From adudek16 at gmail.com Thu Sep 1 02:14:20 2016 From: adudek16 at gmail.com (Aaron Dudek) Date: Wed, 31 Aug 2016 22:14:20 -0400 Subject: [rancid] Can clogin prompt for a password? In-Reply-To: <4D3726A1-3978-4353-9D67-F7AA7F2083D8@psg.com> References: <20160804145855.GA22457@radiological.warningg.com> <20160804160129.GH25149@seti.u-strasbg.fr> <20160804161035.GC22457@radiological.warningg.com> <20160804172945.GK16112@shrubbery.net> <4D3726A1-3978-4353-9D67-F7AA7F2083D8@psg.com> Message-ID: huawei allows you to store keys. On Wed, Aug 31, 2016 at 5:25 PM, Patrick Okui wrote: > On 4 Aug 2016, at 20:29 EAT, heasley wrote: > >> [ it would be nice if vendors would store ssh keys like junos, so you >> could use ssh-agent ] > > > Cisco quietly added support for this some time back. Not sure which vendors > support/not support this these days. > > -- > patrick > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Tue Sep 6 18:33:57 2016 From: heas at shrubbery.net (heasley) Date: Tue, 6 Sep 2016 18:33:57 +0000 Subject: [rancid] Can clogin prompt for a password? In-Reply-To: <4D3726A1-3978-4353-9D67-F7AA7F2083D8@psg.com> References: <20160804145855.GA22457@radiological.warningg.com> <20160804160129.GH25149@seti.u-strasbg.fr> <20160804161035.GC22457@radiological.warningg.com> <20160804172945.GK16112@shrubbery.net> <4D3726A1-3978-4353-9D67-F7AA7F2083D8@psg.com> Message-ID: <20160906183357.GW52381@shrubbery.net> Thu, Sep 01, 2016 at 12:25:09AM +0300, Patrick Okui: > On 4 Aug 2016, at 20:29 EAT, heasley wrote: > > > [ it would be nice if vendors would store ssh keys like junos, so you > > could use ssh-agent ] > > Cisco quietly added support for this some time back. Not sure which > vendors support/not support this these days. isnt this XR only? I rather expected this to ubiquitous across the industry by now. From electro93 at gmail.com Tue Sep 6 20:37:17 2016 From: electro93 at gmail.com (electro) Date: Tue, 6 Sep 2016 15:37:17 -0500 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours Message-ID: All, I'm having a strange issue with a device called CVS not being contacted in over 24 hours. The following routers have not been successfully contacted for more than 24 hours. -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs Going to the server itself: rancid at rancid:~/Cisco$ grep -e cvs * routers.all:cvs;cisco routers.up:cvs;cisco How is this possible without a cvs;cisco;up in ~/Cisco/router.db? Please let me know because this is driving me nuts. Thanks! - Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Sep 7 12:40:50 2016 From: heas at shrubbery.net (heasley) Date: Wed, 7 Sep 2016 12:40:50 +0000 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: Message-ID: <20160907124050.GG78941@shrubbery.net> Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: > All, > > I'm having a strange issue with a device called CVS not being contacted in > over 24 hours. > > The following routers have not been successfully contacted for > > more than 24 hours. > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs > > > Going to the server itself: > > rancid at rancid:~/Cisco$ grep -e cvs * > > routers.all:cvs;cisco > > routers.up:cvs;cisco > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? any errors in the group's log file? From r.yossa at gmail.com Wed Sep 7 08:57:44 2016 From: r.yossa at gmail.com (Rodrigue Yossa) Date: Wed, 7 Sep 2016 09:57:44 +0100 Subject: [rancid] RANCID Stop sending Notifications Message-ID: Hello all, I'm using rancid for my LAN devices. The issue is that: rancid can't send notofications for any change on device in LAN, since some weeks. When test mail sending with my personnal address it can receive. But all tests with my profesionnal address failled. Can somebody have solution for this issue? Regards -- Rodrigue Y. -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at ena.com Wed Sep 7 13:18:39 2016 From: djones at ena.com (David Jones) Date: Wed, 7 Sep 2016 13:18:39 +0000 Subject: [rancid] RANCID Stop sending Notifications In-Reply-To: References: Message-ID: What OS are you on? On Redhat Linux, check your /var/log/maillog for clues. Also, what is the SENDMAIL setting in your etc/rancid.conf? Make sure that is pointed to a valid sendmail command. Dave ________________________________ From: Rancid-discuss on behalf of Rodrigue Yossa Sent: Wednesday, September 7, 2016 3:57 AM To: Rancid-discuss at shrubbery.net Subject: [rancid] RANCID Stop sending Notifications Hello all, I'm using rancid for my LAN devices. The issue is that: rancid can't send notofications for any change on device in LAN, since some weeks. When test mail sending with my personnal address it can receive. But all tests with my profesionnal address failled. Can somebody have solution for this issue? Regards -- Rodrigue Y. -------------- next part -------------- An HTML attachment was scrubbed... URL: From electro93 at gmail.com Wed Sep 7 13:43:40 2016 From: electro93 at gmail.com (electro) Date: Wed, 7 Sep 2016 08:43:40 -0500 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: <20160907124050.GG78941@shrubbery.net> References: <20160907124050.GG78941@shrubbery.net> Message-ID: The only errors in the log file pertain to the missed routers: cvs: missed cmd(s): all commands cvs: End of run not found cvs clogin error: Error: Couldn't login: cvs On Wed, Sep 7, 2016 at 7:40 AM, heasley wrote: > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: > > All, > > > > I'm having a strange issue with a device called CVS not being contacted > in > > over 24 hours. > > > > The following routers have not been successfully contacted for > > > > more than 24 hours. > > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs > > > > > > Going to the server itself: > > > > rancid at rancid:~/Cisco$ grep -e cvs * > > > > routers.all:cvs;cisco > > > > routers.up:cvs;cisco > > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? > > any errors in the group's log file? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Sep 7 13:53:48 2016 From: heas at shrubbery.net (heasley) Date: Wed, 7 Sep 2016 13:53:48 +0000 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: <20160907124050.GG78941@shrubbery.net> Message-ID: <20160907135348.GR78941@shrubbery.net> Wed, Sep 07, 2016 at 08:43:40AM -0500, electro: > The only errors in the log file pertain to the missed routers: > > cvs: missed cmd(s): all commands > > cvs: End of run not found > > cvs clogin error: Error: Couldn't login: cvs so...what does that error tell you? also see FAQ S3Q2 > > > > On Wed, Sep 7, 2016 at 7:40 AM, heasley wrote: > > > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: > > > All, > > > > > > I'm having a strange issue with a device called CVS not being contacted > > in > > > over 24 hours. > > > > > > The following routers have not been successfully contacted for > > > > > > more than 24 hours. > > > > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs > > > > > > > > > Going to the server itself: > > > > > > rancid at rancid:~/Cisco$ grep -e cvs * > > > > > > routers.all:cvs;cisco > > > > > > routers.up:cvs;cisco > > > > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? > > > > any errors in the group's log file? > > From electro93 at gmail.com Wed Sep 7 14:46:09 2016 From: electro93 at gmail.com (electro) Date: Wed, 7 Sep 2016 09:46:09 -0500 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: <20160907135348.GR78941@shrubbery.net> References: <20160907124050.GG78941@shrubbery.net> <20160907135348.GR78941@shrubbery.net> Message-ID: I've even tried adding the device in router.db as: cvs;cisco;down and it still complains about the original mysterious cvs. On Wed, Sep 7, 2016 at 8:53 AM, heasley wrote: > Wed, Sep 07, 2016 at 08:43:40AM -0500, electro: > > The only errors in the log file pertain to the missed routers: > > > > cvs: missed cmd(s): all commands > > > > cvs: End of run not found > > > > cvs clogin error: Error: Couldn't login: cvs > > so...what does that error tell you? also see FAQ S3Q2 > > > > > > > > > On Wed, Sep 7, 2016 at 7:40 AM, heasley wrote: > > > > > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: > > > > All, > > > > > > > > I'm having a strange issue with a device called CVS not being > contacted > > > in > > > > over 24 hours. > > > > > > > > The following routers have not been successfully contacted for > > > > > > > > more than 24 hours. > > > > > > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs > > > > > > > > > > > > Going to the server itself: > > > > > > > > rancid at rancid:~/Cisco$ grep -e cvs * > > > > > > > > routers.all:cvs;cisco > > > > > > > > routers.up:cvs;cisco > > > > > > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? > > > > > > any errors in the group's log file? > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Charles.Brooks at hbcs.org Wed Sep 7 15:06:48 2016 From: Charles.Brooks at hbcs.org (Charles T. Brooks) Date: Wed, 7 Sep 2016 15:06:48 +0000 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: <20160907124050.GG78941@shrubbery.net> <20160907135348.GR78941@shrubbery.net>, Message-ID: cvs is the name of a process that rancid runs in order to detect and archive changes in configuration files. Originally, it was called this because the process ran the Concurrent Versioning System which you will find in Wikipedia under CVS (alternatively, google CVS). Today, rancid's cvs process can use CVS, Subversion or Git. You should be using Git, if you don't know what CVS is. It looks like you are trying to use CVS but don't have it set up? Hard for me to tell, I only use Git. CVS is ancient. --Charlie ________________________________ From: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] on behalf of electro [electro93 at gmail.com] Sent: Wednesday, September 07, 2016 10:46 AM To: heasley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Device CVS hasn't been contacted in over 24 hours I've even tried adding the device in router.db as: cvs;cisco;down and it still complains about the original mysterious cvs. On Wed, Sep 7, 2016 at 8:53 AM, heasley > wrote: Wed, Sep 07, 2016 at 08:43:40AM -0500, electro: > The only errors in the log file pertain to the missed routers: > > cvs: missed cmd(s): all commands > > cvs: End of run not found > > cvs clogin error: Error: Couldn't login: cvs so...what does that error tell you? also see FAQ S3Q2 > > > > On Wed, Sep 7, 2016 at 7:40 AM, heasley > wrote: > > > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: > > > All, > > > > > > I'm having a strange issue with a device called CVS not being contacted > > in > > > over 24 hours. > > > > > > The following routers have not been successfully contacted for > > > > > > more than 24 hours. > > > > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs > > > > > > > > > Going to the server itself: > > > > > > rancid at rancid:~/Cisco$ grep -e cvs * > > > > > > routers.all:cvs;cisco > > > > > > routers.up:cvs;cisco > > > > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? > > > > any errors in the group's log file? > > ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Tue Sep 6 15:27:22 2016 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 6 Sep 2016 09:27:22 -0600 Subject: [rancid] websvn removed Message-ID: For lack of updates, Debian/Ubuntu removed websvn from the repo. Any better alternative than ViewVC? Thkx. -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From electro93 at gmail.com Wed Sep 7 17:04:56 2016 From: electro93 at gmail.com (electro) Date: Wed, 7 Sep 2016 12:04:56 -0500 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: <20160907124050.GG78941@shrubbery.net> <20160907135348.GR78941@shrubbery.net> Message-ID: Charles, I am using CVS and also have ViewVC tied in, to allow my GUI-based admins to see color coded changes in the environment. What I am not completely able to resolve is that rancid feels there is a device called "cvs", which there clearly isnt. By performing a grep in the Group directory, I see the following: rancid at rancid:~/Cisco$ grep -e cvs * routers.all:cvs;cisco routers.up:cvs;cisco However, this device is not configured in routers.db. When I've added cvs;cisco;down to the routers.db file, it will add that route, but will continue to inform me that the original "cvs" is unable to be contacted. I was hoping that someone could provide me some insight into any possibilities. I'm running rancid 3.5 and have stood up many environments and never once ran into this issue. Thanks for all the assistance and please let me know if you have any additional ideas. Thanks, Mike On Wed, Sep 7, 2016 at 10:06 AM, Charles T. Brooks wrote: > cvs is the name of a process that rancid runs in order to detect and > archive changes in configuration files. > > Originally, it was called this because the process ran the Concurrent > Versioning System which you will find in Wikipedia under CVS > (alternatively, google CVS). > > Today, rancid's cvs process can use CVS, Subversion or Git. You should be > using Git, if you don't know what CVS is. > > It looks like you are trying to use CVS but don't have it set up? Hard > for me to tell, I only use Git. CVS is ancient. > > --Charlie > > > ------------------------------ > *From:* Rancid-discuss [rancid-discuss-bounces at shrubbery.net] on behalf > of electro [electro93 at gmail.com] > *Sent:* Wednesday, September 07, 2016 10:46 AM > *To:* heasley > *Cc:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Device CVS hasn't been contacted in over 24 hours > > I've even tried adding the device in router.db as: > > cvs;cisco;down > > and it still complains about the original mysterious cvs. > > On Wed, Sep 7, 2016 at 8:53 AM, heasley wrote: > >> Wed, Sep 07, 2016 at 08:43:40AM -0500, electro: >> > The only errors in the log file pertain to the missed routers: >> > >> > cvs: missed cmd(s): all commands >> > >> > cvs: End of run not found >> > >> > cvs clogin error: Error: Couldn't login: cvs >> >> so...what does that error tell you? also see FAQ S3Q2 >> >> > >> > >> > >> > On Wed, Sep 7, 2016 at 7:40 AM, heasley wrote: >> > >> > > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: >> > > > All, >> > > > >> > > > I'm having a strange issue with a device called CVS not being >> contacted >> > > in >> > > > over 24 hours. >> > > > >> > > > The following routers have not been successfully contacted for >> > > > >> > > > more than 24 hours. >> > > > >> > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs >> > > > >> > > > >> > > > Going to the server itself: >> > > > >> > > > rancid at rancid:~/Cisco$ grep -e cvs * >> > > > >> > > > routers.all:cvs;cisco >> > > > >> > > > routers.up:cvs;cisco >> > > > >> > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? >> > > >> > > any errors in the group's log file? >> > > >> > > ------------------ CONFIDENTIALITY NOTICE --------------- > > This message, including any attachments, is for the sole use of the > intended recipient(s) and may contain privileged confidential information > protected by law. Any unauthorized review, use, disclosure or distribution > of this message is prohibited. If you are not the intended recipient, > please > contact the sender by reply e-mail and destroy all copies of this message. > > ------------------ CONFIDENTIALITY NOTICE --------------- > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Sep 7 17:10:46 2016 From: heas at shrubbery.net (heasley) Date: Wed, 7 Sep 2016 17:10:46 +0000 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: <20160907124050.GG78941@shrubbery.net> <20160907135348.GR78941@shrubbery.net> Message-ID: <20160907171046.GO83245@shrubbery.net> Wed, Sep 07, 2016 at 09:46:09AM -0500, electro: > I've even tried adding the device in router.db as: > > cvs;cisco;down > > and it still complains about the original mysterious cvs. ah. is Cisco/routers.failed owned by the rancid user? perhaps you have an altered version of rancid? > On Wed, Sep 7, 2016 at 8:53 AM, heasley wrote: > > > Wed, Sep 07, 2016 at 08:43:40AM -0500, electro: > > > The only errors in the log file pertain to the missed routers: > > > > > > cvs: missed cmd(s): all commands > > > > > > cvs: End of run not found > > > > > > cvs clogin error: Error: Couldn't login: cvs > > > > so...what does that error tell you? also see FAQ S3Q2 > > > > > > > > > > > > > > On Wed, Sep 7, 2016 at 7:40 AM, heasley wrote: > > > > > > > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: > > > > > All, > > > > > > > > > > I'm having a strange issue with a device called CVS not being > > contacted > > > > in > > > > > over 24 hours. > > > > > > > > > > The following routers have not been successfully contacted for > > > > > > > > > > more than 24 hours. > > > > > > > > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs > > > > > > > > > > > > > > > Going to the server itself: > > > > > > > > > > rancid at rancid:~/Cisco$ grep -e cvs * > > > > > > > > > > routers.all:cvs;cisco > > > > > > > > > > routers.up:cvs;cisco > > > > > > > > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? > > > > > > > > any errors in the group's log file? > > > > > > From djones at ena.com Wed Sep 7 18:29:27 2016 From: djones at ena.com (David Jones) Date: Wed, 7 Sep 2016 18:29:27 +0000 Subject: [rancid] RANCID Stop sending Notifications In-Reply-To: References: , Message-ID: Since I want all of the emails to come directly to me, I setup aliases for all of the groups to send to a single email address. /etc/aliases ========== rancid-firewall-admin: me at example.com rancid-firewall: me at example.com then run the 'newaliases' command to make it active. If you decide the email notifications are too much or not beneficial, then set the SENDMAIL to '/bin/true' in the etc/rancid.conf. Dave From: Rodrigue Yossa Sent: Wednesday, September 7, 2016 1:05 PM To: David Jones Cc: Rancid-discuss at shrubbery.net Subject: Re: [rancid] RANCID Stop sending Notifications Hi, I'm using CentOS 6.4. When check Sendmail conf in etc/rancid.conf in point to valid command. Also /var/log/message show me that mail is send to rancid-firewall-admin ############## to=, relay=smtp.mydomain.net:587, delay=1.3, delays=0.24/0/0.54/0.55, dsn=2.0.0, status=sent ############## Regards 2016-09-07 14:18 UTC+01:00, David Jones : > What OS are you on? On Redhat Linux, check your /var/log/maillog for > clues. > > Also, what is the SENDMAIL setting in your etc/rancid.conf? Make sure that > is pointed to a valid sendmail command. > > Dave > > ________________________________ > From: Rancid-discuss on behalf of > Rodrigue Yossa > Sent: Wednesday, September 7, 2016 3:57 AM > To: Rancid-discuss at shrubbery.net > Subject: [rancid] RANCID Stop sending Notifications > > Hello all, > I'm using rancid for my LAN devices. > The issue is that: rancid can't send notofications for any change on device > in LAN, since some weeks. > When test mail sending with my personnal address it can receive. > But all tests with my profesionnal address failled. > Can somebody have solution for this issue? > Regards > > -- > Rodrigue Y. > > -- Rodrigue YOSSA Tel: (+237) 6 77.91.05.16 - 6 97.18.47.14 Skype: r.yossa -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at ena.com Wed Sep 7 18:46:59 2016 From: djones at ena.com (David Jones) Date: Wed, 7 Sep 2016 18:46:59 +0000 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: <20160907124050.GG78941@shrubbery.net> <20160907135348.GR78941@shrubbery.net> , Message-ID: Start with your LIST_OF_GROUPS in etc/rancid.conf. Do you you only have one group called "Cisco"? Then look through your BASEDIR for each GROUP's router.db. The LOGDIR will have logs based on the GROUP. Search (grep) those logs for "cvs" and see if you can tell where this "cvs" is coming from. ________________________________ From: Rancid-discuss on behalf of electro Sent: Wednesday, September 7, 2016 12:04 PM To: Charles T. Brooks Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Device CVS hasn't been contacted in over 24 hours Charles, I am using CVS and also have ViewVC tied in, to allow my GUI-based admins to see color coded changes in the environment. What I am not completely able to resolve is that rancid feels there is a device called "cvs", which there clearly isnt. By performing a grep in the Group directory, I see the following: rancid at rancid:~/Cisco$ grep -e cvs * routers.all:cvs;cisco routers.up:cvs;cisco However, this device is not configured in routers.db. When I've added cvs;cisco;down to the routers.db file, it will add that route, but will continue to inform me that the original "cvs" is unable to be contacted. I was hoping that someone could provide me some insight into any possibilities. I'm running rancid 3.5 and have stood up many environments and never once ran into this issue. Thanks for all the assistance and please let me know if you have any additional ideas. Thanks, Mike On Wed, Sep 7, 2016 at 10:06 AM, Charles T. Brooks > wrote: cvs is the name of a process that rancid runs in order to detect and archive changes in configuration files. Originally, it was called this because the process ran the Concurrent Versioning System which you will find in Wikipedia under CVS (alternatively, google CVS). Today, rancid's cvs process can use CVS, Subversion or Git. You should be using Git, if you don't know what CVS is. It looks like you are trying to use CVS but don't have it set up? Hard for me to tell, I only use Git. CVS is ancient. --Charlie ________________________________ From: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] on behalf of electro [electro93 at gmail.com] Sent: Wednesday, September 07, 2016 10:46 AM To: heasley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Device CVS hasn't been contacted in over 24 hours I've even tried adding the device in router.db as: cvs;cisco;down and it still complains about the original mysterious cvs. On Wed, Sep 7, 2016 at 8:53 AM, heasley > wrote: Wed, Sep 07, 2016 at 08:43:40AM -0500, electro: > The only errors in the log file pertain to the missed routers: > > cvs: missed cmd(s): all commands > > cvs: End of run not found > > cvs clogin error: Error: Couldn't login: cvs so...what does that error tell you? also see FAQ S3Q2 > > > > On Wed, Sep 7, 2016 at 7:40 AM, heasley > wrote: > > > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: > > > All, > > > > > > I'm having a strange issue with a device called CVS not being contacted > > in > > > over 24 hours. > > > > > > The following routers have not been successfully contacted for > > > > > > more than 24 hours. > > > > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs > > > > > > > > > Going to the server itself: > > > > > > rancid at rancid:~/Cisco$ grep -e cvs * > > > > > > routers.all:cvs;cisco > > > > > > routers.up:cvs;cisco > > > > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? > > > > any errors in the group's log file? > > ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From r.yossa at gmail.com Wed Sep 7 18:05:37 2016 From: r.yossa at gmail.com (Rodrigue Yossa) Date: Wed, 7 Sep 2016 19:05:37 +0100 Subject: [rancid] RANCID Stop sending Notifications In-Reply-To: References: Message-ID: Hi, I'm using CentOS 6.4. When check Sendmail conf in etc/rancid.conf in point to valid command. Also /var/log/message show me that mail is send to rancid-firewall-admin ############## to=, relay=smtp.mydomain.net:587, delay=1.3, delays=0.24/0/0.54/0.55, dsn=2.0.0, status=sent ############## Regards 2016-09-07 14:18 UTC+01:00, David Jones : > What OS are you on? On Redhat Linux, check your /var/log/maillog for > clues. > > Also, what is the SENDMAIL setting in your etc/rancid.conf? Make sure that > is pointed to a valid sendmail command. > > Dave > > ________________________________ > From: Rancid-discuss on behalf of > Rodrigue Yossa > Sent: Wednesday, September 7, 2016 3:57 AM > To: Rancid-discuss at shrubbery.net > Subject: [rancid] RANCID Stop sending Notifications > > Hello all, > I'm using rancid for my LAN devices. > The issue is that: rancid can't send notofications for any change on device > in LAN, since some weeks. > When test mail sending with my personnal address it can receive. > But all tests with my profesionnal address failled. > Can somebody have solution for this issue? > Regards > > -- > Rodrigue Y. > > -- Rodrigue YOSSA Tel: (+237) 6 77.91.05.16 - 6 97.18.47.14 Skype: r.yossa From alan.mckinnon at gmail.com Wed Sep 7 19:06:29 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 7 Sep 2016 21:06:29 +0200 Subject: [rancid] RANCID Stop sending Notifications In-Reply-To: References: Message-ID: <0879d6ec-9a35-d6b3-5784-e56ea3fae57c@gmail.com> do the usual: set rancid-firewall-admin to alias to the desired address in /etc/aliases and run newaliases On 07/09/2016 20:05, Rodrigue Yossa wrote: > Hi, > I'm using CentOS 6.4. > When check Sendmail conf in etc/rancid.conf in point to valid command. > Also /var/log/message show me that mail is send to rancid-firewall-admin > > ############## > to=, relay=smtp.mydomain.net:587, > delay=1.3, delays=0.24/0/0.54/0.55, dsn=2.0.0, status=sent > ############## > > > > Regards > > 2016-09-07 14:18 UTC+01:00, David Jones : >> What OS are you on? On Redhat Linux, check your /var/log/maillog for >> clues. >> >> Also, what is the SENDMAIL setting in your etc/rancid.conf? Make sure that >> is pointed to a valid sendmail command. >> >> Dave >> >> ________________________________ >> From: Rancid-discuss on behalf of >> Rodrigue Yossa >> Sent: Wednesday, September 7, 2016 3:57 AM >> To: Rancid-discuss at shrubbery.net >> Subject: [rancid] RANCID Stop sending Notifications >> >> Hello all, >> I'm using rancid for my LAN devices. >> The issue is that: rancid can't send notofications for any change on device >> in LAN, since some weeks. >> When test mail sending with my personnal address it can receive. >> But all tests with my profesionnal address failled. >> Can somebody have solution for this issue? >> Regards >> >> -- >> Rodrigue Y. >> >> > > -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Wed Sep 7 20:58:22 2016 From: heas at shrubbery.net (heasley) Date: Wed, 7 Sep 2016 20:58:22 +0000 Subject: [rancid] Regarding of more lines of netscreen device issue in RANCID version 3.2 and later In-Reply-To: <20160821180412.GL1476@shrubbery.net> References: <20160821180243.5984F213F59@sea.shrubbery.net> <20160821180412.GL1476@shrubbery.net> Message-ID: <20160907205822.GB89253@shrubbery.net> Sun, Aug 21, 2016 at 06:04:13PM +0000, heasley: > Thu, Aug 18, 2016 at 04:01:17PM +0800, Wallance Hou: > > Dear Tech. > > > > I am meeting some issue on netscreen since rancid 3.2 and later. As the > > netscreen device using tacacs auth, for console page command, it required > > admin privilege. however rancid user have read-only privilege so that the > > user can't execute page command to disable cli paging. For config file from > > rancid in 3.2 and later, it appears many "^H" when pressing space to show > > more lines. However it was working well in version 2.3.6 that no ^H shown > > in config file. So would you kindly advice how I can adjust rancid to clear > > ^H from config file? > > Does this change filter this? > > Index: bin/nlogin.in > =================================================================== > --- bin/nlogin.in (revision 3446) > +++ bin/nlogin.in (working copy) > @@ -451,6 +451,7 @@ > -gl "--- more ---" { send " " > exp_continue > } > + -re "\b+" { exp_continue } > } > } > log_user 1 Trying to catch-up on my inbox. Did this patch fix the problem you have? From electro93 at gmail.com Wed Sep 7 22:14:44 2016 From: electro93 at gmail.com (electro) Date: Wed, 7 Sep 2016 17:14:44 -0500 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: <20160907124050.GG78941@shrubbery.net> <20160907135348.GR78941@shrubbery.net> Message-ID: David, Thanks for the response: cat /etc/rancid/rancid.conf |grep GROUP LIST_OF_GROUPS="Cisco"; export LIST_OF_GROUPS grep -e cvs /var/lib/rancid/logs/*: Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs diff: Diffing . Cisco.20160830.161409:cvs diff: Diffing configs Cisco.20160830.161409:cvs commit: Examining . Cisco.20160830.161409:cvs commit: Examining configs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs diff: Diffing . Cisco.20160830.180101:cvs diff: Diffing configs Cisco.20160830.180101:cvs commit: Examining . Cisco.20160830.180101:cvs commit: Examining configs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs diff: Diffing . Cisco.20160830.190101:cvs diff: Diffing configs Cisco.20160830.190101:cvs commit: Examining . Cisco.20160830.190101:cvs commit: Examining configs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found On Wed, Sep 7, 2016 at 1:46 PM, David Jones wrote: > Start with your LIST_OF_GROUPS in etc/rancid.conf. Do you you only have > one group called "Cisco"? > > Then look through your BASEDIR for each GROUP's router.db. The LOGDIR > will have logs based on the GROUP. Search (grep) those logs for "cvs" and > see if you can tell where this "cvs" is coming from. > > > ------------------------------ > *From:* Rancid-discuss on behalf > of electro > *Sent:* Wednesday, September 7, 2016 12:04 PM > *To:* Charles T. Brooks > > *Cc:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Device CVS hasn't been contacted in over 24 hours > > Charles, > > I am using CVS and also have ViewVC tied in, to allow my GUI-based admins > to see color coded changes in the environment. What I am not completely > able to resolve is that rancid feels there is a device called "cvs", which > there clearly isnt. By performing a grep in the Group directory, I see the > following: > > rancid at rancid:~/Cisco$ grep -e cvs * > > routers.all:cvs;cisco > > routers.up:cvs;cisco > > However, this device is not configured in routers.db. When I've added > cvs;cisco;down to the routers.db file, it will add that route, but will > continue to inform me that the original "cvs" is unable to be contacted. I > was hoping that someone could provide me some insight into any > possibilities. I'm running rancid 3.5 and have stood up many environments > and never once ran into this issue. Thanks for all the assistance and > please let me know if you have any additional ideas. > > > Thanks, > > Mike > > > On Wed, Sep 7, 2016 at 10:06 AM, Charles T. Brooks < > Charles.Brooks at hbcs.org> wrote: > >> cvs is the name of a process that rancid runs in order to detect and >> archive changes in configuration files. >> >> Originally, it was called this because the process ran the Concurrent >> Versioning System which you will find in Wikipedia under CVS >> (alternatively, google CVS). >> >> Today, rancid's cvs process can use CVS, Subversion or Git. You should >> be using Git, if you don't know what CVS is. >> >> It looks like you are trying to use CVS but don't have it set up? Hard >> for me to tell, I only use Git. CVS is ancient. >> >> --Charlie >> >> >> ------------------------------ >> *From:* Rancid-discuss [rancid-discuss-bounces at shrubbery.net] on behalf >> of electro [electro93 at gmail.com] >> *Sent:* Wednesday, September 07, 2016 10:46 AM >> *To:* heasley >> *Cc:* rancid-discuss at shrubbery.net >> *Subject:* Re: [rancid] Device CVS hasn't been contacted in over 24 hours >> >> I've even tried adding the device in router.db as: >> >> cvs;cisco;down >> >> and it still complains about the original mysterious cvs. >> >> On Wed, Sep 7, 2016 at 8:53 AM, heasley wrote: >> >>> Wed, Sep 07, 2016 at 08:43:40AM -0500, electro: >>> > The only errors in the log file pertain to the missed routers: >>> > >>> > cvs: missed cmd(s): all commands >>> > >>> > cvs: End of run not found >>> > >>> > cvs clogin error: Error: Couldn't login: cvs >>> >>> so...what does that error tell you? also see FAQ S3Q2 >>> >>> > >>> > >>> > >>> > On Wed, Sep 7, 2016 at 7:40 AM, heasley wrote: >>> > >>> > > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: >>> > > > All, >>> > > > >>> > > > I'm having a strange issue with a device called CVS not being >>> contacted >>> > > in >>> > > > over 24 hours. >>> > > > >>> > > > The following routers have not been successfully contacted for >>> > > > >>> > > > more than 24 hours. >>> > > > >>> > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs >>> > > > >>> > > > >>> > > > Going to the server itself: >>> > > > >>> > > > rancid at rancid:~/Cisco$ grep -e cvs * >>> > > > >>> > > > routers.all:cvs;cisco >>> > > > >>> > > > routers.up:cvs;cisco >>> > > > >>> > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? >>> > > >>> > > any errors in the group's log file? >>> > > >>> >> >> ------------------ CONFIDENTIALITY NOTICE --------------- >> >> This message, including any attachments, is for the sole use of the >> intended recipient(s) and may contain privileged confidential information >> protected by law. Any unauthorized review, use, disclosure or distribution >> of this message is prohibited. If you are not the intended recipient, >> please >> contact the sender by reply e-mail and destroy all copies of this message. >> >> ------------------ CONFIDENTIALITY NOTICE --------------- >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at ena.com Wed Sep 7 22:38:01 2016 From: djones at ena.com (David