From frnkblk at iname.com Fri Apr 1 01:05:46 2016 From: frnkblk at iname.com (frnkblk at iname.com) Date: Thu, 31 Mar 2016 20:05:46 -0500 Subject: [rancid] High cpu on large configs In-Reply-To: References: Message-ID: <000101d18bb2$a10a9580$e31fc080$@iname.com> What about copying the configuration file over instead, and processing that? Frank From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of nachofw Sent: Tuesday, March 29, 2016 8:24 AM To: heasley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] High cpu on large configs It is very inconvinient for my scenario, high cpu causes alerts on the monitoring systems creating false positive alerts. Also on other platforms causes packet loss por example cisco 3k series with large configs Enviado desde mi smartphone Samsung Galaxy. -------- Mensaje original -------- De: heasley > Fecha: 29/03/2016 9:46 AM (GMT-03:00) Para: nachofw > Cc: rancid-discuss at shrubbery.net Asunto: Re: High cpu on large configs Mon, Mar 28, 2016 at 03:10:16PM -0300, nachofw: > Thanks for the input.I ended up taking advantage of the fact that asa doesn't support 'terminal length'and 'terminal width'. And changed the file lee mentioned:-> /usr/share/perl5/rancid/ios.pm # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1s{$len}//;+ select(undef, undef, undef, 0.15); } > I cant use the 'terminal pager 0' because that displays all the config in one shot and causes the cpu to spike to 97%, i needed for rancid to use the ---more--- feature when displaying the config.Again thanks to all-------- Why is it an issue if the cpu jumps for 97%? So what. It is temporary and the scheduler should prioritize processes appropriately. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dan.w.anderson at gmail.com Fri Apr 1 15:28:43 2016 From: dan.w.anderson at gmail.com (Dan Anderson) Date: Fri, 1 Apr 2016 11:28:43 -0400 Subject: [rancid] Upgrading to 3.4 In-Reply-To: References: Message-ID: You didn't mention what version of Hyper-V you're running. I have a CentOS 7 VM running on a Hyper-V 2012R2 host without any issues. I've also had success with Debian on Hyper-V. On Wed, Mar 30, 2016 at 10:18 AM, Chris Davis wrote: > I was hoping to upgrade to 3.4 but have run into a series of problems. > Wondering how others moved past this. > > > > Initially, I was running 2.38 on Centos 5. I tried to in place upgrade > and ran into a socket library problem. Saw that the version of the socket > library in Centos 7 was compatible, so then began to focus on installing > that on my hardware. Unfortunately, the controller driver appears to be no > longer supported. So, then I started focusing on a VM for my Rancid > server. Got it all set up and installed on a Hyper-V host. And while the > networking worked during the install, apparently the network drivers aren?t > right on the virtual disk and none of the networking works once I boot off > the virtual HD. So, has anyone set up Rancid 3.4/Centos 7 on a hyper V > host? Or have any other ideas to try? > > Thanks. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From Chris.Davis at principia.edu Fri Apr 1 15:43:32 2016 From: Chris.Davis at principia.edu (Chris Davis) Date: Fri, 1 Apr 2016 15:43:32 +0000 Subject: [rancid] Upgrading to 3.4 In-Reply-To: References:

Message-ID: I am using Hyper-V 2008R2. How did you set up the networking on the VM Guest? Did you use the legacy networking or the standard? And did you install the Linux integration system? From: Dan Anderson [mailto:dan.w.anderson at gmail.com] Sent: Friday, April 01, 2016 10:29 AM To: Chris Davis Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Upgrading to 3.4 You didn't mention what version of Hyper-V you're running. I have a CentOS 7 VM running on a Hyper-V 2012R2 host without any issues. I've also had success with Debian on Hyper-V. On Wed, Mar 30, 2016 at 10:18 AM, Chris Davis > wrote: I was hoping to upgrade to 3.4 but have run into a series of problems. Wondering how others moved past this. Initially, I was running 2.38 on Centos 5. I tried to in place upgrade and ran into a socket library problem. Saw that the version of the socket library in Centos 7 was compatible, so then began to focus on installing that on my hardware. Unfortunately, the controller driver appears to be no longer supported. So, then I started focusing on a VM for my Rancid server. Got it all set up and installed on a Hyper-V host. And while the networking worked during the install, apparently the network drivers aren?t right on the virtual disk and none of the networking works once I boot off the virtual HD. So, has anyone set up Rancid 3.4/Centos 7 on a hyper V host? Or have any other ideas to try? Thanks. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From mjl at wayne.edu Fri Apr 1 16:59:41 2016 From: mjl at wayne.edu (Matthew Jerome Lessins) Date: Fri, 1 Apr 2016 16:59:41 +0000 Subject: [rancid] support for n2000/n3000 dells Message-ID: Hello, Has anybody had success getting configs off of the Dell N2000/N3000 platforms? We've tried device-type dell, smc, cisco and they all tank with various failures. I ask, hoping for an easy fix, before I have to go in for a deep dive. Thanks! Matt -------------------------------- Matt Lessins Wayne State University Network Engineer phone: (313) 577-2176 mjl at wayne dot edu -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcohen at AllenTek.com Fri Apr 1 22:20:29 2016 From: jcohen at AllenTek.com (Jessica Cohen) Date: Fri, 1 Apr 2016 22:20:29 +0000 Subject: [rancid] rancid not completely reading config on cisco Message-ID: <6CBD3672C596DB49BCFF684935BD14B8BAB18F@MBX029-E1-VA-6.EXCH029.DOMAIN.LOCAL> Hello, Recently one of my groups has starting having an issue where it doesn't seem to completely read the config of the cisco switches it's polling. Consequently, rancid reports constant changes even though there aren't any. It will only show half the config then on the next poll the full config. I'm checking every 12 cisco switches every 5 minutes. None of the 40 other groups are having this issue. I've googled but I'm not having any luck. Suggestions? -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Sat Apr 2 06:47:01 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Sat, 2 Apr 2016 08:47:01 +0200 Subject: [rancid] rancid not completely reading config on cisco In-Reply-To: <6CBD3672C596DB49BCFF684935BD14B8BAB18F@MBX029-E1-VA-6.EXCH029.DOMAIN.LOCAL> References: <6CBD3672C596DB49BCFF684935BD14B8BAB18F@MBX029-E1-VA-6.EXCH029.DOMAIN.LOCAL> Message-ID: <56FF6AE5.8050008@gmail.com> On 02/04/2016 00:20, Jessica Cohen wrote: > Hello, > > > > Recently one of my groups has starting having an issue where it doesn?t > seem to completely read the config of the cisco switches it?s polling. > Consequently, rancid reports constant changes even though there aren?t > any. It will only show half the config then on the next poll the full > config. I?m checking every 12 cisco switches every 5 minutes. None of > the 40 other groups are having this issue. I?ve googled but I?m not > having any luck. Suggestions? There is seldom an FAQ-style answer for questions like this; your only real option is to examine closely what output your switches are giving and what rancid is doing with that output. It seems to be exiting early, and the reason with be in what the switch sends back. Manually run the rancid script against the problematic switch in debug mode (IIRC it's the -d switch) and closely examine what's going on at the end. Comapre with a good debug run and find differences. -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Sat Apr 2 15:45:47 2016 From: heas at shrubbery.net (heasley) Date: Sat, 2 Apr 2016 15:45:47 +0000 Subject: [rancid] Upgrading to 3.4 In-Reply-To: References: Message-ID: <20160402154547.GH60935@shrubbery.net> Wed, Mar 30, 2016 at 02:18:35PM +0000, Chris Davis: > I was hoping to upgrade to 3.4 but have run into a series of problems. Wondering how others moved past this. > > Initially, I was running 2.38 on Centos 5. I tried to in place upgrade and ran into a socket library problem. Saw that the version of the socket library in Centos 7 was compatible, so then began to focus on installing that on my hardware. Unfortunately, the controller driver appears to be no longer supported. So, then I started focusing on a VM for my Rancid server. Got it all set up and installed on a Hyper-V host. And while the networking worked during the install, apparently the network drivers aren't right on the virtual disk and none of the networking works once I boot off the virtual HD. So, has anyone set up Rancid 3.4/Centos 7 on a hyper V host? Or have any other ideas to try? I can't offer anything for centos5. 6 & 7 work fine on vmware, but 6 requires a more recent perl Socket module. I'm thinking that a rancid docker container might be an option to avoid this problem of the various linux only offering old packages and may help with rancid installation by folks who are less unix (or linux) savy. I'm not sure if maintaining that will be too much burden. Requires more thought. From heas at shrubbery.net Mon Apr 4 02:21:54 2016 From: heas at shrubbery.net (heasley) Date: Mon, 4 Apr 2016 02:21:54 +0000 Subject: [rancid] Rancid with an F5 In-Reply-To: References: <20160329183339.GC54818@shrubbery.net> <20160329204538.GA57822@shrubbery.net>

