From inbox.mikhail at gmail.com Mon Oct 2 11:30:24 2017 From: inbox.mikhail at gmail.com (Mikhail Ukraintsev) Date: Mon, 2 Oct 2017 14:30:24 +0300 Subject: [rancid] Device without terminal length command Message-ID: Hi All! I have some old cisco-like cli devices (edge-core) that does not have terminal length command, so paging could not be disabled. Are there any workaround for them? -------------- next part -------------- An HTML attachment was scrubbed... URL: From m_zouhairy at skno.by Tue Oct 3 12:22:43 2017 From: m_zouhairy at skno.by (Vacheslav) Date: Tue, 3 Oct 2017 15:22:43 +0300 Subject: [rancid] problem with rancid crontab Message-ID: <007a01d33c42$5030cd40$f09267c0$@skno.by> Peace, I configured crontab as root as such: 0 */6 * * * rancid /usr/bin/rancid-run # Clean out config differ logs5 0 23 * * * rancid /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \ But an error is logged: clogin error: Error: password file (//.cloginrc) does not exist I do not understand what the path // is. The .cloginrc file is in /var/rancid Or is it absolutely necessary to run cron as user rancid? p.s I'm using rancid 3.7 -------------- next part -------------- An HTML attachment was scrubbed... URL: From AGriesser at anexia-it.com Tue Oct 3 13:16:19 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Tue, 3 Oct 2017 13:16:19 +0000 Subject: [rancid] problem with rancid crontab In-Reply-To: <007a01d33c42$5030cd40$f09267c0$@skno.by> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> Message-ID: <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> Hi, You can set the CWD to ~rancid first and then execute "rancid-run", but this is (at least to my experience) not necessary if the home directory for your rancid user iss et properly in /etc/passwd. What does `grep rancid /etc/passwd` return on your system? Is /var/rancid liste das the home directory for this account? Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Vacheslav Gesendet: Dienstag, 3. Oktober 2017 14:23 An: rancid-discuss at shrubbery.net Betreff: [rancid] problem with rancid crontab Peace, I configured crontab as root as such: 0 */6 * * * rancid /usr/bin/rancid-run # Clean out config differ logs5 0 23 * * * rancid /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \ But an error is logged: clogin error: Error: password file (//.cloginrc) does not exist I do not understand what the path // is. The .cloginrc file is in /var/rancid Or is it absolutely necessary to run cron as user rancid? p.s I'm using rancid 3.7 -------------- next part -------------- An HTML attachment was scrubbed... URL: From m_zouhairy at skno.by Tue Oct 3 13:44:54 2017 From: m_zouhairy at skno.by (Vacheslav) Date: Tue, 3 Oct 2017 16:44:54 +0300 Subject: [rancid] problem with rancid crontab In-Reply-To: <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> Message-ID: <008e01d33c4d$cb79ecb0$626dc610$@skno.by> Well if it were properly set, the error would be clear. rancid:x:103:101:added by portage for rancid:/var/rancid:/bin/bash Thanks for the answer. From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:16 PM To: Vacheslav ; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab Hi, You can set the CWD to ~rancid first and then execute ?rancid-run?, but this is (at least to my experience) not necessary if the home directory for your rancid user iss et properly in /etc/passwd. What does `grep rancid /etc/passwd` return on your system? Is /var/rancid liste das the home directory for this account? Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Vacheslav Gesendet: Dienstag, 3. Oktober 2017 14:23 An: rancid-discuss at shrubbery.net Betreff: [rancid] problem with rancid crontab Peace, I configured crontab as root as such: 0 */6 * * * rancid /usr/bin/rancid-run # Clean out config differ logs5 0 23 * * * rancid /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \ But an error is logged: clogin error: Error: password file (//.cloginrc) does not exist I do not understand what the path // is. The .cloginrc file is in /var/rancid Or is it absolutely necessary to run cron as user rancid? p.s I?m using rancid 3.7 -------------- next part -------------- An HTML attachment was scrubbed... URL: From AGriesser at anexia-it.com Tue Oct 3 13:52:48 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Tue, 3 Oct 2017 13:52:48 +0000 Subject: [rancid] problem with rancid crontab In-Reply-To: <008e01d33c4d$cb79ecb0$626dc610$@skno.by> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> Message-ID: <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> I'm not sure if your answer means that the problem is solved now or not; if it isn't, please add the following testscript as a cronjob and check the output: Create the file "/tmp/envtest.sh" with the following content: #!/bin/sh export > /tmp/envtest.log set >> /tmp/envtest.log pwd >> /tmp/envtest.log Save it and run `chmod 755 /tmp/envtest.sh`. Add the following line to your crontab: 0 * * * * rancid /tmp/envtest.sh Wait a minute and check /tmp/envtest.log; you should see the environment and current working directory in the logfile then which might help to diagnose this issue. Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Vacheslav [mailto:m_zouhairy at skno.by] Gesendet: Dienstag, 3. Oktober 2017 15:45 An: Alexander Griesser ; rancid-discuss at shrubbery.net Betreff: RE: [rancid] problem with rancid crontab Well if it were properly set, the error would be clear. rancid:x:103:101:added by portage for rancid:/var/rancid:/bin/bash Thanks for the answer. From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:16 PM To: Vacheslav >; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab Hi, You can set the CWD to ~rancid first and then execute "rancid-run", but this is (at least to my experience) not necessary if the home directory for your rancid user iss et properly in /etc/passwd. What does `grep rancid /etc/passwd` return on your system? Is /var/rancid liste das the home directory for this account? Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Vacheslav Gesendet: Dienstag, 3. Oktober 2017 14:23 An: rancid-discuss at shrubbery.net Betreff: [rancid] problem with rancid crontab Peace, I configured crontab as root as such: 0 */6 * * * rancid /usr/bin/rancid-run # Clean out config differ logs5 0 23 * * * rancid /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \ But an error is logged: clogin error: Error: password file (//.cloginrc) does not exist I do not understand what the path // is. The .cloginrc file is in /var/rancid Or is it absolutely necessary to run cron as user rancid? p.s I'm using rancid 3.7 -------------- next part -------------- An HTML attachment was scrubbed... URL: From m_zouhairy at skno.by Tue Oct 3 14:37:12 2017 From: m_zouhairy at skno.by (Vacheslav) Date: Tue, 3 Oct 2017 17:37:12 +0300 Subject: [rancid] problem with rancid crontab In-Reply-To: <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> Message-ID: <00a201d33c55$197a2b80$4c6e8280$@skno.by> Well it didn?t run because when I su rancid and execute: /root $ /tmp/test.sh bash: /tmp/test.sh: /bin/sh^M: bad interpreter: No such file or directory running: sh /tmp/test.sh produces a log file with the following content: /root How to fix the script? From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:53 PM To: Vacheslav ; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab I?m not sure if your answer means that the problem is solved now or not; if it isn?t, please add the following testscript as a cronjob and check the output: Create the file ?/tmp/envtest.sh? with the following content: #!/bin/sh export > /tmp/envtest.log set >> /tmp/envtest.log pwd >> /tmp/envtest.log Save it and run `chmod 755 /tmp/envtest.sh`. Add the following line to your crontab: 0 * * * * rancid /tmp/envtest.sh Wait a minute and check /tmp/envtest.log; you should see the environment and current working directory in the logfile then which might help to diagnose this issue. Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Vacheslav [mailto:m_zouhairy at skno.by] Gesendet: Dienstag, 3. Oktober 2017 15:45 An: Alexander Griesser >; rancid-discuss at shrubbery.net Betreff: RE: [rancid] problem with rancid crontab Well if it were properly set, the error would be clear. rancid:x:103:101:added by portage for rancid:/var/rancid:/bin/bash Thanks for the answer. From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:16 PM To: Vacheslav >; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab Hi, You can set the CWD to ~rancid first and then execute ?rancid-run?, but this is (at least to my experience) not necessary if the home directory for your rancid user iss et properly in /etc/passwd. What does `grep rancid /etc/passwd` return on your system? Is /var/rancid liste das the home directory for this account? Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Vacheslav Gesendet: Dienstag, 3. Oktober 2017 14:23 An: rancid-discuss at shrubbery.net Betreff: [rancid] problem with rancid crontab Peace, I configured crontab as root as such: 0 */6 * * * rancid /usr/bin/rancid-run # Clean out config differ logs5 0 23 * * * rancid /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \ But an error is logged: clogin error: Error: password file (//.cloginrc) does not exist I do not understand what the path // is. The .cloginrc file is in /var/rancid Or is it absolutely necessary to run cron as user rancid? p.s I?m using rancid 3.7 -------------- next part -------------- An HTML attachment was scrubbed... URL: From cgauthier at comscore.com Tue Oct 3 14:43:55 2017 From: cgauthier at comscore.com (Gauthier, Chris) Date: Tue, 3 Oct 2017 14:43:55 +0000 Subject: [rancid] problem with rancid crontab In-Reply-To: <00a201d33c55$197a2b80$4c6e8280$@skno.by> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> <00a201d33c55$197a2b80$4c6e8280$@skno.by> Message-ID: <396BC53B-6463-4655-9CF7-8524715887E8@comscore.com> I fixed that by running: su ?l ?/tmp/test.sh? rancid The ?-l? says to make it a login shell so the environment variables will load. --Chris Chris GauthierSenior Network Engineer | comScore, Inc. o +1 503-331-2704cgauthier at comscore.com 317 SW Alder St, Suite 500 | Portland | OR97204 ............................................................................................................................................................................................................................ From: Rancid-discuss on behalf of Vacheslav Date: Tuesday, October 3, 2017 at 7:37 AM To: 'Alexander Griesser' , "rancid-discuss at shrubbery.net" Subject: Re: [rancid] problem with rancid crontab Well it didn?t run because when I su rancid and execute: /root $ /tmp/test.sh bash: /tmp/test.sh: /bin/sh^M: bad interpreter: No such file or directory running: sh /tmp/test.sh produces a log file with the following content: /root How to fix the script? From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:53 PM To: Vacheslav ; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab I?m not sure if your answer means that the problem is solved now or not; if it isn?t, please add the following testscript as a cronjob and check the output: Create the file ?/tmp/envtest.sh? with the following content: #!/bin/sh export > /tmp/envtest.log set >> /tmp/envtest.log pwd >> /tmp/envtest.log Save it and run `chmod 755 /tmp/envtest.sh`. Add the following line to your crontab: 0 * * * * rancid /tmp/envtest.sh Wait a minute and check /tmp/envtest.log; you should see the environment and current working directory in the logfile then which might help to diagnose this issue. Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Vacheslav [mailto:m_zouhairy at skno.by] Gesendet: Dienstag, 3. Oktober 2017 15:45 An: Alexander Griesser >; rancid-discuss at shrubbery.net Betreff: RE: [rancid] problem with rancid crontab Well if it were properly set, the error would be clear. rancid:x:103:101:added by portage for rancid:/var/rancid:/bin/bash Thanks for the answer. From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:16 PM To: Vacheslav >; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab Hi, You can set the CWD to ~rancid first and then execute ?rancid-run?, but this is (at least to my experience) not necessary if the home directory for your rancid user iss et properly in /etc/passwd. What does `grep rancid /etc/passwd` return on your system? Is /var/rancid liste das the home directory for this account? Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Vacheslav Gesendet: Dienstag, 3. Oktober 2017 14:23 An: rancid-discuss at shrubbery.net Betreff: [rancid] problem with rancid crontab Peace, I configured crontab as root as such: 0 */6 * * * rancid /usr/bin/rancid-run # Clean out config differ logs5 0 23 * * * rancid /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \ But an error is logged: clogin error: Error: password file (//.cloginrc) does not exist I do not understand what the path // is. The .cloginrc file is in /var/rancid Or is it absolutely necessary to run cron as user rancid? p.s I?m using rancid 3.7 -------------- next part -------------- An HTML attachment was scrubbed... URL: From m_zouhairy at skno.by Tue Oct 3 14:49:22 2017 From: m_zouhairy at skno.by (Vacheslav) Date: Tue, 3 Oct 2017 17:49:22 +0300 Subject: [rancid] problem with rancid crontab In-Reply-To: <396BC53B-6463-4655-9CF7-8524715887E8@comscore.com> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> <00a201d33c55$197a2b80$4c6e8280$@skno.by> <396BC53B-6463-4655-9CF7-8524715887E8@comscore.com> Message-ID: <00b601d33c56$cd216c10$67644430$@skno.by> ~ # su ?l ?/tmp/test.sh? rancid No passwd entry for user '?l' From: Gauthier, Chris [mailto:cgauthier at comscore.com] Sent: Tuesday, October 3, 2017 5:44 PM To: Vacheslav ; 'Alexander Griesser' ; rancid-discuss at shrubbery.net Subject: Re: [rancid] problem with rancid crontab I fixed that by running: su ?l ?/tmp/test.sh? rancid The ?-l? says to make it a login shell so the environment variables will load. --Chris Chris Gauthier Senior Network Engineer | comScore, Inc. o +1 503-331-2704 cgauthier at comscore.com 317 SW Alder St, Suite 500 | Portland | OR 97204 ............................................................................................................................................................................................................................ From: Rancid-discuss > on behalf of Vacheslav > Date: Tuesday, October 3, 2017 at 7:37 AM To: 'Alexander Griesser' >, "rancid-discuss at shrubbery.net " > Subject: Re: [rancid] problem with rancid crontab Well it didn?t run because when I su rancid and execute: /root $ /tmp/test.sh bash: /tmp/test.sh: /bin/sh^M: bad interpreter: No such file or directory running: sh /tmp/test.sh produces a log file with the following content: /root How to fix the script? From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:53 PM To: Vacheslav >; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab I?m not sure if your answer means that the problem is solved now or not; if it isn?t, please add the following testscript as a cronjob and check the output: Create the file ?/tmp/envtest.sh? with the following content: #!/bin/sh export > /tmp/envtest.log set >> /tmp/envtest.log pwd >> /tmp/envtest.log Save it and run `chmod 755 /tmp/envtest.sh`. Add the following line to your crontab: 0 * * * * rancid /tmp/envtest.sh Wait a minute and check /tmp/envtest.log; you should see the environment and current working directory in the logfile then which might help to diagnose this issue. Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Vacheslav [mailto:m_zouhairy at skno.by] Gesendet: Dienstag, 3. Oktober 2017 15:45 An: Alexander Griesser >; rancid-discuss at shrubbery.net Betreff: RE: [rancid] problem with rancid crontab Well if it were properly set, the error would be clear. rancid:x:103:101:added by portage for rancid:/var/rancid:/bin/bash Thanks for the answer. From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:16 PM To: Vacheslav >; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab Hi, You can set the CWD to ~rancid first and then execute ?rancid-run?, but this is (at least to my experience) not necessary if the home directory for your rancid user iss et properly in /etc/passwd. What does `grep rancid /etc/passwd` return on your system? Is /var/rancid liste das the home directory for this account? Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Vacheslav Gesendet: Dienstag, 3. Oktober 2017 14:23 An: rancid-discuss at shrubbery.net Betreff: [rancid] problem with rancid crontab Peace, I configured crontab as root as such: 0 */6 * * * rancid /usr/bin/rancid-run # Clean out config differ logs5 0 23 * * * rancid /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \ But an error is logged: clogin error: Error: password file (//.cloginrc) does not exist I do not understand what the path // is. The .cloginrc file is in /var/rancid Or is it absolutely necessary to run cron as user rancid? p.s I?m using rancid 3.7 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at ale.cx Tue Oct 3 14:52:30 2017 From: rancid at ale.cx (Alex DEKKER) Date: Tue, 3 Oct 2017 15:52:30 +0100 Subject: [rancid] problem with rancid crontab In-Reply-To: <00a201d33c55$197a2b80$4c6e8280$@skno.by> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> <00a201d33c55$197a2b80$4c6e8280$@skno.by> Message-ID: <131560ee-38ed-d60b-f1e4-4b66e4b5bbae@ale.cx> On 03/10/17 15:37, Vacheslav wrote: > > Well it didn?t run because when I su rancid and execute: > /root $ /tmp/test.sh > > bash: /tmp/test.sh: /bin/sh^M: bad interpreter: No such file or directory > > running: sh /tmp/test.sh > > produces ?a log file with the following content: > > /root > > How to fix the script? > If there really is a ^M on the first line of the script then that suggests it was created with "DOS" line endings. What are you using to edit files? I can imagine that unexpected DOS line endings will cause the various components of RANCID to fail in unexpected ways. alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From m_zouhairy at skno.by Tue Oct 3 14:58:50 2017 From: m_zouhairy at skno.by (Vacheslav) Date: Tue, 3 Oct 2017 17:58:50 +0300 Subject: [rancid] problem with rancid crontab In-Reply-To: <131560ee-38ed-d60b-f1e4-4b66e4b5bbae@ale.cx> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> <00a201d33c55$197a2b80$4c6e8280$@skno.by> <131560ee-38ed-d60b-f1e4-4b66e4b5bbae@ale.cx> Message-ID: <00cd01d33c58$1f28ea00$5d7abe00$@skno.by> Good observation, I was creating it using winscp, now I nanoed it and the log file produced: export HOME="/" export LANG="en_US.utf8" export LOGNAME="rancid" export MAILTO="root" export OLDPWD export PATH="/sbin:/bin:/usr/sbin:/usr/bin" export PWD="/" export SHELL="/bin/bash" export SHLVL="2" export USER="rancid" export _="/tmp/test2.sh" BASH=/bin/sh BASHOPTS=cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:inte ractive_comments:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=() BASH_ARGV=() BASH_CMDS=() BASH_LINENO=([0]="0") BASH_SOURCE=([0]="/tmp/test2.sh") BASH_VERSINFO=([0]="4" [1]="3" [2]="48" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") BASH_VERSION='4.3.48(1)-release' DIRSTACK=() EUID=103 GROUPS=() HOME=/ HOSTNAME=nagios HOSTTYPE=x86_64 IFS=' ' LANG=en_US.utf8 LOGNAME=rancid MACHTYPE=x86_64-pc-linux-gnu MAILTO=root OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/sbin:/bin:/usr/sbin:/usr/bin PIPESTATUS=([0]="0") POSIXLY_CORRECT=y PPID=22660 PS4='+ ' PWD=/ SHELL=/bin/bash SHELLOPTS=braceexpand:hashall:interactive-comments:posix SHLVL=2 TERM=dumb UID=103 USER=rancid _=export / From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alex DEKKER Sent: Tuesday, October 3, 2017 5:53 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] problem with rancid crontab On 03/10/17 15:37, Vacheslav wrote: Well it didn't run because when I su rancid and execute: /root $ /tmp/test.sh bash: /tmp/test.sh: /bin/sh^M: bad interpreter: No such file or directory running: sh /tmp/test.sh produces a log file with the following content: /root How to fix the script? If there really is a ^M on the first line of the script then that suggests it was created with "DOS" line endings. What are you using to edit files? I can imagine that unexpected DOS line endings will cause the various components of RANCID to fail in unexpected ways. alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From cgauthier at comscore.com Tue Oct 3 17:21:21 2017 From: cgauthier at comscore.com (Gauthier, Chris) Date: Tue, 3 Oct 2017 17:21:21 +0000 Subject: [rancid] problem with rancid crontab In-Reply-To: <00b601d33c56$cd216c10$67644430$@skno.by> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> <00a201d33c55$197a2b80$4c6e8280$@skno.by> <396BC53B-6463-4655-9CF7-8524715887E8@comscore.com> <00b601d33c56$cd216c10$67644430$@skno.by> Message-ID: <00349980-401D-4D49-A836-3539061E6F32@comscore.com> Sorry, forgot the ?c. I?m running clogin for some diagnostic stuff, but the same principle applies: su -l -c "clogin -x stackstate-error-cmds.txt ${device}" rancid --Chris Chris GauthierSenior Network Engineer | comScore, Inc. o +1 503-331-2704cgauthier at comscore.com 317 SW Alder St, Suite 500 | Portland | OR97204 ............................................................................................................................................................................................................................ From: Vacheslav Date: Tuesday, October 3, 2017 at 7:49 AM To: "Gauthier, Chris" , 'Alexander Griesser' , "rancid-discuss at shrubbery.net" Subject: RE: [rancid] problem with rancid crontab ~ # su ?l ?/tmp/test.sh? rancid No passwd entry for user '?l' From: Gauthier, Chris [mailto:cgauthier at comscore.com] Sent: Tuesday, October 3, 2017 5:44 PM To: Vacheslav ; 'Alexander Griesser' ; rancid-discuss at shrubbery.net Subject: Re: [rancid] problem with rancid crontab I fixed that by running: su ?l ?/tmp/test.sh? rancid The ?-l? says to make it a login shell so the environment variables will load. --Chris Chris Gauthier Senior Network Engineer | comScore, Inc. o +1 503-331-2704 cgauthier at comscore.com 317 SW Alder St, Suite 500 | Portland | OR 97204 ............................................................................................................................................................................................................................ From: Rancid-discuss > on behalf of Vacheslav > Date: Tuesday, October 3, 2017 at 7:37 AM To: 'Alexander Griesser' >, "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] problem with rancid crontab Well it didn?t run because when I su rancid and execute: /root $ /tmp/test.sh bash: /tmp/test.sh: /bin/sh^M: bad interpreter: No such file or directory running: sh /tmp/test.sh produces a log file with the following content: /root How to fix the script? From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:53 PM To: Vacheslav >; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab I?m not sure if your answer means that the problem is solved now or not; if it isn?t, please add the following testscript as a cronjob and check the output: Create the file ?/tmp/envtest.sh? with the following content: #!/bin/sh export > /tmp/envtest.log set >> /tmp/envtest.log pwd >> /tmp/envtest.log Save it and run `chmod 755 /tmp/envtest.sh`. Add the following line to your crontab: 0 * * * * rancid /tmp/envtest.sh Wait a minute and check /tmp/envtest.log; you should see the environment and current working directory in the logfile then which might help to diagnose this issue. Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Vacheslav [mailto:m_zouhairy at skno.by] Gesendet: Dienstag, 3. Oktober 2017 15:45 An: Alexander Griesser >; rancid-discuss at shrubbery.net Betreff: RE: [rancid] problem with rancid crontab Well if it were properly set, the error would be clear. rancid:x:103:101:added by portage for rancid:/var/rancid:/bin/bash Thanks for the answer. From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Tuesday, October 3, 2017 4:16 PM To: Vacheslav >; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab Hi, You can set the CWD to ~rancid first and then execute ?rancid-run?, but this is (at least to my experience) not necessary if the home directory for your rancid user iss et properly in /etc/passwd. What does `grep rancid /etc/passwd` return on your system? Is /var/rancid liste das the home directory for this account? Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Vacheslav Gesendet: Dienstag, 3. Oktober 2017 14:23 An: rancid-discuss at shrubbery.net Betreff: [rancid] problem with rancid crontab Peace, I configured crontab as root as such: 0 */6 * * * rancid /usr/bin/rancid-run # Clean out config differ logs5 0 23 * * * rancid /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \ But an error is logged: clogin error: Error: password file (//.cloginrc) does not exist I do not understand what the path // is. The .cloginrc file is in /var/rancid Or is it absolutely necessary to run cron as user rancid? p.s I?m using rancid 3.7 -------------- next part -------------- An HTML attachment was scrubbed... URL: From kylet at panix.com Tue Oct 3 19:54:24 2017 From: kylet at panix.com (Kyle Tucker) Date: Tue, 3 Oct 2017 15:54:24 -0400 Subject: [rancid] Update configs by an external means Message-ID: <20171003195424.GA12609@panix.com> Hi all, I've had RANCID with Subversion/WebSVN in place for a few years with great success for Cisco gear. I am trying to tackle SonicWall firewalls with not much success. I've managed to write my own shell/expect script the log onto the SonicWalls and ftp the configs back down where I can compare the current and previous configs and upon a change, log back on and download the exported "exp" image and I like this method. I also was able to get the configs initially into RANCID but without a working clogin/sonlogin script, updates aren't being seen. I tried to simply copy in a $host.new file but that triggered nothing but it was cleaned up. Is there a way I can copy the file in or otherwise inject it into RANCID so that rancid-run could accept it and trigger the normal actions a diff would trigger? Any thoughts or suggestions appreciated. Thanks in advance. Kyle From m_zouhairy at skno.by Wed Oct 4 05:44:28 2017 From: m_zouhairy at skno.by (Vacheslav) Date: Wed, 4 Oct 2017 08:44:28 +0300 Subject: [rancid] problem with rancid crontab In-Reply-To: <00cd01d33c58$1f28ea00$5d7abe00$@skno.by> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> <00a201d33c55$197a2b80$4c6e8280$@skno.by> <131560ee-38ed-d60b-f1e4-4b66e4b5bbae@ale.cx> <00cd01d33c58$1f28ea00$5d7abe00$@skno.by> Message-ID: <001801d33cd3$d86acbc0$89406340$@skno.by> So how to change home from / to /var/rancid? From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Vacheslav Sent: Tuesday, October 3, 2017 5:59 PM To: 'Alex DEKKER' ; rancid-discuss at shrubbery.net Subject: Re: [rancid] problem with rancid crontab Good observation, I was creating it using winscp, now I nanoed it and the log file produced: export HOME="/" export LANG="en_US.utf8" export LOGNAME="rancid" export MAILTO="root" export OLDPWD export PATH="/sbin:/bin:/usr/sbin:/usr/bin" export PWD="/" export SHELL="/bin/bash" export SHLVL="2" export USER="rancid" export _="/tmp/test2.sh" BASH=/bin/sh BASHOPTS=cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:inte ractive_comments:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=() BASH_ARGV=() BASH_CMDS=() BASH_LINENO=([0]="0") BASH_SOURCE=([0]="/tmp/test2.sh") BASH_VERSINFO=([0]="4" [1]="3" [2]="48" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") BASH_VERSION='4.3.48(1)-release' DIRSTACK=() EUID=103 GROUPS=() HOME=/ HOSTNAME=nagios HOSTTYPE=x86_64 IFS=' ' LANG=en_US.utf8 LOGNAME=rancid MACHTYPE=x86_64-pc-linux-gnu MAILTO=root OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/sbin:/bin:/usr/sbin:/usr/bin PIPESTATUS=([0]="0") POSIXLY_CORRECT=y PPID=22660 PS4='+ ' PWD=/ SHELL=/bin/bash SHELLOPTS=braceexpand:hashall:interactive-comments:posix SHLVL=2 TERM=dumb UID=103 USER=rancid _=export / From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alex DEKKER Sent: Tuesday, October 3, 2017 5:53 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] problem with rancid crontab On 03/10/17 15:37, Vacheslav wrote: Well it didn't run because when I su rancid and execute: /root $ /tmp/test.sh bash: /tmp/test.sh: /bin/sh^M: bad interpreter: No such file or directory running: sh /tmp/test.sh produces a log file with the following content: /root How to fix the script? If there really is a ^M on the first line of the script then that suggests it was created with "DOS" line endings. What are you using to edit files? I can imagine that unexpected DOS line endings will cause the various components of RANCID to fail in unexpected ways. alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From AGriesser at anexia-it.com Wed Oct 4 05:52:55 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Wed, 4 Oct 2017 05:52:55 +0000 Subject: [rancid] problem with rancid crontab In-Reply-To: <001801d33cd3$d86acbc0$89406340$@skno.by> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> <00a201d33c55$197a2b80$4c6e8280$@skno.by> <131560ee-38ed-d60b-f1e4-4b66e4b5bbae@ale.cx> <00cd01d33c58$1f28ea00$5d7abe00$@skno.by> <001801d33cd3$d86acbc0$89406340$@skno.by> Message-ID: <2163f9be648d4b389fbc80b78f38984c@anx-i-dag01.anx.local> What operating system is this? I'm not sure why this is happening for you, but this might as well be just because you're running the jobs in the system cron and the environment is not being passed to the script upon execution. Can you please just try to add this crontab line to the rancid user's cron? i.e. login as user rancid (f.ex. `su - rancid`) and then run `crontab -e` and add the cron there? This should definitely fix it. The only change necessary in the crontab line is to remove the column with the username "rancid". best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Vacheslav Gesendet: Mittwoch, 4. Oktober 2017 07:44 An: 'Alex DEKKER' ; rancid-discuss at shrubbery.net Betreff: Re: [rancid] problem with rancid crontab So how to change home from / to /var/rancid? From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Vacheslav Sent: Tuesday, October 3, 2017 5:59 PM To: 'Alex DEKKER' >; rancid-discuss at shrubbery.net Subject: Re: [rancid] problem with rancid crontab Good observation, I was creating it using winscp, now I nanoed it and the log file produced: export HOME="/" export LANG="en_US.utf8" export LOGNAME="rancid" export MAILTO="root" export OLDPWD export PATH="/sbin:/bin:/usr/sbin:/usr/bin" export PWD="/" export SHELL="/bin/bash" export SHLVL="2" export USER="rancid" export _="/tmp/test2.sh" BASH=/bin/sh BASHOPTS=cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=() BASH_ARGV=() BASH_CMDS=() BASH_LINENO=([0]="0") BASH_SOURCE=([0]="/tmp/test2.sh") BASH_VERSINFO=([0]="4" [1]="3" [2]="48" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") BASH_VERSION='4.3.48(1)-release' DIRSTACK=() EUID=103 GROUPS=() HOME=/ HOSTNAME=nagios HOSTTYPE=x86_64 IFS=' ' LANG=en_US.utf8 LOGNAME=rancid MACHTYPE=x86_64-pc-linux-gnu MAILTO=root OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/sbin:/bin:/usr/sbin:/usr/bin PIPESTATUS=([0]="0") POSIXLY_CORRECT=y PPID=22660 PS4='+ ' PWD=/ SHELL=/bin/bash SHELLOPTS=braceexpand:hashall:interactive-comments:posix SHLVL=2 TERM=dumb UID=103 USER=rancid _=export / From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alex DEKKER Sent: Tuesday, October 3, 2017 5:53 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] problem with rancid crontab On 03/10/17 15:37, Vacheslav wrote: Well it didn't run because when I su rancid and execute: /root $ /tmp/test.sh bash: /tmp/test.sh: /bin/sh^M: bad interpreter: No such file or directory running: sh /tmp/test.sh produces a log file with the following content: /root How to fix the script? If there really is a ^M on the first line of the script then that suggests it was created with "DOS" line endings. What are you using to edit files? I can imagine that unexpected DOS line endings will cause the various components of RANCID to fail in unexpected ways. alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From kylet at panix.com Wed Oct 4 19:06:26 2017 From: kylet at panix.com (Kyle Tucker) Date: Wed, 4 Oct 2017 15:06:26 -0400 Subject: [rancid] Update configs by an external means In-Reply-To: <20171003195424.GA12609@panix.com> References: <20171003195424.GA12609@panix.com> Message-ID: <20171004190626.GA26844@panix.com> Apparently it is enough to just place the updated file in the configs directory and rancid-run detects the chnages, updates Subversion and sends out the diff email. I got off easy on this one! Kyle On Tue, Oct 03, 2017 at 03:54:24PM -0400, Kyle Tucker wrote: > Hi all, > > I've had RANCID with Subversion/WebSVN in place for a few years with > great success for Cisco gear. I am trying to tackle SonicWall firewalls > with not much success. I've managed to write my own shell/expect script > the log onto the SonicWalls and ftp the configs back down where I can > compare the current and previous configs and upon a change, log back on > and download the exported "exp" image and I like this method. I also was > able to get the configs initially into RANCID but without a working > clogin/sonlogin script, updates aren't being seen. I tried to simply > copy in a $host.new file but that triggered nothing but it was cleaned > up. Is there a way I can copy the file in or otherwise inject it into > RANCID so that rancid-run could accept it and trigger the normal actions > a diff would trigger? Any thoughts or suggestions appreciated. > > Thanks in advance. > > Kyle -- - Kyle From doug.hughes at keystonenap.com Wed Oct 4 20:08:46 2017 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Wed, 4 Oct 2017 16:08:46 -0400 Subject: [rancid] Update configs by an external means In-Reply-To: <20171003195424.GA12609@panix.com> References: <20171003195424.GA12609@panix.com> Message-ID: One thing you could do to fit in with rancid's normal mode of operation, which is basically printing the output using something like ProcessHistory, is to make have the usual ranci and login files, maybe snlogin and snrancid, or sfwlogin or whatever. The login file takes care of logging into the device and executing the commands as usual. You can usually just copy another login, or maybe even the standard clogin will work for that. The rancid file will do something a bit different though. It will still execute clogin as normal, but you'll have only one subroutine, maybe called ExportConfig. @commandtable will have a single line that has the command to execute on the left as the key and the subroutine on the right as the value. This is where things diverge from traditional rancid. Instead of the command generating output that is filtered, you'll be executing your command export via scp or ftp and storing it in a temporary directory on your rancid server, probably as the rancid user so that you can clean it up. Your callback will probably wait until the command is complete, then mv the file from /tmp into the currenct directory and rename it to .new. That's the key. Now that .new is there, rancid can svn commit it and you get all the behavior that you are accustomed to. On 10/3/2017 3:54 PM, Kyle Tucker wrote: > Hi all, > > I've had RANCID with Subversion/WebSVN in place for a few years with > great success for Cisco gear. I am trying to tackle SonicWall firewalls > with not much success. I've managed to write my own shell/expect script > the log onto the SonicWalls and ftp the configs back down where I can > compare the current and previous configs and upon a change, log back on > and download the exported "exp" image and I like this method. I also was > able to get the configs initially into RANCID but without a working > clogin/sonlogin script, updates aren't being seen. I tried to simply > copy in a $host.new file but that triggered nothing but it was cleaned > up. Is there a way I can copy the file in or otherwise inject it into > RANCID so that rancid-run could accept it and trigger the normal actions > a diff would trigger? Any thoughts or suggestions appreciated. > > Thanks in advance. > > Kyle > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From merijn at trans-ix.nl Wed Oct 4 20:27:38 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Wed, 4 Oct 2017 20:27:38 +0000 Subject: [rancid] Fortigate get routing table Message-ID: Hi, For those who are interested in monitoring route changes I attached a patch for fnrancid for getting the complete routing table of a Fortigate and removing the date and timestamps shown at the end of a route. It is still a bit experimental, but seems to be working for us at this moment. Regards, Merijn Evertse -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: fnrancid-patch.txt URL: From dan.w.anderson at gmail.com Wed Oct 4 20:50:51 2017 From: dan.w.anderson at gmail.com (Dan Anderson) Date: Wed, 4 Oct 2017 16:50:51 -0400 Subject: [rancid] Update configs by an external means In-Reply-To: <20171003195424.GA12609@panix.com> References: <20171003195424.GA12609@panix.com> Message-ID: Rather than using a file that's been transferred onto the system, you may be able to have RANCID log in via SSH and run "config\rshow current-config" to dump the config. I'm guessing that there's some other commands that may be useful, but "show current-config" from config mode is how I typically get config copies from Sonicwall firewalls when I'm doing firewall migrations for my customers. On Tue, Oct 3, 2017 at 3:54 PM, Kyle Tucker wrote: > Hi all, > > I've had RANCID with Subversion/WebSVN in place for a few years