From faron.hopper at capgemini.com Wed Sep 7 23:05:26 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Wed, 7 Sep 2005 19:05:26 -0400 Subject: help with .cloginrc Message-ID: <0D9EF3454D8EFC4B8BFFD2B8629416815627B9@caonmastxm03.na.capgemini.com> Hello all, After Blake's response to my questions, I have set up a RANCID server, v2.3.1_1 and am having some problems. It is running on FreeBSD 5.4. Here is the output from a clogin and a rancid command. The clogin command logs in, but doesn't execute the command. The rancid -d command wasn't very revealing. Can anyone offer any advice? Thanks in advance. fwh at ckcus0002-cfgbak01$ clogin -c 'show version' kcscrt1 kcscrt1 spawn telnet kcscrt1 Trying 65.212.24.130... Connected to kcscrt1.cgeykcsc.com. Escape character is '^]'. SSSSS TTTTTTTTT OOOOO PPPPPPP !! SSS SS TTTTTTTTT OOOOOOO PPP PP !! SSS TTT OOO OOO PPP PP !! SSS TTT OO OO PPPPPPP !! SSS TTT OOO OOO PPP !! SS SSS TTT OOOOOOO PPP SSSSS TTT OOOOO PPP !! THIS DEVICE IS PRIVATELY OWNED. ANY UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED. VIOLATORS CAN AND WILL BE PROSECUTED TO THE FULLEST EXTENT OF THE LAW. Username: Kerberos: No default realm defined for Kerberos! fwh Password: KCSCrt1# Error: TIMEOUT reached fwh at ckcus0002-cfgbak01$ rancid -d kcscrt1 executing clogin -t 90 -c"show version;show redundancy secondary;show idprom backplane;show install active;show env all;show rsp chassis-info;show gsr chassis;show boot;show bootvar;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;show diag;show module;show spe version;show c7200;show vtp status;show vlan;show running-config;write term" kcscrt1 kcscrt1 clogin error: Error: TIMEOUT reached kcscrt1 clogin error: Error: TIMEOUT reached kcscrt1: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,dir /all slavedisk1:,show env all,show module,show controllers,show diagbus,dir /all slavedisk0:,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show redundancy secondary,show running-config,show c7200,dir /all slot1: kcscrt1: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,dir /all slavedisk1:,show env all,show module,show controllers,show diagbus,dir /all slavedisk0:,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show redundancy secondary,show running-config,show c7200,dir /all slot1: kcscrt1: End of run not found kcscrt1: End of run not found ! fwh at ckcus0002-cfgbak01$ ls dead.letter kcscrt1.new fwh at ckcus0002-cfgbak01$ cat kcscrt1.new !RANCID-CONTENT-TYPE: cisco ! ! ! ! ! below is my .cloginrc file in the fwh user account =================================== add method * {telnet} {ssh} add autoenable * {0} add enauser * {fwh} add user * {fwh} add password * {password} {password} add cyphertype pix* {des} add user network uunet verio add password *ds3 {password} thanks Faron Hopper Capgemini Network Engineer 3315 N. Oak Trfy Kansas City, MO 64116 816.459.5139 From faron.hopper at capgemini.com Fri Sep 9 20:31:06 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Fri, 9 Sep 2005 16:31:06 -0400 Subject: how do I force the clogin command to use ssh? Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681B4F270@caonmastxm03.na.capgemini.com> Hello all, Thank you for the help so far. I have been trying to get my .clogin file looking correctly and I am starting to confuse myself. When using a * in place of the device field, if I add another line trying to get RANCID to handle a particular device, will the 2nd line override the previous line? For example, here is my .cloginrc thus far... add method * {telnet} {ssh} #ffi add autoenable fi* {1} #capgemini add autoenable 153.207* {1} add autoenable ckc* {1} #cge add autoenable 206.245.31.* {1} #cpk add autoenable 10.33* {1} add autoenable 212.26* {1} add autoenable rtr* {1} #wwp add autoenable wp* {1} #ypa add autoenable pa* {1} add autoenable * {0} add enauser * {user} add user * {user} add password * {pass} {pass} add cyphertype pixhq* {des} add cyphertype fw* {3des} add cyphertype 206.245.31.* {des} add user *-inter-ds3 {user} add password *ds3 {pass} {pass} add user 206.245.21.* {user} add password 206.245.21.* {pass} add user lb* {user} add password lb* {pass} add user *showcase {user} add password *showcase {pass} add user 206.245.31.* {user} add password 206.245.31.* {pass2} So, my last line, 206.245.31.* {pass2}, does this work in conjunction with the line add password * {pass}? So everything that is NOT 206.245.31.* will get pass and everything with 206.245.31.* will get pass2? Is there anything else that I should be aware of when defining these devices? Like should I add all of my specific devices first and then add the wild card? Or what about the pattern matching piece of the puzzle. If I specify cg* and then have 2 devices say, cgk01 and 01cg will it find both of those, or just the cgk01? Thanks in advance. Faron Hopper Capgemini Network Engineer 3315 N. Oak Trf Kansas City, MO 64116 816.459.5139 From faron.hopper at capgemini.com Fri Sep 9 20:39:03 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Fri, 9 Sep 2005 16:39:03 -0400 Subject: incorrect heading on my last email Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681B4F271@caonmastxm03.na.capgemini.com> My apologies on the last subject header. That was my first question and I discovered the method to use for setting up devices that only have ssh connectivity vi the add method command. Thanks, Faron Hopper Capgemini Network Engineer 3315 N. Oak Trfy Kansas City, MO 64116 816.459.5139 From eravin at panix.com Fri Sep 9 20:53:26 2005 From: eravin at panix.com (Ed Ravin) Date: Fri, 9 Sep 2005 16:53:26 -0400 Subject: cloginrc and multiple matching directives In-Reply-To: <0D9EF3454D8EFC4B8BFFD2B862941681B4F270@caonmastxm03.na.capgemini.com> References: <0D9EF3454D8EFC4B8BFFD2B862941681B4F270@caonmastxm03.na.capgemini.com> Message-ID: <20050909205326.GG22558@panix.com> On Fri, Sep 09, 2005 at 04:31:06PM -0400, Hopper, Faron W. wrote: ... > So, my last line, 206.245.31.* {pass2}, does this work in > conjunction with the line add password * {pass}? So everything > that is NOT 206.245.31.* will get pass and everything with 206.245.31.* > will get pass2? Is there anything else that I should be aware of > when defining these devices? Like should I add all of my specific > devices first and then add the wild card? Or what about the pattern > matching piece of the puzzle. If I specify cg* and then have 2 > devices say, cgk01 and 01cg will it find both of those, or just > the cgk01? See "man cloginrc", in particular this part: As .cloginrc is searched for a directive matching a hostname, it is always the first matching instance of a directive, one whose hostname glob expression matches the hostname, which is used. For example; looking up the "password" directive for hostname foo in a .cloginrc file containing add password * {bar} {table} add password foo {bar} {table} would return the first line, even though the second is an exact match. From faron.hopper at capgemini.com Fri Sep 9 21:05:22 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Fri, 9 Sep 2005 17:05:22 -0400 Subject: add method device {ssh} not working Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681B4F272@caonmastxm03.na.capgemini.com> Hello all, I thought I had figured out how to force a device to use ssh with the add method device command. However, after specifying the add method command in my .cloginrc file, clogin is still using telnet. Can anyone shed some light on this for me? add autoenable * {0} add enauser * {user} add user * {user} add password * {pass} {pass} add method * {telnet} {ssh} add autoenable 206.245.31.* {1} add user 206.245.31.* {kcsc/user} add password 206.245.31.* {user} add method 206.245.31* {ssh} ..cloginrc: 152 lines, 4403 characters. fwh at ckcus0002-cfgbak01$ clogin -f ~/.cloginrc -c 'show version' 206.245.31.100 206.245.31.100 spawn telnet 206.245.31.100 thanks, Faron Hopper Capgemini Network Engineer 3315 N. Oak Trfy Kansas City, MO 64116 816.459.5139 From eravin at panix.com Fri Sep 9 21:09:11 2005 From: eravin at panix.com (Ed Ravin) Date: Fri, 9 Sep 2005 17:09:11 -0400 Subject: add method device {ssh} not working In-Reply-To: <0D9EF3454D8EFC4B8BFFD2B862941681B4F272@caonmastxm03.na.capgemini.com> References: <0D9EF3454D8EFC4B8BFFD2B862941681B4F272@caonmastxm03.na.capgemini.com> Message-ID: <20050909210911.GA14751@panix.com> On Fri, Sep 09, 2005 at 05:05:22PM -0400, Hopper, Faron W. wrote: > I thought I had figured out how to force a device to use ssh > with the add method device command. However, after specifying the > add method command in my .cloginrc file, clogin is still using > telnet. Can anyone shed some light on this for me? > > add autoenable * {0} > add enauser * {user} > add user * {user} > add password * {pass} {pass} > add method * {telnet} {ssh} ... See my response to your other query - it's the same problem. You've defined a match with "*" for method that tries telnet first, and since that is the first entry in cloginrc, it always matches. From faron.hopper at capgemini.com Sat Sep 10 04:48:54 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Sat, 10 Sep 2005 00:48:54 -0400 Subject: cloginrc and multiple matching directives Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681B4F274@caonmastxm03.na.capgemini.com> Ed, you are quite right. It is amazing that things, once asked, seem to be right in front of you. I am grateful for your time and for pointing that out. After staring at the same screen for a while, it seems like it all blurred together. Thank you for your patience and your answers. Faron Hopper Capgemini Network Engineer 3315 N. Oak Trfy Kansas City, MO 64116 816.459.5139 -----Original Message----- From: Ed Ravin [mailto:eravin at panix.com] Sent: Fri 9/9/2005 3:53 PM To: Hopper, Faron W. Cc: rancid-discuss at shrubbery.net Subject: cloginrc and multiple matching directives On Fri, Sep 09, 2005 at 04:31:06PM -0400, Hopper, Faron W. wrote: .... > So, my last line, 206.245.31.* {pass2}, does this work in > conjunction with the line add password * {pass}? So everything > that is NOT 206.245.31.* will get pass and everything with 206.245.31.* > will get pass2? Is there anything else that I should be aware of > when defining these devices? Like should I add all of my specific > devices first and then add the wild card? Or what about the pattern > matching piece of the puzzle. If I specify cg* and then have 2 > devices say, cgk01 and 01cg will it find both of those, or just > the cgk01? See "man cloginrc", in particular this part: As .cloginrc is searched for a directive matching a hostname, it is always the first matching instance of a directive, one whose hostname glob expression matches the hostname, which is used. For example; looking up the "password" directive for hostname foo in a ..cloginrc file containing add password * {bar} {table} add password foo {bar} {table} would return the first line, even though the second is an exact match. From faron.hopper at capgemini.com Mon Sep 12 15:51:08 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Mon, 12 Sep 2005 11:51:08 -0400 Subject: how can I use ssh ver 1 for a device? Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681B4F27C@caonmastxm03.na.capgemini.com> I have been reading the list archives and the man page for cloginrc trying to determine how to set the .cloginrc file to allow connectivity to a device that requires ssh version 1. The only thing that looks like it would do this is the add sshcmd <> command. The man pages says that to redefine sshcmd, do the following.... add sshcmd {} is the name of the ssh executable. OpenSSH uses a command-line option to specify the protocol version, but other implementations use a separate binary such as "ssh1". sshcmd allows this to be adjusted as necessary for the local environment. Default: ssh so if I set it to add sshcmd {/usr/bin/ssh -1} it would appear to me to set ssh for every connection to use version 1. Is this the right thing to do? I only need it for 3 devices. Thanks in advance. Faron Hopper Capgemini Network Engineer 3315 N. Oak Trfy Kansas City, MO 64116 816.459.5139 From admin at noonlandspam.dk.onland.dk Mon Sep 12 10:58:31 2005 From: admin at noonlandspam.dk.onland.dk (Soren Hansen) Date: Mon, 12 Sep 2005 12:58:31 +0200 Subject: Cisco 7206 problem Message-ID: <43255F57.3090906@noonlandspam.dk> Hi, I have a Cisco 7206 that I can't collect config from. Seems to be a problem with the command "dir /all bootflash:" E34C9-7206-01#dir /all bootflash: Directory of bootflash:/ %Error calling getdents for bootflash:/ (Invalid file header magic number) No space information available E34C9-7206-01# Clues, anyone? Best regards, S?ren Hansen I have done a rancid -d as seen below. The .new file is at the end rancid at lanwan-mon$ rancid -d 10.17.2.7 executing clogin -t 90 -c"show version;show redundancy secondary;show idprom backplane;show install active;show env all;show rsp chassis-info;show gsr chassis;show boot;show bootvar;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;show diag;show module;show spe version;show c7200;show vtp status;show vlan;show running-config;write term" 10.17.2.7 PROMPT MATCH: E34C9-7206-01# HIT COMMAND:E34C9-7206-01#show version In ShowVersion: E34C9-7206-01#show version TYPE = 7200 HIT COMMAND:E34C9-7206-01#show redundancy secondary In ShowRedundancy: E34C9-7206-01#show redundancy secondary HIT COMMAND:E34C9-7206-01#show idprom backplane In ShowIDprom: E34C9-7206-01#show idprom backplane HIT COMMAND:E34C9-7206-01#show install active In ShowInstallActive: E34C9-7206-01#show install active HIT COMMAND:E34C9-7206-01#show env all In ShowEnv: E34C9-7206-01#show env all HIT COMMAND:E34C9-7206-01#show rsp chassis-info In ShowRSP: E34C9-7206-01#show rsp chassis-info HIT COMMAND:E34C9-7206-01#show gsr chassis In ShowGSR: E34C9-7206-01#show gsr chassis HIT COMMAND:E34C9-7206-01#show boot In ShowBoot: E34C9-7206-01#show boot HIT COMMAND:E34C9-7206-01#show bootvar In ShowBoot: E34C9-7206-01#show bootvar HIT COMMAND:E34C9-7206-01#show variables boot In ShowBoot: E34C9-7206-01#show variables boot HIT COMMAND:E34C9-7206-01#show flash In ShowFlash: E34C9-7206-01#show flash HIT COMMAND:E34C9-7206-01#dir /all nvram: In DirSlotN: E34C9-7206-01#dir /all nvram: HIT COMMAND:E34C9-7206-01#dir /all bootflash: In DirSlotN: E34C9-7206-01#dir /all bootflash: write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re+ { exp_continue } -re {^[^ *]*E34C9-7206-01([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- "$expect_out(buffer)" } -re..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send..." invoked from within "if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on ..." (procedure "run_commands" line 34) invoked from within "run_commands $prompt $command" ("foreach" body line 144) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/usr/local/libexec/rancid/clogin" line 616) 10.17.2.7: missed cmd(s): dir /all slavedisk2:,dir /all sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,dir /all slavedisk1:,show module,show controllers,show diagbus,dir /all slavedisk0:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,show running-config,show c7200,dir /all slot1: 10.17.2.7: missed cmd(s): dir /all slavedisk2:,dir /all sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,dir /all slavedisk1:,show module,show controllers,show diagbus,dir /all slavedisk0:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,show running-config,show c7200,dir /all slot1: 10.17.2.7: End of run not found 10.17.2.7: End of run not found !Flash: bootflash: Directory of bootflash:/ rancid at lanwan-mon$ rancid at lanwan-mon$ cat 10.17.2.7.new !RANCID-CONTENT-TYPE: cisco ! !Chassis type: 7206VXR - a 7200 router !CPU: NPE400, R7000 CPU at 350Mhz, impl 39, Rev 3.2, 256KB L2, 4096KB L3 Cache ! !Memory: main 245760K/16384K !Memory: nvram 125K !Memory: bootflash 8192K !Memory: pcmcia ATA slot0 47040K ! !Processor ID: 23689243 ! !Power: Power supply 1 is Zytek DC Power Supply. Unit is on. !Power: Power supply 2 is Zytek DC Power Supply. Unit is on. ! !Image: Software: C7200-P-M, 12.2(3), RELEASE SOFTWARE (fc1) !Image: Compiled: Wed 18-Jul-01 16:08 by pwade !Image: disk0:c7200-p-mz.122-3.bin ! !ROM Bootstrap: Version 12.1(20000710:044039) [nlaw-121E_npeb 117], DEVELOPMENT SOFTWARE !BOOTLDR: Version 12.1(7)E, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) ! ! ! !Variable: BOOT variable = disk0:c7200-p-mz.122-3.bin,12; !Variable: CONFIG_FILE variable does not exist !Variable: BOOTLDR variable does not exist ! !Flash: nvram: Directory of nvram:/ !Flash: nvram: 108 -rw- 16776 startup-config !Flash: nvram: 109 ---- 27 private-config !Flash: nvram: 110 -rw- 16776 underlying-config !Flash: nvram: 1 -rw- 20 persistent-data !Flash: nvram: 2 -rw- 0 ifIndex-table !Flash: nvram: 129016 bytes total (110113 bytes free) ! !Flash: bootflash: Directory of bootflash:/ rancid at lanwan-mon$ From heas at shrubbery.net Mon Sep 12 18:45:59 2005 From: heas at shrubbery.net (john heasley) Date: Mon, 12 Sep 2005 11:45:59 -0700 Subject: how can I use ssh ver 1 for a device? In-Reply-To: <0D9EF3454D8EFC4B8BFFD2B862941681B4F27C@caonmastxm03.na.capgemini.com> References: <0D9EF3454D8EFC4B8BFFD2B862941681B4F27C@caonmastxm03.na.capgemini.com> Message-ID: <20050912184559.GE12135@shrubbery.net> Mon, Sep 12, 2005 at 11:51:08AM -0400, Hopper, Faron W.: > > I have been reading the list archives and the man page for cloginrc trying to determine how to set the .cloginrc file to allow connectivity to a device that requires ssh version 1. The only thing that looks like it would do this is the add sshcmd <> command. > > The man pages says that to redefine sshcmd, do the following.... > > add sshcmd {} > is the name of the ssh executable. OpenSSH uses a > command-line option to specify the protocol version, but other > implementations use a separate binary such as "ssh1". sshcmd > allows this to be adjusted as necessary for the local > environment. > > Default: ssh > > so if I set it to add sshcmd {/usr/bin/ssh -1} it would appear to me to set ssh for every connection to use version 1. > Is this the right thing to do? I only need it for 3 devices. the manpage is missing the glob, sorry. it is the same as the method directive. add sshcmd {} From heas at shrubbery.net Mon Sep 12 19:16:03 2005 From: heas at shrubbery.net (john heasley) Date: Mon, 12 Sep 2005 12:16:03 -0700 Subject: Cisco 7206 problem In-Reply-To: <43255F57.3090906@noonlandspam.dk> References: <43255F57.3090906@noonlandspam.dk> Message-ID: <20050912191603.GH12135@shrubbery.net> Mon, Sep 12, 2005 at 12:58:31PM +0200, Soren Hansen: > Hi, > I have a Cisco 7206 that I can't collect config from. > Seems to be a problem with the command "dir /all bootflash:" > > E34C9-7206-01#dir /all bootflash: > Directory of bootflash:/ > > %Error calling getdents for bootflash:/ (Invalid file header magic number) > No space information available > E34C9-7206-01# there are a few flash-related errors that rancid will ignore, this is not one of them. i'd format the flash and reload the boot image. that should get rid of the error. From faron.hopper at capgemini.com Mon Sep 12 19:22:49 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Mon, 12 Sep 2005 15:22:49 -0400 Subject: how can I use ssh ver 1 for a device? Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681B4F27E@caonmastxm03.na.capgemini.com> Paul, Thank you for your response. I didn't think of trying the ssh config. I figured that since RANCID was able to pass the hostname and the cipher type to the ssh executable when it called it, that it would be just a matter of specifying the protocol. I looked at the /etc/ssh_config and it appears to be using the default of 2,1. There was no ~/.ssh/config so I am inclined to beleive that it should drop down to version 1 automagically. I created an ~/.ssh/config file and put this in it hosts x.x.x.x protocol 1 and that allowed me to ssh to those devices. Thanks, Faron -----Original Message----- From: Paul Frommeyer [mailto:paul at palas.com] Sent: Mon 9/12/2005 1:02 PM To: Hopper, Faron W. Subject: Re: how can I use ssh ver 1 for a device? In reply to your message of Mon, 12 Sep 2005 11:51:08 -0400: | I have been reading the list archives and the man page for cloginrc trying= | to determine how to set the =2Ecloginrc file to allow connectivity to a= | device that requires ssh version 1=2E The only thing that looks like it= | would do this is the add sshcmd <> command=2E =0D Of course, I'm sure There's More Than One Way To Do It, but IMO, you're swimming upstream. Were I you, I would pry over at your SSH client setup rather than the RANCID scripts. Specifically, IIRC, both SSH2 and OpenSSH allow the specification of which protocol to use as part of a host profile in the ssh_config file (for OpenSSH, it's done with the option keyword "Protocol"; see ssh_config(5) ). So, simply create a profile (either in the global server config or for the user RANCID is running as) for the host you need to reach via V1, specifying that only the V1 protocol should be used. That should take care of everthing, without having to "explain" anything to RANCID, or specify any command line opts to ssh. FWIW, Paul P.S. As with most things, I've found the O'Reilly book on SSH to be indispensable when wrassling with that particular software, and it has in-depth sections for client configuration. Paul Frommeyer Senior Networking Consultant paul at palas.com From faron.hopper at capgemini.com Mon Sep 12 21:08:28 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Mon, 12 Sep 2005 17:08:28 -0400 Subject: any follow-up on rancid integration with opennms? Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681B4F282@caonmastxm03.na.capgemini.com> I stumbled upon an email in the list archives of someone trying to integrate opennms into rancid (or at least using opennms to feed devices into rancid). Has there been any progress/updates on this? This to me would be a very handy way of discovering the network and getting the configs into rancid. Thanks, Faron Hopper Capgemini Network Engineer 3315 N. Oak Trfy Kansas City, MO 64116 816.459.5139 From justin at grote.name Mon Sep 12 21:13:07 2005 From: justin at grote.name (Justin Grote) Date: Mon, 12 Sep 2005 15:13:07 -0600 Subject: any follow-up on rancid integration with opennms? In-Reply-To: <0D9EF3454D8EFC4B8BFFD2B862941681B4F282@caonmastxm03.na.capgemini.com> References: <0D9EF3454D8EFC4B8BFFD2B862941681B4F282@caonmastxm03.na.capgemini.com> Message-ID: <4325EF63.9070908@grote.name> Hopper, Faron W. wrote: > I stumbled upon an email in the list archives of someone trying to > integrate opennms into rancid (or at least using opennms to feed > devices into rancid). Has there been any progress/updates on this? > This to me would be a very handy way of discovering the network and > getting the configs into rancid. > Not that I've seen, however if OpenNMS can export a tab or comma separated list of IP addresses or DNS names, it would be trivial to write a script to convert that list into RANCID format and add those devices to a RANCID group. -- __________________________ Justin Grote Network Architect JWG Networks From faron.hopper at capgemini.com Wed Sep 14 20:24:47 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Wed, 14 Sep 2005 16:24:47 -0400 Subject: firewall blade in 6509 system context backup issue Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681B4F293@caonmastxm03.na.capgemini.com> Hello, Well, thanks to everyone's help, I am almost finished setting up RANCID to retrieve all of my configs. I have one last issue that I would like to ask everyone's opinion on. We have 2 new firewall blades for Cisco's 6500 series switches. These firewall blades have the concept of contexts or virtual firewalls. When I use clogin to login into the virtual firewall, I can issue the changeto command it will change the context. Everything works fine until i try to run clogin -c "changeto system; show version" hostname. I think the problem is that the prompt changes. Is it possible to use the enableprompt to catch this? I haven't tried it yet, but from reading the man page it doesn't sound like it will look for a different prompt once I am already logged in. Here is the clogin info. bash-3.00# clogin ddcxf01c-fw-admin ddcxf01c-fw-admin spawn ssh -c 3des -x -l kcsc\netcfgbak ddcxf01c-fw-admin kcsc\\netcfgbak at ddcxf01c-fw-admin's password: Type help or '?' for a list of available commands. ddcxf01c/admin> ddcxf01c/admin> enable Password: ******** ddcxf01c/admin# ddcxf01c/admin# changeto system ddcxf01c# sh ver FWSM Firewall Version 2.3(2) FWSM Device Manager Version 4.1(1) Compiled on Wed 06-Apr-05 13:08 by dalecki ddcxf01c up 22 days 15 hours Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz Flash 2.20 TOSHIBA THNCF128MBA @ 0xc321, 20MB 0: gb-ethernet0: irq 5 1: gb-ethernet1: irq 7 2: ethernet0: irq 11 Licensed Features: Failover: Enabled VPN-DES: Enabled VPN-3DES: Enabled Maximum Interfaces: 256 (per security context) Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Throughput: Unlimited ISAKMP peers: Unlimited Security Contexts: 20 This machine has an Unrestricted (UR) license. Serial Number: Running Activation Key: Configuration last modified by kcsc\netcfgbak at 15:16:53 Sep 14 2005 ddcxf01c# exit Logoff Thanks in advance, Faron Hopper Capgemini Network Engineer 3315 N. Oak Trfy Kansas City, MO 64116 816.459.5139 From david_laporte at harvard.edu Wed Sep 14 20:36:26 2005 From: david_laporte at harvard.edu (David LaPorte) Date: Wed, 14 Sep 2005 16:36:26 -0400 Subject: firewall blade in 6509 system context backup issue In-Reply-To: <0D9EF3454D8EFC4B8BFFD2B862941681B4F293@caonmastxm03.na.capgemini.com> References: <0D9EF3454D8EFC4B8BFFD2B862941681B4F293@caonmastxm03.na.capgemini.com> Message-ID: <432889CA.1020206@harvard.edu> Just a thought, but try adding a "\n" in there: clogin -c "changeto system\nshow version" hostname Hopper, Faron W. wrote: > Hello, > Well, thanks to everyone's help, I am almost finished setting up > RANCID to retrieve all of my configs. I have one last issue that I > would like to ask everyone's opinion on. We have 2 new firewall blades > for Cisco's 6500 series switches. These firewall blades have the > concept of contexts or virtual firewalls. When I use clogin to login > into the virtual firewall, I can issue the changeto command it > will change the context. Everything works fine until i try to run clogin > -c "changeto system; show version" hostname. I think the problem is > that the prompt changes. Is it possible to use the enableprompt to > catch this? I haven't tried it yet, but from reading the man page it > doesn't sound like it will look for a different prompt once I am already > logged in. Here is the clogin info. > > > bash-3.00# clogin ddcxf01c-fw-admin > ddcxf01c-fw-admin > spawn ssh -c 3des -x -l kcsc\netcfgbak ddcxf01c-fw-admin > kcsc\\netcfgbak at ddcxf01c-fw-admin's password: > Type help or '?' for a list of available commands. > ddcxf01c/admin> > ddcxf01c/admin> enable > Password: ******** > ddcxf01c/admin# > ddcxf01c/admin# changeto system > ddcxf01c# sh ver > > FWSM Firewall Version 2.3(2) > FWSM Device Manager Version 4.1(1) > > Compiled on Wed 06-Apr-05 13:08 by dalecki > > ddcxf01c up 22 days 15 hours > > Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz > Flash 2.20 TOSHIBA THNCF128MBA @ 0xc321, 20MB > > 0: gb-ethernet0: irq 5 > 1: gb-ethernet1: irq 7 > 2: ethernet0: irq 11 > > Licensed Features: > Failover: Enabled > VPN-DES: Enabled > VPN-3DES: Enabled > Maximum Interfaces: 256 (per security context) > Cut-through Proxy: Enabled > Guards: Enabled > URL-filtering: Enabled > Throughput: Unlimited > ISAKMP peers: Unlimited > Security Contexts: 20 > > This machine has an Unrestricted (UR) license. > > Serial Number: > Running Activation Key: > Configuration last modified by kcsc\netcfgbak at 15:16:53 Sep 14 2005 > ddcxf01c# exit > > Logoff > > > > Thanks in advance, > > Faron Hopper > Capgemini > Network Engineer > 3315 N. Oak Trfy > Kansas City, MO 64116 > 816.459.5139 > -- David LaPorte, CISSP, CCNP Security Manager, Network and Server Systems Harvard University Information Systems ----------------------------------------------- Email: david_laporte at harvard.edu PGP: 0x4DC3E508 