Message-ID: <20160404022154.GG24960@shrubbery.net> Wed, Mar 30, 2016 at 06:23:27PM +0000, Jeffrey d'Ambly: > I?ve updated my f5rancid script to use this one > > https://raw.githubusercontent.com/dotwaffle/rancid-git/master/bin/f5rancid.in > > However it?s still not working. Is there something additional I need to do? I've attempted to import the v11 support as type "bigip" here: ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.4.99.tar.gz Someone will have to test it for me though. I tried the bigip 12.0 ova, but vbox is returning an error when I try importing it. > ?Jeff > > From: Shain Singh > > Date: Tuesday, March 29, 2016 at 5:20 PM > To: Jeffrey >, heasley >, "rancid-discuss at shrubbery.net" > > Subject: Re: [rancid] Rancid with an F5 > > that script looks like it's built for v10 of f5's software... 'bigpipe' commands will no longer run, so you would need to change them to 'tmsh' commands. https://support.f5.com/kb/en-us/solutions/public/13000/600/sol13697 > > > > On Wed, 30 Mar 2016 at 07:52 Jeffrey d'Ambly > wrote: > Here is the output, am I using the wrong version of f5rancid? > > > [rancid at sjc-corp-net01 configs]$ eval `/usr/libexec/rancid/f5rancid -C > sjc-lb01` > sjc-lb01 > spawn ssh -i /var/rancid/.ssh/id_dsa -c 3des -x -l admin sjc-lb01 > Warning: Identity file /var/rancid/.ssh/id_dsa not accessible: No such > file or directory. > Password: > Last login: Tue Mar 29 11:04:48 2016 from 192.168.201.51 > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal length > 0 > Syntax Error: unexpected argument "terminal" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal width > 132 > Syntax Error: unexpected argument "terminal" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe version > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe platform > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# cat > /config/bigip.license > Syntax Error: unexpected argument "cat" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe monitor > list all > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe profile > list > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe base > list > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe db show > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe route > static show > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time > --color=never /config/ssl/ssl.crt > Syntax Error: unexpected argument "ls" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time > --color=never /config/ssl/ssl.key > Syntax Error: unexpected argument "ls" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe list > Syntax Error: unexpected argument "bigpipe" > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit > Use "quit" to end the current session > admin@(sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# > ^C[rancid at sjc-corp-net01 configs]$ > > > > On 3/29/16, 1:45 PM, "heasley" > wrote: > > >Tue, Mar 29, 2016 at 08:04:28PM +0000, Jeffrey d'Ambly: > >> So that would mean the commands are not working, how do I troubleshoot > >> that? > > > >yes, i expect so. you will need to run the commands to check for > >yourself. > >like > >eval `f5rancid -C hostname` > > > >> ?Jeff > >> > >> On 3/29/16, 11:33 AM, "heasley" > wrote: > >> > >> >Tue, Mar 29, 2016 at 05:31:06PM +0000, Jeffrey d'Ambly: > >> >> > >> >> I?m having some issues getting rancid working with my F5 load > >>balancers. > >> >> > >> >> Here is what my routers.db looks like > >> >> > >> >> [root at sjc-corp-net01 observium]# cat router.db | grep lb > >> >> atl-lb01;f5;up > >> >> atl-lb02;f5;up > >> >> gz-lb01;f5;up > >> >> gz-lb02;f5;up > >> >> jed-lb01;f5;up > >> >> jed-lb02;f5;up > >> >> nj-lb01;f5;up > >> >> nj-lb02;f5;up > >> >> phx-lb01;f5;up > >> >> phx-lb02;f5;up > >> >> ryd-lb01;f5;up > >> >> ryd-lb02;f5;up > >> >> sjc-lb01;f5;up > >> >> sjc-lb02;f5;up > >> >> [root at sjc-corp-net01 observium]# > >> >> > >> >> When I run rancid I get the following > >> >> > >> >> [root at sjc-corp-net01 rancid]# cat observium.20160329.101355 > >> >> starting: Tue Mar 29 10:13:55 PDT 2016 > >> >> > >> >> > >> >> > >> >> Trying to get all of the configs. > >> >> ERROR: sjc-lb01 configuration appears truncated. > >> >> > >> >> Is this because I have partitions configured on my f5, and if so how > >>do > >> >>I resolve this? > >> > > >> >it does so if receives less than 3 lines of configuration. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Dean.Brandt at ardentleisure.com Mon Apr 4 04:04:56 2016 From: Dean.Brandt at ardentleisure.com (Dean Brandt) Date: Mon, 4 Apr 2016 04:04:56 +0000 Subject: [rancid] Brocade - ignore secure-mac changes Message-ID: Hi guys, I am aware that I need to look at francid for this change but my perl skills are non existent :) How do I ensure that any change in secure-mac address in the config is not sent as a diff via email? Regards Dean Brandt -------------- next part -------------- An HTML attachment was scrubbed... URL: From Chris.Davis at principia.edu Mon Apr 4 14:24:37 2016 From: Chris.Davis at principia.edu (Chris Davis) Date: Mon, 4 Apr 2016 14:24:37 +0000 Subject: [rancid] Upgrading to 3.4 In-Reply-To: <20160402154547.GH60935@shrubbery.net> References: <20160402154547.GH60935@shrubbery.net> Message-ID: I don't mind stumbling around a bit. I'm pretty unix/linux savvy. Just don't compile code too often, so I'm not too savvy on libraries and such. I can usually figure things like that out. But on my 2008R2 Hyper-V the networking just appears dead. Someone on the list gave it a try on his Hyper-V 2012R2 host and he reports that it works just fine. So, the question has become, why not on 2008R2. I'm going to re-install (yet again) and see what I can figure out. Thanks. Meanwhile, I'm back to 2.38 until I can figure out why the Centos7/2008R2 Hyper-V combo doesn't work. Chris -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Saturday, April 02, 2016 10:46 AM To: Chris Davis Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Upgrading to 3.4 Wed, Mar 30, 2016 at 02:18:35PM +0000, Chris Davis: > I was hoping to upgrade to 3.4 but have run into a series of problems. Wondering how others moved past this. > > Initially, I was running 2.38 on Centos 5. I tried to in place upgrade and ran into a socket library problem. Saw that the version of the socket library in Centos 7 was compatible, so then began to focus on installing that on my hardware. Unfortunately, the controller driver appears to be no longer supported. So, then I started focusing on a VM for my Rancid server. Got it all set up and installed on a Hyper-V host. And while the networking worked during the install, apparently the network drivers aren't right on the virtual disk and none of the networking works once I boot off the virtual HD. So, has anyone set up Rancid 3.4/Centos 7 on a hyper V host? Or have any other ideas to try? I can't offer anything for centos5. 6 & 7 work fine on vmware, but 6 requires a more recent perl Socket module. I'm thinking that a rancid docker container might be an option to avoid this problem of the various linux only offering old packages and may help with rancid installation by folks who are less unix (or linux) savy. I'm not sure if maintaining that will be too much burden. Requires more thought. From mjl at wayne.edu Mon Apr 4 19:17:09 2016 From: mjl at wayne.edu (Matthew Jerome Lessins) Date: Mon, 4 Apr 2016 19:17:09 +0000 Subject: [rancid] support for n2000/n3000 dells In-Reply-To: <20160402135435.GA60935@shrubbery.net> References: , <20160402135435.GA60935@shrubbery.net> Message-ID: I did a small amount of checking and saw that the n2000 uses an OS that is similar in CLI to the older PowerConnect OS, so I tried the Dell extensions (http://web.rickyninja.net:81/rancid/) again. I tried this earlier but as it turned out I didn't get the rancid.types.conf file right, I didn't use the rancid-fe that came with the extension package as it looks like the operation of rancid has changed since this extension was developed. It seems to be working just fine now. Thanks, Matt -------------------------------- Matt Lessins Wayne State University Network Engineer phone: (313) 577-2176 mjl at wayne dot edu ________________________________________ From: heasley Sent: Saturday, April 2, 2016 9:54 AM To: Matthew Jerome Lessins Subject: Re: [rancid] support for n2000/n3000 dells Fri, Apr 01, 2016 at 04:59:41PM +0000, Matthew Jerome Lessins: > Hello, > > > Has anybody had success getting configs off of the Dell N2000/N3000 platforms? We've tried device-type dell, smc, cisco and they all tank with various failures. I ask, hoping for an easy fix, before I have to go in for a deep dive. Thanks! hp perhaps? they just OEM the switches, so w/o having one or access to one, I can only guess. if you show us output, it might help the guessing. > > Matt > > > -------------------------------- > > Matt Lessins > > Wayne State University > > Network Engineer > > phone: (313) 577-2176 > > mjl at wayne dot edu > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Sebastien.Boulianne at cpu.ca Tue Apr 5 15:58:50 2016 From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca) Date: Tue, 5 Apr 2016 11:58:50 -0400 Subject: [rancid] Unable to negotiate with .... no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 