From SRonan at eexchange.com Tue Apr 1 20:46:41 2014 From: SRonan at eexchange.com (Shane Ronan) Date: Tue, 1 Apr 2014 20:46:41 +0000 Subject: [rancid] No "Show VLAN" on Cisco 3750 Message-ID: I am trying to determine why Rancid isn?t recording the output of ?show vlan? on my Cisco 3750G, (WS-C3750G-24TS) running 12.1(14r)EA1a It collects and records this data for all other Cisco equipment types. Help is appreciated. Shane Ronan, Vice President ? Technology Architect State Street Global Exchange | 600 College Road East | Princeton, NJ 08540 P (212) 259-3023 | M (347) 413-4503 sronan at eexchange.com ________________________________ http://www.statestreet.com/emaildisclaimer/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From SRonan at eexchange.com Tue Apr 1 21:06:04 2014 From: SRonan at eexchange.com (Shane Ronan) Date: Tue, 1 Apr 2014 21:06:04 +0000 Subject: [rancid] No "Show VLAN" on Cisco 3750 In-Reply-To: References: Message-ID: That was EXACTLY my issue. I added ?Client? to the list and I am now collecting the information. Shane Ronan, Vice President ? Technology Architect State Street Global Exchange | 600 College Road East | Princeton, NJ 08540 P (212) 259-3023 | M (347) 413-4503 sronan at eexchange.com From: , "Skye (skyeh at uidaho.edu)" > Date: Tuesday, April 1, 2014 at 5:02 PM To: Shane Ronan >, "Rancid-discuss at shrubbery.net" > Subject: Re: [rancid] No "Show VLAN" on Cisco 3750 Check your VTP setting. If it is set to 'client', it will not pick up the VLAN information. Here is part of the relevant code, assuming version 2.3.6. I have slightly modified this to work with the Cisco ME3600 Skye. sub ShowVTP { print STDERR " In ShowVTP: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if (/Line has invalid autocommand /); return(1) if (/(Invalid (input|command) detected|Type help or )/i); #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); return(-1) if (/command authorization failed/i); next if (/^Configuration last modified by/); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { <====== Check and set flag here $DO_SHOW_VLAN = 1; } ProcessHistory("COMMENTS","keysort","I0","!VTP: $_"); } ProcessHistory("COMMENTS","keysort","I0","!\n"); return(0); } # This routine parses "show vlan" sub ShowVLAN { print STDERR " In ShowVLAN: $_" if ($debug); # ($_ = , return(1)) if (!$DO_SHOW_VLAN); <====== Skip if flag set while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if (/Line has invalid autocommand /); return(1) if (/(Invalid (input|command) detected|Type help or )/i); return(1) if (/Ambiguous command/i); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } ProcessHistory("COMMENTS","keysort","IO","!VLAN: $_"); } ProcessHistory("COMMENTS","keysort","IO","!\n"); return(0); } From: Shane Ronan > Date: Tuesday, April 1, 2014 1:46 PM To: "Rancid-discuss at shrubbery.net" > Subject: [rancid] No "Show VLAN" on Cisco 3750 I am trying to determine why Rancid isn?t recording the output of ?show vlan? on my Cisco 3750G, (WS-C3750G-24TS) running 12.1(14r)EA1a It collects and records this data for all other Cisco equipment types. Help is appreciated. Shane Ronan, Vice President ? Technology Architect State Street Global Exchange | 600 College Road East | Princeton, NJ 08540 P (212) 259-3023 | M (347) 413-4503 sronan at eexchange.com ________________________________ http://www.statestreet.com/emaildisclaimer/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Apr 1 22:26:39 2014 From: heas at shrubbery.net (heasley) Date: Tue, 1 Apr 2014 22:26:39 +0000 Subject: [rancid] Cisco Banner Issue In-Reply-To: <20140401220943.B5592582A@guelah.shrubbery.net> <5339D159.8000409@ale.cx> Message-ID: <20140401222639.GN25121@shrubbery.net> Mon, Mar 31, 2014 at 09:34:33PM +0100, Alex DEKKER: > On 31/03/14 04:57, heasley wrote: > > develop a process to wait to see if > > anything follows the # or >, which has its own set of pitfalls. > > I [sitting in my armchair, not being the developer] think this idea has > some mileage. Would it be unreasonable to wait n seconds after a # to > determine that it's a prompt? Obviously if you do this then you'd have > to add a knob to tweak for those who are taking backups over satellite > links &c. > > Perhaps you could be a bit cleverer - if a router is delivering 20 > lines/sec of output, then you'll know within 0.5sec if it's finished, > although some seem to always be slow when delivering certain sections of > config. Pitfalls indeed! Something like this could [mostly] work. Index: clogin.in =================================================================== --- clogin.in (revision 2802) +++ clogin.in (working copy) @@ -575,7 +575,21 @@ } -re "$prompt" { set prompt_match $expect_out(0,string); - break; + expect { + " " { exp_continue } + -re ".+" { + unset prompt_match; + break + } + timeout { set to 1; + break + } + } + if {$to == 1} { + unset to; + break + } + exp_continue; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; but without constraining the timeout somehow, thats much to slow for my patience. it also doesnt deal with eof. how to arrive at a reliable timeout is a another question. what is too long or short? can the previous input rate simply be measured? is the link congested or is there routing instability producing massively variable throughput? maybe some would argue that last bit can be ignored; i think that makes it unreliable and more difficult to support. i am far more inclined to say dont do it (or have banners at all); the price of admission. or, if you must have #s in your banner, do not use autoenable, so its looking for >s - which is also a poor solution, as it would be better for clogin not to care about autoenable, so it would be looking for [>#] by default. i am however open to adding a cloginrc variable to constrain the prompt match; eg: "^[ \n\r]+[#>]". thereby, you could have whatever you wanted in your banner as long as the first character of the line is a space - for example. and open to other suggestions or proving me wrong :) From heas at shrubbery.net Tue Apr 1 22:31:07 2014 From: heas at shrubbery.net (heasley) Date: Tue, 1 Apr 2014 22:31:07 +0000 Subject: [rancid] Cisco Banner Issue In-Reply-To: <5339DC2F.4070200@gmail.com> References: <532AB476.2060509@gmx.de> <532ABC14.4090109@gmail.com> <532AF782.3010901@ale.cx> <532B08A5.30305@gmail.com> <532C12E7.8010906@chalmers.se> <20140331035754.GJ93763@shrubbery.net> <5339D159.8000409@ale.cx> <5339DC2F.4070200@gmail.com> Message-ID: <20140401223107.GO25121@shrubbery.net> Mon, Mar 31, 2014 at 11:20:47PM +0200, Alan McKinnon: > However a case can be made for hosting a few > patchsets that modify prompt detection and clearly document the > requirements that must be in place to use them properly. Admins can then > use these at their discretion. i'm willing to do this too; just dont be offended if i comments about corner cases. :) From skyeh at uidaho.edu Tue Apr 1 21:02:41 2014 From: skyeh at uidaho.edu (Hagen, Skye (skyeh@uidaho.edu)) Date: Tue, 1 Apr 2014 21:02:41 +0000 Subject: [rancid] No "Show VLAN" on Cisco 3750 Message-ID: Check your VTP setting. If it is set to 'client', it will not pick up the VLAN information. Here is part of the relevant code, assuming version 2.3.6. I have slightly modified this to work with the Cisco ME3600 Skye. sub ShowVTP { print STDERR " In ShowVTP: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if (/Line has invalid autocommand /); return(1) if (/(Invalid (input|command) detected|Type help or )/i); #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); return(-1) if (/command authorization failed/i); next if (/^Configuration last modified by/); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { <====== Check and set flag here $DO_SHOW_VLAN = 1; } ProcessHistory("COMMENTS","keysort","I0","!VTP: $_"); } ProcessHistory("COMMENTS","keysort","I0","!\n"); return(0); } # This routine parses "show vlan" sub ShowVLAN { print STDERR " In ShowVLAN: $_" if ($debug); # ($_ = , return(1)) if (!$DO_SHOW_VLAN); <====== Skip if flag set while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if (/Line has invalid autocommand /); return(1) if (/(Invalid (input|command) detected|Type help or )/i); return(1) if (/Ambiguous command/i); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } ProcessHistory("COMMENTS","keysort","IO","!VLAN: $_"); } ProcessHistory("COMMENTS","keysort","IO","!\n"); return(0); } From: Shane Ronan > Date: Tuesday, April 1, 2014 1:46 PM To: "Rancid-discuss at shrubbery.net" > Subject: [rancid] No "Show VLAN" on Cisco 3750 I am trying to determine why Rancid isn't recording the output of "show vlan" on my Cisco 3750G, (WS-C3750G-24TS) running 12.1(14r)EA1a It collects and records this data for all other Cisco equipment types. Help is appreciated. Shane Ronan, Vice President - Technology Architect State Street Global Exchange | 600 College Road East | Princeton, NJ 08540 P (212) 259-3023 | M (347) 413-4503 sronan at eexchange.com ________________________________ http://www.statestreet.com/emaildisclaimer/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From peo at chalmers.se Wed Apr 2 08:46:23 2014 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 2 Apr 2014 10:46:23 +0200 Subject: [rancid] Cisco Banner Issue In-Reply-To: <20140331035754.GJ93763@shrubbery.net> References: <532AB476.2060509@gmx.de> <532ABC14.4090109@gmail.com> <532AF782.3010901@ale.cx> <532B08A5.30305@gmail.com> <532C12E7.8010906@chalmers.se> <20140331035754.GJ93763@shrubbery.net> Message-ID: <533BCE5F.8090909@chalmers.se> On 03/31/2014 05:57 AM, heasley wrote: > Fri, Mar 21, 2014 at 11:22:31AM +0100, Per-Olof Olsson: >> Alan McKinnon skrev 2014-03-20 16:26: >>> On 20/03/2014 16:13, Alex DEKKER wrote: >>>> On 20/03/14 09:59, Alan McKinnon wrote: >>>>> On 20/03/2014 11:27, Hans Mueller wrote: >>>>>> * Auftragsnummer: XY#763743 * >>>>>> One possibility is ignore lines containing "#" that also have whitespace >>>>>> earlier in the line. Those always seem to be banner text and real-life >>>>>> cli prompts seldom contain whitespace >>>>>> >>>> Yeah, surely the only time that the # is a prompt is when it's the last >>>> character on a line *and* no further output is forthcoming? >>>> >>>> alexd >>> >>> >>> >>> In an ideal, theoretical world that is true. Neither of us live in such >>> a world and prompts are often not what they should be. >>> >>> >> >> Yes and it's simple to fix. >> >> *** clogin 2014-03-21 11:14:48.163493260 +0100 >> --- clogin.new 2014-03-21 11:06:19.711260482 +0100 >> *************** >> *** 572,577 **** >> --- 572,580 ---- >> send -- "$passphrase\r" >> exp_continue >> } >> + -re "\[#>]+\[^\r\n]*\[\r\n]+" { >> + exp_continue >> + } > > i maintain the assertion that you can not rely upon receiving complete > lines. expect may see > > b > or > blah# > or > blah# > or > blah# > > there is no way to know what will be in the input buffer. ie: you may get > lucky, but this is not a reliable fix. the only reliable fixes what i can > think of would be to be more specific about prompt match (eg: a new clogin > setting) for the given device or develop a process to wait to see if > anything follows the # or >, which has its own set of pitfalls. > > if you disagree, please explain why. 100% strict/safe programming, NO but consider if you can tolerate 99% safe. 1. Rancid will retry more then ones to login. Weak help for buffering problems. 2. Expect is a nice tool to handle and sync buffers. Possible that I trust it for more then I should. Hope new faster devices and network will make buffering problem less noticeable 3. Will this code harm login for any device? Even if it not 100% safe I think it will help a lot. You can also add a warning when *login skips a line. -re "\[#>]+\[^\r\n]*\[\r\n]+" { send_user "\nWARNING harmful prompter character found at login before command prompt\n" exp_continue } If you have a company wide banner you will hopefully see the warning from your devices. Also possible that you have more the one of a type, and one is lucky to show a warning. 4. I like to push he idea of having for prompt defined in clogrc as far away as possible for now. Just think how to write a quoted expect regexp for a unix based device using full prompt with text, time stamp, command number, bells and other control characters. Possible needed anyhow. Just some argues /Peo > >> -re "$u_prompt" { >> send -- "$user\r" >> set uprompt_seen 1 >> >> >> Also tested and include in hlogin. >> >> Then you can have how many # and > you like in banners. >> >> >> /Peo >> ---------------------------------------------------------- >> Per-Olof Olsson Email: peo at chalmers.se >> Chalmers tekniska h?gskola IT-service >> Arvid Hedvalls backe 6 412 96 G?teborg >> Tel: 031/772 6738 Fax: 031/772 8680 >> ---------------------------------------------------------- >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss From willie.s.hinote at nasa.gov Thu Apr 3 20:39:19 2014 From: willie.s.hinote at nasa.gov (Hinote, Scotty (MSFC-IS40)[NICS]) Date: Thu, 3 Apr 2014 20:39:19 +0000 Subject: [rancid] fortigate paging suppression Message-ID: Hi All, I have some new fortigates that I need to backup with RANCID. They are running config-version FW60C-5.00. When I back them up the paging lines show up in the config on the same line as some part of the config eg. "--More-- next". I have tried patching the original fnlogin with the following. - -gl "--More--" { send " " + -gl "--More--\[^\n\r]*" { send " " exp_continue - -re "\[\n\r]+" { exp_continue } } + -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" + exp_continue } + } I still get the pages in the config. I tried a newer version of fnlogin from https://github.com/renard/rancid/blob/master/bin/fnlogin.in but have the same result. I am currently running RANCID 2.3.6-1.el5 and will not be upgrading to a newer version for at least another month or two. Is there a way to make this work with my current fnlogin and RANCID version? Regards, Scotty -------------- next part -------------- An HTML attachment was scrubbed... URL: From fanachos at gmail.com Mon Apr 7 16:09:35 2014 From: fanachos at gmail.com (Andrei Sabau) Date: Mon, 7 Apr 2014 19:09:35 +0300 Subject: [rancid] rancid -t cisco host works but rancid host does not. Message-ID: Hello. I've recently installed Rancid on a Centos 6. I have worked with it before a bit but never encountered this issue. I have hosts assigned in the hosts file. I have the host added in /router.db The clogin command works. The clogin -c command works. The log from run-rancid shows almost empty. I tried running the comands separately but 'rancid host' gives me a: loadtype(): device_type is empty Couldn't load device type spec for but 'rancid -t cisco host' works. I'm thinking this has to do with rancid and the group's router.db. my group is in rancid.conf (LIST_OF_GROUPS="networking") but is the networking/router.db even read? Any ideas are helpful, thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From fabizs at yahoo.com Thu Apr 10 15:12:22 2014 From: fabizs at yahoo.com (Fabio Santos) Date: Thu, 10 Apr 2014 08:12:22 -0700 (PDT) Subject: [rancid] Erro with Rancid on solaris 10. Message-ID: <1397142742.33153.YahooMailNeo@web121905.mail.ne1.yahoo.com> Hi all, I'm trying to compile rancid 3.0 on solaris 10, the ./configure command works fine. but when i try make i received the erro above, Making all in bin gmake[1]: Entering directory `/tmp/rancid-3.0/bin' gcc -DHAVE_CONFIG_H -I. -I../include ? ? -g -O0 -MT hpuifilter.o -MD -MP -MF .deps/hpuifilter.Tpo -c -o hpuifilter.o hpuifilter.c mv -f .deps/hpuifilter.Tpo .deps/hpuifilter.Po gcc ?-g -O0 ? -o hpuifilter hpuifilter.o gcc -DHAVE_CONFIG_H -I. -I../include ? ? -g -O0 -MT par.o -MD -MP -MF .deps/par.Tpo -c -o par.o par.c mv -f .deps/par.Tpo .deps/par.Po gcc ?-g -O0 ? -o par par.o Undefined ? ? ? ? ? ? ? ? ? ? ? first referenced ?symbol ? ? ? ? ? ? ? ? ? ? ? ? ? ? in file asprintf ? ? ? ? ? ? ? ? ? ? ? ? ? ?par.o ld: fatal: Symbol referencing errors. No output written to par gmake[1]: *** [par] Error 1 gmake[1]: Leaving directory `/tmp/rancid-3.0/bin' make: *** [all-recursive] Error 1 bash-3.00# Someone know how can i fix this problem? Att, -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlesg at unixrealm.com Fri Apr 11 20:01:47 2014 From: charlesg at unixrealm.com (Charles Gagnon) Date: Fri, 11 Apr 2014 16:01:47 -0400 Subject: [rancid] So close yet.... Message-ID: So I just tried deploying rancid on a RHEL 6.2 box. I have: rancid 3.0 perl v5.10.1 expect version 5.44.1.15 It seems close to working but whenever I run 'rancid-run', routers end-up in the routers.down file. I am testing right now with a single entry in my router.db. I tested w/ clogin myrouter (which works) I can also do rancid -t cisco myroute (and it also saves a file) If I run "rancid myrouter" it failed with: $ rancid myrouter loadtype(): device_type is empty Couldn't load device type spec for But this may be normal. rancid-run returns no errors. Returns in a few seconds with no output. What is the best way to troubleshoot this? I check my .db file and it is NOT DOS format. How can I tell if I have a problem with my file. Any good way to troubleshoot this? -- Charles Gagnon charlesg at unixrealm.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ler762 at gmail.com Sat Apr 12 15:55:32 2014 From: ler762 at gmail.com (Lee) Date: Sat, 12 Apr 2014 11:55:32 -0400 Subject: [rancid] So close yet.... In-Reply-To: References: Message-ID: On 4/12/14, Charles Gagnon wrote: > Thanks to all for the help. I'm new to Rancid and I missed the change from > ":" to ";" so I was still using a pre-3.0 DB format. I had the same problem when trying out the 3.0alpha. This should be the very first item in the CHANGES file for 3.0: router.db,rancid.types.*: change field separator to ';' (semi-colon) to allow for IPv6 addresses in router.db and avoid conflict with :s in device commands and perl module names Lee From ler762 at gmail.com Sat Apr 12 14:16:43 2014 From: ler762 at gmail.com (Lee) Date: Sat, 12 Apr 2014 10:16:43 -0400 Subject: [rancid] So close yet.... In-Reply-To: References: Message-ID: > rancid-run returns no errors. Returns in a few seconds with no output. What > is the best way to troubleshoot this? Take a look at http://www.shrubbery.net/rancid/FAQ 3) General Q. I have a (set of) device(s) on which collection fails. How can I debug this? What I'm not seeing in the FAQ is a note that if you've been using rancid 2.x the router.db separator character changed from : to ; 2.3.8 router.db: cisco-router.domain.com:cisco:up 3.0 router.db: cisco-router.domain.com;cisco;up Regards, Lee On 4/11/14, Charles Gagnon wrote: > So I just tried deploying rancid on a RHEL 6.2 box. I have: > > rancid 3.0 > perl v5.10.1 > expect version 5.44.1.15 > > It seems close to working but whenever I run 'rancid-run', routers end-up > in the routers.down file. I am testing right now with a single entry in my > router.db. > > I tested w/ clogin myrouter (which works) > I can also do rancid -t cisco myroute (and it also saves a file) > > If I run "rancid myrouter" it failed with: > $ rancid myrouter > loadtype(): device_type is empty > Couldn't load device type spec for > > But this may be normal. > > rancid-run returns no errors. Returns in a few seconds with no output. What > is the best way to troubleshoot this? > > I check my .db file and it is NOT DOS format. How can I tell if I have a > problem with my file. > > Any good way to troubleshoot this? > > -- > Charles Gagnon > charlesg at unixrealm.com > From charlesg at unixrealm.com Sat Apr 12 14:38:13 2014 From: charlesg at unixrealm.com (Charles Gagnon) Date: Sat, 12 Apr 2014 10:38:13 -0400 Subject: [rancid] So close yet.... In-Reply-To: References: Message-ID: Thanks to all for the help. I'm new to Rancid and I missed the change from ":" to ";" so I was still using a pre-3.0 DB format. Thanks again for the help. Looking forward to setting up more devices. On Sat, Apr 12, 2014 at 10:16 AM, Lee wrote: > > rancid-run returns no errors. Returns in a few seconds with no output. > What > > is the best way to troubleshoot this? > > Take a look at http://www.shrubbery.net/rancid/FAQ > 3) General > Q. I have a (set of) device(s) on which collection fails. How can I debug > this? > > What I'm not seeing in the FAQ is a note that if you've been using > rancid 2.x the router.db separator character changed from : to ; > 2.3.8 router.db: > cisco-router.domain.com:cisco:up > > 3.0 router.db: > cisco-router.domain.com;cisco;up > > Regards, > Lee > > > On 4/11/14, Charles Gagnon wrote: > > So I just tried deploying rancid on a RHEL 6.2 box. I have: > > > > rancid 3.0 > > perl v5.10.1 > > expect version 5.44.1.15 > > > > It seems close to working but whenever I run 'rancid-run', routers end-up > > in the routers.down file. I am testing right now with a single entry in > my > > router.db. > > > > I tested w/ clogin myrouter (which works) > > I can also do rancid -t cisco myroute (and it also saves a file) > > > > If I run "rancid myrouter" it failed with: > > $ rancid myrouter > > loadtype(): device_type is empty > > Couldn't load device type spec for > > > > But this may be normal. > > > > rancid-run returns no errors. Returns in a few seconds with no output. > What > > is the best way to troubleshoot this? > > > > I check my .db file and it is NOT DOS format. How can I tell if I have a > > problem with my file. > > > > Any good way to troubleshoot this? > > > > -- > > Charles Gagnon > > charlesg at unixrealm.com > > > -- Charles Gagnon charlesg at unixrealm.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From willie.s.hinote at nasa.gov Mon Apr 14 15:57:01 2014 From: willie.s.hinote at nasa.gov (Hinote, Scotty (MSFC-IS40)[NICS]) Date: Mon, 14 Apr 2014 15:57:01 +0000 Subject: [rancid] fortigate paging suppression In-Reply-To: References: Message-ID: I am still looking for assistance with this issue if anyone has a found a way to remove the paging messages from backed up device configurations. Thank you, Scotty From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Hinote, Scotty (MSFC-IS40)[NICS] Sent: Thursday, April 03, 2014 3:39 PM To: rancid-discuss at shrubbery.net Subject: [rancid] fortigate paging suppression Hi All, I have some new fortigates that I need to backup with RANCID. They are running config-version FW60C-5.00. When I back them up the paging lines show up in the config on the same line as some part of the config eg. "--More-- next". I have tried patching the original fnlogin with the following. - -gl "--More--" { send " " + -gl "--More--\[^\n\r]*" { send " " exp_continue - -re "\[\n\r]+" { exp_continue } } + -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" + exp_continue } + } I still get the pages in the config. I tried a newer version of fnlogin from https://github.com/renard/rancid/blob/master/bin/fnlogin.in but have the same result. I am currently running RANCID 2.3.6-1.el5 and will not be upgrading to a newer version for at least another month or two. Is there a way to make this work with my current fnlogin and RANCID version? Regards, Scotty -------------- next part -------------- An HTML attachment was scrubbed... URL: From Vyankat at servercentral.in Tue Apr 15 09:50:40 2014 From: Vyankat at servercentral.in (Vyankat Gaddamwar) Date: Tue, 15 Apr 2014 09:50:40 +0000 Subject: [rancid] Rancid 3.0 config problem Message-ID: <1BC77AFAFC959B489F6AF46797559ADED2C1F01E@SOLNA-MBX01.nschmc.local> Hi, I installed rancid 3.0 and configured properly as per documentation but when I run bin/rancid-run no output and logs are empty. Any good way to troubleshoot this? /venky -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Tue Apr 15 10:54:24 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 15 Apr 2014 12:54:24 +0200 Subject: [rancid] Rancid 3.0 config problem In-Reply-To: <1BC77AFAFC959B489F6AF46797559ADED2C1F01E@SOLNA-MBX01.nschmc.local> References: <1BC77AFAFC959B489F6AF46797559ADED2C1F01E@SOLNA-MBX01.nschmc.local> Message-ID: <534D0FE0.107@gmail.com> On 15/04/2014 11:50, Vyankat Gaddamwar wrote: > Hi, > > > > I installed rancid 3.0 and configured properly as per documentation but > when I run bin/rancid-run no output and logs are empty. > > Any good way to troubleshoot this? Did you replace the ":" separators in all router.db files with ";"? -- Alan McKinnon alan.mckinnon at gmail.com From Vyankat at servercentral.in Tue Apr 15 11:36:12 2014 From: Vyankat at servercentral.in (Vyankat Gaddamwar) Date: Tue, 15 Apr 2014 11:36:12 +0000 Subject: [rancid] Rancid 3.0 config problem In-Reply-To: <534D0FE0.107@gmail.com> References: <1BC77AFAFC959B489F6AF46797559ADED2C1F01E@SOLNA-MBX01.nschmc.local> <534D0FE0.107@gmail.com> Message-ID: <1BC77AFAFC959B489F6AF46797559ADED2C1F191@SOLNA-MBX01.nschmc.local> Hi Alan, Thanks for the help. After applying solution suggested by you resolved my issue. /V.Reddy -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon Sent: Tuesday, April 15, 2014 4:24 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid 3.0 config problem On 15/04/2014 11:50, Vyankat Gaddamwar wrote: > Hi, > > > > I installed rancid 3.0 and configured properly as per documentation > but when I run bin/rancid-run no output and logs are empty. > > Any good way to troubleshoot this? Did you replace the ":" separators in all router.db files with ";"? -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From alan.mckinnon at gmail.com Tue Apr 15 11:40:03 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 15 Apr 2014 13:40:03 +0200 Subject: [rancid] Rancid 3.0 config problem In-Reply-To: <1BC77AFAFC959B489F6AF46797559ADED2C1F191@SOLNA-MBX01.nschmc.local> References: <1BC77AFAFC959B489F6AF46797559ADED2C1F01E@SOLNA-MBX01.nschmc.local> <534D0FE0.107@gmail.com> <1BC77AFAFC959B489F6AF46797559ADED2C1F191@SOLNA-MBX01.nschmc.local> Message-ID: <534D1A93.3010705@gmail.com> It's in the shipped help files, but still catches people out. That change is necessary to be able to deal with IPv6 addresses in field 1 On 15/04/2014 13:36, Vyankat Gaddamwar wrote: > Hi Alan, > > Thanks for the help. After applying solution suggested by you resolved my issue. > > /V.Reddy > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon > Sent: Tuesday, April 15, 2014 4:24 PM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Rancid 3.0 config problem > > On 15/04/2014 11:50, Vyankat Gaddamwar wrote: >> Hi, >> >> >> >> I installed rancid 3.0 and configured properly as per documentation >> but when I run bin/rancid-run no output and logs are empty. >> >> Any good way to troubleshoot this? > > > > Did you replace the ":" separators in all router.db files with ";"? > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com From howie at thingy.com Tue Apr 15 18:38:13 2014 From: howie at thingy.com (Howard Jones) Date: Tue, 15 Apr 2014 19:38:13 +0100 Subject: [rancid] Mutating prompts Message-ID: <534D7C95.5000303@thingy.com> My previously working multi-context ASA/FWSM script appears to have been more by luck than judgement, and fails if the hostname has a '-' in it, I guess because there is somewhere it is being interpreted as a regexp character. I've just been taking a look at it again, and making a fwsmlogin from clogin, which understands that the prompt changes when there's a 'changeto' command to move between firewall contexts. Am I right in thinking I need to redo this stuff in BOTH '*login' and '*rancid' in two different languages? Thanks, Howie From ler762 at gmail.com Tue Apr 15 22:40:04 2014 From: ler762 at gmail.com (Lee) Date: Tue, 15 Apr 2014 18:40:04 -0400 Subject: [rancid] Rancid 3.0 config problem In-Reply-To: <534D1A93.3010705@gmail.com> References: <1BC77AFAFC959B489F6AF46797559ADED2C1F01E@SOLNA-MBX01.nschmc.local> <534D0FE0.107@gmail.com> <1BC77AFAFC959B489F6AF46797559ADED2C1F191@SOLNA-MBX01.nschmc.local> <534D1A93.3010705@gmail.com> Message-ID: On 4/15/14, Alan McKinnon wrote: > It's in the shipped help files, but still catches people out. maybe because it hasn't been changed everywhere in README? 8) For each "group", modify the router.db file in the group directory. The file is of the form "router:mfg:state" where "router" is further on down it has been changed, but I almost stopped reading there. Regards, Lee > > That change is necessary to be able to deal with IPv6 addresses in field 1 > > > > On 15/04/2014 13:36, Vyankat Gaddamwar wrote: > >> Hi Alan, >> >> Thanks for the help. After applying solution suggested by you resolved my >> issue. >> >> /V.Reddy >> >> >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net >> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon >> Sent: Tuesday, April 15, 2014 4:24 PM >> To: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Rancid 3.0 config problem >> >> On 15/04/2014 11:50, Vyankat Gaddamwar wrote: >>> Hi, >>> >>> >>> >>> I installed rancid 3.0 and configured properly as per documentation >>> but when I run bin/rancid-run no output and logs are empty. >>> >>> Any good way to troubleshoot this? >> >> >> >> Did you replace the ":" separators in all router.db files with ";"? >> >> >> >> >> -- >> Alan McKinnon >> alan.mckinnon at gmail.com >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> >> > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > From tore at fud.no Wed Apr 16 08:52:07 2014 From: tore at fud.no (Tore Anderson) Date: Wed, 16 Apr 2014 10:52:07 +0200 Subject: [rancid] '>' in default prompt causes problems for zrancid Message-ID: <534E44B7.4090204@fud.no> After an upgrade from RANCID 2.3.2, zrancid is creating bogus diffs. They always involve the character ?e? appearing/disappearing at the beginning of lines, like so: -log file /var/log/quagga/zebra.log +elog file /var/log/quagga/zebra.log Or at the end of lines, like so: - ipv6 nd suppress-ra + ipv6 nd suppress-rae I've traced this to a change in the default prompt in clogin.in that happened in RANCID 2.3.6. Fast forwarding to RANCID 3.0, the relevant code is as follows (lines 766-770 of clogin.in): # Default prompt. set prompt [join [find prompt $router] ""] if { [llength $prompt] == 0 } { set prompt "(>|#| \\(enable\\))" } In RANCID 2.3.5 and earlier, $prompt was set to "(#| \\(enable\\))" by default, and that worked perfectly for me. I haven't yet been able to fully understand why the ">" match is causing problems, but I did notice that it causes $prompt_match to always be set to ">" at lines 576-579 of clogin.in: -re "$prompt" { set prompt_match $expect_out(0,string); break; } However, the routers in question don't use ">" in their prompt (they use "#"), so I don't think this can be right. Attempting to escape the ">" (using "\>" or "\\>") makes no difference. Removing it or replacing it with any other character (including "<") does help, though, and in this case $prompt_match gets set to "#" as expected, and the spurious ?e? characters stop appearing. The platform is Ubuntu 12.04.4 with expect 5.45. Tore From fanachos at gmail.com Thu Apr 17 11:47:51 2014 From: fanachos at gmail.com (Andrei Sabau) Date: Thu, 17 Apr 2014 14:47:51 +0300 Subject: [rancid] Login to Juniper J-series work, commands do not. Message-ID: I have an issue where jlogin works when connecting to a juniper device, but if i run rancid-run or jrancid -c 'command' it gets stuck after the prompt. The last lines are : expect: does "rancid at BGP-CORE-0> " (spawn_id exp4) match regular expression "(\r\n|\n)"? (No Gate, RE only) gate=yes re=no "^[^ ]+>"? Gate "*>"? gate=yes re=yes expect: set expect_out(0,string) "rancid at BGP-CORE-0>" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "rancid at BGP-CORE-0>" Gate keeper glob pattern for 'rancid at BGP-CORE-0[#>]' is 'rancid at BGP-CORE-0?'. Activating booster. expect: does " " (spawn_id exp4) match regular expression "rancid at BGP-CORE-0[#>]"? Gate "rancid at BGP-CORE-0?"? gate=no expect: timed out Error: TIMEOUT reached I set the timeout to 20 seconds so it'll die. The command was 'show version'. But if i run jlogin without command i can do anything on the device. Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Sat Apr 19 16:05:55 2014 From: heas at shrubbery.net (heasley) Date: Sat, 19 Apr 2014 16:05:55 +0000 Subject: [rancid] Mutating prompts In-Reply-To: <534D7C95.5000303@thingy.com> References: <534D7C95.5000303@thingy.com> Message-ID: <20140419160555.GH58945@shrubbery.net> Tue, Apr 15, 2014 at 07:38:13PM +0100, Howard Jones: > My previously working multi-context ASA/FWSM script appears to have been > more by luck than judgement, and fails if the hostname has a '-' in it, > I guess because there is somewhere it is being interpreted as a regexp > character. possibly; but - is only a regex atom in []s. clogin tries to escape regex atoms before using the prompt (see proc run_commands). > I've just been taking a look at it again, and making a fwsmlogin from > clogin, which understands that the prompt changes when there's a > 'changeto' command to move between firewall contexts. Am I right in > thinking I need to redo this stuff in BOTH '*login' and '*rancid' in two > different languages? > > Thanks, > > Howie From tore at fud.no Wed Apr 23 07:37:55 2014 From: tore at fud.no (Tore Anderson) Date: Wed, 23 Apr 2014 09:37:55 +0200 Subject: [rancid] '>' in default prompt causes problems for zrancid In-Reply-To: <534E44B7.4090204@fud.no> References: <534E44B7.4090204@fud.no> Message-ID: <53576DD3.7070600@fud.no> * Tore Anderson > I haven't yet been able to fully understand why the ">" match is causing > problems, but I did notice that it causes $prompt_match to always be set > to ">" at lines 576-579 of clogin.in: > > -re "$prompt" { > set prompt_match $expect_out(0,string); > break; > } > > However, the routers in question don't use ">" in their prompt (they use > "#"), so I don't think this can be right. I've finally figured out what's going on here. It appears that when $TERM is vt100 (and a bunch of others), vtysh prints out some (invisible) terminal control codes before the actual prompt. These include the '>' character, so that's why the prompt matching fails. This is how the prompt looks when run through "cat -A", FWIW: ^[[?1h^[=^M^M^[[K^[[?1l^[>routername# $ Changing $TERM to something else solves the problem and these garbage characters disappear. On my Ubuntu 12.04, the following values of $TERM all seems to work OK: ansi cons25 cons25-debian cygwin Eterm Eterm-color hurd linux mach mach-bold mach-color pcansi sun vt220 vt52 wsvt25 wsvt25m Not sure which one of these is the most portable, but in any case, I suggest changing the hard-coding of $TERM to "vt100" in zrancid to either of these (or removing it so that it can be set from rancid.conf instead). Suggested one-line patch attached. Tore -------------- next part -------------- A non-text attachment was scrubbed... Name: zrancid.patch Type: text/x-patch Size: 362 bytes Desc: not available URL: From VAniello at portware.com Wed Apr 23 14:49:49 2014 From: VAniello at portware.com (Vincent Aniello) Date: Wed, 23 Apr 2014 10:49:49 -0400 Subject: [rancid] Excluding config lines in Rancid Message-ID: Rancid is detecting configuration changes on a few configuration items in Cisco switch configurations that are automatically updated and Rancid should exclude from it's comparisons. On a Cisco Catalyst 3560 switch running software version 12.2(25)SEE4 Rancid is reporting changes to the "ntp clock-period" command: - ntp clock-period 36029104 + ntp clock-period 3602910 On a Cisco Nexus 3548 switch running software version 6.0(2)A1(1e) Rancid is reporting changes to the following configuration items: !Env: INTAKE 45 29 + !Env: INTAKE 45 28 - !Flash: bootflash: 5356844 Apr 22 17:42:48 2014 BufferMonitor-1HourData + !Flash: bootflash: 5356844 Apr 22 20:42:48 2014 BufferMonitor-1HourData Can Rancid be configured to ignore changes in these lines? I am currently running Rancid 3.0, but had the same issue in 2.3.6 and 2.3.8. Thanks. --Vincent -------------- next part -------------- An HTML attachment was scrubbed... URL: From Douglas.Hughes at DEShawResearch.com Wed Apr 23 15:05:11 2014 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Wed, 23 Apr 2014 15:05:11 +0000 Subject: [rancid] Excluding config lines in Rancid In-Reply-To: References: Message-ID: Sure, this topic is something of an FAQ. * Edit the rancid executable (or whatever executable you happen to be using to collect the data) * Most of the stuff for normal commands will be in the 'WriteTerm' callback (see CommandTable) * There should already be an ntp clock-period match in there somewhere. In mine, it looks like this: # Dog gone Cool matches to process the rest of the config /^tftp-server flash / && next; # kill any tftp remains /^ntp clock-period / && next; # kill ntp clock-period /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines * Next find the ShowEnv subroutine o Look for 'next if' in the while () loop. Add a line above or below that says: next if (/INTAKE/) * Similarly for ShowFlash subroutine, add a next if (/bootflash/) if you don't want to see bootflash. 'next if' is the generic answer about how to eliminate things. Look in @commandtable to find the command that gets executed, that maps to a callback. Go to the callback and add a 'next if'. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Vincent Aniello Sent: Wednesday, April 23, 2014 10:50 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Excluding config lines in Rancid Rancid is detecting configuration changes on a few configuration items in Cisco switch configurations that are automatically updated and Rancid should exclude from it's comparisons. On a Cisco Catalyst 3560 switch running software version 12.2(25)SEE4 Rancid is reporting changes to the "ntp clock-period" command: - ntp clock-period 36029104 + ntp clock-period 3602910 On a Cisco Nexus 3548 switch running software version 6.0(2)A1(1e) Rancid is reporting changes to the following configuration items: !Env: INTAKE 45 29 + !Env: INTAKE 45 28 - !Flash: bootflash: 5356844 Apr 22 17:42:48 2014 BufferMonitor-1HourData + !Flash: bootflash: 5356844 Apr 22 20:42:48 2014 BufferMonitor-1HourData Can Rancid be configured to ignore changes in these lines? I am currently running Rancid 3.0, but had the same issue in 2.3.6 and 2.3.8. Thanks. --Vincent -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Apr 24 21:13:19 2014 From: heas at shrubbery.net (heasley) Date: Thu, 24 Apr 2014 21:13:19 +0000 Subject: [rancid] Excluding config lines in Rancid In-Reply-To: References: Message-ID: <20140424211319.GB66120@shrubbery.net> Wed, Apr 23, 2014 at 10:49:49AM -0400, Vincent Aniello: > Rancid is detecting configuration changes on a few configuration items in > Cisco switch configurations that are automatically updated and Rancid > should exclude from it's comparisons. > > On a Cisco Catalyst 3560 switch running software version 12.2(25)SEE4 > Rancid is reporting changes to the "ntp clock-period" command: > > - ntp clock-period 36029104 > + ntp clock-period 3602910 this be filtered by stock rancid 3.0. i can not imagine why it would be missed until the device were not configured as 'cisco'. > On a Cisco Nexus 3548 switch running software version 6.0(2)A1(1e) Rancid > is reporting changes to the following configuration items: > > !Env: INTAKE 45 29 > + !Env: INTAKE 45 28 > > - !Flash: bootflash: 5356844 Apr 22 17:42:48 2014 > BufferMonitor-1HourData > + !Flash: bootflash: 5356844 Apr 22 20:42:48 2014 > BufferMonitor-1HourData > > Can Rancid be configured to ignore changes in these lines? Index: bin/nxrancid.in =================================================================== --- bin/nxrancid.in (revision 2816) +++ bin/nxrancid.in (working copy) @@ -313,6 +313,7 @@ s/ +$//; # Drop trailing ' ' next if (/Fan Zone Speed:/); + next if (/INTAKE/); ProcessHistory("COMMENTS","","","!Env: $_"); } ProcessHistory("COMMENTS","","","!\n"); @@ -436,6 +437,8 @@ return(-1) if (/command authorization failed/i); return(1) if /(Open device \S+ failed|Error opening \S+:)/; + next if (/BufferMonitor-1HourData/); + if (/^\s*(\d+) bytes /) { my($tmp) = int($1 / (1024 * 1024)); s/$1 bytes /$tmp MB /; lmk if I've misplaced the INTAKE filter. > I am currently running Rancid 3.0, but had the same issue in 2.3.6 and > 2.3.8. From VAniello at portware.com Fri Apr 25 01:42:26 2014 From: VAniello at portware.com (Vincent Aniello) Date: Thu, 24 Apr 2014 21:42:26 -0400 Subject: [rancid] Excluding config lines in Rancid In-Reply-To: <20140424211319.GB66120@shrubbery.net> References: <20140424211319.GB66120@shrubbery.net> Message-ID: Thanks. The problem with the 3560 was that is was set to cisco-nx instead of cisco. Once I corrected this the ntp clock-period discrepancy no longer appeared. On the Nexus 3548 switch the "BufferMonitor-1HourData" no longer seems to appear after your changes, but the INTAKE config line still does: - !Env: INTAKE 45 29 + !Env: INTAKE 45 28 Here is a snipet from nxrancid with your change for excluding INTAKE: s/ +$//; # Drop trailing ' ' next if (/Fan Zone Speed:/); next if (/INTAKE/); ProcessHistory("COMMENTS","","","!Env: $_"); Thanks again. --Vincent From: heasley To: Vincent Aniello Cc: rancid-discuss at shrubbery.net Date: 04/24/2014 05:41 PM Subject: Re: [rancid] Excluding config lines in Rancid Wed, Apr 23, 2014 at 10:49:49AM -0400, Vincent Aniello: > Rancid is detecting configuration changes on a few configuration items in > Cisco switch configurations that are automatically updated and Rancid > should exclude from it's comparisons. > > On a Cisco Catalyst 3560 switch running software version 12.2(25)SEE4 > Rancid is reporting changes to the "ntp clock-period" command: > > - ntp clock-period 36029104 > + ntp clock-period 3602910 this be filtered by stock rancid 3.0. i can not imagine why it would be missed until the device were not configured as 'cisco'. > On a Cisco Nexus 3548 switch running software version 6.0(2)A1(1e) Rancid > is reporting changes to the following configuration items: > > !Env: INTAKE 45 29 > + !Env: INTAKE 45 28 > > - !Flash: bootflash: 5356844 Apr 22 17:42:48 2014 > BufferMonitor-1HourData > + !Flash: bootflash: 5356844 Apr 22 20:42:48 2014 > BufferMonitor-1HourData > > Can Rancid be configured to ignore changes in these lines? Index: bin/nxrancid.in =================================================================== --- bin/nxrancid.in (revision 2816) +++ bin/nxrancid.in (working copy) @@ -313,6 +313,7 @@ s/ +$//; # Drop trailing ' ' next if (/Fan Zone Speed:/); + next if (/INTAKE/); ProcessHistory("COMMENTS","","","!Env: $_"); } ProcessHistory("COMMENTS","","","!\n"); @@ -436,6 +437,8 @@ return(-1) if (/command authorization failed/i); return(1) if /(Open device \S+ failed|Error opening \S+:)/; + next if (/BufferMonitor-1HourData/); + if (/^\s*(\d+) bytes /) { my($tmp) = int($1 / (1024 * 1024)); s/$1 bytes /$tmp MB /; lmk if I've misplaced the INTAKE filter. > I am currently running Rancid 3.0, but had the same issue in 2.3.6 and > 2.3.8. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmourani at gmail.com Thu Apr 24 19:37:23 2014 From: gmourani at gmail.com (Gerhard Mourani) Date: Thu, 24 Apr 2014 15:37:23 -0400 Subject: [rancid] Rancid 3.0 and Dell Switches Message-ID: Hello, I've upgraded to Rancid 3.0 and would like to know which name to use for Dell PowerConnect 34xx and 64xx series inside router.db? Presently I'm using this in router.db: 192.168.x.1xx;dell;up 192.168.x.2xx;dell;up and can see these errors in the log files: Trying to get all of the configs. loadtype: loading dell failed: Global symbol "$proc" requires explicit package name at /usr/lib64/rancid/dell.pm line 82. Global symbol "$found_version" requires explicit package name at /usr/lib64/rancid/dell.pm line 83. Compilation failed in require at /usr/lib64/rancid/rancid.pm line 222. Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Fri Apr 25 07:00:20 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 25 Apr 2014 09:00:20 +0200 Subject: [rancid] [PATCH]: Improved IOS XE detection in rancid Message-ID: <535A0804.2070304@gmail.com> Cisco appear to have changed the IOS-XE stamp in "show version" for some images. This causes the XE detection in ShowVersion() to fail, causing the filtering for tracelog in DirSlotN() to not be applied. One-line patch below. The strings are subtlety different, it seemed easier to add a new regex rather than adapt the existing one. Sample version output: #show ver Cisco IOS XE Software, Version 03.10.02.S - Extended Support Release Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.3(3)S2, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Diff: --- rancid.old 2014-04-25 08:51:36.000000000 +0200 +++ rancid 2014-04-25 08:53:34.000000000 +0200 @@ -196,6 +196,7 @@ next; } if (/cisco ios .* IOS-XE/i) { $ios = "XE"; } + if (/cisco IOS XE software/i) { $ios = "XE"; } if (/^Application and Content Networking .*Software/) { $type = "CE"; } # treat the ACE like the Content Engines for matching endofconfig if (/^Cisco Application Control Software/) { $type = "CE"; } -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Fri Apr 25 07:06:29 2014 From: heas at shrubbery.net (heasley) Date: Fri, 25 Apr 2014 07:06:29 +0000 Subject: [rancid] [PATCH]: Improved IOS XE detection in rancid In-Reply-To: <535A0804.2070304@gmail.com> References: <535A0804.2070304@gmail.com> Message-ID: <20140425070629.GE80412@shrubbery.net> Fri, Apr 25, 2014 at 09:00:20AM +0200, Alan McKinnon: > Cisco appear to have changed the IOS-XE stamp in "show version" for some > images. This causes the XE detection in ShowVersion() to fail, causing > the filtering for tracelog in DirSlotN() to not be applied. > > One-line patch below. The strings are subtlety different, it seemed > easier to add a new regex rather than adapt the existing one. > > Sample version output: > > #show ver > Cisco IOS XE Software, Version 03.10.02.S - Extended Support Release > Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), > Version 15.3(3)S2, RELEASE SOFTWARE (fc3) > Technical Support: http://www.cisco.com/techsupport > Copyright (c) 1986-2014 by Cisco Systems, Inc. > > > Diff: > > --- rancid.old 2014-04-25 08:51:36.000000000 +0200 > +++ rancid 2014-04-25 08:53:34.000000000 +0200 > @@ -196,6 +196,7 @@ > next; > } > if (/cisco ios .* IOS-XE/i) { $ios = "XE"; } > + if (/cisco IOS XE software/i) { $ios = "XE"; } in 3.0: if (/cisco ios.*(IOS-)?XE/i) { $ios = "XE"; } > if (/^Application and Content Networking .*Software/) { $type = > "CE"; } > # treat the ACE like the Content Engines for matching endofconfig > if (/^Cisco Application Control Software/) { $type = "CE"; } > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Fri Apr 25 07:13:27 2014 From: heas at shrubbery.net (heasley) Date: Fri, 25 Apr 2014 07:13:27 +0000 Subject: [rancid] Rancid 3.0 and Dell Switches In-Reply-To: <20140425071003.2504754A6@guelah.shrubbery.net> Message-ID: <20140425071327.GF80412@shrubbery.net> Thu, Apr 24, 2014 at 03:37:23PM -0400, Gerhard Mourani: > Hello, > > I've upgraded to Rancid 3.0 and would like to know which name to use for > Dell PowerConnect 34xx and 64xx series inside router.db? 'dell' might do it; YMMV, the script was contributed and purported to be working with: # DES-3010F # DES-3052P # DES-3526 # DES-3550 > Presently I'm using this in router.db: > 192.168.x.1xx;dell;up > 192.168.x.2xx;dell;up > > and can see these errors in the log files: > > Trying to get all of the configs. > loadtype: loading dell failed: Global symbol "$proc" requires explicit > package name at /usr/lib64/rancid/dell.pm line 82. > Global symbol "$found_version" requires explicit package name at > /usr/lib64/rancid/dell.pm line 83. > Compilation failed in require at /usr/lib64/rancid/rancid.pm line 222. Index: dell.pm.in =================================================================== --- dell.pm.in (revision 2818) +++ dell.pm.in (working copy) @@ -69,6 +69,9 @@ #XXX use rancid @VERSION@; use rancid; +our $proc; +our $found_version; + # load-time initialization sub import { $timeo = 300; # dllogin timeout in seconds (some of these From alan.mckinnon at gmail.com Fri Apr 25 07:19:46 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 25 Apr 2014 09:19:46 +0200 Subject: [rancid] [PATCH]: Improved IOS XE detection in rancid In-Reply-To: <20140425070629.GE80412@shrubbery.net> References: <535A0804.2070304@gmail.com> <20140425070629.GE80412@shrubbery.net> Message-ID: <535A0C92.9030804@gmail.com> On 25/04/2014 09:06, heasley wrote: > Fri, Apr 25, 2014 at 09:00:20AM +0200, Alan McKinnon: >> Cisco appear to have changed the IOS-XE stamp in "show version" for some >> images. This causes the XE detection in ShowVersion() to fail, causing >> the filtering for tracelog in DirSlotN() to not be applied. >> >> One-line patch below. The strings are subtlety different, it seemed >> easier to add a new regex rather than adapt the existing one. >> >> Sample version output: >> >> #show ver >> Cisco IOS XE Software, Version 03.10.02.S - Extended Support Release >> Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), >> Version 15.3(3)S2, RELEASE SOFTWARE (fc3) >> Technical Support: http://www.cisco.com/techsupport >> Copyright (c) 1986-2014 by Cisco Systems, Inc. >> >> >> Diff: >> >> --- rancid.old 2014-04-25 08:51:36.000000000 +0200 >> +++ rancid 2014-04-25 08:53:34.000000000 +0200 >> @@ -196,6 +196,7 @@ >> next; >> } >> if (/cisco ios .* IOS-XE/i) { $ios = "XE"; } >> + if (/cisco IOS XE software/i) { $ios = "XE"; } > > in 3.0: > if (/cisco ios.*(IOS-)?XE/i) { $ios = "XE"; } > >> if (/^Application and Content Networking .*Software/) { $type = >> "CE"; } >> # treat the ACE like the Content Engines for matching endofconfig >> if (/^Cisco Application Control Software/) { $type = "CE"; } Thanks. I forgot to mention my original patch applies to 2.3.8 -- Alan McKinnon alan.mckinnon at gmail.com From gmourani at gmail.com Fri Apr 25 12:30:58 2014 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 25 Apr 2014 08:30:58 -0400 Subject: [rancid] Rancid 3.0 and Dell Switches In-Reply-To: <20140425071327.GF80412@shrubbery.net> References: <20140425071003.2504754A6@guelah.shrubbery.net> <20140425071327.GF80412@shrubbery.net> Message-ID: After patching dell.pm I get this error in the log file, not the same as before but doesn't work: Trying to get all of the configs. Useless use of a variable in void context at (eval 3) line 1. failed: ===================================== Getting missed routers: round 1. Useless use of a variable in void context at (eval 3) line 1. failed: On Fri, Apr 25, 2014 at 3:13 AM, heasley wrote: > Thu, Apr 24, 2014 at 03:37:23PM -0400, Gerhard Mourani: > > Hello, > > > > I've upgraded to Rancid 3.0 and would like to know which name to use for > > Dell PowerConnect 34xx and 64xx series inside router.db? > > 'dell' might do it; YMMV, the script was contributed and purported to be > working with: > # DES-3010F > # DES-3052P > # DES-3526 > # DES-3550 > > > > Presently I'm using this in router.db: > > 192.168.x.1xx;dell;up > > 192.168.x.2xx;dell;up > > > > and can see these errors in the log files: > > > > Trying to get all of the configs. > > loadtype: loading dell failed: Global symbol "$proc" requires explicit > > package name at /usr/lib64/rancid/dell.pm line 82. > > Global symbol "$found_version" requires explicit package name at > > /usr/lib64/rancid/dell.pm line 83. > > Compilation failed in require at /usr/lib64/rancid/rancid.pm line 222. > > > Index: dell.pm.in > =================================================================== > --- dell.pm.in (revision 2818) > +++ dell.pm.in (working copy) > @@ -69,6 +69,9 @@ > #XXX use rancid @VERSION@; > use rancid; > > +our $proc; > +our $found_version; > + > # load-time initialization > sub import { > $timeo = 300; # dllogin timeout in seconds (some of these > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmourani at gmail.com Fri Apr 25 17:37:30 2014 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 25 Apr 2014 13:37:30 -0400 Subject: [rancid] Rancid 3.0 and Dell Switches In-Reply-To: References: <20140425071003.2504754A6@guelah.shrubbery.net> <20140425071327.GF80412@shrubbery.net> Message-ID: Just to let you know that if using smc as type of device instead of dell, it is working for the DELL PowerConnect 62xx series but partially work for the DELL 34xx series. I mean partially for the 34xx series because it is able to connect and retrieve the configuration but partially, not the full configuration! The end of the configuration is missing! On Fri, Apr 25, 2014 at 8:30 AM, Gerhard Mourani wrote: > After patching dell.pm I get this error in the log file, not the same as > before but doesn't work: > > > Trying to get all of the configs. > Useless use of a variable in void context at (eval 3) line 1. > failed: > ===================================== > Getting missed routers: round 1. > Useless use of a variable in void context at (eval 3) line 1. > failed: > > > > > On Fri, Apr 25, 2014 at 3:13 AM, heasley wrote: > >> Thu, Apr 24, 2014 at 03:37:23PM -0400, Gerhard Mourani: >> > Hello, >> > >> > I've upgraded to Rancid 3.0 and would like to know which name to use for >> > Dell PowerConnect 34xx and 64xx series inside router.db? >> >> 'dell' might do it; YMMV, the script was contributed and purported to be >> working with: >> # DES-3010F >> # DES-3052P >> # DES-3526 >> # DES-3550 >> >> >> > Presently I'm using this in router.db: >> > 192.168.x.1xx;dell;up >> > 192.168.x.2xx;dell;up >> > >> > and can see these errors in the log files: >> > >> > Trying to get all of the configs. >> > loadtype: loading dell failed: Global symbol "$proc" requires explicit >> > package name at /usr/lib64/rancid/dell.pm line 82. >> > Global symbol "$found_version" requires explicit package name at >> > /usr/lib64/rancid/dell.pm line 83. >> > Compilation failed in require at /usr/lib64/rancid/rancid.pm line 222. >> >> >> Index: dell.pm.in >> =================================================================== >> --- dell.pm.in (revision 2818) >> +++ dell.pm.in (working copy) >> @@ -69,6 +69,9 @@ >> #XXX use rancid @VERSION@; >> use rancid; >> >> +our $proc; >> +our $found_version; >> + >> # load-time initialization >> sub import { >> $timeo = 300; # dllogin timeout in seconds (some of >> these >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Apr 25 18:52:16 2014 From: heas at shrubbery.net (heasley) Date: Fri, 25 Apr 2014 18:52:16 +0000 Subject: [rancid] Rancid 3.0 and Dell Switches In-Reply-To: <20140425184808.74C532E909@sea.shrubbery.net> Message-ID: <20140425185216.GH96908@shrubbery.net> Fri, Apr 25, 2014 at 08:30:58AM -0400, Gerhard Mourani: > After patching dell.pm I get this error in the log file, not the same as > before but doesn't work: > > Trying to get all of the configs. > Useless use of a variable in void context at (eval 3) line 1. > failed: oops; I need to improve that error msg. Index: lib/dell.pm.in =================================================================== --- lib/dell.pm.in (revision 2819) +++ lib/dell.pm.in (working copy) @@ -1,4 +1,4 @@ -#! /usr/bin/perl +package dell; ## ## $Id: dlrancid.in 2258 2010-10-11 20:49:05Z heas $ ## @@ -72,6 +72,9 @@ our $proc; our $found_version; + at ISA = qw(Exporter rancid main); +#XXX @Exporter::EXPORT = qw($VERSION @commandtable %commands @commands); + # load-time initialization sub import { $timeo = 300; # dllogin timeout in seconds (some of these @@ -134,7 +137,6 @@ # This routine parses "get system" sub GetSystem { my($INPUT, $OUTPUT, $cmd) = @_; - my($priv_key); print STDERR " In GetSystem: $_" if ($debug); while (<$INPUT>) { Index: etc/rancid.types.base =================================================================== --- etc/rancid.types.base (revision 2816) +++ etc/rancid.types.base (working copy) @@ -183,6 +183,7 @@ dell;script;rancid dell;login;dllogin dell;module;dell +dell;inloop;dell::inloop dell;command;dell::GetSystem;show switch; dell;command;dell::GetConf;show config current_config # From heas at shrubbery.net Fri Apr 25 19:01:13 2014 From: heas at shrubbery.net (heasley) Date: Fri, 25 Apr 2014 19:01:13 +0000 Subject: [rancid] Rancid 3.0 and Dell Switches In-Reply-To: <20140425190031.65C272E99B@sea.shrubbery.net> <20140425185216.GH96908@shrubbery.net> Message-ID: <20140425190113.GI96908@shrubbery.net> Fri, Apr 25, 2014 at 06:52:16PM +0000, heasley: > Fri, Apr 25, 2014 at 08:30:58AM -0400, Gerhard Mourani: > > After patching dell.pm I get this error in the log file, not the same as > > before but doesn't work: > > > > Trying to get all of the configs. > > Useless use of a variable in void context at (eval 3) line 1. > > failed: > > oops; I need to improve that error msg. like so: Index: bin/rancid.in =================================================================== --- bin/rancid.in (revision 2816) +++ bin/rancid.in (working copy) @@ -117,6 +117,9 @@ } # loop over the input using the provided input/main loop +if (!defined($inloop) || length($inloop) < 1) { + die "inloop is not configured for device type $devtype"; +} eval($inloop ."(*INPUT, *OUTPUT);") && die "${inloop} failed: $@\n"; print STDOUT "Done $lscript: $_\n" if ($log); From david.brown at pnnl.gov Fri Apr 25 20:32:47 2014 From: david.brown at pnnl.gov (Brown, David M JR) Date: Fri, 25 Apr 2014 20:32:47 +0000 Subject: [rancid] Rancid and Git Message-ID: To whom it may concern, Apparently this has been brought up a bunch of times. Original Git Patch... http://www.shrubbery.net/pipermail/rancid-discuss/2007-March/002152.html Another mention of the git patch... http://www.shrubbery.net/pipermail/rancid-discuss/2008-December/003529.html More poking about git... http://www.shrubbery.net/pipermail/rancid-discuss/2010-April/004865.html And yet even more poking around git... http://www.shrubbery.net/pipermail/rancid-discuss/2013-May/006830.html The final mention of git support in rancid talks about a rancid fork (essentially) rancid-git whose sole purpose is to support git in rancid https://github.com/dotwaffle/rancid-git. So, I'd really like to know the answer as to why Git isn't supported in Rancid yet? Most of the patches seem okay and discussion about them seems to have just stopped. The discussion has no mention of whether the patch was going to be supported or not. So I'd really like an answer to why Git is not supported in Rancid. Thanks, - David Brown -------------- next part -------------- An HTML attachment was scrubbed... URL: From roman.hochuli at nexellent.ch Mon Apr 28 08:34:42 2014 From: roman.hochuli at nexellent.ch (Roman Hochuli) Date: Mon, 28 Apr 2014 10:34:42 +0200 Subject: [rancid] Cisco licenses Message-ID: <535E12A2.9030304@nexellent.ch> Hello All Did anyone ever considered to add 'sh license' for Cisco devices? If so: how to handle devices that do not care about this command? Simply ignore the lacking/erroring output? Or better take care to only run this code on selected devices that a known to support it. And if so how: what would be the best way to apply that kind of filter (if possible at all in RANCID)? -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 Fax: +41 44 872 20 01 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier From nkkrishnan at gmail.com Mon Apr 28 00:30:17 2014 From: nkkrishnan at gmail.com (N K Krishnan) Date: Sun, 27 Apr 2014 17:30:17 -0700 Subject: [rancid] rancid not writing configurations to /config/ file In-Reply-To: References: Message-ID: thanks. with path changes for expect and perl, these seen to work with a rancid-3.0 setup. works on the following so far: 5900AF-48XG-4QSFP+ JC772A A5120-48G EI JE067A A5120-48G EI JE069A A5820X-24XG-SFP+ JC102A A5830AF-96G JC694A HP 125xx S5120-48P-EI S5120-52C-EI S5800-56C S5800-60C-PWR S5820X-28S On Fri, Feb 28, 2014 at 12:43 AM, Jethro R Binks wrote: > On Thu, 27 Feb 2014, C. Handel wrote: > > > 2014-02-26 17:33 GMT+01:00 Bertrand Kurtzemann < > Bertrand.Kurtzemann at stef.com > > >: > > > I installed some "5800AF-48G" and "5500-48G EI" Switches and I need to > > > save the config in Rancid. > > > > > > Can you tell me where can I download the h3clogin and h3crancid files > ?? > > > > https://sites.google.com/site/jrbinks/code/rancid/h3c > > Thanks Christoph, > > I've attached later versions that will handle Comware 7 better. I'd sent > these to a few correspondents for testing and feedback, although I don't > think I got much back. But, they are working well for me so am likely to > upload them anyway. > > Jethro. > > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks, Network Manager, > Information Services Directorate, University Of Strathclyde, Glasgow, UK > > The University of Strathclyde is a charitable body, registered in > Scotland, number SC015263. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Apr 28 16:19:50 2014 From: heas at shrubbery.net (heasley) Date: Mon, 28 Apr 2014 16:19:50 +0000 Subject: [rancid] Cisco licenses In-Reply-To: <535E12A2.9030304@nexellent.ch> References: <535E12A2.9030304@nexellent.ch> Message-ID: <20140428161950.GB82839@shrubbery.net> Mon, Apr 28, 2014 at 10:34:42AM +0200, Roman Hochuli: > Hello All > > Did anyone ever considered to add 'sh license' for Cisco devices? > > If so: how to handle devices that do not care about this command? Simply > ignore the lacking/erroring output? > > Or better take care to only run this code on selected devices that a > known to support it. And if so how: what would be the best way to apply > that kind of filter (if possible at all in RANCID)? an example? its already collected on junos and iosxr. From tomh at campaignmonitor.com Tue Apr 29 00:58:48 2014 From: tomh at campaignmonitor.com (Tom Harbert) Date: Tue, 29 Apr 2014 10:58:48 +1000 Subject: [rancid] Ubuntu Linux collection / llogin & lrancid Message-ID: Hello, Has anyone had any success configuring RANCID to collect configuration files from an Ubuntu Linux server? I have a couple configured with BIRD and acting as routers. I want to incorporate them into the existing configuration management solution to backup and monitor items such as: - /etc/network/interfaces - /etc/bird/bird.conf - /etc/shorewall/* I have read the following posts about llogin and lrancid and hacked the scripts as best I could. I can get llogin to connect and auth however I believe I am still getting a timeout error due to the prompt. http://www.shrubbery.net/pipermail/rancid-discuss/2009-July/004036.html http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005315.html https://groups.google.com/forum/#!topic/rancid-discuss/UvBkEHG18JM host.domain llogin error: Error: TIMEOUT reached I was hoping to be able to just change the prompt to "$ " however no dice. If anyone has any experience or an alternative way of a accomplishing this please let me know. I thought I might explore just a cron job which scp's the relevant files and does a diff however it would be cleaner to have it all integrated into RANCID. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From pawel.rzepa at gmail.com Tue Apr 29 11:57:57 2014 From: pawel.rzepa at gmail.com (=?UTF-8?B?UGF3ZcWCIFJ6ZXBh?=) Date: Tue, 29 Apr 2014 13:57:57 +0200 Subject: [rancid] Cisco ACS 5.5 Message-ID: Hi, I use rancid to download configuration from Cisco ACS. I have adopted rancid a little and finally got it working. After recent upgrade to 5.5 it stopped gathering configuration. Investigation showed that the reason was exp_continue in proc run_commands for -re "\b+" : proc run_commands { prompt command } { global do_saveconfig in_proc platform ... for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst -nocommands [lindex $commands $i]]\r" expect { # -re "\b+" { exp_continue } -------------- MUST HAVE DISABLED IT -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } ........... Now I got all the configuration lines, but '\b' is here. How can I remove all occurrences of '\b' from the buffer before it is printed out? Regards, Pawel Rzepa From heas at shrubbery.net Tue Apr 29 13:54:54 2014 From: heas at shrubbery.net (heasley) Date: Tue, 29 Apr 2014 13:54:54 +0000 Subject: [rancid] Cisco ACS 5.5 In-Reply-To: References: Message-ID: <20140429135454.GA19840@shrubbery.net> Tue, Apr 29, 2014 at 01:57:57PM +0200, Pawe?? Rzepa: > Hi, > I use rancid to download configuration from Cisco ACS. I have adopted > rancid a little and finally got it working. After recent upgrade to > 5.5 it stopped gathering configuration. > Investigation showed that the reason was exp_continue in proc > run_commands for -re "\b+" : > proc run_commands { prompt command } { > global do_saveconfig in_proc platform > ... > for {set i 0} {$i < $num_commands} { incr i} { > send -- "[subst -nocommands [lindex $commands $i]]\r" > expect { > # -re "\b+" { exp_continue } -------------- > MUST HAVE DISABLED IT > -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" > } > -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" > exp_continue > } > ........... > > > Now I got all the configuration lines, but '\b' is here. How can I > remove all occurrences of '\b' from the buffer before it is printed > out? the line that you have commented should have consumed the backspaces. what is the behavior when it fails (hangs, simply fails)? what version of expect do you have? what version of rancid? From heas at shrubbery.net Tue Apr 29 14:39:29 2014 From: heas at shrubbery.net (heasley) Date: Tue, 29 Apr 2014 14:39:29 +0000 Subject: [rancid] Rancid and Git In-Reply-To: References: Message-ID: <20140429143929.GE19840@shrubbery.net> Fri, Apr 25, 2014 at 08:32:47PM +0000, Brown, David M JR: > To whom it may concern, > > Apparently this has been brought up a bunch of times. > > Original Git Patch... > http://www.shrubbery.net/pipermail/rancid-discuss/2007-March/002152.html > > Another mention of the git patch... > http://www.shrubbery.net/pipermail/rancid-discuss/2008-December/003529.html > > More poking about git... > http://www.shrubbery.net/pipermail/rancid-discuss/2010-April/004865.html > > And yet even more poking around git... > http://www.shrubbery.net/pipermail/rancid-discuss/2013-May/006830.html > > The final mention of git support in rancid talks about a rancid fork (essentially) rancid-git whose sole purpose is to support git in rancid https://github.com/dotwaffle/rancid-git. > > So, I'd really like to know the answer as to why Git isn't supported in Rancid yet? Most of the patches seem okay and discussion about them seems to have just stopped. The discussion has no mention of whether the patch was going to be supported or not. to support it, i have to test it and havent had time. what does git provide over svn? afaict, there is only one feature, which does not apply to rancid. From david.brown at pnnl.gov Tue Apr 29 15:08:51 2014 From: david.brown at pnnl.gov (Brown, David M JR) Date: Tue, 29 Apr 2014 15:08:51 +0000 Subject: [rancid] Rancid and Git In-Reply-To: <20140429143929.GE19840@shrubbery.net> References: , <20140429143929.GE19840@shrubbery.net> Message-ID: > to support it, i have to test it and havent had time. what does git provide > over svn? afaict, there is only one feature, which does not apply to rancid. For us, the feature fits well into the rest of our git repository management we have internally. We have a centralized git server where all configuration for internal applications is stored and supporting a subversion server is replication of support overhead that shouldn't be needed. Furthermore, git, like most distributed SCMs, supports pushing and pulling to multiple locations this means that multiple rancid deployments could be hooked into one central git repository. At least for us we have managed switches that are not accessible (due to security or support concerns) from broader networks. The ability to setup a tree of git repositories to aggregate our network configurations to a central place is a big feature for us. Thanks, - David Brown From roman.hochuli at nexellent.ch Tue Apr 29 18:15:58 2014 From: roman.hochuli at nexellent.ch (Roman Hochuli) Date: Tue, 29 Apr 2014 20:15:58 +0200 Subject: [rancid] Cisco licenses In-Reply-To: <20140428161950.GB82839@shrubbery.net> References: <535E12A2.9030304@nexellent.ch> <20140428161950.GB82839@shrubbery.net> Message-ID: <535FEC5E.4080105@nexellent.ch> Hello Heasly > an example? its already collected on junos and iosxr. Routers having the licensing ability react for example this way: --snip Router#show license udi Device# PID SN UDI ----------------------------------------------------------------------------- *0 CISCO2901/K9 FCZXXXXXXXX CISCO2901/K9:FCZXXXXXXXX Router# show license feature Feature name Enforcement Evaluation Subscription Enabled RightToUse ipbasek9 no no no yes no securityk9 yes yes no yes yes uck9 yes yes no no yes datak9 yes yes no yes yes gatekeeper yes yes no no yes SSL_VPN yes yes no no yes ios-ips-update yes yes yes no yes SNASw yes yes no no yes hseck9 yes no no no no cme-srst yes yes no no yes WAAS_Express yes yes no no yes UCVideo yes yes no no yes Router# show license Index 1 Feature: ipbasek9 Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 2 Feature: securityk9 Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 3 Feature: uck9 Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Index 4 Feature: datak9 Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 5 Feature: gatekeeper Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Index 6 Feature: SSL_VPN Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: 0/0 (In-use/Violation) License Priority: None Index 7 Feature: ios-ips-update Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Index 8 Feature: SNASw Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Index 9 Feature: hseck9 Index 10 Feature: cme-srst Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: 0/0 (In-use/Violation) License Priority: None Index 11 Feature: WAAS_Express Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Index 12 Feature: UCVideo Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Router# show license detail Index: 1 Feature: SNASw Version: 1.0 License Type: EvalRightToUse License State: Not in Use, EULA not accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 6 Store Name: Built-In License Storage Index: 2 Feature: SSL_VPN Version: 1.0 License Type: EvalRightToUse License State: Not in Use, EULA not accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: 0/0 (In-use/Violation) License Priority: None Store Index: 4 Store Name: Built-In License Storage Index: 3 Feature: UCVideo Version: 1.0 License Type: EvalRightToUse License State: Not in Use, EULA not accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 9 Store Name: Built-In License Storage Index: 4 Feature: WAAS_Express Version: 1.0 License Type: EvalRightToUse License State: Not in Use, EULA not accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 8 Store Name: Built-In License Storage Index: 5 Feature: cme-srst Version: 1.0 License Type: EvalRightToUse License State: Not in Use, EULA not accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: 0/0 (In-use/Violation) License Priority: None Store Index: 7 Store Name: Built-In License Storage Index: 6 Feature: datak9 Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Store Index: 0 Store Name: Primary License Storage Index: 7 Feature: datak9 Version: 1.0 License Type: EvalRightToUse License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 2 Store Name: Built-In License Storage Index: 8 Feature: gatekeeper Version: 1.0 License Type: EvalRightToUse License State: Not in Use, EULA not accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 3 Store Name: Built-In License Storage Index: 9 Feature: ios-ips-update Version: 1.0 License Type: EvalRightToUse License State: Not in Use, EULA not accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 5 Store Name: Built-In License Storage Index: 10 Feature: ipbasek9 Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Store Index: 2 Store Name: Primary License Storage Index: 11 Feature: securityk9 Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Store Index: 1 Store Name: Primary License Storage Index: 12 Feature: securityk9 Version: 1.0 License Type: EvalRightToUse License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 0 Store Name: Built-In License Storage Index: 13 Feature: uck9 Version: 1.0 License Type: EvalRightToUse License State: Not in Use, EULA not accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 1 Store Name: Built-In License Storage Router# --snap Routers not having that ability react like this: --snip Router# show license ^ % Invalid input detected at '^' marker. Router# --snap -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 Fax: +41 44 872 20 01 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier From Bob.Brunette at cdw.com Tue Apr 29 18:55:39 2014 From: Bob.Brunette at cdw.com (Bob Brunette) Date: Tue, 29 Apr 2014 18:55:39 +0000 Subject: [rancid] Cisco licenses In-Reply-To: <535FEC5E.4080105@nexellent.ch> References: <535E12A2.9030304@nexellent.ch> <20140428161950.GB82839@shrubbery.net> <535FEC5E.4080105@nexellent.ch> Message-ID: On Cisco ASA?s, the command is ?show activation-key?. Here is what the output looks like on an ASA configured for failover: firewall# show activation-key Serial Number: FCHxxxxxxxx Running Permanent Activation Key: 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn Running Timebased Activation Key: 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn Licensed features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 300 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Security Contexts : 7 3 days GTP/GPRS : Disabled perpetual AnyConnect Premium Peers : 2500 3 days AnyConnect Essentials : 2500 perpetual Other VPN Peers : 2500 perpetual Total VPN Peers : 2500 perpetual Shared License : Disabled perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Enabled 3 days Advanced Endpoint Assessment : Disabled perpetual UC Phone Proxy Sessions : 52 3 days Total UC Proxy Sessions : 52 3 days Botnet Traffic Filter : Disabled perpetual Intercompany Media Engine : Disabled perpetual IPS Module : Enabled perpetual Cluster : Enabled perpetual Cluster Members : 2 perpetual This platform has an ASA5545 VPN Premium license. Failover cluster licensed features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 300 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Security Contexts : 9 3 days GTP/GPRS : Disabled perpetual AnyConnect Premium Peers : 2500 3 days AnyConnect Essentials : 2500 perpetual Other VPN Peers : 2500 perpetual Total VPN Peers : 2500 perpetual Shared License : Disabled perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Enabled perpetual Advanced Endpoint Assessment : Disabled perpetual UC Phone Proxy Sessions : 54 3 days Total UC Proxy Sessions : 54 3 days Botnet Traffic Filter : Disabled perpetual Intercompany Media Engine : Disabled perpetual IPS Module : Enabled perpetual Cluster : Enabled perpetual This platform has an ASA5545 VPN Premium license. The Running Activation Key feature: 5000 AnyConnect Premium sessions exceed the limit on the platform, reduced to 2500 AnyConnect Premium sessions. The flash permanent activation key is the SAME as the running permanent key. Active Timebased Activation Key: 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn Encryption-3DES-AES : Enabled 3 days Security Contexts : 5 3 days AnyConnect Premium Peers : 2500 3 days AnyConnect for Mobile : Enabled 3 days AnyConnect for Cisco VPN Phone : Enabled 3 days Total UC Proxy Sessions : 50 3 days AnyConnect Essentials : 1 3 days IPS Module : Enabled 3 days Bob Brunette On 4/29/14, 1:15 PM, "Roman Hochuli" wrote: >Hello Heasly > >> an example? its already collected on junos and iosxr. > >Routers having the licensing ability react for example this way: > >--snip >Router#show license udi >Device# PID SN UDI >-------------------------------------------------------------------------- >--- >*0 CISCO2901/K9 FCZXXXXXXXX CISCO2901/K9:FCZXXXXXXXX > >Router# show license feature >Feature name Enforcement Evaluation Subscription Enabled > RightToUse >ipbasek9 no no no yes >no >securityk9 yes yes no yes > yes >uck9 yes yes no no > yes >datak9 yes yes no yes > yes >gatekeeper yes yes no no > yes >SSL_VPN yes yes no no > yes >ios-ips-update yes yes yes no > yes >SNASw yes yes no no > yes >hseck9 yes no no no >no >cme-srst yes yes no no > yes >WAAS_Express yes yes no no > yes >UCVideo yes yes no no > yes > >Router# show license >Index 1 Feature: ipbasek9 > Period left: Life time > License Type: Permanent > License State: Active, In Use > License Count: Non-Counted > License Priority: Medium >Index 2 Feature: securityk9 > Period left: Life time > License Type: Permanent > License State: Active, In Use > License Count: Non-Counted > License Priority: Medium >Index 3 Feature: uck9 > Period left: Not Activated > Period Used: 0 minute 0 second > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > License Count: Non-Counted > License Priority: None >Index 4 Feature: datak9 > Period left: Life time > License Type: Permanent > License State: Active, In Use > License Count: Non-Counted > License Priority: Medium >Index 5 Feature: gatekeeper > Period left: Not Activated > Period Used: 0 minute 0 second > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > License Count: Non-Counted > License Priority: None >Index 6 Feature: SSL_VPN > Period left: Not Activated > Period Used: 0 minute 0 second > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > License Count: 0/0 (In-use/Violation) > License Priority: None >Index 7 Feature: ios-ips-update > Period left: Not Activated > Period Used: 0 minute 0 second > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > License Count: Non-Counted > License Priority: None >Index 8 Feature: SNASw > Period left: Not Activated > Period Used: 0 minute 0 second > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > License Count: Non-Counted > License Priority: None >Index 9 Feature: hseck9 >Index 10 Feature: cme-srst > Period left: Not Activated > Period Used: 0 minute 0 second > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > License Count: 0/0 (In-use/Violation) > License Priority: None >Index 11 Feature: WAAS_Express > Period left: Not Activated > Period Used: 0 minute 0 second > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > License Count: Non-Counted > License Priority: None >Index 12 Feature: UCVideo > Period left: Not Activated > Period Used: 0 minute 0 second > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > License Count: Non-Counted > License Priority: None > >Router# show license detail >Index: 1 Feature: SNASw Version: 1.0 > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: Non-Counted > License Priority: None > Store Index: 6 > Store Name: Built-In License Storage >Index: 2 Feature: SSL_VPN Version: 1.0 > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: 0/0 (In-use/Violation) > License Priority: None > Store Index: 4 > Store Name: Built-In License Storage >Index: 3 Feature: UCVideo Version: 1.0 > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: Non-Counted > License Priority: None > Store Index: 9 > Store Name: Built-In License Storage >Index: 4 Feature: WAAS_Express Version: 1.0 > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: Non-Counted > License Priority: None > Store Index: 8 > Store Name: Built-In License Storage >Index: 5 Feature: cme-srst Version: 1.0 > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: 0/0 (In-use/Violation) > License Priority: None > Store Index: 7 > Store Name: Built-In License Storage >Index: 6 Feature: datak9 Version: 1.0 > License Type: Permanent > License State: Active, In Use > License Count: Non-Counted > License Priority: Medium > Store Index: 0 > Store Name: Primary License Storage >Index: 7 Feature: datak9 Version: 1.0 > License Type: EvalRightToUse > License State: Inactive > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: Non-Counted > License Priority: None > Store Index: 2 > Store Name: Built-In License Storage >Index: 8 Feature: gatekeeper Version: 1.0 > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: Non-Counted > License Priority: None > Store Index: 3 > Store Name: Built-In License Storage >Index: 9 Feature: ios-ips-update Version: 1.0 > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: Non-Counted > License Priority: None > Store Index: 5 > Store Name: Built-In License Storage >Index: 10 Feature: ipbasek9 Version: 1.0 > License Type: Permanent > License State: Active, In Use > License Count: Non-Counted > License Priority: Medium > Store Index: 2 > Store Name: Primary License Storage >Index: 11 Feature: securityk9 Version: 1.0 > License Type: Permanent > License State: Active, In Use > License Count: Non-Counted > License Priority: Medium > Store Index: 1 > Store Name: Primary License Storage >Index: 12 Feature: securityk9 Version: 1.0 > License Type: EvalRightToUse > License State: Inactive > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: Non-Counted > License Priority: None > Store Index: 0 > Store Name: Built-In License Storage >Index: 13 Feature: uck9 Version: 1.0 > License Type: EvalRightToUse > License State: Not in Use, EULA not accepted > Evaluation total period: 8 weeks 4 days > Evaluation period left: 8 weeks 4 days > Period used: 0 minute 0 second > License Count: Non-Counted > License Priority: None > Store Index: 1 > Store Name: Built-In License Storage > >Router# >--snap > > >Routers not having that ability react like this: >--snip >Router# show license > ^ >% Invalid input detected at '^' marker. > >Router# >--snap > >-- >Best regards, >Roman Hochuli >Operations Manager > >nexellent ag >Saegereistrasse 33 >CH-8152 Glattbrugg > >Phone: +41 44 872 20 00 >Fax: +41 44 872 20 01 >URL: www.nexellent.ch >X-NCC-RegID: ch.nexellent > >Imagination is the one weapon in the war >against reality. > -- Jules de Gaultier > >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo/rancid-discuss From crowed at bendbroadband.net Tue Apr 29 20:07:26 2014 From: crowed at bendbroadband.net (Crowe, David) Date: Tue, 29 Apr 2014 13:07:26 -0700 Subject: [rancid] Rancid and Git In-Reply-To: <20140429143929.GE19840@shrubbery.net> References: <20140429143929.GE19840@shrubbery.net> Message-ID: <737B6B75-A399-4B88-B313-58F5EC6C2DBB@bendbroadband.net> On Apr 29, 2014, at 7:39 AM, heasley wrote: > Fri, Apr 25, 2014 at 08:32:47PM +0000, Brown, David M JR: >> To whom it may concern, >> >> Apparently this has been brought up a bunch of times. >> >> Original Git Patch... >> http://www.shrubbery.net/pipermail/rancid-discuss/2007-March/002152.html >> >> Another mention of the git patch... >> http://www.shrubbery.net/pipermail/rancid-discuss/2008-December/003529.html >> >> More poking about git... >> http://www.shrubbery.net/pipermail/rancid-discuss/2010-April/004865.html >> >> And yet even more poking around git... >> http://www.shrubbery.net/pipermail/rancid-discuss/2013-May/006830.html >> >> The final mention of git support in rancid talks about a rancid fork (essentially) rancid-git whose sole purpose is to support git in rancid https://github.com/dotwaffle/rancid-git. >> >> So, I'd really like to know the answer as to why Git isn't supported in Rancid yet? Most of the patches seem okay and discussion about them seems to have just stopped. The discussion has no mention of whether the patch was going to be supported or not. > > to support it, i have to test it and havent had time. what does git provide > over svn? afaict, there is only one feature, which does not apply to rancid. what one feature do you mean? git is an easy integration into rancid and gives us useful options when we're trying to manage the repository backend as the OP noted in his later response. we've been carrying around a git patchset for rancid for years that has been relatively easy to port to each version. however, i would greatly appreciate integration upstream. it works very well and is feature comparable to the svn implementation. enjoy, David From heas at shrubbery.net Wed Apr 30 00:39:21 2014 From: heas at shrubbery.net (heasley) Date: Wed, 30 Apr 2014 00:39:21 +0000 Subject: [rancid] Cisco licenses In-Reply-To: References: <535E12A2.9030304@nexellent.ch> <20140428161950.GB82839@shrubbery.net> <535FEC5E.4080105@nexellent.ch> Message-ID: <20140430003921.GJ38755@shrubbery.net> Tue, Apr 29, 2014 at 06:55:39PM +0000, Bob Brunette: > On Cisco ASA?s, the command is ?show activation-key?. Here is what the > output looks like on an ASA configured for failover: > firewall# show activation-key > Serial Number: FCHxxxxxxxx > Running Permanent Activation Key: 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn > 0xnnnnnnnn 0xnnnnnnnn > Running Timebased Activation Key: 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn > 0xnnnnnnnn 0xnnnnnnnn i dont have ASAs/PIXs. i presume the second column is fixed; what is the third column? > Licensed features for this platform: > Maximum Physical Interfaces : Unlimited perpetual > Maximum VLANs : 300 perpetual > Inside Hosts : Unlimited perpetual > Failover : Active/Active perpetual > Encryption-DES : Enabled perpetual > Encryption-3DES-AES : Enabled perpetual > Security Contexts : 7 3 days > GTP/GPRS : Disabled perpetual > AnyConnect Premium Peers : 2500 3 days > AnyConnect Essentials : 2500 perpetual > Other VPN Peers : 2500 perpetual > Total VPN Peers : 2500 perpetual > Shared License : Disabled perpetual > AnyConnect for Mobile : Enabled perpetual > AnyConnect for Cisco VPN Phone : Enabled 3 days > Advanced Endpoint Assessment : Disabled perpetual > UC Phone Proxy Sessions : 52 3 days > Total UC Proxy Sessions : 52 3 days > Botnet Traffic Filter : Disabled perpetual > Intercompany Media Engine : Disabled perpetual > IPS Module : Enabled perpetual > Cluster : Enabled perpetual > Cluster Members : 2 perpetual > > This platform has an ASA5545 VPN Premium license. > > > Failover cluster licensed features for this platform: > Maximum Physical Interfaces : Unlimited perpetual > Maximum VLANs : 300 perpetual > Inside Hosts : Unlimited perpetual > Failover : Active/Active perpetual > Encryption-DES : Enabled perpetual > Encryption-3DES-AES : Enabled perpetual > Security Contexts : 9 3 days > GTP/GPRS : Disabled perpetual > AnyConnect Premium Peers : 2500 3 days > AnyConnect Essentials : 2500 perpetual > Other VPN Peers : 2500 perpetual > Total VPN Peers : 2500 perpetual > Shared License : Disabled perpetual > AnyConnect for Mobile : Enabled perpetual > AnyConnect for Cisco VPN Phone : Enabled perpetual > Advanced Endpoint Assessment : Disabled perpetual > UC Phone Proxy Sessions : 54 3 days > Total UC Proxy Sessions : 54 3 days > Botnet Traffic Filter : Disabled perpetual > Intercompany Media Engine : Disabled perpetual > IPS Module : Enabled perpetual > Cluster : Enabled perpetual > > This platform has an ASA5545 VPN Premium license. > > The Running Activation Key feature: 5000 AnyConnect Premium sessions > exceed the limit on the platform, reduced to 2500 AnyConnect Premium > sessions. > > The flash permanent activation key is the SAME as the running permanent > key. > > Active Timebased Activation Key: > 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn > Encryption-3DES-AES : Enabled 3 days > > Security Contexts : 5 3 days > > AnyConnect Premium Peers : 2500 3 days > > AnyConnect for Mobile : Enabled 3 days > > AnyConnect for Cisco VPN Phone : Enabled 3 days > > Total UC Proxy Sessions : 50 3 days > > AnyConnect Essentials : 1 3 days > > IPS Module : Enabled 3 days From tore at fud.no Wed Apr 30 06:03:22 2014 From: tore at fud.no (Tore Anderson) Date: Wed, 30 Apr 2014 08:03:22 +0200 Subject: [rancid] Rancid and Git In-Reply-To: References: , <20140429143929.GE19840@shrubbery.net> Message-ID: <5360922A.50502@fud.no> * Brown, David M JR > For us, the feature fits well into the rest of our git repository > management we have internally. We have a centralized git server where > all configuration for internal applications is stored and supporting > a subversion server is replication of support overhead that shouldn't > be needed. +1 We've phased out all instances of RCS, CVS, and SVN in favour of Git which we consider superior in pretty much any way. So we have a lot of processes and systems that build on top of Git, like issue trackers and web based repository browsers with nice coloured side-by-side diffs and such. There's just no way we would want to keep the old stuff around solely for RANCID. > Furthermore, git, like most distributed SCMs, supports pushing and > pulling to multiple locations this means that multiple rancid > deployments could be hooked into one central git repository. At least > for us we have managed switches that are not accessible (due to > security or support concerns) from broader networks. The ability to > setup a tree of git repositories to aggregate our network > configurations to a central place is a big feature for us. Again +1. Another thing we find useful is that once you set up the RANCID server(s) to automatically push changes to a central Git repository, then you can easily allow other systems which have some use for parsing the network configs to use Git to easily fetch updated copies from that central location. Those system do not need to have access to or even know about the individual servers running RANCID. Speaking of Git, I would also suggest to move the development of RANCID itself into a publicly available Git repository like GitHub. I find it much easier to contribute my own changes back upstream this way, find the exact code that introduced bugs (git-bisect is just pure awesome), and so on. Contributing a patch to RANCID proper, on the other hand, seems to be to fire off a patch to this mailing list with no way to verify that it still works or even applies cleanly to the current development head. I'd guess this is partially the reason why the rancid-git fork has become more than "vanilla RANCID + Git integration" but actually have other changes too, like new device scripts and such. John, if you've not familiarised yourself with Git yet I would strongly recommend that you invest some time in doing so, you won't regret it... It's not without reason that a huge number of open-source projects have converted to Git. Tore From pawel.rzepa at gmail.com Wed Apr 30 07:13:28 2014 From: pawel.rzepa at gmail.com (=?UTF-8?B?UGF3ZcWCIFJ6ZXBh?=) Date: Wed, 30 Apr 2014 09:13:28 +0200 Subject: [rancid] Cisco ACS 5.5 In-Reply-To: <20140429135454.GA19840@shrubbery.net> References: <20140429135454.GA19840@shrubbery.net> Message-ID: Hi, No, it doesn't hang. When I login into the device interactively it works. When I run a command it produces unpredictable results, imho depending on the chunks of output retrieved from the device. This is the excerpt from clogin -d -c 'write term' output which I suppose is relevant to the issue: expect: does "ip domain-name my.company.com\r\n! \r\nno ipv6 enable\r\n! \r\ninterface GigabitEthernet 0\r\n ip address 10.10.10.10 255.255.255.0\r\n ipv6 address autoconfig\r\n no ipv6 enable\r\n! \r\ninterface GigabitEthernet 1\r\n shutdown\r\n ipv6 address autoconfig\r\n no ipv6 enable\r\n! \r\nip name-server 10.10.10.10 10.10.10.10 \r\n! \r\nip default-gateway 10.10.10.10\r\n! \r\nclock timezone Europe/Warsaw\r\n! \r\nntp server 10.10.10.10\r\n!\u0008\nusername root password hash $1$p4MxVbAdp$asdfasdfasdfasd role admin \r\n!\u0008\nno max-ssh-sessions\r\n!\u0008\n" (spawn_id exp6) match regular expression "\u0008+"? yes expect: set expect_out(0,string) "\u0008" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "ip domain-name my.company.com\r\n! \r\nno ipv6 enable\r\n! \r\ninterface GigabitEthernet 0\r\n ip address 10.10.10.10 255.255.255.0\r\n ipv6 address autoconfig\r\n no ipv6 enable\r\n! \r\ninterface GigabitEthernet 1\r\n shutdown\r\n ipv6 address autoconfig\r\n no ipv6 enable\r\n! \r\nip name-server 10.10.10.10 10.10.10.10 \r\n! \r\nip default-gateway 10.10.10.10\r\n! \r\nclock timezone Europe/Warsaw\r\n! \r\nntp server 10.10.10.10\r\n!\u0008" expect: continuing expect expect: does "\nusername root password hash $1$p4MxVbAdp$asdfasdfasdfasd role admin \r\n!\u0008\nno max-ssh-sessions\r\n!\u0008\n" (spawn_id exp6) match regular expression "\u0008+"? yes expect: set expect_out(0,string) "\u0008" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "\nusername root password hash $1$p4MxVbAdp$asdfasdfasdfasd role admin \r\n!\u0008" expect: continuing expect expect version 5.43.0 rancid 2.3.8 Regards, Pawel Rzepa 2014-04-29 15:54 GMT+02:00 heasley : > Tue, Apr 29, 2014 at 01:57:57PM +0200, Pawe?? Rzepa: >> Hi, >> I use rancid to download configuration from Cisco ACS. I have adopted >> rancid a little and finally got it working. After recent upgrade to >> 5.5 it stopped gathering configuration. >> Investigation showed that the reason was exp_continue in proc >> run_commands for -re "\b+" : >> proc run_commands { prompt command } { >> global do_saveconfig in_proc platform >> ... >> for {set i 0} {$i < $num_commands} { incr i} { >> send -- "[subst -nocommands [lindex $commands $i]]\r" >> expect { >> # -re "\b+" { exp_continue } -------------- >> MUST HAVE DISABLED IT >> -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" >> } >> -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" >> exp_continue >> } >> ........... >> >> >> Now I got all the configuration lines, but '\b' is here. How can I >> remove all occurrences of '\b' from the buffer before it is printed >> out? > > the line that you have commented should have consumed the backspaces. > what is the behavior when it fails (hangs, simply fails)? what version > of expect do you have? what version of rancid?