with > great success for Cisco gear. I am trying to tackle SonicWall firewalls > with not much success. I've managed to write my own shell/expect script > the log onto the SonicWalls and ftp the configs back down where I can > compare the current and previous configs and upon a change, log back on > and download the exported "exp" image and I like this method. I also was > able to get the configs initially into RANCID but without a working > clogin/sonlogin script, updates aren't being seen. I tried to simply > copy in a $host.new file but that triggered nothing but it was cleaned > up. Is there a way I can copy the file in or otherwise inject it into > RANCID so that rancid-run could accept it and trigger the normal actions > a diff would trigger? Any thoughts or suggestions appreciated. > > Thanks in advance. > > Kyle > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at ale.cx Thu Oct 5 09:08:41 2017 From: rancid at ale.cx (Alex DEKKER) Date: Thu, 5 Oct 2017 10:08:41 +0100 Subject: [rancid] Update configs by an external means In-Reply-To: References: <20171003195424.GA12609@panix.com> Message-ID: On 04/10/17 21:50, Dan Anderson wrote: > Rather than using a file that's been transferred onto the system, you > may be able to have RANCID log in via SSH and run "config\rshow > current-config" to dump the config. I'm guessing that there's some > other commands that may be useful, but "show current-config" from > config mode is how I typically get config copies from Sonicwall > firewalls when I'm doing firewall migrations for my customers. I have started a snwlrancid based on the Mikrotik config fetcher. I guess I should just throw it up somewhere for others to have a look at. One thing I've noticed is that the obscured encryption keys in VPN tunnels change *every time* the config is polled: ???????? shared-secret 4,aa138a1f3e053d8fe0efbc3089e2be854a1a9d31fc6e3c26165674b26823f2e32c2e2ecf57fd16e74af093c9e6d35923be216133728061756144089c6ef3cfefc4f1f7bd270e41010e765b1afaed41f2d3e07950c3a3bf9a96264bbf7d9e17ad4280062cbdf2fa1f8b1071423186d5bb232e4424f50493c3ef64b34c7645305a56669a379d5abbba So long as it works when it's pasted back in to the firewall then great, but obviously this is going to be absurdly noisy unless it's replaced with a placeholder with some post-processing. If it's replaced with a placeholder then the resulting config cannot be put back in to the firewall without some tweaking. Personally, working in a team of people who manage Sonicwalls, partial-RANCID is better than no RANCID at all. The main roadblock I hit was that the word "exit" just seems to move around at random, and it's not the same "exit" that does this, there are loads of exits in the config and any one of them can apparently do it: Index: configs/barkminisonic.rancid =================================================================== retrieving revision 1.21 diff -u -4 -r1.21 minisonic.rancid @@ -5,8 +5,9 @@ ? rom-version 5.0.5.6 ? model "NSA 220" ? serial-number C0EA-E42D-XXXX ? last-modified-by "admin 192.168.253.16:X0 UI 2017/09/10 16:07:22" + exit ? administration ????? firewall-name MiniSonic ????? no auto-append-suffix ????? admin-name admin @@ -20,9 +21,9 @@ ????? password constraints-apply-to limited-admins ????? password constraints-apply-to local-users ????? idle-logout-time 25 ????? no user-lockout -???? admin-preempt-action goto-non-configexit +???? admin-preempt-action goto-non-config ????? admin-preempt-inactivity-timeout 10 ????? no inter-admin-messaging ????? no web-management allow-http ????? web-management https-port 443 I don't have time to work on this at the moment but I will try and make some time to put what I've done so far on Github or similar. alexd From doug.hughes at keystonenap.com Thu Oct 5 15:05:52 2017 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Thu, 5 Oct 2017 11:05:52 -0400 Subject: [rancid] Update configs by an external means In-Reply-To: References: <20171003195424.GA12609@panix.com> Message-ID: <9759b61e-5383-6139-0601-5dc1039ad6f7@keystonenap.com> It would be interesting to know if : you can restore the shared-secret from any of the various outputed one you can only restore from the latest one you can restore without having it at all. Do you have any test devices to confirm? It strikes me as slightly problematic from a security perspective that it would be possible to restore from any of these, because it means that you can just keep dumping the config over and over and over again and get a large sampling of these encrypted strings. If they are all equivalent, it implies that the key space may not be sufficient since the more you print it, there's a lot of information leakage. On 10/5/2017 5:08 AM, Alex DEKKER wrote: > On 04/10/17 21:50, Dan Anderson wrote: >> Rather than using a file that's been transferred onto the system, you >> may be able to have RANCID log in via SSH and run "config\rshow >> current-config" to dump the config. I'm guessing that there's some >> other commands that may be useful, but "show current-config" from >> config mode is how I typically get config copies from Sonicwall >> firewalls when I'm doing firewall migrations for my customers. > > I have started a snwlrancid based on the Mikrotik config fetcher. I > guess I should just throw it up somewhere for others to have a look > at. One thing I've noticed is that the obscured encryption keys in VPN > tunnels change *every time* the config is polled: > > > 4,c99c5ca7b2d0907883e8c6eacb251bfc189265ff041f4941cfaca1a3f3371511611bef8ee56affb2e091204a7c93f8c0d976d2cb3d251b4b940b0fafdb0d8f6812b8c067e1d1d3683db2f6d1247cf5c670171ba6f72e6bc1b62de89b79d23512ee6abf58b5f6ed6dcfb492a4a9d1800f9234e12899b2bc7f7eb4ccf865b478244f0b1a80ffd91035 > --- > >???????? shared-secret > 4,aa138a1f3e053d8fe0efbc3089e2be854a1a9d31fc6e3c26165674b26823f2e32c2e2ecf57fd16e74af093c9e6d35923be216133728061756144089c6ef3cfefc4f1f7bd270e41010e765b1afaed41f2d3e07950c3a3bf9a96264bbf7d9e17ad4280062cbdf2fa1f8b1071423186d5bb232e4424f50493c3ef64b34c7645305a56669a379d5abbba > > So long as it works when it's pasted back in to the firewall then > great, but obviously this is going to be absurdly noisy unless it's > replaced with a placeholder with some post-processing. If it's > replaced with a placeholder then the resulting config cannot be put > back in to the firewall without some tweaking. Personally, working in > a team of people who manage Sonicwalls, partial-RANCID is better than > no RANCID at all. > > The main roadblock I hit was that the word "exit" just seems to move > around at random, and it's not the same "exit" that does this, there > are loads of exits in the config and any one of them can apparently do > it: > > Index: configs/barkminisonic.rancid > =================================================================== > retrieving revision 1.21 > diff -u -4 -r1.21 minisonic.rancid > @@ -5,8 +5,9 @@ > ? rom-version 5.0.5.6 > ? model "NSA 220" > ? serial-number C0EA-E42D-XXXX > ? last-modified-by "admin 192.168.253.16:X0 UI 2017/09/10 16:07:22" > + exit > ? administration > ????? firewall-name MiniSonic > ????? no auto-append-suffix > ????? admin-name admin > @@ -20,9 +21,9 @@ > ????? password constraints-apply-to limited-admins > ????? password constraints-apply-to local-users > ????? idle-logout-time 25 > ????? no user-lockout > -???? admin-preempt-action goto-non-configexit > +???? admin-preempt-action goto-non-config > ????? admin-preempt-inactivity-timeout 10 > ????? no inter-admin-messaging > ????? no web-management allow-http > ????? web-management https-port 443 > > > I don't have time to work on this at the moment but I will try and > make some time to put what I've done so far on Github or similar. > > alexd > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From rancid at ale.cx Thu Oct 5 21:41:44 2017 From: rancid at ale.cx (Alex DEKKER) Date: Thu, 5 Oct 2017 22:41:44 +0100 Subject: [rancid] Update configs by an external means In-Reply-To: <9759b61e-5383-6139-0601-5dc1039ad6f7@keystonenap.com> References: <20171003195424.GA12609@panix.com> <9759b61e-5383-6139-0601-5dc1039ad6f7@keystonenap.com> Message-ID: <3b0b6fd2-f525-56ae-1928-ce7d77f0f4b8@ale.cx> The encryption key for the tunnel must be encrypted with some kind of reversible encryption [not least because you can see it unencrypted in the web interface]. The shared-secret field is also present in lots of places other than VPN tunnels [eg RADIUS secrets]. I have done some testing: - Any of the outputted versions of the shared-secret work and decrypt back to the same shared-secret. - Large amounts of the shared-secret are padding [to be expected really as the plaintext shared secret is of variable length but always encodes to the same length]. For example, the shared-secret 'bagsworth' encrypted to: shared-secret 4,e903b6311e5e345e6d36a055d78ee628c21bf9176ed43d083408218d71e48e9425f69649f36783318de12f1ea0b0c90b6d623f71f17b7aade8d2570d9d14d10ea4ea5c0834f337bfb2031a84baadd3005b3808f2de576a89be1707dc9d138fbd2eb3d8785ce16259a340a87d515c678731b1489409b766165cdbc58dae13b104cacb2b656903c50a which through trial and error, could be input as: shared-secret 4,e903b6311e5e345e6d36a055d78ee628c21bf9176ed43d0800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 and still decrypt correctly. Replace the final 8 with a zero and it decrypts as bagswort??G. alexd On 05/10/17 16:05, Doug Hughes wrote: > > It would be interesting to know if : > > you can restore the shared-secret from any of the various outputed one > you can only restore from the latest one > you can restore without having it at all. > > Do you have any test devices to confirm? > > It strikes me as slightly problematic from a security perspective that > it would be possible to restore from any of these, because it means > that you can just keep dumping the config over and over and over again > and get a large sampling of these encrypted strings. If they are all > equivalent, it implies that the key space may not be sufficient since > the more you print it, there's a lot of information leakage. > > From doug.hughes at keystonenap.com Fri Oct 6 01:08:31 2017 From: doug.hughes at keystonenap.com (doug.hughes at keystonenap.com) Date: Thu, 5 Oct 2017 21:08:31 -0400 Subject: [rancid] Update configs by an external means In-Reply-To: <3b0b6fd2-f525-56ae-1928-ce7d77f0f4b8@ale.cx> References: <20171003195424.GA12609@panix.com> <9759b61e-5383-6139-0601-5dc1039ad6f7@keystonenap.com> <3b0b6fd2-f525-56ae-1928-ce7d77f0f4b8@ale.cx> Message-ID: <4c5bcc63-6a76-4fc1-aa5a-014551548150.maildroid@localhost> ha. Simple obfuscation. It seems like it wouldn't be too difficult to take the shared-secret, not print them into the main config, and store them in a separate file that wouldn't be svn diffed.... I think.. Sent from my android device. -----Original Message----- From: Alex DEKKER To: rancid-discuss at shrubbery.net Sent: Thu, 05 Oct 2017 18:46 Subject: Re: [rancid] Update configs by an external means The encryption key for the tunnel must be encrypted with some kind of reversible encryption [not least because you can see it unencrypted in the web interface]. The shared-secret field is also present in lots of places other than VPN tunnels [eg RADIUS secrets]. I have done some testing: - Any of the outputted versions of the shared-secret work and decrypt back to the same shared-secret. - Large amounts of the shared-secret are padding [to be expected really as the plaintext shared secret is of variable length but always encodes to the same length]. For example, the shared-secret 'bagsworth' encrypted to: shared-secret 4,e903b6311e5e345e6d36a055d78ee628c21bf9176ed43d083408218d71e48e9425f69649f36783318de12f1ea0b0c90b6d623f71f17b7aade8d2570d9d14d10ea4ea5c0834f337bfb2031a84baadd3005b3808f2de576a89be1707dc9d138fbd2eb3d8785ce16259a340a87d515c678731b1489409b766165cdbc58dae13b104cacb2b656903c50a which through trial and error, could be input as: shared-secret 4,e903b6311e5e345e6d36a055d78ee628c21bf9176ed43d0800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 and still decrypt correctly. Replace the final 8 with a zero and it decrypts as bagswort??G. alexd On 05/10/17 16:05, Doug Hughes wrote: > > It would be interesting to know if : > > you can restore the shared-secret from any of the various outputed one > you can only restore from the latest one > you can restore without having it at all. > > Do you have any test devices to confirm? > > It strikes me as slightly problematic from a security perspective that > it would be possible to restore from any of these, because it means > that you can just keep dumping the config over and over and over again > and get a large sampling of these encrypted strings. If they are all > equivalent, it implies that the key space may not be sufficient since > the more you print it, there's a lot of information leakage. > > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at ale.cx Fri Oct 6 12:40:44 2017 From: rancid at ale.cx (Alex DEKKER) Date: Fri, 6 Oct 2017 13:40:44 +0100 Subject: [rancid] Update configs by an external means In-Reply-To: <1F612D61-4178-4386-A5E6-1FA9B048196D@bu.edu> References: <20171003195424.GA12609@panix.com> <1F612D61-4178-4386-A5E6-1FA9B048196D@bu.edu> Message-ID: <30d1bed0-b838-0e61-f80b-5e872715220a@ale.cx> I was starting from a base of 3.6.2. alexd On 06/10/17 13:32, Piegorsch, Weylin William wrote: > I had the same problem with rancid v1.x using a custom script (written by my predecessor for NX-OS). It cleared up when we migrated to v3.4.1, which had native NX-OS so it?s not clear to me if dumping the custom config fixed the issue or if it were a rancid version issue. > > Are you using a current version? > > weylin > > -----Original Message----- > From: Alex DEKKER > Date: Thursday, October 5, 2017 at 05:08 > To: > Subject: Re: [rancid] Update configs by an external means > > On 04/10/17 21:50, Dan Anderson wrote: > > Rather than using a file that's been transferred onto the system, you > > may be able to have RANCID log in via SSH and run "config\rshow > > current-config" to dump the config. I'm guessing that there's some > > other commands that may be useful, but "show current-config" from > > config mode is how I typically get config copies from Sonicwall > > firewalls when I'm doing firewall migrations for my customers. > > I have started a snwlrancid based on the Mikrotik config fetcher. I > guess I should just throw it up somewhere for others to have a look at. > One thing I've noticed is that the obscured encryption keys in VPN > tunnels change *every time* the config is polled: > > > < shared-secret > 4,c99c5ca7b2d0907883e8c6eacb251bfc189265ff041f4941cfaca1a3f3371511611bef8ee56affb2e091204a7c93f8c0d976d2cb3d251b4b940b0fafdb0d8f6812b8c067e1d1d3683db2f6d1247cf5c670171ba6f72e6bc1b62de89b79d23512ee6abf58b5f6ed6dcfb492a4a9d1800f9234e12899b2bc7f7eb4ccf865b478244f0b1a80ffd91035 > --- > > shared-secret > 4,aa138a1f3e053d8fe0efbc3089e2be854a1a9d31fc6e3c26165674b26823f2e32c2e2ecf57fd16e74af093c9e6d35923be216133728061756144089c6ef3cfefc4f1f7bd270e41010e765b1afaed41f2d3e07950c3a3bf9a96264bbf7d9e17ad4280062cbdf2fa1f8b1071423186d5bb232e4424f50493c3ef64b34c7645305a56669a379d5abbba > > So long as it works when it's pasted back in to the firewall then great, > but obviously this is going to be absurdly noisy unless it's replaced > with a placeholder with some post-processing. If it's replaced with a > placeholder then the resulting config cannot be put back in to the > firewall without some tweaking. Personally, working in a team of people > who manage Sonicwalls, partial-RANCID is better than no RANCID at all. > > The main roadblock I hit was that the word "exit" just seems to move > around at random, and it's not the same "exit" that does this, there are > loads of exits in the config and any one of them can apparently do it: > > Index: configs/barkminisonic.rancid > =================================================================== > retrieving revision 1.21 > diff -u -4 -r1.21 minisonic.rancid > @@ -5,8 +5,9 @@ > rom-version 5.0.5.6 > model "NSA 220" > serial-number C0EA-E42D-XXXX > last-modified-by "admin 192.168.253.16:X0 UI 2017/09/10 16:07:22" > + exit > administration > firewall-name MiniSonic > no auto-append-suffix > admin-name admin > @@ -20,9 +21,9 @@ > password constraints-apply-to limited-admins > password constraints-apply-to local-users > idle-logout-time 25 > no user-lockout > - admin-preempt-action goto-non-configexit > + admin-preempt-action goto-non-config > admin-preempt-inactivity-timeout 10 > no inter-admin-messaging > no web-management allow-http > web-management https-port 443 > > > I don't have time to work on this at the moment but I will try and make > some time to put what I've done so far on Github or similar. > > alexd > > > > From weylin at bu.edu Fri Oct 6 12:32:51 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Fri, 6 Oct 2017 12:32:51 +0000 Subject: [rancid] Update configs by an external means In-Reply-To: References: <20171003195424.GA12609@panix.com> Message-ID: <1F612D61-4178-4386-A5E6-1FA9B048196D@bu.edu> I had the same problem with rancid v1.x using a custom script (written by my predecessor for NX-OS). It cleared up when we migrated to v3.4.1, which had native NX-OS so it?s not clear to me if dumping the custom config fixed the issue or if it were a rancid version issue. Are you using a current version? weylin -----Original Message----- From: Alex DEKKER Date: Thursday, October 5, 2017 at 05:08 To: Subject: Re: [rancid] Update configs by an external means On 04/10/17 21:50, Dan Anderson wrote: > Rather than using a file that's been transferred onto the system, you > may be able to have RANCID log in via SSH and run "config\rshow > current-config" to dump the config. I'm guessing that there's some > other commands that may be useful, but "show current-config" from > config mode is how I typically get config copies from Sonicwall > firewalls when I'm doing firewall migrations for my customers. I have started a snwlrancid based on the Mikrotik config fetcher. I guess I should just throw it up somewhere for others to have a look at. One thing I've noticed is that the obscured encryption keys in VPN tunnels change *every time* the config is polled: < shared-secret 4,c99c5ca7b2d0907883e8c6eacb251bfc189265ff041f4941cfaca1a3f3371511611bef8ee56affb2e091204a7c93f8c0d976d2cb3d251b4b940b0fafdb0d8f6812b8c067e1d1d3683db2f6d1247cf5c670171ba6f72e6bc1b62de89b79d23512ee6abf58b5f6ed6dcfb492a4a9d1800f9234e12899b2bc7f7eb4ccf865b478244f0b1a80ffd91035 --- > shared-secret 4,aa138a1f3e053d8fe0efbc3089e2be854a1a9d31fc6e3c26165674b26823f2e32c2e2ecf57fd16e74af093c9e6d35923be216133728061756144089c6ef3cfefc4f1f7bd270e41010e765b1afaed41f2d3e07950c3a3bf9a96264bbf7d9e17ad4280062cbdf2fa1f8b1071423186d5bb232e4424f50493c3ef64b34c7645305a56669a379d5abbba So long as it works when it's pasted back in to the firewall then great, but obviously this is going to be absurdly noisy unless it's replaced with a placeholder with some post-processing. If it's replaced with a placeholder then the resulting config cannot be put back in to the firewall without some tweaking. Personally, working in a team of people who manage Sonicwalls, partial-RANCID is better than no RANCID at all. The main roadblock I hit was that the word "exit" just seems to move around at random, and it's not the same "exit" that does this, there are loads of exits in the config and any one of them can apparently do it: Index: configs/barkminisonic.rancid =================================================================== retrieving revision 1.21 diff -u -4 -r1.21 minisonic.rancid @@ -5,8 +5,9 @@ rom-version 5.0.5.6 model "NSA 220" serial-number C0EA-E42D-XXXX last-modified-by "admin 192.168.253.16:X0 UI 2017/09/10 16:07:22" + exit administration firewall-name MiniSonic no auto-append-suffix admin-name admin @@ -20,9 +21,9 @@ password constraints-apply-to limited-admins password constraints-apply-to local-users idle-logout-time 25 no user-lockout - admin-preempt-action goto-non-configexit + admin-preempt-action goto-non-config admin-preempt-inactivity-timeout 10 no inter-admin-messaging no web-management allow-http web-management https-port 443 I don't have time to work on this at the moment but I will try and make some time to put what I've done so far on Github or similar. alexd From cgauthier at comscore.com Thu Oct 12 16:40:28 2017 From: cgauthier at comscore.com (Gauthier, Chris) Date: Thu, 12 Oct 2017 16:40:28 +0000 Subject: [rancid] clogin not catching my "Password: " prompt Message-ID: <7514BB74-EA80-4196-8E90-55DEC30F9653@comscore.com> Hi, Recently, we changed authentication types on our Cisco switches and my rancid installation stopped authenticating. I modified my .cloginrc appropriately (config below). The target is ?sw003core.example.com?. I am running rancid 3.6.2 and the target switch is a Cisco 3850. add method * {ssh} add user * {user} add password * {password1} {password1} add autoenable sw*.example.com {1} The switch has a pre-login banner. Here is what it looks like when I manually log in using my own username: user at host:~ $ ssh sw003core.example.com CCCCC ############################################################ # # # ALERT! # # You are entering into a secured area! # # This service is restricted to authorized users only. # # All activities on this system are logged. # # Unauthorized access will be fully investigated. # # # ############################################################ Password: When clogin runs, it gets a timeout. [rancid at server ~]$ /usr/local/rancid/bin/clogin -d sw003core.example.com sw003core.example.com spawn ssh -x -l user sw003core.example.com parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {9518} Gate keeper glob pattern for '^<-+ More -+>[^ ]*' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Connection refused|Secure connection [^ ]+ refused)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Connection closed by|Connection to [^ ]+ closed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED' is 'HOST IDENTIFICATION HAS CHANGED'. Activating booster. Gate keeper glob pattern for 'Offending key for ' is 'Offending key for '. Activating booster. Gate keeper glob pattern for '^warning: remote host denied authentication agent forwarding.' is 'warning: remote host denied authentication agent forwarding?'. Activating booster. Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. Activating booster. Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating booster. Gate keeper glob pattern for 'Press the key [^ ]+[ ]+' is 'Press the key *'. Activating booster. Gate keeper glob pattern for '@[^ ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: '. Activating booster. Gate keeper glob pattern for '([Uu]sername|Login|login|user name|User):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '[^ ]*[ ]+' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp6) match regular expression "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no "Offending key for "? Gate "Offending key for "? gate=no expect: does "" (spawn_id exp6) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no expect: does "" (spawn_id exp6) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "Press the key [^\r\n]+[\r\n]+"? Gate "Press the key *"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "([Uu]sername|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no "Login invalid"? no "[^\r\n]*[\r\n]+"? (No Gate, RE only) gate=yes re=no CCCCC ############################################################ # # # ALERT! # # You are entering into a secured area! # # This service is restricted to authorized users only. # # All activities on this system are logged. # # Unauthorized access will be fully investigated. # # # ############################################################ expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no "Offending key for "? Gate "Offending key for "? gate=no expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no "Press any key to continue"? no "Enter Selection: "? Gate "Enter Selection: "? gate=no "Last login:"? Gate "Last login:"? gate=no "Press the key [^\r\n]+[\r\n]+"? Gate "Press the key *"? gate=no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no "([Uu]sername|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "#" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "CCCCC\r\r\n#" send: sending "\r" to { exp6 } Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^(.+[:.])1 ((>|#| \(enable\)))' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^.+(>|#| \(enable\))' is ''. Not usable, disabling the performance booster. expect: does "###########################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "###########################################################\r\r\n" expect: continuing expect expect: does "# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "# #\r\r\n" expect: continuing expect expect: does "# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "# ALERT! #\r\r\n" expect: continuing expect expect: does "# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "# You are entering into a secured area! #\r\r\n" expect: continuing expect expect: does "# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "# This service is restricted to authorized users only. #\r\r\n" expect: continuing expect expect: does "# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "# All activities on this system are logged. #\r\r\n" expect: continuing expect expect: does "# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "# Unauthorized access will be fully investigated. #\r\r\n" expect: continuing expect expect: does "# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "# #\r\r\n" expect: continuing expect expect: does "############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "############################################################\r\r\n" expect: continuing expect expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no expect: does "\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "\r\n" expect: continuing expect expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no Password: expect: does "Password: " (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no expect: timed out Error: TIMEOUT reached [rancid at isgnetmgmttest ~]$ Any thoughts on why this behavior changed and how to resolve it? I didn?t have a pre-login banner before, but cannot get rid of it, either. TIA. --Chris Chris GauthierSenior Network Engineer | comScore, Inc. o +1 503-331-2704cgauthier at comscore.com 317 SW Alder Street, Suite 700 | Portland | OR97204 ............................................................................................................................................................................................................................ -------------- next part -------------- An HTML attachment was scrubbed... URL: From Axel.Munoz-Persinger at L3T.com Thu Oct 12 19:47:10 2017 From: Axel.Munoz-Persinger at L3T.com (Munoz-Persinger, Axel @ CSG - CSE) Date: Thu, 12 Oct 2017 19:47:10 +0000 Subject: [rancid] RANCID Router Login Message-ID: Hello, Our organization uses RANCID for gathering data from our Cisco routers, but we recently faced an issue with a change we're trying to make. We simply want to change what the address that the scripts use to log into the routers. Let's say in the routers.db file we have: Router1:cisco:up Router2:cisco:up Router3:cisco:up We'd like to change it to: Router1.XYZ:cisco:up Router2.XYZ:cisco:up Router3.XYZ:cisco:up We didn't want to change the actual router names in the routers.db file, since this would most likely have other side effects like modifying the CVS. We tried changing clogin:750(ish) from if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { to if {[login $router.XYZ $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { However, by watching the tcpdump output, we see that it's still reaching out to the original address. Do you have any ideas that could help us? Thanks, Axel Munoz-Persinger Security Analyst Axel.Munoz-Persinger at L3T.com (856) 338-4103 CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving. Effective immediately my new email address is Axel.Munoz-Persinger at L3T.com. Please update your records. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Oct 12 21:14:05 2017 From: heas at shrubbery.net (heasley) Date: Thu, 12 Oct 2017 21:14:05 +0000 Subject: [rancid] RANCID Router Login In-Reply-To: References: Message-ID: <20171012211405.GA74735@shrubbery.net> Thu, Oct 12, 2017 at 07:47:10PM +0000, Munoz-Persinger, Axel @ CSG - CSE: > Hello, > > Our organization uses RANCID for gathering data from our Cisco routers, but we recently faced an issue with a change we're trying to make. > > We simply want to change what the address that the scripts use to log into the routers. Let's say in the routers.db file we have: > Router1:cisco:up > Router2:cisco:up > Router3:cisco:up > > We'd like to change it to: > Router1.XYZ:cisco:up > Router2.XYZ:cisco:up > Router3.XYZ:cisco:up > > > We didn't want to change the actual router names in the routers.db file, since this would most likely have other side effects like modifying the CVS. We tried changing clogin:750(ish) from > if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { > > to > if {[login $router.XYZ $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { > > However, by watching the tcpdump output, we see that it's still reaching out to the original address. > > Do you have any ideas that could help us? leave the old name and change the address it resolved to in dns/hostsfile. or change the name and, assuming that you care about retaining the lineage, update the cvs. From heas at shrubbery.net Thu Oct 12 22:17:56 2017 From: heas at shrubbery.net (heasley) Date: Thu, 12 Oct 2017 22:17:56 +0000 Subject: [rancid] clogin not catching my "Password: " prompt In-Reply-To: <7514BB74-EA80-4196-8E90-55DEC30F9653@comscore.com> References: <7514BB74-EA80-4196-8E90-55DEC30F9653@comscore.com> Message-ID: <20171012221755.GJ74735@shrubbery.net> Thu, Oct 12, 2017 at 04:40:28PM +0000, Gauthier, Chris: > Hi, > > Recently, we changed authentication types on our Cisco switches and my rancid installation stopped authenticating. I modified my .cloginrc appropriately (config below). The target is ?sw003core.example.com?. I am running rancid 3.6.2 and the target switch is a Cisco 3850. > > add method * {ssh} > add user * {user} > add password * {password1} {password1} > add autoenable sw*.example.com {1} > > The switch has a pre-login banner. Here is what it looks like when I manually log in using my own username: > user at host:~ $ ssh sw003core.example.com > CCCCC > ############################################################ dont use #s in banners. fix that, and your login will work again. From m_zouhairy at skno.by Fri Oct 13 11:25:34 2017 From: m_zouhairy at skno.by (Vacheslav) Date: Fri, 13 Oct 2017 14:25:34 +0300 Subject: [rancid] problem with rancid crontab In-Reply-To: <2163f9be648d4b389fbc80b78f38984c@anx-i-dag01.anx.local> References: <007a01d33c42$5030cd40$f09267c0$@skno.by> <511c3359ed0b41ce8e6eff97cff20b92@anx-i-dag01.anx.local> <008e01d33c4d$cb79ecb0$626dc610$@skno.by> <20cfd4a5c0aa4ec090f7baf8cd0240c2@anx-i-dag01.anx.local> <00a201d33c55$197a2b80$4c6e8280$@skno.by> <131560ee-38ed-d60b-f1e4-4b66e4b5bbae@ale.cx> <00cd01d33c58$1f28ea00$5d7abe00$@skno.by> <001801d33cd3$d86acbc0$89406340$@skno.by> <2163f9be648d4b389fbc80b78f38984c@anx-i-dag01.anx.local> Message-ID: <002001d34415$fc577b70$f5067250$@skno.by> Well I copied .cloginrc to the / directory and now it?s working, I?m happy J From: Alexander Griesser [mailto:AGriesser at anexia-it.com] Sent: Wednesday, October 4, 2017 8:53 AM To: Vacheslav ; 'Alex DEKKER' ; rancid-discuss at shrubbery.net Subject: AW: [rancid] problem with rancid crontab What operating system is this? I?m not sure why this is happening for you, but this might as well be just because you?re running the jobs in the system cron and the environment is not being passed to the script upon execution. Can you please just try to add this crontab line to the rancid user?s cron? i.e. login as user rancid (f.ex. `su ? rancid`) and then run `crontab -e` and add the cron there? This should definitely fix it. The only change necessary in the crontab line is to remove the column with the username ?rancid?. best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Vacheslav Gesendet: Mittwoch, 4. Oktober 2017 07:44 An: 'Alex DEKKER' >; rancid-discuss at shrubbery.net Betreff: Re: [rancid] problem with rancid crontab So how to change home from / to /var/rancid? From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Vacheslav Sent: Tuesday, October 3, 2017 5:59 PM To: 'Alex DEKKER' >; rancid-discuss at shrubbery.net Subject: Re: [rancid] problem with rancid crontab Good observation, I was creating it using winscp, now I nanoed it and the log file produced: export HOME="/" export LANG="en_US.utf8" export LOGNAME="rancid" export MAILTO="root" export OLDPWD export PATH="/sbin:/bin:/usr/sbin:/usr/bin" export PWD="/" export SHELL="/bin/bash" export SHLVL="2" export USER="rancid" export _="/tmp/test2.sh" BASH=/bin/sh BASHOPTS=cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:inte ractive_comments:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=() BASH_ARGV=() BASH_CMDS=() BASH_LINENO=([0]="0") BASH_SOURCE=([0]="/tmp/test2.sh") BASH_VERSINFO=([0]="4" [1]="3" [2]="48" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") BASH_VERSION='4.3.48(1)-release' DIRSTACK=() EUID=103 GROUPS=() HOME=/ HOSTNAME=nagios HOSTTYPE=x86_64 IFS=' ' LANG=en_US.utf8 LOGNAME=rancid MACHTYPE=x86_64-pc-linux-gnu MAILTO=root OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/sbin:/bin:/usr/sbin:/usr/bin PIPESTATUS=([0]="0") POSIXLY_CORRECT=y PPID=22660 PS4='+ ' PWD=/ SHELL=/bin/bash SHELLOPTS=braceexpand:hashall:interactive-comments:posix SHLVL=2 TERM=dumb UID=103 USER=rancid _=export / From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alex DEKKER Sent: Tuesday, October 3, 2017 5:53 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] problem with rancid crontab On 03/10/17 15:37, Vacheslav wrote: Well it didn?t run because when I su rancid and execute: /root $ /tmp/test.sh bash: /tmp/test.sh: /bin/sh^M: bad interpreter: No such file or directory running: sh /tmp/test.sh produces a log file with the following content: /root How to fix the script? If there really is a ^M on the first line of the script then that suggests it was created with "DOS" line endings. What are you using to edit files? I can imagine that unexpected DOS line endings will cause the various components of RANCID to fail in unexpected ways. alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From weylin at bu.edu Fri Oct 13 22:12:22 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Fri, 13 Oct 2017 22:12:22 +0000 Subject: [rancid] RANCID Router Login In-Reply-To: References: Message-ID: My predecessor created a small script for changing a device?s name in router.db; we change the device name occasionally (for example when we find a device with a type-o in the name compared against our standard), but we want to keep the change history in one place in CVS. Copying here, in case you find it useful. Weylin [rancid at nsgv-prod-59 usrdir]$ cat rename-node.sh #!/bin/bash # Uncomment this for extended logging # DEBUG=1 NumParms=$# ORIGHOST=$1 NEWHOST=$2 GROUP=$3 function ShowHelpText () { echo "$0 [options]" echo echo "Available Options:" echo " -d, --debug Set the internal debug flag" echo " -h, --help Show this text, then exit" echo echo "-h and --help may come in any position. All other options MUST" echo "be listed at the end of the command. If they are listed in one" echo "of the first three positions, they will be treated as parameters" echo "as indicated." echo echo "Please note that the contents will not be affected. So, for example," echo "if this rename is being performed for maintenance purposes but the" echo "device configuration is not also changing, no record will be kept" echo "in rancid of this change." } # if any position parameter equals either -h or --help while [ $1 ] do if [ $1 = -h -o $1 = --help ] then ShowHelpText exit elif [ $1 = -d -o $1 = --debug ] then DEBUG=1 NumParms=$[$NumParms-1] fi shift done if [ $NumParms -gt 3 ] then # only got here if -h or --help was not specified ShowHelpText >&2 echo >&2 echo Too many parameters passed. Exiting. >&2 exit fi if [ ! `whoami` = "rancid" ] then echo Must be run as user rancid exit fi if [ $ORIGHOST ] then echo -n "" else echo >&2 ShowHelpText >&2 echo >&2 echo "*Error: Missing original device name" >&2 echo >&2 exit fi if [ $NEWHOST ] then echo -n "" else echo >&2 ShowHelpText >&2 echo >&2 echo "*Error: Missing new device name" >&2 echo >&2 exit fi if [ $GROUP ] then echo -n "" else echo >&2 ShowHelpText >&2 echo >&2 echo "*Error: Missing rancid group" >&2 echo >&2 exit fi ORIGHOST=`echo $ORIGHOST | /usr/bin/awk '{print tolower($0)}'` NEWHOST=`echo $NEWHOST | /usr/bin/awk '{print tolower($0)}'` cd /usr/local/rancid/var if [ ! -f $GROUP/router.db ] then echo Error: $GROUP/router.db does not exist. >&2 exit fi if [ ! -f $GROUP/configs/$ORIGHOST ] then echo Error: $GROUP/configs/$ORIGHOST does not exist. >&2 exit fi if [ ! -f CVS/$GROUP/configs/$ORIGHOST,v ] then echo Error: CVS/$GROUP/configs/$ORIGHOST,v does not exist - CVS error!!!. >&2 exit fi if [ $DEBUG ] then echo echo "Renaming $ORIGHOST as $NEWHOST in $GROUP" fi cd /usr/local/rancid/var # TYPEANDSTATE=`grep -i '^$ORIGHOST;' $GROUP/router.db | sed 's/^$ORIGHOST;//'` TYPEANDSTATE=`grep -i "^$ORIGHOST;" $GROUP/router.db | sed "s/^$ORIGHOST;//"` if [ $TYPEANDSTATE ] then echo " Found $ORIGHOST in $GROUP" else echo " $ORIGHOST not found in $GROUP" echo exit fi if [ $DEBUG ] then echo " Renaming $ORIGHOST as $NEWHOST in $GROUP group file with type and state $TYPEANDSTATE" fi # removing old grep -v "^$ORIGHOST;" $GROUP/router.db > /tmp/$GROUP-router.db mv -f /tmp/$GROUP-router.db $GROUP/router.db || exit # adding new echo "$NEWHOST;$TYPEANDSTATE" >> $GROUP/router.db /bin/sort -u $GROUP/router.db | /usr/bin/awk '{print tolower($0)}' > /tmp/$GROUP-router.db mv -f /tmp/$GROUP-router.db $GROUP/router.db if [ $DEBUG ] then echo " Moving Configuration and CVS archive to new name" fi mv -f CVS/$GROUP/configs/$ORIGHOST,v CVS/$GROUP/configs/$NEWHOST,v mv -f $GROUP/configs/$ORIGHOST $GROUP/configs/$NEWHOST if [ $DEBUG ] then echo " Validating CVS synchronization" fi cd $GROUP/configs cvs update if [ $DEBUG ] then echo " Move complete" echo fi exit [rancid at nsgv-prod-59 usrdir]$ From: "Munoz-Persinger, Axel @ CSG - CSE" Date: Thursday, October 12, 2017 at 15:47 To: "rancid-discuss at shrubbery.net" Cc: "Auer, Kyle @ CSG - CSE" , "Zaveri, Sundeep @ CSG - CSE" , "Dowd, Daniel @ CSG - CSE" Subject: [rancid] RANCID Router Login Hello, Our organization uses RANCID for gathering data from our Cisco routers, but we recently faced an issue with a change we?re trying to make. We simply want to change what the address that the scripts use to log into the routers. Let?s say in the routers.db file we have: Router1:cisco:up Router2:cisco:up Router3:cisco:up We?d like to change it to: Router1.XYZ:cisco:up Router2.XYZ:cisco:up Router3.XYZ:cisco:up We didn?t want to change the actual router names in the routers.db file, since this would most likely have other side effects like modifying the CVS. We tried changing clogin:750(ish) from if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { to if {[login $router.XYZ $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { However, by watching the tcpdump output, we see that it?s still reaching out to the original address. Do you have any ideas that could help us? Thanks, Axel Munoz-Persinger Security Analyst Axel.Munoz-Persinger at L3T.com (856) 338-4103 CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving. Effective immediately my new email address is Axel.Munoz-Persinger at L3T.com. Please update your records. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ler762 at gmail.com Sat Oct 14 20:57:35 2017 From: ler762 at gmail.com (Lee) Date: Sat, 14 Oct 2017 16:57:35 -0400 Subject: [rancid] RANCID Router Login In-Reply-To: <20171012211405.GA74735@shrubbery.net> References: <20171012211405.GA74735@shrubbery.net> Message-ID: On 10/12/17, heasley wrote: > Thu, Oct 12, 2017 at 07:47:10PM +0000, Munoz-Persinger, Axel @ CSG - CSE: >> Hello, >> >> Our organization uses RANCID for gathering data from our Cisco routers, >> but we recently faced an issue with a change we're trying to make. >> >> We simply want to change what the address that the scripts use to log into >> the routers. Let's say in the routers.db file we have: >> Router1:cisco:up >> Router2:cisco:up >> Router3:cisco:up >> >> We'd like to change it to: >> Router1.XYZ:cisco:up >> Router2.XYZ:cisco:up >> Router3.XYZ:cisco:up >> >> >> We didn't want to change the actual router names in the routers.db file, >> since this would most likely have other side effects like modifying the >> CVS. We tried changing clogin:750(ish) from >> if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod >> $cyphertype]} { >> >> to >> if {[login $router.XYZ $ruser $userpswd $passwd $enapasswd $cmethod >> $cyphertype]} { >> >> However, by watching the tcpdump output, we see that it's still reaching >> out to the original address. >> >> Do you have any ideas that could help us? > > leave the old name and change the address it resolved to in dns/hostsfile. +1 for changing the address in dns if you don't like/can't do that option, add search XYZ.l3t.com in resolv.conf so that the first dns lookup for foo is foo.xyz.l3t.com see http://man7.org/linux/man-pages/man5/resolv.conf.5.html The search list is normally determined from the local domain name; by default, it contains only the local domain name. This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Regards, Lee From Axel.Munoz-Persinger at L3T.com Mon Oct 16 11:58:00 2017 From: Axel.Munoz-Persinger at L3T.com (Munoz-Persinger, Axel @ CSG - CSE) Date: Mon, 16 Oct 2017 11:58:00 +0000 Subject: [rancid] RANCID Router Login In-Reply-To: References: <20171012211405.GA74735@shrubbery.net> Message-ID: <1fd0fa213511475a99645574dd5e5d5e@L3T.com> Thanks everyone for the help; we ended up just changing the address on this as suggested and it works flawlessly. Thanks, Axel -----Original Message----- From: Lee [mailto:ler762 at gmail.com] Sent: Saturday, October 14, 2017 4:58 PM To: rancid-discuss at shrubbery.net Cc: Munoz-Persinger, Axel @ CSG - CSE ; Zaveri, Sundeep @ CSG - CSE ; Dowd, Daniel @ CSG - CSE ; Auer, Kyle @ CSG - CSE Subject: Re: [rancid] RANCID Router Login On 10/12/17, heasley wrote: > Thu, Oct 12, 2017 at 07:47:10PM +0000, Munoz-Persinger, Axel @ CSG - CSE: >> Hello, >> >> Our organization uses RANCID for gathering data from our Cisco >> routers, but we recently faced an issue with a change we're trying to make. >> >> We simply want to change what the address that the scripts use to log >> into the routers. Let's say in the routers.db file we have: >> Router1:cisco:up >> Router2:cisco:up >> Router3:cisco:up >> >> We'd like to change it to: >> Router1.XYZ:cisco:up >> Router2.XYZ:cisco:up >> Router3.XYZ:cisco:up >> >> >> We didn't want to change the actual router names in the routers.db >> file, since this would most likely have other side effects like >> modifying the CVS. We tried changing clogin:750(ish) from if {[login >> $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { >> >> to >> if {[login $router.XYZ $ruser $userpswd $passwd $enapasswd $cmethod >> $cyphertype]} { >> >> However, by watching the tcpdump output, we see that it's still >> reaching out to the original address. >> >> Do you have any ideas that could help us? > > leave the old name and change the address it resolved to in dns/hostsfile. +1 for changing the address in dns if you don't like/can't do that option, add search XYZ.l3t.com in resolv.conf so that the first dns lookup for foo is foo.xyz.l3t.com see http://man7.org/linux/man-pages/man5/resolv.conf.5.html The search list is normally determined from the local domain name; by default, it contains only the local domain name. This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Regards, Lee CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving. Effective immediately my new email address is Axel.Munoz-Persinger at L3T.com. Please update your records. From thefonzz2625 at gmail.com Tue Oct 17 14:59:29 2017 From: thefonzz2625 at gmail.com (Andrew Villano) Date: Tue, 17 Oct 2017 10:59:29 -0400 Subject: [rancid] Stop rancid from logging environmentals Message-ID: Hello All, I have a quick question. I'd like to stop rancid from logging environmentals on my switches. I get diffs every day from the one or two degree differences on the temperature in the datacenter in which my core switches sit. How might I go about turning this off? I checked through the source code and nothing apparent jumped out at me like an array of commands (eg. 'sh run, sh env,) etc. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Oct 17 16:13:54 2017 From: heas at shrubbery.net (heasley) Date: Tue, 17 Oct 2017 16:13:54 +0000 Subject: [rancid] Stop rancid from logging environmentals In-Reply-To: References: Message-ID: <20171017161354.GA22248@shrubbery.net> Tue, Oct 17, 2017 at 10:59:29AM -0400, Andrew Villano: > Hello All, > > I have a quick question. I'd like to stop rancid from logging > environmentals on my switches. I get diffs every day from the one or two > degree differences on the temperature in the datacenter in which my core > switches sit. that stuff should be filtered. provide example output from the device and from rancid and the filter can be corrected. > How might I go about turning this off? I checked through the source code > and nothing apparent jumped out at me like an array of commands (eg. 'sh > run, sh env,) etc. see rancid.types.conf(5) From doug.hughes at keystonenap.com Tue Oct 17 16:15:44 2017 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Tue, 17 Oct 2017 12:15:44 -0400 Subject: [rancid] Stop rancid from logging environmentals In-Reply-To: References: Message-ID: <8cc48d11-5f3a-0015-8595-451a02fcfe07@keystonenap.com> It's in etc/rancid.types.base ShowEnv On 10/17/2017 10:59 AM, Andrew Villano wrote: > Hello All, > > I have a quick question. I'd like to stop rancid from logging > environmentals on my switches. I get diffs every day from the one or > two degree differences on the temperature in the datacenter in which > my core switches sit. > > How might I go about turning this off? I checked through the source > code and nothing apparent jumped out at me like an array of commands > (eg. 'sh run, sh env,) etc. > > > Thanks. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From thefonzz2625 at gmail.com Tue Oct 17 17:10:53 2017 From: thefonzz2625 at gmail.com (Andrew Villano) Date: Tue, 17 Oct 2017 13:10:53 -0400 Subject: [rancid] Stop rancid from logging environmentals In-Reply-To: <20171017161354.GA22248@shrubbery.net> References: <20171017161354.GA22248@shrubbery.net> Message-ID: Thanks for the quick reply! I've commented out the disk and environmentals in rancid.types.base. But for reference here's what's been repeating since I've installed rancid. diff --git a/configs/**my switch** index 2be026c..d335d3d 100644 --- a/**my switch* +++ b/**my switch* -242,8 +242,8 @@ !Flash: logflash: 4096 Apr 07 05:42:52 2015 vdc_8/ !Flash: logflash: 4096 Apr 07 05:42:52 2015 vdc_9/ !Flash: logflash: Usage for logflash://sup-local -!Flash: logflash: 580 MB used -!Flash: logflash: 6934 MB free +!Flash: logflash: 581 MB used +!Flash: logflash: 6933 MB free !Flash: logflash: 7514 MB total ! !Flash: slot0: 67492266 Nov 09 20:03:33 2016 n7000-s2-epld.6.2.16.img diff --git a/configs//**my switch** index 2c84fbf..8d95063 100644 --- a/**my switch** +++ b/**my switch** @@ -15,11 +15,11 @@ !Env: Module Sensor Status !Env: ------+--------------------------+--------------------+------------ !Env: 1 air outlet 45C ok -!Env: 1 air inlet 28C ok +!Env: 1 air inlet 29C ok !Env: 2 air outlet 29C ok !Env: 2 air inlet 29C ok !Env: 3 air outlet 30C ok -!Env: 3 air inlet 26C ok +!Env: 3 air inlet 27C ok ! !Flash: bootflash: Directory of bootflash:/ !Flash: bootflash: 6 -rw- 20798019 Oct 4 2008 15:17:10 -04:00 cat4500e-ipbasek9-mz.122-46.SG.bin diff --git a/configs/**my switch** index 5b8e240..db1f302 100644 --- a/**my switch** +++ b/**my switch** @@ -15,11 +15,11 @@ !Env: Module Sensor Status !Env: ------+--------------------------+--------------------+------------ !Env: 1 air outlet 39C ok -!Env: 1 air inlet 24C ok -!Env: 2 air outlet 26C ok +!Env: 1 air inlet 25C ok +!Env: 2 air outlet 27C ok !Env: 2 air inlet 23C ok -!Env: 3 air outlet 24C ok -!Env: 3 air inlet 22C ok +!Env: 3 air outlet 25C ok +!Env: 3 air inlet 23C ok ! !Flash: bootflash: Directory of bootflash:/ !Flash: bootflash: 6 -rw- 32292240 Jul 29 2014 07:20:00 +00:00 cat4500e-ipbasek9-mz.151-1.SG2.bin On Tue, Oct 17, 2017 at 12:13 PM, heasley wrote: > Tue, Oct 17, 2017 at 10:59:29AM -0400, Andrew Villano: > > Hello All, > > > > I have a quick question. I'd like to stop rancid from logging > > environmentals on my switches. I get diffs every day from the one or two > > degree differences on the temperature in the datacenter in which my core > > switches sit. > > that stuff should be filtered. provide example output from the device > and from rancid and the filter can be corrected. > > > How might I go about turning this off? I checked through the source code > > and nothing apparent jumped out at me like an array of commands (eg. 'sh > > run, sh env,) etc. > > see rancid.types.conf(5) > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mgoeres at gmail.com Thu Oct 19 17:13:23 2017 From: mgoeres at gmail.com (Matthew Goeres) Date: Thu, 19 Oct 2017 12:13:23 -0500 Subject: [rancid] Revision Searches Message-ID: Looking for ideas on how I can search back revisions on multiple devices. Example: I have a folder with around 200 devices in it. I would like to look back at say the last 5 revisions for all devices and grep those changes for something like a zone change. Anyone had some ideas on how to do this with CVS? -------------- next part -------------- An HTML attachment was scrubbed... URL: From cgauthier at comscore.com Thu Oct 19 17:48:10 2017 From: cgauthier at comscore.com (Gauthier, Chris) Date: Thu, 19 Oct 2017 17:48:10 +0000 Subject: [rancid] Revision Searches In-Reply-To: References: Message-ID: I used WebCVS previously. That allowed me to compare versions nicely. That may not be exactly what you?re looking for, though. Conceptually, it?s possible to script it with Perl or something like that. In the discussion below, I refer to X and Y, where X is the base version and Version Y is version (X-5). Write a script that pulls version X and saves it as a unique filename (vX.txt). Do the same for version Y (vY.txt). Then, do a diff of versions X and Y with the output going to diffXY.txt. Grep that output for the code relevant to a zone change or other configuration change you are looking for. Lastly, the script could send an email, with the file diffXY.txt attached, to a designated email address. You could even script this to run just after rancid finishes a poll, but that would take more scripting. Just a few thoughts. --Chris Chris GauthierSenior Network Engineer | comScore, Inc. o +1 503-331-2704cgauthier at comscore.com 317 SW Alder Street, Suite 700 | Portland | OR97204 ............................................................................................................................................................................................................................ From: Rancid-discuss on behalf of Matthew Goeres Date: Thursday, October 19, 2017 at 10:38 AM To: "rancid-discuss at shrubbery.net" Subject: [rancid] Revision Searches Looking for ideas on how I can search back revisions on multiple devices. Example: I have a folder with around 200 devices in it. I would like to look back at say the last 5 revisions for all devices and grep those changes for something like a zone change. Anyone had some ideas on how to do this with CVS? -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Oct 19 18:38:50 2017 From: heas at shrubbery.net (heasley) Date: Thu, 19 Oct 2017 18:38:50 +0000 Subject: [rancid] Revision Searches In-Reply-To: References: Message-ID: <20171019183850.GC82695@shrubbery.net> Thu, Oct 19, 2017 at 05:48:10PM +0000, Gauthier, Chris: > Write a script that pulls version X and saves it as a unique filename (vX.txt). Do the same for version Y (vY.txt). Then, do a diff of versions X and Y with the output going to diffXY.txt. Grep that output for the code relevant to a zone change or other configuration change you are looking for. Lastly, the script could send an email, with the file diffXY.txt attached, to a designated email address. You could even script this to run just after rancid finishes a poll, but that would take more scripting. also see cvs {r}annotate and options to cvs log From ler762 at gmail.com Thu Oct 19 21:37:15 2017 From: ler762 at gmail.com (Lee) Date: Thu, 19 Oct 2017 17:37:15 -0400 Subject: [rancid] Revision Searches In-Reply-To: References: Message-ID: On 10/19/17, Matthew Goeres wrote: > Looking for ideas on how I can search back revisions on multiple devices. > > Example: I have a folder with around 200 devices in it. I would like to > look back at say the last 5 revisions for all devices and grep those > changes for something like a zone change. Anyone had some ideas on how to > do this with CVS? Would something like cvs diff -D "2 months ago" -U 5 devName be close enuf? Lee From doug.hughes at keystonenap.com Fri Oct 20 00:42:39 2017 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Thu, 19 Oct 2017 20:42:39 -0400 Subject: [rancid] Revision Searches In-Reply-To: References: Message-ID: <5a75e730-15ae-8875-365e-8d4133d882bb@keystonenap.com> It's been a while since I've used cvs, but here's what I'd do with subversion, which is not hugely different. 1) co the config tree into a temporary directory (here using svn co or similar) 2) cd to the configs directory 3) look at the log history on one of the files and find the time frame I'm looking for. Here, we're relying on the fact that rancid is running a bulk check-in at once for all of the files, so they all have the same version number at the same time of run. 4) svn update -r * - that brings out all the files at that same version number (e.g. whatever that version is from 5 revs ago) 5) run grep on * (there's always the option of converting your cvs to subversion, though I'm not sure if it didn't keep the revs the same if that would translate similarly) On 10/19/2017 5:37 PM, Lee wrote: > On 10/19/17, Matthew Goeres wrote: >> Looking for ideas on how I can search back revisions on multiple devices. >> >> Example: I have a folder with around 200 devices in it. I would like to >> look back at say the last 5 revisions for all devices and grep those >> changes for something like a zone change. Anyone had some ideas on how to >> do this with CVS? > Would something like > cvs diff -D "2 months ago" -U 5 devName > be close enuf? > > Lee > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From me at falz.net Mon Oct 23 12:42:16 2017 From: me at falz.net (Chris Wopat) Date: Mon, 23 Oct 2017 07:42:16 -0500 Subject: [rancid] Juniper 'last commit' + Fortigate whitespace + DB In-Reply-To: <20170930025425.GH83414@shrubbery.net> References: <20170930025425.GH83414@shrubbery.net> Message-ID: <6b5a1084-e369-32ef-232e-3462a3ed97d2@falz.net> On 09/29/2017 09:54 PM, heasley wrote: > Fri, Sep 29, 2017 at 07:28:27AM -0500, Chris Wopat: >> Hey folks, >> >> We recently updated to 3.7, a few comments/questions. >> >> * Juniper was updated to ignore 'last committed by' line. Changelog >> says 'useless >> last commit config line'. Curious what others think about this. We think >> it's quite valuable and is a nice way help correlate changes to accounts >> that made the change. For now we've manually restored it, which is easy >> enough. > > there is only one way that that token can be guaranteed - if rancid were > guaranteed to collect the information before anyone else could run a > commit. if folks really like that ... We didn't have an issue the way it worked prior, I'm happy to just continue to manually patch this back in. >> * We see the 'show chassis firmware' line come and go on some devices. This >> happened prior to 3.7 as well. This has been witnessed on MX running 15.1, >> QFX running 14.1X53-D45, and possibly other devices. >> >> + # show chassis firmware > > hrm, what model MX? I've not seen this in the lab or production for mx > or ptx. perhaps we can chat about whats different in your env. A few MX960s, with RE-S-2000 and RE-S-X6-64G, QFX5100m EX4200. A few examples below of some 'show' commands toggling back and forth: Index: configs/r-mx960-lab =================================================================== retrieving revision 1.1162 diff -u -4 -r1.1162 r-mx960-lab @@ -1,8 +1,7 @@ #RANCID-CONTENT-TYPE: juniper # # r-mx960-lab-re1> show chassis clocks - # show chassis environment # r-mx960-lab-re1> show chassis environment # Class Item Status # Temp PEM 0 OK # PEM 1 OK Index: configs/r-mx960-lab =================================================================== retrieving revision 1.1161 diff -u -4 -r1.1161 r-mx960-lab @@ -1,7 +1,8 @@ #RANCID-CONTENT-TYPE: juniper # # r-mx960-lab-re1> show chassis clocks + # show chassis environment # r-mx960-lab-re1> show chassis environment # Class Item Status # Temp PEM 0 OK # PEM 1 OK Index: configs/r-mx960-lab-2.wiscnet.net =================================================================== retrieving revision 1.1130 diff -u -4 -r1.1130 r-mx960-lab-2.wiscnet.net @@ -30,9 +30,8 @@ # CB 2 XF A OK # CB 2 XF B OK # FPC 0 Intake OK # FPC 0 Exhaust A OK - # show chassis firmware # FPC 0 Exhaust B OK # FPC 0 XL TSen OK # FPC 0 XL Chip OK # FPC 0 XL_XR0 TSen OK Index: configs/r-mx960-lab-2.wiscnet.net =================================================================== retrieving revision 1.1129 diff -u -4 -r1.1129 r-mx960-lab-2.wiscnet.net @@ -30,8 +30,9 @@ # CB 2 XF A OK # CB 2 XF B OK # FPC 0 Intake OK # FPC 0 Exhaust A OK + # show chassis firmware # FPC 0 Exhaust B OK # FPC 0 XL TSen OK # FPC 0 XL Chip OK # FPC 0 XL_XR0 TSen OK Index: configs/r-qfx5100-lab =================================================================== retrieving revision 1.867 diff -u -4 -r1.867 r-qfx5100-lab @@ -34,9 +34,8 @@ # MRE 17.9 # Power CPLD 3.a # # r-qfx5100-lab> show chassis fpc detail - # show chassis hardware detail # Slot 0 information: # State Online # Total CPU DRAM 1953 MB # Total SRAM 0 MB Index: configs/r-mx960-lab-2 =================================================================== retrieving revision 1.1129 diff -u -4 -r1.1129 r-mx960-lab-2 @@ -30,8 +30,9 @@ # CB 2 XF A OK # CB 2 XF B OK # FPC 0 Intake OK # FPC 0 Exhaust A OK + # show chassis firmware # FPC 0 Exhaust B OK # FPC 0 XL TSen OK # FPC 0 XL Chip OK # FPC 0 XL_XR0 TSen OK Index: configs/r-qfx5100-lab =================================================================== retrieving revision 1.867 diff -u -4 -r1.867 r-qfx5100-lab @@ -34,9 +34,8 @@ # MRE 17.9 # Power CPLD 3.a # # r-qfx5100-lab> show chassis fpc detail - # show chassis hardware detail # Slot 0 information: # State Online # Total CPU DRAM 1953 MB # Total SRAM 0 MB Index: configs/r-mx960-lab-2 =================================================================== retrieving revision 1.1129 diff -u -4 -r1.1129 r-mx960-lab-2 @@ -30,8 +30,9 @@ # CB 2 XF A OK # CB 2 XF B OK # FPC 0 Intake OK # FPC 0 Exhaust A OK + # show chassis firmware # FPC 0 Exhaust B OK # FPC 0 XL TSen OK # FPC 0 XL Chip OK # FPC 0 XL_XR0 TSen OK Index: configs/s-ex4200-lab-24f =================================================================== retrieving revision 1.243 diff -u -4 -r1.243 s-ex4200-lab-24f.wiscnet.net @@ -1,8 +1,7 @@ #RANCID-CONTENT-TYPE: juniper # # s-ex4200-lab-24f> show chassis clocks - # show chassis environment # s-ex4200-lab-24f> show chassis environment # Class Item Status # Power FPC 0 Power Supply 0 OK # FPC 0 Power Supply 1 Absent Index: configs/s-ex4200-lab-24f.wiscnet.net =================================================================== retrieving revision 1.242 diff -u -4 -r1.242 s-ex4200-lab-24f @@ -1,7 +1,8 @@ #RANCID-CONTENT-TYPE: juniper # # s-ex4200-lab-24f> show chassis clocks + # show chassis environment # s-ex4200-lab-24f> show chassis environment # Class Item Status # Power FPC 0 Power Supply 0 OK # FPC 0 Power Supply 1 Absent From merijn at trans-ix.nl Mon Oct 23 18:49:35 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Mon, 23 Oct 2017 18:49:35 +0000 Subject: [rancid] pfSense module Message-ID: Hi, Does anyone have a working module for modern releases pfSense to grab the config.xml file? I only see a module from 2010, and am wondering if that is the latest release. Kind regards, Merijn Evertse -------------- next part -------------- An HTML attachment was scrubbed... URL: From andreas at in-berlin.de Tue Oct 24 06:20:12 2017 From: andreas at in-berlin.de (Andreas Herrmann) Date: Tue, 24 Oct 2017 08:20:12 +0200 Subject: [rancid] Edgerouter: showConfig command failure Message-ID: Hi there, we have problems with one of our EdgeRouters. I'm not sure if it is fixed in 3.7 (edgerouter.pm: add match for transient show version command failure). Only EdgeRouter Pro 8-Port (v1.9.7+hotfix.4) is reporting this change every some days: -# rancid at ams-gw:~$ cli-shell-api showConfig --show-active-only | no-more -firewall { +# rancid at ams-gw:~$cli-shell-api showConfig --show-active-only | no-more +ofirewall { all-ping enable broadcast-ping disable -# rancid at ams-gw:~$cli-shell-api showConfig --show-active-only | no-more -ofirewall { +# rancid at ams-gw:~$ cli-shell-api showConfig --show-active-only | no-more +firewall { all-ping enable broadcast-ping disable An EdgeRouter Lite 3-Port is working fine. /etc/rancid/rancid.types.conf: edgerouter_custom;script;rancid -t edgerouter_custom edgerouter_custom;login;ulogin -noenable -t 30 edgerouter_custom;module;edgerouter edgerouter_custom;inloop;edgerouter::inloop edgerouter_custom;command;rancid::RunCommand;terminal length 0 edgerouter_custom;command;edgerouter::ShowVersion;show version | no-more edgerouter_custom;command;edgerouter::ShowOffload;show ubnt offload | no-more edgerouter_custom;command;edgerouter::WriteTerm;cli-shell-api showConfig --show-active-only | no-more Any ideas? Regards, Andreas From andreas at in-berlin.de Tue Oct 24 07:06:49 2017 From: andreas at in-berlin.de (Andreas Herrmann) Date: Tue, 24 Oct 2017 09:06:49 +0200 Subject: [rancid] Edgerouter: showConfig command failure In-Reply-To: References: Message-ID: Hi, On 24.10.2017 08:20, Andreas Herrmann wrote: > we have problems with one of our EdgeRouters. I'm not sure if it is fixed in > 3.7 (edgerouter.pm: add match for transient show version command failure). > > Only EdgeRouter Pro 8-Port (v1.9.7+hotfix.4) is reporting this change every > some days: > > -# rancid at ams-gw:~$ cli-shell-api showConfig --show-active-only | no-more > -firewall { > +# rancid at ams-gw:~$cli-shell-api showConfig --show-active-only | no-more > +ofirewall { > all-ping enable > broadcast-ping disable > > -# rancid at ams-gw:~$cli-shell-api showConfig --show-active-only | no-more > -ofirewall { > +# rancid at ams-gw:~$ cli-shell-api showConfig --show-active-only | no-more > +firewall { > all-ping enable > broadcast-ping disable > > An EdgeRouter Lite 3-Port is working fine. > > /etc/rancid/rancid.types.conf: > edgerouter_custom;script;rancid -t edgerouter_custom > edgerouter_custom;login;ulogin -noenable -t 30 > edgerouter_custom;module;edgerouter > edgerouter_custom;inloop;edgerouter::inloop > edgerouter_custom;command;rancid::RunCommand;terminal length 0 > edgerouter_custom;command;edgerouter::ShowVersion;show version | no-more > edgerouter_custom;command;edgerouter::ShowOffload;show ubnt offload | no-more > edgerouter_custom;command;edgerouter::WriteTerm;cli-shell-api showConfig > --show-active-only | no-more Some addition: * ~rancid/bin/ulogin set sleeps to 5s * not enough for Lite 3-Port -> MAX_ROUNDS=10 * ulogin -noenable -t 30 (was: -noenable -t 10) * {{ | no-more }} decreased formating errors With this changes, only the reported error exists. Regards, Andreas From heas at shrubbery.net Tue Oct 24 09:55:13 2017 From: heas at shrubbery.net (heasley) Date: Tue, 24 Oct 2017 09:55:13 +0000 Subject: [rancid] Edgerouter: showConfig command failure In-Reply-To: References: Message-ID: <20171024095513.GD24705@shrubbery.net> Tue, Oct 24, 2017 at 09:06:49AM +0200, Andreas Herrmann: > Hi, > > On 24.10.2017 08:20, Andreas Herrmann wrote: > > we have problems with one of our EdgeRouters. I'm not sure if it is fixed in > > 3.7 (edgerouter.pm: add match for transient show version command failure). > > > > Only EdgeRouter Pro 8-Port (v1.9.7+hotfix.4) is reporting this change every > > some days: > > > > -# rancid at ams-gw:~$ cli-shell-api showConfig --show-active-only | no-more > > -firewall { > > +# rancid at ams-gw:~$cli-shell-api showConfig --show-active-only | no-more > > +ofirewall { > > all-ping enable > > broadcast-ping disable > > > > -# rancid at ams-gw:~$cli-shell-api showConfig --show-active-only | no-more > > -ofirewall { > > +# rancid at ams-gw:~$ cli-shell-api showConfig --show-active-only | no-more > > +firewall { > > all-ping enable > > broadcast-ping disable Is the device perhaps logging to the tty? Does your ulogin have the stty settings just before the main loop of device command-line arguments? > > An EdgeRouter Lite 3-Port is working fine. > > > > /etc/rancid/rancid.types.conf: > > edgerouter_custom;script;rancid -t edgerouter_custom > > edgerouter_custom;login;ulogin -noenable -t 30 > > edgerouter_custom;module;edgerouter > > edgerouter_custom;inloop;edgerouter::inloop > > edgerouter_custom;command;rancid::RunCommand;terminal length 0 > > edgerouter_custom;command;edgerouter::ShowVersion;show version | no-more > > edgerouter_custom;command;edgerouter::ShowOffload;show ubnt offload | no-more > > edgerouter_custom;command;edgerouter::WriteTerm;cli-shell-api showConfig > > --show-active-only | no-more > > Some addition: > * ~rancid/bin/ulogin set sleeps to 5s > * not enough for Lite 3-Port -> MAX_ROUNDS=10 > * ulogin -noenable -t 30 (was: -noenable -t 10) added this to ulogin; the default. I'd prefer that the user still be able to override the timeout in their cloginrc. > * {{ | no-more }} decreased formating errors > > With this changes, only the reported error exists. Does terminal length 0 not work on this device? And, is this option universally available. From heas at shrubbery.net Tue Oct 24 09:56:34 2017 From: heas at shrubbery.net (heasley) Date: Tue, 24 Oct 2017 09:56:34 +0000 Subject: [rancid] pfSense module In-Reply-To: References: Message-ID: <20171024095633.GE24705@shrubbery.net> Mon, Oct 23, 2017 at 06:49:35PM +0000, Merijn Evertse: > Hi, > > Does anyone have a working module for modern releases pfSense to grab the config.xml file? > I only see a module from 2010, and am wondering if that is the latest release. not that I am aware of. How does one retrieve the xml file? From heas at shrubbery.net Tue Oct 24 10:03:19 2017 From: heas at shrubbery.net (heasley) Date: Tue, 24 Oct 2017 10:03:19 +0000 Subject: [rancid] Juniper 'last commit' + Fortigate whitespace + DB In-Reply-To: <6b5a1084-e369-32ef-232e-3462a3ed97d2@falz.net> References: <20170930025425.GH83414@shrubbery.net> <6b5a1084-e369-32ef-232e-3462a3ed97d2@falz.net> Message-ID: <20171024100318.GF24705@shrubbery.net> Mon, Oct 23, 2017 at 07:42:16AM -0500, Chris Wopat: > On 09/29/2017 09:54 PM, heasley wrote: > > Fri, Sep 29, 2017 at 07:28:27AM -0500, Chris Wopat: > >> Hey folks, > >> > >> We recently updated to 3.7, a few comments/questions. > >> > >> * Juniper was updated to ignore 'last committed by' line. Changelog > >> says 'useless > >> last commit config line'. Curious what others think about this. We think > >> it's quite valuable and is a nice way help correlate changes to accounts > >> that made the change. For now we've manually restored it, which is easy > >> enough. > > > > there is only one way that that token can be guaranteed - if rancid were > > guaranteed to collect the information before anyone else could run a > > commit. if folks really like that ... > > We didn't have an issue the way it worked prior, I'm happy to just > continue to manually patch this back in. you realize that the output may be incorrect? > >> * We see the 'show chassis firmware' line come and go on some devices. This > >> happened prior to 3.7 as well. This has been witnessed on MX running 15.1, > >> QFX running 14.1X53-D45, and possibly other devices. > >> > >> + # show chassis firmware > > > > hrm, what model MX? I've not seen this in the lab or production for mx > > or ptx. perhaps we can chat about whats different in your env. > > A few MX960s, with RE-S-2000 and RE-S-X6-64G, QFX5100m EX4200. > > A few examples below of some 'show' commands toggling back and forth: > > > Index: configs/r-mx960-lab > =================================================================== > retrieving revision 1.1162 > diff -u -4 -r1.1162 r-mx960-lab > @@ -1,8 +1,7 @@ > #RANCID-CONTENT-TYPE: juniper > # > # r-mx960-lab-re1> show chassis clocks > - # show chassis environment > # r-mx960-lab-re1> show chassis environment This tells to me that the login script is out of sync with the prompt. Could you show me output from: eval `rancid -Ct juniper device` From ericx at whoi.edu Tue Oct 24 11:56:15 2017 From: ericx at whoi.edu (Eric W. Bates) Date: Tue, 24 Oct 2017 07:56:15 -0400 Subject: [rancid] pfSense module In-Reply-To: <20171024095633.GE24705@shrubbery.net> References: <20171024095633.GE24705@shrubbery.net> Message-ID: <4719484c-a13e-ea31-bd07-f6e60d2d2be5@whoi.edu> On 10/24/2017 5:56 AM, heasley wrote: > Mon, Oct 23, 2017 at 06:49:35PM +0000, Merijn Evertse: >> Hi, >> >> Does anyone have a working module for modern releases pfSense to grab the config.xml file? >> I only see a module from 2010, and am wondering if that is the latest release. > > not that I am aware of. How does one retrieve the xml file? sftp://[user at hostname]/cf/conf/config.xml > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Clark 159a, MS 46 508/289-3112 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4188 bytes Desc: S/MIME Cryptographic Signature URL: From andreas at in-berlin.de Tue Oct 24 12:14:08 2017 From: andreas at in-berlin.de (Andreas Herrmann) Date: Tue, 24 Oct 2017 14:14:08 +0200 Subject: [rancid] Edgerouter: showConfig command failure In-Reply-To: <20171024095513.GD24705@shrubbery.net> References: <20171024095513.GD24705@shrubbery.net> Message-ID: <2b45be95-69a3-8a6b-3a46-402463cdf82f@in-berlin.de> Hi, On 24.10.2017 11:55, heasley wrote: > Tue, Oct 24, 2017 at 09:06:49AM +0200, Andreas Herrmann: >> Hi, >> >> On 24.10.2017 08:20, Andreas Herrmann wrote: >>> we have problems with one of our EdgeRouters. I'm not sure if it is fixed in >>> 3.7 (edgerouter.pm: add match for transient show version command failure). >>> >>> Only EdgeRouter Pro 8-Port (v1.9.7+hotfix.4) is reporting this change every >>> some days: >>> >>> -# rancid at ams-gw:~$ cli-shell-api showConfig --show-active-only | no-more >>> -firewall { >>> +# rancid at ams-gw:~$cli-shell-api showConfig --show-active-only | no-more >>> +ofirewall { >>> all-ping enable >>> broadcast-ping disable >>> >>> -# rancid at ams-gw:~$cli-shell-api showConfig --show-active-only | no-more >>> -ofirewall { >>> +# rancid at ams-gw:~$ cli-shell-api showConfig --show-active-only | no-more >>> +firewall { >>> all-ping enable >>> broadcast-ping disable There error is hard to trigger. It has occurred 26 times within the last 49 days (check interval 15 min) > Is the device perhaps logging to the tty? Does your ulogin have the stty > settings just before the main loop of device command-line arguments? No, there is no logging to the tty. I don't know ulogin exactly. Just changed some values at sleep (see ulogin.patch). It's rancid version 3.6.2 >>> An EdgeRouter Lite 3-Port is working fine. >>> >>> /etc/rancid/rancid.types.conf: >>> edgerouter_custom;script;rancid -t edgerouter_custom >>> edgerouter_custom;login;ulogin -noenable -t 30 >>> edgerouter_custom;module;edgerouter >>> edgerouter_custom;inloop;edgerouter::inloop >>> edgerouter_custom;command;rancid::RunCommand;terminal length 0 >>> edgerouter_custom;command;edgerouter::ShowVersion;show version | no-more >>> edgerouter_custom;command;edgerouter::ShowOffload;show ubnt offload | no-more >>> edgerouter_custom;command;edgerouter::WriteTerm;cli-shell-api showConfig >>> --show-active-only | no-more >> >> Some addition: >> * ~rancid/bin/ulogin set sleeps to 5s >> * not enough for Lite 3-Port -> MAX_ROUNDS=10 >> * ulogin -noenable -t 30 (was: -noenable -t 10) > > added this to ulogin; the default. I'd prefer that the user still be able to > override the timeout in their cloginrc. For two devices I just created a rancid.types.conf >> * {{ | no-more }} decreased formating errors >> >> With this changes, only the reported error exists. > > Does terminal length 0 not work on this device? And, is this option > universally available. terminal length 0 is working. I'm unsure if setting "| no-more" really helps. Have a look at attached log. Devices ams-gw and kleyer90-gw are type edgerouter and those with IPs are edgerouter_custom. diff_withedgerouter shows the problem with the standard edgerouter type. Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: ulogin.patch Type: text/x-patch Size: 1190 bytes Desc: not available URL: -------------- next part -------------- starting: Tue Oct 24 12:45:01 CEST 2017 Trying to get all of the configs. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 1. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 2. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 3. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 4. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 5. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 6. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 7. 5.6.7.8: missed cmd(s): show version | no-more, show ubnt offload | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 8. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 9. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # ===================================== Getting missed routers: round 10. 5.6.7.8: missed cmd(s): show version | no-more 5.6.7.8: End of run not found # =================================================================== Checking out edgerouter/configs/5.6.7.8 RCS: /var/lib/rancid/CVS/edgerouter/configs/5.6.7.8,v VERS: 1.30 *************** =================================================================== Checking out edgerouter/configs/1.2.3.4 RCS: /var/lib/rancid/CVS/edgerouter/configs/1.2.3.4,v VERS: 1.225 *************** cvs commit: Examining . cvs commit: Examining configs cat: /tmp/tmp.4wrthJzHOi/rancid.edgerouter.28406.diff: No such file or directory ending: Tue Oct 24 12:47:25 CEST 2017 starting: Tue Oct 24 13:00:01 CEST 2017 Trying to get all of the configs. All routers sucessfully completed. =================================================================== Checking out edgerouter/configs/5.6.7.8 RCS: /var/lib/rancid/CVS/edgerouter/configs/5.6.7.8,v VERS: 1.30 *************** =================================================================== Checking out edgerouter/configs/1.2.3.4 RCS: /var/lib/rancid/CVS/edgerouter/configs/1.2.3.4,v VERS: 1.225 *************** =================================================================== Checking out edgerouter/configs/ams-gw RCS: /var/lib/rancid/CVS/edgerouter/configs/ams-gw,v VERS: 1.15 *************** =================================================================== Checking out edgerouter/configs/kleyer90-gw RCS: /var/lib/rancid/CVS/edgerouter/configs/kleyer90-gw,v VERS: 1.28 *************** cvs commit: Examining . cvs commit: Examining configs cat: /tmp/tmp.blkWUuK7zI/rancid.edgerouter.29024.diff: No such file or directory ending: Tue Oct 24 13:00:15 CEST 2017 starting: Tue Oct 24 13:30:01 CEST 2017 Trying to get all of the configs. kleyer90-gw: missed cmd(s): show version ===================================== Getting missed routers: round 1. kleyer90-gw: missed cmd(s): show version, show hardware cpu, show ubnt offload kleyer90-gw: End of run not found # ===================================== Getting missed routers: round 2. kleyer90-gw: missed cmd(s): show version kleyer90-gw: End of run not found # ===================================== Getting missed routers: round 3. All routers sucessfully completed. =================================================================== Checking out edgerouter/configs/5.6.7.8 RCS: /var/lib/rancid/CVS/edgerouter/configs/5.6.7.8,v VERS: 1.30 *************** =================================================================== Checking out edgerouter/configs/1.2.3.4 RCS: /var/lib/rancid/CVS/edgerouter/configs/1.2.3.4,v VERS: 1.225 *************** =================================================================== Checking out edgerouter/configs/ams-gw RCS: /var/lib/rancid/CVS/edgerouter/configs/ams-gw,v VERS: 1.15 *************** =================================================================== Checking out edgerouter/configs/kleyer90-gw RCS: /var/lib/rancid/CVS/edgerouter/configs/kleyer90-gw,v VERS: 1.28 *************** cvs commit: Examining . cvs commit: Examining configs cat: /tmp/tmp.S1q6plZTxx/rancid.edgerouter.29925.diff: No such file or directory ending: Tue Oct 24 13:30:53 CEST 2017 -------------- next part -------------- Device: kleyer90-gw (kleyer90-gw) =================================================================== @@ -1,13 +1,13 @@ #RANCID-CONTENT-TYPE: edgerouter # -#Version: v1.9.7+hotfix.4 +#show hardware cpu^JVersion: v1.9.7+hotfix.4 #Build ID: 5024004 #Build on: 10/05/17 04:03 #HW model: EdgeRouter Lite 3-Port #HW S/N: DC9FDB28523F # -#Architecture: mips64 +#show ubnt offload^JArchitecture: mips64 #Byte Order: Big Endian #CPU(s): 2 #On-line CPU(s) list: 0,1 #Thread(s) per core: 1 @@ -16,8 +16,9 @@ #L1d cache: 16K #L1i cache: 32K #L2 cache: 128K # +#cli-shell-api showConfig --show-active-only^J #IP offload module : loaded #IPv4 # forwarding: disabled # vlan : disabled @@ -32,10 +33,10 @@ # export : disabled # dpi : disabled # version : 1.302 # -# rancid at kleyer90-gw:~$ cli-shell-api showConfig --show-active-only -firewall { +# rancid at kleyer90-gw:~$cli-shell-api showConfig --show-active-only +logfirewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable From andrewm659 at yahoo.com Tue Oct 24 16:54:13 2017 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Tue, 24 Oct 2017 16:54:13 +0000 (UTC) Subject: [rancid] Aruba References: <811948830.3494580.1508864053988.ref@mail.yahoo.com> Message-ID: <811948830.3494580.1508864053988@mail.yahoo.com> I've been looking around to see if Aruba wireless controllers are supported by Rancid 3.x.? I haven't found any concrete solution.?? I read in another post that I could use the cisco hardware manufacturer type.? Is this correct? Has there been any update/improvement on this? Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at yahoo.com Tue Oct 24 19:12:43 2017 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Tue, 24 Oct 2017 19:12:43 +0000 (UTC) Subject: [rancid] Aruba In-Reply-To: References: <811948830.3494580.1508864053988.ref@mail.yahoo.com> <811948830.3494580.1508864053988@mail.yahoo.com> Message-ID: <1000874222.3618979.1508872363370@mail.yahoo.com> How did you install it?? Or do I just have to put that in my rancid.types.conf? On Tuesday, October 24, 2017, 2:10:43 PM CDT, Daniel Shields wrote: #yiv6337728629 #yiv6337728629 -- _filtered #yiv6337728629 {font-family:Helvetica;panose-1:2 11 5 4 2 2 2 2 2 4;} _filtered #yiv6337728629 {panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv6337728629 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}#yiv6337728629 #yiv6337728629 p.yiv6337728629MsoNormal, #yiv6337728629 li.yiv6337728629MsoNormal, #yiv6337728629 div.yiv6337728629MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:11.0pt;}#yiv6337728629 a:link, #yiv6337728629 span.yiv6337728629MsoHyperlink {color:blue;text-decoration:underline;}#yiv6337728629 a:visited, #yiv6337728629 span.yiv6337728629MsoHyperlinkFollowed {color:#954F72;text-decoration:underline;}#yiv6337728629 .yiv6337728629MsoChpDefault {} _filtered #yiv6337728629 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv6337728629 div.yiv6337728629WordSection1 {}#yiv6337728629 Hello Andrew, ? ???? I?m currently running rancid-3.6.2 and I use the aruba.pm module here: ? https://github.com/miken32/rancid-aruba ? I?ve used it successfully with a 3200, 620 and 200 controller. ? Sent from Mail for Windows 10 ? From: Andrew Meyer Sent: Tuesday, October 24, 2017 1:38 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Aruba ? I've been looking around to see if Aruba wireless controllers are supported by Rancid 3.x.? I haven't found any concrete solution.?? ? I read in another post that I could use the cisco hardware manufacturer type.? Is this correct? ? Has there been any update/improvement on this? ? Thank you ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From merijn at trans-ix.nl Tue Oct 24 20:09:45 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Tue, 24 Oct 2017 20:09:45 +0000 Subject: [rancid] pfSense module In-Reply-To: <20171024095633.GE24705@shrubbery.net> References: <20171024095633.GE24705@shrubbery.net> Message-ID: <66b642718f59456ca1e1007710062678@exch02.cloudhosted.local> Hi, I found a module at the following location: https://github.com/dotwaffle/rancid-git Compiling this and copying the pfrancid and pflogin files to bin, and then adding the following to rancid.types.conf: # pfSense pfsense;script;pfrancid pfsense;login;pflogin pfsense;module;pfsense pfsense;inloop;pfsense::inloop Works on the latest pfSense 2.4.0 It seems that this was at one time included in RANCID. Could it be added to the base repository? I am happy to test changes on some test pfSense instances on our network. Merijn Evertse -----Oorspronkelijk bericht----- Van: heasley [mailto:heas at shrubbery.net] Verzonden: dinsdag 24 oktober 2017 11:57 Aan: Merijn Evertse CC: rancid-discuss at shrubbery.net Onderwerp: Re: [rancid] pfSense module Mon, Oct 23, 2017 at 06:49:35PM +0000, Merijn Evertse: > Hi, > > Does anyone have a working module for modern releases pfSense to grab the config.xml file? > I only see a module from 2010, and am wondering if that is the latest release. not that I am aware of. How does one retrieve the xml file? From grungelizard9 at hotmail.com Tue Oct 24 19:10:41 2017 From: grungelizard9 at hotmail.com (Daniel Shields) Date: Tue, 24 Oct 2017 19:10:41 +0000 Subject: [rancid] Aruba In-Reply-To: <811948830.3494580.1508864053988@mail.yahoo.com> References: <811948830.3494580.1508864053988.ref@mail.yahoo.com>, <811948830.3494580.1508864053988@mail.yahoo.com> Message-ID: Hello Andrew, I?m currently running rancid-3.6.2 and I use the aruba.pm module here: https://github.com/miken32/rancid-aruba I?ve used it successfully with a 3200, 620 and 200 controller. Sent from Mail for Windows 10 From: Andrew Meyer Sent: Tuesday, October 24, 2017 1:38 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Aruba I've been looking around to see if Aruba wireless controllers are supported by Rancid 3.x. I haven't found any concrete solution. I read in another post that I could use the cisco hardware manufacturer type. Is this correct? Has there been any update/improvement on this? Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcelsanchezt at gmail.com Wed Oct 25 13:47:02 2017 From: marcelsanchezt at gmail.com (=?UTF-8?Q?Marcel_S=C3=A1nchez?=) Date: Wed, 25 Oct 2017 15:47:02 +0200 Subject: [rancid] Permissions issue and commands modifications for 2 specific devices Message-ID: Hello everyone, I'm new to this community. I wanted to share a problem with you and see if someone can help: I'm having osme issues regarding the file "entries", present in every SVN repository, you can see the error right here: starting: Wed Oct 25 14:16:59 CEST 2017 svn: Can't open file '.svn/entries': Permission denied svn: Can't open file '.svn/entries': Permission denied svn: Can't open file '.svn/entries': Permission denied svn: Can't open file '.svn/entries': Permission denied svn: Can't open file '.svn/entries': Permission denied svn: Can't open file '.svn/entries': Permission denied svn: Can't open file '.svn/entries': Permission denied svn: Can't open file '.svn/entries': Permission denied svn: Can't open file '.svn/entries': Permission denied svn: Can't open file '.svn/entries': Permission denied Trying to get all of the configs. 10.111.24.79: missed cmd(s): write term 10.111.24.78: missed cmd(s): write term ===================================== Getting missed routers: round 1. 10.111.24.79: missed cmd(s): write term 10.111.24.78: missed cmd(s): write term,show running-config 10.111.24.78: End of run not found ! ===================================== Getting missed routers: round 2. 10.111.24.78: missed cmd(s): write term,show running-config 10.111.24.78: End of run not found ! ===================================== Getting missed routers: round 3. 10.111.24.78: missed cmd(s): write term,show running-config 10.111.24.78: End of run not found ! ===================================== Getting missed routers: round 4. 10.111.24.78: missed cmd(s): write term 10.111.24.78: End of run not found <--- More ---> svn: Unable to lock 'configs' svn: Commit failed (details follow): svn: Unable to lock '/var/rancid/SP/configs' ending: Wed Oct 25 14:24:20 CEST 2017 And these are the permisisons of the files in this directory: root at HOSTNAME:/var/rancid/SP/.svn# ls -lha total 32K drwxr-x---. 6 rancid rancid 4.0K Oct 25 14:24 . drwxr-x---. 4 rancid rancid 4.0K Oct 25 14:24 .. -r--r-----. 1 rancid rancid 73 Dec 5 2013 dir-prop-base -r--r----- 1 rancid rancid 330 Oct 25 14:16 entries drwxr-x---. 2 rancid rancid 4.0K Dec 5 2013 prop-base drwxr-x---. 2 rancid rancid 4.0K Dec 5 2013 props drwxr-x---. 2 rancid rancid 4.0K Sep 26 10:26 text-base drwxr-x--- 5 rancid rancid 4.0K Oct 25 14:16 tmp - For some reason, I'm receiving this error (Permission denied) but the permissions seem right to me. - For these 2 specific CISCO ASA device, it seem I need to run the specific command: "terminal pager 10000" before the "show running-config" command, to avoid the "<-- More -->" banner. How can I modify the rancid config files to only execute that command for these 2 specific host and not the rest of CISCO ASA? *Marcel S?nchez Toledano* -------------- next part -------------- An HTML attachment was scrubbed... URL: From adrian.dimitrov at efellows.bg Thu Oct 26 10:57:02 2017 From: adrian.dimitrov at efellows.bg (Adrian Dimitrov) Date: Thu, 26 Oct 2017 10:57:02 +0000 Subject: [rancid] is there scripts for 3com router Message-ID: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> Hello team , Hope all of you guys are doing well. I have my rancid set up working perfectly fine for a long time now. I am backing up a lot of different devices successfully, but now I have to back up "3COM" router and I can't find scripts for this type of device. Is there someone who can help with this? Best Regards, Adrian Dimitrov System Administrator [eFellows-Mark-RGB_Sign] Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 8632 bytes Desc: image001.png URL: From weylin at bu.edu Thu Oct 26 20:13:10 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Thu, 26 Oct 2017 20:13:10 +0000 Subject: [rancid] is there scripts for 3com router In-Reply-To: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> References: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> Message-ID: <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> There are no 3com scripts. My predecessor had configured an SNMP thing, but that stopped working when we upgraded to rancid v3. If you find one, let me know because I would love to use it. From: Adrian Dimitrov Date: Thursday, October 26, 2017 at 06:57 To: "rancid-discuss at shrubbery.net" Subject: [rancid] is there scripts for 3com router Hello team , Hope all of you guys are doing well. I have my rancid set up working perfectly fine for a long time now. I am backing up a lot of different devices successfully, but now I have to back up ?3COM? router and I can?t find scripts for this type of device. Is there someone who can help with this? Best Regards, Adrian Dimitrov System Administrator [Fellows-Mark-RGB_Sign] Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 8633 bytes Desc: image001.png URL: From andrewm659 at yahoo.com Fri Oct 27 19:22:31 2017 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Fri, 27 Oct 2017 19:22:31 +0000 (UTC) Subject: [rancid] hung devices References: <284464549.5744483.1509132151953.ref@mail.yahoo.com> Message-ID: <284464549.5744483.1509132151953@mail.yahoo.com> I recently added the Aruba devices to my RANCID setup.? However in doing some research I found that using the cisco device login worked better.? But now i am getting hung devices.?? Here is .pm file (perl module) that I downloaded and added to RANCID and my rancid.types.conf. If I do a clogin test on my own, this work flawlessly.? I know that this hasn't been fully supported within RANCID, but if someone could point me in the right direction to resolve this I would greatly appreciate it. I have stopped rancid and deleted the lock file but it keeps coming back.? I suspect its the cisco login script it doesn't like.? Has anyone used anything else?? I tried using hp, but it failed on that.?? Thank you, -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.kerse at gmail.com Fri Oct 27 22:50:28 2017 From: daniel.kerse at gmail.com (Daniel Kerse) Date: Fri, 27 Oct 2017 22:50:28 +0000 Subject: [rancid] is there scripts for 3com router In-Reply-To: <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> References: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> Message-ID: Are these the 3com switches you?re interested in? https://sites.google.com/site/jrbinks/code/rancid/h3c Works for me...rancid 3.2 On Fri, 27 Oct 2017 at 9:13 AM, Piegorsch, Weylin William wrote: > There are no 3com scripts. My predecessor had configured an SNMP thing, > but that stopped working when we upgraded to rancid v3. If you find one, > let me know because I would love to use it. > > > > *From: *Adrian Dimitrov > *Date: *Thursday, October 26, 2017 at 06:57 > *To: *"rancid-discuss at shrubbery.net" > *Subject: *[rancid] is there scripts for 3com router > > > > Hello team , > > > > Hope all of you guys are doing well. I have my rancid set up working > perfectly fine for a long time now. I am backing up a lot of different > devices successfully, but now I have to back up ?3COM? router and I can?t > find scripts for this type of device. > > Is there someone who can help with this? > > > > Best Regards, > > Adrian Dimitrov > > System Administrator > > [image: Fellows-Mark-RGB_Sign] > > Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): > adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 8633 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 8633 bytes Desc: not available URL: From J.Ede at birchenallhowden.co.uk Sun Oct 29 09:06:59 2017 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sun, 29 Oct 2017 09:06:59 +0000 Subject: [rancid] Mikrotik login with strong ssh Message-ID: On my rancid (3.1) I want to use strong encryption on the mikrotiks, but will allow rancid to connect the to the weaker ones then I need to modify cyphertype in mtlogin on line 521 to the below. "aes192-ctr,aes192-cbc" >From my experience so far it seems to work on all versions of RouterOS v 6. Just putting this here in case others looking for it. Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From AGriesser at anexia-it.com Mon Oct 30 06:49:49 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Mon, 30 Oct 2017 06:49:49 +0000 Subject: [rancid] Mikrotik login with strong ssh In-Reply-To: References: Message-ID: <9150a0241eca4865b9b75c35b0f2ce17@anx-i-dag01.anx.local> Hi Jason, please note that you can also add the cyphertype directly in .cloginrc for any given device, so you do not have to hack the binaries: add cyphertype 192.168.0.1 aes192-ctr,aes192-cbc Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Jason Ede Gesendet: Sonntag, 29. Oktober 2017 10:07 An: rancid-discuss at shrubbery.net Betreff: [rancid] Mikrotik login with strong ssh On my rancid (3.1) I want to use strong encryption on the mikrotiks, but will allow rancid to connect the to the weaker ones then I need to modify cyphertype in mtlogin on line 521 to the below. "aes192-ctr,aes192-cbc" >From my experience so far it seems to work on all versions of RouterOS v 6. Just putting this here in case others looking for it. Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Oct 30 07:48:46 2017 From: heas at shrubbery.net (heasley) Date: Mon, 30 Oct 2017 07:48:46 +0000 Subject: [rancid] Mikrotik login with strong ssh In-Reply-To: <9150a0241eca4865b9b75c35b0f2ce17@anx-i-dag01.anx.local> References: <9150a0241eca4865b9b75c35b0f2ce17@anx-i-dag01.anx.local> Message-ID: <20171030074846.GD27632@shrubbery.net> Mon, Oct 30, 2017 at 06:49:49AM +0000, Alexander Griesser: > Hi Jason, > > please note that you can also add the cyphertype directly in .cloginrc for any given device, so you do not have to hack the binaries: > > add cyphertype 192.168.0.1 aes192-ctr,aes192-cbc that should be quoted add cyphertype 192.168.0.1 {aes192-ctr,aes192-cbc} and, if you udate rancid, it was changed to not force a particular version, so it will use whatever ssh's default list is or whatever the ~/.ssh/config has set. > Best, > > Alexander Griesser > Head of Systems Operations > > ANEXIA Internetdienstleistungs GmbH > > E-Mail: AGriesser at anexia-it.com > Web: http://www.anexia-it.com > > Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt > Gesch?ftsf?hrer: Alexander Windbichler > Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 > > Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Jason Ede > Gesendet: Sonntag, 29. Oktober 2017 10:07 > An: rancid-discuss at shrubbery.net > Betreff: [rancid] Mikrotik login with strong ssh > > On my rancid (3.1) I want to use strong encryption on the mikrotiks, but will allow rancid to connect the to the weaker ones then I need to modify cyphertype in mtlogin on line 521 to the below. > > "aes192-ctr,aes192-cbc" > > >From my experience so far it seems to work on all versions of RouterOS v 6. Just putting this here in case others looking for it. > > Jason > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Mon Oct 30 08:32:23 2017 From: heas at shrubbery.net (heasley) Date: Mon, 30 Oct 2017 08:32:23 +0000 Subject: [rancid] is there scripts for 3com router In-Reply-To: <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> References: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> Message-ID: <20171030083223.GB82867@shrubbery.net> Thu, Oct 26, 2017 at 08:13:10PM +0000, Piegorsch, Weylin William: > There are no 3com scripts. My predecessor had configured an SNMP thing, but that stopped working when we upgraded to rancid v3. If you find one, let me know because I would love to use it. theres no reason that i can think of that a script from v2 would not work in v3. anyway, some SMC swtiches were marketed under a 3com name, so the smc device type may support it. > From: Adrian Dimitrov > Date: Thursday, October 26, 2017 at 06:57 > To: "rancid-discuss at shrubbery.net" > Subject: [rancid] is there scripts for 3com router > > Hello team , > > Hope all of you guys are doing well. I have my rancid set up working perfectly fine for a long time now. I am backing up a lot of different devices successfully, but now I have to back up ?3COM? router and I can?t find scripts for this type of device. > Is there someone who can help with this? > > Best Regards, > Adrian Dimitrov > System Administrator > [Fellows-Mark-RGB_Sign] > Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From jethro.binks at strath.ac.uk Mon Oct 30 08:46:26 2017 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon, 30 Oct 2017 08:46:26 +0000 (GMT) Subject: [rancid] is there scripts for 3com router In-Reply-To: References: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> Message-ID: Yes, these were my scripts originally (they work "just enough" for me, unfortunately I hardly have any development time). They will work for anything(ish) that is Comware-based, (3, 5, 7). But there were few 3Com-branded Comware poroducts, before they became H3C or HP branded, now HPE; or separately Huawei. If you're talking about the ancient 3Com lanswitch software (I think that's what it was called internally) with the menu-driven CLI ... well you're partly out of luck. There is a theoretical way, from what I recall, though I never did it for 3Com. I think there was a way of pulling the underlying config off by tftp, maybe triggered through the CLI, so you might be able to use something like wraprancid: https://sites.google.com/site/jrbinks/code/rancid/wraprancid to do that with a new module for 3Com. Maybe. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. On Fri, 27 Oct 2017, Daniel Kerse wrote: > Are these the 3com switches you?re interested in? > > https://sites.google.com/site/jrbinks/code/rancid/h3c > > Works for me...rancid 3.2 > > > On Fri, 27 Oct 2017 at 9:13 AM, Piegorsch, Weylin William > wrote: > > > There are no 3com scripts. My predecessor had configured an SNMP thing, > > but that stopped working when we upgraded to rancid v3. If you find one, > > let me know because I would love to use it. > > > > > > > > *From: *Adrian Dimitrov > > *Date: *Thursday, October 26, 2017 at 06:57 > > *To: *"rancid-discuss at shrubbery.net" > > *Subject: *[rancid] is there scripts for 3com router > > > > > > > > Hello team , > > > > > > > > Hope all of you guys are doing well. I have my rancid set up working > > perfectly fine for a long time now. I am backing up a lot of different > > devices successfully, but now I have to back up ?3COM? router and I can?t > > find scripts for this type of device. > > > > Is there someone who can help with this? > > > > > > > > Best Regards, > > > > Adrian Dimitrov > > > > System Administrator > > > > [image: Fellows-Mark-RGB_Sign] > > > > Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): > > adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > From adrian.dimitrov at efellows.bg Mon Oct 30 13:58:31 2017 From: adrian.dimitrov at efellows.bg (Adrian Dimitrov) Date: Mon, 30 Oct 2017 13:58:31 +0000 Subject: [rancid] is there scripts for 3com router In-Reply-To: References: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> Message-ID: <490FA8C6CC4CDA44A7D3E449D75BF1F75DF42E@exchanger.efellows.bg> Hello Daniel , team, Thanks you very much for the link! I downloaded the scripts and configured everything. However the switch I need to backup is not in the list of the tested ones. Mine is G4500. Anyway running rancid on the device seems to be working fine with these scripts, but still I cannot get any configuration. The logs looks like this : Trying to get all of the configs. ip.ad.rr.es: missed cmd(s): display lacp sys,display mirror all ===================================== Getting missed routers: round 1. ip.ad.rr.es: missed cmd(s): display lacp sys,display mirror all ===================================== Getting missed routers: round 2. ip.ad.rr.es: missed cmd(s): display mirror all,display lacp sys any ideas if I am doing something wrong or just the scripts doesn?t support my device type/model? Best Regards, Adrian Dimitrov System Administrator [eFellows-Mark-RGB_Sign] Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; From: Daniel Kerse [mailto:daniel.kerse at gmail.com] Sent: Saturday, October 28, 2017 1:50 AM To: Piegorsch, Weylin William ; Adrian Dimitrov ; rancid-discuss at shrubbery.net Subject: Re: [rancid] is there scripts for 3com router Are these the 3com switches you?re interested in? https://sites.google.com/site/jrbinks/code/rancid/h3c Works for me...rancid 3.2 On Fri, 27 Oct 2017 at 9:13 AM, Piegorsch, Weylin William > wrote: There are no 3com scripts. My predecessor had configured an SNMP thing, but that stopped working when we upgraded to rancid v3. If you find one, let me know because I would love to use it. From: Adrian Dimitrov > Date: Thursday, October 26, 2017 at 06:57 To: "rancid-discuss at shrubbery.net" > Subject: [rancid] is there scripts for 3com router Hello team , Hope all of you guys are doing well. I have my rancid set up working perfectly fine for a long time now. I am backing up a lot of different devices successfully, but now I have to back up ?3COM? router and I can?t find scripts for this type of device. Is there someone who can help with this? Best Regards, Adrian Dimitrov System Administrator [Fellows-Mark-RGB_Sign] Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 8632 bytes Desc: image001.png URL: From will.lampen at affiniti.com Mon Oct 30 16:13:10 2017 From: will.lampen at affiniti.com (Will Lampen) Date: Mon, 30 Oct 2017 16:13:10 +0000 Subject: [rancid] Rancid and Git Message-ID: I am trying to set up a deployment of several different rancid installs that will back up their local network devices. Then the Idea is to let Git replace CVS as the version repository. We then want to upload these separate repository to a Central device that will house all of the separate repositories. I have looked into https://www.cryptomonkeys.com/2016/11/rancid-git/ https://github.com/dotwaffle/rancid-git and others but none have been much help on mating rancid to Git I am currently working with https://hub.docker.com/r/jumanjiman/rancid-git/ but Docker is adding additional issue it the mix that I am trying to figure out. So my question(s) are 1. Has anyone done the Rancid GIT install successfully? 2. Is there easy to follow instruction on how to use GIT instead of CVS for Rancid? I can Rancid successfully and have it perform flawlessly. I have also installed Git to the same box and have it replicating its repository to a centralized server housing the private repositories successfully, What I have not been able to do is marry both rancid and git together successfully. Thank -------------- next part -------------- An HTML attachment was scrubbed... URL: From cgauthier at comscore.com Mon Oct 30 16:52:58 2017 From: cgauthier at comscore.com (Gauthier, Chris) Date: Mon, 30 Oct 2017 16:52:58 +0000 Subject: [rancid] Rancid and Git Message-ID: Hi Will, I had an installation for rancid with Git integration going. There is now native support for Git, though the documentation is a little sparse when compared to other methods. You need Git installed locally on the same machine as rancid. Rancid will create the repos for you. Make sure the config file knows to be using Git, not subversion or CVS. Note that the repos are local only, one repo per group. Also, if you want it to go to a remote repo, just set up the appropriate Git options in the local repo to do blind commits to the remote repo. It works nicely once set up. Hope that helps a little. --Chris Chris GauthierSenior Network Engineer | comScore, Inc. o +1 503-331-2704cgauthier at comscore.com 317 SW Alder Street, Suite 700 | Portland | OR97204 ............................................................................................................................................................................................................................ From: Rancid-discuss on behalf of Will Lampen Date: Monday, October 30, 2017 at 9:29 AM To: "rancid-discuss at shrubbery.net" Subject: [rancid] Rancid and Git I am trying to set up a deployment of several different rancid installs that will back up their local network devices. Then the Idea is to let Git replace CVS as the version repository. We then want to upload these separate repository to a Central device that will house all of the separate repositories. I have looked into https://www.cryptomonkeys.com/2016/11/rancid-git/ https://github.com/dotwaffle/rancid-git and others but none have been much help on mating rancid to Git I am currently working with https://hub.docker.com/r/jumanjiman/rancid-git/ but Docker is adding additional issue it the mix that I am trying to figure out. So my question(s) are 1. Has anyone done the Rancid GIT install successfully? 2. Is there easy to follow instruction on how to use GIT instead of CVS for Rancid? I can Rancid successfully and have it perform flawlessly. I have also installed Git to the same box and have it replicating its repository to a centralized server housing the private repositories successfully, What I have not been able to do is marry both rancid and git together successfully. Thank -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Oct 30 18:36:12 2017 From: heas at shrubbery.net (heasley) Date: Mon, 30 Oct 2017 18:36:12 +0000 Subject: [rancid] Rancid and Git In-Reply-To: References: Message-ID: <20171030183612.GD28810@shrubbery.net> Mon, Oct 30, 2017 at 04:52:58PM +0000, Gauthier, Chris: > Hi Will, > > I had an installation for rancid with Git integration going. There is now native support for Git, though the documentation is a little sparse when compared to other methods. > > You need Git installed locally on the same machine as rancid. Rancid will create the repos for you. Make sure the config file knows to be using Git, not subversion or CVS. Note that the repos are local only, one repo per group. Also, if you want it to go to a remote repo, just set up the appropriate Git options in the local repo to do blind commits to the remote repo. It works nicely once set up. once rancid is configured for cvs/svn/git, git should just work, in the same manner and (sort of) way that it did for cvs. git has some behavior that is simply unlike cvs or svn, which is why i say sort of. but, from a rancid perspective, follow the cvs/svn instructions. to handle a remote, let rancid have its local repo as normal, and then use a separate cron to push to your remote OR add a "pushurl" to the git config of each rancid group so that rancid will push to *both* repos when it commits. Note that the remote better be read-only to others, as rancid will not tolerate changes on the remote...therefore i recommend the former method. > Hope that helps a little. > > --Chris > > > Chris GauthierSenior Network Engineer | comScore, Inc. > o +1 503-331-2704cgauthier at comscore.com > 317 SW Alder Street, Suite 700 | Portland | OR97204 > ............................................................................................................................................................................................................................ > > From: Rancid-discuss on behalf of Will Lampen > Date: Monday, October 30, 2017 at 9:29 AM > To: "rancid-discuss at shrubbery.net" > Subject: [rancid] Rancid and Git > > I am trying to set up a deployment of several different rancid installs that will back up their local network devices. Then the Idea is to let Git replace CVS as the version repository. > > We then want to upload these separate repository to a Central device that will house all of the separate repositories. > > I have looked into > > > https://www.cryptomonkeys.com/2016/11/rancid-git/ > https://github.com/dotwaffle/rancid-git > > and others but none have been much help on mating rancid to Git > > I am currently working with https://hub.docker.com/r/jumanjiman/rancid-git/ > > > but Docker is adding additional issue it the mix that I am trying to figure out. > > So my question(s) are > > 1. Has anyone done the Rancid GIT install successfully? > 2. Is there easy to follow instruction on how to use GIT instead of CVS for Rancid? > > I can Rancid successfully and have it perform flawlessly. I have also installed Git to the same box and have it replicating its repository to a centralized server housing the private repositories successfully, What I have not been able to do is marry both rancid and git together successfully. > > Thank > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From weylin at bu.edu Mon Oct 30 21:25:36 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Mon, 30 Oct 2017 21:25:36 +0000 Subject: [rancid] is there scripts for 3com router In-Reply-To: References: <490FA8C6CC4CDA44A7D3E449D75BF1F75D78F4@exchanger.efellows.bg> <49383891-A44D-47CF-85A5-F18CEC0FB218@bu.edu> Message-ID: <5FAE7FF0-6CA5-42B3-BF5A-45956C2C8877@bu.edu> > I think there was a way of pulling the underlying config off by tftp, maybe triggered through the CLI, I have the CLI menu stuff, and yes I?m SOL. I did some hard digging at one point, and found a few approaches that might work for this version of software. 1. Upgrade to 3Com OS version 3.0. I have 2. and can?t find a newer version of code, so I wasn?t able to use this approach, but the command is something like ?system backup ? 2. Install 3Com Network Director (http://web.archive.org/web/*/http:/support.3com.com/software*), which in theory does backups of menu-drive 3Com devices older than 2.999. HP stopped supporting this sometime between 2008 and 2010, but if you happen to have (or are able to acquire) a licensed copy, this is a viable approach to investigate. Network Director license cost something like $1500, the official (as of 2010) HP replacement cost $20k. These URLs might be interesting to read: http://www.techsupportforum.com/forums/f31/3com-network-director-539929.html https://community.spiceworks.com/topic/152273-alternatives-to-3com-network-supervisior 3. There?s a 3rd party software that reports itself able to support 3Com gear. https://support.solarwinds.com/Success_Center/Kiwi_CatTools/Kiwi_CatTools_3.11_Administrator_Guide/030_Devices/030_Device_speciific_infomation/050_3Com_superstack_switches 4. I?ve heard rumors that HP Open View can do this as well, though I haven?t investigated this avenue. Unfortunately for me none of these are viable approaches so I was forced to resort to SNMP polling, that at least got us VLAN assignments for the switchports. Since our 3Com deployment is hopefully on a short remaining lifespan, and since these days they?re largely static in their config across all 3Com switches, therefor switch replacement-on-failure is a manageable process and my director hasn?t authorized investigation of switch backup beyond this cursory level. But if it?s something that interests you, I?m sure there?s a way to get any of these into a state that rancid can ingest it into the repository. BTW... if you?re looking for a 3Com owner/operator manual: http://www.mtmnet.com/PDF_FILES/3C16980_MgmtGuide.pdf Weylin -----Original Message----- From: Jethro R Binks Date: Monday, October 30, 2017 at 04:46 To: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] is there scripts for 3com router Yes, these were my scripts originally (they work "just enough" for me, unfortunately I hardly have any development time). They will work for anything(ish) that is Comware-based, (3, 5, 7). But there were few 3Com-branded Comware poroducts, before they became H3C or HP branded, now HPE; or separately Huawei. If you're talking about the ancient 3Com lanswitch software (I think that's what it was called internally) with the menu-driven CLI ... well you're partly out of luck. There is a theoretical way, from what I recall, though I never did it for 3Com. I think there was a way of pulling the underlying config off by tftp, maybe triggered through the CLI, so you might be able to use something like wraprancid: https://sites.google.com/site/jrbinks/code/rancid/wraprancid to do that with a new module for 3Com. Maybe. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. On Fri, 27 Oct 2017, Daniel Kerse wrote: > Are these the 3com switches you?re interested in? > > https://sites.google.com/site/jrbinks/code/rancid/h3c > > Works for me...rancid 3.2 > > > On Fri, 27 Oct 2017 at 9:13 AM, Piegorsch, Weylin William > wrote: > > > There are no 3com scripts. My predecessor had configured an SNMP thing, > > but that stopped working when we upgraded to rancid v3. If you find one, > > let me know because I would love to use it. > > > > > > > > *From: *Adrian Dimitrov > > *Date: *Thursday, October 26, 2017 at 06:57 > > *To: *"rancid-discuss at shrubbery.net" > > *Subject: *[rancid] is there scripts for 3com router > > > > > > > > Hello team , > > > > > > > > Hope all of you guys are doing well. I have my rancid set up working > > perfectly fine for a long time now. I am backing up a lot of different > > devices successfully, but now I have to back up ?3COM? router and I can?t > > find scripts for this type of device. > > > > Is there someone who can help with this? > > > > > > > > Best Regards, > > > > Adrian Dimitrov > > > > System Administrator > > > > [image: Fellows-Mark-RGB_Sign] > > > > Direct line: ; Mobile: +359 876 7744 41; SIP URI (Telepresence): > > adrian.dimitrov at efellows.bg ; Website: http://www.efellows.bg; > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss >