From rwest at zyedge.com Wed Jul 1 21:31:09 2009 From: rwest at zyedge.com (Ryan West) Date: Wed, 1 Jul 2009 17:31:09 -0400 Subject: [rancid] Wireless LAN Controllers Message-ID: <6E21B2BDEF6E714EA0B5BA8D5D0E140124835C5BF1@zy-ex1.zyedge.local> Jeremy, I came across your co-workers script in the archives, but had some issues with them and made a couple of very minor tweaks to get it working. Anyhow, I thought I would post them in case anyone needs the functionality. I only changed the prompt / enable detection and the commands that were run. -ryan -------------- next part -------------- A non-text attachment was scrubbed... Name: ciscowlc Type: application/octet-stream Size: 9402 bytes Desc: ciscowlc Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090701/a2917dc9/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: wlogin Type: application/octet-stream Size: 24354 bytes Desc: wlogin Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090701/a2917dc9/attachment-0001.obj From justin at justinshore.com Tue Jul 7 04:35:48 2009 From: justin at justinshore.com (Justin Shore) Date: Mon, 06 Jul 2009 23:35:48 -0500 Subject: [rancid] Cisco ASA 8.2 Bug - FIXED In-Reply-To: <4A203DF1.60206@justinshore.com> References: <20090512214439.GR25269@shrubbery.net> <4A17A39A.6000902@justinshore.com> <4A1F45CA.7050402@justinshore.com> <8E8D2F59C322B64598D5CBAA2C882F4316C6166E62@apatlisdmail19.core.gtri.org> <20090529185608.GM28760@shrubbery.net> <4A203DF1.60206@justinshore.com> Message-ID: <4A52D0A4.3070503@justinshore.com> All, The coredump.cfg bug introduced in v8.2 code on the ASAs has been acknowledged as a bug and has been fixed. The bugID is CSCsz85597: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsz85597 The interim release 8.2(1)-3 hasn't been officially released but it is available if you have a contract and point TAC to the bugID. I'm running it now and apart from a probably unrelated Proxy ARP issue I haven't run into any problems. RANCID is as happy as can be now. Justin From Atif.SIDDIQUI at HydroOne.com Tue Jul 7 11:48:20 2009 From: Atif.SIDDIQUI at HydroOne.com (Atif.SIDDIQUI at HydroOne.com) Date: Tue, 7 Jul 2009 07:48:20 -0400 Subject: [rancid] RANCID and CVS our of sync In-Reply-To: <6E21B2BDEF6E714EA0B5BA8D5D0E140124835C5BF1@zy-ex1.zyedge.local> References: <6E21B2BDEF6E714EA0B5BA8D5D0E140124835C5BF1@zy-ex1.zyedge.local> Message-ID: <41BBAE5132ABA54BB2BA8716254F03D601AFC587@1104MILPEV.corp.hydroone.com> We have RANCID showing files being updated but CVS is not getting updates in the CVS folder just for 1 network, other 2 network folders are ok. How to fix this issue ? From diego.ercolani at ssis.sm Tue Jul 7 13:50:28 2009 From: diego.ercolani at ssis.sm (Diego Ercolani) Date: Tue, 7 Jul 2009 15:50:28 +0200 Subject: [rancid] DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION Message-ID: <200907071550.28555.diego.ercolani@ssis.sm> Hello to all, I finished modules for the archive of linux configuration. It's a development version so please dear developer support it in the main trunk I wrote 2 modules: llogin lrancid ---------- LLOGIN -------------------- llogin is based on clogin 2.3.2 script, try to login via ssh and telnet. It should login as root. I did many modification to the clogin script, and I suppose a better check and better diagnostic look. The point of view I started from is that linux normally stores configurations as files in the filesystem, every distribution use its own directory structure and often, an entire backup of /etc directory is too redundant so I added a new configuration parameter in the .cloginrc and a new "MetaCommand" that is BackupFiles that is runned by llogin script using .cloginrc files to feed it. The new parameter in the .cloginrc is "backupfile", so you need to add for your linux machines at least a line in the .cloginrc file in the clogin syntax: add backupfile [path/filename] ... if you want you can of course add new files in a new line; this is the reason why I modified the clogin "add" procedure to feed correctly the int_backupfiles global variable the llogin script is using. I wrote a new procedure that is send_debug that, when called with a string as parameter, prints a gren "Debug:" followed by the string, if debug is on. (this of course is to increment visibility of check strings along the expect debug stream. --------- LRANCID --------- lrancid is a modified version of rancid 2.3.2 that calls llogin with the BackupFiles metacommand as command argument. It have some hack to optimize the output of the llogin script, but is more or less very similar to the rancid script ----------- rancid-fe ----------------- I of course modified the rancid-fe script to manage a new device category that is "linux". I'm attaching it to complete the contribution. ----------- sample .cloginrc ---------------------- here is my cloginrc file part that is regarded to the linux machine: >>>>>>>>>>>> CUT >>>>>>>>>>>>>> add method linux.machine.domain ssh rlogin add user linux.machine.domain root add password linux.machine.domain thepassword thepassword add autoenable linux.machine.domain 1 add backupfile linux.machine.domain /etc/issue add backupfile linux.machine.domain /etc/network/interfaces #add backupfile linux.machine.domain /etc/network/interfaces <<<<<<<<<<<<<< CUT <<<<<<<<<<<<<<<< Hope this would help many of you Diego Ercolani -------------- next part -------------- A non-text attachment was scrubbed... Name: lrancid Type: application/x-perl Size: 10927 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090707/65656dc8/attachment.bin -------------- next part -------------- #! /usr/bin/expect -- ## ## llogin 1.0.2 2009/07/07 ## based on clogin.in,v 1.136 2009/04/22 18:59:04 ## ## rancid 2.3.2 ## Copyright (c) 1997-2009 by Terrapin Communications, Inc. ## All rights reserved. ## llogin (c) Diego Ercolani - SSIS S.p.A. - San Marino ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # The expect login scripts were based on Erik Sherk's gwtn, by permission. # # llogin - Linux Login # # Most options are intuitive for logging into a Cisco router. # The default is to enable (thus -noenable). Some folks have # setup tacacs to have a user login at priv-lvl = 15 (enabled) # so the -autoenable flag was added for this case (don't go through # the process of enabling and the prompt will be the "#" prompt. # The default username password is the same as the vty password. # # Usage line set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # Save config, if prompted set do_saveconfig 0 # set send_human {.4 .4 .7 .3 5} # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[ info exists env(CLOGINRC) ]} { set password_file $env(CLOGINRC) } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Expect debug mode -d* { exp_internal 1 # Username } -u* { if {! [regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* { if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # VTY Password } -v* { if {! [regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Version string } -V* { send_user "rancid 2.3.2\n" exit 0 # Enable Username } -w* { if {! [regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [ lindex $argv $i ] } # Environment variable to pass to -s scripts } -E* { if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [regexp .\[e\](.+) $arg ignore enapasswd]} { incr i set enapasswd [ lindex $argv $i ] } set do_enapasswd 0 # Command to run. } -c* { if {! [regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* { if {! [regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # save config on exit } -S* { set do_saveconfig 1 # 'ssh -c' cypher type } -y* { if {! [regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* { if {! [regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* { if {! [regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* { if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [ regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie # Add procedure has been modified to add elements of existant list # if list exists and first list element is the same proc add {var args} { global int_$var ; if { [info exists int_$var] } { #search for the key element (the first after the name) # that is the "glob" element set variable [set int_$var] set added 0 for {set i 0} {$i< [llength $variable]} {incr i} { if { [string compare [lindex $args 0] [lindex [lindex $variable $i] 0]] == 0 } { #first element of this subelement is equal so we have to add to this subelement set args [lreplace $args 0 0] ;#delete 1st element of args as it is the glob #puts "($args)-> [lindex $variable $i]" set a [lindex $variable $i] # if args is an array then add single element a time foreach j $args { lappend a $j } puts "a:$a" set variable [lreplace $variable $i $i $a] #puts "risultato: $a==[lindex $variable $i]" set added 1 break ;#break loop as we added things to current sublist } } if { $added == 1 } { # we have a new list that have the new items # so we must redefine the int_$var with the correct list set int_$var $variable } else { # we didn't find any glob that matches the one we have, so # new list element containing all the subelements lappend int_$var $args } } else { lappend int_$var $args } } proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list #send_user "searching in $list occurrancies of $var in router $router\n" if { [info exists list] } { foreach line $list { #send_user "$line\n" if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } else { send_debug "Warning: int_$var list not found\n" } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully proc login { router user userpswd passwd enapasswd cmethod cyphertype } { global command spawn_id in_proc do_command do_script platform global prompt u_prompt p_prompt e_prompt sshcmd set in_proc 1 set uprompt_seen 0 send_debug "In login\n" # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog methcmd suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port if {"$port" == ""} { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] } else { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ] } if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { if { ! $do_command } { if { [llength $cmethod] == 1 } { send_user "\nError: rsh is an invalid method for -x and " send_user "interactive logins\n" } if { $progs == 0 } { return 1 } continue; } set commands [split $command \;] set num_commands [llength $commands] set rshfail 0 for {set i 0} {$i < $num_commands && !$rshfail} { incr i} { log_user 0 set retval [ catch {spawn rsh $user@$router [lindex $commands $i] } reason ] if { $retval } { send_user "\nError: rsh failed: $reason\n" log_user 1; return 1 } send_user "$router# [lindex $commands $i]\n" # rcmd does not get a pager and no prompts, so we just have to # look for failures & lines. expect { "Connection refused" { catch {close}; catch {wait}; send_user "\nError: Connection\ Refused ($prog): $router\n" set rshfail 1 } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; catch {wait}; send_user "\nError: Connection\ closed ($prog): $router\n" set rshfail 1 } "Host is unreachable" { catch {close}; catch {wait}; send_user "\nError: Host Unreachable:\ $router\n" set rshfail 1 } "No address associated with" { catch {close}; catch {wait}; send_user "\nError: Unknown host\ $router\n" set rshfail 1 } -re "\b+" { exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } timeout { catch {close}; catch {wait}; send_user "\nError: TIMEOUT reached\n" set rshfail 1 } eof { catch {close}; catch {wait}; } } log_user 1 } if { $rshfail } { if { !$progs } { return 1 } else { continue } } # fake the end of the session for rancid. send_user "$router# exit\n" # return rsh "success" return -1 } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } "Host is unreachable" { send_user "\nError: Host Unreachable: $router\n"; catch {close}; catch {wait}; return 1 } "No address associated with name" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "(denied|Sorry)" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "Login failed" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } -re "% (Bad passwords|Authentication failed)" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "Press any key to continue" { # send_user "Pressing the ANY key\n" send "\r" exp_continue } -re "Enter Selection: " { # Catalyst 1900s have some lame menu. Enter # K to reach a command-line. send "K\r" exp_continue } -re "Last login:" { exp_continue } -re "@\[^\r\n]+ $p_prompt" { # ssh pwd prompt sleep 1 send -- "$userpswd\r" exp_continue } -re "$u_prompt" { send -- "$user\r" set uprompt_seen 1 exp_continue } -re "$p_prompt" { sleep 1 if {$uprompt_seen == 1} { send -- "$userpswd\r" } else { send -- "$passwd\r" } exp_continue } -re "$prompt" { break; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; catch {close}; catch {wait}; return 1 } } } # remove usage of history for classic commands from rancid # set default language (english) send -- "export HISTIGNORE=\"&:cat *:exit*:export *\";export LANG=C\r" expect { -re "$prompt" { } -re "\b+" { send_user "Error: $expect_out(buffer)" } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global do_saveconfig in_proc global prompt u_prompt e_prompt set in_proc 1 # Set bash answer in english send "export LANG=C\r" expect { "#" { set prompt "#" } -re "error" { send_user "\nError: check your appliance\n" return 1 } } send "su -\r" expect { -re "$u_prompt" { send -- "$enauser\r"; exp_continue} -re "$e_prompt" { send -- "$enapasswd\r"; exp_continue} "#" { set prompt "#" } -re "(denied|Sorry|Incorrect)" { # % Access denied - from local auth and poss. others send_user "\nError: Check your Enable passwd\n"; return 1 } "% Error in authentication" { send_user "\nError: Check your Enable passwd\n" return 1 } -re "(Authentication failure|incorrect password)" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } proc BackupFiles { host files prompt } { send_debug "In BackupFiles host:$host files:$files prompt:$prompt\n" send_user "\n$prompt\BackupFiles\n" foreach item $files { send_user "#rancid llogin : $item\n###########" send -- "\r" expect { -re "$prompt" { send -- "cat $item\r" exp_continue } -re "^cat $item\r" { } -re "^cat: " { send_user -- "\nError: $expect_out(buffer)\n" exit 1 } } expect { -re "^bash: .*" { send_user -- "\nError: $expect_out(buffer)\n" exit 1 } # word delimiter -re "\b+" { send_user -- "$expect_out(buffer)" exp_continue } -re "^\[^\r\n *]*$prompt" { #send_user -- "$expect_out(buffer)" } -re "^\[^\r\n]*$prompt." { #send_user -- "$expect_out(buffer)" #exp_continue } -re "\[\r\n]+" { send_user -- "$expect_out(buffer)" exp_continue } } } send_user "$prompt" send -- "\r" return 0 } # Run commands given on the command line. proc run_commands { host prompt command } { global in_proc platform # Every environment variable have to be declared! Variable Scope: # If I call a procedure that uses a global variable I have also to declare global # here! (int_backupfile is used when I call [find backupfile $host] global password_file int_backupfile set in_proc 1 set reprompt $prompt # this is the only way i see to get rid of more prompts in o/p..grrrrr log_user 0 set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. the extreme is equally obnoxious, with a # global switch in the config. for {set i 0} {$i < $num_commands} { incr i} { # If command is a "MetaCommand", call the handler procedure # if it is not a "MetaCommand", passes the command "as is" to # the console # send_user "[subst [lindex $commands $i]]\n" switch -glob -nocase [subst -nocommands [lindex $commands $i]] { backupfiles { set files [find backupfile $host] if { [info exists files] && [llength $files] > 0 } { BackupFiles $host $files $reprompt } else { send_user "\n\nPlease give some entries in $password_file: like this:\n" send_user "add backupfile $host /etc/passwd /etc/resolv.conf\n\n" } } * { send -- "\r" expect { -re "^.*$reprompt" { send -- "[subst -nocommands [lindex $commands $i]]\r" } } expect { -re "^bash: .*" { send_user -- "\nError: $expect_out(buffer)" exit 1 } # word delimiter -re "\b+" { send_user -- "$expect_out(buffer)" exp_continue } -re "^\[^\r\n *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\r\n]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "\[\r\n]+" { send_user -- "$expect_out(buffer)" exp_continue } } } ;#end default } ;#end switch send_debug "\nEnd Switch\n" } log_user 1 send -- "exit\r" expect { -re "\b+" { exp_continue } -re "Connection to .* closed" { return 0} -re "^\[^\n\r *]*$reprompt" { # the Cisco CE and Jnx ERX # return to non-enabled mode # on exit in enabled mode. send -h "exit\r" exp_continue; } -re "\[\n\r]+" { exp_continue } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 } } set in_proc 0 } proc send_debug { text } { if { [ exp_internal -info ] == 1 } { send_user "\033\[32mDebug:\033\[m$text" } } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 set exitval 0 foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user -- "$router\n" # Figure out the prompt. # autoenable is off by default. If we have it defined, it was done # on the command line. If it is not specifically set on the command # line, check the password file. if $avautoenable { set autoenable 1 set enable 0 set prompt ":~# " } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 set prompt ":~# " } else { set autoenable 0 set enable $avenable set prompt ":~> " } } # look for noenable option in .cloginrc if { [find noenable $router] != "" } { set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user -- "\nError: no password for $router in $password_file.\n" continue } if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user -- "\nError: no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } else { set passwd $userpasswd set enapasswd $enapasswd } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|Login|login|user name|User):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } else { set e_prompt [join [lindex $e_prompt 0] ""] } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { incr exitval # if login failed or rsh was unsuccessful, move on to the next device continue } send_debug "End of Login\n" if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { incr exitval catch {close}; catch {wait}; continue } } send_debug "End Enable\n" } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+\[:.])1 ($prompt)" { # stoopid extreme cmd-line numbers and # prompt based on state of config changes, # which may have an * at the beginning. set junk $expect_out(1,string) regsub -all "^\\\* " $expect_out(1,string) {} junk regsub -all "\[\]\[\(\)]" $junk {\\&} junk; set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"; set platform "extreme" } -re "^.+$prompt" { set junk $expect_out(0,string); regsub -all "\[\]\[\(\)]" $junk {\\&} prompt; } } if { $do_command } { if {[run_commands $router $prompt $command]} { incr exitval continue } } elseif { $do_script } { # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "terminal length 0". if [ regexp -- ".*> .*enable" "$prompt" ] { send "set length 0\r" expect -re $prompt {} send "set logging session disable\r" } else { send "terminal length 0\r" } expect -re $prompt {} source $sfile catch {close}; } else { label $router log_user 1 interact } # End of for each router catch {wait}; sleep 0.3 } exit $exitval -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid-fe Type: application/x-perl Size: 3668 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090707/65656dc8/attachment-0001.bin From smunzani at comcast.net Tue Jul 7 14:20:16 2009 From: smunzani at comcast.net (Sam Munzani) Date: Tue, 07 Jul 2009 09:20:16 -0500 Subject: [rancid] Re: DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION In-Reply-To: <200907071550.28555.diego.ercolani@ssis.sm> References: <200907071550.28555.diego.ercolani@ssis.sm> Message-ID: <4A5359A0.4020808@comcast.net> Diego, Many companies don't allow root user for the SSH. So usually its login as normal user then either "su -" or "sudo su -". I think this script can be more useful if it considers non root logins. My 2 cents. Thanks, Sam > Hello to all, > I finished modules for the archive of linux configuration. > It's a development version so please dear developer support it in the main > trunk > > > I wrote 2 modules: > llogin > lrancid > > > ---------- LLOGIN -------------------- > > > llogin is based on clogin 2.3.2 script, try to login via ssh and telnet. It > should login as root. > > I did many modification to the clogin script, and I suppose a better check and > better diagnostic look. > > The point of view I started from is that linux normally stores configurations > as files in the filesystem, every distribution use its own directory structure > and often, an entire backup of /etc directory is too redundant so I added a > new configuration parameter in the .cloginrc and a new "MetaCommand" that is > BackupFiles that is runned by llogin script using .cloginrc files to feed it. > > > The new parameter in the .cloginrc is "backupfile", so you need to add for > your linux machines at least a line in the .cloginrc file in the clogin > syntax: > > add backupfile [path/filename] ... > > if you want you can of course add new files in a new line; this is the reason > why I modified the clogin "add" procedure to feed correctly the > int_backupfiles global variable the llogin script is using. > > I wrote a new procedure that is send_debug that, when called with a string as > parameter, prints a gren "Debug:" followed by the string, if debug is on. > (this of course is to increment visibility of check strings along the expect > debug stream. > > --------- LRANCID --------- > lrancid is a modified version of rancid 2.3.2 that calls llogin with the > BackupFiles metacommand as command argument. > It have some hack to optimize the output of the llogin script, but is more or > less very similar to the rancid script > > ----------- rancid-fe ----------------- > I of course modified the rancid-fe script to manage a new device category that > is "linux". > I'm attaching it to complete the contribution. > > ----------- sample .cloginrc ---------------------- > here is my cloginrc file part that is regarded to the linux machine: > > >>>>>>>>>>>>> CUT >>>>>>>>>>>>>> >>>>>>>>>>>>> > add method linux.machine.domain ssh rlogin > add user linux.machine.domain root > add password linux.machine.domain thepassword thepassword > add autoenable linux.machine.domain 1 > add backupfile linux.machine.domain /etc/issue > add backupfile linux.machine.domain /etc/network/interfaces > #add backupfile linux.machine.domain /etc/network/interfaces > <<<<<<<<<<<<<< CUT <<<<<<<<<<<<<<<< > > Hope this would help many of you > Diego Ercolani > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090707/063a3374/attachment.html From tad1214 at aol.com Tue Jul 7 14:29:12 2009 From: tad1214 at aol.com (Thomas Donnelly) Date: Tue, 07 Jul 2009 09:29:12 -0500 Subject: [rancid] Re: DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION In-Reply-To: <4A5359A0.4020808@comcast.net> References: <200907071550.28555.diego.ercolani@ssis.sm> <4A5359A0.4020808@comcast.net> Message-ID: <4A535BB8.7040301@aol.com> Also with FreeBSD remote root logins are not permitted by default so I would have to change that on every one of my servers. -=Tom Sam Munzani wrote: > Diego, > > Many companies don't allow root user for the SSH. So usually its login > as normal user then either "su -" or "sudo su -". I think this script > can be more useful if it considers non root logins. > > My 2 cents. > > Thanks, > Sam >> Hello to all, >> I finished modules for the archive of linux configuration. >> It's a development version so please dear developer support it in the main >> trunk >> >> >> I wrote 2 modules: >> llogin >> lrancid >> >> >> ---------- LLOGIN -------------------- >> >> >> llogin is based on clogin 2.3.2 script, try to login via ssh and telnet. It >> should login as root. >> >> I did many modification to the clogin script, and I suppose a better check and >> better diagnostic look. >> >> The point of view I started from is that linux normally stores configurations >> as files in the filesystem, every distribution use its own directory structure >> and often, an entire backup of /etc directory is too redundant so I added a >> new configuration parameter in the .cloginrc and a new "MetaCommand" that is >> BackupFiles that is runned by llogin script using .cloginrc files to feed it. >> >> >> The new parameter in the .cloginrc is "backupfile", so you need to add for >> your linux machines at least a line in the .cloginrc file in the clogin >> syntax: >> >> add backupfile [path/filename] ... >> >> if you want you can of course add new files in a new line; this is the reason >> why I modified the clogin "add" procedure to feed correctly the >> int_backupfiles global variable the llogin script is using. >> >> I wrote a new procedure that is send_debug that, when called with a string as >> parameter, prints a gren "Debug:" followed by the string, if debug is on. >> (this of course is to increment visibility of check strings along the expect >> debug stream. >> >> --------- LRANCID --------- >> lrancid is a modified version of rancid 2.3.2 that calls llogin with the >> BackupFiles metacommand as command argument. >> It have some hack to optimize the output of the llogin script, but is more or >> less very similar to the rancid script >> >> ----------- rancid-fe ----------------- >> I of course modified the rancid-fe script to manage a new device category that >> is "linux". >> I'm attaching it to complete the contribution. >> >> ----------- sample .cloginrc ---------------------- >> here is my cloginrc file part that is regarded to the linux machine: >> >> >>>>>>>>>>>>>> CUT >>>>>>>>>>>>>> >>>>>>>>>>>>>> >> add method linux.machine.domain ssh rlogin >> add user linux.machine.domain root >> add password linux.machine.domain thepassword thepassword >> add autoenable linux.machine.domain 1 >> add backupfile linux.machine.domain /etc/issue >> add backupfile linux.machine.domain /etc/network/interfaces >> #add backupfile linux.machine.domain /etc/network/interfaces >> <<<<<<<<<<<<<< CUT <<<<<<<<<<<<<<<< >> >> Hope this would help many of you >> Diego Ercolani >> >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From diego.ercolani at ssis.sm Tue Jul 7 14:36:30 2009 From: diego.ercolani at ssis.sm (Diego Ercolani) Date: Tue, 7 Jul 2009 16:36:30 +0200 Subject: [rancid] Re: DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION In-Reply-To: <4A5359A0.4020808@comcast.net> References: <200907071550.28555.diego.ercolani@ssis.sm> <4A5359A0.4020808@comcast.net> Message-ID: <200907071636.30239.diego.ercolani@ssis.sm> I did it already..... but I haven't tested it uses the login password for the user you specify in the "user" parameter it uses the "enable" password as the root password (the second password in the "password" parameter). Please verify and correct the script if something is going wrong Diego In data marted? 