Jones) Date: Wed, 7 Sep 2016 22:38:01 +0000 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: <20160907124050.GG78941@shrubbery.net> <20160907135348.GR78941@shrubbery.net> , Message-ID: >From that output, it looks like you have an entry in $BASEDIR/Cisco/router.db 'cvs;cisco;up' that you need to remove. Check the BASEDIR variable to make sure you are looking in the right place for the router.db file. ________________________________ From: electro Sent: Wednesday, September 7, 2016 5:14 PM To: David Jones Cc: Charles T. Brooks; rancid-discuss at shrubbery.net Subject: Re: [rancid] Device CVS hasn't been contacted in over 24 hours David, Thanks for the response: cat /etc/rancid/rancid.conf |grep GROUP LIST_OF_GROUPS="Cisco"; export LIST_OF_GROUPS grep -e cvs /var/lib/rancid/logs/*: Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs: missed cmd(s): all commands Cisco.20160830.161409:cvs: End of run not found Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.161409:cvs diff: Diffing . Cisco.20160830.161409:cvs diff: Diffing configs Cisco.20160830.161409:cvs commit: Examining . Cisco.20160830.161409:cvs commit: Examining configs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs: missed cmd(s): all commands Cisco.20160830.180101:cvs: End of run not found Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.180101:cvs diff: Diffing . Cisco.20160830.180101:cvs diff: Diffing configs Cisco.20160830.180101:cvs commit: Examining . Cisco.20160830.180101:cvs commit: Examining configs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs: missed cmd(s): all commands Cisco.20160830.190101:cvs: End of run not found Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.190101:cvs diff: Diffing . Cisco.20160830.190101:cvs diff: Diffing configs Cisco.20160830.190101:cvs commit: Examining . Cisco.20160830.190101:cvs commit: Examining configs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs Cisco.20160830.200101:cvs: missed cmd(s): all commands Cisco.20160830.200101:cvs: End of run not found On Wed, Sep 7, 2016 at 1:46 PM, David Jones > wrote: Start with your LIST_OF_GROUPS in etc/rancid.conf. Do you you only have one group called "Cisco"? Then look through your BASEDIR for each GROUP's router.db. The LOGDIR will have logs based on the GROUP. Search (grep) those logs for "cvs" and see if you can tell where this "cvs" is coming from. ________________________________ From: Rancid-discuss > on behalf of electro > Sent: Wednesday, September 7, 2016 12:04 PM To: Charles T. Brooks Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Device CVS hasn't been contacted in over 24 hours Charles, I am using CVS and also have ViewVC tied in, to allow my GUI-based admins to see color coded changes in the environment. What I am not completely able to resolve is that rancid feels there is a device called "cvs", which there clearly isnt. By performing a grep in the Group directory, I see the following: rancid at rancid:~/Cisco$ grep -e cvs * routers.all:cvs;cisco routers.up:cvs;cisco However, this device is not configured in routers.db. When I've added cvs;cisco;down to the routers.db file, it will add that route, but will continue to inform me that the original "cvs" is unable to be contacted. I was hoping that someone could provide me some insight into any possibilities. I'm running rancid 3.5 and have stood up many environments and never once ran into this issue. Thanks for all the assistance and please let me know if you have any additional ideas. Thanks, Mike On Wed, Sep 7, 2016 at 10:06 AM, Charles T. Brooks > wrote: cvs is the name of a process that rancid runs in order to detect and archive changes in configuration files. Originally, it was called this because the process ran the Concurrent Versioning System which you will find in Wikipedia under CVS (alternatively, google CVS). Today, rancid's cvs process can use CVS, Subversion or Git. You should be using Git, if you don't know what CVS is. It looks like you are trying to use CVS but don't have it set up? Hard for me to tell, I only use Git. CVS is ancient. --Charlie ________________________________ From: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] on behalf of electro [electro93 at gmail.com] Sent: Wednesday, September 07, 2016 10:46 AM To: heasley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Device CVS hasn't been contacted in over 24 hours I've even tried adding the device in router.db as: cvs;cisco;down and it still complains about the original mysterious cvs. On Wed, Sep 7, 2016 at 8:53 AM, heasley > wrote: Wed, Sep 07, 2016 at 08:43:40AM -0500, electro: > The only errors in the log file pertain to the missed routers: > > cvs: missed cmd(s): all commands > > cvs: End of run not found > > cvs clogin error: Error: Couldn't login: cvs so...what does that error tell you? also see FAQ S3Q2 > > > > On Wed, Sep 7, 2016 at 7:40 AM, heasley > wrote: > > > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: > > > All, > > > > > > I'm having a strange issue with a device called CVS not being contacted > > in > > > over 24 hours. > > > > > > The following routers have not been successfully contacted for > > > > > > more than 24 hours. > > > > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs > > > > > > > > > Going to the server itself: > > > > > > rancid at rancid:~/Cisco$ grep -e cvs * > > > > > > routers.all:cvs;cisco > > > > > > routers.up:cvs;cisco > > > > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? > > > > any errors in the group's log file? > > ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From Remi.FESSARD at knorr-bremse.com Thu Sep 8 12:53:31 2016 From: Remi.FESSARD at knorr-bremse.com (=?iso-8859-1?Q?FESSARD=2C_R=E9mi?=) Date: Thu, 8 Sep 2016 12:53:31 +0000 Subject: [rancid] Cisco 2504 Wireless Controler Message-ID: Hello, I have an issue to save our Cisco 2504 Wireless Controler with RANCID 3.4.1 - program ciscowlc5. The backup works fine only if the configuration of this CISCO is not saved, else, I have this error in log file: ----------------------------------------------------------------------------------------------------------------------------------------------------- starting: jeudi 8 septembre 2016, 10:32:26 (UTC+0200) Trying to get all of the configs. Ciscowc01: End of run not found !--WLC End Config Data--! ===================================== Getting missed routers: round 1. Ciscowc01: End of run not found !--WLC End Config Data--! ===================================== Getting missed routers: round 2. Ciscowc01: End of run not found !--WLC End Config Data--! ===================================== Getting missed routers: round 3. Ciscowc01: End of run not found !--WLC End Config Data--! ===================================== Getting missed routers: round 4. Ciscowc01: End of run not found !--WLC End Config Data--! cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ----------------------------------------------------------------------------------------------------------------------------------------------------- If I do a modification on the controller without saving, no more issue in the log file: ----------------------------------------------------------------------------------------------------------------------------------------------------- starting: jeudi 8 septembre 2016, 14:01:01 (UTC+0200) Trying to get all of the configs. All routers sucessfully completed. cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ending: jeudi 8 septembre 2016, 14:01:52 (UTC+0200) ----------------------------------------------------------------------------------------------------------------------------------------------------- Have you got an idea to solve it ? Thanks in advance for your support, R?mi This transmission is intended solely for the addressee and contains confidential information. If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system. Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Sep 8 15:08:10 2016 From: heas at shrubbery.net (heasley) Date: Thu, 8 Sep 2016 15:08:10 +0000 Subject: [rancid] Cisco 2504 Wireless Controler In-Reply-To: References: Message-ID: <20160908150810.GB12290@shrubbery.net> Thu, Sep 08, 2016 at 12:53:31PM +0000, FESSARD, R?mi: > Hello, > > I have an issue to save our Cisco 2504 Wireless Controler with RANCID 3.4.1 - program ciscowlc5. > The backup works fine only if the configuration of this CISCO is not saved, else, I have this error in log file: > ----------------------------------------------------------------------------------------------------------------------------------------------------- > starting: jeudi 8 septembre 2016, 10:32:26 (UTC+0200) > > Trying to get all of the configs. > Ciscowc01: End of run not found > !--WLC End Config Data--! > ===================================== > Getting missed routers: round 1. > Ciscowc01: End of run not found > !--WLC End Config Data--! > ===================================== > Getting missed routers: round 2. > Ciscowc01: End of run not found > !--WLC End Config Data--! > ===================================== > Getting missed routers: round 3. > Ciscowc01: End of run not found > !--WLC End Config Data--! > ===================================== > Getting missed routers: round 4. > Ciscowc01: End of run not found > !--WLC End Config Data--! > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs commit: Examining . > cvs commit: Examining configs > ----------------------------------------------------------------------------------------------------------------------------------------------------- > > If I do a modification on the controller without saving, no more issue in the log file: > ----------------------------------------------------------------------------------------------------------------------------------------------------- > starting: jeudi 8 septembre 2016, 14:01:01 (UTC+0200) > > Trying to get all of the configs. > All routers sucessfully completed. > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs commit: Examining . > cvs commit: Examining configs > > ending: jeudi 8 septembre 2016, 14:01:52 (UTC+0200) > ----------------------------------------------------------------------------------------------------------------------------------------------------- > > Have you got an idea to solve it ? Could you try rancid 3.5.1? It has a 1 fix for ciscowlc that might apply to this problem. If it does not, please send the Ciscowc01.raw file from this cmd to me: export NOPIPE=YES;rancid -t ciscowlc5 -d Ciscowc01 From fwissue at hotmail.com Thu Sep 8 20:18:55 2016 From: fwissue at hotmail.com (michael liu) Date: Thu, 8 Sep 2016 20:18:55 +0000 Subject: [rancid] Rancid and SNMPv3 Message-ID: Hello: I just enabled SNMPv3 on LTM 11.5.1 with rancid 2.3.8 I keep getting following in rancid, how could I disable it in F5rancid.in? users { imon1team_1 { - auth-password-encrypted .F@>la[Da7Gb>m\\.-T\?+Gp\?bEsETiTW\\9HeHX`^N=fX<7Kd + auth-password-encrypted "RQiL+qJD1UjLci\?:]>T_BjcJcNOZrMYj9m;>@jdl9;8XYC^" auth-protocol md5 oid-subset .1 privacy-protocol none Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From electro93 at gmail.com Thu Sep 8 19:50:02 2016 From: electro93 at gmail.com (electro) Date: Thu, 8 Sep 2016 14:50:02 -0500 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: <20160907124050.GG78941@shrubbery.net> <20160907135348.GR78941@shrubbery.net> Message-ID: David, Thanks for the response. Please see the results of the requested information: cat /etc/rancid/rancid.conf |grep BASEDIR # Under BASEDIR (i.e.: --localstatedir), there will be a "logs" directory for # Use a full path (no sym-links) for BASEDIR. BASEDIR=/var/lib/rancid; export BASEDIR # - an (absolute) path (a subdirectory of BASEDIR by default). BASEDIR/CVS, # BASEDIR/.svn, or BASEDIR/.git, but it does not matter. CVSROOT=$BASEDIR/CVS; export CVSROOT LOGDIR=$BASEDIR/logs; export LOGDIR # grep -e cvs /var/lib/rancid/Cisco/router.db # There is no value in there, however, there's an entry in /var/lib/rancid/Cisco/routers.all and routers.up Very strange and I cant see to find out why. Thanks, Mike On Wed, Sep 7, 2016 at 5:38 PM, David Jones wrote: > From that output, it looks like you have an entry in > $BASEDIR/Cisco/router.db 'cvs;cisco;up' that you need to remove. Check > the BASEDIR variable to make sure you are looking in the right place for > the router.db file. > > ------------------------------ > *From:* electro > *Sent:* Wednesday, September 7, 2016 5:14 PM > *To:* David Jones > *Cc:* Charles T. Brooks; rancid-discuss at shrubbery.net > > *Subject:* Re: [rancid] Device CVS hasn't been contacted in over 24 hours > > David, > > Thanks for the response: > > cat /etc/rancid/rancid.conf |grep GROUP > > LIST_OF_GROUPS="Cisco"; export LIST_OF_GROUPS > > > grep -e cvs /var/lib/rancid/logs/*: > > > Cisco.20160830.161409:cvs: missed cmd(s): all commands > > Cisco.20160830.161409:cvs: End of run not found > > Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.161409:cvs: missed cmd(s): all commands > > Cisco.20160830.161409:cvs: End of run not found > > Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.161409:cvs: missed cmd(s): all commands > > Cisco.20160830.161409:cvs: End of run not found > > Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.161409:cvs: missed cmd(s): all commands > > Cisco.20160830.161409:cvs: End of run not found > > Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.161409:cvs: missed cmd(s): all commands > > Cisco.20160830.161409:cvs: End of run not found > > Cisco.20160830.161409:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.161409:cvs diff: Diffing . > > Cisco.20160830.161409:cvs diff: Diffing configs > > Cisco.20160830.161409:cvs commit: Examining . > > Cisco.20160830.161409:cvs commit: Examining configs > > Cisco.20160830.180101:cvs: missed cmd(s): all commands > > Cisco.20160830.180101:cvs: End of run not found > > Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.180101:cvs: missed cmd(s): all commands > > Cisco.20160830.180101:cvs: End of run not found > > Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.180101:cvs: missed cmd(s): all commands > > Cisco.20160830.180101:cvs: End of run not found > > Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.180101:cvs: missed cmd(s): all commands > > Cisco.20160830.180101:cvs: End of run not found > > Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.180101:cvs: missed cmd(s): all commands > > Cisco.20160830.180101:cvs: End of run not found > > Cisco.20160830.180101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.180101:cvs diff: Diffing . > > Cisco.20160830.180101:cvs diff: Diffing configs > > Cisco.20160830.180101:cvs commit: Examining . > > Cisco.20160830.180101:cvs commit: Examining configs > > Cisco.20160830.190101:cvs: missed cmd(s): all commands > > Cisco.20160830.190101:cvs: End of run not found > > Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.190101:cvs: missed cmd(s): all commands > > Cisco.20160830.190101:cvs: End of run not found > > Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.190101:cvs: missed cmd(s): all commands > > Cisco.20160830.190101:cvs: End of run not found > > Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.190101:cvs: missed cmd(s): all commands > > Cisco.20160830.190101:cvs: End of run not found > > Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.190101:cvs: missed cmd(s): all commands > > Cisco.20160830.190101:cvs: End of run not found > > Cisco.20160830.190101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.190101:cvs diff: Diffing . > > Cisco.20160830.190101:cvs diff: Diffing configs > > Cisco.20160830.190101:cvs commit: Examining . > > Cisco.20160830.190101:cvs commit: Examining configs > > Cisco.20160830.200101:cvs: missed cmd(s): all commands > > Cisco.20160830.200101:cvs: End of run not found > > Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.200101:cvs: missed cmd(s): all commands > > Cisco.20160830.200101:cvs: End of run not found > > Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.200101:cvs: missed cmd(s): all commands > > Cisco.20160830.200101:cvs: End of run not found > > Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.200101:cvs: missed cmd(s): all commands > > Cisco.20160830.200101:cvs: End of run not found > > Cisco.20160830.200101:cvs clogin error: Error: Couldn't login: cvs > > Cisco.20160830.200101:cvs: missed cmd(s): all commands > > Cisco.20160830.200101:cvs: End of run not found > > On Wed, Sep 7, 2016 at 1:46 PM, David Jones wrote: > >> Start with your LIST_OF_GROUPS in etc/rancid.conf. Do you you only have >> one group called "Cisco"? >> >> Then look through your BASEDIR for each GROUP's router.db. The LOGDIR >> will have logs based on the GROUP. Search (grep) those logs for "cvs" and >> see if you can tell where this "cvs" is coming from. >> >> >> ------------------------------ >> *From:* Rancid-discuss on behalf >> of electro >> *Sent:* Wednesday, September 7, 2016 12:04 PM >> *To:* Charles T. Brooks >> >> *Cc:* rancid-discuss at shrubbery.net >> *Subject:* Re: [rancid] Device CVS hasn't been contacted in over 24 hours >> >> Charles, >> >> I am using CVS and also have ViewVC tied in, to allow my GUI-based admins >> to see color coded changes in the environment. What I am not completely >> able to resolve is that rancid feels there is a device called "cvs", which >> there clearly isnt. By performing a grep in the Group directory, I see the >> following: >> >> rancid at rancid:~/Cisco$ grep -e cvs * >> >> routers.all:cvs;cisco >> >> routers.up:cvs;cisco >> >> However, this device is not configured in routers.db. When I've added >> cvs;cisco;down to the routers.db file, it will add that route, but will >> continue to inform me that the original "cvs" is unable to be contacted. I >> was hoping that someone could provide me some insight into any >> possibilities. I'm running rancid 3.5 and have stood up many environments >> and never once ran into this issue. Thanks for all the assistance and >> please let me know if you have any additional ideas. >> >> >> Thanks, >> >> Mike >> >> >> On Wed, Sep 7, 2016 at 10:06 AM, Charles T. Brooks < >> Charles.Brooks at hbcs.org> wrote: >> >>> cvs is the name of a process that rancid runs in order to detect and >>> archive changes in configuration files. >>> >>> Originally, it was called this because the process ran the Concurrent >>> Versioning System which you will find in Wikipedia under CVS >>> (alternatively, google CVS). >>> >>> Today, rancid's cvs process can use CVS, Subversion or Git. You should >>> be using Git, if you don't know what CVS is. >>> >>> It looks like you are trying to use CVS but don't have it set up? Hard >>> for me to tell, I only use Git. CVS is ancient. >>> >>> --Charlie >>> >>> >>> ------------------------------ >>> *From:* Rancid-discuss [rancid-discuss-bounces at shrubbery.net] on behalf >>> of electro [electro93 at gmail.com] >>> *Sent:* Wednesday, September 07, 2016 10:46 AM >>> *To:* heasley >>> *Cc:* rancid-discuss at shrubbery.net >>> *Subject:* Re: [rancid] Device CVS hasn't been contacted in over 24 >>> hours >>> >>> I've even tried adding the device in router.db as: >>> >>> cvs;cisco;down >>> >>> and it still complains about the original mysterious cvs. >>> >>> On Wed, Sep 7, 2016 at 8:53 AM, heasley wrote: >>> >>>> Wed, Sep 07, 2016 at 08:43:40AM -0500, electro: >>>> > The only errors in the log file pertain to the missed routers: >>>> > >>>> > cvs: missed cmd(s): all commands >>>> > >>>> > cvs: End of run not found >>>> > >>>> > cvs clogin error: Error: Couldn't login: cvs >>>> >>>> so...what does that error tell you? also see FAQ S3Q2 >>>> >>>> > >>>> > >>>> > >>>> > On Wed, Sep 7, 2016 at 7:40 AM, heasley wrote: >>>> > >>>> > > Tue, Sep 06, 2016 at 03:37:17PM -0500, electro: >>>> > > > All, >>>> > > > >>>> > > > I'm having a strange issue with a device called CVS not being >>>> contacted >>>> > > in >>>> > > > over 24 hours. >>>> > > > >>>> > > > The following routers have not been successfully contacted for >>>> > > > >>>> > > > more than 24 hours. >>>> > > > >>>> > > > -rw-r----- 1 rancid rancid 0 Sep 1 10:01 cvs >>>> > > > >>>> > > > >>>> > > > Going to the server itself: >>>> > > > >>>> > > > rancid at rancid:~/Cisco$ grep -e cvs * >>>> > > > >>>> > > > routers.all:cvs;cisco >>>> > > > >>>> > > > routers.up:cvs;cisco >>>> > > > >>>> > > > How is this possible without a cvs;cisco;up in ~/Cisco/router.db? >>>> > > >>>> > > any errors in the group's log file? >>>> > > >>>> >>> >>> ------------------ CONFIDENTIALITY NOTICE --------------- >>> >>> This message, including any attachments, is for the sole use of the >>> intended recipient(s) and may contain privileged confidential information >>> protected by law. Any unauthorized review, use, disclosure or >>> distribution >>> of this message is prohibited. If you are not the intended recipient, >>> please >>> contact the sender by reply e-mail and destroy all copies of this >>> message. >>> >>> ------------------ CONFIDENTIALITY NOTICE --------------- >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Thu Sep 8 21:16:35 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 8 Sep 2016 23:16:35 +0200 Subject: [rancid] Rancid and SNMPv3 In-Reply-To: References: Message-ID: <5edb2d63-76ca-c5b5-4fbb-18aec9b82e8e@gmail.com> You edit the perl code and add a check to replace the encrypted string with . See the existing rancid code, searching for that string. There are /many/ examples and it's quite obvious how it works with just a smattering of perl knowledge On 08/09/2016 22:18, michael liu wrote: > Hello: > > > I just enabled SNMPv3 on LTM 11.5.1 with rancid 2.3.8 > > > I keep getting following in rancid, how could I disable it in F5rancid.in? > > > users { > > imon1team_1 { > > - auth-password-encrypted > .F@>la[Da7Gb>m\\.-T\?+Gp\?bEsETiTW\\9HeHX`^N=fX<7Kd > > + auth-password-encrypted > "RQiL+qJD1UjLci\?:]>T_BjcJcNOZrMYj9m;>@jdl9;8XYC^" > > auth-protocol md5 > > oid-subset .1 > > privacy-protocol none > > > Thanks, > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Thu Sep 8 21:37:08 2016 From: heas at shrubbery.net (heasley) Date: Thu, 8 Sep 2016 21:37:08 +0000 Subject: [rancid] Rancid and SNMPv3 In-Reply-To: <20160908213512.B7CDD215095@sea.shrubbery.net> Message-ID: <20160908213708.GM16499@shrubbery.net> Thu, Sep 08, 2016 at 08:18:55PM +0000, michael liu: > I just enabled SNMPv3 on LTM 11.5.1 with rancid 2.3.8 > > I keep getting following in rancid, how could I disable it in F5rancid.in? > > > users { > > imon1team_1 { > > - auth-password-encrypted .F@>la[Da7Gb>m\\.-T\?+Gp\?bEsETiTW\\9HeHX`^N=fX<7Kd > > + auth-password-encrypted "RQiL+qJD1UjLci\?:]>T_BjcJcNOZrMYj9m;>@jdl9;8XYC^" > > auth-protocol md5 > > oid-subset .1 > > privacy-protocol none I won't help you with 2.3.8; you need to upgrade. for 3.5.1, i believe this will do it. Index: CHANGES =================================================================== --- CHANGES (revision 3458) +++ CHANGES (working copy) @@ -1,4 +1,6 @@ 3.5.99 + bigip.pm: filter snmpv3 oscillating auth-password-encrypted + iosxr.pm: filter useless FPD upgrade message 3.5.1 Index: lib/bigip.pm.in =================================================================== --- lib/bigip.pm.in (revision 3458) +++ lib/bigip.pm.in (working copy) @@ -258,6 +258,11 @@ ProcessHistory("ENABLE","","","# $1 \n"); next; } + if (/(auth-password-encrypted) / && + ($filter_osc || $filter_pwds > 1)) { + ProcessHistory("ENABLE","","","# $1 \n"); + next; + } # catch anything that wasnt matched above. ProcessHistory("","","","$_"); From fwissue at hotmail.com Thu Sep 8 21:43:15 2016 From: fwissue at hotmail.com (michael liu) Date: Thu, 8 Sep 2016 21:43:15 +0000 Subject: [rancid] Rancid and SNMPv3 In-Reply-To: <5edb2d63-76ca-c5b5-4fbb-18aec9b82e8e@gmail.com> References: , <5edb2d63-76ca-c5b5-4fbb-18aec9b82e8e@gmail.com> Message-ID: Thanks Alan for response, I tried to grep encrypted for f5rancid and f5rancid.in Did not get anything. Sent from my iPhone > On Sep 8, 2016, at 2:18 PM, Alan McKinnon wrote: > > You edit the perl code and add a check to replace the encrypted string > with . > > See the existing rancid code, searching for that string. There are > /many/ examples and it's quite obvious how it works with just a > smattering of perl knowledge > > >> On 08/09/2016 22:18, michael liu wrote: >> Hello: >> >> >> I just enabled SNMPv3 on LTM 11.5.1 with rancid 2.3.8 >> >> >> I keep getting following in rancid, how could I disable it in F5rancid.in? >> >> >> users { >> >> imon1team_1 { >> >> - auth-password-encrypted >> .F@>la[Da7Gb>m\\.-T\?+Gp\?bEsETiTW\\9HeHX`^N=fX<7Kd >> >> + auth-password-encrypted >> "RQiL+qJD1UjLci\?:]>T_BjcJcNOZrMYj9m;>@jdl9;8XYC^" >> >> auth-protocol md5 >> >> oid-subset .1 >> >> privacy-protocol none >> >> >> Thanks, >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Thu Sep 8 22:02:38 2016 From: heas at shrubbery.net (heasley) Date: Thu, 8 Sep 2016 22:02:38 +0000 Subject: [rancid] Device CVS hasn't been contacted in over 24 hours In-Reply-To: References: <20160907124050.GG78941@shrubbery.net> <20160907135348.GR78941@shrubbery.net> Message-ID: <20160908220238.GP16499@shrubbery.net> Thu, Sep 08, 2016 at 02:50:02PM -0500, electro: > There is no value in there, however, there's an entry in > /var/lib/rancid/Cisco/routers.all and routers.up its not in your router.db file, but in routers.all, which recreated in each rancid run from router.db. so, i suspect that either some changed control_rancid on your machine or routers.all (etc) are not writable by the user running rancid - or - possibly you are always running rancid-run with the -r option. From fwissue at hotmail.com Fri Sep 9 00:07:07 2016 From: fwissue at hotmail.com (michael liu) Date: Fri, 9 Sep 2016 00:07:07 +0000 Subject: [rancid] Rancid and SNMPv3 In-Reply-To: References: , <5edb2d63-76ca-c5b5-4fbb-18aec9b82e8e@gmail.com>, Message-ID: Based on the rancid script, it uses "tmsh show list" , that includes a lot of information, as well as snmpv3 user info. https://devcentral.f5.com/questions/converting-rancid-to-use-tmsh-commands-and-other-goodies [https://devcentral.f5.com/profilepic.ashx?userid=103578&w=250&h=140] Converting RANCID to use tmsh commands, and other goodies devcentral.f5.com Answers Converting RANCID to use tmsh commands, and other goodies Updated 07-Dec-2011 * Originally posted on 07-Dec-2011 by Colin Stubbs ... ________________________________ From: Rancid-discuss on behalf of michael liu Sent: Thursday, September 8, 2016 9:43 PM To: Alan McKinnon Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid and SNMPv3 Thanks Alan for response, I tried to grep encrypted for f5rancid and f5rancid.in Did not get anything. Sent from my iPhone > On Sep 8, 2016, at 2:18 PM, Alan McKinnon wrote: > > You edit the perl code and add a check to replace the encrypted string > with . > > See the existing rancid code, searching for that string. There are > /many/ examples and it's quite obvious how it works with just a > smattering of perl knowledge > > >> On 08/09/2016 22:18, michael liu wrote: >> Hello: >> >> >> I just enabled SNMPv3 on LTM 11.5.1 with rancid 2.3.8 >> >> >> I keep getting following in rancid, how could I disable it in F5rancid.in? >> >> >> users { >> >> imon1team_1 { >> >> - auth-password-encrypted >> .F@>la[Da7Gb>m\\.-T\?+Gp\?bEsETiTW\\9HeHX`^N=fX<7Kd >> >> + auth-password-encrypted >> "RQiL+qJD1UjLci\?:]>T_BjcJcNOZrMYj9m;>@jdl9;8XYC^" >> >> auth-protocol md5 >> >> oid-subset .1 >> >> privacy-protocol none >> >> >> Thanks, >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss Rancid-discuss Info Page - Shrubbery Networks www.shrubbery.net To see the collection of prior postings to the list, visit the Rancid-discuss Archives. Using Rancid-discuss: To post a message to all the list ... > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From fwissue at hotmail.com Fri Sep 9 02:41:27 2016 From: fwissue at hotmail.com (michael liu) Date: Fri, 9 Sep 2016 02:41:27 +0000 Subject: [rancid] Rancid and SNMPv3 In-Reply-To: References: , <5edb2d63-76ca-c5b5-4fbb-18aec9b82e8e@gmail.com>, , Message-ID: Or should I do this in f5rancid.in if (/^\s*auth-password-encrypted/) { ProcessHistory("","","""# auth-password \n"); next; } After I modified the file, Do I need to restart the rancid? Thanks, ________________________________ From: michael liu Sent: Friday, September 9, 2016 12:07 AM To: michael liu Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid and SNMPv3 Based on the rancid script, it uses "tmsh show list" , that includes a lot of information, as well as snmpv3 user info. https://devcentral.f5.com/questions/converting-rancid-to-use-tmsh-commands-and-other-goodies [https://devcentral.f5.com/profilepic.ashx?userid=103578&w=250&h=140] Converting RANCID to use tmsh commands, and other goodies devcentral.f5.com Answers Converting RANCID to use tmsh commands, and other goodies Updated 07-Dec-2011 * Originally posted on 07-Dec-2011 by Colin Stubbs ... ________________________________ From: Rancid-discuss on behalf of michael liu Sent: Thursday, September 8, 2016 9:43 PM To: Alan McKinnon Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid and SNMPv3 Thanks Alan for response, I tried to grep encrypted for f5rancid and f5rancid.in Did not get anything. Sent from my iPhone > On Sep 8, 2016, at 2:18 PM, Alan McKinnon wrote: > > You edit the perl code and add a check to replace the encrypted string > with . > > See the existing rancid code, searching for that string. There are > /many/ examples and it's quite obvious how it works with just a > smattering of perl knowledge > > >> On 08/09/2016 22:18, michael liu wrote: >> Hello: >> >> >> I just enabled SNMPv3 on LTM 11.5.1 with rancid 2.3.8 >> >> >> I keep getting following in rancid, how could I disable it in F5rancid.in? >> >> >> users { >> >> imon1team_1 { >> >> - auth-password-encrypted >> .F@>la[Da7Gb>m\\.-T\?+Gp\?bEsETiTW\\9HeHX`^N=fX<7Kd >> >> + auth-password-encrypted >> "RQiL+qJD1UjLci\?:]>T_BjcJcNOZrMYj9m;>@jdl9;8XYC^" >> >> auth-protocol md5 >> >> oid-subset .1 >> >> privacy-protocol none >> >> >> Thanks, >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss Rancid-discuss Info Page - Shrubbery Networks www.shrubbery.net To see the collection of prior postings to the list, visit the Rancid-discuss Archives. Using Rancid-discuss: To post a message to all the list ... > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From Remi.FESSARD at knorr-bremse.com Fri Sep 9 08:03:56 2016 From: Remi.FESSARD at knorr-bremse.com (=?iso-8859-1?Q?FESSARD=2C_R=E9mi?=) Date: Fri, 9 Sep 2016 08:03:56 +0000 Subject: [rancid] Cisco 2504 Wireless Controler In-Reply-To: <20160908150810.GB12290@shrubbery.net> References: <20160908150810.GB12290@shrubbery.net> Message-ID: Many thanks, it works fine with RANCID 3.5.1 R?mi -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Thursday, September 08, 2016 5:08 PM To: FESSARD, R?mi Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Cisco 2504 Wireless Controler Thu, Sep 08, 2016 at 12:53:31PM +0000, FESSARD, R?mi: > Hello, > > I have an issue to save our Cisco 2504 Wireless Controler with RANCID 3.4.1 - program ciscowlc5. > The backup works fine only if the configuration of this CISCO is not saved, else, I have this error in log file: > ---------------------------------------------------------------------- > ---------------------------------------------------------------------- > --------- > starting: jeudi 8 septembre 2016, 10:32:26 (UTC+0200) > > Trying to get all of the configs. > Ciscowc01: End of run not found > !--WLC End Config Data--! > ===================================== > Getting missed routers: round 1. > Ciscowc01: End of run not found > !--WLC End Config Data--! > ===================================== > Getting missed routers: round 2. > Ciscowc01: End of run not found > !--WLC End Config Data--! > ===================================== > Getting missed routers: round 3. > Ciscowc01: End of run not found > !--WLC End Config Data--! > ===================================== > Getting missed routers: round 4. > Ciscowc01: End of run not found > !--WLC End Config Data--! > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs commit: Examining . > cvs commit: Examining configs > ---------------------------------------------------------------------- > ---------------------------------------------------------------------- > --------- > > If I do a modification on the controller without saving, no more issue in the log file: > ---------------------------------------------------------------------- > ---------------------------------------------------------------------- > --------- > starting: jeudi 8 septembre 2016, 14:01:01 (UTC+0200) > > Trying to get all of the configs. > All routers sucessfully completed. > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs commit: Examining . > cvs commit: Examining configs > > ending: jeudi 8 septembre 2016, 14:01:52 (UTC+0200) > ---------------------------------------------------------------------- > ---------------------------------------------------------------------- > --------- > > Have you got an idea to solve it ? Could you try rancid 3.5.1? It has a 1 fix for ciscowlc that might apply to this problem. If it does not, please send the Ciscowc01.raw file from this cmd to me: export NOPIPE=YES;rancid -t ciscowlc5 -d Ciscowc01 This transmission is intended solely for the addressee and contains confidential information. If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system. Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like. From heas at shrubbery.net Fri Sep 9 14:30:26 2016 From: heas at shrubbery.net (heasley) Date: Fri, 9 Sep 2016 14:30:26 +0000 Subject: [rancid] Rancid and SNMPv3 In-Reply-To: References: <5edb2d63-76ca-c5b5-4fbb-18aec9b82e8e@gmail.com> Message-ID: <20160909143026.GC40780@shrubbery.net> Fri, Sep 09, 2016 at 12:07:07AM +0000, michael liu: > Converting RANCID to use tmsh commands, and other goodies > devcentral.f5.com > Answers Converting RANCID to use tmsh commands, and other goodies Updated 07-Dec-2011 * Originally posted on 07-Dec-2011 by Colin Stubbs ... rancid 3.5.1 has tmsh/v11 support...which I can not test myself, but two users claimed that it worked pre-release. rancid.types.base: # f5 big-ip <=v10 f5;script;f5rancid # f5 big-ip v11 bigip;script;rancid -t bigip From fwissue at hotmail.com Fri Sep 9 15:10:40 2016 From: fwissue at hotmail.com (michael liu) Date: Fri, 9 Sep 2016 15:10:40 +0000 Subject: [rancid] Rancid and SNMPv3 In-Reply-To: <20160909143026.GC40780@shrubbery.net> References: <5edb2d63-76ca-c5b5-4fbb-18aec9b82e8e@gmail.com> , <20160909143026.GC40780@shrubbery.net> Message-ID: Rancid 2.3.8 works fine on 11.5.1 Sent from my iPhone > On Sep 9, 2016, at 7:30 AM, heasley wrote: > > Fri, Sep 09, 2016 at 12:07:07AM +0000, michael liu: >> Converting RANCID to use tmsh commands, and other goodies >> devcentral.f5.com >> Answers Converting RANCID to use tmsh commands, and other goodies Updated 07-Dec-2011 * Originally posted on 07-Dec-2011 by Colin Stubbs ... > > rancid 3.5.1 has tmsh/v11 support...which I can not test myself, but two users > claimed that it worked pre-release. > > rancid.types.base: > > # f5 big-ip <=v10 > f5;script;f5rancid > # f5 big-ip v11 > bigip;script;rancid -t bigip > From alan.mckinnon at gmail.com Fri Sep 9 18:15:38 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 9 Sep 2016 20:15:38 +0200 Subject: [rancid] Rancid and SNMPv3 In-Reply-To: References: <5edb2d63-76ca-c5b5-4fbb-18aec9b82e8e@gmail.com> Message-ID: The string is I suggest you read the perl code. You have to do that anyway to run rancid effectively and get what you want On 08/09/2016 23:43, michael liu wrote: > Thanks Alan for response, I tried to grep encrypted for f5rancid and f5rancid.in > > Did not get anything. > > Sent from my iPhone > >> On Sep 8, 2016, at 2:18 PM, Alan McKinnon wrote: >> >> You edit the perl code and add a check to replace the encrypted string >> with . >> >> See the existing rancid code, searching for that string. There are >> /many/ examples and it's quite obvious how it works with just a >> smattering of perl knowledge >> >> >>> On 08/09/2016 22:18, michael liu wrote: >>> Hello: >>> >>> >>> I just enabled SNMPv3 on LTM 11.5.1 with rancid 2.3.8 >>> >>> >>> I keep getting following in rancid, how could I disable it in F5rancid.in? >>> >>> >>> users { >>> >>> imon1team_1 { >>> >>> - auth-password-encrypted >>> .F@>la[Da7Gb>m\\.-T\?+Gp\?bEsETiTW\\9HeHX`^N=fX<7Kd >>> >>> + auth-password-encrypted >>> "RQiL+qJD1UjLci\?:]>T_BjcJcNOZrMYj9m;>@jdl9;8XYC^" >>> >>> auth-protocol md5 >>> >>> oid-subset .1 >>> >>> privacy-protocol none >>> >>> >>> Thanks, >>> >>> >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> >> >> -- >> Alan McKinnon >> alan.mckinnon at gmail.com >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Alan McKinnon alan.mckinnon at gmail.com From alan.mckinnon at gmail.com Fri Sep 9 18:22:05 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 9 Sep 2016 20:22:05 +0200 Subject: [rancid] Rancid and SNMPv3 In-Reply-To: References: <5edb2d63-76ca-c5b5-4fbb-18aec9b82e8e@gmail.com> Message-ID: <4d2f06fb-84b1-1141-056a-59d5ffee7247@gmail.com> On 09/09/2016 04:41, michael liu wrote: > Or should I do this in f5rancid.in > > > if (/^\s*auth-password-encrypted/) { > > ProcessHistory("","","""# auth-password \n"); > > next; > > } yes that's the time-honoured way > > > After I modified the file, Do I need to restart the rancid? There's nothing to restart. Rancid is not a daemon not is it long lived. It runs, it finishes, it exits. Next run it uses the file it finds > > Thanks, > > ------------------------------------------------------------------------ > *From:* michael liu > *Sent:* Friday, September 9, 2016 12:07 AM > *To:* michael liu > *Cc:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Rancid and SNMPv3 > > > Based on the rancid script, it uses "tmsh show list" , that includes a > lot of information, as well as snmpv3 user info. > > > https://devcentral.f5.com/questions/converting-rancid-to-use-tmsh-commands-and-other-goodies > > > > Converting RANCID to use tmsh commands, and other goodies > > devcentral.f5.com > Answers Converting RANCID to use tmsh commands, and other goodies > Updated 07-Dec-2011 ? Originally posted on 07-Dec-2011 by Colin Stubbs ... > > > > > > ------------------------------------------------------------------------ > *From:* Rancid-discuss on behalf > of michael liu > *Sent:* Thursday, September 8, 2016 9:43 PM > *To:* Alan McKinnon > *Cc:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Rancid and SNMPv3 > > Thanks Alan for response, I tried to grep encrypted for f5rancid and > f5rancid.in > > Did not get anything. > > Sent from my iPhone > >> On Sep 8, 2016, at 2:18 PM, Alan McKinnon wrote: >> >> You edit the perl code and add a check to replace the encrypted string >> with . >> >> See the existing rancid code, searching for that string. There are >> /many/ examples and it's quite obvious how it works with just a >> smattering of perl knowledge >> >> >>> On 08/09/2016 22:18, michael liu wrote: >>> Hello: >>> >>> >>> I just enabled SNMPv3 on LTM 11.5.1 with rancid 2.3.8 >>> >>> >>> I keep getting following in rancid, how could I disable it in F5rancid.in? >>> >>> >>> users { >>> >>> imon1team_1 { >>> >>> - auth-password-encrypted >>> .F@>la[Da7Gb>m\\.-T\?+Gp\?bEsETiTW\\9HeHX`^N=fX<7Kd >>> >>> + auth-password-encrypted >>> "RQiL+qJD1UjLci\?:]>T_BjcJcNOZrMYj9m;>@jdl9;8XYC^" >>> >>> auth-protocol md5 >>> >>> oid-subset .1 >>> >>> privacy-protocol none >>> >>> >>> Thanks, >>> >>> >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > Rancid-discuss Info Page - Shrubbery Networks > > www.shrubbery.net > To see the collection of prior postings to the list, visit the > Rancid-discuss Archives. Using Rancid-discuss: To post a message to all > the list ... > > > >> >> >> -- >> Alan McKinnon >> alan.mckinnon at gmail.com >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From spedersen.lists at gmail.com Fri Sep 9 20:02:57 2016 From: spedersen.lists at gmail.com (Sean) Date: Fri, 09 Sep 2016 13:02:57 -0700 Subject: [rancid] Full AAA logging / supported configuration Message-ID: <88666920-2D26-456B-B34D-AE39D6990C72@gmail.com> I'm on F4.0.4.26. I've seen a few examples of logging AAA with tac_plus. The most documented is the "accounting" option. accounting syslog; -or- accountig file = /var/log/tac_plus.acct This works fine. I have it set up, logging correctly, logrotate running, etc. It?s also documented just about everywhere I?ve seen, but seems like it?s the only official means to log something. I'd like to log authentication and authorization as well, if possible. I've come across reference to the following configuration: accounting log = /var/log/tac_plus/accounting.log authentication log = /var/log/tac_plus/authentication.log authorization log = /var/log/tac_plus/authorization.log This seems to be either a) outdated or b) poorly referenced as it doesn't work globally. A reference configuration I have from a version so old it's expressed in a date format (201211021744) places it within an "id" container. id = tac_plus { ?accounting log = /var/log/tac_plus/accounting.log ?authentication log = /var/log/tac_plus/authentication.log ?authorization log = /var/log/tac_plus/authorization.log } I haven't tried this in v4 yet since I can't find (presumably) current reference for it, but it?s working in the older version. I've also found reference to setting the appropriate -d flags when running tac_plus and getting this information as more of a "happy accident" in whatever syslog files it ends up in vs. more programmatic means. What?s the most appropriate / supported way to log this information, if any? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From Robert.Remsik at colostate.edu Fri Sep 9 21:30:26 2016 From: Robert.Remsik at colostate.edu (Remsik,Robert) Date: Fri, 9 Sep 2016 21:30:26 +0000 Subject: [rancid] Creating a new rancid login file Message-ID: Hello! I'm trying to create a new rancid login file for an audiocodes device and I need a little help debugging what's going on & how to fix it. I've created audiologin which can successfully loginto and run all the commands required (per FAQ 3.2). However, when I try using audiorancid (based upon hrancid) to call audiologin I'm getting an error that it can't run the commands which does not make sense to me yet. What I see as a result of CLI running audiorancid is it's creating the file to write to(it shows up in the file system), and then it attempts to 'select' this file and then proceeds to error out. This doesn't make sense to me as the excerpt from hrancid (which works against HP switches), is identical (minus debug commands) and does not have this problem. Any help is appriciated! Thank you in advance, I've created the type 'ac' as defined in /etc/base.types.conf so when/if rancid-run gets ahold of it it'll find the correct files. ac;script;audiorancid ac;login;audiologin rancid at server:~/var/rancid-3.4.99/logs$ audiorancid 10.174.0.247 commandstr: show storage-history;show system active-alarms;show system assembly;show system feature;show system version;show voip firewall;show voip tls certificate;show running-config Debug 1 Debug 2 10.174.0.247: missed cmd(s): all commands --- Output of working audiologin --- rancid at truck:~/bin$ audiologin -c "show storage-history" 10.174.0.247 10.174.0.247 spawn ssh -x -l LOGIN 10.174.0.247 Welcome to AudioCodes CLI LOGIN at 10.174.0.247's password: Last login: Fri Sep 09 2016 at 15:23:15 Mediant 1000> Mediant 1000> Mediant 1000> Mediant 1000> Mediant 1000> show storage-history No Storage History Files Mediant 1000>quitConnection to 10.174.0.247 closed by remote host. Connection to 10.174.0.247 closed. --- End of Output of working audiologin --- --- Excript of hrancid --- if ($opt_C) { print "hlogin -t $timeo -c\'$commandstr\' $host\n"; exit(0); } open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print(STDERR "opening file $host\n") if ($debug || $log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print(STDERR "executing hlogin -t $timeo -c\"$commandstr\" $host\n") if ($debug || $log); if (defined($ENV{NOPIPE}) && $ENV{NOPIPE} =~ /^YES/i) { system "hlogin -t $timeo -c \"$commandstr\" $host $host.raw 2>&1" || die "hlogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "hlogin failed for $host: $!\n"; } else { open(INPUT,"hlogin -t $timeo -c \"$commandstr\" $host $b; } # This is a sort routine that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routine (ascending). sub numsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "show config files" sub ShowConfigFiles { print STDERR " In ShowConfigFiles: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(1) if /^(Invalid|Ambiguous) input:/i; ProcessHistory("COMMENTS","keysort","H0",";$_"); } return(0); } # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(-1) if /^(Invalid|Ambiguous) input:/i; next if /^uptime/i; s/^image//i; s/^\s*//g; ProcessHistory("COMMENTS","keysort","C1", ";Image: $_") && next; } return(0); } # This routine parses "show flash" sub ShowFlash { print STDERR " In ShowFlash: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(1) if /^(Invalid|Ambiguous) input:/i; return(1) if /^\s*\^\s*$/; ProcessHistory("COMMENTS","keysort","D0",";Flash: $_"); } return; } # This routine parses "show system-information" or "show system information" sub ShowSystem { print STDERR " In ShowSystem: $_" if ($debug); if ($systeminfo) { $_ = ; return(0); } while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(0) if /^(Invalid|Ambiguous) input:/i; return(0) if /^% Unknown command/i; if (/memory\s+-\s+total\s+:\s+(\S+)/i) { my($mem) = $1; $mem =~ s/,//g; $mem /= (1024 * 1024); ProcessHistory("COMMENTS","keysort","B0",";Memory: " . int($mem) . "M\n"); next; } /serial\s+number\s+:\s+(\S+)/i && ProcessHistory("COMMENTS","keysort","A1",";Serial Number: $1\n"); /firmware\s+revision\s+:\s+(\S+)/i && ProcessHistory("COMMENTS","keysort","C0",";Image: Firmware $1\n"); /rom\s+version\s+:\s+(\S+)/i && ProcessHistory("COMMENTS","keysort","C1",";Image: ROM $1\n"); } $systeminfo = 1; return(0); } # This routine parses "show module". sub ShowModule { print STDERR " In ShowModule: $_" if ($debug); my(@lines); my($slot); while () { tr/\015//d; return if (/^\s*\^$/); last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(1) if /^(Invalid|Ambiguous) input:/i; ProcessHistory("COMMENTS","keysort","E0","; $_") && next; } return(0); } # This routine parses "show stack" sub ShowStack { print STDERR " In ShowStack: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(1) if /^(Invalid|Ambiguous) input:/i; s/stacking - (Stacking Status).*/$1/i; s/\s*members unreachable .*$//i; next if /^uptime/i; ProcessHistory("COMMENTS","keysort","F0",";$_"); /auto grab/i && last; } return(0); } # This routine parses "show tech transceivers" sub ShowTechTransceivers { print STDERR " In ShowTransceivers: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(1) if /^(Invalid|Ambiguous) input:/i; s/ Technical Information//i; if (/^ATTENTION: You are entering a diagnostic mode/) { while () { tr/\015//d; return(1) if (/^$prompt/); last if (/^(\s*)$/); } next; } ProcessHistory("COMMENTS","keysort","G0",";$_"); } return(0); } # This routine parses "show config status" sub ShowConfigStatus { print STDERR " In ShowConfigStatus: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); return(1) if /^(Invalid|Ambiguous) input:/i; next if (/^Running configuration is same as /); next if (/^$/); ProcessHistory("COMMENTS","keysort","H0","; $_"); } return(0); } # This routine processes a "write term" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); while () { tr/\015//d; if (/$prompt\s*(exit|logout)\s*$/i) { $clean_run=1; last; } last if(/^$prompt/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session s/^<-+ More -+>\s*//; s/^$/;/; # skip the crap /^running configuration:/i && next; # filter out any RCS/CVS tags to avoid confusing local CVS storage s/\$(Revision|Id):/ $1:/; /^; (\S+) configuration editor;/i && ProcessHistory("COMMENTS","keysort","A0",";Chassis type: $1\n") && ProcessHistory("","","",";\n;Running config file:\n$_") && next; # order logging statements - doesnt appear to do syslog as of right now /^logging (\d+\.\d+\.\d+\.\d+)/ && ProcessHistory("LOGGING","ipsort","$1","$_") && next; # no so sure this match is correct. show running doesnt seem to # actually o/p anything after "password (manager|operator)" if (/^(\s*)password (manager|operator)?/ && $filter_pwds >= 1) { ProcessHistory("LINE-PASS","","",";$1password $2 \n"); next; } if (/^(snmp-server community) (\S+)/) { if ($filter_commstr) { ProcessHistory("SNMPSERVERCOMM","keysort","$_", ";$1 $'") && next; } else { ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; } } # order/prune snmp-server host statements - it actually appears to do # the sortting for us, but just in case it changes ... # we only prune lines of the form # snmp-server host a.b.c.d if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { if ($filter_commstr) { my($ip) = $1; my($line) = "snmp-server host $ip"; my(@tokens) = split(' ', $'); my($token); while ($token = shift(@tokens)) { if ($token eq 'version') { $line .= " " . join(' ', ($token, shift(@tokens))); } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { $line .= " " . $token; } else { $line = ";$line " . join(' ', ("", join(' ', at tokens))); last; } } ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); } else { ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); } next; } # order/prune tacacs/radius server statements if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 key \n"); next; } if (/^(tacacs-server host \d+\.\S+) key / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 key \n"); next; } # prune passwords from stack member statements if (/^(stack member .* password )\S+/ && $filter_pwds >= 1) { ProcessHistory("","","",";$1$'"); next; } # order arp lists /^ip arp\s+(\d+\.\d+\.\d+\.\d+)/ && ProcessHistory("ARP","$aclsort","$1","$_") && next; /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && ProcessHistory("PACL $1 $3","$aclsort","$4","ip prefix-list $1 $3 $4$5\n") && next; # blech!!!! /^auto-tftp / && ProcessHistory("","","",";$_") && next; # the rest are from rancid (i.e.: cisco), but suspect they will someday # be applicable or close to it. /^tftp-server flash / && next; # kill any tftp remains /^ntp clock-period / && next; # kill ntp clock-period /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) { ProcessHistory("ENABLE","","",";$1$2 \n"); next; } if (/^username (\S+)(\s.*)? password /) { if ($filter_pwds >= 1) { ProcessHistory("USER","keysort","$1",";username $1$2 password \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } if (/^(ip ftp password) / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 \n"); next; } if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 \n"); next; } if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 \n"); next; } # sort route-maps if (/^route-map (\S+)/) { my($key) = $1; my($routemap) = $_; while () { tr/\015//d; last if (/^$prompt/ || ! /^(route-map |[ !])/); if (/^route-map (\S+)/) { ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); $key = $1; $routemap = $_; } else { $routemap .= $_; } } ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); } # order access-lists /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next; # order extended access-lists /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && ProcessHistory("EACL $1 $2","$aclsort","0.0.0.0","$_") && next; # order alias statements /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next; # delete ntp auth password if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","",";$1 \n"); next; } # order ntp peers/servers if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); ProcessHistory("NTP","keysort",$sortkey,"$_"); next; } # order ip host line statements /^ip host line(\d+)/ && ProcessHistory("IPHOST","numsort","$1","$_") && next; # order ip nat source static statements /^ip nat (\S+) source static (\S+)/ && ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; # order ip rcmd lines /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; # catch anything that wasnt match above. ProcessHistory("","","","$_"); } return(0); } # Main #@commandtable = ( # {'show version' => 'ShowVersion'}, # {'show flash' => 'ShowFlash'}, # {'show system-information' => 'ShowSystem'}, # {'show system information' => 'ShowSystem'}, # {'show module' => 'ShowModule'}, # {'show stack' => 'ShowStack'}, # {'show tech transceivers' => 'ShowTechTransceivers'}, # {'show config files' => 'ShowConfigFiles'}, # {'show config status' => 'ShowConfigStatus'}, # {'write term' => 'WriteTerm'} #); @commandtable = ( {'show storage-history' => 'ShowStorageHistory'}, {'show system active-alarms' => 'ShowSystemActiveAlarms'}, {'show system assembly' => 'ShowSystemAssembly'}, {'show system feature' => 'ShowSystemFeature'}, {'show system version' => 'ShowSystemVersion'}, {'show voip firewall' => 'ShowVoipFirewall'}, {'show voip tls certificate' => 'ShowVoipTlsCertificate'}, {'show running-config' => 'ShowRunningConfig'} ); # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. @commands = map(keys(%$_), @commandtable); %commands = map(%$_, @commandtable); $commandcnt = scalar(keys %commands); $commandstr=join(";", at commands); $cmds_regexp = join("|", map quotemeta($_), @commands); if (length($host) == 0) { if ($file) { print(STDERR "Too few arguments: file name required\n"); exit(1); } else { print(STDERR "Too few arguments: host name required\n"); exit(1); } } if ($opt_C) { print "audiologin -t $timeo -c\'$commandstr\' $host\n"; exit(0); } print ("commandstr: $commandstr\n"); print ("Debug 1\n"); open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; print ("Debug 2\n"); select(OUTPUT); print ("Debug 3\n"); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print(STDERR "opening file $host\n") if ($debug || $log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print(STDERR "executing audiologin -t $timeo -c\"$commandstr\" $host\n") if ($debug || $log); if (defined($ENV{NOPIPE}) && $ENV{NOPIPE} =~ /^YES/i) { system "audiologin -t $timeo -c \"$commandstr\" $host $host.raw 2>&1" || die "audiologin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "audiologin failed for $host: $!\n"; } else { open(INPUT,"audiologin -t $timeo -c \"$commandstr\" $host ) { tr/\015//d; if (/$prompt\s*(exit|logout)\s*$/i) { $clean_run=1; last; } if (/^Error:/) { print STDOUT ("$host audiologin error: $_"); print STDERR ("$host audiologin error: $_") if ($debug); $clean_run=0; last; } while (/#\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^#]+)/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; $prompt .= "[#>]"; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } $rval = &{$commands{$cmd}}(*INPUT, *OUTPUT, $cmd); delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; last TOP; } } } print ("Debug 10\n"); print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE}) && $ENV{NOPIPE} =~ /^YES/i) { unlink("$host.raw") if (! $debug); } print ("Debug 11\n"); # check for completeness if (scalar(%commands) || !$clean_run) { if (scalar(keys %commands) eq $commandcnt) { printf(STDERR "$host: missed cmd(s): all commands\n"); } elsif (scalar(%commands)) { my($count, $i) = 0; for ($i = 0; $i < $#commands; $i++) { if ($commands{$commands[$i]}) { if (!$count) { printf(STDERR "$host: missed cmd(s): %s", $commands[$i]); } else { printf(STDERR ", %s", $commands[$i]); } $count++; } } if ($count) { printf(STDERR "\n"); } } if (!$clean_run) { print(STDERR "$host: End of run not found\n"); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); } --- End of Contents of audiorancid --- Robert Remsik ACNS Desk Phone: 970 491 7120 Robert.Remsik at colostate.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Sat Sep 10 06:35:22 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Sat, 10 Sep 2016 08:35:22 +0200 Subject: [rancid] Full AAA logging / supported configuration In-Reply-To: <88666920-2D26-456B-B34D-AE39D6990C72@gmail.com> References: <88666920-2D26-456B-B34D-AE39D6990C72@gmail.com> Message-ID: <424c8e00-050c-23a3-788c-b059cc2c1f7f@gmail.com> On 09/09/2016 22:02, Sean wrote: > I'm on F4.0.4.26. > > > > I've seen a few examples of logging AAA with tac_plus. The most > documented is the "accounting" option. > > > > accounting syslog; > > -or- > > accountig file = /var/log/tac_plus.acct > > > > This works fine. I have it set up, logging correctly, logrotate running, > etc. It?s also documented just about everywhere I?ve seen, but seems > like it?s the only official means to log something. > > > > I'd like to log authentication and authorization as well, if possible. > I've come across reference to the following configuration: > > > > accounting log = /var/log/tac_plus/accounting.log > > authentication log = /var/log/tac_plus/authentication.log > > authorization log = /var/log/tac_plus/authorization.log > > > > This seems to be either a) outdated or b) poorly referenced as it > doesn't work globally. A reference configuration I have from a version > so old it's expressed in a date format (201211021744) places it within > an "id" container. > > > > id = tac_plus { > > accounting log = /var/log/tac_plus/accounting.log > > authentication log = /var/log/tac_plus/authentication.log > > authorization log = /var/log/tac_plus/authorization.log > > } > > > > I haven't tried this in v4 yet since I can't find (presumably) current > reference for it, but it?s working in the older version. > > > > I've also found reference to setting the appropriate -d flags when > running tac_plus and getting this information as more of a "happy > accident" in whatever syslog files it ends up in vs. more programmatic > means. > > > > What?s the most appropriate / supported way to log this information, if any? tac_plus logs can easily go to syslog as their as daemon logs - the daemon itself generates them and they are much like logs from all pother daemons, very suitable for sending to syslog. Accounting is another matter altogether, those logs are not a good fit for syslog and I never got them to work right. I always sent them to a regular disk file. The file you choose is entirely up to you, there is no standard and neither should there be. There is a default in the code but there's no reason you have to use it. The -d option is not happy accident. It's a bit-encoded field where you tell tac_plus what type of entries to log. Lastly, this thread belongs on the tac_plus list -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Sat Sep 10 14:16:45 2016 From: heas at shrubbery.net (heasley) Date: Sat, 10 Sep 2016 14:16:45 +0000 Subject: [rancid] Creating a new rancid login file In-Reply-To: References: Message-ID: <20160910141645.GC68281@shrubbery.net> Fri, Sep 09, 2016 at 09:30:26PM +0000, Remsik,Robert: > Hello! > > > I'm trying to create a new rancid login file for an audiocodes device and I need a little help debugging what's going on & how to fix it. > > > I've created audiologin which can successfully loginto and run all the commands required (per FAQ 3.2). However, when I try using audiorancid (based upon hrancid) to call audiologin I'm getting an error that it can't run the commands which does not make sense to me yet. What I see as a result of CLI running audiorancid is it's creating the file to write to(it shows up in the file system), and then it attempts to 'select' this file and then proceeds to error out. This doesn't make sense to me as the excerpt from hrancid (which works against HP switches), is identical (minus debug commands) and does not have this problem. Any help is appriciated! > > Thank you in advance, > > > > I've created the type 'ac' as defined in /etc/base.types.conf so when/if rancid-run gets ahold of it it'll find the correct files. > > ac;script;audiorancid > ac;login;audiologin > > rancid at server:~/var/rancid-3.4.99/logs$ audiorancid 10.174.0.247 > commandstr: show storage-history;show system active-alarms;show system assembly;show system feature;show system version;show voip firewall;show voip tls certificate;show running-config > Debug 1 > Debug 2 > 10.174.0.247: missed cmd(s): all commands try export NOPIPE=YES audiorancid -a ip that should leave an ip.raw file behind and may provide the cause. From Shaun.Krok at 888holdings.com Mon Sep 12 07:17:43 2016 From: Shaun.Krok at 888holdings.com (Shaun Krok) Date: Mon, 12 Sep 2016 07:17:43 +0000 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) Message-ID: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> Hi I have tried to look into forums where other users of rancid experience the same issue but could not find anything ! Our issue as follows : We have been running rancid successfully against F5 LTM clusters (HA) for a few years now. The issue with partitions and TMSH was resolved and we have had no issues accept with the recent upgrade to BIGIP image : BIG-IP 12.0.0 The issue is below. What we have noticed that if we use the cli command : ./rancid-run -r lon-f5-pri GLN & the collection has no issues, diff is done, entered into CVS and emails received ! The problem is when the general cron runs and we receive the below in the logs. Using the NOPIPE I see the .raw file and have looked into the file and do not see any issues. The f5rancid script has been working as I said for years until version 12.0 of BIGIP. It works against several other production sites but running version 11.6 of BIGIP I realize the below is just the process saying there is an issue but if anyone has suggestions would be much appreciated ! Version of rancid : ## rancid 3.2.99 *************************************** a snip of the crontab # Check every 30 mins */30 * * * * /usr/local/rancid/bin/rancid-run & ************************************** ************************************** A snip of the f5rancid script # tmsh commands, BIGIP v11 @tmsh_commandtable = ( {'tmsh show /sys version' => 'ShowVersion'}, {'tmsh show /sys hardware' => 'ShowHardware'}, {'tmsh show /sys license' => 'ShowLicense'}, #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, #{'lsof -i :179' => 'ShowZebOSsockets'}, {'tmsh show /net route static' => 'ShowRouteStatic'}, #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, #{'tmsh -q list' => 'WriteTermTMSH'}, #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, {'./f5part' => 'WriteTermTMSH'}, ************************************** Trying to get all of the configs. lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license ===================================== Getting missed routers: round 1. lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware ===================================== Getting missed routers: round 2. lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware ===================================== Getting missed routers: round 3. lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license ===================================== Getting missed routers: round 4. lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware regards Shaun Krok Network Team Herzliya Business Park Herzliya Pituach 46140 Israel Telephone: +972 (0)732889406 Mobile: +972 (0)50 2424381 email:shaun.krok at 888holdings.com This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you From alan.mckinnon at gmail.com Mon Sep 12 08:14:51 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 12 Sep 2016 10:14:51 +0200 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> Message-ID: <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> This problem almost always comes down to the usual issues with cron: - cron runs from a non-interactive non-login shell, meaning that the environment is empty (the environment being nothing more than a handy *user* convenience). Make sure your cron env is set up correctly and don't run ./rancid-run, specify the full correct path - which user's cron is this in? It must go in rancid's crontab, not root. If this is the case with your site, make sure you chown all relevant data files back to the rancid user as some of them will now be owned by root On 12/09/2016 09:17, Shaun Krok wrote: > Hi > > I have tried to look into forums where other users of rancid experience the same issue but could not find anything ! > > Our issue as follows : > We have been running rancid successfully against F5 LTM clusters (HA) for a few years now. > The issue with partitions and TMSH was resolved and we have had no issues accept with the recent upgrade to BIGIP image : BIG-IP 12.0.0 > > The issue is below. > What we have noticed that if we use the cli command : ./rancid-run -r lon-f5-pri GLN & the collection has no issues, diff is done, entered into CVS and emails received ! > > The problem is when the general cron runs and we receive the below in the logs. > Using the NOPIPE I see the .raw file and have looked into the file and do not see any issues. > > The f5rancid script has been working as I said for years until version 12.0 of BIGIP. > It works against several other production sites but running version 11.6 of BIGIP > > I realize the below is just the process saying there is an issue but if anyone has suggestions would be much appreciated ! > > Version of rancid : ## rancid 3.2.99 > > *************************************** > a snip of the crontab > # Check every 30 mins > */30 * * * * /usr/local/rancid/bin/rancid-run & > ************************************** > > ************************************** > A snip of the f5rancid script > # tmsh commands, BIGIP v11 > @tmsh_commandtable = ( > {'tmsh show /sys version' => 'ShowVersion'}, > {'tmsh show /sys hardware' => 'ShowHardware'}, > {'tmsh show /sys license' => 'ShowLicense'}, > #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, > #{'lsof -i :179' => 'ShowZebOSsockets'}, > {'tmsh show /net route static' => 'ShowRouteStatic'}, > #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, > #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, > #{'tmsh -q list' => 'WriteTermTMSH'}, > #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, > {'./f5part' => 'WriteTermTMSH'}, > ************************************** > > > Trying to get all of the