From harshaabba at gmail.com Wed Sep 1 10:20:08 2010 From: harshaabba at gmail.com (harsha senaratna) Date: Wed, 1 Sep 2010 15:50:08 +0530 Subject: [rancid] Fwd: rancid and cvsweb...plz...help... In-Reply-To: References: Message-ID: hi i installed rancid and working fine while back up the network devices.But i cant access the configuration files using cvsweb. once i get into cvsweb nothing displayed here are my configurations vi /etc/cvsweb/cvsweb.conf @CVSrepositories = ( ? ? ? ?'local' ? => ['Local Repository', '/var/cvs'], ? ? ? ?'networking' => ['Networking Devices', '/usr/local/rancid/var/networking'], vi /usr/local/rancid/etc/rancid.conf BASEDIR=/usr/local/rancid/var; export BASEDIR CVSROOT=$BASEDIR/CVS; export CVSROOT [root at RANCID01 var]# pwd /usr/local/rancid/var [root at RANCID01 var]# ls -al total 20 drwxrwxrwx 5 rancid netadm 4096 Aug 31 16:51 . drwxrwx--- 9 rancid netadm 4096 Sep ?1 14:09 .. drwxrwxr-x 3 rancid netadm 4096 Aug 31 16:22 CVS drwxr-x--- 2 rancid netadm 4096 Sep ?1 14:58 logs drwxr-x--- 3 rancid netadm 4096 Sep ?1 14:59 networking [root at C-SVRANCID01 var]# configuration file resides cd /usr/local/rancid/var/networking/configs/ [root at RANCID01 configs]# ls 10.100.100.1 ?10.100.140.1 ?10.100.234.1 ?10.100.252.1 [root at RANCID01 configs]# Is it a issue related to permissions? please help me to get rid of this small issue. im willing to give more info you need tnx -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid.JPG Type: image/jpeg Size: 58692 bytes Desc: not available URL: From gabbawp at gmail.com Wed Sep 1 16:09:25 2010 From: gabbawp at gmail.com (Gareth Hopkins) Date: Wed, 1 Sep 2010 18:09:25 +0200 Subject: [rancid] Fwd: rancid and cvsweb...plz...help... In-Reply-To: References: Message-ID: Hi, You need to export your CVS directory, so change /usr/local/rancid/var/networking to /usr/local/rancid/var/CVS in cvsweb.conf Cheers, Gareth 2010/9/1 harsha senaratna > hi > > i installed rancid and working fine while back up the network > devices.But i cant access the configuration files using cvsweb. > once i get into cvsweb nothing displayed > > here are my configurations > > vi /etc/cvsweb/cvsweb.conf > > @CVSrepositories = ( > 'local' => ['Local Repository', '/var/cvs'], > 'networking' => ['Networking Devices', > '/usr/local/rancid/var/networking'], > > vi /usr/local/rancid/etc/rancid.conf > > BASEDIR=/usr/local/rancid/var; export BASEDIR > CVSROOT=$BASEDIR/CVS; export CVSROOT > > [root at RANCID01 var]# pwd > > /usr/local/rancid/var > > [root at RANCID01 var]# ls -al > total 20 > drwxrwxrwx 5 rancid netadm 4096 Aug 31 16:51 . > drwxrwx--- 9 rancid netadm 4096 Sep 1 14:09 .. > drwxrwxr-x 3 rancid netadm 4096 Aug 31 16:22 CVS > drwxr-x--- 2 rancid netadm 4096 Sep 1 14:58 logs > drwxr-x--- 3 rancid netadm 4096 Sep 1 14:59 networking > [root at C-SVRANCID01 var]# > > configuration file resides cd /usr/local/rancid/var/networking/configs/ > > > [root at RANCID01 configs]# ls > 10.100.100.1 10.100.140.1 10.100.234.1 10.100.252.1 > > [root at RANCID01 configs]# > > Is it a issue related to permissions? please help me to get rid of > this small issue. > > im willing to give more info you need > > tnx > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xenophon21 at hotmail.com Wed Sep 1 18:54:37 2010 From: xenophon21 at hotmail.com (Brian G) Date: Wed, 1 Sep 2010 13:54:37 -0500 Subject: [rancid] Email notifications - summary at the top Message-ID: I've recently acquired a server that is running rancid (2.3.4). I noticed the email notifications do not include a summary of what files have changes. Here is an example from another server I run which shows a quick summary at the top of the email on what routers "changed" bur-7606 | 16 ++++++---------- menoalls-7606 | 20 ++++++++++---------- ville-7609 | 15 ++++++--------- 3 files changed, 22 insertions(+), 29 deletions(-) How can I get 2.3.4 to include the "summary"? Could it be differences in the diff version or cvsweb installed? Thanks, Brian -------------- next part -------------- An HTML attachment was scrubbed... URL: From harshaabba at gmail.com Thu Sep 2 03:02:50 2010 From: harshaabba at gmail.com (harsha senaratna) Date: Thu, 2 Sep 2010 08:32:50 +0530 Subject: [rancid] Fwd: rancid and cvsweb...plz...help... In-Reply-To: References: Message-ID: hi tnx a lot for your response.I did the change what you have mentioned. I attached the screen shot after did the change now i only see the CVSROOT directory. Im not that much expert with cvs. [root at RANCID01 CVS]# pwd /usr/local/rancid/var/CVS [root at RANCID01 CVS]# ls -al total 16 drwxrwxr-x 4 rancid netadm 4096 Sep 2 08:26 . drwxrwxrwx 5 rancid netadm 4096 Aug 31 16:51 .. drwxrwxr-x 3 rancid netadm 4096 May 17 10:03 CVSROOT [root at RANCID01 configs]# pwd /usr/local/rancid/var/networking/configs [root at RANCID01 configs]# ls -al total 44 drwxrwxrwx 2 rancid netadm 4096 Sep 2 00:12 . drwxr-x--- 3 rancid netadm 4096 Sep 2 00:12 .. -rwxrwxrwx 1 rancid netadm 8811 Sep 2 00:05 10.100.100.1 -rw-r----- 1 rancid netadm 3080 Sep 2 00:05 10.100.140.1 -rw-r----- 1 rancid netadm 6419 Sep 2 00:05 10.100.234.1 -rw-r----- 1 rancid netadm 8756 Sep 2 00:06 10.100.252.1 so kindly help me to get solve this. tnx -------------- next part -------------- A non-text attachment was scrubbed... Name: cvs-2.JPG Type: image/jpeg Size: 101388 bytes Desc: not available URL: From xenophon21 at hotmail.com Thu Sep 2 01:23:50 2010 From: xenophon21 at hotmail.com (Brian G) Date: Wed, 1 Sep 2010 20:23:50 -0500 Subject: [rancid] Email notifications - summary at the top Message-ID: Actually, this was the rancid-core and rancid-util package that got installed from the debian (lenny) release. Not sure what they changed in this release to do this. (or what file to be specific) -------------------------------------------------- From: "Brian G" Sent: Wednesday, September 01, 2010 7:56 PM To: "john heasley" Subject: Re: [rancid] Email notifications - summary at the top > Happen to know which file got modified to make it do that? I was looking > to add this, as it's neat to see what changed at the top of the email. > > -------------------------------------------------- > From: "john heasley" > Sent: Wednesday, September 01, 2010 5:59 PM > To: "Brian G" > Subject: Re: [rancid] Email notifications - summary at the top > >> Wed, Sep 01, 2010 at 01:54:37PM -0500, Brian G: >>> >>> I've recently acquired a server that is running rancid (2.3.4). I >>> noticed the email notifications do not include a summary of what files >>> have changes. >>> >>> Here is an example from another server I run which shows a quick summary >>> at the top of the email on what routers "changed" >>> >>> bur-7606 | 16 ++++++---------- >>> menoalls-7606 | 20 ++++++++++---------- >>> ville-7609 | 15 ++++++--------- >>> 3 files changed, 22 insertions(+), 29 deletions(-) >>> >>> >>> How can I get 2.3.4 to include the "summary"? Could it be differences >>> in the diff version or cvsweb installed? >>> >>> Thanks, >>> Brian >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> it was a local change. >> From jlewis at lewis.org Thu Sep 2 04:41:51 2010 From: jlewis at lewis.org (Jon Lewis) Date: Thu, 2 Sep 2010 00:41:51 -0400 (EDT) Subject: [rancid] Email notifications - summary at the top In-Reply-To: References: Message-ID: I must have added this to ours way back when I installed it. It's just a tiny change in control_rancid adding the diffstat command. Obviously, make sure you have diffstat installed. # Mail out the diffs (if there are any). if [ -s $TMP.diff ]; then sendmail -t < > Actually, this was the rancid-core and rancid-util package that got > installed from the debian (lenny) release. Not sure what they changed in > this release to do this. (or what file to be specific) > > -------------------------------------------------- > From: "Brian G" > Sent: Wednesday, September 01, 2010 7:56 PM > To: "john heasley" > Subject: Re: [rancid] Email notifications - summary at the top > >> Happen to know which file got modified to make it do that? I was looking >> to add this, as it's neat to see what changed at the top of the email. >> >> -------------------------------------------------- >> From: "john heasley" >> Sent: Wednesday, September 01, 2010 5:59 PM >> To: "Brian G" >> Subject: Re: [rancid] Email notifications - summary at the top >> >>> Wed, Sep 01, 2010 at 01:54:37PM -0500, Brian G: >>>> >>>> I've recently acquired a server that is running rancid (2.3.4). I >>>> noticed the email notifications do not include a summary of what files >>>> have changes. >>>> >>>> Here is an example from another server I run which shows a quick summary >>>> at the top of the email on what routers "changed" >>>> >>>> bur-7606 | 16 ++++++---------- >>>> menoalls-7606 | 20 ++++++++++---------- >>>> ville-7609 | 15 ++++++--------- >>>> 3 files changed, 22 insertions(+), 29 deletions(-) >>>> >>>> >>>> How can I get 2.3.4 to include the "summary"? Could it be differences in >>>> the diff version or cvsweb installed? >>>> >>>> Thanks, >>>> Brian >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >>> it was a local change. >>> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From morty at frakir.org Thu Sep 2 07:24:23 2010 From: morty at frakir.org (Mordechai T. Abzug) Date: Thu, 2 Sep 2010 03:24:23 -0400 Subject: [rancid] rad devices? Message-ID: <20100902072423.GD23147@red-sonja> Has anyone written rancid support for Rad devices such as the megaplex 2100? - Morty From gabbawp at gmail.com Thu Sep 2 07:51:20 2010 From: gabbawp at gmail.com (Gareth Hopkins) Date: Thu, 2 Sep 2010 09:51:20 +0200 Subject: [rancid] Fwd: rancid and cvsweb...plz...help... In-Reply-To: References: Message-ID: Hi, Looks like your cvs tree is not correctly configured. What output do you get if you run the following (as rancid user) cvs log /usr/local/rancid/var/networking/configs/10.100.100.1 Cheers, Gareth On Thu, Sep 2, 2010 at 5:02 AM, harsha senaratna wrote: > hi > > tnx a lot for your response.I did the change what you have mentioned. > I attached the screen shot after did the change now i only see the > CVSROOT directory. > > Im not that much expert with cvs. > > [root at RANCID01 CVS]# pwd > > /usr/local/rancid/var/CVS > > [root at RANCID01 CVS]# ls -al > total 16 > drwxrwxr-x 4 rancid netadm 4096 Sep 2 08:26 . > drwxrwxrwx 5 rancid netadm 4096 Aug 31 16:51 .. > drwxrwxr-x 3 rancid netadm 4096 May 17 10:03 CVSROOT > > [root at RANCID01 configs]# pwd > /usr/local/rancid/var/networking/configs > [root at RANCID01 configs]# ls -al > total 44 > drwxrwxrwx 2 rancid netadm 4096 Sep 2 00:12 . > drwxr-x--- 3 rancid netadm 4096 Sep 2 00:12 .. > -rwxrwxrwx 1 rancid netadm 8811 Sep 2 00:05 10.100.100.1 > -rw-r----- 1 rancid netadm 3080 Sep 2 00:05 10.100.140.1 > -rw-r----- 1 rancid netadm 6419 Sep 2 00:05 10.100.234.1 > -rw-r----- 1 rancid netadm 8756 Sep 2 00:06 10.100.252.1 > > > so kindly help me to get solve this. > > tnx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pelle at hemmop.com Thu Sep 2 07:33:23 2010 From: pelle at hemmop.com (Per Carlson) Date: Thu, 2 Sep 2010 09:33:23 +0200 Subject: [rancid] Email notifications - summary at the top In-Reply-To: References: Message-ID: > ?Actually, this was the rancid-core and rancid-util package that got > installed from the debian (lenny) release. ?Not sure what they changed in > this release to do this. ?(or what file to be specific) Try installing diffstat, it's only considered an "Suggest" on Debian. -- Pelle RFC1925, truth 11: ?Every old idea will be proposed again with a different name and ?a different presentation, regardless of whether it works. From pelle at hemmop.com Thu Sep 2 08:08:24 2010 From: pelle at hemmop.com (Per Carlson) Date: Thu, 2 Sep 2010 10:08:24 +0200 Subject: [rancid] Fwd: rancid and cvsweb...plz...help... In-Reply-To: References: Message-ID: > tnx a lot for your response.I did the change what you have mentioned. > I attached the screen shot after did the change now i only see the > CVSROOT directory. you have a couple of other options as well in cvsweb.conf > @CVSrepositories = ( > 'local' => ['Local Repository', '/var/cvs'], > 'networking' => ['Networking Devices', > '/usr/local/rancid/var/networking'], # The default CVS root. Note that @CVSrepositories is list, not a hash, # so you'll want to use 2 * 0-based-index-number here; or set this directly # to the default's symbolic name. Unless specified, the first valid one in # @CVSrepositories is used as the default. # # For example: # #$cvstreedefault = $CVSrepositories[2 * 0]; #$cvstreedefault = 'local'; as you have configured the 'local' repository first in @CVSrepositories, it will use that as default. either get rid of it (or comment it out), or add a specific default. in your case that would look like: $cvstreedefault = 'networking'; you can also hide the CVSROOT: %DEFAULTVALUE = ( # hidecvsroot: Don't show the CVSROOT directory. Note that this is # just the default for a user settable option (like others in this # %DEFAULTVALUE hash); it won't really prevent access to CVSROOT. # See @ForbiddenFiles for that. # 1 Do not include the top-level CVSROOT directory in dir listings # 0 Treat the top-level CVSROOT directory just like all other dirs "hidecvsroot" => "1", -- Pelle RFC1925, truth 11: ?Every old idea will be proposed again with a different name and ?a different presentation, regardless of whether it works. From harshaabba at gmail.com Thu Sep 2 08:20:21 2010 From: harshaabba at gmail.com (harsha senaratna) Date: Thu, 2 Sep 2010 13:50:21 +0530 Subject: [rancid] configuration issue with RANCID .cloginrc file Message-ID: hi I have some configuration problem with .cloginrc file. I have a router with AAA enabled and need to back up the configurations Lets say I enable telnet on that and configure .cloginrc file as below. add user 10.100.100.1 add password 10.100.100.1 add autoenable 10.100.100.1 1 Then i ran the rancid-run . No any configurations backed up. Then i coomented the autoenable like the following and again ran the rancid-run. add user 10.100.100.1 add password 10.100.100.1 #add autoenable 10.100.100.1 1 Then the configuration backed up successfully. Please let me know why this happened ? your responses are highly. tnx From all4green at gmail.com Thu Sep 2 16:44:00 2010 From: all4green at gmail.com (Amy Eryilmaz) Date: Thu, 2 Sep 2010 12:44:00 -0400 Subject: [rancid] Cisco TIMEOUT reached Message-ID: Hi all - Login is successful (noenable is set to 1) but I get a TIMEOUT error running commands against my Cisco IOS switch. Any ideas/suggestions? So far, this appears to be happening only for those devices that I've set "add noenable 10.0.10.1 1" [rancid at linux-02 ~]$rancid/bin/clogin -c "show ver" 10.0.10.1 10.0.10.1 spawn ssh -c 3des -x -l netops 10.0.10.1 netops at 10.0.10.1's password: 10.0.10.1# Error: TIMEOUT reached [rancid at linux-02 ~]$ Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ler762 at gmail.com Thu Sep 2 23:44:24 2010 From: ler762 at gmail.com (Lee) Date: Thu, 2 Sep 2010 19:44:24 -0400 Subject: [rancid] Cisco TIMEOUT reached In-Reply-To: References: Message-ID: On 9/2/10, Amy Eryilmaz wrote: > Hi all - Login is successful (noenable is set to 1) but I get a TIMEOUT > error running commands against my Cisco IOS switch. Any ideas/suggestions? Get rid of the noenable or apply the patch from http://www.shrubbery.net/pipermail/rancid-discuss/2010-August/005160.html It's expecting a prompt of 10.0.10.1> and your prompt is 10.0.10.1# Regards, Lee > So far, this appears to be happening only for those devices that I've set > "add noenable 10.0.10.1 1" > > [rancid at linux-02 ~]$rancid/bin/clogin -c "show ver" 10.0.10.1 > 10.0.10.1 > spawn ssh -c 3des -x -l netops 10.0.10.1 > netops at 10.0.10.1's password: > > 10.0.10.1# > Error: TIMEOUT reached > [rancid at linux-02 ~]$ > > Thanks in advance. > From ler762 at gmail.com Fri Sep 3 00:08:46 2010 From: ler762 at gmail.com (Lee) Date: Thu, 2 Sep 2010 20:08:46 -0400 Subject: [rancid] configuration issue with RANCID .cloginrc file In-Reply-To: References: Message-ID: On 9/2/10, harsha senaratna wrote: > hi > > I have some configuration problem with .cloginrc file. I have a router > with AAA enabled and need to back up the configurations > > Lets say I enable telnet on that and configure .cloginrc file as below. > > add user 10.100.100.1 > add password 10.100.100.1 > add autoenable 10.100.100.1 1 > > > Then i ran the rancid-run . No any configurations backed up. > > Then i coomented the autoenable like the following and again ran the > rancid-run. > > add user 10.100.100.1 > add password 10.100.100.1 > #add autoenable 10.100.100.1 1 > > Then the configuration backed up successfully. > > Please let me know why this happened ? your responses are highly. If the only change was commenting out autoenable then the user-id isn't automatically enabled. Lee From ml at kenweb.org Wed Sep 8 04:12:53 2010 From: ml at kenweb.org (ML) Date: Wed, 08 Sep 2010 00:12:53 -0400 Subject: [rancid] Retrieving latest Rancid version via SVN? Message-ID: <4C870D45.5070007@kenweb.org> Maybe my Google-fu is failing me.. Where is the SVN repo for RANCID? I see archives emails telling people to grab rXXXX but haven't found the URL to checkout the source code. Thanks From jeffb.list at gmail.com Wed Sep 8 13:05:04 2010 From: jeffb.list at gmail.com (Jeff B) Date: Wed, 8 Sep 2010 09:05:04 -0400 Subject: [rancid] Working with an HP Procurve 2900-48G and 2910al-48G Message-ID: Hello I'm new to rancid and I'm trying to set up these two HP Procurve Switches: ProCurve J9050A Switch 2900-48G, revision T.13.71, ROM K.12.12 (/sw/code/build/mbm(t3a)) ProCurve J9147A 2910al-48G Switch, revision W.14.50, ROM W.14.04 I'm having several different problems which I'll describe, at first I was unsure if I should be using hlogin or flogin but now I'm pretty sure that I need to be using hlogin because the foundry command to turn off paging is not understood. Ironically I get farther with flogin than I'm able to with hlogin. When I use hlogin I get to 2 different points depending on if I'm using telnet or ssh to connect to it. When using telnet I get the following error Command: hlogin -c "show version" hpswitch-telnet.example.com Result: After it sends the 'no page' command it errors on this: === couldn't compile regular expression pattern: parentheses () not balanced while executing "expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } }" (procedure "run_commands" line 9) invoked from within "run_commands $prompt $command" ("foreach" body line 161) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find t..." (file "/usr/local/rancid/bin/hlogin" line 607) === I've tried 'fixing' the regex but I don't know enough expect to get it. Here are the two lines of regex that populate $reprompt: regsub -all {[)(]} $prompt {\\&} reprompt regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } When I use SSH to connect to the switch I have a problem with the hpuifilter not working right and dropping characters so expect never finds what it's looking for. Command: hlogin -c "show version" hpswitch-ssh.example.com Result: ranciduser at hpswitch-ssh.example.com's passwor : And since it's missing the d on password expect never matches and it times out. I've tried tinkering with the regex above and looked at hpuifilter.c but my novice understanding of expect and the behavior of hpuifilter wasn't able to resolve these problems. any help would be appreciated. Thank You. -JeffB From cgauthier at mapscu.com Wed Sep 8 16:48:39 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Wed, 8 Sep 2010 09:48:39 -0700 Subject: [rancid] Retrieving latest Rancid version via SVN? In-Reply-To: <4C870D45.5070007@kenweb.org> References: <4C870D45.5070007@kenweb.org> Message-ID: The source control repository is not available to the public, as explained in the link below. http://www.shrubbery.net/pipermail/rancid-discuss/2010-August/005095.html Chris Gauthier Network Administrator MaPS Credit Union v: 503.375.2445 f: 503.779.1083 http://www.mapscu.com "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." -Leonardo da Vinci -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of ML Sent: Tuesday, September 07, 2010 9:13 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Retrieving latest Rancid version via SVN? Maybe my Google-fu is failing me.. Where is the SVN repo for RANCID? I see archives emails telling people to grab rXXXX but haven't found the URL to checkout the source code. Thanks _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From jmadrid2 at gmail.com Wed Sep 8 17:41:47 2010 From: jmadrid2 at gmail.com (Jose Madrid) Date: Wed, 8 Sep 2010 13:41:47 -0400 Subject: [rancid] PFSense Scripts Message-ID: Anyone have scripts written for the backup of Pfsense boxes? -- It has to start somewhere, it has to start sometime.? What better place than here? What better time than now? From jeff.stettenbenz at cinergymetronet.com Wed Sep 8 18:00:46 2010 From: jeff.stettenbenz at cinergymetronet.com (Jeff Stettenbenz) Date: Wed, 8 Sep 2010 13:00:46 -0500 Subject: [rancid] alcatel 7450 Message-ID: <6DD31B66918F704CB0E70D6025BE4E23A22BE42A33@MAILBOX-01.qcommcorp.ad> Has anyone used rancid to poll Alcatel 7450 omniswitches? -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Sep 8 23:05:47 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 8 Sep 2010 16:05:47 -0700 Subject: [rancid] Retrieving latest Rancid version via SVN? In-Reply-To: References: <4C870D45.5070007@kenweb.org> Message-ID: <20100908230547.GD28099@shrubbery.net> Wed, Sep 08, 2010 at 09:48:39AM -0700, Chris Gauthier: > The source control repository is not available to the public, as explained in the link below. > > http://www.shrubbery.net/pipermail/rancid-discuss/2010-August/005095.html i'll get to it soon. i'll have 2.3.5 posted today, i hope; it just a few fixes, but important enough to push it. From heas at shrubbery.net Wed Sep 8 23:09:34 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 8 Sep 2010 16:09:34 -0700 Subject: [rancid] Working with an HP Procurve 2900-48G and 2910al-48G In-Reply-To: References: Message-ID: <20100908230934.GF28099@shrubbery.net> Wed, Sep 08, 2010 at 09:05:04AM -0400, Jeff B: > Hello I'm new to rancid and I'm trying to set up these two HP Procurve Switches: > > ProCurve J9050A Switch 2900-48G, revision T.13.71, ROM K.12.12 > (/sw/code/build/mbm(t3a)) > ProCurve J9147A 2910al-48G Switch, revision W.14.50, ROM W.14.04 > > I'm having several different problems which I'll describe, at first I > was unsure if I should be using hlogin or flogin but now I'm pretty > sure that I need to be using hlogin because the foundry command to > turn off paging is not understood. Ironically I get farther with > flogin than I'm able to with hlogin. > > When I use hlogin I get to 2 different points depending on if I'm > using telnet or ssh to connect to it. When using telnet I get the > following error > > Command: > hlogin -c "show version" hpswitch-telnet.example.com ... i think that you just have an older rancid. try 2.3.5, tomorrow. > When I use SSH to connect to the switch I have a problem with the > hpuifilter not working right and dropping characters so expect never > finds what it's looking for. ... i think that you're using linux. i went through this with another user a few weeks ago. there is a new and exciting libc that seems to have a bug w/ recognizing wide characters and the jibberish coming from the hp seems to trigger it. anyway, i think 2.3.5 will fix this for you. From heas at shrubbery.net Wed Sep 8 23:17:58 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 8 Sep 2010 16:17:58 -0700 Subject: [rancid] PFSense Scripts In-Reply-To: References: Message-ID: <20100908231758.GG28099@shrubbery.net> Wed, Sep 08, 2010 at 01:41:47PM -0400, Jose Madrid: > Anyone have scripts written for the backup of Pfsense boxes? John Skopis sent a script that he claims works. I haven't had time to make a pfsense box for testing. I've placed the tarball at ftp://ftp.shrubbery.net/pub/rancid/contrib/ Use at your own risk, yadda yadda. From paleola at gmail.com Thu Sep 9 08:51:17 2010 From: paleola at gmail.com (Aleksey P) Date: Thu, 9 Sep 2010 12:51:17 +0400 Subject: [rancid] Why in Cisco rancid configs no "Last configuration change..." string? Message-ID: Hello. When we do 'show configuration' command on Cisco device we can see at the top of config this strings: *>sh conf Using 72573 out of 245752 bytes ! ! Last configuration change at 10:59:44 MSD Wed Sep 8 2010 by user1 ! NVRAM config last updated at 13:11:15 MSD Wed Sep 8 2010 by user1 ! version 12.4* But in configs that i receive by Rancid i see only: *Using 72573 out of 245752 bytes ! version 12.4 * So, something it missed two important strings :( By the way - in Juniper configs over Rancid all seems fine: *## Last commit: 2010-09-02 14:11:15 MSD by root version 10.3R1.9;* How can it be fixed for Cisco device? -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeffb.list at gmail.com Thu Sep 9 17:08:59 2010 From: jeffb.list at gmail.com (Jeff B) Date: Thu, 9 Sep 2010 13:08:59 -0400 Subject: [rancid] Working with an HP Procurve 2900-48G and 2910al-48G In-Reply-To: <20100908230934.GF28099@shrubbery.net> References: <20100908230934.GF28099@shrubbery.net> Message-ID: 2.3.5 works like a dream. I guess I just found rancid 1 week too early. Thanks. On Wed, Sep 8, 2010 at 7:09 PM, john heasley wrote: > Wed, Sep 08, 2010 at 09:05:04AM -0400, Jeff B: >> Hello I'm new to rancid and I'm trying to set up these two HP Procurve Switches: >> >> ProCurve J9050A Switch 2900-48G, revision T.13.71, ROM K.12.12 >> (/sw/code/build/mbm(t3a)) >> ProCurve J9147A 2910al-48G Switch, revision W.14.50, ROM W.14.04 >> >> I'm having several different problems which I'll describe, ?at first I >> was unsure if I should be using hlogin or flogin but now I'm pretty >> sure that I need to be using hlogin because the foundry command to >> turn off paging is not understood. ?Ironically I get farther with >> flogin than I'm able to with hlogin. >> >> When I use hlogin I get to 2 different points depending on if I'm >> using telnet or ssh to connect to it. ?When using telnet I get the >> following error >> >> Command: >> ?hlogin -c "show version" hpswitch-telnet.example.com > > ? ? ? ?... > i think that you just have an older rancid. ?try 2.3.5, tomorrow. > >> When I use SSH to connect to the switch I have a problem with the >> hpuifilter not working right and dropping characters so expect never >> finds what it's looking for. > > ? ? ? ?... > > i think that you're using linux. ?i went through this with another user > a few weeks ago. ?there is a new and exciting libc that seems to have a > bug w/ recognizing wide characters and the jibberish coming from the hp > seems to trigger it. ?anyway, i think 2.3.5 will fix this for you. > From ml at kenweb.org Thu Sep 9 23:08:30 2010 From: ml at kenweb.org (ML) Date: Thu, 09 Sep 2010 19:08:30 -0400 Subject: [rancid] Retrieving latest Rancid version via SVN? In-Reply-To: <20100908230547.GD28099@shrubbery.net> References: <4C870D45.5070007@kenweb.org> <20100908230547.GD28099@shrubbery.net> Message-ID: <4C8968EE.6000005@kenweb.org> On 9/8/2010 7:05 PM, john heasley wrote: > Wed, Sep 08, 2010 at 09:48:39AM -0700, Chris Gauthier: >> The source control repository is not available to the public, as explained in the link below. >> >> http://www.shrubbery.net/pipermail/rancid-discuss/2010-August/005095.html > > i'll get to it soon. i'll have 2.3.5 posted today, i hope; it just a few > fixes, but important enough to push it. Thanks! I see 2.3.5 has been uploaded but the link has not been updated on the webpage. Thanks From pelle at hemmop.com Fri Sep 10 08:58:09 2010 From: pelle at hemmop.com (Per Carlson) Date: Fri, 10 Sep 2010 10:58:09 +0200 Subject: [rancid] [c-nsp] rancid and inventory with "^" In-Reply-To: <4C89E5CC.2060506@forthnet.gr> References: <4C85F1E3.2050203@forthnet.gr> <4aahl7-q32.ln1@chipmunk.wormnet.eu> <20100907203526.GB909@shrubbery.net> <20100908075827.GX4930@chipmunk> <4C89E5CC.2060506@forthnet.gr> Message-ID: Hi. On Fri, Sep 10, 2010 at 10:01, Tassos Chatzithomaoglou wrote: > I believe i'm talking about a different issue. > In my case it's like rancid's parser cuts randomly a part of the inventory > whenever a string with "^" is met. > I have checked the cli output and this doesn't change. I've noticed the same on GSR's, and it's quite annoying. So annoying that I created a patch for it. While at it, I also did some other changes getting a more structured output. Note: I've *not* checked that my patch functions against every combination of Cisco platform and version. If works fine on what's in my lab though. -- Pelle RFC1925, truth 11: ?Every old idea will be proposed again with a different name and ?a different presentation, regardless of whether it works. -------------- next part -------------- A non-text attachment was scrubbed... Name: show-inventory.patch Type: application/octet-stream Size: 2770 bytes Desc: not available URL: From marty at supine.com Mon Sep 13 10:58:04 2010 From: marty at supine.com (Martin Barry) Date: Mon, 13 Sep 2010 12:58:04 +0200 Subject: [rancid] wrangling configs with RANCID (right for non-Cisco vendors?) In-Reply-To: References: <853D2776-E036-40BC-95D2-26F4A119F90D@zyedge.com> <20100819051945.GD18707@shrubbery.net> Message-ID: <20100913105804.GA30332@merboo.mamista.net> $quoted_author = "Jethro R Binks" ; > > Michael Stefaniuc wrote "wrancid" which allowed you to use an arbitrary > script to obtain "a config", for rancid to work against. I updated and > tweaked it a bit, see the following for more details: > > http://sites.google.com/site/jrbinks/code/rancid/wraprancid > > but beware: I haven't tested this in a long time, don't actually use it > day to day currently, and don't remember that much about it :). And the reverse is true here. Recently implemented to TFTP configuration off both a VPN3000 and some Linksys switches. Give it a try and feel free to ask any questions... cheers Marty From peter.perreault at gmail.com Wed Sep 15 16:00:02 2010 From: peter.perreault at gmail.com (Pete Perreault) Date: Wed, 15 Sep 2010 12:00:02 -0400 Subject: [rancid] what if a device audit fails? Message-ID: I have rancid 2.3.2 running successfully on fedora. I have questions related to what rancid does if a device audit fails to successfully complete. This may occur if the device is not reachable or if rancid's credentials are not accepted. I run rancid from cron with the following command. 0 22 * * 5,6 /usr/libexec/rancid/rancid-run As you can see it is run twice a week, Friday and Saturday at 10pm. When my rancid logs indicate a device audit was not successfully completed, subsequent log messages indicate that rancid attempts to audit all the devices within the group one hour after the previous failure. This continues until the device audit is successful. Is this in fact the default behavior? Is there a way to change this behavior either permanently (config change) or for the individual instance (kill a process?)? How is this happening? Is rancid, cron or something else making this happen? Thanks, -- Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter.perreault at gmail.com Wed Sep 15 16:39:59 2010 From: peter.perreault at gmail.com (Pete Perreault) Date: Wed, 15 Sep 2010 12:39:59 -0400 Subject: [rancid] what if a device audit fails? In-Reply-To: References: Message-ID: Just read the rancid.conf file, should have before I sent this. Everything is there. On Wed, Sep 15, 2010 at 12:00 PM, Pete Perreault wrote: > I have rancid 2.3.2 running successfully on fedora. I have questions > related to what rancid does if a device audit fails to successfully > complete. This may occur if the device is not reachable or if rancid's > credentials are not accepted. > > I run rancid from cron with the following command. > > 0 22 * * 5,6 /usr/libexec/rancid/rancid-run > > As you can see it is run twice a week, Friday and Saturday at 10pm. When > my rancid logs indicate a device audit was not successfully completed, > subsequent log messages indicate that rancid attempts to audit all the > devices within the group one hour after the previous failure. This > continues until the device audit is successful. > > Is this in fact the default behavior? > Is there a way to change this behavior either permanently (config change) > or for the individual instance (kill a process?)? > How is this happening? Is rancid, cron or something else making this > happen? > > Thanks, > > -- > Pete > -- Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: From hashmish at gmail.com Thu Sep 16 01:17:05 2010 From: hashmish at gmail.com (hashmish) Date: Wed, 15 Sep 2010 21:17:05 -0400 Subject: [rancid] StrictHostKeyChecking=no Message-ID: <4C917011.2050507@gmail.com> been without success googling now a while for things as: +rancid +StrictHostKeyChecking would like to make a global change to ssh across all device-types as: -o StrictHostKeyChecking=no any pointer if that's possible? or would i have to manually replace all ssh occurrences for all xlogin versions? (which i did for now...) or would there be a recompile/reinstall option to take care of this? tia -h From arjan at helix-nebula.org Thu Sep 16 06:50:17 2010 From: arjan at helix-nebula.org (Arjan Oosting) Date: Thu, 16 Sep 2010 08:50:17 +0200 Subject: [rancid] StrictHostKeyChecking=no In-Reply-To: <4C917011.2050507@gmail.com> References: <4C917011.2050507@gmail.com> Message-ID: <1284619817.3637.4.camel@reddwarf> Hi Hashmish: Op woensdag 15-09-2010 om 21:17 uur [tijdzone -0400], schreef hashmish: > been without success googling now a while for things as: > +rancid +StrictHostKeyChecking > > would like to make a global change to ssh across all device-types as: > -o StrictHostKeyChecking=no > > any pointer if that's possible? > or would i have to manually replace all ssh occurrences for all xlogin versions? (which i did for now...) > or would there be a recompile/reinstall option to take care of this? > U can set the following in the $HOME/.ssh/config file of your rancid user. rancid at host:~$ cat .ssh/config Host *.domain.with.frequently.changing.ssh.host.keys StrictHostKeyChecking no UserKnownHostsFile=/dev/null Greeting Arjan From hashmish at gmail.com Thu Sep 16 14:05:06 2010 From: hashmish at gmail.com (hashmish) Date: Thu, 16 Sep 2010 10:05:06 -0400 Subject: [rancid] StrictHostKeyChecking=no In-Reply-To: <1284619748.3637.3.camel@reddwarf> References: <4C917011.2050507@gmail.com> <1284619748.3637.3.camel@reddwarf> Message-ID: <4C922412.5090900@gmail.com> On 9/16/2010 2:49 AM, Arjan Oosting wrote: > cat .ssh/config > Host *.domain.with.frequently.changing.ssh.host.keys > StrictHostKeyChecking no > UserKnownHostsFile=/dev/null great one, thx! From jm+rancid at roth.lu Thu Sep 16 15:12:05 2010 From: jm+rancid at roth.lu (jm+rancid at roth.lu) Date: Thu, 16 Sep 2010 17:12:05 +0200 (CEST) Subject: [rancid] SVN error Message-ID: Hi there, I'm getting the following error in my logs while running rancid-run. (It is a new installation. I tried 2.3.4 and 2.3.5.) starting: Thu Sep 16 16:45:53 CEST 2010 property 'svn:ignore' set on '.' A x.x.x.x Adding x.x.x.x Transmitting file data . Committed revision 10. Added x.x.x.x Trying to get all of the configs. All routers sucessfully completed. svn: Commit failed (details follow): svn: Out of date: '/backbone' in transaction '10-1' Sending . ending: Thu Sep 16 16:46:04 CEST 2010 Test case: su - rancid rm -Rf var/* bin/rancid-cvs [commit 1-9 OK] cp backup/router.db var/backbone/ bin/rancid-run --> ERROR Regards, JM From jm+rancid at roth.lu Fri Sep 17 08:27:24 2010 From: jm+rancid at roth.lu (jm+rancid at roth.lu) Date: Fri, 17 Sep 2010 10:27:24 +0200 (CEST) Subject: [rancid] SVN error Message-ID: <13a985af30b2003fff82c1197d9572e5.squirrel@home.iip.lu> I seem to have resolved the aforementioned problem with SVN using the attached patch (against v2.3.5). Regards, JM -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid-svn.patch Type: application/octet-stream Size: 310 bytes Desc: not available URL: From jgoncalves at ivss.gob.ve Mon Sep 6 17:20:28 2010 From: jgoncalves at ivss.gob.ve (jgoncalves) Date: Mon, 06 Sep 2010 12:50:28 -0430 Subject: [rancid] helppp meeee Message-ID: <3bfcd289acd3c69c26330406c1fd1bbb@ivss.gob.ve> hourly config diffs failed: /tmp/.switches.run.lock exists -rw-r----- 1 rancid rancid 0 Sep 6 19:06 /tmp/.switches.run.lock From rzheng at gmail.com Sun Sep 19 08:20:09 2010 From: rzheng at gmail.com (Richard Zheng) Date: Sat, 18 Sep 2010 22:20:09 -1000 Subject: [rancid] do_saveconfig Message-ID: Hi, I'd like to save config when config is different, e.g. run 'wr mem' on cisco. There is a flag do_saveconfig on clogin. I changed it to 1, nothing happens. Is it possible to set it somewhere else? Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From simonov at gmail.com Mon Sep 20 08:37:40 2010 From: simonov at gmail.com (Valeriy Simonov) Date: Mon, 20 Sep 2010 14:37:40 +0600 Subject: [rancid] Replace commands for specific hosts Message-ID: Hello! Rancid is great, but there are some situations, when some hosts make too much noise and we can't do anything with that. For example, some Cisco device update their flash too frequent, or some scripts make changes to some ACLs several times a hour. It's too annoying to receive that changes every hour, even if that information has no value. The solution could be simple: just avoid some commands or replace them. I've decided to make a patch for that. First, we should add some parameters in rancid.conf file: HOST_REPLACE_CMD=""; export HOST_REPLACE_CMD HOST_REPLACE_CMD="$HOST_REPLACE_CMD 10.1.1.1, 'show flash', 'show flash | exclude bootflash',"; export HOST_REPLACE_CMD HOST_REPLACE_CMD="$HOST_REPLACE_CMD 10.2.2.2, 'show flash', 'show flash | exclude bootflash',"; export HOST_REPLACE_CMD HOST_REPLACE_CMD="$HOST_REPLACE_CMD 10.3.3.3, 'more system:running-config', 'more system:running-config | section exclude standard ist$',"; export HOST_REPLACE_CMD That parameters are telling script to replace 'show flash' command for hosts 10.1.1.1 and 10.2.2.2 with 'show flash | exclude bootflash' to scrub bootflash info completely, and replace 'more system:running-config' for host 10.3.3.3 with 'more system:running-config | section exclude standard ist$' to exclude standard access-list with name ist from the resulting file. You should use that replacements with *certainty that you will not lose some valuable information.* * * *Number of replacements is not limited, just be sure not to skip a comma after last quote in each line (do not place comma after a double quote!).* * * *Next, we should apply a patch to rancid file with the name, ahem, 'rancid': * patchpatchpatchpatchpatchpatchpatchpatchpatchpatch --- rancid.orig 2010-08-05 11:17:24.000000000 +0600 +++ rancid 2010-09-20 12:50:18.000000000 +0600 @@ -1929,6 +1929,22 @@ {'show running-config' => 'WriteTerm'}, {'write term' => 'WriteTerm'}, ); +# Replace commands if host matches +$host_replace_cmd = $ENV{HOST_REPLACE_CMD}; + at commandreplace = (); +push(@commandreplace, $+) while $host_replace_cmd =~ m{'(.*?)'|(\S+),\s*}g; +$cr_length = $#commandreplace; +for($i = 0; $i <= $cr_length; $i = $i + 3) { + my $cr_host = $commandreplace[$i]; + if ($host eq $cr_host) { + my $cr_cmdsearch = $commandreplace[$i + 1]; + my $cr_cmdreplace = $commandreplace[$i + 2]; + my ($index) = grep { defined $commandtable[$_]{$cr_cmdsearch} } 0..$#commandtable; + my $cr_function = $commandtable[$index]{$cr_cmdsearch}; + splice(@commandtable, $index, 1, {$cr_cmdreplace => $cr_function}); + } +} + # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. @commands = map(keys(%$_), @commandtable); patchpatchpatchpatchpatchpatchpatchpatchpatchpatch Check that everything's working fine by running "rancid -d hostname" and checking it's output. I would be glad if this patch or some similar logic will be in the next release of rancid. -------------- next part -------------- An HTML attachment was scrubbed... URL: From cgauthier at mapscu.com Mon Sep 20 16:33:20 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Mon, 20 Sep 2010 09:33:20 -0700 Subject: [rancid] Replace commands for specific hosts In-Reply-To: References: Message-ID: I would argue that, as in the example below, if a device is changing its bootflash every hour, then you likely have a bug in the operating system. The ASAs used to do that, but the bug was corrected in a later revision of the OS. While it may be easy to replace the command being sent to the device, what is the effect on the rancid code downstream? While I cannot speak authoritatively about the contents of the source code, I do believe there are lines of code that are dependent on specific output strings from previous commands. "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." -Leonardo da Vinci From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Valeriy Simonov Sent: Monday, September 20, 2010 1:38 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Replace commands for specific hosts Hello! Rancid is great, but there are some situations, when some hosts make too much noise and we can't do anything with that. For example, some Cisco device update their flash too frequent, or some scripts make changes to some ACLs several times a hour. It's too annoying to receive that changes every hour, even if that information has no value. The solution could be simple: just avoid some commands or replace them. I've decided to make a patch for that. First, we should add some parameters in rancid.conf file: HOST_REPLACE_CMD=""; export HOST_REPLACE_CMD HOST_REPLACE_CMD="$HOST_REPLACE_CMD 10.1.1.1, 'show flash', 'show flash | exclude bootflash',"; export HOST_REPLACE_CMD HOST_REPLACE_CMD="$HOST_REPLACE_CMD 10.2.2.2, 'show flash', 'show flash | exclude bootflash',"; export HOST_REPLACE_CMD HOST_REPLACE_CMD="$HOST_REPLACE_CMD 10.3.3.3, 'more system:running-config', 'more system:running-config | section exclude standard ist$',"; export HOST_REPLACE_CMD That parameters are telling script to replace 'show flash' command for hosts 10.1.1.1 and 10.2.2.2 with 'show flash | exclude bootflash' to scrub bootflash info completely, and replace?'more system:running-config' for host 10.3.3.3 with 'more system:running-config | section exclude standard ist$' to exclude standard access-list with name ist from the resulting file. You should use that replacements with?certainty that you will not lose some valuable information. Number of replacements is not limited, just be sure not to skip a comma after last quote in each line (do not place comma after a double quote!). Next, we should apply a patch to rancid file with the name, ahem, 'rancid': patchpatchpatchpatchpatchpatchpatchpatchpatchpatch --- rancid.orig 2010-08-05 11:17:24.000000000 +0600 +++ rancid 2010-09-20 12:50:18.000000000 +0600 @@ -1929,6 +1929,22 @@ ? {'show running-config' => 'WriteTerm'}, ? {'write term' => 'WriteTerm'}, ?); +# Replace commands if host matches +$host_replace_cmd = $ENV{HOST_REPLACE_CMD}; + at commandreplace = (); +push(@commandreplace, $+) while $host_replace_cmd =~ m{'(.*?)'|(\S+),\s*}g; +$cr_length = $#commandreplace; +for($i = 0; $i <= $cr_length; $i = $i + 3) { + my $cr_host = $commandreplace[$i]; + if ($host eq $cr_host) { + my $cr_cmdsearch = $commandreplace[$i + 1]; + my $cr_cmdreplace = $commandreplace[$i + 2]; + my ($index) = grep { defined $commandtable[$_]{$cr_cmdsearch} } 0..$#commandtable; + my $cr_function = $commandtable[$index]{$cr_cmdsearch}; + splice(@commandtable, $index, 1, {$cr_cmdreplace => $cr_function}); + } +} + ?# Use an array to preserve the order of the commands and a hash for mapping ?# commands to the subroutine and track commands that have been completed. ?@commands = map(keys(%$_), @commandtable); patchpatchpatchpatchpatchpatchpatchpatchpatchpatch Check that everything's working fine by running "rancid -d hostname" and checking it's output. I would be glad if this patch or some similar logic will be in the next release of rancid. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From simonov at gmail.com Tue Sep 21 02:50:07 2010 From: simonov at gmail.com (Valeriy Simonov) Date: Tue, 21 Sep 2010 08:50:07 +0600 Subject: [rancid] Replace commands for specific hosts In-Reply-To: References: Message-ID: For example, latest IOS versions of Cisco ASR1000 make tracelogs and a generate lot of syslog messages when I enable archive log config. For now, I couldn't found any solution for that (disabling log config is not an option due to our policy). Also you have ignored case when specific ACL is changing constantly. With current rancid, there are no escape from lots of reports every period, and important information can be buried under all that non-valuable changes. As for line dependancy, I think that's can be a rare case, and after all it should be a user responsibility. Suggested workflow is "make command replace, test impact, leave satisfacted or repeat all above". Most paranoid and foolproof solution can be a way to exclude specific commands for specific hosts completely, but it has less flexibility. In my solution, we can add "exclude .|^$" to scrub unwanted command output or change unsupported command to some stub. And we can add some logic to change parser function for command output, that will give us more options. Anyway, output filtering is a feature that I find unfortunately missing in such a great tool as rancid. I would argue that, as in the example below, if a device is changing its bootflash every hour, then you likely have a bug in the operating system. The ASAs used to do that, but the bug was corrected in a later revision of the OS. > > While it may be easy to replace the command being sent to the device, what is the effect on the rancid code downstream? While I cannot speak authoritatively about the contents of the source code, I do believe there are lines of code that are dependent on specific output strings from previous commands. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From afort at choqolat.org Wed Sep 22 09:55:18 2010 From: afort at choqolat.org (Andrew Fort) Date: Wed, 22 Sep 2010 19:55:18 +1000 Subject: [rancid] Why in Cisco rancid configs no "Last configuration change..." string? In-Reply-To: References: Message-ID: 2010/9/9 Aleksey P : > Hello. > When we do? 'show configuration' command on Cisco device we can see at the > top of config this strings: >>sh conf > Using 72573 out of 245752 bytes > ! > ! Last configuration change at 10:59:44 MSD Wed Sep 8 2010 by user1 > ! NVRAM config last updated at 13:11:15 MSD Wed Sep 8 2010 by user1 > ! > version 12.4 > > But in configs that i receive by Rancid i see only: > Using 72573 out of 245752 bytes > ! > version 12.4 > > So, something it missed two important strings :( > By the way - in Juniper configs over Rancid all seems fine: > > ## Last commit: 2010-09-02 14:11:15 MSD by root > version 10.3R1.9; > > How can it be fixed for Cisco device? Those lines are intentionally filtered in the 'rancid' script. I believe there may have been a buggy IOS that produced spurious differentials on that output, based at least on the comment in the code. You can comment out the following in the 'rancid' script if you want to see those lines: (somewhere around line 1570) # some versions have other crap mixed in with the bits in the # block above /^! (Last configuration|NVRAM config last)/ && next; cheers, -a From daesch at telecomet.de Wed Sep 22 13:53:01 2010 From: daesch at telecomet.de (Daesch) Date: Wed, 22 Sep 2010 15:53:01 +0200 Subject: [rancid] Rancid with Iron Port Message-ID: <4C9A0A3D.6070802@telecomet.de> Dear all, we are using rancid for saving all configs from our network equipment, only one device is not working proper yet. Did somebody tried to backup a IronPort C160 config with rancid? Best regards Andreas Daesch From ler762 at gmail.com Wed Sep 22 16:35:45 2010 From: ler762 at gmail.com (Lee) Date: Wed, 22 Sep 2010 12:35:45 -0400 Subject: [rancid] parameterizing diff lines of context? Message-ID: The local security policy is that user switch ports get turned off when they're no longer being used. Which means we'll be seeing lots of "- shutdown" and "+ shutdown" as the only difference in the configs. With the default 4 lines of context, rancid isn't showing which interface changed. Is this an issue with anyone else (meaning it would be worthwhile to make it parameterized) or is this a non-issue for most people? "control_rancid" line 447 # This has been different for different machines... # Diff the directory and then checkin. trap 'rm -fr $TMP $TMP.diff $DIR/routers.single;' 1 2 15 cd $DIR if [ $RCSSYS = "cvs" ] ; then # --LR-- cvs -f diff -U 4 -ko | sed -e '/^RCS file: /d' -e '/^--- /d' \ # --LR-- 4 is not enough, 8 seems a bit much so try 6 cvs -f diff -U 6 -ko | sed -e '/^RCS file: /d' -e '/^--- /d' \ -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff else svn diff | sed -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff fi which results in: @@ -1392,13 +1392,12 @@ description xxx switchport switchport access vlan 177 switchport mode access switchport voice vlan 877 no logging event link-status - shutdown no snmp trap link-status mls qos vlan-based mls qos trust cos spanning-tree portfast ! interface GigabitEthernet4/8 Regards, Lee From ler762 at gmail.com Wed Sep 22 17:04:16 2010 From: ler762 at gmail.com (Lee) Date: Wed, 22 Sep 2010 13:04:16 -0400 Subject: [rancid] post-processing the diff listing before mailing? Message-ID: Anyone like the idea of processing the diff listing before mailing it out? I'd rather have rancid collect the configs and not mess with them - ie: rancid.conf has FILTER_PWDS=NO NOCOMMSTR=NO ACLSORT=NO but I don't want things like SNMP community strings or encrypted/obfuscated passwords being mailed out.. So my idea is post-processing the diff listing before emailing it out. Which would also let me know which configs changed so I could check the new configs & mail out a 'local config standards violations' email :) The code is really ugly, but as a proof of concept.. "control_rancid" line 447 # This has been different for different machines... # Diff the directory and then checkin. trap 'rm -fr $TMP $TMP.diff $DIR/routers.single;' 1 2 15 cd $DIR if [ $RCSSYS = "cvs" ] ; then # --LR-- cvs -f diff -U 4 -ko | sed -e '/^RCS file: /d' -e '/^--- /d' \ # --LR-- 4 is not enough, 8 seems a bit much so try 6 cvs -f diff -U 6 -ko | sed -e '/^RCS file: /d' -e '/^--- /d' \ -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff else svn diff | sed -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff fi # --LR-- begin: check configs of changed devices grep "^Index: " $TMP.diff |\ awk '/^Index: configs/{ if ( ! got1 ) { printf("echo\necho\necho Config check results:\n~/bin/ckConfig.sh ") got1=1 } printf("%s ", $2) } END{ if (got1) printf("\necho == results end ==\n") } ' >$TMP.doit /bin/sh $TMP.doit >> $TMP.diff ~/bin/sanitize.sh $TMP.diff >$TMP.doit /bin/mv $TMP.doit $TMP.diff # --LR-- end: check configs of changed devices if [ $alt_mailrcpt -eq 1 ] ; then subject="router config diffs - courtesy of $mailrcpt" else subject="router config diffs" fi Lee From cgauthier at mapscu.com Wed Sep 22 23:16:22 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Wed, 22 Sep 2010 16:16:22 -0700 Subject: [rancid] post-processing the diff listing before mailing? In-Reply-To: References: Message-ID: I do like the idea of that quite a bit. I intentionally turn off the masking in the repository, but prefer it not be mailed out. Perhaps that should just be the default setting? In any event, I like the concept a lot. Chris G. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lee Sent: Wednesday, September 22, 2010 10:04 AM To: rancid-discuss at shrubbery.net Subject: [rancid] post-processing the diff listing before mailing? Anyone like the idea of processing the diff listing before mailing it out? I'd rather have rancid collect the configs and not mess with them - ie: rancid.conf has FILTER_PWDS=NO NOCOMMSTR=NO ACLSORT=NO but I don't want things like SNMP community strings or encrypted/obfuscated passwords being mailed out.. So my idea is post-processing the diff listing before emailing it out. Which would also let me know which configs changed so I could check the new configs & mail out a 'local config standards violations' email :) The code is really ugly, but as a proof of concept.. "control_rancid" line 447 # This has been different for different machines... # Diff the directory and then checkin. trap 'rm -fr $TMP $TMP.diff $DIR/routers.single;' 1 2 15 cd $DIR if [ $RCSSYS = "cvs" ] ; then # --LR-- cvs -f diff -U 4 -ko | sed -e '/^RCS file: /d' -e '/^--- /d' \ # --LR-- 4 is not enough, 8 seems a bit much so try 6 cvs -f diff -U 6 -ko | sed -e '/^RCS file: /d' -e '/^--- /d' \ -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff else svn diff | sed -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff fi # --LR-- begin: check configs of changed devices grep "^Index: " $TMP.diff |\ awk '/^Index: configs/{ if ( ! got1 ) { printf("echo\necho\necho Config check results:\n~/bin/ckConfig.sh ") got1=1 } printf("%s ", $2) } END{ if (got1) printf("\necho == results end ==\n") } ' >$TMP.doit /bin/sh $TMP.doit >> $TMP.diff ~/bin/sanitize.sh $TMP.diff >$TMP.doit /bin/mv $TMP.doit $TMP.diff # --LR-- end: check configs of changed devices if [ $alt_mailrcpt -eq 1 ] ; then subject="router config diffs - courtesy of $mailrcpt" else subject="router config diffs" fi Lee _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From afort at choqolat.org Fri Sep 24 06:25:12 2010 From: afort at choqolat.org (Andrew Fort) Date: Fri, 24 Sep 2010 16:25:12 +1000 Subject: [rancid] helppp meeee In-Reply-To: <3bfcd289acd3c69c26330406c1fd1bbb@ivss.gob.ve> References: <3bfcd289acd3c69c26330406c1fd1bbb@ivss.gob.ve> Message-ID: On Tue, Sep 7, 2010 at 3:20 AM, jgoncalves wrote: > hourly config diffs failed: /tmp/.switches.run.lock exists > -rw-r----- 1 rancid rancid 0 Sep ?6 19:06 /tmp/.switches.run.lock For some reason, a collection crashed while it was running. Delete the file above, and the next collection will start successfully. -a From boheme at gmail.com Fri Sep 24 15:29:21 2010 From: boheme at gmail.com (Chris Knight) Date: Fri, 24 Sep 2010 08:29:21 -0700 Subject: [rancid] How do I make Rancid forget about a switch? Message-ID: Yesterday I pulled two switches and an ASA from my network. As expected, at a certain point I started getting notifications that Rancid was unable to pull the configs after X hours. So, I commented out the switches and asa from routers.db, but I am still getting alerts. Yes, I know I could google it, but I've been up for 36 hours and I'm hoping someone will show some compassion and tell me the quick fix. :) -Chris From cgauthier at mapscu.com Fri Sep 24 15:36:21 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 24 Sep 2010 08:36:21 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: References: Message-ID: According to the router.db man page (http://www.shrubbery.net/rancid/man/router.db.5.html): The state is either "up", or some other arbitrary value, e.g. "down". If the device is not marked "up" the device's configuration will not be collected. It is highly recommended that comments are made for any router not listed as up, so as to indicate the reason a router is not to be polled, e.g.: dial1.paris:cisco:up: core1.paris:cisco:down:in testing until 5/5/2001. core2.paris:cisco:ticketed:Ticket 6054234, 5/3/2001 border1.paris:juniper:up: The script "downreport" in util/ can be used to produce a report of routers in router.db that are not marked "up". Chris G. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Knight Sent: Friday, September 24, 2010 8:29 AM To: rancid-discuss Subject: [rancid] How do I make Rancid forget about a switch? Yesterday I pulled two switches and an ASA from my network. As expected, at a certain point I started getting notifications that Rancid was unable to pull the configs after X hours. So, I commented out the switches and asa from routers.db, but I am still getting alerts. Yes, I know I could google it, but I've been up for 36 hours and I'm hoping someone will show some compassion and tell me the quick fix. :) -Chris _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From boheme at gmail.com Fri Sep 24 22:19:21 2010 From: boheme at gmail.com (Chris Knight) Date: Fri, 24 Sep 2010 15:19:21 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: References: Message-ID: I have marked those devices as down, and yet I just received this email: The following routers have not been successfully contacted for more than 1 hours. -rw-rw-r-- 1 proxyit rancid 16129 Sep 24 01:46 mc-sw-26 -rw-rw-r-- 1 proxyit rancid 17963 Sep 24 01:46 mc-sw-27 -rw-rw-r-- 1 proxyit rancid 30866 Sep 24 01:46 mc-asa-254 Looks like marking them as down didn't do the trick. -Chris On Fri, Sep 24, 2010 at 8:36 AM, Chris Gauthier wrote: > According to the router.db man page (http://www.shrubbery.net/rancid/man/router.db.5.html): > > > The state is either "up", or some other arbitrary value, e.g. "down". If the device is not marked "up" the device's configuration will not be collected. It is highly recommended that comments are made for any router not listed as up, so as to indicate the reason a router is not to be polled, e.g.: > dial1.paris:cisco:up: > core1.paris:cisco:down:in testing until 5/5/2001. > core2.paris:cisco:ticketed:Ticket 6054234, 5/3/2001 > border1.paris:juniper:up: > > The script "downreport" in util/ can be used to produce a report of routers in router.db that are not marked "up". > > Chris G. > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Knight > Sent: Friday, September 24, 2010 8:29 AM > To: rancid-discuss > Subject: [rancid] How do I make Rancid forget about a switch? > > Yesterday I pulled two switches and an ASA from my network. ?As expected, at a certain point I started getting notifications that Rancid was unable to pull the configs after X hours. So, I commented out the switches and asa from routers.db, but I am still getting alerts. ?Yes, I know I could google it, but I've been up for 36 hours and I'm hoping someone will show some compassion and tell me the quick fix. ?:) > > -Chris > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > CONFIDENTIALITY NOTICE > Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From boheme at gmail.com Fri Sep 24 22:44:25 2010 From: boheme at gmail.com (Chris Knight) Date: Fri, 24 Sep 2010 15:44:25 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: <4C9D27EA.5030200@gmail.com> References: <4C9D27EA.5030200@gmail.com> Message-ID: On Fri, Sep 24, 2010 at 3:36 PM, Roy wrote: > > > Just remove them from router.db > Despite my all-nighter, the first thing I tried was commenting them out. :) That didn't work, and is why I wrote to the list. I mentioned that in the third sentence of my original post. -Chris > On 9/24/2010 3:19 PM, Chris Knight wrote: >> >> I have marked those devices as down, and yet I just received this email: >> >> The following routers have not been successfully contacted for >> more than 1 hours. >> -rw-rw-r-- ?1 proxyit ?rancid ?16129 Sep 24 01:46 mc-sw-26 >> -rw-rw-r-- ?1 proxyit ?rancid ?17963 Sep 24 01:46 mc-sw-27 >> -rw-rw-r-- ?1 proxyit ?rancid ?30866 Sep 24 01:46 mc-asa-254 >> >> >> Looks like marking them as down didn't do the trick. >> >> -Chris >> >> >> On Fri, Sep 24, 2010 at 8:36 AM, Chris Gauthier >> ?wrote: >>> >>> According to the router.db man page >>> (http://www.shrubbery.net/rancid/man/router.db.5.html): >>> >>> >>> The state is either "up", or some other arbitrary value, e.g. "down". If >>> the device is not marked "up" the device's configuration will not be >>> collected. It is highly recommended that comments are made for any router >>> not listed as up, so as to indicate the reason a router is not to be polled, >>> e.g.: >>> dial1.paris:cisco:up: >>> core1.paris:cisco:down:in testing until 5/5/2001. >>> core2.paris:cisco:ticketed:Ticket 6054234, 5/3/2001 >>> border1.paris:juniper:up: >>> >>> The script "downreport" in util/ can be used to produce a report of >>> routers in router.db that are not marked "up". >>> >>> Chris G. >>> >>> >>> -----Original Message----- >>> From: rancid-discuss-bounces at shrubbery.net >>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Knight >>> Sent: Friday, September 24, 2010 8:29 AM >>> To: rancid-discuss >>> Subject: [rancid] How do I make Rancid forget about a switch? >>> >>> Yesterday I pulled two switches and an ASA from my network. ?As expected, >>> at a certain point I started getting notifications that Rancid was unable to >>> pull the configs after X hours. So, I commented out the switches and asa >>> from routers.db, but I am still getting alerts. ?Yes, I know I could google >>> it, but I've been up for 36 hours and I'm hoping someone will show some >>> compassion and tell me the quick fix. ?:) >>> >>> -Chris >>> _______________________________________________ >> > > From boheme at gmail.com Fri Sep 24 23:09:11 2010 From: boheme at gmail.com (Chris Knight) Date: Fri, 24 Sep 2010 16:09:11 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: <1659780280-1285369469-cardhu_decombobulator_blackberry.rim.net-330177433-@bda2346.bisx.prod.on.blackberry> References: <4C9D27EA.5030200@gmail.com> <1659780280-1285369469-cardhu_decombobulator_blackberry.rim.net-330177433-@bda2346.bisx.prod.on.blackberry> Message-ID: On Fri, Sep 24, 2010 at 4:06 PM, wrote: > If these devices are being decommissioned then you can delete the line from router.db. > > Is it possible these devices are listed in another group's router.db file? I only have one router.db, and I tried commenting them out, and that didn't work. Thinking that perhaps the code was just checking timestamps on the files in the configs directory, I even deleted the local copies of the configs, and I am still getting the alerts. So, I have tried: 1) Commenting out the entries in router.db 2) Deleting the local copies of the configs. 3) Marking the entries as 'down' in router.db I appreciate everyone's suggestions. I am feeling better that despite my lack of sleep last night this is turning out to not be as simple as it sounds. :) -Chris > > -Asad > Sent from my Verizon Wireless BlackBerry > > -----Original Message----- > From: Chris Knight > Sender: rancid-discuss-bounces at shrubbery.net > Date: Fri, 24 Sep 2010 15:44:25 > To: Roy; rancid-discuss > Subject: Re: [rancid] How do I make Rancid forget about a switch? > > On Fri, Sep 24, 2010 at 3:36 PM, Roy wrote: >> >> >> Just remove them from router.db >> > > Despite my all-nighter, the first thing I tried was commenting them out. ?:) > > That didn't work, and is why I wrote to the list. I mentioned that in > the third sentence of my original post. > > -Chris > > >> On 9/24/2010 3:19 PM, Chris Knight wrote: >>> >>> I have marked those devices as down, and yet I just received this email: >>> >>> The following routers have not been successfully contacted for >>> more than 1 hours. >>> -rw-rw-r-- ?1 proxyit ?rancid ?16129 Sep 24 01:46 mc-sw-26 >>> -rw-rw-r-- ?1 proxyit ?rancid ?17963 Sep 24 01:46 mc-sw-27 >>> -rw-rw-r-- ?1 proxyit ?rancid ?30866 Sep 24 01:46 mc-asa-254 >>> >>> >>> Looks like marking them as down didn't do the trick. >>> >>> -Chris >>> >>> >>> On Fri, Sep 24, 2010 at 8:36 AM, Chris Gauthier >>> ?wrote: >>>> >>>> According to the router.db man page >>>> (http://www.shrubbery.net/rancid/man/router.db.5.html): >>>> >>>> >>>> The state is either "up", or some other arbitrary value, e.g. "down". If >>>> the device is not marked "up" the device's configuration will not be >>>> collected. It is highly recommended that comments are made for any router >>>> not listed as up, so as to indicate the reason a router is not to be polled, >>>> e.g.: >>>> dial1.paris:cisco:up: >>>> core1.paris:cisco:down:in testing until 5/5/2001. >>>> core2.paris:cisco:ticketed:Ticket 6054234, 5/3/2001 >>>> border1.paris:juniper:up: >>>> >>>> The script "downreport" in util/ can be used to produce a report of >>>> routers in router.db that are not marked "up". >>>> >>>> Chris G. >>>> >>>> >>>> -----Original Message----- >>>> From: rancid-discuss-bounces at shrubbery.net >>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Knight >>>> Sent: Friday, September 24, 2010 8:29 AM >>>> To: rancid-discuss >>>> Subject: [rancid] How do I make Rancid forget about a switch? >>>> >>>> Yesterday I pulled two switches and an ASA from my network. ?As expected, >>>> at a certain point I started getting notifications that Rancid was unable to >>>> pull the configs after X hours. So, I commented out the switches and asa >>>> from routers.db, but I am still getting alerts. ?Yes, I know I could google >>>> it, but I've been up for 36 hours and I'm hoping someone will show some >>>> compassion and tell me the quick fix. ?:) >>>> >>>> -Chris >>>>_______________________________________________ >>> >> >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From axhasan at gmail.com Fri Sep 24 23:06:40 2010 From: axhasan at gmail.com (axhasan at gmail.com) Date: Fri, 24 Sep 2010 23:06:40 +0000 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: References: <4C9D27EA.5030200@gmail.com> Message-ID: <1659780280-1285369469-cardhu_decombobulator_blackberry.rim.net-330177433-@bda2346.bisx.prod.on.blackberry> If these devices are being decommissioned then you can delete the line from router.db. Is it possible these devices are listed in another group's router.db file? -Asad Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Chris Knight Sender: rancid-discuss-bounces at shrubbery.net Date: Fri, 24 Sep 2010 15:44:25 To: Roy; rancid-discuss Subject: Re: [rancid] How do I make Rancid forget about a switch? On Fri, Sep 24, 2010 at 3:36 PM, Roy wrote: > > > Just remove them from router.db > Despite my all-nighter, the first thing I tried was commenting them out. :) That didn't work, and is why I wrote to the list. I mentioned that in the third sentence of my original post. -Chris > On 9/24/2010 3:19 PM, Chris Knight wrote: >> >> I have marked those devices as down, and yet I just received this email: >> >> The following routers have not been successfully contacted for >> more than 1 hours. >> -rw-rw-r-- ?1 proxyit ?rancid ?16129 Sep 24 01:46 mc-sw-26 >> -rw-rw-r-- ?1 proxyit ?rancid ?17963 Sep 24 01:46 mc-sw-27 >> -rw-rw-r-- ?1 proxyit ?rancid ?30866 Sep 24 01:46 mc-asa-254 >> >> >> Looks like marking them as down didn't do the trick. >> >> -Chris >> >> >> On Fri, Sep 24, 2010 at 8:36 AM, Chris Gauthier >> ?wrote: >>> >>> According to the router.db man page >>> (http://www.shrubbery.net/rancid/man/router.db.5.html): >>> >>> >>> The state is either "up", or some other arbitrary value, e.g. "down". If >>> the device is not marked "up" the device's configuration will not be >>> collected. It is highly recommended that comments are made for any router >>> not listed as up, so as to indicate the reason a router is not to be polled, >>> e.g.: >>> dial1.paris:cisco:up: >>> core1.paris:cisco:down:in testing until 5/5/2001. >>> core2.paris:cisco:ticketed:Ticket 6054234, 5/3/2001 >>> border1.paris:juniper:up: >>> >>> The script "downreport" in util/ can be used to produce a report of >>> routers in router.db that are not marked "up". >>> >>> Chris G. >>> >>> >>> -----Original Message----- >>> From: rancid-discuss-bounces at shrubbery.net >>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Knight >>> Sent: Friday, September 24, 2010 8:29 AM >>> To: rancid-discuss >>> Subject: [rancid] How do I make Rancid forget about a switch? >>> >>> Yesterday I pulled two switches and an ASA from my network. ?As expected, >>> at a certain point I started getting notifications that Rancid was unable to >>> pull the configs after X hours. So, I commented out the switches and asa >>> from routers.db, but I am still getting alerts. ?Yes, I know I could google >>> it, but I've been up for 36 hours and I'm hoping someone will show some >>> compassion and tell me the quick fix. ?:) >>> >>> -Chris >>>_______________________________________________ >> > > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From axhasan at gmail.com Sat Sep 25 00:03:38 2010 From: axhasan at gmail.com (Asad Hasan) Date: Fri, 24 Sep 2010 20:03:38 -0400 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: References: <4C9D27EA.5030200@gmail.com> <1659780280-1285369469-cardhu_decombobulator_blackberry.rim.net-330177433-@bda2346.bisx.prod.on.blackberry> Message-ID: I have configured a few devices as down and they are working fine in my environment. rancid at jp-script/home/rancid#cat data/man/router.db | grep down nagr2n-01:cisco:down routers.down file also shows the down device. rancid at jp-script/home/rancid#less data/man/routers.down nagr2n-01:cisco:down -Asad On Fri, Sep 24, 2010 at 7:09 PM, Chris Knight wrote: > On Fri, Sep 24, 2010 at 4:06 PM, wrote: > > If these devices are being decommissioned then you can delete the line > from router.db. > > > > Is it possible these devices are listed in another group's router.db > file? > > I only have one router.db, and I tried commenting them out, and that > didn't work. > > Thinking that perhaps the code was just checking timestamps on the > files in the configs directory, I even deleted the local copies of the > configs, and I am still getting the alerts. > > So, I have tried: > > 1) Commenting out the entries in router.db > 2) Deleting the local copies of the configs. > 3) Marking the entries as 'down' in router.db > > I appreciate everyone's suggestions. I am feeling better that despite > my lack of sleep last night this is turning out to not be as simple as > it sounds. :) > > -Chris > > > > > > -Asad > > Sent from my Verizon Wireless BlackBerry > > > > -----Original Message----- > > From: Chris Knight > > Sender: rancid-discuss-bounces at shrubbery.net > > Date: Fri, 24 Sep 2010 15:44:25 > > To: Roy; rancid-discuss< > Rancid-discuss at shrubbery.net> > > Subject: Re: [rancid] How do I make Rancid forget about a switch? > > > > On Fri, Sep 24, 2010 at 3:36 PM, Roy wrote: > >> > >> > >> Just remove them from router.db > >> > > > > Despite my all-nighter, the first thing I tried was commenting them out. > :) > > > > That didn't work, and is why I wrote to the list. I mentioned that in > > the third sentence of my original post. > > > > -Chris > > > > > >> On 9/24/2010 3:19 PM, Chris Knight wrote: > >>> > >>> I have marked those devices as down, and yet I just received this > email: > >>> > >>> The following routers have not been successfully contacted for > >>> more than 1 hours. > >>> -rw-rw-r-- 1 proxyit rancid 16129 Sep 24 01:46 mc-sw-26 > >>> -rw-rw-r-- 1 proxyit rancid 17963 Sep 24 01:46 mc-sw-27 > >>> -rw-rw-r-- 1 proxyit rancid 30866 Sep 24 01:46 mc-asa-254 > >>> > >>> > >>> Looks like marking them as down didn't do the trick. > >>> > >>> -Chris > >>> > >>> > >>> On Fri, Sep 24, 2010 at 8:36 AM, Chris Gauthier > >>> wrote: > >>>> > >>>> According to the router.db man page > >>>> (http://www.shrubbery.net/rancid/man/router.db.5.html): > >>>> > >>>> > >>>> The state is either "up", or some other arbitrary value, e.g. "down". > If > >>>> the device is not marked "up" the device's configuration will not be > >>>> collected. It is highly recommended that comments are made for any > router > >>>> not listed as up, so as to indicate the reason a router is not to be > polled, > >>>> e.g.: > >>>> dial1.paris:cisco:up: > >>>> core1.paris:cisco:down:in testing until 5/5/2001. > >>>> core2.paris:cisco:ticketed:Ticket 6054234, 5/3/2001 > >>>> border1.paris:juniper:up: > >>>> > >>>> The script "downreport" in util/ can be used to produce a report of > >>>> routers in router.db that are not marked "up". > >>>> > >>>> Chris G. > >>>> > >>>> > >>>> -----Original Message----- > >>>> From: rancid-discuss-bounces at shrubbery.net > >>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris > Knight > >>>> Sent: Friday, September 24, 2010 8:29 AM > >>>> To: rancid-discuss > >>>> Subject: [rancid] How do I make Rancid forget about a switch? > >>>> > >>>> Yesterday I pulled two switches and an ASA from my network. As > expected, > >>>> at a certain point I started getting notifications that Rancid was > unable to > >>>> pull the configs after X hours. So, I commented out the switches and > asa > >>>> from routers.db, but I am still getting alerts. Yes, I know I could > google > >>>> it, but I've been up for 36 hours and I'm hoping someone will show > some > >>>> compassion and tell me the quick fix. :) > >>>> > >>>> -Chris > >>>>_______________________________________________ > >>> > >> > >> > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From r.engehausen at gmail.com Sat Sep 25 04:39:00 2010 From: r.engehausen at gmail.com (Roy) Date: Fri, 24 Sep 2010 21:39:00 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: References: <4C9D27EA.5030200@gmail.com> Message-ID: <4C9D7CE4.7030506@gmail.com> On 9/24/2010 3:44 PM, Chris Knight wrote: > On Fri, Sep 24, 2010 at 3:36 PM, Roy wrote: >> >> Just remove them from router.db >> > Despite my all-nighter, the first thing I tried was commenting them out. :) > > That didn't work, and is why I wrote to the list. I mentioned that in > the third sentence of my original post. > > -Chris > > Don't comment them out, remove them from router.db. You can always add them back in later if they return. From boheme at gmail.com Sat Sep 25 05:29:17 2010 From: boheme at gmail.com (Chris Knight) Date: Fri, 24 Sep 2010 22:29:17 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: <4C9D7CE4.7030506@gmail.com> References: <4C9D27EA.5030200@gmail.com> <4C9D7CE4.7030506@gmail.com> Message-ID: On Fri, Sep 24, 2010 at 9:39 PM, Roy wrote: > > > Don't comment them out, remove them from router.db. ?You can always add them > back in later if they return. Does Rancid ignore commented lines? That hasn't been my experience so far. But, I am willing to give it a try. I deleted the config lines, rather than just commenting them out. Then I ran rancid-run. I still get the warning message. Is this crazy or what? I KNOW that rancid is using this router.db file because I added a new switch to it today and it picked that up, even if it won't ignore the devices I removed. -Chris From boheme at gmail.com Sat Sep 25 05:44:07 2010 From: boheme at gmail.com (Chris Knight) Date: Fri, 24 Sep 2010 22:44:07 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: References: <4C9D27EA.5030200@gmail.com> <4C9D7CE4.7030506@gmail.com> Message-ID: On Fri, Sep 24, 2010 at 10:29 PM, Chris Knight wrote: > Does Rancid ignore commented lines? ?That hasn't been my experience so > far. ?But, I am willing to give it a try. Sorry, I meant to say "Does Rancid ignore the comment aspect of a commented line? That hasn't been my experience so far." Despite my failure to be clear, deleting the lines (rather than commenting) has failed to end the warning emails. -Chris From rancid at ale.cx Sat Sep 25 08:17:44 2010 From: rancid at ale.cx (Alex DEKKER) Date: Sat, 25 Sep 2010 09:17:44 +0100 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: References: Message-ID: <201009250917.44649.rancid@ale.cx> On Saturday 25 September 2010 06:44:07 Chris Knight wrote: > Sorry, I meant to say "Does Rancid ignore the comment aspect of a > commented line? That hasn't been my experience so far." I've noticed that a comment is only respected if it's the first character on the line. I tried putting a comment after the status of the router [something like router1:cisco:up # this is one of Bob's routers router2:cisco:up # another one of Bob's ] and it didn't work. The reason I wanted a comment on the line was so that I could easily match it with grep, to email all of Bob's configs to him once a week. I found another way in the end, but it's something to watch out for. alexd From bobthebaritone at gmail.com Sun Sep 26 08:48:42 2010 From: bobthebaritone at gmail.com (bob watson) Date: Sun, 26 Sep 2010 18:48:42 +1000 Subject: [rancid] helppp meeee In-Reply-To: References: <3bfcd289acd3c69c26330406c1fd1bbb@ivss.gob.ve> Message-ID: Be sure though why the lock file is there. Were there any failures in collection? What caused the lock file to be left? Is your backup cycle taking more than an hour? Cheers, Bob On 24 September 2010 16:25, Andrew Fort wrote: > On Tue, Sep 7, 2010 at 3:20 AM, jgoncalves wrote: >> hourly config diffs failed: /tmp/.switches.run.lock exists >> -rw-r----- 1 rancid rancid 0 Sep ?6 19:06 /tmp/.switches.run.lock > > For some reason, a collection crashed while it was running. ?Delete > the file above, and the next collection will start successfully. > > -a > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From networking at hostalia.com Mon Sep 27 14:21:13 2010 From: networking at hostalia.com (=?UTF-8?B?ScOxYWtpIE1hcnRpbmV6IERpZXo=?=) Date: Mon, 27 Sep 2010 16:21:13 +0200 Subject: [rancid] Rancid shell can be Bash ? Message-ID: <4CA0A859.7050603@hostalia.com> Hello, Rancid has as shell /bin/tcsh but for me is ugly so i want to use Bash, can i change tcsh to Bash witthout problems ? Thank you. From mclark at phyber.com Fri Sep 24 16:57:04 2010 From: mclark at phyber.com (Max Clark) Date: Fri, 24 Sep 2010 09:57:04 -0700 Subject: [rancid] Patton 4960 Gateway Message-ID: Hello, I'm curious if anyone has scripts to connect and manage a Patton 4960 gateway. Thanks in advance, Max From qui_wan_chong at yahoo.de Tue Sep 21 21:08:23 2010 From: qui_wan_chong at yahoo.de (needle) Date: Tue, 21 Sep 2010 21:08:23 +0000 (UTC) Subject: [rancid] SVN error References: <13a985af30b2003fff82c1197d9572e5.squirrel@home.iip.lu> Message-ID: roth.lu> writes: > > I seem to have resolved the aforementioned problem with SVN using the > attached patch (against v2.3.5). > > Regards, > JM > > Attachment (rancid-svn.patch): application/octet-stream, 311 bytes > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss This patch seems to fix that problem with svn, I ran into the same issue with RANCID 2.3.5. using subversion 1.6.12 Tested your patch, and it works. Thanks needle From rthompson at folica.com Mon Sep 27 19:47:59 2010 From: rthompson at folica.com (Russ Thompson) Date: Mon, 27 Sep 2010 15:47:59 -0400 Subject: [rancid] Unable to run clogin due to CISCO_USER issue. Message-ID: When running clogin, getting the following error: clogin: line 87: syntax error near unexpected token `(' clogin: line 87: `if {[ info exists $env(CISCO_USER) ]} {' Rancid is working fine, however clogin cannot be used for testing purposes, searching yields no results. Thanks, Russ -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Sep 27 22:52:57 2010 From: heas at shrubbery.net (Heasley) Date: Mon, 27 Sep 2010 15:52:57 -0700 Subject: [rancid] Rancid shell can be Bash ? In-Reply-To: <4CA0A859.7050603@hostalia.com> References: <4CA0A859.7050603@hostalia.com> Message-ID: <1DFBC8A3-ABD2-4FFD-AF36-90E478DDB091@shrubbery.net> On Sep 27, 2010, at 7:21, I?aki Martinez Diez wrote: > Rancid has as shell /bin/tcsh but for me is ugly so i want to use Bash, can i change tcsh to Bash witthout problems ? Yes, with the usual caveats about rc files and path env variable From bobthebaritone at gmail.com Tue Sep 28 00:03:29 2010 From: bobthebaritone at gmail.com (bob watson) Date: Tue, 28 Sep 2010 10:03:29 +1000 Subject: [rancid] Rancid shell can be Bash ? In-Reply-To: <4CA0A859.7050603@hostalia.com> References: <4CA0A859.7050603@hostalia.com> Message-ID: I?aki The dependency is really with expect and PERL for RANCID. We are running BASH with no problems at all! Bob Watson @ AAPT, Sydney 2010/9/28 I?aki Martinez Diez > Hello, > > Rancid has as shell /bin/tcsh but for me is ugly so i want to use Bash, > can i change tcsh to Bash witthout problems ? > > Thank you. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tias at netnod.se Tue Sep 28 08:39:59 2010 From: tias at netnod.se (Mathias Wolkert) Date: Tue, 28 Sep 2010 10:39:59 +0200 Subject: [rancid] hlogin hangs after "Press any key" In-Reply-To: References: Message-ID: Hi all I'm new to rancid and have an issue. All ciscos, quaggas and brocades are working as expected and I'm very happy. Unfortunately I have a bunch of procurves and can't get them in line. I run debian lenny and the provided package rancid-core-2.3.2~a8-4. I just dl:ed rancid-2.3.5.tar.gz, compiled and tried the fresher hlogin with same result. It logs in alright but hangs after the license banner and the "Press any key to continue" with the prompt "hostname>" until it times out. Google has not given me any help but my fingers are fairly big... Any help is much appreciated. /Tias From mstefani at redhat.com Tue Sep 28 08:45:34 2010 From: mstefani at redhat.com (Michael Stefaniuc) Date: Tue, 28 Sep 2010 10:45:34 +0200 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: References: <4C9D27EA.5030200@gmail.com> <1659780280-1285369469-cardhu_decombobulator_blackberry.rim.net-330177433-@bda2346.bisx.prod.on.blackberry> Message-ID: <4CA1AB2E.8080502@redhat.com> Chris Knight wrote: > On Fri, Sep 24, 2010 at 4:06 PM, wrote: >> If these devices are being decommissioned then you can delete the line from router.db. >> >> Is it possible these devices are listed in another group's router.db file? > > I only have one router.db, and I tried commenting them out, and that > didn't work. > > Thinking that perhaps the code was just checking timestamps on the > files in the configs directory, I even deleted the local copies of the > configs, and I am still getting the alerts. > > So, I have tried: > > 1) Commenting out the entries in router.db > 2) Deleting the local copies of the configs. > 3) Marking the entries as 'down' in router.db All are valid ways to take stuff out of the backup and I used all three. > I appreciate everyone's suggestions. I am feeling better that despite > my lack of sleep last night this is turning out to not be as simple as > it sounds. :) Did you cvs/svn commit your changes to router.db? Easy to miss in the heat of the battle. bye michael >> -Asad >> Sent from my Verizon Wireless BlackBerry >> >> -----Original Message----- >> From: Chris Knight >> Sender: rancid-discuss-bounces at shrubbery.net >> Date: Fri, 24 Sep 2010 15:44:25 >> To: Roy; rancid-discuss >> Subject: Re: [rancid] How do I make Rancid forget about a switch? >> >> On Fri, Sep 24, 2010 at 3:36 PM, Roy wrote: >>> >>> Just remove them from router.db >>> >> Despite my all-nighter, the first thing I tried was commenting them out. :) >> >> That didn't work, and is why I wrote to the list. I mentioned that in >> the third sentence of my original post. >> >> -Chris >> >> >>> On 9/24/2010 3:19 PM, Chris Knight wrote: >>>> I have marked those devices as down, and yet I just received this email: >>>> >>>> The following routers have not been successfully contacted for >>>> more than 1 hours. >>>> -rw-rw-r-- 1 proxyit rancid 16129 Sep 24 01:46 mc-sw-26 >>>> -rw-rw-r-- 1 proxyit rancid 17963 Sep 24 01:46 mc-sw-27 >>>> -rw-rw-r-- 1 proxyit rancid 30866 Sep 24 01:46 mc-asa-254 >>>> >>>> >>>> Looks like marking them as down didn't do the trick. >>>> >>>> -Chris >>>> >>>> >>>> On Fri, Sep 24, 2010 at 8:36 AM, Chris Gauthier >>>> wrote: >>>>> According to the router.db man page >>>>> (http://www.shrubbery.net/rancid/man/router.db.5.html): >>>>> >>>>> >>>>> The state is either "up", or some other arbitrary value, e.g. "down". If >>>>> the device is not marked "up" the device's configuration will not be >>>>> collected. It is highly recommended that comments are made for any router >>>>> not listed as up, so as to indicate the reason a router is not to be polled, >>>>> e.g.: >>>>> dial1.paris:cisco:up: >>>>> core1.paris:cisco:down:in testing until 5/5/2001. >>>>> core2.paris:cisco:ticketed:Ticket 6054234, 5/3/2001 >>>>> border1.paris:juniper:up: >>>>> >>>>> The script "downreport" in util/ can be used to produce a report of >>>>> routers in router.db that are not marked "up". >>>>> >>>>> Chris G. >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: rancid-discuss-bounces at shrubbery.net >>>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Knight >>>>> Sent: Friday, September 24, 2010 8:29 AM >>>>> To: rancid-discuss >>>>> Subject: [rancid] How do I make Rancid forget about a switch? >>>>> >>>>> Yesterday I pulled two switches and an ASA from my network. As expected, >>>>> at a certain point I started getting notifications that Rancid was unable to >>>>> pull the configs after X hours. So, I commented out the switches and asa >>>>> from routers.db, but I am still getting alerts. Yes, I know I could google >>>>> it, but I've been up for 36 hours and I'm hoping someone will show some >>>>> compassion and tell me the quick fix. :) -- Michael Stefaniuc Tel.: +49-711-96437-199 Consulting Communications Engineer Fax.: +49-711-96437-111 -------------------------------------------------------------------- Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach Handelsregister: Amtsgericht Muenchen HRB 153243 Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, Charles Cachera From George.Nussbaum at l-3com.com Tue Sep 28 16:04:59 2010 From: George.Nussbaum at l-3com.com (George.Nussbaum at l-3com.com) Date: Tue, 28 Sep 2010 12:04:59 -0400 Subject: [rancid] Rancid and CVSWEB - cannot find CVS roots Message-ID: I'm seeing some weirdness with CVSWEB. When I run my http://server/rancid I get: "Error: No valid CVS roots found! See @CVSrepositories in the configuration file" I looked in my httpd error log and found this: "Root '/usr/local/rancid/CVS' defined in @CVSrepositories is not a directory, entry ignored at /var/www/cgi-bin/cvsweb.cgi line 481." Now I know that the directory does exist. Any ideas why this is happening? George Nussbaum | Sr. Systems Administrator | L-3 Communications SDS 10E Commerce Way, Woburn, MA 01801 O: 781.939.3866 | M: 781.985.5081 | F: 781.939.3996 | Email: George.Nussbaum at L-3com.com | www.sds.l-3com.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From bmahaffey at pelco.com Tue Sep 28 16:25:37 2010 From: bmahaffey at pelco.com (Mahaffey, Brian) Date: Tue, 28 Sep 2010 09:25:37 -0700 Subject: [rancid] Rancid and CVSWEB - cannot find CVS roots In-Reply-To: References: Message-ID: <4BBAF403456ED74981E7164ED3A4C224024DEB61@CA-EVS02.pelco.org> Mine was a permission problem with cvsweb.cgi chmod a+x cvsweb.cgi From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of George.Nussbaum at l-3com.com Sent: Tuesday, September 28, 2010 9:05 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and CVSWEB - cannot find CVS roots I'm seeing some weirdness with CVSWEB. When I run my http://server/rancid I get: "Error: No valid CVS roots found! See @CVSrepositories in the configuration file" I looked in my httpd error log and found this: "Root '/usr/local/rancid/CVS' defined in @CVSrepositories is not a directory, entry ignored at /var/www/cgi-bin/cvsweb.cgi line 481." Now I know that the directory does exist. Any ideas why this is happening? George Nussbaum | Sr. Systems Administrator | L-3 Communications SDS 10E Commerce Way, Woburn, MA 01801 O: 781.939.3866 | M: 781.985.5081 | F: 781.939.3996 | Email: George.Nussbaum at L-3com.com | www.sds.l-3com.com This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.S.Peatfield at damtp.cam.ac.uk Tue Sep 28 17:06:30 2010 From: J.S.Peatfield at damtp.cam.ac.uk (Jon Peatfield) Date: Tue, 28 Sep 2010 18:06:30 +0100 (BST) Subject: [rancid] sorting output from custom commands... Message-ID: I added a quick hack to our rancid (2.3.4) setup to record the output of running: show cdp neighbors detail to hrancid and rancid (we only have Cisco and HP procurve switches). On the newer versions of the HP porocurve firmware (all 2610-xx models) each (cisco 79xx) phone device shows up as two device-ids, and it appears that every time a handset is connected those devices appear in a random order. So at the moment we get spurious change messages swapping the order of the two entries (both on the same port). I'm not very familiar with how ProcessHistory works, so I don't know if there is a trick I can use to get it to do the sorting for me. I did already write a piece of code to store the data in a hash by device-id and only call ProcessHistory when we notice that the port in the output has changed, but I lost that by accidentally zapping the directory I was testing in (oops). I can re-do that work easily enough but since other stuff has to handle output in different orders I wonder if I'm wasting my time... -- Jon -- /--------------------------------------------------------------------\ | "Computers are different from telephones. Computers do not ring." | | -- A. Tanenbaum, "Computer Networks", p. 32 | ---------------------------------------------------------------------| | Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge | | Mail: jp107 at damtp.cam.ac.uk Web: http://www.damtp.cam.ac.uk/ | \--------------------------------------------------------------------/ From George.Nussbaum at l-3com.com Tue Sep 28 17:08:57 2010 From: George.Nussbaum at l-3com.com (George.Nussbaum at l-3com.com) Date: Tue, 28 Sep 2010 13:08:57 -0400 Subject: [rancid] Rancid and CVSWEB - cannot find CVS roots In-Reply-To: <4BBAF403456ED74981E7164ED3A4C224024DEB61@CA-EVS02.pelco.org> References: <4BBAF403456ED74981E7164ED3A4C224024DEB61@CA-EVS02.pelco.org> Message-ID: Thanks for the tip, but that didn't fix my issue as the appropriate permissions are set. Any other ideas?? George Nussbaum | Sr. Systems Administrator | L-3 Communications SDS 10E Commerce Way, Woburn, MA 01801 O: 781.939.3866 | M: 781.985.5081 | F: 781.939.3996 | Email: George.Nussbaum at L-3com.com | www.sds.l-3com.com From: Mahaffey, Brian [mailto:bmahaffey at pelco.com] Sent: Tuesday, September 28, 2010 12:26 PM To: Nussbaum, George @ SDS; rancid-discuss at shrubbery.net Subject: RE: [rancid] Rancid and CVSWEB - cannot find CVS roots Mine was a permission problem with cvsweb.cgi chmod a+x cvsweb.cgi From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of George.Nussbaum at l-3com.com Sent: Tuesday, September 28, 2010 9:05 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and CVSWEB - cannot find CVS roots I'm seeing some weirdness with CVSWEB. When I run my http://server/rancid I get: "Error: No valid CVS roots found! See @CVSrepositories in the configuration file" I looked in my httpd error log and found this: "Root '/usr/local/rancid/CVS' defined in @CVSrepositories is not a directory, entry ignored at /var/www/cgi-bin/cvsweb.cgi line 481." Now I know that the directory does exist. Any ideas why this is happening? George Nussbaum | Sr. Systems Administrator | L-3 Communications SDS 10E Commerce Way, Woburn, MA 01801 O: 781.939.3866 | M: 781.985.5081 | F: 781.939.3996 | Email: George.Nussbaum at L-3com.com | www.sds.l-3com.com This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bmahaffey at pelco.com Tue Sep 28 17:30:18 2010 From: bmahaffey at pelco.com (Mahaffey, Brian) Date: Tue, 28 Sep 2010 10:30:18 -0700 Subject: [rancid] Rancid and CVSWEB - cannot find CVS roots In-Reply-To: References: <4BBAF403456ED74981E7164ED3A4C224024DEB61@CA-EVS02.pelco.org> Message-ID: <4BBAF403456ED74981E7164ED3A4C224024DEB96@CA-EVS02.pelco.org> You may have missed a step in the configuration process. Usually I go back and verify each step and come across something that I missed and everything works perfectly. Sorry but the error output isn't very helpful for a router guy like me. -rwxr-xr-x 1 root root 126299 Sep 15 2006 /var/www/cgi-bin/cvsweb.cgi @CVSrepositories = ( 'local' => ['Local Repository', '/mnt/iscsi/apps/rancid/data/CVS'], From: George.Nussbaum at l-3com.com [mailto:George.Nussbaum at l-3com.com] Sent: Tuesday, September 28, 2010 10:09 AM To: Mahaffey, Brian; rancid-discuss at shrubbery.net Subject: RE: [rancid] Rancid and CVSWEB - cannot find CVS roots Thanks for the tip, but that didn't fix my issue as the appropriate permissions are set. Any other ideas?? George Nussbaum | Sr. Systems Administrator | L-3 Communications SDS 10E Commerce Way, Woburn, MA 01801 O: 781.939.3866 | M: 781.985.5081 | F: 781.939.3996 | Email: George.Nussbaum at L-3com.com | www.sds.l-3com.com From: Mahaffey, Brian [mailto:bmahaffey at pelco.com] Sent: Tuesday, September 28, 2010 12:26 PM To: Nussbaum, George @ SDS; rancid-discuss at shrubbery.net Subject: RE: [rancid] Rancid and CVSWEB - cannot find CVS roots Mine was a permission problem with cvsweb.cgi chmod a+x cvsweb.cgi From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of George.Nussbaum at l-3com.com Sent: Tuesday, September 28, 2010 9:05 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and CVSWEB - cannot find CVS roots I'm seeing some weirdness with CVSWEB. When I run my http://server/rancid I get: "Error: No valid CVS roots found! See @CVSrepositories in the configuration file" I looked in my httpd error log and found this: "Root '/usr/local/rancid/CVS' defined in @CVSrepositories is not a directory, entry ignored at /var/www/cgi-bin/cvsweb.cgi line 481." Now I know that the directory does exist. Any ideas why this is happening? George Nussbaum | Sr. Systems Administrator | L-3 Communications SDS 10E Commerce Way, Woburn, MA 01801 O: 781.939.3866 | M: 781.985.5081 | F: 781.939.3996 | Email: George.Nussbaum at L-3com.com | www.sds.l-3com.com This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From George.Nussbaum at l-3com.com Tue Sep 28 17:32:59 2010 From: George.Nussbaum at l-3com.com (George.Nussbaum at l-3com.com) Date: Tue, 28 Sep 2010 13:32:59 -0400 Subject: [rancid] Rancid and CVSWEB - cannot find CVS roots In-Reply-To: <4BBAF403456ED74981E7164ED3A4C224024DEB96@CA-EVS02.pelco.org> References: <4BBAF403456ED74981E7164ED3A4C224024DEB61@CA-EVS02.pelco.org> <4BBAF403456ED74981E7164ED3A4C224024DEB96@CA-EVS02.pelco.org> Message-ID: I fixed it. It was a group issue. I had to add apache and rancid to my netadm group. George Nussbaum | Sr. Systems Administrator | L-3 Communications SDS 10E Commerce Way, Woburn, MA 01801 O: 781.939.3866 | M: 781.985.5081 | F: 781.939.3996 | Email: George.Nussbaum at L-3com.com | www.sds.l-3com.com From: Mahaffey, Brian [mailto:bmahaffey at pelco.com] Sent: Tuesday, September 28, 2010 1:30 PM To: Nussbaum, George @ SDS; rancid-discuss at shrubbery.net Subject: RE: [rancid] Rancid and CVSWEB - cannot find CVS roots You may have missed a step in the configuration process. Usually I go back and verify each step and come across something that I missed and everything works perfectly. Sorry but the error output isn't very helpful for a router guy like me. -rwxr-xr-x 1 root root 126299 Sep 15 2006 /var/www/cgi-bin/cvsweb.cgi @CVSrepositories = ( 'local' => ['Local Repository', '/mnt/iscsi/apps/rancid/data/CVS'], From: George.Nussbaum at l-3com.com [mailto:George.Nussbaum at l-3com.com] Sent: Tuesday, September 28, 2010 10:09 AM To: Mahaffey, Brian; rancid-discuss at shrubbery.net Subject: RE: [rancid] Rancid and CVSWEB - cannot find CVS roots Thanks for the tip, but that didn't fix my issue as the appropriate permissions are set. Any other ideas?? George Nussbaum | Sr. Systems Administrator | L-3 Communications SDS 10E Commerce Way, Woburn, MA 01801 O: 781.939.3866 | M: 781.985.5081 | F: 781.939.3996 | Email: George.Nussbaum at L-3com.com | www.sds.l-3com.com From: Mahaffey, Brian [mailto:bmahaffey at pelco.com] Sent: Tuesday, September 28, 2010 12:26 PM To: Nussbaum, George @ SDS; rancid-discuss at shrubbery.net Subject: RE: [rancid] Rancid and CVSWEB - cannot find CVS roots Mine was a permission problem with cvsweb.cgi chmod a+x cvsweb.cgi From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of George.Nussbaum at l-3com.com Sent: Tuesday, September 28, 2010 9:05 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and CVSWEB - cannot find CVS roots I'm seeing some weirdness with CVSWEB. When I run my http://server/rancid I get: "Error: No valid CVS roots found! See @CVSrepositories in the configuration file" I looked in my httpd error log and found this: "Root '/usr/local/rancid/CVS' defined in @CVSrepositories is not a directory, entry ignored at /var/www/cgi-bin/cvsweb.cgi line 481." Now I know that the directory does exist. Any ideas why this is happening? George Nussbaum | Sr. Systems Administrator | L-3 Communications SDS 10E Commerce Way, Woburn, MA 01801 O: 781.939.3866 | M: 781.985.5081 | F: 781.939.3996 | Email: George.Nussbaum at L-3com.com | www.sds.l-3com.com This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Sep 28 22:28:01 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 28 Sep 2010 15:28:01 -0700 Subject: [rancid] sorting output from custom commands... In-Reply-To: References: Message-ID: <20100928222801.GX22917@shrubbery.net> Tue, Sep 28, 2010 at 06:06:30PM +0100, Jon Peatfield: > I added a quick hack to our rancid (2.3.4) setup to record the output of > running: > > show cdp neighbors detail > > to hrancid and rancid (we only have Cisco and HP procurve switches). > > On the newer versions of the HP porocurve firmware (all 2610-xx models) > each (cisco 79xx) phone device shows up as two device-ids, and it appears > that every time a handset is connected those devices appear in a random > order. > > So at the moment we get spurious change messages swapping the order of > the two entries (both on the same port). > > I'm not very familiar with how ProcessHistory works, so I don't know if > there is a trick I can use to get it to do the sorting for me. I did > already write a piece of code to store the data in a hash by device-id > and only call ProcessHistory when we notice that the port in the output > has changed, but I lost that by accidentally zapping the directory I was > testing in (oops). I can re-do that work easily enough but since other > stuff has to handle output in different orders I wonder if I'm wasting my > time... ProcessHistory(tag, command, command_arg, data) data is added the buffer, by command with command_arg (if specified), unless tag or command has changed since the last call, in which case the buffer would be flushed before calling command. a good example, where $aclsort = "ipsort" (the function) # order access-lists /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next; From heas at shrubbery.net Tue Sep 28 23:11:51 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 28 Sep 2010 16:11:51 -0700 Subject: [rancid] Unable to run clogin due to CISCO_USER issue. In-Reply-To: References: Message-ID: <20100928231151.GD23669@shrubbery.net> Mon, Sep 27, 2010 at 03:47:59PM -0400, Russ Thompson: > When running clogin, getting the following error: > > > > clogin: line 87: syntax error near unexpected token `(' > > clogin: line 87: `if {[ info exists $env(CISCO_USER) ]} {' > > > > Rancid is working fine, however clogin cannot be used for testing > purposes, searching yields no results. are you setting this environment variable? if so, to what? what version of expect? From heas at shrubbery.net Tue Sep 28 23:12:57 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 28 Sep 2010 16:12:57 -0700 Subject: [rancid] hlogin hangs after "Press any key" In-Reply-To: References: Message-ID: <20100928231257.GE23669@shrubbery.net> Tue, Sep 28, 2010 at 10:39:59AM +0200, Mathias Wolkert: > Hi all > > I'm new to rancid and have an issue. > All ciscos, quaggas and brocades are working as expected and I'm very happy. > Unfortunately I have a bunch of procurves and can't get them in line. > > I run debian lenny and the provided package rancid-core-2.3.2~a8-4. > I just dl:ed rancid-2.3.5.tar.gz, compiled and tried the fresher hlogin with same result. and updated hpuifilter? > It logs in alright but hangs after the license banner and the "Press any key to continue" > with the prompt "hostname>" until it times out. > > Google has not given me any help but my fingers are fairly big... > > Any help is much appreciated. > > /Tias > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Wed Sep 29 00:05:00 2010 From: heas at shrubbery.net (Heasley) Date: Tue, 28 Sep 2010 17:05:00 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: <4C9D7CE4.7030506@gmail.com> References: <4C9D27EA.5030200@gmail.com> <4C9D7CE4.7030506@gmail.com> Message-ID: On Sep 24, 2010, at 21:39, Roy wrote: > ines: 24 > > > > On 9/24/2010 3:44 PM, Chris Knight wrote: >> On Fri, Sep 24, 2010 at 3:36 PM, Roy wrote: >>> >>> Just remove them from router.db >>> >> Despite my all-nighter, the first thing I tried was commenting them out. :) >> >> That didn't work, and is why I wrote to the list. I mentioned that in >> the third sentence of my original post. >> -Chris >> >> > > Don't comment them out, remove them from router.db. You can always add them back in later if they return. Commenting is fine From heas at shrubbery.net Wed Sep 29 00:08:36 2010 From: heas at shrubbery.net (Heasley) Date: Tue, 28 Sep 2010 17:08:36 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: <201009250917.44649.rancid@ale.cx> References: <201009250917.44649.rancid@ale.cx> Message-ID: <7A60AA30-EE7A-4F6A-B43E-ADA61D726969@shrubbery.net> On Sep 25, 2010, at 1:17, Alex DEKKER wrote: > ines: 23 > > On Saturday 25 September 2010 06:44:07 Chris Knight wrote: > >> Sorry, I meant to say "Does Rancid ignore the comment aspect of a >> commented line? That hasn't been my experience so far." > > I've noticed that a comment is only respected if it's the first character on > the line. I tried putting a comment after the status of the router [something > like > > router1:cisco:up # this is one of Bob's routers To do this just replace your # with : From heas at shrubbery.net Wed Sep 29 00:10:26 2010 From: heas at shrubbery.net (Heasley) Date: Tue, 28 Sep 2010 17:10:26 -0700 Subject: [rancid] How do I make Rancid forget about a switch? In-Reply-To: References: Message-ID: <255E2180-8149-42F9-B4D9-51DBA723FF38@shrubbery.net> On Sep 24, 2010, at 15:19, Chris Knight wrote: > ines: 75 > > I have marked those devices as down, and yet I just received this email: > > The following routers have not been successfully contacted for > more than 1 hours. > -rw-rw-r-- 1 proxyit rancid 16129 Sep 24 01:46 mc-sw-26 > -rw-rw-r-- 1 proxyit rancid 17963 Sep 24 01:46 mc-sw-27 > -rw-rw-r-- 1 proxyit rancid 30866 Sep 24 01:46 mc-asa-254 > > > Looks like marking them as down didn't do the trick. Are they in group/routers.up? From J.S.Peatfield at damtp.cam.ac.uk Wed Sep 29 00:45:45 2010 From: J.S.Peatfield at damtp.cam.ac.uk (Jon Peatfield) Date: Wed, 29 Sep 2010 01:45:45 +0100 (BST) Subject: [rancid] sorting output from custom commands... In-Reply-To: <20100928222801.GX22917@shrubbery.net> References: <20100928222801.GX22917@shrubbery.net> Message-ID: On Tue, 28 Sep 2010, john heasley wrote: > ProcessHistory(tag, command, command_arg, data) > > data is added the buffer, by command with command_arg (if specified), > unless tag or command has changed since the last call, in which case > the buffer would be flushed before calling command. > > a good example, where $aclsort = "ipsort" (the function) > > # order access-lists > /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && > ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next; So since the output is multi-line per section/device I guess I still need to collect together the lines for each device-id so we can pass that in the string that the sort function uses... I'm including a few some bits of output from a switch: fl10-v2# show cdp nei det CDP neighbors information Port : 1 Device ID : SEP001FCA369E19 Address Type : IP Address : 172.18.18.179 Platform : SIP11.8-5-3SCisco IP Phone 7911 Capability : Device Port : Port 1 Version : SIP11.8-5-3SCisco IP Phone 7911 ------------------------------------------------------------------------------ Port : 1 Device ID : 01 ac 12 12 b3 Address Type : IP Address : 172.18.18.179 Platform : Cisco IP Phone 7911G,V5, SIP11.8-5-3S Capability : Switch Device Port : 001FCA369E19:P1 Version : Cisco IP Phone 7911G,V5, SIP11.8-5-3S ------------------------------------------------------------------------------ Port : 2 Device ID : SEP001FCA369FE8 Address Type : IP Address : 172.18.18.181 Platform : SIP11.8-5-3SCisco IP Phone 7911 Capability : Device Port : Port 1 Version : SIP11.8-5-3SCisco IP Phone 7911 ------------------------------------------------------------------------------ Port : 2 Device ID : 01 ac 12 12 b5 Address Type : IP Address : 172.18.18.181 Platform : Cisco IP Phone 7911G,V5, SIP11.8-5-3S Capability : Switch Device Port : 001FCA369FE8:P1 Version : Cisco IP Phone 7911G,V5, SIP11.8-5-3S ... For each block of lines corresponding to a device I need to call ProcessHistory with the device-id as something to sort on... Or in code something like: my $currport=' '; my $deviceid=''; my $cdpdblock=''; while () { ... usual-tests and skip junk... if (/^\s*Port\s*:\s*(.*)/) { my $newport=$1; # send any previous device-block ProcessHistory("COMMENTS$currport","keysort","IO $deviceid",$cdpdblock); $currport=$newport; $cdpdblock=''; $deviceid=''; } elsif (/^\s*Device ID\s*:\s*(.*)/) { $deviceid=$1; } # Accumulate all the lines into the current block... print STDERR " Adding to cdp block (port=$currport dev=$deviceid): $_\n"; $cdpdblock.=";CDP: $_\n"; } # And deal with the last block... $cdpdblock.=";\n"; ProcessHistory("COMMENTS$currport","keysort","IO $deviceid",$cdpdblock); ... which seems to work - at least for my simple tests. I may have it use "keyrsort" (like keysort but backwards) simply because that seems to be closer to the unsorted output I get from more of our switches, or take the bigger hit once. Many thanks. -- /--------------------------------------------------------------------\ | "Computers are different from telephones. Computers do not ring." | | -- A. Tanenbaum, "Computer Networks", p. 32 | ---------------------------------------------------------------------| | Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge | | Mail: jp107 at damtp.cam.ac.uk Web: http://www.damtp.cam.ac.uk/ | \--------------------------------------------------------------------/ From ian.harvey at rsmtenon.com Wed Sep 29 10:30:09 2010 From: ian.harvey at rsmtenon.com (Ian Harvey) Date: Wed, 29 Sep 2010 10:30:09 +0000 Subject: [rancid] Change of device from Extreme to Cisco - clogin does not enable Message-ID: I see... autoenable was set 'globally' (i.e. add autoenable dev* 1) I have added a line: add autoenable device01 0 which has fixed my configuration error many thanks Ian Sounds like autoenable is set to 1 in .cloginrc -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Harvey Sent: Friday, August 27, 2010 4:46 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Change of device from Extreme to Cisco - clogin does not enable Good Morning, I am hoping that you can help with this problem? I have changed a device from Extreme to Cisco, but now the device config will not update. I have tested login using the command clogin and it logs in to exec mode (>), but then it seems to hang - it does not 'type' enable and login to priv mode (#). (it seems to 'remember' that it was Extreme) I have tried removing it completely, and leaving RANCID to do its thing, then re-adding it, but to no avail. I have added it into RANCID under a false name in DNS, and this works correctly. Is there a fix for this? Many thanks in advance for your excellent product, and any help you may provide Regards Ian ********************************************************************** www.rsmtenon.com RSM Tenon is one of the most progressive and entrepreneurial professional services firms in the UK, with leadership in the provision of risk management, tax, recovery, financial management and business advisory services. We are the UK (excluding N.I.) member of RSM International, the 6th largest global accounting network of independent firms, represented by over 30,000 across more than 70 countries worldwide. This email and the information contained in it and in any attachments are confidential and may be privileged. If you have received this email in error please notify us immediately. If you are not the intended recipient, you are not authorised to, and must not use, disclose, copy, distribute, retain or rely on this email or any part of it. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. RSM Tenon cannot accept responsibility for loss or damage arising from the use of this e-mail or attachments and recommend that you subject these to your virus checking procedures prior to use. Advice to clients on US Tax matters: Although it may not apply to this assignment, please note that, unless expressly stated otherwise, any written advice contained in, forwarded with, or attached to this communication is not intended or written by RSM Tenon or any of its subsidiaries to be used, and cannot be used, by any person for the purpose of avoiding any US penalties that may be imposed under the US Internal Revenue Service Code. Directors and staff acting as Administrative Receivers and Administrators act as agents of the company over which they are appointed and contract without personal liability. RSM Tenon may monitor outgoing and incoming e-mails and other telecommunications on its e-mail and telecommunications systems. A list of Directors' names is open to inspection at 66 Chiltern Street, London, W1U 4GB, together with a list of appointment takers under the Insolvency Act 1986 and the professional bodies issuing their practising licences. RSM Tenon?s legal, privacy and regulatory information is available at: http://www.rsmtenon.com RSM Tenon Limited (No 4066924) is registered in England and Wales. Registered office 66 Chiltern Street, London, W1U 4GB ********************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 110092911313000501.gif Type: image/gif Size: 5245 bytes Desc: not available URL: From heas at shrubbery.net Wed Sep 29 15:49:28 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 29 Sep 2010 08:49:28 -0700 Subject: [rancid] sorting output from custom commands... In-Reply-To: References: <20100928222801.GX22917@shrubbery.net> Message-ID: <20100929154928.GD20450@shrubbery.net> Wed, Sep 29, 2010 at 01:45:45AM +0100, Jon Peatfield: > CDP neighbors information > > Port : 1 > Device ID : SEP001FCA369E19 > Address Type : IP > Address : 172.18.18.179 > Platform : SIP11.8-5-3SCisco IP Phone 7911 > Capability : > Device Port : Port 1 > Version : SIP11.8-5-3SCisco IP Phone 7911 > > ------------------------------------------------------------------------------ > > Port : 1 > Device ID : 01 ac 12 12 b3 > Address Type : IP > Address : 172.18.18.179 > Platform : Cisco IP Phone 7911G,V5, SIP11.8-5-3S > Capability : Switch > Device Port : 001FCA369E19:P1 > Version : Cisco IP Phone 7911G,V5, SIP11.8-5-3S though this looks legitimate; some of the phones have two device. i'd keep track of the port's seen (or just last port) and skip duplicates. > if (/^\s*Port\s*:\s*(.*)/) { > my $newport=$1; if port == lastport read until ^$ else read, processhistory, until ^$ From J.S.Peatfield at damtp.cam.ac.uk Wed Sep 29 19:35:26 2010 From: J.S.Peatfield at damtp.cam.ac.uk (Jon Peatfield) Date: Wed, 29 Sep 2010 20:35:26 +0100 (BST) Subject: [rancid] sorting output from custom commands... In-Reply-To: <20100929154928.GD20450@shrubbery.net> References: <20100928222801.GX22917@shrubbery.net> <20100929154928.GD20450@shrubbery.net> Message-ID: On Wed, 29 Sep 2010, john heasley wrote: > Wed, Sep 29, 2010 at 01:45:45AM +0100, Jon Peatfield: >> CDP neighbors information >> >> Port : 1 >> Device ID : SEP001FCA369E19 >> Address Type : IP >> Address : 172.18.18.179 >> Platform : SIP11.8-5-3SCisco IP Phone 7911 >> Capability : >> Device Port : Port 1 >> Version : SIP11.8-5-3SCisco IP Phone 7911 >> >> ------------------------------------------------------------------------------ >> >> Port : 1 >> Device ID : 01 ac 12 12 b3 >> Address Type : IP >> Address : 172.18.18.179 >> Platform : Cisco IP Phone 7911G,V5, SIP11.8-5-3S >> Capability : Switch >> Device Port : 001FCA369E19:P1 >> Version : Cisco IP Phone 7911G,V5, SIP11.8-5-3S > > though this looks legitimate; some of the phones have two device. i'd > keep track of the port's seen (or just last port) and skip duplicates. > >> if (/^\s*Port\s*:\s*(.*)/) { >> my $newport=$1; > if port == lastport > read until ^$ > else > read, processhistory, until ^$ I may be misunderstanding you, but that sounds like you are suggesting skipping all but the first device-id for each port. Since the multiple device-ids on a port are listed in an apparently random order (but the order stays until the device is unplugged or reset), just reporting the first device on a port will cause reporting flaps (just like I was getting by not sorting them). The current code I'm testing seems to give the answers I want though it does assume that all devices for port P will be consecutive in the output... There is another thing I do plan to fix which is that for a few seconds after a handset is plugged in we get a 3rd device-id reported - apparently a fixed device-id for all handsets. Presumably this is a quirk of the data that these Cisco handsets send in their first cdp frame, or the HP not understanding something. I plan to simply filter those out since the information isn't useful to me and we only see them if rancid happens to poll the switch right after a handset is connected. I'll be happy to contribute what I end up with if anyone else wants this. -- Jon From jethro.binks at strath.ac.uk Wed Sep 29 19:57:09 2010 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed, 29 Sep 2010 20:57:09 +0100 (BST) Subject: [rancid] sorting output from custom commands... In-Reply-To: References: <20100928222801.GX22917@shrubbery.net> <20100929154928.GD20450@shrubbery.net> Message-ID: On Wed, 29 Sep 2010, Jon Peatfield wrote: > I plan to simply filter those out since the information isn't useful to > me and we only see them if rancid happens to poll the switch right after > a handset is connected. > > I'll be happy to contribute what I end up with if anyone else wants > this. I'm interested, although working in a different environment (H3C/3Com and Mitel handsets). Also, I think your discussions about sorting some of the lines in the command output helps me with something else I was idling around with a while ago, so I've saved that and will take another look with the comments in mind. I never did really understand properly what ProcessHistory does, behyond the very basic, so that brief explanation from John was useful in itself. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Computing Officer Information Services, The University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From heas at shrubbery.net Wed Sep 29 21:58:49 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 29 Sep 2010 14:58:49 -0700 Subject: [rancid] sorting output from custom commands... In-Reply-To: References: <20100928222801.GX22917@shrubbery.net> <20100929154928.GD20450@shrubbery.net> Message-ID: <20100929215849.GA26950@shrubbery.net> Wed, Sep 29, 2010 at 08:35:26PM +0100, Jon Peatfield: > On Wed, 29 Sep 2010, john heasley wrote: > >> Wed, Sep 29, 2010 at 01:45:45AM +0100, Jon Peatfield: >>> CDP neighbors information >>> >>> Port : 1 >>> Device ID : SEP001FCA369E19 >>> Address Type : IP >>> Address : 172.18.18.179 >>> Platform : SIP11.8-5-3SCisco IP Phone 7911 >>> Capability : >>> Device Port : Port 1 >>> Version : SIP11.8-5-3SCisco IP Phone 7911 >>> >>> ------------------------------------------------------------------------------ >>> >>> Port : 1 >>> Device ID : 01 ac 12 12 b3 >>> Address Type : IP >>> Address : 172.18.18.179 >>> Platform : Cisco IP Phone 7911G,V5, SIP11.8-5-3S >>> Capability : Switch >>> Device Port : 001FCA369E19:P1 >>> Version : Cisco IP Phone 7911G,V5, SIP11.8-5-3S >> >> though this looks legitimate; some of the phones have two device. i'd >> keep track of the port's seen (or just last port) and skip duplicates. >> >>> if (/^\s*Port\s*:\s*(.*)/) { >>> my $newport=$1; >> if port == lastport >> read until ^$ >> else >> read, processhistory, until ^$ > > I may be misunderstanding you, but that sounds like you are suggesting > skipping all but the first device-id for each port. yes > Since the multiple device-ids on a port are listed in an apparently > random order (but the order stays until the device is unplugged or > reset), just reporting the first device on a port will cause reporting > flaps (just like I was getting by not sorting them). missed that. what you had is appropriate, or use processhistory("cdp", "keysort", "port $port $capability", data) or processhistory("cdp", "keysort", "port $port $deviceid", data) and let keysort sort the entries. From peo at chalmers.se Thu Sep 30 07:36:36 2010 From: peo at chalmers.se (Per-Olof Olsson) Date: Thu, 30 Sep 2010 09:36:36 +0200 Subject: [rancid] Like to make use of ssh keyfile/passphrase for ssh login to nexus boxes Message-ID: <4CA43E04.8010000@chalmers.se> Hello Added same code as in hlogin/jlogin to clogin. Looks like it works nice for nexus 5k w/wo keyfile/passphrase, and still for some Cisco ios switches/routers using ssh without keyfile/passphrase. I can't test all other boxes that make use use of the clogin file. But what I can see, most part of code depends on ssh client in the "rancid server" and not script code handling switches and routers. Is this for the TODO list? Make all ssh aware *login script keyfile/passphrase ready. Note for hlogin: Missing usage help text for "-r passphrase" option after adding keyfile/passphrase to hlogin. Rancid version 2.3.5 of clogin diff -C 2 clogin.in.ORG clogin.in.NEW *** clogin.in.ORG Thu Aug 19 09:20:55 2010 --- clogin.in.NEW Thu Sep 30 08:06:43 2010 *************** *** 56,60 **** set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ ! \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" --- 56,60 ---- set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ ! \[-r passphrase\] \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" *************** *** 126,129 **** --- 126,134 ---- } set do_passwd 0 + } -r* { + if {! [ regexp .\[rR\](.+) $arg ignore passphrase]} { + incr i + set vapassphrase [ lindex $argv $i ] + } # VTY Password } -v* { *************** *** 311,316 **** # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully ! proc login { router user userpswd passwd enapasswd cmethod cyphertype } { ! global command spawn_id in_proc do_command do_script platform global prompt u_prompt p_prompt e_prompt sshcmd set in_proc 1 --- 316,321 ---- # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully ! proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { ! global command spawn_id in_proc do_command do_script platform passphrase global prompt u_prompt p_prompt e_prompt sshcmd set in_proc 1 *************** *** 333,336 **** --- 338,342 ---- } } elseif [string match "ssh*" $prog] { + # ssh to the router & try to login with or without an identfile. regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port set cmd [join [lindex $sshcmd 0] " "] *************** *** 338,341 **** --- 344,350 ---- set cmd "$cmd -p $port" } + if {"$identfile" != ""} { + set cmd "$cmd -i $identfile" + } set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason ] if { $retval } { *************** *** 529,532 **** --- 538,548 ---- exp_continue } + -re "Enter passphrase.*: " { + # sleep briefly to allow time for stty -echo + sleep .3 + send -- "$passphrase\r" + exp_continue + } + -re "$u_prompt" { send -- "$user\r" *************** *** 823,826 **** --- 839,856 ---- } + # Figure out identity file to use + set identfile [join [lindex [find identity $router] 0] ""] + + # Figure out passphrase to use + if {[info exists avpassphrase]} { + set passphrase $avpassphrase + } else { + set passphrase [join [lindex [find passphrase $router] 0] ""] + } + if { ! [string length "$passphrase"]} { + set passphrase $passwd + } + + # Figure out cypher type if {[info exists cypher]} { *************** *** 841,845 **** /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- From peo at chalmers.se Thu Sep 30 07:41:03 2010 From: peo at chalmers.se (Per-Olof Olsson) Date: Thu, 30 Sep 2010 09:41:03 +0200 Subject: [rancid] Like to make use of ssh keyfile/passphrase for ssh login to nexus boxes In-Reply-To: <4CA43E04.8010000@chalmers.se> References: <4CA43E04.8010000@chalmers.se> Message-ID: <4CA43F0F.3020805@chalmers.se> Sorry Missing last line from diff Per-Olof Olsson wrote: > Hello > > > Added same code as in hlogin/jlogin to clogin. > Looks like it works nice for nexus 5k w/wo keyfile/passphrase, and still > for some Cisco ios switches/routers using ssh without > keyfile/passphrase. I can't test all other boxes that make use use of > the clogin file. But what I can see, most part of code depends on ssh > client in the "rancid server" and not script code handling switches and > routers. > > Is this for the TODO list? > Make all ssh aware *login script keyfile/passphrase ready. > > > Note for hlogin: > Missing usage help text for "-r passphrase" option after adding > keyfile/passphrase to hlogin. > > > Rancid version 2.3.5 of clogin > > diff -C 2 clogin.in.ORG clogin.in.NEW > *** clogin.in.ORG Thu Aug 19 09:20:55 2010 > --- clogin.in.NEW Thu Sep 30 08:06:43 2010 > *************** > *** 56,60 **** > set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c > command\] \ > \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p > user-password\] \ > ! \[-s script-file\] \[-t timeout\] \[-u username\] \ > \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ > \[-y ssh_cypher_type\] router \[router...\]\n" > --- 56,60 ---- > set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c > command\] \ > \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p > user-password\] \ > ! \[-r passphrase\] \[-s script-file\] \[-t timeout\] \[-u username\] \ > \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ > \[-y ssh_cypher_type\] router \[router...\]\n" > *************** > *** 126,129 **** > --- 126,134 ---- > } > set do_passwd 0 > + } -r* { > + if {! [ regexp .\[rR\](.+) $arg ignore passphrase]} { > + incr i > + set vapassphrase [ lindex $argv $i ] > + } > # VTY Password > } -v* { > *************** > *** 311,316 **** > # Log into the router. > # returns: 0 on success, 1 on failure, -1 if rsh was used successfully > ! proc login { router user userpswd passwd enapasswd cmethod cyphertype } { > ! global command spawn_id in_proc do_command do_script platform > global prompt u_prompt p_prompt e_prompt sshcmd > set in_proc 1 > --- 316,321 ---- > # Log into the router. > # returns: 0 on success, 1 on failure, -1 if rsh was used successfully > ! proc login { router user userpswd passwd enapasswd cmethod cyphertype > identfile } { > ! global command spawn_id in_proc do_command do_script platform > passphrase > global prompt u_prompt p_prompt e_prompt sshcmd > set in_proc 1 > *************** > *** 333,336 **** > --- 338,342 ---- > } > } elseif [string match "ssh*" $prog] { > + # ssh to the router & try to login with or without an identfile. > regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port > set cmd [join [lindex $sshcmd 0] " "] > *************** > *** 338,341 **** > --- 344,350 ---- > set cmd "$cmd -p $port" > } > + if {"$identfile" != ""} { > + set cmd "$cmd -i $identfile" > + } > set retval [ catch {eval spawn [split "$cmd -c $cyphertype > -x -l $user $router" { }]} reason ] > if { $retval } { > *************** > *** 529,532 **** > --- 538,548 ---- > exp_continue > } > + -re "Enter passphrase.*: " { > + # sleep briefly to allow time for stty > -echo > + sleep .3 > + send -- "$passphrase\r" > + exp_continue > + } > + > -re "$u_prompt" { > send -- "$user\r" > *************** > *** 823,826 **** > --- 839,856 ---- > } > > + # Figure out identity file to use > + set identfile [join [lindex [find identity $router] 0] ""] > + > + # Figure out passphrase to use > + if {[info exists avpassphrase]} { > + set passphrase $avpassphrase > + } else { > + set passphrase [join [lindex [find passphrase $router] 0] ""] > + } > + if { ! [string length "$passphrase"]} { > + set passphrase $passwd > + } > + > + > # Figure out cypher type > if {[info exists cypher]} { > *************** > *** 841,845 **** # Login to the router ! if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { incr exitval # if login failed or rsh was unsuccessful, move on to the next device --- 871,875 ---- # Login to the router ! if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { incr exitval # if login failed or rsh was unsuccessful, move on to the next device /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- From W.Fuertbauer at asamer.at Thu Sep 30 14:36:35 2010 From: W.Fuertbauer at asamer.at (=?iso-8859-1?Q?F=FCrtbauer_Wolfgang?=) Date: Thu, 30 Sep 2010 16:36:35 +0200 Subject: [rancid] fortinet problem Message-ID: <47CE942B4E710145A27E5339D5B34E0101059CB8@aohexchange01.asamer.holding.ah> Dear collegues, running rancid 2.3.4 with HP and CISCO without problems. Now I want to add my fortigate devices - but it does not work :( .cloginrc: add user add password add method ssh add autoenable 0 router.db: :fortigate:up with rancid-run it hangs and I get the following errormessages: Trying to get all of the configs. : missed cmd(s): show,get system status 0: found end : End of run not found who can help please? BR Wolfgang F?rtbauer Leitung IT ASAMER Holding AG Unterthalham Strasse 2 4694 Ohlsdorf AUSTRIA tel +43 50 799 - 2500 fax +43 7612 799 - 9526 mobile +43 664 8332326 w.fuertbauer at asamer.at www.asamer.at This message is confidential. It may not be disclosed to, or used by, anyone other than the addressee. If you receive this message by mistake, please advise the sender. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: asamer-logo.GIF Type: image/gif Size: 2032 bytes Desc: not available URL: From istong at costar.com Thu Sep 30 16:31:55 2010 From: istong at costar.com (Ian Stong) Date: Thu, 30 Sep 2010 12:31:55 -0400 Subject: [rancid] HP Procurve 2810 with rancid v2.3.1 In-Reply-To: <20100908230934.GF28099@shrubbery.net> References: <20100908230934.GF28099@shrubbery.net> Message-ID: Hi, I am trying to get rancid v2.3.1 on freebsd to work with my HP procurve switches using SSH. When I use clogin it logs in but hangs at the Press any key to continue prompt. And hlogin returns an error of: hpuifilter: execlp() failed: No such file or directory Error: Couldn't login Is it possible to get this working under v2.3.1 of rancid? I'm nervous about upgrading to 2.3.5 and breaking something. Anyone have it working with v2.3.1? If upgrading is the only option, what is the recommended path to be able to rollback if the upgrade doesn't go well? Is it as simple as backing up the /home/rancid directories or are there libraries and binaries strewn throughout the system? Thanks in advance Ian From heas at shrubbery.net Thu Sep 30 18:10:07 2010 From: heas at shrubbery.net (john heasley) Date: Thu, 30 Sep 2010 11:10:07 -0700 Subject: [rancid] HP Procurve 2810 with rancid v2.3.1 In-Reply-To: References: <20100908230934.GF28099@shrubbery.net> Message-ID: <20100930181007.GL10490@shrubbery.net> Thu, Sep 30, 2010 at 12:31:55PM -0400, Ian Stong: > Hi, > > I am trying to get rancid v2.3.1 on freebsd to work with my HP procurve > switches using SSH. When I use clogin it logs in but hangs at the Press > any key to continue prompt. And hlogin returns an error of: > > hpuifilter: execlp() failed: No such file or directory > Error: Couldn't login make sure that the PATH of the shell running hlogin include the location of hpuifilter. if its via rancid-run, make sure its in the PATH within rancid.conf > Is it possible to get this working under v2.3.1 of rancid? I'm nervous > about upgrading to 2.3.5 and breaking something. Anyone have it working > with v2.3.1? > > If upgrading is the only option, what is the recommended path to be able > to rollback if the upgrade doesn't go well? Is it as simple as backing > up the /home/rancid directories or are there libraries and binaries > strewn throughout the system? i think fbsd puts rancid stuff in /usr/local/bin and /usr/local/libexec/rancid