Message-ID: <5FE0959288C73D448BB44CB7E9CC320F5837FD144A@CPUMAIL2.cpu.qc.ca> Hi guys, Since today, I got this error when I trying to connect to my Cisco devices using SSH : bin/clogin IP IP spawn ssh -c aes256-cbc -x -l cpu_backup IP Unable to negotiate with IP port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 Error: Couldn't login: IP I searched on Google and I saw it was causeds by the latest OpenSSH version but I cant find how to fix it. In my .cloginrc, I setupped cypertype to aes256-cbc. Should I use another cipher ? Can you help me a bit plz ? Thanks! S?bastien -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at foobar.org Tue Apr 5 16:02:05 2016 From: nick at foobar.org (Nick Hilliard) Date: Tue, 05 Apr 2016 17:02:05 +0100 Subject: [rancid] Unable to negotiate with .... no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 In-Reply-To: <5FE0959288C73D448BB44CB7E9CC320F5837FD144A@CPUMAIL2.cpu.qc.ca> References: <5FE0959288C73D448BB44CB7E9CC320F5837FD144A@CPUMAIL2.cpu.qc.ca> Message-ID: <5703E17D.4040803@foobar.org> Sebastien.Boulianne at cpu.ca wrote: > I searched on Google and I saw it was causeds by the latest OpenSSH > version but I cant find how to fix it. ip ssh dh min size 4096 Nick From ginesgb at gmail.com Tue Apr 5 15:58:02 2016 From: ginesgb at gmail.com (Gines) Date: Tue, 5 Apr 2016 15:58:02 +0000 (UTC) Subject: [rancid] Rancid to do multihop for copy Message-ID: Hi everyone, I was doing a configuration for Rancid can make connecting a cisco switch to another switch cisco to obtain the configuration file, but can not find such information, only the settings using the cloging but not as collect the configuration file in this case the "running-config" Can you provide me this information? Greetings and thank you From Sebastien.Boulianne at cpu.ca Tue Apr 5 20:13:34 2016 From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca) Date: Tue, 5 Apr 2016 16:13:34 -0400 Subject: [rancid] Unable to negotiate with .... no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 In-Reply-To: <083301d18f6f$d60db760$82292620$@bboi.net> References: <083301d18f6f$d60db760$82292620$@bboi.net> Message-ID: <5FE0959288C73D448BB44CB7E9CC320F5837FD1462@CPUMAIL2.cpu.qc.ca> A special thanks you to ?rick for the fix. ;) I confirm it works as a charm! Thanks! S?bastien De : Eric Krichbaum [mailto:erick at bboi.net] Envoy? : 5 avril 2016 15:18 ? : Sebastien Boulianne Objet : [rancid] Unable to negotiate with .... no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 The problem isn't the cipher as much as the key exchange. Newer open ssh dropped support (by default) for "insecure" key exchanges (SHA1) which are all that are supported by older ios/etc. gear. I've been updating code on boxes where possible to eliminate this issue but it's really an easy fix. In /etc/ssh/ssh_config: Host * GSSAPIAuthentication yes KexAlgorithms +diffie-hellman-group1-sha1 That will add the old kex to your ssh (outbound) and should work ok. Eric [https://ipmcdn.avast.com/images/2016/icons/icon-envelope-open-tick-round-orange-v1.png] Virus-free. www.avast.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From bruccoo at gmail.com Tue Apr 5 17:40:35 2016 From: bruccoo at gmail.com (Gregory Bruccoleri) Date: Tue, 5 Apr 2016 13:40:35 -0400 Subject: [rancid] Issue with using rancid 3.4.1 with Fortigates Message-ID: Hello, Having an issue with rancid backing up fortigates. I have the following output from attempting to run rancid against one of my devices: Begin------------------------------------------------------------- [rancid at VMWRANCID01 ~]$ rancid -d -t fortigate loadtype: device type fortigate loadtype: found device type fortigate in /usr/local/rancid/etc/rancid.types.base executing fnlogin -t 90 -c"" inloop is not configured for device type fortigate at /usr/local/rancid/bin/rancid line 126. End--------------------------------------------------------------- Rancid is running on CentOS. Is this something configuration wise? I am able to ssh to the host from the system itself so it doesn't appear to be blocked. Router.db file is using semicolons instead of colons. That's all I can think of at the moment. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Apr 5 20:58:26 2016 From: heas at shrubbery.net (Heasley) Date: Tue, 5 Apr 2016 17:58:26 -0300 Subject: [rancid] Issue with using rancid 3.4.1 with Fortigates In-Reply-To: References: Message-ID: <19FF9891-5963-46F6-BF9D-2359E559B515@shrubbery.net> > Am 05.04.2016 um 14:40 schrieb Gregory Bruccoleri : > > Hello, > > Having an issue with rancid backing up fortigates. I have the following output from attempting to run rancid against one of my devices: > > Begin------------------------------------------------------------- > > [rancid at VMWRANCID01 ~]$ rancid -d -t fortigate > loadtype: device type fortigate > loadtype: found device type fortigate in /usr/local/rancid/etc/rancid.types.base > executing fnlogin -t 90 -c"" > inloop is not configured for device type fortigate at /usr/local/rancid/bin/rancid line 126. fnrancid -c ... Fnrancid hasnt been converted to a pm yet. > > End--------------------------------------------------------------- > > Rancid is running on CentOS. > > Is this something configuration wise? I am able to ssh to the host from the system itself so it doesn't appear to be blocked. Router.db file is using semicolons instead of colons. That's all I can think of at the moment. > > Thanks > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Sebastien.Boulianne at cpu.ca Wed Apr 6 16:39:04 2016 From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca) Date: Wed, 6 Apr 2016 12:39:04 -0400 Subject: [rancid] bin/rancid-run -f problem. Message-ID: <5FE0959288C73D448BB44CB7E9CC320F5837FD147B@CPUMAIL2.cpu.qc.ca> Hi, usage: bin/rancid-run [-V] [-f config_file] [-r device_name] [-m mail rcpt] [group [group ...]] but bin/rancid-run -f clients bin/rancid-run: 114: .: clients: not found ls -l clients -rwx--x--x 1 rancid rancid 4736 Apr 6 12:35 clients Anyone can explain me why please ? Thanks in advance. S?bastien. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Apr 6 17:00:59 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 6 Apr 2016 19:00:59 +0200 Subject: [rancid] bin/rancid-run -f problem. In-Reply-To: <5FE0959288C73D448BB44CB7E9CC320F5837FD147B@CPUMAIL2.cpu.qc.ca> References: <5FE0959288C73D448BB44CB7E9CC320F5837FD147B@CPUMAIL2.cpu.qc.ca> Message-ID: <570540CB.2090009@gmail.com> On 06/04/2016 18:39, Sebastien.Boulianne at cpu.ca wrote: > Hi, > > > > usage: bin/rancid-run [-V] [-f config_file] [-r device_name] [-m mail > rcpt] [group [group ...]] > > > > but > > > > bin/rancid-run -f clients > > bin/rancid-run: 114: .: clients: not found > > > > ls -l clients > > -rwx--x--x 1 rancid rancid 4736 Apr 6 12:35 clients > > > > Anyone can explain me why please ? -f /full/path/to/config_file -- Alan McKinnon alan.mckinnon at gmail.com From Sebastien.Boulianne at cpu.ca Wed Apr 6 18:18:36 2016 From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca) Date: Wed, 6 Apr 2016 14:18:36 -0400 Subject: [rancid] Rancid with Fortigates and vdoms Message-ID: <5FE0959288C73D448BB44CB7E9CC320F5837FD1481@CPUMAIL2.cpu.qc.ca> Hi, Most of our routers / FW are Fortigates. I would like take full config backup including all vdoms. How can I do that ? I have 3 VDOMs on a FGT80C : Global, root, ROUTER How can I take those 3 vdoms in backup ? Thanks. S?bastien. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ginesgb at gmail.com Thu Apr 7 16:17:19 2016 From: ginesgb at gmail.com (Gines Granados Bayona) Date: Thu, 7 Apr 2016 18:17:19 +0200 Subject: [rancid] Script copy Message-ID: Hi everybodyI wanted to know how I can make the configuration file .cloginrc can run and copy the result of a script. Example add method ***.***.***.*** add user ***.***.***.*** user add password ***.***.***.*** { password } { password } add usercmd_chat xxx.xxx.xxx {/usr/libexec/rancid/clogin} {-s} {"/usr/local/rancid/examplescript.exp" xxx.xxx.xxx > /usr/local/rancidd/Ibercom/configs/host.new} Can you do indicate where the error? Greetings and thank you -- Este mensaje se dirige exclusivamente a su destinatario. Puede contener informaci?n confidencial sometida a secreto profesional o cuya divulgaci?n este prohibida, en virtud de la legislaci?n vigente. No esta permitida su divulgaci?n, copia o distribuci?n a terceros sin la autorizaci?n previa y por escrito del remitente. Si ha recibido este mensaje por error, le rogamos nos lo comunique inmediatamente por esta misma v?a y proceda a su destrucci?n. This e-mail is intended exclusively for the individual or entity to which it is addressed and may contain confidential or legally privileged information, which may not be disclosed under current legislation. Any form of disclosure, copying or distribution of this e-mail is strictly prohibited, save with written authorisation . If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard.savage at timico.co.uk Wed Apr 13 09:44:49 2016 From: richard.savage at timico.co.uk (Richard Savage) Date: Wed, 13 Apr 2016 09:44:49 +0000 Subject: [rancid] Rancid and Cisco Small Business SG500 Message-ID: <8739a2be3c47473bbe078c68c509c72f@THQ-MAIL01.timicogroup.local> Hi All Im using rancid 2.3.8 and am backup up around 100 cisco small business switches SG300's and SG500's. Im using the type cisco-sb. When backing up the SG500's on every diff the following is coming up: Index: configs/rc-pr-sw1 =================================================================== - -- configs/rc-pr-sw1 (revision 1333) @@ -16,12 +16,12 @@ !