configs. > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > ===================================== > Getting missed routers: round 1. > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > ===================================== > Getting missed routers: round 2. > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > ===================================== > Getting missed routers: round 3. > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > ===================================== > Getting missed routers: round 4. > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > > > regards > > > > Shaun Krok > Network Team > > Herzliya Business Park > Herzliya Pituach 46140 > Israel > > Telephone: +972 (0)732889406 > Mobile: +972 (0)50 2424381 > email:shaun.krok at 888holdings.com > > > > > > > > This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > From Shaun.Krok at 888holdings.com Mon Sep 12 08:24:54 2016 From: Shaun.Krok at 888holdings.com (Shaun Krok) Date: Mon, 12 Sep 2016 08:24:54 +0000 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> Message-ID: <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> Thanks Alan Always have been running as *user* = rancid [rancid at Rancid bin]$ whoami Rancid # Check every 30 mins */30 * * * * /usr/local/rancid/bin/rancid-run & What do you suggest with regards setting up the cron environment for rancid --- never had to prior BIGIP 12.0 and all other device types: Cisco, Juniper, Riverbed , F5 working 100% -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon Sent: Monday, September 12, 2016 11:15 AM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) This problem almost always comes down to the usual issues with cron: - cron runs from a non-interactive non-login shell, meaning that the environment is empty (the environment being nothing more than a handy *user* convenience). Make sure your cron env is set up correctly and don't run ./rancid-run, specify the full correct path - which user's cron is this in? It must go in rancid's crontab, not root. If this is the case with your site, make sure you chown all relevant data files back to the rancid user as some of them will now be owned by root On 12/09/2016 09:17, Shaun Krok wrote: > Hi > > I have tried to look into forums where other users of rancid experience the same issue but could not find anything ! > > Our issue as follows : > We have been running rancid successfully against F5 LTM clusters (HA) for a few years now. > The issue with partitions and TMSH was resolved and we have had no issues accept with the recent upgrade to BIGIP image : BIG-IP 12.0.0 > > The issue is below. > What we have noticed that if we use the cli command : ./rancid-run -r lon-f5-pri GLN & the collection has no issues, diff is done, entered into CVS and emails received ! > > The problem is when the general cron runs and we receive the below in the logs. > Using the NOPIPE I see the .raw file and have looked into the file and do not see any issues. > > The f5rancid script has been working as I said for years until version 12.0 of BIGIP. > It works against several other production sites but running version 11.6 of BIGIP > > I realize the below is just the process saying there is an issue but if anyone has suggestions would be much appreciated ! > > Version of rancid : ## rancid 3.2.99 > > *************************************** > a snip of the crontab > # Check every 30 mins > */30 * * * * /usr/local/rancid/bin/rancid-run & > ************************************** > > ************************************** > A snip of the f5rancid script > # tmsh commands, BIGIP v11 > @tmsh_commandtable = ( > {'tmsh show /sys version' => 'ShowVersion'}, > {'tmsh show /sys hardware' => 'ShowHardware'}, > {'tmsh show /sys license' => 'ShowLicense'}, > #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, > #{'lsof -i :179' => 'ShowZebOSsockets'}, > {'tmsh show /net route static' => 'ShowRouteStatic'}, > #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, > #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, > #{'tmsh -q list' => 'WriteTermTMSH'}, > #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, > {'./f5part' => 'WriteTermTMSH'}, > ************************************** > > > Trying to get all of the configs. > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > ===================================== > Getting missed routers: round 1. > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > ===================================== > Getting missed routers: round 2. > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > ===================================== > Getting missed routers: round 3. > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > ===================================== > Getting missed routers: round 4. > lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license > lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware > > > regards > > > > Shaun Krok > Network Team > > Herzliya Business Park > Herzliya Pituach 46140 > Israel > > Telephone: +972 (0)732889406 > Mobile: +972 (0)50 2424381 > email:shaun.krok at 888holdings.com > > > > > > > > This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you From alan.mckinnon at gmail.com Mon Sep 12 08:40:41 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 12 Sep 2016 10:40:41 +0200 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> Message-ID: Shaun, Usually setting PATH correctly is enough, but I don't think that is your problem. To check that I understand the problem correctly: All your devices work correctly except BIGIP 12. Even BIGIP 11 works properly. BIGIP 12 fails from a cronjob but works correctly from the command line as rancid user. This then excludes mistakes in router.db Correct? Nothing in cron or the environment strikes me as being unique to the BIGIP 12. For completeness, what is in the rancid user's environment in a regular login shell? If that doesn't reveal anything useful, I'd generate .raw files for both device types and compare them. Then read those files directly into rancid; at some point a difference in behaviour must show up On 12/09/2016 10:24, Shaun Krok wrote: > Thanks Alan > > Always have been running as *user* = rancid > [rancid at Rancid bin]$ whoami > Rancid > > # Check every 30 mins > */30 * * * * /usr/local/rancid/bin/rancid-run & > > What do you suggest with regards setting up the cron environment for rancid --- never had to prior BIGIP 12.0 and all other device types: Cisco, Juniper, Riverbed , F5 working 100% > > > > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon > Sent: Monday, September 12, 2016 11:15 AM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) > > This problem almost always comes down to the usual issues with cron: > > - cron runs from a non-interactive non-login shell, meaning that the > environment is empty (the environment being nothing more than a handy > *user* convenience). Make sure your cron env is set up correctly and > don't run ./rancid-run, specify the full correct path > > - which user's cron is this in? It must go in rancid's crontab, not > root. If this is the case with your site, make sure you chown all > relevant data files back to the rancid user as some of them will now be > owned by root > > > On 12/09/2016 09:17, Shaun Krok wrote: >> Hi >> >> I have tried to look into forums where other users of rancid experience the same issue but could not find anything ! >> >> Our issue as follows : >> We have been running rancid successfully against F5 LTM clusters (HA) for a few years now. >> The issue with partitions and TMSH was resolved and we have had no issues accept with the recent upgrade to BIGIP image : BIG-IP 12.0.0 >> >> The issue is below. >> What we have noticed that if we use the cli command : ./rancid-run -r lon-f5-pri GLN & the collection has no issues, diff is done, entered into CVS and emails received ! >> >> The problem is when the general cron runs and we receive the below in the logs. >> Using the NOPIPE I see the .raw file and have looked into the file and do not see any issues. >> >> The f5rancid script has been working as I said for years until version 12.0 of BIGIP. >> It works against several other production sites but running version 11.6 of BIGIP >> >> I realize the below is just the process saying there is an issue but if anyone has suggestions would be much appreciated ! >> >> Version of rancid : ## rancid 3.2.99 >> >> *************************************** >> a snip of the crontab >> # Check every 30 mins >> */30 * * * * /usr/local/rancid/bin/rancid-run & >> ************************************** >> >> ************************************** >> A snip of the f5rancid script >> # tmsh commands, BIGIP v11 >> @tmsh_commandtable = ( >> {'tmsh show /sys version' => 'ShowVersion'}, >> {'tmsh show /sys hardware' => 'ShowHardware'}, >> {'tmsh show /sys license' => 'ShowLicense'}, >> #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, >> #{'lsof -i :179' => 'ShowZebOSsockets'}, >> {'tmsh show /net route static' => 'ShowRouteStatic'}, >> #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, >> #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, >> #{'tmsh -q list' => 'WriteTermTMSH'}, >> #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, >> {'./f5part' => 'WriteTermTMSH'}, >> ************************************** >> >> >> Trying to get all of the configs. >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> ===================================== >> Getting missed routers: round 1. >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> ===================================== >> Getting missed routers: round 2. >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> ===================================== >> Getting missed routers: round 3. >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> ===================================== >> Getting missed routers: round 4. >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> >> >> regards >> >> >> >> Shaun Krok >> Network Team >> >> Herzliya Business Park >> Herzliya Pituach 46140 >> Israel >> >> Telephone: +972 (0)732889406 >> Mobile: +972 (0)50 2424381 >> email:shaun.krok at 888holdings.com >> >> >> >> >> >> >> >> This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you > From daniel.kerse at gmail.com Mon Sep 12 12:40:10 2016 From: daniel.kerse at gmail.com (Daniel Kerse) Date: Tue, 13 Sep 2016 00:40:10 +1200 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> Message-ID: Hello Shaun et.al., Are you playing with the TERM environment variable at all? Have you tried enabling debug on your cron job and then (re)checking: 1. the logs? 2. the resulting .raw files? I'm also running version 3.2 (the latest available under EPEL) with some F5s of various vintage. Firstly to recap what is already known by this mailing list: - circa BIG-IP v9.x -> v10.x the tmsh shell was introduced in addition to the pre-existing bigpipe. - circa BIG-IP v10.x -> v11.x the old bigpipe shell was removed. - (At least for BIG-IP v11.x and earlier) you must set TERM=vt100-w in order to run some commands. This problem would only become apparent when running via CRON, When running rancid manually at the CLI everything looks honky dory.. In my case the following commands would fail (via CRON): "ls --full-time --color=never /config/ssl/ssl.crt" "ls --full-time --color=never /config/ssl/ssl.key" "tmsh show /net route static" - Someone mentioned that you need to run "tmsh -q -c 'cd / \;list recursive" to get everything out of the partitions. - Was this circa v11.x? I forget. I need to do more research here as I've almost got around that issue that had people setting up shell scripts on their F5s to make it work... more on that later. Now here's the interesting thing I've noticed on v12.x . Perhaps this is widely known in the F5 community but I haven't read about it anywhere. - Somewhere around BIG-IP v11.x -> v12.x the vt100-w terminal started misbehaving. - If I have TERM set to vt100-w and enable debug I see this error message in the logs: "Warning, can't fully initialize terminal, TERM is set to "vt100-w", status (0)" - Now I think again if you run via CLI it might appear to work OK but not via CRON. So now you end up in a difficult situation in BIG-IP v12: - TERM=vt100-w fails via CRON because it's broken - TERM=network (or similar) fails via CRON because some commands require it to stop the junk showing up mid-line. - Either case works via CLI. So you can end up with a rather fiddly rancid.types.conf file. Something like this (work in progress): # F5s running 9.3.1 seem to lack tmsh support so we will use a (slightly modified) version of f5rancid bigip-v9;script;f5rancid-v9 bigip-v9;login;clogin # F5s running 11.4.1 and 12.0.0 seem to lack bigpipe support. # For some reason turning off debug flag causes problems for "tmsh -q -c 'cd / \;list recursive'" I don't know why. bigip-v10-11;script;rancid -t bigip-v10-11 bigip-v10-11;login;clogin bigip-v10-11;module;bigip bigip-v10-11;inloop;bigip::inloop bigip-v10-11;command;bigip::ShowVersion;tmsh show /sys version bigip-v10-11;command;bigip::ShowHardware;tmsh show /sys hardware bigip-v10-11;command;bigip::ShowLicense;tmsh show /sys license bigip-v10-11;command;bigip::ShowSslCrt;ls --full-time --color=never /config/ssl/ssl.crt bigip-v10-11;command;bigip::ShowSslKey;ls --full-time --color=never /config/ssl/ssl.key bigip-v10-11;command;bigip::ShowZebOSconf;cat /config/ZebOS.conf bigip-v10-11;command;bigip::ShowZebOSsockets;lsof -i :179 bigip-v10-11;command;bigip::ShowRouteStatic;tmsh show /net route static # This one seems to get confused #bigip-v10-11;command;bigip::WriteTerm;tmsh -q -c 'cd / \;list recursive' bigip-v10-11;command;bigip::WriteTerm;tmsh -q list # F5s running 12.0.0 seem to lack support for vt100-w terminal type. # Error Message: # "Warning, can't fully initialize terminal, TERM is set to "vt100-w", status (0)" # As a result ShowSslCrt, ShowSslKey and ShowRouteStatic don't work. # For some reason turning off debug flag causes problems for "tmsh -q -c 'cd / \;list recursive'" I don't know why. bigip-v12;script;rancid -dt bigip-v12 bigip-v12;login;clogin bigip-v12;module;bigip12 bigip-v12;inloop;bigip12::inloop bigip-v12;command;bigip12::ShowVersion;tmsh show /sys version bigip-v12;command;bigip12::ShowHardware;tmsh show /sys hardware bigip-v12;command;bigip12::ShowLicense;tmsh show /sys license #bigip-v12;command;bigip12::ShowSslCrt;ls --full-time --color=never /config/ssl/ssl.crt #bigip-v12;command;bigip12::ShowSslKey;ls --full-time --color=never /config/ssl/ssl.key bigip-v12;command;bigip12::ShowZebOSconf;cat /config/ZebOS.conf bigip-v12;command;bigip12::ShowZebOSsockets;lsof -i :179 #bigip-v12;command;bigip12::ShowRouteStatic;tmsh show /net route static #bigip-v12;command;bigip12::WriteTerm;tmsh -q -c 'cd / \;list recursive' bigip-v12;command;bigip12::WriteTerm;tmsh -q list # Huawei support not provided out of the box, added after the fact. # Let me know if you want me to post this, it's a bit OT for this thread.. huawei;script;rancid -t huawei huawei;login;hulogin huawei;module;huawei huawei;inloop;huawei::inloop huawei;command;huawei::DisplayVersion;display version huawei;command;huawei::DisplayPatchInfo;display patch-information huawei;command;huawei::DisplayDevice;display esn huawei;command;huawei::DisplayDevice;display device huawei;command;huawei::DisplayDevice;display device manufacture-info huawei;command;huawei::DisplayDevice;display device pic-status huawei;command;huawei::DisplayElabel;display device elabel huawei;command;huawei::DisplayElabel;display elabel huawei;command;huawei::DisplayTransceiver;display interface transceiver huawei;command;huawei::DisplayLicense;display license huawei;command;huawei::WriteTerm;display current-configuration With also the following customizations: 1) To make "tmsh -q -c 'cd / \;list recursive'" do something useful the following change to rancid.pm is required, otherwise the split is too aggressive. ******* < my($type, $directive, $value, $value2) = split('\;'); --- > #my($type, $directive, $value, $value2) = split('\;'); > my($type, $directive, $value, $value2) = split('\;', $_, 4); ******* 2) Following changes made to bigip.pm (from rancid 3.5). There might be a bug here still as uncommenting the ";tmsh -q -c 'cd / \;list recursive'" line above seems to lead to unnecessary reattempts at config collection - but only when debug is disabled for some reason. ******* 5c5 < ## rancid 3.5 --- > ## rancid 3.5 plus some customisations. 66c66,67 < use rancid 3.5; --- > #use rancid 3.5; > use rancid 3.2; 74c75 < $ENV{'TERM'} = "vt100"; --- > $ENV{'TERM'} = "vt100-w"; 183a185 > s/^\ \ ([0-9]+)(\ +).*Air\ Outlet/ $1$2REMOVED Air Outlet/i; 184a187,188 > s/^\ \ ([0-9]+)(\ +).*ADM1026/ $1$2REMOVED ADM1026/i; > s/^\ \ ([0-9]+)(\ +).*Main\ board(.*)$/ $1$2REMOVED Main board$3/i; 185a190 > s/^\ \ ([0-9]+)(\ +)[0-9]+\ +[0-9]+\ +[0-9]+/ $1$2REMOVED REMOVED REMOVED/; 218a224,272 > # This routine parses "ls --full-time --color=never /config/ssl/ssl.crt" > sub ShowSslCrt { > my($INPUT, $OUTPUT, $cmd) = @_; > my($line) = (0); > print STDERR " In ShowSslCrt: $_" if ($debug); > > while (<$INPUT>) { > tr/\015//d; > # v9 software license does not have CR at EOF > s/^#-+($prompt.*)/$1/; > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*)$/); > return(1) if /^\s*\^\s*$/; > return(1) if /(Invalid input detected|Type help or )/; > return(-1) if (/command authorization failed/i); > > if (!$line++) { > ProcessHistory("ShowSslCrt","","","#\n#/config/ssl/ssl.crt:\n"); > } > ProcessHistory("ShowSslCrt","","","# $_") && next; > } > return(0); > } > > # This routine parses "ls --full-time --color=never /config/ssl/ssl.key" > sub ShowSslKey { > my($INPUT, $OUTPUT, $cmd) = @_; > my($line) = (0); > print STDERR " In ShowSslKey: $_" if ($debug); > > while (<$INPUT>) { > tr/\015//d; > # v9 software license does not have CR at EOF > s/^#-+($prompt.*)/$1/; > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*)$/); > return(1) if /^\s*\^\s*$/; > return(1) if /(Invalid input detected|Type help or )/; > return(-1) if (/command authorization failed/i); > > if (!$line++) { > ProcessHistory("ShowSslKey","","","#\n#/config/ssl/ssl.key:\n"); > } > ProcessHistory("ShowSslKey","","","# $_") && next; > } > return(0); > } > > 290a345,347 > return (1) if (/Syntax Error: unexpected argument/); > return (0) if ($found_end); # Only run this routine once. > 297c354 < $found_end++; --- > $found_end = 1; ******* Also: ******* $ diff bigip.pm bigip12.pm 1c1 < package bigip; --- > package bigip12; 75c75 < $ENV{'TERM'} = "vt100-w"; --- > $ENV{'TERM'} = "vt100"; ******* And: ******* $ diff f5rancid f5rancid-v9 64c64,65 < $ENV{'TERM'} = "vt100"; --- > #$ENV{'TERM'} = "vt100"; > $ENV{'TERM'} = "vt100-w"; 186a188,191 > if (/^(\s*)community \S+/ && $filter_commstr) { > ProcessHistory("SHOWBASE","","","# $1community \n"); > next; > } 190a196,199 > if (/^(\s*)password crypt \S+/) { > ProcessHistory("SHOWBASE","","","# $1password crypt \n"); > next; > } 225c234,236 < --- > if (/^(.*)\.password = / && $filter_pwds >= 1) { > ProcessHistory("SHOWDB","","","# $1.password = \n") && next; > } 269a281,286 > if (/^(\s*)monitor state (up|down)$/) { > ProcessHistory("SHOWDB","","","# $1monitor state \n") && next; > } > if (/^(\s*)community \S+/ && $filter_commstr) { > ProcessHistory("SHOWDB","","","# $1community \n") && next; > } 277c294 < if (/^(\s*)password / && $filter_pwds >= 1) { --- > if (/^(\s*)password (\w*)/ && $filter_pwds >= 1 && $2 ne "none") { 427a445,447 > return (1) if (/BIGpipe:.*: syntax error/); > return (0) if ($found_end); # Only do this routine once > 441a462,465 > if (/^(\s*)community \S+/ && $filter_commstr) { > ProcessHistory("","","","# $1community \n") && next; > } > 532a557 > {'bigpipe list all' => 'WriteTerm'}, ******* Kind Regards, Dan On Mon, Sep 12, 2016 at 8:40 PM, Alan McKinnon wrote: > Shaun, > > Usually setting PATH correctly is enough, but I don't think that is your > problem. To check that I understand the problem correctly: > > All your devices work correctly except BIGIP 12. Even BIGIP 11 works > properly. BIGIP 12 fails from a cronjob but works correctly from the command > line as rancid user. This then excludes mistakes in router.db > > Correct? > > Nothing in cron or the environment strikes me as being unique to the BIGIP > 12. For completeness, what is in the rancid user's environment in a regular > login shell? > > If that doesn't reveal anything useful, I'd generate .raw files for both > device types and compare them. Then read those files directly into rancid; > at some point a difference in behaviour must show up > > > On 12/09/2016 10:24, Shaun Krok wrote: >> >> Thanks Alan >> >> Always have been running as *user* = rancid >> [rancid at Rancid bin]$ whoami >> Rancid >> >> # Check every 30 mins >> */30 * * * * /usr/local/rancid/bin/rancid-run & >> >> What do you suggest with regards setting up the cron environment for >> rancid --- never had to prior BIGIP 12.0 and all other device types: Cisco, >> Juniper, Riverbed , F5 working 100% >> >> >> >> -----Original Message----- >> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On >> Behalf Of Alan McKinnon >> Sent: Monday, September 12, 2016 11:15 AM >> To: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) >> >> This problem almost always comes down to the usual issues with cron: >> >> - cron runs from a non-interactive non-login shell, meaning that the >> environment is empty (the environment being nothing more than a handy >> *user* convenience). Make sure your cron env is set up correctly and >> don't run ./rancid-run, specify the full correct path >> >> - which user's cron is this in? It must go in rancid's crontab, not >> root. If this is the case with your site, make sure you chown all >> relevant data files back to the rancid user as some of them will now be >> owned by root >> >> >> On 12/09/2016 09:17, Shaun Krok wrote: >>> >>> Hi >>> >>> I have tried to look into forums where other users of rancid experience >>> the same issue but could not find anything ! >>> >>> Our issue as follows : >>> We have been running rancid successfully against F5 LTM clusters (HA) for >>> a few years now. >>> The issue with partitions and TMSH was resolved and we have had no issues >>> accept with the recent upgrade to BIGIP image : BIG-IP 12.0.0 >>> >>> The issue is below. >>> What we have noticed that if we use the cli command : ./rancid-run -r >>> lon-f5-pri GLN & the collection has no issues, diff is done, entered into >>> CVS and emails received ! >>> >>> The problem is when the general cron runs and we receive the below in the >>> logs. >>> Using the NOPIPE I see the .raw file and have looked into the file and do >>> not see any issues. >>> >>> The f5rancid script has been working as I said for years until version >>> 12.0 of BIGIP. >>> It works against several other production sites but running version 11.6 >>> of BIGIP >>> >>> I realize the below is just the process saying there is an issue but if >>> anyone has suggestions would be much appreciated ! >>> >>> Version of rancid : ## rancid 3.2.99 >>> >>> *************************************** >>> a snip of the crontab >>> # Check every 30 mins >>> */30 * * * * /usr/local/rancid/bin/rancid-run & >>> ************************************** >>> >>> ************************************** >>> A snip of the f5rancid script >>> # tmsh commands, BIGIP v11 >>> @tmsh_commandtable = ( >>> {'tmsh show /sys version' => 'ShowVersion'}, >>> {'tmsh show /sys hardware' => 'ShowHardware'}, >>> {'tmsh show /sys license' => 'ShowLicense'}, >>> #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, >>> #{'lsof -i :179' => 'ShowZebOSsockets'}, >>> {'tmsh show /net route static' => 'ShowRouteStatic'}, >>> #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, >>> #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, >>> #{'tmsh -q list' => 'WriteTermTMSH'}, >>> #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, >>> {'./f5part' => 'WriteTermTMSH'}, >>> ************************************** >>> >>> >>> Trying to get all of the configs. >>> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> hardware >>> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> version,tmsh show /sys hardware,tmsh show /sys license >>> ===================================== >>> Getting missed routers: round 1. >>> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> version,tmsh show /sys hardware,tmsh show /sys license >>> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> hardware >>> ===================================== >>> Getting missed routers: round 2. >>> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> version,tmsh show /sys hardware,tmsh show /sys license >>> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> hardware >>> ===================================== >>> Getting missed routers: round 3. >>> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> hardware >>> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> version,tmsh show /sys hardware,tmsh show /sys license >>> ===================================== >>> Getting missed routers: round 4. >>> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> version,tmsh show /sys hardware,tmsh show /sys license >>> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys >>> hardware >>> >>> >>> regards >>> >>> >>> >>> Shaun Krok >>> Network Team >>> >>> Herzliya Business Park >>> Herzliya Pituach 46140 >>> Israel >>> >>> Telephone: +972 (0)732889406 >>> Mobile: +972 (0)50 2424381 >>> email:shaun.krok at 888holdings.com >>> >>> >>> >>> >>> >>> >>> >>> This email message and its attachments are for the sole use of the >>> intended recipient(s) and may not be shared with any other party. They may >>> contain confidential information of 888 Holdings plc or its direct and >>> indirect subsidiaries (together, the ?888 Group?) and are to be regarded as >>> confidential information under any non-disclosure agreement. Any review, >>> use, disclosure or distribution by persons or entities other than the >>> intended recipient(s) is prohibited. Nothing in this message is capable of >>> or intended to create any legally binding obligation. The 888 Group will >>> only ever assume a legally binding obligation where recorded in a written >>> agreement duly executed by the authorized signatories of the relevant 888 >>> Group company. The 888 Group accepts no liability for any personal views >>> expressed in this message. If you are not the intended recipient, please >>> contact the sender by return and destroy all copies of the original message >>> and its attachments. Thank you >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> >> >> This email message and its attachments are for the sole use of the >> intended recipient(s) and may not be shared with any other party. They may >> contain confidential information of 888 Holdings plc or its direct and >> indirect subsidiaries (together, the ?888 Group?) and are to be regarded as >> confidential information under any non-disclosure agreement. Any review, >> use, disclosure or distribution by persons or entities other than the >> intended recipient(s) is prohibited. Nothing in this message is capable of >> or intended to create any legally binding obligation. The 888 Group will >> only ever assume a legally binding obligation where recorded in a written >> agreement duly executed by the authorized signatories of the relevant 888 >> Group company. The 888 Group accepts no liability for any personal views >> expressed in this message. If you are not the intended recipient, please >> contact the sender by return and destroy all copies of the original message >> and its attachments. Thank you >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From spedersen.lists at gmail.com Mon Sep 12 14:13:46 2016 From: spedersen.lists at gmail.com (Sean) Date: Mon, 12 Sep 2016 07:13:46 -0700 Subject: [rancid] Full AAA logging / supported configuration In-Reply-To: <424c8e00-050c-23a3-788c-b059cc2c1f7f@gmail.com> References: <88666920-2D26-456B-B34D-AE39D6990C72@gmail.com> <424c8e00-050c-23a3-788c-b059cc2c1f7f@gmail.com> Message-ID: <370DB6F9-954D-487B-AAD8-3F49141FD1C8@gmail.com> Oh my God, I didn?t realize what list I was posting to. I?m subbed to both but for some reason hit rancid and not tac_plus. I?d blame it on Monday, but it was Friday. Sorry! On 9/9/16, 11:35 PM, "Rancid-discuss on behalf of Alan McKinnon" wrote: On 09/09/2016 22:02, Sean wrote: > I'm on F4.0.4.26. > > > > I've seen a few examples of logging AAA with tac_plus. The most > documented is the "accounting" option. > > > > accounting syslog; > > -or- > > accountig file = /var/log/tac_plus.acct > > > > This works fine. I have it set up, logging correctly, logrotate running, > etc. It?s also documented just about everywhere I?ve seen, but seems > like it?s the only official means to log something. > > > > I'd like to log authentication and authorization as well, if possible. > I've come across reference to the following configuration: > > > > accounting log = /var/log/tac_plus/accounting.log > > authentication log = /var/log/tac_plus/authentication.log > > authorization log = /var/log/tac_plus/authorization.log > > > > This seems to be either a) outdated or b) poorly referenced as it > doesn't work globally. A reference configuration I have from a version > so old it's expressed in a date format (201211021744) places it within > an "id" container. > > > > id = tac_plus { > > accounting log = /var/log/tac_plus/accounting.log > > authentication log = /var/log/tac_plus/authentication.log > > authorization log = /var/log/tac_plus/authorization.log > > } > > > > I haven't tried this in v4 yet since I can't find (presumably) current > reference for it, but it?s working in the older version. > > > > I've also found reference to setting the appropriate -d flags when > running tac_plus and getting this information as more of a "happy > accident" in whatever syslog files it ends up in vs. more programmatic > means. > > > > What?s the most appropriate / supported way to log this information, if any? tac_plus logs can easily go to syslog as their as daemon logs - the daemon itself generates them and they are much like logs from all pother daemons, very suitable for sending to syslog. Accounting is another matter altogether, those logs are not a good fit for syslog and I never got them to work right. I always sent them to a regular disk file. The file you choose is entirely up to you, there is no standard and neither should there be. There is a default in the code but there's no reason you have to use it. The -d option is not happy accident. It's a bit-encoded field where you tell tac_plus what type of entries to log. Lastly, this thread belongs on the tac_plus list -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Mon Sep 12 19:36:41 2016 From: heas at shrubbery.net (heasley) Date: Mon, 12 Sep 2016 19:36:41 +0000 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> Message-ID: <20160912193641.GE24562@shrubbery.net> Tue, Sep 13, 2016 at 12:40:10AM +1200, Daniel Kerse: > Hello Shaun et.al., > > Are you playing with the TERM environment variable at all? > Have you tried enabling debug on your cron job and then (re)checking: > 1. the logs? > 2. the resulting .raw files? > > I'm also running version 3.2 (the latest available under EPEL) with > some F5s of various vintage. > > Firstly to recap what is already known by this mailing list: > - circa BIG-IP v9.x -> v10.x the tmsh shell was introduced in addition > to the pre-existing bigpipe. > - circa BIG-IP v10.x -> v11.x the old bigpipe shell was removed. > - (At least for BIG-IP v11.x and earlier) you must set TERM=vt100-w in > order to run some commands. This problem would only become apparent Do you mean that it required that specific term type, or just that it required that term be set to something other than dumb or network? > when running via CRON, When running rancid manually at the CLI > everything looks honky dory.. In my case the following commands would > fail (via CRON): > "ls --full-time --color=never /config/ssl/ssl.crt" > "ls --full-time --color=never /config/ssl/ssl.key" > "tmsh show /net route static" > - Someone mentioned that you need to run "tmsh -q -c 'cd / \;list > recursive" to get everything out of the partitions. > - Was this circa v11.x? I forget. I need to do more research here > as I've almost got around that issue that had people setting up shell > scripts on their F5s to make it work... more on that later. > > > Now here's the interesting thing I've noticed on v12.x . Perhaps this > is widely known in the F5 community but I haven't read about it > anywhere. > - Somewhere around BIG-IP v11.x -> v12.x the vt100-w terminal started > misbehaving. > - If I have TERM set to vt100-w and enable debug I see this error > message in the logs: > "Warning, can't fully initialize terminal, TERM is set to > "vt100-w", status (0)" that implies that the type is unknown or there is no pty. > - Now I think again if you run via CLI it might appear to work OK > but not via CRON. > > > So now you end up in a difficult situation in BIG-IP v12: > - TERM=vt100-w fails via CRON because it's broken > - TERM=network (or similar) fails via CRON because some commands > require it to stop the junk showing up mid-line. > - Either case works via CLI. > > So you can end up with a rather fiddly rancid.types.conf file. > Something like this (work in progress): > > # F5s running 9.3.1 seem to lack tmsh support so we will use a > (slightly modified) version of f5rancid > bigip-v9;script;f5rancid-v9 > bigip-v9;login;clogin > > # F5s running 11.4.1 and 12.0.0 seem to lack bigpipe support. > # For some reason turning off debug flag causes problems for "tmsh -q > -c 'cd / \;list recursive'" I don't know why. > bigip-v10-11;script;rancid -t bigip-v10-11 > bigip-v10-11;login;clogin > bigip-v10-11;module;bigip > bigip-v10-11;inloop;bigip::inloop > bigip-v10-11;command;bigip::ShowVersion;tmsh show /sys version > bigip-v10-11;command;bigip::ShowHardware;tmsh show /sys hardware > bigip-v10-11;command;bigip::ShowLicense;tmsh show /sys license > bigip-v10-11;command;bigip::ShowSslCrt;ls --full-time --color=never > /config/ssl/ssl.crt > bigip-v10-11;command;bigip::ShowSslKey;ls --full-time --color=never > /config/ssl/ssl.key > bigip-v10-11;command;bigip::ShowZebOSconf;cat /config/ZebOS.conf > bigip-v10-11;command;bigip::ShowZebOSsockets;lsof -i :179 > bigip-v10-11;command;bigip::ShowRouteStatic;tmsh show /net route static > # This one seems to get confused > #bigip-v10-11;command;bigip::WriteTerm;tmsh -q -c 'cd / \;list recursive' > bigip-v10-11;command;bigip::WriteTerm;tmsh -q list > > # F5s running 12.0.0 seem to lack support for vt100-w terminal type. > # Error Message: > # "Warning, can't fully initialize terminal, TERM is set to "vt100-w", > status (0)" > # As a result ShowSslCrt, ShowSslKey and ShowRouteStatic don't work. > # For some reason turning off debug flag causes problems for "tmsh -q > -c 'cd / \;list recursive'" I don't know why. > bigip-v12;script;rancid -dt bigip-v12 > bigip-v12;login;clogin > bigip-v12;module;bigip12 > bigip-v12;inloop;bigip12::inloop > bigip-v12;command;bigip12::ShowVersion;tmsh show /sys version > bigip-v12;command;bigip12::ShowHardware;tmsh show /sys hardware > bigip-v12;command;bigip12::ShowLicense;tmsh show /sys license > #bigip-v12;command;bigip12::ShowSslCrt;ls --full-time --color=never > /config/ssl/ssl.crt > #bigip-v12;command;bigip12::ShowSslKey;ls --full-time --color=never > /config/ssl/ssl.key > bigip-v12;command;bigip12::ShowZebOSconf;cat /config/ZebOS.conf > bigip-v12;command;bigip12::ShowZebOSsockets;lsof -i :179 > #bigip-v12;command;bigip12::ShowRouteStatic;tmsh show /net route static > #bigip-v12;command;bigip12::WriteTerm;tmsh -q -c 'cd / \;list recursive' > bigip-v12;command;bigip12::WriteTerm;tmsh -q list > > # Huawei support not provided out of the box, added after the fact. > # Let me know if you want me to post this, it's a bit OT for this thread.. > huawei;script;rancid -t huawei > huawei;login;hulogin > huawei;module;huawei > huawei;inloop;huawei::inloop > huawei;command;huawei::DisplayVersion;display version > huawei;command;huawei::DisplayPatchInfo;display patch-information > huawei;command;huawei::DisplayDevice;display esn > huawei;command;huawei::DisplayDevice;display device > huawei;command;huawei::DisplayDevice;display device manufacture-info > huawei;command;huawei::DisplayDevice;display device pic-status > huawei;command;huawei::DisplayElabel;display device elabel > huawei;command;huawei::DisplayElabel;display elabel > huawei;command;huawei::DisplayTransceiver;display interface transceiver > huawei;command;huawei::DisplayLicense;display license > huawei;command;huawei::WriteTerm;display current-configuration > > With also the following customizations: > > 1) To make "tmsh -q -c 'cd / \;list recursive'" do something useful > the following change to rancid.pm is required, otherwise the split is > too aggressive. > ******* > < my($type, $directive, $value, $value2) = split('\;'); > --- > > #my($type, $directive, $value, $value2) = split('\;'); > > my($type, $directive, $value, $value2) = split('\;', $_, 4); > ******* > 2) Following changes made to bigip.pm (from rancid 3.5). There might > be a bug here still as uncommenting the ";tmsh -q -c 'cd / \;list > recursive'" line above seems to lead to unnecessary reattempts at > config collection - but only when debug is disabled for some reason. > ******* > 5c5 > < ## rancid 3.5 > --- > > ## rancid 3.5 plus some customisations. > 66c66,67 > < use rancid 3.5; > --- > > #use rancid 3.5; > > use rancid 3.2; > 74c75 > < $ENV{'TERM'} = "vt100"; > --- > > $ENV{'TERM'} = "vt100-w"; > 183a185 > > s/^\ \ ([0-9]+)(\ +).