Login or
> login.
> >>>> but I
> >>>> may be wrong
> >>>> #set u_prompt "^(Username|^Login|^login|user name):"
> >>>> } else {
> >>>> set u_prompt [join [lindex $u_prompt 0] ""]
> >>>>
> >>>>
> >>>> Let me know if this works for you.
> >>>>
> >>>> -Lance
> >>>>
> >>>>
> >>>>> -------- Original Message --------
> >>>>> Subject: Re: [rancid] F5 load balancer support
> >>>>> From: Sam Munzani
> >>>>> Date: Fri, July 13, 2007 2:30 pm
> >>>>> To: Lance
> >>>>> Cc: rancid-discuss at shrubbery.net
> >>>>>
> >>>>> Lance,
> >>>>>
> >>>>> F5 login works fine with a minor error.
> >>>>>
> >>>>> $ f5login test-f5-01
> >>>>> test-f5-01
> >>>>> spawn ssh -c 3des -x -l root test-f5-01
> >>>>> Password:
> >>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> >>>>> root
> >>>>> [root at test-f5-01:Active] config # root
> >>>>> -bash: root: command not found
> >>>>> [root at test-f5-01:Active] config #
> >>>>> [root at test-f5-01:Active] config #
> >>>>> [root at test-f5-01:Active] config #
> >>>>>
> >>>>> I don't know how to debug otherwise I would turn on debug too. If
> >>>>>
> >> you
> >>
> >>>>> can provide some hints on debug, I would appreciate it.
> >>>>>
> >>>>> Thanks,
> >>>>> Sam
> >>>>>
> >>>>>> What error(s) do you get when you try to run your f5rancid?
> >>>>>>
> >>>>>> Where does it fail if you debug your f5login?
> >>>>>>
> >>>>>>
> >>>>>> -lance
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> -------- Original Message --------
> >>>>>>> Subject: [rancid] F5 load balancer support
> >>>>>>> From: Sam Munzani
> >>>>>>> Date: Fri, July 13, 2007 12:45 pm
> >>>>>>> To: rancid-discuss at shrubbery.net
> >>>>>>>
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> Did anybody happened to hack one of Cisco scripts to support
> >>>>>>>
> >>>> BigIP F5
> >>>>
> >>>>>>> boxes? It should be pretty simple. All I want to do is login and
> >>>>>>>
> >>>>> type "b
> >>>>>
> >>>>>>> list" which is equivalent of "show run" on cisco.
> >>>>>>>
> >>>>>>> However for some reason things not working. All I did was copied
> >>>>>>>
> >>>>> clogin
> >>>>>
> >>>>>>> to f5login, copied rancid to f5rancid and added following to
> >>>>>>>
> >>>>> rancid-fe.
> >>>>>
> >>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
> >>>>>>>
> >>>> $router); }
> >>>>
> >>>>>>> Then modified f5 rancid file and kept only one command in list of
> >>>>>>> commands "b list".
> >>>>>>>
> >>>>>>> For some reason its not working. I can post my configs here if
> >>>>>>>
> >>>>> somebody
> >>>>>
> >>>>>>> like to see them.
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>> Sam
> >>>>>>> _______________________________________________
> >>>>>>> Rancid-discuss mailing list
> >>>>>>> Rancid-discuss at shrubbery.net
> >>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>> _______________________________________________
> >>>> Rancid-discuss mailing list
> >>>> Rancid-discuss at shrubbery.net
> >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>
> >>>>
> >
> >
> >
From heas at shrubbery.net Mon Jul 16 21:55:57 2007
From: heas at shrubbery.net (john heasley)
Date: Mon, 16 Jul 2007 21:55:57 +0000
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <469BB224.2000609@comcast.net>
References: <20070716102053.8e114e4890519e5179c192e02d6bca26.ed552ed684.wbe@email.secureserver.net>
<469BB224.2000609@comcast.net>
Message-ID: <20070716215557.GT8752@shrubbery.net>
A user gave me access to a f5, but I ran out of time and access was removed.
So, I have a nearly complete script for it that I'd like to be completed.
I'll send it to you separately.
Mon, Jul 16, 2007 at 01:00:04PM -0500, Sam Munzani:
> Lance,
>
> That makes perfect sense. Thanks a lot for a very good logical explanation.
>
> BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below.
>
> # This routine processes a "write term"
> sub BList {
> print STDERR " In BList: $_" if ($debug);
> my($lineauto,$comment,$linecnt) = (0,0,0);
>
> while () {
> tr/\015//d;
> last if(/^$prompt/);
> return(-1) if (/command not found/i);
> $linecnt++;
> $lineauto = 0 if (/^[^ ]/);
> # some versions have other crap mixed in with the bits in the
>
> }
> # The ContentEngine lacks a definitive "end of config" marker. If we
> # know that it is a CE and we have seen at least 5 lines of b list
> # o/p, we can be reasonably sure that we got the config.
> if ($linecnt > 5) {
> $found_end = 1;
> return(1);
> }
>
> return(0);
> }
>
> # dummy function
> sub DoNothing {print STDOUT;}
>
> # Main
> %commands=(
> 'b list' => "BList"
> );
> # keys() doesnt return things in the order entered and the order of the
> # cmds is important (show version first and write term last). pita
> @commands=(
> "b list"
> );
> $cisco_cmds=join(";", at commands);
> $cmds_regexp=join("|", at commands);
>
> All I did was changed "write term" to "b list" and changed function name
> too. I also changed a little bit around finding the end of input
> variable. However it still doesn't work. I get following in my logs.
>
> starting: Mon Jul 16 12:49:05 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> !
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 12:49:32 CDT 2007
>
> Any hints would be appreciated.
>
> Thanks,
> Sam
> >Sam,
> >
> >What bldshgalsjd is the prompt is looks for before it sends the
> >username.
> >
> >Example, if the the device prompted you for a username like so, you
> >would use the following.
> >
> >Your User name:
> >
> >#.cloginrc line
> >add userprompt f5* "Your User name:"
> >
> >This would only send your username if it found the prompt of "Your User
> >name:" (minus the ""). So the likely hood that it will find bldshgalsjd
> >would be slim to almost impossible.
> >
> >-lance
> >
> >
> >>-------- Original Message --------
> >>Subject: Re: [rancid] Re: F5 load balancer support
> >>From: Sam Munzani
> >>Date: Mon, July 16, 2007 9:48 am
> >>To: David Croft
> >>Cc: Lance , rancid-discuss at shrubbery.net
> >>
> >>David,
> >>
> >>Thanks a lot for the tip. This worked well. Now f5login goes much more
> >>cleaner and the "root" doesn't set sent again. I still have other issues
> >>where rancid-run is backing up config properly but I am still
> >>troubleshooting it.
> >>
> >>Now here is a question. What does "bldshgalsjd" mean and how does it do
> >>this miracle?
> >>
> >>Thanks,
> >>Sam
> >>
> >>>Thanks for this tip, turns out that this is also the reason the
> >>>username gets entered at a prompt on the cisco IPS devices. Since it's
> >>>using SSH and therefore doesn't need a username prompt, solution was
> >>>to simply add in .cloginrc:
> >>>
> >>>add userprompt ids* bldshgalsjd (<- something that won't get sent
> >>>during login)
> >>>
> >>>Regards,
> >>>
> >>>David
> >>>
> >>>On 14/07/07, Lance wrote:
> >>>
> >>>>Sam,
> >>>>
> >>>>Have you tried using telnet to login, if the f5 has it enabled.
> >>>>You may also want to set auto enable in your .cloginrc for this device
> >>>>as it looks to clogin as you are already in a cisco equivalent
> >>>>
> >>equal to
> >>
> >>>>enable since your prompt has a # sign in it.
> >>>>
> >>>>Looking at your next email along with this one it looks like you are
> >>>>already in a cisco equivalent of enable after you login. f5login seems
> >>>>to be sending your username of root as a command after you get
> >>>>
> >>connected
> >>
> >>>>because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> >>>>172.24.100.12" and it matches on the word "Login". See below.
> >>>>
> >>>>"(Username|Login|login|user name):"? yes
> >>>>
> >>>>expect: set expect_out(0,string) "login:"
> >>>>
> >>>>expect: set expect_out(1,string) "login"
> >>>>
> >>>>expect: set expect_out(spawn_id) "exp4"
> >>>>
> >>>>expect: set expect_out(buffer) " \r\nLast login:"
> >>>>
> >>>>send: sending "root\r" to { exp4 }
> >>>>
> >>>>expect: continuing expect
> >>>>
> >>>>You are just using a Cisco login/parsing script so it expects prompts
> >>>>from a Cisco device and in this case you have a *nix SSH banner that
> >>>>gets interrupted. I know you can use RANCID to backup *nix systems. So
> >>>>it knows how to understand connecting to a *nix system. You might want
> >>>>to try this email thread which asks about backing up Linux conifgs.
> >>>>"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> >>>>
> >>>>Or you could modify the existing f5login like so.
> >>>>
> >>>>I think you have to use the carrot before the () to work. I haven't
> >>>>checked this as I am at home and not on a UNIX system right now. Sorry
> >>>>to lazy to check it out right now. You might want to uncomment the
> >>>>
> >>line
> >>
> >>>>below 3. and comment out the line below 2. and see if that works. This
> >>>>is the only point in the code that I see it look for login in any
> >>>>
> >>line.
> >>
> >>>>If that doesn't work send me back the debug and I will see what I can
> >>>>do. I am sure some people that use expect more often then I can
> >>>>
> >>probably
> >>
> >>>>quickly tell you what to use as syntax there.
> >>>>
> >>>># Figure out prompts
> >>>> set u_prompt [find userprompt $router
> >>>>if { "$u_prompt" == "" } {
> >>>> #1. ORIGINAL
> >>>> #set u_prompt "^(Username|Login|login|user name):"
> >>>> #2. Modified to read for a line beginning with
> >>>>Username,Login,login, or
> >>>>user name.
> >>>> set u_prompt "^(Username|Login|login|user name):"
> >>>> #3. Modified to read for a line beginning with Login or login.
> >>>>but I
> >>>>may be wrong
> >>>> #set u_prompt "^(Username|^Login|^login|user name):"
> >>>> } else {
> >>>> set u_prompt [join [lindex $u_prompt 0] ""]
> >>>>
> >>>>
> >>>>Let me know if this works for you.
> >>>>
> >>>>-Lance
> >>>>
> >>>>
> >>>>>-------- Original Message --------
> >>>>>Subject: Re: [rancid] F5 load balancer support
> >>>>>From: Sam Munzani
> >>>>>Date: Fri, July 13, 2007 2:30 pm
> >>>>>To: Lance
> >>>>>Cc: rancid-discuss at shrubbery.net
> >>>>>
> >>>>>Lance,
> >>>>>
> >>>>>F5 login works fine with a minor error.
> >>>>>
> >>>>>$ f5login test-f5-01
> >>>>>test-f5-01
> >>>>>spawn ssh -c 3des -x -l root test-f5-01
> >>>>>Password:
> >>>>>Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> >>>>>root
> >>>>>[root at test-f5-01:Active] config # root
> >>>>>-bash: root: command not found
> >>>>>[root at test-f5-01:Active] config #
> >>>>>[root at test-f5-01:Active] config #
> >>>>>[root at test-f5-01:Active] config #
> >>>>>
> >>>>>I don't know how to debug otherwise I would turn on debug too. If
> >>>>>
> >>you
> >>
> >>>>>can provide some hints on debug, I would appreciate it.
> >>>>>
> >>>>>Thanks,
> >>>>>Sam
> >>>>>
> >>>>>>What error(s) do you get when you try to run your f5rancid?
> >>>>>>
> >>>>>>Where does it fail if you debug your f5login?
> >>>>>>
> >>>>>>
> >>>>>>-lance
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>-------- Original Message --------
> >>>>>>>Subject: [rancid] F5 load balancer support
> >>>>>>>From: Sam Munzani
> >>>>>>>Date: Fri, July 13, 2007 12:45 pm
> >>>>>>>To: rancid-discuss at shrubbery.net
> >>>>>>>
> >>>>>>>Hi,
> >>>>>>>
> >>>>>>>Did anybody happened to hack one of Cisco scripts to support
> >>>>>>>
> >>>>BigIP F5
> >>>>
> >>>>>>>boxes? It should be pretty simple. All I want to do is login and
> >>>>>>>
> >>>>>type "b
> >>>>>
> >>>>>>>list" which is equivalent of "show run" on cisco.
> >>>>>>>
> >>>>>>>However for some reason things not working. All I did was copied
> >>>>>>>
> >>>>>clogin
> >>>>>
> >>>>>>>to f5login, copied rancid to f5rancid and added following to
> >>>>>>>
> >>>>>rancid-fe.
> >>>>>
> >>>>>>>elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
> >>>>>>>
> >>>>$router); }
> >>>>
> >>>>>>>Then modified f5 rancid file and kept only one command in list of
> >>>>>>>commands "b list".
> >>>>>>>
> >>>>>>>For some reason its not working. I can post my configs here if
> >>>>>>>
> >>>>>somebody
> >>>>>
> >>>>>>>like to see them.
> >>>>>>>
> >>>>>>>Thanks,
> >>>>>>>Sam
> >>>>>>>_______________________________________________
> >>>>>>>Rancid-discuss mailing list
> >>>>>>>Rancid-discuss at shrubbery.net
> >>>>>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>_______________________________________________
> >>>>Rancid-discuss mailing list
> >>>>Rancid-discuss at shrubbery.net
> >>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>
> >>>>
> >
> >
> >
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From rancid at gheek.net Mon Jul 16 22:22:15 2007
From: rancid at gheek.net (Lance)
Date: Mon, 16 Jul 2007 15:22:15 -0700
Subject: [rancid] Re: F5 load balancer support
Message-ID: <20070716152215.8e114e4890519e5179c192e02d6bca26.d54bb90ca5.wbe@email.secureserver.net>
Nice that should be helpful. I just wish I had access to an F5 still. 2
years ago I did, now I don't as I changed companies. hehe.
-Lance
> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: john heasley
> Date: Mon, July 16, 2007 2:55 pm
> To: Sam Munzani
> Cc: rancid-discuss at shrubbery.net
>
> A user gave me access to a f5, but I ran out of time and access was
> removed.
> So, I have a nearly complete script for it that I'd like to be completed.
> I'll send it to you separately.
>
> Mon, Jul 16, 2007 at 01:00:04PM -0500, Sam Munzani:
> > Lance,
> >
> > That makes perfect sense. Thanks a lot for a very good logical
> explanation.
> >
> > BTW, this is what I did in f5rancid(a copy of rancid). Modified it
> as below.
> >
> > # This routine processes a "write term"
> > sub BList {
> > print STDERR " In BList: $_" if ($debug);
> > my($lineauto,$comment,$linecnt) = (0,0,0);
> >
> > while () {
> > tr/\015//d;
> > last if(/^$prompt/);
> > return(-1) if (/command not found/i);
> > $linecnt++;
> > $lineauto = 0 if (/^[^ ]/);
> > # some versions have other crap mixed in with the bits in the
> >
> > }
> > # The ContentEngine lacks a definitive "end of config" marker.
> If we
> > # know that it is a CE and we have seen at least 5 lines of b list
> > # o/p, we can be reasonably sure that we got the config.
> > if ($linecnt > 5) {
> > $found_end = 1;
> > return(1);
> > }
> >
> > return(0);
> > }
> >
> > # dummy function
> > sub DoNothing {print STDOUT;}
> >
> > # Main
> > %commands=(
> > 'b list' => "BList"
> > );
> > # keys() doesnt return things in the order entered and the order of the
> > # cmds is important (show version first and write term last). pita
> > @commands=(
> > "b list"
> > );
> > $cisco_cmds=join(";", at commands);
> > $cmds_regexp=join("|", at commands);
> >
> > All I did was changed "write term" to "b list" and changed function
> name
> > too. I also changed a little bit around finding the end of input
> > variable. However it still doesn't work. I get following in my logs.
> >
> > starting: Mon Jul 16 12:49:05 CDT 2007
> >
> >
> >
> > Trying to get all of the configs.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 1.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 2.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 3.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 4.
> > test-f5-01: End of run not found
> > !
> >
> > cvs diff: Diffing .
> > cvs diff: Diffing configs
> > cvs diff: cannot find configs/test-f5-01
> > cvs commit: Examining .
> > cvs commit: Examining configs
> > cvs commit: Up-to-date check failed for `configs/test-f5-01'
> > cvs [commit aborted]: correct above errors first!
> > ls: test-f5-01: No such file or directory
> >
> > ending: Mon Jul 16 12:49:32 CDT 2007
> >
> > Any hints would be appreciated.
> >
> > Thanks,
> > Sam
> > >Sam,
> > >
> > >What bldshgalsjd is the prompt is looks for before it sends the
> > >username.
> > >
> > >Example, if the the device prompted you for a username like so, you
> > >would use the following.
> > >
> > >Your User name:
> > >
> > >#.cloginrc line
> > >add userprompt f5* "Your User name:"
> > >
> > >This would only send your username if it found the prompt of "Your
> User
> > >name:" (minus the ""). So the likely hood that it will find
> bldshgalsjd
> > >would be slim to almost impossible.
> > >
> > >-lance
> > >
> > >
> > >>-------- Original Message --------
> > >>Subject: Re: [rancid] Re: F5 load balancer support
> > >>From: Sam Munzani
> > >>Date: Mon, July 16, 2007 9:48 am
> > >>To: David Croft
> > >>Cc: Lance , rancid-discuss at shrubbery.net
> > >>
> > >>David,
> > >>
> > >>Thanks a lot for the tip. This worked well. Now f5login goes much
> more
> > >>cleaner and the "root" doesn't set sent again. I still have other
> issues
> > >>where rancid-run is backing up config properly but I am still
> > >>troubleshooting it.
> > >>
> > >>Now here is a question. What does "bldshgalsjd" mean and how does
> it do
> > >>this miracle?
> > >>
> > >>Thanks,
> > >>Sam
> > >>
> > >>>Thanks for this tip, turns out that this is also the reason the
> > >>>username gets entered at a prompt on the cisco IPS devices. Since
> it's
> > >>>using SSH and therefore doesn't need a username prompt, solution was
> > >>>to simply add in .cloginrc:
> > >>>
> > >>>add userprompt ids* bldshgalsjd (<- something that won't get sent
> > >>>during login)
> > >>>
> > >>>Regards,
> > >>>
> > >>>David
> > >>>
> > >>>On 14/07/07, Lance wrote:
> > >>>
> > >>>>Sam,
> > >>>>
> > >>>>Have you tried using telnet to login, if the f5 has it enabled.
> > >>>>You may also want to set auto enable in your .cloginrc for this
> device
> > >>>>as it looks to clogin as you are already in a cisco equivalent
> > >>>>
> > >>equal to
> > >>
> > >>>>enable since your prompt has a # sign in it.
> > >>>>
> > >>>>Looking at your next email along with this one it looks like you
> are
> > >>>>already in a cisco equivalent of enable after you login. f5login
> seems
> > >>>>to be sending your username of root as a command after you get
> > >>>>
> > >>connected
> > >>
> > >>>>because it sees this line "Last login: Fri Jul 13 14:38:03 2007
> from
> > >>>>172.24.100.12" and it matches on the word "Login". See below.
> > >>>>
> > >>>>"(Username|Login|login|user name):"? yes
> > >>>>
> > >>>>expect: set expect_out(0,string) "login:"
> > >>>>
> > >>>>expect: set expect_out(1,string) "login"
> > >>>>
> > >>>>expect: set expect_out(spawn_id) "exp4"
> > >>>>
> > >>>>expect: set expect_out(buffer) " \r\nLast login:"
> > >>>>
> > >>>>send: sending "root\r" to { exp4 }
> > >>>>
> > >>>>expect: continuing expect
> > >>>>
> > >>>>You are just using a Cisco login/parsing script so it expects
> prompts
> > >>>>from a Cisco device and in this case you have a *nix SSH banner
> that
> > >>>>gets interrupted. I know you can use RANCID to backup *nix
> systems. So
> > >>>>it knows how to understand connecting to a *nix system. You
> might want
> > >>>>to try this email thread which asks about backing up Linux conifgs.
> > >>>>"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> > >>>>
> > >>>>Or you could modify the existing f5login like so.
> > >>>>
> > >>>>I think you have to use the carrot before the () to work. I haven't
> > >>>>checked this as I am at home and not on a UNIX system right now.
> Sorry
> > >>>>to lazy to check it out right now. You might want to uncomment the
> > >>>>
> > >>line
> > >>
> > >>>>below 3. and comment out the line below 2. and see if that
> works. This
> > >>>>is the only point in the code that I see it look for login in any
> > >>>>
> > >>line.
> > >>
> > >>>>If that doesn't work send me back the debug and I will see what
> I can
> > >>>>do. I am sure some people that use expect more often then I can
> > >>>>
> > >>probably
> > >>
> > >>>>quickly tell you what to use as syntax there.
> > >>>>
> > >>>># Figure out prompts
> > >>>> set u_prompt [find userprompt $router
> > >>>>if { "$u_prompt" == "" } {
> > >>>> #1. ORIGINAL
> > >>>> #set u_prompt "^(Username|Login|login|user name):"
> > >>>> #2. Modified to read for a line beginning with
> > >>>>Username,Login,login, or
> > >>>>user name.
> > >>>> set u_prompt "^(Username|Login|login|user name):"
> > >>>> #3. Modified to read for a line beginning with Login or
> login.
> > >>>>but I
> > >>>>may be wrong
> > >>>> #set u_prompt "^(Username|^Login|^login|user name):"
> > >>>> } else {
> > >>>> set u_prompt [join [lindex $u_prompt 0] ""]
> > >>>>
> > >>>>
> > >>>>Let me know if this works for you.
> > >>>>
> > >>>>-Lance
> > >>>>
> > >>>>
> > >>>>>-------- Original Message --------
> > >>>>>Subject: Re: [rancid] F5 load balancer support
> > >>>>>From: Sam Munzani
> > >>>>>Date: Fri, July 13, 2007 2:30 pm
> > >>>>>To: Lance
> > >>>>>Cc: rancid-discuss at shrubbery.net
> > >>>>>
> > >>>>>Lance,
> > >>>>>
> > >>>>>F5 login works fine with a minor error.
> > >>>>>
> > >>>>>$ f5login test-f5-01
> > >>>>>test-f5-01
> > >>>>>spawn ssh -c 3des -x -l root test-f5-01
> > >>>>>Password:
> > >>>>>Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> > >>>>>root
> > >>>>>[root at test-f5-01:Active] config # root
> > >>>>>-bash: root: command not found
> > >>>>>[root at test-f5-01:Active] config #
> > >>>>>[root at test-f5-01:Active] config #
> > >>>>>[root at test-f5-01:Active] config #
> > >>>>>
> > >>>>>I don't know how to debug otherwise I would turn on debug too. If
> > >>>>>
> > >>you
> > >>
> > >>>>>can provide some hints on debug, I would appreciate it.
> > >>>>>
> > >>>>>Thanks,
> > >>>>>Sam
> > >>>>>
> > >>>>>>What error(s) do you get when you try to run your f5rancid?
> > >>>>>>
> > >>>>>>Where does it fail if you debug your f5login?
> > >>>>>>
> > >>>>>>
> > >>>>>>-lance
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>-------- Original Message --------
> > >>>>>>>Subject: [rancid] F5 load balancer support
> > >>>>>>>From: Sam Munzani
> > >>>>>>>Date: Fri, July 13, 2007 12:45 pm
> > >>>>>>>To: rancid-discuss at shrubbery.net
> > >>>>>>>
> > >>>>>>>Hi,
> > >>>>>>>
> > >>>>>>>Did anybody happened to hack one of Cisco scripts to support
> > >>>>>>>
> > >>>>BigIP F5
> > >>>>
> > >>>>>>>boxes? It should be pretty simple. All I want to do is login and
> > >>>>>>>
> > >>>>>type "b
> > >>>>>
> > >>>>>>>list" which is equivalent of "show run" on cisco.
> > >>>>>>>
> > >>>>>>>However for some reason things not working. All I did was copied
> > >>>>>>>
> > >>>>>clogin
> > >>>>>
> > >>>>>>>to f5login, copied rancid to f5rancid and added following to
> > >>>>>>>
> > >>>>>rancid-fe.