07 luglio 2009 16:20:16, Sam Munzani ha scritto: : > Diego, > > Many companies don't allow root user for the SSH. So usually its login > as normal user then either "su -" or "sudo su -". I think this script > can be more useful if it considers non root logins. > > My 2 cents. > > Thanks, > Sam > > > ----------- sample .cloginrc ---------------------- > > >> [...] > > here is my cloginrc file part that is regarded to the linux machine: > >>>>>>>>>>>>> CUT >>>>>>>>>>>>>> > > > > add method linux.machine.domain ssh rlogin > > add user linux.machine.domain root > > add password linux.machine.domain thepassword thepassword > > add autoenable linux.machine.domain 1 > > add backupfile linux.machine.domain /etc/issue > > add backupfile linux.machine.domain /etc/network/interfaces > > #add backupfile linux.machine.domain /etc/network/interfaces > > <<<<<<<<<<<<<< CUT <<<<<<<<<<<<<<<< > > > > Hope this would help many of you > > Diego Ercolani > > From diego.ercolani at ssis.sm Tue Jul 7 14:38:11 2009 From: diego.ercolani at ssis.sm (Diego Ercolani) Date: Tue, 7 Jul 2009 16:38:11 +0200 Subject: [rancid] Re: DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION In-Reply-To: <4A535BB8.7040301@aol.com> References: <200907071550.28555.diego.ercolani@ssis.sm> <4A5359A0.4020808@comcast.net> <4A535BB8.7040301@aol.com> Message-ID: <200907071638.11735.diego.ercolani@ssis.sm> ....and of course.... it should work also with FreeBSD.... Diego In data marted? 07 luglio 2009 16:29:12, Thomas Donnelly ha scritto: > Also with FreeBSD remote root logins are not permitted by default so I > would have to change that on every one of my servers. > > -=Tom > > Sam Munzani wrote: > > Diego, > > > > Many companies don't allow root user for the SSH. So usually its login > > as normal user then either "su -" or "sudo su -". I think this script > > can be more useful if it considers non root logins. > > > > My 2 cents. > > > > Thanks, > > Sam From mwlucas at blackhelicopters.org Tue Jul 7 14:40:46 2009 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Tue, 7 Jul 2009 10:40:46 -0400 Subject: [rancid] Re: DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION In-Reply-To: <200907071638.11735.diego.ercolani@ssis.sm> References: <200907071550.28555.diego.ercolani@ssis.sm> <4A5359A0.4020808@comcast.net> <4A535BB8.7040301@aol.com> <200907071638.11735.diego.ercolani@ssis.sm> Message-ID: <20090707144046.GA10456@bewilderbeast.blackhelicopters.org> FreeBSD's base config would be fairly easy: /etc/rc.conf. The problem would be the configuration of all the secondary daemons: ntpd, sendmail, etc. To do this properly, you're probably better off using a real system configuration tool. RANCID is absolutely awesome at what it does, but trying to extend it to accomodate one of my highly customized FreeBSD boxes would be extremely difficult. On Tue, Jul 07, 2009 at 04:38:11PM +0200, Diego Ercolani wrote: > ....and of course.... it should work also with FreeBSD.... > Diego > > In data marted? 07 luglio 2009 16:29:12, Thomas Donnelly ha scritto: > > Also with FreeBSD remote root logins are not permitted by default so I > > would have to change that on every one of my servers. > > > > -=Tom > > > > Sam Munzani wrote: > > > Diego, > > > > > > Many companies don't allow root user for the SSH. So usually its login > > > as normal user then either "su -" or "sudo su -". I think this script > > > can be more useful if it considers non root logins. > > > > > > My 2 cents. > > > > > > Thanks, > > > Sam > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Michael W. Lucas mwlucas at BlackHelicopters.org http://www.MichaelWLucas.com/ Latest book: Cisco Routers for the Desperate, 2nd Edition http://www.CiscoRoutersForTheDesperate.com/ From tad1214 at aol.com Tue Jul 7 14:44:38 2009 From: tad1214 at aol.com (Thomas Donnelly) Date: Tue, 07 Jul 2009 09:44:38 -0500 Subject: [rancid] Re: DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION In-Reply-To: <20090707144046.GA10456@bewilderbeast.blackhelicopters.org> References: <200907071550.28555.diego.ercolani@ssis.sm> <4A5359A0.4020808@comcast.net> <4A535BB8.7040301@aol.com> <200907071638.11735.diego.ercolani@ssis.sm> <20090707144046.GA10456@bewilderbeast.blackhelicopters.org> Message-ID: <4A535F56.5090308@aol.com> Maybe a way to pass the locations of the configs for each box individually? The RANCID interface is nice and I wouldnt mind making a list of each file to be backed up for each box, as most of it would be copy paste. Also if you do everything from ports (like a good little UNIX user) all your configs should be in /etc and /usr/local/etc, backing up anything.conf in all those directories would cover 99% of the applications out there. -=Tom Michael W. Lucas wrote: > FreeBSD's base config would be fairly easy: /etc/rc.conf. > > The problem would be the configuration of all the secondary daemons: > ntpd, sendmail, etc. > > To do this properly, you're probably better off using a real system > configuration tool. RANCID is absolutely awesome at what it does, but > trying to extend it to accomodate one of my highly customized FreeBSD > boxes would be extremely difficult. > > On Tue, Jul 07, 2009 at 04:38:11PM +0200, Diego Ercolani wrote: > >> ....and of course.... it should work also with FreeBSD.... >> Diego >> >> In data marted? 07 luglio 2009 16:29:12, Thomas Donnelly ha scritto: >> >>> Also with FreeBSD remote root logins are not permitted by default so I >>> would have to change that on every one of my servers. >>> >>> -=Tom >>> >>> Sam Munzani wrote: >>> >>>> Diego, >>>> >>>> Many companies don't allow root user for the SSH. So usually its login >>>> as normal user then either "su -" or "sudo su -". I think this script >>>> can be more useful if it considers non root logins. >>>> >>>> My 2 cents. >>>> >>>> Thanks, >>>> Sam >>>> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > From rwest at zyedge.com Tue Jul 7 14:51:10 2009 From: rwest at zyedge.com (Ryan West) Date: Tue, 7 Jul 2009 10:51:10 -0400 Subject: [rancid] Re: DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION In-Reply-To: <4A535F56.5090308@aol.com> References: <200907071550.28555.diego.ercolani@ssis.sm> <4A5359A0.4020808@comcast.net> <4A535BB8.7040301@aol.com> <200907071638.11735.diego.ercolani@ssis.sm> <20090707144046.GA10456@bewilderbeast.blackhelicopters.org> <4A535F56.5090308@aol.com> Message-ID: <6E21B2BDEF6E714EA0B5BA8D5D0E140124835C5D9A@zy-ex1.zyedge.local> Backuppc does a really good job of this BTW. It uses RSYNC, performs basic file level de-duplication and will allow to restore to any version from their interface. It's free and pretty much designed for *NIX boxes already. This is listed as their main feature: A clever pooling scheme minimizes disk storage and disk I/O. Identical files across multiple backups of the same or different PCs are stored only once resulting in substantial savings in disk storage and disk I/O. http://backuppc.sourceforge.net/info.html -ryan -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Thomas Donnelly Sent: Tuesday, July 07, 2009 10:45 AM To: Michael W. Lucas Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION Maybe a way to pass the locations of the configs for each box individually? The RANCID interface is nice and I wouldnt mind making a list of each file to be backed up for each box, as most of it would be copy paste. Also if you do everything from ports (like a good little UNIX user) all your configs should be in /etc and /usr/local/etc, backing up anything.conf in all those directories would cover 99% of the applications out there. -=Tom Michael W. Lucas wrote: > FreeBSD's base config would be fairly easy: /etc/rc.conf. > > The problem would be the configuration of all the secondary daemons: > ntpd, sendmail, etc. > > To do this properly, you're probably better off using a real system > configuration tool. RANCID is absolutely awesome at what it does, but > trying to extend it to accomodate one of my highly customized FreeBSD > boxes would be extremely difficult. > > On Tue, Jul 07, 2009 at 04:38:11PM +0200, Diego Ercolani wrote: > >> ....and of course.... it should work also with FreeBSD.... >> Diego >> >> In data marted? 07 luglio 2009 16:29:12, Thomas Donnelly ha scritto: >> >>> Also with FreeBSD remote root logins are not permitted by default so I >>> would have to change that on every one of my servers. >>> >>> -=Tom >>> >>> Sam Munzani wrote: >>> >>>> Diego, >>>> >>>> Many companies don't allow root user for the SSH. So usually its login >>>> as normal user then either "su -" or "sudo su -". I think this script >>>> can be more useful if it considers non root logins. >>>> >>>> My 2 cents. >>>> >>>> Thanks, >>>> Sam >>>> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Atif.SIDDIQUI at HydroOne.com Tue Jul 7 16:07:27 2009 From: Atif.SIDDIQUI at HydroOne.com (Atif.SIDDIQUI at HydroOne.com) Date: Tue, 7 Jul 2009 12:07:27 -0400 Subject: [rancid] Re: RANCID and CVS our of sync In-Reply-To: <41BBAE5132ABA54BB2BA8716254F03D601AFC587@1104MILPEV.corp.hydroone.com> References: <6E21B2BDEF6E714EA0B5BA8D5D0E140124835C5BF1@zy-ex1.zyedge.local> <41BBAE5132ABA54BB2BA8716254F03D601AFC587@1104MILPEV.corp.hydroone.com> Message-ID: <41BBAE5132ABA54BB2BA8716254F03D601AFC7DD@1104MILPEV.corp.hydroone.com> Just reconfigured the router.db file and it is working fine. Not sure what was the issue. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of SIDDIQUI Atif Sent: Tuesday, July 07, 2009 7:48 AM To: rancid-discuss at shrubbery.net Subject: [rancid] RANCID and CVS our of sync We have RANCID showing files being updated but CVS is not getting updates in the CVS folder just for 1 network, other 2 network folders are ok. How to fix this issue ? _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Tue Jul 7 16:45:04 2009 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 7 Jul 2009 09:45:04 -0700 Subject: [rancid] Re: DONE: Implementation of the (generic) linux configuration backup-versioning DEVELOPMENT VERSION In-Reply-To: <6E21B2BDEF6E714EA0B5BA8D5D0E140124835C5D9A@zy-ex1.zyedge.local> References: <200907071550.28555.diego.ercolani@ssis.sm> <4A5359A0.4020808@comcast.net> <4A535BB8.7040301@aol.com> <200907071638.11735.diego.ercolani@ssis.sm> <20090707144046.GA10456@bewilderbeast.blackhelicopters.org> <4A535F56.5090308@aol.com> <6E21B2BDEF6E714EA0B5BA8D5D0E140124835C5D9A@zy-ex1.zyedge.local> Message-ID: <8423e7bb0907070945p3569d5e8r7db78cec45331727@mail.gmail.com> This sounds like a very nice tool but unless I missed something I don't see that it uses SVN/CVS to show the different revisions. That is scary considering that it might overwrite a good file with a bad file should someone change something. On Tue, Jul 7, 2009 at 7:51 AM, Ryan West wrote: > Backuppc does a really good job of this BTW. It uses RSYNC, performs basic > file level de-duplication and will allow to restore to any version from > their interface. It's free and pretty much designed for *NIX boxes already. > > This is listed as their main feature: > > A clever pooling scheme minimizes disk storage and disk I/O. Identical > files across multiple backups of the same or different PCs are stored only > once resulting in substantial savings in disk storage and disk I/O. > > http://backuppc.sourceforge.net/info.html > > -ryan > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] On Behalf Of Thomas Donnelly > Sent: Tuesday, July 07, 2009 10:45 AM > To: Michael W. Lucas > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: DONE: Implementation of the (generic) linux > configuration backup-versioning DEVELOPMENT VERSION > > Maybe a way to pass the locations of the configs for each box > individually? The RANCID interface is nice and I wouldnt mind making a > list of each file to be backed up for each box, as most of it would be > copy paste. Also if you do everything from ports (like a good little > UNIX user) all your configs should be in /etc and /usr/local/etc, > backing up anything.conf in all those directories would cover 99% of the > applications out there. > > -=Tom > > Michael W. Lucas wrote: > > FreeBSD's base config would be fairly easy: /etc/rc.conf. > > > > The problem would be the configuration of all the secondary daemons: > > ntpd, sendmail, etc. > > > > To do this properly, you're probably better off using a real system > > configuration tool. RANCID is absolutely awesome at what it does, but > > trying to extend it to accomodate one of my highly customized FreeBSD > > boxes would be extremely difficult. > > > > On Tue, Jul 07, 2009 at 04:38:11PM +0200, Diego Ercolani wrote: > > > >> ....and of course.... it should work also with FreeBSD.... > >> Diego > >> > >> In data marted? 07 luglio 2009 16:29:12, Thomas Donnelly ha scritto: > >> > >>> Also with FreeBSD remote root logins are not permitted by default so I > >>> would have to change that on every one of my servers. > >>> > >>> -=Tom > >>> > >>> Sam Munzani wrote: > >>> > >>>> Diego, > >>>> > >>>> Many companies don't allow root user for the SSH. So usually its login > >>>> as normal user then either "su -" or "sudo su -". I think this script > >>>> can be more useful if it considers non root logins. > >>>> > >>>> My 2 cents. > >>>> > >>>> Thanks, > >>>> Sam > >>>> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090707/3b18c307/attachment.html From satz.sm at gmail.com Tue Jul 7 19:17:10 2009 From: satz.sm at gmail.com (Satyam Mathura) Date: Tue, 7 Jul 2009 15:17:10 -0400 Subject: [rancid] Cisco 3550 - Vlan DB Message-ID: <7ea146250907071217t383e106bg2863803134484f8c@mail.gmail.com> Guys, I've noticed that Rancid is not pulling the vlan database from my cisco 3550's but does so for my 3750's and 7600's. Vlan configuration is not done by the old vlan database commands on the 3550. No errors in logs. Any ideas??? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090707/fbb3b355/attachment.html From diego.ercolani at ssis.sm Wed Jul 8 07:12:43 2009 From: diego.ercolani at ssis.sm (Diego Ercolani) Date: Wed, 8 Jul 2009 09:12:43 +0200 Subject: [rancid] Re: Cisco 3550 - Vlan DB In-Reply-To: <7ea146250907071217t383e106bg2863803134484f8c@mail.gmail.com> References: <7ea146250907071217t383e106bg2863803134484f8c@mail.gmail.com> Message-ID: <200907080912.43442.diego.ercolani@ssis.sm> Why don't you post the commands to get the missed configurations from your device, and a sort of recipe to understand that what rancid is telnet to is a 3550? In data marted? 07 luglio 2009 21:17:10, Satyam Mathura ha scritto: : > Guys, > I've noticed that Rancid is not pulling the vlan database from my cisco > 3550's but does so for my 3750's and 7600's. Vlan configuration is not done > by the old vlan database commands on the 3550. No errors in logs. Any > ideas??? From Keith.Calligan at ptgcorp.com Wed Jul 8 15:20:48 2009 From: Keith.Calligan at ptgcorp.com (Keith Calligan) Date: Wed, 8 Jul 2009 11:20:48 -0400 Subject: [rancid] Custom Device Login File (mrvlogin) Message-ID: <0F7A1ECA510FCF4BA876AB43D9BC3A1847CA69@PTGEXCHANGE01.ptg-domain.com> Hi, I'm trying to modify the existing mrvlogin script to work with MRV terminal server devices. It appears that this (original) script and mrvrancid may have been written for another device by the same manufacturer. I've made some progress, but am having issues saving any output and exiting completely. I'm issuing the following command ./mrvlogin -d -t 90 -c "show version" $devicename Here is some debug information. I'm showing the last line of the "show version" and the parts that are failing. The prompt for these devices is set to "InReach:0 >". The exit is getting sent, but I'm seeing lots of empty lines trying to be matched (""). Please note that I replaced the real hostname with $device in this debug output. expect: set expect_out(buffer) " Software Version (Flash): Software Version (Flash): 3.9.0 Ppciboot Version: 3.9.0 InReach:0 >} expect: does "" (spawn_id exp6) match regular expression "^[^\n\r *]*InReach:0 ([^#>\r\n]+)?>(\([^)\r\n]+\))?"? no "[\n\r]+"? no exit expect: does "exit" (spawn_id exp6) match regular expression "^[^\n\r *]*InReach:0 ([^#>\r\n]+)?>(\([^)\r\n]+\))?"? no "[\n\r]+"? no Disconnected expect: does "exit\u001b[H\u001b[2J\r\nDisconnected\r\n" (spawn_id exp6) match regular expression "^[^\n\r *]*InReach:0 ([^#>\r\n]+)?>(\([^)\r\n]+\))?"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "exit\u001b[H\u001b[2J\r\n" expect: continuing expect expect: does "Disconnected\r\n" (spawn_id exp6) match regular expression "^[^\n\r *]*InReach:0 ([^#>\r\n]+)?>(\([^)\r\n]+\))?"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Disconnected\r\n" expect: continuing expect expect: does "" (spawn_id exp6) match regular expression "^[^\n\r *]*InReach:0 ([^#>\r\n]+)?>(\([^)\r\n]+\))?"? no "[\n\r]+"? no Connection to nmd-mgmt-jfk-tsrv1 closed. expect: does "Connection to $device \r\r\n" (spawn_id exp6) match regular expression "^[^\n\r *]*InReach:0 ([^#>\r\n]+)?>(\([^)\r\n]+\))?"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Connection to nmd-mgmt-jfk-tsrv1 closed.\r\r\n" expect: continuing expect expect: does "" (spawn_id exp6) match regular expression "^[^\n\r *]*InReach:0 ([^#>\r\n]+)?>(\([^)\r\n]+\))?"? no "[\n\r]+"? no expect: read eof expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "" write() failed to write anything - will sleep(1) and retry... I'm still new to using Rancid so please bear with me. If you need me to send my mrvlogin script, I can do that as well. I think I'm pretty close to getting it working but not sure what I'm missing. Thanks, Keith Calligan keith.calligan at ptgcorp.com --------------------------------------------- This e-mail, along with any documents, files or attachments, is confidential and may contain legally privileged information, and is intended only for the use of the recipient(s) on the distribution. If you are not the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of any information contained in or attached to this communication is strictly prohibited; instructed to immediately notify the sender by return email or by a phone call to the sender; and required to delete this message from your computer and network. Note: e-mails are susceptible to corruption, interception and unauthorized amendment; we do not accept liability for any such changes, or for their consequences. We reserve the right to monitor all e-mails and their content. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090708/0bfc381a/attachment.html From heas at shrubbery.net Wed Jul 8 17:44:15 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 8 Jul 2009 10:44:15 -0700 Subject: [rancid] Re: Custom Device Login File (mrvlogin) In-Reply-To: <0F7A1ECA510FCF4BA876AB43D9BC3A1847CA69@PTGEXCHANGE01.ptg-domain.com> References: <0F7A1ECA510FCF4BA876AB43D9BC3A1847CA69@PTGEXCHANGE01.ptg-domain.com> Message-ID: <20090708174415.GM1443@shrubbery.net> > expect: does "" (spawn_id exp6) match regular expression "^[^\n\r > *]*InReach:0 ([^#>\r\n]+)?>(\([^)\r\n]+\))?"? no > > "[\n\r]+"? no > > expect: read eof > > expect: set expect_out(spawn_id) "exp6" > > expect: set expect_out(buffer) "" > > write() failed to write anything - will sleep(1) and retry... > you've tried to write to a dead/closed pty. From heas at shrubbery.net Wed Jul 8 22:46:19 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 8 Jul 2009 15:46:19 -0700 Subject: [rancid] Re: Cisco 3550 - Vlan DB In-Reply-To: <7ea146250907071217t383e106bg2863803134484f8c@mail.gmail.com> References: <7ea146250907071217t383e106bg2863803134484f8c@mail.gmail.com> Message-ID: <20090708224619.GY1443@shrubbery.net> Tue, Jul 07, 2009 at 03:17:10PM -0400, Satyam Mathura: > Guys, > I've noticed that Rancid is not pulling the vlan database from my cisco > 3550's but does so for my 3750's and 7600's. Vlan configuration is not done > by the old vlan database commands on the 3550. No errors in logs. Any > ideas??? its not collected because its in that vlan-edit-command mode, which doesnt really work with clogin, in particular for devices that do not have the vlan database. afaik, unless you get kinky with your vlan config, there is no essential information there that can't be recreated with info from the IOS running config, assuming that your IOS verions is < ~5 years old. From satz.sm at gmail.com Thu Jul 9 17:25:38 2009 From: satz.sm at gmail.com (Satyam Mathura) Date: Thu, 9 Jul 2009 13:25:38 -0400 Subject: [rancid] Re: Cisco 3550 - Vlan DB In-Reply-To: <20090708224619.GY1443@shrubbery.net> References: <7ea146250907071217t383e106bg2863803134484f8c@mail.gmail.com> <20090708224619.GY1443@shrubbery.net> Message-ID: <7ea146250907091025i20da7764iad69de5c325fcac9@mail.gmail.com> Guys, IOS currently in use on my 3550's is c3550-ipservicesk9-mz.122-50.SE1.bin. Vlan configurations are all done using config terminal and are NOT done using the old vlan database mode. As far as i can tell no commands via clogin are being missed when run against the 3550. On Wed, Jul 8, 2009 at 6:46 PM, john heasley wrote: > Tue, Jul 07, 2009 at 03:17:10PM -0400, Satyam Mathura: > > Guys, > > I've noticed that Rancid is not pulling the vlan database from my cisco > > 3550's but does so for my 3750's and 7600's. Vlan configuration is not > done > > by the old vlan database commands on the 3550. No errors in logs. Any > > ideas??? > > its not collected because its in that vlan-edit-command mode, which doesnt > really work with clogin, in particular for devices that do not have the > vlan database. > > afaik, unless you get kinky with your vlan config, there is no essential > information there that can't be recreated with info from the IOS running > config, assuming that your IOS verions is < ~5 years old. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090709/875a2ca7/attachment.html From jlewis at lewis.org Thu Jul 9 19:38:18 2009 From: jlewis at lewis.org (Jon Lewis) Date: Thu, 9 Jul 2009 15:38:18 -0400 (EDT) Subject: [rancid] Re: Cisco 3550 - Vlan DB In-Reply-To: <20090708224619.GY1443@shrubbery.net> References: <7ea146250907071217t383e106bg2863803134484f8c@mail.gmail.com> <20090708224619.GY1443@shrubbery.net> Message-ID: On Wed, 8 Jul 2009, john heasley wrote: > its not collected because its in that vlan-edit-command mode, which doesnt > really work with clogin, in particular for devices that do not have the > vlan database. I don't know if this makes a difference, but we're running 3550s with 12.1 code and using VTP. VLANs are configured via the "vlan database" interface at the CLI...not in config mode. Rancid has no problem picking up our VLAN database (numbers, names). I know the OP was running newer IOS, and don't know if he's using VTP. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From satz.sm at gmail.com Thu Jul 9 20:39:21 2009 From: satz.sm at gmail.com (Satyam Mathura) Date: Thu, 9 Jul 2009 16:39:21 -0400 Subject: [rancid] Re: Cisco 3550 - Vlan DB In-Reply-To: References: <7ea146250907071217t383e106bg2863803134484f8c@mail.gmail.com> <20090708224619.GY1443@shrubbery.net> Message-ID: <7ea146250907091339y40cb26a9r8f222c9efb3f7f8d@mail.gmail.com> Guys i've found a solution. Rancid does a version check before running Sh Vlan. If the version returned is 3550 then it returns an error and does not execute sh vlan. Edit /usr/bin/rancid comment out the following line in the ShowVLAN subroutine # return(1) if ($type =~ /^(3550|4500)$/); Vlan database information is now correctly returned for my 3550s On Thu, Jul 9, 2009 at 3:38 PM, Jon Lewis wrote: > On Wed, 8 Jul 2009, john heasley wrote: > > its not collected because its in that vlan-edit-command mode, which doesnt >> really work with clogin, in particular for devices that do not have the >> vlan database. >> > > I don't know if this makes a difference, but we're running 3550s with 12.1 > code and using VTP. VLANs are configured via the "vlan database" interface > at the CLI...not in config mode. Rancid has no problem picking up our VLAN > database (numbers, names). > > I know the OP was running newer IOS, and don't know if he's using VTP. > > ---------------------------------------------------------------------- > Jon Lewis | I route > Senior Network Engineer | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgpfor PGP public key_________ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090709/4d25643c/attachment.html From jlewis at lewis.org Thu Jul 9 21:07:44 2009 From: jlewis at lewis.org (Jon Lewis) Date: Thu, 9 Jul 2009 17:07:44 -0400 (EDT) Subject: [rancid] Re: Cisco 3550 - Vlan DB In-Reply-To: <7ea146250907091339y40cb26a9r8f222c9efb3f7f8d@mail.gmail.com> References: <7ea146250907071217t383e106bg2863803134484f8c@mail.gmail.com> <20090708224619.GY1443@shrubbery.net> <7ea146250907091339y40cb26a9r8f222c9efb3f7f8d@mail.gmail.com> Message-ID: On Thu, 9 Jul 2009, Satyam Mathura wrote: > Guys i've found a solution. > Rancid does a version check before running Sh Vlan. If the version returned > is 3550 then it returns an error and does not execute sh vlan. > > Edit /usr/bin/rancid > comment out the following line in the ShowVLAN subroutine > # return(1) if ($type =~ /^(3550|4500)$/); Ah...I'm also running an older RANCID release, but the similar line in our ShowVLAN was commented out. I must have run into similar trouble years ago and forgotten about it. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From youssef at 720.fr Fri Jul 10 12:33:37 2009 From: youssef at 720.fr (Youssef Bengelloun-Zahr) Date: Fri, 10 Jul 2009 14:33:37 +0200 Subject: [rancid] Rancid refusing to collect configuration from two LNS Message-ID: Hello all, I have been using rancd for quite some time now and it's a real good soft, very useful and handy. But I have been encoutering a strange problem for some days now. I'm using it to collect configs from routers (Cisco), switchs (Cisco) and firewalls (juniper) and it's working great exept for two Cisco 7204 LNS. Here is what the logs say : lns3.ix1 clogin error: Error: Couldn't login: lns3.ix1 lns3.ix1: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all se c-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,sho w controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: lns3.ix1: End of run not found!lns4.ix1 clogin error: Error: Couldn't login: lns4.ix1lns4.ix1: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all se c-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,sho w controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: lns4.ix1: End of run not found! I have tried to debug this using the FAQ available on the web site but nothing. The weirdest thing is that : - rancid is able to login to this devices when I launch manually the clogin script. - It's also able to display the configuration when using the *clogin -c 'show version; show diag' cisco_router.* - It is still working great with other identical equipments (identical hardware and software). Here is the output of a rancid script run manually : rancid at sup0:/home/rancid$ /home/rancid/bin/rancid -d lns3 executing clogin -t 90 -c"admin show version;show version;show redundancy secondary;show idprom backplane;show install active;admin show env all;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;admin show variables boot;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show diag;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;show running-config;write term" lns3 sh: clogin: not found lns3: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: lns3: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: lns3: End of run not found lns3: End of run not found ! Any ideas ?!? Thanks you rancid community. Regards. -- Youssef BENGELLOUN-ZAHR ?????????????????? Ing?nieur R?seaux et T?l?coms Technopole de l'Aube en Champagne - BP 601 - 10901 TROYES Cedex 9 Agence Paris : 6, rue Charles Floquet - 92120 MONTROUGE Tel +33 (0) 825 000 720 Tel. direct +33 (0) 1 77 35 59 14 Tel. portable +33 (0) 6 22 42 63 80 Email ybz at 720.fr ??????????????????????????????.....www.720.fr -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090710/6cb907c8/attachment.html From matthew at walster.org Fri Jul 10 13:46:42 2009 From: matthew at walster.org (Matthew Walster) Date: Fri, 10 Jul 2009 14:46:42 +0100 Subject: [rancid] mrvrancid uptime parsing Message-ID: I've recently decided to start monitoring the configurations on our MRV kit, and there is a line in "show version" that is annoying me: !Image: up 37 days 20:19, 2 users Obviously, it keeps changing, so I gets alerts every time RANCID runs. I've tried changing the command from "show version" to "show version | exclude days" but that isn't working. Does anyone else have any ideas? I'm afraid my perl isn't very good - I was hoping that I would be able to run something like "grep" on the input, but I can't get to grips with the syntax of "ProcessHistory" etc. Has anyone else had a similar desire to get rid of the uptime statements? Matthew Walster -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090710/ba928196/attachment.html From heas at shrubbery.net Tue Jul 14 23:21:46 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 14 Jul 2009 16:21:46 -0700 Subject: [rancid] Re: mrvrancid uptime parsing In-Reply-To: References: <20090714232044.E36FA108695@guelah.shrubbery.net> Message-ID: <20090714232146.GP5112@shrubbery.net> Fri, Jul 10, 2009 at 02:46:42PM +0100, Matthew Walster: I've recently decided to start monitoring the configurations on our MRV kit, and there is a line in "show version" that is annoying me: !Image: up 37 days 20:19, 2 users Obviously, it keeps changing, so I gets alerts every time RANCID runs. I've tried changing the command from "show version" to "show version | exclude days" but that isn't working. Does anyone else have any ideas? I'm afraid my perl isn't very good - I was hoping that I would be able to run something like "grep" on the input, but I can't get to grips with the syntax of "ProcessHistory" etc. Has anyone else had a similar desire to get rid of the uptime statements? Matthew Walster Does this fix it? Index: bin/mrvrancid.in =================================================================== --- bin/mrvrancid.in (revision 2103) +++ bin/mrvrancid.in (working copy) @@ -186,6 +186,7 @@ return(-1) if (/command authorization failed/i); /copyright/i && next; + /^up/ && next; /u-boot/i && ProcessHistory("COMMENTS","keysort","C1", "!ROM: $_") && next; From 2009 at tybox.net Wed Jul 15 16:12:39 2009 From: 2009 at tybox.net (Temporary Mailbox) Date: Wed, 15 Jul 2009 11:12:39 -0500 Subject: [rancid] CVS Checkins for every change Message-ID: <773ce9810907150912nb2487c8mcdfa6f9701a09db1@mail.gmail.com> At my last job, we had a tool that recorded a diff for EVERY change made to a router. The way this was done was a snmp config trap was sent to a trap handler which triggered the tool to log in and collect the config. I'm relatively new to Rancid, and I've got it installed and working, but its run on a cron job. I'm using Juniper routers, which I have the option of scp'ing the config every time there is a change. So, as far as i can tell, I have the option of using a trap handler, or something else that detects the newly copied (via SCP) file. At first, I was interested in doing the SCP method, but I realize now that may be difficult. If I set up a trap handler to run rancid when a config trap comes in, this should work. Instead of running rancid on the many many hosts I have, I'd prefer to run it just on one host. Any idea how how I can run rancid on a single host? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090715/a4462bcc/attachment.html From rancid at ale.cx Wed Jul 15 17:57:05 2009 From: rancid at ale.cx (alex) Date: Wed, 15 Jul 2009 18:57:05 +0100 Subject: [rancid] Re: CVS Checkins for every change In-Reply-To: <773ce9810907150912nb2487c8mcdfa6f9701a09db1@mail.gmail.com> References: <773ce9810907150912nb2487c8mcdfa6f9701a09db1@mail.gmail.com> Message-ID: <200907151857.05934.rancid@ale.cx> On Wednesday 15 July 2009 17:12:39 Temporary Mailbox wrote: > Any idea how how I can run rancid on a single host? rancid-run -r hostname alexd From jethro.binks at strath.ac.uk Wed Jul 15 18:00:39 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed, 15 Jul 2009 19:00:39 +0100 (BST) Subject: [rancid] Re: CVS Checkins for every change In-Reply-To: <773ce9810907150912nb2487c8mcdfa6f9701a09db1@mail.gmail.com> References: <773ce9810907150912nb2487c8mcdfa6f9701a09db1@mail.gmail.com> Message-ID: On Wed, 15 Jul 2009, Temporary Mailbox wrote: > At first, I was interested in doing the SCP method, but I realize now > that may be difficult. If I set up a trap handler to run rancid when a > config trap comes in, this should work. Instead of running rancid on > the many many hosts I have, I'd prefer to run it just on one host. Any > idea how how I can run rancid on a single host? Read about rancid-run. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From giesen at snickers.org Thu Jul 16 20:05:42 2009 From: giesen at snickers.org (Gary T. Giesen) Date: Thu, 16 Jul 2009 16:05:42 -0400 Subject: [rancid] Packing rancid for Fedora Message-ID: <9a9d0c6a0907161305r77da5d7cq4324cf4778ad4e0@mail.gmail.com> I'm in the process of packaging rancid for fedora, and there's concern about namespace conflict for the more generically-named binaries (alogin, clogin, etc) and their associated man pages. I've seen asked to inquire if there's any possibility of renaming those. Thoughts? GG From chammers at netcologne.de Fri Jul 17 09:45:00 2009 From: chammers at netcologne.de (Christian Hammers) Date: Fri, 17 Jul 2009 11:45:00 +0200 Subject: [rancid] New rancid handler for Telco Systems T5C routers Message-ID: <20090717114500.7f93a8ff@sys-251.netcologne.de> Hello I've written a rancid handler for a Telco Systems T5CL3-24T? router that I would like to see included in the rancid package. My script is based on bin/zrancid and differs only in three points: * there is no "end" at the end of a running config * one password line looks different * the last exit command is not echoed I called the script telcorancid in bin/rancid-fe but feel free to rename it to something else: 'telco' => 'telcorancid', bye, -christian- ?: http://www.telco.com/int/index/en/products/prod/9 and similar root at hop:/var/lib/rancid# diff -u bin/zrancid bin/telcorancid --- bin/zrancid 2008-11-15 12:53:52.000000000 +0100 +++ bin/telcorancid 2009-07-17 11:30:05.000000000 +0200 @@ -40,7 +40,9 @@ ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # -# This version of rancid tries to deal with zebra s/w. +# This version of rancid tries to deal with Telco Systems T5C. +# It is based on zrancid but does not look for an "end" at the end of +# the running config and does not echo the last "exit". # # RANCID - Really Awesome New Cisco confIg Differ # @@ -56,7 +58,7 @@ $debug = $opt_d; $file = $opt_f; $host = $ARGV[0]; -$clean_run = 0; +$clean_run = 1; # there is usually no echoed "exit" at the end of a session $found_end = 0; $timeo = 90; # clogin timeout in seconds @@ -215,6 +217,10 @@ ProcessHistory("ENABLE","","","!$1 \n"); next; } + if (/^(password)\s/ && $filter_pwds >= 1) { + ProcessHistory("ENABLE","","","!$1 \n"); + next; + } if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) { if ($filter_pwds == 2) { ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); @@ -327,7 +333,10 @@ return(1); } } - return(0); + # There usually is no "end" at the end of the running config + # But let's assume the output was complete + $found_end = 1; + return(1); } # dummy function -- NETCOLOGNE Gesellschaft f?r Telekommunikation mbH Am Coloneum 9 | 50829 K?ln Tel: 0221 2222-8711 | Fax: 0221 2222-78711 www.netcologne.de Gesch?ftsf?hrer: Werner Hanf Karl-Heinz Zankel HRG 25580, AG K?ln From heas at shrubbery.net Fri Jul 17 19:08:27 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 17 Jul 2009 12:08:27 -0700 Subject: [rancid] Re: Packing rancid for Fedora In-Reply-To: <9a9d0c6a0907161305r77da5d7cq4324cf4778ad4e0@mail.gmail.com> References: <9a9d0c6a0907161305r77da5d7cq4324cf4778ad4e0@mail.gmail.com> Message-ID: <20090717190827.GH6143@shrubbery.net> Thu, Jul 16, 2009 at 04:05:42PM -0400, Gary T. Giesen: > I'm in the process of packaging rancid for fedora, and there's concern > about namespace conflict for the more generically-named binaries > (alogin, clogin, etc) and their associated man pages. I've seen asked > to inquire if there's any possibility of renaming those. > > Thoughts? We don't feel this is an issue; a conscientious effort has been made to avoid conflicts like afslogin, rlogin, etc. From hardenrm at illinois.edu Tue Jul 21 20:00:18 2009 From: hardenrm at illinois.edu (Ryan Harden) Date: Tue, 21 Jul 2009 15:00:18 -0500 Subject: [rancid] Diffs for custom commit remarks In-Reply-To: <20090717190827.GH6143@shrubbery.net> References: <9a9d0c6a0907161305r77da5d7cq4324cf4778ad4e0@mail.gmail.com> <20090717190827.GH6143@shrubbery.net> Message-ID: <4A661E52.7030702@illinois.edu> I needed a way to add a custom commit remark instead of the stock hard coded version. I made a few tweaks to the rancid-run and control_rancid scripts to make this work for me. I thought some of you might like this as well. The only shortcoming of this is that the remark is limited to a single 'word' with no whitespace. As in "Thisismyremark" not "This is my remark". This is probably easily fixed I just didn't bother as it wasn't needed for my application. Diffs attached. Of course all normal disclaimers apply. I can't be held responsible if my diffs break your routers and switches. :) /Ryan -- Ryan M. Harden, BS, KC9IHX Office: 217-265-5192 CITES - Network Engineering Cell: 630-363-0365 2130 Digital Computer Lab Fax: 217-244-7089 1304 W. Springfield email: hardenrm at illinois.edu Urbana, IL 61801 University of Illinois - Urbana/Champaign University of Illinois - ICCN -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: control_rancid.diff Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090721/c7065a31/attachment.ksh -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: rancid-run.diff Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090721/c7065a31/attachment-0001.ksh -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090721/c7065a31/attachment.bin From giesen at snickers.org Tue Jul 21 20:56:37 2009 From: giesen at snickers.org (Gary T. Giesen) Date: Tue, 21 Jul 2009 16:56:37 -0400 Subject: [rancid] Re: Rancid and Syslog-ng In-Reply-To: <7ea146250906021514g74c10c8p79dc1307108adfa6@mail.gmail.com> References: <7ea146250906021514g74c10c8p79dc1307108adfa6@mail.gmail.com> Message-ID: <9a9d0c6a0907211356jef89d41sf6d6c50a7046fff1@mail.gmail.com> Another option I use is snmptt. There's an SNMP trap an IOS router can send upon config change, and I use snmptt to run rancid against that host when it receives such a trap. GG On 6/2/09, Satyam Mathura wrote: > Guys, > Has anyone ever been successful with setting up rancid and syslog-ng so that > whenever a config change is written to memory, syslog-ng calls the rancid > executable for that host only? > Basically we're looking to have rancid query a device only when that > device's configuration has been modified. > From giesen at snickers.org Tue Jul 21 21:01:50 2009 From: giesen at snickers.org (Gary T. Giesen) Date: Tue, 21 Jul 2009 17:01:50 -0400 Subject: [rancid] Re: rancid with Cisco ASA 5520 in Multiple Context Mode In-Reply-To: <14D53AD54F557A46A13248ABC37055CE04246866@AKLEX020.corp.ad.airnz.co.nz> References: <49efb524.0609c00a.36c5.ffff9244@mx.google.com> <49F0732E.3030601@spacething.org> <14D53AD54F557A46A13248ABC37055CE04246866@AKLEX020.corp.ad.airnz.co.nz> Message-ID: <9a9d0c6a0907211401y6666b9b9n1450a1828b168522@mail.gmail.com> This might be a good application for the usercmd patch. If you search through the archives you'll find it. Then treat each context as a separate device, and use the admin context as the passthrough device. GG On 4/23/09, Danielson, Graeme wrote: > I think the context configs are stored in the flash: of system and from > memory are displayable with more(?). Remember though that they are the > startup configs not the running configs. > So if you are confident that all your contexts are saved then > potentially all necessary config info is available from system? > > -- Graeme Danielson > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Bob Brunette > Sent: Friday, 24 April 2009 2:02 a.m. > To: Sam Stickland > Cc: Carlo; rancid-discuss at shrubbery.net > Subject: [rancid] Re: rancid with Cisco ASA 5520 in Multiple Context > Mode > > Sam, you're not missing any magic command. > > The system context contains the physical interface configurations as > well as the context configurations, which include the interface and > resource allocations for each context. All of this is critical > information if you need to rebuild a multi-context ASA configuration > from scratch after a hardware failure, say. > > Bob > > -----Original Message----- > From: Sam Stickland [mailto:sam_mailinglists at spacething.org] > Sent: Thursday, April 23, 2009 8:55 AM > To: Bob Brunette > Cc: Carlo; 'Peter Serwe'; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: rancid with Cisco ASA 5520 in Multiple Context > Mode > > Bob Brunette wrote: >> Sadly, there is no way to login to the system execution space, and > that's where the "master" config is that defines all of the > contexts--you must get to it by issuing a "changeto system" command from > the admin context > Really? My system context just shows the context allocations, but not > the context config. Is there a magic command I'm missing? > > Sam > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > Good planets are hard to find - please think of the environment before you > print this email. > ____________________________________________________________________ > CAUTION - This message may contain privileged and confidential > information intended only for the use of the addressee named above. > If you are not the intended recipient of this message you are hereby > notified that any use, dissemination, distribution or reproduction > of this message is prohibited. If you have received this message in > error please notify Air New Zealand immediately. Any views expressed > in this message are those of the individual sender and may not > necessarily reflect the views of Air New Zealand. > _____________________________________________________________________ > For more information on the Air New Zealand Group, visit us online > at http://www.airnewzealand.com > _____________________________________________________________________ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From Federico.Meli at GlobalCrossing.com Tue Jul 21 21:19:19 2009 From: Federico.Meli at GlobalCrossing.com (Meli, Federico) Date: Tue, 21 Jul 2009 18:19:19 -0300 Subject: [rancid] Re: Rancid and Syslog-ng In-Reply-To: <9a9d0c6a0907211356jef89d41sf6d6c50a7046fff1@mail.gmail.com> References: <7ea146250906021514g74c10c8p79dc1307108adfa6@mail.gmail.com> <9a9d0c6a0907211356jef89d41sf6d6c50a7046fff1@mail.gmail.com> Message-ID: <664F471D69849C499D350F2B85BAB83B128B97A1CA@EVS15.lat.gblxint.com> Hello everyone; I implemented the solution with the following syslog-ng modification and a script in perl. When the syslog receive a change configuration trap trigger the script. You should adapt it to your specific system. In this case the syslog translate the IP add from the hosts/DNS and I use that name. also I put the script in the log directory to avoid permit issues. Hopefully It will work for you. Syslog.conf: source net { udp(); }; filter f_change{ match("SYS-5-CONFIG_I: Configured"); }; destination df_change { program("perl /var/log/rancid.pl" template("$HOST\n") ); }; log { source(net); filter(f_change); destination(df_change); }; Regards Federico Meli Global Crossing Americas Solution, Inc. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gary T. Giesen Sent: Tuesday, July 21, 2009 4:57 PM To: Satyam Mathura; rancid-discuss at shrubbery.net Subject: [rancid] Re: Rancid and Syslog-ng Another option I use is snmptt. There's an SNMP trap an IOS router can send upon config change, and I use snmptt to run rancid against that host when it receives such a trap. GG On 6/2/09, Satyam Mathura wrote: > Guys, > Has anyone ever been successful with setting up rancid and syslog-ng so that > whenever a config change is written to memory, syslog-ng calls the rancid > executable for that host only? > Basically we're looking to have rancid query a device only when that > device's configuration has been modified. > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid.pl Type: application/octet-stream Size: 215 bytes Desc: rancid.pl Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090721/57abbbd7/attachment.obj From hardenrm at illinois.edu Tue Jul 21 22:21:55 2009 From: hardenrm at illinois.edu (Ryan Harden) Date: Tue, 21 Jul 2009 17:21:55 -0500 Subject: [rancid] Re: Rancid and Syslog-ng In-Reply-To: <7ea146250906021514g74c10c8p79dc1307108adfa6@mail.gmail.com> References: <7ea146250906021514g74c10c8p79dc1307108adfa6@mail.gmail.com> Message-ID: <4A663F83.6070505@illinois.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I accomplished this by using sec to watch the logs and spawn rancid for the host that generated the log entry. You might look into sec (Simple Event Correlator) as an option. /Ryan Satyam Mathura wrote: > Guys, > Has anyone ever been successful with setting up rancid and syslog-ng so that > whenever a config change is written to memory, syslog-ng calls the rancid > executable for that host only? > Basically we're looking to have rancid query a device only when that > device's configuration has been modified. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss - -- Ryan M. Harden, BS, KC9IHX Office: 217-265-5192 CITES - Network Engineering Cell: 630-363-0365 2130 Digital Computer Lab Fax: 217-244-7089 1304 W. Springfield email: hardenrm at illinois.edu Urbana, IL 61801 University of Illinois - Urbana/Champaign University of Illinois - ICCN -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFKZj+DtuPckBBbXboRArS2AKDPFIqYnEZHIRdpMG548loVku4SQwCgs0yW Q9TflYg7H0ZlvE34VVSfvWc= =aR+L -----END PGP SIGNATURE----- From asmirnoff at office.beeline.ru Wed Jul 22 07:28:46 2009 From: asmirnoff at office.beeline.ru (Smirnoff Alexander) Date: Wed, 22 Jul 2009 11:28:46 +0400 Subject: [rancid] ProcessHistory filter Message-ID: <986544234AB0A44BADE40DF502E2012A0223AB63@SPBMAIL.spb.sovintel.net> Hello all RANCID people! I try to filter interface counters from output of Zyxel Prestige 791R ip route status : - !IP ROUTE: default???????? 01 0?? mpoa01???? 172.17.100.1????? 2??? 00ab 0????? 409683 + !IP ROUTE: default???????? 01 0?? mpoa01???? 172.17.100.1????? 2??? 00ab 0????? 412140 ?using these definitions: if (/^(default)/) ??????? { ProcessHistory("","","","!IP ROUTE: default $1 $2$3 mpoa01???? $5$6<___>\n") && next;??? } but ?something wrong - i receive this: !IP ROUTE: default default? mpoa01???? <___> How I can correctly setup this filter? -- Regards, Alexandr Smirnov +7(812)3468600 # 54682 Head of Data Transmission Networks Monitoring Service mailto:asmirnoff at office.beeline.ru -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090722/5dfbd338/attachment.html From asmirnoff at office.beeline.ru Wed Jul 22 13:16:30 2009 From: asmirnoff at office.beeline.ru (Smirnoff Alexander) Date: Wed, 22 Jul 2009 17:16:30 +0400 Subject: [rancid] Re: ProcessHistory filter In-Reply-To: <986544234AB0A44BADE40DF502E2012A0223AB63@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A0223AB63@SPBMAIL.spb.sovintel.net> Message-ID: <986544234AB0A44BADE40DF502E2012A0223ABAC@SPBMAIL.spb.sovintel.net> And I have some other question about ProcessHistory - I make sub for parsing ?commands, and in output I see for every first line this: !HOSTNAME: 777777777777Prestige_ !AUTOEXEC.NET: 777777777777777777777sys errctl 0 !AUTOEXEC.NET: sys trcl level 5 !AUTOEXEC.NET: sys trcl type 1180 !AUTOEXEC.NET: sys trcp cr 64 96 !AUTOEXEC.NET: sys trcl sw off !AUTOEXEC.NET: sys trcp sw off !AUTOEXEC.NET: ip tcp mss 512 !AUTOEXEC.NET: ip tcp limit 2 !AUTOEXEC.NET: ip tcp irtt 65000 !AUTOEXEC.NET: ip tcp window 2 !AUTOEXEC.NET: ip tcp ceiling 6000 !AUTOEXEC.NET: ip rip activate !AUTOEXEC.NET: ip rip merge on !AUTOEXEC.NET: ip icmp discovery enif0 off !AUTOEXEC.NET: ppp ipcp compress off !AUTOEXEC.NET: sys wdog sw on !AUTOEXEC.NET: sys quick enable !SYS FEATURE: 77777777777IPX: yes !SYS FEATURE: IP ONLY: no !SYS FEATURE: AUI: no !SYS FEATURE: AB ADAPTER: no e.g. I am ask about 777777777 symbols. And this is my sub: # is routine processes a "sys view autoexec.net" sub ShowAutoexec { ??? print STDERR "??? In ShowAutoexec: $_" if ($debug); ??? while () { ??? ??????? if (/^$prompt/) { $found_env=1; last}; ??????????????? if (/>/) { ??????????????? $found_end = 1; ??????????????? ProcessHistory("","","","!AUTOEXEC.NET: $_"); ??????????????? return(1); ??????????????? } ???????????????? $found_end = 1; ??? ??????? ProcessHistory("","","","!AUTOEXEC.NET: $_"); ??? }?? ??? return(0); }?????? May be somebody know about this problem? ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Smirnoff Alexander Sent: Wednesday, July 22, 2009 11:29 AM To: rancid-discuss at shrubbery.net Subject: [rancid] ProcessHistory filter Hello all RANCID people! I try to filter interface counters from output of Zyxel Prestige 791R ip route status : - !IP ROUTE: default 01 0 mpoa01 172.17.100.1 2 00ab 0 409683 + !IP ROUTE: default 01 0 mpoa01 172.17.100.1 2 00ab 0 412140 using these definitions: if (/^(default)/) { ProcessHistory("","","","!IP ROUTE: default $1 $2$3 mpoa01 $5$6<___>\n") && next; } but something wrong - i receive this: !IP ROUTE: default default mpoa01 <___> How I can correctly setup this filter? -- Regards, Alexandr Smirnov +7(812)3468600 # 54682 Head of Data Transmission Networks Monitoring Service mailto:asmirnoff at office.beeline.ru -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090722/e3775521/attachment.html From max_allan at hotmail.com Thu Jul 23 10:35:00 2009 From: max_allan at hotmail.com (Max Allan) Date: Thu, 23 Jul 2009 10:35:00 +0000 Subject: [rancid] clogin and CSS bug and fix? Message-ID: Hello, I've just started using rancid (2.3.2) and I think I've found a minor clogin bug and fixed it. I've got some CSSs that don't require enable, you log straight in to enable mode. When the login tries to exit I get an error : can't read "do_saveconfig": no such variable while executing "if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} }" >From my quick reading of clogin and limited understanding of expect/tcl the problem is because the "do_saveconfig" is only made global in "proc do_enable". I'm never going to run do_enable because I don't need it. So, to fix it, I added one line to the start of "proc run_commands " : global do_saveconfig in_proc So, without having a great understanding of tcl/clogin , I don't know if that is that going to break something else? (It fixes the Css problem though) Any opinions? Regards, Max _________________________________________________________________ Windows Live Messenger: Celebrate 10 amazing years with free winks and emoticons. http://clk.atdmt.com/UKM/go/157562755/direct/01/ From smunzani at comcast.net Thu Jul 23 13:09:34 2009 From: smunzani at comcast.net (Sam Munzani) Date: Thu, 23 Jul 2009 08:09:34 -0500 Subject: [rancid] Re: Rancid and Syslog-ng In-Reply-To: <664F471D69849C499D350F2B85BAB83B128B97A1CA@EVS15.lat.gblxint.com> References: <7ea146250906021514g74c10c8p79dc1307108adfa6@mail.gmail.com> <9a9d0c6a0907211356jef89d41sf6d6c50a7046fff1@mail.gmail.com> <664F471D69849C499D350F2B85BAB83B128B97A1CA@EVS15.lat.gblxint.com> Message-ID: <4A68610E.5030203@comcast.net> The problem I faced with this approach is when the syslog-ng triggers the program, it memorizes that. So calling rancid-run script directly doesn't work. You need a wrapper script for this directive to work. From the configuration it looks like you have written rancid.pl wrapper. Can you share that to the team? Thanks, Sam > Hello everyone; > I implemented the solution with the following syslog-ng modification and a script in perl. When the syslog receive a change configuration trap trigger the script. You should adapt it to your specific system. In this case the syslog translate the IP add from the hosts/DNS and I use that name. also I put the script in the log directory to avoid permit issues. Hopefully It will work for you. > > Syslog.conf: > > source net { udp(); }; > > filter f_change{ match("SYS-5-CONFIG_I: Configured"); }; > > destination df_change { program("perl /var/log/rancid.pl" > template("$HOST\n") ); > }; > > log { source(net); filter(f_change); destination(df_change); }; > > > Regards > > Federico Meli > Global Crossing Americas Solution, Inc. > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gary T. Giesen > Sent: Tuesday, July 21, 2009 4:57 PM > To: Satyam Mathura; rancid-discuss at shrubbery.net > Subject: [rancid] Re: Rancid and Syslog-ng > > Another option I use is snmptt. There's an SNMP trap an IOS router can > send upon config change, and I use snmptt to run rancid against that > host when it receives such a trap. > > GG > > On 6/2/09, Satyam Mathura wrote: > >> Guys, >> Has anyone ever been successful with setting up rancid and syslog-ng so that >> whenever a config change is written to memory, syslog-ng calls the rancid >> executable for that host only? >> Basically we're looking to have rancid query a device only when that >> device's configuration has been modified. >> >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/646b4137/attachment.html From daniel.medina at gmail.com Thu Jul 23 14:09:59 2009 From: daniel.medina at gmail.com (Daniel Medina) Date: Thu, 23 Jul 2009 10:09:59 -0400 Subject: [rancid] Re: clogin and CSS bug and fix? In-Reply-To: References: Message-ID: <20090723140959.GA38351@monkey.local> On Thu, Jul 23, 2009 at 10:35:00AM +0000, Max Allan wrote: > I've just started using rancid (2.3.2) and I think I've found a minor clogin bug and fixed it. > > I've got some CSSs that don't require enable, you log straight in to enable mode. > [...] > Any opinions? Have you looked at setting autoenable / noenable in cloginrc? Try "add autoenable * 1" to tell clogin that you're getting in already enabled. -- Daniel Medina From asmirnoff at office.beeline.ru Thu Jul 23 14:19:12 2009 From: asmirnoff at office.beeline.ru (Smirnoff Alexander) Date: Thu, 23 Jul 2009 18:19:12 +0400 Subject: [rancid] Re: ProcessHistory filter In-Reply-To: <986544234AB0A44BADE40DF502E2012A0223ABAC@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A0223AB63@SPBMAIL.spb.sovintel.net> <986544234AB0A44BADE40DF502E2012A0223ABAC@SPBMAIL.spb.sovintel.net> Message-ID: <986544234AB0A44BADE40DF502E2012A0223AC59@SPBMAIL.spb.sovintel.net> Hello! Now I find some information about these symbols, but until can't correctly work with them. For example zyxP791Rlogin must send command, and wait for prompt before send next command - and this feature work in one case and not word for another. I can't understand why. May be some of RANCID scripts already solve this problem with scroll-like terminals and scrolling symbols? ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Smirnoff Alexander Sent: Wednesday, July 22, 2009 5:17 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: ProcessHistory filter And I have some other question about ProcessHistory - I make sub for parsing commands, and in output I see for every first line this: !HOSTNAME: 777777777777Prestige_ !AUTOEXEC.NET: 777777777777777777777sys errctl 0 !AUTOEXEC.NET: sys trcl level 5 !AUTOEXEC.NET: sys trcl type 1180 !AUTOEXEC.NET: sys trcp cr 64 96 !AUTOEXEC.NET: sys trcl sw off !AUTOEXEC.NET: sys trcp sw off !AUTOEXEC.NET: ip tcp mss 512 !AUTOEXEC.NET: ip tcp limit 2 !AUTOEXEC.NET: ip tcp irtt 65000 !AUTOEXEC.NET: ip tcp window 2 !AUTOEXEC.NET: ip tcp ceiling 6000 !AUTOEXEC.NET: ip rip activate !AUTOEXEC.NET: ip rip merge on !AUTOEXEC.NET: ip icmp discovery enif0 off !AUTOEXEC.NET: ppp ipcp compress off !AUTOEXEC.NET: sys wdog sw on !AUTOEXEC.NET: sys quick enable !SYS FEATURE: 77777777777IPX: yes !SYS FEATURE: IP ONLY: no !SYS FEATURE: AUI: no !SYS FEATURE: AB ADAPTER: no e.g. I am ask about 777777777 symbols. And this is my sub: # is routine processes a "sys view autoexec.net" sub ShowAutoexec { print STDERR " In ShowAutoexec: $_" if ($debug); while () { if (/^$prompt/) { $found_env=1; last}; if (/>/) { $found_end = 1; ProcessHistory("","","","!AUTOEXEC.NET: $_"); return(1); } $found_end = 1; ProcessHistory("","","","!AUTOEXEC.NET: $_"); } return(0); } May be somebody know about this problem? ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Smirnoff Alexander Sent: Wednesday, July 22, 2009 11:29 AM To: rancid-discuss at shrubbery.net Subject: [rancid] ProcessHistory filter Hello all RANCID people! I try to filter interface counters from output of Zyxel Prestige 791R ip route status : - !IP ROUTE: default 01 0 mpoa01 172.17.100.1 2 00ab 0 409683 + !IP ROUTE: default 01 0 mpoa01 172.17.100.1 2 00ab 0 412140 using these definitions: if (/^(default)/) { ProcessHistory("","","","!IP ROUTE: default $1 $2$3 mpoa01 $5$6<___>\n") && next; } but something wrong - i receive this: !IP ROUTE: default default mpoa01 <___> How I can correctly setup this filter? -- Regards, Alexandr Smirnov +7(812)3468600 # 54682 Head of Data Transmission Networks Monitoring Service mailto:asmirnoff at office.beeline.ru -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/25d3ebcf/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: 172.17.100.99.raw Type: application/octet-stream Size: 8214 bytes Desc: 172.17.100.99.raw Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/25d3ebcf/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: zyxP791rancid Type: application/octet-stream Size: 17175 bytes Desc: zyxP791rancid Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/25d3ebcf/attachment-0001.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: zyxP791rlogin Type: application/octet-stream Size: 25748 bytes Desc: zyxP791rlogin Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/25d3ebcf/attachment-0002.obj From max_allan at hotmail.com Thu Jul 23 15:19:52 2009 From: max_allan at hotmail.com (Max Allan) Date: Thu, 23 Jul 2009 15:19:52 +0000 Subject: [rancid] Re: clogin and CSS bug and fix? In-Reply-To: <20090723140959.GA38351@monkey.local> References: <20090723140959.GA38351@monkey.local> Message-ID: > > Try "add autoenable * 1" to tell clogin that you're getting in already enabled. > All the CSSs already have autoenable set. Which is why they're bypassing do_enable in clogin. do_enable seems to set the scope of do_saveconfig to be global through all procs, so if they didn't autoenable, it would all work fine. I do get the relevant config back from them even though clogin is giving a return code of 1 and dumping error text. e.g. max $ clogin -c "sh run" css1> css1.conf can't read "do_saveconfig": no such variable while executing "if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} }" invoked from within "expect -nobrace -re {^[^ *]*css1([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { # the Cisco CE and Jnx ERX # return to non-enabled mode ..." invoked from within "expect { -re "^\[^\n\r *]*$reprompt" { # the Cisco CE and Jnx ERX # return to non-enabled mode # on exit in enabled mode. ..." (procedure "run_commands" line 81) invoked from within "run_commands $prompt $command" ("foreach" body line 149) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/export/home/max/rancid/bin/clogin" line 727) max $ echo $? 1 Thanks, Max _________________________________________________________________ With Windows Live, you can organise, edit, and share your photos. http://clk.atdmt.com/UKM/go/134665338/direct/01/ From Federico.Meli at GlobalCrossing.com Thu Jul 23 13:58:55 2009 From: Federico.Meli at GlobalCrossing.com (Meli, Federico) Date: Thu, 23 Jul 2009 10:58:55 -0300 Subject: [rancid] Re: Rancid and Syslog-ng In-Reply-To: <4A68610E.5030203@comcast.net> References: <7ea146250906021514g74c10c8p79dc1307108adfa6@mail.gmail.com> <9a9d0c6a0907211356jef89d41sf6d6c50a7046fff1@mail.gmail.com> <664F471D69849C499D350F2B85BAB83B128B97A1CA@EVS15.lat.gblxint.com> <4A68610E.5030203@comcast.net> Message-ID: <664F471D69849C499D350F2B85BAB83B12DF67A216@EVS15.lat.gblxint.com> Sam, I included the attach with the previous mail but here you have the script. rancid.pl: ######################### #!/usr/bin/perl use warnings; use strict; # strip the priority my $host; $host=<>; chomp($host); $host=lc($host); if ($host) {system("su - rancid -c \"/home/rancid/bin/rancid-run -r $host \" ");}; ################ Federico Meli From: Sam Munzani [mailto:smunzani at comcast.net] Sent: Thursday, July 23, 2009 9:10 AM To: Meli, Federico Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Rancid and Syslog-ng The problem I faced with this approach is when the syslog-ng triggers the program, it memorizes that. So calling rancid-run script directly doesn't work. You need a wrapper script for this directive to work. From the configuration it looks like you have written rancid.pl wrapper. Can you share that to the team? Thanks, Sam Hello everyone; I implemented the solution with the following syslog-ng modification and a script in perl. When the syslog receive a change configuration trap trigger the script. You should adapt it to your specific system. In this case the syslog translate the IP add from the hosts/DNS and I use that name. also I put the script in the log directory to avoid permit issues. Hopefully It will work for you. Syslog.conf: source net { udp(); }; filter f_change{ match("SYS-5-CONFIG_I: Configured"); }; destination df_change { program("perl /var/log/rancid.pl" template("$HOST\n") ); }; log { source(net); filter(f_change); destination(df_change); }; Regards Federico Meli Global Crossing Americas Solution, Inc. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gary T. Giesen Sent: Tuesday, July 21, 2009 4:57 PM To: Satyam Mathura; rancid-discuss at shrubbery.net Subject: [rancid] Re: Rancid and Syslog-ng Another option I use is snmptt. There's an SNMP trap an IOS router can send upon config change, and I use snmptt to run rancid against that host when it receives such a trap. GG On 6/2/09, Satyam Mathura wrote: Guys, Has anyone ever been successful with setting up rancid and syslog-ng so that whenever a config change is written to memory, syslog-ng calls the rancid executable for that host only? Basically we're looking to have rancid query a device only when that device's configuration has been modified. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ________________________________________ _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From don.t.roeun at us.army.mil Thu Jul 23 14:06:44 2009 From: don.t.roeun at us.army.mil (Roeun, Don T Mr CTR USA HRC) Date: Thu, 23 Jul 2009 10:06:44 -0400 Subject: [rancid] Nortel Alteons (UNCLASSIFIED) Message-ID: Classification: UNCLASSIFIED Caveats: NONE We have a total of 14 Nortel Alteons, and clogin fails on a couple of them. I tried testing with bin/clogin 5x in a row and it is hit or miss, sometimes it works and sometimes it doesn't. I can see the username get filled in but not the password. When it fails with clogin, I can always connect straight to the device from the rancid box outside of clogin using the same credentials. I tested it 5 times on a single device & it worked once or twice. This is only happening on 2 of the 14 Alteons that we have. Any thoughts? cloginrc: #Alteons# add user a184-* {password} add userprompt a184-* {"Enter radius username"} add userpassword a184-* {password} add passprompt a184-* {"Enter radius password"} log: a184-dmz13: missed cmd(s): /info/sys,/cfg/dump > a184-dmz13: End of run not found > /* > a184-dmz14: missed cmd(s): /info/sys,/cfg/dump > a184-dmz14: End of run not found Classification: UNCLASSIFIED Caveats: NONE -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/35cb19bd/attachment.html From daniel.medina at gmail.com Thu Jul 23 15:37:37 2009 From: daniel.medina at gmail.com (Daniel Medina) Date: Thu, 23 Jul 2009 11:37:37 -0400 Subject: [rancid] Re: Rancid and Syslog-ng In-Reply-To: <4A68610E.5030203@comcast.net> References: <7ea146250906021514g74c10c8p79dc1307108adfa6@mail.gmail.com> <9a9d0c6a0907211356jef89d41sf6d6c50a7046fff1@mail.gmail.com> <664F471D69849C499D350F2B85BAB83B128B97A1CA@EVS15.lat.gblxint.com> <4A68610E.5030203@comcast.net> Message-ID: <20090723153737.GB38351@monkey.local> On Thu, Jul 23, 2009 at 08:09:34AM -0500, Sam Munzani wrote: > The problem I faced with this approach is when the syslog-ng triggers the > program, it memorizes that. So calling rancid-run script directly doesn't > work. You need a wrapper script for this directive to work. From the > configuration it looks like you have written rancid.pl wrapper. Can you > share that to the team? Not that it memorizes, but syslog-ng starts the program once and expects it to hang around, waiting for input. In perl (although the syslog-ng example below from Federico handles some of this already with the filter and template, #!perl # define your $pattern of interest while( <> ) { if ( /$pattern/ ) { # extract values # Do something with your values # Like "rancid-run -r device_name" } } Note, I've seen it's useful to batch up sysconfig traps or syslog messages before firing off data collection for every event because you may have humans logging in manually entering config mode, exiting, re-entering or some other sort of nonsense :) -- Daniel Medina From heas at shrubbery.net Thu Jul 23 15:50:50 2009 From: heas at shrubbery.net (john heasley) Date: Thu, 23 Jul 2009 08:50:50 -0700 Subject: [rancid] Re: clogin and CSS bug and fix? In-Reply-To: References: Message-ID: <20090723155050.GE29220@shrubbery.net> Thu, Jul 23, 2009 at 10:35:00AM +0000, Max Allan: > > Hello, > > I've just started using rancid (2.3.2) and I think I've found a minor clogin bug and fixed it. > > I've got some CSSs that don't require enable, you log straight in to enable mode. > > When the login tries to exit I get an error : > can't read "do_saveconfig": no such variable > while executing > "if {$do_saveconfig} { ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2.p1 > catch {send "y\r"} > } else { > catch {send "n\r"} > }" > > > >From my quick reading of clogin and limited understanding of expect/tcl the problem is because the "do_saveconfig" is only made global in "proc do_enable". I'm never going to run do_enable because I don't need it. > > So, to fix it, I added one line to the start of "proc run_commands " : > global do_saveconfig in_proc > > So, without having a great understanding of tcl/clogin , I don't know if that is that going to break something else? (It fixes the Css problem though) > Any opinions? > > Regards, > Max > _________________________________________________________________ > Windows Live Messenger: Celebrate 10 amazing years with free winks and emoticons. > http://clk.atdmt.com/UKM/go/157562755/direct/01/ > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Todd at equivoice.com Thu Jul 23 16:02:11 2009 From: Todd at equivoice.com (Todd Heide) Date: Thu, 23 Jul 2009 11:02:11 -0500 Subject: [rancid] MPLS and Rancid Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220019E3080@exchange.Equivoice.local> I don't know if this has been addressed yet, but I have a need for Rancid to be able to access devices in an MPLS environment. What we have is a network of devices, some on MPLS that is reachable via a share, and some that are completely autonomous from the rest of the network, they have their own firewall in the colo and everything is reached through that, unless you have access to a Core router, and can then reach them through their VRF. What I was thinking is if there is a way for Rancid to log into a Core router, and then from there, ssh or telnet, depending on the Core router, to the customers routers via the VRF commands. These would need to be done one device at a time so it doesn't overwhelm the core router with connections. Basically, Rancid logs into say 10.255.255.254, then issues, telnet 10.255.254.2 /vrf testcase, logs into the device, does its Rancid thing, logs out, then does it again for the next device on the list. This would be something I would schedule to be done once a day, starting at 11 PM. Can it be done? Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/a71336b2/attachment.html From rwest at zyedge.com Thu Jul 23 16:06:03 2009 From: rwest at zyedge.com (Ryan West) Date: Thu, 23 Jul 2009 12:06:03 -0400 Subject: [rancid] Re: MPLS and Rancid In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220019E3080@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220019E3080@exchange.Equivoice.local> Message-ID: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B172@zy-ex1.zyedge.local> Todd, I think you might be able to do what you want with usercmd patch, you might need to search the archives for it. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Thursday, July 23, 2009 12:02 PM To: rancid-discuss at shrubbery.net Subject: [rancid] MPLS and Rancid I don't know if this has been addressed yet, but I have a need for Rancid to be able to access devices in an MPLS environment. What we have is a network of devices, some on MPLS that is reachable via a share, and some that are completely autonomous from the rest of the network, they have their own firewall in the colo and everything is reached through that, unless you have access to a Core router, and can then reach them through their VRF. What I was thinking is if there is a way for Rancid to log into a Core router, and then from there, ssh or telnet, depending on the Core router, to the customers routers via the VRF commands. These would need to be done one device at a time so it doesn't overwhelm the core router with connections. Basically, Rancid logs into say 10.255.255.254, then issues, telnet 10.255.254.2 /vrf testcase, logs into the device, does its Rancid thing, logs out, then does it again for the next device on the list. This would be something I would schedule to be done once a day, starting at 11 PM. Can it be done? Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/8efa0f4e/attachment.html From rwest at zyedge.com Thu Jul 23 16:11:16 2009 From: rwest at zyedge.com (Ryan West) Date: Thu, 23 Jul 2009 12:11:16 -0400 Subject: [rancid] Re: Nortel Alteons (UNCLASSIFIED) In-Reply-To: References: Message-ID: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B176@zy-ex1.zyedge.local> Hey Don. Long time, how is everything? Does it work every time if it's called from 'rancid-run -r '. I have the same issue going on with an F5. Is the config substantially larger on those two Alteon boxes? -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Roeun, Don T Mr CTR USA HRC Sent: Thursday, July 23, 2009 10:07 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Nortel Alteons (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE We have a total of 14 Nortel Alteons, and clogin fails on a couple of them. I tried testing with bin/clogin 5x in a row and it is hit or miss, sometimes it works and sometimes it doesn't. I can see the username get filled in but not the password. When it fails with clogin, I can always connect straight to the device from the rancid box outside of clogin using the same credentials. I tested it 5 times on a single device & it worked once or twice. This is only happening on 2 of the 14 Alteons that we have. Any thoughts? cloginrc: #Alteons# add user a184-* {password} add userprompt a184-* {"Enter radius username"} add userpassword a184-* {password} add passprompt a184-* {"Enter radius password"} log: a184-dmz13: missed cmd(s): /info/sys,/cfg/dump > a184-dmz13: End of run not found > /* > a184-dmz14: missed cmd(s): /info/sys,/cfg/dump > a184-dmz14: End of run not found Classification: UNCLASSIFIED Caveats: NONE -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/de312e97/attachment.html From kubatrak at gmail.com Thu Jul 23 15:49:22 2009 From: kubatrak at gmail.com (=?ISO-8859-1?Q?Alberto_Bern=E1rdez?=) Date: Thu, 23 Jul 2009 17:49:22 +0200 Subject: [rancid] Re: Nortel Alteons (UNCLASSIFIED) In-Reply-To: References: Message-ID: Hi, I have several alteons too, but I?m using alogin script for Alteon?s backup. All of them works fine. Try with alogin script. Regards, Berto 2009/7/23 Roeun, Don T Mr CTR USA HRC > Classification: * UNCLASSIFIED*** > Caveats: NONE > > > We have a total of 14 Nortel Alteons, and clogin fails on a couple of > them. I tried testing with bin/clogin 5x in a row and it is hit or miss, > sometimes it works and sometimes it doesn?t. I can see the username get > filled in but not the password. When it fails with clogin, I can always > connect straight to the device from the rancid box outside of clogin using > the same credentials. I tested it 5 times on a single device & it workedonce or twice. > This is only happening on 2 of the 14 Alteons that we have. Any thoughts? > > cloginrc: > > #Alteons# > > add user a184-* {password} > > add userprompt a184-* {"Enter radius username"} > > add userpassword a184-* {password} > > add passprompt a184-* {"Enter radius password"} > > log: > > a184-dmz13: missed cmd(s): /info/sys,/cfg/dump > > > a184-dmz13: End of run not found > > > /* > > > a184-dmz14: missed cmd(s): /info/sys,/cfg/dump > > > a184-dmz14: End of run not found > > > > Classification: * UNCLASSIFIED*** > Caveats: NONE > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/239b0ed5/attachment.html From kubatrak at gmail.com Thu Jul 23 16:33:03 2009 From: kubatrak at gmail.com (=?ISO-8859-1?Q?Alberto_Bern=E1rdez?=) Date: Thu, 23 Jul 2009 18:33:03 +0200 Subject: [rancid] Re: Nortel Alteons (UNCLASSIFIED) In-Reply-To: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B176@zy-ex1.zyedge.local> References: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B176@zy-ex1.zyedge.local> Message-ID: Hi Don, I?m a newbie too. I try to help if its possible. Yes, .cloginrc is the file where you have to stored logins. Alogin is the script Rancid use to make Alteon backups. Clogin is for cisco devices. Try: /rancid/bin/alogin Furthermore, put this configuration on .cloginrc: add user a184-* {password} add userprompt a184-* {"Enter radius username:"} add autoenable a184-* 1 add userpassword a184-* {password} This configuration is the same I have in my Rancid. Regards, Berto 2009/7/23 Ryan West > Hey Don. Long time, how is everything? > > > > Does it work every time if it?s called from ?rancid-run ?r ?. I > have the same issue going on with an F5. Is the config substantially larger > on those two Alteon boxes? > > > > -ryan > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Roeun, Don T Mr CTR > USA HRC > *Sent:* Thursday, July 23, 2009 10:07 AM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] Nortel Alteons (UNCLASSIFIED) > > > > Classification: * UNCLASSIFIED* > Caveats: NONE > > > We have a total of 14 Nortel Alteons, and clogin fails on a couple of > them. I tried testing with bin/clogin 5x in a row and it is hit or miss, > sometimes it works and sometimes it doesn?t. I can see the username get > filled in but not the password. When it fails with clogin, I can always connect > straight to the device from the rancid box outside of clogin using the > same credentials. I tested it 5 times on a single device & it worked once > or twice. This is only happening on 2 of the 14 Alteons that we have. Any > thoughts? > > cloginrc: > > #Alteons# > > add user a184-* {password} > > add userprompt a184-* {"Enter radius username"} > > add userpassword a184-* {password} > > add passprompt a184-* {"Enter radius password"} > > log: > > a184-dmz13: missed cmd(s): /info/sys,/cfg/dump > > > a184-dmz13: End of run not found > > > /* > > > a184-dmz14: missed cmd(s): /info/sys,/cfg/dump > > > a184-dmz14: End of run not found > > > > Classification: * UNCLASSIFIED* > Caveats: NONE > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/517bb722/attachment.html From don.t.roeun at us.army.mil Thu Jul 23 16:31:37 2009 From: don.t.roeun at us.army.mil (Roeun, Don T Mr CTR USA HRC) Date: Thu, 23 Jul 2009 12:31:37 -0400 Subject: [rancid] Re: Nortel Alteons (UNCLASSIFIED) In-Reply-To: <20090723160620.GM13254@limelightnetworks.com> References: <20090723160620.GM13254@limelightnetworks.com> Message-ID: Classification: UNCLASSIFIED Caveats: NONE Hi Bill, What needs to be modified to use alogin? As of right now, I have all of my logins for Cisco & Alteon gear in .cloginrc. 12 of 14 alteons are backing up correctly. Do alteon logins need to be in a separate file? I really appreciate your help. -----Original Message----- From: Bill Petrisko [mailto:bill at limelightnetworks.com] Sent: Thursday, July 23, 2009 12:06 PM To: Roeun, Don T Mr CTR USA HRC Subject: Re: [rancid] Nortel Alteons (UNCLASSIFIED) On Thu, 23 Jul 2009, Roeun, Don T Mr CTR USA HRC wrote: > Classification: UNCLASSIFIED > Caveats: NONE > > We have a total of 14 Nortel Alteons, and clogin fails on a couple of > them. I tried testing with bin/clogin 5x in a row and it is hit or > miss, sometimes it works and sometimes it doesn't. I can see the > username get filled in but not the password. When it fails with > clogin, I can always connect straight to the device from the rancid > box outside of clogin using the same credentials. I tested it 5 times > on a single device & it worked once or twice. This is only happening > on 2 of the 14 Alteons that we have. Any thoughts? > > cloginrc: > > #Alteons# > add user a184-* {password} > add userprompt a184-* {"Enter radius username"} add userpassword > a184-* {password} add passprompt a184-* {"Enter radius password"} > > log: > > a184-dmz13: missed cmd(s): /info/sys,/cfg/dump > > a184-dmz13: End of run not found > > /* > > a184-dmz14: missed cmd(s): /info/sys,/cfg/dump > > a184-dmz14: End of run not found Not sure if this will help, but we used to use a modified version of clogin (we called it "alogin") for collecting from alteon boxes: also below is the "arancid" we used with it.... bill #!/usr/bin/expect -- ## ## ## Copyright (C) 1997-2001 by Henry Kilmer, Erik Sherk and Pete Whiting. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed without ## fee for non-commerical purposes provided that this copyright notice is ## preserved intact on all copies and modified copies. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## # # alogin - Alteon WebOS switch login # # afort at choqolat.org is responsible for this particular mess # (andrew fort) # # Usage line set usage "Usage: $argv0 \[-c command\] \ \[-Evar=x\] \[-f cloginrc-file\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set enable 1 # The default is that you login non-enabled (tacacs can have you login already enabled) set autoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ] } { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "Error: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Username -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -v* - -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Enable Username } -w* - -W* { # ignore -w # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { incr i set E$varname $varvalue } else { send_user "Error: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { # ignore -e # Command to run. } -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "Error: Can't read $sfile\n" exit 1 } set do_script 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* - -X { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { # ignore -noenable # Does tacacs automatically enable us? } -autoenable { # ignore -autoenable } -* { send_user "Error: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "Error: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "Error: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "Error: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "Error: $reason\n" exit 1 } } # Log into the router. proc login { router user userpswd passwd prompt cmethod cyphertype } { global spawn_id in_proc do_command do_script global u_prompt p_prompt set in_proc 1 set uprompt_seen 0 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" exit 1 } } elseif ![string compare $prog "ssh"] { if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] { send_user "Error: ssh failed: $reason\n" exit 1 } } elseif ![string compare $prog "rsh"] { if [ catch {spawn rsh -l $user $router} reason ] { send_user "Error: rsh failed: $reason\n" exit 1 } } else { puts "ERROR: unknown connection method: $prog" return 1 } incr progs -1 sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } expect { "Connection refused" { close; wait sleep 0.3 expect eof send_user "Error: Connection Refused\n"; wait; return 1 } eof { send_user "Error: Couldn't login\n"; wait; return 1 } "Unknown host\r\n" { expect eof send_user "Error: Unknown host\n"; wait; return 1 } "Host is unreachable" { expect eof send_user "Error: Host Unreachable!\n"; wait; return 1 } "No address associated with name" { expect eof send_user "Error: Unknown host\n"; wait; return 1 } -re "$u_prompt" { send "$user\r" set uprompt_seen 1 exp_continue } -re "$p_prompt" { sleep 1 if {$uprompt_seen == 1} { send "$userpswd\r" } else { send "$passwd\r" } exp_continue } -re "^Confirm seeing above note" { send "y\r" exp_continue } "Password incorrect" { send_user "Error: Check your password for $router\n"; catch {close}; wait; return 1 } -re "$prompt" { break; } denied { send_user "Error: Check your passwd for $router\n" if { $do_command || $do_script } { send "exit\r" wait return 1 } else { return 1 } } "\r\n" { exp_continue; } } } set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 send "lines 0\r" expect -re $prompt {} regsub -all "\[)(]" $prompt {\\&} reprompt # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send "[subst -nocommands [lindex $commands $i]]\r" expect { -re "^\[^\n\r]*$reprompt" {} -re "^\[^\n\r ]*>>.*$reprompt" { exp_continue } -re "\[\n\r]+" { exp_continue } } } } else { send "[subst -nocommands $command]\r" expect { -re "^\[^\n\r]*$reprompt" {} -re "^\[^\n\r ]*>>.*$reprompt" { exp_continue } -re "\[\n\r]+" { exp_continue } } } send "exit\r" expect { -re "^WARNING: There are unsaved configuration changes." { send "y\r" exp_continue } "\n" { exp_continue } "\[^\n\r *]*Session terminated" { return 0 } timeout { return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. set prompt ">> \[^\r\n]*\[#|>] " # alteon only "enables" based on the password used at login time set autoenable 1 set enable 0 # Figure out passwords if { $do_passwd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "Error - no password for $router in $password_file.\n" continue } set passwd [lindex $pswd 0] } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [find user $router] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [find userpassword $router] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|login| Login):" } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "\[Pp]assword:" } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Login to the router if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype]} { continue } if { $do_command } { if {[run_commands $prompt $command]} { continue } } elseif { $do_script } { send "lines 0\r" expect -re $prompt {} source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 and arancid: #!/usr/bin/perl ## ## Hacked version of rancid for Alteon WebOS switches ## tested with: ad3 v8.1.18 ## afort at choqolat.org (andrew fort) ## ## ## Copyright (C) 1997-2001 by Henry Kilmer. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed without ## fee for non-commerical purposes provided that this copyright notice is ## preserved intact on all copies and modified copies. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## # # RANCID - Really Awesome New Cisco confIg Differ # # arancid - Alteon WebOS plugin for rancid # # usage: arancid [-d] [-l] [-f filename | $host] # use Getopt::Std; getopts('dflm'); $log = $opt_l; $debug = $opt_d; $file = $opt_f; $host = $ARGV[0]; $clean_run = 0; $found_end = 0; $prompt = "#"; $timeo = 90; # clogin timeout in seconds # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string, at string)=(@_); if((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && defined %history) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} = "$history{$command_string}@string"; } else { $history{$command_string} = "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} = "@string"; } else { print "@string"; } $hist_tag = $new_hist_tag; $command = $new_command; 1; } sub numerically { $a <=> $b; } # This is a sort routing that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routing that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routing that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routing (ascending). sub numsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3]+256*($a[2]+256*($a[1]+256*$a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "/info/sys" (cf. show version) sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); while () { tr/\015//d; last if (/^>>.*$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); /^(ACEdirector.*|ACEswitch.*|Alteon.*)/i && ProcessHistory("COMMENTS","keysort","A1", "\/\*Model: $1\n") && next; /^Software Version\s+(.*?)\s\((.*)\)/i && ProcessHistory("COMMENTS","keysort","B1", "\/\*Image: Software: $1 ($2)\n") && next; /^Hardware Part No:\s+(.*?)\s+/i && ProcessHistory("COMMENTS","keysort","A2", "\/\*Hardware part no: $1\n") && next; /^MAC address:\s+([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}: [0-9a-f]{2})/i && ProcessHistory("COMMENTS","keysort","C1", "\/\*Base MAC address: $1\n") && next; } return(0); } # This routine processes a "/cfg/dump" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); # eat the header line #$junk = ; # now just copy it verbatim to the history file $is_bwm = 0; while () { tr/\015//d; last if(/^>>.*$prompt/); chop; if (/(rcomm|wcomm|t1com|t2com)(\s+)(.*)/ && defined($ENV{'NOCOMMSTR'})) { ProcessHistory("","","","\/\*\t$1$2\"\"\n") && next; } if (/^\/c\/bwm\/cont (\d+)/) { $cur_bwm_item = $1; $is_bwm = 1; } elsif (/^\/c\/bwm\/pol (\d+)/) { $cur_bwm_item = $1; $is_bwm = 2; } elsif (/^\/c/ || /^\s*resv/) { if ($is_bwm == 2) { if (!$got_hard{$cur_bwm_item}) { ProcessHistory("","","","\/\*\thard \n"); } if (!$got_soft{$cur_bwm_item}) { ProcessHistory("","","","\/\*\tsoft \n"); } } $is_bwm = 0; } if (/name \"DYN/ && ($is_bwm == 1)) { $is_dyn{$cur_bwm_item} = 1; } elsif (/^(\s*(hard|soft) )/ && ($is_bwm == 2) && exists $is_dyn{$cur_bwm_item}) { $limit_type = $2; $limit_line = $1; if ($limit_type eq 'hard') { $got_hard{$cur_bwm_item} = 1; } elsif ($limit_type eq 'soft') { if (!$got_hard{$cur_bwm_item}) { ProcessHistory("","","","\/\*\thard \n"); } $got_soft{$cur_bwm_item} = 1; } ProcessHistory("","","","\/\*${limit_line}\n") && next; } /^(\s+.{2,3}pw )\S+/ && ProcessHistory("","","","\/\*$1\n") && next; /^(\/cfg\/sys\/sshd\/scpadm\s+)(.*)/ && ProcessHistory("","","","\/\*$1\n") && next; next if (/^\/\* Configuration dump taken/i); next if (/^\/\* Version.*Base MAC.*/i); if (/^\/?script end/) { $found_end = 1; ProcessHistory("","","","$_\n"); return(1); } ProcessHistory("","","","$_\n"); } return(0); } # dummy function sub DoNothing {print STDOUT;} # Main %commands=( '/info/sys' => "ShowVersion", '/cfg/dump' => "WriteTerm", ); # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and write term last). pita @commands=( "/info/sys", "/cfg/dump", ); $cisco_cmds=join(";", at commands); $cmds_regexp=join("|", at commands); open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing alogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing alogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "alogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "alogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "alogin failed for $host: $!\n"; } else { open(INPUT,"alogin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; if (/^>>.*$prompt exit/) { $clean_run=1; last; } while (/>>.*$prompt\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; } print STDERR ("HIT COMMAND:$_") if ($debug); if (!defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; last TOP; } } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$clean_run || !$found_end) { if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); } Classification: UNCLASSIFIED Caveats: NONE From don.t.roeun at us.army.mil Thu Jul 23 16:44:29 2009 From: don.t.roeun at us.army.mil (Roeun, Don T Mr CTR USA HRC) Date: Thu, 23 Jul 2009 12:44:29 -0400 Subject: [rancid] Re: Nortel Alteons (UNCLASSIFIED) In-Reply-To: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B176@zy-ex1.zyedge.local> References: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B176@zy-ex1.zyedge.local> Message-ID: Classification: UNCLASSIFIED Caveats: NONE Whoah - hey... long time! I tried /usr/local/rancid/bin/rancid-run -r (name) but it didn't seem to do anything. I just compared & the configs are smaller than the alteons that are working. -----Original Message----- From: Ryan West [mailto:rwest at zyedge.com] Sent: Thursday, July 23, 2009 12:11 PM To: Roeun, Don T Mr CTR USA HRC; rancid-discuss at shrubbery.net Subject: RE: Nortel Alteons (UNCLASSIFIED) Hey Don. Long time, how is everything? Does it work every time if it's called from 'rancid-run -r '. I have the same issue going on with an F5. Is the config substantially larger on those two Alteon boxes? -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Roeun, Don T Mr CTR USA HRC Sent: Thursday, July 23, 2009 10:07 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Nortel Alteons (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE We have a total of 14 Nortel Alteons, and clogin fails on a couple of them. I tried testing with bin/clogin 5x in a row and it is hit or miss, sometimes it works and sometimes it doesn't. I can see the username get filled in but not the password. When it fails with clogin, I can always connect straight to the device from the rancid box outside of clogin using the same credentials. I tested it 5 times on a single device & it worked once or twice. This is only happening on 2 of the 14 Alteons that we have. Any thoughts? cloginrc: #Alteons# add user a184-* {password} add userprompt a184-* {"Enter radius username"} add userpassword a184-* {password} add passprompt a184-* {"Enter radius password"} log: a184-dmz13: missed cmd(s): /info/sys,/cfg/dump > a184-dmz13: End of run not found > /* > a184-dmz14: missed cmd(s): /info/sys,/cfg/dump > a184-dmz14: End of run not found Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE From Todd at equivoice.com Thu Jul 23 17:16:13 2009 From: Todd at equivoice.com (Todd Heide) Date: Thu, 23 Jul 2009 12:16:13 -0500 Subject: [rancid] Re: MPLS and Rancid In-Reply-To: <8423e7bb0907231009v16811a41pb478c729b8e3f5d7@mail.gmail.com> References: <082FEA82DC985B4F8A6B412D5AC4E220019E3080@exchange.Equivoice.local> <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B172@zy-ex1.zyedge.local> <8423e7bb0907231009v16811a41pb478c729b8e3f5d7@mail.gmail.com> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E220019E30A9@exchange.Equivoice.local> Thanks, didn't see the link though. J Thanks Todd From: lavermil at gheek.net [mailto:lavermil at gheek.net] On Behalf Of Lance Vermilion Sent: Thursday, July 23, 2009 12:09 PM To: Ryan West Cc: Todd Heide; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: MPLS and Rancid Todd, Ryan is correct, the usercmd patch would get you where you want. The patch was written by Ed Ravin. Here is a link to the patch and a nice little thread about how to use the patch. The only issue is the patch is quite old so you might have to do some adjustments. John, Is there any chance the usercmd can be added to the distro? -Lance 2009/7/23 Ryan West Todd, I think you might be able to do what you want with usercmd patch, you might need to search the archives for it. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Thursday, July 23, 2009 12:02 PM To: rancid-discuss at shrubbery.net Subject: [rancid] MPLS and Rancid I don't know if this has been addressed yet, but I have a need for Rancid to be able to access devices in an MPLS environment. What we have is a network of devices, some on MPLS that is reachable via a share, and some that are completely autonomous from the rest of the network, they have their own firewall in the colo and everything is reached through that, unless you have access to a Core router, and can then reach them through their VRF. What I was thinking is if there is a way for Rancid to log into a Core router, and then from there, ssh or telnet, depending on the Core router, to the customers routers via the VRF commands. These would need to be done one device at a time so it doesn't overwhelm the core router with connections. Basically, Rancid logs into say 10.255.255.254, then issues, telnet 10.255.254.2 /vrf testcase, logs into the device, does its Rancid thing, logs out, then does it again for the next device on the list. This would be something I would schedule to be done once a day, starting at 11 PM. Can it be done? Todd _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/37e64d76/attachment.html From rancid at gheek.net Thu Jul 23 17:27:19 2009 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 23 Jul 2009 10:27:19 -0700 Subject: [rancid] Re: MPLS and Rancid In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E220019E30A9@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E220019E3080@exchange.Equivoice.local> <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B172@zy-ex1.zyedge.local> <8423e7bb0907231009v16811a41pb478c729b8e3f5d7@mail.gmail.com> <082FEA82DC985B4F8A6B412D5AC4E220019E30A9@exchange.Equivoice.local> Message-ID: <8423e7bb0907231027xf280189u6679f454aa4bf83d@mail.gmail.com> Damn that was slick of me. :-D #Usage example. http://www.shrubbery.net/pipermail/rancid-discuss/2006-November/001875.html #PATCH http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html On Thu, Jul 23, 2009 at 10:16 AM, Todd Heide wrote: > Thanks, didn?t see the link though. J > > > > *Thanks* > > Todd > > *From:* lavermil at gheek.net [mailto:lavermil at gheek.net] *On Behalf Of *Lance > Vermilion > *Sent:* Thursday, July 23, 2009 12:09 PM > *To:* Ryan West > *Cc:* Todd Heide; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Re: MPLS and Rancid > > > > Todd, > > > > Ryan is correct, the usercmd patch would get you where you want. The patch > was written by Ed Ravin. Here is a link to the patch and a nice little > thread about how to use the patch. > > > > The only issue is the patch is quite old so you might have to do some > adjustments. > > > > John, > > > > Is there any chance the usercmd can be added to the distro? > > > > -Lance > > 2009/7/23 Ryan West > > Todd, > > > > I think you might be able to do what you want with usercmd patch, you might > need to search the archives for it. > > > > -ryan > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Todd Heide > *Sent:* Thursday, July 23, 2009 12:02 PM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] MPLS and Rancid > > > > I don?t know if this has been addressed yet, but I have a need for Rancid > to be able to access devices in an MPLS environment. > > What we have is a network of devices, some on MPLS that is reachable via a > share, and some that are completely autonomous from the rest of the network, > they have their own firewall in the colo and everything is reached through > that, unless you have access to a Core router, and can then reach them > through their VRF. > > What I was thinking is if there is a way for Rancid to log into a Core > router, and then from there, ssh or telnet, depending on the Core router, to > the customers routers via the VRF commands. These would need to be done one > device at a time so it doesn?t overwhelm the core router with connections. > > Basically, Rancid logs into say 10.255.255.254, then issues, telnet > 10.255.254.2 /vrf testcase, logs into the device, does its Rancid thing, > logs out, then does it again for the next device on the list. This would be > something I would schedule to be done once a day, starting at 11 PM. > > Can it be done? > > > > Todd > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/368a9f21/attachment.html From heas at shrubbery.net Thu Jul 23 17:42:28 2009 From: heas at shrubbery.net (john heasley) Date: Thu, 23 Jul 2009 10:42:28 -0700 Subject: [rancid] Re: Nortel Alteons (UNCLASSIFIED) In-Reply-To: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B176@zy-ex1.zyedge.local> References: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B176@zy-ex1.zyedge.local> Message-ID: <20090723174228.GH29220@shrubbery.net> Thu, Jul 23, 2009 at 12:11:16PM -0400, Ryan West: > Hey Don. Long time, how is everything? > > Does it work every time if it's called from 'rancid-run -r '. I have the same issue going on with an F5. Is the config substantially larger on those two Alteon boxes? you must be using rancid 2.3.2. if you have solaris or linux and are using expect 5.40 or newer, you must use the expect patch/hack from http://www.shrubbery.net/rancid/#osystems. if you have inconsistent behavior, dollars to donuts this is your problem. after that/those issues; if you still have failures, then look at the log file for the group(s) with problems and resolve any errors that appear there and see the FAQ for typical errors, fixes and tests. if you still have failures, post here and include the log msgs for the group, output of your *login test as described in section 3 of the faq, and any other useful o/p you have from testing. .cloginrc is used by all of the scripts. see clogin(1) and cloginrc(5). rancid-run -r won't produce output unless there is an error in the script itself. otherwise, its just like running rancid-run, it just processes the single device specified in -r's argument, diffs are sent and a log file is created. > -ryan > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Roeun, Don T Mr CTR USA HRC > Sent: Thursday, July 23, 2009 10:07 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Nortel Alteons (UNCLASSIFIED) > > > Classification: UNCLASSIFIED > Caveats: NONE > > > We have a total of 14 Nortel Alteons, and clogin fails on a couple of them. I tried testing with bin/clogin 5x in a row and it is hit or miss, sometimes it works and sometimes it doesn't. I can see the username get filled in but not the password. When it fails with clogin, I can always connect straight to the device from the rancid box outside of clogin using the same credentials. I tested it 5 times on a single device & it worked once or twice. This is only happening on 2 of the 14 Alteons that we have. Any thoughts? > > cloginrc: > > #Alteons# > > add user a184-* {password} > > add userprompt a184-* {"Enter radius username"} > > add userpassword a184-* {password} > > add passprompt a184-* {"Enter radius password"} > > log: > > a184-dmz13: missed cmd(s): /info/sys,/cfg/dump > > > a184-dmz13: End of run not found > > > /* > > > a184-dmz14: missed cmd(s): /info/sys,/cfg/dump > > > a184-dmz14: End of run not found > > > > Classification: UNCLASSIFIED > Caveats: NONE > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Thu Jul 23 17:50:25 2009 From: heas at shrubbery.net (john heasley) Date: Thu, 23 Jul 2009 10:50:25 -0700 Subject: [rancid] Re: ProcessHistory filter In-Reply-To: <986544234AB0A44BADE40DF502E2012A0223AC59@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A0223AB63@SPBMAIL.spb.sovintel.net> <986544234AB0A44BADE40DF502E2012A0223ABAC@SPBMAIL.spb.sovintel.net> <986544234AB0A44BADE40DF502E2012A0223AC59@SPBMAIL.spb.sovintel.net> Message-ID: <20090723175025.GJ29220@shrubbery.net> Thu, Jul 23, 2009 at 06:19:12PM +0400, Smirnoff Alexander: > Hello! > > > > Now I find some information about these symbols, but until can't > correctly work with them. For example zyxP791Rlogin must send command, > and wait for prompt before send next command - and this feature work in > one case and not word for another. I can't understand why. May be some > of RANCID scripts already solve this problem with scroll-like terminals > and scrolling symbols? there are a bunch of vt/screen manipulation code in the o/p. this is probably the issue that you're facing because it makes a mess for regex matches/etc. you can try setting the terminal type to something that doesnt support it (like agmrancid), which might cause the device to stop sending this junk or try hlogin (or adapt it) to filter it out. > > > > > ________________________________ > > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Smirnoff > Alexander > Sent: Wednesday, July 22, 2009 5:17 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: ProcessHistory filter > > > > And I have some other question about ProcessHistory - I make sub for > parsing commands, and in output I see for every first line this: > > > > !HOSTNAME: 777777777777Prestige_ > !AUTOEXEC.NET: 777777777777777777777sys errctl 0 > !AUTOEXEC.NET: sys trcl level 5 > !AUTOEXEC.NET: sys trcl type 1180 > !AUTOEXEC.NET: sys trcp cr 64 96 > !AUTOEXEC.NET: sys trcl sw off > !AUTOEXEC.NET: sys trcp sw off > !AUTOEXEC.NET: ip tcp mss 512 > !AUTOEXEC.NET: ip tcp limit 2 > !AUTOEXEC.NET: ip tcp irtt 65000 > !AUTOEXEC.NET: ip tcp window 2 > !AUTOEXEC.NET: ip tcp ceiling 6000 > !AUTOEXEC.NET: ip rip activate > !AUTOEXEC.NET: ip rip merge on > !AUTOEXEC.NET: ip icmp discovery enif0 off > !AUTOEXEC.NET: ppp ipcp compress off > !AUTOEXEC.NET: sys wdog sw on > !AUTOEXEC.NET: sys quick enable > !SYS FEATURE: 77777777777IPX: yes > !SYS FEATURE: IP ONLY: no > !SYS FEATURE: AUI: no > !SYS FEATURE: AB ADAPTER: no > > > > e.g. I am ask about 777777777 symbols. > > > > And this is my sub: > > > > # is routine processes a "sys view autoexec.net" > > sub ShowAutoexec { > > print STDERR " In ShowAutoexec: $_" if ($debug); > > while () { > > > > if (/^$prompt/) { $found_env=1; last}; > > > > if (/>/) { > > $found_end = 1; > > ProcessHistory("","","","!AUTOEXEC.NET: $_"); > > return(1); > > } > > $found_end = 1; > > > > ProcessHistory("","","","!AUTOEXEC.NET: $_"); > > } > > return(0); > > } > > > > May be somebody know about this problem? > > > > ________________________________ > > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Smirnoff > Alexander > Sent: Wednesday, July 22, 2009 11:29 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] ProcessHistory filter > > > > Hello all RANCID people! > > > > I try to filter interface counters from output of Zyxel Prestige 791R ip > route status : > > - !IP ROUTE: default 01 0 mpoa01 172.17.100.1 2 > 00ab 0 409683 > > + !IP ROUTE: default 01 0 mpoa01 172.17.100.1 2 > 00ab 0 412140 > > > > using these definitions: > > > > if (/^(default)/) > > { ProcessHistory("","","","!IP ROUTE: default $1 $2$3 mpoa01 > $5$6<___>\n") && next; } > > > > but something wrong - i receive this: > > > > !IP ROUTE: default default mpoa01 <___> > > > > How I can correctly setup this filter? > > > > > > > > > > -- > Regards, > Alexandr Smirnov > +7(812)3468600 # 54682 > Head of Data Transmission Networks Monitoring Service > mailto:asmirnoff at office.beeline.ru > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Thu Jul 23 17:09:19 2009 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 23 Jul 2009 10:09:19 -0700 Subject: [rancid] Re: MPLS and Rancid In-Reply-To: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B172@zy-ex1.zyedge.local> References: <082FEA82DC985B4F8A6B412D5AC4E220019E3080@exchange.Equivoice.local> <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B172@zy-ex1.zyedge.local> Message-ID: <8423e7bb0907231009v16811a41pb478c729b8e3f5d7@mail.gmail.com> Todd, Ryan is correct, the usercmd patch would get you where you want. The patch was written by Ed Ravin. Here is a link to the patch and a nice little thread about how to use the patch. The only issue is the patch is quite old so you might have to do some adjustments. John, Is there any chance the usercmd can be added to the distro? -Lance 2009/7/23 Ryan West > Todd, > > > > I think you might be able to do what you want with usercmd patch, you might > need to search the archives for it. > > > > -ryan > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Todd Heide > *Sent:* Thursday, July 23, 2009 12:02 PM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] MPLS and Rancid > > > > I don?t know if this has been addressed yet, but I have a need for Rancid > to be able to access devices in an MPLS environment. > > What we have is a network of devices, some on MPLS that is reachable via a > share, and some that are completely autonomous from the rest of the network, > they have their own firewall in the colo and everything is reached through > that, unless you have access to a Core router, and can then reach them > through their VRF. > > What I was thinking is if there is a way for Rancid to log into a Core > router, and then from there, ssh or telnet, depending on the Core router, to > the customers routers via the VRF commands. These would need to be done one > device at a time so it doesn?t overwhelm the core router with connections. > > Basically, Rancid logs into say 10.255.255.254, then issues, telnet > 10.255.254.2 /vrf testcase, logs into the device, does its Rancid thing, > logs out, then does it again for the next device on the list. This would be > something I would schedule to be done once a day, starting at 11 PM. > > Can it be done? > > > > Todd > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/6e1d7140/attachment.html From heas at shrubbery.net Thu Jul 23 18:34:33 2009 From: heas at shrubbery.net (john heasley) Date: Thu, 23 Jul 2009 11:34:33 -0700 Subject: [rancid] Re: MPLS and Rancid In-Reply-To: <8423e7bb0907231009v16811a41pb478c729b8e3f5d7@mail.gmail.com> References: <082FEA82DC985B4F8A6B412D5AC4E220019E3080@exchange.Equivoice.local> <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B172@zy-ex1.zyedge.local> <8423e7bb0907231009v16811a41pb478c729b8e3f5d7@mail.gmail.com> Message-ID: <20090723183433.GT29220@shrubbery.net> Thu, Jul 23, 2009 at 10:09:19AM -0700, Lance Vermilion: > Todd, > Ryan is correct, the usercmd patch would get you where you want. The patch > was written by Ed Ravin. Here is a link to the patch and a nice little > thread about how to use the patch. > > The only issue is the patch is quite old so you might have to do some > adjustments. > > John, > > Is there any chance the usercmd can be added to the distro? i stuck it on my todo/review list this morning. that is a long list though. > -Lance > > 2009/7/23 Ryan West > > > Todd, > > > > > > > > I think you might be able to do what you want with usercmd patch, you might > > need to search the archives for it. > > > > > > > > -ryan > > > > > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Todd Heide > > *Sent:* Thursday, July 23, 2009 12:02 PM > > *To:* rancid-discuss at shrubbery.net > > *Subject:* [rancid] MPLS and Rancid > > > > > > > > I don?t know if this has been addressed yet, but I have a need for Rancid > > to be able to access devices in an MPLS environment. > > > > What we have is a network of devices, some on MPLS that is reachable via a > > share, and some that are completely autonomous from the rest of the network, > > they have their own firewall in the colo and everything is reached through > > that, unless you have access to a Core router, and can then reach them > > through their VRF. > > > > What I was thinking is if there is a way for Rancid to log into a Core > > router, and then from there, ssh or telnet, depending on the Core router, to > > the customers routers via the VRF commands. These would need to be done one > > device at a time so it doesn?t overwhelm the core router with connections. > > > > Basically, Rancid logs into say 10.255.255.254, then issues, telnet > > 10.255.254.2 /vrf testcase, logs into the device, does its Rancid thing, > > logs out, then does it again for the next device on the list. This would be > > something I would schedule to be done once a day, starting at 11 PM. > > > > Can it be done? > > > > > > > > Todd > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From kristian at spritelink.net Thu Jul 23 19:13:28 2009 From: kristian at spritelink.net (Kristian Larsson) Date: Thu, 23 Jul 2009 21:13:28 +0200 Subject: [rancid] Re: Who made changes? In-Reply-To: <20090401220506.GZ7653@shrubbery.net> References: <200904012142.n31LgB9k029300@berserkly.xs4all.nl> <20090401220506.GZ7653@shrubbery.net> Message-ID: <20090723191328.GC72903@spritelink.se> On Wed, Apr 01, 2009 at 10:05:06PM +0000, john heasley wrote: > Wed, Apr 01, 2009 at 11:42:11PM +0200, Geert Jan de Groot: > > On Tue, 31 Mar 2009 13:07:47 -0500 K K wrote: > > > > There is only one thing I want to know: is it possible to show who made the > > > > changes in telnet? > > > If Paul makes one change at noon, then Peter logs in at 4PM and makes > > > two more, and then Rancid finally runs at 6PM, you'll get one change > > > email, showing the sum of all changes and (usually) showing that Peter > > > was the last one to make a change. > > > > At the place where I hope to implement rancid (restrictions are > > political, not technical, as usual), the network is set up > > in such a way that operators do not have passwords of the devices > > they manage. They log in (with their own password) in a subsystem > > which, if allowed, will log in the operator automatically. > > > > Advantage is that if persons leave the company, they don't know passwords > > and no passwords need to be changed. > > you can do that, at least for ciscos, with AAA and automate the change of > the in-configuration/failsafe passwords, since the "in-config" passwords > are only used when the AAA server is inaccessible. > > > Current line of thought is to have the logout event trigger a rancid run > > on the device people just logged into. > > folks have done that; I think I mentioned it in the FAQ Just a headsup.. your rancid user will log in to.. and then log out, so be sure not to trigger the config fetch on when the rancid user logs out ;) A lot of platforms instead have something to tell when the device was configured, IOS has "Configured from console by ...", JUNOS has a syslog message for when the configuration was commited and the same goes for IOS XR. I've built a system where we use that syslog message to trigger a config fetch and we thus get very granular configuration backups / diff mails. //Kristian -- Kristian Larsson KLL-RIPE +46 704 910401 kll at spritelink.net From don.t.roeun at us.army.mil Fri Jul 24 10:47:48 2009 From: don.t.roeun at us.army.mil (Roeun, Don T Mr CTR USA HRC) Date: Fri, 24 Jul 2009 06:47:48 -0400 Subject: [rancid] Re: Nortel Alteons (UNCLASSIFIED) In-Reply-To: <20090723174228.GH29220@shrubbery.net> References: <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B176@zy-ex1.zyedge.local> <20090723174228.GH29220@shrubbery.net> Message-ID: Classification: UNCLASSIFIED Caveats: NONE Thanks for chiming in John. You're right, I'm using 2.3.2 + expect 5.40. Should I upgrade rancid in addition to the expect patch? I checked this morning and everything went through, although I didn't make any changes. Thanks for the help from everyone. -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Thursday, July 23, 2009 1:42 PM To: Ryan West Cc: Roeun, Don T Mr CTR USA HRC; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Nortel Alteons (UNCLASSIFIED) Thu, Jul 23, 2009 at 12:11:16PM -0400, Ryan West: > Hey Don. Long time, how is everything? > > Does it work every time if it's called from 'rancid-run -r '. I have the same issue going on with an F5. Is the config substantially larger on those two Alteon boxes? you must be using rancid 2.3.2. if you have solaris or linux and are using expect 5.40 or newer, you must use the expect patch/hack from http://www.shrubbery.net/rancid/#osystems. if you have inconsistent behavior, dollars to donuts this is your problem. after that/those issues; if you still have failures, then look at the log file for the group(s) with problems and resolve any errors that appear there and see the FAQ for typical errors, fixes and tests. if you still have failures, post here and include the log msgs for the group, output of your *login test as described in section 3 of the faq, and any other useful o/p you have from testing. .cloginrc is used by all of the scripts. see clogin(1) and cloginrc(5). rancid-run -r won't produce output unless there is an error in the script itself. otherwise, its just like running rancid-run, it just processes the single device specified in -r's argument, diffs are sent and a log file is created. > -ryan > > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Roeun, Don > T Mr CTR USA HRC > Sent: Thursday, July 23, 2009 10:07 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Nortel Alteons (UNCLASSIFIED) > > > Classification: UNCLASSIFIED > Caveats: NONE > > > We have a total of 14 Nortel Alteons, and clogin fails on a couple of them. I tried testing with bin/clogin 5x in a row and it is hit or miss, sometimes it works and sometimes it doesn't. I can see the username get filled in but not the password. When it fails with clogin, I can always connect straight to the device from the rancid box outside of clogin using the same credentials. I tested it 5 times on a single device & it worked once or twice. This is only happening on 2 of the 14 Alteons that we have. Any thoughts? > > cloginrc: > > #Alteons# > > add user a184-* {password} > > add userprompt a184-* {"Enter radius username"} > > add userpassword a184-* {password} > > add passprompt a184-* {"Enter radius password"} > > log: > > a184-dmz13: missed cmd(s): /info/sys,/cfg/dump > > > a184-dmz13: End of run not found > > > /* > > > a184-dmz14: missed cmd(s): /info/sys,/cfg/dump > > > a184-dmz14: End of run not found > > > > Classification: UNCLASSIFIED > Caveats: NONE > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss Classification: UNCLASSIFIED Caveats: NONE From don.t.roeun at us.army.mil Fri Jul 24 17:30:08 2009 From: don.t.roeun at us.army.mil (Roeun, Don T Mr CTR USA HRC) Date: Fri, 24 Jul 2009 13:30:08 -0400 Subject: [rancid] CatOS (UNCLASSIFIED) Message-ID: Classification: UNCLASSIFIED Caveats: NONE Is there a way to backup non-default configurations only on CatOS switches? I think what's happening is that when users connect & disconnect ports, it changes a few variable metrics such as STP cost & prints them in "show running-config all" or "write term all". This causes cvsweb to see it as a change. I would like it to diff "show running-config" or just "write term" instead. Are there any changes that I can make? Thanks! Don Classification: UNCLASSIFIED Caveats: NONE -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090724/1410b24b/attachment.html From mike.shriver at gmail.com Thu Jul 23 19:40:38 2009 From: mike.shriver at gmail.com (Michael Shriver) Date: Thu, 23 Jul 2009 15:40:38 -0400 Subject: [rancid] Nexus 7000 & RANCID Message-ID: <40885a100907231240l2a1dce6fnba3821ac453ff5e2@mail.gmail.com> I'd be interested in taking a look at what you have hacked up for the NX-OS, if possible. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090723/47e7cbec/attachment.html From pmccloud at enventis.com Fri Jul 24 13:23:30 2009 From: pmccloud at enventis.com (Pat McCloud) Date: Fri, 24 Jul 2009 08:23:30 -0500 Subject: [rancid] Backing up Rancid and CVS Message-ID: <000601ca0c61$efff2fc0$cffd8f40$@com> I have a new Rancid install that I need to move to a new server. I figured this would be a good time to develop and test a backup/restore procedure. For Rancid I would just need to backup the config files, move them to the new install and set up the cron job again correct? What about for the CVS archive? Is there a way to back it up, or export and import it on the new server? Thanks, Pat -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090724/6c241f08/attachment.html From 2009 at tybox.net Sat Jul 25 15:14:53 2009 From: 2009 at tybox.net (Josh Rogers) Date: Sat, 25 Jul 2009 10:14:53 -0500 Subject: [rancid] launchd and rancid In-Reply-To: <773ce9810907250701l63867be9g8a4eaabbf37aafe@mail.gmail.com> References: <773ce9810907250701l63867be9g8a4eaabbf37aafe@mail.gmail.com> Message-ID: <773ce9810907250814t4d4f5875y49b0c348309a610c@mail.gmail.com> I'm trying to get launchd to start rancid daily, but have had a lot of trouble (assuredly because of my inexperience with launchd). Launchd is launching the process, and log files are being written as www (the correct user), but when I look at the log file, this is at the top of it: Trying to get all of the configs. can't read "env(HOME)": no such variable I believe this is because the environment isn't set up properly. If I run rancid-run from the command line (bash) "sudo -u www rancid-run" it runs fine. I'd really appreciate some direction on how to fix this. -Josh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090725/e034d9a5/attachment.html From giesen at snickers.org Sat Jul 25 18:40:12 2009 From: giesen at snickers.org (Gary T. Giesen) Date: Sat, 25 Jul 2009 14:40:12 -0400 Subject: [rancid] Re: MPLS and Rancid In-Reply-To: <20090723183433.GT29220@shrubbery.net> References: <082FEA82DC985B4F8A6B412D5AC4E220019E3080@exchange.Equivoice.local> <6E21B2BDEF6E714EA0B5BA8D5D0E1401248380B172@zy-ex1.zyedge.local> <8423e7bb0907231009v16811a41pb478c729b8e3f5d7@mail.gmail.com> <20090723183433.GT29220@shrubbery.net> Message-ID: <9a9d0c6a0907251140p12431870r4bfefdec772eef0c@mail.gmail.com> Is there anything that the community can help with to speed it up? Creating current patches for all *login files? Patching manpages? I'm already considering doing all of this for my Fedora/EPEL package, as the usercmd functionality is essential for my purposes. GG On 7/23/09, john heasley wrote: > Thu, Jul 23, 2009 at 10:09:19AM -0700, Lance Vermilion: >> Todd, >> Ryan is correct, the usercmd patch would get you where you want. The patch >> was written by Ed Ravin. Here is a link to the patch and a nice little >> thread about how to use the patch. >> >> The only issue is the patch is quite old so you might have to do some >> adjustments. >> >> John, >> >> Is there any chance the usercmd can be added to the distro? > > i stuck it on my todo/review list this morning. that is a long list though. > >> -Lance >> >> 2009/7/23 Ryan West >> >> > Todd, >> > >> > >> > >> > I think you might be able to do what you want with usercmd patch, you >> > might >> > need to search the archives for it. >> > >> > >> > >> > -ryan >> > >> > >> > >> > *From:* rancid-discuss-bounces at shrubbery.net [mailto: >> > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Todd Heide >> > *Sent:* Thursday, July 23, 2009 12:02 PM >> > *To:* rancid-discuss at shrubbery.net >> > *Subject:* [rancid] MPLS and Rancid >> > >> > >> > >> > I don?t know if this has been addressed yet, but I have a need for >> > Rancid >> > to be able to access devices in an MPLS environment. >> > >> > What we have is a network of devices, some on MPLS that is reachable via >> > a >> > share, and some that are completely autonomous from the rest of the >> > network, >> > they have their own firewall in the colo and everything is reached >> > through >> > that, unless you have access to a Core router, and can then reach them >> > through their VRF. >> > >> > What I was thinking is if there is a way for Rancid to log into a Core >> > router, and then from there, ssh or telnet, depending on the Core >> > router, to >> > the customers routers via the VRF commands. These would need to be done >> > one >> > device at a time so it doesn?t overwhelm the core router with >> > connections. >> > >> > Basically, Rancid logs into say 10.255.255.254, then issues, telnet >> > 10.255.254.2 /vrf testcase, logs into the device, does its Rancid thing, >> > logs out, then does it again for the next device on the list. This would >> > be >> > something I would schedule to be done once a day, starting at 11 PM. >> > >> > Can it be done? >> > >> > >> > >> > Todd >> > >> > _______________________________________________ >> > Rancid-discuss mailing list >> > Rancid-discuss at shrubbery.net >> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From rancid at ale.cx Sat Jul 25 18:45:51 2009 From: rancid at ale.cx (alex) Date: Sat, 25 Jul 2009 19:45:51 +0100 Subject: [rancid] Re: launchd and rancid In-Reply-To: <773ce9810907250814t4d4f5875y49b0c348309a610c@mail.gmail.com> References: <773ce9810907250701l63867be9g8a4eaabbf37aafe@mail.gmail.com> <773ce9810907250814t4d4f5875y49b0c348309a610c@mail.gmail.com> Message-ID: <200907251945.52177.rancid@ale.cx> On Saturday 25 July 2009 16:14:53 Josh Rogers wrote: > Trying to get all of the configs. > can't read "env(HOME)": no such variable > > I believe this is because the environment isn't set up properly. If I > run rancid-run from the command line (bash) "sudo -u www rancid-run" > it runs fine. I've got no idea what launchd is, but put "sudo -u www rancid-run" in a bash script and call that from launchd? alexd From daniel.medina at gmail.com Sat Jul 25 19:24:37 2009 From: daniel.medina at gmail.com (Daniel Medina) Date: Sat, 25 Jul 2009 15:24:37 -0400 Subject: [rancid] Re: launchd and rancid In-Reply-To: <773ce9810907250814t4d4f5875y49b0c348309a610c@mail.gmail.com> References: <773ce9810907250701l63867be9g8a4eaabbf37aafe@mail.gmail.com> <773ce9810907250814t4d4f5875y49b0c348309a610c@mail.gmail.com> Message-ID: <20090725192437.GA42597@monkey.local> On Sat, Jul 25, 2009 at 10:14:53AM -0500, Josh Rogers wrote: > I'm trying to get launchd to start rancid daily, but have had a lot of > trouble (assuredly because of my inexperience with launchd). Launchd > is launching the process, and log files are being written as www (the > correct user), but when I look at the log file, this is at the top of > it: > > Trying to get all of the configs. > can't read "env(HOME)": no such variable > > I believe this is because the environment isn't set up properly. If I > run rancid-run from the command line (bash) "sudo -u www rancid-run" > it runs fine. What does $ launchctl export say? HOME is one of the variables that's usually set for you, EX: PATH="/usr/bin:/bin:/usr/sbin:/sbin"; export PATH; TMPDIR="/var/folders/0p/0pdl6kW0HyGu7FSWcApHrU+++TI/-Tmp-/"; export TMPDIR; SHELL="/bin/bash"; export SHELL; HOME="/Users/medina"; export HOME; USER="medina"; export USER; LOGNAME="medina"; export LOGNAME; Optionally, you could make a shell springboard, EX: #!/bin/bash # debug env(HOME) setting problem HOME=/Users/homedir export HOME /usr/bin/printenv > /tmp/printenv.log /Path/to/rancid-run and then run that shell script from launchd. -- Daniel Medina From 2009 at tybox.net Sun Jul 26 02:10:38 2009 From: 2009 at tybox.net (Josh Rogers) Date: Sat, 25 Jul 2009 21:10:38 -0500 Subject: [rancid] Re: launchd and rancid In-Reply-To: <773ce9810907251909v5dedeb8cq266fa352eb335d2f@mail.gmail.com> References: <773ce9810907250701l63867be9g8a4eaabbf37aafe@mail.gmail.com> <773ce9810907250814t4d4f5875y49b0c348309a610c@mail.gmail.com> <20090725192437.GA42597@monkey.local> <773ce9810907251909v5dedeb8cq266fa352eb335d2f@mail.gmail.com> Message-ID: <773ce9810907251910u7bb5f28bw4faf04da0fb6012d@mail.gmail.com> So, when I run launchctl export as any user, I see the $HOME var set correctly, but as root it ONLY includes $PATH. This should be no big deal since I'm running the plist as www. Here is the plist (I'm new to launchd, so this may be completely wrong). its currently disabled because its not running correctly, but other than that, can you see anything wrong with it that would cause my problem? Disabled Label Rancid Nice 1 OnDemand ProgramArguments /bin/sh -c /opt/local/libexec/rancid/rancid-run -m user at domain.com StartCalendarInterval Hour 6 Minute 26 StartInterval 43200 UserName www On Sat, Jul 25, 2009 at 2:24 PM, Daniel Medina wrote: > On Sat, Jul 25, 2009 at 10:14:53AM -0500, Josh Rogers wrote: > > I'm trying to get launchd to start rancid daily, but have had a lot of > > trouble (assuredly because of my inexperience with launchd). Launchd > > is launching the process, and log files are being written as www (the > > correct user), but when I look at the log file, this is at the top of > > it: > > > > Trying to get all of the configs. > > can't read "env(HOME)": no such variable > > > > I believe this is because the environment isn't set up properly. If I > > run rancid-run from the command line (bash) "sudo -u www rancid-run" > > it runs fine. > > What does > > $ launchctl export > > say? HOME is one of the variables that's usually set for you, EX: > > PATH="/usr/bin:/bin:/usr/sbin:/sbin"; export PATH; > TMPDIR="/var/folders/0p/0pdl6kW0HyGu7FSWcApHrU+++TI/-Tmp-/"; export > TMPDIR; > SHELL="/bin/bash"; export SHELL; > HOME="/Users/medina"; export HOME; > USER="medina"; export USER; > LOGNAME="medina"; export LOGNAME; > > Optionally, you could make a shell springboard, EX: > > #!/bin/bash > # debug env(HOME) setting problem > > HOME=/Users/homedir > export HOME > /usr/bin/printenv > /tmp/printenv.log > /Path/to/rancid-run > > and then run that shell script from launchd. > > -- > Daniel Medina > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090725/8030a890/attachment.html From 2009 at tybox.net Sun Jul 26 21:31:17 2009 From: 2009 at tybox.net (Josh Rogers) Date: Sun, 26 Jul 2009 16:31:17 -0500 Subject: [rancid] Re: launchd and rancid In-Reply-To: <20090726115011.GA45450@monkey.local> References: <773ce9810907250701l63867be9g8a4eaabbf37aafe@mail.gmail.com> <773ce9810907250814t4d4f5875y49b0c348309a610c@mail.gmail.com> <20090725192437.GA42597@monkey.local> <773ce9810907251909v5dedeb8cq266fa352eb335d2f@mail.gmail.com> <20090726115011.GA45450@monkey.local> Message-ID: <773ce9810907261431y7afd5ca9jc90200801101f89d@mail.gmail.com> Using your springboard script did the trick. Thanks so much for the help, I've been struggling w/this for a bit now. -Josh Ogden Nash - "The trouble with a kitten is that when it grows up, it's always a cat." On Sun, Jul 26, 2009 at 6:50 AM, Daniel Medina wrote: > On Sat, Jul 25, 2009 at 09:09:50PM -0500, Josh Rogers wrote: > > So, when I run launchctl export as any user, I see the $HOME var set > > correctly, but as root it ONLY includes $PATH. > > > > This should be no big deal since I'm running the plist as www. > > > > Here is the plist (I'm new to launchd, so this may be completely wrong). > > its currently disabled because its not running correctly, but other than > > that, can you see anything wrong with it that would cause my problem? > > I would strongly suggest wrapping up what you have in a shell springboard, > EX: > > $ cat rancid-springboard.sh > #!/bin/bash > > HOME=/Path/to/homedir > export HOME > > # Test what we have in our env > printenv > /tmp/rancid-springboard.log > > /opt/local/libexec/rancid/rancid-run -m user at domain.com > > and then replace ProgramArguments in your plist. This way you have a bit > more control over the env outside of whatever launchd is doing. > > Let me know how it goes... > > > > > > http://www.apple.com/DTDs/PropertyList-1.0.dtd"> > > > > > > Disabled > > > > Label > > Rancid > > Nice > > 1 > > OnDemand > > > > ProgramArguments > > > > /bin/sh > > -c > > /opt/local/libexec/rancid/rancid-run > > -m > > user at domain.com > > > > StartCalendarInterval > > > > Hour > > 6 > > Minute > > 26 > > > > StartInterval > > 43200 > > UserName > > www > > > > > > -- > Daniel Medina > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090726/93913d2c/attachment.html From silverfox541 at gmail.com Sat Jul 25 14:01:17 2009 From: silverfox541 at gmail.com (Josh Rogers) Date: Sat, 25 Jul 2009 09:01:17 -0500 Subject: [rancid] launchd and rancid Message-ID: <773ce9810907250701l63867be9g8a4eaabbf37aafe@mail.gmail.com> I'm trying to get launchd to start rancid daily, but have had a lot of trouble (assuredly because of my inexperience with launchd).? Launchd is launching the process, and log files are being written as www (the correct user), but when I look at the log file, this is at the top of it: Trying to get all of the configs. can't read "env(HOME)": no such variable I believe this is because the environment isn't set up properly. If I run rancid-run from the command line (bash) "sudo -u www rancid-run" it runs fine. I'd really appreciate some direction on how to fix this. -Josh From heas at shrubbery.net Wed Jul 29 08:18:51 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 29 Jul 2009 08:18:51 +0000 Subject: [rancid] Re: Backing up Rancid and CVS In-Reply-To: <000601ca0c61$efff2fc0$cffd8f40$@com> References: <000601ca0c61$efff2fc0$cffd8f40$@com> Message-ID: <20090729081851.GF2038@shrubbery.net> Fri, Jul 24, 2009 at 08:23:30AM -0500, Pat McCloud: > I have a new Rancid install that I need to move to a new server. I figured > this would be a good time to develop and test a backup/restore procedure. > > > > For Rancid I would just need to backup the config files, move them to the > new install and set up the cron job again correct? > > > > What about for the CVS archive? Is there a way to back it up, or export and > import it on the new server? it should be possible to just tar the directory and extract it on the new machine. if paths change, you'll have to check-out new copies of the group directories. From smunzani at comcast.net Wed Jul 29 19:00:45 2009 From: smunzani at comcast.net (Sam Munzani) Date: Wed, 29 Jul 2009 14:00:45 -0500 Subject: [rancid] End of run not found... Running rancid 2.3.2 version Message-ID: <4A709C5D.1090702@comcast.net> Team, Can you please point me to right direction of troubleshooting? This is a very simple thing. A cisco router configured for rancid. no autoenable. clogin to the device works fine. However rancid script keeps giving me end of run not found error. When I run "show run" it clearly shows key word "end" at the end of config. Don't know why the script is not catching it. clogin -c "show run" lab-rtr1 works fine and the last line I see is end. Below is debug output. $: rancid -d lab-rtr1 executing clogin -t 90 -c"admin show version;show version;show redundancy secondary;show idprom backplane;show install active;admin show env all;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;admin show variables boot;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show diag;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;more system:running-config;show running-config;write term" lab-rtr1 PROMPT MATCH: lab-rtr1# HIT COMMAND:lab-rtr1#admin show version In ShowVersion: lab-rtr1#admin show version HIT COMMAND:lab-rtr1#show version In ShowVersion: lab-rtr1#show version TYPE = WS-C6509-E HIT COMMAND:lab-rtr1#show redundancy secondary In ShowRedundancy: lab-rtr1#show redundancy secondary HIT COMMAND:lab-rtr1#show idprom backplane In ShowIDprom: lab-rtr1#show idprom backplane HIT COMMAND:lab-rtr1#show install active In ShowInstallActive: lab-rtr1#show install active HIT COMMAND:lab-rtr1#admin show env all In ShowEnv: lab-rtr1#admin show env all HIT COMMAND:lab-rtr1#show env all In ShowEnv: lab-rtr1#show env all HIT COMMAND:lab-rtr1#show rsp chassis-info In ShowRSP: lab-rtr1#show rsp chassis-info HIT COMMAND:lab-rtr1#show gsr chassis In ShowGSR: lab-rtr1#show gsr chassis HIT COMMAND:lab-rtr1#show diag chassis-info In ShowGSR: lab-rtr1#show diag chassis-info HIT COMMAND:lab-rtr1#show boot In ShowBoot: lab-rtr1#show boot HIT COMMAND:lab-rtr1#show bootvar In ShowBoot: lab-rtr1#show bootvar HIT COMMAND:lab-rtr1#admin show variables boot In ShowBoot: lab-rtr1#admin show variables boot HIT COMMAND:lab-rtr1#show variables boot In ShowBoot: lab-rtr1#show variables boot HIT COMMAND:lab-rtr1#show flash In ShowFlash: lab-rtr1#show flash HIT COMMAND:lab-rtr1#dir /all nvram: In DirSlotN: lab-rtr1#dir /all nvram: HIT COMMAND:lab-rtr1#dir /all bootflash: In DirSlotN: lab-rtr1#dir /all bootflash: HIT COMMAND:lab-rtr1#dir /all slot0: In DirSlotN: lab-rtr1#dir /all slot0: HIT COMMAND:lab-rtr1#dir /all disk0: In DirSlotN: lab-rtr1#dir /all disk0: HIT COMMAND:lab-rtr1#dir /all slot1: In DirSlotN: lab-rtr1#dir /all slot1: HIT COMMAND:lab-rtr1#dir /all disk1: In DirSlotN: lab-rtr1#dir /all disk1: HIT COMMAND:lab-rtr1#dir /all slot2: In DirSlotN: lab-rtr1#dir /all slot2: HIT COMMAND:lab-rtr1#dir /all disk2: In DirSlotN: lab-rtr1#dir /all disk2: HIT COMMAND:lab-rtr1#dir /all harddisk: In DirSlotN: lab-rtr1#dir /all harddisk: HIT COMMAND:lab-rtr1#dir /all harddiska: In DirSlotN: lab-rtr1#dir /all harddiska: HIT COMMAND:lab-rtr1#dir /all harddiskb: In DirSlotN: lab-rtr1#dir /all harddiskb: HIT COMMAND:lab-rtr1#dir /all sup-bootflash: In DirSlotN: lab-rtr1#dir /all sup-bootflash: HIT COMMAND:lab-rtr1#dir /all sup-microcode: In DirSlotN: lab-rtr1#dir /all sup-microcode: HIT COMMAND:lab-rtr1#dir /all slavenvram: In DirSlotN: lab-rtr1#dir /all slavenvram: HIT COMMAND:lab-rtr1#dir /all slavebootflash: In DirSlotN: lab-rtr1#dir /all slavebootflash: HIT COMMAND:lab-rtr1#dir /all slaveslot0: In DirSlotN: lab-rtr1#dir /all slaveslot0: HIT COMMAND:lab-rtr1#dir /all slavedisk0: In DirSlotN: lab-rtr1#dir /all slavedisk0: HIT COMMAND:lab-rtr1#dir /all slaveslot1: In DirSlotN: lab-rtr1#dir /all slaveslot1: HIT COMMAND:lab-rtr1#dir /all slavedisk1: In DirSlotN: lab-rtr1#dir /all slavedisk1: HIT COMMAND:lab-rtr1#dir /all slaveslot2: In DirSlotN: lab-rtr1#dir /all slaveslot2: HIT COMMAND:lab-rtr1#dir /all slavedisk2: In DirSlotN: lab-rtr1#dir /all slavedisk2: HIT COMMAND:lab-rtr1#dir /all slavesup-bootflash: In DirSlotN: lab-rtr1#dir /all slavesup-bootflash: HIT COMMAND:lab-rtr1#dir /all sec-nvram: In DirSlotN: lab-rtr1#dir /all sec-nvram: HIT COMMAND:lab-rtr1#dir /all sec-bootflash: In DirSlotN: lab-rtr1#dir /all sec-bootflash: HIT COMMAND:lab-rtr1#dir /all sec-slot0: In DirSlotN: lab-rtr1#dir /all sec-slot0: HIT COMMAND:lab-rtr1#dir /all sec-disk0: In DirSlotN: lab-rtr1#dir /all sec-disk0: HIT COMMAND:lab-rtr1#dir /all sec-slot1: In DirSlotN: lab-rtr1#dir /all sec-slot1: HIT COMMAND:lab-rtr1#dir /all sec-disk1: In DirSlotN: lab-rtr1#dir /all sec-disk1: HIT COMMAND:lab-rtr1#dir /all sec-slot2: In DirSlotN: lab-rtr1#dir /all sec-slot2: HIT COMMAND:lab-rtr1#dir /all sec-disk2: In DirSlotN: lab-rtr1#dir /all sec-disk2: HIT COMMAND:lab-rtr1#show controllers In ShowContAll: lab-rtr1#show controllers HIT COMMAND:lab-rtr1#show controllers cbus In ShowContCbus: lab-rtr1#show controllers cbus HIT COMMAND:lab-rtr1#show diagbus In ShowDiagbus: lab-rtr1#show diagbus HIT COMMAND:lab-rtr1#admin show diag In ShowDiag: lab-rtr1#admin show diag HIT COMMAND:lab-rtr1#show diag In ShowDiag: lab-rtr1#show diag HIT COMMAND:lab-rtr1#show module In ShowModule: lab-rtr1#show module HIT COMMAND:lab-rtr1#show spe version In ShowSpeVersion: lab-rtr1#show spe version HIT COMMAND:lab-rtr1#show c7200 In ShowC7200: lab-rtr1#show c7200 HIT COMMAND:lab-rtr1#show inventory raw In ShowInventory: lab-rtr1#show inventory raw HIT COMMAND:lab-rtr1#show vtp status In ShowVTP: lab-rtr1#show vtp status HIT COMMAND:lab-rtr1#show vlan In ShowVLAN: lab-rtr1#show vlan HIT COMMAND:lab-rtr1#show vlan-switch In ShowVLAN: lab-rtr1#show vlan-switch HIT COMMAND:lab-rtr1#show debug In ShowDebug: lab-rtr1#show debug HIT COMMAND:lab-rtr1#more system:running-config In WriteTerm: lab-rtr1#more system:running-config lab-rtr1: missed cmd(s): write term,show running-config lab-rtr1: missed cmd(s): write term,show running-config lab-rtr1: End of run not found lab-rtr1: End of run not found ! From rancid at gheek.net Wed Jul 29 19:19:08 2009 From: rancid at gheek.net (Lance Vermilion) Date: Wed, 29 Jul 2009 12:19:08 -0700 Subject: [rancid] Re: End of run not found... Running rancid 2.3.2 version In-Reply-To: <4A709C5D.1090702@comcast.net> References: <4A709C5D.1090702@comcast.net> Message-ID: <8423e7bb0907291219n45d3c492je4a1810a42e11250@mail.gmail.com> Sam, Has rancid ever ran successful against this router before? Make sure you are running rancid as the same user as it would run via cron. Make sure the environmentals are the same. -lance On Wed, Jul 29, 2009 at 12:00 PM, Sam Munzani wrote: > Team, > > > Can you please point me to right direction of troubleshooting? This is a > very simple thing. A cisco router configured for rancid. no autoenable. > clogin to the device works fine. However rancid script keeps giving me > end of run not found error. When I run "show run" it clearly shows key > word "end" at the end of config. Don't know why the script is not > catching it. > > clogin -c "show run" lab-rtr1 works fine and the last line I see is end. > > Below is debug output. > $: rancid -d lab-rtr1 > executing clogin -t 90 -c"admin show version;show version;show > redundancy secondary;show idprom backplane;show install active;admin > show env all;show env all;show rsp chassis-info;show gsr chassis;show > diag chassis-info;show boot;show bootvar;admin show variables boot;show > variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all > slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all > slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all > harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all > slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all > slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all > slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all > sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all > sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all > sec-slot2:;dir /all sec-disk2:;show controllers;show controllers > cbus;show diagbus;admin show diag;show diag;show module;show spe > version;show c7200;show inventory raw;show vtp status;show vlan;show > vlan-switch;show debug;more system:running-config;show > running-config;write term" lab-rtr1 > PROMPT MATCH: lab-rtr1# > HIT COMMAND:lab-rtr1#admin show version > In ShowVersion: lab-rtr1#admin show version > HIT COMMAND:lab-rtr1#show version > In ShowVersion: lab-rtr1#show version > TYPE = WS-C6509-E > HIT COMMAND:lab-rtr1#show redundancy secondary > In ShowRedundancy: lab-rtr1#show redundancy secondary > HIT COMMAND:lab-rtr1#show idprom backplane > In ShowIDprom: lab-rtr1#show idprom backplane > HIT COMMAND:lab-rtr1#show install active > In ShowInstallActive: lab-rtr1#show install active > HIT COMMAND:lab-rtr1#admin show env all > In ShowEnv: lab-rtr1#admin show env all > HIT COMMAND:lab-rtr1#show env all > In ShowEnv: lab-rtr1#show env all > HIT COMMAND:lab-rtr1#show rsp chassis-info > In ShowRSP: lab-rtr1#show rsp chassis-info > HIT COMMAND:lab-rtr1#show gsr chassis > In ShowGSR: lab-rtr1#show gsr chassis > HIT COMMAND:lab-rtr1#show diag chassis-info > In ShowGSR: lab-rtr1#show diag chassis-info > HIT COMMAND:lab-rtr1#show boot > In ShowBoot: lab-rtr1#show boot > HIT COMMAND:lab-rtr1#show bootvar > In ShowBoot: lab-rtr1#show bootvar > HIT COMMAND:lab-rtr1#admin show variables boot > In ShowBoot: lab-rtr1#admin show variables boot > HIT COMMAND:lab-rtr1#show variables boot > In ShowBoot: lab-rtr1#show variables boot > HIT COMMAND:lab-rtr1#show flash > In ShowFlash: lab-rtr1#show flash > HIT COMMAND:lab-rtr1#dir /all nvram: > In DirSlotN: lab-rtr1#dir /all nvram: > HIT COMMAND:lab-rtr1#dir /all bootflash: > In DirSlotN: lab-rtr1#dir /all bootflash: > HIT COMMAND:lab-rtr1#dir /all slot0: > In DirSlotN: lab-rtr1#dir /all slot0: > HIT COMMAND:lab-rtr1#dir /all disk0: > In DirSlotN: lab-rtr1#dir /all disk0: > HIT COMMAND:lab-rtr1#dir /all slot1: > In DirSlotN: lab-rtr1#dir /all slot1: > HIT COMMAND:lab-rtr1#dir /all disk1: > In DirSlotN: lab-rtr1#dir /all disk1: > HIT COMMAND:lab-rtr1#dir /all slot2: > In DirSlotN: lab-rtr1#dir /all slot2: > HIT COMMAND:lab-rtr1#dir /all disk2: > In DirSlotN: lab-rtr1#dir /all disk2: > HIT COMMAND:lab-rtr1#dir /all harddisk: > In DirSlotN: lab-rtr1#dir /all harddisk: > HIT COMMAND:lab-rtr1#dir /all harddiska: > In DirSlotN: lab-rtr1#dir /all harddiska: > HIT COMMAND:lab-rtr1#dir /all harddiskb: > In DirSlotN: lab-rtr1#dir /all harddiskb: > HIT COMMAND:lab-rtr1#dir /all sup-bootflash: > In DirSlotN: lab-rtr1#dir /all sup-bootflash: > HIT COMMAND:lab-rtr1#dir /all sup-microcode: > In DirSlotN: lab-rtr1#dir /all sup-microcode: > HIT COMMAND:lab-rtr1#dir /all slavenvram: > In DirSlotN: lab-rtr1#dir /all slavenvram: > HIT COMMAND:lab-rtr1#dir /all slavebootflash: > In DirSlotN: lab-rtr1#dir /all slavebootflash: > HIT COMMAND:lab-rtr1#dir /all slaveslot0: > In DirSlotN: lab-rtr1#dir /all slaveslot0: > HIT COMMAND:lab-rtr1#dir /all slavedisk0: > In DirSlotN: lab-rtr1#dir /all slavedisk0: > HIT COMMAND:lab-rtr1#dir /all slaveslot1: > In DirSlotN: lab-rtr1#dir /all slaveslot1: > HIT COMMAND:lab-rtr1#dir /all slavedisk1: > In DirSlotN: lab-rtr1#dir /all slavedisk1: > HIT COMMAND:lab-rtr1#dir /all slaveslot2: > In DirSlotN: lab-rtr1#dir /all slaveslot2: > HIT COMMAND:lab-rtr1#dir /all slavedisk2: > In DirSlotN: lab-rtr1#dir /all slavedisk2: > HIT COMMAND:lab-rtr1#dir /all slavesup-bootflash: > In DirSlotN: lab-rtr1#dir /all slavesup-bootflash: > HIT COMMAND:lab-rtr1#dir /all sec-nvram: > In DirSlotN: lab-rtr1#dir /all sec-nvram: > HIT COMMAND:lab-rtr1#dir /all sec-bootflash: > In DirSlotN: lab-rtr1#dir /all sec-bootflash: > HIT COMMAND:lab-rtr1#dir /all sec-slot0: > In DirSlotN: lab-rtr1#dir /all sec-slot0: > HIT COMMAND:lab-rtr1#dir /all sec-disk0: > In DirSlotN: lab-rtr1#dir /all sec-disk0: > HIT COMMAND:lab-rtr1#dir /all sec-slot1: > In DirSlotN: lab-rtr1#dir /all sec-slot1: > HIT COMMAND:lab-rtr1#dir /all sec-disk1: > In DirSlotN: lab-rtr1#dir /all sec-disk1: > HIT COMMAND:lab-rtr1#dir /all sec-slot2: > In DirSlotN: lab-rtr1#dir /all sec-slot2: > HIT COMMAND:lab-rtr1#dir /all sec-disk2: > In DirSlotN: lab-rtr1#dir /all sec-disk2: > HIT COMMAND:lab-rtr1#show controllers > In ShowContAll: lab-rtr1#show controllers > HIT COMMAND:lab-rtr1#show controllers cbus > In ShowContCbus: lab-rtr1#show controllers cbus > HIT COMMAND:lab-rtr1#show diagbus > In ShowDiagbus: lab-rtr1#show diagbus > HIT COMMAND:lab-rtr1#admin show diag > In ShowDiag: lab-rtr1#admin show diag > HIT COMMAND:lab-rtr1#show diag > In ShowDiag: lab-rtr1#show diag > HIT COMMAND:lab-rtr1#show module > In ShowModule: lab-rtr1#show module > HIT COMMAND:lab-rtr1#show spe version > In ShowSpeVersion: lab-rtr1#show spe version > HIT COMMAND:lab-rtr1#show c7200 > In ShowC7200: lab-rtr1#show c7200 > HIT COMMAND:lab-rtr1#show inventory raw > In ShowInventory: lab-rtr1#show inventory raw > HIT COMMAND:lab-rtr1#show vtp status > In ShowVTP: lab-rtr1#show vtp status > HIT COMMAND:lab-rtr1#show vlan > In ShowVLAN: lab-rtr1#show vlan > HIT COMMAND:lab-rtr1#show vlan-switch > In ShowVLAN: lab-rtr1#show vlan-switch > HIT COMMAND:lab-rtr1#show debug > In ShowDebug: lab-rtr1#show debug > HIT COMMAND:lab-rtr1#more system:running-config > In WriteTerm: lab-rtr1#more system:running-config > lab-rtr1: missed cmd(s): write term,show running-config > lab-rtr1: missed cmd(s): write term,show running-config > lab-rtr1: End of run not found > lab-rtr1: End of run not found > ! > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090729/6882018f/attachment.html From smunzani at comcast.net Wed Jul 29 19:43:08 2009 From: smunzani at comcast.net (Sam Munzani) Date: Wed, 29 Jul 2009 14:43:08 -0500 Subject: [rancid] Re: End of run not found... Running rancid 2.3.2 version In-Reply-To: <8423e7bb0907291219n45d3c492je4a1810a42e11250@mail.gmail.com> References: <4A709C5D.1090702@comcast.net> <8423e7bb0907291219n45d3c492je4a1810a42e11250@mail.gmail.com> Message-ID: <4A70A64C.2000304@comcast.net> I don't think rancid ever ran before on these devices. I am having issues running it manually(rancid -d device-name or rancid-run -r device-name). For some reason its not finding end of run so doesn't exit clean. However I don't know why it doesn't find it because I do see keywork "end" when type "show run" command upon clogin. I do clogin as same user as the rancid-run executer. Thanks, Sam > Sam, > > Has rancid ever ran successful against this router before? Make sure > you are running rancid as the same user as it would run via cron. Make > sure the environmentals are the same. > > -lance > > On Wed, Jul 29, 2009 at 12:00 PM, Sam Munzani > wrote: > > Team, > > > Can you please point me to right direction of troubleshooting? > This is a > very simple thing. A cisco router configured for rancid. no > autoenable. > clogin to the device works fine. However rancid script keeps giving me > end of run not found error. When I run "show run" it clearly shows key > word "end" at the end of config. Don't know why the script is not > catching it. > > clogin -c "show run" lab-rtr1 works fine and the last line I see > is end. > > Below is debug output. > $: rancid -d lab-rtr1 > executing clogin -t 90 -c"admin show version;show version;show > redundancy secondary;show idprom backplane;show install active;admin > show env all;show env all;show rsp chassis-info;show gsr chassis;show > diag chassis-info;show boot;show bootvar;admin show variables > boot;show > variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all > slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all > slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all > harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all > slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all > slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all > slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all > sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all > sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all > sec-slot2:;dir /all sec-disk2:;show controllers;show controllers > cbus;show diagbus;admin show diag;show diag;show module;show spe > version;show c7200;show inventory raw;show vtp status;show vlan;show > vlan-switch;show debug;more system:running-config;show > running-config;write term" lab-rtr1 > PROMPT MATCH: lab-rtr1# > HIT COMMAND:lab-rtr1#admin show version > In ShowVersion: lab-rtr1#admin show version > HIT COMMAND:lab-rtr1#show version > In ShowVersion: lab-rtr1#show version > TYPE = WS-C6509-E > HIT COMMAND:lab-rtr1#show redundancy secondary > In ShowRedundancy: lab-rtr1#show redundancy secondary > HIT COMMAND:lab-rtr1#show idprom backplane > In ShowIDprom: lab-rtr1#show idprom backplane > HIT COMMAND:lab-rtr1#show install active > In ShowInstallActive: lab-rtr1#show install active > HIT COMMAND:lab-rtr1#admin show env all > In ShowEnv: lab-rtr1#admin show env all > HIT COMMAND:lab-rtr1#show env all > In ShowEnv: lab-rtr1#show env all > HIT COMMAND:lab-rtr1#show rsp chassis-info > In ShowRSP: lab-rtr1#show rsp chassis-info > HIT COMMAND:lab-rtr1#show gsr chassis > In ShowGSR: lab-rtr1#show gsr chassis > HIT COMMAND:lab-rtr1#show diag chassis-info > In ShowGSR: lab-rtr1#show diag chassis-info > HIT COMMAND:lab-rtr1#show boot > In ShowBoot: lab-rtr1#show boot > HIT COMMAND:lab-rtr1#show bootvar > In ShowBoot: lab-rtr1#show bootvar > HIT COMMAND:lab-rtr1#admin show variables boot > In ShowBoot: lab-rtr1#admin show variables boot > HIT COMMAND:lab-rtr1#show variables boot > In ShowBoot: lab-rtr1#show variables boot > HIT COMMAND:lab-rtr1#show flash > In ShowFlash: lab-rtr1#show flash > HIT COMMAND:lab-rtr1#dir /all nvram: > In DirSlotN: lab-rtr1#dir /all nvram: > HIT COMMAND:lab-rtr1#dir /all bootflash: > In DirSlotN: lab-rtr1#dir /all bootflash: > HIT COMMAND:lab-rtr1#dir /all slot0: > In DirSlotN: lab-rtr1#dir /all slot0: > HIT COMMAND:lab-rtr1#dir /all disk0: > In DirSlotN: lab-rtr1#dir /all disk0: > HIT COMMAND:lab-rtr1#dir /all slot1: > In DirSlotN: lab-rtr1#dir /all slot1: > HIT COMMAND:lab-rtr1#dir /all disk1: > In DirSlotN: lab-rtr1#dir /all disk1: > HIT COMMAND:lab-rtr1#dir /all slot2: > In DirSlotN: lab-rtr1#dir /all slot2: > HIT COMMAND:lab-rtr1#dir /all disk2: > In DirSlotN: lab-rtr1#dir /all disk2: > HIT COMMAND:lab-rtr1#dir /all harddisk: > In DirSlotN: lab-rtr1#dir /all harddisk: > HIT COMMAND:lab-rtr1#dir /all harddiska: > In DirSlotN: lab-rtr1#dir /all harddiska: > HIT COMMAND:lab-rtr1#dir /all harddiskb: > In DirSlotN: lab-rtr1#dir /all harddiskb: > HIT COMMAND:lab-rtr1#dir /all sup-bootflash: > In DirSlotN: lab-rtr1#dir /all sup-bootflash: > HIT COMMAND:lab-rtr1#dir /all sup-microcode: > In DirSlotN: lab-rtr1#dir /all sup-microcode: > HIT COMMAND:lab-rtr1#dir /all slavenvram: > In DirSlotN: lab-rtr1#dir /all slavenvram: > HIT COMMAND:lab-rtr1#dir /all slavebootflash: > In DirSlotN: lab-rtr1#dir /all slavebootflash: > HIT COMMAND:lab-rtr1#dir /all slaveslot0: > In DirSlotN: lab-rtr1#dir /all slaveslot0: > HIT COMMAND:lab-rtr1#dir /all slavedisk0: > In DirSlotN: lab-rtr1#dir /all slavedisk0: > HIT COMMAND:lab-rtr1#dir /all slaveslot1: > In DirSlotN: lab-rtr1#dir /all slaveslot1: > HIT COMMAND:lab-rtr1#dir /all slavedisk1: > In DirSlotN: lab-rtr1#dir /all slavedisk1: > HIT COMMAND:lab-rtr1#dir /all slaveslot2: > In DirSlotN: lab-rtr1#dir /all slaveslot2: > HIT COMMAND:lab-rtr1#dir /all slavedisk2: > In DirSlotN: lab-rtr1#dir /all slavedisk2: > HIT COMMAND:lab-rtr1#dir /all slavesup-bootflash: > In DirSlotN: lab-rtr1#dir /all slavesup-bootflash: > HIT COMMAND:lab-rtr1#dir /all sec-nvram: > In DirSlotN: lab-rtr1#dir /all sec-nvram: > HIT COMMAND:lab-rtr1#dir /all sec-bootflash: > In DirSlotN: lab-rtr1#dir /all sec-bootflash: > HIT COMMAND:lab-rtr1#dir /all sec-slot0: > In DirSlotN: lab-rtr1#dir /all sec-slot0: > HIT COMMAND:lab-rtr1#dir /all sec-disk0: > In DirSlotN: lab-rtr1#dir /all sec-disk0: > HIT COMMAND:lab-rtr1#dir /all sec-slot1: > In DirSlotN: lab-rtr1#dir /all sec-slot1: > HIT COMMAND:lab-rtr1#dir /all sec-disk1: > In DirSlotN: lab-rtr1#dir /all sec-disk1: > HIT COMMAND:lab-rtr1#dir /all sec-slot2: > In DirSlotN: lab-rtr1#dir /all sec-slot2: > HIT COMMAND:lab-rtr1#dir /all sec-disk2: > In DirSlotN: lab-rtr1#dir /all sec-disk2: > HIT COMMAND:lab-rtr1#show controllers > In ShowContAll: lab-rtr1#show controllers > HIT COMMAND:lab-rtr1#show controllers cbus > In ShowContCbus: lab-rtr1#show controllers cbus > HIT COMMAND:lab-rtr1#show diagbus > In ShowDiagbus: lab-rtr1#show diagbus > HIT COMMAND:lab-rtr1#admin show diag > In ShowDiag: lab-rtr1#admin show diag > HIT COMMAND:lab-rtr1#show diag > In ShowDiag: lab-rtr1#show diag > HIT COMMAND:lab-rtr1#show module > In ShowModule: lab-rtr1#show module > HIT COMMAND:lab-rtr1#show spe version > In ShowSpeVersion: lab-rtr1#show spe version > HIT COMMAND:lab-rtr1#show c7200 > In ShowC7200: lab-rtr1#show c7200 > HIT COMMAND:lab-rtr1#show inventory raw > In ShowInventory: lab-rtr1#show inventory raw > HIT COMMAND:lab-rtr1#show vtp status > In ShowVTP: lab-rtr1#show vtp status > HIT COMMAND:lab-rtr1#show vlan > In ShowVLAN: lab-rtr1#show vlan > HIT COMMAND:lab-rtr1#show vlan-switch > In ShowVLAN: lab-rtr1#show vlan-switch > HIT COMMAND:lab-rtr1#show debug > In ShowDebug: lab-rtr1#show debug > HIT COMMAND:lab-rtr1#more system:running-config > In WriteTerm: lab-rtr1#more system:running-config > lab-rtr1: missed cmd(s): write term,show running-config > lab-rtr1: missed cmd(s): write term,show running-config > lab-rtr1: End of run not found > lab-rtr1: End of run not found > ! > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090729/06200b9f/attachment.html From rancid at gheek.net Wed Jul 29 21:08:28 2009 From: rancid at gheek.net (Lance Vermilion) Date: Wed, 29 Jul 2009 14:08:28 -0700 Subject: [rancid] Re: End of run not found... Running rancid 2.3.2 version In-Reply-To: <4A70A64C.2000304@comcast.net> References: <4A709C5D.1090702@comcast.net> <8423e7bb0907291219n45d3c492je4a1810a42e11250@mail.gmail.com> <4A70A64C.2000304@comcast.net> Message-ID: <8423e7bb0907291408t48510815o326bc8133684ffb3@mail.gmail.com> Sam, The other possible option is that when exit is being run it doesn't return. clean_run has to register as successful. TOP: while() { tr/\015//d; if (/[>#]\s?exit$/) { $clean_run=1; last; } .. .. .. if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } On Wed, Jul 29, 2009 at 12:43 PM, Sam Munzani wrote: > I don't think rancid ever ran before on these devices. I am having issues > running it manually(rancid -d device-name or rancid-run -r device-name). For > some reason its not finding end of run so doesn't exit clean. However I > don't know why it doesn't find it because I do see keywork "end" when type > "show run" command upon clogin. I do clogin as same user as the rancid-run > executer. > > Thanks, > Sam > > Sam, > Has rancid ever ran successful against this router before? Make sure you > are running rancid as the same user as it would run via cron. Make sure > the environmentals are the same. > > -lance > > On Wed, Jul 29, 2009 at 12:00 PM, Sam Munzani wrote: > >> Team, >> >> >> Can you please point me to right direction of troubleshooting? This is a >> very simple thing. A cisco router configured for rancid. no autoenable. >> clogin to the device works fine. However rancid script keeps giving me >> end of run not found error. When I run "show run" it clearly shows key >> word "end" at the end of config. Don't know why the script is not >> catching it. >> >> clogin -c "show run" lab-rtr1 works fine and the last line I see is end. >> >> Below is debug output. >> $: rancid -d lab-rtr1 >> executing clogin -t 90 -c"admin show version;show version;show >> redundancy secondary;show idprom backplane;show install active;admin >> show env all;show env all;show rsp chassis-info;show gsr chassis;show >> diag chassis-info;show boot;show bootvar;admin show variables boot;show >> variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all >> slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all >> slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all >> harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all >> slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all >> slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all >> slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all >> sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all >> sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all >> sec-slot2:;dir /all sec-disk2:;show controllers;show controllers >> cbus;show diagbus;admin show diag;show diag;show module;show spe >> version;show c7200;show inventory raw;show vtp status;show vlan;show >> vlan-switch;show debug;more system:running-config;show >> running-config;write term" lab-rtr1 >> PROMPT MATCH: lab-rtr1# >> HIT COMMAND:lab-rtr1#admin show version >> In ShowVersion: lab-rtr1#admin show version >> HIT COMMAND:lab-rtr1#show version >> In ShowVersion: lab-rtr1#show version >> TYPE = WS-C6509-E >> HIT COMMAND:lab-rtr1#show redundancy secondary >> In ShowRedundancy: lab-rtr1#show redundancy secondary >> HIT COMMAND:lab-rtr1#show idprom backplane >> In ShowIDprom: lab-rtr1#show idprom backplane >> HIT COMMAND:lab-rtr1#show install active >> In ShowInstallActive: lab-rtr1#show install active >> HIT COMMAND:lab-rtr1#admin show env all >> In ShowEnv: lab-rtr1#admin show env all >> HIT COMMAND:lab-rtr1#show env all >> In ShowEnv: lab-rtr1#show env all >> HIT COMMAND:lab-rtr1#show rsp chassis-info >> In ShowRSP: lab-rtr1#show rsp chassis-info >> HIT COMMAND:lab-rtr1#show gsr chassis >> In ShowGSR: lab-rtr1#show gsr chassis >> HIT COMMAND:lab-rtr1#show diag chassis-info >> In ShowGSR: lab-rtr1#show diag chassis-info >> HIT COMMAND:lab-rtr1#show boot >> In ShowBoot: lab-rtr1#show boot >> HIT COMMAND:lab-rtr1#show bootvar >> In ShowBoot: lab-rtr1#show bootvar >> HIT COMMAND:lab-rtr1#admin show variables boot >> In ShowBoot: lab-rtr1#admin show variables boot >> HIT COMMAND:lab-rtr1#show variables boot >> In ShowBoot: lab-rtr1#show variables boot >> HIT COMMAND:lab-rtr1#show flash >> In ShowFlash: lab-rtr1#show flash >> HIT COMMAND:lab-rtr1#dir /all nvram: >> In DirSlotN: lab-rtr1#dir /all nvram: >> HIT COMMAND:lab-rtr1#dir /all bootflash: >> In DirSlotN: lab-rtr1#dir /all bootflash: >> HIT COMMAND:lab-rtr1#dir /all slot0: >> In DirSlotN: lab-rtr1#dir /all slot0: >> HIT COMMAND:lab-rtr1#dir /all disk0: >> In DirSlotN: lab-rtr1#dir /all disk0: >> HIT COMMAND:lab-rtr1#dir /all slot1: >> In DirSlotN: lab-rtr1#dir /all slot1: >> HIT COMMAND:lab-rtr1#dir /all disk1: >> In DirSlotN: lab-rtr1#dir /all disk1: >> HIT COMMAND:lab-rtr1#dir /all slot2: >> In DirSlotN: lab-rtr1#dir /all slot2: >> HIT COMMAND:lab-rtr1#dir /all disk2: >> In DirSlotN: lab-rtr1#dir /all disk2: >> HIT COMMAND:lab-rtr1#dir /all harddisk: >> In DirSlotN: lab-rtr1#dir /all harddisk: >> HIT COMMAND:lab-rtr1#dir /all harddiska: >> In DirSlotN: lab-rtr1#dir /all harddiska: >> HIT COMMAND:lab-rtr1#dir /all harddiskb: >> In DirSlotN: lab-rtr1#dir /all harddiskb: >> HIT COMMAND:lab-rtr1#dir /all sup-bootflash: >> In DirSlotN: lab-rtr1#dir /all sup-bootflash: >> HIT COMMAND:lab-rtr1#dir /all sup-microcode: >> In DirSlotN: lab-rtr1#dir /all sup-microcode: >> HIT COMMAND:lab-rtr1#dir /all slavenvram: >> In DirSlotN: lab-rtr1#dir /all slavenvram: >> HIT COMMAND:lab-rtr1#dir /all slavebootflash: >> In DirSlotN: lab-rtr1#dir /all slavebootflash: >> HIT COMMAND:lab-rtr1#dir /all slaveslot0: >> In DirSlotN: lab-rtr1#dir /all slaveslot0: >> HIT COMMAND:lab-rtr1#dir /all slavedisk0: >> In DirSlotN: lab-rtr1#dir /all slavedisk0: >> HIT COMMAND:lab-rtr1#dir /all slaveslot1: >> In DirSlotN: lab-rtr1#dir /all slaveslot1: >> HIT COMMAND:lab-rtr1#dir /all slavedisk1: >> In DirSlotN: lab-rtr1#dir /all slavedisk1: >> HIT COMMAND:lab-rtr1#dir /all slaveslot2: >> In DirSlotN: lab-rtr1#dir /all slaveslot2: >> HIT COMMAND:lab-rtr1#dir /all slavedisk2: >> In DirSlotN: lab-rtr1#dir /all slavedisk2: >> HIT COMMAND:lab-rtr1#dir /all slavesup-bootflash: >> In DirSlotN: lab-rtr1#dir /all slavesup-bootflash: >> HIT COMMAND:lab-rtr1#dir /all sec-nvram: >> In DirSlotN: lab-rtr1#dir /all sec-nvram: >> HIT COMMAND:lab-rtr1#dir /all sec-bootflash: >> In DirSlotN: lab-rtr1#dir /all sec-bootflash: >> HIT COMMAND:lab-rtr1#dir /all sec-slot0: >> In DirSlotN: lab-rtr1#dir /all sec-slot0: >> HIT COMMAND:lab-rtr1#dir /all sec-disk0: >> In DirSlotN: lab-rtr1#dir /all sec-disk0: >> HIT COMMAND:lab-rtr1#dir /all sec-slot1: >> In DirSlotN: lab-rtr1#dir /all sec-slot1: >> HIT COMMAND:lab-rtr1#dir /all sec-disk1: >> In DirSlotN: lab-rtr1#dir /all sec-disk1: >> HIT COMMAND:lab-rtr1#dir /all sec-slot2: >> In DirSlotN: lab-rtr1#dir /all sec-slot2: >> HIT COMMAND:lab-rtr1#dir /all sec-disk2: >> In DirSlotN: lab-rtr1#dir /all sec-disk2: >> HIT COMMAND:lab-rtr1#show controllers >> In ShowContAll: lab-rtr1#show controllers >> HIT COMMAND:lab-rtr1#show controllers cbus >> In ShowContCbus: lab-rtr1#show controllers cbus >> HIT COMMAND:lab-rtr1#show diagbus >> In ShowDiagbus: lab-rtr1#show diagbus >> HIT COMMAND:lab-rtr1#admin show diag >> In ShowDiag: lab-rtr1#admin show diag >> HIT COMMAND:lab-rtr1#show diag >> In ShowDiag: lab-rtr1#show diag >> HIT COMMAND:lab-rtr1#show module >> In ShowModule: lab-rtr1#show module >> HIT COMMAND:lab-rtr1#show spe version >> In ShowSpeVersion: lab-rtr1#show spe version >> HIT COMMAND:lab-rtr1#show c7200 >> In ShowC7200: lab-rtr1#show c7200 >> HIT COMMAND:lab-rtr1#show inventory raw >> In ShowInventory: lab-rtr1#show inventory raw >> HIT COMMAND:lab-rtr1#show vtp status >> In ShowVTP: lab-rtr1#show vtp status >> HIT COMMAND:lab-rtr1#show vlan >> In ShowVLAN: lab-rtr1#show vlan >> HIT COMMAND:lab-rtr1#show vlan-switch >> In ShowVLAN: lab-rtr1#show vlan-switch >> HIT COMMAND:lab-rtr1#show debug >> In ShowDebug: lab-rtr1#show debug >> HIT COMMAND:lab-rtr1#more system:running-config >> In WriteTerm: lab-rtr1#more system:running-config >> lab-rtr1: missed cmd(s): write term,show running-config >> lab-rtr1: missed cmd(s): write term,show running-config >> lab-rtr1: End of run not found >> lab-rtr1: End of run not found >> ! >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090729/96528f5f/attachment.html From heas at shrubbery.net Thu Jul 30 22:31:05 2009 From: heas at shrubbery.net (john heasley) Date: Thu, 30 Jul 2009 15:31:05 -0700 Subject: [rancid] Re: End of run not found... Running rancid 2.3.2 version In-Reply-To: <4A709C5D.1090702@comcast.net> References: <4A709C5D.1090702@comcast.net> Message-ID: <20090730223105.GM3046@shrubbery.net> Wed, Jul 29, 2009 at 02:00:45PM -0500, Sam Munzani: > Team, > > > Can you please point me to right direction of troubleshooting? This is a > very simple thing. A cisco router configured for rancid. no autoenable. > clogin to the device works fine. However rancid script keeps giving me > end of run not found error. When I run "show run" it clearly shows key > word "end" at the end of config. Don't know why the script is not > catching it. > > In WriteTerm: lab-rtr1#more system:running-config > lab-rtr1: missed cmd(s): write term,show running-config do those three commands work on your system? this reeks of a timing issue; aka solaris/linux w/o the expect patch. are you guilty? i thought that you were a fbsd guy; maybe the port changed again? From smunzani at comcast.net Thu Jul 30 22:40:01 2009 From: smunzani at comcast.net (Sam Munzani) Date: Thu, 30 Jul 2009 17:40:01 -0500 Subject: [rancid] Re: End of run not found... Running rancid 2.3.2 version In-Reply-To: <20090730223105.GM3046@shrubbery.net> References: <4A709C5D.1090702@comcast.net> <20090730223105.GM3046@shrubbery.net> Message-ID: <4A722141.40105@comcast.net> >> Can you please point me to right direction of troubleshooting? This is a >> very simple thing. A cisco router configured for rancid. no autoenable. >> clogin to the device works fine. However rancid script keeps giving me >> end of run not found error. When I run "show run" it clearly shows key >> word "end" at the end of config. Don't know why the script is not >> catching it. >> >> In WriteTerm: lab-rtr1#more system:running-config >> lab-rtr1: missed cmd(s): write term,show running-config >> > > do those three commands work on your system? > write term is not a valid command on my device with tacacs authentication/authorization. It restricts us to "show running-config" only. more system:running-config is an ASA only command and this is a router so its not going to work for sure. Only the command that works is show running-config. I will try again with other commands remarked out and with only "show running" and see how it goes. > this reeks of a timing issue; aka solaris/linux w/o the expect patch. are > you guilty? i thought that you were a fbsd guy; maybe the port changed > again? > I am still a freebsd guy but at work I have to follow our corporate standards. Since I work for Sun Microsystems, guess what operating system would be our standard? I still have rancid at home on my FreeBSD box for personal experiments :-) Thanks, Sam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090730/278a7f8b/attachment.html