From david.chapman at pegasus.io Thu Nov 2 16:54:07 2017 From: david.chapman at pegasus.io (David Chapman) Date: Thu, 2 Nov 2017 16:54:07 +0000 Subject: [rancid] Rancid 3.7 and Comware Message-ID: <943C7E72-8098-48F0-9741-ADD209411705@contoso.com> We recently upgraded an old Rancid install and had problems with Comware. I found the new updated plugin for Rancid 3 and I realize this is not supported but wondering if some help could be provided. The issue is one of our comware switches supports exit and quit while most typically only support quit so its not detecting it as a clean run. It errors with ?End of run not found? ---- Except from cmw.pm---- if (/[\]>#]\a?\s*quit/) { #if (/[>#]\s?exit$/) { $clean_run = 1; last; } ----raw file--- # return exit Connection to XXXXXX closed. ---raw file if non affected switch--- return exit ^ % Unrecognized command found at '^' position. quit Connection to YYYYYYY closed. ---Version display version HP Comware Software, Version 7.1.045, Release 2311P05 Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P. HP 5900AF-48XG-4QSFP+ Switch uptime is 89 weeks, 1 day, 17 hours, 17 minutes Last reboot reason : Power on This email, including any attached files, may contain confidential and privileged information. If you received this communication in error, please contact the sender by reply e-mail and delete all copies of this message. From david.chapman at pegasus.io Thu Nov 2 17:21:38 2017 From: david.chapman at pegasus.io (David Chapman) Date: Thu, 2 Nov 2017 17:21:38 +0000 Subject: [rancid] Rancid 3.7 and Comware Message-ID: <81841784-90FE-479F-8B84-FC83F8BBC8D8@pegasus.io> I think I was able to trace it down to this line of code. Maybe extra code? I?m not too familiar with TCL but my platform is set to cmw or blank and it still hits the exit-bad. I changed ?exit? to ?exit-bad? for debugging. Should that if statement be gone completely? --- cmwlogin if { [string compare "extreme" "$platform"] } { send -h "exit-bad\r" } else { send -h "quit\r" } expect { -re "^\[^\n\r *]*$reprompt" { # the Cisco CE and Jnx ERX # return to non-enabled mode # on exit in enabled mode. send -h "$exitcmd\r" exp_continue; } This email, including any attached files, may contain confidential and privileged information. If you received this communication in error, please contact the sender by reply e-mail and delete all copies of this message. From heas at shrubbery.net Thu Nov 2 21:03:58 2017 From: heas at shrubbery.net (heasley) Date: Thu, 2 Nov 2017 21:03:58 +0000 Subject: [rancid] Rancid 3.7 and Comware In-Reply-To: <943C7E72-8098-48F0-9741-ADD209411705@contoso.com> References: <943C7E72-8098-48F0-9741-ADD209411705@contoso.com> Message-ID: <20171102210358.GB60067@shrubbery.net> Thu, Nov 02, 2017 at 04:54:07PM +0000, David Chapman: > We recently upgraded an old Rancid install and had problems with Comware. I found the new updated plugin for Rancid 3 and I realize this is not supported but wondering if some help could be provided. > > The issue is one of our comware switches supports exit and quit while most typically only support quit so its not detecting it as a clean run. It errors with ?End of run not found? > > > ---- Except from cmw.pm---- > if (/[\]>#]\a?\s*quit/) { > #if (/[>#]\s?exit$/) { #if (/[>#]\s?(quit|exit)$/) { > $clean_run = 1; > last; > } > ----raw file--- > # > return > exit > Connection to XXXXXX closed. > > ---raw file if non affected switch--- > > return > exit > ^ > % Unrecognized command found at '^' position. > quit > Connection to YYYYYYY closed. > > ---Version > > display version > HP Comware Software, Version 7.1.045, Release 2311P05 > Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P. > HP 5900AF-48XG-4QSFP+ Switch uptime is 89 weeks, 1 day, 17 hours, 17 minutes > Last reboot reason : Power on > > > This email, including any attached files, may contain confidential and privileged information. If you received this communication in error, please contact the sender by reply e-mail and delete all copies of this message. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Mon Nov 6 21:57:57 2017 From: heas at shrubbery.net (heasley) Date: Mon, 6 Nov 2017 21:57:57 +0000 Subject: [rancid] Collaborative development for rancid (e.g. git / github) In-Reply-To: <20170511175246.GL7377@shrubbery.net> References: <1423237280.15902.16.camel@seaknight.telkomsa.net> <20170511175246.GL7377@shrubbery.net> Message-ID: <20171106215757.GA9550@shrubbery.net> Thu, May 11, 2017 at 05:52:46PM +0000, heasley: > Tue, May 02, 2017 at 05:52:42PM +0100, Alex DEKKER: > > On 06/02/15 15:41, Buchan Milne wrote: > > > Wouldn't it make sense to have a public repo for rancid, preferably git, > > > and if there is no other infrastructure planned, github is probably the > > > easiest. > > > > Did this ever get anywhere? I want to work on adding a new device type > > and would like to start with the latest source. > > > > alexd > > We have decided, today, that we will make available an interface to the > repo. I first need to separate some proprietary info from the repo that > can not be made public. > > We need to decided which method is easiest for us; it will either be an > interface to the svn repo, to which git has a builtin "bridge" as git > calls it in the docs, or i'll push to github on a regular basis. I tried doing this by checkout with git svn from the canonical repo and pushing to github, but this had some unpleasant side-effects that did not seem easily resolved (and I dont have time to screw with this endlessly) and ultimitely I expect would just create grief if we switched to git later. I could push the trunk only to github (no tags, no branches), if enough folk are interested. The svn dav is available here: dev head: http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid release tags: http://rancid.shrubbery.net/rancid/svn/rancid/tags If you must have your git, you can use git svn against the svn dav; eg: git svn clone http://rancid.shrubbery.net/rancid/svn/rancid If we migrate the repo to git in the future, we'll push to github. From daniel.schmidt at wyo.gov Tue Nov 7 16:39:52 2017 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 7 Nov 2017 09:39:52 -0700 Subject: [rancid] rancid support for Brocade Fabric OS In-Reply-To: <20160217130410.GA55823@shrubbery.net> References: <20160128004808.GH63800@shrubbery.net> <736C3AA4541A56418A535328BDC357590100F883FA@ATC1.corp.aechelon.com> <20160128013022.GL63800@shrubbery.net> <736C3AA4541A56418A535328BDC357590100F98F8A@ATC1.corp.aechelon.com> <20160128193339.GJ1520@shrubbery.net> <56AB3B79.7030108@thingy.com> <736C3AA4541A56418A535328BDC357590100FA1354@ATC1.corp.aechelon.com> <642FAF39868FD54A909CBFC1DD8F61A70D6DF3C1@SJCPEX01CL02.citrite.net> <20160217102127.GA52532@shrubbery.net> <56C44EB9.4080402@thingy.com> <20160217130410.GA55823@shrubbery.net> Message-ID: I suddenly have acquired an interest in this. Is anybody using it in 3.7? Thank you for your time. On Wed, Feb 17, 2016 at 6:04 AM, heasley wrote: > Wed, Feb 17, 2016 at 10:43:05AM +0000, Howard Jones: > > Brocade bought Foundry, so they have FabricOS/FabOS for their own > > traditional SAN Switches (silkworm etc), plus the Foundry OS (Ironware?) > > which is a lot like ios. They also recently bought Vyatta, which has its > > own config style. > > > > IMHO vendor names are not a good choice for device types - 'cisco' is > > really 'ios', not css/arrowpoint, or nxos, or iosxr, or catos. Those are > > all supported, but sometimes only if you know which vendor bought which > > 10 years ago... same sort of thing for companies like Dell and HP where > > it's not even different ranges with different OS - some HP is comware > > and some is procurve-classic, all in the Procurve range, as far as I can > > see. Juniper SSG is another - 'netscreen' isn't in the product name or > > company name anymore. > > i'm happy to rename the foundry scripts and convert them to the rancid > 3.0-style; but someone will have to help test as I no longer have this > equipment. > > the brocadelogin script folks sent to me looks like a mix of flogin and > clogin. If i've coalesced all the comments together, that script works > for fabricos & ironware (at least some versions thereof). Do I have this > right? > > but the brocaderancid script is for fabricos, given the command set? > > {'chassisShow' => 'ChassisShow'}, > {'firmwareShow' => 'FirmwareShow'}, > {'version' => 'FirmwareShow'}, > {'zoneshow' => 'FirmwareShow'}, > {'portcfgshow' => 'FirmwareShow'}, > #{'fosConfig --show' => 'Fosconfig'}, > {'ipAddrShow' => 'IpAddrShow'}, > {'licenseShow' => 'LicenseShow'}, > {'domainsShow' => 'DomainsShow'}, > {'configupload -force -all -l config.txt' => 'ConfigShow'}, > {'configShow -l config.txt' => 'ConfigShow'} > > and, i received scripts from another user today that I have not looked > through yet. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmourani at gmail.com Thu Nov 9 18:09:32 2017 From: gmourani at gmail.com (Gerhard Mourani) Date: Thu, 9 Nov 2017 13:09:32 -0500 Subject: [rancid] Dell PowerConnect 7048 Message-ID: Hello, I'm using rancid 3.7 to backup a Dell PowerConnect 7048 with success. However, with the 70xx series, every time the power watts status of the device change, a backup is taken. see an example bellow: Index: configs/192.168.1.xx =================================================================== retrieving revision 1.169 diff -U 4 -r1.169 192.168.1.xx @@ -54,15 +54,15 @@ ! Unit Description Status Average Current Since ! Power Power Date/Time ! (Watts) (Watts) ! ---- ----------- ----------- ---------- -------- ------------------- - ! 