*Air\ Outlet/ $1$2REMOVED Air Outlet/i; > 184a187,188 > > s/^\ \ ([0-9]+)(\ +).*ADM1026/ $1$2REMOVED ADM1026/i; > > s/^\ \ ([0-9]+)(\ +).*Main\ board(.*)$/ $1$2REMOVED Main board$3/i; > 185a190 > > s/^\ \ ([0-9]+)(\ +)[0-9]+\ +[0-9]+\ +[0-9]+/ $1$2REMOVED REMOVED REMOVED/; > 218a224,272 > > # This routine parses "ls --full-time --color=never /config/ssl/ssl.crt" > > sub ShowSslCrt { > > my($INPUT, $OUTPUT, $cmd) = @_; > > my($line) = (0); > > print STDERR " In ShowSslCrt: $_" if ($debug); > > > > while (<$INPUT>) { > > tr/\015//d; > > # v9 software license does not have CR at EOF > > s/^#-+($prompt.*)/$1/; > > last if (/^$prompt/); > > next if (/^(\s*|\s*$cmd\s*)$/); > > return(1) if /^\s*\^\s*$/; > > return(1) if /(Invalid input detected|Type help or )/; > > return(-1) if (/command authorization failed/i); > > > > if (!$line++) { > > ProcessHistory("ShowSslCrt","","","#\n#/config/ssl/ssl.crt:\n"); > > } > > ProcessHistory("ShowSslCrt","","","# $_") && next; > > } > > return(0); > > } > > > > # This routine parses "ls --full-time --color=never /config/ssl/ssl.key" > > sub ShowSslKey { > > my($INPUT, $OUTPUT, $cmd) = @_; > > my($line) = (0); > > print STDERR " In ShowSslKey: $_" if ($debug); > > > > while (<$INPUT>) { > > tr/\015//d; > > # v9 software license does not have CR at EOF > > s/^#-+($prompt.*)/$1/; > > last if (/^$prompt/); > > next if (/^(\s*|\s*$cmd\s*)$/); > > return(1) if /^\s*\^\s*$/; > > return(1) if /(Invalid input detected|Type help or )/; > > return(-1) if (/command authorization failed/i); > > > > if (!$line++) { > > ProcessHistory("ShowSslKey","","","#\n#/config/ssl/ssl.key:\n"); > > } > > ProcessHistory("ShowSslKey","","","# $_") && next; > > } > > return(0); > > } > > > > > 290a345,347 > > return (1) if (/Syntax Error: unexpected argument/); > > return (0) if ($found_end); # Only run this routine once. > > > 297c354 > < $found_end++; > --- > > $found_end = 1; > > ******* > Also: > ******* > $ diff bigip.pm bigip12.pm > 1c1 > < package bigip; > --- > > package bigip12; > 75c75 > < $ENV{'TERM'} = "vt100-w"; > --- > > $ENV{'TERM'} = "vt100"; > ******* > And: > ******* > $ diff f5rancid f5rancid-v9 > 64c64,65 > < $ENV{'TERM'} = "vt100"; > --- > > #$ENV{'TERM'} = "vt100"; > > $ENV{'TERM'} = "vt100-w"; > 186a188,191 > > if (/^(\s*)community \S+/ && $filter_commstr) { > > ProcessHistory("SHOWBASE","","","# $1community \n"); > > next; > > } > 190a196,199 > > if (/^(\s*)password crypt \S+/) { > > ProcessHistory("SHOWBASE","","","# $1password crypt \n"); > > next; > > } > 225c234,236 > < > --- > > if (/^(.*)\.password = / && $filter_pwds >= 1) { > > ProcessHistory("SHOWDB","","","# $1.password = \n") && next; > > } > 269a281,286 > > if (/^(\s*)monitor state (up|down)$/) { > > ProcessHistory("SHOWDB","","","# $1monitor state \n") && next; > > } > > if (/^(\s*)community \S+/ && $filter_commstr) { > > ProcessHistory("SHOWDB","","","# $1community \n") && next; > > } > 277c294 > < if (/^(\s*)password / && $filter_pwds >= 1) { > --- > > if (/^(\s*)password (\w*)/ && $filter_pwds >= 1 && $2 ne "none") { > 427a445,447 > > return (1) if (/BIGpipe:.*: syntax error/); > > return (0) if ($found_end); # Only do this routine once > > > 441a462,465 > > if (/^(\s*)community \S+/ && $filter_commstr) { > > ProcessHistory("","","","# $1community \n") && next; > > } > > > 532a557 > > {'bigpipe list all' => 'WriteTerm'}, > ******* From Robert.Remsik at colostate.edu Mon Sep 12 21:43:24 2016 From: Robert.Remsik at colostate.edu (Remsik,Robert) Date: Mon, 12 Sep 2016 21:43:24 +0000 Subject: [rancid] Creating a new rancid login file In-Reply-To: <20160910141645.GC68281@shrubbery.net> References: , <20160910141645.GC68281@shrubbery.net> Message-ID: Closer! I had to fix a couple id10t errors, and tell audiorancid that it's prompt is > versus #. Now it's dumping the entire raw file during one 'ProcessHistory' call. Is there a way to only have it dump the contents per calls (so we can get error messages per call) or just have it be okay with only one call? and not complain about all the other missed commands? Also, it's currently inserting ';' in front of almost all lines. Is there a way to not insert ';'s? Thank you in advance, --- Excerpt of the .new file --- Thank you again in advance, Robert rancid at SERVER:~$ audiorancid -d 10.174.0.247 executing audiologin -t 90 -c"show storage-history;show system active-alarms;show system assembly;show system feature;show system version;show voip firewall;show voip tls certificate;show running-config" 10.174.0.247 PROMPT MATCH: Mediant 1000> show storage-history [#>] HIT COMMAND:Mediant 1000> show storage-history In ShowStorageHistory: Mediant 1000> show storage-history 10.174.0.247: missed cmd(s): show system active-alarms, show system assembly, show system feature, show system version, show voip firewall, show voip tls certificate 10.174.0.247: End of run not found ; Robert Remsik ACNS Desk Phone: 970 491 7120 Robert.Remsik at colostate.edu ________________________________ From: heasley Sent: Saturday, September 10, 2016 8:16 AM To: Remsik,Robert Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Creating a new rancid login file Fri, Sep 09, 2016 at 09:30:26PM +0000, Remsik,Robert: > Hello! > > > I'm trying to create a new rancid login file for an audiocodes device and I need a little help debugging what's going on & how to fix it. > > > I've created audiologin which can successfully loginto and run all the commands required (per FAQ 3.2). However, when I try using audiorancid (based upon hrancid) to call audiologin I'm getting an error that it can't run the commands which does not make sense to me yet. What I see as a result of CLI running audiorancid is it's creating the file to write to(it shows up in the file system), and then it attempts to 'select' this file and then proceeds to error out. This doesn't make sense to me as the excerpt from hrancid (which works against HP switches), is identical (minus debug commands) and does not have this problem. Any help is appriciated! > > Thank you in advance, > > > > I've created the type 'ac' as defined in /etc/base.types.conf so when/if rancid-run gets ahold of it it'll find the correct files. > > ac;script;audiorancid > ac;login;audiologin > > rancid at server:~/var/rancid-3.4.99/logs$ audiorancid 10.174.0.247 > commandstr: show storage-history;show system active-alarms;show system assembly;show system feature;show system version;show voip firewall;show voip tls certificate;show running-config > Debug 1 > Debug 2 > 10.174.0.247: missed cmd(s): all commands try export NOPIPE=YES audiorancid -a ip that should leave an ip.raw file behind and may provide the cause. -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.kerse at gmail.com Mon Sep 12 22:47:32 2016 From: daniel.kerse at gmail.com (Daniel Kerse) Date: Mon, 12 Sep 2016 22:47:32 +0000 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: <20160912193641.GE24562@shrubbery.net> References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> <20160912193641.GE24562@shrubbery.net> Message-ID: On Tue, Sep 13, 2016 at 7:36 AM heasley wrote: > Tue, Sep 13, 2016 at 12:40:10AM +1200, Daniel Kerse: > > Hello Shaun et.al., > > > > Are you playing with the TERM environment variable at all? > > Have you tried enabling debug on your cron job and then (re)checking: > > 1. the logs? > > 2. the resulting .raw files? > > > > I'm also running version 3.2 (the latest available under EPEL) with > > some F5s of various vintage. > > > > Firstly to recap what is already known by this mailing list: > > - circa BIG-IP v9.x -> v10.x the tmsh shell was introduced in addition > > to the pre-existing bigpipe. > > - circa BIG-IP v10.x -> v11.x the old bigpipe shell was removed. > > - (At least for BIG-IP v11.x and earlier) you must set TERM=vt100-w in > > order to run some commands. This problem would only become apparent > > Do you mean that it required that specific term type, or just that it > required that term be set to something other than dumb or network? > That specific terminal type is required in some cases. I think if the prompt plus the command gets longer than something like 80 characters you start getting control characters showing up in the middle of that line which causes a regex match to fail. This has been the topic of previous discussion: http://www.shrubbery.net/pipermail/rancid-discuss/2014-July/007767.html http://www.shrubbery.net/pipermail/rancid-discuss/2015-February/008038.html http://www.shrubbery.net/pipermail/rancid-discuss/2015-July/008603.html > > > when running via CRON, When running rancid manually at the CLI > > everything looks honky dory.. In my case the following commands would > > fail (via CRON): > > "ls --full-time --color=never /config/ssl/ssl.crt" > > "ls --full-time --color=never /config/ssl/ssl.key" > > "tmsh show /net route static" > > - Someone mentioned that you need to run "tmsh -q -c 'cd / \;list > > recursive" to get everything out of the partitions. > > - Was this circa v11.x? I forget. I need to do more research here > > as I've almost got around that issue that had people setting up shell > > scripts on their F5s to make it work... more on that later. > I believe the "cd / ; list recursive" might required on 11.x (and presumably later) with partitions. http://www.shrubbery.net/pipermail/rancid-discuss/2014-August/007790.html If I ever get this to fallback gracefully to "list" I'll let you know. > > > > > Now here's the interesting thing I've noticed on v12.x . Perhaps this > > is widely known in the F5 community but I haven't read about it > > anywhere. > > - Somewhere around BIG-IP v11.x -> v12.x the vt100-w terminal started > > misbehaving. > > - If I have TERM set to vt100-w and enable debug I see this error > > message in the logs: > > "Warning, can't fully initialize terminal, TERM is set to > > "vt100-w", status (0)" > > that implies that the type is unknown or there is no pty. > I tend to agree. Maybe this type is unknown to more recent versions of BIG-IP despite working in older releases. > > > - Now I think again if you run via CLI it might appear to work OK > > but not via CRON. > > > > > > So now you end up in a difficult situation in BIG-IP v12: > > - TERM=vt100-w fails via CRON because it's broken > > - TERM=network (or similar) fails via CRON because some commands > > require it to stop the junk showing up mid-line. > > - Either case works via CLI. > > > > So you can end up with a rather fiddly rancid.types.conf file. > > Something like this (work in progress): > > > > # F5s running 9.3.1 seem to lack tmsh support so we will use a > > (slightly modified) version of f5rancid > > bigip-v9;script;f5rancid-v9 > > bigip-v9;login;clogin > > > > # F5s running 11.4.1 and 12.0.0 seem to lack bigpipe support. > > # For some reason turning off debug flag causes problems for "tmsh -q > > -c 'cd / \;list recursive'" I don't know why. > > bigip-v10-11;script;rancid -t bigip-v10-11 > > bigip-v10-11;login;clogin > > bigip-v10-11;module;bigip > > bigip-v10-11;inloop;bigip::inloop > > bigip-v10-11;command;bigip::ShowVersion;tmsh show /sys version > > bigip-v10-11;command;bigip::ShowHardware;tmsh show /sys hardware > > bigip-v10-11;command;bigip::ShowLicense;tmsh show /sys license > > bigip-v10-11;command;bigip::ShowSslCrt;ls --full-time --color=never > > /config/ssl/ssl.crt > > bigip-v10-11;command;bigip::ShowSslKey;ls --full-time --color=never > > /config/ssl/ssl.key > > bigip-v10-11;command;bigip::ShowZebOSconf;cat /config/ZebOS.conf > > bigip-v10-11;command;bigip::ShowZebOSsockets;lsof -i :179 > > bigip-v10-11;command;bigip::ShowRouteStatic;tmsh show /net route static > > # This one seems to get confused > > #bigip-v10-11;command;bigip::WriteTerm;tmsh -q -c 'cd / \;list recursive' > > bigip-v10-11;command;bigip::WriteTerm;tmsh -q list > > > > # F5s running 12.0.0 seem to lack support for vt100-w terminal type. > > # Error Message: > > # "Warning, can't fully initialize terminal, TERM is set to "vt100-w", > > status (0)" > > # As a result ShowSslCrt, ShowSslKey and ShowRouteStatic don't work. > > # For some reason turning off debug flag causes problems for "tmsh -q > > -c 'cd / \;list recursive'" I don't know why. > > bigip-v12;script;rancid -dt bigip-v12 > > bigip-v12;login;clogin > > bigip-v12;module;bigip12 > > bigip-v12;inloop;bigip12::inloop > > bigip-v12;command;bigip12::ShowVersion;tmsh show /sys version > > bigip-v12;command;bigip12::ShowHardware;tmsh show /sys hardware > > bigip-v12;command;bigip12::ShowLicense;tmsh show /sys license > > #bigip-v12;command;bigip12::ShowSslCrt;ls --full-time --color=never > > /config/ssl/ssl.crt > > #bigip-v12;command;bigip12::ShowSslKey;ls --full-time --color=never > > /config/ssl/ssl.key > > bigip-v12;command;bigip12::ShowZebOSconf;cat /config/ZebOS.conf > > bigip-v12;command;bigip12::ShowZebOSsockets;lsof -i :179 > > #bigip-v12;command;bigip12::ShowRouteStatic;tmsh show /net route static > > #bigip-v12;command;bigip12::WriteTerm;tmsh -q -c 'cd / \;list recursive' > > bigip-v12;command;bigip12::WriteTerm;tmsh -q list > > > > # Huawei support not provided out of the box, added after the fact. > > # Let me know if you want me to post this, it's a bit OT for this > thread.. > > huawei;script;rancid -t huawei > > huawei;login;hulogin > > huawei;module;huawei > > huawei;inloop;huawei::inloop > > huawei;command;huawei::DisplayVersion;display version > > huawei;command;huawei::DisplayPatchInfo;display patch-information > > huawei;command;huawei::DisplayDevice;display esn > > huawei;command;huawei::DisplayDevice;display device > > huawei;command;huawei::DisplayDevice;display device manufacture-info > > huawei;command;huawei::DisplayDevice;display device pic-status > > huawei;command;huawei::DisplayElabel;display device elabel > > huawei;command;huawei::DisplayElabel;display elabel > > huawei;command;huawei::DisplayTransceiver;display interface transceiver > > huawei;command;huawei::DisplayLicense;display license > > huawei;command;huawei::WriteTerm;display current-configuration > > > > With also the following customizations: > > > > 1) To make "tmsh -q -c 'cd / \;list recursive'" do something useful > > the following change to rancid.pm is required, otherwise the split is > > too aggressive. > > ******* > > < my($type, $directive, $value, $value2) = split('\;'); > > --- > > > #my($type, $directive, $value, $value2) = split('\;'); > > > my($type, $directive, $value, $value2) = split('\;', $_, 4); > > ******* > > 2) Following changes made to bigip.pm (from rancid 3.5). There might > > be a bug here still as uncommenting the ";tmsh -q -c 'cd / \;list > > recursive'" line above seems to lead to unnecessary reattempts at > > config collection - but only when debug is disabled for some reason. > > ******* > > 5c5 > > < ## rancid 3.5 > > --- > > > ## rancid 3.5 plus some customisations. > > 66c66,67 > > < use rancid 3.5; > > --- > > > #use rancid 3.5; > > > use rancid 3.2; > > 74c75 > > < $ENV{'TERM'} = "vt100"; > > --- > > > $ENV{'TERM'} = "vt100-w"; > > 183a185 > > > s/^\ \ ([0-9]+)(\ +).*Air\ Outlet/ $1$2REMOVED Air Outlet/i; > > 184a187,188 > > > s/^\ \ ([0-9]+)(\ +).*ADM1026/ $1$2REMOVED ADM1026/i; > > > s/^\ \ ([0-9]+)(\ +).*Main\ board(.*)$/ $1$2REMOVED Main > board$3/i; > > 185a190 > > > s/^\ \ ([0-9]+)(\ +)[0-9]+\ +[0-9]+\ +[0-9]+/ $1$2REMOVED > REMOVED REMOVED/; > > 218a224,272 > > > # This routine parses "ls --full-time --color=never > /config/ssl/ssl.crt" > > > sub ShowSslCrt { > > > my($INPUT, $OUTPUT, $cmd) = @_; > > > my($line) = (0); > > > print STDERR " In ShowSslCrt: $_" if ($debug); > > > > > > while (<$INPUT>) { > > > tr/\015//d; > > > # v9 software license does not have CR at EOF > > > s/^#-+($prompt.*)/$1/; > > > last if (/^$prompt/); > > > next if (/^(\s*|\s*$cmd\s*)$/); > > > return(1) if /^\s*\^\s*$/; > > > return(1) if /(Invalid input detected|Type help or )/; > > > return(-1) if (/command authorization failed/i); > > > > > > if (!$line++) { > > > > ProcessHistory("ShowSslCrt","","","#\n#/config/ssl/ssl.crt:\n"); > > > } > > > ProcessHistory("ShowSslCrt","","","# $_") && next; > > > } > > > return(0); > > > } > > > > > > # This routine parses "ls --full-time --color=never > /config/ssl/ssl.key" > > > sub ShowSslKey { > > > my($INPUT, $OUTPUT, $cmd) = @_; > > > my($line) = (0); > > > print STDERR " In ShowSslKey: $_" if ($debug); > > > > > > while (<$INPUT>) { > > > tr/\015//d; > > > # v9 software license does not have CR at EOF > > > s/^#-+($prompt.*)/$1/; > > > last if (/^$prompt/); > > > next if (/^(\s*|\s*$cmd\s*)$/); > > > return(1) if /^\s*\^\s*$/; > > > return(1) if /(Invalid input detected|Type help or )/; > > > return(-1) if (/command authorization failed/i); > > > > > > if (!$line++) { > > > > ProcessHistory("ShowSslKey","","","#\n#/config/ssl/ssl.key:\n"); > > > } > > > ProcessHistory("ShowSslKey","","","# $_") && next; > > > } > > > return(0); > > > } > > > > > > > > 290a345,347 > > > return (1) if (/Syntax Error: unexpected argument/); > > > return (0) if ($found_end); # Only run this routine once. > > > > > 297c354 > > < $found_end++; > > --- > > > $found_end = 1; > > > > ******* > > Also: > > ******* > > $ diff bigip.pm bigip12.pm > > 1c1 > > < package bigip; > > --- > > > package bigip12; > > 75c75 > > < $ENV{'TERM'} = "vt100-w"; > > --- > > > $ENV{'TERM'} = "vt100"; > > ******* > > And: > > ******* > > $ diff f5rancid f5rancid-v9 > > 64c64,65 > > < $ENV{'TERM'} = "vt100"; > > --- > > > #$ENV{'TERM'} = "vt100"; > > > $ENV{'TERM'} = "vt100-w"; > > 186a188,191 > > > if (/^(\s*)community \S+/ && $filter_commstr) { > > > ProcessHistory("SHOWBASE","","","# $1community \n"); > > > next; > > > } > > 190a196,199 > > > if (/^(\s*)password crypt \S+/) { > > > ProcessHistory("SHOWBASE","","","# $1password crypt > \n"); > > > next; > > > } > > 225c234,236 > > < > > --- > > > if (/^(.*)\.password = / && $filter_pwds >= 1) { > > > ProcessHistory("SHOWDB","","","# $1.password = \n") > && next; > > > } > > 269a281,286 > > > if (/^(\s*)monitor state (up|down)$/) { > > > ProcessHistory("SHOWDB","","","# $1monitor state > \n") && next; > > > } > > > if (/^(\s*)community \S+/ && $filter_commstr) { > > > ProcessHistory("SHOWDB","","","# $1community \n") > && next; > > > } > > 277c294 > > < if (/^(\s*)password / && $filter_pwds >= 1) { > > --- > > > if (/^(\s*)password (\w*)/ && $filter_pwds >= 1 && $2 ne "none") > { > > 427a445,447 > > > return (1) if (/BIGpipe:.*: syntax error/); > > > return (0) if ($found_end); # Only do this routine > once > > > > > 441a462,465 > > > if (/^(\s*)community \S+/ && $filter_commstr) { > > > ProcessHistory("","","","# $1community \n") && > next; > > > } > > > > > 532a557 > > > {'bigpipe list all' => 'WriteTerm'}, > > ******* > Kind Regards, Dan -- Kind Regards, Dan Kerse +64 29 920 3745 -------------- next part -------------- An HTML attachment was scrubbed... URL: From Shaun.Krok at 888holdings.com Tue Sep 13 05:36:30 2016 From: Shaun.Krok at 888holdings.com (Shaun Krok) Date: Tue, 13 Sep 2016 05:36:30 +0000 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> Message-ID: <57FD84723C05BB4FA3BB5F66AC609F64011C299121@XCH-IL-MB1.888holdings.corp> Hi Alan See comments below -----Original Message----- From: Alan McKinnon [mailto:alan.mckinnon at gmail.com] Sent: Monday, September 12, 2016 11:41 AM To: Shaun Krok ; rancid-discuss at shrubbery.net Cc: Nati Danan Subject: Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) Shaun, Usually setting PATH correctly is enough, but I don't think that is your problem. To check that I understand the problem correctly: All your devices work correctly except BIGIP 12. Even BIGIP 11 works properly. BIGIP 12 fails from a cronjob but works correctly from the command line as rancid user. This then excludes mistakes in router.db Correct? Yes but only with using the TERM=vt100-w for BIGIP 11.6 in f5rancid Seems TERM=vt100-w not working in 12.0 even though the diff spits out the following in 11.6 it still works # + #Warning, can't fully initialize terminal, TERM is set to "vt100-w", status (0) This is the case for 11 and 12 of BIGIP What is important to note is that when the cluster is in SYNC meaning the prompt is shorter and rancid runs against the cluster --- no issues and no missed cmd(s) in the log ! Nothing in cron or the environment strikes me as being unique to the BIGIP 12. For completeness, what is in the rancid user's environment in a regular login shell? If that doesn't reveal anything useful, I'd generate .raw files for both device types and compare them. Then read those files directly into rancid; at some point a difference in behaviour must show up On 12/09/2016 10:24, Shaun Krok wrote: > Thanks Alan > > Always have been running as *user* = rancid > [rancid at Rancid bin]$ whoami > Rancid > > # Check every 30 mins > */30 * * * * /usr/local/rancid/bin/rancid-run & > > What do you suggest with regards setting up the cron environment for rancid --- never had to prior BIGIP 12.0 and all other device types: Cisco, Juniper, Riverbed , F5 working 100% > > > > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon > Sent: Monday, September 12, 2016 11:15 AM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) > > This problem almost always comes down to the usual issues with cron: > > - cron runs from a non-interactive non-login shell, meaning that the > environment is empty (the environment being nothing more than a handy > *user* convenience). Make sure your cron env is set up correctly and > don't run ./rancid-run, specify the full correct path > > - which user's cron is this in? It must go in rancid's crontab, not > root. If this is the case with your site, make sure you chown all > relevant data files back to the rancid user as some of them will now be > owned by root > > > On 12/09/2016 09:17, Shaun Krok wrote: >> Hi >> >> I have tried to look into forums where other users of rancid experience the same issue but could not find anything ! >> >> Our issue as follows : >> We have been running rancid successfully against F5 LTM clusters (HA) for a few years now. >> The issue with partitions and TMSH was resolved and we have had no issues accept with the recent upgrade to BIGIP image : BIG-IP 12.0.0 >> >> The issue is below. >> What we have noticed that if we use the cli command : ./rancid-run -r lon-f5-pri GLN & the collection has no issues, diff is done, entered into CVS and emails received ! >> >> The problem is when the general cron runs and we receive the below in the logs. >> Using the NOPIPE I see the .raw file and have looked into the file and do not see any issues. >> >> The f5rancid script has been working as I said for years until version 12.0 of BIGIP. >> It works against several other production sites but running version 11.6 of BIGIP >> >> I realize the below is just the process saying there is an issue but if anyone has suggestions would be much appreciated ! >> >> Version of rancid : ## rancid 3.2.99 >> >> *************************************** >> a snip of the crontab >> # Check every 30 mins >> */30 * * * * /usr/local/rancid/bin/rancid-run & >> ************************************** >> >> ************************************** >> A snip of the f5rancid script >> # tmsh commands, BIGIP v11 >> @tmsh_commandtable = ( >> {'tmsh show /sys version' => 'ShowVersion'}, >> {'tmsh show /sys hardware' => 'ShowHardware'}, >> {'tmsh show /sys license' => 'ShowLicense'}, >> #{'cat /config/ZebOS.conf' => 'ShowZebOSconf'}, >> #{'lsof -i :179' => 'ShowZebOSsockets'}, >> {'tmsh show /net route static' => 'ShowRouteStatic'}, >> #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'}, >> #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'}, >> #{'tmsh -q list' => 'WriteTermTMSH'}, >> #{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'}, >> {'./f5part' => 'WriteTermTMSH'}, >> ************************************** >> >> >> Trying to get all of the configs. >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> ===================================== >> Getting missed routers: round 1. >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> ===================================== >> Getting missed routers: round 2. >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> ===================================== >> Getting missed routers: round 3. >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> ===================================== >> Getting missed routers: round 4. >> lon-f5-sec: missed cmd(s): tmsh show /net route static,tmsh show /sys version,tmsh show /sys hardware,tmsh show /sys license >> lon-f5-pri: missed cmd(s): tmsh show /net route static,tmsh show /sys hardware >> >> >> regards >> >> >> >> Shaun Krok >> Network Team >> >> Herzliya Business Park >> Herzliya Pituach 46140 >> Israel >> >> Telephone: +972 (0)732889406 >> Mobile: +972 (0)50 2424381 >> email:shaun.krok at 888holdings.com >> >> >> >> >> >> >> >> This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you > This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From Shaun.Krok at 888holdings.com Tue Sep 13 05:41:47 2016 From: Shaun.Krok at 888holdings.com (Shaun Krok) Date: Tue, 13 Sep 2016 05:41:47 +0000 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> <20160912193641.GE24562@shrubbery.net> Message-ID: <57FD84723C05BB4FA3BB5F66AC609F64011C29914C@XCH-IL-MB1.888holdings.corp> Thanks Daniel We have been using TERM=vt100-w since moving into 11.4 and greater In 11.6 rancid spits out a diff error : + #Warning, can't fully initialize terminal, TERM is set to "vt100-w", status (0) - But it still works Since moving to BIGIP 12.0 same error above but now missed cmd(s) I have shortened the prompt on the F5 because when the cluster is in SYNC we have no missed cmd(s) and a diff is created running on version 12.0 Waiting for the next cron run and will advise what happenes ! Old: cli preference { prompt { host user status current-folder config-sync-status } New: cli preference { alias-path { /Common } prompt { host user status config-sync-status } From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Daniel Kerse Sent: Tuesday, September 13, 2016 1:48 AM To: heasley Cc: rancid-discuss at shrubbery.net; Nati Danan Subject: Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) On Tue, Sep 13, 2016 at 7:36 AM heasley > wrote: Tue, Sep 13, 2016 at 12:40:10AM +1200, Daniel Kerse: > Hello Shaun et.al., > > Are you playing with the TERM environment variable at all? > Have you tried enabling debug on your cron job and then (re)checking: > 1. the logs? > 2. the resulting .raw files? > > I'm also running version 3.2 (the latest available under EPEL) with > some F5s of various vintage. > > Firstly to recap what is already known by this mailing list: > - circa BIG-IP v9.x -> v10.x the tmsh shell was introduced in addition > to the pre-existing bigpipe. > - circa BIG-IP v10.x -> v11.x the old bigpipe shell was removed. > - (At least for BIG-IP v11.x and earlier) you must set TERM=vt100-w in > order to run some commands. This problem would only become apparent Do you mean that it required that specific term type, or just that it required that term be set to something other than dumb or network? That specific terminal type is required in some cases. I think if the prompt plus the command gets longer than something like 80 characters you start getting control characters showing up in the middle of that line which causes a regex match to fail. This has been the topic of previous discussion: http://www.shrubbery.net/pipermail/rancid-discuss/2014-July/007767.html http://www.shrubbery.net/pipermail/rancid-discuss/2015-February/008038.html http://www.shrubbery.net/pipermail/rancid-discuss/2015-July/008603.html > when running via CRON, When running rancid manually at the CLI > everything looks honky dory.. In my case the following commands would > fail (via CRON): > "ls --full-time --color=never /config/ssl/ssl.crt" > "ls --full-time --color=never /config/ssl/ssl.key" > "tmsh show /net route static" > - Someone mentioned that you need to run "tmsh -q -c 'cd / \;list > recursive" to get everything out of the partitions. > - Was this circa v11.x? I forget. I need to do more research here > as I've almost got around that issue that had people setting up shell > scripts on their F5s to make it work... more on that later. I believe the "cd / ; list recursive" might required on 11.x (and presumably later) with partitions. http://www.shrubbery.net/pipermail/rancid-discuss/2014-August/007790.html If I ever get this to fallback gracefully to "list" I'll let you know. > > > Now here's the interesting thing I've noticed on v12.x . Perhaps this > is widely known in the F5 community but I haven't read about it > anywhere. > - Somewhere around BIG-IP v11.x -> v12.x the vt100-w terminal started > misbehaving. > - If I have TERM set to vt100-w and enable debug I see this error > message in the logs: > "Warning, can't fully initialize terminal, TERM is set to > "vt100-w", status (0)" that implies that the type is unknown or there is no pty. I tend to agree. Maybe this type is unknown to more recent versions of BIG-IP despite working in older releases. > - Now I think again if you run via CLI it might appear to work OK > but not via CRON. > > > So now you end up in a difficult situation in BIG-IP v12: > - TERM=vt100-w fails via CRON because it's broken > - TERM=network (or similar) fails via CRON because some commands > require it to stop the junk showing up mid-line. > - Either case works via CLI. > > So you can end up with a rather fiddly rancid.types.conf file. > Something like this (work in progress): > > # F5s running 9.3.1 seem to lack tmsh support so we will use a > (slightly modified) version of f5rancid > bigip-v9;script;f5rancid-v9 > bigip-v9;login;clogin > > # F5s running 11.4.1 and 12.0.0 seem to lack bigpipe support. > # For some reason turning off debug flag causes problems for "tmsh -q > -c 'cd / \;list recursive'" I don't know why. > bigip-v10-11;script;rancid -t bigip-v10-11 > bigip-v10-11;login;clogin > bigip-v10-11;module;bigip > bigip-v10-11;inloop;bigip::inloop > bigip-v10-11;command;bigip::ShowVersion;tmsh show /sys version > bigip-v10-11;command;bigip::ShowHardware;tmsh show /sys hardware > bigip-v10-11;command;bigip::ShowLicense;tmsh show /sys license > bigip-v10-11;command;bigip::ShowSslCrt;ls --full-time --color=never > /config/ssl/ssl.crt > bigip-v10-11;command;bigip::ShowSslKey;ls --full-time --color=never > /config/ssl/ssl.key > bigip-v10-11;command;bigip::ShowZebOSconf;cat /config/ZebOS.conf > bigip-v10-11;command;bigip::ShowZebOSsockets;lsof -i :179 > bigip-v10-11;command;bigip::ShowRouteStatic;tmsh show /net route static > # This one seems to get confused > #bigip-v10-11;command;bigip::WriteTerm;tmsh -q -c 'cd / \;list recursive' > bigip-v10-11;command;bigip::WriteTerm;tmsh -q list > > # F5s running 12.0.0 seem to lack support for vt100-w terminal type. > # Error Message: > # "Warning, can't fully initialize terminal, TERM is set to "vt100-w", > status (0)" > # As a result ShowSslCrt, ShowSslKey and ShowRouteStatic don't work. > # For some reason turning off debug flag causes problems for "tmsh -q > -c 'cd / \;list recursive'" I don't know why. > bigip-v12;script;rancid -dt bigip-v12 > bigip-v12;login;clogin > bigip-v12;module;bigip12 > bigip-v12;inloop;bigip12::inloop > bigip-v12;command;bigip12::ShowVersion;tmsh show /sys version > bigip-v12;command;bigip12::ShowHardware;tmsh show /sys hardware > bigip-v12;command;bigip12::ShowLicense;tmsh show /sys license > #bigip-v12;command;bigip12::ShowSslCrt;ls --full-time --color=never > /config/ssl/ssl.crt > #bigip-v12;command;bigip12::ShowSslKey;ls --full-time --color=never > /config/ssl/ssl.key > bigip-v12;command;bigip12::ShowZebOSconf;cat /config/ZebOS.conf > bigip-v12;command;bigip12::ShowZebOSsockets;lsof -i :179 > #bigip-v12;command;bigip12::ShowRouteStatic;tmsh show /net route static > #bigip-v12;command;bigip12::WriteTerm;tmsh -q -c 'cd / \;list recursive' > bigip-v12;command;bigip12::WriteTerm;tmsh -q list > > # Huawei support not provided out of the box, added after the fact. > # Let me know if you want me to post this, it's a bit OT for this thread.. > huawei;script;rancid -t huawei > huawei;login;hulogin > huawei;module;huawei > huawei;inloop;huawei::inloop > huawei;command;huawei::DisplayVersion;display version > huawei;command;huawei::DisplayPatchInfo;display patch-information > huawei;command;huawei::DisplayDevice;display esn > huawei;command;huawei::DisplayDevice;display device > huawei;command;huawei::DisplayDevice;display device manufacture-info > huawei;command;huawei::DisplayDevice;display device pic-status > huawei;command;huawei::DisplayElabel;display device elabel > huawei;command;huawei::DisplayElabel;display elabel > huawei;command;huawei::DisplayTransceiver;display interface transceiver > huawei;command;huawei::DisplayLicense;display license > huawei;command;huawei::WriteTerm;display current-configuration > > With also the following customizations: > > 1) To make "tmsh -q -c 'cd / \;list recursive'" do something useful > the following change to rancid.pm is required, otherwise the split is > too aggressive. > ******* > < my($type, $directive, $value, $value2) = split('\;'); > --- > > #my($type, $directive, $value, $value2) = split('\;'); > > my($type, $directive, $value, $value2) = split('\;', $_, 4); > ******* > 2) Following changes made to bigip.pm (from rancid 3.5). There might > be a bug here still as uncommenting the ";tmsh -q -c 'cd / \;list > recursive'" line above seems to lead to unnecessary reattempts at > config collection - but only when debug is disabled for some reason. > ******* > 5c5 > < ## rancid 3.5 > --- > > ## rancid 3.5 plus some customisations. > 66c66,67 > < use rancid 3.5; > --- > > #use rancid 3.5; > > use rancid 3.2; > 74c75 > < $ENV{'TERM'} = "vt100"; > --- > > $ENV{'TERM'} = "vt100-w"; > 183a185 > > s/^\ \ ([0-9]+)(\ +).*Air\ Outlet/ $1$2REMOVED Air Outlet/i; > 184a187,188 > > s/^\ \ ([0-9]+)(\ +).*ADM1026/ $1$2REMOVED ADM1026/i; > > s/^\ \ ([0-9]+)(\ +).*Main\ board(.*)$/ $1$2REMOVED Main board$3/i; > 185a190 > > s/^\ \ ([0-9]+)(\ +)[0-9]+\ +[0-9]+\ +[0-9]+/ $1$2REMOVED REMOVED REMOVED/; > 218a224,272 > > # This routine parses "ls --full-time --color=never /config/ssl/ssl.crt" > > sub ShowSslCrt { > > my($INPUT, $OUTPUT, $cmd) = @_; > > my($line) = (0); > > print STDERR " In ShowSslCrt: $_" if ($debug); > > > > while (<$INPUT>) { > > tr/\015//d; > > # v9 software license does not have CR at EOF > > s/^#-+($prompt.*)/$1/; > > last if (/^$prompt/); > > next if (/^(\s*|\s*$cmd\s*)$/); > > return(1) if /^\s*\^\s*$/; > > return(1) if /(Invalid input detected|Type help or )/; > > return(-1) if (/command authorization failed/i); > > > > if (!$line++) { > > ProcessHistory("ShowSslCrt","","","#\n#/config/ssl/ssl.crt:\n"); > > } > > ProcessHistory("ShowSslCrt","","","# $_") && next; > > } > > return(0); > > } > > > > # This routine parses "ls --full-time --color=never /config/ssl/ssl.key" > > sub ShowSslKey { > > my($INPUT, $OUTPUT, $cmd) = @_; > > my($line) = (0); > > print STDERR " In ShowSslKey: $_" if ($debug); > > > > while (<$INPUT>) { > > tr/\015//d; > > # v9 software license does not have CR at EOF > > s/^#-+($prompt.*)/$1/; > > last if (/^$prompt/); > > next if (/^(\s*|\s*$cmd\s*)$/); > > return(1) if /^\s*\^\s*$/; > > return(1) if /(Invalid input detected|Type help or )/; > > return(-1) if (/command authorization failed/i); > > > > if (!$line++) { > > ProcessHistory("ShowSslKey","","","#\n#/config/ssl/ssl.key:\n"); > > } > > ProcessHistory("ShowSslKey","","","# $_") && next; > > } > > return(0); > > } > > > > > 290a345,347 > > return (1) if (/Syntax Error: unexpected argument/); > > return (0) if ($found_end); # Only run this routine once. > > > 297c354 > < $found_end++; > --- > > $found_end = 1; > > ******* > Also: > ******* > $ diff bigip.pm bigip12.pm > 1c1 > < package bigip; > --- > > package bigip12; > 75c75 > < $ENV{'TERM'} = "vt100-w"; > --- > > $ENV{'TERM'} = "vt100"; > ******* > And: > ******* > $ diff f5rancid f5rancid-v9 > 64c64,65 > < $ENV{'TERM'} = "vt100"; > --- > > #$ENV{'TERM'} = "vt100"; > > $ENV{'TERM'} = "vt100-w"; > 186a188,191 > > if (/^(\s*)community \S+/ && $filter_commstr) { > > ProcessHistory("SHOWBASE","","","# $1community \n"); > > next; > > } > 190a196,199 > > if (/^(\s*)password crypt \S+/) { > > ProcessHistory("SHOWBASE","","","# $1password crypt \n"); > > next; > > } > 225c234,236 > < > --- > > if (/^(.*)\.password = / && $filter_pwds >= 1) { > > ProcessHistory("SHOWDB","","","# $1.password = \n") && next; > > } > 269a281,286 > > if (/^(\s*)monitor state (up|down)$/) { > > ProcessHistory("SHOWDB","","","# $1monitor state \n") && next; > > } > > if (/^(\s*)community \S+/ && $filter_commstr) { > > ProcessHistory("SHOWDB","","","# $1community \n") && next; > > } > 277c294 > < if (/^(\s*)password / && $filter_pwds >= 1) { > --- > > if (/^(\s*)password (\w*)/ && $filter_pwds >= 1 && $2 ne "none") { > 427a445,447 > > return (1) if (/BIGpipe:.*: syntax error/); > > return (0) if ($found_end); # Only do this routine once > > > 441a462,465 > > if (/^(\s*)community \S+/ && $filter_commstr) { > > ProcessHistory("","","","# $1community \n") && next; > > } > > > 532a557 > > {'bigpipe list all' => 'WriteTerm'}, > ******* Kind Regards, Dan -- Kind Regards, Dan Kerse +64 29 920 3745 This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From Shaun.Krok at 888holdings.com Tue Sep 13 10:14:37 2016 From: Shaun.Krok at 888holdings.com (Shaun Krok) Date: Tue, 13 Sep 2016 10:14:37 +0000 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: <57FD84723C05BB4FA3BB5F66AC609F64011C29914C@XCH-IL-MB1.888holdings.corp> References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> <20160912193641.GE24562@shrubbery.net> <57FD84723C05BB4FA3BB5F66AC609F64011C29914C@XCH-IL-MB1.888holdings.corp> Message-ID: <57FD84723C05BB4FA3BB5F66AC609F64011C299842@XCH-IL-MB1.888holdings.corp> Hi So we have had success today on this issue ! As we knew the script was working when the BIG-IP cluster was in SYNC We focused on the prompt: 1. We tried to shorten the TMSH prompt for the specific user --- this did not work ?list cli preference prompt? cli preference { prompt { host user status current-folder config-sync-status } >>> removed config-sync-status and current-folder 2. We then shorted the BASH prompt on both chassis in the cluster ? everything is working 100% now even with changes-pending Thanks to all **** The way it is by default ******** if [ "$PS1" ]; then if [ -z "$PROMPT_COMMAND" ]; then case $TERM in xterm*) PS1='[$USER@$(getHostName):$(getPromptStatus)$(getAvcCount):$(getConfigSyncStatus)]\[\e]0;$(getHostName)\a\] \W \$ ' ;; screen) PS1='[$USER@$(getHostName):$(getPromptStatus)$(getAvcCount):$(getConfigSyncStatus)] \W \$ ' ;; *) PS1='[$USER@$(getHostName):$(getPromptStatus)$(getAvcCount):$(getConfigSyncStatus)] \W \$ ' ;; esac fi **** The way it is by now ******** if [ "$PS1" ]; then if [ -z "$PROMPT_COMMAND" ]; then case $TERM in xterm*) PS1='[$USER@$(getHostName)]:[$(getPromptStatus)]\[\e]0;$(getHostName)\a\] \W \$ ' ;; screen) PS1='[$USER@$(getHostName)]:[$(getPromptStatus)]\[\e]0;$(getHostName)\a\] \W \$ ' ;; *) PS1='[$USER@$(getHostName)]:[$(getPromptStatus)]\[\e]0;$(getHostName)\a\] \W \$ ' ;; esac fi Shaun Krok Network Team Herzliya Business Park Herzliya Pituach 46140 Israel Telephone: +972 (0)732889406 Mobile: +972 (0)50 2424381 email:shaun.krok at 888holdings.com [Description: Description: Description: Description: 888] [Description: 888] From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Shaun Krok Sent: Tuesday, September 13, 2016 8:42 AM To: Daniel Kerse ; heasley Cc: Nati Danan ; rancid-discuss at shrubbery.net Subject: Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) Thanks Daniel We have been using TERM=vt100-w since moving into 11.4 and greater In 11.6 rancid spits out a diff error : + #Warning, can't fully initialize terminal, TERM is set to "vt100-w", status (0) - But it still works Since moving to BIGIP 12.0 same error above but now missed cmd(s) I have shortened the prompt on the F5 because when the cluster is in SYNC we have no missed cmd(s) and a diff is created running on version 12.0 Waiting for the next cron run and will advise what happenes ! Old: cli preference { prompt { host user status current-folder config-sync-status } New: cli preference { alias-path { /Common } prompt { host user status config-sync-status } From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Daniel Kerse Sent: Tuesday, September 13, 2016 1:48 AM To: heasley > Cc: rancid-discuss at shrubbery.net; Nati Danan > Subject: Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) On Tue, Sep 13, 2016 at 7:36 AM heasley > wrote: Tue, Sep 13, 2016 at 12:40:10AM +1200, Daniel Kerse: > Hello Shaun et.al., > > Are you playing with the TERM environment variable at all? > Have you tried enabling debug on your cron job and then (re)checking: > 1. the logs? > 2. the resulting .raw files? > > I'm also running version 3.2 (the latest available under EPEL) with > some F5s of various vintage. > > Firstly to recap what is already known by this mailing list: > - circa BIG-IP v9.x -> v10.x the tmsh shell was introduced in addition > to the pre-existing bigpipe. > - circa BIG-IP v10.x -> v11.x the old bigpipe shell was removed. > - (At least for BIG-IP v11.x and earlier) you must set TERM=vt100-w in > order to run some commands. This problem would only become apparent Do you mean that it required that specific term type, or just that it required that term be set to something other than dumb or network? That specific terminal type is required in some cases. I think if the prompt plus the command gets longer than something like 80 characters you start getting control characters showing up in the middle of that line which causes a regex match to fail. This has been the topic of previous discussion: http://www.shrubbery.net/pipermail/rancid-discuss/2014-July/007767.html http://www.shrubbery.net/pipermail/rancid-discuss/2015-February/008038.html http://www.shrubbery.net/pipermail/rancid-discuss/2015-July/008603.html > when running via CRON, When running rancid manually at the CLI > everything looks honky dory.. In my case the following commands would > fail (via CRON): > "ls --full-time --color=never /config/ssl/ssl.crt" > "ls --full-time --color=never /config/ssl/ssl.key" > "tmsh show /net route static" > - Someone mentioned that you need to run "tmsh -q -c 'cd / \;list > recursive" to get everything out of the partitions. > - Was this circa v11.x? I forget. I need to do more research here > as I've almost got around that issue that had people setting up shell > scripts on their F5s to make it work... more on that later. I believe the "cd / ; list recursive" might required on 11.x (and presumably later) with partitions. http://www.shrubbery.net/pipermail/rancid-discuss/2014-August/007790.html If I ever get this to fallback gracefully to "list" I'll let you know. > > > Now here's the interesting thing I've noticed on v12.x . Perhaps this > is widely known in the F5 community but I haven't read about it > anywhere. > - Somewhere around BIG-IP v11.x -> v12.x the vt100-w terminal started > misbehaving. > - If I have TERM set to vt100-w and enable debug I see this error > message in the logs: > "Warning, can't fully initialize terminal, TERM is set to > "vt100-w", status (0)" that implies that the type is unknown or there is no pty. I tend to agree. Maybe this type is unknown to more recent versions of BIG-IP despite working in older releases. > - Now I think again if you run via CLI it might appear to work OK > but not via CRON. > > > So now you end up in a difficult situation in BIG-IP v12: > - TERM=vt100-w fails via CRON because it's broken > - TERM=network (or similar) fails via CRON because some commands > require it to stop the junk showing up mid-line. > - Either case works via CLI. > > So you can end up with a rather fiddly rancid.types.conf file. > Something like this (work in progress): > > # F5s running 9.3.1 seem to lack tmsh support so we will use a > (slightly modified) version of f5rancid > bigip-v9;script;f5rancid-v9 > bigip-v9;login;clogin > > # F5s running 11.4.1 and 12.0.0 seem to lack bigpipe support. > # For some reason turning off debug flag causes problems for "tmsh -q > -c 'cd / \;list recursive'" I don't know why. > bigip-v10-11;script;rancid -t bigip-v10-11 > bigip-v10-11;login;clogin > bigip-v10-11;module;bigip > bigip-v10-11;inloop;bigip::inloop > bigip-v10-11;command;bigip::ShowVersion;tmsh show /sys version > bigip-v10-11;command;bigip::ShowHardware;tmsh show /sys hardware > bigip-v10-11;command;bigip::ShowLicense;tmsh show /sys license > bigip-v10-11;command;bigip::ShowSslCrt;ls --full-time --color=never > /config/ssl/ssl.crt > bigip-v10-11;command;bigip::ShowSslKey;ls --full-time --color=never > /config/ssl/ssl.key > bigip-v10-11;command;bigip::ShowZebOSconf;cat /config/ZebOS.conf > bigip-v10-11;command;bigip::ShowZebOSsockets;lsof -i :179 > bigip-v10-11;command;bigip::ShowRouteStatic;tmsh show /net route static > # This one seems to get confused > #bigip-v10-11;command;bigip::WriteTerm;tmsh -q -c 'cd / \;list recursive' > bigip-v10-11;command;bigip::WriteTerm;tmsh -q list > > # F5s running 12.0.0 seem to lack support for vt100-w terminal type. > # Error Message: > # "Warning, can't fully initialize terminal, TERM is set to "vt100-w", > status (0)" > # As a result ShowSslCrt, ShowSslKey and ShowRouteStatic don't work. > # For some reason turning off debug flag causes problems for "tmsh -q > -c 'cd / \;list recursive'" I don't know why. > bigip-v12;script;rancid -dt bigip-v12 > bigip-v12;login;clogin > bigip-v12;module;bigip12 > bigip-v12;inloop;bigip12::inloop > bigip-v12;command;bigip12::ShowVersion;tmsh show /sys version > bigip-v12;command;bigip12::ShowHardware;tmsh show /sys hardware > bigip-v12;command;bigip12::ShowLicense;tmsh show /sys license > #bigip-v12;command;bigip12::ShowSslCrt;ls --full-time --color=never > /config/ssl/ssl.crt > #bigip-v12;command;bigip12::ShowSslKey;ls --full-time --color=never > /config/ssl/ssl.key > bigip-v12;command;bigip12::ShowZebOSconf;cat /config/ZebOS.conf > bigip-v12;command;bigip12::ShowZebOSsockets;lsof -i :179 > #bigip-v12;command;bigip12::ShowRouteStatic;tmsh show /net route static > #bigip-v12;command;bigip12::WriteTerm;tmsh -q -c 'cd / \;list recursive' > bigip-v12;command;bigip12::WriteTerm;tmsh -q list > > # Huawei support not provided out of the box, added after the fact. > # Let me know if you want me to post this, it's a bit OT for this thread.. > huawei;script;rancid -t huawei > huawei;login;hulogin > huawei;module;huawei > huawei;inloop;huawei::inloop > huawei;command;huawei::DisplayVersion;display version > huawei;command;huawei::DisplayPatchInfo;display patch-information > huawei;command;huawei::DisplayDevice;display esn > huawei;command;huawei::DisplayDevice;display device > huawei;command;huawei::DisplayDevice;display device manufacture-info > huawei;command;huawei::DisplayDevice;display device pic-status > huawei;command;huawei::DisplayElabel;display device elabel > huawei;command;huawei::DisplayElabel;display elabel > huawei;command;huawei::DisplayTransceiver;display interface transceiver > huawei;command;huawei::DisplayLicense;display license > huawei;command;huawei::WriteTerm;display current-configuration > > With also the following customizations: > > 1) To make "tmsh -q -c 'cd / \;list recursive'" do something useful > the following change to rancid.pm is required, otherwise the split is > too aggressive. > ******* > < my($type, $directive, $value, $value2) = split('\;'); > --- > > #my($type, $directive, $value, $value2) = split('\;'); > > my($type, $directive, $value, $value2) = split('\;', $_, 4); > ******* > 2) Following changes made to bigip.pm (from rancid 3.5). There might > be a bug here still as uncommenting the ";tmsh -q -c 'cd / \;list > recursive'" line above seems to lead to unnecessary reattempts at > config collection - but only when debug is disabled for some reason. > ******* > 5c5 > < ## rancid 3.5 > --- > > ## rancid 3.5 plus some customisations. > 66c66,67 > < use rancid 3.5; > --- > > #use rancid 3.5; > > use rancid 3.2; > 74c75 > < $ENV{'TERM'} = "vt100"; > --- > > $ENV{'TERM'} = "vt100-w"; > 183a185 > > s/^\ \ ([0-9]+)(\ +).*Air\ Outlet/ $1$2REMOVED Air Outlet/i; > 184a187,188 > > s/^\ \ ([0-9]+)(\ +).*ADM1026/ $1$2REMOVED ADM1026/i; > > s/^\ \ ([0-9]+)(\ +).*Main\ board(.*)$/ $1$2REMOVED Main board$3/i; > 185a190 > > s/^\ \ ([0-9]+)(\ +)[0-9]+\ +[0-9]+\ +[0-9]+/ $1$2REMOVED REMOVED REMOVED/; > 218a224,272 > > # This routine parses "ls --full-time --color=never /config/ssl/ssl.crt" > > sub ShowSslCrt { > > my($INPUT, $OUTPUT, $cmd) = @_; > > my($line) = (0); > > print STDERR " In ShowSslCrt: $_" if ($debug); > > > > while (<$INPUT>) { > > tr/\015//d; > > # v9 software license does not have CR at EOF > > s/^#-+($prompt.*)/$1/; > > last if (/^$prompt/); > > next if (/^(\s*|\s*$cmd\s*)$/); > > return(1) if /^\s*\^\s*$/; > > return(1) if /(Invalid input detected|Type help or )/; > > return(-1) if (/command authorization failed/i); > > > > if (!$line++) { > > ProcessHistory("ShowSslCrt","","","#\n#/config/ssl/ssl.crt:\n"); > > } > > ProcessHistory("ShowSslCrt","","","# $_") && next; > > } > > return(0); > > } > > > > # This routine parses "ls --full-time --color=never /config/ssl/ssl.key" > > sub ShowSslKey { > > my($INPUT, $OUTPUT, $cmd) = @_; > > my($line) = (0); > > print STDERR " In ShowSslKey: $_" if ($debug); > > > > while (<$INPUT>) { > > tr/\015//d; > > # v9 software license does not have CR at EOF > > s/^#-+($prompt.*)/$1/; > > last if (/^$prompt/); > > next if (/^(\s*|\s*$cmd\s*)$/); > > return(1) if /^\s*\^\s*$/; > > return(1) if /(Invalid input detected|Type help or )/; > > return(-1) if (/command authorization failed/i); > > > > if (!$line++) { > > ProcessHistory("ShowSslKey","","","#\n#/config/ssl/ssl.key:\n"); > > } > > ProcessHistory("ShowSslKey","","","# $_") && next; > > } > > return(0); > > } > > > > > 290a345,347 > > return (1) if (/Syntax Error: unexpected argument/); > > return (0) if ($found_end); # Only run this routine once. > > > 297c354 > < $found_end++; > --- > > $found_end = 1; > > ******* > Also: > ******* > $ diff bigip.pm bigip12.pm > 1c1 > < package bigip; > --- > > package bigip12; > 75c75 > < $ENV{'TERM'} = "vt100-w"; > --- > > $ENV{'TERM'} = "vt100"; > ******* > And: > ******* > $ diff f5rancid f5rancid-v9 > 64c64,65 > < $ENV{'TERM'} = "vt100"; > --- > > #$ENV{'TERM'} = "vt100"; > > $ENV{'TERM'} = "vt100-w"; > 186a188,191 > > if (/^(\s*)community \S+/ && $filter_commstr) { > > ProcessHistory("SHOWBASE","","","# $1community \n"); > > next; > > } > 190a196,199 > > if (/^(\s*)password crypt \S+/) { > > ProcessHistory("SHOWBASE","","","# $1password crypt \n"); > > next; > > } > 225c234,236 > < > --- > > if (/^(.*)\.password = / && $filter_pwds >= 1) { > > ProcessHistory("SHOWDB","","","# $1.password = \n") && next; > > } > 269a281,286 > > if (/^(\s*)monitor state (up|down)$/) { > > ProcessHistory("SHOWDB","","","# $1monitor state \n") && next; > > } > > if (/^(\s*)community \S+/ && $filter_commstr) { > > ProcessHistory("SHOWDB","","","# $1community \n") && next; > > } > 277c294 > < if (/^(\s*)password / && $filter_pwds >= 1) { > --- > > if (/^(\s*)password (\w*)/ && $filter_pwds >= 1 && $2 ne "none") { > 427a445,447 > > return (1) if (/BIGpipe:.*: syntax error/); > > return (0) if ($found_end); # Only do this routine once > > > 441a462,465 > > if (/^(\s*)community \S+/ && $filter_commstr) { > > ProcessHistory("","","","# $1community \n") && next; > > } > > > 532a557 > > {'bigpipe list all' => 'WriteTerm'}, > ******* Kind Regards, Dan -- Kind Regards, Dan Kerse +64 29 920 3745 This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 5415 bytes Desc: image001.gif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.gif Type: image/gif Size: 13717 bytes Desc: image002.gif URL: From heas at shrubbery.net Tue Sep 13 20:56:44 2016 From: heas at shrubbery.net (heasley) Date: Tue, 13 Sep 2016 20:56:44 +0000 Subject: [rancid] Creating a new rancid login file In-Reply-To: References: <20160910141645.GC68281@shrubbery.net> Message-ID: <20160913205644.GC56705@shrubbery.net> Mon, Sep 12, 2016 at 09:43:24PM +0000, Remsik,Robert: > Closer! > > I had to fix a couple id10t errors, and tell audiorancid that it's prompt is > versus #. > > Now it's dumping the entire raw file during one 'ProcessHistory' call. Is there a way to only have it dump the contents per calls (so we can get error messages per call) or just have it be okay with only one call? and not complain about all the other missed commands? see rancid(3). lmk if it doesnt answer your questions. there should be no 'missed commands'. they should all appear in the o/p from the device - they may have produced an error, but they should still appear. > Also, it's currently inserting ';' in front of almost all lines. Is there a way to not insert ';'s? Thats your calls doing that, not the function. From heas at shrubbery.net Tue Sep 13 21:57:23 2016 From: heas at shrubbery.net (heasley) Date: Tue, 13 Sep 2016 21:57:23 +0000 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> <20160912193641.GE24562@shrubbery.net> Message-ID: <20160913215723.GF56705@shrubbery.net> Mon, Sep 12, 2016 at 10:47:32PM +0000, Daniel Kerse: > On Tue, Sep 13, 2016 at 7:36 AM heasley wrote: > > > Tue, Sep 13, 2016 at 12:40:10AM +1200, Daniel Kerse: > > > Hello Shaun et.al., > > > > > > Are you playing with the TERM environment variable at all? > > > Have you tried enabling debug on your cron job and then (re)checking: > > > 1. the logs? > > > 2. the resulting .raw files? > > > > > > I'm also running version 3.2 (the latest available under EPEL) with > > > some F5s of various vintage. > > > > > > Firstly to recap what is already known by this mailing list: > > > - circa BIG-IP v9.x -> v10.x the tmsh shell was introduced in addition > > > to the pre-existing bigpipe. > > > - circa BIG-IP v10.x -> v11.x the old bigpipe shell was removed. > > > - (At least for BIG-IP v11.x and earlier) you must set TERM=vt100-w in > > > order to run some commands. This problem would only become apparent > > > > Do you mean that it required that specific term type, or just that it > > required that term be set to something other than dumb or network? > > > > That specific terminal type is required in some cases. I think if the > prompt plus the command gets longer than something like 80 characters you > start getting control characters showing up in the middle of that line > which causes a regex match to fail. > > This has been the topic of previous discussion: > http://www.shrubbery.net/pipermail/rancid-discuss/2014-July/007767.html > http://www.shrubbery.net/pipermail/rancid-discuss/2015-February/008038.html > http://www.shrubbery.net/pipermail/rancid-discuss/2015-July/008603.html is there a terminal type that omits the screen manipulation junk (esc codes) that is recognized by the f5? eg: dumb, network, ... and set the terminal width to 132. From spedersen.lists at gmail.com Tue Sep 13 23:54:30 2016 From: spedersen.lists at gmail.com (Sean) Date: Tue, 13 Sep 2016 16:54:30 -0700 Subject: [rancid] router.db and up/down notifications Message-ID: I'm curious about the default behavior/relationship between router.db and routers.down. I have rancid integrated with Observium, which auto-generates router.db once an hour based on the status of each device. If a router is down in Observium, it will modify router.db and mark it 'down'. rancid-run is configured to run five minutes later. In this case, would rancid send an ?unreachable? e-mail the next time it?s run? When they switched from "up" to "down" in router.db, I didn't receive an "unreachable" e-mail. When they were fixed and returned to "up," I received a "routers changed to up" email. This is the first time such a transition has taken place, i.e. first time any devices have been unreachable for any period of time since rancid was first run. What sort of behavior should I expect in this case? Might have just been timing, but I?d like to be sure. Searches have come up with little to go on other than formatting and the like. I have another rancid installation that sends both up and down notifications, but it's a stand-alone install without any automated router.db generation. I don't see any major differences in configuration, cron jobs, etc. other than who/what generates router.db. P.S. Right list this time. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Sep 14 09:37:44 2016 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 14 Sep 2016 11:37:44 +0200 Subject: [rancid] router.db and up/down notifications In-Reply-To: References: Message-ID: <3825ce24-8c40-a7e3-e73c-838c5ed92af8@gmail.com> On 14/09/2016 01:54, Sean wrote: > I'm curious about the default behavior/relationship between router.db > and routers.down. > > > > I have rancid integrated with Observium, which auto-generates router.db > once an hour based on the status of each device. If a router is down in > Observium, it will modify router.db and mark it 'down'. rancid-run is > configured to run five minutes later. router.db is in cvs IIRC. Does your data push from observium do a commit? > > > > In this case, would rancid send an ?unreachable? e-mail the next time > it?s run? When they switched from "up" to "down" in router.db, I didn't > receive an "unreachable" e-mail. When they were fixed and returned to > "up," I received a "routers changed to up" email. This is the first time > such a transition has taken place, i.e. first time any devices have been > unreachable for any period of time since rancid was first run. > > > > What sort of behavior should I expect in this case? Might have just been > timing, but I?d like to be sure. Searches have come up with little to go > on other than formatting and the like. > > > > I have another rancid installation that sends both up and down > notifications, but it's a stand-alone install without any automated > router.db generation. I don't see any major differences in > configuration, cron jobs, etc. other than who/what generates router.db. > > > > P.S. Right list this time. > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From spedersen.lists at gmail.com Wed Sep 14 13:20:07 2016 From: spedersen.lists at gmail.com (Sean) Date: Wed, 14 Sep 2016 06:20:07 -0700 Subject: [rancid] router.db and up/down notifications In-Reply-To: <3825ce24-8c40-a7e3-e73c-838c5ed92af8@gmail.com> References: <3825ce24-8c40-a7e3-e73c-838c5ed92af8@gmail.com> Message-ID: <396BA241-0045-439A-8955-DFEA65CEA976@gmail.com> It?s actually started to send down notifications again. The replaced device generated an SSH key mismatch, which caused it to become unreachable from rancid?s perspective. Had to clear known_hosts. Must have been a timing issue originally. On 9/14/16, 2:37 AM, "Rancid-discuss on behalf of Alan McKinnon" wrote: On 14/09/2016 01:54, Sean wrote: > I'm curious about the default behavior/relationship between router.db > and routers.down. > > > > I have rancid integrated with Observium, which auto-generates router.db > once an hour based on the status of each device. If a router is down in > Observium, it will modify router.db and mark it 'down'. rancid-run is > configured to run five minutes later. router.db is in cvs IIRC. Does your data push from observium do a commit? > > > > In this case, would rancid send an ?unreachable? e-mail the next time > it?s run? When they switched from "up" to "down" in router.db, I didn't > receive an "unreachable" e-mail. When they were fixed and returned to > "up," I received a "routers changed to up" email. This is the first time > such a transition has taken place, i.e. first time any devices have been > unreachable for any period of time since rancid was first run. > > > > What sort of behavior should I expect in this case? Might have just been > timing, but I?d like to be sure. Searches have come up with little to go > on other than formatting and the like. > > > > I have another rancid installation that sends both up and down > notifications, but it's a stand-alone install without any automated > router.db generation. I don't see any major differences in > configuration, cron jobs, etc. other than who/what generates router.db. > > > > P.S. Right list this time. > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From nicotine at warningg.com Wed Sep 14 13:48:23 2016 From: nicotine at warningg.com (Brandon Ewing) Date: Wed, 14 Sep 2016 08:48:23 -0500 Subject: [rancid] Lock individual router instead of group? Message-ID: Does anyone have a patch that would allow rancid-run to lock only a router name instead of a group-name when -r is used? We use syslog watching to trigger individual device runs to get a rudimentary blame log, but since all our routers are in the same group, some changes are mis-attributed due to locking. We can do it directly by running control_rancid instead, but that runs into the issue of garbled commits from race conditions if multiple changes are made. Any other solutions people have to resolve my root request (try to capture what user changed what lines) are also welcome. -- Brandon Ewing (nicotine at warningg.com) From heas at shrubbery.net Wed Sep 14 16:06:46 2016 From: heas at shrubbery.net (heasley) Date: Wed, 14 Sep 2016 16:06:46 +0000 Subject: [rancid] Lock individual router instead of group? In-Reply-To: References: Message-ID: <20160914160646.GB80448@shrubbery.net> Wed, Sep 14, 2016 at 08:48:23AM -0500, Brandon Ewing: > Does anyone have a patch that would allow rancid-run to lock only a > router name instead of a group-name when -r is used? We use syslog > watching to trigger individual device runs to get a rudimentary blame > log, but since all our routers are in the same group, some changes are > mis-attributed due to locking. We can do it directly by running > control_rancid instead, but that runs into the issue of garbled commits > from race conditions if multiple changes are made. I havent one, but am willing to look into it after I attend to existing work. > Any other solutions people have to resolve my root request (try to > capture what user changed what lines) are also welcome. we used command accounting when we had a problem individual(s). From Robert.Remsik at colostate.edu Wed Sep 14 20:12:08 2016 From: Robert.Remsik at colostate.edu (Remsik,Robert) Date: Wed, 14 Sep 2016 20:12:08 +0000 Subject: [rancid] Creating a new rancid login file In-Reply-To: <20160910141645.GC68281@shrubbery.net> References: , <20160910141645.GC68281@shrubbery.net> Message-ID: That gave me all the clues needed, thank you. Would it be helpful if I provided a copy of the audiorancid and audiologin files for others to use in the future? Robert Remsik ACNS Desk Phone: 970 491 7120 Robert.Remsik at colostate.edu ________________________________ From: heasley Sent: Saturday, September 10, 2016 8:16 AM To: Remsik,Robert Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Creating a new rancid login file Fri, Sep 09, 2016 at 09:30:26PM +0000, Remsik,Robert: > Hello! > > > I'm trying to create a new rancid login file for an audiocodes device and I need a little help debugging what's going on & how to fix it. > > > I've created audiologin which can successfully loginto and run all the commands required (per FAQ 3.2). However, when I try using audiorancid (based upon hrancid) to call audiologin I'm getting an error that it can't run the commands which does not make sense to me yet. What I see as a result of CLI running audiorancid is it's creating the file to write to(it shows up in the file system), and then it attempts to 'select' this file and then proceeds to error out. This doesn't make sense to me as the excerpt from hrancid (which works against HP switches), is identical (minus debug commands) and does not have this problem. Any help is appriciated! > > Thank you in advance, > > > > I've created the type 'ac' as defined in /etc/base.types.conf so when/if rancid-run gets ahold of it it'll find the correct files. > > ac;script;audiorancid > ac;login;audiologin > > rancid at server:~/var/rancid-3.4.99/logs$ audiorancid 10.174.0.247 > commandstr: show storage-history;show system active-alarms;show system assembly;show system feature;show system version;show voip firewall;show voip tls certificate;show running-config > Debug 1 > Debug 2 > 10.174.0.247: missed cmd(s): all commands try export NOPIPE=YES audiorancid -a ip that should leave an ip.raw file behind and may provide the cause. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Sep 14 22:47:58 2016 From: heas at shrubbery.net (heasley) Date: Wed, 14 Sep 2016 22:47:58 +0000 Subject: [rancid] Creating a new rancid login file In-Reply-To: References: <20160910141645.GC68281@shrubbery.net> Message-ID: <20160914224758.GO1075@shrubbery.net> Wed, Sep 14, 2016 at 08:12:08PM +0000, Remsik,Robert: > That gave me all the clues needed, thank you. oops; a typo in my example. that should have been -d, not -a > > Would it be helpful if I provided a copy of the audiorancid and audiologin files for others to use in the future? Cant hurt. > > try > export NOPIPE=YES > audiorancid -a ip > > that should leave an ip.raw file behind and may provide the cause. From heas at shrubbery.net Wed Sep 14 23:37:55 2016 From: heas at shrubbery.net (heasley) Date: Wed, 14 Sep 2016 23:37:55 +0000 Subject: [rancid] router.db and up/down notifications In-Reply-To: References: Message-ID: <20160914233755.GT1075@shrubbery.net> Tue, Sep 13, 2016 at 04:54:30PM -0700, Sean: > I'm curious about the default behavior/relationship between router.db and routers.down. > routers.down is solely for keeping track of what was 'down' in router.db. > I have rancid integrated with Observium, which auto-generates router.db once an hour based on the status of each device. If a router is down in Observium, it will modify router.db and mark it 'down'. rancid-run is configured to run five minutes later. > > In this case, would rancid send an ?unreachable? e-mail the next time it?s run? When they switched from "up" to "down" in router.db, I didn't receive an "unreachable" e-mail. When they were fixed and returned to "up," I received a "routers changed to up" email. This is the first time such a transition has taken place, i.e. first time any devices have been unreachable for any period of time since rancid was first run. > yes, thats right. if its 'down', rancid will not attempt contact it and there will be no 'not reached' email. i wouldnt expect a device to be allowed to remain down for too long. maybe don't change it to 'down' and adjust OLDTIME and MAX_ROUNDS in rancid.conf to achieve a goal of not complaining too much about 'not reachable', not having a up/down email and not wasting too much time collecting devices that are down. > What sort of behavior should I expect in this case? Might have just been timing, but I?d like to be sure. Searches have come up with little to go on other than formatting and the like. > > I have another rancid installation that sends both up and down notifications, but it's a stand-alone install without any automated router.db generation. I don't see any major differences in configuration, cron jobs, etc. other than who/what generates router.db. > > > > P.S. Right list this time. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From arrgghh at zoho.com Thu Sep 15 05:47:40 2016 From: arrgghh at zoho.com (Mathieu P) Date: Wed, 14 Sep 2016 22:47:40 -0700 Subject: [rancid] Urancid missed cmd(s): sort /tmp/system.cfg Message-ID: <1572c62e415.106d0ce448788.7155601970060360284@zoho.com> Hello, I am trying to backup my Ubiquiti AirOS devices with rancid on Centos 6. I edited rancid-fe and downloaded urancid from https://github.com/dotwaffle/rancid-git/tree/master/bin ulogin and clogin are working properly. Example: ./clogin -f ../.cloginrc -c "sort /tmp/system.cfg" 192.168.251.21 192.168.251.21 spawn ssh -x -l BW-Admin 192.168.251.21 BW-Admin at 192.168.251.21's password: KM ,ok0KNWW KM :NMMMMMMMM KM .. WMMMMMMMMM KM KM WMMMMMMMMM KM KM WMMMMMMMMM KM KM .. WMMMMMMMMM KM .. KM WMMMMMMMMM KM KM KM WMMMMMMMMM KMNXWM KM WMMMMMMMMK KMMMMMKONM WMMMMMMMW KMMMMMMMMM WMMMMMMM x lMMMMMMMMM WMMMMMN xK MMMMMMMMMl ,WMMMP dXM: lMMMMMMMMx . ,,,aaadXMMd lNMMMMMMW: XOxolcclodOKMMMMWc lXMMMMMNc lMMMMMMMMMMMMNo. llONMMM0c lMMMMMMNOo' 'lMN;. lMWl' [...] wpasupplicant.profile.1.network.1.psk=BWN at t4MYM@(#!^ wpasupplicant.status=disabled XM.v5.6.8#exit Connection to 192.168.251.21 closed. So it connects properly to my test device and provide the output Same result for ulogin. However when I try to launch urancid: [rancid at localhost bin]$ ./urancid -f ../.cloginrc 192.168.251.21 ../.cloginrc: missed cmd(s): sort /tmp/system.cfg ../.cloginrc: End of run not found # -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at yahoo.com Thu Sep 15 15:02:41 2016 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Thu, 15 Sep 2016 15:02:41 +0000 (UTC) Subject: [rancid] Looking Glass References: <1395384258.330886.1473951761833.ref@mail.yahoo.com> Message-ID: <1395384258.330886.1473951761833@mail.yahoo.com> Need some help. ?I've got looking glass setup using Apache 2.4 on FreeBSD 10.3 Jails. ?I am able to get to the website. ?However when I try to initiate any command from the web form it says this in the logs: [Wed Sep 14 22:49:57.553398 2016] [cgi:error] [pid 24787] [client 10.150.1.125:44928] AH01215: still waiting for ./tmp/asm-asa lock after 45 seconds at /usr/local/lib/perl5/site_perl/LockFile/Simple.pm line 206.: /usr/local/www/apache24/cgi-bin/lg.cgi, referer: http://rancid3svn.borg.local/cgi-bin/lgform.cgi[Wed Sep 14 22:50:22.605456 2016] [cgi:error] [pid 24787] [client 10.150.1.125:44928] AH01215: still waiting for ./tmp/asm-asa lock after 70 seconds at /usr/local/lib/perl5/site_perl/LockFile/Simple.pm line 206.: /usr/local/www/apache24/cgi-bin/lg.cgi, referer: http://rancid3svn.borg.local/cgi-bin/lgform.cgi[Wed Sep 14 22:50:47.742317 2016] [cgi:error] [pid 24787] [client 10.150.1.125:44928] AH01215: still waiting for ./tmp/asm-asa lock after 95 seconds at /usr/local/lib/perl5/site_perl/LockFile/Simple.pm line 206.: /usr/local/www/apache24/cgi-bin/lg.cgi, referer: http://rancid3svn.borg.local/cgi-bin/lgform.cgi[Wed Sep 14 22:51:12.818785 2016] [cgi:error] [pid 24787] [client 10.150.1.125:44928] AH01215: still waiting for ./tmp/asm-asa lock after 120 seconds at /usr/local/lib/perl5/site_perl/LockFile/Simple.pm line 206.: /usr/local/www/apache24/cgi-bin/lg.cgi, referer: http://rancid3svn.borg.local/cgi-bin/lgform.cgi[Wed Sep 14 22:51:37.899063 2016] [cgi:error] [pid 24787] [client 10.150.1.125:44928] AH01215: still waiting for ./tmp/asm-asa lock after 145 seconds at /usr/local/lib/perl5/site_perl/LockFile/Simple.pm line 206.: /usr/local/www/apache24/cgi-bin/lg.cgi, referer: http://rancid3svn.borg.local/cgi-bin/lgform.cgi Is there something else I need to setup? I'm not sure if i'm missing a perl package or something. Here is my apache config: LoadModule cgi_module libexec/apache24/mod_cgi.soLoadModule fcgid_module libexec/apache24/mod_fcgid.so? ? ? AddHandler fcgid-script .fcgi? ServerName lookingglass.borg.local? ? ?Options Includes ExecCGI FollowSymlinks SymLinksIfOwnerMatch? ? ?AllowOverride All? ? ?DirectoryIndex lgform.cgi index.html? ? ?Require all granted root at rancid3svn:/usr/local/www/apache24/cgi-bin # ls -latotal 69drwxr-xr-x ?3 root ?wheel ? ? 10 Sep 15 10:02 .drwxr-xr-x ?7 root ?wheel ? ? ?7 Sep 14 17:09 ..-rw-r--r-x ?1 root ?wheel ? ?490 Sep 14 22:31 index.htmldrwxr-xr-x ?2 root ?wheel ? ? ?7 Sep 14 21:32 lg-rwxr-xr-x ?1 root ?wheel ?27117 Sep 15 08:01 lg.cgi-rwxr-xr-x ?1 root ?wheel ? 7820 Sep 14 22:30 lgform.cgi-rw-r--r-x ?1 root ?wheel ? 2607 Sep 14 22:31 lgnotes.html-r-------- ?1 root ?wheel ? ?820 Dec 17 ?2012 printenvlrwxr-xr-x ?1 root ?wheel ? ? 47 Sep 14 21:32 routers.db -> /usr/local/var/rancid/NetworkDevices/routers.db-r-------- ?1 root ?wheel ? 1261 Dec 17 ?2012 test-cgi -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Sep 15 15:28:52 2016 From: heas at shrubbery.net (heasley) Date: Thu, 15 Sep 2016 15:28:52 +0000 Subject: [rancid] Looking Glass In-Reply-To: <1395384258.330886.1473951761833@mail.yahoo.com> References: <1395384258.330886.1473951761833.ref@mail.yahoo.com> <1395384258.330886.1473951761833@mail.yahoo.com> Message-ID: <20160915152852.GE29287@shrubbery.net> Thu, Sep 15, 2016 at 03:02:41PM +0000, Andrew Meyer: > Need some help. ?I've got looking glass setup using Apache 2.4 on FreeBSD 10.3 Jails. ?I am able to get to the website. ?However when I try to initiate any command from the web form it says this in the logs: could you please resend the logs and config as attachments? They arrived as one long concatenated line and I'm going to try to parse that. From heas at shrubbery.net Thu Sep 15 15:43:32 2016 From: heas at shrubbery.net (heasley) Date: Thu, 15 Sep 2016 15:43:32 +0000 Subject: [rancid] Urancid missed cmd(s): sort /tmp/system.cfg In-Reply-To: <1572c62e415.106d0ce448788.7155601970060360284@zoho.com> References: <1572c62e415.106d0ce448788.7155601970060360284@zoho.com> Message-ID: <20160915154332.GH29287@shrubbery.net> Wed, Sep 14, 2016 at 10:47:40PM -0700, Mathieu P: > Hello, > > > > I am trying to backup my Ubiquiti AirOS devices with rancid on Centos 6. I edited rancid-fe and downloaded urancid from https://github.com/dotwaffle/rancid-git/tree/master/bin > > However when I try to launch urancid: > > [rancid at localhost bin]$ ./urancid -f ../.cloginrc 192.168.251.21 > > ../.cloginrc: missed cmd(s): sort /tmp/system.cfg > > ../.cloginrc: End of run not found > > # when this occurs, the most likely problem is that the function handling the preceeding command ate more of the output than it should have. From mploton at gmail.com Thu Sep 15 16:31:36 2016 From: mploton at gmail.com (Mathieu Ploton) Date: Thu, 15 Sep 2016 23:01:36 +0630 Subject: [rancid] Urancid missed cmd(s): sort /tmp/system.cfg In-Reply-To: <20160915154332.GH29287@shrubbery.net> References: <1572c62e415.106d0ce448788.7155601970060360284@zoho.com> <20160915154332.GH29287@shrubbery.net> Message-ID: The problem is that the output comes too fast. With clogin, I have to wait a few sec for the ssh connection to be authentified. With urancid, the error message comes instantly. So it does not even try to connect. On Sep 15, 2016 10:13 PM, "heasley" wrote: > Wed, Sep 14, 2016 at 10:47:40PM -0700, Mathieu P: > > Hello, > > > > > > > > I am trying to backup my Ubiquiti AirOS devices with rancid on Centos 6. > I edited rancid-fe and downloaded urancid from > https://github.com/dotwaffle/rancid-git/tree/master/bin > > > > > However when I try to launch urancid: > > > > [rancid at localhost bin]$ ./urancid -f ../.cloginrc 192.168.251.21 > > > > ../.cloginrc: missed cmd(s): sort /tmp/system.cfg > > > > ../.cloginrc: End of run not found > > > > # > > when this occurs, the most likely problem is that the function handling > the preceeding command ate more of the output than it should have. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ambroise at toleressea.fr Thu Sep 15 20:17:05 2016 From: ambroise at toleressea.fr (Ambroise) Date: Thu, 15 Sep 2016 22:17:05 +0200 Subject: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) In-Reply-To: <57FD84723C05BB4FA3BB5F66AC609F64011C299842@XCH-IL-MB1.888holdings.corp> References: <57FD84723C05BB4FA3BB5F66AC609F64011C296A7B@XCH-IL-MB1.888holdings.corp> <1b20df83-d5cd-ad29-842b-09a73d067a23@gmail.com> <57FD84723C05BB4FA3BB5F66AC609F64011C296C56@XCH-IL-MB1.888holdings.corp> <20160912193641.GE24562@shrubbery.net> <57FD84723C05BB4FA3BB5F66AC609F64011C29914C@XCH-IL-MB1.888holdings.corp> <57FD84723C05BB4FA3BB5F66AC609F64011C299842@XCH-IL-MB1.888holdings.corp> Message-ID: Hi, I have the same issue in our company. The solution is to add the command "stty cols 255" before to send any command in expect script (the command should be passed in bash mode). Ambroise On 13/09/2016 12:14, Shaun Krok wrote: > Hi > > > > So we have had success today on this issue ! > > > > As we knew the script was working when the BIG-IP cluster was in SYNC > > We focused on the prompt: > > 1. We tried to shorten the TMSH prompt for the specific user --- > this did not work ?list cli preference prompt? > > cli preference { > > prompt { host user status current-folder config-sync-status } >>> > removed config-sync-status and current-folder > > > > 2. We then shorted the BASH prompt on both chassis in the cluster > ? everything is working 100% now even with changes-pending > > > > Thanks to all > > > > > > **** The way it is by default ******** > > if [ "$PS1" ]; then > > if [ -z "$PROMPT_COMMAND" ]; then > > case $TERM in > > xterm*) > > > PS1='[$USER@$(getHostName):$(getPromptStatus)$(getAvcCount):$(getConfigSyncStatus)]\[\e]0;$(getHostName)\a\] > \W \$ ' > > ;; > > screen) > > > PS1='[$USER@$(getHostName):$(getPromptStatus)$(getAvcCount):$(getConfigSyncStatus)] > \W \$ ' > > ;; > > *) > > > PS1='[$USER@$(getHostName):$(getPromptStatus)$(getAvcCount):$(getConfigSyncStatus)] > \W \$ ' > > ;; > > esac > > fi > > > > **** The way it is by now ******** > > > > if [ "$PS1" ]; then > > if [ -z "$PROMPT_COMMAND" ]; then > > case $TERM in > > xterm*) > > > PS1='[$USER@$(getHostName)]:[$(getPromptStatus)]\[\e]0;$(getHostName)\a\] \W > \$ ' > > ;; > > screen) > > > PS1='[$USER@$(getHostName)]:[$(getPromptStatus)]\[\e]0;$(getHostName)\a\] \W > \$ ' > > ;; > > *) > > > PS1='[$USER@$(getHostName)]:[$(getPromptStatus)]\[\e]0;$(getHostName)\a\] \W > \$ ' > > ;; > > esac > > fi > > > > > > *Shaun Krok* > > Network Team > > > > Herzliya Business Park > > Herzliya Pituach 46140 > > Israel > > > > Telephone: +972 (0)732889406 > > Mobile: +972 (0)50 2424381 > > *email**:shaun.krok at 888holdings.com* > > * * > > *Description: Description: Description: Description: 888* > > Description: 888 > > > > > > > > *From:*Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] *On > Behalf Of *Shaun Krok > *Sent:* Tuesday, September 13, 2016 8:42 AM > *To:* Daniel Kerse ; heasley > *Cc:* Nati Danan ; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) > > > > Thanks Daniel > > > > We have been using TERM=vt100-w since moving into 11.4 and greater > > In 11.6 rancid spits out a diff error : > > + #Warning, can't fully initialize terminal, TERM is set to "vt100-w", > status (0) - But it still works > > > > Since moving to BIGIP 12.0 same error above but now missed cmd(s) > > > > I have shortened the prompt on the F5 because when the cluster is in > SYNC we have no missed cmd(s) and a diff is created running on version 12.0 > > Waiting for the next cron run and will advise what happenes ! > > > > Old: > > cli preference { > > prompt { host user status current-folder config-sync-status } > > New: > > cli preference { > > alias-path { /Common } > > prompt { host user status config-sync-status } > > > > > > > > *From:*Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] *On > Behalf Of *Daniel Kerse > *Sent:* Tuesday, September 13, 2016 1:48 AM > *To:* heasley > > *Cc:* rancid-discuss at shrubbery.net > ; Nati Danan > > > *Subject:* Re: [rancid] F5 Rancid | BIGIP 12.0 | missed cmd(s) > > > > > > On Tue, Sep 13, 2016 at 7:36 AM heasley > wrote: > > Tue, Sep 13, 2016 at 12:40:10AM +1200, Daniel Kerse: > > Hello Shaun et.al ., > > > > Are you playing with the TERM environment variable at all? > > Have you tried enabling debug on your cron job and then (re)checking: > > 1. the logs? > > 2. the resulting .raw files? > > > > I'm also running version 3.2 (the latest available under EPEL) with > > some F5s of various vintage. > > > > Firstly to recap what is already known by this mailing list: > > - circa BIG-IP v9.x -> v10.x the tmsh shell was introduced in addition > > to the pre-existing bigpipe. > > - circa BIG-IP v10.x -> v11.x the old bigpipe shell was removed. > > - (At least for BIG-IP v11.x and earlier) you must set TERM=vt100-w in > > order to run some commands. This problem would only become apparent > > Do you mean that it required that specific term type, or just that it > required that term be set to something other than dumb or network? > > > > That specific terminal type is required in some cases. I think if the > prompt plus the command gets longer than something like 80 characters > you start getting control characters showing up in the middle of that > line which causes a regex match to fail. > > > > This has been the topic of previous discussion: > > http://www.shrubbery.net/pipermail/rancid-discuss/2014-July/007767.html > > http://www.shrubbery.net/pipermail/rancid-discuss/2015-February/008038.html > > http://www.shrubbery.net/pipermail/rancid-discuss/2015-July/008603.html > > > > > > when running via CRON, When running rancid manually at the CLI > > everything looks honky dory.. In my case the following commands would > > fail (via CRON): > > "ls --full-time --color=never /config/ssl/ssl.crt" > > "ls --full-time --color=never /config/ssl/ssl.key" > > "tmsh show /net route static" > > - Someone mentioned that you need to run "tmsh -q -c 'cd / \;list > > recursive" to get everything out of the partitions. > > - Was this circa v11.x? I forget. I need to do more research here > > as I've almost got around that issue that had people setting up shell > > scripts on their F5s to make it work... more on that later. > > > > I believe the "cd / ; list recursive" might required on 11.x (and > presumably later) with partitions. > > http://www.shrubbery.net/pipermail/rancid-discuss/2014-August/007790.html > > If I ever get this to fallback gracefully to "list" I'll let you know. > > > > > > > > > Now here's the interesting thing I've noticed on v12.x . Perhaps this > > is widely known in the F5 community but I haven't read about it > > anywhere. > > - Somewhere around BIG-IP v11.x -> v12.x the vt100-w terminal started > > misbehaving. > > - If I have TERM set to vt100-w and enable debug I see this error > > message in the logs: > > "Warning, can't fully initialize terminal, TERM is set to > > "vt100-w", status (0)" > > that implies that the type is unknown or there is no pty. > > > > I tend to agree. Maybe this type is unknown to more recent versions of > BIG-IP despite working in older releases. > > > > > > - Now I think again if you run via CLI it might appear to work OK > > but not via CRON. > > > > > > So now you end up in a difficult situation in BIG-IP v12: > > - TERM=vt100-w fails via CRON because it's broken > > - TERM=network (or similar) fails via CRON because some commands > > require it to stop the junk showing up mid-line. > > - Either case works via CLI. > > > > So you can end up with a rather fiddly rancid.types.conf file. > > Something like this (work in progress): > > > > # F5s running 9.3.1 seem to lack tmsh support so we will use a > > (slightly modified) version of f5rancid > > bigip-v9;script;f5rancid-v9 > > bigip-v9;login;clogin > > > > # F5s running 11.4.1 and 12.0.0 seem to lack bigpipe support. > > # For some reason turning off debug flag causes problems for "tmsh -q > > -c 'cd / \;list recursive'" I don't know why. > > bigip-v10-11;script;rancid -t bigip-v10-11 > > bigip-v10-11;login;clogin > > bigip-v10-11;module;bigip > > bigip-v10-11;inloop;bigip::inloop > > bigip-v10-11;command;bigip::ShowVersion;tmsh show /sys version > > bigip-v10-11;command;bigip::ShowHardware;tmsh show /sys hardware > > bigip-v10-11;command;bigip::ShowLicense;tmsh show /sys license > > bigip-v10-11;command;bigip::ShowSslCrt;ls --full-time --color=never > > /config/ssl/ssl.crt > > bigip-v10-11;command;bigip::ShowSslKey;ls --full-time --color=never > > /config/ssl/ssl.key > > bigip-v10-11;command;bigip::ShowZebOSconf;cat /config/ZebOS.conf > > bigip-v10-11;command;bigip::ShowZebOSsockets;lsof -i :179 > > bigip-v10-11;command;bigip::ShowRouteStatic;tmsh show /net route > static > > # This one seems to get confused > > #bigip-v10-11;command;bigip::WriteTerm;tmsh -q -c 'cd / \;list > recursive' > > bigip-v10-11;command;bigip::WriteTerm;tmsh -q list > > > > # F5s running 12.0.0 seem to lack support for vt100-w terminal type. > > # Error Message: > > # "Warning, can't fully initialize terminal, TERM is set to "vt100-w", > > status (0)" > > # As a result ShowSslCrt, ShowSslKey and ShowRouteStatic don't work. > > # For some reason turning off debug flag causes problems for "tmsh -q > > -c 'cd / \;list recursive'" I don't know why. > > bigip-v12;script;rancid -dt bigip-v12 > > bigip-v12;login;clogin > > bigip-v12;module;bigip12 > > bigip-v12;inloop;bigip12::inloop > > bigip-v12;command;bigip12::ShowVersion;tmsh show /sys version > > bigip-v12;command;bigip12::ShowHardware;tmsh show /sys hardware > > bigip-v12;command;bigip12::ShowLicense;tmsh show /sys license > > #bigip-v12;command;bigip12::ShowSslCrt;ls --full-time --color=never > > /config/ssl/ssl.crt > > #bigip-v12;command;bigip12::ShowSslKey;ls --full-time --color=never > > /config/ssl/ssl.key > > bigip-v12;command;bigip12::ShowZebOSconf;cat /config/ZebOS.conf > > bigip-v12;command;bigip12::ShowZebOSsockets;lsof -i :179 > > #bigip-v12;command;bigip12::ShowRouteStatic;tmsh show /net route > static > > #bigip-v12;command;bigip12::WriteTerm;tmsh -q -c 'cd / \;list > recursive' > > bigip-v12;command;bigip12::WriteTerm;tmsh -q list > > > > # Huawei support not provided out of the box, added after the fact. > > # Let me know if you want me to post this, it's a bit OT for this > thread.. > > huawei;script;rancid -t huawei > > huawei;login;hulogin > > huawei;module;huawei > > huawei;inloop;huawei::inloop > > huawei;command;huawei::DisplayVersion;display version > > huawei;command;huawei::DisplayPatchInfo;display patch-information > > huawei;command;huawei::DisplayDevice;display esn > > huawei;command;huawei::DisplayDevice;display device > > huawei;command;huawei::DisplayDevice;display device manufacture-info > > huawei;command;huawei::DisplayDevice;display device pic-status > > huawei;command;huawei::DisplayElabel;display device elabel > > huawei;command;huawei::DisplayElabel;display elabel > > huawei;command;huawei::DisplayTransceiver;display interface > transceiver > > huawei;command;huawei::DisplayLicense;display license > > huawei;command;huawei::WriteTerm;display current-configuration > > > > With also the following customizations: > > > > 1) To make "tmsh -q -c 'cd / \;list recursive'" do something useful > > the following change to rancid.pm is required, > otherwise the split is > > too aggressive. > > ******* > > < my($type, $directive, $value, $value2) = split('\;'); > > --- > > > #my($type, $directive, $value, $value2) = split('\;'); > > > my($type, $directive, $value, $value2) = split('\;', > $_, 4); > > ******* > > 2) Following changes made to bigip.pm (from > rancid 3.5). There might > > be a bug here still as uncommenting the ";tmsh -q -c 'cd / \;list > > recursive'" line above seems to lead to unnecessary reattempts at > > config collection - but only when debug is disabled for some reason. > > ******* > > 5c5 > > < ## rancid 3.5 > > --- > > > ## rancid 3.5 plus some customisations. > > 66c66,67 > > < use rancid 3.5; > > --- > > > #use rancid 3.5; > > > use rancid 3.2; > > 74c75 > > < $ENV{'TERM'} = "vt100"; > > --- > > > $ENV{'TERM'} = "vt100-w"; > > 183a185 > > > s/^\ \ ([0-9]+)(\ +).*Air\ Outlet/ $1$2REMOVED Air > Outlet/i; > > 184a187,188 > > > s/^\ \ ([0-9]+)(\ +).*ADM1026/ $1$2REMOVED ADM1026/i; > > > s/^\ \ ([0-9]+)(\ +).*Main\ board(.*)$/ $1$2REMOVED > Main board$3/i; > > 185a190 > > > s/^\ \ ([0-9]+)(\ +)[0-9]+\ +[0-9]+\ +[0-9]+/ > $1$2REMOVED REMOVED REMOVED/; > > 218a224,272 > > > # This routine parses "ls --full-time --color=never > /config/ssl/ssl.crt" > > > sub ShowSslCrt { > > > my($INPUT, $OUTPUT, $cmd) = @_; > > > my($line) = (0); > > > print STDERR " In ShowSslCrt: $_" if ($debug); > > > > > > while (<$INPUT>) { > > > tr/\015//d; > > > # v9 software license does not have CR at EOF > > > s/^#-+($prompt.*)/$1/; > > > last if (/^$prompt/); > > > next if (/^(\s*|\s*$cmd\s*)$/); > > > return(1) if /^\s*\^\s*$/; > > > return(1) if /(Invalid input detected|Type help or )/; > > > return(-1) if (/command authorization failed/i); > > > > > > if (!$line++) { > > > > ProcessHistory("ShowSslCrt","","","#\n#/config/ssl/ssl.crt:\n"); > > > } > > > ProcessHistory("ShowSslCrt","","","# $_") && next; > > > } > > > return(0); > > > } > > > > > > # This routine parses "ls --full-time --color=never > /config/ssl/ssl.key" > > > sub ShowSslKey { > > > my($INPUT, $OUTPUT, $cmd) = @_; > > > my($line) = (0); > > > print STDERR " In ShowSslKey: $_" if ($debug); > > > > > > while (<$INPUT>) { > > > tr/\015//d; > > > # v9 software license does not have CR at EOF > > > s/^#-+($prompt.*)/$1/; > > > last if (/^$prompt/); > > > next if (/^(\s*|\s*$cmd\s*)$/); > > > return(1) if /^\s*\^\s*$/; > > > return(1) if /(Invalid input detected|Type help or )/; > > > return(-1) if (/command authorization failed/i); > > > > > > if (!$line++) { > > > > ProcessHistory("ShowSslKey","","","#\n#/config/ssl/ssl.key:\n"); > > > } > > > ProcessHistory("ShowSslKey","","","# $_") && next; > > > } > > > return(0); > > > } > > > > > > > > 290a345,347 > > > return (1) if (/Syntax Error: unexpected argument/); > > > return (0) if ($found_end); # Only run this routine once. > > > > > 297c354 > > < $found_end++; > > --- > > > $found_end = 1; > > > > ******* > > Also: > > ******* > > $ diff bigip.pm bigip12.pm > > 1c1 > > < package bigip; > > --- > > > package bigip12; > > 75c75 > > < $ENV{'TERM'} = "vt100-w"; > > --- > > > $ENV{'TERM'} = "vt100"; > > ******* > > And: > > ******* > > $ diff f5rancid f5rancid-v9 > > 64c64,65 > > < $ENV{'TERM'} = "vt100"; > > --- > > > #$ENV{'TERM'} = "vt100"; > > > $ENV{'TERM'} = "vt100-w"; > > 186a188,191 > > > if (/^(\s*)community \S+/ && $filter_commstr) { > > > ProcessHistory("SHOWBASE","","","# $1community > \n"); > > > next; > > > } > > 190a196,199 > > > if (/^(\s*)password crypt \S+/) { > > > ProcessHistory("SHOWBASE","","","# $1password crypt > \n"); > > > next; > > > } > > 225c234,236 > > < > > --- > > > if (/^(.*)\.password = / && $filter_pwds >= 1) { > > > ProcessHistory("SHOWDB","","","# $1.password = > \n") && next; > > > } > > 269a281,286 > > > if (/^(\s*)monitor state (up|down)$/) { > > > ProcessHistory("SHOWDB","","","# $1monitor state > \n") && next; > > > } > > > if (/^(\s*)community \S+/ && $filter_commstr) { > > > ProcessHistory("SHOWDB","","","# $1community > \n") && next; > > > } > > 277c294 > > < if (/^(\s*)password / && $filter_pwds >= 1) { > > --- > > > if (/^(\s*)password (\w*)/ && $filter_pwds >= 1 && $2 ne > "none") { > > 427a445,447 > > > return (1) if (/BIGpipe:.*: syntax error/); > > > return (0) if ($found_end); # Only do this > routine once > > > > > 441a462,465 > > > if (/^(\s*)community \S+/ && $filter_commstr) { > > > ProcessHistory("","","","# $1community \n") > && next; > > > } > > > > > 532a557 > > > {'bigpipe list all' => 'WriteTerm'}, > > ******* > > > > Kind Regards, > > Dan > > -- > > Kind Regards, > Dan Kerse > +64 29 920 3745 > > > > This email message and its attachments are for the sole use of the > intended recipient(s) and may not be shared with any other party. They > may contain confidential information of 888 Holdings plc or its direct > and indirect subsidiaries (together, the ?888 Group?) and are to be > regarded as confidential information under any non-disclosure agreement. > Any review, use, disclosure or distribution by persons or entities other > than the intended recipient(s) is prohibited. Nothing in this message is > capable of or intended to create any legally binding obligation. The 888 > Group will only ever assume a legally binding obligation where recorded > in a written agreement duly executed by the authorized signatories of > the relevant 888 Group company. The 888 Group accepts no liability for > any personal views expressed in this message. If you are not the > intended recipient, please contact the sender by return and destroy all > copies of the original message and its attachments. Thank you > > > > This email message and its attachments are for the sole use of the > intended recipient(s) and may not be shared with any other party. They > may contain confidential information of 888 Holdings plc or its direct > and indirect subsidiaries (together, the ?888 Group?) and are to be > regarded as confidential information under any non-disclosure agreement. > Any review, use, disclosure or distribution by persons or entities other > than the intended recipient(s) is prohibited. Nothing in this message is > capable of or intended to create any legally binding obligation. The 888 > Group will only ever assume a legally binding obligation where recorded > in a written agreement duly executed by the authorized signatories of > the relevant 888 Group company. The 888 Group accepts no liability for > any personal views expressed in this message. If you are not the > intended recipient, please contact the sender by return and destroy all > copies of the original message and its attachments. Thank you > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From heas at shrubbery.net Thu Sep 15 21:10:17 2016 From: heas at shrubbery.net (heasley) Date: Thu, 15 Sep 2016 21:10:17 +0000 Subject: [rancid] Urancid missed cmd(s): sort /tmp/system.cfg In-Reply-To: References: <1572c62e415.106d0ce448788.7155601970060360284@zoho.com> <20160915154332.GH29287@shrubbery.net> Message-ID: <20160915211017.GK32425@shrubbery.net> Thu, Sep 15, 2016 at 11:01:36PM +0630, Mathieu Ploton: > The problem is that the output comes too fast. > > With clogin, I have to wait a few sec for the ssh connection to be > authentified. > With urancid, the error message comes instantly. So it does not even try to > connect. > > On Sep 15, 2016 10:13 PM, "heasley" wrote: > > > Wed, Sep 14, 2016 at 10:47:40PM -0700, Mathieu P: > > > Hello, > > > > > > > > > > > > I am trying to backup my Ubiquiti AirOS devices with rancid on Centos 6. > > I edited rancid-fe and downloaded urancid from > > https://github.com/dotwaffle/rancid-git/tree/master/bin > > > > > > > > However when I try to launch urancid: > > > > > > [rancid at localhost bin]$ ./urancid -f ../.cloginrc 192.168.251.21 -f arg is probably not what you think it is. > > > ../.cloginrc: missed cmd(s): sort /tmp/system.cfg > > > > > > ../.cloginrc: End of run not found > > > > > > # > > > > when this occurs, the most likely problem is that the function handling > > the preceeding command ate more of the output than it should have. > > > > From Charles.Brooks at hbcs.org Fri Sep 16 00:27:01 2016 From: Charles.Brooks at hbcs.org (Charles T. Brooks) Date: Fri, 16 Sep 2016 00:27:01 +0000 Subject: [rancid] anyone have modules for Ubiquiti or Ironport? Message-ID: Google says there used to be rancid support for the Cisco Ironport family of devices (but all the links it returns are dead) and I see at least one of the rancid forks supports Ubiqiti. I'd prefer to stick with Mr. Heasley's mainstream, and I'm willing to build my own modules, but I figured I'd ask here first. Does anyone have ironport or ubiqiti devices they are successfully monitoring with rancid, and if so, can you tell me how you did it? Thanks! --Charlie ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- From mploton at gmail.com Fri Sep 16 03:30:11 2016 From: mploton at gmail.com (Mathieu Ploton) Date: Fri, 16 Sep 2016 10:00:11 +0630 Subject: [rancid] Urancid missed cmd(s): sort /tmp/system.cfg In-Reply-To: <20160915211017.GK32425@shrubbery.net> References: <1572c62e415.106d0ce448788.7155601970060360284@zoho.com> <20160915154332.GH29287@shrubbery.net> <20160915211017.GK32425@shrubbery.net> Message-ID: This is what it does without: [root at localhost bin]# ./urancid 192.168.251.21 192.168.251.21 /usr/local/rancid/bin/clogin error: Error: password file (/root/.cloginrc) does not exist 192.168.251.21: missed cmd(s): sort /tmp/system.cfg 192.168.251.21: End of run not found So I believe -f is being used by clogin properly. On Fri, Sep 16, 2016 at 3:40 AM, heasley wrote: > Thu, Sep 15, 2016 at 11:01:36PM +0630, Mathieu Ploton: > > The problem is that the output comes too fast. > > > > With clogin, I have to wait a few sec for the ssh connection to be > > authentified. > > With urancid, the error message comes instantly. So it does not even try > to > > connect. > > > > On Sep 15, 2016 10:13 PM, "heasley" wrote: > > > > > Wed, Sep 14, 2016 at 10:47:40PM -0700, Mathieu P: > > > > Hello, > > > > > > > > > > > > > > > > I am trying to backup my Ubiquiti AirOS devices with rancid on > Centos 6. > > > I edited rancid-fe and downloaded urancid from > > > https://github.com/dotwaffle/rancid-git/tree/master/bin > > > > > > > > > > > However when I try to launch urancid: > > > > > > > > [rancid at localhost bin]$ ./urancid -f ../.cloginrc 192.168.251.21 > > -f arg is probably not what you think it is. > > > > > ../.cloginrc: missed cmd(s): sort /tmp/system.cfg > > > > > > > > ../.cloginrc: End of run not found > > > > > > > > # > > > > > > when this occurs, the most likely problem is that the function handling > > > the preceeding command ate more of the output than it should have. > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From r.engehausen at gmail.com Fri Sep 16 05:04:11 2016 From: r.engehausen at gmail.com (Roy) Date: Thu, 15 Sep 2016 22:04:11 -0700 Subject: [rancid] Urancid missed cmd(s): sort /tmp/system.cfg In-Reply-To: References: <1572c62e415.106d0ce448788.7155601970060360284@zoho.com> <20160915154332.GH29287@shrubbery.net> <20160915211017.GK32425@shrubbery.net> Message-ID: <56a056a0-e907-cd99-f533-25c755d10171@gmail.com> An HTML attachment was scrubbed... URL: From r.engehausen at gmail.com Fri Sep 16 04:21:55 2016 From: r.engehausen at gmail.com (Roy) Date: Thu, 15 Sep 2016 21:21:55 -0700 Subject: [rancid] anyone have modules for Ubiquiti or Ironport? In-Reply-To: References: Message-ID: <90c8ef10-f4c0-d6f7-3a8c-7ed06eee6039@gmail.com> I have Ubiquiti but its for an older version of Rancid. Might be a good starting off point to getting Ubiquiti for the current version On 9/15/2016 5:27 PM, Charles T. Brooks wrote: > Google says there used to be rancid support for the Cisco Ironport family of devices (but all the links it returns are dead) and I see at least one of the rancid forks supports Ubiqiti. > > I'd prefer to stick with Mr. Heasley's mainstream, and I'm willing to build my own modules, but I figured I'd ask here first. Does anyone have ironport or ubiqiti devices they are successfully monitoring with rancid, and if so, can you tell me how you did it? > > Thanks! > --Charlie > ------------------ CONFIDENTIALITY NOTICE --------------- > > This message, including any attachments, is for the sole use of the > intended recipient(s) and may contain privileged confidential information > protected by law. Any unauthorized review, use, disclosure or distribution > of this message is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of this message. > > ------------------ CONFIDENTIALITY NOTICE --------------- > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > From mploton at gmail.com Fri Sep 16 05:41:05 2016 From: mploton at gmail.com (Mathieu Ploton) Date: Fri, 16 Sep 2016 12:11:05 +0630 Subject: [rancid] Urancid missed cmd(s): sort /tmp/system.cfg In-Reply-To: <56a056a0-e907-cd99-f533-25c755d10171@gmail.com> References: <1572c62e415.106d0ce448788.7155601970060360284@zoho.com> <20160915154332.GH29287@shrubbery.net> <20160915211017.GK32425@shrubbery.net> <56a056a0-e907-cd99-f533-25c755d10171@gmail.com> Message-ID: Problem is solved. It looks like it was a dumb problem of environment variable... On Fri, Sep 16, 2016 at 11:34 AM, Roy wrote: > > > What UBNT device is it? > > > On 9/15/2016 8:30 PM, Mathieu Ploton wrote: > > This is what it does without: > > [root at localhost bin]# ./urancid 192.168.251.21 > 192.168.251.21 /usr/local/rancid/bin/clogin error: Error: password file > (/root/.cloginrc) does not exist > 192.168.251.21: missed cmd(s): sort /tmp/system.cfg > 192.168.251.21: End of run not found > > So I believe -f is being used by clogin properly. > > On Fri, Sep 16, 2016 at 3:40 AM, heasley wrote: > >> Thu, Sep 15, 2016 at 11:01:36PM +0630, Mathieu Ploton: >> > The problem is that the output comes too fast. >> > >> > With clogin, I have to wait a few sec for the ssh connection to be >> > authentified. >> > With urancid, the error message comes instantly. So it does not even >> try to >> > connect. >> > >> > On Sep 15, 2016 10:13 PM, "heasley" wrote: >> > >> > > Wed, Sep 14, 2016 at 10:47:40PM -0700, Mathieu P: >> > > > Hello, >> > > > >> > > > >> > > > >> > > > I am trying to backup my Ubiquiti AirOS devices with rancid on >> Centos 6. >> > > I edited rancid-fe and downloaded urancid from >> > > https://github.com/dotwaffle/rancid-git/tree/master/bin >> > > > >> > > >> > > > However when I try to launch urancid: >> > > > >> > > > [rancid at localhost bin]$ ./urancid -f ../.cloginrc 192.168.251.21 >> >> -f arg is probably not what you think it is. >> >> > > > ../.cloginrc: missed cmd(s): sort /tmp/system.cfg >> > > > >> > > > ../.cloginrc: End of run not found >> > > > >> > > > # >> > > >> > > when this occurs, the most likely problem is that the function >> handling >> > > the preceeding command ate more of the output than it should have. >> > > >> > > >> > > > > _______________________________________________ > Rancid-discuss mailing listRancid-discuss at shrubbery.nethttp://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Sep 16 16:34:23 2016 From: heas at shrubbery.net (heasley) Date: Fri, 16 Sep 2016 16:34:23 +0000 Subject: [rancid] Urancid missed cmd(s): sort /tmp/system.cfg In-Reply-To: References: <1572c62e415.106d0ce448788.7155601970060360284@zoho.com> <20160915154332.GH29287@shrubbery.net> <20160915211017.GK32425@shrubbery.net> Message-ID: <20160916163423.GC61455@shrubbery.net> Fri, Sep 16, 2016 at 10:00:11AM +0630, Mathieu Ploton: > This is what it does without: > > [root at localhost bin]# ./urancid 192.168.251.21 > 192.168.251.21 /usr/local/rancid/bin/clogin error: Error: password file > (/root/.cloginrc) does not exist > 192.168.251.21: missed cmd(s): sort /tmp/system.cfg > 192.168.251.21: End of run not found > > So I believe -f is being used by clogin properly. no, the -f *login is not the same as the -f to *rancid. .cloginrc should located in ~. > On Fri, Sep 16, 2016 at 3:40 AM, heasley wrote: > > > Thu, Sep 15, 2016 at 11:01:36PM +0630, Mathieu Ploton: > > > The problem is that the output comes too fast. > > > > > > With clogin, I have to wait a few sec for the ssh connection to be > > > authentified. > > > With urancid, the error message comes instantly. So it does not even try > > to > > > connect. > > > > > > On Sep 15, 2016 10:13 PM, "heasley" wrote: > > > > > > > Wed, Sep 14, 2016 at 10:47:40PM -0700, Mathieu P: > > > > > Hello, > > > > > > > > > > > > > > > > > > > > I am trying to backup my Ubiquiti AirOS devices with rancid on > > Centos 6. > > > > I edited rancid-fe and downloaded urancid from > > > > https://github.com/dotwaffle/rancid-git/tree/master/bin > > > > > > > > > > > > > > However when I try to launch urancid: > > > > > > > > > > [rancid at localhost bin]$ ./urancid -f ../.cloginrc 192.168.251.21 > > > > -f arg is probably not what you think it is. > > > > > > > ../.cloginrc: missed cmd(s): sort /tmp/system.cfg > > > > > > > > > > ../.cloginrc: End of run not found > > > > > > > > > > # > > > > > > > > when this occurs, the most likely problem is that the function handling > > > > the preceeding command ate more of the output than it should have. > > > > > > > > > > From heas at shrubbery.net Fri Sep 16 16:39:29 2016 From: heas at shrubbery.net (heasley) Date: Fri, 16 Sep 2016 16:39:29 +0000 Subject: [rancid] anyone have modules for Ubiquiti or Ironport? In-Reply-To: <90c8ef10-f4c0-d6f7-3a8c-7ed06eee6039@gmail.com> References: <90c8ef10-f4c0-d6f7-3a8c-7ed06eee6039@gmail.com> Message-ID: <20160916163929.GD61455@shrubbery.net> Thu, Sep 15, 2016 at 09:21:55PM -0700, Roy: > I have Ubiquiti but its for an older version of Rancid. Might be a good > starting off point to getting Ubiquiti for the current version though I *really* would like folks to move to 3.x (and folks to stop offering help to those still on 2.x :) - rancid 3.x can easily support modules written for 2.x. see rancid.types.base(5) and rancid.types.base entries for arbor as an example to configure rancid for this. From heas at shrubbery.net Fri Sep 16 16:53:40 2016 From: heas at shrubbery.net (heasley) Date: Fri, 16 Sep 2016 16:53:40 +0000 Subject: [rancid] anyone have modules for Ubiquiti or Ironport? In-Reply-To: References: Message-ID: <20160916165340.GE61455@shrubbery.net> Fri, Sep 16, 2016 at 12:27:01AM +0000, Charles T. Brooks: > Google says there used to be rancid support for the Cisco Ironport family of devices (but all the links it returns are dead) and I see at least one of the rancid forks supports Ubiqiti. > > I'd prefer to stick with Mr. Heasley's mainstream, and I'm willing to build my own modules, but I figured I'd ask here first. Does anyone have ironport or ubiqiti devices they are successfully monitoring with rancid, and if so, can you tell me how you did it? rancid 3.5.1 has support for at least 2 ubiquity devices. I know nothing about the cisco ironport. S4 of the FAQ provides some clues about adding support for new devices. a script for another device may mostly cover it. From ybenari at varonis.com Sat Sep 17 15:05:52 2016 From: ybenari at varonis.com (Yuval Ben Ari) Date: Sat, 17 Sep 2016 15:05:52 +0000 Subject: [rancid] Adding Junos show configuration | display set in rancid 3.5.1 Message-ID: <7015736327de4c509c28c5b5d7f302e5@ILHRZEXCH20.varonis.com> I am trying to add Junos "show configuration | display set" to juniper devicetype in 3.5.1 like I had before. Based on suggestions here: http://www.shrubbery.net/pipermail/rancid-discuss/2009-October/004320.html But getting the following: $ ./bin/rancid -t myjuniper -d myswitch loadtype: device type myjuniper loadtype: found device type myjuniper in /usr/local/rancid/etc/rancid.types.conf executing jlogin -t 120 -c"show chassis environment;show chassis firmware;show chassis fpc detail;show chassis hardware detail;show chassis hardware models;show chassis routing-engine;show chassis alarms;show system license;show system core-dumps;show version detail;show version invoke-on other-routing-engine;show configuration;show configuration | display set" myswitch [...output trimmed...] HIT COMMAND:rancid at MYSWITCH> show configuration | display set In ShowConfigurationDisplaySet: rancid@ MYSWITCH > show configuration | display set readline() on unopened filehandle INPUT at /usr/local/rancid/lib/rancid/myjunos.pm line 640. Use of uninitialized value $_ in pattern match (m//) at /usr/local/rancid/lib/rancid/myjunos.pm line 136. Use of uninitialized value $_ in pattern match (m//) at /usr/local/rancid/lib/rancid/myjunos.pm line 141. Can someone help? ________________________________ This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Sat Sep 17 15:12:26 2016 From: heas at shrubbery.net (heasley) Date: Sat, 17 Sep 2016 15:12:26 +0000 Subject: [rancid] Adding Junos show configuration | display set in rancid 3.5.1 In-Reply-To: <7015736327de4c509c28c5b5d7f302e5@ILHRZEXCH20.varonis.com> References: <7015736327de4c509c28c5b5d7f302e5@ILHRZEXCH20.varonis.com> Message-ID: <20160917151226.GB89347@shrubbery.net> Sat, Sep 17, 2016 at 03:05:52PM +0000, Yuval Ben Ari: > I am trying to add Junos "show configuration | display set" to juniper devicetype in 3.5.1 like I had before. > Based on suggestions here: http://www.shrubbery.net/pipermail/rancid-discuss/2009-October/004320.html > > But getting the following: > $ ./bin/rancid -t myjuniper -d myswitch > loadtype: device type myjuniper > loadtype: found device type myjuniper in /usr/local/rancid/etc/rancid.types.conf > executing jlogin -t 120 -c"show chassis environment;show chassis firmware;show chassis fpc detail;show chassis hardware detail;show chassis hardware models;show chassis routing-engine;show chassis alarms;show system license;show system core-dumps;show version detail;show version invoke-on other-routing-engine;show configuration;show configuration | display set" myswitch > [...output trimmed...] > HIT COMMAND:rancid at MYSWITCH> show configuration | display set > In ShowConfigurationDisplaySet: rancid@ MYSWITCH > show configuration | display set > readline() on unopened filehandle INPUT at /usr/local/rancid/lib/rancid/myjunos.pm line 640. $INPUT > Use of uninitialized value $_ in pattern match (m//) at /usr/local/rancid/lib/rancid/myjunos.pm line 136. > Use of uninitialized value $_ in pattern match (m//) at /usr/local/rancid/lib/rancid/myjunos.pm line 141. > > Can someone help? From ybenari at varonis.com Sat Sep 17 15:36:40 2016 From: ybenari at varonis.com (Yuval Ben Ari) Date: Sat, 17 Sep 2016 15:36:40 +0000 Subject: [rancid] Adding Junos show configuration | display set in rancid 3.5.1 In-Reply-To: <20160917151226.GB89347@shrubbery.net> References: <7015736327de4c509c28c5b5d7f302e5@ILHRZEXCH20.varonis.com> <20160917151226.GB89347@shrubbery.net> Message-ID: <7437cad437d444cba889ade47573f4b2@ILHRZEXCH20.varonis.com> Thanks! It's working now. Any chance to add this feature to next releases? -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: 17 September 2016 18:12 To: Yuval Ben Ari Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Adding Junos show configuration | display set in rancid 3.5.1 Sat, Sep 17, 2016 at 03:05:52PM +0000, Yuval Ben Ari: > I am trying to add Junos "show configuration | display set" to juniper devicetype in 3.5.1 like I had before. > Based on suggestions here: http://www.shrubbery.net/pipermail/rancid-discuss/2009-October/004320.html > > But getting the following: > $ ./bin/rancid -t myjuniper -d myswitch > loadtype: device type myjuniper > loadtype: found device type myjuniper in /usr/local/rancid/etc/rancid.types.conf > executing jlogin -t 120 -c"show chassis environment;show chassis firmware;show chassis fpc detail;show chassis hardware detail;show chassis hardware models;show chassis routing-engine;show chassis alarms;show system license;show system core-dumps;show version detail;show version invoke-on other-routing-engine;show configuration;show configuration | display set" myswitch > [...output trimmed...] > HIT COMMAND:rancid at MYSWITCH> show configuration | display set > In ShowConfigurationDisplaySet: rancid@ MYSWITCH > show configuration | display set > readline() on unopened filehandle INPUT at /usr/local/rancid/lib/rancid/myjunos.pm line 640. $INPUT > Use of uninitialized value $_ in pattern match (m//) at /usr/local/rancid/lib/rancid/myjunos.pm line 136. > Use of uninitialized value $_ in pattern match (m//) at /usr/local/rancid/lib/rancid/myjunos.pm line 141. > > Can someone help? ________________________________ This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. From Remi.FESSARD at knorr-bremse.com Mon Sep 19 13:14:41 2016 From: Remi.FESSARD at knorr-bremse.com (=?iso-8859-1?Q?FESSARD=2C_R=E9mi?=) Date: Mon, 19 Sep 2016 13:14:41 +0000 Subject: [rancid] Backup HP Switch 2520-24-PoE(J9138A) Message-ID: Hello, I have an issue with the backup of HP Switch 2520-24-PoE(J9138A): It seems that the switch was modified : - ;Image: stamp: - ;Image: /ws/swbuildm/S_rel_hartford_qaoff/code/build/elmo(S_rel_hartford_qaoff) + ;Image: stamp: /ws/swbuildm/S_rel_hartford_qaoff/code/build/elmo(S_rel_hartford_qaoff) And after we received these lines: - ;Image: stamp: /ws/swbuildm/S_rel_hartford_qaoff/code/build/elmo(S_rel_hartford_qaoff) + ;Image: stamp: + ;Image: + /ws/swbuildm/S_rel_hartford_qaoff/code/build/elmo(S_rel_hartford_qaoff + ) But we didn't modify this switch. How can I resolve it ? Thanks in advance, Best regards FESSARD R?mi This transmission is intended solely for the addressee and contains confidential information. If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system. Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Sep 19 15:32:47 2016 From: heas at shrubbery.net (heasley) Date: Mon, 19 Sep 2016 15:32:47 +0000 Subject: [rancid] Backup HP Switch 2520-24-PoE(J9138A) In-Reply-To: References: Message-ID: <20160919153247.GA42452@shrubbery.net> Mon, Sep 19, 2016 at 01:14:41PM +0000, FESSARD, R?mi: > Hello, > > I have an issue with the backup of HP Switch 2520-24-PoE(J9138A): > > It seems that the switch was modified : > > - ;Image: stamp: > - ;Image: /ws/swbuildm/S_rel_hartford_qaoff/code/build/elmo(S_rel_hartford_qaoff) > + ;Image: stamp: /ws/swbuildm/S_rel_hartford_qaoff/code/build/elmo(S_rel_hartford_qaoff) > > And after we received these lines: > > > - ;Image: stamp: /ws/swbuildm/S_rel_hartford_qaoff/code/build/elmo(S_rel_hartford_qaoff) > + ;Image: stamp: > + ;Image: > + /ws/swbuildm/S_rel_hartford_qaoff/code/build/elmo(S_rel_hartford_qaoff > > + ) > > But we didn't modify this switch. > How can I resolve it ? What is the output of show system? From heas at shrubbery.net Mon Sep 19 16:57:16 2016 From: heas at shrubbery.net (heasley) Date: Mon, 19 Sep 2016 16:57:16 +0000 Subject: [rancid] Adding Junos show configuration | display set in rancid 3.5.1 In-Reply-To: <7437cad437d444cba889ade47573f4b2@ILHRZEXCH20.varonis.com> References: <7015736327de4c509c28c5b5d7f302e5@ILHRZEXCH20.varonis.com> <20160917151226.GB89347@shrubbery.net> <7437cad437d444cba889ade47573f4b2@ILHRZEXCH20.varonis.com> Message-ID: <20160919165716.GK42452@shrubbery.net> Sat, Sep 17, 2016 at 03:36:40PM +0000, Yuval Ben Ari: > Thanks! It's working now. > Any chance to add this feature to next releases? I do not think it is necessary and no one has expressed an interest in this before. It is a customization that can just be in your local rancid.types.conf. > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: 17 September 2016 18:12 > To: Yuval Ben Ari > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Adding Junos show configuration | display set in rancid 3.5.1 > > Sat, Sep 17, 2016 at 03:05:52PM +0000, Yuval Ben Ari: > > I am trying to add Junos "show configuration | display set" to juniper devicetype in 3.5.1 like I had before. > > Based on suggestions here: http://www.shrubbery.net/pipermail/rancid-discuss/2009-October/004320.html > > > > But getting the following: > > $ ./bin/rancid -t myjuniper -d myswitch > > loadtype: device type myjuniper > > loadtype: found device type myjuniper in /usr/local/rancid/etc/rancid.types.conf > > executing jlogin -t 120 -c"show chassis environment;show chassis firmware;show chassis fpc detail;show chassis hardware detail;show chassis hardware models;show chassis routing-engine;show chassis alarms;show system license;show system core-dumps;show version detail;show version invoke-on other-routing-engine;show configuration;show configuration | display set" myswitch > > [...output trimmed...] > > HIT COMMAND:rancid at MYSWITCH> show configuration | display set > > In ShowConfigurationDisplaySet: rancid@ MYSWITCH > show configuration | display set > > readline() on unopened filehandle INPUT at /usr/local/rancid/lib/rancid/myjunos.pm line 640. > > $INPUT > > > Use of uninitialized value $_ in pattern match (m//) at /usr/local/rancid/lib/rancid/myjunos.pm line 136. > > Use of uninitialized value $_ in pattern match (m//) at /usr/local/rancid/lib/rancid/myjunos.pm line 141. > > > > Can someone help? > ________________________________ > This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. From ThomisonL at muni.org Tue Sep 20 21:14:02 2016 From: ThomisonL at muni.org (Thomison, Lee) Date: Tue, 20 Sep 2016 13:14:02 -0800 Subject: [rancid] rancid and git? Message-ID: <64A8BC2CA1716B4AA9856038D62E8CD7D3C01CAE16@mlpsmail01.mlp.muniverse.net> Good morning, I understand that there is a fork of rancid for git at dotwaffle, however, I'm a bit confused. The README in the official shrubbery.net package says it supports git, but ./configure says no. I have downloaded the 'official' rancid source from: ftp://ftp.shrubbery.net/pub/rancid/rancid-3.5.1.tar.gz Does it now support git also? In the README in that package is the following: ...maintain CVS (or Subversion or git) controlled copies of router configs. git Code revision system, an alternative to cvs. Use the configure option --with-git to configure for git. However: ./configure -help shows no entry for -with-git. Doing a ./configure -with-git throws a WARNING: unrecognized options -with-git does stock git support git or no? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Sep 20 21:28:45 2016 From: heas at shrubbery.net (heasley) Date: Tue, 20 Sep 2016 21:28:45 +0000 Subject: [rancid] rancid and git? In-Reply-To: <64A8BC2CA1716B4AA9856038D62E8CD7D3C01CAE16@mlpsmail01.mlp.muniverse.net> References: <64A8BC2CA1716B4AA9856038D62E8CD7D3C01CAE16@mlpsmail01.mlp.muniverse.net> Message-ID: <20160920212845.GD77414@shrubbery.net> Tue, Sep 20, 2016 at 01:14:02PM -0800, Thomison, Lee: > Good morning, > > I understand that there is a fork of rancid for git at dotwaffle, however, I'm a bit confused. The README in the official shrubbery.net package says it supports git, but ./configure says no. > > I have downloaded the 'official' rancid source from: > > ftp://ftp.shrubbery.net/pub/rancid/rancid-3.5.1.tar.gz > > Does it now support git also? yes, but the manner in which it is implemented between the two is not the same, iiuc. i think that dotwaffle uses one git repo for the entire set of rancid groups, instead of a git repo per-rancid group. > > > In the README in that package is the following: > > ...maintain CVS (or Subversion or git) controlled copies of router configs. > > git Code revision system, an alternative to cvs. Use the configure > option --with-git to configure for git. > > However: > > ./configure -help > > shows no entry for -with-git. > > Doing a > > ./configure -with-git > > throws a WARNING: unrecognized options -with-git > > does stock git support git or no? > > Thanks! > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From ThomisonL at muni.org Tue Sep 20 21:33:16 2016 From: ThomisonL at muni.org (Thomison, Lee) Date: Tue, 20 Sep 2016 13:33:16 -0800 Subject: [rancid] TYPO: rancid and git? Message-ID: <64A8BC2CA1716B4AA9856038D62E8CD7D3C01CAE17@mlpsmail01.mlp.muniverse.net> From: Thomison, Lee Sent: Tuesday, September 20, 2016 1:14 PM To: 'rancid-discuss at shrubbery.net' Subject: rancid and git? >./configure -with-git >throws a WARNING: unrecognized options -with-git >does stock git support git or no? should read does stock rancid support git or no? If so, what am I missing? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From irishboyabroad at gmail.com Thu Sep 22 23:09:11 2016 From: irishboyabroad at gmail.com (Tom Mccormack) Date: Fri, 23 Sep 2016 09:09:11 +1000 Subject: [rancid] Issue with A10 in version 3.5.1 Message-ID: Hi, We are big fans of rancid in our organisation and recently implemented A10 in our environment I?ve seen that support for A10 was added in version 3.4 with a call for feedback http://www.gossamer-threads.com/lists/rancid/announce/8963 I am testing using the latest version 3.5.1 against an A10 Thunder 1030S device running the latest ACOS software 4.1.0 P4 However theres a problem The problem is the command a10;command;acos::ShowRunningConfig;show running-config all-partitions in the file /usr/local/rancid/etc/rancid.types.base This command is no longer valid and in ACOS 4.x and it has been replaced by a new command show partition-config all I?ve tried replacing the command in the rancid.types.base file but the output of this command includes multiple end statements if there are multiple A10 partitions and it only captures up to the first end eg A10-Active-vMaster[1/1]-gslb:Master#show partition-config all !Current configuration: 3125 bytes !Configuration last updated at 16:53:13 AEST Sat Sep 17 2016 !Configuration last saved at 16:19:24 AEST Sat Sep 17 2016 !64-bit Advanced Core OS (ACOS) version 4.1.0-P4, build 12 (Jul-22-2016,15:49) .... ! end <--------- ! !Current config commit point for partition 0 is 0 & config mode is classical-mode !Current configuration: 1145 bytes !Configuration last updated at 16:53:13 AEST Sat Sep 17 2016 !Configuration last saved at 16:19:24 AEST Sat Sep 17 2016 active-partition DMZ .... ! end <------ ! !Current config commit point for partition 1 is 0 & config mode is classical-mode !Current configuration: 936 bytes !Configuration last updated at 16:53:13 AEST Sat Sep 17 2016 !Configuration last saved at 16:19:24 AEST Sat Sep 17 2016 active-partition Trusted ..... ! end <--------- ! !Current config commit point for partition 2 is 0 & config mode is classical-mode A10-Active-vMaster[1/1]-gslb:Master# I would love to get this working but I don?t have the programming skills to correct this myself ? I'm happy to work with anyone who could ? Thanks in advance Rgds Tom From heas at shrubbery.net Fri Sep 23 04:54:01 2016 From: heas at shrubbery.net (heasley) Date: Fri, 23 Sep 2016 04:54:01 +0000 Subject: [rancid] Issue with A10 in version 3.5.1 In-Reply-To: References: Message-ID: <20160923045401.GK52700@shrubbery.net> Fri, Sep 23, 2016 at 09:09:11AM +1000, Tom Mccormack: > I?ve seen that support for A10 was added in version 3.4 with a call for feedback > > http://www.gossamer-threads.com/lists/rancid/announce/8963 > > I am testing using the latest version 3.5.1 against an A10 Thunder > 1030S device running the latest ACOS software 4.1.0 P4 > > However theres a problem > > The problem is the command > > a10;command;acos::ShowRunningConfig;show running-config all-partitions > > in the file > > /usr/local/rancid/etc/rancid.types.base > > This command is no longer valid and in ACOS 4.x and it has been > replaced by a new command Would you show me the cli of entering this command & the error? > show partition-config all > > I?ve tried replacing the command in the rancid.types.base file but > the output of this command includes multiple end statements if there > are multiple A10 partitions and it only captures up to the first end > eg > > A10-Active-vMaster[1/1]-gslb:Master#show partition-config all > !Current configuration: 3125 bytes > !Configuration last updated at 16:53:13 AEST Sat Sep 17 2016 > !Configuration last saved at 16:19:24 AEST Sat Sep 17 2016 > !64-bit Advanced Core OS (ACOS) version 4.1.0-P4, build 12 (Jul-22-2016,15:49) > .... > ! > end <--------- ! > !Current config commit point for partition 0 is 0 & config mode is > classical-mode > !Current configuration: 1145 bytes > !Configuration last updated at 16:53:13 AEST Sat Sep 17 2016 > !Configuration last saved at 16:19:24 AEST Sat Sep 17 2016 > active-partition DMZ > .... > ! > end <------ ! > !Current config commit point for partition 1 is 0 & config mode is > classical-mode > !Current configuration: 936 bytes > !Configuration last updated at 16:53:13 AEST Sat Sep 17 2016 > !Configuration last saved at 16:19:24 AEST Sat Sep 17 2016 > active-partition Trusted > ..... > ! > end <--------- ! > !Current config commit point for partition 2 is 0 & config mode is > classical-mode > A10-Active-vMaster[1/1]-gslb:Master# Would you show me the complete output w/o removing lines? you are free to obfuscate pwds, names, etc. and please send it as an attachment so that your MUA doesn't mangle it. > I would love to get this working but I don?t have the programming > skills to correct this myself ? > > I'm happy to work with anyone who could ? > > Thanks in advance > > Rgds > Tom From pokui at psg.com Wed Sep 28 22:22:13 2016 From: pokui at psg.com (Patrick Okui) Date: Thu, 29 Sep 2016 01:22:13 +0300 Subject: [rancid] Can clogin prompt for a password? In-Reply-To: <20160906183357.GW52381@shrubbery.net> References: <20160804145855.GA22457@radiological.warningg.com> <20160804160129.GH25149@seti.u-strasbg.fr> <20160804161035.GC22457@radiological.warningg.com> <20160804172945.GK16112@shrubbery.net> <4D3726A1-3978-4353-9D67-F7AA7F2083D8@psg.com> <20160906183357.GW52381@shrubbery.net> Message-ID: <33837266-7F26-4922-9743-83CB9DF6EF7F@psg.com> On 6 Sep 2016, at 21:33 EAT, heasley wrote: > Thu, Sep 01, 2016 at 12:25:09AM +0300, Patrick Okui: >> On 4 Aug 2016, at 20:29 EAT, heasley wrote: >> >>> [ it would be nice if vendors would store ssh keys like junos, so >>> you >>> could use ssh-agent ] >> >> Cisco quietly added support for this some time back. Not sure which >> vendors support/not support this these days. > > isnt this XR only? I rather expected this to ubiquitous across the > industry by now. > Late comment but no. IOS 15 added support for RSA based keys. All you have to do is check for the availability of the `ip ssh pubkey-chain` command, or select ?SSHv2 Enhancements for RSA keys? under the [cisco feature navigator](http://tools.cisco.com/ITDIT/CFN/jsp/by-feature-technology.jsp) To get round the 255 character limit some IOS devices will impose you can just look at the hash of the key with `ssh-keygen -l -f ~/.ssh/id_rsa.pub | awk '{gsub(/:/,"",$2); print $2}'` and use key-hash ssh-rsa instead of asking the router to do that for you. -- patrick -------------- next part -------------- An HTML attachment was scrubbed... URL: From pratik.regmi at subisu.net.np Thu Sep 29 05:07:53 2016 From: pratik.regmi at subisu.net.np (Pratik) Date: Thu, 29 Sep 2016 10:52:53 +0545 Subject: [rancid] configuration pooled but not seen in web Message-ID: Hello All, I see the configuration polled in the server /var/rancid/host/configs but in the web i cannot see it. The Rev. shows only 1.1 !!! Can anybody please help ??? -- Regards, *Pratik Regmi** * -------------- next part -------------- An HTML attachment was scrubbed... URL: From tuwi.dc at gmail.com Thu Sep 29 11:07:34 2016 From: tuwi.dc at gmail.com (Artur D) Date: Thu, 29 Sep 2016 13:07:34 +0200 Subject: [rancid] undefined function - "ios::ShowRun" Message-ID: Hello all, I recently upgraded to the last version of rancid and i started having this issue: *rancid at rancid-srv:~$ rancid -d -t cisco cisco_switch_and_stuff7loadtype: device type ciscoloadtype: found device type cisco in /etc/rancid/rancid.types.baseexecuting clogin -t 90 -c"show running-config" cisco_switch_and_stuff7PROMPT MATCH: * *cisco_switch_and_stuff7#HIT COMMAND:* *cisco_switch_and_stuff7#show running-configcisco_switch_and_stuff7: undefined function - "ios::ShowRun"cisco_switch_and_stuff7: missed cmd(s): all commandscisco_switch_and_stuff7: End of run not foundcisco_switch_and_stuff7: End of run not found!* I checked the ios.pm and in fact that function was missing. Any ideas why that library is missing that particular function ? Thanks in advance, Artur -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Sep 29 17:44:47 2016 From: heas at shrubbery.net (heasley) Date: Thu, 29 Sep 2016 17:44:47 +0000 Subject: [rancid] undefined function - "ios::ShowRun" In-Reply-To: References: Message-ID: <20160929174447.GE51193@shrubbery.net> Thu, Sep 29, 2016 at 01:07:34PM +0200, Artur D: > I recently upgraded to the last version of rancid and i started having this > issue: > > *rancid at rancid-srv:~$ rancid -d -t cisco cisco_switch_and_stuff7loadtype: > device type ciscoloadtype: found device type cisco in > /etc/rancid/rancid.types.baseexecuting clogin -t 90 -c"show running-config" > cisco_switch_and_stuff7PROMPT MATCH: * > *cisco_switch_and_stuff7#HIT COMMAND:* It is running only one command there, so I presume that you have altered rancid.types.base. restore it to the original. > *cisco_switch_and_stuff7#show running-configcisco_switch_and_stuff7: > undefined function - "ios::ShowRun"cisco_switch_and_stuff7: missed cmd(s): > all commandscisco_switch_and_stuff7: End of run not > foundcisco_switch_and_stuff7: End of run not found!* > > I checked the ios.pm and in fact that function was missing. Any ideas why > that library is missing that particular function ? It does not exist in the original.