From serge.torop at gmail.com Tue Nov 3 07:43:49 2015 From: serge.torop at gmail.com (Serge Torop) Date: Tue, 3 Nov 2015 10:43:49 +0300 Subject: [rancid] Rancid does not recive configuration from cisco device Message-ID: Hello, all, I have new installation of Rancid (v 3.1) on Centos 6 from rpm packet. After rancid.conf (see below) has configured I run rancid-cvs, the output is: [rancid at blade11 ciscodev]$ /usr/libexec/rancid/rancid-cvs Committed revision 1. Checked out revision 1. At revision 1. A configs Adding configs Committed revision 2. A router.db Adding router.db Transmitting file data . Committed revision 3. Committed revision 4. Checked out revision 4. At revision 4. A configs Adding configs Committed revision 5. A router.db Adding router.db Transmitting file data . Committed revision 6. Committed revision 7. Checked out revision 7. At revision 7. A configs Adding configs Committed revision 8. A router.db Adding router.db Transmitting file data . Committed revision 9. Then I have created /var/rancid/ciscodev/router.db [rancid at blade11 ciscodev]$ cat /var/rancid/ciscodev/router.db 10.37.6.46:cisco:up and run rancid-run (without any output messages), in log file I see: [rancid at blade11 ciscodev]$ cat /var/log/rancid/ciscodev.20151102.170455 starting: Mon Nov 2 17:04:55 MSK 2015 property 'svn:ignore' set on '.' At revision 9. Sending . Committed revision 10. ending: Mon Nov 2 17:04:56 MSK 2015 and again: starting: Mon Nov 2 17:18:08 MSK 2015 Sending router.db Transmitting file data . Committed revision 13. ending: Mon Nov 2 17:18:09 MSK 2015 * I recived email with content: ?????Routers changed to down: 10.37.6.46:cisco:up Added routers: 10.37.6.46:cisco:up Everything is fine, but I don't see downloaded configuration files after re-run rancid-run in each conf-directory [rancid at blade11 ciscodev]$ ls -la /var/rancid/ciscodev/configs/ total 12 drwxr-x---. 3 rancid rancid 4096 Nov 2 17:02 . drwxr-x---. 4 rancid rancid 4096 Nov 2 17:18 .. drwxr-x---. 6 rancid rancid 4096 Nov 2 17:04 .svn Test commands: clogin -t 90 -c "show version" -f /var/rancid/.cloginrc 10.37.6.46 and rancid -t cisco -d 10.37.6.46 working fine (login is ok and configuration downloading from device to 10.37.6.46.raw is ok). Can you give me any suggestions what is wrong in my configuration and why i do not see original configuration from my cisco device? Also some strange content of file /var/rancid/ciscodevs/routers.down: 10:37.6.46:cisco:up Thank you in advance! My configuration of rancid (i'm using the SVN): /etc/rancid/rancid.conf: TERM=network;export TERM TMPDIR=/tmp; export TMPDIR BASEDIR=/var/rancid; export BASEDIR PATH=/usr/libexec/rancid:/usr/sbin:/usr/bin:/usr/sbin:/bin:/usr/local/bin:/usr/bin; export PATH SENDMAIL="/usr/sbin/sendmail" CVSROOT=$BASEDIR/SVN; export CVSROOT LOGDIR=/var/log/rancid; export LOGDIR RCSSYS=svn; export RCSSYS NOPIPE=YES; export NOPIPE FILTER_PWDS=NO; export FILTER_PWDS NOCOMMSTR=NO; export NOCOMMSTR MAX_ROUNDS=4; export MAX_ROUNDS LIST_OF_GROUPS="ciscodev dlinkdev edgecoredev" Working directory of rancid: [rancid at blade11 rancid]$ ls -la total 168 drwxr-x---. 9 rancid rancid 4096 Nov 2 17:02 . drwxr-xr-x. 19 root root 4096 Oct 30 14:40 .. -rw-rw-r--. 1 rancid rancid 20581 Nov 2 16:14 10.37.6.46.new -rw-rw-r--. 1 rancid rancid 88221 Nov 2 16:14 10.37.6.46.raw -rw-------. 1 rancid rancid 381 Oct 30 16:45 .bash_history -rw-r--r--. 1 rancid rancid 18 Oct 16 2014 .bash_logout -rw-r--r--. 1 rancid rancid 196 Oct 30 16:48 .bash_profile -rw-r--r--. 1 rancid rancid 124 Oct 16 2014 .bashrc drwxr-x---. 4 rancid rancid 4096 Nov 2 17:18 ciscodev -rw-r-----. 1 rancid rancid 95 Nov 2 17:00 .cloginrc drwxr-x---. 4 rancid rancid 4096 Nov 2 17:18 dlinkdev drwxr-x---. 4 rancid rancid 4096 Nov 2 17:18 edgecoredev drwxr-x---. 2 rancid rancid 4096 Oct 30 15:08 logs drwx------. 2 rancid rancid 4096 Oct 30 14:56 .ssh drwxr-x---. 3 rancid rancid 4096 Nov 2 17:02 .subversion drwxr-x---. 6 rancid rancid 4096 Nov 2 17:02 SVN -- Serge P. Torop -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Tue Nov 3 10:35:20 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 3 Nov 2015 12:35:20 +0200 Subject: [rancid] Rancid does not recive configuration from cisco device In-Reply-To: References: Message-ID: <56388DE8.5040805@gmail.com> On 03/11/2015 09:43, Serge Torop wrote: > > Hello, all, > > I have new installation of Rancid (v 3.1) on Centos 6 from rpm packet. [snip] > [rancid at blade11 ciscodev]$ cat /var/rancid/ciscodev/router.db > 10.37.6.46:cisco:up ^ ^ in rancid 3+ these separators are ";" and not ":" The reason is that a colon clashes with IPv6 addresses in field 1 Alan From alain.hayot at inalco.fr Tue Nov 3 11:00:19 2015 From: alain.hayot at inalco.fr (hayot alain) Date: Tue, 3 Nov 2015 12:00:19 +0100 (CET) Subject: [rancid] Rancid does not recive configuration from cisco device In-Reply-To: <56388DE8.5040805@gmail.com> References: <56388DE8.5040805@gmail.com> Message-ID: <561730061.716439.1446548419795.JavaMail.zimbra@inalco.fr> hi, I do not why but i had the same problems with rancid 3.2 on juniper devices. it work with version 2.3 Cordialement ----- Alain HAYOT Responsable R?seau INALCO - LANGUES'O 65 rue des grands moulins 75013 Paris t?l?phone bureau : 01 81 70 10 74 ----- Mail original ----- De: "Alan McKinnon" ?: rancid-discuss at shrubbery.net Envoy?: Mardi 3 Novembre 2015 11:35:20 Objet: Re: [rancid] Rancid does not recive configuration from cisco device On 03/11/2015 09:43, Serge Torop wrote: > > Hello, all, > > I have new installation of Rancid (v 3.1) on Centos 6 from rpm packet. [snip] > [rancid at blade11 ciscodev]$ cat /var/rancid/ciscodev/router.db > 10.37.6.46:cisco:up ^ ^ in rancid 3+ these separators are ";" and not ":" The reason is that a colon clashes with IPv6 addresses in field 1 Alan _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Sebastien.Boulianne at cpu.ca Tue Nov 3 13:23:11 2015 From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca) Date: Tue, 3 Nov 2015 08:23:11 -0500 Subject: [rancid] Backup Brocade Config. Message-ID: <5FE0959288C73D448BB44CB7E9CC320F5829B12218@CPUMAIL2.cpu.qc.ca> Hi all, I put these lines in my router.db and I cant get the brocade config. echo 'a.20;hp;up' >> /var/lib/rancid/rooma/router.db echo 'a.21;hp;up' >> /var/lib/rancid/rooma/router.db I already tried to replace the word hp with brocade and I have the same issue... I got Getting missed routers: round 4. a.21: missed cmd(s): all commands a.21 clogin error: Error: TIMEOUT reached a.21: End of run not found ; a.20: missed cmd(s): all commands a.20 clogin error: Error: TIMEOUT reached a.20: End of run not found Can you help me please ? S?bastien -------------- next part -------------- An HTML attachment was scrubbed... URL: From Mikko.Peltokangas at alavus.fi Tue Nov 3 13:27:02 2015 From: Mikko.Peltokangas at alavus.fi (Peltokangas Mikko) Date: Tue, 3 Nov 2015 13:27:02 +0000 Subject: [rancid] Backup Brocade Config. In-Reply-To: <5FE0959288C73D448BB44CB7E9CC320F5829B12218@CPUMAIL2.cpu.qc.ca> References: <5FE0959288C73D448BB44CB7E9CC320F5829B12218@CPUMAIL2.cpu.qc.ca> Message-ID: <627431AFBC39064D988A13AA0351DC43017871545D@alexmbx01.6ad.local> replace hp with foundry. -- Terveisin, Mikko Peltokangas, j?rjestelm?asiantuntija Alavuden kaupunki gsm:+358-44-516 3120 email:mikko.peltokangas at alavus.fi skype:mikkopeltokangas (vain chat) ________________________________________ L?hett?j?: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] käyttäjän Sebastien.Boulianne at cpu.ca [Sebastien.Boulianne at cpu.ca] puolesta L?hetetty: 3. marraskuuta 2015 15:23 Vastaanottaja: rancid-discuss at shrubbery.net Aihe: [rancid] Backup Brocade Config. Hi all, I put these lines in my router.db and I cant get the brocade config. echo 'a.20;hp;up' >> /var/lib/rancid/rooma/router.db echo 'a.21;hp;up' >> /var/lib/rancid/rooma/router.db I already tried to replace the word hp with brocade and I have the same issue? I got Getting missed routers: round 4. a.21: missed cmd(s): all commands a.21 clogin error: Error: TIMEOUT reached a.21: End of run not found ; a.20: missed cmd(s): all commands a.20 clogin error: Error: TIMEOUT reached a.20: End of run not found Can you help me please ? S?bastien From Sebastien.Boulianne at cpu.ca Tue Nov 3 14:38:44 2015 From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca) Date: Tue, 3 Nov 2015 09:38:44 -0500 Subject: [rancid] Backup Brocade Config. In-Reply-To: <627431AFBC39064D988A13AA0351DC43017871545D@alexmbx01.6ad.local> References: <5FE0959288C73D448BB44CB7E9CC320F5829B12218@CPUMAIL2.cpu.qc.ca> <627431AFBC39064D988A13AA0351DC43017871545D@alexmbx01.6ad.local> Message-ID: <5FE0959288C73D448BB44CB7E9CC320F5829B1221A@CPUMAIL2.cpu.qc.ca> Hi, When I replace "hp" with " foundry", I got this: Getting missed routers: round 4. a.20: missed cmd(s): all commands a.20 flogin error: Error: TIMEOUT reached a.20: End of run not found ! a.21: missed cmd(s): all commands a.21 flogin error: Error: TIMEOUT reached a.21: End of run not found Im using the latest version of Rancid... 3.2-2 S?bastien Boulianne Administrateur r?seau & syst?me / Network & System Administrator. Gestion des infrastructures / Infrastructure Management. CCNA / CompTIA Server+ / Sp?cialiste en monitoring. sebastien.boulianne at cpu.ca -----Message d'origine----- De?: Peltokangas Mikko [mailto:Mikko.Peltokangas at alavus.fi] Envoy??: 3 novembre 2015 08:27 ??: Sebastien Boulianne ; rancid-discuss at shrubbery.net Objet?: VS: Backup Brocade Config. replace hp with foundry. -- Terveisin, Mikko Peltokangas, j?rjestelm?asiantuntija Alavuden kaupunki gsm:+358-44-516 3120 email:mikko.peltokangas at alavus.fi skype:mikkopeltokangas (vain chat) ________________________________________ L?hett?j?: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] käyttäjän Sebastien.Boulianne at cpu.ca [Sebastien.Boulianne at cpu.ca] puolesta L?hetetty: 3. marraskuuta 2015 15:23 Vastaanottaja: rancid-discuss at shrubbery.net Aihe: [rancid] Backup Brocade Config. Hi all, I put these lines in my router.db and I cant get the brocade config. echo 'a.20;hp;up' >> /var/lib/rancid/rooma/router.db echo 'a.21;hp;up' >> /var/lib/rancid/rooma/router.db I already tried to replace the word hp with brocade and I have the same issue. I got Getting missed routers: round 4. a.21: missed cmd(s): all commands a.21 clogin error: Error: TIMEOUT reached a.21: End of run not found ; a.20: missed cmd(s): all commands a.20 clogin error: Error: TIMEOUT reached a.20: End of run not found Can you help me please ? S?bastien From bosk802 at gmail.com Tue Nov 3 15:32:59 2015 From: bosk802 at gmail.com (=?UTF-8?B?0JDQvdC00YDQtdC5INCk0L7QvNC40L0=?=) Date: Tue, 3 Nov 2015 18:32:59 +0300 Subject: [rancid] How to completely delete a device Message-ID: I'm very new to RANCID, CVS, SVN, etc... I've got a linux-server and a rancid-service on it (actually it's a user with a crontab entry) to retrieve config-changes from a ~60 Cisco devices. Already deleted an ip address from router.db, but CVS-webpage still show this device (especially when i hit 'show 5 dead files'). So, what else should i do to completely remove this device? I tried 'find /usr/local/rancid' -name '$ip-address-of-the-deleted-device' and this shows nothing. On the other hand, i run 'grep -nR '$ip-address-of-the-deleted-device' /usr/local/rancid/' and receive some info that was found mainly in 2 files: /usr/local/rancid/var/CVS/CVSROOT/history /usr/local/rancid/var/CVS/network/router.db,v It's very hard to remove line by line from this files, that are concerning my deleted device. Is there any way to completely remove a device? There are plenty of topics how to delete a group. I'm not sure what a group is - i guess it's a collection of all the devices (in my case - 60 Cisco routers and switches). I don't need to delete a whole group - only a device within this group. PS: maybe anyone can give me brief description... what are files with the '...,v' for? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From AJ.Schroeder at directsupply.com Tue Nov 3 16:37:28 2015 From: AJ.Schroeder at directsupply.com (AJ Schroeder) Date: Tue, 3 Nov 2015 16:37:28 +0000 Subject: [rancid] Script help / pointers Message-ID: <1F169C33264F9A43928391FE5D100EA608F402DB@MSG-P-VIR-M-62.mtolympus.partners.directs.com> Hello list, A while ago I hacked together a couple of scripts to get some Nortel and Avaya devices backing up. I basically copied some of the existing scripts to make things work, however the issue is that they "just work". We are going to be supporting these devices for the foreseeable future so I'd like to improve the scripts from their current form. Specifically, I am having a hard time processing the logouts properly because I am not sure what the scripts are looking for to say "I'm done with show run, continue on". I have gotten things to work by just adding a logout command to the run_commands sub in the nortellogin, but I feel this is not the most graceful way of exiting. I believe not being able to process things is causing backups to take longer than it should. The scripts are located here: https://github.com/ajschroeder/rancid/blob/master/nortelrancid https://github.com/ajschroeder/rancid/blob/master/nortellogin If anyone has time to help or critique it would be greatly appreciated. Thanks, AJ Schroeder -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Nov 3 17:34:38 2015 From: heas at shrubbery.net (heasley) Date: Tue, 3 Nov 2015 17:34:38 +0000 Subject: [rancid] How to completely delete a device In-Reply-To: References: Message-ID: <20151103173437.GA80860@shrubbery.net> Tue, Nov 03, 2015 at 06:32:59PM +0300, ?????? ?????: > I'm very new to RANCID, CVS, SVN, etc... I've got a linux-server and a > rancid-service on it (actually it's a user with a crontab entry) to > retrieve config-changes from a ~60 Cisco devices. > > Already deleted an ip address from router.db, but CVS-webpage still show > this device (especially when i hit 'show 5 dead files'). So, what else > should i do to completely remove this device? > > I tried 'find /usr/local/rancid' -name '$ip-address-of-the-deleted-device' > and this shows nothing. On the other hand, i run 'grep -nR > '$ip-address-of-the-deleted-device' /usr/local/rancid/' and receive some > info that was found mainly in 2 files: > > /usr/local/rancid/var/CVS/CVSROOT/history > /usr/local/rancid/var/CVS/network/router.db,v my advice is that if you dont want to see the delete router - they're in a separate directory, the attic, so dont look. and do not mess with the SCM files; youre asking for trouble. > It's very hard to remove line by line from this files, that are concerning > my deleted device. Is there any way to completely remove a device? > > There are plenty of topics how to delete a group. I'm not sure what a group > is - i guess it's a collection of all the devices (in my case - 60 Cisco > routers and switches). I don't need to delete a whole group - only a device > within this group. a group in rancid terms is a member of rancid.conf:LIST_OF_GROUPS From heas at shrubbery.net Tue Nov 3 17:44:16 2015 From: heas at shrubbery.net (heasley) Date: Tue, 3 Nov 2015 17:44:16 +0000 Subject: [rancid] Rancid does not recive configuration from cisco device In-Reply-To: <561730061.716439.1446548419795.JavaMail.zimbra@inalco.fr> References: <56388DE8.5040805@gmail.com> <561730061.716439.1446548419795.JavaMail.zimbra@inalco.fr> Message-ID: <20151103174416.GB80860@shrubbery.net> Tue, Nov 03, 2015 at 12:00:19PM +0100, hayot alain: > hi, > I do not why but i had the same problems with rancid 3.2 on juniper devices. that should not be - please provide details. junos is, without a doubt, the most stable cli from a ranicd PoV. From heas at shrubbery.net Tue Nov 3 18:25:44 2015 From: heas at shrubbery.net (heasley) Date: Tue, 3 Nov 2015 18:25:44 +0000 Subject: [rancid] CatOS device Message-ID: <20151103182544.GG80860@shrubbery.net> Apparently I've introduced a bug into clogin that affects CatOS devices, of which I have none remaining. If anyone has one that they'd allow me access remotely to fix this, please reply to me. TIA. From mutz.online at gmail.com Tue Nov 3 17:20:22 2015 From: mutz.online at gmail.com (Herbert Mutz) Date: Tue, 3 Nov 2015 18:20:22 +0100 Subject: [rancid] Backup Brocade Config. In-Reply-To: <5FE0959288C73D448BB44CB7E9CC320F5829B1221A@CPUMAIL2.cpu.qc.ca> References: <5FE0959288C73D448BB44CB7E9CC320F5829B12218@CPUMAIL2.cpu.qc.ca> <627431AFBC39064D988A13AA0351DC43017871545D@alexmbx01.6ad.local> <5FE0959288C73D448BB44CB7E9CC320F5829B1221A@CPUMAIL2.cpu.qc.ca> Message-ID: <5638ECD6.6010103@gmail.com> Which brocade switches do you use ? Rancid works good with : FCX, ICX, MLX, SX switches. RX series has some problems and VDX switches are a totally different story. I've never been able to get any rancid version past 2.8 to work with brocade devices tho and stopped bothering to debug. > Hi, > > When I replace "hp" with " foundry", I got this: > > Getting missed routers: round 4. > a.20: missed cmd(s): all commands > a.20 flogin error: Error: TIMEOUT reached > a.20: End of run not found > ! > a.21: missed cmd(s): all commands > a.21 flogin error: Error: TIMEOUT reached > a.21: End of run not found > > Im using the latest version of Rancid... 3.2-2 > > S?bastien Boulianne > Administrateur r?seau & syst?me / Network & System Administrator. > Gestion des infrastructures / Infrastructure Management. > CCNA / CompTIA Server+ / Sp?cialiste en monitoring. > sebastien.boulianne at cpu.ca > > > -----Message d'origine----- > De : Peltokangas Mikko [mailto:Mikko.Peltokangas at alavus.fi] > Envoy? : 3 novembre 2015 08:27 > ? : Sebastien Boulianne ; rancid-discuss at shrubbery.net > Objet : VS: Backup Brocade Config. > > replace hp with foundry. > > -- > Terveisin, > Mikko Peltokangas, j?rjestelm?asiantuntija Alavuden kaupunki > gsm:+358-44-516 3120 > email:mikko.peltokangas at alavus.fi > skype:mikkopeltokangas (vain chat) > ________________________________________ > L?hett?j?: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] käyttäjän Sebastien.Boulianne at cpu.ca [Sebastien.Boulianne at cpu.ca] puolesta > L?hetetty: 3. marraskuuta 2015 15:23 > Vastaanottaja: rancid-discuss at shrubbery.net > Aihe: [rancid] Backup Brocade Config. > > Hi all, > > I put these lines in my router.db and I cant get the brocade config. > > echo 'a.20;hp;up' >> /var/lib/rancid/rooma/router.db echo 'a.21;hp;up' >> /var/lib/rancid/rooma/router.db > > I already tried to replace the word hp with brocade and I have the same issue. > > I got > > Getting missed routers: round 4. > a.21: missed cmd(s): all commands > a.21 clogin error: Error: TIMEOUT reached > a.21: End of run not found > ; > a.20: missed cmd(s): all commands > a.20 clogin error: Error: TIMEOUT reached > a.20: End of run not found > > Can you help me please ? > > S?bastien > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From alan.mckinnon at gmail.com Tue Nov 3 19:52:22 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 3 Nov 2015 21:52:22 +0200 Subject: [rancid] Script help / pointers In-Reply-To: <1F169C33264F9A43928391FE5D100EA608F402DB@MSG-P-VIR-M-62.mtolympus.partners.directs.com> References: <1F169C33264F9A43928391FE5D100EA608F402DB@MSG-P-VIR-M-62.mtolympus.partners.directs.com> Message-ID: <56391076.4070003@gmail.com> On 03/11/2015 18:37, AJ Schroeder wrote: > Hello list, > > > > A while ago I hacked together a couple of scripts to get some Nortel and > Avaya devices backing up. I basically copied some of the existing > scripts to make things work, however the issue is that they ?just work?. > We are going to be supporting these devices for the foreseeable future > so I?d like to improve the scripts from their current form. > > > > Specifically, I am having a hard time processing the logouts properly > because I am not sure what the scripts are looking for to say ?I?m done > with show run, continue on?. I have gotten things to work by just adding > a logout command to the run_commands sub in the nortellogin, but I feel > this is not the most graceful way of exiting. I believe not being able > to process things is causing backups to take longer than it should. > > > > The scripts are located here: > > > > https://github.com/ajschroeder/rancid/blob/master/nortelrancid > > https://github.com/ajschroeder/rancid/blob/master/nortellogin > > > > If anyone has time to help or critique it would be greatly appreciated. I haven't looked at your scripts yet (might do so later), but most rancid parser scripts work basically the same way. Most devices with a sane Unix-like cli behave much like a telnet session - there's a login process and when that completes there's a prompt. These two are in that order, and the prompt follows a pattern - text followed by a ">" or "#". This can be quite reliably found with a regex so the script knows what it looks like. Then there is a sequence of commands run by the script itself which are echoed to the terminal along with the command output. The script sees a prompt, followed by a command (that it defined and knows) so it passes all text received until the next prompt to the sub defined for that command. The commands are all in @commandtable. The main loop looks like this: TOP: while() { if (/[>#]\s?exit$/) { last; } while (/[>#]\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; } if (! defined($commands{$cmd})) { last TOP; } $rval = &{$commands{$cmd}}; <==== magic goes here delete($commands{$cmd}); if ($rval == -1) { last TOP; } } } It's all driven by the line marked "magic goes here" and @commandtable is an array of hashes. Each hash contains the router command as the name and the sub that processes the output as the value. The call "&{$commands{$cmd}}" calls the sub, which runs until it finds a prompt, whereupon the main loop above continues. The whole thing keeps going round and round till the main loop finds the command "exit" issued - this ends the loop and the script terminate. rancid-run then carries on with the next item in router.db. It's all very simple, logical classic Perl, and TheSimplestThingThatCouldPossiblyWork which probably explains why rancid is still here after so many years, why every ISP I know of uses it, and why every competitor seems to fall by the wayside. To set things up for a new device type, you need to research the device first. Define exactly what it does with prompts and echoing of command and output, and how you log out. The one important bit that isn't in the rancid parser script is how to logout/exit - that is in clogin and can differ a lot between device types. This is why so often you'll find a new type called say xyzrancid with a corresponding modified xyzlogin. Modifying the parser script often involves ripping out how chunks of each sub that simply do not apply to your device. Knowledge of IOS helps here so you can tell what the Cisco parser is doing and adapt it to what your device does. That's it really, truthfully it's lots of common sense and donkey work. To see how fast your parser runs, call it directly in debug mode and copy the clogin command echoed at the beginning. Run that command directly and observe what happens. You should be familiar with your devices enough to know if it's moving along at the right speed. The last thing is if you are worried about processing time, don't be afraid to crank PAR_COUNT waaaaaaaay up. This is 2015 and 1995 called - they want their Pentium ones back. Modern hosts, even small VMs, cope very nicely with 100 telnet sessions with ease (they are idle most of the time anyway). By example, I found a teeny little VM with 1 cpu and 512 MB on an over-committed ESXi host levelled out at about 80 parallel processes. The size of command output does not affect rancid at all. Whether it's a 100 line show run or a huge beast from a 9K, rancid still chugs along processing one line at a time till it finds a logout. -- Alan McKinnon alan.mckinnon at gmail.com From daniel.schmidt at wyo.gov Tue Nov 3 20:06:49 2015 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 3 Nov 2015 13:06:49 -0700 Subject: [rancid] Backup Brocade Config. In-Reply-To: <5638ECD6.6010103@gmail.com> References: <5FE0959288C73D448BB44CB7E9CC320F5829B12218@CPUMAIL2.cpu.qc.ca> <627431AFBC39064D988A13AA0351DC43017871545D@alexmbx01.6ad.local> <5FE0959288C73D448BB44CB7E9CC320F5829B1221A@CPUMAIL2.cpu.qc.ca> <5638ECD6.6010103@gmail.com> Message-ID: Heas - Can offer CER/CES like I did with the Cisco WLC if you would like to test this. On Tue, Nov 3, 2015 at 10:20 AM, Herbert Mutz wrote: > Which brocade switches do you use ? Rancid works good with : FCX, ICX, > MLX, SX switches. RX series has some problems > and VDX switches are a totally different story. I've never been able to > get any rancid version past 2.8 to work with brocade > devices tho and stopped bothering to debug. > > Hi, >> >> When I replace "hp" with " foundry", I got this: >> >> Getting missed routers: round 4. >> a.20: missed cmd(s): all commands >> a.20 flogin error: Error: TIMEOUT reached >> a.20: End of run not found >> ! >> a.21: missed cmd(s): all commands >> a.21 flogin error: Error: TIMEOUT reached >> a.21: End of run not found >> >> Im using the latest version of Rancid... 3.2-2 >> >> S?bastien Boulianne >> Administrateur r?seau & syst?me / Network & System Administrator. >> Gestion des infrastructures / Infrastructure Management. >> CCNA / CompTIA Server+ / Sp?cialiste en monitoring. >> sebastien.boulianne at cpu.ca >> >> >> -----Message d'origine----- >> De : Peltokangas Mikko [mailto:Mikko.Peltokangas at alavus.fi] >> Envoy? : 3 novembre 2015 08:27 >> ? : Sebastien Boulianne ; >> rancid-discuss at shrubbery.net >> Objet : VS: Backup Brocade Config. >> >> replace hp with foundry. >> >> -- >> Terveisin, >> Mikko Peltokangas, j?rjestelm?asiantuntija Alavuden kaupunki >> gsm:+358-44-516 3120 >> email:mikko.peltokangas at alavus.fi >> skype:mikkopeltokangas (vain chat) >> ________________________________________ >> L?hett?j?: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] >> käyttäjän Sebastien.Boulianne at cpu.ca [ >> Sebastien.Boulianne at cpu.ca] puolesta >> L?hetetty: 3. marraskuuta 2015 15:23 >> Vastaanottaja: rancid-discuss at shrubbery.net >> Aihe: [rancid] Backup Brocade Config. >> >> Hi all, >> >> I put these lines in my router.db and I cant get the brocade config. >> >> echo 'a.20;hp;up' >> /var/lib/rancid/rooma/router.db echo 'a.21;hp;up' >> >> /var/lib/rancid/rooma/router.db >> >> I already tried to replace the word hp with brocade and I have the same >> issue. >> >> I got >> >> Getting missed routers: round 4. >> a.21: missed cmd(s): all commands >> a.21 clogin error: Error: TIMEOUT reached >> a.21: End of run not found >> ; >> a.20: missed cmd(s): all commands >> a.20 clogin error: Error: TIMEOUT reached >> a.20: End of run not found >> >> Can you help me please ? >> >> S?bastien >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From AJ.Schroeder at directsupply.com Tue Nov 3 22:33:26 2015 From: AJ.Schroeder at directsupply.com (AJ Schroeder) Date: Tue, 3 Nov 2015 22:33:26 +0000 Subject: [rancid] Script help / pointers In-Reply-To: <56391076.4070003@gmail.com> References: <1F169C33264F9A43928391FE5D100EA608F402DB@MSG-P-VIR-M-62.mtolympus.partners.directs.com> <56391076.4070003@gmail.com> Message-ID: <1F169C33264F9A43928391FE5D100EA608F415D4@MSG-P-VIR-M-62.mtolympus.partners.directs.com> Wow, thank you for the detailed reply! I wasn't really clear on *how* the scripts all flowed from beginning to end until I read this. In this case, Nortel seems to have a penchant for being different (read: difficult) in the way that there is not an "exit" in the config that I can key in on to tell the script that "show run" is completed. However, I think the way to deal with this is to look for the prompt ending with the '#' character and that will tell the script when a particular "&{$commands{$cmd}}" is done. The one good thing is that the term length can be set per session by the rancid script so I don't have to deal with how Nortel paginates the output, I should always get a prompt back whenever a command is done outputting to the session. AJ -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon Sent: Tuesday, November 03, 2015 1:52 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Script help / pointers On 03/11/2015 18:37, AJ Schroeder wrote: > Hello list, > > > > A while ago I hacked together a couple of scripts to get some Nortel > and Avaya devices backing up. I basically copied some of the existing > scripts to make things work, however the issue is that they ?just work?. > We are going to be supporting these devices for the foreseeable future > so I?d like to improve the scripts from their current form. > > > > Specifically, I am having a hard time processing the logouts properly > because I am not sure what the scripts are looking for to say ?I?m > done with show run, continue on?. I have gotten things to work by just > adding a logout command to the run_commands sub in the nortellogin, > but I feel this is not the most graceful way of exiting. I believe not > being able to process things is causing backups to take longer than it should. > > > > The scripts are located here: > > > > https://github.com/ajschroeder/rancid/blob/master/nortelrancid > > https://github.com/ajschroeder/rancid/blob/master/nortellogin > > > > If anyone has time to help or critique it would be greatly appreciated. I haven't looked at your scripts yet (might do so later), but most rancid parser scripts work basically the same way. Most devices with a sane Unix-like cli behave much like a telnet session - there's a login process and when that completes there's a prompt. These two are in that order, and the prompt follows a pattern - text followed by a ">" or "#". This can be quite reliably found with a regex so the script knows what it looks like. Then there is a sequence of commands run by the script itself which are echoed to the terminal along with the command output. The script sees a prompt, followed by a command (that it defined and knows) so it passes all text received until the next prompt to the sub defined for that command. The commands are all in @commandtable. The main loop looks like this: TOP: while() { if (/[>#]\s?exit$/) { last; } while (/[>#]\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; } if (! defined($commands{$cmd})) { last TOP; } $rval = &{$commands{$cmd}}; <==== magic goes here delete($commands{$cmd}); if ($rval == -1) { last TOP; } } } It's all driven by the line marked "magic goes here" and @commandtable is an array of hashes. Each hash contains the router command as the name and the sub that processes the output as the value. The call "&{$commands{$cmd}}" calls the sub, which runs until it finds a prompt, whereupon the main loop above continues. The whole thing keeps going round and round till the main loop finds the command "exit" issued - this ends the loop and the script terminate. rancid-run then carries on with the next item in router.db. It's all very simple, logical classic Perl, and TheSimplestThingThatCouldPossiblyWork which probably explains why rancid is still here after so many years, why every ISP I know of uses it, and why every competitor seems to fall by the wayside. To set things up for a new device type, you need to research the device first. Define exactly what it does with prompts and echoing of command and output, and how you log out. The one important bit that isn't in the rancid parser script is how to logout/exit - that is in clogin and can differ a lot between device types. This is why so often you'll find a new type called say xyzrancid with a corresponding modified xyzlogin. Modifying the parser script often involves ripping out how chunks of each sub that simply do not apply to your device. Knowledge of IOS helps here so you can tell what the Cisco parser is doing and adapt it to what your device does. That's it really, truthfully it's lots of common sense and donkey work. To see how fast your parser runs, call it directly in debug mode and copy the clogin command echoed at the beginning. Run that command directly and observe what happens. You should be familiar with your devices enough to know if it's moving along at the right speed. The last thing is if you are worried about processing time, don't be afraid to crank PAR_COUNT waaaaaaaay up. This is 2015 and 1995 called - they want their Pentium ones back. Modern hosts, even small VMs, cope very nicely with 100 telnet sessions with ease (they are idle most of the time anyway). By example, I found a teeny little VM with 1 cpu and 512 MB on an over-committed ESXi host levelled out at about 80 parallel processes. The size of command output does not affect rancid at all. Whether it's a 100 line show run or a huge beast from a 9K, rancid still chugs along processing one line at a time till it finds a logout. -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From alan.mckinnon at gmail.com Tue Nov 3 22:37:23 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 4 Nov 2015 00:37:23 +0200 Subject: [rancid] Script help / pointers In-Reply-To: <1F169C33264F9A43928391FE5D100EA608F415D4@MSG-P-VIR-M-62.mtolympus.partners.directs.com> References: <1F169C33264F9A43928391FE5D100EA608F402DB@MSG-P-VIR-M-62.mtolympus.partners.directs.com> <56391076.4070003@gmail.com> <1F169C33264F9A43928391FE5D100EA608F415D4@MSG-P-VIR-M-62.mtolympus.partners.directs.com> Message-ID: <56393723.4070509@gmail.com> On 04/11/2015 00:33, AJ Schroeder wrote: > Wow, thank you for the detailed reply! I wasn't really clear on *how* the scripts all flowed from beginning to end until I read this. You're welcome :-) Perl is very easy to read once you get the hang of it, and very very hard to read before that point. > > In this case, Nortel seems to have a penchant for being different (read: difficult) in the way that there is not an "exit" in the config that I can key in on to tell the script that "show run" is completed. However, I think the way to deal with this is to look for the prompt ending with the '#' character and that will tell the script when a particular "&{$commands{$cmd}}" is done. The one good thing is that the term length can be set per session by the rancid script so I don't have to deal with how Nortel paginates the output, I should always get a prompt back whenever a command is done outputting to the session. I'm not at all familiar with Nortel, so I'm flying blind. In a normal interactive session, how do you log out or otherwise end the session? And what appears on the screen when that is done? > > AJ > > > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon > Sent: Tuesday, November 03, 2015 1:52 PM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Script help / pointers > > On 03/11/2015 18:37, AJ Schroeder wrote: >> Hello list, >> >> >> >> A while ago I hacked together a couple of scripts to get some Nortel >> and Avaya devices backing up. I basically copied some of the existing >> scripts to make things work, however the issue is that they ?just work?. >> We are going to be supporting these devices for the foreseeable future >> so I?d like to improve the scripts from their current form. >> >> >> >> Specifically, I am having a hard time processing the logouts properly >> because I am not sure what the scripts are looking for to say ?I?m >> done with show run, continue on?. I have gotten things to work by just >> adding a logout command to the run_commands sub in the nortellogin, >> but I feel this is not the most graceful way of exiting. I believe not >> being able to process things is causing backups to take longer than it should. >> >> >> >> The scripts are located here: >> >> >> >> https://github.com/ajschroeder/rancid/blob/master/nortelrancid >> >> https://github.com/ajschroeder/rancid/blob/master/nortellogin >> >> >> >> If anyone has time to help or critique it would be greatly appreciated. > > > I haven't looked at your scripts yet (might do so later), but most rancid parser scripts work basically the same way. Most devices with a sane Unix-like cli behave much like a telnet session - there's a login process and when that completes there's a prompt. These two are in that order, and the prompt follows a pattern - text followed by a ">" or "#". > This can be quite reliably found with a regex so the script knows what it looks like. Then there is a sequence of commands run by the script itself which are echoed to the terminal along with the command output. > The script sees a prompt, followed by a command (that it defined and > knows) so it passes all text received until the next prompt to the sub defined for that command. The commands are all in @commandtable. > > The main loop looks like this: > > TOP: while() { > > if (/[>#]\s?exit$/) { > last; > } > while (/[>#]\s*($cmds_regexp)\s*$/) { > $cmd = $1; > if (!defined($prompt)) { > $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; > $prompt =~ s/([][}{)(\\])/\\$1/g; > } > if (! defined($commands{$cmd})) { > last TOP; > } > $rval = &{$commands{$cmd}}; <==== magic goes here > delete($commands{$cmd}); > if ($rval == -1) { > last TOP; > } > } > } > > It's all driven by the line marked "magic goes here" and @commandtable is an array of hashes. Each hash contains the router command as the name and the sub that processes the output as the value. The call "&{$commands{$cmd}}" calls the sub, which runs until it finds a prompt, whereupon the main loop above continues. The whole thing keeps going round and round till the main loop finds the command "exit" issued - this ends the loop and the script terminate. rancid-run then carries on with the next item in router.db. It's all very simple, logical classic Perl, and TheSimplestThingThatCouldPossiblyWork which probably explains why rancid is still here after so many years, why every ISP I know of uses it, and why every competitor seems to fall by the wayside. > > To set things up for a new device type, you need to research the device first. Define exactly what it does with prompts and echoing of command and output, and how you log out. > > The one important bit that isn't in the rancid parser script is how to logout/exit - that is in clogin and can differ a lot between device types. This is why so often you'll find a new type called say xyzrancid with a corresponding modified xyzlogin. Modifying the parser script often involves ripping out how chunks of each sub that simply do not apply to your device. Knowledge of IOS helps here so you can tell what the Cisco parser is doing and adapt it to what your device does. > > That's it really, truthfully it's lots of common sense and donkey work. > To see how fast your parser runs, call it directly in debug mode and copy the clogin command echoed at the beginning. Run that command directly and observe what happens. You should be familiar with your devices enough to know if it's moving along at the right speed. > > The last thing is if you are worried about processing time, don't be afraid to crank PAR_COUNT waaaaaaaay up. This is 2015 and 1995 called - they want their Pentium ones back. Modern hosts, even small VMs, cope very nicely with 100 telnet sessions with ease (they are idle most of the time anyway). By example, I found a teeny little VM with 1 cpu and > 512 MB on an over-committed ESXi host levelled out at about 80 parallel processes. The size of command output does not affect rancid at all. > Whether it's a 100 line show run or a huge beast from a 9K, rancid still chugs along processing one line at a time till it finds a logout. > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From jcohen at AllenTek.com Wed Nov 4 00:47:48 2015 From: jcohen at AllenTek.com (Jessica Cohen) Date: Wed, 4 Nov 2015 00:47:48 +0000 Subject: [rancid] rancid with coyote point load balacner Message-ID: <6CBD3672C596DB49BCFF684935BD14B8AC0CDC@MBX029-E1-VA-6.EXCH029.DOMAIN.LOCAL> Has anyone worked with a coyote point load balancer (Fortinet)? For SSH to work, you have to ssh to eqadmin at 172.16.X.X. You're then prompted for an additional username and password. Is there any way to make this work with rancid? -------------- next part -------------- An HTML attachment was scrubbed... URL: From darren at tuff.org.uk Thu Nov 5 18:19:39 2015 From: darren at tuff.org.uk (Darren Marshall) Date: Thu, 5 Nov 2015 18:19:39 +0000 Subject: [rancid] Huawei config collection issue AR150 router - prompt issue? Message-ID: I have an issue with config collection on Huawei routers (AR150) It looks to me like a prompt issue but I might be wrong, The prompts look like - Unprivileged prompt Privileged prompt [NET1111-DSL-XXXXXX.CE3] I can see in the mailing lists that you did some work on h3clogin and h3crancid? did your version of these expect the > and ] prompts , if not , can you point me in the right direction of where in the scripts I need to modify the prompt, I believe it is the ] prompt which is causing issues. If I run the following - /usr/local/rancid/bin/h3clogin -t 40 -c"display current-configuration" 10.1.2.3 This is the output I get - [rancid at zuffle bin]$ /usr/local/rancid/bin/h3clogin -t 40 -c"display current-configuration" 10.1.2.3 10.1.2.3 spawn telnet 10.1.2.3 Trying 10.1.2.3... Connected to 10.1.2.3. Escape character is '^]'. Login authentication Username:rancid Password: undo terminal monitor Info: Current terminal monitor is off. screen-length 0 temporary Info: The configuration takes effect on the current user terminal interface only. system-view Enter system view, return user view with Ctrl+Z. [NET1111-DSL-XXXXXX.CE3] Error: TIMEOUT reached can not find channel named "exp4" while executing "close" ("foreach" body line 136) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/usr/local/rancid/bin/h3clogin" line 578) As you can see rancid manages to login to the router , run a couple of commands then runs the system-view command to become privileged which works but then doesn't move on to run the display current-configuration, instead the process just times out. To me it looks like change of prompt is confusing the expect script?. For completeness here is the h3clogin script I am using - any help is greatly appreciated!! Thanks daze #! /usr/bin/expect -- ## $Id: h3clogin.in,v 1.79 2004/05/27 21:57:52 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # The login expect scripts were based on Erik Sherk's gwtn, by permission. # # h3clogin - H3C (Huawei-3Com) login # # Most options are intuitive for logging into a Cisco router. # The default is to enable (thus -noenable). Some folks have # setup tacacs to have a user login at priv-lvl = 15 (enabled) # so the -autoenable flag was added for this case (don't go through # the process of enabling and the prompt will be the "#" prompt. # The default username password is the same as the vty password. # # Set to 1 to enable some debugging: exp_internal 0 # Usage line set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # attempt at platform switching. set platform "" # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ] } { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Username -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* - -P* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # VTY Password } -v* - -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Enable Username } -w* - -W* { if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [ lindex $argv $i ] } # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [ regexp .\[e\](.+) $arg ignore enapasswd]} { incr i set enapasswd [ lindex $argv $i ] } set do_enapasswd 0 # Command to run. } -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* - -X { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. proc login { router user userpswd passwd enapasswd cmethod cyphertype } { global spawn_id in_proc do_command do_script platform global prompt u_prompt p_prompt e_prompt sshcmd set in_proc 1 set uprompt_seen 0 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" exit 1 } } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] } else { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ] } if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" exit 1 } } elseif ![string compare $prog "rsh"] { if [ catch {spawn rsh -l $user $router} reason ] { send_user "\nError: rsh failed: $reason\n" exit 1 } } else { puts "\nError: unknown connection method: $prog" return 1 } incr progs -1 sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; wait if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; wait if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { catch {close}; send_user "\nError: Unknown host $router\n"; wait; return 1 } "Host is unreachable" { catch {close}; send_user "\nError: Host Unreachable: $router\n"; wait; return 1 } "No address associated with name" { catch {close}; send_user "\nError: Unknown host $router\n"; wait; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" return 1 } -re "(denied|Sorry)" { send_user "\nError: Check your passwd for $router\n" catch {close}; wait; return 1 } "Login failed" { send_user "\nError: Check your passwd for $router\n" return 1 } -re "% (Bad passwords|Authentication failed)" { send_user "\nError: Check your passwd for $router\n" return 1 } "Press any key to continue." { # send_user "Pressing the ANY key\n" send "\r" exp_continue } -re "Enter Selection: " { # Catalyst 1900s have some lame menu. Enter # K to reach a command-line. send "K\r" exp_continue; } -re "@\[^\r\n]+ $p_prompt" { # ssh pwd prompt sleep 1 send "$userpswd\r" exp_continue } -re "$u_prompt" { send "$user\r" set uprompt_seen 1 exp_continue } -re "$p_prompt" { sleep 1 if {$uprompt_seen == 1} { send "$userpswd\r" } else { send "$passwd\r" } exp_continue } -re "$prompt" { break; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; catch {close}; wait; return 1 } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global prompt in_proc global u_prompt e_prompt set in_proc 1 set enacmd "system-view" send "$enacmd\r" expect { -re "$u_prompt" { send "$enauser\r"; exp_continue} -re "$e_prompt" { send "$enapasswd\r"; exp_continue} "(enable)" { set prompt "> (enable) " } -re "(denied|Sorry|Incorrect)" { # % Access denied - from local auth and poss. others send_user "\nError: Check your Enable passwd\n"; return 1 } "% Error in authentication" { send_user "\nError: Check your Enable passwd\n" return 1 } "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc platform set in_proc 1 # escape any parens in the prompt, such as "(enable)" regsub -all {[][)(]} $prompt {\\&} reprompt expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } # this is the only way i see to get rid of more prompts in o/p..grrrrr log_user 0 # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # The pager can not be turned off on some 3Com/H3C, so we have to look # for the "More" prompt. for {set i 0} {$i < $num_commands} { incr i} { send "[subst -nocommands [lindex $commands $i]]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "^ ---- More ----.*\[^\n\r]*" { sleep 0.1 send " " exp_continue } } } } else { # The pager can not be turned off on some 3Com/H3C, so we have to look # for the "More" prompt. send "[subst -nocommands $command]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "^ ---- More ----.*\[^\n\r]*" { sleep 0.1 send " " exp_continue } } } log_user 1 send "quit\r" expect { -re "^\[^\n\r *]*$reprompt" { # H3C products # return to non-enabled mode # on exit in enabled mode. send "quit\r" exp_continue; } # TODO: we will need to do this too: # "Do you wish to save your configuration changes" { # send "n\r" # exp_continue # } -re "\[\n\r]+" { exp_continue } # hwlogin+mod: -re "\[^\n\r *]Note:" { return 0 } timeout { return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoenable is off by default, if we have it defined, it # was done on the command line. If it is not specifically set on the # command line, check the password file. if $avautoenable { set autoenable 1 set enable 0 # hwlogin: #set prompt " \\]\\" set prompt ">" } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 # hwlogin: set prompt ">" } else { set autoenable 0 set enable $avenable set prompt ">" } } # look for noenable option in .cloginrc # Strath: but I do not know why I made this change, and it does not appear # to be reflected in other *rancid in svn trunk. # if [find noenable $router] != "" if { [find noenable $router] == "1" } { send_user "\nset enable 0.\n" set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "\nError: no password for $router in $password_file.\n" continue } if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user "\nError: no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|Login|login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } else { set e_prompt [join [lindex $e_prompt 0] ""] } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { continue } # Disable log junk being sent to terminal: must be done before $enacmd is run # It would be nice for this to be setable in .cloginrc send "undo terminal monitor\r" expect -re $prompt {} # Turn session paging off; this only works on models like 3Com 4800G and H3C # Other models like 3Com 5500 have a screen-length command that only works on # a vty basis #send "screen-length disable\r" send "screen-length 0 temporary\r" if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { close; wait continue } } } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^.+$prompt" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } } if { $do_command } { if {[run_commands $prompt $command]} { continue } } elseif { $do_script } { # # If the prompt is (enable), then we are on a switch and the # # command is "set length 0"; otherwise its "term length 0". # if [ regexp -- ".*> .*enable" "$prompt" ] { # send "set length 0\r" # send "set logging session disable\r" # } else { # send "term length 0\r" # } expect -re $prompt {} source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 -------------- next part -------------- An HTML attachment was scrubbed... URL: From Chris.Davis at principia.edu Thu Nov 5 14:37:18 2015 From: Chris.Davis at principia.edu (Chris Davis) Date: Thu, 5 Nov 2015 14:37:18 +0000 Subject: [rancid] Email notification problems. Message-ID: Feel like an idiot for not being able to find this, but I'm looking for where a final address is picked up for email notifications. We have a very short domain name for our institution and the full one as well. Gone are the days when short and sweet were important. We're ending the mail delivery service to that domain. So, I have to swap out the short, and put in the longer. I checked everywhere I could think of, and found the aliases file in /etc. It seemed to have all the right email address aliases so I updated the original email aliases with the longer domain named email addresses in the destination section of the alias. I updated the aliases.db file without any problems. But, as you can guess, the emails keep going to the original short domain addresses. At some point, we're going to pull the plug on the delivery. Seems so bloody simple, but yet, I can't seem to find the problem. Any help is appreciated. Thanks. I'm running 2.3.8. Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Fri Nov 6 19:41:43 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 6 Nov 2015 21:41:43 +0200 Subject: [rancid] Email notification problems. In-Reply-To: References: Message-ID: <563D0277.2020109@gmail.com> On 05/11/2015 16:37, Chris Davis wrote: > Feel like an idiot for not being able to find this, but I?m looking for > where a final address is picked up for email notifications. We have a > very short domain name for our institution and the full one as well. > Gone are the days when short and sweet were important. We?re ending the > mail delivery service to that domain. So, I have to swap out the short, > and put in the longer. I checked everywhere I could think of, and found > the aliases file in /etc. It seemed to have all the right email address > aliases so I updated the original email aliases with the longer domain > named email addresses in the destination section of the alias. I > updated the aliases.db file without any problems. > > > > But, as you can guess, the emails keep going to the original short > domain addresses. At some point, we?re going to pull the plug on the > delivery. Seems so bloody simple, but yet, I can?t seem to find the > problem. Any help is appreciated. Thanks. I?m running 2.3.8. Rancid mails the group name as a local recipient, so as you already figured out you need a local MTA with an /etc/aliases. This usually rewrites $rancid_group to $rancid_group at some-domain.com If I read you correctly you did run newaliases and it succeeded? At this point I'd be checking MAILPREFIX and ADMINMAILPREFIX in racnid.conf, then looking at my MTA logs to see what it's doing with rancid mail. These things are usually MTA problems, not rancid problems. -- Alan McKinnon alan.mckinnon at gmail.com From Chris.Davis at principia.edu Fri Nov 6 13:54:42 2015 From: Chris.Davis at principia.edu (Chris Davis) Date: Fri, 6 Nov 2015 13:54:42 +0000 Subject: [rancid] Email notification problems. Message-ID: Feel like an idiot for not being able to find this, but I'm looking for where a final address is picked up for email notifications. We have a very short domain name for our institution and the full length one as well. Gone are the days when short and sweet were important. We're ending the mail delivery service to that domain. So, I have to swap out the short, and put in the longer. I checked everywhere I could think of, and found the aliases file in /etc. It seemed to have all the right email address aliases so I updated the original email aliases with the longer domain named email addresses in the destination section of the alias. I updated the aliases.db file without any problems. But, as you can guess, the emails keep going to the original short domain addresses. At some point, we're going to pull the plug on the delivery. Seems so bloody simple, but yet, I can't seem to find the problem. Any help is appreciated. Thanks. I'm running 2.3.8. Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From jbaird at follett.com Sat Nov 7 19:16:01 2015 From: jbaird at follett.com (Baird, Josh) Date: Sat, 7 Nov 2015 19:16:01 +0000 Subject: [rancid] Adding JunOS Commands References: <20151005152245.GA85011@shrubbery.net> Message-ID: Ok - I think I am misunderstanding. My rancid.types.conf: juniper2;script;rancid -t juniper juniper2;login;jlogin juniper2;module;junos2 juniper2;inloop;junos2::inloop juniper2;command;junos2::ShowChassisClocks;show chassis clocks juniper2;command;junos2::ShowChassisEnvironment;show chassis environment juniper2;command;junos2::ShowChassisFirmware;show chassis firmware juniper2;command;junos2::ShowChassisFpcDetail;show chassis fpc detail juniper2;command;junos2::ShowChassisHardware;show chassis hardware detail juniper2;command;junos2::ShowChassisHardware;show chassis hardware models juniper2;command;junos2::ShowChassisRoutingEngine;show chassis routing-engine juniper2;command;junos2::ShowChassisSCB;show chassis scb juniper2;command;junos2::ShowChassisSCB;show chassis sfm detail juniper2;command;junos2::ShowChassisSCB;show chassis ssb juniper2;command;junos2::ShowChassisSCB;show chassis feb detail juniper2;command;junos2::ShowChassisSCB;show chassis feb juniper2;command;junos2::ShowChassisSCB;show chassis cfeb juniper2;command;junos2::ShowChassisAlarms;show chassis alarms juniper2;command;junos2::ShowSystemLicense;show system license juniper2;command;junos2::ShowSystemBootMessages;show system boot-messages juniper2;command;junos2::ShowSystemCoreDumps;show system core-dumps juniper2;command;junos2::ShowVersion;show version detail juniper2;command;junos2::ShowConfiguration;show configuration juniper2;command;junos2::ShowConfigurationOmit;show configuration | display omit My router.db: hostname;juniper2;up What am I missing here? I appreciate you trying to help. Thanks > -----Original Message----- > From: Baird, Josh > Sent: Monday, October 05, 2015 11:32 AM > To: 'heasley' > Cc: rancid-discuss at shrubbery.net > Subject: RE: [rancid] Adding JunOS Commands > > Thanks, I copied the following block from /etc/rancid/rancid.types.base to > /etc/rancid/rancid.types.conf: > > juniper;script;rancid -t juniper > juniper;login;jlogin > juniper;module;junos > juniper;inloop;junos::inloop > juniper;command;junos::ShowChassisClocks;show chassis clocks > juniper;command;junos::ShowChassisEnvironment;show chassis > environment juniper;command;junos::ShowChassisFirmware;show chassis > firmware juniper;command;junos::ShowChassisFpcDetail;show chassis fpc > detail juniper;command;junos::ShowChassisHardware;show chassis > hardware detail juniper;command;junos::ShowChassisHardware;show > chassis hardware models > juniper;command;junos::ShowChassisRoutingEngine;show chassis routing- > engine juniper;command;junos::ShowChassisSCB;show chassis scb > juniper;command;junos::ShowChassisSCB;show chassis sfm detail > juniper;command;junos::ShowChassisSCB;show chassis ssb > juniper;command;junos::ShowChassisSCB;show chassis feb detail > juniper;command;junos::ShowChassisSCB;show chassis feb > juniper;command;junos::ShowChassisSCB;show chassis cfeb > juniper;command;junos::ShowChassisAlarms;show chassis alarms > juniper;command;junos::ShowSystemLicense;show system license > juniper;command;junos::ShowSystemBootMessages;show system boot- > messages juniper;command;junos::ShowSystemCoreDumps;show system > core-dumps juniper;command;junos::ShowVersion;show version detail > juniper;command;junos::ShowConfiguration;show configuration > > Then, I added the following line to the bottom of > /etc/rancid/rancid.types.conf: > > juniper;command;junos::ShowConfigurationOmit;show configuration | > display omit > > Does this look correct? The new command is not being ran. > > Thanks, > > Josh > > > -----Original Message----- > > From: heasley [mailto:heas at shrubbery.net] > > Sent: Monday, October 05, 2015 11:23 AM > > To: Baird, Josh > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Adding JunOS Commands > > > > Mon, Oct 05, 2015 at 03:00:13PM +0000, Baird, Josh: > > > Hi, > > > > > > I use configuration groups in JunOS, so I would like to add 'show > > configuration | display inheritance no comments' to the list of > > commands that gets executed against Juniper devices. Can someone > > point me in the right direction? > > > > use rancid 3.2, see rancid.type.conf(5). From heas at shrubbery.net Sat Nov 7 22:54:56 2015 From: heas at shrubbery.net (Heasley) Date: Sat, 7 Nov 2015 14:54:56 -0800 Subject: [rancid] Adding JunOS Commands In-Reply-To: References: <20151005152245.GA85011@shrubbery.net> Message-ID: > Am 07.11.2015 um 11:16 schrieb Baird, Josh : > > Ok - I think I am misunderstanding. > > My rancid.types.conf: > > juniper2;script;rancid -t juniper juniper2;script;rancid -t juniper2 > juniper2;login;jlogin > juniper2;module;junos2 Not junos2, unless youve written your own pm. You can also import junos and your own pm so as not to duplicate functions Otherwise, you havent said what is not working. > juniper2;inloop;junos2::inloop > juniper2;command;junos2::ShowChassisClocks;show chassis clocks > juniper2;command;junos2::ShowChassisEnvironment;show chassis environment > juniper2;command;junos2::ShowChassisFirmware;show chassis firmware > juniper2;command;junos2::ShowChassisFpcDetail;show chassis fpc detail > juniper2;command;junos2::ShowChassisHardware;show chassis hardware detail > juniper2;command;junos2::ShowChassisHardware;show chassis hardware models > juniper2;command;junos2::ShowChassisRoutingEngine;show chassis routing-engine > juniper2;command;junos2::ShowChassisSCB;show chassis scb > juniper2;command;junos2::ShowChassisSCB;show chassis sfm detail > juniper2;command;junos2::ShowChassisSCB;show chassis ssb > juniper2;command;junos2::ShowChassisSCB;show chassis feb detail > juniper2;command;junos2::ShowChassisSCB;show chassis feb > juniper2;command;junos2::ShowChassisSCB;show chassis cfeb > juniper2;command;junos2::ShowChassisAlarms;show chassis alarms > juniper2;command;junos2::ShowSystemLicense;show system license > juniper2;command;junos2::ShowSystemBootMessages;show system boot-messages > juniper2;command;junos2::ShowSystemCoreDumps;show system core-dumps > juniper2;command;junos2::ShowVersion;show version detail > juniper2;command;junos2::ShowConfiguration;show configuration > juniper2;command;junos2::ShowConfigurationOmit;show configuration | display omit > > My router.db: > > hostname;juniper2;up > > What am I missing here? I appreciate you trying to help. > > Thanks > >> -----Original Message----- >> From: Baird, Josh >> Sent: Monday, October 05, 2015 11:32 AM >> To: 'heasley' >> Cc: rancid-discuss at shrubbery.net >> Subject: RE: [rancid] Adding JunOS Commands >> >> Thanks, I copied the following block from /etc/rancid/rancid.types.base to >> /etc/rancid/rancid.types.conf: >> >> juniper;script;rancid -t juniper >> juniper;login;jlogin >> juniper;module;junos >> juniper;inloop;junos::inloop >> juniper;command;junos::ShowChassisClocks;show chassis clocks >> juniper;command;junos::ShowChassisEnvironment;show chassis >> environment juniper;command;junos::ShowChassisFirmware;show chassis >> firmware juniper;command;junos::ShowChassisFpcDetail;show chassis fpc >> detail juniper;command;junos::ShowChassisHardware;show chassis >> hardware detail juniper;command;junos::ShowChassisHardware;show >> chassis hardware models >> juniper;command;junos::ShowChassisRoutingEngine;show chassis routing- >> engine juniper;command;junos::ShowChassisSCB;show chassis scb >> juniper;command;junos::ShowChassisSCB;show chassis sfm detail >> juniper;command;junos::ShowChassisSCB;show chassis ssb >> juniper;command;junos::ShowChassisSCB;show chassis feb detail >> juniper;command;junos::ShowChassisSCB;show chassis feb >> juniper;command;junos::ShowChassisSCB;show chassis cfeb >> juniper;command;junos::ShowChassisAlarms;show chassis alarms >> juniper;command;junos::ShowSystemLicense;show system license >> juniper;command;junos::ShowSystemBootMessages;show system boot- >> messages juniper;command;junos::ShowSystemCoreDumps;show system >> core-dumps juniper;command;junos::ShowVersion;show version detail >> juniper;command;junos::ShowConfiguration;show configuration >> >> Then, I added the following line to the bottom of >> /etc/rancid/rancid.types.conf: >> >> juniper;command;junos::ShowConfigurationOmit;show configuration | >> display omit >> >> Does this look correct? The new command is not being ran. >> >> Thanks, >> >> Josh >> >>> -----Original Message----- >>> From: heasley [mailto:heas at shrubbery.net] >>> Sent: Monday, October 05, 2015 11:23 AM >>> To: Baird, Josh >>> Cc: rancid-discuss at shrubbery.net >>> Subject: Re: [rancid] Adding JunOS Commands >>> >>> Mon, Oct 05, 2015 at 03:00:13PM +0000, Baird, Josh: >>>> Hi, >>>> >>>> I use configuration groups in JunOS, so I would like to add 'show >>> configuration | display inheritance no comments' to the list of >>> commands that gets executed against Juniper devices. Can someone >>> point me in the right direction? >>> >>> use rancid 3.2, see rancid.type.conf(5). From jbaird at follett.com Sun Nov 8 19:19:25 2015 From: jbaird at follett.com (Baird, Josh) Date: Sun, 8 Nov 2015 19:19:25 +0000 Subject: [rancid] Adding JunOS Commands In-Reply-To: References: <20151005152245.GA85011@shrubbery.net> , Message-ID: Ok - getting much further now. But, it seems that my new command is failing to run. I tried adding other commands as well: switch.something.com: missed cmd(s): show configuration | display omit I'm able to use jlogin to login to the device and manually execute the command(s) with no problem. Thanks, Josh ________________________________________ From: Heasley [heas at shrubbery.net] Sent: Saturday, November 07, 2015 4:54 PM To: Baird, Josh Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Adding JunOS Commands > Am 07.11.2015 um 11:16 schrieb Baird, Josh : > > Ok - I think I am misunderstanding. > > My rancid.types.conf: > > juniper2;script;rancid -t juniper juniper2;script;rancid -t juniper2 > juniper2;login;jlogin > juniper2;module;junos2 Not junos2, unless youve written your own pm. You can also import junos and your own pm so as not to duplicate functions Otherwise, you havent said what is not working. > juniper2;inloop;junos2::inloop > juniper2;command;junos2::ShowChassisClocks;show chassis clocks > juniper2;command;junos2::ShowChassisEnvironment;show chassis environment > juniper2;command;junos2::ShowChassisFirmware;show chassis firmware > juniper2;command;junos2::ShowChassisFpcDetail;show chassis fpc detail > juniper2;command;junos2::ShowChassisHardware;show chassis hardware detail > juniper2;command;junos2::ShowChassisHardware;show chassis hardware models > juniper2;command;junos2::ShowChassisRoutingEngine;show chassis routing-engine > juniper2;command;junos2::ShowChassisSCB;show chassis scb > juniper2;command;junos2::ShowChassisSCB;show chassis sfm detail > juniper2;command;junos2::ShowChassisSCB;show chassis ssb > juniper2;command;junos2::ShowChassisSCB;show chassis feb detail > juniper2;command;junos2::ShowChassisSCB;show chassis feb > juniper2;command;junos2::ShowChassisSCB;show chassis cfeb > juniper2;command;junos2::ShowChassisAlarms;show chassis alarms > juniper2;command;junos2::ShowSystemLicense;show system license > juniper2;command;junos2::ShowSystemBootMessages;show system boot-messages > juniper2;command;junos2::ShowSystemCoreDumps;show system core-dumps > juniper2;command;junos2::ShowVersion;show version detail > juniper2;command;junos2::ShowConfiguration;show configuration > juniper2;command;junos2::ShowConfigurationOmit;show configuration | display omit > > My router.db: > > hostname;juniper2;up > > What am I missing here? I appreciate you trying to help. > > Thanks > >> -----Original Message----- >> From: Baird, Josh >> Sent: Monday, October 05, 2015 11:32 AM >> To: 'heasley' >> Cc: rancid-discuss at shrubbery.net >> Subject: RE: [rancid] Adding JunOS Commands >> >> Thanks, I copied the following block from /etc/rancid/rancid.types.base to >> /etc/rancid/rancid.types.conf: >> >> juniper;script;rancid -t juniper >> juniper;login;jlogin >> juniper;module;junos >> juniper;inloop;junos::inloop >> juniper;command;junos::ShowChassisClocks;show chassis clocks >> juniper;command;junos::ShowChassisEnvironment;show chassis >> environment juniper;command;junos::ShowChassisFirmware;show chassis >> firmware juniper;command;junos::ShowChassisFpcDetail;show chassis fpc >> detail juniper;command;junos::ShowChassisHardware;show chassis >> hardware detail juniper;command;junos::ShowChassisHardware;show >> chassis hardware models >> juniper;command;junos::ShowChassisRoutingEngine;show chassis routing- >> engine juniper;command;junos::ShowChassisSCB;show chassis scb >> juniper;command;junos::ShowChassisSCB;show chassis sfm detail >> juniper;command;junos::ShowChassisSCB;show chassis ssb >> juniper;command;junos::ShowChassisSCB;show chassis feb detail >> juniper;command;junos::ShowChassisSCB;show chassis feb >> juniper;command;junos::ShowChassisSCB;show chassis cfeb >> juniper;command;junos::ShowChassisAlarms;show chassis alarms >> juniper;command;junos::ShowSystemLicense;show system license >> juniper;command;junos::ShowSystemBootMessages;show system boot- >> messages juniper;command;junos::ShowSystemCoreDumps;show system >> core-dumps juniper;command;junos::ShowVersion;show version detail >> juniper;command;junos::ShowConfiguration;show configuration >> >> Then, I added the following line to the bottom of >> /etc/rancid/rancid.types.conf: >> >> juniper;command;junos::ShowConfigurationOmit;show configuration | >> display omit >> >> Does this look correct? The new command is not being ran. >> >> Thanks, >> >> Josh >> >>> -----Original Message----- >>> From: heasley [mailto:heas at shrubbery.net] >>> Sent: Monday, October 05, 2015 11:23 AM >>> To: Baird, Josh >>> Cc: rancid-discuss at shrubbery.net >>> Subject: Re: [rancid] Adding JunOS Commands >>> >>> Mon, Oct 05, 2015 at 03:00:13PM +0000, Baird, Josh: >>>> Hi, >>>> >>>> I use configuration groups in JunOS, so I would like to add 'show >>> configuration | display inheritance no comments' to the list of >>> commands that gets executed against Juniper devices. Can someone >>> point me in the right direction? >>> >>> use rancid 3.2, see rancid.type.conf(5). From JCHIAREL at cablevision.com Mon Nov 9 14:35:55 2015 From: JCHIAREL at cablevision.com (Joe Chiarelli) Date: Mon, 9 Nov 2015 14:35:55 +0000 Subject: [rancid] Dealing with autocommand Message-ID: <1013D0BC-1216-4109-BE8E-C781BBE0718B@cablevision.com> Hi, I am trying to get rancid to work with my cisco 2621 terminal servers. However after the use logs in ,we use the autocommand to run the menu feature to access the other systems. line vty 0 3 access-class 1 in exec-timeout 30 0 password {hashed} autocommand menu termsrv transport input telnet transport output telnet How can I send the menu command I have configured to exit the menu on login so rancid will run its commands to backup the config? Thanks, Joe -------------------------------------------------------- The information transmitted in this email and any of its attachments is intended only for the person or entity to which it is addressed and may contain information concerning Cablevision and/or its affiliates and subsidiaries that is proprietary, privileged, confidential and/or subject to copyright. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient(s) is prohibited and may be unlawful. If you received this in error, please contact the sender immediately and delete and destroy the communication and all of the attachments you have received and all copies thereof. -------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Nov 9 17:07:34 2015 From: heas at shrubbery.net (Heasley) Date: Mon, 9 Nov 2015 17:07:34 +0000 Subject: [rancid] Adding JunOS Commands In-Reply-To: References: <20151005152245.GA85011@shrubbery.net> Message-ID: <20151109170734.GB85318@shrubbery.net> Sun, Nov 08, 2015 at 07:19:25PM +0000, Baird, Josh: > Ok - getting much further now. But, it seems that my new command is failing to run. I tried adding other commands as well: > > switch.something.com: missed cmd(s): show configuration | display omit > > I'm able to use jlogin to login to the device and manually execute the command(s) with no problem. export NOPIPE=YES rancid -t type -d host will leave a host.raw file to help debug, such as seeing why the cmd is not working. From aaron.claessens at gmail.com Mon Nov 9 14:26:27 2015 From: aaron.claessens at gmail.com (Aaron Claessens) Date: Mon, 09 Nov 2015 14:26:27 +0000 Subject: [rancid] Fortinet Issue Message-ID: I have a new Rancid setup with several Fortinet firewalls. Data is getting pulled, but it's been completely trimmed of all that is useful ... #config-version=FGT1KC-5.02-FW-build642-141118:opmode=0:vdom=1:user=bob#buildno=0642#global_vdom=1config vdomedit rootnextedit ag_Demonextedit cmnappnextedit ag_1nextedit ag_2nextendconfig globalconfig system global set admin-concurrent enable set admin-console-timeout 0 set admin-https-pki-required disable set admin-https-redirect enable--More-- set admin-https-ssl-versions tlsv1-1 tlsv1-2--More-- Any thoughts and what to kick? Thanks Aaron -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Mon Nov 9 21:49:42 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 9 Nov 2015 23:49:42 +0200 Subject: [rancid] Email notification problems. In-Reply-To: References: <563D0277.2020109@gmail.com> Message-ID: <564114F6.2080507@gmail.com> Chris, Something about this rings familiar, but it was a long time ago and on Postfix, not Sendmail. IIRC it was a combination of domain rewrite rules in Postfix's conf, and the local hostname was set wrong in /etc/hosts. Anything relevant in your mail logs? On 09/11/2015 23:37, Chris Davis wrote: > Allan. Thanks for your response. The alias file was indeed properly updated and the newaliases command was run. The mail is being sent to the right place. But what happens is that even though I send the message in aliases.db to username at longdomain.com, the From: field remains rancid-routers at rancid.shortdomain.com. It's hard for me to know if this is a sending MTA issue or a receiving MTA issue. It appears in the headers that the mail is being resent from the right username at longname.com domain, but the delivery address remains rancid-switches at rancid.shortname.com still. I'm not sure of the impact of recompiling the package replacing shortname.com with the longname.com domain name. I wonder if it would cause havoc in the CVS or other systems. I'm guessing that I might be able to do some magic in the sendmail.cf file... Just not sure where. Make all delivery messages of shortname.com be rewritten with longname.com instead. > > I'm wondering if when we remove the shortname domain, it will just deliver anyway since it isn't passing through the shortname's mxhost (which is what is going away). > > Thanks for listening to rambling thoughts... > Chris > > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon > Sent: Friday, November 06, 2015 1:42 PM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Email notification problems. > > On 05/11/2015 16:37, Chris Davis wrote: >> Feel like an idiot for not being able to find this, but I?m looking >> for where a final address is picked up for email notifications. We >> have a very short domain name for our institution and the full one as well. >> Gone are the days when short and sweet were important. We?re ending >> the mail delivery service to that domain. So, I have to swap out the >> short, and put in the longer. I checked everywhere I could think of, >> and found the aliases file in /etc. It seemed to have all the right >> email address aliases so I updated the original email aliases with the >> longer domain named email addresses in the destination section of the >> alias. I updated the aliases.db file without any problems. >> >> >> >> But, as you can guess, the emails keep going to the original short >> domain addresses. At some point, we?re going to pull the plug on the >> delivery. Seems so bloody simple, but yet, I can?t seem to find the >> problem. Any help is appreciated. Thanks. I?m running 2.3.8. > > > Rancid mails the group name as a local recipient, so as you already figured out you need a local MTA with an /etc/aliases. This usually rewrites $rancid_group to $rancid_group at some-domain.com > > If I read you correctly you did run newaliases and it succeeded? > > At this point I'd be checking MAILPREFIX and ADMINMAILPREFIX in racnid.conf, then looking at my MTA logs to see what it's doing with rancid mail. These things are usually MTA problems, not rancid problems. > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From Chris.Davis at principia.edu Mon Nov 9 21:37:24 2015 From: Chris.Davis at principia.edu (Chris Davis) Date: Mon, 9 Nov 2015 21:37:24 +0000 Subject: [rancid] Email notification problems. In-Reply-To: <563D0277.2020109@gmail.com> References: <563D0277.2020109@gmail.com> Message-ID: Allan. Thanks for your response. The alias file was indeed properly updated and the newaliases command was run. The mail is being sent to the right place. But what happens is that even though I send the message in aliases.db to username at longdomain.com, the From: field remains rancid-routers at rancid.shortdomain.com. It's hard for me to know if this is a sending MTA issue or a receiving MTA issue. It appears in the headers that the mail is being resent from the right username at longname.com domain, but the delivery address remains rancid-switches at rancid.shortname.com still. I'm not sure of the impact of recompiling the package replacing shortname.com with the longname.com domain name. I wonder if it would cause havoc in the CVS or other systems. I'm guessing that I might be able to do some magic in the sendmail.cf file... Just not sure where. Make all delivery messages of shortname.com be rewritten with longname.com instead. I'm wondering if when we remove the shortname domain, it will just deliver anyway since it isn't passing through the shortname's mxhost (which is what is going away). Thanks for listening to rambling thoughts... Chris -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon Sent: Friday, November 06, 2015 1:42 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Email notification problems. On 05/11/2015 16:37, Chris Davis wrote: > Feel like an idiot for not being able to find this, but I?m looking > for where a final address is picked up for email notifications. We > have a very short domain name for our institution and the full one as well. > Gone are the days when short and sweet were important. We?re ending > the mail delivery service to that domain. So, I have to swap out the > short, and put in the longer. I checked everywhere I could think of, > and found the aliases file in /etc. It seemed to have all the right > email address aliases so I updated the original email aliases with the > longer domain named email addresses in the destination section of the > alias. I updated the aliases.db file without any problems. > > > > But, as you can guess, the emails keep going to the original short > domain addresses. At some point, we?re going to pull the plug on the > delivery. Seems so bloody simple, but yet, I can?t seem to find the > problem. Any help is appreciated. Thanks. I?m running 2.3.8. Rancid mails the group name as a local recipient, so as you already figured out you need a local MTA with an /etc/aliases. This usually rewrites $rancid_group to $rancid_group at some-domain.com If I read you correctly you did run newaliases and it succeeded? At this point I'd be checking MAILPREFIX and ADMINMAILPREFIX in racnid.conf, then looking at my MTA logs to see what it's doing with rancid mail. These things are usually MTA problems, not rancid problems. -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From jethro.binks at strath.ac.uk Mon Nov 9 22:01:49 2015 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon, 9 Nov 2015 22:01:49 +0000 (GMT) Subject: [rancid] Email notification problems. In-Reply-To: <564114F6.2080507@gmail.com> References: <563D0277.2020109@gmail.com> <564114F6.2080507@gmail.com> Message-ID: I'll take a punt at this, as it also tickles vague memories. So the email is going to the right place (via longdomain), but you are concerned about the From: address being qualified as shortdomain? That's probably a consequence of the canonicalisation rules in Sendmail. I can remember naff all about it these days, but my guess is rancid is sending as a bare rancid-switches and Sendmail is qualifying this bare address with the system hostname, which it thinks is rancid.shortdomain.com. Does your system know its fully qualified hostname? Is it the short form or the long form? From what I remember on Solaris you had to poke around with /etc/hostname.* files, and so on. You'll need to dig around in Sendmail references to rediscover exactly how Sendmail determines it. You also might like to look at the MAILDOMAIN option in rancid.conf, where I think you can persuade rancid to explicitly qualify the sender address with a named domain: # If your MTA configuration is broken or you want mail to be forwarded to a # domain not the same the local one, define that domain here. "@" must be # included, as this is simply appended to the usual recipients. It is NOT # appended to recipients specified in rancid-run's -m option. #MAILDOMAIN="example.com"; export MAILDOMAIN MAILDOMAIN="@strath.ac.uk"; export MAILDOMAIN Hope that helps, Jethro. On Mon, 9 Nov 2015, Alan McKinnon wrote: > Chris, > > Something about this rings familiar, but it was a long time ago and on > Postfix, not Sendmail. > > IIRC it was a combination of domain rewrite rules in Postfix's conf, and > the local hostname was set wrong in /etc/hosts. > > Anything relevant in your mail logs? > > > > > On 09/11/2015 23:37, Chris Davis wrote: > > > Allan. Thanks for your response. The alias file was indeed properly > > updated and the newaliases command was run. The mail is being sent to > > the right place. But what happens is that even though I send the > > message in aliases.db to username at longdomain.com, the From: field > > remains rancid-routers at rancid.shortdomain.com. It's hard for me to > > know if this is a sending MTA issue or a receiving MTA issue. It > > appears in the headers that the mail is being resent from the right > > username at longname.com domain, but the delivery address remains > > rancid-switches at rancid.shortname.com still. I'm not sure of the > > impact of recompiling the package replacing shortname.com with the > > longname.com domain name. I wonder if it would cause havoc in the CVS > > or other systems. I'm guessing that I might be able to do some magic > > in the sendmail.cf file... Just not sure where. Make all delivery > > messages of shortname.com be rewritten with longname.com instead. > > > > I'm wondering if when we remove the shortname domain, it will just > > deliver anyway since it isn't passing through the shortname's mxhost > > (which is what is going away). > > > > Thanks for listening to rambling thoughts... Chris > > > > -----Original Message----- > > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon > > Sent: Friday, November 06, 2015 1:42 PM > > To: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Email notification problems. > > > > On 05/11/2015 16:37, Chris Davis wrote: > >> Feel like an idiot for not being able to find this, but I?m looking > >> for where a final address is picked up for email notifications. We > >> have a very short domain name for our institution and the full one as well. > >> Gone are the days when short and sweet were important. We?re ending > >> the mail delivery service to that domain. So, I have to swap out the > >> short, and put in the longer. I checked everywhere I could think of, > >> and found the aliases file in /etc. It seemed to have all the right > >> email address aliases so I updated the original email aliases with the > >> longer domain named email addresses in the destination section of the > >> alias. I updated the aliases.db file without any problems. > >> > >> > >> > >> But, as you can guess, the emails keep going to the original short > >> domain addresses. At some point, we?re going to pull the plug on the > >> delivery. Seems so bloody simple, but yet, I can?t seem to find the > >> problem. Any help is appreciated. Thanks. I?m running 2.3.8. > > > > > > Rancid mails the group name as a local recipient, so as you already figured out you need a local MTA with an /etc/aliases. This usually rewrites $rancid_group to $rancid_group at some-domain.com > > > > If I read you correctly you did run newaliases and it succeeded? > > > > At this point I'd be checking MAILPREFIX and ADMINMAILPREFIX in racnid.conf, then looking at my MTA logs to see what it's doing with rancid mail. These things are usually MTA problems, not rancid problems. > > > > > > -- > > Alan McKinnon > > alan.mckinnon at gmail.com > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From marek at puszczalo.pl Tue Nov 10 12:49:31 2015 From: marek at puszczalo.pl (=?UTF-8?Q?Marek_Puszcza=c5=82o?=) Date: Tue, 10 Nov 2015 13:49:31 +0100 Subject: [rancid] Fortinet Issue In-Reply-To: References: Message-ID: <5641E7DB.2080401@puszczalo.pl> Hi. I workarounded this issue by editing fnrancid file (rancid 3.1) - added grep "". [rancid at server bin]$ cat fnrancid | grep "show" {'show full-configuration | grep ""' => 'GetConf'}, {'show | grep ""' => 'GetConf'} [rancid at server bin]$ Hope it helps. Marek Puszcza?o. W dniu 2015-11-09 o 15:26, Aaron Claessens pisze: > I have a new Rancid setup with several Fortinet firewalls. Data is > getting pulled, but it's been completely trimmed of all that is useful > ... > > |#config-version=FGT1KC-5.02-FW-build642-141118:opmode=0:vdom=1:user=bob ||#buildno=0642 ||#global_vdom=1 ||config vdom ||edit root ||next ||edit ag_Demo ||next ||edit cmnapp ||next ||edit ag_1 ||next ||edit ag_2 ||next ||end ||config global ||config system global ||set admin-concurrent enable ||set admin-console-timeout 0 ||set admin-https-pki-required disable ||set admin-https-redirect enable ||--More-- set admin-https-ssl-versions tlsv1-1 tlsv1-2 ||--More-- | > > > Any thoughts and what to kick? > > Thanks > > Aaron > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From pradeepanan at gmail.com Tue Nov 10 19:40:59 2015 From: pradeepanan at gmail.com (pradeep s) Date: Tue, 10 Nov 2015 15:40:59 -0400 Subject: [rancid] =?utf-8?b?4oCcRXJyb3IgOiBUSU1FT1VUIFJlYWNoZWTigJ0gUmFu?= =?utf-8?q?cid?= Message-ID: Hi, I know this error have been in archive list but I don?t see any response for that. Am also getting the same error. When I do ?clogin ip? , I can see its gets logged into the remote system but after a while it gets exit stating ?Error : TIMEOUT Reached? I have set timeout value to be 90 but no luck. My .cloginrc config is , add method ssh add password N0ps2012 add user vyatta add autoenable 1 I have tried changing autoenable to noenable but still same. Could anyone guide me from here it would be great. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Tue Nov 10 21:10:00 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 10 Nov 2015 23:10:00 +0200 Subject: [rancid] =?utf-8?b?4oCcRXJyb3IgOiBUSU1FT1VUIFJlYWNoZWTigJ0gUmFu?= =?utf-8?q?cid?= In-Reply-To: References: Message-ID: <56425D28.3000504@gmail.com> On 10/11/2015 21:40, pradeep s wrote: > Hi, > > I know this error have been in archive list but I don?t see any response > for that. Am also getting the same error. When I do ?clogin ip? , I can > see its gets logged into the remote system but after a while it gets > exit stating ?Error : TIMEOUT Reached? > > > > I have set timeout value to be 90 but no luck. My .cloginrc config is , > > > > add method ssh > > add password N0ps2012 > > add user vyatta > > add autoenable 1 > > > > I have tried changing autoenable to noenable but still same. Could > anyone guide me from here it would be great. There's no standard answer for that situation, all you can tell at this point is that something went wrong, and the list of possibilities is the full list of how an ssh login can fail. Can you login with just ssh as normal using those credentials? Is the sequence normal? ssh host key errors perhaps? Are your prompts OK and the expected form (> for user, # for enabled), and are there no > and # characters in the banner? Use clogin and watch closely what is happening on the screen - something is waiting for something to happen and the clue to what that is might be on the screen. Failing that, run clogin with -d and inspect the output closely. Warning: that option can be very verbose. There's not much more anyone can assist you with given the info provided, there are just too many ways for a login to fail, and they all give similar error messages -- Alan McKinnon alan.mckinnon at gmail.com From Chris.Davis at principia.edu Tue Nov 10 21:54:00 2015 From: Chris.Davis at principia.edu (Chris Davis) Date: Tue, 10 Nov 2015 21:54:00 +0000 Subject: [rancid] Email notification problems. In-Reply-To: <564114F6.2080507@gmail.com> References: <563D0277.2020109@gmail.com> <564114F6.2080507@gmail.com> Message-ID: What it comes down to is that the mxhost (outside) for that domain is going away. This message is being generated inside. I could spend a lot of time rewriting the header or renaming the domain within rancid from the short one to the long one, but I think I will just let it deliver. It uses our internal relay which we won't deny for the short domain. I had the rule that was barking about the short domain's demise excluded from the rancid server, and it's all good again. Maybe I should suggest to the email admin that he should apply that rule only to email that enters from outside, since inside email to the short domain will still deliver. Thanks again. I did try to use the rancid.conf's MAILDOMAIN setting, but it didn't work for me. Not sure why. Chris -----Original Message----- From: Alan McKinnon [mailto:alan.mckinnon at gmail.com] Sent: Monday, November 09, 2015 3:50 PM To: Chris Davis ; rancid-discuss at shrubbery.net Subject: Re: [rancid] Email notification problems. Chris, Something about this rings familiar, but it was a long time ago and on Postfix, not Sendmail. IIRC it was a combination of domain rewrite rules in Postfix's conf, and the local hostname was set wrong in /etc/hosts. Anything relevant in your mail logs? On 09/11/2015 23:37, Chris Davis wrote: > Allan. Thanks for your response. The alias file was indeed properly updated and the newaliases command was run. The mail is being sent to the right place. But what happens is that even though I send the message in aliases.db to username at longdomain.com, the From: field remains rancid-routers at rancid.shortdomain.com. It's hard for me to know if this is a sending MTA issue or a receiving MTA issue. It appears in the headers that the mail is being resent from the right username at longname.com domain, but the delivery address remains rancid-switches at rancid.shortname.com still. I'm not sure of the impact of recompiling the package replacing shortname.com with the longname.com domain name. I wonder if it would cause havoc in the CVS or other systems. I'm guessing that I might be able to do some magic in the sendmail.cf file... Just not sure where. Make all delivery messages of shortname.com be rewritten with longname.com instead. > > I'm wondering if when we remove the shortname domain, it will just deliver anyway since it isn't passing through the shortname's mxhost (which is what is going away). > > Thanks for listening to rambling thoughts... > Chris > > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On > Behalf Of Alan McKinnon > Sent: Friday, November 06, 2015 1:42 PM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Email notification problems. > > On 05/11/2015 16:37, Chris Davis wrote: >> Feel like an idiot for not being able to find this, but I?m looking >> for where a final address is picked up for email notifications. We >> have a very short domain name for our institution and the full one as well. >> Gone are the days when short and sweet were important. We?re ending >> the mail delivery service to that domain. So, I have to swap out the >> short, and put in the longer. I checked everywhere I could think of, >> and found the aliases file in /etc. It seemed to have all the right >> email address aliases so I updated the original email aliases with >> the longer domain named email addresses in the destination section of >> the alias. I updated the aliases.db file without any problems. >> >> >> >> But, as you can guess, the emails keep going to the original short >> domain addresses. At some point, we?re going to pull the plug on the >> delivery. Seems so bloody simple, but yet, I can?t seem to find the >> problem. Any help is appreciated. Thanks. I?m running 2.3.8. > > > Rancid mails the group name as a local recipient, so as you already > figured out you need a local MTA with an /etc/aliases. This usually > rewrites $rancid_group to $rancid_group at some-domain.com > > If I read you correctly you did run newaliases and it succeeded? > > At this point I'd be checking MAILPREFIX and ADMINMAILPREFIX in racnid.conf, then looking at my MTA logs to see what it's doing with rancid mail. These things are usually MTA problems, not rancid problems. > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Thu Nov 12 19:38:28 2015 From: heas at shrubbery.net (heasley) Date: Thu, 12 Nov 2015 19:38:28 +0000 Subject: [rancid] [FWD: RE: Issue with exit in clogin from rancid 3.2] Message-ID: <20151112193828.GF53617@shrubbery.net> Sharing the note below as ISTR someone else having the same or similar problem, where the login, clogin in this case, receives an abrupt disconnection from the device, at exit in this case, -and- does not match EOF. ----- Forwarded message Thanks again for all the time and effort and solution you gave me! The problem was indeed the version of expect. I used the hacked expect downloaded from your FTP and it seems to cause the problem. I took your hint about 5.45 version and tried to upgrade. I found only expect-5.44.1.15-5.el6_4.x86_64 in our Red Hat package repository but I tried it and BANG! it works like a charm! ----- End forwarded message ----- From Viktor.Jakobsson at evry.com Mon Nov 16 10:36:41 2015 From: Viktor.Jakobsson at evry.com (Viktor Jakobsson) Date: Mon, 16 Nov 2015 10:36:41 +0000 Subject: [rancid] RANCID 3.2 + cmwlogin (Comware) Message-ID: Hello. I've got a task to setup RANCID in an environment, which is built upon Comware-devices (HP Networking). The switches are A5500-48G-4SFP HI running Comware version 5.20.99. This is the following setup: * Centos 7 * RANCID 3.2 * Comware version 5.20.99 * Cmwlogin The problem that occur is that after RANCID successfully logs in to the switch, it perform three steps: * Run "undo smart", which fails (no such command) * Run "undo interactive", which fails (no such command) * Run "undo terminal monitor", which success. After this, if I've understood the code of cmwlogin, it should start processing the parameters that I've defined in rancid.types.conf. However, it doesn't. I can't really seem to find where in the code it breaks. The outcome of this is that rancid stop processing, and doesn't go through. RANCID doesn't provide me with any logs, so I can't share any. More information about "cmwlogin" can be found here: https://sites.google.com/site/jrbinks/code/rancid/cmwrancid Best regards, Viktor Jakobsson -------------- next part -------------- An HTML attachment was scrubbed... URL: From Viktor.Jakobsson at evry.com Mon Nov 16 08:07:13 2015 From: Viktor.Jakobsson at evry.com (Viktor Jakobsson) Date: Mon, 16 Nov 2015 08:07:13 +0000 Subject: [rancid] RANCID 3.2 + cmwlogin (Comware) Message-ID: Hello. I've got a task to setup RANCID in an environment, which is built upon Comware-devices (HP Networking). The switches are A5500-48G-4SFP HI running Comware version 5.20.99. This is the following setup: * Centos 7 * RANCID 3.2 * Comware version 5.20.99 * Cmwlogin The problem that occur is that after RANCID successfully logs in to the switch, it perform three steps: * Run "undo smart", which fails (no such command) * Run "undo interactive", which fails (no such command) * Run "undo terminal monitor", which success. After this, if I've understood the code of cmwlogin, it should start processing the parameters that I've defined in rancid.types.conf. However, it doesn't. I can't really seem to find where in the code it breaks. The outcome of this is that rancid stop processing, and doesn't go through. RANCID doesn't provide me with any logs, so I can't share any. More information about "cmwlogin" can be found here: https://sites.google.com/site/jrbinks/code/rancid/cmwrancid Best regards, Viktor Jakobsson -------------- next part -------------- An HTML attachment was scrubbed... URL: From christian.filips at tu-dortmund.de Tue Nov 17 09:26:04 2015 From: christian.filips at tu-dortmund.de (christian.filips at tu-dortmund.de) Date: Tue, 17 Nov 2015 09:26:04 +0000 Subject: [rancid] RANCID/clogin context-change FWSM/ASA Message-ID: <8E41B8359CA09C41B6E04B2DE30634480119A8C941@ex2010mbx1.tu-dortmund.de> Hello all! I have the problem to change the context after login into a Cisco FWSM. This is my clogin-command: ============= rancid at host:$ /usr/lib/rancid/bin/clogin -c 'terminal pager 0; changeto context system;sh running-config;exit' asa-address asa-address spawn ssh -c 3des -x -l cisco_login asa-address login at asa-address's password: Type help or '?' for a list of available commands. asa-address/admin> enable Password: asa-address/admin# asa-address/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. asa-address/admin# terminal width 132 ^ ERROR: % Invalid input detected at '^' marker. asa-address/admin# terminal pager 0 asa-address/admin# changeto context system Error: TIMEOUT reached rancid at host:$ ============= The timeout appears at nearly 45 seconds. - I tried to find out something with the -d option, but it looks ok. I could mail, if useful, the output also. - I ran this on a ASA 5585, and it works fine there! Also for our Switches (without context-change ;-)). What could be the problem here? Thanks for help or new ideas! BR Christian Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie ist ausschlie?lich f?r den Adressaten bestimmt. Sollten Sie nicht der f?r diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Vielen Dank. Unbeschadet der Korrespondenz per E-Mail, sind unsere Erkl?rungen ausschlie?lich final rechtsverbindlich, wenn sie in herk?mmlicher Schriftform (mit eigenh?ndiger Unterschrift) oder durch ?bermittlung eines solchen Schriftst?cks per Telefax erfolgen. Important note: The information included in this e-mail is confidential. It is solely intended for the recipient. If you are not the intended recipient of this e-mail please contact the sender and delete this message. Thank you. Without prejudice of e-mail correspondence, our statements are only legally binding when they are made in the conventional written form (with personal signature) or when such documents are sent by fax. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lee.e.rian at census.gov Tue Nov 17 15:51:38 2015 From: lee.e.rian at census.gov (Lee Rian (CENSUS/TCO FED)) Date: Tue, 17 Nov 2015 15:51:38 +0000 Subject: [rancid] RANCID/clogin context-change FWSM/ASA In-Reply-To: <8E41B8359CA09C41B6E04B2DE30634480119A8C941@ex2010mbx1.tu-dortmund.de> References: <8E41B8359CA09C41B6E04B2DE30634480119A8C941@ex2010mbx1.tu-dortmund.de> Message-ID: > What could be the problem here? RANCID looks for the prompt. If it doesn't see it you get a timeout I'm going to guess the problem is the prompt is different in the system context. I just tried it & got: asaname/admin> ena Password: **************** asaname/admin# changeto context system asaname# & no, sorry, I don't know how to deal with the prompt changing on you like that. Regards, Lee ________________________________ From: Rancid-discuss on behalf of christian.filips at tu-dortmund.de Sent: Tuesday, November 17, 2015 4:26 AM To: rancid-discuss at shrubbery.net Subject: [rancid] RANCID/clogin context-change FWSM/ASA Hello all! I have the problem to change the context after login into a Cisco FWSM. This is my clogin-command: ============= rancid at host:$ /usr/lib/rancid/bin/clogin -c 'terminal pager 0; changeto context system;sh running-config;exit' asa-address asa-address spawn ssh -c 3des -x -l cisco_login asa-address login at asa-address's password: Type help or '?' for a list of available commands. asa-address/admin> enable Password: asa-address/admin# asa-address/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. asa-address/admin# terminal width 132 ^ ERROR: % Invalid input detected at '^' marker. asa-address/admin# terminal pager 0 asa-address/admin# changeto context system Error: TIMEOUT reached rancid at host:$ ============= The timeout appears at nearly 45 seconds. - I tried to find out something with the -d option, but it looks ok. I could mail, if useful, the output also. - I ran this on a ASA 5585, and it works fine there! Also for our Switches (without context-change ;-)). What could be the problem here? Thanks for help or new ideas! BR Christian Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie ist ausschlie?lich f?r den Adressaten bestimmt. Sollten Sie nicht der f?r diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Vielen Dank. Unbeschadet der Korrespondenz per E-Mail, sind unsere Erkl?rungen ausschlie?lich final rechtsverbindlich, wenn sie in herk?mmlicher Schriftform (mit eigenh?ndiger Unterschrift) oder durch ?bermittlung eines solchen Schriftst?cks per Telefax erfolgen. Important note: The information included in this e-mail is confidential. It is solely intended for the recipient. If you are not the intended recipient of this e-mail please contact the sender and delete this message. Thank you. Without prejudice of e-mail correspondence, our statements are only legally binding when they are made in the conventional written form (with personal signature) or when such documents are sent by fax. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Tue Nov 17 20:58:27 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 17 Nov 2015 22:58:27 +0200 Subject: [rancid] RANCID/clogin context-change FWSM/ASA In-Reply-To: References: <8E41B8359CA09C41B6E04B2DE30634480119A8C941@ex2010mbx1.tu-dortmund.de> Message-ID: <564B94F3.8030602@gmail.com> The code that does it usually looks something like this in main() (it can be different for each *rancid parser script): if (!defined($prompt)) { $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } This should do the right thing: $prompt = ($_ =~ /^([^#>]+[#>])\s*$/)[0]; That will skip the first two prompts in your output below and pick the 3rd, and correct, one. To work, the FSWM prompt must behave predictably like this. On 17/11/2015 17:51, Lee Rian (CENSUS/TCO FED) wrote: >> What could be the problem here? > > > RANCID looks for the prompt. If it doesn't see it you get a timeout > > > I'm going to guess the problem is the prompt is different in the system > context. I just tried it & got: > > > asaname/admin> ena > Password: **************** > asaname/admin# changeto context system > asaname# > > > & no, sorry, I don't know how to deal with the prompt changing on you > like that. > > > Regards, > > Lee > > > > > ------------------------------------------------------------------------ > *From:* Rancid-discuss on behalf > of christian.filips at tu-dortmund.de > *Sent:* Tuesday, November 17, 2015 4:26 AM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] RANCID/clogin context-change FWSM/ASA > > > Hello all! > > > > I have the problem to change the context after login into a Cisco FWSM. > > This is my clogin-command: > > > > ============= > > rancid at host:$ /usr/lib/rancid/bin/clogin -c 'terminal pager 0; changeto > context system;sh running-config;exit' asa-address > > asa-address > > spawn ssh -c 3des -x -l cisco_login asa-address > > login at asa-address's password: > > Type help or '?' for a list of available commands. > > asa-address/admin> enable > > Password: > > asa-address/admin# > > asa-address/admin# terminal length 0 > > ^ > > ERROR: % Invalid input detected at '^' marker. > > asa-address/admin# terminal width 132 > > ^ > > ERROR: % Invalid input detected at '^' marker. > > asa-address/admin# terminal pager 0 > > asa-address/admin# changeto context system > > > > Error: TIMEOUT reached > > rancid at host:$ > > ============= > > > > The timeout appears at nearly 45 seconds. > > - > > I tried to find out something with the -d option, but it looks ok. > > I could mail, if useful, the output also. > > - > > I ran this on a ASA 5585, and it works fine there! > > Also for our Switches (without context-change ;-)). > > What could be the problem here? > > > > Thanks for help or new ideas! > > BR > > Christian > > /Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. > Sie ist ausschlie?lich f?r den Adressaten bestimmt. Sollten Sie nicht > der f?r diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den > Absender und vernichten Sie diese Mail. Vielen Dank. > Unbeschadet der Korrespondenz per E-Mail, sind unsere Erkl?rungen > ausschlie?lich final rechtsverbindlich, wenn sie in herk?mmlicher > Schriftform (mit eigenh?ndiger Unterschrift) oder durch ?bermittlung > eines solchen Schriftst?cks per Telefax erfolgen. > > Important note: The information included in this e-mail is confidential. > It is solely intended for the recipient. If you are not the intended > recipient of this e-mail please contact the sender and delete this > message. Thank you. Without prejudice of e-mail correspondence, our > statements are only legally binding when they are made in the > conventional written form (with personal signature) or when such > documents are sent by fax. / > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From howie at thingy.com Tue Nov 17 21:16:49 2015 From: howie at thingy.com (Howard Jones) Date: Tue, 17 Nov 2015 21:16:49 +0000 Subject: [rancid] RANCID/clogin context-change FWSM/ASA In-Reply-To: <564B94F3.8030602@gmail.com> References: <8E41B8359CA09C41B6E04B2DE30634480119A8C941@ex2010mbx1.tu-dortmund.de> <564B94F3.8030602@gmail.com> Message-ID: <564B9941.9080001@thingy.com> I did look at this a while ago and there was also a change required in clogin so that the expect script also looked for a wider variety prompt. On 17/11/15 20:58, Alan McKinnon wrote: > The code that does it usually looks something like this in main() (it > can be different for each *rancid parser script): > > if (!defined($prompt)) { > $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; > $prompt =~ s/([][}{)(\\])/\\$1/g; > print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); > } > > This should do the right thing: > > $prompt = ($_ =~ /^([^#>]+[#>])\s*$/)[0]; > > That will skip the first two prompts in your output below and pick the > 3rd, and correct, one. To work, the FSWM prompt must behave predictably > like this. > > > On 17/11/2015 17:51, Lee Rian (CENSUS/TCO FED) wrote: >>> What could be the problem here? >> >> RANCID looks for the prompt. If it doesn't see it you get a timeout >> >> >> I'm going to guess the problem is the prompt is different in the system >> context. I just tried it & got: >> >> >> asaname/admin> ena >> Password: **************** >> asaname/admin# changeto context system >> asaname# >> >> >> & no, sorry, I don't know how to deal with the prompt changing on you >> like that. >> >> >> Regards, >> >> Lee >> >> >> >> >> ------------------------------------------------------------------------ >> *From:* Rancid-discuss on behalf >> of christian.filips at tu-dortmund.de >> *Sent:* Tuesday, November 17, 2015 4:26 AM >> *To:* rancid-discuss at shrubbery.net >> *Subject:* [rancid] RANCID/clogin context-change FWSM/ASA >> >> >> Hello all! >> >> >> >> I have the problem to change the context after login into a Cisco FWSM. >> >> This is my clogin-command: >> >> >> >> ============= >> >> rancid at host:$ /usr/lib/rancid/bin/clogin -c 'terminal pager 0; changeto >> context system;sh running-config;exit' asa-address >> >> asa-address >> >> spawn ssh -c 3des -x -l cisco_login asa-address >> >> login at asa-address's password: >> >> Type help or '?' for a list of available commands. >> >> asa-address/admin> enable >> >> Password: >> >> asa-address/admin# >> >> asa-address/admin# terminal length 0 >> >> ^ >> >> ERROR: % Invalid input detected at '^' marker. >> >> asa-address/admin# terminal width 132 >> >> ^ >> >> ERROR: % Invalid input detected at '^' marker. >> >> asa-address/admin# terminal pager 0 >> >> asa-address/admin# changeto context system >> >> >> >> Error: TIMEOUT reached >> >> rancid at host:$ >> >> ============= >> >> >> >> The timeout appears at nearly 45 seconds. >> >> - >> >> I tried to find out something with the -d option, but it looks ok. >> >> I could mail, if useful, the output also. >> >> - >> >> I ran this on a ASA 5585, and it works fine there! >> >> Also for our Switches (without context-change ;-)). >> >> What could be the problem here? >> >> >> >> Thanks for help or new ideas! >> >> BR >> >> Christian >> >> /Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. >> Sie ist ausschlie?lich f?r den Adressaten bestimmt. Sollten Sie nicht >> der f?r diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den >> Absender und vernichten Sie diese Mail. Vielen Dank. >> Unbeschadet der Korrespondenz per E-Mail, sind unsere Erkl?rungen >> ausschlie?lich final rechtsverbindlich, wenn sie in herk?mmlicher >> Schriftform (mit eigenh?ndiger Unterschrift) oder durch ?bermittlung >> eines solchen Schriftst?cks per Telefax erfolgen. >> >> Important note: The information included in this e-mail is confidential. >> It is solely intended for the recipient. If you are not the intended >> recipient of this e-mail please contact the sender and delete this >> message. Thank you. Without prejudice of e-mail correspondence, our >> statements are only legally binding when they are made in the >> conventional written form (with personal signature) or when such >> documents are sent by fax. / >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > From A.Stirk at macintoshfashion.co.uk Tue Nov 17 10:23:21 2015 From: A.Stirk at macintoshfashion.co.uk (Adam Stirk) Date: Tue, 17 Nov 2015 10:23:21 +0000 Subject: [rancid] prompt detection clogin Message-ID: <4D54FFBBA40E2147A59915AB0928D64DFF8D03A3@UK0001N070.BRANTANO.NET> Hi, I have a device that since a firmware upgrade the prompt has changed from :- hostname> hostname# To :- hostname*> hostname*# The device is in a cluster and the asterisk is to indicated that it is the master, the non-master member is still working using clogin. Can anyone guide me in the changes needed to clogin, so that this will detect the prompt correctly? I've had a look and I believe the issue to be with the asterisk as the prompt is used as a regular expression but the asterisk is not escaped. My knowledge of tcl/expect scripts is every limited and I don't know where to start to fix it. I'm not worried about breaking clogin for other devices as I would implement this in its own login script as it already has its own custom rancid script. Any pointers would be greatly received. Thanks Adam [http://brantano.s3.amazonaws.com/CorporateLogos/Bran-182x59.jpg] [http://brantano.s3.amazonaws.com/CorporateLogos/Jones-169x59.jpg] www.brantano.co.uk www.jonesbootmaker.com Interlink Way West, Interlink Business Park, Bardon, Coalville, Leicestershire, LE67 1LD Brantano (UK) Limited | Registered Office: Interlink Way West, Interlink Business Park, Bardon, Coalville, Leicestershire, LE67 1LD | Registered in England No. 3472784 A Jones & Sons Limited | Registered Office: Interlink Way West, Interlink Business Park, Bardon, Coalville, Leicestershire, LE67 1LD | Registered in England No. 288766 Gordon Scott Limited | Registered Office: Interlink Way West, Interlink Business Park, Bardon, Coalville, Leicestershire, LE67 1LD | Registered in England No. 788228 Beghins Shoes Limited | Registered Office: 51-53 King Street, St Helier, Jersey, JE2 4WE | Registered in Jersey No. 039 V0rrdxEPJHoqJPnV2YlZlXJguHyy4Fe87aZZMtXR -------------- next part -------------- An HTML attachment was scrubbed... URL: From jackoregan at gmail.com Tue Nov 17 17:38:43 2015 From: jackoregan at gmail.com (Jack O Regan) Date: Tue, 17 Nov 2015 17:38:43 +0000 Subject: [rancid] RANCID/clogin context-change FWSM/ASA In-Reply-To: References: <8E41B8359CA09C41B6E04B2DE30634480119A8C941@ex2010mbx1.tu-dortmund.de> Message-ID: Hi Lee, I'm trying to get rancid to backup some virtual contexts too. Below is an example of how my prompt changes on my ASA5525. *FWL/admin/act# changeto context int-crp* *FWL/int-crp/act# changeto context system* *FWL/act#* It always ends in a '#'. Is this the same for you ? I think this bit of code (from /usr/local/rancid/bin/clogin) detects the prompt * # Figure out the prompt.* * if { [regexp -- "(#| \\(enable\\))" $prompt_match junk] == 1 } {* * set enable 0* I think its looking for # or (enable) but I don't understand how it ignores what ever text comes before that. So it *should* work. Maybe it doesn't like the /'s being part of what comes before the #. I'm not sure how to investigate that. For example if the prompt changed to > we should insert it there. * # Figure out the prompt.* * if { [regexp -- "(>|#| \\(enable\\))" $prompt_match junk] == 1 } {* * set enable 0* Sorry I can't be of anymore help. Regards, Jack On Tue, Nov 17, 2015 at 3:51 PM, Lee Rian (CENSUS/TCO FED) < lee.e.rian at census.gov> wrote: > > What could be the problem here? > > > RANCID looks for the prompt. If it doesn't see it you get a timeout > > > I'm going to guess the problem is the prompt is different in the system > context. I just tried it & got: > > > asaname/admin> ena > Password: **************** > asaname/admin# changeto context system > asaname# > > > & no, sorry, I don't know how to deal with the prompt changing on you like > that. > > > Regards, > > Lee > > > > > ------------------------------ > *From:* Rancid-discuss on behalf > of christian.filips at tu-dortmund.de > *Sent:* Tuesday, November 17, 2015 4:26 AM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] RANCID/clogin context-change FWSM/ASA > > > Hello all! > > > > I have the problem to change the context after login into a Cisco FWSM. > > This is my clogin-command: > > > > ============= > > rancid at host:$ /usr/lib/rancid/bin/clogin -c 'terminal pager 0; changeto > context system;sh running-config;exit' asa-address > > asa-address > > spawn ssh -c 3des -x -l cisco_login asa-address > > login at asa-address's password: > > Type help or '?' for a list of available commands. > > asa-address/admin> enable > > Password: > > asa-address/admin# > > asa-address/admin# terminal length 0 > > ^ > > ERROR: % Invalid input detected at '^' marker. > > asa-address/admin# terminal width 132 > > ^ > > ERROR: % Invalid input detected at '^' marker. > > asa-address/admin# terminal pager 0 > > asa-address/admin# changeto context system > > > > Error: TIMEOUT reached > > rancid at host:$ > > ============= > > > > The timeout appears at nearly 45 seconds. > > - > > I tried to find out something with the -d option, but it looks ok. > > I could mail, if useful, the output also. > > - > > I ran this on a ASA 5585, and it works fine there! > > Also for our Switches (without context-change ;-)). > > What could be the problem here? > > > > Thanks for help or new ideas! > > BR > > Christian > > > > *Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie > ist ausschlie?lich f?r den Adressaten bestimmt. Sollten Sie nicht der f?r > diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender > und vernichten Sie diese Mail. Vielen Dank. Unbeschadet der Korrespondenz > per E-Mail, sind unsere Erkl?rungen ausschlie?lich final rechtsverbindlich, > wenn sie in herk?mmlicher Schriftform (mit eigenh?ndiger Unterschrift) oder > durch ?bermittlung eines solchen Schriftst?cks per Telefax erfolgen. > Important note: The information included in this e-mail is confidential. It > is solely intended for the recipient. If you are not the intended recipient > of this e-mail please contact the sender and delete this message. Thank > you. Without prejudice of e-mail correspondence, our statements are only > legally binding when they are made in the conventional written form (with > personal signature) or when such documents are sent by fax. * > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From christian.filips at tu-dortmund.de Wed Nov 18 06:51:55 2015 From: christian.filips at tu-dortmund.de (christian.filips at tu-dortmund.de) Date: Wed, 18 Nov 2015 06:51:55 +0000 Subject: [rancid] RANCID/clogin context-change FWSM/ASA In-Reply-To: <564B9941.9080001@thingy.com> References: <8E41B8359CA09C41B6E04B2DE30634480119A8C941@ex2010mbx1.tu-dortmund.de> <564B94F3.8030602@gmail.com> <564B9941.9080001@thingy.com> Message-ID: <8E41B8359CA09C41B6E04B2DE30634480119A8DF7F@ex2010mbx1.tu-dortmund.de> I found a working solution: /usr/lib/rancid/bin/clogin -c 'terminal pager 0;changeto context admin\rchangeto context system;sh running-config\rexit' The prompt seems not to be the problem, the problem appears at the "changeto"! I saw, that it worked with the actual logged-in-user: "admin# changeto context admin" No timeout! So i tried it with the actual one and DIRECTLY with a "return" (\r) behind it an change tu the system context - this works, without ";"! The same problem later in the commands, so i type also a \r at before the "exit". Fine! Now i can work with the script. Thanks and greetings. :-) -----Urspr?ngliche Nachricht----- Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Howard Jones Gesendet: Dienstag, 17. November 2015 22:17 An: rancid-discuss at shrubbery.net Betreff: Re: [rancid] RANCID/clogin context-change FWSM/ASA I did look at this a while ago and there was also a change required in clogin so that the expect script also looked for a wider variety prompt. On 17/11/15 20:58, Alan McKinnon wrote: > The code that does it usually looks something like this in main() (it > can be different for each *rancid parser script): > > if (!defined($prompt)) { > $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; > $prompt =~ s/([][}{)(\\])/\\$1/g; > print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); > } > > This should do the right thing: > > $prompt = ($_ =~ /^([^#>]+[#>])\s*$/)[0]; > > That will skip the first two prompts in your output below and pick the > 3rd, and correct, one. To work, the FSWM prompt must behave > predictably like this. > > > On 17/11/2015 17:51, Lee Rian (CENSUS/TCO FED) wrote: >>> What could be the problem here? >> >> RANCID looks for the prompt. If it doesn't see it you get a timeout >> >> >> I'm going to guess the problem is the prompt is different in the >> system context. I just tried it & got: >> >> >> asaname/admin> ena >> Password: **************** >> asaname/admin# changeto context system asaname# >> >> >> & no, sorry, I don't know how to deal with the prompt changing on you >> like that. >> >> >> Regards, >> >> Lee >> >> >> >> >> ------------------------------------------------------------------------ >> *From:* Rancid-discuss on behalf >> of christian.filips at tu-dortmund.de >> *Sent:* Tuesday, November 17, 2015 4:26 AM >> *To:* rancid-discuss at shrubbery.net >> *Subject:* [rancid] RANCID/clogin context-change FWSM/ASA >> >> >> Hello all! >> >> >> >> I have the problem to change the context after login into a Cisco FWSM. >> >> This is my clogin-command: >> >> >> >> ============= >> >> rancid at host:$ /usr/lib/rancid/bin/clogin -c 'terminal pager 0; changeto >> context system;sh running-config;exit' asa-address >> >> asa-address >> >> spawn ssh -c 3des -x -l cisco_login asa-address >> >> login at asa-address's password: >> >> Type help or '?' for a list of available commands. >> >> asa-address/admin> enable >> >> Password: >> >> asa-address/admin# >> >> asa-address/admin# terminal length 0 >> >> ^ >> >> ERROR: % Invalid input detected at '^' marker. >> >> asa-address/admin# terminal width 132 >> >> ^ >> >> ERROR: % Invalid input detected at '^' marker. >> >> asa-address/admin# terminal pager 0 >> >> asa-address/admin# changeto context system >> >> >> >> Error: TIMEOUT reached >> >> rancid at host:$ >> >> ============= >> >> >> >> The timeout appears at nearly 45 seconds. >> >> - >> >> I tried to find out something with the -d option, but it looks ok. >> >> I could mail, if useful, the output also. >> >> - >> >> I ran this on a ASA 5585, and it works fine there! >> >> Also for our Switches (without context-change ;-)). >> >> What could be the problem here? >> >> >> >> Thanks for help or new ideas! >> >> BR >> >> Christian >> >> /Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. >> Sie ist ausschlie?lich f?r den Adressaten bestimmt. Sollten Sie nicht >> der f?r diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den >> Absender und vernichten Sie diese Mail. Vielen Dank. >> Unbeschadet der Korrespondenz per E-Mail, sind unsere Erkl?rungen >> ausschlie?lich final rechtsverbindlich, wenn sie in herk?mmlicher >> Schriftform (mit eigenh?ndiger Unterschrift) oder durch ?bermittlung >> eines solchen Schriftst?cks per Telefax erfolgen. >> >> Important note: The information included in this e-mail is confidential. >> It is solely intended for the recipient. If you are not the intended >> recipient of this e-mail please contact the sender and delete this >> message. Thank you. Without prejudice of e-mail correspondence, our >> statements are only legally binding when they are made in the >> conventional written form (with personal signature) or when such >> documents are sent by fax. / >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie ist ausschlie?lich f?r den Adressaten bestimmt. Sollten Sie nicht der f?r diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Vielen Dank. Unbeschadet der Korrespondenz per E-Mail, sind unsere Erkl?rungen ausschlie?lich final rechtsverbindlich, wenn sie in herk?mmlicher Schriftform (mit eigenh?ndiger Unterschrift) oder durch ?bermittlung eines solchen Schriftst?cks per Telefax erfolgen. Important note: The information included in this e-mail is confidential. It is solely intended for the recipient. If you are not the intended recipient of this e-mail please contact the sender and delete this message. Thank you. Without prejudice of e-mail correspondence, our statements are only legally binding when they are made in the conventional written form (with personal signature) or when such documents are sent by fax. From dtuecks at googlemail.com Wed Nov 18 11:13:30 2015 From: dtuecks at googlemail.com (Daniel Tuecks) Date: Wed, 18 Nov 2015 12:13:30 +0100 Subject: [rancid] RANCID/clogin context-change FWSM/ASA In-Reply-To: <8E41B8359CA09C41B6E04B2DE30634480119A8DF7F@ex2010mbx1.tu-dortmund.de> References: <8E41B8359CA09C41B6E04B2DE30634480119A8C941@ex2010mbx1.tu-dortmund.de> <564B94F3.8030602@gmail.com> <564B9941.9080001@thingy.com> <8E41B8359CA09C41B6E04B2DE30634480119A8DF7F@ex2010mbx1.tu-dortmund.de> Message-ID: Hey, back in 2006 there was a patch on this list: http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html. We are still using this patch even today with rancid-3.2. With this you can tweak your .cloginrc to switch the context on login. Each contexts is treated as a separate device: # Base login for the asa-01 device add user asa-01 username add password asa-01 password password add method asa-01 {ssh:22} add autoenable asa-01 {0} add cyphertype asa-01 3DES # Login to admin on asa-01 add method asa-01-admin {usercmd} add usercmd asa-01-admin {clogin} {asa-01} add usercmd_chat asa-01-admin {asa-01/admin#} {changeto system\r} {asa-01#} {changeto context admin\r} {asa-01/admin#} {\r} # Login to fwcontext on asa-01 add method asa-01-fwcontext {usercmd} add usercmd asa-01-fwcontext {clogin} {asa-01} add usercmd_chat asa-01-fwcontext {asa-01/admin#} {changeto system\r} {asa-01#} {changeto context fwcontext\r} {asa-01/fwcontext#} {\r} With this you can do 'clogin asa-01-fwcontext'. Regards, Daniel 2015-11-18 7:51 GMT+01:00 christian.filips at tu-dortmund.de < christian.filips at tu-dortmund.de>: > I found a working solution: > > /usr/lib/rancid/bin/clogin -c 'terminal pager 0;changeto context > admin\rchangeto context system;sh running-config\rexit' > > The prompt seems not to be the problem, the problem appears at the > "changeto"! > I saw, that it worked with the actual logged-in-user: "admin# changeto > context admin" No timeout! > So i tried it with the actual one and DIRECTLY with a "return" (\r) behind > it an change tu the system context - this works, without ";"! > The same problem later in the commands, so i type also a \r at before the > "exit". Fine! > > Now i can work with the script. > Thanks and greetings. > :-) > > > -----Urspr?ngliche Nachricht----- > Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im > Auftrag von Howard Jones > Gesendet: Dienstag, 17. November 2015 22:17 > An: rancid-discuss at shrubbery.net > Betreff: Re: [rancid] RANCID/clogin context-change FWSM/ASA > > I did look at this a while ago and there was also a change required in > clogin so that the expect script also looked for a wider variety prompt. > > On 17/11/15 20:58, Alan McKinnon wrote: > > The code that does it usually looks something like this in main() (it > > can be different for each *rancid parser script): > > > > if (!defined($prompt)) { > > $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; > > $prompt =~ s/([][}{)(\\])/\\$1/g; > > print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); > > } > > > > This should do the right thing: > > > > $prompt = ($_ =~ /^([^#>]+[#>])\s*$/)[0]; > > > > That will skip the first two prompts in your output below and pick the > > 3rd, and correct, one. To work, the FSWM prompt must behave > > predictably like this. > > > > > > On 17/11/2015 17:51, Lee Rian (CENSUS/TCO FED) wrote: > >>> What could be the problem here? > >> > >> RANCID looks for the prompt. If it doesn't see it you get a timeout > >> > >> > >> I'm going to guess the problem is the prompt is different in the > >> system context. I just tried it & got: > >> > >> > >> asaname/admin> ena > >> Password: **************** > >> asaname/admin# changeto context system asaname# > >> > >> > >> & no, sorry, I don't know how to deal with the prompt changing on you > >> like that. > >> > >> > >> Regards, > >> > >> Lee > >> > >> > >> > >> > >> ------------------------------------------------------------------------ > >> *From:* Rancid-discuss on behalf > >> of christian.filips at tu-dortmund.de > >> *Sent:* Tuesday, November 17, 2015 4:26 AM > >> *To:* rancid-discuss at shrubbery.net > >> *Subject:* [rancid] RANCID/clogin context-change FWSM/ASA > >> > >> > >> Hello all! > >> > >> > >> > >> I have the problem to change the context after login into a Cisco FWSM. > >> > >> This is my clogin-command: > >> > >> > >> > >> ============= > >> > >> rancid at host:$ /usr/lib/rancid/bin/clogin -c 'terminal pager 0; > changeto > >> context system;sh running-config;exit' asa-address > >> > >> asa-address > >> > >> spawn ssh -c 3des -x -l cisco_login asa-address > >> > >> login at asa-address's password: > >> > >> Type help or '?' for a list of available commands. > >> > >> asa-address/admin> enable > >> > >> Password: > >> > >> asa-address/admin# > >> > >> asa-address/admin# terminal length 0 > >> > >> ^ > >> > >> ERROR: % Invalid input detected at '^' marker. > >> > >> asa-address/admin# terminal width 132 > >> > >> ^ > >> > >> ERROR: % Invalid input detected at '^' marker. > >> > >> asa-address/admin# terminal pager 0 > >> > >> asa-address/admin# changeto context system > >> > >> > >> > >> Error: TIMEOUT reached > >> > >> rancid at host:$ > >> > >> ============= > >> > >> > >> > >> The timeout appears at nearly 45 seconds. > >> > >> - > >> > >> I tried to find out something with the -d option, but it looks ok. > >> > >> I could mail, if useful, the output also. > >> > >> - > >> > >> I ran this on a ASA 5585, and it works fine there! > >> > >> Also for our Switches (without context-change ;-)). > >> > >> What could be the problem here? > >> > >> > >> > >> Thanks for help or new ideas! > >> > >> BR > >> > >> Christian > >> > >> /Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. > >> Sie ist ausschlie?lich f?r den Adressaten bestimmt. Sollten Sie nicht > >> der f?r diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den > >> Absender und vernichten Sie diese Mail. Vielen Dank. > >> Unbeschadet der Korrespondenz per E-Mail, sind unsere Erkl?rungen > >> ausschlie?lich final rechtsverbindlich, wenn sie in herk?mmlicher > >> Schriftform (mit eigenh?ndiger Unterschrift) oder durch ?bermittlung > >> eines solchen Schriftst?cks per Telefax erfolgen. > >> > >> Important note: The information included in this e-mail is confidential. > >> It is solely intended for the recipient. If you are not the intended > >> recipient of this e-mail please contact the sender and delete this > >> message. Thank you. Without prejudice of e-mail correspondence, our > >> statements are only legally binding when they are made in the > >> conventional written form (with personal signature) or when such > >> documents are sent by fax. / > >> > >> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > >> > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie > ist ausschlie?lich f?r den Adressaten bestimmt. Sollten Sie nicht der f?r > diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender > und vernichten Sie diese Mail. Vielen Dank. > Unbeschadet der Korrespondenz per E-Mail, sind unsere Erkl?rungen > ausschlie?lich final rechtsverbindlich, wenn sie in herk?mmlicher > Schriftform (mit eigenh?ndiger Unterschrift) oder durch ?bermittlung eines > solchen Schriftst?cks per Telefax erfolgen. > > Important note: The information included in this e-mail is confidential. > It is solely intended for the recipient. If you are not the intended > recipient of this e-mail please contact the sender and delete this message. > Thank you. Without prejudice of e-mail correspondence, our statements are > only legally binding when they are made in the conventional written form > (with personal signature) or when such documents are sent by fax. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rdrake at direcpath.com Wed Nov 18 19:13:40 2015 From: rdrake at direcpath.com (rdrake) Date: Wed, 18 Nov 2015 14:13:40 -0500 Subject: [rancid] Dealing with autocommand In-Reply-To: <1013D0BC-1216-4109-BE8E-C781BBE0718B@cablevision.com> References: <1013D0BC-1216-4109-BE8E-C781BBE0718B@cablevision.com> Message-ID: <564CCDE4.9090803@direcpath.com> On 11/09/2015 09:35 AM, Joe Chiarelli wrote: > Hi, > > I am trying to get rancid to work with my cisco 2621 terminal servers. > > However after the use logs in ,we use the autocommand to run the menu > feature to access the other systems. > > > line vty 0 3 > access-class 1 in > exec-timeout 30 0 > password {hashed} > autocommand menu termsrv > transport input telnet > transport output telnet > > How can I send the menu command I have configured to exit the menu on > login so rancid will run its commands to backup the config? It's been a while since I've done something like this, but it seems like it might work for you: You can setup "line vty 4" without the autocommand and only allow rancid to login on that vty (either by access-class or special password, or using rotary and using a special telnet port) http://www.velocityreviews.com/threads/very-simple-question-on-vtys.565689/ There are probably other options. You would need to figure out what the best of different hackish ways to fix it would be. > > Thanks, > Joe > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chr.filips at googlemail.com Tue Nov 17 10:32:06 2015 From: chr.filips at googlemail.com (Christian Filips) Date: Tue, 17 Nov 2015 02:32:06 -0800 (PST) Subject: [rancid] RANCID/clogin context-change FWSM/ASA Message-ID: Hello to all! I have the problem to change the context after login into a Cisco FWSM. This is my clogin-command: ============= rancid at host:$ /usr/lib/rancid/bin/clogin -c 'terminal pager 0; changeto context system;sh running-config;exit' asa-address asa-address spawn ssh -c 3des -x -l cisco_login asa-address login at asa-address's password: Type help or '?' for a list of available commands. asa-address/admin> enable Password: asa-address/admin# asa-address/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. asa-address/admin# terminal width 132 ^ ERROR: % Invalid input detected at '^' marker. asa-address/admin# terminal pager 0 asa-address/admin# changeto context system Error: TIMEOUT reached rancid at host:$ ============= The timeout appears at nearly 45 seconds. - I tried to find out something with the -d option, but it looks ok. I could post, if useful, the output also. Other commands are functional, only the context-change has problems. - I ran this on a ASA 5585, and it works fine there! Also for our Switches (without context-change ;-)). What could be the problem here? Thanks for help or new ideas! BR Christian -------------- next part -------------- An HTML attachment was scrubbed... URL: From shaharshad at yahoo.com Mon Nov 23 08:59:04 2015 From: shaharshad at yahoo.com (Arshad Ali) Date: Mon, 23 Nov 2015 08:59:04 +0000 (UTC) Subject: [rancid] RANCID server unable to connect to devices following log error References: <1870975571.9157109.1448269144157.JavaMail.yahoo.ref@mail.yahoo.com> Message-ID: <1870975571.9157109.1448269144157.JavaMail.yahoo@mail.yahoo.com> HI, I am unable to login to any network device through clogin via rancid user and root user and gets following error.? login error: Error: can't read "22": no such variable. I can see same issue with all the devices. I am not expert in linux.? Is it related to permission on ".cloginrc"? I checked logs and found following error.? svn: E000013: Can't open file '/var/lib/rancid/PerthIX/.svn/pristine/b4/b40db22fb4aba04068988ff2f52eb9adc129120a.svn-base': Permission denied svn: E000013: Commit failed (details follow):svn: E000013: Can't open file '/var/lib/rancid/PerthIX/.svn/pristine/b4/b40db22fb4aba04068988ff2f52eb9adc129120a.svn-base': Permission denied/usr/lib/rancid/bin/control_rancid: 507: /usr/lib/rancid/bin/control_rancid: sendmail: not found?Regards,?stranger -------------- next part -------------- An HTML attachment was scrubbed... URL: From shaharshad at yahoo.com Mon Nov 23 08:30:06 2015 From: shaharshad at yahoo.com (Arshad Ali) Date: Mon, 23 Nov 2015 08:30:06 +0000 (UTC) Subject: [rancid] unable to login on devices via clogin References: <492112971.9146731.1448267406287.JavaMail.yahoo.ref@mail.yahoo.com> Message-ID: <492112971.9146731.1448267406287.JavaMail.yahoo@mail.yahoo.com> HI, I am unable to login to any network device through clogin via rancid user and root user and gets following error.? login error: Error: can't read "22": no such variable. I can see same issue with all the devices. I am not expert in linux.? Is it related to permission on ".cloginrc"? I checked logs and found following error.? svn: E000013: Can't open file '/var/lib/rancid/PerthIX/.svn/pristine/b4/b40db22fb4aba04068988ff2f52eb9adc129120a.svn-base': Permission denied svn: E000013: Commit failed (details follow):svn: E000013: Can't open file '/var/lib/rancid/PerthIX/.svn/pristine/b4/b40db22fb4aba04068988ff2f52eb9adc129120a.svn-base': Permission denied/usr/lib/rancid/bin/control_rancid: 507: /usr/lib/rancid/bin/control_rancid: sendmail: not found ?Regards,?shah -------------- next part -------------- An HTML attachment was scrubbed... URL: From Chris.Davis at principia.edu Tue Nov 24 19:59:52 2015 From: Chris.Davis at principia.edu (Chris Davis) Date: Tue, 24 Nov 2015 19:59:52 +0000 Subject: [rancid] Reporting question. Message-ID: I was wondering. Is it possible to turn off some of the reporting features of RANCID? I'd like to turn off the hourly switch down reports for a couple of my switches. I am running 2.3.8. We have a few switches that do spend some time down, but we do want to get backups of them whenever they are available... I've never run across a way to do something like that, so I thought I'd toss it out to the crowd. Maybe I've just missed it? Thanks. Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Nov 25 20:06:16 2015 From: heas at shrubbery.net (heasley) Date: Wed, 25 Nov 2015 20:06:16 +0000 Subject: [rancid] Reporting question. In-Reply-To: References: Message-ID: <20151125200616.GB16402@shrubbery.net> Tue, Nov 24, 2015 at 07:59:52PM +0000, Chris Davis: > I was wondering. Is it possible to turn off some of the reporting features of RANCID? I'd like to turn off the hourly switch down reports for a couple of my switches. I am running 2.3.8. We have a few switches that do spend some time down, but we do want to get backups of them whenever they are available... I've never run across a way to do something like that, so I thought I'd toss it out to the crowd. Maybe I've just missed it? there is a rancid.conf know, see rancid.conf(5), that sets the time after which a collection is deemed stale. rancid 3.2 supports a per-group rancid.conf that overrides the global settings.