> > >>>>>
> > >>>>>>>elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
> > >>>>>>>
> > >>>>$router); }
> > >>>>
> > >>>>>>>Then modified f5 rancid file and kept only one command in
> list of
> > >>>>>>>commands "b list".
> > >>>>>>>
> > >>>>>>>For some reason its not working. I can post my configs here if
> > >>>>>>>
> > >>>>>somebody
> > >>>>>
> > >>>>>>>like to see them.
> > >>>>>>>
> > >>>>>>>Thanks,
> > >>>>>>>Sam
> > >>>>>>>_______________________________________________
> > >>>>>>>Rancid-discuss mailing list
> > >>>>>>>Rancid-discuss at shrubbery.net
> > >>>>>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >>>>>>>
> > >>>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>_______________________________________________
> > >>>>Rancid-discuss mailing list
> > >>>>Rancid-discuss at shrubbery.net
> > >>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >>>>
> > >>>>
> > >
> > >
> > >
> >
>
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From mashcraft at omniture.com Mon Jul 16 18:48:35 2007
From: mashcraft at omniture.com (Mike Ashcraft)
Date: Mon, 16 Jul 2007 12:48:35 -0600
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <469BA37D.4070107@munzani.com>
References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net> <469BA174.1050902@comcast.net>
<469BA37D.4070107@munzani.com>
Message-ID: <45EB285310B55542A513F93230F0A5330115D963@EXCHANGE0.orm.omniture.com>
Sam,
I have a working f5rancid that I have been using for a number of months
now. I have one minor bug related to tracking installed SSL certs
which you probably don't care about. Other than that, it works great.
I did encounter and solve all the problems you have been discussing on
the list.
Let me know if you are interested in trying what I have. I have tested
it with Big-IP 9.1.2.
Mike
________________________________
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: smunzani at comcast.net
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support
BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
David,
Thanks a lot for the tip. This worked well. Now f5login goes
much more
cleaner and the "root" doesn't set sent again. I still have
other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how
does it do
this miracle?
Thanks,
Sam
Thanks for this tip, turns out that this is also the
reason the
username gets entered at a prompt on the cisco IPS
devices. Since it's
using SSH and therefore doesn't need a username prompt,
solution was
to simply add in .cloginrc:
add userprompt ids* bldshgalsjd (<- something that
won't get sent
during login)
Regards,
David
On 14/07/07, Lance wrote:
Sam,
Have you tried using telnet to login, if the f5
has it enabled.
You may also want to set auto enable in your
.cloginrc for this device
as it looks to clogin as you are already in a
cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one
it looks like you are
already in a cisco equivalent of enable after
you login. f5login seems
to be sending your username of root as a command
after you get connected
because it sees this line "Last login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on the word
"Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast
login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script
so it expects prompts
from a Cisco device and in this case you have a
*nix SSH banner that
gets interrupted. I know you can use RANCID to
backup *nix systems. So
it knows how to understand connecting to a *nix
system. You might want
to try this email thread which asks about
backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
Or you could modify the existing f5login like
so.
I think you have to use the carrot before the ()
to work. I haven't
checked this as I am at home and not on a UNIX
system right now. Sorry
to lazy to check it out right now. You might
want to uncomment the line
below 3. and comment out the line below 2. and
see if that works. This
is the only point in the code that I see it look
for login in any line.
If that doesn't work send me back the debug and
I will see what I can
do. I am sure some people that use expect more
often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for a line beginning
with
Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user
name):"
#3. Modified to read for a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0]
""]
Let me know if this works for you.
-Lance
-------- Original Message --------
Subject: Re: [rancid] F5 load balancer
support
From: Sam Munzani
Date: Fri, July 13, 2007 2:30 pm
To: Lance
Cc: rancid-discuss at shrubbery.net
Lance,
F5 login works fine with a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Password:
Last login: Fri Jul 13 14:26:28 2007
from 172.24.100.12
root
[root at test-f5-01:Active] config # root
-bash: root: command not found
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #
I don't know how to debug otherwise I
would turn on debug too. If you
can provide some hints on debug, I would
appreciate it.
Thanks,
Sam
What error(s) do you get when you try to
run your f5rancid?
Where does it fail if you debug your
f5login?
-lance
-------- Original Message --------
Subject: [rancid] F5 load balancer
support
From: Sam Munzani
Date: Fri, July 13, 2007 12:45 pm
To: rancid-discuss at shrubbery.net
Hi,
Did anybody happened to hack one of
Cisco scripts to support
BigIP F5
boxes? It should be pretty simple. All I
want to do is login and
type "b
list" which is equivalent of "show run"
on cisco.
However for some reason things not
working. All I did was copied
clogin
to f5login, copied rancid to f5rancid
and added following to
rancid-fe.
elsif ($vendor =~ /^f5$/i)
{ exec('f5rancid',
$router); }
Then modified f5 rancid file and kept
only one command in list of
commands "b list".
For some reason its not working. I can
post my configs here if
somebody
like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/788b0a25/attachment.html
From mashcraft at omniture.com Mon Jul 16 17:21:51 2007
From: mashcraft at omniture.com (Mike Ashcraft)
Date: Mon, 16 Jul 2007 11:21:51 -0600
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <469BA174.1050902@comcast.net>
References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net>
<469BA174.1050902@comcast.net>
Message-ID: <45EB285310B55542A513F93230F0A5330115D926@EXCHANGE0.orm.omniture.com>
Sam,
I've been working on a f5rancid script for some time now. One of my
targets was to work with the standard cisco login script [clogin].
The .clogninrc configuration I use with the clogin script for F5 Big-IP
is as follows:
add user hostname username
add userprompt hostname sshONLYnoPrompt #Any string without a match
works
add autoenable hostname 1
add method hostname ssh add password hostname password
Hope this helps,
Mike
-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:49 AM
To: David Croft
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support
David,
Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?
Thanks,
Sam
> Thanks for this tip, turns out that this is also the reason the
> username gets entered at a prompt on the cisco IPS devices. Since it's
> using SSH and therefore doesn't need a username prompt, solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<- something that won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance wrote:
>> Sam,
>>
>> Have you tried using telnet to login, if the f5 has it enabled.
>> You may also want to set auto enable in your .cloginrc for this
>> device as it looks to clogin as you are already in a cisco equivalent
>> equal to enable since your prompt has a # sign in it.
>>
>> Looking at your next email along with this one it looks like you are
>> already in a cisco equivalent of enable after you login. f5login
>> seems to be sending your username of root as a command after you get
>> connected because it sees this line "Last login: Fri Jul 13 14:38:03
>> 2007 from 172.24.100.12" and it matches on the word "Login". See
below.
>>
>> "(Username|Login|login|user name):"? yes
>>
>> expect: set expect_out(0,string) "login:"
>>
>> expect: set expect_out(1,string) "login"
>>
>> expect: set expect_out(spawn_id) "exp4"
>>
>> expect: set expect_out(buffer) " \r\nLast login:"
>>
>> send: sending "root\r" to { exp4 }
>>
>> expect: continuing expect
>>
>> You are just using a Cisco login/parsing script so it expects prompts
>> from a Cisco device and in this case you have a *nix SSH banner that
>> gets interrupted. I know you can use RANCID to backup *nix systems.
>> So it knows how to understand connecting to a *nix system. You might
>> want to try this email thread which asks about backing up Linux
conifgs.
>>
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
>>
>> Or you could modify the existing f5login like so.
>>
>> I think you have to use the carrot before the () to work. I haven't
>> checked this as I am at home and not on a UNIX system right now.
>> Sorry to lazy to check it out right now. You might want to uncomment
>> the line below 3. and comment out the line below 2. and see if that
>> works. This is the only point in the code that I see it look for
login in any line.
>> If that doesn't work send me back the debug and I will see what I can
>> do. I am sure some people that use expect more often then I can
>> probably quickly tell you what to use as syntax there.
>>
>> # Figure out prompts
>> set u_prompt [find userprompt $router if { "$u_prompt" == "" } {
>> #1. ORIGINAL
>> #set u_prompt "^(Username|Login|login|user name):"
>> #2. Modified to read for a line beginning with
>> Username,Login,login, or user name.
>> set u_prompt "^(Username|Login|login|user name):"
>> #3. Modified to read for a line beginning with Login or login.
>> but I
>> may be wrong
>> #set u_prompt "^(Username|^Login|^login|user name):"
>> } else {
>> set u_prompt [join [lindex $u_prompt 0] ""]
>>
>>
>> Let me know if this works for you.
>>
>> -Lance
>>
>> > -------- Original Message --------
>> > Subject: Re: [rancid] F5 load balancer support
>> > From: Sam Munzani
>> > Date: Fri, July 13, 2007 2:30 pm
>> > To: Lance
>> > Cc: rancid-discuss at shrubbery.net
>> >
>> > Lance,
>> >
>> > F5 login works fine with a minor error.
>> >
>> > $ f5login test-f5-01
>> > test-f5-01
>> > spawn ssh -c 3des -x -l root test-f5-01
>> > Password:
>> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root
>> > [root at test-f5-01:Active] config # root
>> > -bash: root: command not found
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> >
>> > I don't know how to debug otherwise I would turn on debug too. If
>> > you can provide some hints on debug, I would appreciate it.
>> >
>> > Thanks,
>> > Sam
>> > > What error(s) do you get when you try to run your f5rancid?
>> > >
>> > > Where does it fail if you debug your f5login?
>> > >
>> > >
>> > > -lance
>> > >
>> > >
>> > >> -------- Original Message --------
>> > >> Subject: [rancid] F5 load balancer support
>> > >> From: Sam Munzani
>> > >> Date: Fri, July 13, 2007 12:45 pm
>> > >> To: rancid-discuss at shrubbery.net
>> > >>
>> > >> Hi,
>> > >>
>> > >> Did anybody happened to hack one of Cisco scripts to support
>> BigIP F5
>> > >> boxes? It should be pretty simple. All I want to do is login and
>> > type "b
>> > >> list" which is equivalent of "show run" on cisco.
>> > >>
>> > >> However for some reason things not working. All I did was copied
>> > clogin
>> > >> to f5login, copied rancid to f5rancid and added following to
>> > rancid-fe.
>> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>> $router); }
>> > >>
>> > >> Then modified f5 rancid file and kept only one command in list
>> > >> of commands "b list".
>> > >>
>> > >> For some reason its not working. I can post my configs here if
>> > somebody
>> > >> like to see them.
>> > >>
>> > >> Thanks,
>> > >> Sam
>> > >> _______________________________________________
>> > >> Rancid-discuss mailing list
>> > >> Rancid-discuss at shrubbery.net
>> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>> > >>
>> > >
>> > >
>> > >
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From mashcraft at omniture.com Mon Jul 16 15:39:59 2007
From: mashcraft at omniture.com (Mike Ashcraft)
Date: Mon, 16 Jul 2007 09:39:59 -0600
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net>
References: <20070714121123.8e114e4890519e5179c192e02d6bca26.299cb68cc6.wbe@email.secureserver.net>
Message-ID: <45EB285310B55542A513F93230F0A5330115D89E@EXCHANGE0.orm.omniture.com>
Sam,
I've been working on a f5rancid script for some time now. One of my
targets was to work with the standard cisco login script [clogin].
The .clogninrc configuration I use with the clogin script for F5 Big-IP
is as follows:
add user hostname username
add userprompt hostname sshONLYnoPrompt #Any string without a match
works
add autoenable hostname 1
add method hostname ssh
add password hostname password
Hope this helps,
Mike
-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance
Sent: Saturday, July 14, 2007 1:11 PM
To: smunzani at comcast.net
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support
Sam,
Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with
Username,Login,login, or user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login.
but I may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance
> -------- Original Message --------
> Subject: Re: [rancid] F5 load balancer support
> From: Sam Munzani
> Date: Fri, July 13, 2007 2:30 pm
> To: Lance
> Cc: rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l root test-f5-01
> Password:
> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root
> [root at test-f5-01:Active] config # root
> -bash: root: command not found
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
>
> I don't know how to debug otherwise I would turn on debug too. If you
> can provide some hints on debug, I would appreciate it.
>
> Thanks,
> Sam
> > What error(s) do you get when you try to run your f5rancid?
> >
> > Where does it fail if you debug your f5login?
> >
> >
> > -lance
> >
> >
> >> -------- Original Message --------
> >> Subject: [rancid] F5 load balancer support
> >> From: Sam Munzani
> >> Date: Fri, July 13, 2007 12:45 pm
> >> To: rancid-discuss at shrubbery.net
> >>
> >> Hi,
> >>
> >> Did anybody happened to hack one of Cisco scripts to support BigIP
> >> F5 boxes? It should be pretty simple. All I want to do is login and
> type "b
> >> list" which is equivalent of "show run" on cisco.
> >>
> >> However for some reason things not working. All I did was copied
> clogin
> >> to f5login, copied rancid to f5rancid and added following to
> rancid-fe.
> >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
$router); }
> >>
> >> Then modified f5 rancid file and kept only one command in list of
> >> commands "b list".
> >>
> >> For some reason its not working. I can post my configs here if
> somebody
> >> like to see them.
> >>
> >> Thanks,
> >> Sam
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>
> >
> >
> >
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From rancid at gheek.net Tue Jul 17 00:32:01 2007
From: rancid at gheek.net (Lance)
Date: Mon, 16 Jul 2007 17:32:01 -0700
Subject: [rancid] Re: F5 load balancer support
Message-ID: <20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net>
I have helped Sam get a working f5rancid which requires a f5login (only
because it doesn't recognize the prompt with a space and exit, unless
you enter a return before the exit). He is cleaning up all the unused
functions and will post it.
Once John H. sends out his script I will look at it and see how it
differs from the one I did with Sam. I will even help Sam get it working
for his setup. We will let you know when it is all working.
-lance
> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft"
> Date: Mon, July 16, 2007 11:48 am
> To:
> Cc: rancid-discuss at shrubbery.net
>
> Sam,
>
> I have a working f5rancid that I have been using for a number of months
> now. I have one minor bug related to tracking installed SSL certs
> which you probably don't care about. Other than that, it works great.
>
> I did encounter and solve all the problems you have been discussing on
> the list.
>
> Let me know if you are interested in trying what I have. I have tested
> it with Big-IP 9.1.2.
>
> Mike
>
> ________________________________
>
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
> Sent: Monday, July 16, 2007 10:58 AM
> To: smunzani at comcast.net
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: F5 load balancer support
>
>
> BTW, this is what I see in the log when I do rancid-run now. That means
> the f5rancid file(hacked copy of rancid) is still missing something.
>
> more nfl.20070716.114842
> starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 11:49:41 CDT 2007
>
> Thanks,
> Sam
>
>
> David,
>
> Thanks a lot for the tip. This worked well. Now f5login goes
> much more
> cleaner and the "root" doesn't set sent again. I still have
> other issues
> where rancid-run is backing up config properly but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd" mean and how
> does it do
> this miracle?
>
> Thanks,
> Sam
>
>
> Thanks for this tip, turns out that this is also the
> reason the
> username gets entered at a prompt on the cisco IPS
> devices. Since it's
> using SSH and therefore doesn't need a username prompt,
> solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<- something that
> won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance
> wrote:
>
>
> Sam,
>
> Have you tried using telnet to login, if the f5
> has it enabled.
> You may also want to set auto enable in your
> .cloginrc for this device
> as it looks to clogin as you are already in a
> cisco equivalent equal to
> enable since your prompt has a # sign in it.
>
> Looking at your next email along with this one
> it looks like you are
> already in a cisco equivalent of enable after
> you login. f5login seems
> to be sending your username of root as a command
> after you get connected
> because it sees this line "Last login: Fri Jul
> 13 14:38:03 2007 from
> 172.24.100.12" and it matches on the word
> "Login". See below.
>
> "(Username|Login|login|user name):"? yes
>
> expect: set expect_out(0,string) "login:"
>
> expect: set expect_out(1,string) "login"
>
> expect: set expect_out(spawn_id) "exp4"
>
> expect: set expect_out(buffer) " \r\nLast
> login:"
>
> send: sending "root\r" to { exp4 }
>
> expect: continuing expect
>
> You are just using a Cisco login/parsing script
> so it expects prompts
> from a Cisco device and in this case you have a
> *nix SSH banner that
> gets interrupted. I know you can use RANCID to
> backup *nix systems. So
> it knows how to understand connecting to a *nix
> system. You might want
> to try this email thread which asks about
> backing up Linux conifgs.
>
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml"
> ml>
>
> Or you could modify the existing f5login like
> so.
>
> I think you have to use the carrot before the ()
> to work. I haven't
> checked this as I am at home and not on a UNIX
> system right now. Sorry
> to lazy to check it out right now. You might
> want to uncomment the line
> below 3. and comment out the line below 2. and
> see if that works. This
> is the only point in the code that I see it look
> for login in any line.
> If that doesn't work send me back the debug and
> I will see what I can
> do. I am sure some people that use expect more
> often then I can probably
> quickly tell you what to use as syntax there.
>
> # Figure out prompts
> set u_prompt [find userprompt $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt
> "^(Username|Login|login|user name):"
> #2. Modified to read for a line beginning
> with
> Username,Login,login, or
> user name.
> set u_prompt "^(Username|Login|login|user
> name):"
> #3. Modified to read for a line beginning
> with Login or login.
> but I
> may be wrong
> #set u_prompt
> "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join [lindex $u_prompt 0]
> ""]
>
>
> Let me know if this works for you.
>
> -Lance
>
>
>
> -------- Original Message --------
> Subject: Re: [rancid] F5 load balancer
> support
> From: Sam Munzani
>
> Date: Fri, July 13, 2007 2:30 pm
> To: Lance
>
> Cc: rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l root test-f5-01
> Password:
> Last login: Fri Jul 13 14:26:28 2007
> from 172.24.100.12
> root
> [root at test-f5-01:Active] config # root
> -bash: root: command not found
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
>
> I don't know how to debug otherwise I
> would turn on debug too. If you
> can provide some hints on debug, I would
> appreciate it.
>
> Thanks,
> Sam
>
>
> What error(s) do you get when you try to
> run your f5rancid?
>
> Where does it fail if you debug your
> f5login?
>
>
> -lance
>
>
>
>
> -------- Original Message --------
> Subject: [rancid] F5 load balancer
> support
> From: Sam Munzani
>
> Date: Fri, July 13, 2007 12:45 pm
> To: rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to hack one of
> Cisco scripts to support
>
>
> BigIP F5
>
>
> boxes? It should be pretty simple. All I
> want to do is login and
>
>
> type "b
>
>
> list" which is equivalent of "show run"
> on cisco.
>
> However for some reason things not
> working. All I did was copied
>
>
> clogin
>
>
> to f5login, copied rancid to f5rancid
> and added following to
>
>
> rancid-fe.
>
>
> elsif ($vendor =~ /^f5$/i)
> { exec('f5rancid',
>
>
> $router); }
>
>
> Then modified f5 rancid file and kept
> only one command in list of
> commands "b list".
>
> For some reason its not working. I can
> post my configs here if
>
>
> somebody
>
>
> like to see them.
>
> Thanks,
> Sam
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss_______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From Joe.Marr at brodart.com Tue Jul 17 03:15:50 2007
From: Joe.Marr at brodart.com (Marr, Joe)
Date: Mon, 16 Jul 2007 23:15:50 -0400
Subject: [rancid] issue with email diffs
Message-ID: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal>
I seem to have a problem with the config diffs I receive from rancid:
Index: configs/XXXX-cor01.XXXX.com
===================================================================
retrieving revision 1.38
diff -U-4 -r1.38 XXXX-cor01.XXXX.com
Index: configs/XXXX-cor05.XXXX.com
===================================================================
retrieving revision 1.29
diff -U-4 -r1.29 XXXX-cor05.XXXX.com
when I receive an email with a diff, I only see the above text in the
email. I do not receive the actual differences.
Why would this happen?
Joe Marr
CONFIDENTIALITY NOTICE: This email, including attachments, is for the
sole use of the individual to whom it is addressed, and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you have received this
email in error, please notify the sender by reply email and destroy this
message and its attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/d949b2e5/attachment.html
From tex at off.org Tue Jul 17 07:59:19 2007
From: tex at off.org (Austin Schutz)
Date: Tue, 17 Jul 2007 00:59:19 -0700
Subject: [rancid] Re: issue with email diffs
In-Reply-To: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal>
References: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal>
Message-ID: <20070717075919.GH20223@gblx.net>
On Mon, Jul 16, 2007 at 11:15:50PM -0400, Marr, Joe wrote:
> I seem to have a problem with the config diffs I receive from rancid:
>
>
>
> Index: configs/XXXX-cor01.XXXX.com
> ===================================================================
>
> retrieving revision 1.38
>
> diff -U-4 -r1.38 XXXX-cor01.XXXX.com
>
> Index: configs/XXXX-cor05.XXXX.com
> ===================================================================
>
> retrieving revision 1.29
>
> diff -U-4 -r1.29 XXXX-cor05.XXXX.com
>
>
>
> when I receive an email with a diff, I only see the above text in the
> email. I do not receive the actual differences.
>
>
>
> Why would this happen?
>
In control_rancid it looks like changes where only whitespace changes
get cut from the diff output. There's probably a newline added or subtracted,
or something of that nature.
Austin
From matjaz.straus at arnes.si Tue Jul 17 08:56:21 2007
From: matjaz.straus at arnes.si (Matjaz Straus)
Date: Tue, 17 Jul 2007 10:56:21 +0200
Subject: [rancid] clogin that reads passwords from stdin
Message-ID: <20070717085621.C510EABE16@rzenik.arnes.si>
Hi, all!
We've disliked the idea that router passwords are stored on disk while clogin
is being executed. Therefore, we wrote a small patch that allows clogin to
read passwords from STDIN (with a "-f -" option). You might find this patch
interesting.
Example of usage:
some_prog_that_writes_cloginrc 2>/dev/null |clogin -f - -c "sh ver" device_name
Regards,
Matjaz
P.S.
Another minor thing -- I've found "term width 0" in clogin very useful.
--
Matjaz Straus, ARNES matjaz.straus at arnes.si MS6745-RIPE
Jamova 39, p.p.7, SI-1001 Ljubljana, Slovenija
tel:+386 1 479-88-00 fax:+386 1 479-88-99
http://www.arnes.si/
PGP public key at: http://www.arnes.si/~matjaz/
keyID 7AB260CD 1998-11-04
key fingerprint = 32 23 95 63 FE D3 FF C9 7B 88 21 A6 0C A9 3B 5E
------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: clogin.patch
Type: application/x-patch
Size: 2154 bytes
Desc: clogin.patch
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/0a7c92f0/attachment.bin
From Joe.Marr at brodart.com Tue Jul 17 13:26:40 2007
From: Joe.Marr at brodart.com (Marr, Joe)
Date: Tue, 17 Jul 2007 09:26:40 -0400
Subject: [rancid] Re: issue with email diffs
In-Reply-To: <20070717075919.GH20223@gblx.net>
References: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal>
<20070717075919.GH20223@gblx.net>
Message-ID: <6035911CB587A2418E439316750F70670AADE890@mailserver.nexus.brodart.internal>
I checked that, I have about 75 devices several of them with ACLs that
are updated weekly. The changes never show up.
This is only recent. I originally thought it was a setting, however I
have not found it. We migrated the system from one box to another and
the problem showed up shortly after. The configs and changes appear to
be commited to CVS.
Joe Marr
CONFIDENTIALITY NOTICE: This email, including attachments, is for the
sole use of the individual to whom it is addressed, and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you have received this
email in error, please notify the sender by reply email and destroy this
message and its attachments.
-----Original Message-----
From: Austin Schutz [mailto:tex at off.org]
Sent: Tuesday, July 17, 2007 3:59 AM
To: Marr, Joe
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] issue with email diffs
On Mon, Jul 16, 2007 at 11:15:50PM -0400, Marr, Joe wrote:
> I seem to have a problem with the config diffs I receive from rancid:
>
>
>
> Index: configs/XXXX-cor01.XXXX.com
> ===================================================================
>
> retrieving revision 1.38
>
> diff -U-4 -r1.38 XXXX-cor01.XXXX.com
>
> Index: configs/XXXX-cor05.XXXX.com
> ===================================================================
>
> retrieving revision 1.29
>
> diff -U-4 -r1.29 XXXX-cor05.XXXX.com
>
>
>
> when I receive an email with a diff, I only see the above text in the
> email. I do not receive the actual differences.
>
>
>
> Why would this happen?
>
In control_rancid it looks like changes where only whitespace
changes
get cut from the diff output. There's probably a newline added or
subtracted,
or something of that nature.
Austin
From heas at shrubbery.net Tue Jul 17 16:29:50 2007
From: heas at shrubbery.net (john heasley)
Date: Tue, 17 Jul 2007 16:29:50 +0000
Subject: [rancid] Re: issue with email diffs
In-Reply-To: <6035911CB587A2418E439316750F70670AADE890@mailserver.nexus.brodart.internal>
References: <6035911CB587A2418E439316750F70670AADE330@mailserver.nexus.brodart.internal>
<20070717075919.GH20223@gblx.net>
<6035911CB587A2418E439316750F70670AADE890@mailserver.nexus.brodart.internal>
Message-ID: <20070717162950.GK28116@shrubbery.net>
Tue, Jul 17, 2007 at 09:26:40AM -0400, Marr, Joe:
> I checked that, I have about 75 devices several of them with ACLs that
> are updated weekly. The changes never show up.
>
> This is only recent. I originally thought it was a setting, however I
> have not found it. We migrated the system from one box to another and
> the problem showed up shortly after. The configs and changes appear to
> be commited to CVS.
my guess is that my autoconf tests lost; does your diff really like
'diff -U-4'? try it out; cvs diff -U-4 -r1.37 -r1.38 XXXX-cor01.XXXX.com
> > I seem to have a problem with the config diffs I receive from rancid:
> >
> >
> >
> > Index: configs/XXXX-cor01.XXXX.com
> > ===================================================================
> >
> > retrieving revision 1.38
> >
> > diff -U-4 -r1.38 XXXX-cor01.XXXX.com
> >
> > Index: configs/XXXX-cor05.XXXX.com
> > ===================================================================
> >
> > retrieving revision 1.29
> >
> > diff -U-4 -r1.29 XXXX-cor05.XXXX.com
> >
> >
> >
> > when I receive an email with a diff, I only see the above text in the
> > email. I do not receive the actual differences.
> >
> >
> >
> > Why would this happen?
> >
>
> In control_rancid it looks like changes where only whitespace
> changes
> get cut from the diff output. There's probably a newline added or
> subtracted,
> or something of that nature.
>
> Austin
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From mashcraft at omniture.com Tue Jul 17 17:49:18 2007
From: mashcraft at omniture.com (Mike Ashcraft)
Date: Tue, 17 Jul 2007 11:49:18 -0600
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <469C200F.4020909@munzani.com>
References: <20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net>
<469C200F.4020909@munzani.com>
Message-ID: <45EB285310B55542A513F93230F0A5330115DB4F@EXCHANGE0.orm.omniture.com>
I have been on vacation for the last couple of weeks or I would have
posted this sooner and possibly saved some of you a bit of effort.
It sounds like Lance and Sam have put together a working f5rancid with
basic functionality which Sam posted last night. I have attached my
f5rancid which I have been running for a few months. Installation
instructions are included as comments in the file. This version uses
clogin so that a separate f5login script is not required.
This version formats and processes the output to make it more usable.
As far as what is captured, I based this on the F5 equivalent of a tech
out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device. This facilitates rebuilding
from scratch as quickly as possible if this is ever needed.
I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout. On a small number of devices it failed to process the
last few commands when running from cron but always worked properly from
the command line on all devices [making it difficult to track down]. I
mention this because it may be an appropriate fix for other intermittent
problems sometimes discussed on this list.
Any feedback is appreciated. I hope to get f5 support added to future
releases of rancid.
Thanks,
Mike
________________________________
From: Sam Munzani [mailto:sam at munzani.com]
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Re: F5 load balancer support
Lance,
Thanks a lot for all your help. Pretty much you did all the work while I
watched what you are doing :-)..
Attached are cleaned up files. In f5rancid file, I have left some basic
functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a new
device type "f5", f5login was copied from clogin and remarked some "term
length" statements we don't need on F5.
All 3 files are attached and working great. Please be aware, we are not
parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I will
be sure to share with the audience here.
Again, thanks a lot for all your help today.
Regards,
Sam
I have helped Sam get a working f5rancid which requires a
f5login (only
because it doesn't recognize the prompt with a space and exit,
unless
you enter a return before the exit). He is cleaning up all the
unused
functions and will post it.
Once John H. sends out his script I will look at it and see how
it
differs from the one I did with Sam. I will even help Sam get it
working
for his setup. We will let you know when it is all working.
-lance
-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
From: "Mike Ashcraft"
Date: Mon, July 16, 2007 11:48 am
To:
Cc: rancid-discuss at shrubbery.net
Sam,
I have a working f5rancid that I have been using for a
number of months
now. I have one minor bug related to tracking
installed SSL certs
which you probably don't care about. Other than that,
it works great.
I did encounter and solve all the problems you have been
discussing on
the list.
Let me know if you are interested in trying what I have.
I have tested
it with Big-IP 9.1.2.
Mike
________________________________
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: smunzani at comcast.net
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support
BTW, this is what I see in the log when I do rancid-run
now. That means
the f5rancid file(hacked copy of rancid) is still
missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for
`configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
David,
Thanks a lot for the tip. This worked well. Now
f5login goes
much more
cleaner and the "root" doesn't set sent again. I
still have
other issues
where rancid-run is backing up config properly
but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd"
mean and how
does it do
this miracle?
Thanks,
Sam
Thanks for this tip, turns out that this
is also the
reason the
username gets entered at a prompt on the
cisco IPS
devices. Since it's
using SSH and therefore doesn't need a
username prompt,
solution was
to simply add in .cloginrc:
add userprompt ids* bldshgalsjd (<-
something that
won't get sent
during login)
Regards,
David
On 14/07/07, Lance
wrote:
Sam,
Have you tried using telnet to
login, if the f5
has it enabled.
You may also want to set auto
enable in your
.cloginrc for this device
as it looks to clogin as you are
already in a
cisco equivalent equal to
enable since your prompt has a #
sign in it.
Looking at your next email along
with this one
it looks like you are
already in a cisco equivalent of
enable after
you login. f5login seems
to be sending your username of
root as a command
after you get connected
because it sees this line "Last
login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on
the word
"Login". See below.
"(Username|Login|login|user
name):"? yes
expect: set expect_out(0,string)
"login:"
expect: set expect_out(1,string)
"login"
expect: set expect_out(spawn_id)
"exp4"
expect: set expect_out(buffer) "
\r\nLast
login:"
send: sending "root\r" to { exp4
}
expect: continuing expect
You are just using a Cisco
login/parsing script
so it expects prompts
from a Cisco device and in this
case you have a
*nix SSH banner that
gets interrupted. I know you can
use RANCID to
backup *nix systems. So
it knows how to understand
connecting to a *nix
system. You might want
to try this email thread which
asks about
backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
Or you could modify the existing
f5login like
so.
I think you have to use the
carrot before the ()
to work. I haven't
checked this as I am at home and
not on a UNIX
system right now. Sorry
to lazy to check it out right
now. You might
want to uncomment the line
below 3. and comment out the
line below 2. and
see if that works. This
is the only point in the code
that I see it look
for login in any line.
If that doesn't work send me
back the debug and
I will see what I can
do. I am sure some people that
use expect more
often then I can probably
quickly tell you what to use as
syntax there.
# Figure out prompts
set u_prompt [find userprompt
$router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for
a line beginning
with
Username,Login,login, or
user name.
set u_prompt
"^(Username|Login|login|user
name):"
#3. Modified to read for
a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join
[lindex $u_prompt 0]
""]
Let me know if this works for
you.
-Lance
-------- Original
Message --------
Subject: Re: [rancid]
F5 load balancer
support
From: Sam Munzani
Date: Fri, July 13, 2007
2:30 pm
To: Lance
Cc:
rancid-discuss at shrubbery.net
Lance,
F5 login works fine with
a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l
root test-f5-01
Password:
Last login: Fri Jul 13
14:26:28 2007
from 172.24.100.12
root
[root at test-f5-01:Active]
config # root
-bash: root: command not
found
[root at test-f5-01:Active]
config #
[root at test-f5-01:Active]
config #
[root at test-f5-01:Active]
config #
I don't know how to
debug otherwise I
would turn on debug too. If you
can provide some hints
on debug, I would
appreciate it.
Thanks,
Sam
What error(s) do you get
when you try to
run your f5rancid?
Where does it fail if
you debug your
f5login?
-lance
-------- Original
Message --------
Subject: [rancid] F5
load balancer
support
From: Sam Munzani
Date: Fri, July 13, 2007
12:45 pm
To:
rancid-discuss at shrubbery.net
Hi,
Did anybody happened to
hack one of
Cisco scripts to support
BigIP F5
boxes? It should be
pretty simple. All I
want to do is login and
type "b
list" which is
equivalent of "show run"
on cisco.
However for some reason
things not
working. All I did was copied
clogin
to f5login, copied
rancid to f5rancid
and added following to
rancid-fe.
elsif ($vendor =~
/^f5$/i)
{ exec('f5rancid',
$router); }
Then modified f5 rancid
file and kept
only one command in list of
commands "b list".
For some reason its not
working. I can
post my configs here if
somebody
like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing
list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss________
_______________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/dfa722e0/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: f5rancid
Type: application/octet-stream
Size: 8752 bytes
Desc: f5rancid
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/dfa722e0/attachment.obj
From rancid at gheek.net Tue Jul 17 18:00:25 2007
From: rancid at gheek.net (Lance)
Date: Tue, 17 Jul 2007 11:00:25 -0700
Subject: [rancid] Re: F5 load balancer support
Message-ID: <20070717110025.8e114e4890519e5179c192e02d6bca26.2c7708e391.wbe@email.secureserver.net>
Mike,
Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".
-Lance
> -------- Original Message --------
> Subject: RE: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft"
> Date: Tue, July 17, 2007 10:49 am
> To: , "Lance"
> Cc:
>
> I have been on vacation for the last couple of weeks or I would have
> posted this sooner and possibly saved some of you a bit of effort.
>
> It sounds like Lance and Sam have put together a working f5rancid with
> basic functionality which Sam posted last night. I have attached my
> f5rancid which I have been running for a few months. Installation
> instructions are included as comments in the file. This version uses
> clogin so that a separate f5login script is not required.
>
> This version formats and processes the output to make it more usable.
> As far as what is captured, I based this on the F5 equivalent of a tech
> out. It grabs a copy of all the configuration files, hardware
> configuration and software version as well as the timestamps and file
> sizes for SSL certs hosted on the device. This facilitates rebuilding
> from scratch as quickly as possible if this is ever needed.
>
> I was able to resolve the bug I mentioned yesterday by increasing the
> clogin timeout. On a small number of devices it failed to process the
> last few commands when running from cron but always worked properly from
> the command line on all devices [making it difficult to track down]. I
> mention this because it may be an appropriate fix for other intermittent
> problems sometimes discussed on this list.
>
> Any feedback is appreciated. I hope to get f5 support added to future
> releases of rancid.
>
> Thanks,
>
> Mike
>
>
>
> ________________________________
>
> From: Sam Munzani [mailto:sam at munzani.com]
> Sent: Monday, July 16, 2007 7:49 PM
> To: Lance
> Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: F5 load balancer support
>
>
> Lance,
>
> Thanks a lot for all your help. Pretty much you did all the work while I
> watched what you are doing :-)..
>
> Attached are cleaned up files. In f5rancid file, I have left some basic
> functions(non platform specific) just in case we expand this script to
> do a lot more than just "b list" output. In rancid-fe, we defined a new
> device type "f5", f5login was copied from clogin and remarked some "term
> length" statements we don't need on F5.
>
> All 3 files are attached and working great. Please be aware, we are not
> parsing anything at all. All its doing is basic function of running "b
> list" command and capturing its output. As I expand more on this, I will
> be sure to share with the audience here.
>
> Again, thanks a lot for all your help today.
>
> Regards,
> Sam
>
>
> I have helped Sam get a working f5rancid which requires a
> f5login (only
> because it doesn't recognize the prompt with a space and exit,
> unless
> you enter a return before the exit). He is cleaning up all the
> unused
> functions and will post it.
>
> Once John H. sends out his script I will look at it and see how
> it
> differs from the one I did with Sam. I will even help Sam get it
> working
> for his setup. We will let you know when it is all working.
>
> -lance
>
>
>
> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft"
>
> Date: Mon, July 16, 2007 11:48 am
> To:
> Cc: rancid-discuss at shrubbery.net
>
> Sam,
>
> I have a working f5rancid that I have been using for a
> number of months
> now. I have one minor bug related to tracking
> installed SSL certs
> which you probably don't care about. Other than that,
> it works great.
>
> I did encounter and solve all the problems you have been
> discussing on
> the list.
>
> Let me know if you are interested in trying what I have.
> I have tested
> it with Big-IP 9.1.2.
>
> Mike
>
> ________________________________
>
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
> Of Sam Munzani
> Sent: Monday, July 16, 2007 10:58 AM
> To: smunzani at comcast.net
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: F5 load balancer support
>
>
> BTW, this is what I see in the log when I do rancid-run
> now. That means
> the f5rancid file(hacked copy of rancid) is still
> missing something.
>
> more nfl.20070716.114842
> starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
> 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for
> `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 11:49:41 CDT 2007
>
> Thanks,
> Sam
>
>
> David,
>
> Thanks a lot for the tip. This worked well. Now
> f5login goes
> much more
> cleaner and the "root" doesn't set sent again. I
> still have
> other issues
> where rancid-run is backing up config properly
> but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd"
> mean and how
> does it do
> this miracle?
>
> Thanks,
> Sam
>
>
> Thanks for this tip, turns out that this
> is also the
> reason the
> username gets entered at a prompt on the
> cisco IPS
> devices. Since it's
> using SSH and therefore doesn't need a
> username prompt,
> solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<-
> something that
> won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance
>
>
> wrote:
>
>
> Sam,
>
> Have you tried using telnet to
> login, if the f5
> has it enabled.
> You may also want to set auto
> enable in your
> .cloginrc for this device
> as it looks to clogin as you are
> already in a
> cisco equivalent equal to
> enable since your prompt has a #
> sign in it.
>
> Looking at your next email along
> with this one
> it looks like you are
> already in a cisco equivalent of
> enable after
> you login. f5login seems
> to be sending your username of
> root as a command
> after you get connected
> because it sees this line "Last
> login: Fri Jul
> 13 14:38:03 2007 from
> 172.24.100.12" and it matches on
> the word
> "Login". See below.
>
> "(Username|Login|login|user
> name):"? yes
>
> expect: set expect_out(0,string)
> "login:"
>
> expect: set expect_out(1,string)
> "login"
>
> expect: set expect_out(spawn_id)
> "exp4"
>
> expect: set expect_out(buffer) "
> \r\nLast
> login:"
>
> send: sending "root\r" to { exp4
> }
>
> expect: continuing expect
>
> You are just using a Cisco
> login/parsing script
> so it expects prompts
> from a Cisco device and in this
> case you have a
> *nix SSH banner that
> gets interrupted. I know you can
> use RANCID to
> backup *nix systems. So
> it knows how to understand
> connecting to a *nix
> system. You might want
> to try this email thread which
> asks about
> backing up Linux conifgs.
>
>
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml"
> ml>
>
> ml>
> ml>
>
> Or you could modify the existing
> f5login like
> so.
>
> I think you have to use the
> carrot before the ()
> to work. I haven't
> checked this as I am at home and
> not on a UNIX
> system right now. Sorry
> to lazy to check it out right
> now. You might
> want to uncomment the line
> below 3. and comment out the
> line below 2. and
> see if that works. This
> is the only point in the code
> that I see it look
> for login in any line.
> If that doesn't work send me
> back the debug and
> I will see what I can
> do. I am sure some people that
> use expect more
> often then I can probably
> quickly tell you what to use as
> syntax there.
>
> # Figure out prompts
> set u_prompt [find userprompt
> $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt
> "^(Username|Login|login|user name):"
> #2. Modified to read for
> a line beginning
> with
> Username,Login,login, or
> user name.
> set u_prompt
> "^(Username|Login|login|user
> name):"
> #3. Modified to read for
> a line beginning
> with Login or login.
> but I
> may be wrong
> #set u_prompt
> "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join
> [lindex $u_prompt 0]
> ""]
>
>
> Let me know if this works for
> you.
>
> -Lance
>
>
>
> -------- Original
> Message --------
> Subject: Re: [rancid]
> F5 load balancer
> support
> From: Sam Munzani
>
>
>
> Date: Fri, July 13, 2007
> 2:30 pm
> To: Lance
>
>
> Cc:
> rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with
> a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l
> root test-f5-01
> Password:
> Last login: Fri Jul 13
> 14:26:28 2007
> from 172.24.100.12
> root
> [root at test-f5-01:Active]
> config # root
> -bash: root: command not
> found
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
>
> I don't know how to
> debug otherwise I
> would turn on debug too. If you
> can provide some hints
> on debug, I would
> appreciate it.
>
> Thanks,
> Sam
>
>
> What error(s) do you get
> when you try to
> run your f5rancid?
>
> Where does it fail if
> you debug your
> f5login?
>
>
> -lance
>
>
>
>
> -------- Original
> Message --------
> Subject: [rancid] F5
> load balancer
> support
> From: Sam Munzani
>
>
>
> Date: Fri, July 13, 2007
> 12:45 pm
> To:
> rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to
> hack one of
> Cisco scripts to support
>
>
> BigIP F5
>
>
> boxes? It should be
> pretty simple. All I
> want to do is login and
>
>
> type "b
>
>
> list" which is
> equivalent of "show run"
> on cisco.
>
> However for some reason
> things not
> working. All I did was copied
>
>
> clogin
>
>
> to f5login, copied
> rancid to f5rancid
> and added following to
>
>
> rancid-fe.
>
>
> elsif ($vendor =~
> /^f5$/i)
> { exec('f5rancid',
>
>
> $router); }
>
>
> Then modified f5 rancid
> file and kept
> only one command in list of
> commands "b list".
>
> For some reason its not
> working. I can
> post my configs here if
>
>
> somebody
>
>
> like to see them.
>
> Thanks,
> Sam
>
> _______________________________________________
> Rancid-discuss mailing
> list
>
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss________
> _______________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From rmordasiewicz at samuelmanutech.com Tue Jul 17 19:31:01 2007
From: rmordasiewicz at samuelmanutech.com (Robin Mordasiewicz)
Date: Tue, 17 Jul 2007 15:31:01 -0400 (EDT)
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <45EB285310B55542A513F93230F0A5330115DB4F@EXCHANGE0.orm.omniture.com>
References: <20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net>
<469C200F.4020909@munzani.com>
<45EB285310B55542A513F93230F0A5330115DB4F@EXCHANGE0.orm.omniture.com>
Message-ID:
On Tue, 17 Jul 2007, Mike Ashcraft wrote:
> It sounds like Lance and Sam have put together a working f5rancid with
> basic functionality which Sam posted last night. I have attached my
> f5rancid which I have been running for a few months. Installation
> instructions are included as comments in the file. This version uses
> clogin so that a separate f5login script is not required.
>
> This version formats and processes the output to make it more usable.
> As far as what is captured, I based this on the F5 equivalent of a tech
> out. It grabs a copy of all the configuration files, hardware
> configuration and software version as well as the timestamps and file
> sizes for SSL certs hosted on the device. This facilitates rebuilding
> from scratch as quickly as possible if this is ever needed.
>
> I was able to resolve the bug I mentioned yesterday by increasing the
> clogin timeout. On a small number of devices it failed to process the
> last few commands when running from cron but always worked properly from
> the command line on all devices [making it difficult to track down]. I
> mention this because it may be an appropriate fix for other intermittent
> problems sometimes discussed on this list.
>
> Any feedback is appreciated. I hope to get f5 support added to future
> releases of rancid.
I just installed the file and followed the instructions and it worked.
One thing you might want to add in the instructions is that the user must
edit the rancid-fe file to assiciate the device type with executing this
file, however if this becomes part of the main distribution then it will
just work.
--
From mashcraft at omniture.com Tue Jul 17 19:35:22 2007
From: mashcraft at omniture.com (Mike Ashcraft)
Date: Tue, 17 Jul 2007 13:35:22 -0600
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <20070717110025.8e114e4890519e5179c192e02d6bca26.2c7708e391.wbe@email.secureserver.net>
References: <20070717110025.8e114e4890519e5179c192e02d6bca26.2c7708e391.wbe@email.secureserver.net>
Message-ID: <45EB285310B55542A513F93230F0A5330115DBAD@EXCHANGE0.orm.omniture.com>
Lance,
Thanks for the feedback.
"b list" and "cat bigip.conf" are equivalent with the exception that b
list may reflect changes made in the cli that are not saved and will be
lost on reboot. Changes made using the web configuration tool are
automatically saved. "b list" may also limit what the rancid user can
see to a partial view if the user is not given sufficient rights. This
file has the software configuration.
The other file, bigip_base.conf contains interface configuration,
management IP addresses, routing, VLANs etc.
One could debate whether the f5rancid script should get the saved
configuration files or the running config or both. For cisco devices,
rancid obtains both. I'll look at adding both.
Mike
-----Original Message-----
From: Lance [mailto:rancid at gheek.net]
Sent: Tuesday, July 17, 2007 12:00 PM
To: Mike Ashcraft
Cc: rancid-discuss at shrubbery.net; sam at munzani.com
Subject: RE: [rancid] Re: F5 load balancer support
Mike,
Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".
-Lance
> -------- Original Message --------
> Subject: RE: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft"
> Date: Tue, July 17, 2007 10:49 am
> To: , "Lance"
> Cc:
>
> I have been on vacation for the last couple of weeks or I would have
> posted this sooner and possibly saved some of you a bit of effort.
>
> It sounds like Lance and Sam have put together a working f5rancid with
> basic functionality which Sam posted last night. I have attached my
> f5rancid which I have been running for a few months. Installation
> instructions are included as comments in the file. This version uses
> clogin so that a separate f5login script is not required.
>
> This version formats and processes the output to make it more usable.
> As far as what is captured, I based this on the F5 equivalent of a
tech
> out. It grabs a copy of all the configuration files, hardware
> configuration and software version as well as the timestamps and file
> sizes for SSL certs hosted on the device. This facilitates rebuilding
> from scratch as quickly as possible if this is ever needed.
>
> I was able to resolve the bug I mentioned yesterday by increasing the
> clogin timeout. On a small number of devices it failed to process the
> last few commands when running from cron but always worked properly
from
> the command line on all devices [making it difficult to track down].
I
> mention this because it may be an appropriate fix for other
intermittent
> problems sometimes discussed on this list.
>
> Any feedback is appreciated. I hope to get f5 support added to future
> releases of rancid.
>
> Thanks,
>
> Mike
>
>
>
> ________________________________
>
> From: Sam Munzani [mailto:sam at munzani.com]
> Sent: Monday, July 16, 2007 7:49 PM
> To: Lance
> Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: F5 load balancer support
>
>
> Lance,
>
> Thanks a lot for all your help. Pretty much you did all the work while
I
> watched what you are doing :-)..
>
> Attached are cleaned up files. In f5rancid file, I have left some
basic
> functions(non platform specific) just in case we expand this script to
> do a lot more than just "b list" output. In rancid-fe, we defined a
new
> device type "f5", f5login was copied from clogin and remarked some
"term
> length" statements we don't need on F5.
>
> All 3 files are attached and working great. Please be aware, we are
not
> parsing anything at all. All its doing is basic function of running "b
> list" command and capturing its output. As I expand more on this, I
will
> be sure to share with the audience here.
>
> Again, thanks a lot for all your help today.
>
> Regards,
> Sam
>
>
> I have helped Sam get a working f5rancid which requires a
> f5login (only
> because it doesn't recognize the prompt with a space and exit,
> unless
> you enter a return before the exit). He is cleaning up all the
> unused
> functions and will post it.
>
> Once John H. sends out his script I will look at it and see how
> it
> differs from the one I did with Sam. I will even help Sam get it
> working
> for his setup. We will let you know when it is all working.
>
> -lance
>
>
>
> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft"
>
> Date: Mon, July 16, 2007 11:48 am
> To:
> Cc: rancid-discuss at shrubbery.net
>
> Sam,
>
> I have a working f5rancid that I have been using for a
> number of months
> now. I have one minor bug related to tracking
> installed SSL certs
> which you probably don't care about. Other than that,
> it works great.
>
> I did encounter and solve all the problems you have been
> discussing on
> the list.
>
> Let me know if you are interested in trying what I have.
> I have tested
> it with Big-IP 9.1.2.
>
> Mike
>
> ________________________________
>
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
> Of Sam Munzani
> Sent: Monday, July 16, 2007 10:58 AM
> To: smunzani at comcast.net
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: F5 load balancer support
>
>
> BTW, this is what I see in the log when I do rancid-run
> now. That means
> the f5rancid file(hacked copy of rancid) is still
> missing something.
>
> more nfl.20070716.114842
> starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
> 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for
> `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 11:49:41 CDT 2007
>
> Thanks,
> Sam
>
>
> David,
>
> Thanks a lot for the tip. This worked well. Now
> f5login goes
> much more
> cleaner and the "root" doesn't set sent again. I
> still have
> other issues
> where rancid-run is backing up config properly
> but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd"
> mean and how
> does it do
> this miracle?
>
> Thanks,
> Sam
>
>
> Thanks for this tip, turns out that this
> is also the
> reason the
> username gets entered at a prompt on the
> cisco IPS
> devices. Since it's
> using SSH and therefore doesn't need a
> username prompt,
> solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<-
> something that
> won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance
>
>
> wrote:
>
>
> Sam,
>
> Have you tried using telnet to
> login, if the f5
> has it enabled.
> You may also want to set auto
> enable in your
> .cloginrc for this device
> as it looks to clogin as you are
> already in a
> cisco equivalent equal to
> enable since your prompt has a #
> sign in it.
>
> Looking at your next email along
> with this one
> it looks like you are
> already in a cisco equivalent of
> enable after
> you login. f5login seems
> to be sending your username of
> root as a command
> after you get connected
> because it sees this line "Last
> login: Fri Jul
> 13 14:38:03 2007 from
> 172.24.100.12" and it matches on
> the word
> "Login". See below.
>
> "(Username|Login|login|user
> name):"? yes
>
> expect: set expect_out(0,string)
> "login:"
>
> expect: set expect_out(1,string)
> "login"
>
> expect: set expect_out(spawn_id)
> "exp4"
>
> expect: set expect_out(buffer) "
> \r\nLast
> login:"
>
> send: sending "root\r" to { exp4
> }
>
> expect: continuing expect
>
> You are just using a Cisco
> login/parsing script
> so it expects prompts
> from a Cisco device and in this
> case you have a
> *nix SSH banner that
> gets interrupted. I know you can
> use RANCID to
> backup *nix systems. So
> it knows how to understand
> connecting to a *nix
> system. You might want
> to try this email thread which
> asks about
> backing up Linux conifgs.
>
>
>
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml"
>
ml>
>
>
ml>
>
ml>
>
> Or you could modify the existing
> f5login like
> so.
>
> I think you have to use the
> carrot before the ()
> to work. I haven't
> checked this as I am at home and
> not on a UNIX
> system right now. Sorry
> to lazy to check it out right
> now. You might
> want to uncomment the line
> below 3. and comment out the
> line below 2. and
> see if that works. This
> is the only point in the code
> that I see it look
> for login in any line.
> If that doesn't work send me
> back the debug and
> I will see what I can
> do. I am sure some people that
> use expect more
> often then I can probably
> quickly tell you what to use as
> syntax there.
>
> # Figure out prompts
> set u_prompt [find userprompt
> $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt
> "^(Username|Login|login|user name):"
> #2. Modified to read for
> a line beginning
> with
> Username,Login,login, or
> user name.
> set u_prompt
> "^(Username|Login|login|user
> name):"
> #3. Modified to read for
> a line beginning
> with Login or login.
> but I
> may be wrong
> #set u_prompt
> "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join
> [lindex $u_prompt 0]
> ""]
>
>
> Let me know if this works for
> you.
>
> -Lance
>
>
>
> -------- Original
> Message --------
> Subject: Re: [rancid]
> F5 load balancer
> support
> From: Sam Munzani
>
>
>
> Date: Fri, July 13, 2007
> 2:30 pm
> To: Lance
>
>
> Cc:
> rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with
> a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l
> root test-f5-01
> Password:
> Last login: Fri Jul 13
> 14:26:28 2007
> from 172.24.100.12
> root
> [root at test-f5-01:Active]
> config # root
> -bash: root: command not
> found
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
>
> I don't know how to
> debug otherwise I
> would turn on debug too. If you
> can provide some hints
> on debug, I would
> appreciate it.
>
> Thanks,
> Sam
>
>
> What error(s) do you get
> when you try to
> run your f5rancid?
>
> Where does it fail if
> you debug your
> f5login?
>
>
> -lance
>
>
>
>
> -------- Original
> Message --------
> Subject: [rancid] F5
> load balancer
> support
> From: Sam Munzani
>
>
>
> Date: Fri, July 13, 2007
> 12:45 pm
> To:
> rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to
> hack one of
> Cisco scripts to support
>
>
> BigIP F5
>
>
> boxes? It should be
> pretty simple. All I
> want to do is login and
>
>
> type "b
>
>
> list" which is
> equivalent of "show run"
> on cisco.
>
> However for some reason
> things not
> working. All I did was copied
>
>
> clogin
>
>
> to f5login, copied
> rancid to f5rancid
> and added following to
>
>
> rancid-fe.
>
>
> elsif ($vendor =~
> /^f5$/i)
> { exec('f5rancid',
>
>
> $router); }
>
>
> Then modified f5 rancid
> file and kept
> only one command in list of
> commands "b list".
>
> For some reason its not
> working. I can
> post my configs here if
>
>
> somebody
>
>
> like to see them.
>
> Thanks,
> Sam
>
> _______________________________________________
> Rancid-discuss mailing
> list
>
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
>
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss________
> _______________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From rancid at gheek.net Tue Jul 17 21:34:46 2007
From: rancid at gheek.net (Lance)
Date: Tue, 17 Jul 2007 14:34:46 -0700
Subject: [rancid] Re: F5 load balancer support
Message-ID: <20070717143446.8e114e4890519e5179c192e02d6bca26.c17ba8393d.wbe@email.secureserver.net>
Mike,
I would also like to bring up a few other things.
1.) If you are using the default clogin file you are going to have term
length and term width commands executed. They will not do anything but
they will show up as commands that would be attempted to run. So it
would be best to have a separate f5login script/modified clogin so it
has a clean login.
2.) You don't seem to check if you have reached end of file and have run
clean. You seem to just blindly set these values, which removes the
whole purpose they are there. It would be better to read the whole
output similar to how the cssrancid script is done or the f5rancid
script done.
Other than thsoe I think your script is nice. I am sure it can be
expanded on like a lot of the stuff but lets get some product that has
all the checking, and prompt detection between each command and then
lets look at adding it to the distribution. Obviously John H. and
company has the final say on that one.
-lance
> -------- Original Message --------
> Subject: RE: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft"
> Date: Tue, July 17, 2007 12:35 pm
> To: "Lance"
> Cc: ,
>
> Lance,
>
> Thanks for the feedback.
>
> "b list" and "cat bigip.conf" are equivalent with the exception that b
> list may reflect changes made in the cli that are not saved and will be
> lost on reboot. Changes made using the web configuration tool are
> automatically saved. "b list" may also limit what the rancid user can
> see to a partial view if the user is not given sufficient rights. This
> file has the software configuration.
>
> The other file, bigip_base.conf contains interface configuration,
> management IP addresses, routing, VLANs etc.
>
> One could debate whether the f5rancid script should get the saved
> configuration files or the running config or both. For cisco devices,
> rancid obtains both. I'll look at adding both.
>
> Mike
>
> -----Original Message-----
> From: Lance [mailto:rancid at gheek.net]
> Sent: Tuesday, July 17, 2007 12:00 PM
> To: Mike Ashcraft
> Cc: rancid-discuss at shrubbery.net; sam at munzani.com
> Subject: RE: [rancid] Re: F5 load balancer support
>
> Mike,
>
> Looks really nice. I am guessing the bigip.conf or the other file is
> what is displayed with "b list".
>
> -Lance
>
> > -------- Original Message --------
> > Subject: RE: [rancid] Re: F5 load balancer support
> > From: "Mike Ashcraft"
> > Date: Tue, July 17, 2007 10:49 am
> > To: , "Lance"
> > Cc:
> >
> > I have been on vacation for the last couple of weeks or I would have
> > posted this sooner and possibly saved some of you a bit of effort.
> >
> > It sounds like Lance and Sam have put together a working f5rancid with
> > basic functionality which Sam posted last night. I have attached my
> > f5rancid which I have been running for a few months. Installation
> > instructions are included as comments in the file. This version uses
> > clogin so that a separate f5login script is not required.
> >
> > This version formats and processes the output to make it more usable.
> > As far as what is captured, I based this on the F5 equivalent of a
> tech
> > out. It grabs a copy of all the configuration files, hardware
> > configuration and software version as well as the timestamps and file
> > sizes for SSL certs hosted on the device. This facilitates rebuilding
> > from scratch as quickly as possible if this is ever needed.
> >
> > I was able to resolve the bug I mentioned yesterday by increasing the
> > clogin timeout. On a small number of devices it failed to process the
> > last few commands when running from cron but always worked properly
> from
> > the command line on all devices [making it difficult to track down].
> I
> > mention this because it may be an appropriate fix for other
> intermittent
> > problems sometimes discussed on this list.
> >
> > Any feedback is appreciated. I hope to get f5 support added to future
> > releases of rancid.
> >
> > Thanks,
> >
> > Mike
> >
> >
> >
> > ________________________________
> >
> > From: Sam Munzani [mailto:sam at munzani.com]
> > Sent: Monday, July 16, 2007 7:49 PM
> > To: Lance
> > Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
> > Subject: Re: [rancid] Re: F5 load balancer support
> >
> >
> > Lance,
> >
> > Thanks a lot for all your help. Pretty much you did all the work while
> I
> > watched what you are doing :-)..
> >
> > Attached are cleaned up files. In f5rancid file, I have left some
> basic
> > functions(non platform specific) just in case we expand this script to
> > do a lot more than just "b list" output. In rancid-fe, we defined a
> new
> > device type "f5", f5login was copied from clogin and remarked some
> "term
> > length" statements we don't need on F5.
> >
> > All 3 files are attached and working great. Please be aware, we are
> not
> > parsing anything at all. All its doing is basic function of running "b
> > list" command and capturing its output. As I expand more on this, I
> will
> > be sure to share with the audience here.
> >
> > Again, thanks a lot for all your help today.
> >
> > Regards,
> > Sam
> >
> >
> > I have helped Sam get a working f5rancid which requires a
> > f5login (only
> > because it doesn't recognize the prompt with a space and exit,
> > unless
> > you enter a return before the exit). He is cleaning up all the
> > unused
> > functions and will post it.
> >
> > Once John H. sends out his script I will look at it and see how
> > it
> > differs from the one I did with Sam. I will even help Sam get it
> > working
> > for his setup. We will let you know when it is all working.
> >
> > -lance
> >
> >
> >
> > -------- Original Message --------
> > Subject: [rancid] Re: F5 load balancer support
> > From: "Mike Ashcraft"
> >
> > Date: Mon, July 16, 2007 11:48 am
> > To:
> > Cc: rancid-discuss at shrubbery.net
> >
> > Sam,
> >
> > I have a working f5rancid that I have been using for a
> > number of months
> > now. I have one minor bug related to tracking
> > installed SSL certs
> > which you probably don't care about. Other than that,
> > it works great.
> >
> > I did encounter and solve all the problems you have been
> > discussing on
> > the list.
> >
> > Let me know if you are interested in trying what I have.
> > I have tested
> > it with Big-IP 9.1.2.
> >
> > Mike
> >
> > ________________________________
> >
> > From: rancid-discuss-bounces at shrubbery.net
> > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
> > Of Sam Munzani
> > Sent: Monday, July 16, 2007 10:58 AM
> > To: smunzani at comcast.net
> > Cc: rancid-discuss at shrubbery.net
> > Subject: [rancid] Re: F5 load balancer support
> >
> >
> > BTW, this is what I see in the log when I do rancid-run
> > now. That means
> > the f5rancid file(hacked copy of rancid) is still
> > missing something.
> >
> > more nfl.20070716.114842
> > starting: Mon Jul 16 11:48:42 CDT 2007
> >
> >
> >
> > Trying to get all of the configs.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 1.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 2.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 3.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 4.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> >
> > cvs diff: Diffing .
> > cvs diff: Diffing configs
> > nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
> > 2007
> >
> >
> >
> > Trying to get all of the configs.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 1.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 2.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 3.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 4.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> >
> > cvs diff: Diffing .
> > cvs diff: Diffing configs
> > cvs diff: cannot find configs/test-f5-01
> > cvs commit: Examining .
> > cvs commit: Examining configs
> > cvs commit: Up-to-date check failed for
> > `configs/test-f5-01'
> > cvs [commit aborted]: correct above errors first!
> > ls: test-f5-01: No such file or directory
> >
> > ending: Mon Jul 16 11:49:41 CDT 2007
> >
> > Thanks,
> > Sam
> >
> >
> > David,
> >
> > Thanks a lot for the tip. This worked well. Now
> > f5login goes
> > much more
> > cleaner and the "root" doesn't set sent again. I
> > still have
> > other issues
> > where rancid-run is backing up config properly
> > but I am still
> > troubleshooting it.
> >
> > Now here is a question. What does "bldshgalsjd"
> > mean and how
> > does it do
> > this miracle?
> >
> > Thanks,
> > Sam
> >
> >
> > Thanks for this tip, turns out that this
> > is also the
> > reason the
> > username gets entered at a prompt on the
> > cisco IPS
> > devices. Since it's
> > using SSH and therefore doesn't need a
> > username prompt,
> > solution was
> > to simply add in .cloginrc:
> >
> > add userprompt ids* bldshgalsjd (<-
> > something that
> > won't get sent
> > during login)
> >
> > Regards,
> >
> > David
> >
> > On 14/07/07, Lance
> >
> >
> > wrote:
> >
> >
> > Sam,
> >
> > Have you tried using telnet to
> > login, if the f5
> > has it enabled.
> > You may also want to set auto
> > enable in your
> > .cloginrc for this device
> > as it looks to clogin as you are
> > already in a
> > cisco equivalent equal to
> > enable since your prompt has a #
> > sign in it.
> >
> > Looking at your next email along
> > with this one
> > it looks like you are
> > already in a cisco equivalent of
> > enable after
> > you login. f5login seems
> > to be sending your username of
> > root as a command
> > after you get connected
> > because it sees this line "Last
> > login: Fri Jul
> > 13 14:38:03 2007 from
> > 172.24.100.12" and it matches on
> > the word
> > "Login". See below.
> >
> > "(Username|Login|login|user
> > name):"? yes
> >
> > expect: set expect_out(0,string)
> > "login:"
> >
> > expect: set expect_out(1,string)
> > "login"
> >
> > expect: set expect_out(spawn_id)
> > "exp4"
> >
> > expect: set expect_out(buffer) "
> > \r\nLast
> > login:"
> >
> > send: sending "root\r" to { exp4
> > }
> >
> > expect: continuing expect
> >
> > You are just using a Cisco
> > login/parsing script
> > so it expects prompts
> > from a Cisco device and in this
> > case you have a
> > *nix SSH banner that
> > gets interrupted. I know you can
> > use RANCID to
> > backup *nix systems. So
> > it knows how to understand
> > connecting to a *nix
> > system. You might want
> > to try this email thread which
> > asks about
> > backing up Linux conifgs.
> >
> >
> >
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> > ml"
> >
> > ml>
> >
> >
> > ml>
> >
> > ml>
> >
> > Or you could modify the existing
> > f5login like
> > so.
> >
> > I think you have to use the
> > carrot before the ()
> > to work. I haven't
> > checked this as I am at home and
> > not on a UNIX
> > system right now. Sorry
> > to lazy to check it out right
> > now. You might
> > want to uncomment the line
> > below 3. and comment out the
> > line below 2. and
> > see if that works. This
> > is the only point in the code
> > that I see it look
> > for login in any line.
> > If that doesn't work send me
> > back the debug and
> > I will see what I can
> > do. I am sure some people that
> > use expect more
> > often then I can probably
> > quickly tell you what to use as
> > syntax there.
> >
> > # Figure out prompts
> > set u_prompt [find userprompt
> > $router
> > if { "$u_prompt" == "" } {
> > #1. ORIGINAL
> > #set u_prompt
> > "^(Username|Login|login|user name):"
> > #2. Modified to read for
> > a line beginning
> > with
> > Username,Login,login, or
> > user name.
> > set u_prompt
> > "^(Username|Login|login|user
> > name):"
> > #3. Modified to read for
> > a line beginning
> > with Login or login.
> > but I
> > may be wrong
> > #set u_prompt
> > "^(Username|^Login|^login|user name):"
> > } else {
> > set u_prompt [join
> > [lindex $u_prompt 0]
> > ""]
> >
> >
> > Let me know if this works for
> > you.
> >
> > -Lance
> >
> >
> >
> > -------- Original
> > Message --------
> > Subject: Re: [rancid]
> > F5 load balancer
> > support
> > From: Sam Munzani
> >
> >
> >
> > Date: Fri, July 13, 2007
> > 2:30 pm
> > To: Lance
> >
> >
> > Cc:
> > rancid-discuss at shrubbery.net
> >
> > Lance,
> >
> > F5 login works fine with
> > a minor error.
> >
> > $ f5login test-f5-01
> > test-f5-01
> > spawn ssh -c 3des -x -l
> > root test-f5-01
> > Password:
> > Last login: Fri Jul 13
> > 14:26:28 2007
> > from 172.24.100.12
> > root
> > [root at test-f5-01:Active]
> > config # root
> > -bash: root: command not
> > found
> > [root at test-f5-01:Active]
> > config #
> > [root at test-f5-01:Active]
> > config #
> > [root at test-f5-01:Active]
> > config #
> >
> > I don't know how to
> > debug otherwise I
> > would turn on debug too. If you
> > can provide some hints
> > on debug, I would
> > appreciate it.
> >
> > Thanks,
> > Sam
> >
> >
> > What error(s) do you get
> > when you try to
> > run your f5rancid?
> >
> > Where does it fail if
> > you debug your
> > f5login?
> >
> >
> > -lance
> >
> >
> >
> >
> > -------- Original
> > Message --------
> > Subject: [rancid] F5
> > load balancer
> > support
> > From: Sam Munzani
> >
> >
> >
> > Date: Fri, July 13, 2007
> > 12:45 pm
> > To:
> > rancid-discuss at shrubbery.net
> >
> > Hi,
> >
> > Did anybody happened to
> > hack one of
> > Cisco scripts to support
> >
> >
> > BigIP F5
> >
> >
> > boxes? It should be
> > pretty simple. All I
> > want to do is login and
> >
> >
> > type "b
> >
> >
> > list" which is
> > equivalent of "show run"
> > on cisco.
> >
> > However for some reason
> > things not
> > working. All I did was copied
> >
> >
> > clogin
> >
> >
> > to f5login, copied
> > rancid to f5rancid
> > and added following to
> >
> >
> > rancid-fe.
> >
> >
> > elsif ($vendor =~
> > /^f5$/i)
> > { exec('f5rancid',
> >
> >
> > $router); }
> >
> >
> > Then modified f5 rancid
> > file and kept
> > only one command in list of
> > commands "b list".
> >
> > For some reason its not
> > working. I can
> > post my configs here if
> >
> >
> > somebody
> >
> >
> > like to see them.
> >
> > Thanks,
> > Sam
> >
> > _______________________________________________
> > Rancid-discuss mailing
> > list
> >
> > Rancid-discuss at shrubbery.net
> >
> >
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> >
> >
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> >
> >
> >
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> >
> >
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss________
> > _______________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> >
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> >
> >
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
From mashcraft at omniture.com Tue Jul 17 22:55:19 2007
From: mashcraft at omniture.com (Mike Ashcraft)
Date: Tue, 17 Jul 2007 16:55:19 -0600
Subject: [rancid] Re: F5 load balancer support
In-Reply-To: <20070717143446.8e114e4890519e5179c192e02d6bca26.c17ba8393d.wbe@email.secureserver.net>
References: <20070717143446.8e114e4890519e5179c192e02d6bca26.c17ba8393d.wbe@email.secureserver.net>
Message-ID: <45EB285310B55542A513F93230F0A5330115DC6F@EXCHANGE0.orm.omniture.com>
Lance,
I welcome a separate f5login, but when I asked about it back in
February, Andrew Partan recommended using clogin if I could get it to
work. Since I already had it working with clogin at that point, I
didn't want to tackle re-writing clogin for the f5 if I didn't need to.
The f5login you put together works with minimal changes to f5rancid. It
also fixes some emulation problems when using clogin to obtain a shell
on the f5. While these did not impact f5rancid, it does improve the
overall functionality. Thanks!
The check for prompt, the end of file and clean run is all there. This
also answers Sam's question about how I was able to use clogin. When I
was trying to figure out why I was not getting a clean run, I found that
the standard rancid looks for a regex match to /[>#]\s?exit$/ to detect
a clean run. Looking at the data coming back from clogin, I was not
seeing anything to match this from the f5 so I replaced it with
/\s?logout$/ to match what I was seeing from the F5 at the end of a
clean run.
Mike
-----Original Message-----
From: Lance [mailto:rancid at gheek.net]
Sent: Tuesday, July 17, 2007 3:35 PM
To: Mike Ashcraft
Cc: rancid-discuss at shrubbery.net; sam at munzani.com
Subject: RE: [rancid] Re: F5 load balancer support
Mike,
I would also like to bring up a few other things.
1.) If you are using the default clogin file you are going to have term
length and term width commands executed. They will not do anything but
they will show up as commands that would be attempted to run. So it
would be best to have a separate f5login script/modified clogin so it
has a clean login.
2.) You don't seem to check if you have reached end of file and have run
clean. You seem to just blindly set these values, which removes the
whole purpose they are there. It would be better to read the whole
output similar to how the cssrancid script is done or the f5rancid
script done.
Other than thsoe I think your script is nice. I am sure it can be
expanded on like a lot of the stuff but lets get some product that has
all the checking, and prompt detection between each command and then
lets look at adding it to the distribution. Obviously John H. and
company has the final say on that one.
-lance
> -------- Original Message --------
> Subject: RE: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft"
> Date: Tue, July 17, 2007 12:35 pm
> To: "Lance"
> Cc: ,
>
> Lance,
>
> Thanks for the feedback.
>
> "b list" and "cat bigip.conf" are equivalent with the exception that b
> list may reflect changes made in the cli that are not saved and will
be
> lost on reboot. Changes made using the web configuration tool are
> automatically saved. "b list" may also limit what the rancid user can
> see to a partial view if the user is not given sufficient rights.
This
> file has the software configuration.
>
> The other file, bigip_base.conf contains interface configuration,
> management IP addresses, routing, VLANs etc.
>
> One could debate whether the f5rancid script should get the saved
> configuration files or the running config or both. For cisco devices,
> rancid obtains both. I'll look at adding both.
>
> Mike
>
> -----Original Message-----
> From: Lance [mailto:rancid at gheek.net]
> Sent: Tuesday, July 17, 2007 12:00 PM
> To: Mike Ashcraft
> Cc: rancid-discuss at shrubbery.net; sam at munzani.com
> Subject: RE: [rancid] Re: F5 load balancer support
>
> Mike,
>
> Looks really nice. I am guessing the bigip.conf or the other file is
> what is displayed with "b list".
>
> -Lance
>
> > -------- Original Message --------
> > Subject: RE: [rancid] Re: F5 load balancer support
> > From: "Mike Ashcraft"