---- ------------------------- ------------------------- ! 1 24 OK ! 2 23 OK - ! 3 24 OK + ! 3 22 OK !Unit Up time !---- --------------- - ! 1 06,07:16:42 - ! 2 06,07:16:46 - ! 3 06,07:16:42 + ! 1 06,13:16:41 + ! 2 06,13:16:45 + ! 3 06,13:16:41 ! ! Unit SW version Boot version HW version !------------------- ------------------- ------------------- ------------------- Is there a way that rancid can ignore this so that we don't get a diff everytime rancid is run? Many thanks Rich This e-mail is sent on behalf of Timico Partner Services Limited, a company registered in England and Wales, registered number 03128506, registered office Beacon Hill Park, Newark, Nottinghamshire, NG24 2TN and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at timico.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Kevin.Stastny at landsend.com Wed Apr 13 18:58:48 2016 From: Kevin.Stastny at landsend.com (Stastny, Kevin R.) Date: Wed, 13 Apr 2016 18:58:48 +0000 Subject: [rancid] Login works, config fetch doesn't Message-ID: <8c9051c184cd4880992be2b2577eaae3@USMSG007.leinternal.com> Hello, I am hitting the same issue that is mentioned in this thread. I am curious to know if there is a solution to correct it? I am trying to get it to pull the configs off our Aerohive access points. It works on some, but not others, that has me confused! http://www.shrubbery.net/pipermail/rancid-discuss/2009-April/003892.html Thanks, Kevin Stastny Lands' End kevin.stastny at landsend.com 608-937-5105 -------------- next part -------------- An HTML attachment was scrubbed... URL: From arlarndk at gmail.com Mon Apr 18 06:00:31 2016 From: arlarndk at gmail.com (Arne Larsen) Date: Mon, 18 Apr 2016 08:00:31 +0200 Subject: [rancid] vs oob network Message-ID: <571477FF.9020508@gmail.com> Hi all Is there a way to get rancid to be able to connect to a port of a console server We have a out of band management network based on terminalservers Cisco 2900 witv async interfaces. Can I in someway get rancid to do a telnet session with a port appended. Ala clogin 10.2.3.4 6001 /Arne From howie at thingy.com Mon Apr 18 08:48:50 2016 From: howie at thingy.com (Howard Jones) Date: Mon, 18 Apr 2016 09:48:50 +0100 Subject: [rancid] vs oob network In-Reply-To: <571477FF.9020508@gmail.com> References: <571477FF.9020508@gmail.com> Message-ID: <3413655c-dfd3-71a5-e790-681f82991cbe@thingy.com> On 18/04/2016 07:00, Arne Larsen wrote: > Is there a way to get rancid to be able to connect to a port of a > console server > We have a out of band management network based on terminalservers > Cisco 2900 witv async interfaces. > Can I in someway get rancid to do a telnet session with a port appended. > Ala clogin 10.2.3.4 6001 From the manual... Example: add method * {ssh} {telnet:3000} {rsh} in your cloginrc, per host, would do it. From nachofw at adinet.com.uy Tue Apr 19 14:58:06 2016 From: nachofw at adinet.com.uy (nachofw) Date: Tue, 19 Apr 2016 11:58:06 -0300 Subject: [rancid] Diffscript * replaced Message-ID: <6u9lcu6dyqu0l889a3l13bwt.1461077706740@email.android.com> Hi guys, I?m using a DIFFSCRIPT that sends diff emails with colorized html.The only problem I?m having is when there is a * in the routers config it gets replaced by 'CVS configs router.db routers.all routers.down routers.single routers.up'Some of my configs use * in interface descriptions.I checked and it?s not my script, where can I check the code for this bug??My script:?http://pastebin.com/P3PqJqGFIt was taken from the linux journal?regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From crohmann at netcologne.de Wed Apr 20 09:19:34 2016 From: crohmann at netcologne.de (Christian Rohmann) Date: Wed, 20 Apr 2016 11:19:34 +0200 Subject: [rancid] Random white space when fetching configuration from MRV devices / why not switching off paging? Message-ID: Hey rancid-discuss, I am using RANCID 3.4.1 to fetch configuration off of MRV devices of models: OptiSwitch 904 OptiSwitch 906G OptiSwitch 912C OptiSwitch 940 I am seeing random noise with white space / indentation in front of configuration lines: diff: ------------------------ - contact "removed" - location removed + contact "removed" + location removed This is happening all over the config, not just at 1) I am wondering why a command send -h "terminal length 0\r" is send in mrvlogin even though (at least my devices) don't unserstand it. 2) I tried to "optimize" / fix this by changing it to send -h "no cli-paging \r" but then the prompt or the end of the command is not recognized anymore :-( So more work is necessary. But since "no cli-paging" was tried before the intention to not use any paging was there. Has any1 here played with MRV devices and would like to join in trying to properly fix this? Regards Christian From Jamie.Langshaw at datacom.com.au Wed Apr 20 11:35:33 2016 From: Jamie.Langshaw at datacom.com.au (Jamie Langshaw) Date: Wed, 20 Apr 2016 11:35:33 +0000 Subject: [rancid] Usercmd with non Cisco Devices Message-ID: <0A219A57CE015145892DED88062902E73A25B8@SYDPCOR-MBX03.datacom.com.au> Hi All, I have been successful in using the usercmd patch to connect and backup cisco devices behind another device but I now need to connect to non cisco devices like HP switches. I've configured the .cloginrc file and been able to test connectivity to the non cisco device but when the schedule runs I see the following error in the log files customer-site1-sw01.customer.internal: missed cmd(s): all commands customer-site1-sw01.customer.internal clogin error: Error: unknown connection method: usercmd customer-site-sw01.customer.internal: End of run not found Does the hlogin and other scripts need to be patched like I did originally with the clogin script? Thanks in advance Jamie ##################################################################################### Confidentiality and Privilege Notice This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message or responsible for delivery of the message to such person, you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. ##################################################################################### -------------- next part -------------- An HTML attachment was scrubbed... URL: From nachofw at adinet.com.uy Mon Apr 25 14:18:46 2016 From: nachofw at adinet.com.uy (nachofw) Date: Mon, 25 Apr 2016 11:18:46 -0300 Subject: [rancid] Lock on individual device Message-ID: Hi guys, I run "rancid-run -r " from a syslog monitoring when a device changed its conf. The problem is the lock file is created for the group so i cant run rancid individually for two devices at the same time if they belong to the same group.How can i change this? -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sebastien.Boulianne at cpu.ca Mon Apr 25 19:54:00 2016 From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca) Date: Mon, 25 Apr 2016 15:54:00 -0400 Subject: [rancid] Cant take my Fortigate config with Rancid on 2 FWs. Message-ID: <5FE0959288C73D448BB44CB7E9CC320F5837FD1658@CPUMAIL2.cpu.qc.ca> Hi all, I setuped my Rancid and it works perfectly for the most of FW excepts 2. On twice FWs, I configured an account backup with super-admin privilege, global. I want to backup a Fortigate60C and a Fortigate80C config. Rancid connect using SSH to the router but it stops with: --More-- --More- Is it a way to fix this issue ? Thanks you very much for your help! S?bastien -------------- next part -------------- An HTML attachment was scrubbed... URL: From crohmann at netcologne.de Tue Apr 26 09:20:38 2016 From: crohmann at netcologne.de (Christian Rohmann) Date: Tue, 26 Apr 2016 11:20:38 +0200 Subject: [rancid] Random white space when fetching configuration from MRV devices / why not switching off paging? In-Reply-To: References: Message-ID: <85a40fbf-6e22-95be-a5ba-97baa4a3fb53@netcologne.de> On 04/20/2016 11:19 AM, Christian Rohmann wrote: > I am using RANCID 3.4.1 to fetch configuration off of MRV devices of models: > > OptiSwitch 904 > OptiSwitch 906G > OptiSwitch 912C > OptiSwitch 940 I simply had a typo in my change to disable the paging and it seems to work just fine now, no more noise with indentation and quicker fetching of configuration. I put my changes regarding MRV devices into the two attached patches against RANCID 3.4.1 which folks with MRV devices here might want to test with their equipment: 1) patch_mrvlogin_disable_paging_3_4_1.patch This actually disables the paging with MRV Optiswitch devices and also fixes the indentation issues that sometimes causes some lines have some white space in front of them. 2) patch_mrv_noise_3_4_1.patch This filters a few more noisy lines from the "show version" like the ever changing fan status or currently logged in users. Regards Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: patch_mrv_noise_3_4_1.patch Type: text/x-patch Size: 745 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: patch_mrvlogin_disable_paging_3_4_1.patch Type: text/x-patch Size: 430 bytes Desc: not available URL: