From tayfunsari1982 at gmail.com Tue Oct 1 07:07:02 2013 From: tayfunsari1982 at gmail.com (=?UTF-8?B?VGF5ZnVuIFNhcsSx?=) Date: Tue, 1 Oct 2013 10:07:02 +0300 Subject: [rancid] Rancid and Viewvc / Authentication and Inventory View Message-ID: Hi All, I install rancid and viewvc successfully.I had 2 thing to be done and need advice. 1-Need a authentication for viewvc.Is it possible to do it by configuration or need to installa some other tools?Whats is your advice and best practices? 2-I need to view the inventory of my cisco switches.What should I do to view this info on Viewvc. Thanks in Advance -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Tue Oct 1 07:46:00 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 01 Oct 2013 09:46:00 +0200 Subject: [rancid] Rancid and Viewvc / Authentication and Inventory View In-Reply-To: References: Message-ID: <524A7DB8.8080401@gmail.com> On 01/10/2013 09:07, Tayfun Sar? wrote: > Hi All, > > I install rancid and viewvc successfully.I had 2 thing to be done and > need advice. > > 1-Need a authentication for viewvc.Is it possible to do it by > configuration or need to installa some other tools?Whats is your advice > and best practices? > > 2-I need to view the inventory of my cisco switches.What should I do to > view this info on Viewvc. viewvc is a CVS viewer that runs in a web server. It takes your cvs files and presents them in a browser. Authentication is done in viewvc and in your http server, it has nothing to do with rancid. A CVS viewer can only show you the files it has in the CVS repo, it cannot extract information from them and present it in different ways. Rancid by itself does not intelligently process inventory, it only grabs show output and puts it in a file. You can view that file to see what rancid recorded (as well as everything else it also recorded) By inventory do you mean an organized list of what hardware you have installed with eg serial and model numbers? If that's what you mean you will need to use a proper inventory tool, rancid is not suitable for that purpose. -- Alan McKinnon alan.mckinnon at gmail.com From paleola at gmail.com Tue Oct 1 12:08:34 2013 From: paleola at gmail.com (Aleksey P) Date: Tue, 1 Oct 2013 16:08:34 +0400 Subject: [rancid] End of config in Extreme Switches Message-ID: Hello to all. we use rancid 2.3.4 with Extreme Summit X670 and X650 with XOS 15.3.2.11. I know that in Extreme swithes there no "End of configuration file" string. To fix this I changed "xrancid" file: - if (/^# End of configuration file/i) { - printf STDERR " End WriteTerm: $_" if ($debug); - $found_end = 1; - return(0); - } for + if (/^# Module vrrp configuration./i) { + printf STDERR " End WriteTerm: $_" if ($debug); + $found_end = 1; + return(0); + } So rancid found vrrp config and then exit. But now we use "mlag" on Extreme and its config below vrrp. So rancid exit before this config and we have some missed config lines. I tried rancid 2.3.8 (clean install on other server), with all default config files, but only see "...configuration appears to be truncated. ...missed cmd(s): show configuration" in logs. Help me please. -------------- next part -------------- An HTML attachment was scrubbed... URL: From paleola at gmail.com Tue Oct 1 12:26:04 2013 From: paleola at gmail.com (Aleksey P) Date: Tue, 1 Oct 2013 16:26:04 +0400 Subject: [rancid] End of config in Extreme Switches In-Reply-To: References: Message-ID: In 2.3.8 forgot to comment all commands except "show configuration". Now in logs only "End of run not found:" 2013/10/1 Aleksey P > Hello to all. > we use rancid 2.3.4 with Extreme Summit X670 and X650 with XOS 15.3.2.11. > I know that in Extreme swithes there no "End of configuration file" > string. To fix this I changed "xrancid" file: > > - if (/^# End of configuration file/i) { > > - printf STDERR " End WriteTerm: $_" if ($debug); > > - $found_end = 1; > > - return(0); > > - } > > for > > + if (/^# Module vrrp configuration./i) { > > + printf STDERR " End WriteTerm: $_" if ($debug); > > + $found_end = 1; > > + return(0); > > + } > > So rancid found vrrp config and then exit. > But now we use "mlag" on Extreme and its config below vrrp. So rancid exit > before this config and we have some missed config lines. > I tried rancid 2.3.8 (clean install on other server), with all default > config files, but only see > "...configuration appears to be truncated. > ...missed cmd(s): show configuration" > in logs. > > Help me please. > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From prt at prt.org Tue Oct 1 12:43:21 2013 From: prt at prt.org (Paul Thornton) Date: Tue, 01 Oct 2013 13:43:21 +0100 Subject: [rancid] End of config in Extreme Switches In-Reply-To: References: Message-ID: <524AC369.4050404@prt.org> Hi I had exactly the same problem, and used the same "solution". However, due to other Extreme oddities a diff for my current xrancid against the standard 2.3.8 release is full of debug. However, the key things I changed to "fix" this (I'm sure others here will suggest better ways) are in the attached diff. I've removed a load of my temp debug to tidy it up for you. Note that I rely on a "# Module XYZ configuration" at the end of the config as well, and this almost certainly will break if the version on the switch changes. It is very brittle as well because luckily all of the EXOS switches we have are X450 series and running the same software but if you have a number of different switches with different software then I can see this failing badly. There are a number of nasty hacks here, so beware: 1) I've bypassed the last if ($prompt) in the main loop going through the output from the switch. 2) It relies on a 'Module xxx configuration' in some cases to spot the end of the show conf. 3) Detecting a clean run, I rely on the SSH message "Connection to myswitch.mydomain closed" message. This has a hard-coded regex which happens to match all of my switch names; this should probably be the hostname. As an emergency get-you-going this may help, but please realise that it isn't really general case production grade! Paul. On 01/10/2013 13:08, Aleksey P wrote: > Hello to all. > we use rancid 2.3.4 with Extreme Summit X670 and X650 with XOS 15.3.2.11. > I know that in Extreme swithes there no "End of configuration file" > string. To fix this I changed "xrancid" file: > > - if (/^# End of configuration file/i) { > > - printf STDERR " End WriteTerm: $_" if ($debug); > > - $found_end = 1; > > - return(0); > > - } > > for > > + if (/^# Module vrrp configuration./i) { > > + printf STDERR " End WriteTerm: $_" if ($debug); > > + $found_end = 1; > > + return(0); > > + } > > > So rancid found vrrp config and then exit. > But now we use "mlag" on Extreme and its config below vrrp. So rancid > exit before this config and we have some missed config lines. > I tried rancid 2.3.8 (clean install on other server), with all default > config files, but only see > "...configuration appears to be truncated. > ...missed cmd(s): show configuration" > in logs. > > Help me please. > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Paul Thornton -------------- next part -------------- --- ./xrancid.in 2011-12-22 20:21:34.000000000 +0000 +++ /usr/local/libexec/rancid/xrancid 2013-10-01 12:36:58.000000000 +0000 @@ -304,8 +309,9 @@ my($comment) = 1; # strip extra comments, esp to preserve chassis type while () { + tr/\015//d; - last if(/^$prompt/); +# last if(/^$prompt/); next if(/^\s*$/); return(0) if (/^syntax error at token /i); return(0) if (/^%% Invalid input detected at /i); @@ -395,19 +403,29 @@ # catch anything that wasnt match above. ProcessHistory("COMMENTS","keysort","H0","$_"); # end of config - if (/^# End of configuration file/i) { + if (/End of configuration file for/i) { + printf STDERR " End WriteTerm: $_" if ($debug); + $found_end = 1; + return(0); + } + if (/^# Module vsm configuration/i) { printf STDERR " End WriteTerm: $_" if ($debug); $found_end = 1; return(0); } } if ($lines < 3) { printf(STDERR "ERROR: $host configuration appears to be truncated.\n"); $found_end = 0; return(-1); } $found_end = 1; return(0); } @@ -495,10 +512,14 @@ # note: this match sucks rocks, but currently the extreme bits are # unreliable about echoing the 'exit\n' command. this match might really # be a bad idea, but instead rely upon WriteTerm's found_end? - if (/$prompt\s?(quit|exit|Connection( to \S+)? closed)/ && $found_end) { + if (/$prompt\s?(quit|exit|Connection( to \S+)? closed|Received disconnect from)/ && $found_end) { $clean_run = 1; last; } + if (/^[Cc]onnection [Tt]o [\w\-\_\.]+ [Cc]losed/ && $found_end) { + $clean_run = 1; + last; + } if (/^Error:/) { print STDOUT ("$host clogin error: $_"); print STDERR ("$host clogin error: $_") if ($debug); From paleola at gmail.com Tue Oct 1 13:03:13 2013 From: paleola at gmail.com (Aleksey P) Date: Tue, 1 Oct 2013 17:03:13 +0400 Subject: [rancid] End of config in Extreme Switches In-Reply-To: <524AC369.4050404@prt.org> References: <524AC369.4050404@prt.org> Message-ID: Thanks for the answer. But as I said - after vsm module we have config lines (different for each switch). Like this: "# # Module vsm configuration. # create mlag peer "E670-DL-AGG-1" configure mlag peer "E670-DL-AGG-1" ipaddress vr VR-Default enable mlag port 1 peer "E670-DL-AGG-1" id 1 enable mlag port 2 peer "E670-DL-AGG-1" id 2 enable mlag port 3 peer "E670-DL-AGG-1" id 3 enable mlag port 4 peer "E670-DL-AGG-1" id 4 enable mlag port 5 peer "E670-DL-AGG-1" id 5 enable mlag port 6 peer "E670-DL-AGG-1" id 6 enable mlag port 17 peer "E670-DL-AGG-1" id 17 enable mlag port 19 peer "E670-DL-AGG-1" id 19 enable mlag port 20 peer "E670-DL-AGG-1" id 20 enable mlag port 32 peer "E670-DL-AGG-1" id 32 enable mlag port 33 peer "E670-DL-AGG-1" id 33 enable mlag port 34 peer "E670-DL-AGG-1" id 34 enable mlag port 35 peer "E670-DL-AGG-1" id 35 enable mlag port 36 peer "E670-DL-AGG-1" id 36 enable mlag port 38 peer "E670-DL-AGG-1" id 38 enable mlag port 40 peer "E670-DL-AGG-1" id 40 enable mlag port 44 peer "E670-DL-AGG-1" id 44 " and its very sad that we can't save this config. 2013/10/1 Paul Thornton > Hi > > I had exactly the same problem, and used the same "solution". > > However, due to other Extreme oddities a diff for my current xrancid > against the standard 2.3.8 release is full of debug. > > However, the key things I changed to "fix" this (I'm sure others here will > suggest better ways) are in the attached diff. I've removed a load of my > temp debug to tidy it up for you. > > Note that I rely on a "# Module XYZ configuration" at the end of the > config as well, and this almost certainly will break if the version on the > switch changes. It is very brittle as well because luckily all of the EXOS > switches we have are X450 series and running the same software but if you > have a number of different switches with different software then I can see > this failing badly. > > There are a number of nasty hacks here, so beware: > > 1) I've bypassed the last if ($prompt) in the main loop going through the > output from the switch. > 2) It relies on a 'Module xxx configuration' in some cases to spot the end > of the show conf. > 3) Detecting a clean run, I rely on the SSH message "Connection to > myswitch.mydomain closed" message. This has a hard-coded regex which > happens to match all of my switch names; this should probably be the > hostname. > > As an emergency get-you-going this may help, but please realise that it > isn't really general case production grade! > > Paul. > > > On 01/10/2013 13:08, Aleksey P wrote: > >> Hello to all. >> we use rancid 2.3.4 with Extreme Summit X670 and X650 with XOS 15.3.2.11. >> I know that in Extreme swithes there no "End of configuration file" >> string. To fix this I changed "xrancid" file: >> >> - if (/^# End of configuration file/i) { >> >> - printf STDERR " End WriteTerm: $_" if ($debug); >> >> - $found_end = 1; >> >> - return(0); >> >> - } >> >> for >> >> + if (/^# Module vrrp configuration./i) { >> >> + printf STDERR " End WriteTerm: $_" if ($debug); >> >> + $found_end = 1; >> >> + return(0); >> >> + } >> >> >> So rancid found vrrp config and then exit. >> But now we use "mlag" on Extreme and its config below vrrp. So rancid >> exit before this config and we have some missed config lines. >> I tried rancid 2.3.8 (clean install on other server), with all default >> config files, but only see >> "...configuration appears to be truncated. >> ...missed cmd(s): show configuration" >> in logs. >> >> Help me please. >> >> >> >> >> >> ______________________________**_________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/**mailman/listinfo/rancid-**discuss >> >> > -- > Paul Thornton > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Tue Oct 1 14:19:45 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 01 Oct 2013 16:19:45 +0200 Subject: [rancid] End of config in Extreme Switches In-Reply-To: References: <524AC369.4050404@prt.org> Message-ID: <524ADA01.7050504@gmail.com> On 01/10/2013 15:03, Aleksey P wrote: > Thanks for the answer. But as I said - after vsm module we have config > lines (different for each switch). Like this: > "# > # Module vsm configuration. > # > create mlag peer "E670-DL-AGG-1" > configure mlag peer "E670-DL-AGG-1" ipaddress vr VR-Default > enable mlag port 1 peer "E670-DL-AGG-1" id 1 > enable mlag port 2 peer "E670-DL-AGG-1" id 2 > enable mlag port 3 peer "E670-DL-AGG-1" id 3 > enable mlag port 4 peer "E670-DL-AGG-1" id 4 > enable mlag port 5 peer "E670-DL-AGG-1" id 5 > enable mlag port 6 peer "E670-DL-AGG-1" id 6 > enable mlag port 17 peer "E670-DL-AGG-1" id 17 > enable mlag port 19 peer "E670-DL-AGG-1" id 19 > enable mlag port 20 peer "E670-DL-AGG-1" id 20 > enable mlag port 32 peer "E670-DL-AGG-1" id 32 > enable mlag port 33 peer "E670-DL-AGG-1" id 33 > enable mlag port 34 peer "E670-DL-AGG-1" id 34 > enable mlag port 35 peer "E670-DL-AGG-1" id 35 > enable mlag port 36 peer "E670-DL-AGG-1" id 36 > enable mlag port 38 peer "E670-DL-AGG-1" id 38 > enable mlag port 40 peer "E670-DL-AGG-1" id 40 > enable mlag port 44 peer "E670-DL-AGG-1" id 44 " > > and its very sad that we can't save this config. What happens if you revert the code back to as-shipped and let WriteTerm fall out the end? It should detect the prompt and carry on from there. If not, rather spend your efforts writing code that works exactly that way, rather than deliberately throwing config away. > > > 2013/10/1 Paul Thornton > > > Hi > > I had exactly the same problem, and used the same "solution". > > However, due to other Extreme oddities a diff for my current xrancid > against the standard 2.3.8 release is full of debug. > > However, the key things I changed to "fix" this (I'm sure others > here will suggest better ways) are in the attached diff. I've > removed a load of my temp debug to tidy it up for you. > > Note that I rely on a "# Module XYZ configuration" at the end of the > config as well, and this almost certainly will break if the version > on the switch changes. It is very brittle as well because luckily > all of the EXOS switches we have are X450 series and running the > same software but if you have a number of different switches with > different software then I can see this failing badly. > > There are a number of nasty hacks here, so beware: > > 1) I've bypassed the last if ($prompt) in the main loop going > through the output from the switch. > 2) It relies on a 'Module xxx configuration' in some cases to spot > the end of the show conf. > 3) Detecting a clean run, I rely on the SSH message "Connection to > myswitch.mydomain closed" message. This has a hard-coded regex > which happens to match all of my switch names; this should probably > be the hostname. > > As an emergency get-you-going this may help, but please realise that > it isn't really general case production grade! > > Paul. > > > On 01/10/2013 13:08, Aleksey P wrote: > > Hello to all. > we use rancid 2.3.4 with Extreme Summit X670 and X650 with XOS > 15.3.2.11. > I know that in Extreme swithes there no "End of configuration file" > string. To fix this I changed "xrancid" file: > > - if (/^# End of configuration file/i) { > > - printf STDERR " End WriteTerm: $_" if ($debug); > > - $found_end = 1; > > - return(0); > > - } > > for > > + if (/^# Module vrrp configuration./i) { > > + printf STDERR " End WriteTerm: $_" if ($debug); > > + $found_end = 1; > > + return(0); > > + } > > > So rancid found vrrp config and then exit. > But now we use "mlag" on Extreme and its config below vrrp. So > rancid > exit before this config and we have some missed config lines. > I tried rancid 2.3.8 (clean install on other server), with all > default > config files, but only see > "...configuration appears to be truncated. > ...missed cmd(s): show configuration" > in logs. > > Help me please. > > > > > > _________________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/__mailman/listinfo/rancid-__discuss > > > > -- > Paul Thornton > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From prt at prt.org Tue Oct 1 14:36:31 2013 From: prt at prt.org (Paul Thornton) Date: Tue, 01 Oct 2013 15:36:31 +0100 Subject: [rancid] End of config in Extreme Switches In-Reply-To: <524ADA01.7050504@gmail.com> References: <524AC369.4050404@prt.org> <524ADA01.7050504@gmail.com> Message-ID: <524ADDEF.2030701@prt.org> Hi Alan, On 01/10/2013 15:19, Alan McKinnon wrote: > If not, rather spend your efforts writing code that works exactly that > way, rather than deliberately throwing config away. I last looked into this a few months ago - but IIRC, if we do that then found_end didn't get set so that then leads to another issue. I'm just doing some testing with a standard xrancid applying the various mods I've made to xrancid in the past months to get a firm idea of what combination works. It was one of those "Try option A, then add B and C - ah, it works OK now, I won't touch it" debugging sessions I'm afraid. It would be useful to properly fix this for everyone using Extreme kit. Paul. From alan.mckinnon at gmail.com Tue Oct 1 15:23:40 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 01 Oct 2013 17:23:40 +0200 Subject: [rancid] End of config in Extreme Switches In-Reply-To: <524ADDEF.2030701@prt.org> References: <524AC369.4050404@prt.org> <524ADA01.7050504@gmail.com> <524ADDEF.2030701@prt.org> Message-ID: <524AE8FC.1090702@gmail.com> On 01/10/2013 16:36, Paul Thornton wrote: > Hi Alan, > > On 01/10/2013 15:19, Alan McKinnon wrote: > >> If not, rather spend your efforts writing code that works exactly that >> way, rather than deliberately throwing config away. > > I last looked into this a few months ago - but IIRC, if we do that then > found_end didn't get set so that then leads to another issue. > > I'm just doing some testing with a standard xrancid applying the various > mods I've made to xrancid in the past months to get a firm idea of what > combination works. It was one of those "Try option A, then add B and C > - ah, it works OK now, I won't touch it" debugging sessions I'm afraid. > > It would be useful to properly fix this for everyone using Extreme kit. Sounds much like the ProCurves Ryan and myself are currently battling with :-) -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Tue Oct 1 16:03:10 2013 From: heas at shrubbery.net (Heasley) Date: Tue, 1 Oct 2013 09:03:10 -0700 Subject: [rancid] Rancid and Viewvc / Authentication and Inventory View In-Reply-To: <524A7DB8.8080401@gmail.com> References: <524A7DB8.8080401@gmail.com> Message-ID: > Am Oct 1, 2013 um 0:46 schrieb Alan McKinnon : > >> On 01/10/2013 09:07, Tayfun Sar? wrote: >> Hi All, >> >> I install rancid and viewvc successfully.I had 2 thing to be done and >> need advice. >> >> 1-Need a authentication for viewvc.Is it possible to do it by >> configuration or need to installa some other tools?Whats is your advice >> and best practices? >> >> 2-I need to view the inventory of my cisco switches.What should I do to >> view this info on Viewvc. > > > viewvc is a CVS viewer that runs in a web server. It takes your cvs > files and presents them in a browser. Authentication is done in viewvc > and in your http server, it has nothing to do with rancid. > > A CVS viewer can only show you the files it has in the CVS repo, it > cannot extract information from them and present it in different ways. > Rancid by itself does not intelligently process inventory, it only grabs > show output and puts it in a file. You can view that file to see what > rancid recorded (as well as everything else it also recorded) > You could also write something to post process the rancid data. > By inventory do you mean an organized list of what hardware you have > installed with eg serial and model numbers? If that's what you mean you > will need to use a proper inventory tool, rancid is not suitable for > that purpose. > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Sean.Browne at boeingdefence.co.uk Tue Oct 1 16:06:36 2013 From: Sean.Browne at boeingdefence.co.uk (Browne, Sean) Date: Tue, 1 Oct 2013 17:06:36 +0100 Subject: [rancid] Release Authorised RE: Rancid and Viewvc / Authentication and Inventory View Message-ID: Hi Tayfun, Use a .htaccess file to protect the viewvc page. Sean Browne Network Analyst Boeing Defence UK Limited - A subsidiary of the Boeing Company Bldg 630, Bristol Business Park. Coldharbour Lane. Bristol. BS16 1EJ email: sean.browne at boeingdefence.co.uk www.boeing.com From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Tayfun Sari Sent: 01 October 2013 08:07 To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and Viewvc / Authentication and Inventory View Hi All, I install rancid and viewvc successfully.I had 2 thing to be done and need advice. 1-Need a authentication for viewvc.Is it possible to do it by configuration or need to installa some other tools?Whats is your advice and best practices? 2-I need to view the inventory of my cisco switches.What should I do to view this info on Viewvc. Thanks in Advance This communication is intended only for the individual or entity to which it is addressed and may contain proprietary or confidential information. If you have received this communication in error, please notify us immediately by telephone and destroy this original communication without reading, copying or distributing any copies of it. ----------------------------------------------------------------------------------------- Boeing Defence UK Limited is registered in England and Wales (registered number 01290439). Registered office 25 Victoria Street, London SW1H 0EX Phone: +44-20-7930-5000 -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Oct 1 17:12:55 2013 From: heas at shrubbery.net (heasley) Date: Tue, 1 Oct 2013 17:12:55 +0000 Subject: [rancid] End of config in Extreme Switches In-Reply-To: <524ADDEF.2030701@prt.org> References: <524AC369.4050404@prt.org> <524ADA01.7050504@gmail.com> <524ADDEF.2030701@prt.org> Message-ID: <20131001171255.GF76440@shrubbery.net> Tue, Oct 01, 2013 at 03:36:31PM +0100, Paul Thornton: > Hi Alan, > > On 01/10/2013 15:19, Alan McKinnon wrote: > > > If not, rather spend your efforts writing code that works exactly that > > way, rather than deliberately throwing config away. > > I last looked into this a few months ago - but IIRC, if we do that then > found_end didn't get set so that then leads to another issue. > > I'm just doing some testing with a standard xrancid applying the various > mods I've made to xrancid in the past months to get a firm idea of what > combination works. It was one of those "Try option A, then add B and C > - ah, it works OK now, I won't touch it" debugging sessions I'm afraid. > > It would be useful to properly fix this for everyone using Extreme kit. would one or two of you send complete "clogin -c 'show configuration detail;show configuration'" output to me? From heas at shrubbery.net Tue Oct 1 18:38:00 2013 From: heas at shrubbery.net (heasley) Date: Tue, 1 Oct 2013 18:38:00 +0000 Subject: [rancid] Explain email error In-Reply-To: References: Message-ID: <20131001183800.GD79035@shrubbery.net> as rancid, run hrancid -dl devicename to test and look at the file devicename.new to verify that it is complete. From daniel.schmidt at wyo.gov Tue Oct 1 22:11:37 2013 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 1 Oct 2013 16:11:37 -0600 Subject: [rancid] Rancid and Viewvc / Authentication and Inventory View In-Reply-To: References: <524A7DB8.8080401@gmail.com> Message-ID: Who hasn't cobbled last minute rancid parsers to double check the SN, SNMP-location, ect out of configs for the inventory Nazis? I bet Heas has! :-) On Tue, Oct 1, 2013 at 10:03 AM, Heasley wrote: > > > > Am Oct 1, 2013 um 0:46 schrieb Alan McKinnon : > > > >> On 01/10/2013 09:07, Tayfun Sar? wrote: > >> Hi All, > >> > >> I install rancid and viewvc successfully.I had 2 thing to be done and > >> need advice. > >> > >> 1-Need a authentication for viewvc.Is it possible to do it by > >> configuration or need to installa some other tools?Whats is your advice > >> and best practices? > >> > >> 2-I need to view the inventory of my cisco switches.What should I do to > >> view this info on Viewvc. > > > > > > viewvc is a CVS viewer that runs in a web server. It takes your cvs > > files and presents them in a browser. Authentication is done in viewvc > > and in your http server, it has nothing to do with rancid. > > > > A CVS viewer can only show you the files it has in the CVS repo, it > > cannot extract information from them and present it in different ways. > > Rancid by itself does not intelligently process inventory, it only grabs > > show output and puts it in a file. You can view that file to see what > > rancid recorded (as well as everything else it also recorded) > > > You could also write something to post process the rancid data. > > > By inventory do you mean an organized list of what hardware you have > > installed with eg serial and model numbers? If that's what you mean you > > will need to use a proper inventory tool, rancid is not suitable for > > that purpose. > > > > -- > > Alan McKinnon > > alan.mckinnon at gmail.com > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From paleola at gmail.com Wed Oct 2 07:14:36 2013 From: paleola at gmail.com (Aleksey P) Date: Wed, 2 Oct 2013 11:14:36 +0400 Subject: [rancid] End of config in Extreme Switches In-Reply-To: <20131001171255.GF76440@shrubbery.net> References: <524AC369.4050404@prt.org> <524ADA01.7050504@gmail.com> <524ADDEF.2030701@prt.org> <20131001171255.GF76440@shrubbery.net> Message-ID: Hi to All. Heasley, I sent to you file with output on email. Alan, I tried clean install ("as-shipped") of 2.3.8 (with only "show configuration") and as I wrote - I recieve "End of run not found:" 2013/10/1 heasley > Tue, Oct 01, 2013 at 03:36:31PM +0100, Paul Thornton: > > Hi Alan, > > > > On 01/10/2013 15:19, Alan McKinnon wrote: > > > > > If not, rather spend your efforts writing code that works exactly that > > > way, rather than deliberately throwing config away. > > > > I last looked into this a few months ago - but IIRC, if we do that then > > found_end didn't get set so that then leads to another issue. > > > > I'm just doing some testing with a standard xrancid applying the various > > mods I've made to xrancid in the past months to get a firm idea of what > > combination works. It was one of those "Try option A, then add B and C > > - ah, it works OK now, I won't touch it" debugging sessions I'm afraid. > > > > It would be useful to properly fix this for everyone using Extreme kit. > > would one or two of you send complete > "clogin -c 'show configuration detail;show configuration'" output to me? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Oct 2 10:09:54 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 02 Oct 2013 12:09:54 +0200 Subject: [rancid] End of config in Extreme Switches In-Reply-To: References: <524AC369.4050404@prt.org> <524ADA01.7050504@gmail.com> <524ADDEF.2030701@prt.org> <20131001171255.GF76440@shrubbery.net> Message-ID: <524BF0F2.4090405@gmail.com> On 02/10/2013 09:14, Aleksey P wrote: > Hi to All. > Heasley, I sent to you file with output on email. > Alan, I tried clean install ("as-shipped") of 2.3.8 (with only "show > configuration") and as I wrote - I recieve "End of run not found:" Regular rancid has this at the end of WriteTerm(): # The ContentEngine lacks a definitive "end of config" marker. If we # know that it is a CE, SAN, or NXOS and we have seen at least 5 lines # of write term output, we can be reasonably sure that we got the config. if (($type == "CE" || $type == "SAN" || $type == "NXOS" ) && $linecnt > 5) { $found_end = 1; return(0); } To me that's a more sensible approach - you can't include checks for markers that do not exist in the output. > > > > 2013/10/1 heasley > > > Tue, Oct 01, 2013 at 03:36:31PM +0100, Paul Thornton: > > Hi Alan, > > > > On 01/10/2013 15:19, Alan McKinnon wrote: > > > > > If not, rather spend your efforts writing code that works > exactly that > > > way, rather than deliberately throwing config away. > > > > I last looked into this a few months ago - but IIRC, if we do that > then > > found_end didn't get set so that then leads to another issue. > > > > I'm just doing some testing with a standard xrancid applying the > various > > mods I've made to xrancid in the past months to get a firm idea of > what > > combination works. It was one of those "Try option A, then add B > and C > > - ah, it works OK now, I won't touch it" debugging sessions I'm > afraid. > > > > It would be useful to properly fix this for everyone using Extreme > kit. > > would one or two of you send complete > "clogin -c 'show configuration detail;show configuration'" output to me? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From Douglas.Hughes at DEShawResearch.com Wed Oct 2 14:21:12 2013 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Wed, 2 Oct 2013 14:21:12 +0000 Subject: [rancid] Palo Alto Networks In-Reply-To: References: <5b25d874-8e64-4249-96f1-51a2f3885b26@googlegroups.com> <96853803542d475aa415c8c905ffb1f1@BN1PR01MB119.prod.exchangelabs.com> Message-ID: I suspect you haven't added the mapping to your vendor table. In rancid-fe, find the %vendortable hash (about 2/3 of the way down) Add a line: 'paloalto' => 'panrancid', I put mine in alphabetical order, just below netscreen. From: Kishore Rajani [mailto:kams19 at gmail.com] Sent: Wednesday, October 02, 2013 10:14 AM To: Hughes, Doug Cc: Ryan Milton; rancid-discuss at googlegroups.com; guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Networks HI Doug, Now that I have my remote site up, here are the logs that are generated by rancid-run: exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory Any idea where I could have been wrong. I have the panlogin and panrancid in the "/usr/local/rancid/bin/" directory. Also I have checked the router.db file and it has the config like: FWL1:paloalto:up FWL2:paloalto:up FWL3:paloalto:up FWL4:paloalto:up FWL5:paloalto:up Thanks and Regards, Kishore On 25 September 2013 06:48, Kishore Rajani > wrote: I will use them as soon as the remote site becomes available.. and will also let you know how did it go. Appreciate your help. Regards, Kishore On 25 September 2013 01:40, Hughes, Doug > wrote: I just sent you the latest versions. I'm the original creator. I can't say if the other version is older, but if they are different, use the ones I sent. (and make sure they are first in the path) So you are saying when you run panrancid it doesn't create the config file for you? From: Kishore Rajani [mailto:kams19 at gmail.com] Sent: Tuesday, September 24, 2013 5:44 PM To: Hughes, Doug Cc: Ryan Milton; rancid-discuss at googlegroups.com; guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Networks Hi All, Thanks for your inputs.. much appreciated. I think i had downloaded these files from some other website, not sure if you have modified it, Doug.. In my setup, I am able to login into the device using panlogin.. however the device config are not backed up. Everything works smooth for Cisco devices. I have updated the routers.db and other files for PAN devices, but no luck yet. Unfortunately, I am unable to reach my remote site server at the moment, else would have pasted the log file. Regards, Kishore On 24 September 2013 22:01, Hughes, Doug > wrote: Sure they can. I do it for 3 of them right now. Attached. Set your 'switch type' to paloalto. Works with names or IP addresses. From: Ryan Milton [mailto:rmilton at mvsusa.com] Sent: Tuesday, September 24, 2013 4:58 PM To: Hughes, Doug; Kishore Rajani; rancid-discuss at googlegroups.com Cc: guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: RE: [rancid] Palo Alto Networks I would certainly be interested in adding PAN devices to Rancid. I thought that they couldn't be read. That is what I've found with my HP switches-but that is another matter. Any ideas on getting PAN devices read by Rancid would be useful. Regards, Ryan Milton From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Hughes, Doug Sent: Tuesday, September 24, 2013 12:26 PM To: Kishore Rajani; rancid-discuss at googlegroups.com Cc: guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Networks Yes, I have working panlogin and panrancid and have contributed them upstream. Have you not been able to get them to work? From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Kishore Rajani Sent: Monday, September 23, 2013 9:52 AM To: rancid-discuss at googlegroups.com Cc: guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Networks HI, did you manage to get the RANCID running with PAN? Regards, Kishore On Thursday, 29 March 2012 13:53:33 UTC+1, Guillaume Dupuis wrote: Nate Beck jivesoftware.com> writes: > > > Has anyone on the list worked with Palo Alto Network firewalls and Rancid? I was wondering if anyone has created a *login for them. > Thanks------------------- > Nathan BeckSr. IT Engineer > Jive Software > 503.972.9024 Hi Nate, Did you find a *login script for PAN? Thanks, Guillaume Dupuis _______________________________________________ Rancid-discuss mailing list Rancid-... at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From Douglas.Hughes at DEShawResearch.com Wed Oct 2 14:34:01 2013 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Wed, 2 Oct 2013 14:34:01 +0000 Subject: [rancid] Palo Alto Networks In-Reply-To: References: <5b25d874-8e64-4249-96f1-51a2f3885b26@googlegroups.com> <96853803542d475aa415c8c905ffb1f1@BN1PR01MB119.prod.exchangelabs.com> Message-ID: That message is definitely coming from rancid-fe. It's just below the vendor table. Are you sure that you don't have 'another' version of rancid-fe somewhere else in the path? That's the only explanation that I could think of other than a misspelling. You could use strace -f -e trace=execve to find out exactly what it's running. From: Kishore Rajani [mailto:kams19 at gmail.com] Sent: Wednesday, October 02, 2013 10:24 AM To: Hughes, Doug Cc: Ryan Milton; rancid-discuss at googlegroups.com; guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Networks Just checked, I do have that entry as well: 'netscaler' => 'nsrancid', 'netscreen' => 'nrancid', 'paloalto' => 'panrancid', 'procket' => 'prancid', Do you think I have missed it anywhere else.. is there any modification needed in the rancid-run script? the cisco devices are being backed up without any problem.. Regards, Kishore On 2 October 2013 15:21, Hughes, Doug > wrote: I suspect you haven't added the mapping to your vendor table. In rancid-fe, find the %vendortable hash (about 2/3 of the way down) Add a line: 'paloalto' => 'panrancid', I put mine in alphabetical order, just below netscreen. From: Kishore Rajani [mailto:kams19 at gmail.com] Sent: Wednesday, October 02, 2013 10:14 AM To: Hughes, Doug Cc: Ryan Milton; rancid-discuss at googlegroups.com; guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Networks HI Doug, Now that I have my remote site up, here are the logs that are generated by rancid-run: exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory Any idea where I could have been wrong. I have the panlogin and panrancid in the "/usr/local/rancid/bin/" directory. Also I have checked the router.db file and it has the config like: FWL1:paloalto:up FWL2:paloalto:up FWL3:paloalto:up FWL4:paloalto:up FWL5:paloalto:up Thanks and Regards, Kishore On 25 September 2013 06:48, Kishore Rajani > wrote: I will use them as soon as the remote site becomes available.. and will also let you know how did it go. Appreciate your help. Regards, Kishore On 25 September 2013 01:40, Hughes, Doug > wrote: I just sent you the latest versions. I'm the original creator. I can't say if the other version is older, but if they are different, use the ones I sent. (and make sure they are first in the path) So you are saying when you run panrancid it doesn't create the config file for you? From: Kishore Rajani [mailto:kams19 at gmail.com] Sent: Tuesday, September 24, 2013 5:44 PM To: Hughes, Doug Cc: Ryan Milton; rancid-discuss at googlegroups.com; guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Networks Hi All, Thanks for your inputs.. much appreciated. I think i had downloaded these files from some other website, not sure if you have modified it, Doug.. In my setup, I am able to login into the device using panlogin.. however the device config are not backed up. Everything works smooth for Cisco devices. I have updated the routers.db and other files for PAN devices, but no luck yet. Unfortunately, I am unable to reach my remote site server at the moment, else would have pasted the log file. Regards, Kishore On 24 September 2013 22:01, Hughes, Doug > wrote: Sure they can. I do it for 3 of them right now. Attached. Set your 'switch type' to paloalto. Works with names or IP addresses. From: Ryan Milton [mailto:rmilton at mvsusa.com] Sent: Tuesday, September 24, 2013 4:58 PM To: Hughes, Doug; Kishore Rajani; rancid-discuss at googlegroups.com Cc: guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: RE: [rancid] Palo Alto Networks I would certainly be interested in adding PAN devices to Rancid. I thought that they couldn't be read. That is what I've found with my HP switches-but that is another matter. Any ideas on getting PAN devices read by Rancid would be useful. Regards, Ryan Milton From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Hughes, Doug Sent: Tuesday, September 24, 2013 12:26 PM To: Kishore Rajani; rancid-discuss at googlegroups.com Cc: guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Networks Yes, I have working panlogin and panrancid and have contributed them upstream. Have you not been able to get them to work? From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Kishore Rajani Sent: Monday, September 23, 2013 9:52 AM To: rancid-discuss at googlegroups.com Cc: guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Networks HI, did you manage to get the RANCID running with PAN? Regards, Kishore On Thursday, 29 March 2012 13:53:33 UTC+1, Guillaume Dupuis wrote: Nate Beck jivesoftware.com> writes: > > > Has anyone on the list worked with Palo Alto Network firewalls and Rancid? I was wondering if anyone has created a *login for them. > Thanks------------------- > Nathan BeckSr. IT Engineer > Jive Software > 503.972.9024 Hi Nate, Did you find a *login script for PAN? Thanks, Guillaume Dupuis _______________________________________________ Rancid-discuss mailing list Rancid-... at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From kams19 at gmail.com Wed Oct 2 14:23:40 2013 From: kams19 at gmail.com (Kishore Rajani) Date: Wed, 2 Oct 2013 15:23:40 +0100 Subject: [rancid] Palo Alto Networks In-Reply-To: References: <5b25d874-8e64-4249-96f1-51a2f3885b26@googlegroups.com> <96853803542d475aa415c8c905ffb1f1@BN1PR01MB119.prod.exchangelabs.com> Message-ID: Just checked, I do have that entry as well: 'netscaler' => 'nsrancid', 'netscreen' => 'nrancid', * 'paloalto' => 'panrancid',* 'procket' => 'prancid', Do you think I have missed it anywhere else.. is there any modification needed in the rancid-run script? the cisco devices are being backed up without any problem.. Regards, Kishore On 2 October 2013 15:21, Hughes, Doug wrote: > I suspect you haven?t added the mapping to your vendor table.**** > > In rancid-fe, find the %vendortable hash (about 2/3 of the way down)**** > > ** ** > > Add a line:**** > > 'paloalto' => 'panrancid',**** > > ** ** > > ** ** > > I put mine in alphabetical order, just below netscreen.**** > > ** ** > > *From:* Kishore Rajani [mailto:kams19 at gmail.com] > *Sent:* Wednesday, October 02, 2013 10:14 AM > > *To:* Hughes, Doug > *Cc:* Ryan Milton; rancid-discuss at googlegroups.com; > guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto Networks**** > > ** ** > > HI Doug,**** > > Now that I have my remote site up, here are the logs that are generated by > rancid-run: > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory**** > > Any idea where I could have been wrong. I have the panlogin and panrancid > in the "/usr/local/rancid/bin/" directory. Also I have checked the > router.db file and it has the config like: > FWL1:paloalto:up**** > > FWL2:paloalto:up > FWL3:paloalto:up > FWL4:paloalto:up > FWL5:paloalto:up**** > > Thanks and Regards, > Kishore**** > > ** ** > > On 25 September 2013 06:48, Kishore Rajani wrote:**** > > I will use them as soon as the remote site becomes available.. and will > also let you know how did it go.**** > > ** ** > > Appreciate your help.**** > > ** ** > > Regards,**** > > Kishore**** > > ** ** > > On 25 September 2013 01:40, Hughes, Doug < > Douglas.Hughes at deshawresearch.com> wrote:**** > > I just sent you the latest versions. I?m the original creator. I can?t say > if the other version is older, but if they are different, use the ones I > sent. (and make sure they are first in the path)**** > > **** > > So you are saying when you run panrancid it doesn?t create the config file > for you?**** > > **** > > *From:* Kishore Rajani [mailto:kams19 at gmail.com] > *Sent:* Tuesday, September 24, 2013 5:44 PM > *To:* Hughes, Doug > *Cc:* Ryan Milton; rancid-discuss at googlegroups.com; > guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net**** > > > *Subject:* Re: [rancid] Palo Alto Networks**** > > **** > > Hi All,**** > > **** > > Thanks for your inputs.. much appreciated.**** > > **** > > I think i had downloaded these files from some other website, not sure if > you have modified it, Doug..**** > > **** > > In my setup, I am able to login into the device using panlogin.. however > the device config are not backed up. Everything works smooth for Cisco > devices.**** > > I have updated the routers.db and other files for PAN devices, but no luck > yet.**** > > **** > > Unfortunately, I am unable to reach my remote site server at the moment, > else would have pasted the log file.**** > > **** > > Regards,**** > > Kishore**** > > **** > > **** > > On 24 September 2013 22:01, Hughes, Doug < > Douglas.Hughes at deshawresearch.com> wrote:**** > > Sure they can. I do it for 3 of them right now.**** > > **** > > Attached. Set your ?switch type? to paloalto. Works with names or IP > addresses.**** > > **** > > *From:* Ryan Milton [mailto:rmilton at mvsusa.com] > *Sent:* Tuesday, September 24, 2013 4:58 PM > *To:* Hughes, Doug; Kishore Rajani; rancid-discuss at googlegroups.com > *Cc:* guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net > *Subject:* RE: [rancid] Palo Alto Networks**** > > **** > > I would certainly be interested in adding PAN devices to Rancid. I thought > that they couldn?t be read. That is what I?ve found with my HP switches?but > that is another matter. Any ideas on getting PAN devices read by Rancid > would be useful.**** > > **** > > Regards,**** > > Ryan Milton**** > > **** > > *From:* rancid-discuss-bounces at shrubbery.net [ > mailto:rancid-discuss-bounces at shrubbery.net] > *On Behalf Of *Hughes, Doug > *Sent:* Tuesday, September 24, 2013 12:26 PM > *To:* Kishore Rajani; rancid-discuss at googlegroups.com > *Cc:* guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto Networks**** > > **** > > Yes, I have working panlogin and panrancid and have contributed them > upstream. Have you not been able to get them to work?**** > > **** > > **** > > *From:* rancid-discuss-bounces at shrubbery.net [ > mailto:rancid-discuss-bounces at shrubbery.net] > *On Behalf Of *Kishore Rajani > *Sent:* Monday, September 23, 2013 9:52 AM > *To:* rancid-discuss at googlegroups.com > *Cc:* guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto Networks**** > > **** > > HI, > > did you manage to get the RANCID running with PAN? > > Regards, > Kishore > > On Thursday, 29 March 2012 13:53:33 UTC+1, Guillaume Dupuis wrote:**** > > Nate Beck jivesoftware.com> writes:**** > > > > > > > Has anyone on the list worked with Palo Alto Network firewalls and > Rancid? I > was wondering if anyone has created a *login for them. > > Thanks------------------- > > Nathan BeckSr. IT Engineer > > Jive Software > > 503.972.9024**** > > Hi Nate,**** > > Did you find a *login script for PAN?**** > > Thanks,**** > > Guillaume Dupuis**** > > _______________________________________________ > Rancid-discuss mailing list > Rancid-... at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss**** > > **** > > ** ** > > ** ** > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kams19 at gmail.com Wed Oct 2 14:54:15 2013 From: kams19 at gmail.com (Kishore Rajani) Date: Wed, 2 Oct 2013 15:54:15 +0100 Subject: [rancid] Palo Alto Networks In-Reply-To: References: <5b25d874-8e64-4249-96f1-51a2f3885b26@googlegroups.com> <96853803542d475aa415c8c905ffb1f1@BN1PR01MB119.prod.exchangelabs.com> Message-ID: Hi Doug, Finally got it working !!!! great thanks :) I removed all the files and config related to PAN and applied everything again and volla it started working :) Regards, Kishore On 2 October 2013 15:34, Hughes, Doug wrote: > That message is definitely coming from rancid-fe. It?s just below the > vendor table. Are you sure that you don?t have ?another? version of > rancid-fe somewhere else in the path? That?s the only explanation that I > could think of other than a misspelling. You could use strace ?f ?e > trace=execve to find out exactly what it?s running.**** > > ** ** > > ** ** > > *From:* Kishore Rajani [mailto:kams19 at gmail.com] > *Sent:* Wednesday, October 02, 2013 10:24 AM > > *To:* Hughes, Doug > *Cc:* Ryan Milton; rancid-discuss at googlegroups.com; > guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto Networks**** > > ** ** > > Just checked, I do have that entry as well: > > 'netscaler' => 'nsrancid', > 'netscreen' => 'nrancid', > * 'paloalto' => 'panrancid',* > 'procket' => 'prancid',**** > > Do you think I have missed it anywhere else.. is there any modification > needed in the rancid-run script? the cisco devices are being backed up > without any problem..**** > > Regards, > Kishore**** > > ** ** > > On 2 October 2013 15:21, Hughes, Doug > wrote:**** > > I suspect you haven?t added the mapping to your vendor table.**** > > In rancid-fe, find the %vendortable hash (about 2/3 of the way down)**** > > **** > > Add a line:**** > > 'paloalto' => 'panrancid',**** > > **** > > **** > > I put mine in alphabetical order, just below netscreen.**** > > **** > > *From:* Kishore Rajani [mailto:kams19 at gmail.com] > *Sent:* Wednesday, October 02, 2013 10:14 AM**** > > > *To:* Hughes, Doug > *Cc:* Ryan Milton; rancid-discuss at googlegroups.com; > guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto Networks**** > > **** > > HI Doug,**** > > Now that I have my remote site up, here are the logs that are generated by > rancid-run: > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory**** > > Any idea where I could have been wrong. I have the panlogin and panrancid > in the "/usr/local/rancid/bin/" directory. Also I have checked the > router.db file and it has the config like: > FWL1:paloalto:up**** > > FWL2:paloalto:up > FWL3:paloalto:up > FWL4:paloalto:up > FWL5:paloalto:up**** > > Thanks and Regards, > Kishore**** > > **** > > On 25 September 2013 06:48, Kishore Rajani wrote:**** > > I will use them as soon as the remote site becomes available.. and will > also let you know how did it go.**** > > **** > > Appreciate your help.**** > > **** > > Regards,**** > > Kishore**** > > **** > > On 25 September 2013 01:40, Hughes, Doug < > Douglas.Hughes at deshawresearch.com> wrote:**** > > I just sent you the latest versions. I?m the original creator. I can?t say > if the other version is older, but if they are different, use the ones I > sent. (and make sure they are first in the path)**** > > **** > > So you are saying when you run panrancid it doesn?t create the config file > for you?**** > > **** > > *From:* Kishore Rajani [mailto:kams19 at gmail.com] > *Sent:* Tuesday, September 24, 2013 5:44 PM > *To:* Hughes, Doug > *Cc:* Ryan Milton; rancid-discuss at googlegroups.com; > guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net**** > > > *Subject:* Re: [rancid] Palo Alto Networks**** > > **** > > Hi All,**** > > **** > > Thanks for your inputs.. much appreciated.**** > > **** > > I think i had downloaded these files from some other website, not sure if > you have modified it, Doug..**** > > **** > > In my setup, I am able to login into the device using panlogin.. however > the device config are not backed up. Everything works smooth for Cisco > devices.**** > > I have updated the routers.db and other files for PAN devices, but no luck > yet.**** > > **** > > Unfortunately, I am unable to reach my remote site server at the moment, > else would have pasted the log file.**** > > **** > > Regards,**** > > Kishore**** > > **** > > **** > > On 24 September 2013 22:01, Hughes, Doug < > Douglas.Hughes at deshawresearch.com> wrote:**** > > Sure they can. I do it for 3 of them right now.**** > > **** > > Attached. Set your ?switch type? to paloalto. Works with names or IP > addresses.**** > > **** > > *From:* Ryan Milton [mailto:rmilton at mvsusa.com] > *Sent:* Tuesday, September 24, 2013 4:58 PM > *To:* Hughes, Doug; Kishore Rajani; rancid-discuss at googlegroups.com > *Cc:* guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net > *Subject:* RE: [rancid] Palo Alto Networks**** > > **** > > I would certainly be interested in adding PAN devices to Rancid. I thought > that they couldn?t be read. That is what I?ve found with my HP switches?but > that is another matter. Any ideas on getting PAN devices read by Rancid > would be useful.**** > > **** > > Regards,**** > > Ryan Milton**** > > **** > > *From:* rancid-discuss-bounces at shrubbery.net [ > mailto:rancid-discuss-bounces at shrubbery.net] > *On Behalf Of *Hughes, Doug > *Sent:* Tuesday, September 24, 2013 12:26 PM > *To:* Kishore Rajani; rancid-discuss at googlegroups.com > *Cc:* guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto Networks**** > > **** > > Yes, I have working panlogin and panrancid and have contributed them > upstream. Have you not been able to get them to work?**** > > **** > > **** > > *From:* rancid-discuss-bounces at shrubbery.net [ > mailto:rancid-discuss-bounces at shrubbery.net] > *On Behalf Of *Kishore Rajani > *Sent:* Monday, September 23, 2013 9:52 AM > *To:* rancid-discuss at googlegroups.com > *Cc:* guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto Networks**** > > **** > > HI, > > did you manage to get the RANCID running with PAN? > > Regards, > Kishore > > On Thursday, 29 March 2012 13:53:33 UTC+1, Guillaume Dupuis wrote:**** > > Nate Beck jivesoftware.com> writes:**** > > > > > > > Has anyone on the list worked with Palo Alto Network firewalls and > Rancid? I > was wondering if anyone has created a *login for them. > > Thanks------------------- > > Nathan BeckSr. IT Engineer > > Jive Software > > 503.972.9024**** > > Hi Nate,**** > > Did you find a *login script for PAN?**** > > Thanks,**** > > Guillaume Dupuis**** > > _______________________________________________ > Rancid-discuss mailing list > Rancid-... at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss**** > > **** > > **** > > **** > > ** ** > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kams19 at gmail.com Wed Oct 2 14:13:51 2013 From: kams19 at gmail.com (Kishore Rajani) Date: Wed, 2 Oct 2013 15:13:51 +0100 Subject: [rancid] Palo Alto Networks In-Reply-To: References: <5b25d874-8e64-4249-96f1-51a2f3885b26@googlegroups.com> <96853803542d475aa415c8c905ffb1f1@BN1PR01MB119.prod.exchangelabs.com> Message-ID: HI Doug, Now that I have my remote site up, here are the logs that are generated by rancid-run: exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory exec failed router manufacturer paloalto: No such file or directory Any idea where I could have been wrong. I have the panlogin and panrancid in the "/usr/local/rancid/bin/" directory. Also I have checked the router.db file and it has the config like: FWL1:paloalto:up FWL2:paloalto:up FWL3:paloalto:up FWL4:paloalto:up FWL5:paloalto:up Thanks and Regards, Kishore On 25 September 2013 06:48, Kishore Rajani wrote: > I will use them as soon as the remote site becomes available.. and will > also let you know how did it go. > > Appreciate your help. > > Regards, > Kishore > > > On 25 September 2013 01:40, Hughes, Doug < > Douglas.Hughes at deshawresearch.com> wrote: > >> I just sent you the latest versions. I?m the original creator. I can?t >> say if the other version is older, but if they are different, use the ones >> I sent. (and make sure they are first in the path)**** >> >> ** ** >> >> So you are saying when you run panrancid it doesn?t create the config >> file for you?**** >> >> ** ** >> >> *From:* Kishore Rajani [mailto:kams19 at gmail.com] >> *Sent:* Tuesday, September 24, 2013 5:44 PM >> *To:* Hughes, Doug >> *Cc:* Ryan Milton; rancid-discuss at googlegroups.com; >> guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net >> >> *Subject:* Re: [rancid] Palo Alto Networks**** >> >> ** ** >> >> Hi All,**** >> >> ** ** >> >> Thanks for your inputs.. much appreciated.**** >> >> ** ** >> >> I think i had downloaded these files from some other website, not sure if >> you have modified it, Doug..**** >> >> ** ** >> >> In my setup, I am able to login into the device using panlogin.. however >> the device config are not backed up. Everything works smooth for Cisco >> devices.**** >> >> I have updated the routers.db and other files for PAN devices, but no >> luck yet.**** >> >> ** ** >> >> Unfortunately, I am unable to reach my remote site server at the moment, >> else would have pasted the log file.**** >> >> ** ** >> >> Regards,**** >> >> Kishore**** >> >> ** ** >> >> ** ** >> >> On 24 September 2013 22:01, Hughes, Doug < >> Douglas.Hughes at deshawresearch.com> wrote:**** >> >> Sure they can. I do it for 3 of them right now.**** >> >> **** >> >> Attached. Set your ?switch type? to paloalto. Works with names or IP >> addresses.**** >> >> **** >> >> *From:* Ryan Milton [mailto:rmilton at mvsusa.com] >> *Sent:* Tuesday, September 24, 2013 4:58 PM >> *To:* Hughes, Doug; Kishore Rajani; rancid-discuss at googlegroups.com >> *Cc:* guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net >> *Subject:* RE: [rancid] Palo Alto Networks**** >> >> **** >> >> I would certainly be interested in adding PAN devices to Rancid. I >> thought that they couldn?t be read. That is what I?ve found with my HP >> switches?but that is another matter. Any ideas on getting PAN devices read >> by Rancid would be useful.**** >> >> **** >> >> Regards,**** >> >> Ryan Milton**** >> >> **** >> >> *From:* rancid-discuss-bounces at shrubbery.net [ >> mailto:rancid-discuss-bounces at shrubbery.net] >> *On Behalf Of *Hughes, Doug >> *Sent:* Tuesday, September 24, 2013 12:26 PM >> *To:* Kishore Rajani; rancid-discuss at googlegroups.com >> *Cc:* guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net >> *Subject:* Re: [rancid] Palo Alto Networks**** >> >> **** >> >> Yes, I have working panlogin and panrancid and have contributed them >> upstream. Have you not been able to get them to work?**** >> >> **** >> >> **** >> >> *From:* rancid-discuss-bounces at shrubbery.net [ >> mailto:rancid-discuss-bounces at shrubbery.net] >> *On Behalf Of *Kishore Rajani >> *Sent:* Monday, September 23, 2013 9:52 AM >> *To:* rancid-discuss at googlegroups.com >> *Cc:* guillaume.dupuis at novidys.com; rancid-discuss at shrubbery.net >> *Subject:* Re: [rancid] Palo Alto Networks**** >> >> **** >> >> HI, >> >> did you manage to get the RANCID running with PAN? >> >> Regards, >> Kishore >> >> On Thursday, 29 March 2012 13:53:33 UTC+1, Guillaume Dupuis wrote:**** >> >> Nate Beck jivesoftware.com> writes:**** >> >> > >> > >> > Has anyone on the list worked with Palo Alto Network firewalls and >> Rancid? I >> was wondering if anyone has created a *login for them. >> > Thanks------------------- >> > Nathan BeckSr. IT Engineer >> > Jive Software >> > 503.972.9024**** >> >> Hi Nate,**** >> >> Did you find a *login script for PAN?**** >> >> Thanks,**** >> >> Guillaume Dupuis**** >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-... at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss**** >> >> ** ** >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Oct 2 16:19:59 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 02 Oct 2013 18:19:59 +0200 Subject: [rancid] Palo Alto Networks In-Reply-To: References: <5b25d874-8e64-4249-96f1-51a2f3885b26@googlegroups.com> <96853803542d475aa415c8c905ffb1f1@BN1PR01MB119.prod.exchangelabs.com> Message-ID: <524C47AF.2060804@gmail.com> Most likely cause is that you edited rancid-fe in one terminal, then ran rancid-run in another without saving rancid-fe first. It's a *very* easy mistake to make and very hard to find later you did it. Numerous varieties exist too - my favourite is Ctrl-Z to go to the terminal, do something, fg to go back to the editor, then realize i didn't save before Ctrl-Z On 02/10/2013 16:54, Kishore Rajani wrote: > Hi Doug, > > Finally got it working !!!! great thanks :) > I removed all the files and config related to PAN and applied everything > again and volla it started working :) > > Regards, > Kishore > > > On 2 October 2013 15:34, Hughes, Doug > wrote: > > That message is definitely coming from rancid-fe. It?s just below > the vendor table. Are you sure that you don?t have ?another? version > of rancid-fe somewhere else in the path? That?s the only explanation > that I could think of other than a misspelling. You could use strace > ?f ?e trace=execve to find out exactly what it?s running.____ > > __ __ > > __ __ > > *From:*Kishore Rajani [mailto:kams19 at gmail.com > ] > *Sent:* Wednesday, October 02, 2013 10:24 AM > > > *To:* Hughes, Doug > *Cc:* Ryan Milton; rancid-discuss at googlegroups.com > ; > guillaume.dupuis at novidys.com ; > rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto Networks____ > > __ __ > > Just checked, I do have that entry as well: > > 'netscaler' => 'nsrancid', > 'netscreen' => 'nrancid', > * 'paloalto' => 'panrancid',* > 'procket' => 'prancid',____ > > Do you think I have missed it anywhere else.. is there any > modification needed in the rancid-run script? the cisco devices are > being backed up without any problem..____ > > Regards, > Kishore____ > > __ __ > > On 2 October 2013 15:21, Hughes, Doug > > wrote:____ > > I suspect you haven?t added the mapping to your vendor table.____ > > In rancid-fe, find the %vendortable hash (about 2/3 of the way down)____ > > ____ > > Add a line:____ > > 'paloalto' => 'panrancid',____ > > ____ > > ____ > > I put mine in alphabetical order, just below netscreen.____ > > ____ > > *From:*Kishore Rajani [mailto:kams19 at gmail.com > ] > *Sent:* Wednesday, October 02, 2013 10:14 AM____ > > > *To:* Hughes, Doug > *Cc:* Ryan Milton; rancid-discuss at googlegroups.com > ; > guillaume.dupuis at novidys.com ; > rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto Networks____ > > ____ > > HI Doug,____ > > Now that I have my remote site up, here are the logs that are > generated by rancid-run: > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory > exec failed router manufacturer paloalto: No such file or directory____ > > Any idea where I could have been wrong. I have the panlogin and > panrancid in the "/usr/local/rancid/bin/" directory. Also I have > checked the router.db file and it has the config like: > FWL1:paloalto:up____ > > FWL2:paloalto:up > FWL3:paloalto:up > FWL4:paloalto:up > FWL5:paloalto:up____ > > Thanks and Regards, > Kishore____ > > ____ > > On 25 September 2013 06:48, Kishore Rajani > wrote:____ > > I will use them as soon as the remote site becomes available.. and > will also let you know how did it go.____ > > ____ > > Appreciate your help.____ > > ____ > > Regards,____ > > Kishore____ > > ____ > > On 25 September 2013 01:40, Hughes, Doug > > wrote:____ > > I just sent you the latest versions. I?m the original creator. I > can?t say if the other version is older, but if they are different, > use the ones I sent. (and make sure they are first in the path)____ > > ____ > > So you are saying when you run panrancid it doesn?t create the > config file for you?____ > > ____ > > *From:*Kishore Rajani [mailto:kams19 at gmail.com > ] > *Sent:* Tuesday, September 24, 2013 5:44 PM > *To:* Hughes, Doug > *Cc:* Ryan Milton; rancid-discuss at googlegroups.com > ; > guillaume.dupuis at novidys.com ; > rancid-discuss at shrubbery.net ____ > > > *Subject:* Re: [rancid] Palo Alto Networks____ > > ____ > > Hi All,____ > > ____ > > Thanks for your inputs.. much appreciated.____ > > ____ > > I think i had downloaded these files from some other website, not > sure if you have modified it, Doug..____ > > ____ > > In my setup, I am able to login into the device using panlogin.. > however the device config are not backed up. Everything works smooth > for Cisco devices.____ > > I have updated the routers.db and other files for PAN devices, but > no luck yet.____ > > ____ > > Unfortunately, I am unable to reach my remote site server at the > moment, else would have pasted the log file.____ > > ____ > > Regards,____ > > Kishore____ > > ____ > > ____ > > On 24 September 2013 22:01, Hughes, Doug > > wrote:____ > > Sure they can. I do it for 3 of them right now.____ > > ____ > > Attached. Set your ?switch type? to paloalto. Works with names or IP > addresses.____ > > ____ > > *From:*Ryan Milton [mailto:rmilton at mvsusa.com > ] > *Sent:* Tuesday, September 24, 2013 4:58 PM > *To:* Hughes, Doug; Kishore Rajani; rancid-discuss at googlegroups.com > > *Cc:* guillaume.dupuis at novidys.com > ; rancid-discuss at shrubbery.net > > *Subject:* RE: [rancid] Palo Alto Networks____ > > ____ > > I would certainly be interested in adding PAN devices to Rancid. I > thought that they couldn?t be read. That is what I?ve found with my > HP switches?but that is another matter. Any ideas on getting PAN > devices read by Rancid would be useful.____ > > ____ > > Regards,____ > > Ryan Milton____ > > ____ > > *From:*rancid-discuss-bounces at shrubbery.net > > [mailto:rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Hughes, > Doug > *Sent:* Tuesday, September 24, 2013 12:26 PM > *To:* Kishore Rajani; rancid-discuss at googlegroups.com > > *Cc:* guillaume.dupuis at novidys.com > ; rancid-discuss at shrubbery.net > > *Subject:* Re: [rancid] Palo Alto Networks____ > > ____ > > Yes, I have working panlogin and panrancid and have contributed them > upstream. Have you not been able to get them to work?____ > > ____ > > ____ > > *From:*rancid-discuss-bounces at shrubbery.net > > [mailto:rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Kishore > Rajani > *Sent:* Monday, September 23, 2013 9:52 AM > *To:* rancid-discuss at googlegroups.com > > *Cc:* guillaume.dupuis at novidys.com > ; rancid-discuss at shrubbery.net > > *Subject:* Re: [rancid] Palo Alto Networks____ > > ____ > > HI, > > did you manage to get the RANCID running with PAN? > > Regards, > Kishore > > On Thursday, 29 March 2012 13:53:33 UTC+1, Guillaume Dupuis wrote:____ > > Nate Beck jivesoftware.com > > writes:____ > > > > > > > Has anyone on the list worked with Palo Alto Network firewalls and Rancid? I > was wondering if anyone has created a *login for them. > > Thanks------------------- > > Nathan BeckSr. IT Engineer > > Jive Software > > 503.972.9024____ > > Hi Nate,____ > > Did you find a *login script for PAN?____ > > Thanks,____ > > Guillaume Dupuis____ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-... at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss____ > > ____ > > ____ > > ____ > > __ __ > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Wed Oct 2 22:23:39 2013 From: heas at shrubbery.net (Heasley) Date: Wed, 2 Oct 2013 15:23:39 -0700 Subject: [rancid] Rancid and Viewvc / Authentication and Inventory View In-Reply-To: References: <524A7DB8.8080401@gmail.com> Message-ID: Am Oct 1, 2013 um 15:11 schrieb Daniel Schmidt : > > Who hasn't cobbled last minute rancid parsers to double check the SN, SNMP-location, ect out of configs for the inventory Nazis? I bet Heas has! :-) > I will use the flexibility of 3.0 to have inventory only collections. > >> On Tue, Oct 1, 2013 at 10:03 AM, Heasley wrote: >> >> >> > Am Oct 1, 2013 um 0:46 schrieb Alan McKinnon : >> > >> >> On 01/10/2013 09:07, Tayfun Sar? wrote: >> >> Hi All, >> >> >> >> I install rancid and viewvc successfully.I had 2 thing to be done and >> >> need advice. >> >> >> >> 1-Need a authentication for viewvc.Is it possible to do it by >> >> configuration or need to installa some other tools?Whats is your advice >> >> and best practices? >> >> >> >> 2-I need to view the inventory of my cisco switches.What should I do to >> >> view this info on Viewvc. >> > >> > >> > viewvc is a CVS viewer that runs in a web server. It takes your cvs >> > files and presents them in a browser. Authentication is done in viewvc >> > and in your http server, it has nothing to do with rancid. >> > >> > A CVS viewer can only show you the files it has in the CVS repo, it >> > cannot extract information from them and present it in different ways. >> > Rancid by itself does not intelligently process inventory, it only grabs >> > show output and puts it in a file. You can view that file to see what >> > rancid recorded (as well as everything else it also recorded) >> > >> You could also write something to post process the rancid data. >> >> > By inventory do you mean an organized list of what hardware you have >> > installed with eg serial and model numbers? If that's what you mean you >> > will need to use a proper inventory tool, rancid is not suitable for >> > that purpose. >> > >> > -- >> > Alan McKinnon >> > alan.mckinnon at gmail.com >> > >> > _______________________________________________ >> > Rancid-discuss mailing list >> > Rancid-discuss at shrubbery.net >> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > E-Mail to and from me, in connection with the transaction > of public business, is subject to the Wyoming Public Records > Act and may be disclosed to third parties. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jandrewartha at ccgs.wa.edu.au Thu Oct 3 00:52:24 2013 From: jandrewartha at ccgs.wa.edu.au (James Andrewartha) Date: Thu, 3 Oct 2013 08:52:24 +0800 Subject: [rancid] End of config in Extreme Switches In-Reply-To: <524BF0F2.4090405@gmail.com> References: <524AC369.4050404@prt.org> <524ADA01.7050504@gmail.com> <524ADDEF.2030701@prt.org> <20131001171255.GF76440@shrubbery.net> <524BF0F2.4090405@gmail.com> Message-ID: <524CBFC8.6020005@ccgs.wa.edu.au> On 02/10/13 18:09, Alan McKinnon wrote: > To me that's a more sensible approach - you can't include checks for > markers that do not exist in the output. The entrancid (Enterasys) I have looks like it matches on the exit command sent by entlogin itself to set $found_end: sub ShowConfig { print STDERR " In ShowConfig: $_" if ($debug); while () { } if (/exit/) { $found_end = 1; $clean_run = 1; return(1); } return(0); } -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 From paleola at gmail.com Thu Oct 3 06:49:05 2013 From: paleola at gmail.com (Aleksey P) Date: Thu, 3 Oct 2013 10:49:05 +0400 Subject: [rancid] End of config in Extreme Switches In-Reply-To: <524CBFC8.6020005@ccgs.wa.edu.au> References: <524AC369.4050404@prt.org> <524ADA01.7050504@gmail.com> <524ADDEF.2030701@prt.org> <20131001171255.GF76440@shrubbery.net> <524BF0F2.4090405@gmail.com> <524CBFC8.6020005@ccgs.wa.edu.au> Message-ID: Hello. And how we can implement it to xrancid? 2013/10/3 James Andrewartha > On 02/10/13 18:09, Alan McKinnon wrote: > > To me that's a more sensible approach - you can't include checks for > > markers that do not exist in the output. > > The entrancid (Enterasys) I have looks like it matches on the exit > command sent by entlogin itself to set $found_end: > > sub ShowConfig { > print STDERR " In ShowConfig: $_" if ($debug); > > while () { > > } > if (/exit/) { > $found_end = 1; > $clean_run = 1; > return(1); > } > return(0); > } > > -- > James Andrewartha > Network & Projects Engineer > Christ Church Grammar School > Claremont, Western Australia > Ph. (08) 9442 1757 > Mob. 0424 160 877 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From prt at prt.org Thu Oct 3 08:13:48 2013 From: prt at prt.org (Paul Thornton) Date: Thu, 03 Oct 2013 09:13:48 +0100 Subject: [rancid] End of config in Extreme Switches In-Reply-To: <524CBFC8.6020005@ccgs.wa.edu.au> References: <524AC369.4050404@prt.org> <524ADA01.7050504@gmail.com> <524ADDEF.2030701@prt.org> <20131001171255.GF76440@shrubbery.net> <524BF0F2.4090405@gmail.com> <524CBFC8.6020005@ccgs.wa.edu.au> Message-ID: <524D273C.1040605@prt.org> Hi The issue here is that I've found that EXOS/Extremeware doesn't always echo that 'exit' back reliably before the connection is closed. Again, it was a long time ago, but I recall problems relying on that for found_end and/or clean_run getting set. I think the most sensible option is to go with Alan's suggestion to assume all is good if we get at least 5 lines of config. I've been tied up with other things so far this week, but I want to do some tests on using both the clean xrancid from 2.3.8 and then xrancid patched for the 'have 5 lines so ok' test. I hope to do this later today and will report back. Paul. On 03/10/2013 01:52, James Andrewartha wrote: > On 02/10/13 18:09, Alan McKinnon wrote: >> To me that's a more sensible approach - you can't include checks for >> markers that do not exist in the output. > > The entrancid (Enterasys) I have looks like it matches on the exit > command sent by entlogin itself to set $found_end: > > sub ShowConfig { > print STDERR " In ShowConfig: $_" if ($debug); > > while () { > > } > if (/exit/) { > $found_end = 1; > $clean_run = 1; > return(1); > } > return(0); > } > -- Paul Thornton From rskjels at pogostick.net Thu Oct 3 14:11:58 2013 From: rskjels at pogostick.net (Rikard Stemland Skjelsvik) Date: Thu, 3 Oct 2013 16:11:58 +0200 (MEST) Subject: [rancid] Rancid and Viewvc / Authentication and Inventory View In-Reply-To: References: Message-ID: I would recommend Switchmap at http://sourceforge.net/projects/switchmap/ This is simple, but very effective web application. You can use it as a kind of inventory, and very userfull is its vlan map. It also tracks mac-addresses(sometimes also ip adresses and fqdn's) Also lets you search on interface descriptions -- Rikard On Tue, 1 Oct 2013, Tayfun Sar wrote: > Hi All, > > I install rancid and viewvc successfully.I had 2 thing to be done and need > advice. > > 1-Need a authentication for viewvc.Is it possible to do it by configuration > or need to installa some other tools?Whats is your advice and best > practices? > > 2-I need to view the inventory of my cisco switches.What should I do to > view this info on Viewvc. > > Thanks in Advance > From mat.macaulay at gmail.com Thu Oct 3 14:45:56 2013 From: mat.macaulay at gmail.com (Matthew MacAulay) Date: Thu, 3 Oct 2013 15:45:56 +0100 Subject: [rancid] Rancid and Viewvc / Authentication and Inventory View In-Reply-To: References: Message-ID: With regard to Authentication for ViewVC, integrating Radius with Apache2 and .htaccess files worked for me. http://www.adminsehow.com/2010/03/how-to-authenticate-apache-2-with-radius-on-debian/ We run Radius on a couple of our Windows Server DC's to enable AD account to use Radius. This keeps the auditors happy. I had to change the alias settings for ViewVC from a symlink. My Apache is not very strong and this took me awhile.. But its now working like a champ. Regards, Mat. On Thu, Oct 3, 2013 at 3:11 PM, Rikard Stemland Skjelsvik < rskjels at pogostick.net> wrote: > > > I would recommend Switchmap at http://sourceforge.net/** > projects/switchmap/ > > This is simple, but very effective web application. You can use it as a > kind of inventory, and very userfull is its vlan map. It also tracks > mac-addresses(sometimes also ip adresses and fqdn's) Also lets you search > on interface descriptions > > > > > > -- > Rikard > > On Tue, 1 Oct 2013, Tayfun Sar wrote: > > Hi All, >> >> I install rancid and viewvc successfully.I had 2 thing to be done and need >> advice. >> >> 1-Need a authentication for viewvc.Is it possible to do it by >> configuration >> or need to installa some other tools?Whats is your advice and best >> practices? >> >> 2-I need to view the inventory of my cisco switches.What should I do to >> view this info on Viewvc. >> >> Thanks in Advance >> >> ______________________________**_________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/**mailman/listinfo/rancid-**discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Oct 3 15:41:50 2013 From: heas at shrubbery.net (heasley) Date: Thu, 3 Oct 2013 15:41:50 +0000 Subject: [rancid] End of config in Extreme Switches In-Reply-To: <524D273C.1040605@prt.org> References: <524AC369.4050404@prt.org> <524ADA01.7050504@gmail.com> <524ADDEF.2030701@prt.org> <20131001171255.GF76440@shrubbery.net> <524BF0F2.4090405@gmail.com> <524CBFC8.6020005@ccgs.wa.edu.au> <524D273C.1040605@prt.org> Message-ID: <20131003154150.GE37157@shrubbery.net> Thu, Oct 03, 2013 at 09:13:48AM +0100, Paul Thornton: > Hi > > The issue here is that I've found that EXOS/Extremeware doesn't always > echo that 'exit' back reliably before the connection is closed. Again, > it was a long time ago, but I recall problems relying on that for > found_end and/or clean_run getting set. for starters, the main loop also expects to see the exit. > I think the most sensible option is to go with Alan's suggestion to > assume all is good if we get at least 5 lines of config. thats already there, i think, in 2.3.8. of course, it does not deal with low memory errors like seen on ciscos. another solution might be to add a \n command and look for the empty prompt line; which is a separate set of ugliness. > I've been tied up with other things so far this week, but I want to do > some tests on using both the clean xrancid from 2.3.8 and then xrancid > patched for the 'have 5 lines so ok' test. I hope to do this later > today and will report back. > > Paul. > > On 03/10/2013 01:52, James Andrewartha wrote: > > On 02/10/13 18:09, Alan McKinnon wrote: > >> To me that's a more sensible approach - you can't include checks for > >> markers that do not exist in the output. > > > > The entrancid (Enterasys) I have looks like it matches on the exit > > command sent by entlogin itself to set $found_end: > > > > sub ShowConfig { > > print STDERR " In ShowConfig: $_" if ($debug); > > > > while () { > > > > } > > if (/exit/) { > > $found_end = 1; > > $clean_run = 1; > > return(1); > > } > > return(0); > > } > > > > -- > Paul Thornton > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From tayfunsari1982 at gmail.com Thu Oct 3 14:34:20 2013 From: tayfunsari1982 at gmail.com (=?UTF-8?B?VGF5ZnVuIFNhcsSx?=) Date: Thu, 3 Oct 2013 17:34:20 +0300 Subject: [rancid] Rancid and Viewvc / Authentication and Inventory View In-Reply-To: References: Message-ID: Thanks a lot Rikard... On Thu, Oct 3, 2013 at 5:11 PM, Rikard Stemland Skjelsvik < rskjels at pogostick.net> wrote: > > > I would recommend Switchmap at http://sourceforge.net/** > projects/switchmap/ > > This is simple, but very effective web application. You can use it as a > kind of inventory, and very userfull is its vlan map. It also tracks > mac-addresses(sometimes also ip adresses and fqdn's) Also lets you search > on interface descriptions > > > > > > -- > Rikard > > > On Tue, 1 Oct 2013, Tayfun Sar wrote: > > Hi All, >> >> I install rancid and viewvc successfully.I had 2 thing to be done and need >> advice. >> >> 1-Need a authentication for viewvc.Is it possible to do it by >> configuration >> or need to installa some other tools?Whats is your advice and best >> practices? >> >> 2-I need to view the inventory of my cisco switches.What should I do to >> view this info on Viewvc. >> >> Thanks in Advance >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From malmgren at skyfire.com Fri Oct 4 02:10:03 2013 From: malmgren at skyfire.com (Matt Almgren) Date: Thu, 3 Oct 2013 19:10:03 -0700 Subject: [rancid] f5 LTM help Message-ID: Hey all, I've managed to get Cisco and Juniper working with Rancid, but with f5, there doesn't seem to be much documentation. I did find a "f5rancid" in the 'bin' directory, but I'm not sure how to use it. Do I simply put this in my routers.db file: :f5:up Or is there some other "device-type" that is required to make rancid call the 'f5rancid' script? Thanks, Matt ________________________________ This message is being sent by Skyfire Labs. It is intended exclusively for the individuals and entities to which it is addressed. This communication, including any attachments, may contain information that is proprietary, privileged, confidential, or otherwise subject to restrictions on disclosure pursuant to applicable law. If you are not the named addressee, you are not authorized to read, print, retain copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by email and delete all copies of this message. This message is protected by applicable legal privileges and is confidential. -------------- next part -------------- An HTML attachment was scrubbed... URL: From malmgren at skyfire.com Fri Oct 4 02:33:20 2013 From: malmgren at skyfire.com (Matt Almgren) Date: Thu, 3 Oct 2013 19:33:20 -0700 Subject: [rancid] f5 LTM help In-Reply-To: Message-ID: Great, I'll give it a spin. Next question, I see there's some mention of a patch for 2.3.8 to work with the f5. I have the latest rancid 2.3.8, can someone send me the patch and tell me how to apply it? Or is it even needed (not that I've tested yet.) Thanks, Matt From: Auzzik > Date: Thu, 3 Oct 2013 19:28:33 -0700 To: Matt Almgren > Cc: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] f5 LTM help Yes, just do :f5:up. On 4 October 2013 12:10, Matt Almgren > wrote: Hey all, I've managed to get Cisco and Juniper working with Rancid, but with f5, there doesn't seem to be much documentation. I did find a "f5rancid" in the 'bin' directory, but I'm not sure how to use it. Do I simply put this in my routers.db file: :f5:up Or is there some other "device-type" that is required to make rancid call the 'f5rancid' script? Thanks, Matt ________________________________ This message is being sent by Skyfire Labs. It is intended exclusively for the individuals and entities to which it is addressed. This communication, including any attachments, may contain information that is proprietary, privileged, confidential, or otherwise subject to restrictions on disclosure pursuant to applicable law. If you are not the named addressee, you are not authorized to read, print, retain copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by email and delete all copies of this message. This message is protected by applicable legal privileges and is confidential. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Fri Oct 4 06:10:08 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 04 Oct 2013 08:10:08 +0200 Subject: [rancid] f5 LTM help In-Reply-To: References: Message-ID: <524E5BC0.5030601@gmail.com> On 04/10/2013 04:10, Matt Almgren wrote: > Hey all, I've managed to get Cisco and Juniper working with Rancid, but > with f5, there doesn't seem to be much documentation. > > I did find a "f5rancid" in the 'bin' directory, but I'm not sure how to > use it. > > Do I simply put this in my routers.db file: > > :f5:up > > Or is there some other "device-type" that is required to make rancid > call the 'f5rancid' script? Just add device to router.db with type f5 -- Alan McKinnon alan.mckinnon at gmail.com From auzzik at gmail.com Fri Oct 4 02:28:33 2013 From: auzzik at gmail.com (Auzzik) Date: Fri, 4 Oct 2013 12:28:33 +1000 Subject: [rancid] f5 LTM help Message-ID: Yes, just do :f5:up. On 4 October 2013 12:10, Matt Almgren wrote: > Hey all, I've managed to get Cisco and Juniper working with Rancid, but > with f5, there doesn't seem to be much documentation. > > I did find a "f5rancid" in the 'bin' directory, but I'm not sure how to > use it. > > Do I simply put this in my routers.db file: > > :f5:up > > Or is there some other "device-type" that is required to make rancid > call the 'f5rancid' script? > > Thanks, Matt > > > ------------------------------ > This message is being sent by Skyfire Labs. It is intended exclusively for > the individuals and entities to which it is addressed. This communication, > including any attachments, may contain information that is proprietary, > privileged, confidential, or otherwise subject to restrictions on > disclosure pursuant to applicable law. If you are not the named addressee, > you are not authorized to read, print, retain copy or disseminate this > message or any part of it. If you have received this message in error, > please notify the sender immediately by email and delete all copies of this > message. This message is protected by applicable legal privileges and is > confidential. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mat.macaulay at gmail.com Fri Oct 4 07:07:06 2013 From: mat.macaulay at gmail.com (Matthew MacAulay) Date: Fri, 4 Oct 2013 08:07:06 +0100 Subject: [rancid] f5 LTM help In-Reply-To: References: Message-ID: That's what worked for me. :-) I had to change one or two of the commands in francid for the version of traffic manager I am running. If you edit francid and look for the @commandtable you can see what commands will run. You can check in rancid-fe that francid is listed in the %vendortable but its there by default so you should be good to go. Regards, Mat. On Fri, Oct 4, 2013 at 3:10 AM, Matt Almgren wrote: > Hey all, I've managed to get Cisco and Juniper working with Rancid, but > with f5, there doesn't seem to be much documentation. > > I did find a "f5rancid" in the 'bin' directory, but I'm not sure how to > use it. > > Do I simply put this in my routers.db file: > > :f5:up > > Or is there some other "device-type" that is required to make rancid > call the 'f5rancid' script? > > Thanks, Matt > > > ------------------------------ > This message is being sent by Skyfire Labs. It is intended exclusively for > the individuals and entities to which it is addressed. This communication, > including any attachments, may contain information that is proprietary, > privileged, confidential, or otherwise subject to restrictions on > disclosure pursuant to applicable law. If you are not the named addressee, > you are not authorized to read, print, retain copy or disseminate this > message or any part of it. If you have received this message in error, > please notify the sender immediately by email and delete all copies of this > message. This message is protected by applicable legal privileges and is > confidential. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From malmgren at skyfire.com Mon Oct 7 20:13:55 2013 From: malmgren at skyfire.com (Matt Almgren) Date: Mon, 7 Oct 2013 13:13:55 -0700 Subject: [rancid] How to make SVN ignore select changed configs? Message-ID: Hi, we have a few f5's that are controlled with scripts that will bring a node in and out of the pool. The problem here is that every time rancid runs, it picks up on this "monitor up/down" change and fires off a Rancid SVN change email. Modified: trunk/network/rancid/SCA/configs/sca-lb001 =================================================================== --- trunk/network/rancid/SCA/configs/sca-lb001 2013-10-07 17:03:09 UTC (rev 2067) +++ trunk/network/rancid/SCA/configs/sca-lb001 2013-10-07 19:03:03 UTC (rev 2068) @@ -3539,7 +3539,7 @@ # } # 10.102.120.132:5700 { # node type pool member t -# monitor state up +# monitor state down # new session enable mon enabled # enable # inband inst disable Based on this thread, I see there's a way to exclude some matching lines with CVS, but I don't see a way to do that with SVN ? or at least not easily with the existing control-rancid script. http://www.shrubbery.net/pipermail/rancid-discuss/2006-June/001542.html Here's the code in question in the control_rancid file: if [ $RCSSYS = "cvs" ] ; then cvs -f diff -U 4 -ko | sed -e '/^RCS file: /d' -e '/^--- /d' \ -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff else svn diff | sed -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff fi Has anyone any tips for modifying that svn diff line to exclude "^monitor state" from the compared files? Thanks, Matt ________________________________ This message is being sent by Skyfire Labs. It is intended exclusively for the individuals and entities to which it is addressed. This communication, including any attachments, may contain information that is proprietary, privileged, confidential, or otherwise subject to restrictions on disclosure pursuant to applicable law. If you are not the named addressee, you are not authorized to read, print, retain copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by email and delete all copies of this message. This message is protected by applicable legal privileges and is confidential. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Oct 7 23:07:36 2013 From: heas at shrubbery.net (heasley) Date: Mon, 7 Oct 2013 23:07:36 +0000 Subject: [rancid] How to make SVN ignore select changed configs? In-Reply-To: References: Message-ID: <20131007230736.GB80262@shrubbery.net> Mon, Oct 07, 2013 at 01:13:55PM -0700, Matt Almgren: > Hi, we have a few f5's that are controlled with scripts that will bring a node in and out of the pool. The problem here is that every time rancid runs, it picks up on this "monitor up/down" change and fires off a Rancid SVN change email. > > Modified: trunk/network/rancid/SCA/configs/sca-lb001 > =================================================================== > --- trunk/network/rancid/SCA/configs/sca-lb001 2013-10-07 17:03:09 UTC (rev 2067) > +++ trunk/network/rancid/SCA/configs/sca-lb001 2013-10-07 19:03:03 UTC (rev 2068) > @@ -3539,7 +3539,7 @@ > # } > # 10.102.120.132:5700 { > # node type pool member t > -# monitor state up > +# monitor state down > # new session enable mon enabled > # enable > # inband inst disable > > > Based on this thread, I see there's a way to exclude some matching lines with CVS, but I don't see a way to do that with SVN ? or at least not easily with the existing control-rancid script. svn diff --diff-cmd "ARG" ... > http://www.shrubbery.net/pipermail/rancid-discuss/2006-June/001542.html > > Here's the code in question in the control_rancid file: > > if [ $RCSSYS = "cvs" ] ; then > cvs -f diff -U 4 -ko | sed -e '/^RCS file: /d' -e '/^--- /d' \ > -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff > else > svn diff | sed -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff > fi > > > Has anyone any tips for modifying that svn diff line to exclude "^monitor state" from the compared files? > > Thanks, Matt From prt at prt.org Tue Oct 8 09:40:32 2013 From: prt at prt.org (Paul Thornton) Date: Tue, 08 Oct 2013 10:40:32 +0100 Subject: [rancid] Extreme Networks - Disable CLI Paging In-Reply-To: <20130927205410.GO31713@shrubbery.net> References: <20130927205410.GO31713@shrubbery.net> Message-ID: <5253D310.6000805@prt.org> Hi all I've been doing some more testing with the two patches that sort out this prompt-match fail on the "Press ..." message. The upshot is that heasley's one doesn't seem to work - I took a vanilla 2.3.8 installation, and applied this patch: --- ../dist_rancid238/clogin 2013-10-03 19:06:49.000000000 +0000 +++ _clogin_heas_patch 2013-10-08 09:23:02.000000000 +0000 @@ -541,6 +541,9 @@ -re "Last login:" { exp_continue } + -re "Press the key \[^\r\n]+\[\r\n]+" { + exp_continue + } -re "@\[^\r\n]+ $p_prompt" { # ssh pwd prompt sleep 1 Running for a few days on our production rancid machine. Result, random letters of the word 'quit' appearing in the Extreme diffs. Mildly grumpy group of people who keep being told about "changes". Backing this change out, so back to standard 2.3.8 clogin, and applying "my" patch, it works properly again. The end of WriteTerm in xrancid (the other issue I'm testing) seems to be working with a non-patched 2.3.8 xrancid without any problems. Paul. -- Paul Thornton From stephengriffin at google.com Mon Oct 7 14:30:02 2013 From: stephengriffin at google.com (Stephen Griffin) Date: Mon, 7 Oct 2013 10:30:02 -0400 Subject: [rancid] rancid "losing" characters Message-ID: So, I have a version of rancid 2.3.8 installed, and I've been noticing on some of our Foundry/Brocade gear that some commands are failing because a character is lost.. for example, skip-page-dilay instead of skip-page-display. Our prior version of rancid was quite old (so old that no one really was quite sure of what version it was), and we don't recall seeing this behaviour. It feels like a buffer being exhausted, but 2.3.8 uses send_human, which should be slowing things down. The version of expect wasn't changed, and is 5.43.0 We did fold in some of our older custom changes, but I have a difficult time believing those would impact lost characters. Has anyone run into this or something similar? I did a test run, by sending "show 802" to a bunch of devices, and came up with: 1 e 145 exit 1 sh 1 show 02 1 show 80 145 show 802 1 show802 1 skip-page-ay 148 skip-page-display Thanks, Stephen -- Stephen A. Griffin Network Engineer Google Acquisition Netops -------------- next part -------------- An HTML attachment was scrubbed... URL: From biocircle25 at gmail.com Wed Oct 9 12:40:01 2013 From: biocircle25 at gmail.com (toad toad) Date: Wed, 9 Oct 2013 14:40:01 +0200 Subject: [rancid] Rancid and Fortinet Vdoms Message-ID: Hi everyone, I've been using rancid's fnlogin script to backup Fortinet for months and everything works fine. I've a problem with a Fortinet that uses VDOMs. As I understand (I'm not a Fortinet expert, I'm just in charge of the backups), I only get the configuration of the VDOM that the backup user is part of. For example, let's assume of the following configuration : user1 is part of the VDOM1, user2 is part of the VDOM2 and they have a super_admin profile. If I use the user1 to backup, I get the global configuration and the VDOM1, but not the VDOM2 configuration. If I use the user2 to backup, I get the global configuration and the VDOM2 but not the VDOM1 configuration. Is there any script I can use to get all the VDOMs configurations? Or update an existing one? Thanks for help. -------------- next part -------------- An HTML attachment was scrubbed... URL: From r11alaa at gmail.com Thu Oct 10 09:57:32 2013 From: r11alaa at gmail.com (Alaa Ibrahim) Date: Thu, 10 Oct 2013 12:57:32 +0300 Subject: [rancid] hi Message-ID: I'm having problem with rancid when I'm applying /usr/local/rancid/bin/rancid-run I didn't receive any configurations and when I do cat cat /usr/local/rancid/var/logs/networking all I found is: Trying to get all of the configs. 172.25.10.38: End of run not found ! ===================================== Getting missed routers: round 1. 172.25.10.38: End of run not found ! ===================================== Getting missed routers: round 2. 172.25.10.38: End of run not found ! ===================================== Getting missed routers: round 3. 172.25.10.38: End of run not found ! ===================================== Getting missed routers: round 4. 172.25.10.38: End of run not found what is the problem? thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From willie.s.hinote at nasa.gov Thu Oct 10 15:29:26 2013 From: willie.s.hinote at nasa.gov (Hinote, Scotty (MSFC-IS40)[NICS]) Date: Thu, 10 Oct 2013 15:29:26 +0000 Subject: [rancid] hi In-Reply-To: References: Message-ID: Hi, >From your rancid server change to your rancid user and execute /usr/libexec/rancid/clogin 172.25.10.38. It should log you into the device you can then type a show version to see if you receive output. If you do not get logged into the device you should receive some error. If you get logged in but cannot execute a show version then you should receive some error as well. Regards, Scotty From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alaa Ibrahim Sent: Thursday, October 10, 2013 4:58 AM To: rancid-discuss at shrubbery.net Subject: [rancid] hi I'm having problem with rancid when I'm applying /usr/local/rancid/bin/rancid-run I didn't receive any configurations and when I do cat cat /usr/local/rancid/var/logs/networking all I found is: Trying to get all of the configs. 172.25.10.38: End of run not found ! ===================================== Getting missed routers: round 1. 172.25.10.38: End of run not found ! ===================================== Getting missed routers: round 2. 172.25.10.38: End of run not found ! ===================================== Getting missed routers: round 3. 172.25.10.38: End of run not found ! ===================================== Getting missed routers: round 4. 172.25.10.38: End of run not found what is the problem? thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxime.baudin at ac-rennes.fr Mon Oct 14 11:22:56 2013 From: maxime.baudin at ac-rennes.fr (Maxime Baudin) Date: Mon, 14 Oct 2013 13:22:56 +0200 Subject: [rancid] Rancid, Nortel Bay2550 and CTRL+Y in login In-Reply-To: References: Message-ID: <525BD410.90200@ac-rennes.fr> Le 10/10/2012 13:19, saa 1873 a ?crit : > Has anyone done a script that allowsreceived Rancid backup Bay2550 > Nortel Switch? blogin does not work. The problem is Logon CTRL + Y > Nortel's request. Hi all, I'm in the same situation. I looked into the archive and found a thread from 2009 with patches. Unfortunately this patch doesn't work anymore with recent release. Did someone found a solution ? best regards, Maxime -- Maxime Baudin - Rectorat de Rennes SERIA-R, 8 rue Jean-Julien Lemordant - 35000 Rennes Tel : 02 23 42 16 88 Fax : 16 60 E-mail :Maxime.Baudin(at)ac-rennes.fr From ryanjohnsonpl at wp.pl Wed Oct 16 12:08:55 2013 From: ryanjohnsonpl at wp.pl (Ryan Johnson) Date: Wed, 16 Oct 2013 14:08:55 +0200 Subject: [rancid] Can't login to device Message-ID: <525e81d744aa44.41684457@wp.pl> Hello, I used http://openmaniak.com/rancid_tutorial.php tutorial for installing Rancid on my Windows + Cygwin machine. However I cannot connect to any device via "clogin x.x.x.x". To be honest, I have no idea why. I have ping, telent and ssh working from my cygwin machine to my network equipment. Let's assume that I have catalyst 2600 switch with local username and password. I can access it via telnet. In my .cloginrc file there are lines as above: add method 10.1.1.40 telnet add user 10.1.1.40 ryan add password 10.1.1.40 magicPass enablePass At /home/rancid/var/groupName/router.db looks like that: 10.1.1.40:cisco:up But when I'm trying to execute clogin command, nothing happens: Administrator at backup /home/rancid $ /home/rancid/bin/clogin 10.2.3.40 Administrator at backup /home/rancid Can anyone help? From alan.mckinnon at gmail.com Wed Oct 16 12:29:29 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 16 Oct 2013 14:29:29 +0200 Subject: [rancid] Can't login to device In-Reply-To: <525e81d744aa44.41684457@wp.pl> References: <525e81d744aa44.41684457@wp.pl> Message-ID: <525E86A9.9000303@gmail.com> On 16/10/2013 14:08, Ryan Johnson wrote: > Hello, > > I used http://openmaniak.com/rancid_tutorial.php tutorial for installing Rancid on my Windows + Cygwin machine. > However I cannot connect to any device via "clogin x.x.x.x". To be honest, I have no idea why. > I have ping, telent and ssh working from my cygwin machine to my network equipment. > > Let's assume that I have catalyst 2600 switch with local username and password. I can access it via telnet. > > In my .cloginrc file there are lines as above: > add method 10.1.1.40 telnet > add user 10.1.1.40 ryan > add password 10.1.1.40 magicPass enablePass > > At /home/rancid/var/groupName/router.db looks like that: > 10.1.1.40:cisco:up > > But when I'm trying to execute clogin command, nothing happens: > > Administrator at backup /home/rancid > $ /home/rancid/bin/clogin 10.2.3.40 > Administrator at backup /home/rancid > > Can anyone help? The lack of output is extremely unusual. Check permissions on ~/.cloginrc, the file cannot be world readable or writeable. I've had it silently fail on me before. then try clogin -d the output is very verbose, so it's best to redirect it or pipe it to less and examine it closely. -- Alan McKinnon alan.mckinnon at gmail.com From pawel.rzepa at gmail.com Wed Oct 16 07:27:23 2013 From: pawel.rzepa at gmail.com (=?UTF-8?B?UGF3ZcWCIFJ6ZXBh?=) Date: Wed, 16 Oct 2013 09:27:23 +0200 Subject: [rancid] Which command subset is actually run? Message-ID: Hi, I'm trying to introduce rancid to my environment. Before I run it into prod, I try to understand it. I want to use rancid to get config from Cisco ASA. I was able to get configuration, but don't understand which commands and *why *are actually run by rancid. I know that for this type of device 'rancid' script is run. I've looked at commandtable variable. But the list is not valid for ASA. E.g. ASA does not support command 'show idprom backplane'. When I run 'rancid -d 10.1.1.1' I get the output pasted below. So how can i verify/modify what commands are actually run by rancid? #rancid -d 10.1.1.1 executing clogin -t 90 -c"show version;show redundancy secondary;show idprom backplane;show install active;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootdisk:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;show diag;show capture;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;show shun;more system:running-config;show running-config view full;show running-config;write term" 10.1.1.1 PROMPT MATCH: fw-asa# HIT COMMAND:fw-asa# show version In ShowVersion: fw-asa# show version HIT COMMAND:fw-asa# show redundancy secondary In ShowRedundancy: fw-asa# show redundancy secondary HIT COMMAND:fw-asa# show idprom backplane In ShowIDprom: fw-asa# show idprom backplane HIT COMMAND:fw-asa# show install active In ShowInstallActive: fw-asa# show install active HIT COMMAND:fw-asa# show env all In ShowEnv: fw-asa# show env all HIT COMMAND:fw-asa# show rsp chassis-info In ShowRSP: fw-asa# show rsp chassis-info ...... Regards, Pawel -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Oct 16 13:01:45 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 16 Oct 2013 15:01:45 +0200 Subject: [rancid] Which command subset is actually run? In-Reply-To: References: Message-ID: <525E8E39.2050306@gmail.com> Pawel, It's in the man pages, but you have to read all of them to get the full picture. Here's the somewhat detailed overview (followed by the method on how to get it to do what you want it to do). * The controlling script is rancid-run. This reads rancid.conf to set up the environment and read the list of groups etc. * rancid-run launches control_rancid for each group in turn * control_rancid launches par (a helper script that deals with the drudge work of running many instances in parallel) Now the real meat of it starts: * par launches rancid-fe which looks up the device details in router.db. The device type is the key in %vendortable and the value is the specific script to run. * The specific script for the device type launches *login to login and fetch the config, then process it. Each script can do this job in whatever way it chooses, but most simply adapt the original "rancid" script. The commands to be run are listed in @commandtable which is an array of hashes: the key is the command to be run the value is a perl sub to process the output That's the description of how the bits fit together. It's well-thought out and each bit makes sense, as well as do one very specific part of the process. It works extremely well (other than the actual command to be run are hard coded and somewhat inflexible). In your case, "show idprom backplane" is not supported by the device and you will get an invalid command error. Rancid should detect this, exit the sub and add nothing extra to the output file. This is by design, it is perfectly correct and takes maybe 200 ms extra - not worth worrying about. It happens a *lot* with all the various hadwares Cisco have made over the years, this is why rancid tries to run every imaginable command that could be useful, and only deal with those that worked. If you want to do more and customize it[1], you have to get your hands dirty by copying the rancid script and tweaking it. Something like this: 1. copy rancid to asarancid 2. remove and delete entries from @commandtable to suit your needs 2a. if none of the existing subs do what you need with a specific command, then write a new sub and edit the entry in @commandtable 3. add a new entry to rancid-fe for your new device type 4. edit router.db changing the type for the relevant devices [1] I've been forced to do this a few times myself. Recent IOS is a very different beast to old IOS, and GSRs running IOS really don't like running 4 variations of "show run" rapidly with 3000+ interfaces to deal with. And then XR, XE and NX are similar enough to make you think it works well and just different enough to leave lots of useful info out of the output file. Lucky making changes is very simple. On 16/10/2013 09:27, Pawe? Rzepa wrote: > Hi, > > I'm trying to introduce rancid to my environment. Before I run it into > prod, I try to understand it. > > I want to use rancid to get config from Cisco ASA. I was able to get > configuration, but don't understand which commands and *why *are > actually run by rancid. > I know that for this type of device 'rancid' script is run. I've looked > at commandtable variable. But the list is not valid for ASA. E.g. ASA > does not support command 'show idprom backplane'. > > When I run 'rancid -d 10.1.1.1' I get the output pasted below. So how > can i verify/modify what commands are actually run by rancid? > > #rancid -d 10.1.1.1 > executing clogin -t 90 -c"show version;show redundancy secondary;show > idprom backplane;show install active;show env all;show rsp > chassis-info;show gsr chassis;show diag chassis-info;show boot;show > bootvar;show variables boot;show flash;dir /all nvram:;dir /all > bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all > disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all > harddiska:;dir /all harddiskb:;dir /all sup-bootdisk:;dir /all > sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all > slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all > slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all > slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all > sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all > sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all > sec-disk2:;show controllers;show controllers cbus;show diagbus;show > diag;show capture;show module;show spe version;show c7200;show inventory > raw;show vtp status;show vlan;show vlan-switch;show debug;show shun;more > system:running-config;show running-config view full;show > running-config;write term" 10.1.1.1 > PROMPT MATCH: fw-asa# > HIT COMMAND:fw-asa# show version > In ShowVersion: fw-asa# show version > HIT COMMAND:fw-asa# show redundancy secondary > In ShowRedundancy: fw-asa# show redundancy secondary > HIT COMMAND:fw-asa# show idprom backplane > In ShowIDprom: fw-asa# show idprom backplane > HIT COMMAND:fw-asa# show install active > In ShowInstallActive: fw-asa# show install active > HIT COMMAND:fw-asa# show env all > In ShowEnv: fw-asa# show env all > HIT COMMAND:fw-asa# show rsp chassis-info > In ShowRSP: fw-asa# show rsp chassis-info > ...... > > Regards, > Pawel > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From willie.s.hinote at nasa.gov Wed Oct 16 14:12:59 2013 From: willie.s.hinote at nasa.gov (Hinote, Scotty (MSFC-IS40)[NICS]) Date: Wed, 16 Oct 2013 14:12:59 +0000 Subject: [rancid] Can't login to device In-Reply-To: <525E86A9.9000303@gmail.com> References: <525e81d744aa44.41684457@wp.pl> <525E86A9.9000303@gmail.com> Message-ID: You can also try to telnet to your device directly. telnet -d ryan at 10.1.1.40 This will open a telnet session in debug mode. It will display verbose output that should give an explicit error. If clogin isn't reporting any error messages then the server is most likely not able to connect to the device; firewall, ACL, no route to device. Regards, Scotty -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon Sent: Wednesday, October 16, 2013 7:29 AM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Can't login to device On 16/10/2013 14:08, Ryan Johnson wrote: > Hello, > > I used http://openmaniak.com/rancid_tutorial.php tutorial for installing Rancid on my Windows + Cygwin machine. > However I cannot connect to any device via "clogin x.x.x.x". To be honest, I have no idea why. > I have ping, telent and ssh working from my cygwin machine to my network equipment. > > Let's assume that I have catalyst 2600 switch with local username and password. I can access it via telnet. > > In my .cloginrc file there are lines as above: > add method 10.1.1.40 telnet > add user 10.1.1.40 ryan > add password 10.1.1.40 magicPass enablePass > > At /home/rancid/var/groupName/router.db looks like that: > 10.1.1.40:cisco:up > > But when I'm trying to execute clogin command, nothing happens: > > Administrator at backup /home/rancid > $ /home/rancid/bin/clogin 10.2.3.40 > Administrator at backup /home/rancid > > Can anyone help? The lack of output is extremely unusual. Check permissions on ~/.cloginrc, the file cannot be world readable or writeable. I've had it silently fail on me before. then try clogin -d the output is very verbose, so it's best to redirect it or pipe it to less and examine it closely. -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Wed Oct 16 19:28:30 2013 From: heas at shrubbery.net (heasley) Date: Wed, 16 Oct 2013 19:28:30 +0000 Subject: [rancid] rancid "losing" characters In-Reply-To: References: Message-ID: <20131016192830.GL92706@shrubbery.net> Mon, Oct 07, 2013 at 10:30:02AM -0400, Stephen Griffin: > So, I have a version of rancid 2.3.8 installed, and I've been noticing on > some of our Foundry/Brocade gear that some commands are failing because a > character is lost.. for example, skip-page-dilay instead of > skip-page-display. > > Our prior version of rancid was quite old (so old that no one really was > quite sure of what version it was), and we don't recall seeing this > behaviour. It feels like a buffer being exhausted, but 2.3.8 uses > send_human, which should be slowing things down. > > The version of expect wasn't changed, and is 5.43.0 > > We did fold in some of our older custom changes, but I have a difficult > time believing those would impact lost characters. > > Has anyone run into this or something similar? there once was a problem with hpuifilter that caused this, but that would not affect foundry, only hp/hlogin. perhaps that was part of your changes? otherwise, i'd suspect expect. > I did a test run, by sending "show 802" to a bunch of devices, and came up > with: > 1 e > 145 exit > 1 sh > 1 show 02 > 1 show 80 > 145 show 802 > 1 show802 > 1 skip-page-ay > 148 skip-page-display > > Thanks, > Stephen > -- > Stephen A. Griffin > Network Engineer > Google Acquisition Netops > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Wiethoff at tfh-bochum.de Fri Oct 18 06:51:18 2013 From: Wiethoff at tfh-bochum.de (Wiethoff, Helge) Date: Fri, 18 Oct 2013 06:51:18 +0000 Subject: [rancid] messed up svn Message-ID: <194290040642FB4D952083D79F7F7D1D403C813C@BOHEMSX2010.rbbk.de> Hi all :-) I guess our svn is messed up. I have no idea when the problem started, but i get a notification about "the last changes" every time rancid-run runs... So what have i done to fix this: I deleted the devices which produces the wrong notification from router.db, run rancid-run and added them back to router.db. The devices were added again and i got a mail with the updates in router.db and the "initial" configs from the devices and the config was saved. But there is something wrong because the mail is coming after each rancid-run... rancid at X-AS01:/srv/rancid/TFH> svn status -v 192 192 rancid . 192 192 rancid configs 192 168 rancid configs/x-gw1k30.tfh-lan M 192 189 rancid configs/x-su3118a.tfh-lan M 192 190 rancid configs/x-su3118b.tfh-lan M 192 191 rancid configs/x-su3118c.tfh-lan M 192 192 rancid configs/x-su3118d.tfh-lan .... 192 82 rancid configs/x-sw8217.tfh-lan M 192 188 rancid router.db If everything is good the file shoudn't be "M"odified right? Anyone has an idea how to fix this? Best regards, Helge ________________________________ Helge Wiethoff Medienzentrum Telefon: +49 (234) 968 8717 Fax: +49 (234) 968 3453 E-Mail: Wiethoff at tfh-bochum.de Technische Fachhochschule Georg Agricola f?r Rohstoff, Energie und Umwelt zu Bochum Staatlich anerkannte Fachhochschule der DMT-Gesellschaft f?r Lehre und Bildung mbH Herner Stra?e 45 44787 Bochum http://www.tfh-bochum.de ________________________________ Tr?ger: DMT-Gesellschaft f?r Lehre und Bildung mbH Sitz der Gesellschaft: Bochum Registergericht: Amtsgericht Bochum Handelsregister: B 4052 Gesch?ftsf?hrung: Prof. Dr. J?rgen Kretschmann (Vorsitzender) Manfred Freitag From Wiethoff at tfh-bochum.de Fri Oct 18 07:36:35 2013 From: Wiethoff at tfh-bochum.de (Wiethoff, Helge) Date: Fri, 18 Oct 2013 07:36:35 +0000 Subject: [rancid] messed up svn In-Reply-To: <194290040642FB4D952083D79F7F7D1D403C813C@BOHEMSX2010.rbbk.de> References: <194290040642FB4D952083D79F7F7D1D403C813C@BOHEMSX2010.rbbk.de> Message-ID: <194290040642FB4D952083D79F7F7D1D403C81E1@BOHEMSX2010.rbbk.de> Maybe more infos are relevant (i hope the right one ;)): When i delete those devices from router.db and make a rancid-run, they will be deleted and everything looks fine. I can restart rancid-run and also: it is fine. When there is a config change in the network it will be detected and the svn is still working fine... I guess i made a newbie-failure... -Helge > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Wiethoff, Helge > Sent: Friday, October 18, 2013 8:51 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] messed up svn > > Hi all :-) > > I guess our svn is messed up. I have no idea when the problem started, but i > get a notification about "the last changes" every time rancid-run runs... > So what have i done to fix this: > I deleted the devices which produces the wrong notification from router.db, > run rancid-run and added them back to router.db. > The devices were added again and i got a mail with the updates in router.db > and the "initial" configs from the devices and the config was saved. But there > is something wrong because the mail is coming after each rancid-run... > > rancid at X-AS01:/srv/rancid/TFH> svn status -v > 192 192 rancid . > 192 192 rancid configs > 192 168 rancid configs/x-gw1k30.tfh-lan > M 192 189 rancid configs/x-su3118a.tfh-lan > M 192 190 rancid configs/x-su3118b.tfh-lan > M 192 191 rancid configs/x-su3118c.tfh-lan > M 192 192 rancid configs/x-su3118d.tfh-lan > .... > 192 82 rancid configs/x-sw8217.tfh-lan > M 192 188 rancid router.db > > If everything is good the file shoudn't be "M"odified right? Anyone has an > idea how to fix this? > > Best regards, > Helge > ________________________________ > Helge Wiethoff > Medienzentrum > > Telefon: +49 (234) 968 8717 > Fax: +49 (234) 968 3453 > E-Mail: Wiethoff at tfh-bochum.de > > Technische Fachhochschule Georg Agricola > f?r Rohstoff, Energie und Umwelt zu Bochum > Staatlich anerkannte Fachhochschule der > DMT-Gesellschaft f?r Lehre und Bildung mbH > Herner Stra?e 45 > 44787 Bochum > http://www.tfh-bochum.de > ________________________________ > Tr?ger: DMT-Gesellschaft f?r Lehre und Bildung mbH > Sitz der Gesellschaft: Bochum > Registergericht: Amtsgericht Bochum > Handelsregister: B 4052 > > Gesch?ftsf?hrung: > Prof. Dr. J?rgen Kretschmann (Vorsitzender) > Manfred Freitag > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss ________________________________ Helge Wiethoff Medienzentrum Telefon: +49 (234) 968 8717 Fax: +49 (234) 968 3453 E-Mail: Wiethoff at tfh-bochum.de Technische Fachhochschule Georg Agricola f?r Rohstoff, Energie und Umwelt zu Bochum Staatlich anerkannte Fachhochschule der DMT-Gesellschaft f?r Lehre und Bildung mbH Herner Stra?e 45 44787 Bochum http://www.tfh-bochum.de ________________________________ Tr?ger: DMT-Gesellschaft f?r Lehre und Bildung mbH Sitz der Gesellschaft: Bochum Registergericht: Amtsgericht Bochum Handelsregister: B 4052 Gesch?ftsf?hrung: Prof. Dr. J?rgen Kretschmann (Vorsitzender) Manfred Freitag From gmccullagh at gmail.com Fri Oct 18 07:48:54 2013 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Fri, 18 Oct 2013 08:48:54 +0100 Subject: [rancid] rancid "losing" characters In-Reply-To: <20131016192830.GL92706@shrubbery.net> References: <20131016192830.GL92706@shrubbery.net> Message-ID: Hi, I will check this for certain and send on an updated version to the list if necessary. Gavin On 16 Oct 2013 20:28, "heasley" wrote: > Mon, Oct 07, 2013 at 10:30:02AM -0400, Stephen Griffin: > > So, I have a version of rancid 2.3.8 installed, and I've been noticing on > > some of our Foundry/Brocade gear that some commands are failing because a > > character is lost.. for example, skip-page-dilay instead of > > skip-page-display. > > > > Our prior version of rancid was quite old (so old that no one really was > > quite sure of what version it was), and we don't recall seeing this > > behaviour. It feels like a buffer being exhausted, but 2.3.8 uses > > send_human, which should be slowing things down. > > > > The version of expect wasn't changed, and is 5.43.0 > > > > We did fold in some of our older custom changes, but I have a difficult > > time believing those would impact lost characters. > > > > Has anyone run into this or something similar? > > there once was a problem with hpuifilter that caused this, but that would > not affect foundry, only hp/hlogin. perhaps that was part of your changes? > > otherwise, i'd suspect expect. > > > I did a test run, by sending "show 802" to a bunch of devices, and came > up > > with: > > 1 e > > 145 exit > > 1 sh > > 1 show 02 > > 1 show 80 > > 145 show 802 > > 1 show802 > > 1 skip-page-ay > > 148 skip-page-display > > > > Thanks, > > Stephen > > -- > > Stephen A. Griffin > > Network Engineer > > Google Acquisition Netops > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From victor.ruiz at satec.es Fri Oct 18 10:25:34 2013 From: victor.ruiz at satec.es (Victor Ruiz) Date: Fri, 18 Oct 2013 11:25:34 +0100 Subject: [rancid] Can't connect to Enterasys via SSH Message-ID: <366D52316F908E4795F6D113AE0627AD01A67B7444A0@MBXVS01.ihost.local> Hi group; I'm new on Rancid software, I need get the configuration of several Enterasys boxes. I was use the rivlogin and rivrancid in order to get this configuration but I've a problem because in the rivlogin I only can connect via telnet. I'm making a new script coping the clogin with a different name for connect with Enterasys via SSH and work properly but when I try get the unique command that I need I have an error with text: "missed cmd(s): show config". My commnadtable is: @commandtable = ( # {'show system' => 'ShowUptime'}, # {'show version' => 'ShowVersion'}, # {'show system hardware' => 'ShowHardware'}, # {'set length 0' => 'ShowActive'}, {'show config' => 'ShowActive'} ); And the routine for Show config is: # This routine processes a "system show active" sub ShowActive { print STDERR " In ShowActive: $_" if ($debug); while () { tr/\015//d; # Remove leading whitespace and/or line numbers s/^\s*(\d+\D: )*//; # Riverstone/Cabletron doesn't have an "end" line, so # we need to set $clean_run here if (/^$prompt/) { $clean_run = 1; last; } next if (/Running system configuration/); # filter out any RCS/CVS tags to avoid confusing local CVS storage s/\$(Revision|Id):/ $1:/; if (/^(.*hashed-password \S+)/ && $filter_pwds == 2) { ProcessHistory("","","","!\n"); next; } if (/^(snmp set community )\S+/ && $filter_commstr) { ProcessHistory("","","","end\n"); next; } ProcessHistory("","","","$_"); } return; } Can anybody help me with this issue or have anybody a Rancid scripts to connect with Enterasys system via SSH. Thanks very much for you time and support Bes Regards Victor -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Fri Oct 18 11:27:41 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 18 Oct 2013 13:27:41 +0200 Subject: [rancid] Can't connect to Enterasys via SSH In-Reply-To: <366D52316F908E4795F6D113AE0627AD01A67B7444A0@MBXVS01.ihost.local> References: <366D52316F908E4795F6D113AE0627AD01A67B7444A0@MBXVS01.ihost.local> Message-ID: <52611B2D.3060008@gmail.com> I think you are starting your debugging in the wrong place. You first need to verify that the correct data is being passed to rivrancid for processing. Are you using rivlogin to do the login and fetch data step? Does this part work correctly when you run it manually? On 18/10/2013 12:25, Victor Ruiz wrote: > Hi group; > > > > I?m new on Rancid software, I need get the configuration of several > Enterasys boxes. I was use the rivlogin and rivrancid in order to get > this configuration but I?ve a problem because in the rivlogin I only can > connect via telnet. I?m making a new script coping the clogin with a > different name for connect with Enterasys via SSH and work properly but > when I try get the unique command that I need I have an error with text: > ?missed cmd(s): show config?. > > > > My commnadtable is: > > > > @commandtable = ( > > # {'show system' => 'ShowUptime'}, > > # {'show version' => 'ShowVersion'}, > > # {'show system hardware' => 'ShowHardware'}, > > # {'set length 0' => 'ShowActive'}, > > {'show config' => 'ShowActive'} > > ); > > > > And the routine for Show config is: > > > > # This routine processes a "system show active" > > sub ShowActive { > > print STDERR " In ShowActive: $_" if ($debug); > > > > while () { > > tr/\015//d; > > > > # Remove leading whitespace and/or line numbers > > s/^\s*(\d+\D: )*//; > > > > # Riverstone/Cabletron doesn't have an "end" line, so > > # we need to set $clean_run here > > if (/^$prompt/) { > > $clean_run = 1; > > last; > > } > > > > next if (/Running system configuration/); > > > > # filter out any RCS/CVS tags to avoid confusing local CVS storage > > s/\$(Revision|Id):/ $1:/; > > > > if (/^(.*hashed-password \S+)/ && $filter_pwds == 2) { > > ProcessHistory("","","","!\n"); > > next; > > } > > > > if (/^(snmp set community )\S+/ && $filter_commstr) { > > ProcessHistory("","","","end\n"); > > next; > > } > > > > ProcessHistory("","","","$_"); > > } > > return; > > } > > > > Can anybody help me with this issue or have anybody a Rancid scripts to > connect with Enterasys system via SSH. > > > > Thanks very much for you time and support > > > > Bes Regards > > Victor > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From victor.ruiz at satec.es Fri Oct 18 11:57:45 2013 From: victor.ruiz at satec.es (Victor Ruiz) Date: Fri, 18 Oct 2013 12:57:45 +0100 Subject: [rancid] Can't connect to Enterasys via SSH In-Reply-To: <52611B2D.3060008@gmail.com> References: <366D52316F908E4795F6D113AE0627AD01A67B7444A0@MBXVS01.ihost.local> <52611B2D.3060008@gmail.com> Message-ID: <366D52316F908E4795F6D113AE0627AD01A67B7444B1@MBXVS01.ihost.local> Hi, Thank for the reply; When I try to do login with rivlogin the follow error appear: rancid at monrancid1:~/bin$ /usr/local/rancid/bin/rivlogin -f /usr/local/rancid/.cloginrc b5b1.XXXX Trying 10.XX.XX.XX... telnet: Unable to connect to remote host: Connection refused ERROR: device closed telnet connection during login rancid at monrancid1:~/bin$ But if I run the command: "/usr/local/rancid/bin/clogin -c "show config" b5b1.XXXX" run properly: rancid at monrancid1:~/bin$ /usr/local/rancid/bin/clogin -c "show config" b5b1.XXXX b5b1.XXXX spawn ssh -c 3des -x -l admin b5b1.XXXX admin at b5b1.infojobs's password: Enterasys B5 Command Line Interface Enterasys Networks, Inc. 9 Northeastern Boulevard Salem, NH 03079 U.S.A. Phone: +1 603 952 5000 E-mail: support at enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2013 .... .... .... #webview ! #width ! end I suppose that this is because the rivlogin haven't option to connect via SSH. I copy the clogin to entlogin and rivrancid to entranced and I include the entlogin inside racid-fe as new device, with this configuration I can login in the Enterasys device but in the logfile the message appear: Trying to get all of the configs. b5b1.XXXX: missed cmd(s): show config b5b1.XXXX: End of run not found ! ===================================== Getting missed routers: round 1. b5b1.XXXX: missed cmd(s): show config b5b1.XXXX: End of run not found ! ===================================== Getting missed routers: round 2. b5b1.XXXX: missed cmd(s): show config b5b1.XXXX: End of run not found ! ===================================== Getting missed routers: round 3. b5b1.XXXX: missed cmd(s): show config b5b1.XXXX: End of run not found ! ===================================== Getting missed routers: round 4. b5b1.XXXX: missed cmd(s): show config b5b1.XXXX: End of run not found ! Any idea? Many thanks. Victor -----Mensaje original----- De: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] En nombre de Alan McKinnon Enviado el: viernes, 18 de octubre de 2013 13:28 Para: rancid-discuss at shrubbery.net Asunto: Re: [rancid] Can't connect to Enterasys via SSH I think you are starting your debugging in the wrong place. You first need to verify that the correct data is being passed to rivrancid for processing. Are you using rivlogin to do the login and fetch data step? Does this part work correctly when you run it manually? On 18/10/2013 12:25, Victor Ruiz wrote: > Hi group; > > > > I'm new on Rancid software, I need get the configuration of several > Enterasys boxes. I was use the rivlogin and rivrancid in order to get > this configuration but I've a problem because in the rivlogin I only > can connect via telnet. I'm making a new script coping the clogin with > a different name for connect with Enterasys via SSH and work properly > but when I try get the unique command that I need I have an error with text: > "missed cmd(s): show config". > > > > My commnadtable is: > > > > @commandtable = ( > > # {'show system' => 'ShowUptime'}, > > # {'show version' => 'ShowVersion'}, > > # {'show system hardware' => 'ShowHardware'}, > > # {'set length 0' => 'ShowActive'}, > > {'show config' => 'ShowActive'} > > ); > > > > And the routine for Show config is: > > > > # This routine processes a "system show active" > > sub ShowActive { > > print STDERR " In ShowActive: $_" if ($debug); > > > > while () { > > tr/\015//d; > > > > # Remove leading whitespace and/or line numbers > > s/^\s*(\d+\D: )*//; > > > > # Riverstone/Cabletron doesn't have an "end" line, so > > # we need to set $clean_run here > > if (/^$prompt/) { > > $clean_run = 1; > > last; > > } > > > > next if (/Running system configuration/); > > > > # filter out any RCS/CVS tags to avoid confusing local CVS > storage > > s/\$(Revision|Id):/ $1:/; > > > > if (/^(.*hashed-password \S+)/ && $filter_pwds == 2) { > > ProcessHistory("","","","!\n"); > > next; > > } > > > > if (/^(snmp set community )\S+/ && $filter_commstr) { > > ProcessHistory("","","","end\n"); > > next; > > } > > > > ProcessHistory("","","","$_"); > > } > > return; > > } > > > > Can anybody help me with this issue or have anybody a Rancid scripts > to connect with Enterasys system via SSH. > > > > Thanks very much for you time and support > > > > Bes Regards > > Victor > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From alan.mckinnon at gmail.com Fri Oct 18 12:35:10 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 18 Oct 2013 14:35:10 +0200 Subject: [rancid] Can't connect to Enterasys via SSH In-Reply-To: <366D52316F908E4795F6D113AE0627AD01A67B7444B1@MBXVS01.ihost.local> References: <366D52316F908E4795F6D113AE0627AD01A67B7444A0@MBXVS01.ihost.local> <52611B2D.3060008@gmail.com> <366D52316F908E4795F6D113AE0627AD01A67B7444B1@MBXVS01.ihost.local> Message-ID: <52612AFE.2030708@gmail.com> Victor, "b5b1.XXXX: missed cmd(s): show config" is a very general error. It's probably the most common error reported here, and it actually tells you nothing much. What it means is that "something went wrong", and you do not know what. There are many possibilities. To understand what is going on, you have to understand how a script like rivrancid must work: It gets a lot of text from the device and reads it line by line, and everything is driven by regular expressions. The first thing it must do is determine what your device's prompt looks like. This is the only way the script can know when one command output ends and the next one starts (so it can feed the text to the correct sub defined in @commandtable). The prompt is defined by the device vendor, and a regex must be written that matches it. If your prompt is very different from what Cisco uses, then copying the IOS script is not going to work. You really do have to look at what is on your login prompt and check against the script that it will work correctly. Once the script properly detects the prompt, it feeds all lines of text till the next prompt into the correct sub. That sub must read each line and based on a regex decide what to do with it (store it, discard it, maybe change it and then store it). When it hits the prompt, the sub returns and the process continues till there is no more text. When this whole process completes successfully, the script writes it's data to disk and that goes into CVS/SVN. If it does not complete successfully, you get "missed cmds" errors. Do you see that no-one can really answer the question you asked exactly? I'm not familiar with Enterasys at all but I do see that rivrancid is missing some debugging code. The IOS parser has this main loop: while (/[>#]\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } .... First thing I would do is put that print statement in your new script and run it in debug mode to see if the prompt is matched. There are no "HIT COMMAND" lines in your output, so I think that will be the first thing to tackle. Or maybe you are lucky and someone else has already solved this problem and has a script already you can use :-) On 18/10/2013 13:57, Victor Ruiz wrote: > Hi, Thank for the reply; > > When I try to do login with rivlogin the follow error appear: > > rancid at monrancid1:~/bin$ /usr/local/rancid/bin/rivlogin -f /usr/local/rancid/.cloginrc b5b1.XXXX > Trying 10.XX.XX.XX... > telnet: Unable to connect to remote host: Connection refused > > ERROR: device closed telnet connection during login > rancid at monrancid1:~/bin$ > > But if I run the command: "/usr/local/rancid/bin/clogin -c "show config" b5b1.XXXX" run properly: > > rancid at monrancid1:~/bin$ /usr/local/rancid/bin/clogin -c "show config" b5b1.XXXX b5b1.XXXX > spawn ssh -c 3des -x -l admin b5b1.XXXX > admin at b5b1.infojobs's password: > > > Enterasys B5 > Command Line Interface > > Enterasys Networks, Inc. > 9 Northeastern Boulevard > Salem, NH 03079 U.S.A. > > Phone: +1 603 952 5000 > E-mail: support at enterasys.com > WWW: http://www.enterasys.com > > (c) Copyright Enterasys Networks, Inc. 2013 > .... > .... > .... > #webview > ! > > #width > ! > end > > I suppose that this is because the rivlogin haven't option to connect via SSH. > > I copy the clogin to entlogin and rivrancid to entranced and I include the entlogin inside racid-fe as new device, with this configuration I can login in the Enterasys device but in the logfile the message appear: > > Trying to get all of the configs. > b5b1.XXXX: missed cmd(s): show config > b5b1.XXXX: End of run not found > ! > ===================================== > Getting missed routers: round 1. > b5b1.XXXX: missed cmd(s): show config > b5b1.XXXX: End of run not found > ! > ===================================== > Getting missed routers: round 2. > b5b1.XXXX: missed cmd(s): show config > b5b1.XXXX: End of run not found > ! > ===================================== > Getting missed routers: round 3. > b5b1.XXXX: missed cmd(s): show config > b5b1.XXXX: End of run not found > ! > ===================================== > Getting missed routers: round 4. > b5b1.XXXX: missed cmd(s): show config > b5b1.XXXX: End of run not found > ! > > Any idea? > > Many thanks. > Victor > > -----Mensaje original----- > De: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] En nombre de Alan McKinnon > Enviado el: viernes, 18 de octubre de 2013 13:28 > Para: rancid-discuss at shrubbery.net > Asunto: Re: [rancid] Can't connect to Enterasys via SSH > > I think you are starting your debugging in the wrong place. You first need to verify that the correct data is being passed to rivrancid for processing. > > Are you using rivlogin to do the login and fetch data step? > > Does this part work correctly when you run it manually? > > > > On 18/10/2013 12:25, Victor Ruiz wrote: >> Hi group; >> >> >> >> I'm new on Rancid software, I need get the configuration of several >> Enterasys boxes. I was use the rivlogin and rivrancid in order to get >> this configuration but I've a problem because in the rivlogin I only >> can connect via telnet. I'm making a new script coping the clogin with >> a different name for connect with Enterasys via SSH and work properly >> but when I try get the unique command that I need I have an error with text: >> "missed cmd(s): show config". >> >> >> >> My commnadtable is: >> >> >> >> @commandtable = ( >> >> # {'show system' => 'ShowUptime'}, >> >> # {'show version' => 'ShowVersion'}, >> >> # {'show system hardware' => 'ShowHardware'}, >> >> # {'set length 0' => 'ShowActive'}, >> >> {'show config' => 'ShowActive'} >> >> ); >> >> >> >> And the routine for Show config is: >> >> >> >> # This routine processes a "system show active" >> >> sub ShowActive { >> >> print STDERR " In ShowActive: $_" if ($debug); >> >> >> >> while () { >> >> tr/\015//d; >> >> >> >> # Remove leading whitespace and/or line numbers >> >> s/^\s*(\d+\D: )*//; >> >> >> >> # Riverstone/Cabletron doesn't have an "end" line, so >> >> # we need to set $clean_run here >> >> if (/^$prompt/) { >> >> $clean_run = 1; >> >> last; >> >> } >> >> >> >> next if (/Running system configuration/); >> >> >> >> # filter out any RCS/CVS tags to avoid confusing local CVS >> storage >> >> s/\$(Revision|Id):/ $1:/; >> >> >> >> if (/^(.*hashed-password \S+)/ && $filter_pwds == 2) { >> >> ProcessHistory("","","","!\n"); >> >> next; >> >> } >> >> >> >> if (/^(snmp set community )\S+/ && $filter_commstr) { >> >> ProcessHistory("","","","end\n"); >> >> next; >> >> } >> >> >> >> ProcessHistory("","","","$_"); >> >> } >> >> return; >> >> } >> >> >> >> Can anybody help me with this issue or have anybody a Rancid scripts >> to connect with Enterasys system via SSH. >> >> >> >> Thanks very much for you time and support >> >> >> >> Bes Regards >> >> Victor >> >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From gmccullagh at gmail.com Fri Oct 18 07:49:48 2013 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Fri, 18 Oct 2013 08:49:48 +0100 Subject: [rancid] rancid "losing" characters In-Reply-To: References: <20131016192830.GL92706@shrubbery.net> Message-ID: Doh. You can ignore this :-) On 18 Oct 2013 08:48, "Gavin McCullagh" wrote: > Hi, > > I will check this for certain and send on an updated version to the list > if necessary. > > Gavin > On 16 Oct 2013 20:28, "heasley" wrote: > >> Mon, Oct 07, 2013 at 10:30:02AM -0400, Stephen Griffin: >> > So, I have a version of rancid 2.3.8 installed, and I've been noticing >> on >> > some of our Foundry/Brocade gear that some commands are failing because >> a >> > character is lost.. for example, skip-page-dilay instead of >> > skip-page-display. >> > >> > Our prior version of rancid was quite old (so old that no one really was >> > quite sure of what version it was), and we don't recall seeing this >> > behaviour. It feels like a buffer being exhausted, but 2.3.8 uses >> > send_human, which should be slowing things down. >> > >> > The version of expect wasn't changed, and is 5.43.0 >> > >> > We did fold in some of our older custom changes, but I have a difficult >> > time believing those would impact lost characters. >> > >> > Has anyone run into this or something similar? >> >> there once was a problem with hpuifilter that caused this, but that would >> not affect foundry, only hp/hlogin. perhaps that was part of your >> changes? >> >> otherwise, i'd suspect expect. >> >> > I did a test run, by sending "show 802" to a bunch of devices, and came >> up >> > with: >> > 1 e >> > 145 exit >> > 1 sh >> > 1 show 02 >> > 1 show 80 >> > 145 show 802 >> > 1 show802 >> > 1 skip-page-ay >> > 148 skip-page-display >> > >> > Thanks, >> > Stephen >> > -- >> > Stephen A. Griffin >> > Network Engineer >> > Google Acquisition Netops >> >> > _______________________________________________ >> > Rancid-discuss mailing list >> > Rancid-discuss at shrubbery.net >> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stephengriffin at google.com Fri Oct 18 13:51:29 2013 From: stephengriffin at google.com (Stephen Griffin) Date: Fri, 18 Oct 2013 09:51:29 -0400 Subject: [rancid] rancid "losing" characters In-Reply-To: <20131016192830.GL92706@shrubbery.net> References: <20131016192830.GL92706@shrubbery.net> Message-ID: We had reduced the send_human timers because of internal user complaints that it was too slow. I went back to the stock value and it dramatically reduced (although didn't eliminate entirely) the lost characters, so it appears to be buffer overflows. It is just odd because the older version we had didn't (ttbomk) use send_human. Stephen On Wed, Oct 16, 2013 at 3:28 PM, heasley wrote: > Mon, Oct 07, 2013 at 10:30:02AM -0400, Stephen Griffin: > > So, I have a version of rancid 2.3.8 installed, and I've been noticing on > > some of our Foundry/Brocade gear that some commands are failing because a > > character is lost.. for example, skip-page-dilay instead of > > skip-page-display. > > > > Our prior version of rancid was quite old (so old that no one really was > > quite sure of what version it was), and we don't recall seeing this > > behaviour. It feels like a buffer being exhausted, but 2.3.8 uses > > send_human, which should be slowing things down. > > > > The version of expect wasn't changed, and is 5.43.0 > > > > We did fold in some of our older custom changes, but I have a difficult > > time believing those would impact lost characters. > > > > Has anyone run into this or something similar? > > there once was a problem with hpuifilter that caused this, but that would > not affect foundry, only hp/hlogin. perhaps that was part of your changes? > > otherwise, i'd suspect expect. > > > I did a test run, by sending "show 802" to a bunch of devices, and came > up > > with: > > 1 e > > 145 exit > > 1 sh > > 1 show 02 > > 1 show 80 > > 145 show 802 > > 1 show802 > > 1 skip-page-ay > > 148 skip-page-display > > > > Thanks, > > Stephen > > -- > > Stephen A. Griffin > > Network Engineer > > Google Acquisition Netops > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- Stephen A. Griffin Network Engineer Google Acquisition Netops -------------- next part -------------- An HTML attachment was scrubbed... URL: From prt at prt.org Fri Oct 18 18:10:37 2013 From: prt at prt.org (Paul Thornton) Date: Fri, 18 Oct 2013 19:10:37 +0100 Subject: [rancid] Can't connect to Enterasys via SSH In-Reply-To: <366D52316F908E4795F6D113AE0627AD01A67B7444B1@MBXVS01.ihost.local> References: <366D52316F908E4795F6D113AE0627AD01A67B7444A0@MBXVS01.ihost.local> <52611B2D.3060008@gmail.com> <366D52316F908E4795F6D113AE0627AD01A67B7444B1@MBXVS01.ihost.local> Message-ID: <5261799D.1020808@prt.org> Hi On 18/10/2013 12:57, Victor Ruiz wrote: > When I try to do login with rivlogin the follow error appear: > > rancid at monrancid1:~/bin$ /usr/local/rancid/bin/rivlogin -f /usr/local/rancid/.cloginrc b5b1.XXXX > Trying 10.XX.XX.XX... > telnet: Unable to connect to remote host: Connection refused > > ERROR: device closed telnet connection during login > rancid at monrancid1:~/bin$ This is attempting to use telnet to talk to your device, and failing. > But if I run the command: "/usr/local/rancid/bin/clogin -c "show config" b5b1.XXXX" run properly: > > rancid at monrancid1:~/bin$ /usr/local/rancid/bin/clogin -c "show config" b5b1.XXXX b5b1.XXXX > spawn ssh -c 3des -x -l admin b5b1.XXXX > admin at b5b1.infojobs's password: This is using SSH, and working. I suspect that you need to add: add method b6b1.whatever ssh to your .cloginrc Paul. From heas at shrubbery.net Fri Oct 18 20:01:42 2013 From: heas at shrubbery.net (heasley) Date: Fri, 18 Oct 2013 20:01:42 +0000 Subject: [rancid] rancid "losing" characters In-Reply-To: References: <20131016192830.GL92706@shrubbery.net> Message-ID: <20131018200142.GC75724@shrubbery.net> Fri, Oct 18, 2013 at 09:51:29AM -0400, Stephen Griffin: > We had reduced the send_human timers because of internal user complaints > that it was too slow. I went back to the stock value and it dramatically > reduced (although didn't eliminate entirely) the lost characters, so it > appears to be buffer overflows. It is just odd because the older version we > had didn't (ttbomk) use send_human. sigh. unless there is a bug in tcl/expect, i don't know why that would happen. when the login scripts get a prompt, they try to build a more complete prompt for more assurance that it doesnt match stuff in the output of commands. is it building something reasonable from your prompts (flogin -d -c somecmd). i do not see anything about buffers in the expect changelog that seems like it'd affect 5.43. i didnt look at tcl. > Stephen > > > On Wed, Oct 16, 2013 at 3:28 PM, heasley wrote: > > > Mon, Oct 07, 2013 at 10:30:02AM -0400, Stephen Griffin: > > > So, I have a version of rancid 2.3.8 installed, and I've been noticing on > > > some of our Foundry/Brocade gear that some commands are failing because a > > > character is lost.. for example, skip-page-dilay instead of > > > skip-page-display. > > > > > > Our prior version of rancid was quite old (so old that no one really was > > > quite sure of what version it was), and we don't recall seeing this > > > behaviour. It feels like a buffer being exhausted, but 2.3.8 uses > > > send_human, which should be slowing things down. > > > > > > The version of expect wasn't changed, and is 5.43.0 > > > > > > We did fold in some of our older custom changes, but I have a difficult > > > time believing those would impact lost characters. > > > > > > Has anyone run into this or something similar? > > > > there once was a problem with hpuifilter that caused this, but that would > > not affect foundry, only hp/hlogin. perhaps that was part of your changes? > > > > otherwise, i'd suspect expect. > > > > > I did a test run, by sending "show 802" to a bunch of devices, and came > > up > > > with: > > > 1 e > > > 145 exit > > > 1 sh > > > 1 show 02 > > > 1 show 80 > > > 145 show 802 > > > 1 show802 > > > 1 skip-page-ay > > > 148 skip-page-display > > > > > > Thanks, > > > Stephen > > > -- > > > Stephen A. Griffin > > > Network Engineer > > > Google Acquisition Netops > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > > -- > Stephen A. Griffin > Network Engineer > Google Acquisition Netops From daniel.jfj at gmail.com Mon Oct 21 17:45:42 2013 From: daniel.jfj at gmail.com (Daniel Jesus) Date: Mon, 21 Oct 2013 19:45:42 +0200 Subject: [rancid] rancid for nortel baystack Message-ID: Hi guys, I'm having some issues to backup nortel baystack devices, due to the CTRL + Y and the send C character. i've read this post http://www.shrubbery.net/pipermail/rancid-discuss/2010-November/005339.htmland also downloaded the diff files. However, since i dont know which version of rancid was used to create the diff files, i cannot do a proper patch.... i've been trying to do the changes manually, but i've failed terribly =) I was hoping someone could upload a working bnlogin and brancid script. It would be much appreciated! Regards, Daniel -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxime.baudin at ac-rennes.fr Tue Oct 22 12:53:53 2013 From: maxime.baudin at ac-rennes.fr (Maxime Baudin) Date: Tue, 22 Oct 2013 14:53:53 +0200 Subject: [rancid] rancid for nortel baystack In-Reply-To: References: Message-ID: <52667561.6050204@ac-rennes.fr> Le 21/10/13 19:45, Daniel Jesus a ?crit : > Hi guys, > i've read this post > http://www.shrubbery.net/pipermail/rancid-discuss/2010-November/005339.html > and also downloaded the diff files. However, since i dont know which > version of rancid was used to create the diff files, i cannot do a > proper patch.... i've been trying to do the changes manually, but i've > failed terribly =) Hi Daniel, I managed to patch the files properly but the result is ... mmm ... not working :( It still stuck on the Ctrl-Y banner until timeout. I can send you my files, two pairs of eyes may be better than one. Regards, Maxime From daniel.jfj at gmail.com Tue Oct 22 13:46:49 2013 From: daniel.jfj at gmail.com (Daniel Jesus) Date: Tue, 22 Oct 2013 15:46:49 +0200 Subject: [rancid] rancid for nortel baystack In-Reply-To: <52667561.6050204@ac-rennes.fr> References: <52667561.6050204@ac-rennes.fr> Message-ID: Hi Maxime, I actually got it working....but only to find out there is a bug on the nortel ios...the terminal lenght 0 command does not work properly. which OS are you running on yours? it seems that the bug was fixed from 4.0.5 onwards. Anyway, here is my new bnlogin and bnrancid files...give it a try, maybe it will work properly for you. bnlogin - http://pastebin.com/cAgHgBp6 bnrancid - http://pastebin.com/Yss62mBE dont forget to change the rancid-fe and if it doesnt work for you, i guess the best option is do do a script just to login and copy the conf to a tftp server.... Good luck, Daniel On Tue, Oct 22, 2013 at 2:53 PM, Maxime Baudin wrote: > Le 21/10/13 19:45, Daniel Jesus a ?crit : > >> Hi guys, >> >> i've read this post http://www.shrubbery.net/** >> pipermail/rancid-discuss/2010-**November/005339.htmland also downloaded the diff files. However, since i dont know which >> version of rancid was used to create the diff files, i cannot do a proper >> patch.... i've been trying to do the changes manually, but i've failed >> terribly =) >> > > Hi Daniel, > I managed to patch the files properly but the result is ... mmm ... not > working :( > It still stuck on the Ctrl-Y banner until timeout. > > I can send you my files, two pairs of eyes may be better than one. > > Regards, > Maxime > ______________________________**_________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/**mailman/listinfo/rancid-**discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lind108 at hotmail.com Tue Oct 22 15:27:27 2013 From: lind108 at hotmail.com (Kenneth Lind) Date: Tue, 22 Oct 2013 11:27:27 -0400 Subject: [rancid] Cisco 10k sflog Timestamp Cycling Message-ID: We recently implemented IPDR on our Cisco 10K uBRs and are now receiving diffs for every rancid run about the timestamp for the sflog: - !Flash: 6 0 Oct 22 2013 08:46:10 -04:00 sflog + !Flash: 6 0 Oct 22 2013 09:37:28 -04:00 sflog We are running Rancid v2.3.6 which according to the change log included the fix for this issue (though in our instance it does not appear to be filtered, unless there is an option somewhere that we've missed to enable the filtering): rancid: filter sflog from DirSlotN() for IOS on cisco 10k I've been able to find mentions of the issue in the discuss archives, but none have included a solution. Has anyone been able to hush the diffs for the sflog outside of creating a new rancid type and altering the command table to exclude the DirSlotN run? From alan.mckinnon at gmail.com Tue Oct 22 20:18:59 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 22 Oct 2013 22:18:59 +0200 Subject: [rancid] Cisco 10k sflog Timestamp Cycling In-Reply-To: References: Message-ID: <5266DDB3.2010605@gmail.com> On 22/10/2013 17:27, Kenneth Lind wrote: > We recently implemented IPDR on our Cisco 10K uBRs and are now receiving > diffs for every rancid run about the timestamp for the sflog: > > - !Flash: 6 0 Oct 22 2013 08:46:10 -04:00 sflog > + !Flash: 6 0 Oct 22 2013 09:37:28 -04:00 sflog > > We are running Rancid v2.3.6 which according to the change log included the > fix for this issue (though in our instance it does not appear to be > filtered, unless there is an option somewhere that we've missed to enable > the filtering): > > rancid: filter sflog from DirSlotN() for IOS on cisco 10k > > I've been able to find mentions of the issue in the discuss archives, but > none have included a solution. Has anyone been able to hush the diffs for > the sflog outside of creating a new rancid type and altering the command > table to exclude the DirSlotN run? I'm not familiar with the 10k but Google indicates they will run regular IOS. Is that correct? The code in 2.3.6 does support what the Changelog says: sub DirSlotN { .... if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { $_ = "$1" . sprintf("%43s", "") . "$3\n"; } .... } but that regex does not match the output you quoted. maybe that was written for Personally, I would simply discard the entire line (you don't want to keep the timestamp and that is the very thing that is changing) so modify DirSlotN thusly (add it just before the code above): next if ($ios eq "IOS" && /^Flash:.*? sflog$); that regex is quite simplistic, you might want to tweak it to be more specific. Don't stress about maintaining your own patches to make the rancid scripts do what you intent - every installation I know of accumulating a rather large number of them :-) It seems to be inevitable considering the problem we are all using rancid to solve. -- Alan McKinnon alan.mckinnon at gmail.com From peo at chalmers.se Wed Oct 23 06:07:45 2013 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 23 Oct 2013 08:07:45 +0200 Subject: [rancid] Cisco 10k sflog Timestamp Cycling In-Reply-To: <5266DDB3.2010605@gmail.com> References: <5266DDB3.2010605@gmail.com> Message-ID: <526767B1.7030007@chalmers.se> On 10/22/2013 10:18 PM, Alan McKinnon wrote: > On 22/10/2013 17:27, Kenneth Lind wrote: >> We recently implemented IPDR on our Cisco 10K uBRs and are now receiving >> diffs for every rancid run about the timestamp for the sflog: >> >> - !Flash: 6 0 Oct 22 2013 08:46:10 -04:00 sflog >> + !Flash: 6 0 Oct 22 2013 09:37:28 -04:00 sflog >> >> We are running Rancid v2.3.6 which according to the change log included the >> fix for this issue (though in our instance it does not appear to be >> filtered, unless there is an option somewhere that we've missed to enable >> the filtering): >> >> rancid: filter sflog from DirSlotN() for IOS on cisco 10k >> >> I've been able to find mentions of the issue in the discuss archives, but >> none have included a solution. Has anyone been able to hush the diffs for >> the sflog outside of creating a new rancid type and altering the command >> table to exclude the DirSlotN run? > > I'm not familiar with the 10k but Google indicates they will run regular > IOS. Is that correct? > > The code in 2.3.6 does support what the Changelog says: > > sub DirSlotN { > .... > if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { > $_ = "$1" . sprintf("%43s", "") . "$3\n"; > } > .... > } > > but that regex does not match the output you quoted. maybe that was > written for > > Personally, I would simply discard the entire line (you don't want to > keep the timestamp and that is the very thing that is changing) so > modify DirSlotN thusly (add it just before the code above): > > next if ($ios eq "IOS" && /^Flash:.*? sflog$); > > that regex is quite simplistic, you might want to tweak it to be more > specific. > > Don't stress about maintaining your own patches to make the rancid > scripts do what you intent - every installation I know of accumulating a > rather large number of them :-) It seems to be inevitable considering > the problem we are all using rancid to solve. > > "!Flash:" is added later and not part of output from IOS dir command! ... ProcessHistory("FLASH","","","!Flash: $dev: $_"); ... Looks like Cisco change dir output format. 3 -rw- 47659 Jul 10 2012 16:53:02 +02:00 file and not include access flags for some files! 6 0 Oct 22 2013 09:37:28 -04:00 sflog Please verify this! What IOS version? I have to suggest to duplicate the 3 lines and update regex to /^((\s+)?\d+)\s+\d+.*(sflog$)/ ... if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { $_ = "$1" . sprintf("%43s", "") . "$3\n"; } if ($ios eq "IOS" && /^((\s+)?\d+)\s+\d+.*(sflog$)/) { $_ = "$1" . sprintf("%43s", "") . "$3\n"; } ... Possible have to adjust space padding "%43s" to get a nice table. or just add next if ($ios eq "IOS" && /^.* sflog$); to remove sflog lines until there is a preferable way to match this line. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- From alan.mckinnon at gmail.com Wed Oct 23 06:39:10 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 23 Oct 2013 08:39:10 +0200 Subject: [rancid] Cisco 10k sflog Timestamp Cycling In-Reply-To: <526767B1.7030007@chalmers.se> References: <5266DDB3.2010605@gmail.com> <526767B1.7030007@chalmers.se> Message-ID: <52676F0E.5050803@gmail.com> On 23/10/2013 08:07, Per-Olof Olsson wrote: > On 10/22/2013 10:18 PM, Alan McKinnon wrote: >> On 22/10/2013 17:27, Kenneth Lind wrote: >>> We recently implemented IPDR on our Cisco 10K uBRs and are now receiving >>> diffs for every rancid run about the timestamp for the sflog: >>> >>> - !Flash: 6 0 Oct 22 2013 08:46:10 -04:00 sflog >>> + !Flash: 6 0 Oct 22 2013 09:37:28 -04:00 sflog >>> >>> We are running Rancid v2.3.6 which according to the change log included the >>> fix for this issue (though in our instance it does not appear to be >>> filtered, unless there is an option somewhere that we've missed to enable >>> the filtering): >>> >>> rancid: filter sflog from DirSlotN() for IOS on cisco 10k >>> >>> I've been able to find mentions of the issue in the discuss archives, but >>> none have included a solution. Has anyone been able to hush the diffs for >>> the sflog outside of creating a new rancid type and altering the command >>> table to exclude the DirSlotN run? >> >> I'm not familiar with the 10k but Google indicates they will run regular >> IOS. Is that correct? >> >> The code in 2.3.6 does support what the Changelog says: >> >> sub DirSlotN { >> .... >> if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { >> $_ = "$1" . sprintf("%43s", "") . "$3\n"; >> } >> .... >> } >> >> but that regex does not match the output you quoted. maybe that was >> written for >> >> Personally, I would simply discard the entire line (you don't want to >> keep the timestamp and that is the very thing that is changing) so >> modify DirSlotN thusly (add it just before the code above): >> >> next if ($ios eq "IOS" && /^Flash:.*? sflog$); >> >> that regex is quite simplistic, you might want to tweak it to be more >> specific. >> >> Don't stress about maintaining your own patches to make the rancid >> scripts do what you intent - every installation I know of accumulating a >> rather large number of them :-) It seems to be inevitable considering >> the problem we are all using rancid to solve. >> >> > > "!Flash:" is added later and not part of output from IOS dir command! > > ... > ProcessHistory("FLASH","","","!Flash: $dev: $_"); > ... > > > Looks like Cisco change dir output format. > 3 -rw- 47659 Jul 10 2012 16:53:02 +02:00 file > > and not include access flags for some files! > 6 0 Oct 22 2013 09:37:28 -04:00 sflog > > Please verify this! > What IOS version? > > > I have to suggest to duplicate the 3 lines and update > regex to /^((\s+)?\d+)\s+\d+.*(sflog$)/ > > > ... > if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { > $_ = "$1" . sprintf("%43s", "") . "$3\n"; > } > if ($ios eq "IOS" && /^((\s+)?\d+)\s+\d+.*(sflog$)/) { > $_ = "$1" . sprintf("%43s", "") . "$3\n"; > } > ... > > Possible have to adjust space padding "%43s" to get a nice table. > > > or just add > next if ($ios eq "IOS" && /^.* sflog$); > to remove sflog lines until there is a preferable way to match this line. Thanks for spotting that. I noticed how "!Flash" is handled when reading the code but then added it to the regex when typing it. Good catch. My feeling on these rapidly changing file listings is that they aren't worth keeping in the rancid output at all. They are expected to change frequently so the entire timestamp is worthless from a rancid POV, leaving only the filename. Is it worth recording merely that the file does exist, when we already know that it almost certainly will? -- Alan McKinnon alan.mckinnon at gmail.com From tylerc at beatsmusic.com Wed Oct 23 05:31:18 2013 From: tylerc at beatsmusic.com (Tyler Christiansen) Date: Wed, 23 Oct 2013 01:31:18 -0400 Subject: [rancid] Daily Difference Digest? Message-ID: Hello! Apologies if this has been asked, but searching the web doesn't turn up much (and it's made more difficult by the fact that searching for 'rancid difference daily digest' and similar items turns up nothing but stomach digestion information!). Is it possible to configure Rancid to e-mail differences in a daily digest format? We might make several small changes throughout the day, and instead of getting e-mailed every time we make a change, I'd like to get a summary of all changes for the entire day. Thanks for any tips/help/advice/etc! --Tyler -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Oct 23 08:35:53 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 23 Oct 2013 10:35:53 +0200 Subject: [rancid] Daily Difference Digest? In-Reply-To: References: Message-ID: <52678A69.8070604@gmail.com> On 23/10/2013 07:31, Tyler Christiansen wrote: > Hello! > > Apologies if this has been asked, but searching the web doesn't turn up > much (and it's made more difficult by the fact that searching for > 'rancid difference daily digest' and similar items turns up nothing but > stomach digestion information!). > > Is it possible to configure Rancid to e-mail differences in a daily > digest format? We might make several small changes throughout the day, > and instead of getting e-mailed every time we make a change, I'd like to > get a summary of all changes for the entire day. > > Thanks for any tips/help/advice/etc! To the best of my knowledge rancid doesn't do that natively. It would be hard to code it, as rancid uses the classic method to send mail: print text and pipe it to a mailer. To digest, rancid would have to store mails somewhere and gather them up once a day in a cron Digest is best done in your mail system, not in your rancid system. The method I use is to send all rancid mail to a Mailman instance and tell the users to sign themselves up. They can choose digest or individual mails as they prefer and I don't have to get involved. Many other possible solutions exist, depending on how big your setup is, how many devices and users, etc. -- Alan McKinnon alan.mckinnon at gmail.com From paul at gear.dyndns.org Wed Oct 23 09:52:08 2013 From: paul at gear.dyndns.org (Paul Gear) Date: Wed, 23 Oct 2013 19:52:08 +1000 Subject: [rancid] Daily Difference Digest? In-Reply-To: <52678A69.8070604@gmail.com> References: <52678A69.8070604@gmail.com> Message-ID: On 10/23/2013 06:35 PM, Alan McKinnon wrote: > On 23/10/2013 07:31, Tyler Christiansen wrote: >> Hello! >> >> Apologies if this has been asked, but searching the web doesn't turn up >> much (and it's made more difficult by the fact that searching for >> 'rancid difference daily digest' and similar items turns up nothing but >> stomach digestion information!). >> >> Is it possible to configure Rancid to e-mail differences in a daily >> digest format? We might make several small changes throughout the day, >> and instead of getting e-mailed every time we make a change, I'd like to >> get a summary of all changes for the entire day. >> >> Thanks for any tips/help/advice/etc! > > > To the best of my knowledge rancid doesn't do that natively. It would be > hard to code it, as rancid uses the classic method to send mail: print > text and pipe it to a mailer. To digest, rancid would have to store > mails somewhere and gather them up once a day in a cron > > Digest is best done in your mail system, not in your rancid system. The > method I use is to send all rancid mail to a Mailman instance and tell > the users to sign themselves up. They can choose digest or individual > mails as they prefer and I don't have to get involved. > > Many other possible solutions exist, depending on how big your setup is, > how many devices and users, etc. I like Alan's suggestion about Mailman. Here's another: don't email changes to everyone - just put them in a mailbox that receives the email. Then set up a separate process to run once a day which just does a diff from the top of each svn repository where you store RANCID configs (i.e. one for each group). Email this to all the people who need the daily digest. Paul From jwbensley at gmail.com Wed Oct 23 10:57:17 2013 From: jwbensley at gmail.com (James Bensley) Date: Wed, 23 Oct 2013 11:57:17 +0100 Subject: [rancid] Daily Difference Digest? In-Reply-To: <52678A69.8070604@gmail.com> References: <52678A69.8070604@gmail.com> Message-ID: On 23 October 2013 09:35, Alan McKinnon wrote: > To the best of my knowledge rancid doesn't do that natively. It would be > hard to code it, as rancid uses the classic method to send mail: print > text and pipe it to a mailer. It depends on what functionality you wanted. If you wanted all rancid emails to be a daily digest then it would be easy. Edit he rancid script that echo's to "| mail" (I forget which script it is but I've changed it before easily enough) and add an "if" statement, "if hour == 5.30pm, echo $changed | mail" - Assume you finished at 5.30pm each day and that is when you want your rancid emails to come through. I have rancid run every hour, so "if time > 5pm < 6pm; send the email". Cheers, James. From alan.mckinnon at gmail.com Wed Oct 23 11:58:00 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 23 Oct 2013 13:58:00 +0200 Subject: [rancid] Daily Difference Digest? In-Reply-To: References: <52678A69.8070604@gmail.com> Message-ID: <5267B9C8.5010109@gmail.com> On 23/10/2013 12:57, James Bensley wrote: > On 23 October 2013 09:35, Alan McKinnon wrote: >> To the best of my knowledge rancid doesn't do that natively. It would be >> hard to code it, as rancid uses the classic method to send mail: print >> text and pipe it to a mailer. > > It depends on what functionality you wanted. If you wanted all rancid > emails to be a daily digest then it would be easy. Edit he rancid > script that echo's to "| mail" (I forget which script it is but I've > changed it before easily enough) and add an "if" statement, "if hour > == 5.30pm, echo $changed | mail" - Assume you finished at 5.30pm each > day and that is when you want your rancid emails to come through. I > have rancid run every hour, so "if time > 5pm < 6pm; send the email". Surely that mails out only changes detected in the last run, excluding all others earlier in the day? To get everything today as a digest you'd need to do a CVS diff against the repo as at 6pm yesterday -- Alan McKinnon alan.mckinnon at gmail.com From jwbensley at gmail.com Wed Oct 23 12:50:22 2013 From: jwbensley at gmail.com (James Bensley) Date: Wed, 23 Oct 2013 13:50:22 +0100 Subject: [rancid] Daily Difference Digest? In-Reply-To: <5267B9C8.5010109@gmail.com> References: <52678A69.8070604@gmail.com> <5267B9C8.5010109@gmail.com> Message-ID: It depends, I know the op wanted all the changes made so you are right, my method was as you said for just one daily email of the most recent changes. I still don't think that would be a massive issue to code it. Just my two pence. Cheers, James. From jason at biel-tech.com Wed Oct 23 11:09:15 2013 From: jason at biel-tech.com (Jason Biel) Date: Wed, 23 Oct 2013 06:09:15 -0500 Subject: [rancid] RANCID and F5 BigIP LTM v11.4 Message-ID: I was wondering if anyone has successfully got RANCID to work with the F5 BigIP LTM running version 11.4.x. Using the modified "f5rancid" from the git-repo here: https://github.com/dotwaffle/rancid-git/tree/master/bin It appears to identify what version the LTM is running, and from there uses either the "bigip" commands or the "tmsh" commands. When implementing this, the rancid-run never seems to complete. -- Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From r.engehausen at gmail.com Wed Oct 23 13:21:36 2013 From: r.engehausen at gmail.com (Roy) Date: Wed, 23 Oct 2013 06:21:36 -0700 Subject: [rancid] Daily Difference Digest? In-Reply-To: References: Message-ID: <5267CD60.7030706@gmail.com> On 10/22/2013 10:31 PM, Tyler Christiansen wrote: > Hello! > > Apologies if this has been asked, but searching the web doesn't turn > up much (and it's made more difficult by the fact that searching for > 'rancid difference daily digest' and similar items turns up nothing > but stomach digestion information!). > > Is it possible to configure Rancid to e-mail differences in a daily > digest format? We might make several small changes throughout the > day, and instead of getting e-mailed every time we make a change, I'd > like to get a summary of all changes for the entire day. > > Thanks for any tips/help/advice/etc! > > --Tyler > I only run rancid one a day :-) Here is a suggestion. You set up two copies of rancid. One runs daily and the other more frequently. The one that runs more frequently sends the diff files to /dev/null. From heas at shrubbery.net Wed Oct 23 14:49:15 2013 From: heas at shrubbery.net (heasley) Date: Wed, 23 Oct 2013 14:49:15 +0000 Subject: [rancid] Daily Difference Digest? In-Reply-To: <52678A69.8070604@gmail.com> References: <52678A69.8070604@gmail.com> Message-ID: <20131023144915.GL13696@shrubbery.net> Wed, Oct 23, 2013 at 10:35:53AM +0200, Alan McKinnon: > To the best of my knowledge rancid doesn't do that natively. It would be > hard to code it, as rancid uses the classic method to send mail: print i definitely do not want it in rancid. many have solved this problem and each will want it done differently. > text and pipe it to a mailer. To digest, rancid would have to store > mails somewhere and gather them up once a day in a cron in its simplest form min hr * * * cd ~rancid/group; cvs diff -D "24 hours ago" | Mail -s "daily diffs" rancid-group > Digest is best done in your mail system, not in your rancid system. The > method I use is to send all rancid mail to a Mailman instance and tell > the users to sign themselves up. They can choose digest or individual > mails as they prefer and I don't have to get involved. this is the way to do it, imo. it also means that changes applied and removed/overridden have less chance of being hidden. From heas at shrubbery.net Wed Oct 23 15:17:56 2013 From: heas at shrubbery.net (heasley) Date: Wed, 23 Oct 2013 15:17:56 +0000 Subject: [rancid] Cisco 10k sflog Timestamp Cycling In-Reply-To: <52676F0E.5050803@gmail.com> References: <5266DDB3.2010605@gmail.com> <526767B1.7030007@chalmers.se> <52676F0E.5050803@gmail.com> Message-ID: <20131023151756.GO13696@shrubbery.net> Wed, Oct 23, 2013 at 08:39:10AM +0200, Alan McKinnon: > My feeling on these rapidly changing file listings is that they aren't > worth keeping in the rancid output at all. They are expected to change > frequently so the entire timestamp is worthless from a rancid POV, > leaving only the filename. Is it worth recording merely that the file > does exist, when we already know that it almost certainly will? imo, yes - at least you know if the file disappears. based on 3.0a, but ... Index: lib/ios.pm.in =================================================================== --- lib/ios.pm.in (revision 2731) +++ lib/ios.pm.in (working copy) @@ -817,7 +817,7 @@ # to: # vlan.dat # vlan.dat - if (/(dhcp_[^. ]*\.txt|vlan\.dat)\s*$/) { + if (/(dhcp_[^. ]*\.txt|vlan\.dat|sflog)\s*$/) { if (/(\s*\d+)(\s+)(\d+)(\s+)(\w+ \d+\s+\d+ \d+:\d+:\d+ .\d+:\d+)/) { my($fn, $a, $sz, $c, $dt, $rem) = ($1, $2, $3, $4, $5, $'); my($fnl, $szl, $dtl) = (length($fn), length($sz), length($dt)); @@ -884,7 +884,7 @@ # to: # -rw- vlan.dat # -rw- vlan.dat - if (/(dhcp_[^. ]*\.txt|vlan\.dat)\s*$/) { + if (/(dhcp_[^. ]*\.txt|vlan\.dat|sflog)\s*$/) { if (/(\s*\d+)(\s+\S+\s+)(\d+)(\s+)(\w+ \d+\s+\d+ \d+:\d+:\d+ .\d+:\d+)/) { my($fn, $a, $sz, $c, $dt, $rem) = ($1, $2, $3, $4, $5, $'); my($fnl, $szl, $dtl) = (length($fn), length($sz), length($dt)); @@ -921,9 +921,6 @@ if ($ios eq "XE" && /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) { $_ = "$1" . sprintf("%43s", "") . "$3\n"; } - if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { - $_ = "$1" . sprintf("%43s", "") . "$3\n"; - } # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); From heas at shrubbery.net Wed Oct 23 15:45:15 2013 From: heas at shrubbery.net (heasley) Date: Wed, 23 Oct 2013 15:45:15 +0000 Subject: [rancid] RANCID and F5 BigIP LTM v11.4 In-Reply-To: References: Message-ID: <20131023154515.GR13696@shrubbery.net> Wed, Oct 23, 2013 at 06:09:15AM -0500, Jason Biel: > I was wondering if anyone has successfully got RANCID to work with the F5 > BigIP LTM running version 11.4.x. > > Using the modified "f5rancid" from the git-repo here: > https://github.com/dotwaffle/rancid-git/tree/master/bin > > It appears to identify what version the LTM is running, and from there uses > either the "bigip" commands or the "tmsh" commands. > > When implementing this, the rancid-run never seems to complete. does anyone have a vmware/virtualbox image of the f5 s/w that they can give to me? I've tried a few times to get it to load, but it hasnt worked. From chris at node-nine.com Wed Oct 23 19:26:24 2013 From: chris at node-nine.com (Chris Moody) Date: Wed, 23 Oct 2013 15:26:24 -0400 Subject: [rancid] RANCID and F5 BigIP LTM v11.4 In-Reply-To: References: Message-ID: <526822E0.6060907@node-nine.com> I've got this working against some 11.3 nodes. I'm currently still making some small adjustments to some of the regex in the ShowHardware subroutine though to clean out all the stupid temperature/fan-speed numbers that show up in the output and trigger a diff....but it is backing up devices. I also had to comment out the 'ShowRouteStatic' and 'ShowSsl*' subroutines since these were causing backups to fail. I haven't had time yet to debug why they wouldn't complete successfully. -Chris On 10/23/13 7:09 AM, Jason Biel wrote: > I was wondering if anyone has successfully got RANCID to work with the > F5 BigIP LTM running version 11.4.x. > > Using the modified "f5rancid" from the git-repo here: > https://github.com/dotwaffle/rancid-git/tree/master/bin > > It appears to identify what version the LTM is running, and from there > uses either the "bigip" commands or the "tmsh" commands. > > When implementing this, the rancid-run never seems to complete. > > -- > Jason > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From auzzik at gmail.com Wed Oct 23 22:58:15 2013 From: auzzik at gmail.com (Auzzik) Date: Thu, 24 Oct 2013 09:58:15 +1100 Subject: [rancid] RANCID and F5 BigIP LTM v11.4 In-Reply-To: <526822E0.6060907@node-nine.com> References: <526822E0.6060907@node-nine.com> Message-ID: I have Rancid working against 11.3. Is 11.4 significantly different? On 24 October 2013 06:26, Chris Moody wrote: > I've got this working against some 11.3 nodes. > > I'm currently still making some small adjustments to some of the regex in > the ShowHardware subroutine though to clean out all the stupid > temperature/fan-speed numbers that show up in the output and trigger a > diff....but it is backing up devices. > > I also had to comment out the 'ShowRouteStatic' and 'ShowSsl*' subroutines > since these were causing backups to fail. I haven't had time yet to debug > why they wouldn't complete successfully. > > -Chris > > On 10/23/13 7:09 AM, Jason Biel wrote: > > I was wondering if anyone has successfully got RANCID to work with the > F5 BigIP LTM running version 11.4.x. > > Using the modified "f5rancid" from the git-repo here: > https://github.com/dotwaffle/rancid-git/tree/master/bin > > It appears to identify what version the LTM is running, and from there > uses either the "bigip" commands or the "tmsh" commands. > > When implementing this, the rancid-run never seems to complete. > > -- > Jason > > > _______________________________________________ > Rancid-discuss mailing listRancid-discuss at shrubbery.nethttp://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From AJ.Schroeder at directsupply.com Mon Oct 28 17:00:11 2013 From: AJ.Schroeder at directsupply.com (AJ Schroeder) Date: Mon, 28 Oct 2013 17:00:11 +0000 Subject: [rancid] Rancid and Nortel 8600 Message-ID: <1F169C33264F9A43928391FE5D100EA6B18661@MSG-P-VIR-M-62.mtolympus.partners.directs.com> Hello list, I know that this subject has come up many times before and I have been searching for answers on this subject and keep running into dead-ends. I am trying to backup some old 8600 switches with RANCID and much like the switches themselves, the backups aren't working very well. I have the device set to "baynet" in the router.db file and this is what I get in the logs (names changed to x.x.x.x): Trying to get all of the configs. x.x.x.x blogin error: Error: TIMEOUT reached x.x.x.x: missed cmd(s): bcc,exit,show config,show config -all x.x.x.x: End of run not found ! ===================================== Getting missed routers: round 1. x.x.x.x blogin error: Error: TIMEOUT reached x.x.x.x: missed cmd(s): bcc,exit,show config,show config -all x.x.x.x: End of run not found ! I have googled this issue and apparently there were some custom login scripts created for these devices called "pplogin" and "pprancid" but those scripts seem to have vanished as well. If anyone has any tips on how to get past these end of run errors it would be greatly appreciated. Thanks, AJ Schroeder -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Mon Oct 28 19:47:52 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 28 Oct 2013 21:47:52 +0200 Subject: [rancid] Rancid and Nortel 8600 In-Reply-To: <1F169C33264F9A43928391FE5D100EA6B18661@MSG-P-VIR-M-62.mtolympus.partners.directs.com> References: <1F169C33264F9A43928391FE5D100EA6B18661@MSG-P-VIR-M-62.mtolympus.partners.directs.com> Message-ID: <526EBF68.2010702@gmail.com> On 28/10/2013 19:00, AJ Schroeder wrote: > Hello list, > > > > I know that this subject has come up many times before and I have been > searching for answers on this subject and keep running into dead-ends. I > am trying to backup some old 8600 switches with RANCID and much like the > switches themselves, the backups aren?t working very well. I have the > device set to ?baynet? in the router.db file and this is what I get in > the logs (names changed to x.x.x.x): > > > > Trying to get all of the configs. > > x.x.x.x blogin error: Error: TIMEOUT reached ^^^^^^^^^^^^^^^^^^^^^^ This is your problem. The code is trying to log into the device and it does not succeed. At this point you need to apply regular network troubleshooting techniques as the root cause is usually nothing to do with the rancid code. The "End of run not found" error at this point is not worth looking at further, it means the same as "something went wrong". It's worth repeating at this point that trying various code dumps that show up in google is unlikely to work well for you, you need to take a more structured approach. First, telnet or ssh as appropriate from your rancid host to the device, establish if that works. Then assuming that brancid and blogin are the correct scripts for your device type, run blogin manually and see what happens. This can fail in so many ways, for example: no connectivity between rancid host and device ports 22 and 23 firewalled out device not listening on ports 22 and 23 blogin trying to use an invalid username blogin trying to use an incorrect password and more Don't forget to check that the contents of your ~/.cloginrc are valid and correct. Until you have done these steps, there is very little anyone can do to assist you meaningfully. -- Alan McKinnon alan.mckinnon at gmail.com From gmccullagh at gmail.com Tue Oct 29 07:03:25 2013 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Tue, 29 Oct 2013 07:03:25 +0000 Subject: [rancid] simple D-Link support Message-ID: Hi guys, a couple of years ago, at my previous place of employment (Griffith College Dublin), I patched fnlogin/fnrancid to support D-Link devices creating dllogin and dlrancid. I posted it to the mailing list at the time, but it may have been updated a little bit since. A few people have emailed me since looking for the code, so I'm re-posting it here. Looking at the code now, I suspect there are some chunks which are not required for D-Link support and should be removed (I basically "made it work" at the time without fully auditing what was in there). I will try to make time for this, though I have to confess I'm unsure when. The code is in use and working fine on these models which we have available to us: 2x DES-3010F 4x DES-3052P 31x DES-3526 6x DES-3550 I'm not sure if this is acceptable as a starting point for adding D-Link support to Rancid or if it needs more work before it can go in. If there are specific requirements, please let me know and I'll try and work on it. Either way, the college have agreed to submit the code for use by the community. Thanks for Rancid! Gavin -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmccullagh at gmail.com Tue Oct 29 10:18:49 2013 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Tue, 29 Oct 2013 10:18:49 +0000 Subject: [rancid] simple D-Link support In-Reply-To: References: Message-ID: This time I will attach the files :-) Gavin On 29 October 2013 07:03, Gavin McCullagh wrote: > Hi guys, > > a couple of years ago, at my previous place of employment (Griffith > College Dublin), I patched fnlogin/fnrancid to support D-Link devices > creating dllogin and dlrancid. I posted it to the mailing list at the > time, but it may have been updated a little bit since. A few people have > emailed me since looking for the code, so I'm re-posting it here. > > Looking at the code now, I suspect there are some chunks which are not > required for D-Link support and should be removed (I basically "made it > work" at the time without fully auditing what was in there). I will try to > make time for this, though I have to confess I'm unsure when. > > The code is in use and working fine on these models which we have > available to us: > > 2x DES-3010F > 4x DES-3052P > 31x DES-3526 > 6x DES-3550 > > I'm not sure if this is acceptable as a starting point for adding D-Link > support to Rancid or if it needs more work before it can go in. If there > are specific requirements, please let me know and I'll try and work on it. > Either way, the college have agreed to submit the code for use by the > community. > > Thanks for Rancid! > Gavin > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: dllogin Type: application/octet-stream Size: 17421 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: dlrancid Type: application/octet-stream Size: 10754 bytes Desc: not available URL: From maxime.baudin at ac-rennes.fr Tue Oct 29 13:45:57 2013 From: maxime.baudin at ac-rennes.fr (Maxime Baudin) Date: Tue, 29 Oct 2013 14:45:57 +0100 Subject: [rancid] rancid for nortel baystack In-Reply-To: References: <52667561.6050204@ac-rennes.fr> Message-ID: <526FBC15.3070201@ac-rennes.fr> Le 22/10/2013 15:46, Daniel Jesus a ?crit : > Hi Maxime, > > I actually got it working....but only to find out there is a bug on > the nortel ios...the terminal lenght 0 command does not work properly. > which OS are you running on yours? it seems that the bug was fixed > from 4.0.5 onwards. Hi, To be honest, I'm using Avaya switch with 5.6.1.053 firmware. Thank you very much, it works like a charm for the 48xx series !! I'll try on 5xxx series, which have an ASCII menu brefore getting to the CLI. thanks a lot (I'll take time to make a diff between your files and mine) > > Anyway, here is my new bnlogin and bnrancid files...give it a try, > maybe it will work properly for you. > > bnlogin - http://pastebin.com/cAgHgBp6 > bnrancid - http://pastebin.com/Yss62mBE > best regards, Maxime -- Maxime Baudin - Rectorat de Rennes SERIA-R, 8 rue Jean-Julien Lemordant - 35000 Rennes Tel : 02 23 42 16 88 Fax : 16 60 E-mail :Maxime.Baudin(at)ac-rennes.fr From AJ.Schroeder at directsupply.com Tue Oct 29 14:53:07 2013 From: AJ.Schroeder at directsupply.com (AJ Schroeder) Date: Tue, 29 Oct 2013 14:53:07 +0000 Subject: [rancid] Rancid and Nortel 8600 In-Reply-To: <526EBF68.2010702@gmail.com> References: <1F169C33264F9A43928391FE5D100EA6B18661@MSG-P-VIR-M-62.mtolympus.partners.directs.com> <526EBF68.2010702@gmail.com> Message-ID: <1F169C33264F9A43928391FE5D100EA6B191FD@MSG-P-VIR-M-62.mtolympus.partners.directs.com> Alan, Thanks for the reply. I ran blogin manually against the device and it logs me right in, however after letting it idle about 30 seconds I get the TIMEOUT reached message: rancid at linux-server:~> bin/blogin host.example.com host.example.com spawn ssh -c 3des -x -l rwa host.example.com rwa at host.example.com's password: Nortel8600:5# Error: TIMEOUT reached rancid at linux-server:~> I may have some fairly aggressive idle timeout configured on the switch, but blogin is successful from the server to the switch. There is no firewall in play either. As far as .cloginrc I only have these three lines uncommented: add user * user add password * pass add method * ssh telnet Thanks, AJ -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon Sent: Monday, October 28, 2013 2:48 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid and Nortel 8600 On 28/10/2013 19:00, AJ Schroeder wrote: > Hello list, > > > > I know that this subject has come up many times before and I have been > searching for answers on this subject and keep running into dead-ends. > I am trying to backup some old 8600 switches with RANCID and much like > the switches themselves, the backups aren't working very well. I have > the device set to "baynet" in the router.db file and this is what I > get in the logs (names changed to x.x.x.x): > > > > Trying to get all of the configs. > > x.x.x.x blogin error: Error: TIMEOUT reached ^^^^^^^^^^^^^^^^^^^^^^ This is your problem. The code is trying to log into the device and it does not succeed. At this point you need to apply regular network troubleshooting techniques as the root cause is usually nothing to do with the rancid code. The "End of run not found" error at this point is not worth looking at further, it means the same as "something went wrong". It's worth repeating at this point that trying various code dumps that show up in google is unlikely to work well for you, you need to take a more structured approach. First, telnet or ssh as appropriate from your rancid host to the device, establish if that works. Then assuming that brancid and blogin are the correct scripts for your device type, run blogin manually and see what happens. This can fail in so many ways, for example: no connectivity between rancid host and device ports 22 and 23 firewalled out device not listening on ports 22 and 23 blogin trying to use an invalid username blogin trying to use an incorrect password and more Don't forget to check that the contents of your ~/.cloginrc are valid and correct. Until you have done these steps, there is very little anyone can do to assist you meaningfully. -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From ramonbatwork at gmail.com Tue Oct 29 18:13:29 2013 From: ramonbatwork at gmail.com (Ramon) Date: Tue, 29 Oct 2013 14:13:29 -0400 Subject: [rancid] Fwd: clogin configuration mode question/prompt missing In-Reply-To: References: Message-ID: I think I might be on the way to resolve this issue. From what I understood this problem could be due to the way clogin reacts to a change in the $prompt from what it normally expects: http://www.gossamer-threads.com/lists/rancid/users/345 Is there a quick way to modify clogin so it accepts these uncommon questions as valid prompts, displaying them and continuing interaction instead of timing-out? To rephrase it, could I add the string "Dynamic mapping in use, do you want to delete all entries? [no]:" as a possible prompt beyond just "router# " and "router(config)# " Thanks in advance! ---------- Forwarded message ---------- From: Ramon Date: Tue, Oct 29, 2013 at 10:16 AM Subject: clogin configuration mode question/prompt missing To: rancid-discuss at shrubbery.net Hello all, When removing a nat overload command on a cisco router *manually* I get: router(config)#no ip nat in source list 122 int g0/1 over Dynamic mapping in use, do you want to delete all entries? [no]: no %Error: Dynamic mapping in use, cannot remove When removing with a script using clogin from rancid suite I don't ever see the question: router(config)#no ip nat in source list 122 int g0/1 over Error: TIMEOUT reached Without the prompt, I cannot include a "yes" line on the configuration script and automate the process. For some reason unknown when clogin pushes the statement it does not receive or displays the question and eventually times out. What could I be missing, afaik clogin uses the same ssh executable I am using on the system when doing the manual push. Thanks for any suggestions! -------------- next part -------------- An HTML attachment was scrubbed... URL: From lind108 at hotmail.com Tue Oct 29 20:26:18 2013 From: lind108 at hotmail.com (Kenneth Lind) Date: Tue, 29 Oct 2013 16:26:18 -0400 Subject: [rancid] Cisco 10k sflog Timestamp Cycling In-Reply-To: <5266DDB3.2010605@gmail.com> References: <5266DDB3.2010605@gmail.com> Message-ID: > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Alan McKinnon > Sent: Tuesday, October 22, 2013 4:19 PM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Cisco 10k sflog Timestamp Cycling > > On 22/10/2013 17:27, Kenneth Lind wrote: > > We recently implemented IPDR on our Cisco 10K uBRs and are now > > receiving diffs for every rancid run about the timestamp for the > sflog: > > > > - !Flash: 6 0 Oct 22 2013 08:46:10 -04:00 sflog > > + !Flash: 6 0 Oct 22 2013 09:37:28 -04:00 sflog > > > > We are running Rancid v2.3.6 which according to the change log > > included the fix for this issue (though in our instance it does not > > appear to be filtered, unless there is an option somewhere that we've > > missed to enable the filtering): > > > > rancid: filter sflog from DirSlotN() for IOS on cisco 10k > > > > I've been able to find mentions of the issue in the discuss archives, > > but none have included a solution. Has anyone been able to hush the > > diffs for the sflog outside of creating a new rancid type and > altering > > the command table to exclude the DirSlotN run? > > I'm not familiar with the 10k but Google indicates they will run > regular IOS. Is that correct? 10k does run IOS. There are some specialized-for-the-purpose commands/configuration, but it is still standard IOS (12.2(33)). > > The code in 2.3.6 does support what the Changelog says: > > sub DirSlotN { > .... > if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { > $_ = "$1" . sprintf("%43s", "") . "$3\n"; > } > .... > } > > but that regex does not match the output you quoted. maybe that was > written for > > Personally, I would simply discard the entire line (you don't want to > keep the timestamp and that is the very thing that is changing) so > modify DirSlotN thusly (add it just before the code above): > > next if ($ios eq "IOS" && /^Flash:.*? sflog$); > > that regex is quite simplistic, you might want to tweak it to be more > specific. > Heasley replied directly to me with the following diff from Rancid v3.0a: Index: lib/ios.pm.in =================================================================== --- lib/ios.pm.in (revision 2731) +++ lib/ios.pm.in (working copy) @@ -884,7 +884,7 @@ # to: # -rw- vlan.dat # -rw- vlan.dat - if (/(dhcp_[^. ]*\.txt|vlan\.dat)\s*$/) { + if (/(dhcp_[^. ]*\.txt|vlan\.dat|sflog)\s*$/) { if (/(\s*\d+)(\s+\S+\s+)(\d+)(\s+)(\w+ \d+\s+\d+ \d+:\d+:\d+ .\d+:\d+)/) { my($fn, $a, $sz, $c, $dt, $rem) = ($1, $2, $3, $4, $5, $'); my($fnl, $szl, $dtl) = (length($fn), length($sz), length($dt)); @@ -921,9 +921,6 @@ if ($ios eq "XE" && /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) { $_ = "$1" . sprintf("%43s", "") . "$3\n"; } - if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { - $_ = "$1" . sprintf("%43s", "") . "$3\n"; - } # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); However, our stock Rancid v2.3.6 looks considerably different and I wasn't able to find the correct location(s) to make the changes. I created a proposed diff with changes matching our stock Rancid as follows and I wonder if anyone has any input (notice the line numbers are considerably different as well as the 'next if' statement): Index: bin/rancid =================================================================== @@ -757,9 +757,9 @@ if ($dev =~ /bootflash/) { next if (/temp_cont\s*$/); next if (/uptime_cont\s*$/); } # Filter dhcp database - next if (/dhcp_[^. ]*\.txt/); + next if (/(dhcp_[^. ]*\.txt|vlan\.dat|sflog)\s*$/) { + if (/(\s*\d+)(\s+\S+\s+)(\d+)(\s+)(\w+ \d+\s+\d+ \d+:\d+:\d+ .\d+:\d+)/) { + my($fn, $a, $sz, $c, $dt, $rem) = ($1, $2, $3, $4, $5, $'); + my($fnl, $szl, $dtl) = (length($fn), length($sz), length($dt)); if ($ios eq "XE" && /.*\((\d+) bytes free\)/) { my($tmp) = $1; if ($tmp >= (1024 * 1024 * 1024)) { $tmp = int($tmp / (1024 * 1024 * 1024)); s/$1 bytes free/$tmp GB free/; } else { $tmp = int($tmp / (1024 * 1024)); s/$1 bytes free/$tmp MB free/; } } if ($ios eq "XE" && /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) { $_ = "$1" . sprintf("%43s", "") . "$3\n"; } @@ -772,9 +772,9 @@ } } if ($ios eq "XE" && /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) { $_ = "$1" . sprintf("%43s", "") . "$3\n"; } - if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { - $_ = "$1" . sprintf("%43s", "") . "$3\n"; - } # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; > Don't stress about maintaining your own patches to make the rancid > scripts do what you intent - every installation I know of accumulating > a rather large number of them :-) It seems to be inevitable > considering the problem we are all using rancid to solve. > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Tue Oct 29 22:27:35 2013 From: heas at shrubbery.net (heasley) Date: Tue, 29 Oct 2013 22:27:35 +0000 Subject: [rancid] Fwd: clogin configuration mode question/prompt missing In-Reply-To: References: Message-ID: <20131029222735.GO54396@shrubbery.net> Tue, Oct 29, 2013 at 02:13:29PM -0400, Ramon: > I think I might be on the way to resolve this issue. From what I understood > this problem could be due to the way clogin reacts to a change in the > $prompt from what it normally expects: > > http://www.gossamer-threads.com/lists/rancid/users/345 > > Is there a quick way to modify clogin so it accepts these uncommon > questions as valid prompts, displaying them and continuing interaction > instead of timing-out? > > To rephrase it, could I add the string "Dynamic mapping in use, do you want > to delete all entries? [no]:" as a possible prompt beyond just "router# " > and "router(config)# " this would be better handled by a script (clogin -s). see rancid*/share/*exp in the rancid dist. From ramonbatwork at gmail.com Tue Oct 29 14:16:15 2013 From: ramonbatwork at gmail.com (Ramon) Date: Tue, 29 Oct 2013 10:16:15 -0400 Subject: [rancid] clogin configuration mode question/prompt missing Message-ID: Hello all, When removing a nat overload command on a cisco router *manually* I get: router(config)#no ip nat in source list 122 int g0/1 over Dynamic mapping in use, do you want to delete all entries? [no]: no %Error: Dynamic mapping in use, cannot remove When removing with a script using clogin from rancid suite I don't ever see the question: st2675(config)#no ip nat in source list 122 int g0/1 over Error: TIMEOUT reached Without the prompt, I cannot include a "yes" line on the configuration script and automate the process. For some reason unknown when clogin pushes the statement it does not receive or displays the question and eventually times out. What could I be missing, afaik clogin uses the same ssh executable I am using on the system when doing the manual push. Thanks for any suggestions! -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Oct 30 06:27:12 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 30 Oct 2013 08:27:12 +0200 Subject: [rancid] Rancid and Nortel 8600 In-Reply-To: <1F169C33264F9A43928391FE5D100EA6B191FD@MSG-P-VIR-M-62.mtolympus.partners.directs.com> References: <1F169C33264F9A43928391FE5D100EA6B18661@MSG-P-VIR-M-62.mtolympus.partners.directs.com> <526EBF68.2010702@gmail.com> <1F169C33264F9A43928391FE5D100EA6B191FD@MSG-P-VIR-M-62.mtolympus.partners.directs.com> Message-ID: <5270A6C0.8040308@gmail.com> Hi AJ, That would explain it. It's most unusual that it happens when brancid is running though, as it's not idle, it's running commands in rapid succession. Tuning back the timeout settings on the switch will probably solve your issue as everything else you mention looks fine. For troubleshooting things like this, I find brancid -d very useful. It dumps the entire *login command to the console where you can copy-paste it and run it repeatedly, plus lots of error output. On 29/10/2013 16:53, AJ Schroeder wrote: > Alan, > > Thanks for the reply. I ran blogin manually against the device and it logs me right in, however after letting it idle about 30 seconds I get the TIMEOUT reached message: > > rancid at linux-server:~> bin/blogin host.example.com > host.example.com > spawn ssh -c 3des -x -l rwa host.example.com > rwa at host.example.com's password: > > Nortel8600:5# > Error: TIMEOUT reached > rancid at linux-server:~> > > I may have some fairly aggressive idle timeout configured on the switch, but blogin is successful from the server to the switch. There is no firewall in play either. > > As far as .cloginrc I only have these three lines uncommented: > > add user * user > add password * pass > add method * ssh telnet > > Thanks, > > AJ > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon > Sent: Monday, October 28, 2013 2:48 PM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Rancid and Nortel 8600 > > On 28/10/2013 19:00, AJ Schroeder wrote: >> Hello list, >> >> >> >> I know that this subject has come up many times before and I have been >> searching for answers on this subject and keep running into dead-ends. >> I am trying to backup some old 8600 switches with RANCID and much like >> the switches themselves, the backups aren't working very well. I have >> the device set to "baynet" in the router.db file and this is what I >> get in the logs (names changed to x.x.x.x): >> >> >> >> Trying to get all of the configs. >> >> x.x.x.x blogin error: Error: TIMEOUT reached > ^^^^^^^^^^^^^^^^^^^^^^ > > This is your problem. The code is trying to log into the device and it does not succeed. At this point you need to apply regular network troubleshooting techniques as the root cause is usually nothing to do with the rancid code. The "End of run not found" error at this point is not worth looking at further, it means the same as "something went wrong". > > It's worth repeating at this point that trying various code dumps that show up in google is unlikely to work well for you, you need to take a more structured approach. > > First, telnet or ssh as appropriate from your rancid host to the device, establish if that works. Then assuming that brancid and blogin are the correct scripts for your device type, run blogin manually and see what happens. This can fail in so many ways, for example: > > no connectivity between rancid host and device ports 22 and 23 firewalled out device not listening on ports 22 and 23 blogin trying to use an invalid username blogin trying to use an incorrect password and more > > Don't forget to check that the contents of your ~/.cloginrc are valid and correct. > > Until you have done these steps, there is very little anyone can do to assist you meaningfully. > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From maxime.baudin at ac-rennes.fr Wed Oct 30 08:04:02 2013 From: maxime.baudin at ac-rennes.fr (Maxime Baudin) Date: Wed, 30 Oct 2013 09:04:02 +0100 Subject: [rancid] rancid for nortel baystack In-Reply-To: <526FBC15.3070201@ac-rennes.fr> References: <52667561.6050204@ac-rennes.fr> <526FBC15.3070201@ac-rennes.fr> Message-ID: <5270BD72.3090501@ac-rennes.fr> Le 29/10/2013 14:45, Maxime Baudin a ?crit : > Le 22/10/2013 15:46, Daniel Jesus a ?crit : >> Hi Maxime, >> >> I actually got it working....but only to find out there is a bug on >> the nortel ios...the terminal lenght 0 command does not work properly. >> which OS are you running on yours? it seems that the bug was fixed >> from 4.0.5 onwards. > > Hi, > To be honest, I'm using Avaya switch with 5.6.1.053 firmware. > > Thank you very much, it works like a charm for the 48xx series !! Errr, my mistakes, same issue with the "terminal length 0" command :( Maxime -- Maxime Baudin - Rectorat de Rennes SERIA-R, 8 rue Jean-Julien Lemordant - 35000 Rennes Tel : 02 23 42 16 88 Fax : 16 60 E-mail :Maxime.Baudin(at)ac-rennes.fr From heas at shrubbery.net Wed Oct 30 22:18:57 2013 From: heas at shrubbery.net (heasley) Date: Wed, 30 Oct 2013 22:18:57 +0000 Subject: [rancid] Rancid and Nortel 8600 In-Reply-To: <5270A6C0.8040308@gmail.com> References: <1F169C33264F9A43928391FE5D100EA6B18661@MSG-P-VIR-M-62.mtolympus.partners.directs.com> <526EBF68.2010702@gmail.com> <1F169C33264F9A43928391FE5D100EA6B191FD@MSG-P-VIR-M-62.mtolympus.partners.directs.com> <5270A6C0.8040308@gmail.com> Message-ID: <20131030221857.GI23534@shrubbery.net> Wed, Oct 30, 2013 at 08:27:12AM +0200, Alan McKinnon: > Hi AJ, > > That would explain it. > > It's most unusual that it happens when brancid is running though, as > it's not idle, it's running commands in rapid succession. Tuning back > the timeout settings on the switch will probably solve your issue as > everything else you mention looks fine. > > For troubleshooting things like this, I find > > brancid -d > > very useful. It dumps the entire *login command to the console where you > can copy-paste it and run it repeatedly, plus lots of error output. > > > > On 29/10/2013 16:53, AJ Schroeder wrote: > > Alan, > > > > Thanks for the reply. I ran blogin manually against the device and it logs me right in, however after letting it idle about 30 seconds I get the TIMEOUT reached message: its not completing the login - its not matching the prompt that its looking for, it'd gone into interactive mode at this point and you'd be able to type at the prompt. blogin -d host will help you debug. > > rancid at linux-server:~> bin/blogin host.example.com > > host.example.com > > spawn ssh -c 3des -x -l rwa host.example.com > > rwa at host.example.com's password: > > > > Nortel8600:5# > > Error: TIMEOUT reached > > rancid at linux-server:~> From ab at lists.gxis.de Thu Oct 31 07:56:43 2013 From: ab at lists.gxis.de (Alexander Bochmann) Date: Thu, 31 Oct 2013 08:56:43 +0100 Subject: [rancid] Rancid and Fortinet Vdoms In-Reply-To: References: Message-ID: <20131031075643.GC24262@gxis.de> Question is a couple of weeks old, but as there was no answer on the list - ...on Wed, Oct 09, 2013 at 02:40:01PM +0200, toad toad wrote: > I've a problem with a Fortinet that uses VDOMs. As I understand (I'm not a > Fortinet expert, I'm just in charge of the backups), I only get the > configuration of the VDOM that the backup user is part of. I don't currently use rancid to backup Fortigate configurations, but your firewall people should be able to create a global read-only admin user that has access to all VDOM configurations (the predefined accprofile "super_admin" is read/write for all VDOMs, for example). As recent versions of fnrancid run "show full-configuration", you should then get complete config data, global and for all vdoms. Alex. From lind108 at hotmail.com Thu Oct 31 15:34:51 2013 From: lind108 at hotmail.com (Kenneth Lind) Date: Thu, 31 Oct 2013 11:34:51 -0400 Subject: [rancid] Cisco 10k sflog Timestamp Cycling In-Reply-To: <20131030224147.GJ23534@shrubbery.net> References: <5266DDB3.2010605@gmail.com> <20131030224147.GJ23534@shrubbery.net> Message-ID: > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Wednesday, October 30, 2013 6:42 PM > To: Kenneth Lind > Subject: Re: [rancid] Cisco 10k sflog Timestamp Cycling > > Tue, Oct 29, 2013 at 04:26:18PM -0400, Kenneth Lind: > > > -----Original Message----- > > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > > bounces at shrubbery.net] On Behalf Of Alan McKinnon > > > Sent: Tuesday, October 22, 2013 4:19 PM > > > To: rancid-discuss at shrubbery.net > > > Subject: Re: [rancid] Cisco 10k sflog Timestamp Cycling > > > > > > On 22/10/2013 17:27, Kenneth Lind wrote: > > > > We recently implemented IPDR on our Cisco 10K uBRs and are now > > > > receiving diffs for every rancid run about the timestamp for the > > > sflog: > > > > > > > > - !Flash: 6 0 Oct 22 2013 08:46:10 -04:00 sflog > > > > + !Flash: 6 0 Oct 22 2013 09:37:28 -04:00 sflog > > > > > > > > We are running Rancid v2.3.6 which according to the change log > > > > included the fix for this issue (though in our instance it does > > > > not appear to be filtered, unless there is an option somewhere > > > > that we've missed to enable the filtering): > > > > > > > > rancid: filter sflog from DirSlotN() for IOS on cisco 10k > > > > > > > > I've been able to find mentions of the issue in the discuss > > > > archives, but none have included a solution. Has anyone been able > > > > to hush the diffs for the sflog outside of creating a new rancid > > > > type and > > > altering > > > > the command table to exclude the DirSlotN run? > > > > > > I'm not familiar with the 10k but Google indicates they will run > > > regular IOS. Is that correct? > > > > 10k does run IOS. There are some specialized-for-the-purpose > > commands/configuration, but it is still standard IOS (12.2(33)). > > > > > > > > The code in 2.3.6 does support what the Changelog says: > > > > > > sub DirSlotN { > > > .... > > > if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { > > > $_ = "$1" . sprintf("%43s", "") . "$3\n"; > > > } > > > .... > > > } > > > > > > but that regex does not match the output you quoted. maybe that was > > > written for > > > > > > Personally, I would simply discard the entire line (you don't want > > > to keep the timestamp and that is the very thing that is changing) > > > so modify DirSlotN thusly (add it just before the code above): > > > > > > next if ($ios eq "IOS" && /^Flash:.*? sflog$); > > > > > > that regex is quite simplistic, you might want to tweak it to be > > > more specific. > > > > > > > Heasley replied directly to me with the following diff from Rancid > v3.0a: > > Index: lib/ios.pm.in > > =================================================================== > > --- lib/ios.pm.in (revision 2731) > > +++ lib/ios.pm.in (working copy) > > @@ -884,7 +884,7 @@ > > # to: > > # -rw- vlan.dat > > # -rw- vlan.dat > > - if (/(dhcp_[^. ]*\.txt|vlan\.dat)\s*$/) { > > + if (/(dhcp_[^. ]*\.txt|vlan\.dat|sflog)\s*$/) { > > if (/(\s*\d+)(\s+\S+\s+)(\d+)(\s+)(\w+ \d+\s+\d+ \d+:\d+:\d+ > > .\d+:\d+)/) { > > my($fn, $a, $sz, $c, $dt, $rem) = ($1, $2, $3, $4, $5, $'); > > my($fnl, $szl, $dtl) = (length($fn), length($sz), > length($dt)); @@ > > -921,9 +921,6 @@ > > if ($ios eq "XE" && /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) { > > $_ = "$1" . sprintf("%43s", "") . "$3\n"; > > } > > - if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { > > - $_ = "$1" . sprintf("%43s", "") . "$3\n"; > > - } > > # the pager can not be disabled per-session on the PIX > > if (/^(<-+ More -+>)/) { > > my($len) = length($1); > > > > > > However, our stock Rancid v2.3.6 looks considerably different and I > > wasn't able to find the correct location(s) to make the changes. > > > > I created a proposed diff with changes matching our stock Rancid as > > follows and I wonder if anyone has any input (notice the line numbers > > are considerably different as well as the 'next if' statement): > > and i replied about your diff below. did you try it? you can try it > without changing your installed based. ./rancid hostname; diff > ~rancid/group/ configs/hostname hostname.new Applying the below proposed changes caused the following errors in the log: Execution of /usr/local/rancid/bin/rancid aborted due to compilation errors. syntax error at /usr/local/rancid/bin/rancid line 759, near ") {" Can't use global $1 in "my" at /usr/local/rancid/bin/rancid line 761, near "($1" Missing right curly or square bracket at /usr/local/rancid/bin/rancid line 2085, at end of line > > > Index: bin/rancid > > =================================================================== > > @@ -757,9 +757,9 @@ > > if ($dev =~ /bootflash/) { > > next if (/temp_cont\s*$/); > > next if (/uptime_cont\s*$/); > > } > > # Filter dhcp database > > - next if (/dhcp_[^. ]*\.txt/); > > + next if (/(dhcp_[^. ]*\.txt|vlan\.dat|sflog)\s*$/) { > > + if (/(\s*\d+)(\s+\S+\s+)(\d+)(\s+)(\w+ \d+\s+\d+ \d+:\d+:\d+ > > .\d+:\d+)/) { > > + my($fn, $a, $sz, $c, $dt, $rem) = ($1, $2, $3, $4, $5, $'); > > + my($fnl, $szl, $dtl) = (length($fn), length($sz), > > length($dt)); > > > > if ($ios eq "XE" && /.*\((\d+) bytes free\)/) { > > my($tmp) = $1; > > if ($tmp >= (1024 * 1024 * 1024)) { > > $tmp = int($tmp / (1024 * 1024 * 1024)); > > s/$1 bytes free/$tmp GB free/; > > } else { > > $tmp = int($tmp / (1024 * 1024)); > > s/$1 bytes free/$tmp MB free/; > > } > > } > > if ($ios eq "XE" && /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) > { > > $_ = "$1" . sprintf("%43s", "") . "$3\n"; > > } > > > > @@ -772,9 +772,9 @@ > > } > > } > > if ($ios eq "XE" && /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) > { > > $_ = "$1" . sprintf("%43s", "") . "$3\n"; > > } > > - if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) { > > - $_ = "$1" . sprintf("%43s", "") . "$3\n"; > > - } > > # the pager can not be disabled per-session on the PIX > > if (/^(<-+ More -+>)/) { > > my($len) = length($1); > > s/^$1\s{$len}//; > > > > > Don't stress about maintaining your own patches to make the rancid > > > scripts do what you intent - every installation I know of > > > accumulating a rather large number of them :-) It seems to be > > > inevitable considering the problem we are all using rancid to > solve. > > > > > > > > > -- > > > Alan McKinnon > > > alan.mckinnon at gmail.com > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Thu Oct 31 18:56:21 2013 From: heas at shrubbery.net (heasley) Date: Thu, 31 Oct 2013 18:56:21 +0000 Subject: [rancid] Rancid 3.0 License Change In-Reply-To: References: <20130927172626.GB31713@shrubbery.net> Message-ID: <20131031185621.GC57802@shrubbery.net> Fri, Sep 27, 2013 at 02:08:16PM -0400, Tom Limoncelli: > Reducing customer support costs low is an important goal. I think the > problem is that going about it via license strictions brings problems for > certain Linux distros that have rules about what can and can not be in the > licenses of software they package. > > That said, there should be other ways to get the same goal: > > Some suggestions: > > 1. Calculate a hash or checksum of the file and print a warning if it is > different. If it was an error the repackagers would also update the > checksum. If it is an innocent, "Default rancid.types.base is in use: > TRUE" (or FALSE) message they'll be less likely to want to remove it. > > 2. If the file has changed, the startup banner should list the version > number with an "X" appended. When people list the version number > (typically part of any service engagement) you'll immediately know if the > file was non-standard. > > 3. Make it significantly easier to NOT change the file. For example, add > a "conf.d" directory for people to add configs that are read after the main > file. People can insert individual files for individual models. The new version makes it easier for folks to add their own models/types. Which hopefully will help folks update more easily too. And, clause 6 is no longer a condition of license. if it causes problems, we'll implement your suggestions 1 & 2. > 4. Shame the people that do change it. Set up a web page called "The > Naughty RANCID Distro list" which lists vendors that are known to have > shipped a modified file. Include a link to instructions that explain how > not to change the file. > > Those are just a few thoughts. > > Hope that helps, indeed. > Tom > > -- > Email: tal at whatexit.org Work: tlimoncelli at StackOverflow.com > Skype: YesThatTom > Blog: http://EverythingSysadmin.com