4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508 From faron.hopper at capgemini.com Wed Sep 14 21:37:59 2005 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Wed, 14 Sep 2005 17:37:59 -0400 Subject: firewall blade in 6509 system context backup issue Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681B4F295@caonmastxm03.na.capgemini.com> I tried adding the \n and it still just hangs. Faron Hopper Capgemini Network Engineer 3315 N. Oak Trfy Kansas City, MO 64116 816.459.5139 -----Original Message----- From: David LaPorte [mailto:david_laporte at harvard.edu] Sent: Wed 9/14/2005 3:36 PM To: Hopper, Faron W. Cc: rancid-discuss at shrubbery.net Subject: Re: firewall blade in 6509 system context backup issue Just a thought, but try adding a "\n" in there: clogin -c "changeto system\nshow version" hostname Hopper, Faron W. wrote: > Hello, > Well, thanks to everyone's help, I am almost finished setting up > RANCID to retrieve all of my configs. I have one last issue that I > would like to ask everyone's opinion on. We have 2 new firewall blades > for Cisco's 6500 series switches. These firewall blades have the > concept of contexts or virtual firewalls. When I use clogin to login > into the virtual firewall, I can issue the changeto command it > will change the context. Everything works fine until i try to run clogin > -c "changeto system; show version" hostname. I think the problem is > that the prompt changes. Is it possible to use the enableprompt to > catch this? I haven't tried it yet, but from reading the man page it > doesn't sound like it will look for a different prompt once I am already > logged in. Here is the clogin info. > > > bash-3.00# clogin ddcxf01c-fw-admin > ddcxf01c-fw-admin > spawn ssh -c 3des -x -l kcsc\netcfgbak ddcxf01c-fw-admin > kcsc\\netcfgbak at ddcxf01c-fw-admin's password: > Type help or '?' for a list of available commands. > ddcxf01c/admin> > ddcxf01c/admin> enable > Password: ******** > ddcxf01c/admin# > ddcxf01c/admin# changeto system > ddcxf01c# sh ver > > FWSM Firewall Version 2.3(2) > FWSM Device Manager Version 4.1(1) > > Compiled on Wed 06-Apr-05 13:08 by dalecki > > ddcxf01c up 22 days 15 hours > > Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz > Flash 2.20 TOSHIBA THNCF128MBA @ 0xc321, 20MB > > 0: gb-ethernet0: irq 5 > 1: gb-ethernet1: irq 7 > 2: ethernet0: irq 11 > > Licensed Features: > Failover: Enabled > VPN-DES: Enabled > VPN-3DES: Enabled > Maximum Interfaces: 256 (per security context) > Cut-through Proxy: Enabled > Guards: Enabled > URL-filtering: Enabled > Throughput: Unlimited > ISAKMP peers: Unlimited > Security Contexts: 20 > > This machine has an Unrestricted (UR) license. > > Serial Number: > Running Activation Key: > Configuration last modified by kcsc\netcfgbak at 15:16:53 Sep 14 2005 > ddcxf01c# exit > > Logoff > > > > Thanks in advance, > > Faron Hopper > Capgemini > Network Engineer > 3315 N. Oak Trfy > Kansas City, MO 64116 > 816.459.5139 > -- David LaPorte, CISSP, CCNP Security Manager, Network and Server Systems Harvard University Information Systems ----------------------------------------------- Email: david_laporte at harvard.edu PGP: 0x4DC3E508 4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508 From wcgallar at iupui.edu Thu Sep 15 21:20:17 2005 From: wcgallar at iupui.edu (Chris Gallardo) Date: Thu, 15 Sep 2005 16:20:17 -0500 (EST) Subject: ssh and hlogin Message-ID: I know i brought this topic up a few months ago but has anyone successfully got rancid to work with hp switches particularly 4104GL series switches. If so pleases let me know. My group is trying to get out of using telnet for these type of switches. -- Chris Gallardo Network Services 278-9067 From heas at shrubbery.net Fri Sep 16 03:29:29 2005 From: heas at shrubbery.net (john heasley) Date: Fri, 16 Sep 2005 03:29:29 +0000 Subject: firewall blade in 6509 system context backup issue In-Reply-To: <0D9EF3454D8EFC4B8BFFD2B862941681B4F293@caonmastxm03.na.capgemini.com> References: <0D9EF3454D8EFC4B8BFFD2B862941681B4F293@caonmastxm03.na.capgemini.com> Message-ID: <20050916032929.GB19117@shrubbery.net> Wed, Sep 14, 2005 at 04:24:47PM -0400, Hopper, Faron W.: > > Hello, > Well, thanks to everyone's help, I am almost finished setting up RANCID to retrieve all of my configs. I have one last issue that I would like to ask everyone's opinion on. We have 2 new firewall blades for Cisco's 6500 series switches. These firewall blades have the concept of contexts or virtual firewalls. When I use clogin to login into the virtual firewall, I can issue the changeto command it will change the context. Everything works fine until i try to run clogin -c "changeto system; show version" hostname. I think the problem is that the prompt changes. Is it possible to use the enableprompt to catch this? I haven't tried it yet, but from reading the man page it doesn't sound like it will look for a different prompt once I am already logged in. Here is the clogin info. no, enableprompt will not do what you want; but, the prompt changing in that manner is likely the problem, since once clogin believes that it has a prompt, it saves a few of the leading characters to try to ensure that matches an actual prompt as it reads through command output. maybe you can get the complete configuration(s) via another method (like via a supervisor of some sort) or change the prompts so that the first 14 characters are the same. From PMills at flagtelecom.com Fri Sep 16 15:35:18 2005 From: PMills at flagtelecom.com (Mills, Peter) Date: Fri, 16 Sep 2005 16:35:18 +0100 Subject: FW: Unrecognised prompt using jlogin Message-ID: <147955311569D511AD0D00508B667530021F1E21@lon-emailcl.flagtelecom.com> It refers to a workaround for unrecognised prompts in the Rancid FAQ but I don't fully understand how to implement. Could you please clarify? Specifically: rancid at re0.cjr02.ldn004> set cli complete-on-space off Disabling complete-on-space rancid at re0.cjr02.ldn004> set cli screen-length 0 Screen length set to 0 rancid at re0.cjr02.ldn004> start shell % Error: TIMEOUT reached <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Processed 1 elements (rancid at nss01 bin)$ Thanks Peter From geecla at mail.nih.gov Fri Sep 16 15:51:56 2005 From: geecla at mail.nih.gov (Gee-clough, Aaron (NIH/CIT)) Date: Fri, 16 Sep 2005 11:51:56 -0400 Subject: firewall blade in 6509 system context backup issue Message-ID: <71B0C9CB1FF4EA43BB48C08DCFF1A1FF01C1240C@NIHCESMLBX.nih.gov> Could you assign an IP to the admin context and treat it like a unique device? (Ie ssh to it directly, rather than sessioning to it from the switch.) aaron ------------------ Aaron Gee-Clough DNST/CIT/NEB/NSS Contractor. Geek. _____ From: Hopper, Faron W. [mailto:faron.hopper at capgemini.com] Sent: Wednesday, September 14, 2005 5:38 PM To: david_laporte at harvard.edu Cc: rancid-discuss at shrubbery.net Subject: RE: firewall blade in 6509 system context backup issue I tried adding the \n and it still just hangs. Faron Hopper Capgemini Network Engineer 3315 N. Oak Trfy Kansas City, MO 64116 816.459.5139 -----Original Message----- From: David LaPorte [mailto:david_laporte at harvard.edu ] Sent: Wed 9/14/2005 3:36 PM To: Hopper, Faron W. Cc: rancid-discuss at shrubbery.net Subject: Re: firewall blade in 6509 system context backup issue Just a thought, but try adding a "\n" in there: clogin -c "changeto system\nshow version" hostname Hopper, Faron W. wrote: > Hello, > Well, thanks to everyone's help, I am almost finished setting up > RANCID to retrieve all of my configs. I have one last issue that I > would like to ask everyone's opinion on. We have 2 new firewall blades > for Cisco's 6500 series switches. These firewall blades have the > concept of contexts or virtual firewalls. When I use clogin to login > into the virtual firewall, I can issue the changeto command it > will change the context. Everything works fine until i try to run clogin > -c "changeto system; show version" hostname. I think the problem is > that the prompt changes. Is it possible to use the enableprompt to > catch this? I haven't tried it yet, but from reading the man page it > doesn't sound like it will look for a different prompt once I am already > logged in. Here is the clogin info. > > > bash-3.00# clogin ddcxf01c-fw-admin > ddcxf01c-fw-admin > spawn ssh -c 3des -x -l kcsc\netcfgbak ddcxf01c-fw-admin > kcsc\\netcfgbak at ddcxf01c-fw-admin's password: > Type help or '?' for a list of available commands. > ddcxf01c/admin> > ddcxf01c/admin> enable > Password: ******** > ddcxf01c/admin# > ddcxf01c/admin# changeto system > ddcxf01c# sh ver > > FWSM Firewall Version 2.3(2) > FWSM Device Manager Version 4.1(1) > > Compiled on Wed 06-Apr-05 13:08 by dalecki > > ddcxf01c up 22 days 15 hours > > Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz > Flash 2.20 TOSHIBA THNCF128MBA @ 0xc321, 20MB > > 0: gb-ethernet0: irq 5 > 1: gb-ethernet1: irq 7 > 2: ethernet0: irq 11 > > Licensed Features: > Failover: Enabled > VPN-DES: Enabled > VPN-3DES: Enabled > Maximum Interfaces: 256 (per security context) > Cut-through Proxy: Enabled > Guards: Enabled > URL-filtering: Enabled > Throughput: Unlimited > ISAKMP peers: Unlimited > Security Contexts: 20 > > This machine has an Unrestricted (UR) license. > > Serial Number: > Running Activation Key: > Configuration last modified by kcsc\netcfgbak at 15:16:53 Sep 14 2005 > ddcxf01c# exit > > Logoff > > > > Thanks in advance, > > Faron Hopper > Capgemini > Network Engineer > 3315 N. Oak Trfy > Kansas City, MO 64116 > 816.459.5139 > -- David LaPorte, CISSP, CCNP Security Manager, Network and Server Systems Harvard University Information Systems ----------------------------------------------- Email: david_laporte at harvard.edu PGP: 0x4DC3E508 4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508 From karim.adel at gmail.com Tue Sep 20 15:03:39 2005 From: karim.adel at gmail.com (Kim Onnel) Date: Tue, 20 Sep 2005 18:03:39 +0300 Subject: Rancid not working with Juniper ERX Message-ID: Hi, Anyone has ERX#sh ver Juniper Edge Routing Switch ERX-1400 Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved. System Release: erx_6-1-1.rel Version: 6.1.1 release-0.0 [BuildId 3631] (June 7, 2005 13:55) System running for: 0 days, 12 hours, 2 minutes, 25 seconds (since TUE SEP 20 2005 04:56:32 CAI) i get the following error: zazu:~/logs> more ERX.20050920.145338 starting: Tue Sep 20 14:53:38 EEST 2005 Trying to get all of the configs. erx: End of run not found ^ ===================================== Getting missed routers: round 1. erx: End of run not found ^ ===================================== Getting missed routers: round 2. erx: End of run not found ^ ===================================== Getting missed routers: round 3. erx: End of run not found ^ ===================================== Getting missed routers: round 4. erx: End of run not found ^ cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ending: Tue Sep 20 15:01:46 EEST 2005 zazu:~/logs> zazu:~/ERX> more router.db erx:erx:up zazu:~/ERX> From stpierce at att.com Fri Sep 23 17:25:25 2005 From: stpierce at att.com (Pierce, Steven T (Steve), CMO) Date: Fri, 23 Sep 2005 13:25:25 -0400 Subject: Clogin Options Message-ID: <703B56AF3EFA6D488043B41602FB32170B324F42@ACCLUST03EVS1.ugd.att.com> All-- I'm a big fan of the "clogin" script. I would like to use this script to be able to send configuration changes to many routers on my network. I understand how to make the script reference another file for the commands, but I don't see an option to reference a file for a list of routers. Is there a way to do this? It would be much easier than listing out all the devices with semi-colons. Steve From heas at shrubbery.net Fri Sep 23 17:29:12 2005 From: heas at shrubbery.net (john heasley) Date: Fri, 23 Sep 2005 10:29:12 -0700 Subject: Clogin Options In-Reply-To: <703B56AF3EFA6D488043B41602FB32170B324F42@ACCLUST03EVS1.ugd.att.com> References: <703B56AF3EFA6D488043B41602FB32170B324F42@ACCLUST03EVS1.ugd.att.com> Message-ID: <20050923172912.GF21709@shrubbery.net> Fri, Sep 23, 2005 at 01:25:25PM -0400, Pierce, Steven T (Steve), CMO: > All-- > > I'm a big fan of the "clogin" script. I would like to use this script > to be able to send configuration changes to many routers on my network. > I understand how to make the script reference another file for the > commands, but I don't see an option to reference a file for a list of > routers. Is there a way to do this? It would be much easier than > listing out all the devices with semi-colons. > > Steve > clogin -s script rtr1 rtr2 rtr3 ... or clogin -s script `cat routerlist` or cat routerlist | xargs clogin -s script From srau at rauhaus.org Fri Sep 23 18:22:15 2005 From: srau at rauhaus.org (Stafford A. Rau) Date: Fri, 23 Sep 2005 11:22:15 -0700 Subject: Clogin Options In-Reply-To: <20050923172912.GF21709@shrubbery.net> References: <703B56AF3EFA6D488043B41602FB32170B324F42@ACCLUST03EVS1.ugd.att.com> <20050923172912.GF21709@shrubbery.net> Message-ID: <20050923182215.GC899@rauhaus.org> I often use this sort of thing: #!/usr/bin/perl -w my @routers; my $clogin = "/usr/local/rancid2/bin/clogin"; my $clogin_cmd = "-c conf t\nconfig line blah\nconfig line 2 blah\nexit\nwrite\n\n"; open ROUTERDB, "/usr/local/rancid2/group_name/router.db" or die "Can't open router.db: $!"; while () { if ( /\:down$/ ) { next; } s/\:.*$//; push @routers, ($_); } for my $router (@routers) { chomp $router; print "===$router===\n"; system ( "$clogin", "$clogin_cmd", "$router" ); } For more complicated configs, I use clogin to just tell the router to do a copy tftp: run; write; and I put the config in a tftp server accessible file. --Stafford From heas at shrubbery.net Fri Sep 23 20:07:59 2005 From: heas at shrubbery.net (john heasley) Date: Fri, 23 Sep 2005 13:07:59 -0700 Subject: Clogin Options In-Reply-To: <20050923182215.GC899@rauhaus.org> References: <703B56AF3EFA6D488043B41602FB32170B324F42@ACCLUST03EVS1.ugd.att.com> <20050923172912.GF21709@shrubbery.net> <20050923182215.GC899@rauhaus.org> Message-ID: <20050923200759.GK21709@shrubbery.net> you could stir in par(1) and do that in parallel. Fri, Sep 23, 2005 at 11:22:15AM -0700, Stafford A. Rau: > I often use this sort of thing: > > #!/usr/bin/perl -w > > my @routers; > my $clogin = "/usr/local/rancid2/bin/clogin"; > my $clogin_cmd = "-c conf t\nconfig line blah\nconfig line 2 blah\nexit\nwrite\n\n"; > > open ROUTERDB, "/usr/local/rancid2/group_name/router.db" or > die "Can't open router.db: $!"; > while () { > if ( /\:down$/ ) { next; } > s/\:.*$//; > push @routers, ($_); > } > > for my $router (@routers) { > chomp $router; > print "===$router===\n"; > system ( "$clogin", "$clogin_cmd", "$router" ); > } > > For more complicated configs, I use clogin to just tell the router to do > a copy tftp: run; write; and I put the config in a tftp server > accessible file. > > --Stafford From hank at rem.com Sat Sep 24 02:42:15 2005 From: hank at rem.com (Hank Kilmer) Date: Fri, 23 Sep 2005 22:42:15 -0400 Subject: Clogin Options In-Reply-To: <20050923172912.GF21709@shrubbery.net> References: <703B56AF3EFA6D488043B41602FB32170B324F42@ACCLUST03EVS1.ugd.att.c om> <20050923172912.GF21709@shrubbery.net> Message-ID: <1A5140B8CFA6DC9DDFE66452@peeves.padfoot.com> --On Friday, September 23, 2005 10:29 AM -0700 john heasley wrote: > Fri, Sep 23, 2005 at 01:25:25PM -0400, Pierce, Steven T (Steve), CMO: >> All-- >> >> I'm a big fan of the "clogin" script. I would like to use this script >> to be able to send configuration changes to many routers on my network. >> I understand how to make the script reference another file for the >> commands, but I don't see an option to reference a file for a list of >> routers. Is there a way to do this? It would be much easier than >> listing out all the devices with semi-colons. >> >> Steve >> > > clogin -s script rtr1 rtr2 rtr3 ... > > or > clogin -s script `cat routerlist` > > or > cat routerlist | xargs clogin -s script You can also do the routers in parallel with par. From randy at psg.com Sat Sep 24 02:48:48 2005 From: randy at psg.com (Randy Bush) Date: Fri, 23 Sep 2005 16:48:48 -1000 Subject: Clogin Options References: <703B56AF3EFA6D488043B41602FB32170B324F42@ACCLUST03EVS1.ugd.att.c om> <20050923172912.GF21709@shrubbery.net> <1A5140B8CFA6DC9DDFE66452@peeves.padfoot.com> Message-ID: <17204.48784.104674.660146@roam.psg.com> > You can also do the routers in parallel with par. how about something at the opposite end of the spectrum, stop as soon as anything fails? randy From heas at shrubbery.net Sat Sep 24 05:59:36 2005 From: heas at shrubbery.net (john heasley) Date: Fri, 23 Sep 2005 22:59:36 -0700 Subject: Rancid not working with Juniper ERX In-Reply-To: References: Message-ID: <20050924055936.GS21709@shrubbery.net> Tue, Sep 20, 2005 at 06:03:39PM +0300, Kim Onnel: > Hi, > > Anyone has > > ERX#sh ver > Juniper Edge Routing Switch ERX-1400 > Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved. > System Release: erx_6-1-1.rel > Version: 6.1.1 release-0.0 [BuildId 3631] (June 7, 2005 13:55) > System running for: 0 days, 12 hours, 2 minutes, 25 seconds > (since TUE SEP 20 2005 04:56:32 CAI) > > i get the following error: I dont have an erx, jerancid may have an bug wrt this newer release. Does clogin -c 'show vers;show vers' work? what is the output from jerancid -dl erx? > > zazu:~/logs> more ERX.20050920.145338 > starting: Tue Sep 20 14:53:38 EEST 2005 > > > > Trying to get all of the configs. > erx: End of run not found > ^ > ===================================== > Getting missed routers: round 1. > erx: End of run not found > ^ > ===================================== > Getting missed routers: round 2. > erx: End of run not found > ^ > ===================================== > Getting missed routers: round 3. > erx: End of run not found > ^ > ===================================== > Getting missed routers: round 4. > erx: End of run not found > ^ > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs commit: Examining . > cvs commit: Examining configs > > ending: Tue Sep 20 15:01:46 EEST 2005 > zazu:~/logs> > > > zazu:~/ERX> more router.db > erx:erx:up > zazu:~/ERX> From heas at shrubbery.net Sat Sep 24 06:45:55 2005 From: heas at shrubbery.net (john heasley) Date: Fri, 23 Sep 2005 23:45:55 -0700 Subject: Clogin Options In-Reply-To: <17204.48784.104674.660146@roam.psg.com> References: <703B56AF3EFA6D488043B41602FB32170B324F42@ACCLUST03EVS1.ugd.att.com> <20050923172912.GF21709@shrubbery.net> <1A5140B8CFA6DC9DDFE66452@peeves.padfoot.com> <17204.48784.104674.660146@roam.psg.com> Message-ID: <20050924064555.GU21709@shrubbery.net> Fri, Sep 23, 2005 at 04:48:48PM -1000, Randy Bush: > > You can also do the routers in parallel with par. > > how about something at the opposite end of the spectrum, stop > as soon as anything fails? > > randy unfortunately the login scripts all exit 0, assuming they get to the point of logging into the device. yes, that needs to be fixed. but, you can wrap it; clogin device |& grep -v Error: exit $? From mstefani at redhat.com Mon Sep 26 14:59:04 2005 From: mstefani at redhat.com (Michael Stefaniuc) Date: Mon, 26 Sep 2005 16:59:04 +0200 Subject: rancid srpm/spec file? Message-ID: <43380CB8.8080904@redhat.com> Hello, does a source rpm or spec file exist for rancid? I've looked at the download area, searched the mailing list and on google but couldn't find one. If not i will have to make one but starting with an exiting one would have saved time. thanks bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani at redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart From stephens at ameslab.gov Mon Sep 26 15:18:54 2005 From: stephens at ameslab.gov (Douglas C. Stephens) Date: Mon, 26 Sep 2005 10:18:54 -0500 Subject: clogin for Avaya Pxxx series switches? Message-ID: <6.2.1.2.2.20050926101244.045d7220@imap.ameslab.gov> I've been using RANCID and clogin very successfully on all my Cisco routers. However, there are a large gaggle of Avaya P580, P550, P330, P130, and P120 switches on my network that I would like to track and archive their configurations. I realize the Avaya P330 and lower switches have a very un-Cisco like syntax, but the Avaya P550 and P580 series (originally derived from the DEC/Prominet P550) switches have a command flow for viewing the switch configuration that is very similar to a Cisco router (except for the logout sequence, which is exit/exit instead of logout). I was wondering if any readers of this list have attempted to adapt clogin or one of its RANCID brethren to work on any of these classes of Avaya switches. Thanks. -- Douglas C. Stephens | Network/DNS/Unix/WinNT/VMS Administrator System Support Specialist | Postmaster / Webmaster Information Systems | Phone: (515) 294-6102 Ames Laboratory, US DOE | Email: stephens at ameslab.gov From heas at shrubbery.net Mon Sep 26 18:03:14 2005 From: heas at shrubbery.net (john heasley) Date: Mon, 26 Sep 2005 11:03:14 -0700 Subject: clogin for Avaya Pxxx series switches? In-Reply-To: <6.2.1.2.2.20050926101244.045d7220@imap.ameslab.gov> References: <6.2.1.2.2.20050926101244.045d7220@imap.ameslab.gov> Message-ID: <20050926180314.GJ28462@shrubbery.net> Mon, Sep 26, 2005 at 10:18:54AM -0500, Douglas C. Stephens: > I've been using RANCID and clogin very successfully on all my Cisco routers. However, > there are a large gaggle of Avaya P580, P550, P330, P130, and P120 switches on my network > that I would like to track and archive their configurations. I realize the Avaya P330 and > lower switches have a very un-Cisco like syntax, but the Avaya P550 and P580 series > (originally derived from the DEC/Prominet P550) switches have a command flow for viewing > the switch configuration that is very similar to a Cisco router (except for the logout > sequence, which is exit/exit instead of logout). > > I was wondering if any readers of this list have attempted to adapt clogin or one of its > RANCID brethren to work on any of these classes of Avaya switches. If it looks like a cisco, clogin will probably just work. if the others are CLI-driven, it should be possible to make those work. the ones that are utterly frustrating are the menu driven ones and those that (unnecessarily) use VT control codes to manipulate the screen. From justin at grote.name Wed Sep 28 22:46:04 2005 From: justin at grote.name (Justin Grote) Date: Wed, 28 Sep 2005 16:46:04 -0600 Subject: rancid srpm/spec file? In-Reply-To: <43380CB8.8080904@redhat.com> References: <43380CB8.8080904@redhat.com> Message-ID: <433B1D2C.4070106@grote.name> Michael Stefaniuc wrote: > Hello, > > does a source rpm or spec file exist for rancid? I've looked at the > download area, searched the mailing list and on google but couldn't > find one. > If not i will have to make one but starting with an exiting one would > have saved time. I used to have a spec file a while ago but it's long since lost to an old repository I never backed up. I remember that it was fairly straightforward spec file for the install process, so it shouldn't give you much trouble. If you hit any snags you can email me the spec file directly and I'll see if I can't spot your problem (though I just, at the end of this message, noticed the @redhat.com, heh). -- __________________________ Justin Grote Network Architect JWG Networks From dpfleger at pfleger.org Thu Sep 29 23:12:25 2005 From: dpfleger at pfleger.org (Dan Pfleger) Date: Thu, 29 Sep 2005 16:12:25 -0700 Subject: rancid srpm/spec file? Message-ID: <1128035545.29589@willow.he.net> Its fairly vanilla, but works for me to move the files as needed. Don't know that I have all the glaring dependencies listed articulated in the files, but it works. -Dan > This is a cryptographically signed message in MIME format. > > > Michael Stefaniuc wrote: > > Hello, > > > > does a source rpm or spec file exist for rancid? I've looked at the > > download area, searched the mailing list and on google but couldn't > > find one. > > If not i will have to make one but starting with an exiting one would > > have saved time. > I used to have a spec file a while ago but it's long since lost to an > old repository I never backed up. I remember that it was fairly > straightforward spec file for the install process, so it shouldn't give > you much trouble. If you hit any snags you can email me the spec file > directly and I'll see if I can't spot your problem (though I just, at > the end of this message, noticed the @redhat.com, heh). > > -- > __________________________ > Justin Grote > Network Architect > JWG Networks > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 3163 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20050929/7187301d/attachment.obj From mstefani at redhat.com Fri Sep 30 08:25:10 2005 From: mstefani at redhat.com (Michael Stefaniuc) Date: Fri, 30 Sep 2005 10:25:10 +0200 Subject: rancid srpm/spec file? In-Reply-To: <1128035545.29589@willow.he.net> References: <1128035545.29589@willow.he.net> Message-ID: <433CF666.9030502@redhat.com> Dan Pfleger wrote: > Its fairly vanilla, but works for me to move the files as needed. Thanks, that's exactly what i was looking for. No need to duplicate work. > Don't know that I have all the glaring dependencies listed articulated > in the files, but it works. I can still improve it if it's needed. But overall on a quick glance the spec file looks good: usage of the rpm macros, /usr instead of /usr/local. bye michael > >>This is a cryptographically signed message in MIME format. >> >> >>Michael Stefaniuc wrote: >>>does a source rpm or spec file exist for rancid? I've looked at the >>>download area, searched the mailing list and on google but couldn't >>>find one. >>>If not i will have to make one but starting with an exiting one would >>>have saved time. >> >>I used to have a spec file a while ago but it's long since lost to an >>old repository I never backed up. I remember that it was fairly >>straightforward spec file for the install process, so it shouldn't give >>you much trouble. If you hit any snags you can email me the spec file >>directly and I'll see if I can't spot your problem (though I just, at >>the end of this message, noticed the @redhat.com, heh). -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani at redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart From saku+rancid at ytti.fi Fri Sep 30 15:33:00 2005 From: saku+rancid at ytti.fi (Saku Ytti) Date: Fri, 30 Sep 2005 18:33:00 +0300 Subject: -re "\b+" { exp_continue } in clogin? Message-ID: <20050930153300.GA327@ytti.fi> Hi, I've made module for telco systems switches using binos, however there is situation for one reason or another the router outputs literal backspace in output of 'show vlan', clearly vendor problem of course. When it does that, my module does not funcition properly, and when I comment: -re "\b+" { exp_continue } out in clogin, it fixes the problem. Now where in practice is the above needed? For people interested in the telco/binos module or module for corecess 6800 chassis based IP-dslams let me know and I'll share the modules. They're probably too niche for the distribution and I don't plan to commit on supporting them. -- ++ytti From josh at trilegiant.com Fri Sep 30 20:33:15 2005 From: josh at trilegiant.com (Josh Rivel) Date: Fri, 30 Sep 2005 16:33:15 -0400 Subject: RANCID against a F5... Message-ID: <20050930203315.GG15108@trilegiant.com> So the F5's here are managed by a lot of different people, and as a result, changes are made without others being made fully aware of changes, and then sometimes things break, etc. Anyway, I know there is no native F5 support in RANCID, I was wondering if anyones modified their scripts to support a F5. Basically you ssh in as a user, no enable password, prompt is 'hostname:~#' and I just need to run a single command, 'b list' then 'exit' That will give me the entire config then exit the ssh session. Using 'clogin f5.domain.tld' works no problem, as I have a ~rancid/.cloginrc setup with the proper usernames & passwords (I may setup public keys instead once I get it working). I can also do 'clogin -c 'b list' f5.domain.tld' and that works as well. I'm about to start hacking one of the existing files to tweak it for the F5, but before I do, no need to reinvent the wheel... Thanks. -- Josh