[rancid] Re: wrancid/vpn3k additions

Lance Vermilion rancid at gheek.net
Tue Oct 3 00:11:38 UTC 2006 

All,

I have made some changes to it again, but this time to allow it to read 
the cloginrc file. So here is the whole file.  I know it is ugly, but it works.

-- 

-Lance <rancid at gheek.net>



#!/usr/bin/perl -w
#
# vpn3k - SCP and SNMP Backup script for Cisco VPN 3K concentrators
#         to be used by the wrancid rancid wrapper
#
# WARNING: This is only PROOF OF CONCEPT code and will screw up your data
#          and eat babies!!!
#
# Copyright 2005 Michael Stefaniuc for Red Hat
#
# This script is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
#######################################################
# Modules
#######################################################

# Load any modules needed
use strict;
use Getopt::Std;
use Net::SCP::Expect;
use File::Temp;

#######################################################
# Variables
#######################################################

# Initialize variables used in this script

my $snmp_community = 'SOMECUMMUNITYHERE';
my $password_file = "$ENV{\"HOME\"}/.cloginrc";

my %options = ();
getopts('f:', \%options);
my $file = $options{'f'};
my $fh;
my $host = $ARGV[0];
(my $tempfh, my $tempfile) = mkstemp( "/tmp/tmpfileXXXXX" );
#close($tempfh);

#
# Parses cloginrc and gets the username/password for vpn3k 
# to work.
#
sub ParseCloginrc($)
{
  my @array = `cat $password_file`;
  my $host = shift;
  my $match = 0;
  my $hostregcount = 0;
  my $methodcount = 0;
  my $usernamecount = 0;
  my $passwordcount = 0;
  my $username;
  my $password;
  my $method;
  for my $line (@array)
  {
    next if $line =~ /^#/;
    next if $line !~ /[a-zA-Z0-9]/;
    $line =~ s/\*/\.\*/g;
    #$line =~ s/\@/\\@/g;
    #$line =~ s/\$/\\\$/g;
    $line =~ s/\{|\}//g;
    $line =~ s/\s+/,/g;
    my (undef, $func, $hostreg, $var) = split(/,/, $line);
 
    if ($host =~ /$hostreg/)
    { 
      $hostregcount++;
      if ($hostregcount eq 1)
      {
        #print "host: $hostregcount $hostreg\n";
      }
 
     if ($line =~ /^add.*method.*/i)
      {
        (undef, $func, $hostreg, $var) = split(/,/, $line);
        $methodcount++;
        if ($methodcount eq 1)
        {
          $method = $var;
          #print "meth: $methodcount $method\n";
        }
      }
      elsif ($line =~ /^add.*password.*/i)
      {
        (undef, $func, $hostreg, $var) = split(/,/, $line);
        $passwordcount++;
        if ($passwordcount eq 1)
        {
          $password = $var;
          #print "pass: $passwordcount $password\n";
        }
      }
      elsif ($line =~ /^add.*user.*/i)
      {
        (undef, $func, $hostreg, $var) = split(/,/, $line);
        $usernamecount++;
        if ($usernamecount eq 1)
        {
          $username = $var;
          #print "user: $usernamecount $username\n";
        }
      }
    }
  }
  if ($method eq 'scp')
  {
    return "$username,$password";
  }
  else
  {
    print "No SCP method was located for $host in $password_file\n";
  }
}

my $results = ParseCloginrc($host);

my ($backup_user, $backup_pass) = split(/,/, $results);
if (!$backup_user && !$backup_pass)
{
  print "No username/password found\n";
  exit;
}

# Open the output file.
open($fh, ">", $file) or die "Cannot open output file\n";
print($fh "#RANCID-CONTENT-TYPE: wrapper.vpn3k\n#\n");

# Get some infos from snmp
my $snmp_command = "snmpget -v2c -c $snmp_community -On $host .1.3.6.1.2.1.1.1.0";
my $result = `$snmp_command`;
chomp($result);
if ($result =~ /VPN 3000 Concentrator Version (\S+) built by (\S+) on (.+)$/i) {
    my $version = $1;
    my $compiled = "$3 by $2";
    print($fh "#Chassis Type: VPN 3000\n#\n");
    $snmp_command = "snmpget -v2c -c $snmp_community -On $host .1.3.6.1.2.1.47.1.1.1.1.11.1";
    $result = `$snmp_command`;
    chomp($result);
    if ($result =~ /"([^"]+)"/) {
        print($fh "#Serial Number: $1\n#\n");
    }
    print($fh "#Image: Version: $version\n");
    print($fh "#Image: Compiled: $compiled\n#\n");
}

# Call scp and download the running config.
my $scp_session = Net::SCP::Expect->new(user=>"$backup_user",password=>"$backup_pass",auto_yes=>'1');
# the connection sometimes terminates incorrectly but we fully transfered
# the file
eval { $scp_session->scp("$host:config", $tempfile); };

# Copy the config file over removing the comment at the beginning
open($tempfh, "<", $tempfile) or die "Scp seems to have failed\n";

my $line;
while ($line = <$tempfh>) {
    if ($ENV{"FILTER_PWDS"} =~ /yes/i)
    {
      if ($line =~ /^#/) 
      {
        next;
      }
      elsif ($line =~ /^trapcomm.*/) 
      {
        my $line = "trapcomm=<removed>\n";
        print($fh $line);
      }
      elsif ($line =~ /^password.*/) 
      {
        my $line = "password=<removed>\n";
        print($fh $line);
      }
      else
      {
      print($fh $line);
      }
    }
    else
    {
      print($fh $line);
    }
}

#######
# End #
#######
close($fh);
close($tempfh);
unlink($tempfile);


On Mon, Oct 02, 2006 at 02:54:15PM -0700, Lance Vermilion wrote:
> All that are interested,
> 
> I made a few changes to vpn3k that Michael Stefaniuc posted a while back.
> 
> I basically made it run similar to the other rancid scripts, where it reads
> in the Environment variables that come from "etc/rancid.conf". 
> 
> I also changed it so it would auto-yes all ssh questions, instead of failing 
> when it was asked a question.
> 
> my $scp_session = Net::SCP::Expect->new(user=>"$backup_user",password=>"$backup_pass");
> +my $scp_session = Net::SCP::Expect->new(user=>"$backup_user",password=>"$backup_pass",auto_yes=>'1');
> 
> my $line;
> while ($line = <$tempfh>) {
> +    if ($ENV{"FILTER_PWDS"} =~ /yes/i)
> +    {
>       if ($line =~ /^#/) 
>       {
>         next;
>       }
> +      elsif ($line =~ /^trapcomm.*/) 
> +      {
> +        my $line = "trapcomm=<removed>\n";
> +        print($fh $line);
> +      }
> +      elsif ($line =~ /^password.*/) 
> +      {
> +        my $line = "password=<removed>\n";
> +        print($fh $line);
> +      }
> +      else
> +      {
>       print($fh $line);
> +      }
> +    }
> +    else
> +    {
> +      print($fh $line);
> +    }
> }
> 
> 
> -- 
> 
> -Lance <rancid at gheek.net>
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list