1 System OK 2.2 67.0 + ! 1 System OK 0.3 67.0 ! 1 Internal OK N/A N/A 10/05/2017 20:18:35 ! 1 Redundant No Power - ! 2 System OK 1.7 68.8 + ! 2 System OK 2.7 68.8 ! 2 Internal OK N/A N/A 10/05/2017 20:18:35 ! 2 Redundant No Power - ! 3 System OK 1.1 70.6 + ! 3 System OK 2.1 70.6 ! 3 Internal OK N/A N/A 10/05/2017 20:18:23 ! 3 Redundant No Power ! USB Port Power Status: ! ---------------------- From david.chapman at pegasus.io Thu Nov 9 18:31:29 2017 From: david.chapman at pegasus.io (David Chapman) Date: Thu, 9 Nov 2017 18:31:29 +0000 Subject: [rancid] Dell PowerConnect 7048 In-Reply-To: References: Message-ID: <474020D0-21EE-4A89-AA62-E40DB2977543@pegasus.io> You may need to modify or create a new definition that doesn?t pull the power readings like that. I had to do this with the nx-os for Fiber channel switches that had a flash area that regularly changed. This email, including any attached files, may contain confidential and privileged information. If you received this communication in error, please contact the sender by reply e-mail and delete all copies of this message. From gmourani at gmail.com Thu Nov 9 21:16:28 2017 From: gmourani at gmail.com (Gerhard Mourani) Date: Thu, 9 Nov 2017 16:16:28 -0500 Subject: [rancid] Dell PowerConnect 7048 In-Reply-To: <474020D0-21EE-4A89-AA62-E40DB2977543@pegasus.io> References: <474020D0-21EE-4A89-AA62-E40DB2977543@pegasus.io> Message-ID: <911481FC-6846-4A06-950E-FD2E666D9F43@gmail.com> Cool, but how to do this ? > On Nov 9, 2017, at 1:31 PM, David Chapman wrote: > > You may need to modify or create a new definition that doesn?t pull the power readings like that. I had to do this with the nx-os for Fiber channel switches that had a flash area that regularly changed. > > > This email, including any attached files, may contain confidential and privileged information. If you received this communication in error, please contact the sender by reply e-mail and delete all copies of this message. From david.chapman at pegasus.io Thu Nov 9 21:21:08 2017 From: david.chapman at pegasus.io (David Chapman) Date: Thu, 9 Nov 2017 21:21:08 +0000 Subject: [rancid] Dell PowerConnect 7048 In-Reply-To: <911481FC-6846-4A06-950E-FD2E666D9F43@gmail.com> References: <474020D0-21EE-4A89-AA62-E40DB2977543@pegasus.io> <911481FC-6846-4A06-950E-FD2E666D9F43@gmail.com> Message-ID: <64E63BA3-CFCD-47A8-947F-2D7B889E2C4B@pegasus.io> You will most likely need to edit the rancid.types.base or rancid.types.conf and remove the line that correlates to your platform that you?ve identified in your router.db I am not too familiar with the Powerconnects or the Rancid config for them or I would be able to be more help. For Nexus I removed the following line from the rancid.types.base as an example cisco-nx;command;nxos::DirSlotN;dir debug: This email, including any attached files, may contain confidential and privileged information. If you received this communication in error, please contact the sender by reply e-mail and delete all copies of this message. From ywillaime at gmail.com Tue Nov 21 13:29:23 2017 From: ywillaime at gmail.com (Yann Willaime) Date: Tue, 21 Nov 2017 05:29:23 -0800 (PST) Subject: [rancid] RANCID (DEBIAN) and Juniper SSG20 Firewalls Message-ID: Hi everyone, I'm trying to get rancid to work with Juniper SSG20 firewalls. I've been using Rancid for ages with Cisco devices, never had any nasty surprises, but this time, I have a hard time configuring it right. */ router.db is like : *XX.XX.XX.XX:juniper:up* The log file diplays : *ERROR: XX.XX.XX.XX configuration appears truncated.XX.XX.XX.XX : End of run not found ^-------unknown keyword show*For the moment, *I *don't have any clues as to why this happens. Any help would be gretly appreciated. Thanks in advance *.*Yann. -------------- next part -------------- An HTML attachment was scrubbed... URL: From erikm at buh.org Tue Nov 21 18:44:50 2017 From: erikm at buh.org (Erik Muller) Date: Tue, 21 Nov 2017 13:44:50 -0500 Subject: [rancid] RANCID (DEBIAN) and Juniper SSG20 Firewalls In-Reply-To: References: Message-ID: <315b8630-d430-1ebe-234e-64d94a4ae39a@buh.org> On 11/21/17 8:29 , Yann Willaime wrote: > Hi everyone, > I'm trying to get rancid to work with Juniper SSG20 firewalls. > I've been using Rancid for ages with Cisco devices, never had any nasty > surprises, but this time, I have a hard time configuring it right. > > */ router.db is like : > /*XX.XX.XX.XX:juniper:up*/ IIRC, SSGs are the old screenOS devices, and need a device type of "netscreen" rather than "juniper". hth, -e From dan.w.anderson at gmail.com Tue Nov 21 18:49:46 2017 From: dan.w.anderson at gmail.com (Dan Anderson) Date: Tue, 21 Nov 2017 18:49:46 +0000 Subject: [rancid] RANCID (DEBIAN) and Juniper SSG20 Firewalls In-Reply-To: <315b8630-d430-1ebe-234e-64d94a4ae39a@buh.org> References: <315b8630-d430-1ebe-234e-64d94a4ae39a@buh.org> Message-ID: I would also strongly recommend upgrading to a recent version of RANCID. Based on your router.db format, you?re using a very old version. On Tue, Nov 21, 2017 at 1:45 PM Erik Muller wrote: > On 11/21/17 8:29 , Yann Willaime wrote: > > Hi everyone, > > I'm trying to get rancid to work with Juniper SSG20 firewalls. > > I've been using Rancid for ages with Cisco devices, never had any nasty > > surprises, but this time, I have a hard time configuring it right. > > > > */ router.db is like : > > /*XX.XX.XX.XX:juniper:up*/ > > IIRC, SSGs are the old screenOS devices, and need a device type of > "netscreen" rather than "juniper". > > hth, > -e > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From ywillaime at gmail.com Wed Nov 22 12:31:53 2017 From: ywillaime at gmail.com (Yann Willaime) Date: Wed, 22 Nov 2017 04:31:53 -0800 (PST) Subject: [rancid] cvsweb issue Message-ID: <77470459-fdbd-4f04-a153-70d83238cc91@googlegroups.com> Hi everyone, Now rancid works fine, I have the config files and no errors on rancid logs. Now I'm trying to setup cvsweb correctly in order to provide a GUI for exploitation teams. cvsweb.conf looks like this : *@CVSrepositories = (# 'local' => ['Local Repository', '/var/lib/cvs'], 'FIREWALLS' => ['FIREWALLS', '/home/rancid/var/rancid/CVS'],*But when accessing http://XX.XX.XX.XX/cgi-bin/cvsweb/ with a browser, I get the usual CVS webpage, but with no folders or files whatsoever. apache user (www-data) and rancid are part of the same group (rancid), I even changed the rights for all the CVS folder and it's subfolders. Again, I think I lack the system skills in order to diagnose this thoroughly, I analysed logs, followed best practices, now I'm stuck. Thanks in advance. Yann. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Auto Generated Inline Image 1 Type: image/png Size: 38379 bytes Desc: not available URL: From ywillaime at gmail.com Wed Nov 22 12:50:07 2017 From: ywillaime at gmail.com (Yann Willaime) Date: Wed, 22 Nov 2017 04:50:07 -0800 (PST) Subject: [rancid] cvsweb issue In-Reply-To: <77470459-fdbd-4f04-a153-70d83238cc91@googlegroups.com> References: <77470459-fdbd-4f04-a153-70d83238cc91@googlegroups.com> Message-ID: <266296bf-dfd4-448b-8179-99702d163d95@googlegroups.com> Guys, no need to bother searching, this was a rights issue, apparently, rancid base folder need to be set to drwxrwxr-x Now I cans see my folders. Le mercredi 22 novembre 2017 13:31:53 UTC+1, Yann Willaime a ?crit : > > Hi everyone, > Now rancid works fine, I have the config files and no errors on rancid > logs. > Now I'm trying to setup cvsweb correctly in order to provide a GUI for > exploitation teams. > > cvsweb.conf looks like this : > > > > > > > *@CVSrepositories = (# 'local' => ['Local Repository', > '/var/lib/cvs'], 'FIREWALLS' => ['FIREWALLS', > '/home/rancid/var/rancid/CVS'],*But when accessing > http://XX.XX.XX.XX/cgi-bin/cvsweb/ with a browser, I get the usual CVS > webpage, but with no folders or files whatsoever. > > apache user (www-data) and rancid are part of the same group (rancid), I > even changed the rights for all the CVS folder and it's subfolders. > > Again, I think I lack the system skills in order to diagnose this > thoroughly, I analysed logs, followed best practices, now I'm stuck. > Thanks in advance. > Yann. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From will.lampen at affiniti.com Wed Nov 22 21:43:43 2017 From: will.lampen at affiniti.com (Will Lampen) Date: Wed, 22 Nov 2017 21:43:43 +0000 Subject: [rancid] Support for Ciena Message-ID: I have several different models of ciena switches and wanted to know if there is some official support of someone has created the scripting to support this Vendor. Thanks Will Lampen -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Nov 22 22:20:09 2017 From: heas at shrubbery.net (heasley) Date: Wed, 22 Nov 2017 22:20:09 +0000 Subject: [rancid] Support for Ciena In-Reply-To: References: Message-ID: <20171122222009.GK96388@shrubbery.net> Wed, Nov 22, 2017 at 09:43:43PM +0000, Will Lampen: > I have several different models of ciena switches and wanted to know if there is some official support of someone has created the scripting to support this Vendor. ciena waveserver support is in 3.7. From gmourani at gmail.com Thu Nov 23 15:33:44 2017 From: gmourani at gmail.com (Gerhard Mourani) Date: Thu, 23 Nov 2017 10:33:44 -0500 Subject: [rancid] Fortigate OSPF MD5 key again Message-ID: <66651606-AF53-43A4-BBB2-3223B8EB6BC5@gmail.com> Hello, In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output: @@ -44723,9 +44723,9 @@ unset md5-key unset md5-key unset md5-key unset md5-key - set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az" + set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW" unset md5-key unset md5-key unset md5-key unset md5-key Gerhard, -------------- next part -------------- An HTML attachment was scrubbed... URL: From randy at psg.com Mon Nov 27 02:35:56 2017 From: randy at psg.com (Randy Bush) Date: Mon, 27 Nov 2017 11:35:56 +0900 Subject: [rancid] edgerouter lite Message-ID: i have googled a bit and have yet to find clue for using rancid with a ubiquiti edgerouter lite. anyone with a clue bat? randy From merijn at trans-ix.nl Mon Nov 27 06:16:43 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Mon, 27 Nov 2017 06:16:43 +0000 Subject: [rancid] edgerouter lite In-Reply-To: References: Message-ID: <4FCC8C68-BFD2-4246-9E52-D6B5E9047861@trans-ix.nl> Hi Randy, This post should be what you are looking for. https://community.ubnt.com/t5/EdgeSwitch/Rancid-backup-of-EdgeSwitch/td-p/1923625 Met vriendelijke groet, Merijn Evertse Op 27 nov. 2017 om 03:36 heeft Randy Bush > het volgende geschreven: i have googled a bit and have yet to find clue for using rancid with a ubiquiti edgerouter lite. anyone with a clue bat? randy _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Nov 27 06:20:00 2017 From: heas at shrubbery.net (heasley) Date: Mon, 27 Nov 2017 06:20:00 +0000 Subject: [rancid] edgerouter lite In-Reply-To: References: Message-ID: <20171127061959.GB34634@shrubbery.net> Mon, Nov 27, 2017 at 11:35:56AM +0900, Randy Bush: > i have googled a bit and have yet to find clue for using rancid with a > ubiquiti edgerouter lite. anyone with a clue bat? a 1x4; I'm not that familiar with ubnt products. there are two device types (3 really) in rancid for them; 1 edgemax and 2 edgerouter (2 flavors of these). perhaps try one of these? I'm not sure how similar edgerouter lite is to edgerouter; I thought it was just an edgerouter with less h/w (mem & ports). Clemens would know. From randy at psg.com Mon Nov 27 06:54:03 2017 From: randy at psg.com (Randy Bush) Date: Mon, 27 Nov 2017 15:54:03 +0900 Subject: [rancid] edgerouter lite In-Reply-To: <20171127061959.GB34634@shrubbery.net> References: <20171127061959.GB34634@shrubbery.net> Message-ID: it looka to actually be an edgerouterx, which is ubntsw i have been told. but it has yet to succeed. it seems insistent on a password in .cloginrc, when login is key based. randy From merijn at trans-ix.nl Mon Nov 27 07:37:01 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Mon, 27 Nov 2017 07:37:01 +0000 Subject: [rancid] edgerouter lite In-Reply-To: <20171127061959.GB34634@shrubbery.net> References: , <20171127061959.GB34634@shrubbery.net> Message-ID: <9FE03C5E-E1B8-4E9E-8A71-4C2983E2F595@trans-ix.nl> Hi, Exactly like you say. So sorry Randy. Edgerouter type is better. Edgeswith and edgerouter are both edgeOS. Met vriendelijke groet, Merijn Evertse Op 27 nov. 2017 om 07:20 heeft heasley > het volgende geschreven: Mon, Nov 27, 2017 at 11:35:56AM +0900, Randy Bush: i have googled a bit and have yet to find clue for using rancid with a ubiquiti edgerouter lite. anyone with a clue bat? a 1x4; I'm not that familiar with ubnt products. there are two device types (3 really) in rancid for them; 1 edgemax and 2 edgerouter (2 flavors of these). perhaps try one of these? I'm not sure how similar edgerouter lite is to edgerouter; I thought it was just an edgerouter with less h/w (mem & ports). Clemens would know. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Nov 28 16:18:21 2017 From: heas at shrubbery.net (heasley) Date: Tue, 28 Nov 2017 16:18:21 +0000 Subject: [rancid] edgerouter lite In-Reply-To: References: <20171127061959.GB34634@shrubbery.net> Message-ID: <20171128161820.GH55033@shrubbery.net> Mon, Nov 27, 2017 at 03:54:03PM +0900, Randy Bush: > it looka to actually be an edgerouterx, which is ubntsw i have been > told. but it has yet to succeed. it seems insistent on a password > in .cloginrc, when login is key based. > > randy it does; uses it as fallback. sepcify an empty one if you wish. From heas at shrubbery.net Tue Nov 28 16:34:07 2017 From: heas at shrubbery.net (heasley) Date: Tue, 28 Nov 2017 16:34:07 +0000 Subject: [rancid] Fortigate OSPF MD5 key again In-Reply-To: <20171128163317.CAF19BA966@sea.shrubbery.net> <66651606-AF53-43A4-BBB2-3223B8EB6BC5@gmail.com> Message-ID: <20171128163406.GJ55033@shrubbery.net> Thu, Nov 23, 2017 at 10:33:44AM -0500, Gerhard Mourani: > > Hello, > > In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html > > This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output: > > @@ -44723,9 +44723,9 @@ > unset md5-key > unset md5-key > unset md5-key > unset md5-key > - set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az" > + set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW" > unset md5-key > unset md5-key > unset md5-key > unset md5-key > > Gerhard, Does this work? Index: bin/fnrancid.in =================================================================== --- bin/fnrancid.in (revision 3734) +++ bin/fnrancid.in (working copy) @@ -248,7 +248,7 @@ next; } # filter ospf md5-keys - if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) { + if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) { ProcessHistory("","","","#$1 md5-key $2 \n"); next; } From gmourani at gmail.com Tue Nov 28 19:45:39 2017 From: gmourani at gmail.com (Gerhard Mourani) Date: Tue, 28 Nov 2017 14:45:39 -0500 Subject: [rancid] Cisco Small Business & Rancid 3.7 Message-ID: <82EE4346-D079-4B42-814C-C5F82469659D@gmail.com> Hello, I would like to know if the latest version of Rancid 3.7 now support Cisco Small Business series (SB) or we still have to apply the rancid-cisco-sb add -> https://github.com/chrpinedo/rancid-cisco-sb ? Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmourani at gmail.com Tue Nov 28 19:42:46 2017 From: gmourani at gmail.com (Gerhard Mourani) Date: Tue, 28 Nov 2017 14:42:46 -0500 Subject: [rancid] Fortigate OSPF MD5 key again In-Reply-To: <20171128163406.GJ55033@shrubbery.net> References: <20171128163406.GJ55033@shrubbery.net> Message-ID: <352C1024-492A-41EA-B51A-F65D302D3AC1@gmail.com> Hello, I've relocated the ospf md5-keys filter definition before the rsa filter and this make it work. @@ -224,7 +228,11 @@ ProcessHistory("","","","#$1 last-login \n"); next; } - + # filter ospf md5-keys + if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) { + ProcessHistory("","","","#$1 md5-key $2 \n"); + next; + } # filter cycling RSA private keys if ($filter_osc && /^\s*set private-key "-----BEGIN (RSA|ENCRYPTED) PRIVATE KEY-----/) { @@ -247,11 +255,6 @@ ProcessHistory("ENC","","","#$1 ENC $4\n"); next; } - # filter ospf md5-keys - if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) { - ProcessHistory("","","","#$1 md5-key $2 \n"); - next; - } ProcessHistory("","","","$_"); } > On Nov 28, 2017, at 11:34 AM, heasley wrote: > > Thu, Nov 23, 2017 at 10:33:44AM -0500, Gerhard Mourani: >> >> Hello, >> >> In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html >> >> This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output: >> >> @@ -44723,9 +44723,9 @@ >> unset md5-key >> unset md5-key >> unset md5-key >> unset md5-key >> - set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az" >> + set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW" >> unset md5-key >> unset md5-key >> unset md5-key >> unset md5-key >> >> Gerhard, > > Does this work? > > Index: bin/fnrancid.in > =================================================================== > --- bin/fnrancid.in (revision 3734) > +++ bin/fnrancid.in (working copy) > @@ -248,7 +248,7 @@ > next; > } > # filter ospf md5-keys > - if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) { > + if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) { > ProcessHistory("","","","#$1 md5-key $2 \n"); > next; > } > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Nov 28 19:59:35 2017 From: heas at shrubbery.net (heasley) Date: Tue, 28 Nov 2017 19:59:35 +0000 Subject: [rancid] Fortigate OSPF MD5 key again In-Reply-To: <352C1024-492A-41EA-B51A-F65D302D3AC1@gmail.com> References: <20171128163406.GJ55033@shrubbery.net> <352C1024-492A-41EA-B51A-F65D302D3AC1@gmail.com> Message-ID: <20171128195935.GD22174@shrubbery.net> Tue, Nov 28, 2017 at 02:42:46PM -0500, Gerhard Mourani: > Hello, > > I've relocated the ospf md5-keys filter definition before the rsa filter and this make it work. > > @@ -224,7 +228,11 @@ > ProcessHistory("","","","#$1 last-login \n"); > next; > } > - > + # filter ospf md5-keys > + if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) { > + ProcessHistory("","","","#$1 md5-key $2 \n"); > + next; > + } > # filter cycling RSA private keys > if ($filter_osc && > /^\s*set private-key "-----BEGIN (RSA|ENCRYPTED) PRIVATE KEY-----/) { > @@ -247,11 +255,6 @@ i see; it was matching the filter that was prior to it; line 244. > ProcessHistory("ENC","","","#$1 ENC $4\n"); > next; > } > - # filter ospf md5-keys > - if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) { > - ProcessHistory("","","","#$1 md5-key $2 \n"); > - next; > - } > > ProcessHistory("","","","$_"); > } > > > > On Nov 28, 2017, at 11:34 AM, heasley wrote: > > > > Thu, Nov 23, 2017 at 10:33:44AM -0500, Gerhard Mourani: > >> > >> Hello, > >> > >> In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html > >> > >> This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output: > >> > >> @@ -44723,9 +44723,9 @@ > >> unset md5-key > >> unset md5-key > >> unset md5-key > >> unset md5-key > >> - set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az" > >> + set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW" > >> unset md5-key > >> unset md5-key > >> unset md5-key > >> unset md5-key > >> > >> Gerhard, > > > > Does this work? > > > > Index: bin/fnrancid.in > > =================================================================== > > --- bin/fnrancid.in (revision 3734) > > +++ bin/fnrancid.in (working copy) > > @@ -248,7 +248,7 @@ > > next; > > } > > # filter ospf md5-keys > > - if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) { > > + if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) { > > ProcessHistory("","","","#$1 md5-key $2 \n"); > > next; > > } > > > From heas at shrubbery.net Tue Nov 28 20:04:10 2017 From: heas at shrubbery.net (heasley) Date: Tue, 28 Nov 2017 20:04:10 +0000 Subject: [rancid] Cisco Small Business & Rancid 3.7 In-Reply-To: <82EE4346-D079-4B42-814C-C5F82469659D@gmail.com> References: <82EE4346-D079-4B42-814C-C5F82469659D@gmail.com> Message-ID: <20171128200410.GE22174@shrubbery.net> Tue, Nov 28, 2017 at 02:45:39PM -0500, Gerhard Mourani: > Hello, > > I would like to know if the latest version of Rancid 3.7 now support Cisco Small Business series (SB) or we still have to apply the rancid-cisco-sb add -> https://github.com/chrpinedo/rancid-cisco-sb ? http://shrubbery.net/rancid/CHANGES 3.7.3 ... iossb.pm: Cisco small business rancid module .... From gmourani at gmail.com Tue Nov 28 21:28:06 2017 From: gmourani at gmail.com (Gerhard Mourani) Date: Tue, 28 Nov 2017 16:28:06 -0500 Subject: [rancid] Cisco Small Business & Rancid 3.7 In-Reply-To: <20171128200410.GE22174@shrubbery.net> References: <82EE4346-D079-4B42-814C-C5F82469659D@gmail.com> <20171128200410.GE22174@shrubbery.net> Message-ID: Did you have an entry in rancid.types.conf for csblogin ? > On Nov 28, 2017, at 3:04 PM, heasley wrote: > > Tue, Nov 28, 2017 at 02:45:39PM -0500, Gerhard Mourani: >> Hello, >> >> I would like to know if the latest version of Rancid 3.7 now support Cisco Small Business series (SB) or we still have to apply the rancid-cisco-sb add -> https://github.com/chrpinedo/rancid-cisco-sb ? > > http://shrubbery.net/rancid/CHANGES > 3.7.3 > ... > iossb.pm: Cisco small business rancid module > .... From randy at psg.com Tue Nov 28 22:48:11 2017 From: randy at psg.com (Randy Bush) Date: Wed, 29 Nov 2017 07:48:11 +0900 Subject: [rancid] edgerouter lite In-Reply-To: <20171128161820.GH55033@shrubbery.net> References: <20171127061959.GB34634@shrubbery.net> <20171128161820.GH55033@shrubbery.net> Message-ID: my edgerouter x seems to half work with type `edgerouter` but i get false diffs such as the appended; no changes had been made and the diff is gibberish. i also get a lot of login failures resulting in `config fetcher problems` randy diff --git a/configs/erx-tokyo.rg.net b/configs/erx-tokyo.rg.net index 124225b..c38cde0 100644 - -- a/configs/erx-tokyo.rg.net @@ -1,6 +1,6 @@ #RANCID-CONTENT-TYPE: edgerouter # - #Version: v1.9.7+hotfix.2 + #show hardware cpu^JVersion: v1.9.7+hotfix.2 #Build ID: 5010181 #Build on: 08/18/17 04:12 #HW model: EdgeRouter X 5-Port @@ -22,7 +22,7 @@ # version : 1.302 # # rancid at erx-tokyo:~$cli-shell-api showConfig --show-active-only - lofirewall { + logfirewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable @@ -231,7 +231,7 @@ service { } static-mapping vcisco { ip-address 192.168.0.11 - mac-address 12:34:56:78:90:AB + o mac-address 12:34:56:78:90:AB } static-mapping zw-ipad { ip-address 192.168.0.53 @@ -314,7 +314,7 @@ system { type ssh-rsa } } - g full-name "Randy Bush" + full-name "Randy Bush" level admin } } From spork at bway.net Wed Nov 29 18:46:09 2017 From: spork at bway.net (Charles Sprickman) Date: Wed, 29 Nov 2017 13:46:09 -0500 Subject: [rancid] Adding new group/svn Message-ID: <374934C7-EB6D-44AF-8B3D-AA2DE8B06BE7@bway.net> Hi, I migrated to subversion a year or two ago. Yesterday I wanted to add a new group for some customer equipment. I added the group to rancid.conf (LIST_OF_GROUPS) and then ran ?rancid-cvs? which should autocreate a new directory and add that directory to subversion. The directory was created, but svn keeps throwing errors. Any ideas on what is actually failing? This is rancid 3.5.1 on FreeBSD (from ports). Everything is under ~rancid, including the repo. Here is the initial output from rancid-cvs: [rancid at miko ~]$ /usr/local/libexec/rancid/rancid-cvs -f /usr/local/etc/rancid/rancid.conf svnadmin: E200011: Repository creation failed svnadmin: E200011: Could not create top-level directory svnadmin: E200011: '/home/rancid/SVN' exists and is non-empty svn: E170013: Unable to connect to a repository at URL 'file:///home/rancid/SVN/customer-router' svn: E180001: Unable to open repository 'file:///home/rancid/SVN/customer-router' svn: E170013: Unable to connect to a repository at URL 'file:///home/rancid/SVN/customer-router' svn: E180001: Unable to open repository 'file:///home/rancid/SVN/customer-router' Skipped '.' svn: E155007: None of the targets are working copies svn: E155007: '/home/rancid/customer-router' is not a working copy svn: E155007: '/home/rancid/customer-router/configs' is not a working copy svn: E155007: '/home/rancid/customer-router' is not a working copy svn: E155007: '/home/rancid/customer-router/router.db' is not a working copy [rancid at miko ~]$ Any ideas? All those paths are correct. The existing repo is in /home/rancid/SVN. Another group that?s working is in /home/rancid/routers. Thanks, Charles From gmourani at gmail.com Wed Nov 29 18:55:42 2017 From: gmourani at gmail.com (Gerhard Mourani) Date: Wed, 29 Nov 2017 13:55:42 -0500 Subject: [rancid] DELL PowerConnect 70xx Watts Status Message-ID: Does someone have a solution to avoid this noisy backup in rancid 3.7 for a DELL PowerConnect 70xx series ? Index: configs/192.168.1.13 =================================================================== retrieving revision 1.209 diff -U 4 -r1.209 192.168.1.13 @@ -54,15 +54,15 @@ ! Unit Description Status Average Current Since ! Power Power Date/Time ! (Watts) (Watts) ! ---- ----------- ----------- ---------- -------- ------------------- - ! 1 System OK 0.2 67.0 + ! 1 System OK 0.8 67.0 ! 1 Internal OK N/A N/A 10/05/2017 20:18:35 ! 1 Redundant No Power - ! 2 System OK 0.6 68.8 + ! 2 System OK 1.2 68.8 ! 2 Internal OK N/A N/A 10/05/2017 20:18:35 ! 2 Redundant No Power - ! 3 System OK 0.9 70.6 + ! 3 System OK 1.6 70.6 ! 3 Internal OK N/A N/A 10/05/2017 20:18:23 ! 3 Redundant No Power ! USB Port Power Status: ! ---------------------- From heas at shrubbery.net Wed Nov 29 18:56:22 2017 From: heas at shrubbery.net (heasley) Date: Wed, 29 Nov 2017 18:56:22 +0000 Subject: [rancid] Adding new group/svn In-Reply-To: <374934C7-EB6D-44AF-8B3D-AA2DE8B06BE7@bway.net> References: <374934C7-EB6D-44AF-8B3D-AA2DE8B06BE7@bway.net> Message-ID: <20171129185622.GH44548@shrubbery.net> Wed, Nov 29, 2017 at 01:46:09PM -0500, Charles Sprickman: > Hi, > > I migrated to subversion a year or two ago. > > Yesterday I wanted to add a new group for some customer equipment. > > I added the group to rancid.conf (LIST_OF_GROUPS) and then ran ?rancid-cvs? which should autocreate a new directory and add that directory to subversion. The directory was created, but svn keeps throwing errors. Any ideas on what is actually failing? > > This is rancid 3.5.1 on FreeBSD (from ports). > > Everything is under ~rancid, including the repo. > > Here is the initial output from rancid-cvs: > > [rancid at miko ~]$ /usr/local/libexec/rancid/rancid-cvs -f /usr/local/etc/rancid/rancid.conf > svnadmin: E200011: Repository creation failed > svnadmin: E200011: Could not create top-level directory > svnadmin: E200011: '/home/rancid/SVN' exists and is non-empty i presume premissions or how the migration was done. > svn: E170013: Unable to connect to a repository at URL 'file:///home/rancid/SVN/customer-router' > svn: E180001: Unable to open repository 'file:///home/rancid/SVN/customer-router' > svn: E170013: Unable to connect to a repository at URL 'file:///home/rancid/SVN/customer-router' > svn: E180001: Unable to open repository 'file:///home/rancid/SVN/customer-router' > Skipped '.' > svn: E155007: None of the targets are working copies > svn: E155007: '/home/rancid/customer-router' is not a working copy > svn: E155007: '/home/rancid/customer-router/configs' is not a working copy > svn: E155007: '/home/rancid/customer-router' is not a working copy > svn: E155007: '/home/rancid/customer-router/router.db' is not a working copy > [rancid at miko ~]$ > > Any ideas? All those paths are correct. The existing repo is in /home/rancid/SVN. Another group that?s working is in /home/rancid/routers. > > Thanks, > > Charles > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss