From heas at shrubbery.net Sat Dec 1 17:34:11 2012 From: heas at shrubbery.net (heasley) Date: Sat, 1 Dec 2012 17:34:11 +0000 Subject: [rancid] issue with bigip rancid diff In-Reply-To: References: <20121129222029.GD33228@shrubbery.net> Message-ID: <20121201173411.GC15442@shrubbery.net> Fri, Nov 30, 2012 at 09:38:33AM +0000, Shaun Krok: > Hi there > > Thanks for your reply. > > The command on the F5 using tmsh is : > > I am guessing and have not confirmed but I should just hash this command out of the F5rancid script ? > > Thanks > > Shaun > > > (tmos)# list sys snmp users > sys snmp { > users { > iENM_F5_SNMP_1 { > auth-password-encrypted "TI1P at K@kT::OA3<[Eik_\?_OIYSb=N7:_ auth-protocol sha > oid-subset .1 > privacy-password-encrypted "EX\\AHd:HY_QV/H2]a_Y,HS\\RH:=2g5AVGd>16^V9F" > privacy-protocol des > security-level auth-privacy > username ENM_F5_SNMP it does not use that command; it uses these: {'bigpipe version' => 'ShowVersion'}, {'bigpipe platform' => 'ShowPlatform'}, {'cat /config/bigip.license' => 'ShowLicense'}, {'bigpipe monitor list all' => 'ShowMonitor'}, {'bigpipe profile list' => 'ShowProfile'}, {'bigpipe base list' => 'ShowBaseRun'}, {'bigpipe db show' => 'ShowDb'}, {'bigpipe route static show' => 'ShowRouteStatic'}, {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, {'bigpipe list' => 'WriteTerm'} > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Friday, November 30, 2012 12:20 AM > To: Shaun Krok > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] issue with bigip rancid diff > > Thu, Nov 29, 2012 at 09:20:53AM +0000, Shaun Krok: > > Hi there > > > > Please could I ask if someone has some input as to how fix/stop the following issue. > > Rancid and BIGIP boxes using tmsh F5 rancid script are working 100% > > > > But the problem is that the cron which runs every hour is generating an email that shows the following : > > The same is generated for every F5 device in that is being monitored by Rancid. > > It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this. > > > > Any help would be much appreciated ??? > > you would need to add a filter to the script. i'm fairly ignorant of the F5; in the output of which command does this appear? > > > > > // snip of email diff > > ********************************************************************** > > ******************* > > > > iENM_F5_SNMP_1 { > > > > - auth-password-encrypted ";ZdCaD>7S2YO,J6I\\Cp" > > > > + auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a" > > > > auth-protocol sha > > > > oid-subset .1 > > > > - privacy-password-encrypted @fG9HR]i^K4YOVM > > > + privacy-password-encrypted "P;`P9[6`e1iD\\[>UbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o" > > > > privacy-protocol des > > > > security-level auth-privacy > > > > username ENM_F5_SNMP > > > > > > Shaun Krok > > IBM Networking and Security Department > > > > [Description: cid:image001.png at 01CD8508.B733CBB0] > > 13 Ha'amal St., P.O.Box 11793 > > Afek Industrial Park, Rosh-Ha'ayin 48092 Israel Office > > +972-73-790-2791 Mobile +972-54-2030399 > > > > > > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From marty at supine.com Mon Dec 3 09:56:44 2012 From: marty at supine.com (Martin Barry) Date: Mon, 3 Dec 2012 10:56:44 +0100 Subject: [rancid] groups, customers and so on in RANCID.... In-Reply-To: <50B763C3.4010006@uniovi.es> References: <50B763C3.4010006@uniovi.es> Message-ID: <20121203095643.GA6873@merboo.mamista.net> $quoted_author = "Javier A. Herrera" ; > > sure i'm missing or misunderstanding something, but i'm not able to make > RANCID work with customers or groups, unless i'm supposing things that > RANCID doesn't do...let me explain...what i wanted to do was to put > several customers or groups on the LIST_OF_GROUPS entry, each one of > then associated with a router.db list of devices in the corresponding > directory, and then, in the .cloginrc file, use a different credentials > for each group, that is, for example: > > add method *.group1 ssh > add method *.group2 telnet > add method *.group3 ssh telnet > add password *.group1 {pass1} {pass2} > add password *.group2 {pass1} {passpass} The regex matching in cloginrc is only against the hostname and not any other grouping you may have defined. This works best if you have structured hostnames that contain the relevant identifying information like location or customer ID etc.etc. cheers Marty From bobthebaritone at gmail.com Mon Dec 3 10:04:38 2012 From: bobthebaritone at gmail.com (bob watson) Date: Mon, 3 Dec 2012 21:04:38 +1100 Subject: [rancid] groups, customers and so on in RANCID.... In-Reply-To: <20121203095643.GA6873@merboo.mamista.net> References: <50B763C3.4010006@uniovi.es> <20121203095643.GA6873@merboo.mamista.net> Message-ID: Don't forget that .cloginrc is TCL. The . character I think is concatenation. Take that out and it may work... Cheers, Bob On 3 December 2012 20:56, Martin Barry wrote: > $quoted_author = "Javier A. Herrera" ; > > > > sure i'm missing or misunderstanding something, but i'm not able to make > > RANCID work with customers or groups, unless i'm supposing things that > > RANCID doesn't do...let me explain...what i wanted to do was to put > > several customers or groups on the LIST_OF_GROUPS entry, each one of > > then associated with a router.db list of devices in the corresponding > > directory, and then, in the .cloginrc file, use a different credentials > > for each group, that is, for example: > > > > add method *.group1 ssh > > add method *.group2 telnet > > add method *.group3 ssh telnet > > add password *.group1 {pass1} {pass2} > > add password *.group2 {pass1} {passpass} > > The regex matching in cloginrc is only against the hostname and not any > other grouping you may have defined. > > This works best if you have structured hostnames that contain the relevant > identifying information like location or customer ID etc.etc. > > cheers > Marty > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bobthebaritone at gmail.com Mon Dec 3 20:25:06 2012 From: bobthebaritone at gmail.com (bob watson) Date: Tue, 4 Dec 2012 07:25:06 +1100 Subject: [rancid] groups, customers and so on in RANCID.... In-Reply-To: <8c176b04-570d-4c7b-8fbb-311b6ce18e29.maildroid@localhost> References: <50B763C3.4010006@uniovi.es> <20121203095643.GA6873@merboo.mamista.net> <8c176b04-570d-4c7b-8fbb-311b6ce18e29.maildroid@localhost> Message-ID: Yes Doug. I should have checked first! Sorry folks! On 4 December 2012 01:16, Doug Hughes wrote: > . is concatenation in Perl, but in tcl it has no special meaning. > > > -----Original Message----- > From: bob watson > To: Martin Barry > Cc: "rancid-discuss at shrubbery.net" > Sent: Mon, 03 Dec 2012 5:05 AM > Subject: Re: [rancid] groups, customers and so on in RANCID.... > > Don't forget that .cloginrc is TCL. The . character I think is > concatenation. Take that out and it may work... > > Cheers, > > Bob > > > On 3 December 2012 20:56, Martin Barry wrote: > >> $quoted_author = "Javier A. Herrera" ; >> > >> > sure i'm missing or misunderstanding something, but i'm not able to make >> > RANCID work with customers or groups, unless i'm supposing things that >> > RANCID doesn't do...let me explain...what i wanted to do was to put >> > several customers or groups on the LIST_OF_GROUPS entry, each one of >> > then associated with a router.db list of devices in the corresponding >> > directory, and then, in the .cloginrc file, use a different credentials >> > for each group, that is, for example: >> > >> > add method *.group1 ssh >> > add method *.group2 telnet >> > add method *.group3 ssh telnet >> > add password *.group1 {pass1} {pass2} >> > add password *.group2 {pass1} {passpass} >> >> The regex matching in cloginrc is only against the hostname and not any >> other grouping you may have defined. >> >> This works best if you have structured hostnames that contain the relevant >> identifying information like location or customer ID etc.etc. >> >> cheers >> Marty >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Shaun.Krok at betterplace.com Sun Dec 2 07:44:14 2012 From: Shaun.Krok at betterplace.com (Shaun Krok) Date: Sun, 02 Dec 2012 07:44:14 +0000 Subject: [rancid] issue with bigip rancid diff In-Reply-To: <20121201173411.GC15442@shrubbery.net> References: <20121129222029.GD33228@shrubbery.net> <20121201173411.GC15442@shrubbery.net> Message-ID: Thanks - okay to the command used is : bigpipe base list If I grep for the SNMP user I see it, but now how do I filter this command to not show the usmuser Thank you for your help this far Shaun usmuser iENM_F5_SNMP_1 { access ro auth password crypt "*VQ3\\1fLG;JlcWfvB?M>=RsRL[1T]*92A+0hr`T@\\QT\\P9:" auth protocol SHA oid ".1" privacy password crypt "c)Yi:O-4o=X Hi there > > Thanks for your reply. > > The command on the F5 using tmsh is : > > I am guessing and have not confirmed but I should just hash this command out of the F5rancid script ? > > Thanks > > Shaun > > > (tmos)# list sys snmp users > sys snmp { > users { > iENM_F5_SNMP_1 { > auth-password-encrypted "TI1P at K@kT::OA3<[Eik_\?_OIYSb=N7:_ auth-protocol sha > oid-subset .1 > privacy-password-encrypted "EX\\AHd:HY_QV/H2]a_Y,HS\\RH:=2g5AVGd>16^V9F" > privacy-protocol des > security-level auth-privacy > username ENM_F5_SNMP it does not use that command; it uses these: {'bigpipe version' => 'ShowVersion'}, {'bigpipe platform' => 'ShowPlatform'}, {'cat /config/bigip.license' => 'ShowLicense'}, {'bigpipe monitor list all' => 'ShowMonitor'}, {'bigpipe profile list' => 'ShowProfile'}, {'bigpipe base list' => 'ShowBaseRun'}, {'bigpipe db show' => 'ShowDb'}, {'bigpipe route static show' => 'ShowRouteStatic'}, {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, {'bigpipe list' => 'WriteTerm'} > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Friday, November 30, 2012 12:20 AM > To: Shaun Krok > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] issue with bigip rancid diff > > Thu, Nov 29, 2012 at 09:20:53AM +0000, Shaun Krok: > > Hi there > > > > Please could I ask if someone has some input as to how fix/stop the following issue. > > Rancid and BIGIP boxes using tmsh F5 rancid script are working 100% > > > > But the problem is that the cron which runs every hour is generating an email that shows the following : > > The same is generated for every F5 device in that is being monitored by Rancid. > > It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this. > > > > Any help would be much appreciated ??? > > you would need to add a filter to the script. i'm fairly ignorant of the F5; in the output of which command does this appear? > > > > > // snip of email diff > > ********************************************************************** > > ******************* > > > > iENM_F5_SNMP_1 { > > > > - auth-password-encrypted ";ZdCaD>7S2YO,J6I\\Cp" > > > > + auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a" > > > > auth-protocol sha > > > > oid-subset .1 > > > > - privacy-password-encrypted @fG9HR]i^K4YOVM > > > + privacy-password-encrypted "P;`P9[6`e1iD\\[>UbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o" > > > > privacy-protocol des > > > > security-level auth-privacy > > > > username ENM_F5_SNMP > > > > > > Shaun Krok > > IBM Networking and Security Department > > > > [Description: cid:image001.png at 01CD8508.B733CBB0] > > 13 Ha'amal St., P.O.Box 11793 > > Afek Industrial Park, Rosh-Ha'ayin 48092 Israel Office > > +972-73-790-2791 Mobile +972-54-2030399 > > > > > > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From hughesd at deshawresearch.com Mon Dec 3 14:16:43 2012 From: hughesd at deshawresearch.com (Doug Hughes) Date: Mon, 3 Dec 2012 09:16:43 -0500 Subject: [rancid] groups, customers and so on in RANCID.... In-Reply-To: References: <50B763C3.4010006@uniovi.es> <20121203095643.GA6873@merboo.mamista.net> Message-ID: <8c176b04-570d-4c7b-8fbb-311b6ce18e29.maildroid@localhost> . is concatenation in Perl, but in tcl it has no special meaning. -----Original Message----- From: bob watson To: Martin Barry Cc: "rancid-discuss at shrubbery.net" Sent: Mon, 03 Dec 2012 5:05 AM Subject: Re: [rancid] groups, customers and so on in RANCID.... Don't forget that .cloginrc is TCL. The . character I think is concatenation. Take that out and it may work... Cheers, Bob On 3 December 2012 20:56, Martin Barry wrote: > $quoted_author = "Javier A. Herrera" ; > > > > sure i'm missing or misunderstanding something, but i'm not able to make > > RANCID work with customers or groups, unless i'm supposing things that > > RANCID doesn't do...let me explain...what i wanted to do was to put > > several customers or groups on the LIST_OF_GROUPS entry, each one of > > then associated with a router.db list of devices in the corresponding > > directory, and then, in the .cloginrc file, use a different credentials > > for each group, that is, for example: > > > > add method *.group1 ssh > > add method *.group2 telnet > > add method *.group3 ssh telnet > > add password *.group1 {pass1} {pass2} > > add password *.group2 {pass1} {passpass} > > The regex matching in cloginrc is only against the hostname and not any > other grouping you may have defined. > > This works best if you have structured hostnames that contain the relevant > identifying information like location or customer ID etc.etc. > > cheers > Marty > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Dec 5 01:24:20 2012 From: heas at shrubbery.net (heasley) Date: Wed, 5 Dec 2012 01:24:20 +0000 Subject: [rancid] issue with bigip rancid diff In-Reply-To: <20121205012141.E800524CF45@sea.shrubbery.net> Message-ID: <20121205012420.GW58363@shrubbery.net> Sun, Dec 02, 2012 at 07:44:14AM +0000, Shaun Krok: > > Thu, Nov 29, 2012 at 09:20:53AM +0000, Shaun Krok: > > > Hi there > > > > > > Please could I ask if someone has some input as to how fix/stop the following issue. > > > Rancid and BIGIP boxes using tmsh F5 rancid script are working 100% > > > > > > But the problem is that the cron which runs every hour is generating an email that shows the following : > > > The same is generated for every F5 device in that is being monitored by Rancid. > > > It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this. > > > > > > Any help would be much appreciated ??? > > > > you would need to add a filter to the script. i'm fairly ignorant of the F5; in the output of which command does this appear? > > > > > > > > // snip of email diff > > > ********************************************************************** > > > ******************* > > > > > > iENM_F5_SNMP_1 { > > > > > > - auth-password-encrypted ";ZdCaD>7S2YO,J6I\\Cp" > > > > > > + auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a" > > > > > > auth-protocol sha > > > > > > oid-subset .1 > > > > > > - privacy-password-encrypted @fG9HR]i^K4YOVM > > > > > + privacy-password-encrypted "P;`P9[6`e1iD\\[>UbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o" > > > > > > privacy-protocol des > > > > > > security-level auth-privacy > > > > > > username ENM_F5_SNMP as follows: Index: bin/f5rancid.in =================================================================== --- bin/f5rancid.in (revision 2654) +++ bin/f5rancid.in (working copy) @@ -184,6 +184,8 @@ if (!$line++) { ProcessHistory("SHOWBASE","","","#\n#base:\n"); } + if (/(auth-password-encrypted )\S+/) && + ProcessHistory("SHOWBASE","","","# $1 ") && next; ProcessHistory("SHOWBASE","","","# $_") && next; } return(0); From Shaun.Krok at betterplace.com Wed Dec 5 08:15:40 2012 From: Shaun.Krok at betterplace.com (Shaun Krok) Date: Wed, 05 Dec 2012 08:15:40 +0000 Subject: [rancid] issue with bigip rancid diff | riverbed issue Message-ID: Hi there Heasley Thank you -- that worked like a charm. Seems to throw some small errors in the log but still works. I have another small question for you if I may ? Riverbed and rancid -- I have configured rancid to login to the appliance with sshv1 without issue and can get it to the enable prompt. But am having issues with the actual config. -- I am using rblogin which I have copied to rbrancid and have updated rancid-fe to include the vendor riverbed, But it just does not work ... Any suggestions for me to use ? With thanks Shaun -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Wednesday, December 05, 2012 3:24 AM To: Shaun Krok Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] issue with bigip rancid diff Sun, Dec 02, 2012 at 07:44:14AM +0000, Shaun Krok: > > Thu, Nov 29, 2012 at 09:20:53AM +0000, Shaun Krok: > > > Hi there > > > > > > Please could I ask if someone has some input as to how fix/stop the following issue. > > > Rancid and BIGIP boxes using tmsh F5 rancid script are working 100% > > > > > > But the problem is that the cron which runs every hour is generating an email that shows the following : > > > The same is generated for every F5 device in that is being monitored by Rancid. > > > It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this. > > > > > > Any help would be much appreciated ??? > > > > you would need to add a filter to the script. i'm fairly ignorant of the F5; in the output of which command does this appear? > > > > > > > > // snip of email diff > > > ********************************************************************** > > > ******************* > > > > > > iENM_F5_SNMP_1 { > > > > > > - auth-password-encrypted ";ZdCaD>7S2YO,J6I\\Cp" > > > > > > + auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a" > > > > > > auth-protocol sha > > > > > > oid-subset .1 > > > > > > - privacy-password-encrypted @fG9HR]i^K4YOVM > > > > > + privacy-password-encrypted "P;`P9[6`e1iD\\[>UbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o" > > > > > > privacy-protocol des > > > > > > security-level auth-privacy > > > > > > username ENM_F5_SNMP as follows: Index: bin/f5rancid.in =================================================================== --- bin/f5rancid.in (revision 2654) +++ bin/f5rancid.in (working copy) @@ -184,6 +184,8 @@ if (!$line++) { ProcessHistory("SHOWBASE","","","#\n#base:\n"); } + if (/(auth-password-encrypted )\S+/) && + ProcessHistory("SHOWBASE","","","# $1 ") && next; ProcessHistory("SHOWBASE","","","# $_") && next; } return(0); From chris at node-nine.com Wed Dec 5 22:25:32 2012 From: chris at node-nine.com (Chris Moody) Date: Wed, 05 Dec 2012 17:25:32 -0500 Subject: [rancid] F5 & tmsh - was Re: issue with bigip rancid diff In-Reply-To: References: <20121129222029.GD33228@shrubbery.net> <20121201173411.GC15442@shrubbery.net> Message-ID: <50BFC9DC.8040500@node-nine.com> So this actually raises a somewhat related point. We actually just got some new F5 gear in recently and bigpipe is no longer a supported command. I wanted to check in to see if any development efforts were underway on a 'tmsh' version of the F5 backup routine. ===== [root at qdc-sl01-lb1:/S1-green-P:Active] config # bigpipe /bin/bigpipe: bigpipe is no longer supported; please use tmsh. ----- root at qdc-sl01-lb1(/S1-green-P:Active)(/Common)(tmos.sys.version)# show Sys::Version Main Package Product BIG-IP Version 11.1.0 Build 2027.0 Edition Hotfix HF2 Date Mon Feb 20 22:39:59 PST 2012 ===== Cheers, -Chris On 12/2/12 2:44 AM, Shaun Krok wrote: > Thanks - okay to the command used is : bigpipe base list > If I grep for the SNMP user I see it, but now how do I filter this command to not show the usmuser > > Thank you for your help this far > > Shaun > > > usmuser iENM_F5_SNMP_1 { > access ro > auth password crypt "*VQ3\\1fLG;JlcWfvB?M>=RsRL[1T]*92A+0hr`T@\\QT\\P9:" > auth protocol SHA > oid ".1" > privacy password crypt "c)Yi:O-4o=X privacy protocol DES > security level authPriv > username "ENM_F5_SNMP" > > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Saturday, December 01, 2012 7:34 PM > To: Shaun Krok > Cc: heasley; rancid-discuss at shrubbery.net > Subject: Re: [rancid] issue with bigip rancid diff > > Fri, Nov 30, 2012 at 09:38:33AM +0000, Shaun Krok: >> Hi there >> >> Thanks for your reply. >> >> The command on the F5 using tmsh is : >> >> I am guessing and have not confirmed but I should just hash this command out of the F5rancid script ? >> >> Thanks >> >> Shaun >> >> >> (tmos)# list sys snmp users >> sys snmp { >> users { >> iENM_F5_SNMP_1 { >> auth-password-encrypted "TI1P at K@kT::OA3<[Eik_\?_OIYSb=N7:_> auth-protocol sha >> oid-subset .1 >> privacy-password-encrypted "EX\\AHd:HY_QV/H2]a_Y,HS\\RH:=2g5AVGd>16^V9F" >> privacy-protocol des >> security-level auth-privacy >> username ENM_F5_SNMP > it does not use that command; it uses these: > > {'bigpipe version' => 'ShowVersion'}, > {'bigpipe platform' => 'ShowPlatform'}, > {'cat /config/bigip.license' => 'ShowLicense'}, > {'bigpipe monitor list all' => 'ShowMonitor'}, > {'bigpipe profile list' => 'ShowProfile'}, > {'bigpipe base list' => 'ShowBaseRun'}, > {'bigpipe db show' => 'ShowDb'}, > {'bigpipe route static show' => 'ShowRouteStatic'}, > {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, > {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, > {'bigpipe list' => 'WriteTerm'} > >> -----Original Message----- >> From: heasley [mailto:heas at shrubbery.net] >> Sent: Friday, November 30, 2012 12:20 AM >> To: Shaun Krok >> Cc: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] issue with bigip rancid diff >> >> Thu, Nov 29, 2012 at 09:20:53AM +0000, Shaun Krok: >>> Hi there >>> >>> Please could I ask if someone has some input as to how fix/stop the following issue. >>> Rancid and BIGIP boxes using tmsh F5 rancid script are working 100% >>> >>> But the problem is that the cron which runs every hour is generating an email that shows the following : >>> The same is generated for every F5 device in that is being monitored by Rancid. >>> It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this. >>> >>> Any help would be much appreciated ??? >> you would need to add a filter to the script. i'm fairly ignorant of the F5; in the output of which command does this appear? >> >>> // snip of email diff >>> ********************************************************************** >>> ******************* >>> >>> iENM_F5_SNMP_1 { >>> >>> - auth-password-encrypted ";ZdCaD>7S2YO,J6I\\Cp" >>> >>> + auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a" >>> >>> auth-protocol sha >>> >>> oid-subset .1 >>> >>> - privacy-password-encrypted @fG9HR]i^K4YOVM>> >>> + privacy-password-encrypted "P;`P9[6`e1iD\\[>UbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o" >>> >>> privacy-protocol des >>> >>> security-level auth-privacy >>> >>> username ENM_F5_SNMP >>> >>> >>> Shaun Krok >>> IBM Networking and Security Department >>> >>> [Description: cid:image001.png at 01CD8508.B733CBB0] >>> 13 Ha'amal St., P.O.Box 11793 >>> Afek Industrial Park, Rosh-Ha'ayin 48092 Israel Office >>> +972-73-790-2791 Mobile +972-54-2030399 >>> >>> >>> >>> >>> >> >> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From dariusjs at gmail.com Thu Dec 6 09:26:39 2012 From: dariusjs at gmail.com (Darius Seroka) Date: Thu, 6 Dec 2012 10:26:39 +0100 Subject: [rancid] F5 & tmsh - was Re: issue with bigip rancid diff In-Reply-To: <50BFC9DC.8040500@node-nine.com> References: <20121129222029.GD33228@shrubbery.net> <20121201173411.GC15442@shrubbery.net> <50BFC9DC.8040500@node-nine.com> Message-ID: Same problem here, a couple of devices with 11.x software. In the meantime I am using the devcentral backup scripts which work well but have not got rancid commands onto tmsh yet. There are a couple of example patches that have changed things to tmsh but these were likely never submitted to shurbbery. Darius On Wed, Dec 5, 2012 at 11:25 PM, Chris Moody wrote: > > We actually just got some new F5 gear in recently and bigpipe is no longer > a supported command. > > I wanted to check in to see if any development efforts were underway on a > 'tmsh' version of the F5 backup routine. > > ===== > [root at qdc-sl01-lb1:/S1-green-**P:Active] config # bigpipe > /bin/bigpipe: bigpipe is no longer support -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at mapcommunications.com Thu Dec 6 15:30:26 2012 From: djones at mapcommunications.com (David Jones) Date: Thu, 06 Dec 2012 10:30:26 -0500 Subject: [rancid] Extreme using Cisco Content Type Message-ID: <50C0BA12.9040801@mapcommunications.com> Hello, rancid isn't pulling my extreme configs and I think it's because it's trying to use a cisco content type. Here's the output from the ip.new: !RANCID-CONTENT-TYPE: cisco Here's the listing in my router.db: sw1.internal:extreme:up Here's the errors from a rancid -d: sw1.internal: missed cmd(s): show capture,show running-config view full,show spe version,show bootvar,show inventory raw,show shun,more system:running-config,show debug,write term,show vtp status,show vlan,show vlan-switch,show redundancy secondary,show running-config,show c7200 Any ideas on how change it from a cisco type to extreme? From adam.korab at gmail.com Thu Dec 6 16:42:10 2012 From: adam.korab at gmail.com (Adam Korab) Date: Thu, 6 Dec 2012 10:42:10 -0600 Subject: [rancid] F5 & tmsh - was Re: issue with bigip rancid diff In-Reply-To: References: <20121129222029.GD33228@shrubbery.net> <20121201173411.GC15442@shrubbery.net> <50BFC9DC.8040500@node-nine.com> Message-ID: <-5206265385406913738@unknownmsgid> I'll see what I can do regarding mapping the bigpipe commands in cmdtable over to their tosh equivalents. Here's the deal - tmos (the underlying OS for all BIG-IP modules like LTM, GTM, APM etc) used bigpipe (b) through version 9 and it coexists with tmsh in v10. In v11.0 and up, it's tmsh exclusively. --Adam -- Adam Korab On Dec 6, 2012, at 3:57 AM, Darius Seroka wrote: Same problem here, a couple of devices with 11.x software. In the meantime I am using the devcentral backup scripts which work well but have not got rancid commands onto tmsh yet. There are a couple of example patches that have changed things to tmsh but these were likely never submitted to shurbbery. Darius On Wed, Dec 5, 2012 at 11:25 PM, Chris Moody wrote: > > We actually just got some new F5 gear in recently and bigpipe is no longer > a supported command. > > I wanted to check in to see if any development efforts were underway on a > 'tmsh' version of the F5 backup routine. > > ===== > [root at qdc-sl01-lb1:/S1-green-**P:Active] config # bigpipe > /bin/bigpipe: bigpipe is no longer support _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at mapcommunications.com Thu Dec 6 18:21:35 2012 From: djones at mapcommunications.com (David Jones) Date: Thu, 06 Dec 2012 13:21:35 -0500 Subject: [rancid] Extreme using Cisco Content Type In-Reply-To: <20121206180911.GQ35347@shrubbery.net> References: <50C0BA12.9040801@mapcommunications.com> <20121206180911.GQ35347@shrubbery.net> Message-ID: <50C0E22F.1020209@mapcommunications.com> On 12/6/2012 1:09 PM, heasley wrote: > Thu, Dec 06, 2012 at 10:30:26AM -0500, David Jones: >> Hello, >> >> rancid isn't pulling my extreme configs and I think it's because it's >> trying to use a cisco content type. Here's the output from the ip.new: >> >> !RANCID-CONTENT-TYPE: cisco >> >> Here's the listing in my router.db: >> >> sw1.internal:extreme:up >> >> Here's the errors from a rancid -d: >> >> sw1.internal: missed cmd(s): show capture,show running-config view >> full,show spe version,show bootvar,show inventory raw,show shun,more >> system:running-config,show debug,write term,show vtp status,show >> vlan,show vlan-switch,show redundancy secondary,show running-config,show >> c7200 >> >> Any ideas on how change it from a cisco type to extreme? >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > ugh; i misread that, sorry - i have the flu. > > it shouldnt be 'cisco'. someone must have altered your copy of rancid. > 'extreme' type should use the xrancid script and the device type there is > correct. Ok, I should have used xrancid -d so here's the output of that: xrancid -d sw1.internal executing clogin -t 90 -c "show version;show memory;show diag;show switch;show slot;show configuration detail;show configuration" sw1.internal PROMPT MATCH: 16-client-sw-1[:.]\d+ ?# HIT COMMAND:16-client-sw-1.2 # show version In ShowVersion: 16-client-sw-1.2 # show version HIT COMMAND:16-client-sw-1.3 # show memory In ShowMemory: 16-client-sw-1.3 # show memory HIT COMMAND:16-client-sw-1.4 # show diag In ShowDiag: 16-client-sw-1.4 # show diag HIT COMMAND:16-client-sw-1.5 # show switch In ShowSwitch: 16-client-sw-1.5 # show switch HIT COMMAND:16-client-sw-1.6 # show slot In ShowSlot: 16-client-sw-1.6 # show slot HIT COMMAND:16-client-sw-1.7 # show configuration detail In WriteTerm: 16-client-sw-1.7 # show configuration detail HIT COMMAND:16-client-sw-1.8 #show configuration In WriteTerm: 16-client-sw-1.8 #show configuration 172.16.16.55: End of run not found 172.16.16.55: End of run not found # From mkorourke at gmail.com Thu Dec 6 21:18:48 2012 From: mkorourke at gmail.com (Mick O'Rourke) Date: Fri, 7 Dec 2012 08:18:48 +1100 Subject: [rancid] F5 & tmsh - was Re: issue with bigip rancid diff In-Reply-To: References: <20121129222029.GD33228@shrubbery.net> <20121201173411.GC15442@shrubbery.net> <50BFC9DC.8040500@node-nine.com> Message-ID: There is a working tmsh version in the rancid git repo. The only thing that doesn't work when adjusting the script to list all partition co config is a tmsh -q -c "cd /; list recursive" - it errors out due to extra double quotes required by the -c option. On Dec 6, 2012 8:57 PM, "Darius Seroka" wrote: > Same problem here, a couple of devices with 11.x software. In the meantime > I am using the devcentral backup scripts which work well but have not got > rancid commands onto tmsh yet. There are a couple of example patches that > have changed things to tmsh but these were likely never submitted to > shurbbery. > > Darius > > On Wed, Dec 5, 2012 at 11:25 PM, Chris Moody wrote: > >> >> We actually just got some new F5 gear in recently and bigpipe is no >> longer a supported command. >> >> I wanted to check in to see if any development efforts were underway on a >> 'tmsh' version of the F5 backup routine. >> >> ===== >> [root at qdc-sl01-lb1:/S1-green-**P:Active] config # bigpipe >> /bin/bigpipe: bigpipe is no longer support > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From istong at costar.com Thu Dec 6 22:36:26 2012 From: istong at costar.com (Ian Stong) Date: Thu, 6 Dec 2012 22:36:26 +0000 Subject: [rancid] F5 & tmsh - was Re: issue with bigip rancid diff In-Reply-To: <-5206265385406913738@unknownmsgid> References: <20121129222029.GD33228@shrubbery.net> <20121201173411.GC15442@shrubbery.net> <50BFC9DC.8040500@node-nine.com> <-5206265385406913738@unknownmsgid> Message-ID: <6ED7B4C44A4C234FA7427C0BFDF35A322BA78D5E@DCMBXPRD100.us.costar.local> There is a script forf rancid for v10 and v11 for F5's available via google. Have you already tried that version? Ian From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Adam Korab Sent: Thursday, December 06, 2012 11:42 AM To: Darius Seroka Cc: Shaun Krok; rancid-discuss at shrubbery.net Subject: Re: [rancid] F5 & tmsh - was Re: issue with bigip rancid diff I'll see what I can do regarding mapping the bigpipe commands in cmdtable over to their tosh equivalents. Here's the deal - tmos (the underlying OS for all BIG-IP modules like LTM, GTM, APM etc) used bigpipe (b) through version 9 and it coexists with tmsh in v10. In v11.0 and up, it's tmsh exclusively. --Adam -- Adam Korab On Dec 6, 2012, at 3:57 AM, Darius Seroka > wrote: Same problem here, a couple of devices with 11.x software. In the meantime I am using the devcentral backup scripts which work well but have not got rancid commands onto tmsh yet. There are a couple of example patches that have changed things to tmsh but these were likely never submitted to shurbbery. Darius On Wed, Dec 5, 2012 at 11:25 PM, Chris Moody > wrote: We actually just got some new F5 gear in recently and bigpipe is no longer a supported command. I wanted to check in to see if any development efforts were underway on a 'tmsh' version of the F5 backup routine. ===== [root at qdc-sl01-lb1:/S1-green-P:Active] config # bigpipe /bin/bigpipe: bigpipe is no longer support _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From dariusjs at gmail.com Fri Dec 7 10:32:29 2012 From: dariusjs at gmail.com (Darius Seroka) Date: Fri, 7 Dec 2012 11:32:29 +0100 Subject: [rancid] F5 & tmsh - was Re: issue with bigip rancid diff In-Reply-To: References: <20121129222029.GD33228@shrubbery.net> <20121201173411.GC15442@shrubbery.net> <50BFC9DC.8040500@node-nine.com> Message-ID: Mick, Cheers for your reply, never knew about the git repository with the these updates. Only ever looked at shrubbery.net's pages. Will give this a go. Regards, Darius On Thu, Dec 6, 2012 at 10:18 PM, Mick O'Rourke wrote: > a working tmsh version in the rancid git repo. > > The only thing that doesn't work when adjusting the script to list all > partition co config is a tmsh -q -c "cd /; list recursive" - it errors out > due to extra double quotes required by the -c option. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From willie.s.hinote at nasa.gov Tue Dec 11 17:36:32 2012 From: willie.s.hinote at nasa.gov (Hinote, Willie Scott. (MSFC-IS40)[NICS]) Date: Tue, 11 Dec 2012 11:36:32 -0600 Subject: [rancid] rancid aruba support Message-ID: <8420D9D639CBE744B778A8916DFFC90FF6D3830460@NDMSSCC08.ndc.nasa.gov> Hi, I need some assistance with Aruba devices. I found an old thread over at ArubaNetworks and followed the instructions but when I execute rancid-run I receive the following error. Thread -- http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Automating-Aruba-Controller-Tasks-with-Kiwi-CatTools/td-p/1365 Specifically -- http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Automating-Aruba-Controller-Tasks-with-Kiwi-CatTools/m-p/1368/highlight/true#M95 Error Message -- Trying to get all of the configs. Exec failed router manufacturer aruba: No such file or directory I downloaded the arubarancid file, stripped the .txt off and moved it into /usr/libexec/rancid then chmod 755 /usr/libexec/rancid/arubarancid. I edited /usr/libexec/rancid/rancid-fe and added 'aruba' => 'arubarancid', . The error message appears to be from the rancid-fe file and not from the arubarancid file. If anyone is currently backing up Aruba devices and has a working arubarancid / arubalogin that you can send me it would be greatly appreciated. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From dharmachris at gmail.com Tue Dec 11 17:18:23 2012 From: dharmachris at gmail.com (Chris Hunt) Date: Tue, 11 Dec 2012 09:18:23 -0800 Subject: [rancid] "sh: clogin: command not found" when run from cron Message-ID: <50C76ADF.6000703@gmail.com> Hello All, I'm having some trouble getting rancid to work properly after migrating to CentOS 5.8. I can successfully run it from the BASH while logged in as the rancid user: ! [rancid at noc ~]$ clogin -c 'show version' router-2.example.com router-2.example.com spawn ssh -c 3des -x -l nocservices router-2.example.com ... router-2>enable Password: router-2# router-2#terminal length 0 router-2#show version Cisco IOS Software, 7200 Software .... Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. ... router-2 uptime is 3 years, 17 weeks, 3 days, 22 hours, 46 minutes ... 3 FastEthernet interfaces 1 Virtual Private Network (VPN) Module 125K bytes of NVRAM. 62976K bytes of ATA PCMCIA card at slot 1 (Sector size 512 bytes). 4096K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 router-2# [rancid at noc ~]$ rancid -d router-2.example.com executing clogin -t 90 -c"show version;show redundancy secondary;show idprom backplane;show install active;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;more system:running-config;show running-config;write term" router-2.example.com PROMPT MATCH: router-2# HIT COMMAND:router-2#show version In ShowVersion: router-2#show version TYPE = 7200 HIT COMMAND:router-2#show redundancy secondary In ShowRedundancy: router-2#show redundancy secondary HIT COMMAND:router-2#show idprom backplane In ShowIDprom: router-2#show idprom backplane .... HIT COMMAND:router-2#write term In WriteTerm: router-2#write term ! But when run from the rancid user' crontab, it fails saying "The following routers have not been successfully contacted for more than 4 hours." then lists the router. The logfile shows: sh: clogin: command not found ! router-2.example.com: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,show controllers,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,show redundancy secondary,show running-config,show c7200,dir /all slot1: router-2.example.com: End of run not found ! I suspected a path issue, so I added the path to the crontab file: # PATH=/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/var/rancid:/usr/local/rancid/bin:/usr/libexec/rancid:. SHELL=/bin/bash */5 * * * * rancid-run -m me at example.com # Can someone please hit me with a clue bat? Cheers, -Chris From adam.korab at gmail.com Tue Dec 11 19:26:09 2012 From: adam.korab at gmail.com (Adam Korab) Date: Tue, 11 Dec 2012 13:26:09 -0600 Subject: [rancid] "sh: clogin: command not found" when run from cron In-Reply-To: <50C76ADF.6000703@gmail.com> References: <50C76ADF.6000703@gmail.com> Message-ID: <-461825501760396103@unknownmsgid> How about specifying the full path e.g., /home/rancid/bin/rancid-run instead of just rancid-run? --Adam -- Adam Korab On Dec 11, 2012, at 11:48 AM, Chris Hunt wrote: > Hello All, > I'm having some trouble getting rancid to work properly after > migrating to CentOS 5.8. I can successfully run it from the BASH while > logged in as the rancid user: > ! > [rancid at noc ~]$ clogin -c 'show version' router-2.example.com > router-2.example.com > spawn ssh -c 3des -x -l nocservices router-2.example.com > ... > router-2>enable > Password: > router-2# > router-2#terminal length 0 > router-2#show version > Cisco IOS Software, 7200 Software .... > Technical Support: http://www.cisco.com/techsupport > Copyright (c) 1986-2006 by Cisco Systems, Inc. > ... > router-2 uptime is 3 years, 17 weeks, 3 days, 22 hours, 46 minutes > ... > 3 FastEthernet interfaces > 1 Virtual Private Network (VPN) Module > 125K bytes of NVRAM. > > 62976K bytes of ATA PCMCIA card at slot 1 (Sector size 512 bytes). > 4096K bytes of Flash internal SIMM (Sector size 256K). > Configuration register is 0x2102 > > router-2# > [rancid at noc ~]$ rancid -d router-2.example.com > executing clogin -t 90 -c"show version;show redundancy secondary;show > idprom backplane;show install active;show env all;show rsp > chassis-info;show gsr chassis;show diag chassis-info;show boot;show > bootvar;show variables boot;show flash;dir /all nvram:;dir /all > bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all > disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all > harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all > sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all > slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all > slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all > slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all > sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all > sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show > controllers cbus;show diagbus;show diag;show module;show spe > version;show c7200;show inventory raw;show vtp status;show vlan;show > vlan-switch;show debug;more system:running-config;show > running-config;write term" router-2.example.com > PROMPT MATCH: router-2# > HIT COMMAND:router-2#show version > In ShowVersion: router-2#show version > TYPE = 7200 > HIT COMMAND:router-2#show redundancy secondary > In ShowRedundancy: router-2#show redundancy secondary > HIT COMMAND:router-2#show idprom backplane > In ShowIDprom: router-2#show idprom backplane > .... > HIT COMMAND:router-2#write term > In WriteTerm: router-2#write term > ! > > But when run from the rancid user' crontab, it fails saying "The > following routers have not been successfully contacted for more than 4 > hours." then lists the router. The logfile shows: > sh: clogin: command not found > ! > router-2.example.com: missed cmd(s): dir /all slavedisk2:,show rsp > chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr > chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all > disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all > sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all > sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all > harddiskb:,show variables boot,show boot,show inventory raw,dir /all > slavedisk1:,show env all,show module,show controllers,show diagbus,more > system:running-config,dir /all slavedisk0:,show debug,show idprom > backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all > sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all > slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show > vlan,dir /all slavebootflash:,show controllers cbus,dir /all > slaveslot1:,dir /all nvram:,show version,show vlan-switch,show > redundancy secondary,show running-config,show c7200,dir /all slot1: > router-2.example.com: End of run not found > ! > > I suspected a path issue, so I added the path to the crontab file: > > # > PATH=/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/var/rancid:/usr/local/rancid/bin:/usr/libexec/rancid:. > SHELL=/bin/bash > */5 * * * * rancid-run -m me at example.com > # > > Can someone please hit me with a clue bat? > > Cheers, > -Chris > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From dharmachris at gmail.com Tue Dec 11 20:50:40 2012 From: dharmachris at gmail.com (Chris Hunt) Date: Tue, 11 Dec 2012 12:50:40 -0800 Subject: [rancid] "sh: clogin: command not found" when run from cron In-Reply-To: <-461825501760396103@unknownmsgid> References: <50C76ADF.6000703@gmail.com> <-461825501760396103@unknownmsgid> Message-ID: <50C79CA0.9090000@gmail.com> On 12/11/2012 11:26 AM, Adam Korab wrote: > How about specifying the full path e.g., /home/rancid/bin/rancid-run > instead of just rancid-run? > > --Adam > -- > Adam Korab > > On Dec 11, 2012, at 11:48 AM, Chris Hunt wrote: > >> Hello All, >> I'm having some trouble getting rancid to work properly after >> migrating to CentOS 5.8. I can successfully run it from the BASH while >> logged in as the rancid user: >> ! >> [rancid at noc ~]$ clogin -c 'show version' router-2.example.com >> router-2.example.com >> spawn ssh -c 3des -x -l nocservices router-2.example.com >> ... >> router-2>enable >> Password: >> router-2# >> router-2#terminal length 0 >> router-2#show version >> Cisco IOS Software, 7200 Software .... >> Technical Support: http://www.cisco.com/techsupport >> Copyright (c) 1986-2006 by Cisco Systems, Inc. >> ... >> router-2 uptime is 3 years, 17 weeks, 3 days, 22 hours, 46 minutes >> ... >> 3 FastEthernet interfaces >> 1 Virtual Private Network (VPN) Module >> 125K bytes of NVRAM. >> >> 62976K bytes of ATA PCMCIA card at slot 1 (Sector size 512 bytes). >> 4096K bytes of Flash internal SIMM (Sector size 256K). >> Configuration register is 0x2102 >> >> router-2# >> [rancid at noc ~]$ rancid -d router-2.example.com >> executing clogin -t 90 -c"show version;show redundancy secondary;show >> idprom backplane;show install active;show env all;show rsp >> chassis-info;show gsr chassis;show diag chassis-info;show boot;show >> bootvar;show variables boot;show flash;dir /all nvram:;dir /all >> bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all >> disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all >> harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all >> sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all >> slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all >> slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all >> slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all >> sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all >> sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show >> controllers cbus;show diagbus;show diag;show module;show spe >> version;show c7200;show inventory raw;show vtp status;show vlan;show >> vlan-switch;show debug;more system:running-config;show >> running-config;write term" router-2.example.com >> PROMPT MATCH: router-2# >> HIT COMMAND:router-2#show version >> In ShowVersion: router-2#show version >> TYPE = 7200 >> HIT COMMAND:router-2#show redundancy secondary >> In ShowRedundancy: router-2#show redundancy secondary >> HIT COMMAND:router-2#show idprom backplane >> In ShowIDprom: router-2#show idprom backplane >> .... >> HIT COMMAND:router-2#write term >> In WriteTerm: router-2#write term >> ! >> >> But when run from the rancid user' crontab, it fails saying "The >> following routers have not been successfully contacted for more than 4 >> hours." then lists the router. The logfile shows: >> sh: clogin: command not found >> ! >> router-2.example.com: missed cmd(s): dir /all slavedisk2:,show rsp >> chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr >> chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir >> /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all >> disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all >> sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all >> sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all >> harddiskb:,show variables boot,show boot,show inventory raw,dir /all >> slavedisk1:,show env all,show module,show controllers,show diagbus,more >> system:running-config,dir /all slavedisk0:,show debug,show idprom >> backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all >> sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all >> slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show >> vlan,dir /all slavebootflash:,show controllers cbus,dir /all >> slaveslot1:,dir /all nvram:,show version,show vlan-switch,show >> redundancy secondary,show running-config,show c7200,dir /all slot1: >> router-2.example.com: End of run not found >> ! >> >> I suspected a path issue, so I added the path to the crontab file: >> >> # >> PATH=/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/var/rancid:/usr/local/rancid/bin:/usr/libexec/rancid:. >> SHELL=/bin/bash >> */5 * * * * rancid-run -m me at example.com >> # >> >> Can someone please hit me with a clue bat? >> >> Cheers, >> -Chris >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss Mr. Korab, Thanks for the reply. I had tried that, but apparently there are some additional non-absolute calls within the code itself that were failing due to a misconfigured path. As John Heasley helpfully pointed out, there is yet another path variable in /etc/rancid/rancid.conf. I copied the path from the rancid user's crontab into rancid.conf and away it went! I can't believe how much time I spent on that before asking the group...Many thanks to Mr. Heasley. FIXED! Cheers, -Chris From bobthebaritone at gmail.com Wed Dec 12 00:27:05 2012 From: bobthebaritone at gmail.com (bob watson) Date: Wed, 12 Dec 2012 11:27:05 +1100 Subject: [rancid] "sh: clogin: command not found" when run from cron In-Reply-To: <50C76ADF.6000703@gmail.com> References: <50C76ADF.6000703@gmail.com> Message-ID: Chris, I would get a debug statement in the PERL to see what the environment is there. There are many ways of doing that. PATHs can also be set up in rancid.conf. My main experience is with Solaris and RANCID so I am not expert on CENT OS (Like Redhat Enterprise Linux?). As a rule, to make code portable, never rely on the crontab path as a lot off *nix's do not support it! Good luck! Now, remember to nock off work before Christmas shopping has been done by your significant other! Cheers, Bob On 12 December 2012 04:18, Chris Hunt wrote: > Hello All, > I'm having some trouble getting rancid to work properly after > migrating to CentOS 5.8. I can successfully run it from the BASH while > logged in as the rancid user: > ! > [rancid at noc ~]$ clogin -c 'show version' router-2.example.com > router-2.example.com > spawn ssh -c 3des -x -l nocservices router-2.example.com > ... > router-2>enable > Password: > router-2# > router-2#terminal length 0 > router-2#show version > Cisco IOS Software, 7200 Software .... > Technical Support: http://www.cisco.com/techsupport > Copyright (c) 1986-2006 by Cisco Systems, Inc. > ... > router-2 uptime is 3 years, 17 weeks, 3 days, 22 hours, 46 minutes > ... > 3 FastEthernet interfaces > 1 Virtual Private Network (VPN) Module > 125K bytes of NVRAM. > > 62976K bytes of ATA PCMCIA card at slot 1 (Sector size 512 bytes). > 4096K bytes of Flash internal SIMM (Sector size 256K). > Configuration register is 0x2102 > > router-2# > [rancid at noc ~]$ rancid -d router-2.example.com > executing clogin -t 90 -c"show version;show redundancy secondary;show > idprom backplane;show install active;show env all;show rsp > chassis-info;show gsr chassis;show diag chassis-info;show boot;show > bootvar;show variables boot;show flash;dir /all nvram:;dir /all > bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all > disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all > harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all > sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all > slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all > slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all > slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all > sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all > sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show > controllers cbus;show diagbus;show diag;show module;show spe > version;show c7200;show inventory raw;show vtp status;show vlan;show > vlan-switch;show debug;more system:running-config;show > running-config;write term" router-2.example.com > PROMPT MATCH: router-2# > HIT COMMAND:router-2#show version > In ShowVersion: router-2#show version > TYPE = 7200 > HIT COMMAND:router-2#show redundancy secondary > In ShowRedundancy: router-2#show redundancy secondary > HIT COMMAND:router-2#show idprom backplane > In ShowIDprom: router-2#show idprom backplane > .... > HIT COMMAND:router-2#write term > In WriteTerm: router-2#write term > ! > > But when run from the rancid user' crontab, it fails saying "The > following routers have not been successfully contacted for more than 4 > hours." then lists the router. The logfile shows: > sh: clogin: command not found > ! > router-2.example.com: missed cmd(s): dir /all slavedisk2:,show rsp > chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr > chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all > disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all > sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all > sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all > harddiskb:,show variables boot,show boot,show inventory raw,dir /all > slavedisk1:,show env all,show module,show controllers,show diagbus,more > system:running-config,dir /all slavedisk0:,show debug,show idprom > backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all > sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all > slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show > vlan,dir /all slavebootflash:,show controllers cbus,dir /all > slaveslot1:,dir /all nvram:,show version,show vlan-switch,show > redundancy secondary,show running-config,show c7200,dir /all slot1: > router-2.example.com: End of run not found > ! > > I suspected a path issue, so I added the path to the crontab file: > > # > > PATH=/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/var/rancid:/usr/local/rancid/bin:/usr/libexec/rancid:. > SHELL=/bin/bash > */5 * * * * rancid-run -m me at example.com > # > > Can someone please hit me with a clue bat? > > Cheers, > -Chris > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tobias.brunner at nine.ch Wed Dec 12 12:07:58 2012 From: tobias.brunner at nine.ch (Tobias Brunner) Date: Wed, 12 Dec 2012 13:07:58 +0100 Subject: [rancid] Switch (Cisco 2960) config output flapping Message-ID: <24648273.2uKDxEch3r@pctobru> Hi, I'm backing up our Cisco Switch configuration with Rancid and have a really strange behaviour: Every commit the output is flapping: - -- configs/swXXX (revision 49) @@ -1,10 +1,6 @@ !RANCID-CONTENT-TYPE: cisco ! - ! - ! - ! - ! - type: WS-C2960S-48TS-L - a 2900XL switch + !Chassis type: WS-C2960S-48TS-L - a 2900XL switch !CPU: PowerPC ! !Memory: main 131072K - -- configs/swXXX (revision 50) @@ -1,6 +1,10 @@ !RANCID-CONTENT-TYPE: cisco ! - !Chassis type: WS-C2960S-48TS-L - a 2900XL switch + ! + ! + ! + ! + type: WS-C2960S-48TS-L - a 2900XL switch !CPU: PowerPC ! !Memory: main 131072K Any idea how I could fix that? Cheers, Tobias -- Nine Internet Solutions AG, Albisriederstr. 243a, CH-8047 Zuerich Support +41 44 637 40 40 | Tel +41 44 637 40 00 | Direct +41 44 637 40 13 Skype nine.ch_support From pxb368 at motorola.com Wed Dec 12 13:39:18 2012 From: pxb368 at motorola.com (Danilo Gouveia) Date: Wed, 12 Dec 2012 11:39:18 -0200 Subject: [rancid] PfSense Package Message-ID: Guys, I found a pfsense package at ftp://ftp.shrubbery.net/pub/rancid/contrib/however I doesn't know how to use it, the README also doesn't help. Any one already set up this? Thank in advance, -- Atenciosamente / Best Regards, Danilo Marques de Gouveia IT - Network Administrator 55 19 3847 8424 55 19 9160 6441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From tobias.brunner at nine.ch Wed Dec 12 20:23:38 2012 From: tobias.brunner at nine.ch (Tobias Brunner) Date: Wed, 12 Dec 2012 21:23:38 +0100 Subject: [rancid] Switch (Cisco 2960) config output flapping In-Reply-To: <20121212181517.GB62795@shrubbery.net> References: <24648273.2uKDxEch3r@pctobru> <20121212181517.GB62795@shrubbery.net> Message-ID: <24121217aee7115753f1dbd2020da0da@nine.ch> Good Morning =) > What version of rancid are you using? It's the one which comes with Ubuntu precise: 2.3.6-2 > On what O/S? Ubuntu 12.04.1 LTS > are you connecting to the switches with telnet or ssh? We are connecting with telnet > Is your telnet kerberos enabled? Are you using AAA for command > authorization and have disallowed > some commands, such as 'term length 0'? No for both questions. We don't use kerberos or AAA. Cheers, Tobias -- Nine Internet Solutions AG, Albisriederstr. 243a, CH-8047 Zuerich Support +41 44 637 40 40 | Tel +41 44 637 40 00 | Direct +41 44 637 40 13 Skype nine.ch_support From tyandwhit at gmail.com Wed Dec 12 19:26:49 2012 From: tyandwhit at gmail.com (Tyler Bushman) Date: Wed, 12 Dec 2012 11:26:49 -0800 (PST) Subject: [rancid] How to upgrade to 2.3.8 Message-ID: <6402cb2d-3f7a-48b9-ad13-817f2752ea28@googlegroups.com> I realize this may be a stupid question, but how do I upgrade from RANCID version 2.3.4 to 2.3.8? I've found that some of the issues I've been seeing with RANCID and my ProCurve switches has been fixed in the newer version. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nicolai.Langfeldt at broadnet.no Tue Dec 18 14:09:57 2012 From: Nicolai.Langfeldt at broadnet.no (Nicolai Langfeldt) Date: Tue, 18 Dec 2012 14:09:57 +0000 Subject: [rancid] new x460 switch and xrancid Message-ID: <76559C2CEC19234C83D86F21E613AC5D0115E243@p2exmbx01.corp.local> Hi, Got two new extreme x460 switches which xrancid was unhappy with. Turns out that they don't have the VRRP module which xrancid uses as a "ended well" marker. What they do have at the end is this: # Module vsm configuration. So: --- xrancid.orig 2012-06-12 12:11:00.941479040 +0200 +++ xrancid 2012-12-18 15:00:18.116929275 +0100 @@ -434,7 +434,7 @@ # catch anything that wasnt match above. ProcessHistory("COMMENTS","keysort","H0","$_"); # VT: end of config-XOS hack, use Module VRRP to flag end, very dirty!!! - if (/^# End of configuration file|# Module VRRP/i) { + if (/^# End of configuration file|# Module VRRP|# Module vsm/i) { printf STDERR " End WriteTerm: $_" if ($debug); $found_end = 1; return(0); Nicolai From ray at adbrite.com Tue Dec 18 20:47:03 2012 From: ray at adbrite.com (Raymond Eustaquio) Date: Tue, 18 Dec 2012 12:47:03 -0800 Subject: [rancid] Netscreen jlogin Message-ID: I am attempting to run this command. /home/rancid/bin/flogin -x /usr/bin/isis_foundry_sfo device1 >> /var/tmp/sw/device1 The scripts never exits because the Netscreen awaits a reply for the following question: FW1.SVX:FW1a.SVX(M)-> exit Configuration modified, save? [y]/n How can I send a reply of 'n' or skip the question all together? Ray -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Dec 18 21:10:33 2012 From: heas at shrubbery.net (heasley) Date: Tue, 18 Dec 2012 21:10:33 +0000 Subject: [rancid] Netscreen jlogin In-Reply-To: <20121218210719.9A23C9A98F@guelah.shrubbery.net> Message-ID: <20121218211033.GE81151@shrubbery.net> Tue, Dec 18, 2012 at 12:47:03PM -0800, Raymond Eustaquio: > I am attempting to run this command. > > /home/rancid/bin/flogin -x /usr/bin/isis_foundry_sfo device1 >> > /var/tmp/sw/device1 > > The scripts never exits because the Netscreen awaits a reply for the > following question: > > FW1.SVX:FW1a.SVX(M)-> exit > > Configuration modified, save? [y]/n > > How can I send a reply of 'n' or skip the question all together? ah, new reasons to hate foundry. try the following flogin patch and lmk if it works. Index: flogin.in =================================================================== --- flogin.in (revision 2654) +++ flogin.in (working copy) @@ -513,7 +513,7 @@ # Run commands given on the command line. proc run_commands { prompt command } { - global in_proc + global do_saveconfig in_proc set in_proc 1 send -h "skip-page-display\r" @@ -543,6 +543,14 @@ return 0 } eof { return 0 } + -re "Configuration modified, save\? \[\r\n]*" { + if {$do_saveconfig} { + catch {send "y\r"} + } else { + catch {send "n\r"} + } + exp_continue + } } set in_proc 0 } From jwbensley at gmail.com Wed Dec 19 17:01:44 2012 From: jwbensley at gmail.com (James Bensley) Date: Wed, 19 Dec 2012 17:01:44 +0000 Subject: [rancid] PfSense Package [semi-solved!] Message-ID: Hi Danilo Thanks for that link to the pfSense package. Finding a pfSense plugin was on my to do list, I just hadn't gotten that far yet. I have this working now although I had a few issues. To use this, unpack the three files into your RANCID bin directory. This is likely something like /usr/lib/rancid/bin/ or /usr/local/rancid/bin/. In there you will find an existing file "rancid-fe", replace or merge with the new one to update your devices definitions. Now you can add pfsense firewalls to your devices.db file with the type of "m0n0", which is what you will use for pfSense. Even it says m0n0 as pfSense is a fork of m0n0wall, m0n0walls don't support SSH and this script tries telnet/ssh/rsh so it won't work on them. Also, note that you must enable SSH on your pfSense box if it isn't already. I then added user which only has the right to SSH in. These scripts are a bit broken though and my scripting skills aren't the best; so I am in fact stuck. I have hacked them about a bit and now get the following output in my hourly rancid emails (which you can trigger manually with (rancid-run -r my-pfsense-device.fqdn.com) Index: configs/my-pfsense-device.fqdn.com =================================================================== retrieving revision 1.2 diff -U 4 -r1.2 my-pfsense-device.fqdn.com @@ -1 +1,1769 @@ - exec m0n0login -t 120 -c "uname -a;cat /cf/conf/config.xml" my-pfsense-device.fqdn.com + my-pfsense-device.fqdn.com + spawn ssh -2 -x -l rancid my-pfsense-device.fqdn.com + Password: + Last login: Wed Dec 19 10:28:47 2012 from 89.21.224.35 + Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 + The Regents of the University of California. All rights reserved. + + + [0;1;33m[ [0;1;37m2.0.1-RELEASE [0;1;33m] [0;1;33m[ [0;1;37mrancid [0;1;31m@ [0;1;37mmy-pfsense-device.fqdn.com [0;1;33m] [0;1;32m/home/rancid [0;1;33m( [0;1;37m1 [0;1;33m) [0;1;36m [0;1;31m: [0;40;37m uname -a + FreeBSD my-pfsense-device.fqdn.com 8.1-RELEASE-p6 FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:59:41 EST 2011 root at FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386 + [0;1;33m[ [0;1;37m2.0.1-RELEASE [0;1;33m] [0;1;33m[ [0;1;37mrancid [0;1;31m@ [0;1;37mmy-pfsense-device.fqdn.com [0;1;33m] [0;1;32m/home/rancid [0;1;33m( [0;1;37m2 [0;1;33m) [0;1;36m [0;1;31m: [0;40;37m cat /cf/conf/config.xml + + As you can see from this opening snippet there are two problems; Firstly, the expect script m0n0login is including the SSH MTOD/Banner stuff (I said my scripting wasn't great, although this doesn't really matter). Secondly, an issue which does actually matter, when you SSH to a pfSense box they have coloured terminal output and SSH is spitting this out (the colouring info) in to the expect script, so the prompt on my test pfSense box which usually looks like this; [2.0.1-RELEASE][username at my-pfsense-device.fqdn.com]/home/username(1): Now looks like this; [0;1;33m[ [0;1;37m2.0.1-RELEASE [0;1;33m] [0;1;33m[ [0;1;37mrancid [0;1;31m@ [0;1;37mmy-pfsense-device.fqdn.com [0;1;33m] [0;1;32m/home/rancid [0;1;33m( [0;1;37m1 [0;1;33m) [0;1;36m [0;1;31m: [0;40;37m I will continue to try and fix this by either of the below and post back the fix here once it is solved, but I have no idea how long that will take; 1 - Someone wiser than me here can tell me how to stop SSH from either accepting the colouring info from the pfSense box or not display it on stdout 2 - I find help else where In the mean time, for you and anyone else that NEEDs to be backing up pfSense boxes right now I have modified a m0n0wall bash script making which makes commits to the rancid CVS for me and it works just fine (in a different "branch" though"). Similar to the SSH method, add a rancid user and allow them just access to the diagnostic backup page. This works with curl over HTTPS: I hope that helps someone, and I hope someone can help me, Cheers, James. #!/bin/bash # backup up a pfsense config and puts it into cvs # depends on: bash, curl, cvs, date, rm CVSROOT=/var/lib/cvs export CVSROOT CVSPROJ=pfsense ## HTTPS firewalls on port 8080... DEVICES="my-pfsense-device.fqdn.com \ another-pfsense-device.fqdn.com \ 3rd-pfsense-device.fqdn.com" PROTO=https PORT=8080 USER=rancid PASS=rancidpassword for DEVICE in $DEVICES; do TMPDIR=/tmp/$$ mkdir $TMPDIR cd $TMPDIR cvs -Q co $CVSPROJ cd $CVSPROJ # Login curl -k -o /dev/null --cookie cjar --cookie-jar cjar --data "login=Login" --data "usernamefld=$USER" --data "passwordfld=$PASS" --location $PROTO://$DEVICE:$PORT/index.php # Download config file curl -k -o config-$DEVICE.xml --cookie cjar --cookie-jar cjar --data "Submit=download" --data "donotbackuprrd=yes" --location $PROTO://$DEVICE:$PORT/diag_backup.php # Log out curl -k -o /dev/null --cookie cjar --cookie-jar cjar --location $PROTO://$DEVICE:$PORT/index.php?logout echo config-$DEVICE.xml NOW=`date +%Y-%m-%d@%H:%M:%S` cvs -Q commit -m "backup of $DEVICE config.xml [$NOW]" cvs -Q import -m "backup of $DEVICE config.xml [$NOW]" voswall configs release cd /tmp rm -rf $TMPDIR done