From jandrewartha at ccgs.wa.edu.au Mon Jan 5 02:28:12 2015 From: jandrewartha at ccgs.wa.edu.au (James Andrewartha) Date: Mon, 5 Jan 2015 10:28:12 +0800 Subject: [rancid] vyatta/vyos In-Reply-To: References: Message-ID: <54A9F6BC.7060309@ccgs.wa.edu.au> On 28/12/14 10:30, Antonio Querubin wrote: > I've cobbled together support for VyOS from some previous efforts by > various people for Vyatta (see the git log). I'm assuming VyOS is still > close enough to Vyatta so that this should continue to work for Vyatta as > well. I don't have access to real Vyatta routers so I'd appreciate any > feedback from those that do. I took a different approach for my VyOS (well, Ubiquiti EdgeOS) routers. I use the in-built configuration backup to copy the configuration to the rancid host: set system config-management commit-archive location 'scp://user:password at rancidhost:/var/lib/rancid/ccgs/configs/vyoshost.domain.name' I also made a few changes to /opt/vyatta/sbin/vyatta-commit-push.pl, changing it to use the commands form of configuration (note also the change from showCfg to showConfig): my $cmd = 'cli-shell-api showConfig --show-active-only --show-commands'; and changing the save filename: #my $cmd = "curl -s -T $tmp_push_file $uri/$save_file"; my $cmd = "curl -s -T $tmp_push_file $uri"; Then my vyosrancid file is just: #!/usr/bin/perl # Just copy the existing file to .new use File::Copy qw(copy); my $host = $ARGV[0]; copy $host, $host . ".new"; exit(0); Obviously this isn't for everyone, being a push rather than pull setup, but it does the job for me. -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 From heas at shrubbery.net Mon Jan 5 17:39:45 2015 From: heas at shrubbery.net (heasley) Date: Mon, 5 Jan 2015 17:39:45 +0000 Subject: [rancid] Adtran Support In-Reply-To: <54A31AB5.2050400@hubris.net> References: <54A31AB5.2050400@hubris.net> Message-ID: <20150105173944.GE28478@shrubbery.net> Tue, Dec 30, 2014 at 03:35:49PM -0600, Steven Saner: > Hi all: > > I have been using RANCID for years now with Cisco gear. I would like to > also use it with some Adtran gear that we have, including the TA5000, > TA90x IADs, and Netvanta EFM cpe. > > I'm working with the most recent version and I see what appears to be > the beginnings of support for Adtran gear in /etc/rancid.types.base. But > there doesn't seem to be any adtran.pm module. I also see a comment from > a few months ago in the list archives about someone that once created an > nvrancid script to handle some Netvanta gear. > > My question is this. Is there any effort underway to finish up the > Adtran support in the current version, and if so, can I be of any help? if i had access to one, i could finish it. or, i can provide what i have ATM to someone wanting to finish it. or, someone on the list has one that a few others can test and report on stability. From rdrake at direcpath.com Mon Jan 5 20:07:52 2015 From: rdrake at direcpath.com (rdrake) Date: Mon, 5 Jan 2015 15:07:52 -0500 Subject: [rancid] vyatta/vyos In-Reply-To: <54A9F6BC.7060309@ccgs.wa.edu.au> References: <54A9F6BC.7060309@ccgs.wa.edu.au> Message-ID: <54AAEF18.70406@direcpath.com> On 01/04/2015 09:28 PM, James Andrewartha wrote: > On 28/12/14 10:30, Antonio Querubin wrote: > I took a different approach for my VyOS (well, Ubiquiti EdgeOS) > routers. I use the in-built configuration backup to copy the > configuration to the rancid host: set system config-management > commit-archive location > 'scp://user:password at rancidhost:/var/lib/rancid/ccgs/configs/vyoshost.domain.name' > I also made a few changes to /opt/vyatta/sbin/vyatta-commit-push.pl, > changing it to use the commands form of configuration (note also the > change from showCfg to showConfig): I would advise against this depending on the size and scope of your network. The primary issue with pushing the configuration is that if any of your routers are compromised then someone has a username and password, as well as the name of your configuration server, so they have full access to hop to it and further compromise other hosts. A better choice for most UNIX based routers if you're skipping rancid is to use ssh host keys to allow the configuration server access without passwords, then pull the file at scheduled times and manage it with a change control. (Rancid still helps here by normalizing lines, like sorting access-lists or removing timestamps if needed.. but if the file is pretty static you might be able to commit it without changing anything) > my $cmd = 'cli-shell-api showConfig --show-active-only --show-commands'; > > and changing the save filename: > > #my $cmd = "curl -s -T $tmp_push_file $uri/$save_file"; > my $cmd = "curl -s -T $tmp_push_file $uri"; > > Then my vyosrancid file is just: > > #!/usr/bin/perl > # Just copy the existing file to .new > use File::Copy qw(copy); > > my $host = $ARGV[0]; > > copy $host, $host . ".new"; > > exit(0); > > Obviously this isn't for everyone, being a push rather than pull setup, > but it does the job for me. > Of course, use whichever works best for you. I just don't advise scaling with this approach just in case. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From mnewton at pofp.com Tue Jan 6 23:40:55 2015 From: mnewton at pofp.com (Michael Newton) Date: Tue, 6 Jan 2015 15:40:55 -0800 Subject: [rancid] Aruba devices in 3.1 Message-ID: Hi all; we are looking at getting a RANCID infrastructure in place and have been pleasantly surprised by how easy everything has been so far. Had my first backups of our HP equipment within a few hours of getting started. But we also have a number of Aruba devices, and I can find no information on adding custom device types in this latest 3.1 version of the software. I have downloaded the Aruba scripts from ftp://ftp.shrubbery.net/pub/rancid/contrib/ but these were designed for 2.3 and suggest editing rancid-fe. Instead what I ended up with, after much guesswork, is this: $ cat /etc/rancid/rancid.types.conf aruba;script;rancid -t aruba aruba;login;arubalogin aruba;module;rancid aruba;inloop;rancid::inloop aruba;command;rancid::RunCommand;no paging aruba;command;rancid::RunCommand;show running-config $ su -lc "rancid -dt aruba aruba.example.com" rancid loadtype: device type aruba loadtype: found device type aruba in /etc/rancid/rancid.types.conf executing arubalogin -t 90 -c ?no paging;show running-config? aruba.example.com aruba.example.com: missed cmd(s): all commands aruba.example.com: End of run not found aruba.example.com: End of run not found Executing the displayed arubalogin command alone seems to work fine after a couple of small edits, and spits out the config. Why is rancid not recognizing it? Have I missed a step somewhere? Thanks for any pointers! Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5254 bytes Desc: not available URL: From it-info at bugtusselwireless.com Wed Jan 7 19:28:09 2015 From: it-info at bugtusselwireless.com (IT-Info) Date: Wed, 7 Jan 2015 19:28:09 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging Message-ID: <0B6F55F38178C84A8A5F0A49826C2844376DE86B@bug-exc.bugtusselwireless.com> Hello, I've got an issue specifically with MikroTik devices. When RANCID runs, it skips a bunch of MikroTik devices with this type of error: mikrotik01: missed cmd(s): system package print detail without-paging If I log in and run rancid-run manually, sometimes it will work and sometimes it won't, but it never works from cron. These MikroTik devices are those that have been replaced due to failure or other reason. I delete the key in .ssh/known_keys, the new key is added upon next run, but then this error appears. Since we've replaced many MikroTiks over the past 6 months, the list of MikroTik devices with this issue is growing - I've got about 20 now. I upgraded RANCID from 2.3.8 to 3.1, but that didn't help the issue. I'm aware of the issue detailed at http://www.shrubbery.net/pipermail/rancid-discuss/2013-August/007010.html. This issue is similar, but I don't know the solution and I can replicate it after physically replacing a MikroTik device. I can manually run the command that RANICID errors on without any issues, so it doesn't appear to be a timeout issue: $ bin/mtlogin -c "system package print detail without-paging" mikrotik01 Has anyone seen this issue or have any advice for me? It's frustrating that when a MikroTik is replaced, it's no longer able to be backed up in RANCID due to this error. Otherwise, RANCID works great, especially with our Juniper and Cisco devices. Thanks in advance! Brian -------------- next part -------------- An HTML attachment was scrubbed... URL: From timoid at timoid.org Wed Jan 7 21:16:50 2015 From: timoid at timoid.org (Tim Warnock) Date: Wed, 7 Jan 2015 21:16:50 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging In-Reply-To: <0B6F55F38178C84A8A5F0A49826C2844376DE86B@bug-exc.bugtusselwireless.com> References: <0B6F55F38178C84A8A5F0A49826C2844376DE86B@bug-exc.bugtusselwireless.com> Message-ID: > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On > Behalf Of IT-Info > Sent: Thursday, 8 January 2015 5:28 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] MikroTik missed cmd(s): system package print detail > without-paging > > Hello, > > > > I've got an issue specifically with MikroTik devices. When RANCID runs, it > skips a bunch of MikroTik devices with this type of error: > > mikrotik01: missed cmd(s): system package print detail without-paging > > > > If I log in and run rancid-run manually, sometimes it will work and > sometimes it won't, but it never works from cron. These MikroTik devices > are those that have been replaced due to failure or other reason. I delete > the key in .ssh/known_keys, the new key is added upon next run, but then > this error appears. Since we've replaced many MikroTiks over the past 6 > months, the list of MikroTik devices with this issue is growing - I've got > about 20 now. > Are you running from cron as the same user as run by hand? Are these boxes running full tables? How long does an /export take if you run it by hand? Does a /system package print detail without-paging complete successfully if you run it via ssh? Is your /system identity dns style or does it have other characters/symbols? From it-info at bugtusselwireless.com Wed Jan 7 21:30:07 2015 From: it-info at bugtusselwireless.com (IT-Info) Date: Wed, 7 Jan 2015 21:30:07 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging Message-ID: <0B6F55F38178C84A8A5F0A49826C2844376DEA47@bug-exc.bugtusselwireless.com> Hi Tim, When I test it manually, I always test using the rancid user, which is what cron also runs as. No, they're not running full tables. Yes, a /system package print detail without-paging completes successfully and quickly via ssh. Yes, the /system identity is composed of alphanumeric characters, as well as periods and dashes. Again, it seems that the only MikroTiks that have issues are those that have been replaced. I can pretty much guarantee that if a MikroTik router fails and gets replaced, it will no longer get backed up automatically in RANCID due to the error. This has not been the case for Juniper or Cisco devices, those seem to work fine when they're replaced. Thank you, Brian -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Tim Warnock Sent: Wednesday, January 7, 2015 3:17 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] MikroTik missed cmd(s): system package print detail without-paging > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On > Behalf Of IT-Info > Sent: Thursday, 8 January 2015 5:28 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] MikroTik missed cmd(s): system package print detail > without-paging > > Hello, > > > > I've got an issue specifically with MikroTik devices. When RANCID runs, it > skips a bunch of MikroTik devices with this type of error: > > mikrotik01: missed cmd(s): system package print detail without-paging > > > > If I log in and run rancid-run manually, sometimes it will work and > sometimes it won't, but it never works from cron. These MikroTik devices > are those that have been replaced due to failure or other reason. I delete > the key in .ssh/known_keys, the new key is added upon next run, but then > this error appears. Since we've replaced many MikroTiks over the past 6 > months, the list of MikroTik devices with this issue is growing - I've got > about 20 now. > Are you running from cron as the same user as run by hand? Are these boxes running full tables? How long does an /export take if you run it by hand? Does a /system package print detail without-paging complete successfully if you run it via ssh? Is your /system identity dns style or does it have other characters/symbols? _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Wed Jan 7 21:37:10 2015 From: heas at shrubbery.net (heasley) Date: Wed, 7 Jan 2015 21:37:10 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging In-Reply-To: <20150107213527.02D6D4A199@sea.shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DE86B@bug-exc.bugtusselwireless.com> Message-ID: <20150107213710.GB21164@shrubbery.net> Wed, Jan 07, 2015 at 07:28:09PM +0000, IT-Info: > I've got an issue specifically with MikroTik devices. When RANCID runs, it skips a bunch of MikroTik devices with this type of error: > mikrotik01: missed cmd(s): system package print detail without-paging > > If I log in and run rancid-run manually, sometimes it will work and sometimes it won't, but it never works from cron. These MikroTik devices are those that have been replaced due to failure or other reason. I delete the key in .ssh/known_keys, the new key is added upon next run, but then this error appears. Since we've replaced many MikroTiks over the past 6 months, the list of MikroTik devices with this issue is growing - I've got about 20 now. > > I upgraded RANCID from 2.3.8 to 3.1, but that didn't help the issue. I'm aware of the issue detailed at http://www.shrubbery.net/pipermail/rancid-discuss/2013-August/007010.html. This issue is similar, but I don't know the solution and I can replicate it after physically replacing a MikroTik device. > > I can manually run the command that RANICID errors on without any issues, so it doesn't appear to be a timeout issue: > $ bin/mtlogin -c "system package print detail without-paging" mikrotik01 Would you try this patch? please lmk if it fixes the problem. if it doesnt, perhaps you can give me remote access to one. Index: mtlogin.in =================================================================== --- mtlogin.in (revision 3005) +++ mtlogin.in (working copy) @@ -457,6 +457,14 @@ source_password_file $password_file set in_proc 0 set exitval 0 +# if we have dont have a tty, we need some additional terminal settings +if [catch {stty -echo} reason] { + # no tty, ie: cron + set spawnopts "-nottycopy" + set stty_init "cols 132" +} else { + catch {stty echo} reason +} foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" From heas at shrubbery.net Wed Jan 7 21:50:09 2015 From: heas at shrubbery.net (heasley) Date: Wed, 7 Jan 2015 21:50:09 +0000 Subject: [rancid] Aruba devices in 3.1 In-Reply-To: References: Message-ID: <20150107215009.GA25990@shrubbery.net> Tue, Jan 06, 2015 at 03:40:55PM -0800, Michael Newton: > Hi all; we are looking at getting a RANCID infrastructure in place and have been pleasantly surprised by how easy everything has been so far. Had my first backups of our HP equipment within a few hours of getting started. > > But we also have a number of Aruba devices, and I can find no information on adding custom device types in this latest 3.1 version of the software. I have downloaded the Aruba scripts from ftp://ftp.shrubbery.net/pub/rancid/contrib/ but these were designed for 2.3 and suggest editing rancid-fe. Instead what I ended up with, after much guesswork, is this: > > $ cat /etc/rancid/rancid.types.conf > aruba;script;rancid -t aruba > aruba;login;arubalogin > aruba;module;rancid > aruba;inloop;rancid::inloop > aruba;command;rancid::RunCommand;no paging > aruba;command;rancid::RunCommand;show running-config > > $ su -lc "rancid -dt aruba aruba.example.com" rancid > loadtype: device type aruba > loadtype: found device type aruba in /etc/rancid/rancid.types.conf > executing arubalogin -t 90 -c ?no paging;show running-config? aruba.example.com > aruba.example.com: missed cmd(s): all commands > aruba.example.com: End of run not found > aruba.example.com: End of run not found > > > Executing the displayed arubalogin command alone seems to work fine after a couple of small edits, and spits out the config. Why is rancid not recognizing it? Have I missed a step somewhere? Thanks for any pointers! to support a rancid 2.x style script, all that you need in rancid.types.conf ie: aruba;script;arubrancid (or whatever its name is) aruba;login;arubalogin like the alteon entry. the second line isnt necessary, but will be used with slogin in rancid 3.2. From it-info at bugtusselwireless.com Wed Jan 7 22:03:29 2015 From: it-info at bugtusselwireless.com (IT-Info) Date: Wed, 7 Jan 2015 22:03:29 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging In-Reply-To: <20150107213710.GB21164@shrubbery.net> References: <20150107213527.02D6D4A199@sea.shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DE86B@bug-exc.bugtusselwireless.com> <20150107213710.GB21164@shrubbery.net> Message-ID: <0B6F55F38178C84A8A5F0A49826C2844376DEB72@bug-exc.bugtusselwireless.com> Hi Heasley, I appologize, but how do I apply this patch? Does this need to be appended to the bin/mtlogin.in source file and then recompiled? Can you clarify for me? Thanks, Brian -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Wednesday, January 7, 2015 3:37 PM To: IT-Info Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] MikroTik missed cmd(s): system package print detail without-paging Wed, Jan 07, 2015 at 07:28:09PM +0000, IT-Info: > I've got an issue specifically with MikroTik devices. When RANCID runs, it skips a bunch of MikroTik devices with this type of error: > mikrotik01: missed cmd(s): system package print detail without-paging > > If I log in and run rancid-run manually, sometimes it will work and sometimes it won't, but it never works from cron. These MikroTik devices are those that have been replaced due to failure or other reason. I delete the key in .ssh/known_keys, the new key is added upon next run, but then this error appears. Since we've replaced many MikroTiks over the past 6 months, the list of MikroTik devices with this issue is growing - I've got about 20 now. > > I upgraded RANCID from 2.3.8 to 3.1, but that didn't help the issue. I'm aware of the issue detailed at http://www.shrubbery.net/pipermail/rancid-discuss/2013-August/007010.html. This issue is similar, but I don't know the solution and I can replicate it after physically replacing a MikroTik device. > > I can manually run the command that RANICID errors on without any issues, so it doesn't appear to be a timeout issue: > $ bin/mtlogin -c "system package print detail without-paging" mikrotik01 Would you try this patch? please lmk if it fixes the problem. if it doesnt, perhaps you can give me remote access to one. Index: mtlogin.in =================================================================== --- mtlogin.in (revision 3005) +++ mtlogin.in (working copy) @@ -457,6 +457,14 @@ source_password_file $password_file set in_proc 0 set exitval 0 +# if we have dont have a tty, we need some additional terminal settings +if [catch {stty -echo} reason] { + # no tty, ie: cron + set spawnopts "-nottycopy" + set stty_init "cols 132" +} else { + catch {stty echo} reason +} foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" From ablock at pobox.com Wed Jan 7 22:05:56 2015 From: ablock at pobox.com (Aaron Block) Date: Wed, 7 Jan 2015 17:05:56 -0500 Subject: [rancid] Securing RANCID installation In-Reply-To: References: <5711d189f6f64e83aa5c768863d7ae48@ACSMAIL.acs.local> <54908E1E.4010608@gmail.com> <0978D88F-9568-4AC6-B3F7-C6EF5F8B1DC0@gmail.com> Message-ID: > On Dec 17, 2014, at 5:22 PM, Daniel Schmidt wrote: > > I wrote an article on tacacs.org on security rancid. However, tacacs.org appears to be gone. Pretty easy to lock down with do_auth. As for local passwords, if tacacs is properly configured, they are useless. > tacacs.org appears to be back. Aaron Block From jjackson at aninetworks.net Wed Jan 7 22:08:17 2015 From: jjackson at aninetworks.net (Joseph Jackson) Date: Wed, 7 Jan 2015 22:08:17 +0000 Subject: [rancid] Securing RANCID installation In-Reply-To: References: <5711d189f6f64e83aa5c768863d7ae48@ACSMAIL.acs.local> <54908E1E.4010608@gmail.com> <0978D88F-9568-4AC6-B3F7-C6EF5F8B1DC0@gmail.com> Message-ID: <3f0f9b0b0d3c41b1bdc4cf9889e4b1ed@mbx080-w4-co-1.exch080.serverpod.net> Just for future reference here is my tacacs+ config that only allows rancid user to do show commands it needs to run. user = rancid2 { member = rancid login = } group = rancid { default service = deny service = exec { priv-lvl = 6 } cmd = show { permit .* } cmd = write { permit term } cmd = dir { permit .* } cmd = admin { permit .* } cmd = more { permit .* } -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Aaron Block Sent: Wednesday, January 07, 2015 4:06 PM To: Daniel Schmidt Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Securing RANCID installation > On Dec 17, 2014, at 5:22 PM, Daniel Schmidt wrote: > > I wrote an article on tacacs.org on security rancid. However, tacacs.org appears to be gone. Pretty easy to lock down with do_auth. As for local passwords, if tacacs is properly configured, they are useless. > tacacs.org appears to be back. Aaron Block _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From jkilambi at gmail.com Fri Jan 9 01:12:56 2015 From: jkilambi at gmail.com (Jitendra) Date: Fri, 9 Jan 2015 12:12:56 +1100 Subject: [rancid] DRancid on ubuntu 14.04 Message-ID: Hello All, Have rancid installed on ubuntu 14.04 and have dropped in the dlogin and drancid additions to the /var/lib/rancid/bin. I have also fixed the path for dlogin at the top of the file. However, drancid is having a bunch of issues. the .new file is not being writting into the /var/log/rancid folder; instead it is attempting to write to the /var/lib/rancid/bin to which the rancid user has no rights; only root does. Secondly, dlogin can not be found. Im stumped. Any help would be appreciated. Jit -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Jan 9 03:16:59 2015 From: heas at shrubbery.net (heasley) Date: Fri, 9 Jan 2015 03:16:59 +0000 Subject: [rancid] DRancid on ubuntu 14.04 In-Reply-To: References: Message-ID: <20150109031659.GB66171@shrubbery.net> Fri, Jan 09, 2015 at 12:12:56PM +1100, Jitendra: > Have rancid installed on ubuntu 14.04 and have dropped in the dlogin and > drancid additions to the /var/lib/rancid/bin. I have also fixed the path > for dlogin at the top of the file. However, drancid is having a bunch of > issues. > > the .new file is not being writting into the /var/log/rancid folder; > instead it is attempting to write to the /var/lib/rancid/bin to which the > rancid user has no rights; only root does. Secondly, dlogin can not be > found. install rancid 3.1 or alpha/3.1.99; dell support is included. From it-info at bugtusselwireless.com Fri Jan 9 17:51:52 2015 From: it-info at bugtusselwireless.com (IT-Info) Date: Fri, 9 Jan 2015 17:51:52 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging In-Reply-To: <0B6F55F38178C84A8A5F0A49826C2844376DEB72@bug-exc.bugtusselwireless.com> References: <20150107213527.02D6D4A199@sea.shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DE86B@bug-exc.bugtusselwireless.com> <20150107213710.GB21164@shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DEB72@bug-exc.bugtusselwireless.com> Message-ID: <0B6F55F38178C84A8A5F0A49826C2844376E12F4@bug-exc.bugtusselwireless.com> After patching bin/mtlogin, there seems to be improvement. The devices that were experiencing the error are now being backed up properly. The logs show many of these messages, though. Is this normal? are you disconnected or in a batch, at, or cron script?stty: impossible in this context Thanks, Brian From matthias.cramer at iway.ch Fri Jan 9 19:18:10 2015 From: matthias.cramer at iway.ch (Matthias Cramer) Date: Fri, 09 Jan 2015 20:18:10 +0100 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging In-Reply-To: <0B6F55F38178C84A8A5F0A49826C2844376E12F4@bug-exc.bugtusselwireless.com> References: <20150107213527.02D6D4A199@sea.shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DE86B@bug-exc.bugtusselwireless.com> <20150107213710.GB21164@shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DEB72@bug-exc.bugtusselwireless.com> <0B6F55F38178C84A8A5F0A49826C2844376E12F4@bug-exc.bugtusselwireless.com> Message-ID: <54B02972.60205@iway.ch> Hi This patch seams to fix it for me as well. Can now backup 12 more routers. Thanks. Regards Matthias On 09/01/15 18:51, IT-Info wrote: > After patching bin/mtlogin, there seems to be improvement. The devices that were experiencing the error are now being backed up properly. > > The logs show many of these messages, though. Is this normal? > are you disconnected or in a batch, at, or cron script?stty: impossible in this context > > > Thanks, > Brian > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Matthias Cramer / mc322-ripe Senior Network & Security Engineer iway AG Phone +41 43 500 1111 Badenerstrasse 569 Fax +41 44 271 3535 CH-8048 Zurich http://www.iway.ch/ GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 245 bytes Desc: OpenPGP digital signature URL: From heas at shrubbery.net Fri Jan 9 20:37:51 2015 From: heas at shrubbery.net (heasley) Date: Fri, 9 Jan 2015 20:37:51 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging In-Reply-To: <0B6F55F38178C84A8A5F0A49826C2844376E12F4@bug-exc.bugtusselwireless.com> References: <20150107213527.02D6D4A199@sea.shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DE86B@bug-exc.bugtusselwireless.com> <20150107213710.GB21164@shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DEB72@bug-exc.bugtusselwireless.com> <0B6F55F38178C84A8A5F0A49826C2844376E12F4@bug-exc.bugtusselwireless.com> Message-ID: <20150109203751.GC88313@shrubbery.net> Fri, Jan 09, 2015 at 05:51:52PM +0000, IT-Info: > After patching bin/mtlogin, there seems to be improvement. The devices that were experiencing the error are now being backed up properly. > > The logs show many of these messages, though. Is this normal? > are you disconnected or in a batch, at, or cron script?stty: impossible in this context that is coming from expect...though i do not understand why. catch should have prevented it. what version of expect is this? From it-info at bugtusselwireless.com Fri Jan 9 20:43:56 2015 From: it-info at bugtusselwireless.com (IT-Info) Date: Fri, 9 Jan 2015 20:43:56 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging In-Reply-To: <20150109203751.GC88313@shrubbery.net> References: <20150107213527.02D6D4A199@sea.shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DE86B@bug-exc.bugtusselwireless.com> <20150107213710.GB21164@shrubbery.net> <0B6F55F38178C84A8A5F0A49826C2844376DEB72@bug-exc.bugtusselwireless.com> <0B6F55F38178C84A8A5F0A49826C2844376E12F4@bug-exc.bugtusselwireless.com> <20150109203751.GC88313@shrubbery.net> Message-ID: <0B6F55F38178C84A8A5F0A49826C2844376E1A21@bug-exc.bugtusselwireless.com> Hi Heasley, expect version 5.44.1.15 Thanks, Brian From ssaner at hubris.net Fri Jan 9 21:15:19 2015 From: ssaner at hubris.net (Steven Saner) Date: Fri, 09 Jan 2015 15:15:19 -0600 Subject: [rancid] mtrancid patch Message-ID: <54B044E7.3080905@hubris.net> I had an issue with rancid 3.1 (and earlier versions too) tracking several Mikrotik routers. I'm not sure if this issue affects all Mikrotik models, but in my case I am using the following: > system resource print uptime: 8w2d22h47m48s version: 5.21 free-memory: 992624KiB total-memory: 1555212KiB cpu: e500v2 cpu-count: 2 cpu-frequency: 1066MHz cpu-load: 16% free-hdd-space: 68928KiB total-hdd-space: 110092KiB architecture-name: powerpc board-name: RB1100AHx2 platform: MikroTik In the config export there is the following: /interface ovpn-server server set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\ default enabled=no keepalive-timeout=60 mac-address=FE:EB:E4:50:DC:E8 \ max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no This is an interface associated with the OpenVPN server, which I am not using. The thing is, the mac-address attribute seems to be a generated value and it changes (how often or why, I'm not sure). As a result every time rancid would run, it would log a config change because this value was different. I implemented a quick and dirty patch to mtrancid to simply ignore the set auth= line inside of the ovpn-server interface so that the config would not change each run. Has someone else run in to this? Did they solve the problem in a different way? It might be better to make this ignore just the mac-address attribute, rather than the entire config line, but it didn't matter to me as I'm not using that interface. Here is my patch: --- a/bin/mtrancid.in +++ b/bin/mtrancid.in @@ -236,10 +236,12 @@ sub SystemLicensePrint { sub Export { print STDERR " In Export: $_" if ($debug); my $buffer = ""; + my $ovpn = 0; while () { tr/\015//d; if (/$prompt/) { $found_end=1; $clean_run=1; return 0}; + if (/interface ovpn-server server/) { $ovpn = 1; } next if(/^(\s*|\s*$cmd\s*)$/); next if(/^#/); return(1) if /(bad command name )/; @@ -259,7 +261,11 @@ sub Export { # Fix quoted strings $buffer =~ s/(\S+)="(\S+)"/$1=$2/g; - ProcessHistory("","","","$buffer"); + if ($ovpn && $buffer =~ m/\s*set auth/) { + $ovpn = 0; + } else { + ProcessHistory("","","","$buffer"); + } $buffer = ""; } } -- -------------------------------------------------------------------------- Steven Saner Voice: 316-858-3000 Director of Network Operations Fax: 316-858-3001 Hubris Communications http://www.hubris.net From it-info at bugtusselwireless.com Fri Jan 9 21:25:00 2015 From: it-info at bugtusselwireless.com (IT-Info) Date: Fri, 9 Jan 2015 21:25:00 +0000 Subject: [rancid] mtrancid patch In-Reply-To: <54B044E7.3080905@hubris.net> References: <54B044E7.3080905@hubris.net> Message-ID: <0B6F55F38178C84A8A5F0A49826C2844376E1AF9@bug-exc.bugtusselwireless.com> Hi Steven, I came across this as well; pretty frustrating. The only fix I discovered was to statically set the MAC address of the open-vpn server anything, preferably to something meaningless: /interface ovpn-server server set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=00:00:00:00:00:01 max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no This way it won't dynamically change and RANCID won't be emailing you about it. In my opinion, this is much simpler than writing code to systematically ignore the changing MAC addresses, even with 100+ Mikrotik devices. Kudos for your efforts, though. Hope this helps. Regards, Brian From ssaner at hubris.net Fri Jan 9 21:32:22 2015 From: ssaner at hubris.net (Steven Saner) Date: Fri, 09 Jan 2015 15:32:22 -0600 Subject: [rancid] mtrancid patch In-Reply-To: <0B6F55F38178C84A8A5F0A49826C2844376E1AF9@bug-exc.bugtusselwireless.com> References: <54B044E7.3080905@hubris.net> <0B6F55F38178C84A8A5F0A49826C2844376E1AF9@bug-exc.bugtusselwireless.com> Message-ID: <54B048E6.6050304@hubris.net> On 01/09/2015 03:25 PM, IT-Info wrote: > Hi Steven, > > > I came across this as well; pretty frustrating. > > The only fix I discovered was to statically set the MAC address of the open-vpn server anything, preferably to something meaningless: > > /interface ovpn-server server > set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=00:00:00:00:00:01 max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no > > This way it won't dynamically change and RANCID won't be emailing you about it. In my opinion, this is much simpler than writing code to systematically ignore the changing MAC addresses, even with 100+ Mikrotik devices. Kudos for your efforts, though. Hope this helps. > > > Regards, > Brian Indeed. Thank you for that. I sort of figured that someone might know how to change the MT behavior. This is a better solution. Thanks Steve -- -------------------------------------------------------------------------- Steven Saner Voice: 316-858-3000 Director of Network Operations Fax: 316-858-3001 Hubris Communications http://www.hubris.net From heas at shrubbery.net Fri Jan 9 23:47:56 2015 From: heas at shrubbery.net (heasley) Date: Fri, 9 Jan 2015 23:47:56 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging In-Reply-To: <20150109234625.8B89F498BC@sea.shrubbery.net> <20150109203751.GC88313@shrubbery.net> Message-ID: <20150109234756.GD91049@shrubbery.net> Fri, Jan 09, 2015 at 08:37:51PM +0000, heasley: > Fri, Jan 09, 2015 at 05:51:52PM +0000, IT-Info: > > After patching bin/mtlogin, there seems to be improvement. The devices that were experiencing the error are now being backed up properly. > > > > The logs show many of these messages, though. Is this normal? > > are you disconnected or in a batch, at, or cron script?stty: impossible in this context > > that is coming from expect...though i do not understand why. catch should > have prevented it. what version of expect is this? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss Please try this alternative patch: Index: bin/mtlogin.in =================================================================== --- bin/mtlogin.in (revision 3012) +++ bin/mtlogin.in (working copy) @@ -457,6 +457,15 @@ source_password_file $password_file set in_proc 0 set exitval 0 +# http://www.shrubbery.net/pipermail/rancid-discuss/2015-January/007984.html +# if we have dont have a tty, we need some additional terminal settings +if [catch {open /dev/tty w} ttyid] { + # no tty, ie: cron + set spawnopts "-nottycopy" + set stty_init "cols 132" +} else { + catch {close ttyid} reason +} foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" From heas at shrubbery.net Sat Jan 10 02:42:10 2015 From: heas at shrubbery.net (heasley) Date: Sat, 10 Jan 2015 02:42:10 +0000 Subject: [rancid] mtrancid patch In-Reply-To: <0B6F55F38178C84A8A5F0A49826C2844376E1AF9@bug-exc.bugtusselwireless.com> References: <54B044E7.3080905@hubris.net> <0B6F55F38178C84A8A5F0A49826C2844376E1AF9@bug-exc.bugtusselwireless.com> Message-ID: <20150110024210.GC96143@shrubbery.net> Fri, Jan 09, 2015 at 09:25:00PM +0000, IT-Info: > Hi Steven, > > > I came across this as well; pretty frustrating. > > The only fix I discovered was to statically set the MAC address of the open-vpn server anything, preferably to something meaningless: > > /interface ovpn-server server > set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=00:00:00:00:00:01 max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no This seems like a bug that should be reported to Microtik. is FE:... a valid OUI? if that is consistent and invalid, it could filter based on that. > This way it won't dynamically change and RANCID won't be emailing you about it. In my opinion, this is much simpler than writing code to systematically ignore the changing MAC addresses, even with 100+ Mikrotik devices. Kudos for your efforts, though. Hope this helps. > > > Regards, > Brian > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From jkilambi at gmail.com Mon Jan 12 00:44:43 2015 From: jkilambi at gmail.com (Jitendra) Date: Mon, 12 Jan 2015 11:44:43 +1100 Subject: [rancid] Dell Switch Rancid 3.1 Message-ID: Hello All, I have recently updated Rancid from 2.3.8 to 3.1 in the hopes to be able use rancid to get our only Dell Switch configs. It is a dell networking n4032 10Gb switch. When I use SMC or Dell config, it fails to past the initial login. I am assuming it is basically not picking up the User: command prompt? This is what I get when I do a debug mode for hlogin. parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {7080} Gate keeper glob pattern for '(Connection refused|Secure connection [^ ]+ refused|Connection closed by)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?' is 'HOST IDENTIFICATION HAS CHANGED* (yes/no)\?'. Activating booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED[^ ]+' is 'HOST IDENTIFICATION HAS CHANGED*'. Activating booster. Gate keeper glob pattern for 'Offending key for .* \(yes/no\)\?' is 'Offending key for * (yes/no)\?'. Activating booster. Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: '. Activating booster. Gate keeper glob pattern for '([Uu]sername|[Ll]ogin|user name|Login Name):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '([Pp]assword|passwd):' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp6) match glob pattern "Press any key to continue"? no "Enter switch number to connect to or :"? no "(Connection refused|Secure connection [^\n\r]+ refused|Connection closed by)"? (No Gate, RE only) gate=yes re=no "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?"? Gate "HOST IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS CHANGED*"? gate=no "Offending key for .* \(yes/no\)\?"? Gate "Offending key for * (yes/no)\?"? gate=no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match regular expression "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "([Uu]sername|[Ll]ogin|user name|Login Name):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd):"? (No Gate, RE only) gate=yes re=no "#"? no "denied"? no "% Bad passwords"? no Any ideas as to how to fix this? Funny thing is .clogin works fine...though dllogin and hlogin refuse to. As far as what I can see, the perl script for hlogin is mostly identical when fetching for statements.? Regards, Jit -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Jan 12 03:24:21 2015 From: heas at shrubbery.net (heasley) Date: Mon, 12 Jan 2015 03:24:21 +0000 Subject: [rancid] Dell Switch Rancid 3.1 In-Reply-To: References: Message-ID: <20150112032421.GA75704@shrubbery.net> Mon, Jan 12, 2015 at 11:44:43AM +1100, Jitendra: > I have recently updated Rancid from 2.3.8 to 3.1 in the hopes to be able > use rancid to get our only Dell Switch configs. It is a dell networking > n4032 10Gb switch. > > When I use SMC or Dell config, it fails to past the initial login. I am > assuming it is basically not picking up the User: command prompt? > > This is what I get when I do a debug mode for hlogin. > .... > > Any ideas as to how to fix this? Funny thing is .clogin works fine...though > dllogin and hlogin refuse to. As far as what I can see, the perl script for > hlogin is mostly identical when fetching for statements.? there is no input from the device in your dllogin clip. From mnewton at pofp.com Tue Jan 13 23:22:25 2015 From: mnewton at pofp.com (Michael Newton) Date: Tue, 13 Jan 2015 15:22:25 -0800 Subject: [rancid] Aruba devices in 3.1 In-Reply-To: <20150107215009.GA25990@shrubbery.net> References: <20150107215009.GA25990@shrubbery.net> Message-ID: > On 7 Jan 2015, at 1:50 PM, heasley wrote: > > Tue, Jan 06, 2015 at 03:40:55PM -0800, Michael Newton: >> Hi all; we are looking at getting a RANCID infrastructure in place and have been pleasantly surprised by how easy everything has been so far. Had my first backups of our HP equipment within a few hours of getting started. >> >> But we also have a number of Aruba devices, and I can find no information on adding custom device types in this latest 3.1 version of the software. I have downloaded the Aruba scripts from ftp://ftp.shrubbery.net/pub/rancid/contrib/ but these were designed for 2.3 and suggest editing rancid-fe. Instead what I ended up with, after much guesswork, is this: >> >> $ cat /etc/rancid/rancid.types.conf >> aruba;script;rancid -t aruba >> aruba;login;arubalogin >> aruba;module;rancid >> aruba;inloop;rancid::inloop >> aruba;command;rancid::RunCommand;no paging >> aruba;command;rancid::RunCommand;show running-config >> >> $ su -lc "rancid -dt aruba aruba.example.com" rancid >> loadtype: device type aruba >> loadtype: found device type aruba in /etc/rancid/rancid.types.conf >> executing arubalogin -t 90 -c ?no paging;show running-config? aruba.example.com >> aruba.example.com: missed cmd(s): all commands >> aruba.example.com: End of run not found >> aruba.example.com: End of run not found >> >> >> Executing the displayed arubalogin command alone seems to work fine after a couple of small edits, and spits out the config. Why is rancid not recognizing it? Have I missed a step somewhere? Thanks for any pointers! > > to support a rancid 2.x style script, all that you need in rancid.types.conf > ie: > aruba;script;arubrancid (or whatever its name is) > aruba;login;arubalogin > > like the alteon entry. the second line isnt necessary, but will be used with > slogin in rancid 3.2. Thanks for the tip. However, I was having some issues with the old script so I ended up building a new 3.x style Perl module that works for our purposes. If anyone?s interested in improving or stealing it, it can be found here: https://github.com/miken32/rancid-aruba/ Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5254 bytes Desc: not available URL: From it-info at bugtusselwireless.com Wed Jan 14 15:27:53 2015 From: it-info at bugtusselwireless.com (IT-Info) Date: Wed, 14 Jan 2015 15:27:53 +0000 Subject: [rancid] MikroTik missed cmd(s): system package print detail without-paging In-Reply-To: <20150109234756.GD91049@shrubbery.net> References: <20150109234625.8B89F498BC@sea.shrubbery.net> <20150109203751.GC88313@shrubbery.net> <20150109234756.GD91049@shrubbery.net> Message-ID: <0B6F55F38178C84A8A5F0A49826C284437720F41@bug-exc.bugtusselwireless.com> Hi Heasley, This patch got rid of that message in the logs. Everything seems to be working well. Thanks for all the help! Brian -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Friday, January 9, 2015 5:48 PM To: IT-Info; heasley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] MikroTik missed cmd(s): system package print detail without-paging Fri, Jan 09, 2015 at 08:37:51PM +0000, heasley: > Fri, Jan 09, 2015 at 05:51:52PM +0000, IT-Info: > > After patching bin/mtlogin, there seems to be improvement. The devices that were experiencing the error are now being backed up properly. > > > > The logs show many of these messages, though. Is this normal? > > are you disconnected or in a batch, at, or cron script?stty: impossible in this context > > that is coming from expect...though i do not understand why. catch should > have prevented it. what version of expect is this? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss Please try this alternative patch: Index: bin/mtlogin.in =================================================================== --- bin/mtlogin.in (revision 3012) +++ bin/mtlogin.in (working copy) @@ -457,6 +457,15 @@ source_password_file $password_file set in_proc 0 set exitval 0 +# http://www.shrubbery.net/pipermail/rancid-discuss/2015-January/007984.html +# if we have dont have a tty, we need some additional terminal settings +if [catch {open /dev/tty w} ttyid] { + # no tty, ie: cron + set spawnopts "-nottycopy" + set stty_init "cols 132" +} else { + catch {close ttyid} reason +} foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" From soporteinformatico.santi at googlemail.com Fri Jan 16 11:08:15 2015 From: soporteinformatico.santi at googlemail.com (Santi) Date: Fri, 16 Jan 2015 12:08:15 +0100 Subject: [rancid] Issue rancid with Avaya's device Message-ID: Hi, I have one big problem with rancid. I don't get the backup of my switch. This switch is: Ethernet Routing Switch 4548GT-PWR HW:12 FW:5.3.0.3 SW:v5.7.0.008 BN:08 (c) Avaya Networks I have two files, these are: bnrancid and bnlogin this is the configuration by bnlogin, it's: #! /usr/bin/expect -- ## ## $Id: blogin.in,v 1.50 2009/04/16 21:22:57 heas Exp $ ## ## @PACKAGE@ @VERSION@ ## Copyright (c) 1997-2009 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # The expect login scripts were based on Erik Sherk's gwtn, by permission. # # blogin - Bay Networks(Nortel) login # # Unlike the Cisco's, there is no enable function on the Bay's. Instead # there are seperate User and Manager accounts. A 'system' command exists, # which I am told does nothing. # # The "bcc>" prompt changes to "box#", not "bcc#" after the config command. # # Usage line set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 0 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 0 # Save config, if prompted set do_saveconfig 0 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[ info exists env(CLOGINRC) ]} { set password_file $env(CLOGINRC) } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Expect debug mode -d* { exp_internal 1 # Username } -u* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # VTY Password } -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Version string } -V* { send_user "@PACKAGE@ @VERSION@\n" exit 0 # Enable Username } -w* { if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [ lindex $argv $i ] } # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [ regexp .\[eE\](.+) $arg ignore enapasswd]} { incr i set enapasswd [ lindex $argv $i ] } set do_enapasswd 0 # Command to run. } -c* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # save config on exit } -S* { set do_saveconfig 1 # 'ssh -c' cypher type } -y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } set cmd_fd [open $cmd_file r] set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure proc login { router user userpswd passwd enapasswd prompt cmethod cyphertype } { global spawn_id in_proc do_command do_script global u_prompt p_prompt e_prompt sshcmd set in_proc 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif ![string compare $prog "ssh"] { if [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] { send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { send_error "\nError: unsupported method: rsh\n" if { $progs == 0 } { return 1 } continue; } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection Refused ($prog)\n"; return 1 } } eof { send_user "\nError: Couldn't login\n"; wait; return 1 } -nocase "unknown host\r" { catch {close}; catch {wait}; send_user "\nError: Unknown host\n"; wait; return 1 } "Host is unreachable" { catch {close}; catch {wait}; send_user "\nError: Host Unreachable!\n"; wait; return 1 } "No address associated with name" { catch {close}; catch {wait}; send_user "\nError: Unknown host\n"; wait; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Ctrl-Y" { send -- "\031" expect { -re "$u_prompt" { send -- "$user\r" ; send -- "$userpswd\r" } -re "#" { set in_proc 0; return 0 } } # exp_continue } -re "$u_prompt" { send -- "$user\r" expect { eof { send_user "\nError: Couldn't login\n"; wait; return 1 } "Login invalid" { send_user "\nError: Invalid login\n"; catch {close}; catch {wait}; return 1 } -re "$p_prompt" { send -- "$userpswd\r" } "$prompt" { set in_proc 0; return 0 } } exp_continue } -re "$p_prompt" { if $in_proc { exp_continue } if ![string compare $prog "ssh"] { send -- "$userpswd\r" } else { send -- "$passwd\r" } expect { eof { send_user "\nError: Couldn't login\n"; wait; return 1 } -re "$e_prompt" { send -- "$enapasswd\r" } "$prompt" { set in_proc 0; return 0 } } exp_continue } #"$prompt" { break; } denied { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "% Bad passwords" {send_user "\nError: Check your passwd for $router\n"; return 1 } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global prompt in_proc global u_prompt e_prompt set in_proc 1 send "enable\r" expect { -re "$u_prompt" { send -- "$enauser\r"; exp_continue} -re "$e_prompt" { send -- "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> (enable) " } denied { send_user "\nError: Check your Enable passwd\n" return 1 } "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 regsub -all "\[)(]" $prompt {\\&} reprompt set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst -nocommands [lindex $commands $i]]\r" send "exit\r" expect { -re "^\[^\n\r *]*$reprompt" {} -re "^\[^\n\r]*$reprompt." { exp_continue } -re "\[\n\r]+" { exp_continue } -re "Main Menu" { send "L" } } } expect { "\n" { exp_continue } timeout { catch {close}; catch {wait}; return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 set exitval 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoenable is off by default, if we have it defined, it # was done on the command line. If it is not specifically set on the # command line, check the password file. if $avautoenable { set autoenable 1 set enable 0 set prompt "#" } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 set prompt "#" } else { set autoenable 0 set enable $avenable set prompt ">" } } # look for noenable option in .cloginrc if { [find noenable $router] != "" } { set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "\nError - no password for $router in $password_file.\n" continue } if { $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user "\nError - no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } else { set passwd $userpasswd set enapasswd $enapasswd } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } else { set e_prompt [join [lindex $e_prompt 0] ""] } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { incr exitval continue } if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { incr exitval catch {close}; catch {wait}; continue } } } if { $do_command } { if {[run_commands $prompt $command]} { incr exitval continue } } elseif { $do_script } { expect $prompt {} source $sfile catch {close}; } else { label $router log_user 1 interact } # End of for each router catch {wait}; sleep 0.3 } exit $exitval I set this command: ./bnlogin -f /var/lib/rancid/.cloginrc -c "show sys-info" ip_my_host And its the result, you can see it here: 4548GT-PWR#show sys-info " " " " " show parameters of system " " " " 4548GT-PWR#exit Connection closed by foreign host. Error: EOF received Why I have this messages? I don't know it... Can you help me, please? Regards! Santi -------------- next part -------------- An HTML attachment was scrubbed... URL: From s.felici at mclink.eu Sat Jan 17 09:23:53 2015 From: s.felici at mclink.eu (Simone Felici) Date: Sat, 17 Jan 2015 10:23:53 +0100 Subject: [rancid] ERROR: sh: cisco: command not found Message-ID: <54BA2A29.4080308@mclink.eu> Hello to all! I'm having an issue with rancid. sometimes I get this errors in the logs: sh: cisco: command not found sh: cisco: command not found sh: cisco: command not found sh: cisco: command not found (...) Then the script doesn't process all the list of devices! If I execute manually the last device rancid has processed as well as the device immediate after, I have no errors. The list is long and it uses another server to collect these configurations via ssh (usercmd, usercmd_chat). Could it be a timeout issue on the remote server used to contact the device? Or what is happen? How can I debug? The script ends in the log with: Transmitting file data .................................. Committed revision 21106. + rm -f /tmp/.customer_cpe.run.lock Also seems it ends to process the list, but isn't true, because the list in routers.up is longer. Thanks a lot! Simon From s.felici at mclink.eu Mon Jan 19 14:37:47 2015 From: s.felici at mclink.eu (Simone Felici) Date: Mon, 19 Jan 2015 15:37:47 +0100 Subject: [rancid] ERROR: sh: cisco: command not found In-Reply-To: <20150117164216.GH59833@shrubbery.net> References: <54BA2A29.4080308@mclink.eu> <20150117164216.GH59833@shrubbery.net> Message-ID: <54BD16BB.4040402@mclink.eu> Hello, Il 17/01/2015 17:42, heasley ha scritto: > Sat, Jan 17, 2015 at 10:23:53AM +0100, Simone Felici: >> >> Hello to all! >> >> I'm having an issue with rancid. sometimes I get this errors in the logs: > > what version of rancid on what o/s? > rancid 2.3.6 on CentOS 5.8 (server and slaves) >> sh: cisco: command not found >> sh: cisco: command not found >> sh: cisco: command not found >> sh: cisco: command not found >> (...) >> >> Then the script doesn't process all the list of devices! >> If I execute manually the last device rancid has processed as well as the device immediate after, I >> have no errors. The list is long and it uses another server to collect these configurations via ssh > > how long? does it exceed the command-line length allowed by your o/s? > perhaps a quoting error? Are they not processed one per time? the routers.all contains 672 entries, routers.up -> 572. > > but, what you describe is not something we support, so you've presumably > modified something to do this, but not told us what or provided the code. The installation is old. The only I've edited a while ago was add the "out of band" access via "usercmd" "usercmd_chat" options. Is this availabe in the last release? So I could update. > >> (usercmd, usercmd_chat). Could it be a timeout issue on the remote server used to contact the >> device? Or what is happen? How can I debug? >> >> The script ends in the log with: >> >> Transmitting file data .................................. >> Committed revision 21106. >> + rm -f /tmp/.customer_cpe.run.lock >> >> Also seems it ends to process the list, but isn't true, because the list in routers.up is longer. > > what makes you think that it has not processed the entire list? > Because I've some devices I've edited and the differences are not saved, even if they should be processed. They are in the routers.all db. Only if I call the script for a single device it works: bin/rancid-run -r Then, I've edited temporary rancid-fe to enable dedug: (...) } else { exec($vendortable{$vendor} . " -d $router"); } (...) This logs me all the HIT commands as well the command that is executed to contact the device. At a certain point I get: HIT COMMAND:#write term In WriteTerm: #write term sh: cisco: command not found sh: cisco: command not found (...line repeated many times..) ===================================== Getting missed routers: round 1. (...) sh: cisco: command not found (...) EOF Thanks for the help, Simon From robert.4.hughes at bt.com Tue Jan 20 10:21:27 2015 From: robert.4.hughes at bt.com (robert.4.hughes at bt.com) Date: Tue, 20 Jan 2015 10:21:27 +0000 Subject: [rancid] Using Rancid with Quagga Message-ID: <8ABFC807392ABC49BCAD4465458B3C9106CD0D7BAA@EMV32-UKDY.domain1.systemhost.net> Hi, I am trying to use rancid (version 3.1) with quagga (version 0.99.22.4) routers. I have set the quagga users shell to be /bin/vtysh and have tried a couple of scripts which have been posted online. The first issue I have is that running ./qlogin router_01 gives me an error ": no such file or directory When I call the script with expect qlogin router_01 I don't get the error. However this gives me my second issue, I have set the username and password in my router.db file but the expect qlogin router_01 command asks me for a password and then the session hangs. Any pointers where I need to tweak? Regards Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From brodersen.mail at gmail.com Tue Jan 20 08:52:31 2015 From: brodersen.mail at gmail.com (Tobias Brodersen) Date: Tue, 20 Jan 2015 09:52:31 +0100 Subject: [rancid] .cloginrc "master" password Message-ID: Hello, Im not sure if this forum is dead, hopefully there is a kind soul here, whos able to help me with my probably minor problem. I work as a Network Intern at Aarhus university, and I am currently working on a project, so that I can add a few commands to our 2500 switches. I have already installed RANCID on ubuntu, and im able to change config with this shell script: for line in $(cat iplist.txt); do sudo /usr/lib/rancid/bin/clogin -x command.cmds -f /var/lib/rancid/.cloginrc $line; done I followed this guide to get rancid up and running, and have used Man pages to get to paste in commands https://help.ubuntu.com/community/RANCID Which writes commands the commands in command.cmds to all switches in iplist.txt now my problem is, the way that i authenticate through the switches, is via the clogin -f command, where the guide i found on ubuntu tells me, that i have to add username, password, method for all the devices that i want to connect to. Can i get around that? so that all devies will use a "master" username, password n method for all.. because i have a list of 2500 switches, and it will take more time, adding specifik login methods for all, than updating all switches manually. I hope you guys know what i mean: Else i will try to explain myself again, my English aint that great. Thanks - Tobias! -------------- next part -------------- An HTML attachment was scrubbed... URL: From jandrewartha at ccgs.wa.edu.au Wed Jan 21 08:11:57 2015 From: jandrewartha at ccgs.wa.edu.au (James Andrewartha) Date: Wed, 21 Jan 2015 16:11:57 +0800 Subject: [rancid] .cloginrc "master" password In-Reply-To: References: Message-ID: <54BF5F4D.70809@ccgs.wa.edu.au> Hi Tobias, On 20/01/15 16:52, Tobias Brodersen wrote: > now my problem is, the way that i authenticate through the switches, is > via the clogin -f command, where the guide i found on ubuntu tells me, > that i have to add username, password, method for all the devices that i > want to connect to. Can i get around that? so that all devies will use a > "master" username, password n method for all.. because i have a list of > 2500 switches, and it will take more time, adding specifik login methods > for all, than updating all switches manually. In your .cloginrc, you can have wildcards. Eg: add user * admin add userpassword * xxxxxxx add method * ssh add autoenable voip*.network.example.com 1 HTH, -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 From robert.4.hughes at bt.com Thu Jan 22 15:55:57 2015 From: robert.4.hughes at bt.com (robert.4.hughes at bt.com) Date: Thu, 22 Jan 2015 15:55:57 +0000 Subject: [rancid] vyatta/vyos Message-ID: <8ABFC807392ABC49BCAD4465458B3C9106CD18A776@EMV32-UKDY.domain1.systemhost.net> Hi, I am trying to use rancid 3.1 to grab configs from vyos routers. I have download the scripts but am having problems getting them to work. I notice that vlogin has a rancid version of 2.3.6 would this work with rancid 3.1 would the change of delimiter from ":" to ";" affect it? Regards Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony at lavanauts.org Thu Jan 22 16:41:36 2015 From: tony at lavanauts.org (Antonio Querubin) Date: Thu, 22 Jan 2015 06:41:36 -1000 (HST) Subject: [rancid] vyatta/vyos In-Reply-To: <8ABFC807392ABC49BCAD4465458B3C9106CD18A776@EMV32-UKDY.domain1.systemhost.net> References: <8ABFC807392ABC49BCAD4465458B3C9106CD18A776@EMV32-UKDY.domain1.systemhost.net> Message-ID: On Thu, 22 Jan 2015, robert.4.hughes at bt.com wrote: > I am trying to use rancid 3.1 to grab configs from vyos routers. I have > download the scripts but am having problems getting them to work. I > notice that vlogin has a rancid version of 2.3.6 would this work with > rancid 3.1 would the change of delimiter from ":" to ";" affect it? Working ok here with rancid 3.1. Are you using the updated scripts? https://bitbucket.org/aquerubin/rancid-vyatta Antonio Querubin e-mail: tony at lavanauts.org xmpp: antonioquerubin at gmail.com From robert.4.hughes at bt.com Fri Jan 23 09:16:54 2015 From: robert.4.hughes at bt.com (robert.4.hughes at bt.com) Date: Fri, 23 Jan 2015 09:16:54 +0000 Subject: [rancid] vyatta/vyos In-Reply-To: References: <8ABFC807392ABC49BCAD4465458B3C9106CD18A776@EMV32-UKDY.domain1.systemhost.net> Message-ID: <8ABFC807392ABC49BCAD4465458B3C9106CD95C115@EMV32-UKDY.domain1.systemhost.net> Hi Antonio, Yeh, the new scripts work great. I may have picked up some older ones. I did have an issue grabbing the configs in that I received this error: ERROR: router_01 configuration appears truncated. Router_01: missed cmd(s): show configuration commands, show configuration, show system routing-daemons Router_01: End of run not found # router_01:~$ show hardware usb I have commented out all the commands in vrancid except for "show configuration commands" and it works perfectly. Many thanks for your help Regards Rob Hughes -----Original Message----- From: Antonio Querubin [mailto:tony at lavanauts.org] Sent: 22 January 2015 16:42 To: Hughes,R,Robert,VIE C Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] vyatta/vyos On Thu, 22 Jan 2015, robert.4.hughes at bt.com wrote: > I am trying to use rancid 3.1 to grab configs from vyos routers. I > have download the scripts but am having problems getting them to work. > I notice that vlogin has a rancid version of 2.3.6 would this work > with rancid 3.1 would the change of delimiter from ":" to ";" affect it? Working ok here with rancid 3.1. Are you using the updated scripts? https://bitbucket.org/aquerubin/rancid-vyatta Antonio Querubin e-mail: tony at lavanauts.org xmpp: antonioquerubin at gmail.com From krok at krok.za.net Sun Jan 25 07:27:02 2015 From: krok at krok.za.net (Shaun Krok) Date: Sun, 25 Jan 2015 09:27:02 +0200 Subject: [rancid] Riverbed Rancid Support Message-ID: Hi there We have several SteelHeads deployed and want to take a snapshot of the configuration using Rancid. The clogin works but thereafter it just stops Clogin results expect: does "il-riverbed-cx1555L > " (spawn_id exp4) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "il-riverbed-cx1555L >" expect: set expect_out(1,string) ">" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "il-riverbed-cx1555L >" Then using a script call rblogin which does not seem to run but does enter the switch [rancid at Rancid bin]$ ./rblogin il-rb-1 il-rb-1 spawn ssh -c aes128-ctr -x -l admin il-rb-1 Riverbed Steelhead admin at il-rb-1's password: Last login: Sun Jan 25 09:33:16 2015 from 10.20.56.17 il-riverbed-cx1555L > I have tried to read up what others are doing about Riverbed and Rancid but don't find anything Thank you Shaun -- Shaun Krok Tel: 050 2424 381 From jjackson at aninetworks.net Mon Jan 26 02:06:54 2015 From: jjackson at aninetworks.net (Joseph Jackson) Date: Mon, 26 Jan 2015 02:06:54 +0000 Subject: [rancid] loadtype(): device_type is empty.. rancid 3.1 fresh install Message-ID: Hey all, I'm getting the following error from our crontab runs: loadtype(): device_type is empty Couldn't load device type spec for I know the most common reason for this is if you don't use ; in the 3.1 router.db which isn't the case here as we have it set correctly. Doing rancid-run and rancid -t cisco router.ip works correctly. Any pointers would be very helpful. Thanks Joseph System info: Linux aninocmon01.anin.local 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux rancid -V rancid 3.1 CentOS release 6.6 (Final) -------------- next part -------------- An HTML attachment was scrubbed... URL: From lie at northwork.no Mon Jan 26 08:41:51 2015 From: lie at northwork.no (Truls Lie) Date: Mon, 26 Jan 2015 09:41:51 +0100 Subject: [rancid] Custom device: ZyXEL switch Message-ID: Hi! Have anybody got rancid working with ZyXEL switches and do have a custom script? The only command needed to prin running config is "show running-config" ZyXEL switch configs does not have a default end, but as far as I have seen the last lines are the snmp settings, starting with "snmp-server" Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From wpleasants at gmail.com Mon Jan 26 18:57:55 2015 From: wpleasants at gmail.com (Chip Pleasants) Date: Mon, 26 Jan 2015 13:57:55 -0500 Subject: [rancid] Modifying Cisco Login Banner Message-ID: Hi all, I realize this topic has beat up, but I'm hoping someone can point me in the right direction. I'm trying to change my current cisco login banner, which doesn't have > or # in it. The new login banner doesn't either. It appears rancid is getting hung up on the router output "Enter TEXT message. End with the character 'X' and end up timing out. I found a couple old threads, but not any specific solutions to this issue. Bellow is the configuration I'm adding/modifying, and I've attached the debug output. Let me know if you any questions and thanks in advance for any assistance. -Chip ! conf t ! no banner login X banner login X Rev 3(1-17) ___________ X ! end ! wr ! -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- [rancid at server222 login-banner]$ ./login-banner.sh router111.poop.net spawn ssh -c 3des -x -l svc_rancid router111.poop.net parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {10660} Gate keeper glob pattern for '(Connection refused|Secure connection [^ ]+ refused)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Connection closed by|Connection to [^ ]+ closed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established).*(yes/no)?' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.* (yes/no)?' is 'HOST IDENTIFICATION HAS CHANGED* *'. Activating booster. Gate keeper glob pattern for 'Offending key for .* (yes/no)?' is 'Offending key for * *'. Activating booster. Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. Activating booster. Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating booster. Gate keeper glob pattern for '@[^ ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: '. Activating booster. Gate keeper glob pattern for '(Username|Login|login|user name|User):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION HAS CHANGED* *"? gate=no "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no Rev 3(1-17) ___________ expect: does "\r\r\nRev 3(1-17)\r\r\n___________\r\r\n" (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "\r\r\nRev 3(1-17)\r\r\n___________\r\r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does "\r\r\nRev 3(1-17)\r\r\n___________\r\r\n" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION HAS CHANGED* *"? gate=no "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no password: expect: does "\r\r\nRev 3(1-17)\r\r\n___________\r\r\npassword: " (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "\r\r\nRev 3(1-17)\r\r\n___________\r\r\npassword: " (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does "\r\r\nRev 3(1-17)\r\r\n___________\r\r\npassword: " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION HAS CHANGED* *"? gate=no "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "password:" expect: set expect_out(1,string) "password" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "\r\r\nRev 3(1-17)\r\r\n___________\r\r\npassword:" send: sending "passwordpoop\r" to { exp4 } expect: continuing expect expect: does " " (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does " " (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION HAS CHANGED* *"? gate=no "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no expect: does " \r\n" (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does " \r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " \r\n" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION HAS CHANGED* *"? gate=no "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no =============================================================================== || NOTICE TO USERS || || This is an official computer system and is the property of POOP, Inc. || || It is for authorized users only. Unauthorized users are prohibited. || || Users (authorized or unauthorized) have no explicit or implicit || || expectation of privacy. Any or all uses of this system may be subject || || to one or more of the following actions: interception, monitoring, || || recording, auditing, inspection and disclosing to security personnel || || and law enforcement personnel, as well as authorized officials of other || || agencies, both domestic and foreign. By using this system, the user || || consents to these actions. Unauthorized or improper use of this system || || may result in administrative disciplinary action and civil and criminal || || penalties. By accessing this system you indicate your awareness of and || || consent to these terms and conditions of use. Discontinue access || || immediately if you do not agree to the conditions stated in this notice. || =============================================================================== expect: does " \r\n\r\n===============================================================================\r\n|| NOTICE TO USERS ||\r\n|| This is an official computer system and is the property of POOP, Inc. ||\r\n|| It is for authorized users only. Unauthorized users are prohibited. ||\r\n|| Users (authorized or unauthorized) have no explicit or implicit ||\r\n|| expectation of privacy. Any or all uses of this system may be subject ||\r\n|| to one or more of the following actions: interception, monitoring, ||\r\n|| recording, auditing, inspection and disclosing to security personnel ||\r\n|| and law enforcement personnel, as well as authorized officials of other ||\r\n|| agencies, both domestic and foreign. By using this system, the user ||\r\n|| consents to these actions. Unauthorized or improper use of this system ||\r\n|| may result in administrative disciplinary action and civil and criminal ||\r\n|| penalties. By accessing this system you indicate your awareness of and ||\r\n|| consent to these terms and conditions of use. Discontinue access ||\r\n|| immediately if you do not agree to the conditions stated in this notice. ||\r\n===============================================================================\r\n\r\n" (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does " \r\n\r\n===============================================================================\r\n|| NOTICE TO USERS ||\r\n|| This is an official computer system and is the property of POOP, Inc. ||\r\n|| It is for authorized users only. Unauthorized users are prohibited. ||\r\n|| Users (authorized or unauthorized) have no explicit or implicit ||\r\n|| expectation of privacy. Any or all uses of this system may be subject ||\r\n|| to one or more of the following actions: interception, monitoring, ||\r\n|| recording, auditing, inspection and disclosing to security personnel ||\r\n|| and law enforcement personnel, as well as authorized officials of other ||\r\n|| agencies, both domestic and foreign. By using this system, the user ||\r\n|| consents to these actions. Unauthorized or improper use of this system ||\r\n|| may result in administrative disciplinary action and civil and criminal ||\r\n|| penalties. By accessing this system you indicate your awareness of and ||\r\n|| consent to these terms and conditions of use. Discontinue access ||\r\n|| immediately if you do not agree to the conditions stated in this notice. ||\r\n===============================================================================\r\n\r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " \r\n\r\n===============================================================================\r\n|| NOTICE TO USERS ||\r\n|| This is an official computer system and is the property of POOP, Inc. ||\r\n|| It is for authorized users only. Unauthorized users are prohibited. ||\r\n|| Users (authorized or unauthorized) have no explicit or implicit ||\r\n|| expectation of privacy. Any or all uses of this system may be subject ||\r\n|| to one or more of the following actions: interception, monitoring, ||\r\n|| recording, auditing, inspection and disclosing to security personnel ||\r\n|| and law enforcement personnel, as well as authorized officials of other ||\r\n|| agencies, both domestic and foreign. By using this system, the user ||\r\n|| consents to these actions. Unauthorized or improper use of this system ||\r\n|| may result in administrative disciplinary action and civil and criminal ||\r\n|| penalties. By accessing this system you indicate your awareness of and ||\r\n|| consent to these terms and conditions of use. Discontinue access ||\r\n|| immediately if you do not agree to the conditions stated in this notice. ||\r\n===============================================================================\r\n\r\n" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION HAS CHANGED* *"? gate=no "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no router111# expect: does " \r\n\r\n===============================================================================\r\n|| NOTICE TO USERS ||\r\n|| This is an official computer system and is the property of POOP, Inc. ||\r\n|| It is for authorized users only. Unauthorized users are prohibited. ||\r\n|| Users (authorized or unauthorized) have no explicit or implicit ||\r\n|| expectation of privacy. Any or all uses of this system may be subject ||\r\n|| to one or more of the following actions: interception, monitoring, ||\r\n|| recording, auditing, inspection and disclosing to security personnel ||\r\n|| and law enforcement personnel, as well as authorized officials of other ||\r\n|| agencies, both domestic and foreign. By using this system, the user ||\r\n|| consents to these actions. Unauthorized or improper use of this system ||\r\n|| may result in administrative disciplinary action and civil and criminal ||\r\n|| penalties. By accessing this system you indicate your awareness of and ||\r\n|| consent to these terms and conditions of use. Discontinue access ||\r\n|| immediately if you do not agree to the conditions stated in this notice. ||\r\n===============================================================================\r\n\r\nrouter111#" (spawn_id exp4) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does " \r\n\r\n===============================================================================\r\n|| NOTICE TO USERS ||\r\n|| This is an official computer system and is the property of POOP, Inc. ||\r\n|| It is for authorized users only. Unauthorized users are prohibited. ||\r\n|| Users (authorized or unauthorized) have no explicit or implicit ||\r\n|| expectation of privacy. Any or all uses of this system may be subject ||\r\n|| to one or more of the following actions: interception, monitoring, ||\r\n|| recording, auditing, inspection and disclosing to security personnel ||\r\n|| and law enforcement personnel, as well as authorized officials of other ||\r\n|| agencies, both domestic and foreign. By using this system, the user ||\r\n|| consents to these actions. Unauthorized or improper use of this system ||\r\n|| may result in administrative disciplinary action and civil and criminal ||\r\n|| penalties. By accessing this system you indicate your awareness of and ||\r\n|| consent to these terms and conditions of use. Discontinue access ||\r\n|| immediately if you do not agree to the conditions stated in this notice. ||\r\n===============================================================================\r\n\r\nrouter111#" (spawn_id exp4) match glob pattern "unknown host\r"? no expect: does " \r\n\r\n===============================================================================\r\n|| NOTICE TO USERS ||\r\n|| This is an official computer system and is the property of POOP, Inc. ||\r\n|| It is for authorized users only. Unauthorized users are prohibited. ||\r\n|| Users (authorized or unauthorized) have no explicit or implicit ||\r\n|| expectation of privacy. Any or all uses of this system may be subject ||\r\n|| to one or more of the following actions: interception, monitoring, ||\r\n|| recording, auditing, inspection and disclosing to security personnel ||\r\n|| and law enforcement personnel, as well as authorized officials of other ||\r\n|| agencies, both domestic and foreign. By using this system, the user ||\r\n|| consents to these actions. Unauthorized or improper use of this system ||\r\n|| may result in administrative disciplinary action and civil and criminal ||\r\n|| penalties. By accessing this system you indicate your awareness of and ||\r\n|| consent to these terms and conditions of use. Discontinue access ||\r\n|| immediately if you do not agree to the conditions stated in this notice. ||\r\n===============================================================================\r\n\r\nrouter111#" (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION HAS CHANGED* *"? gate=no "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "#" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) " \r\n\r\n===============================================================================\r\n|| NOTICE TO USERS ||\r\n|| This is an official computer system and is the property of POOP, Inc. ||\r\n|| It is for authorized users only. Unauthorized users are prohibited. ||\r\n|| Users (authorized or unauthorized) have no explicit or implicit ||\r\n|| expectation of privacy. Any or all uses of this system may be subject ||\r\n|| to one or more of the following actions: interception, monitoring, ||\r\n|| recording, auditing, inspection and disclosing to security personnel ||\r\n|| and law enforcement personnel, as well as authorized officials of other ||\r\n|| agencies, both domestic and foreign. By using this system, the user ||\r\n|| consents to these actions. Unauthorized or improper use of this system ||\r\n|| may result in administrative disciplinary action and civil and criminal ||\r\n|| penalties. By accessing this system you indicate your awareness of and ||\r\n|| consent to these terms and conditions of use. Discontinue access ||\r\n|| immediately if you do not agree to the conditions stated in this notice. ||\r\n===============================================================================\r\n\r\nrouter111#" send: sending "\r" to { exp4 } Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^(.+[:.])1 ((>|#| \(enable\)))' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^.+(>|#| \(enable\))' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp4) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no router111# expect: does "\r\nrouter111#" (spawn_id exp4) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "\r\n" expect: continuing expect expect: does "router111#" (spawn_id exp4) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "router111#" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "router111#" send: sending "terminal length 0\r" to { exp4 } Gate keeper glob pattern for 'router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?' is 'router111*'. Activating booster. Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp4) match regular expression "router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "router111*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no ter expect: does "ter" (spawn_id exp4) match regular expression "router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "router111*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no m expect: does "term" (spawn_id exp4) match regular expression "router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "router111*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no inal expect: does "terminal" (spawn_id exp4) match regular expression "router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "router111*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no l expect: does "terminal l" (spawn_id exp4) match regular expression "router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "router111*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no ength 0 expect: does "terminal length 0\r\n" (spawn_id exp4) match regular expression "router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "router111*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "terminal length 0\r\n" expect: continuing expect expect: does "" (spawn_id exp4) match regular expression "router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "router111*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no router111# expect: does "router111#" (spawn_id exp4) match regular expression "router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "router111*"? gate=yes re=yes expect: set expect_out(0,string) "router111#" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "router111#" send: sending "!\r" to { exp4 } Gate keeper glob pattern for +' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^[^ *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?' is '*router111*'. Activating booster. Gate keeper glob pattern for '^[^ ]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?.' is '*router111*'. Activating booster. Gate keeper glob pattern for '^--More--[ ]+' is '--More--*'. Activating booster. Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '[^ ]*Press to cont[^ ]*' is '*Press to cont*'. Activating booster. Gate keeper glob pattern for '^ *--More--[^ ]*' is '*--More--*'. Activating booster. Gate keeper glob pattern for '^<-+ More -+>[^ ]*' is '<* More *>*'. Activating booster. expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "!\r\nrouter111#" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=yes re=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=yes re=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "!\r\n" ! expect: continuing expect expect: does "router111#" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=yes re=yes expect: set expect_out(0,string) "router111#" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "router111#" router111#send: sending "conf t\r" to { exp4 } Gate keeper glob pattern for +' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^[^ *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?' is '*router111*'. Activating booster. Gate keeper glob pattern for '^[^ ]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?.' is '*router111*'. Activating booster. Gate keeper glob pattern for '^--More--[ ]+' is '--More--*'. Activating booster. Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '[^ ]*Press to cont[^ ]*' is '*Press to cont*'. Activating booster. Gate keeper glob pattern for '^ *--More--[^ ]*' is '*--More--*'. Activating booster. Gate keeper glob pattern for '^<-+ More -+>[^ ]*' is '<* More *>*'. Activating booster. expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "co" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "conf" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "conf t" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "conf t\r\n" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "conf t\r\n" conf t expect: continuing expect expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "Enter configuration commands, one per line. End with CNTL/Z.\r\nrouter111(config)#" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=yes re=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=yes re=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "Enter configuration commands, one per line. End with CNTL/Z.\r\n" Enter configuration commands, one per line. End with CNTL/Z. expect: continuing expect expect: does "router111(config)#" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=yes re=yes expect: set expect_out(0,string) "router111(config)#" expect: set expect_out(1,string) "(config)" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "router111(config)#" router111(config)#send: sending "!\r" to { exp4 } Gate keeper glob pattern for +' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^[^ *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?' is '*router111*'. Activating booster. Gate keeper glob pattern for '^[^ ]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?.' is '*router111*'. Activating booster. Gate keeper glob pattern for '^--More--[ ]+' is '--More--*'. Activating booster. Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '[^ ]*Press to cont[^ ]*' is '*Press to cont*'. Activating booster. Gate keeper glob pattern for '^ *--More--[^ ]*' is '*--More--*'. Activating booster. Gate keeper glob pattern for '^<-+ More -+>[^ ]*' is '<* More *>*'. Activating booster. expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "!\r\n" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "!\r\n" ! expect: continuing expect expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "router111(config)#" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=yes re=yes expect: set expect_out(0,string) "router111(config)#" expect: set expect_out(1,string) "(config)" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "router111(config)#" router111(config)#send: sending "no banner login X\r" to { exp4 } Gate keeper glob pattern for +' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^[^ *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?' is '*router111*'. Activating booster. Gate keeper glob pattern for '^[^ ]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?.' is '*router111*'. Activating booster. Gate keeper glob pattern for '^--More--[ ]+' is '--More--*'. Activating booster. Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '[^ ]*Press to cont[^ ]*' is '*Press to cont*'. Activating booster. Gate keeper glob pattern for '^ *--More--[^ ]*' is '*--More--*'. Activating booster. Gate keeper glob pattern for '^<-+ More -+>[^ ]*' is '<* More *>*'. Activating booster. expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no " (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no ba" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no ban" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no bann" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no banner" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no banner " (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no banner l" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no banner log" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no banner login" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no banner login X" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "no banner login X\r\n" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "no banner login X\r\n" no banner login X expect: continuing expect expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "router111(config)#" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=yes re=yes expect: set expect_out(0,string) "router111(config)#" expect: set expect_out(1,string) "(config)" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "router111(config)#" router111(config)#send: sending "banner login X\r" to { exp4 } Gate keeper glob pattern for +' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^[^ *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?' is '*router111*'. Activating booster. Gate keeper glob pattern for '^[^ ]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?.' is '*router111*'. Activating booster. Gate keeper glob pattern for '^--More--[ ]+' is '--More--*'. Activating booster. Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '[^ ]*Press to cont[^ ]*' is '*Press to cont*'. Activating booster. Gate keeper glob pattern for '^ *--More--[^ ]*' is '*--More--*'. Activating booster. Gate keeper glob pattern for '^<-+ More -+>[^ ]*' is '<* More *>*'. Activating booster. expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "banne" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "banner lo" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "banner login " (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "banner login X\r\n" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "banner login X\r\n" banner login X expect: continuing expect expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no expect: does "Enter TEXT message. End with the character 'X'.\r\n" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "Enter TEXT message. End with the character 'X'.\r\n" Enter TEXT message. End with the character 'X'. expect: continuing expect expect: does "" (spawn_id exp4) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*router111*"? gate=no "^[^\n\r]*router111([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*router111*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? Gate "<* More *>*"? gate=no ^Csighandler: handling signal(2) async event handler: Tcl_Eval(exit 130) From heas at shrubbery.net Mon Jan 26 19:46:26 2015 From: heas at shrubbery.net (heasley) Date: Mon, 26 Jan 2015 19:46:26 +0000 Subject: [rancid] Modifying Cisco Login Banner In-Reply-To: References: Message-ID: <20150126194626.GF46981@shrubbery.net> Mon, Jan 26, 2015 at 01:57:55PM -0500, Chip Pleasants: > Hi all, > > I realize this topic has beat up, but I'm hoping someone can point me in > the right direction. I'm trying to change my current cisco login banner, > which doesn't have > or # in it. The new login banner doesn't either. It > appears rancid is getting hung up on the router output "Enter TEXT > message. End with the character 'X' and end up timing out. I found a > couple old threads, but not any specific solutions to this issue. Bellow > is the configuration I'm adding/modifying, and I've attached the debug > output. Let me know if you any questions and thanks in advance for any > assistance. > > -Chip > > > > ! dont need this line or the other ! lines > conf t > ! > no banner login X ^^^^^^^^^^^^^^^^^^ dont think you need this either > banner login X you dont get a prompt after this. > Rev 3(1-17) > ___________ > X > ! > end > ! > wr so file becomes (with the $ to indicate EOL): conf t banner login X\nRev 3(1-17)\n___________\nX$ end wr From wpleasants at gmail.com Mon Jan 26 20:21:18 2015 From: wpleasants at gmail.com (Chip Pleasants) Date: Mon, 26 Jan 2015 15:21:18 -0500 Subject: [rancid] Modifying Cisco Login Banner In-Reply-To: <20150126194626.GF46981@shrubbery.net> References: <20150126194626.GF46981@shrubbery.net> Message-ID: That seems work! Thank you very much. -Chip On Mon, Jan 26, 2015 at 2:46 PM, heasley wrote: > Mon, Jan 26, 2015 at 01:57:55PM -0500, Chip Pleasants: > > Hi all, > > > > I realize this topic has beat up, but I'm hoping someone can point me in > > the right direction. I'm trying to change my current cisco login banner, > > which doesn't have > or # in it. The new login banner doesn't either. It > > appears rancid is getting hung up on the router output "Enter TEXT > > message. End with the character 'X' and end up timing out. I found a > > couple old threads, but not any specific solutions to this issue. Bellow > > is the configuration I'm adding/modifying, and I've attached the debug > > output. Let me know if you any questions and thanks in advance for any > > assistance. > > > > -Chip > > > > > > > > ! > dont need this line or the other ! lines > > > conf t > > ! > > no banner login X > ^^^^^^^^^^^^^^^^^^ dont think you need this either > > banner login X > you dont get a prompt after this. > > > Rev 3(1-17) > > ___________ > > X > > ! > > end > > ! > > wr > > > so file becomes (with the $ to indicate EOL): > conf t > banner login X\nRev 3(1-17)\n___________\nX$ > end > wr > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jpmarek at gmail.com Tue Jan 27 02:29:21 2015 From: jpmarek at gmail.com (Marek Gajewski) Date: Tue, 27 Jan 2015 11:29:21 +0900 Subject: [rancid] all routers are down Message-ID: after update perl, suddenly rancid setup all routers to down and do not update it anymore. I did not change any configs etc. System is : CentOS release 6.6 (Final) Linux 2.6.32-504.3.3.el6.i686 #1 SMP Tue Dec 16 22:55:44 UTC 2014 i686 i686 i386 GNU/Linux perl, v5.10.1 (*) built for i386-linux-thread-multi Anyone has the same problem ? cheers, Marek From malmgren at skyfire.com Tue Jan 27 17:48:38 2015 From: malmgren at skyfire.com (Matt Almgren) Date: Tue, 27 Jan 2015 09:48:38 -0800 Subject: [rancid] all routers are down In-Reply-To: References: Message-ID: Perhaps you need to install the x64 version of perl: I run this on my cents 6.6 box: v5.10.1 (*) built for x86_64-linux-thread-multi ? Matt On 1/26/15, 6:29 PM, "Marek Gajewski" wrote: >after update perl, suddenly rancid setup all routers to down and do >not update it anymore. >I did not change any configs etc. > >System is : > >CentOS release 6.6 (Final) > >Linux 2.6.32-504.3.3.el6.i686 #1 SMP Tue Dec 16 22:55:44 UTC 2014 i686 >i686 i386 GNU/Linux > >perl, v5.10.1 (*) built for i386-linux-thread-multi > >Anyone has the same problem ? > >cheers, >Marek >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo/rancid-discuss This message is being sent by Skyfire Labs, Inc. It is intended exclusively for the individuals and entities to which it is addressed. This communication, including any attachments, may contain information that is proprietary, privileged, confidential, or otherwise subject to restrictions on disclosure pursuant to applicable law. If you are not the named addressee, you are not authorized to read, print, retain copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by email and delete all copies of this message. This message is protected by applicable legal privileges and is confidential. From alan.mckinnon at gmail.com Tue Jan 27 18:26:49 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 27 Jan 2015 20:26:49 +0200 Subject: [rancid] all routers are down In-Reply-To: References: Message-ID: <54C7D869.5010507@gmail.com> On 27/01/2015 04:29, Marek Gajewski wrote: > after update perl, suddenly rancid setup all routers to down and do > not update it anymore. > I did not change any configs etc. > > System is : > > CentOS release 6.6 (Final) > > Linux 2.6.32-504.3.3.el6.i686 #1 SMP Tue Dec 16 22:55:44 UTC 2014 i686 > i686 i386 GNU/Linux > > perl, v5.10.1 (*) built for i386-linux-thread-multi > > Anyone has the same problem ? It's a common enough problem when updating perl. Did you update major versions? To see where things fail, run rancid -d hostname where "hostname" is a valid device name from your router.db -- Alan McKinnon alan.mckinnon at gmail.com From brian.cuttler at health.ny.gov Mon Jan 26 19:33:46 2015 From: brian.cuttler at health.ny.gov (Cuttler, Brian (HEALTH)) Date: Mon, 26 Jan 2015 19:33:46 +0000 Subject: [rancid] Rancid, Cisco login, but no local account Message-ID: We are moving to Cisco and will be using TACACS authentication, we had been using HP switches with local accounts. The new switches will only fall back to local account when TACACS access fails. So I?m not sure how to configure rancid to pick up the switch configs. We do not control the TACACS server, accounts have expiring passwords? Can Rancid use snmp to do so, or can someone with experience in this suggest something? -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Tue Jan 27 19:22:13 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 27 Jan 2015 21:22:13 +0200 Subject: [rancid] Rancid, Cisco login, but no local account In-Reply-To: References: Message-ID: <54C7E565.20908@gmail.com> On 26/01/2015 21:33, Cuttler, Brian (HEALTH) wrote: > We are moving to Cisco and will be using TACACS authentication, we had > been using HP switches with local accounts. > > > > The new switches will only fall back to local account when TACACS access > fails. So I?m not sure how to configure rancid to pick up the switch > configs. > > > > We do not control the TACACS server, accounts have expiring passwords? > > > > Can Rancid use snmp to do so, or can someone with experience in this > suggest something? There's several ways to approach this problem, all solutions are social and not technical. Have the tacacs admins create a single tacacs user "rancid" with very restricted permissions. You can look in the various *rancid scripts for @commandtable which lists the exact commands used - permit those and deny everything else. Enter the creds for this rancid user in ~rancid/.cloginrc When the password expires, you change one password in one file and continue. You'll know it fails as rancid will start alerting you that everything fails. Some admins might insist on having separate tacacs accounts for different chunks of the network. That's managable, you have a few accounts and not just one. If they want a different account for every device, that's not manageable so you have to appeal to reason. What seems to work best is convince that admin this is a system user and can only be used by an automated system, therefore the accounts should be locked down and set to not expire. There is much precedence for this, all the magic Cisco tools on your network will also require system accounts to work. Rancid does not use snmp to operate, it uses telenet/ssh and show *, just like humans do. -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Tue Jan 27 19:57:17 2015 From: heas at shrubbery.net (heasley) Date: Tue, 27 Jan 2015 19:57:17 +0000 Subject: [rancid] Rancid, Cisco login, but no local account In-Reply-To: <54C7E565.20908@gmail.com> References: <54C7E565.20908@gmail.com> Message-ID: <20150127195717.GE90212@shrubbery.net> Tue, Jan 27, 2015 at 09:22:13PM +0200, Alan McKinnon: > Have the tacacs admins create a single tacacs user "rancid" with very > restricted permissions. You can look in the various *rancid scripts for > @commandtable which lists the exact commands used - permit those and > deny everything else. Enter the creds for this rancid user in > ~rancid/.cloginrc most of the scripts can give you a list with the -C option. eg: % rancid -t cisco -C foo clogin -t 90 -c 'show version;show redundancy secondary;show idprom backplane;show install active;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootdisk:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;show diag;show capture;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show switch detail;show sdm prefer;show system mtu;show debug;show shun;more system:running-config;show running-config view full;show running-config;write term' foo % fnrancid -C foo fnlogin -t 90 -c'get system status;show full-configuration' foo also see etc/rancid.types.base From daniel.schmidt at wyo.gov Tue Jan 27 20:52:53 2015 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 27 Jan 2015 13:52:53 -0700 Subject: [rancid] Rancid, Cisco login, but no local account In-Reply-To: <20150127195717.GE90212@shrubbery.net> References: <54C7E565.20908@gmail.com> <20150127195717.GE90212@shrubbery.net> Message-ID: I have an example of how to do that with do_auth on taca.... ah #*@&. Never mind. Without control of the TACACS server, you're limited to changing the password. I wonder if Pam can authenticate Tacacs? If your org is so bass ackward they won't let you make a static read only account, you could set up your OWN tacacs server, and redirect all accounts but one to authenticate Pam set to query the other tacacs server. (I also work Gov) On Tue, Jan 27, 2015 at 12:57 PM, heasley wrote: > Tue, Jan 27, 2015 at 09:22:13PM +0200, Alan McKinnon: > > Have the tacacs admins create a single tacacs user "rancid" with very > > restricted permissions. You can look in the various *rancid scripts for > > @commandtable which lists the exact commands used - permit those and > > deny everything else. Enter the creds for this rancid user in > > ~rancid/.cloginrc > > most of the scripts can give you a list with the -C option. eg: > % rancid -t cisco -C foo > clogin -t 90 -c 'show version;show redundancy secondary;show idprom > backplane;show install active;show env all;show rsp chassis-info;show gsr > chassis;show diag chassis-info;show boot;show bootvar;show variables > boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir > /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all > disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all > sup-bootdisk:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all > slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all > slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all > slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all > sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all > sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir > /all sec-disk2:;show controllers;show controllers cbus;show diagbus;show > diag;show capture;show module;show spe version;show c7200;show inventory > raw;show vtp s > tatus;show vlan;show vlan-switch;show switch detail;show sdm prefer;show > system mtu;show debug;show shun;more system:running-config;show > running-config view full;show running-config;write term' foo > % fnrancid -C foo > fnlogin -t 90 -c'get system status;show full-configuration' foo > > also see etc/rancid.types.base > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jan 27 22:25:08 2015 From: heas at shrubbery.net (heasley) Date: Tue, 27 Jan 2015 22:25:08 +0000 Subject: [rancid] Rancid, Cisco login, but no local account In-Reply-To: References: <54C7E565.20908@gmail.com> <20150127195717.GE90212@shrubbery.net> Message-ID: <20150127222508.GC95442@shrubbery.net> Tue, Jan 27, 2015 at 01:52:53PM -0700, Daniel Schmidt: > Without control of the TACACS server, you're limited to changing the > password. I wonder if Pam can authenticate Tacacs? If your org is so bass > ackward they won't let you make a static read only account, you could set > up your OWN tacacs server, and redirect all accounts but one to > authenticate Pam set to query the other tacacs server. (I also work Gov) there are pam modules for authenticating against a tacacs server. From jpmarek at gmail.com Wed Jan 28 00:02:24 2015 From: jpmarek at gmail.com (Marek Gajewski) Date: Wed, 28 Jan 2015 09:02:24 +0900 Subject: [rancid] all routers are down In-Reply-To: <54C7D869.5010507@gmail.com> References: <54C7D869.5010507@gmail.com> Message-ID: Thank you all for reply. I found out that problem was more trivial and has nothing to do with perl. I did not notice that rancid also was updated to 3.1 and router.db still got : instead of new separator ; After fixing router.db everything works fine. Problem solved. 2015-01-28 3:26 GMT+09:00 Alan McKinnon : > On 27/01/2015 04:29, Marek Gajewski wrote: >> after update perl, suddenly rancid setup all routers to down and do >> not update it anymore. >> I did not change any configs etc. >> >> System is : >> >> CentOS release 6.6 (Final) >> >> Linux 2.6.32-504.3.3.el6.i686 #1 SMP Tue Dec 16 22:55:44 UTC 2014 i686 >> i686 i386 GNU/Linux >> >> perl, v5.10.1 (*) built for i386-linux-thread-multi >> >> Anyone has the same problem ? > > It's a common enough problem when updating perl. Did you update major > versions? > > To see where things fail, run > > rancid -d hostname > > where "hostname" is a valid device name from your router.db > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From vinayd at joister.net Fri Jan 30 04:49:15 2015 From: vinayd at joister.net (Vinay Dongre) Date: Fri, 30 Jan 2015 10:19:15 +0530 Subject: [rancid] Rancid for huawei router Message-ID: <54CB0D4B.6060703@joister.net> DearTeam, I have configured rancid on Cisco and it is working fine. For on huawei router it is not working. I have tried by using hc2login nad h3crancid.. but no lunck :(. Please need help. Regards, Vinay Dongre From jethro.binks at strath.ac.uk Fri Jan 30 08:41:21 2015 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Fri, 30 Jan 2015 08:41:21 +0000 (GMT) Subject: [rancid] Rancid for huawei router In-Reply-To: <54CB0D4B.6060703@joister.net> References: <54CB0D4B.6060703@joister.net> Message-ID: On Fri, 30 Jan 2015, Vinay Dongre wrote: > I have configured rancid on Cisco and it is working fine. For on huawei > router it is not working. I have tried by using hc2login nad h3crancid.. > but no lunck :(. > > Please need help. You will need to supply more information about version of rancid, what happens when it doesn't work, errors, debug output, etc. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263.